GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,348 Commits 19 Branches 88 Tags
eabfbe8473688790832babcb3fb59e5358fe658d
Commit Graph

139 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
eabfbe8473 Added configuration option 'restrict-user-to-ports' 
This option is intended to allow restricting users to accessing
specific ports once they enter the VPN. The rules set using this
option will be enforced by the ocserv-fw script.
 2015-12-02 10:38:12 +01:00
Nikos Mavrogiannopoulos
b11567dd64 include ocserv-fw 2015-11-28 23:11:14 +01:00
Nikos Mavrogiannopoulos
183820ae3c ocserv-fw: Added script to restrict clients to their allowed routes 
That is when called as a connect/disconnect script it restricts the client
to the routes it is allowed to see, and prevents it from accessing anything
else.
 2015-11-23 16:04:19 +01:00
Nikos Mavrogiannopoulos
3c653fa747 worker-extras -> worker-http-handers 2015-11-13 10:24:02 +01:00
Nikos Mavrogiannopoulos
8d17358c8b don't export LIBTALLOC_CFLAGS when using the included 2015-11-11 16:25:45 +01:00
Nikos Mavrogiannopoulos
d9d246a375 finish move of ctl.proto to common/ 2015-11-11 16:10:31 +01:00
Nikos Mavrogiannopoulos
3ba4c2b618 move common sources to common/ 2015-11-11 14:59:30 +01:00
Nikos Mavrogiannopoulos
6c3e5d31a7 ccan: build as an included library 2015-11-11 14:03:55 +01:00
Nikos Mavrogiannopoulos
805db4f9f6 use an intermediate protobuf library for the included protobuf sources 2015-11-11 13:35:25 +01:00
Nikos Mavrogiannopoulos
33f9b57714 occtl: move ctl.h in occtl/ and fixed args.def to include version.inc 2015-10-31 00:09:24 +01:00
Nikos Mavrogiannopoulos
037225a6da use nettle's base64 implementation 2015-10-30 14:47:19 +01:00
Nikos Mavrogiannopoulos
7a4fc3b0aa moved ip-related macros to ip-util 2015-10-30 14:03:24 +01:00
Nikos Mavrogiannopoulos
4ae1c3e2ff occtl and ocpasswd were moved into separate directories 2015-10-30 13:51:19 +01:00
Nikos Mavrogiannopoulos
e5d02eb228 plain auth: support OTP authentication using usersfile 
That adds a dependency on liboath.
 2015-09-25 15:03:38 +02:00
Nikos Mavrogiannopoulos
ab923f8aaf corrected build flags for out-of-tree builds 2015-09-21 12:27:05 +02:00
Nikos Mavrogiannopoulos
1bfa6e7648 Reinstated the PAM accounting method 
It can be used to check for a valid PAM account, even when
certificates or another authentication method is in use.
 2015-09-18 16:45:32 +02:00
Nikos Mavrogiannopoulos
ddd5ebc743 setproctitle: overwrite argv and argc 2015-08-31 16:35:19 +02:00
Nikos Mavrogiannopoulos
1c64073cf2 pam: removed accounting; it served no purpose 
In fact it could even cause issues in the security-module
depending on what was configured in PAM.
 2015-08-31 16:19:48 +02:00
Nikos Mavrogiannopoulos
587fcdfc36 Separated the proxy protocol code 2015-07-16 11:43:04 +02:00
Nikos Mavrogiannopoulos
321bb72ede combined cfg.h and common-config.h 2015-06-17 09:56:50 +02:00
Nikos Mavrogiannopoulos
a5b2175219 Lifted the limit by MAX_CONFIG_ENTRIES 
Now entries in the configuration file are limited by available
memory.
 2015-06-17 09:52:02 +02:00
Nikos Mavrogiannopoulos
005d3f4376 gssapi: allow group setting using getpwnam 2015-06-11 15:40:42 +02:00
Nikos Mavrogiannopoulos
2bce9455a0 use radcli as the radius library if found 2015-06-05 22:36:02 +02:00
Nikos Mavrogiannopoulos
54ad0a413c occtl: properly escape JSON strings 2015-05-29 09:52:54 +02:00
Nikos Mavrogiannopoulos
374ae17a4d split KKDCP config line parsing from config.c 2015-05-28 15:53:26 +02:00
Nikos Mavrogiannopoulos
89500cb205 removed dbus option 2015-05-26 16:12:49 +02:00
Nikos Mavrogiannopoulos
1ca573ff16 occtl: added --json option 
This allows to parse the output data using automated tools.
 2015-05-26 16:09:25 +02:00
Nikos Mavrogiannopoulos
65c83c6e84 added option to completely disable compression support 2015-03-01 09:50:24 +01:00
Nikos Mavrogiannopoulos
056730e931 removed duplicate entries in makefile 2015-02-26 20:58:49 +01:00
Nikos Mavrogiannopoulos
9c9ac721c2 include kkdcp_asn1_tab.c only when GSSAPI is included 2015-02-26 20:39:53 +01:00
Nikos Mavrogiannopoulos
9552638acd occtl: added cache and completion for IP addresses 2015-02-26 16:27:19 +01:00
Nikos Mavrogiannopoulos
a617485232 enforce of IP banning was moved to main 2015-02-25 13:16:56 +01:00
Nikos Mavrogiannopoulos
3222cedb99 simplify the communication between main and sec-mod 2015-02-25 10:33:25 +01:00
Nikos Mavrogiannopoulos
e16ae6614c Added more advanced suboption parser 
That adds the ability to parse options in the form:
auth = "gssapi[option1=value1,option2=value2,...]
It also introduces the keytab, and require-local-user-map
suboptions for gssapi.
 2015-02-24 11:50:55 +01:00
Nikos Mavrogiannopoulos
40e96aae45 Separated accounting from authentication. 2015-02-23 15:19:44 +01:00
Nikos Mavrogiannopoulos
773d277802 kkdcp: perform the proper encoding and decoding on exchanged data 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
6334bada15 renamed urlfw to kkdcp 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
494738dd55 Added url-fw config option 
That allows to specify a class of URLs where, if a client
POSTS to it, the data will be forwarded to the configured server,
and the client will receive its reply.
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
8bb0af61bc Added GSSAPI as an additional password auth mechanism 
That also adds the ability to support an OR composition of multiple
authentication methods. That is using the 'enable-auth' config option.
 2015-02-19 11:47:20 +01:00
Joerg Mayer
12f7d42851 Fix out of tree build. 
Signed-off-by: Joerg Mayer <jmayer@loplof.de>
 2015-02-13 14:00:11 +01:00
Aron Xu
d4b6d97697 Replace LIBSYSTEMD_DAEMON with LIBSYSTEMD 
Signed-off-by: Aron Xu <aron@debian.org>
 2015-01-24 10:15:05 +01:00
Nikos Mavrogiannopoulos
ac80bbdbf0 include http-heads.h into ocserv's sources 2015-01-21 07:51:03 +01:00
Nikos Mavrogiannopoulos
4a372f4e05 Replace header_check() mess with a gperf table 2015-01-16 11:07:10 +01:00
Nikos Mavrogiannopoulos
dcf47899e0 Moved HTTP parts of worker to worker-http.c 2015-01-16 10:56:35 +01:00
Nikos Mavrogiannopoulos
85d3162f45 Added support for LZS 2015-01-15 22:58:17 +01:00
Nikos Mavrogiannopoulos
3c023ffe5e Added support for LZ4 compression 2015-01-15 16:39:36 +01:00
Nikos Mavrogiannopoulos
766afb591a Added support for reading user configuration from radius. 2014-12-09 15:38:27 +01:00
Nikos Mavrogiannopoulos
2194e11b39 Added support for radius authentication 2014-12-09 10:59:18 +01:00
Nikos Mavrogiannopoulos
baa3e4701e Supplementary configuration is now read by the security module. 
That allows sec-mod to handle both authentication and accounting.
That deprecates the session-control configuration option.
 2014-12-08 13:52:28 +01:00
Nikos Mavrogiannopoulos
53005a2cfd use hash tables to locate proc entries 
That would avoid a walk on all connected clients, when a
new UDP session starts.
 2014-10-27 15:01:05 +01:00