GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
780 Commits 19 Branches 88 Tags
b9fe6b6263b2df8d3973f6212501854a93635d20
Commit Graph

780 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
b9fe6b6263 instead of using the TLS session ID as session identifier prior to authentication use the webvpncontext cookie. 2014-01-19 02:59:04 +01:00
Nikos Mavrogiannopoulos
90a9286b88 send auth reply failure when needed. 2014-01-18 16:06:37 +01:00
Nikos Mavrogiannopoulos
ef537d6846 doc update 2014-01-18 15:08:51 +01:00
Nikos Mavrogiannopoulos
7145db0d54 Added sketch of authentication protocol between main and worker. 2014-01-18 15:06:16 +01:00
Nikos Mavrogiannopoulos
b1af6f2829 enabling cisco-client-compat allows 'stealing' of processes. 
This change puts a proc_st that its client has terminated to a "zombie"
state. That state will allow a client that connects later using the
same TLS session ID to reclaim it. That way clients that try to authenticate
by sending their credentials in different sessions can still authenticate with
ocserv. That however puts more trust to worker processes (as the main
process has no way of telling whether a TLS session is certainly
resumed).
 2014-01-18 15:06:10 +01:00
Nikos Mavrogiannopoulos
d454557649 replace always-require-cert with cisco-client-compat. 2014-01-18 11:19:19 +01:00
Nikos Mavrogiannopoulos
bee6a99450 added missing dependency 2014-01-18 11:19:06 +01:00
Nikos Mavrogiannopoulos
fdee40d276 documented all dependencies 2014-01-18 11:09:16 +01:00
Nikos Mavrogiannopoulos
6c078f2397 configure info update 2014-01-14 17:36:40 +01:00
Nikos Mavrogiannopoulos
6eaa81cf73 corrected prototype 2014-01-14 17:31:19 +01:00
Nikos Mavrogiannopoulos
e43840db05 send empty array instead of nothing when a user or ID aren't found. 2014-01-14 10:34:34 +01:00
Nikos Mavrogiannopoulos
8f9cef9665 print correct error when a user or ID are not found 2014-01-14 10:34:09 +01:00
Nikos Mavrogiannopoulos
766ab8ee21 Added function to print network interface statistics. 2014-01-14 10:20:47 +01:00
Nikos Mavrogiannopoulos
68bd5af105 free the output of gnutls_session_get_desc 2014-01-14 07:39:53 +01:00
Nikos Mavrogiannopoulos
81c20b9237 export ID env variable 2014-01-13 19:04:56 +01:00
Nikos Mavrogiannopoulos
2e068ad0b9 more files to ignore 2014-01-12 18:30:03 +01:00
Nikos Mavrogiannopoulos
cc6473a92a print file name instead of function name 2014-01-12 18:24:13 +01:00
Nikos Mavrogiannopoulos
823190475b print textual name of messages exchanged. 2014-01-12 18:23:29 +01:00
Nikos Mavrogiannopoulos
39572b3d48 Store User-Agent information and send to occtl. 2014-01-12 14:35:58 +01:00
Nikos Mavrogiannopoulos
b8a4fdf530 unset needs_compact_auth if client changes its mind. 2014-01-12 14:19:10 +01:00
Nikos Mavrogiannopoulos
a08a03d70e use a common version message. 2014-01-12 14:09:07 +01:00
Nikos Mavrogiannopoulos
4a8513b393 use config-auth header in success message 2014-01-12 14:08:13 +01:00
Nikos Mavrogiannopoulos
4fe59287f5 removed vpn-client-pkg-version which didn't seem to affect anything. 2014-01-12 14:06:23 +01:00
Nikos Mavrogiannopoulos
6fea92a961 combined CSCOT URLs 2014-01-12 12:40:58 +01:00
Nikos Mavrogiannopoulos
2e2310187d Replaced the username cookie with a compact auth option. 
That option performs authentication of username, password in
a single go for clients that request Connection: Close.
 2014-01-12 12:01:08 +01:00
Nikos Mavrogiannopoulos
151f107591 use config-auth XML format. 2014-01-12 11:04:42 +01:00
Nikos Mavrogiannopoulos
eb09efb6d7 corrected size calculation for CONFIG_MSG 2014-01-12 10:23:39 +01:00
Nikos Mavrogiannopoulos
3c82dc7787 report the file name plus line instead of function name. 2014-01-12 10:19:42 +01:00
Nikos Mavrogiannopoulos
3d0a69e5f6 Indicate properly the status of TLS authentication when a client has reconnected. 2014-01-12 10:16:10 +01:00
Nikos Mavrogiannopoulos
089e8a7c30 updated copyrights 2014-01-12 10:01:48 +01:00
Nikos Mavrogiannopoulos
eba1c9255b Allow a client to reconnect and continue authentication. 
That allows clients like CISCO anyconnect to resume authentication
in a different session by keeping the username in a cookie. That
works only when a single password is used.
 2014-01-12 09:52:31 +01:00
Nikos Mavrogiannopoulos
1aee463ab4 Advertize a very low version of client. 2014-01-11 23:53:47 +01:00
Nikos Mavrogiannopoulos
a545062cec stricter check of acceptable states. 2014-01-11 23:40:49 +01:00
Nikos Mavrogiannopoulos
50d63259b8 more debug messages and be more strict when cannot read the password. 2014-01-11 23:30:49 +01:00
Nikos Mavrogiannopoulos
0024a9d4a9 Added more debugging messages. 2014-01-11 23:19:40 +01:00
Nikos Mavrogiannopoulos
2a9d17a7bf increased maximum name size of DTLS cipher and other occtl cleanups. 2014-01-11 22:23:10 +01:00
Nikos Mavrogiannopoulos
043355799d Added human_addr2() which will display port number only when requested. 2014-01-11 22:12:28 +01:00
Nikos Mavrogiannopoulos
e5466c0688 reduced space for IPs 2014-01-11 22:08:20 +01:00
Nikos Mavrogiannopoulos
a66a620f58 corrected reporting of VPN IP addresses. 2014-01-11 22:03:47 +01:00
Nikos Mavrogiannopoulos
5ba6deb66f better reporting of ciphersuite and group name. 2014-01-11 22:01:11 +01:00
Nikos Mavrogiannopoulos
249734c1f7 corrected default pager behavior 2014-01-11 21:58:13 +01:00
Nikos Mavrogiannopoulos
fd2d640e0a increased sizes for ciphersuite name, and decreased maximum size for the DTLS ciphersuite (as we use openssl's short names) 2014-01-11 21:54:20 +01:00
Nikos Mavrogiannopoulos
a5ae35a279 removed dbus_message_iter_has_next() as it behaves differently on different versions. 2014-01-11 21:52:14 +01:00
Nikos Mavrogiannopoulos
77ecb0461b more debugging info 2014-01-11 21:46:10 +01:00
Nikos Mavrogiannopoulos
770004032e ignore sigpipe and print (none) when no group is available. 2014-01-11 21:21:28 +01:00
Nikos Mavrogiannopoulos
3ccd12673a Added configure option to specify the default pager for occtl. 2014-01-11 21:21:18 +01:00
Nikos Mavrogiannopoulos
ea45e710d0 Better error checking and cleaned up support for scripts. 2014-01-11 20:37:46 +01:00
Nikos Mavrogiannopoulos
d6060587e2 make sure that recvmsg() will continue after signal 2014-01-11 15:43:02 +01:00
Nikos Mavrogiannopoulos
d10873f2ff use TUNSETPERSIST 2014-01-11 15:29:00 +01:00
Nikos Mavrogiannopoulos
4d09a8612d systemd file installation is optional 2014-01-11 14:49:27 +01:00