Nikos Mavrogiannopoulos
e63913a8a7
set PAM_RHOST variable using the clients's IP.
2013-06-21 20:37:09 +02:00
Nikos Mavrogiannopoulos
f1d96bdd0a
bumped version
2013-06-15 22:56:11 +02:00
Nikos Mavrogiannopoulos
3dade4c305
ensure that the actual reads on DTLS are at maximum MTU-1.
2013-06-12 22:10:59 +02:00
Nikos Mavrogiannopoulos
84017d8593
bumped version
2013-06-12 13:33:56 +02:00
Nikos Mavrogiannopoulos
e9be6eff7d
corrected values returned in X-CSTP-MTU and X-DTLS-MTU
2013-06-10 19:39:19 +02:00
Nikos Mavrogiannopoulos
1521a3caaa
Removed ability to send binary files.
2013-06-07 11:36:34 +02:00
Nikos Mavrogiannopoulos
e50059b385
use X-SALSA20 to avoid any future conflicts
2013-06-07 11:33:15 +02:00
Nikos Mavrogiannopoulos
b61b31e40b
keep the connection alive
2013-06-03 22:13:23 +02:00
Nikos Mavrogiannopoulos
3e19393936
do not try to send binaries if no path is setup
2013-06-03 22:12:43 +02:00
Nikos Mavrogiannopoulos
754321c9e6
reorganized compatibility layer
2013-05-31 18:06:11 +02:00
Nikos Mavrogiannopoulos
10246b78c4
Allow downloading raw files from 1/binaries
2013-05-31 17:29:52 +02:00
Nikos Mavrogiannopoulos
92fb37672d
doc update
2013-05-27 22:43:05 +02:00
Nikos Mavrogiannopoulos
5be935dfd8
use gnutls_privkey_sign_hash() when available.
2013-05-27 22:39:29 +02:00
Nikos Mavrogiannopoulos
47587f9bf9
Check X-CSTP-Address-Type and don't send addresses that were not requested.
2013-05-27 22:27:35 +02:00
Nikos Mavrogiannopoulos
5783cd760b
Added gettimeofday in the list of syscalls
2013-05-23 16:58:54 +02:00
Nikos Mavrogiannopoulos
1a3b4911b9
bumped version
2013-05-23 16:08:33 +02:00
Nikos Mavrogiannopoulos
96a7f04237
doc update
2013-05-23 16:06:20 +02:00
Nikos Mavrogiannopoulos
2d4ac0bb3a
updated seccomp code
2013-05-22 20:16:07 +02:00
Nikos Mavrogiannopoulos
81dca4ccdc
more verbose printing of signal deaths
2013-05-22 16:21:33 +02:00
Nikos Mavrogiannopoulos
3271674773
simplified seccomp check
2013-05-22 16:08:27 +02:00
Nikos Mavrogiannopoulos
eb90dd78e3
use strtok() to parse client provided string.
2013-05-21 23:51:38 +02:00
Nikos Mavrogiannopoulos
489e0e1dc5
require gnutls 3.2.1 to enable salsa20
2013-05-21 23:38:03 +02:00
Nikos Mavrogiannopoulos
8ed0006c22
relax check on requirement on headers for libopts.
2013-05-21 22:41:57 +02:00
Nikos Mavrogiannopoulos
c723c70a3d
more files to ignore
2013-05-20 11:22:10 +02:00
Nikos Mavrogiannopoulos
b3cdd31dca
Added missing file
2013-05-20 11:03:50 +02:00
Nikos Mavrogiannopoulos
1519c0e4de
updated header
2013-05-20 11:03:26 +02:00
Nikos Mavrogiannopoulos
8b21699089
updated license information
2013-05-20 11:03:08 +02:00
Nikos Mavrogiannopoulos
e5fd319026
emulate gettime
2013-05-20 11:01:29 +02:00
Nikos Mavrogiannopoulos
7eef598a29
updated gnulib
2013-05-20 10:56:54 +02:00
Nikos Mavrogiannopoulos
3b158b19b4
doc fix
2013-05-19 20:08:02 +02:00
Nikos Mavrogiannopoulos
026c31e72a
do not restrict worker's memory
2013-05-19 19:05:13 +02:00
Nikos Mavrogiannopoulos
f803b2bdf6
estream ciphersuite was given priority
2013-05-19 14:10:08 +02:00
Nikos Mavrogiannopoulos
dac888f1f5
increased priority
2013-05-19 11:53:01 +02:00
Nikos Mavrogiannopoulos
d98a9c48c2
print DTLS ciphersuite
2013-05-19 11:24:00 +02:00
Nikos Mavrogiannopoulos
d568b4f920
doc update
2013-05-18 22:46:35 +02:00
Nikos Mavrogiannopoulos
5646c055a1
added missing files.
2013-05-18 17:29:10 +02:00
Nikos Mavrogiannopoulos
3be923c778
configure proceeds if regex library isn't found
2013-05-18 15:40:32 +02:00
Nikos Mavrogiannopoulos
f0afab6782
corrected cipher names
2013-05-17 22:01:53 +02:00
Nikos Mavrogiannopoulos
e8458828ee
Allow for a ciphersuite negotiation
2013-05-17 21:15:24 +02:00
Nikos Mavrogiannopoulos
766d3bec7e
small fixes
2013-05-17 20:21:08 +02:00
Nikos Mavrogiannopoulos
e679fd643f
reorganized HTTP header reading.
2013-05-17 20:07:58 +02:00
Nikos Mavrogiannopoulos
0aff05f0d2
corrected typo
2013-05-17 08:35:29 +02:00
Nikos Mavrogiannopoulos
9a39ec0ce6
documented fix
2013-05-16 23:10:32 +02:00
Faidon Liambotis
3071bda08a
Make seccomp failures non-fatal & lower log prio
...
Building a binary with --enable-seccomp and then running it on a < 3.5
kernel, results in seccomp_load() failing and ocserv's worker process
aborting. This might be okay-ish for users who ./configure && make
install on their own systems but it's obviously non-ideal for e.g.
distributions that need to distribute binaries.
Unfortunately there doesn't seem to be a good way (that I could find) to
check if the running kernel has seccomp -- uname/uts isn't a good
solution as Ubuntu has backported it to 3.2, custom kernels might have
CONFIG_SECCOMP=n etc.
So, this makes a tradeoff call and removes the exit_worker() call on
seccomp failures, lowers the seccomp error logs to LOG_DEBUG from
LOG_WARNING and the "could not disable system calls" to LOG_INFO from
LOG_ERR.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org >
2013-05-16 23:01:38 +02:00
Faidon Liambotis
3bfbe1a371
Workaround libseccomp bug & fix error handling
...
libseccomp has a bug where -EDOM is returned when seccomp_rule_add is
called for pseudo system calls (i.e. < -99). This was triggered by
adding the send() system call on my x86_64 machine. The bug seems to
have been recently (May 7th, 2013) reported and fixed on libseccomp
upstream but it will take a while to find its way to a release and
distributions.
Additionally, there was a bug on how libseccomp calls were error
handled: libseccomp functions don't actually set errno, but set errno
values in their return value instead. This resulted in the
seccomp_rule_add call above to print "could not add send to seccomp
filter: Success".
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org >
2013-05-16 23:00:06 +02:00
Nikos Mavrogiannopoulos
7bb5056d98
fixed length checks
2013-05-16 22:33:16 +02:00
Nikos Mavrogiannopoulos
ddae1e8339
check for children cleanup prior to checking for termination.
...
That allows to quickly terminate after the secmod death is detected.
2013-05-13 22:53:21 +02:00
Nikos Mavrogiannopoulos
30efc0433e
updated example
2013-05-13 22:50:35 +02:00
Nikos Mavrogiannopoulos
200e0cfaaa
use gnulib's ctype
2013-05-13 22:43:54 +02:00
Nikos Mavrogiannopoulos
538d909134
released
2013-05-07 23:48:07 +02:00
