GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,178 Commits 19 Branches 88 Tags
f9daea3f3b06c1c200767cd4ee54f795f84db27b
Commit Graph

2178 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
f9daea3f3b tests: kerberos: updated to account the change in IPv6 address assignment 2015-09-04 15:53:05 +02:00
Nikos Mavrogiannopoulos
199b3fdfce Store the configuration file internally to avoid dependency on cmdline arguments 
That allows reloading the configuration even after our setproctitle()
has overwritten the argv arguments.
 2015-09-04 14:17:38 +02:00
Nikos Mavrogiannopoulos
e2d2d033f2 tests: updated for change in IPv6 address assignment 2015-09-03 17:00:16 +02:00
Nikos Mavrogiannopoulos
bed8335145 doc update 2015-09-03 16:03:44 +02:00
Nikos Mavrogiannopoulos
cb759d966c use the complete mask when assigning IPv6 addresses 2015-09-03 16:03:43 +02:00
Nikos Mavrogiannopoulos
da830ab3e5 .gitignore: ignore binaries in tests/ 2015-09-03 13:42:15 +02:00
Nikos Mavrogiannopoulos
76712ef87f Keep PAM in the accounting types but simply ignore it. 
That requires no configuration changes for system where this
was accidentally enabled.
 2015-08-31 16:38:05 +02:00
Nikos Mavrogiannopoulos
ddd5ebc743 setproctitle: overwrite argv and argc 2015-08-31 16:35:19 +02:00
Nikos Mavrogiannopoulos
edb0cc3039 doc update 2015-08-31 16:26:06 +02:00
Nikos Mavrogiannopoulos
1c64073cf2 pam: removed accounting; it served no purpose 
In fact it could even cause issues in the security-module
depending on what was configured in PAM.
 2015-08-31 16:19:48 +02:00
Nikos Mavrogiannopoulos
144c6454e0 doc update 2015-08-28 11:42:31 +02:00
Nikos Mavrogiannopoulos
b674a46af6 occtl: print the configured split-dns domains 2015-08-28 11:41:58 +02:00
Nikos Mavrogiannopoulos
35ed4811e5 config: avoid crash when parsing empty subconfig strings 
Reported by Niels Peen.
 2015-08-28 11:11:30 +02:00
Nikos Mavrogiannopoulos
15d637db96 tests: connect script fixes 
The connect script used for proxyproto no longer needs /tmp/connect,
it will create it.
 2015-08-25 17:47:03 +02:00
Nikos Mavrogiannopoulos
f63e0cf65e human_addr2(): only attempt to parse INET addresses 2015-08-25 12:48:44 +02:00
Nikos Mavrogiannopoulos
91926c3d57 Enforce banned list even when proxy protocol is in use 
That would be later in the authentication process by the time
main is notified of the peer's IP. That is a compromise between
terminating a malicious client early (before fork), and handling
the proxy protocol in the privileged main process, which may
reduce the overall security.
 2015-08-25 10:13:07 +02:00
Nikos Mavrogiannopoulos
dca5fb3d9b prior to release check that the version of libopts matches the included 2015-08-22 21:48:54 +02:00
Nikos Mavrogiannopoulos
4f8afab8f1 tests: include proxyproto-unix-test to the test suite 2015-08-22 20:19:41 +02:00
Nikos Mavrogiannopoulos
1b7e4c1075 doc update 2015-08-22 20:13:46 +02:00
Nikos Mavrogiannopoulos
8ed48a14bb tests: check whether IPs are being passed correctly to script when in proxyproto 
That is check whether the remote IP passed is other than localhost,
and there is a non-empty IP_REAL_LOCAL.
 2015-08-22 20:13:46 +02:00
Nikos Mavrogiannopoulos
f8c7bccfa1 occtl: print the Local Device IP (the IP the user connected to) 2015-08-22 20:13:46 +02:00
Nikos Mavrogiannopoulos
d03f364058 proxyproto: corrected address type setting in our address 2015-08-22 20:13:46 +02:00
Nikos Mavrogiannopoulos
8ae336f2ba worker: notify early main on session info 
That allows to pass TLS information early, but more importantly
to pass information on the IP of the client (and our listen IP),
to main, which will be provided in turn to the up and down scripts,
as well as occtl.
 2015-08-22 20:13:46 +02:00
Nikos Mavrogiannopoulos
344167fd5c Be more verbose when CRLs are being loaded 2015-08-21 13:23:37 +02:00
Nikos Mavrogiannopoulos
0dbcb02861 doc: mention the facility log messages are sent to 2015-08-17 14:31:36 +02:00
Nikos Mavrogiannopoulos
ab93ea4d82 Log info message when the control socket is disabled 2015-08-17 14:27:11 +02:00
Nikos Mavrogiannopoulos
6085ec6ef3 On BSD systems only set IP_RECVDSTADDR when using IPv4 2015-08-17 14:24:35 +02:00
Nikos Mavrogiannopoulos
2a949e99c4 configure: discover suitable sed program 2015-08-17 14:20:41 +02:00
Nikos Mavrogiannopoulos
af6a44c346 config: remove whitespace from the end of strings 2015-08-17 14:13:12 +02:00
Nikos Mavrogiannopoulos
7b53d4063b use ':' instead of /bin/true for non-existing programs 2015-08-07 10:34:29 +02:00
Nikos Mavrogiannopoulos
c43d2ba82f bumped version ocserv_0_10_7 2015-08-06 18:43:24 +02:00
Nikos Mavrogiannopoulos
6586d39ed3 tests: don't expose any ports in docker tests 2015-08-06 17:32:57 +02:00
Nikos Mavrogiannopoulos
584c2dda5b proxyproto: use it to figure our IP 
Also made more precise the length checks in proxyproto values.
 2015-08-06 17:32:27 +02:00
Nikos Mavrogiannopoulos
67f6be9e9b proxyproto: allow for headers which have precisely 520-bytes of data 2015-08-05 15:08:56 +02:00
Nikos Mavrogiannopoulos
27509d267b tests: allow compilation without libopts 2015-07-23 20:54:38 +03:00
Nikos Mavrogiannopoulos
4468b64fb4 doc update 2015-07-16 11:53:21 +02:00
Nikos Mavrogiannopoulos
d9a80b184f tests: increased waiting time for radius-test-config 
That avoids random failures of script.
 2015-07-16 11:51:54 +02:00
Nikos Mavrogiannopoulos
ef761cfdb7 doc update 2015-07-16 11:51:23 +02:00
Nikos Mavrogiannopoulos
aa3bdc03d2 doc update 2015-07-16 11:43:41 +02:00
Nikos Mavrogiannopoulos
587fcdfc36 Separated the proxy protocol code 2015-07-16 11:43:04 +02:00
Nikos Mavrogiannopoulos
20937ee29a tests: Added check for proxy protocol with certificates 2015-07-16 10:01:13 +02:00
Nikos Mavrogiannopoulos
b75c3ecf30 make explicit the rejection of certificate messages 2015-07-16 10:00:50 +02:00
Nikos Mavrogiannopoulos
bc4f866ec0 Added support for reading the client cert verification status and CN from proxy protocol 2015-07-16 09:58:15 +02:00
Nikos Mavrogiannopoulos
3d36aedb6c doc update 2015-07-15 13:06:43 +02:00
Nikos Mavrogiannopoulos
f7c9379971 tests: added check for proxy protocol 2015-07-15 13:05:48 +02:00
Nikos Mavrogiannopoulos
17e71dccd8 Added support for proxy protocol (v2) 2015-07-15 13:03:58 +02:00
Nikos Mavrogiannopoulos
7992d58fc7 doc update 2015-07-10 10:59:08 +02:00
Nikos Mavrogiannopoulos
8b4bc75b3f tests: fixed unreliable password entry in PAM test 2015-07-10 10:54:03 +02:00
Nikos Mavrogiannopoulos
48dc6c8ca1 radius: set the NAS_PORT via the rc_aaa() API 
This avoids a duplicate NAS-Port entry with the
freeradius-client library.
 2015-07-10 10:40:08 +02:00
Nikos Mavrogiannopoulos
c342fc6f09 tests: increased waiting time in radius tests to account for time fuzz 2015-07-10 10:07:52 +02:00