GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-14 06:48:16 +08:00
Code Issues Packages Projects Releases Wiki Activity
850 Commits 17 Branches 89 Tags
f6244539b9730d1dac49fc78ab357c9a9aae8a52
Commit Graph

850 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
413ba6120c avoid @AUTOGEN@ 2013-12-13 18:36:34 +01:00
Nikos Mavrogiannopoulos
a1fda9bd27 Added newline 2013-12-13 18:32:42 +01:00
Nikos Mavrogiannopoulos
2922244239 doc update 2013-12-13 17:39:41 +01:00
Nikos Mavrogiannopoulos
f2cf03f40e the generation of makefile isn't conditional 2013-12-13 17:24:20 +01:00
Nikos Mavrogiannopoulos
6ccdbe67c6 updated 2013-12-11 11:05:10 +01:00
Nikos Mavrogiannopoulos
90cdb97f4a doc update 2013-12-11 10:17:38 +01:00
Nikos Mavrogiannopoulos
dee376e8b1 reduced cookie size by only writing down the ipv4 seed. 2013-12-11 10:14:31 +01:00
Nikos Mavrogiannopoulos
cb5092e820 Augmented cookie format to store the seeds used to generate IPv4 and IPv6 addresses. 
This ensures that if the IP previously used by a user is free, it will
be reassigned to him after a reconnection with the same cookie.
 2013-12-11 10:03:47 +01:00
Nikos Mavrogiannopoulos
80a7ac124c corrected typo 2013-12-11 09:52:58 +01:00
Nikos Mavrogiannopoulos
0d1b3976ab use IPV6_CHECKSUM only when available. 2013-12-11 08:54:15 +01:00
Nikos Mavrogiannopoulos
dd162faf36 reorder 2013-12-11 08:50:30 +01:00
Nikos Mavrogiannopoulos
3ef0667ee7 corrected typo 2013-12-11 08:49:46 +01:00
Nikos Mavrogiannopoulos
7cce5f049c include netinet/ip.h prior to ip_icmp.h to have struct ip defined. 2013-12-11 08:48:41 +01:00
Nikos Mavrogiannopoulos
60893a11d7 define ICMP_DEST_UNREACH in systems where it is not available 2013-12-11 08:47:27 +01:00
Nikos Mavrogiannopoulos
8a9402a4ab corrected typo 2013-12-11 08:43:19 +01:00
Kevin Cernekee
1176d2b7b8 Fix multiple session disconnect when max-same-clients is 0 
max-same-clients is used to limit the number of outstanding sessions
(cookies).  If set to 0, it means an unlimited number of active cookies
can be owned by each user.  But it doesn't mean that the same cookie
can be reused for multiple CSTP connections with different IPs, as
the protocol does not normally work this way.
 2013-12-11 08:35:34 +01:00
Nikos Mavrogiannopoulos
791d776320 more verbose messages. 2013-12-10 17:17:41 +01:00
Nikos Mavrogiannopoulos
4c0da4b288 updated debug messages. 2013-12-10 17:08:02 +01:00
Nikos Mavrogiannopoulos
9923e74721 doc update 2013-12-10 11:07:17 +01:00
Nikos Mavrogiannopoulos
c6a08db6db Added support for cgroups 2013-12-10 11:07:08 +01:00
Nikos Mavrogiannopoulos
fd25969aca simplified reading the net-priority option 2013-12-10 10:05:36 +01:00
Nikos Mavrogiannopoulos
b4c2aebd9e doc update 2013-12-10 08:41:09 +01:00
Nikos Mavrogiannopoulos
74385e6a30 corrected DPD sending in TLS. Reported by Kevin Cernekee. 2013-12-10 08:35:48 +01:00
Nikos Mavrogiannopoulos
b21f05df06 Allow setting directly the IP_TOS from net-priority. 2013-12-09 22:59:44 +01:00
Nikos Mavrogiannopoulos
d601a8506a conditionally use SO_PRIORITY 2013-12-09 22:15:31 +01:00
Nikos Mavrogiannopoulos
ca93854758 do check the username validity only when a certificate is present. 2013-12-09 22:13:35 +01:00
Nikos Mavrogiannopoulos
b267ba203f adjusted severity 2013-12-09 22:10:29 +01:00
Nikos Mavrogiannopoulos
c5e656a916 simplified setting of additional configuration in the worker process 2013-12-09 19:59:46 +01:00
Nikos Mavrogiannopoulos
e367acc41d corrected typo 2013-12-09 19:56:50 +01:00
Nikos Mavrogiannopoulos
e2c5db109e doc update 2013-12-09 19:49:01 +01:00
Nikos Mavrogiannopoulos
480c5f5a44 do not require a certificate when authenticating with cookie and always-require-cert is set to false. 2013-12-09 19:47:52 +01:00
Nikos Mavrogiannopoulos
8f40c5c18e Added more verbose logging 2013-12-09 19:45:29 +01:00
Nikos Mavrogiannopoulos
3fbac00817 sec-mod ensures that requests come from the correct user. 2013-12-09 15:39:40 +01:00
Nikos Mavrogiannopoulos
665d390746 doc update 2013-12-09 15:39:23 +01:00
Nikos Mavrogiannopoulos
4f9a09a3ff doc update 2013-12-09 15:16:59 +01:00
Nikos Mavrogiannopoulos
6cb553e9a8 Added the net-priority configuration option. 
That option allows setting the protocol-defined priority (via SO_PRIORITY)
for the UDP and TCP sockets, per user/group or globally.
 2013-12-09 14:40:55 +01:00
Nikos Mavrogiannopoulos
74a566c540 enforce the RLIMIT_FSIZE and RLIMIT_AS 2013-12-09 11:44:22 +01:00
Nikos Mavrogiannopoulos
8148367e16 use iphdr only when available 2013-12-09 10:27:30 +01:00
Nikos Mavrogiannopoulos
f3dd34d409 doc update 2013-12-08 14:00:34 +01:00
Nikos Mavrogiannopoulos
bfb272ff99 do not return empty usernames 2013-12-08 13:57:02 +01:00
Nikos Mavrogiannopoulos
cd2a4d1abf Added test-pam (which is only run manually) 2013-12-08 13:42:57 +01:00
Nikos Mavrogiannopoulos
816c51c7d2 reduced fragility of the tests 2013-12-08 13:28:26 +01:00
Nikos Mavrogiannopoulos
32bfe5f6ae store temp files in a fixed dir 2013-12-08 13:07:10 +01:00
Nikos Mavrogiannopoulos
c256f14c33 Allow PAM to update username 2013-12-08 13:00:28 +01:00
Nikos Mavrogiannopoulos
babf53c442 explicitly initialize module 2013-12-08 12:43:59 +01:00
Nikos Mavrogiannopoulos
d407ef7978 removed newline from log messages 2013-12-08 11:37:27 +01:00
Nikos Mavrogiannopoulos
a30abe3bb7 Only add new leases to hash table (and print the assigned IPs). 2013-12-08 11:32:43 +01:00
Nikos Mavrogiannopoulos
d8f1ec4473 print more details on certificate verification failure. 2013-12-08 08:41:06 +01:00
Nikos Mavrogiannopoulos
842025c979 Conditionally include system specific headers. 2013-12-08 08:35:14 +01:00
Nikos Mavrogiannopoulos
56f10baad3 if no udp port is set do not bother sending DTLS info to client. 2013-12-07 20:42:36 +01:00