GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,862 Commits 19 Branches 88 Tags
eba415def64b96b4b04c959981b672ccf059aacc
Commit Graph

1862 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
c0ceeba0f8 Fail if authentication modules are changed on reload 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
bfeab4b015 Additional data are passed only to auth module's global_init 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
2d72c0a526 doc update 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
01ec22db27 Allow setting content-type urlfw, and allow tcp 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
ac4ca3cd70 updated documentation 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
494738dd55 Added url-fw config option 
That allows to specify a class of URLs where, if a client
POSTS to it, the data will be forwarded to the configured server,
and the client will receive its reply.
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
41a6c25a91 use vasprintf() in cstp_printf() 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
11f43f144a eliminated auth message upper limit 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
4bbd987525 test-gssapi: added check for gssapi authentication 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
065bcbd2ea increased maximum message size to 2048 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
daa18cae8d Ensure that any messages are being forwarded even on success packet 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
51ab9a97d0 only print WWW-Authenticate when there are data to print 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
a08329b398 Allow GSSAPI authentication even from GET commands 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
e865dcb354 In certificate verification separate between no certificate and verification failure 2015-02-19 11:47:20 +01:00
Kevin Cernekee
370fa01de6 gssapi: Don't include gssapi header files if !HAVE_GSSAPI 
This fixes:

      CC       auth/gssapi.o
    auth/gssapi.c:30:27: fatal error: gssapi/gssapi.h: No such file or directory
     #include <gssapi/gssapi.h>
                               ^
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
507d6cc502 test-pass-opt-cert: updated for enable-auth config option 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
afef74fa23 removed the certificate[optional] auth type 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
8bb0af61bc Added GSSAPI as an additional password auth mechanism 
That also adds the ability to support an OR composition of multiple
authentication methods. That is using the 'enable-auth' config option.
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
5e4763d229 bumped version ocserv_0_9_2 2015-02-18 08:12:19 +01:00
Nikos Mavrogiannopoulos
a6f6dea2cb ip-lease: use 128 as prefix in local IP 2015-02-17 10:10:52 +01:00
Nikos Mavrogiannopoulos
579900211e doc update 2015-02-16 23:04:17 +01:00
Nikos Mavrogiannopoulos
8d08df70cc tests: updated for new IPv4 assignment 2015-02-16 23:03:29 +01:00
Nikos Mavrogiannopoulos
e959c8cfab manpage: generate a DER PKCS #12 file 2015-02-16 23:02:00 +01:00
Nikos Mavrogiannopoulos
ce19dca719 avoid using the IPv4 network address as tun address, and simplify valid address checking 2015-02-16 23:00:59 +01:00
Nikos Mavrogiannopoulos
aa72455d39 doc update 2015-02-16 15:33:12 +01:00
Nikos Mavrogiannopoulos
f94276fc73 ip-lease: fixed hash value for IPv6 leases 
This corrects the unique check for assigned IPv6 addresses.
 2015-02-16 15:31:43 +01:00
Nikos Mavrogiannopoulos
ebcf2f7352 tests: fix pings to IPv6 addresses for the new tun address 2015-02-16 15:14:07 +01:00
Nikos Mavrogiannopoulos
31fb3b680f In IPv6 use the network address + 1 as the tun address 2015-02-16 15:13:30 +01:00
Nikos Mavrogiannopoulos
683fd2ec28 radius-test: completed test 2015-02-16 13:21:14 +01:00
Nikos Mavrogiannopoulos
a2f52c58cc full/unix-test: updated for new IP assignments 2015-02-16 13:19:22 +01:00
Nikos Mavrogiannopoulos
ad52336a14 Linux ipv6: assign route to the remote IP 2015-02-16 13:16:48 +01:00
Nikos Mavrogiannopoulos
e22a1d7f42 doc update 2015-02-15 12:23:42 +01:00
Nikos Mavrogiannopoulos
137e584538 force relative names on the socket file to allow it being accessible from main and workers 2015-02-15 12:23:39 +01:00
Nikos Mavrogiannopoulos
53b9bbe603 configure: use seccomp where it is available 2015-02-15 08:28:08 +01:00
Nikos Mavrogiannopoulos
a07be822ac use IPV6_V6ONLY flag only when defined ocserv_0_9_1 2015-02-15 08:21:39 +01:00
Nikos Mavrogiannopoulos
0794a32567 use headers for clone() only when ENABLE_LINUX_NS is defined 2015-02-15 08:21:22 +01:00
Nikos Mavrogiannopoulos
f3249a70aa doc update 2015-02-15 08:04:41 +01:00
Nikos Mavrogiannopoulos
9e3695ec15 tests: added missing file 2015-02-15 07:55:38 +01:00
Stuart Henderson
56c2d9a74a header/macro fix for OpenBSD 
Signed-off-by: Stuart Henderson <stu@spacehopper.org>
 2015-02-14 18:53:26 +01:00
Stuart Henderson
7cb57b162b correct byte-order for tun header 
Signed-off-by: Stuart Henderson <stu@spacehopper.org>
 2015-02-14 18:51:59 +01:00
Nikos Mavrogiannopoulos
d75c1d18a2 use writev() and readv() for tun_read/write in OpenBSD 2015-02-14 14:36:46 +01:00
Nikos Mavrogiannopoulos
9d5106995c Handle OpenBSD's additional tun header 2015-02-14 14:22:00 +01:00
Nikos Mavrogiannopoulos
82a0c334ba oc_recvfrom_at: correctly set *addrlen 2015-02-14 14:06:08 +01:00
Nikos Mavrogiannopoulos
1b9fe50628 Set blocking mode to fd returned by accept 
That addresses issues in OpenBSD where the fd is
set to non blocking when the accept's fd is non blocking.
 2015-02-14 11:49:26 +01:00
Nikos Mavrogiannopoulos
ff5c721d30 doc update 2015-02-14 11:14:53 +01:00
Nikos Mavrogiannopoulos
df81d16f9d added missing colon 2015-02-14 08:06:53 +01:00
Nikos Mavrogiannopoulos
14d8c34e60 Attempted to simplify the BSD tun handling code 2015-02-13 23:34:34 +01:00
Stuart Henderson
2c0849c8a9 BSD patches for ocserv 
Iterate over tunXX devices, for BSDs that can't just open /dev/tun to
retrieve the "next available tun".

This is just copied with minor changes from openconnect/src/tun.c,

Signed-off-by: Stuart Henderson <stu@spacehopper.org>
 2015-02-13 23:21:05 +01:00
Stuart Henderson
a2b947de6f BSD patches for ocserv 
Hi Nikos, here are patches for a couple of issues which are stopping ocserv
from building on OpenBSD (and might be causing problems on other OS too).
There's a bit more to do for OpenBSD, it does need the iteration as done
in openconnect's tun.c:405-410, I might have another diff for that later.

Signed-off-by: Stuart Henderson <stu@spacehopper.org>
 2015-02-13 20:34:13 +01:00
Joerg Mayer
d1c3e05b92 Fix one of the places where "make distcheck" fails: In case of success ocpasswd-test should not leave the last test output lying around 
Signed-off-by: Joerg Mayer <jmayer@loplof.de>
 2015-02-13 14:00:32 +01:00