GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-15 06:48:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
839 Commits 17 Branches 89 Tags
fe927da089120f5e0c5780d4183d61f030cc0bc5
Commit Graph

839 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
3ef0667ee7 corrected typo 2013-12-11 08:49:46 +01:00
Nikos Mavrogiannopoulos
7cce5f049c include netinet/ip.h prior to ip_icmp.h to have struct ip defined. 2013-12-11 08:48:41 +01:00
Nikos Mavrogiannopoulos
60893a11d7 define ICMP_DEST_UNREACH in systems where it is not available 2013-12-11 08:47:27 +01:00
Nikos Mavrogiannopoulos
8a9402a4ab corrected typo 2013-12-11 08:43:19 +01:00
Kevin Cernekee
1176d2b7b8 Fix multiple session disconnect when max-same-clients is 0 
max-same-clients is used to limit the number of outstanding sessions
(cookies).  If set to 0, it means an unlimited number of active cookies
can be owned by each user.  But it doesn't mean that the same cookie
can be reused for multiple CSTP connections with different IPs, as
the protocol does not normally work this way.
 2013-12-11 08:35:34 +01:00
Nikos Mavrogiannopoulos
791d776320 more verbose messages. 2013-12-10 17:17:41 +01:00
Nikos Mavrogiannopoulos
4c0da4b288 updated debug messages. 2013-12-10 17:08:02 +01:00
Nikos Mavrogiannopoulos
9923e74721 doc update 2013-12-10 11:07:17 +01:00
Nikos Mavrogiannopoulos
c6a08db6db Added support for cgroups 2013-12-10 11:07:08 +01:00
Nikos Mavrogiannopoulos
fd25969aca simplified reading the net-priority option 2013-12-10 10:05:36 +01:00
Nikos Mavrogiannopoulos
b4c2aebd9e doc update 2013-12-10 08:41:09 +01:00
Nikos Mavrogiannopoulos
74385e6a30 corrected DPD sending in TLS. Reported by Kevin Cernekee. 2013-12-10 08:35:48 +01:00
Nikos Mavrogiannopoulos
b21f05df06 Allow setting directly the IP_TOS from net-priority. 2013-12-09 22:59:44 +01:00
Nikos Mavrogiannopoulos
d601a8506a conditionally use SO_PRIORITY 2013-12-09 22:15:31 +01:00
Nikos Mavrogiannopoulos
ca93854758 do check the username validity only when a certificate is present. 2013-12-09 22:13:35 +01:00
Nikos Mavrogiannopoulos
b267ba203f adjusted severity 2013-12-09 22:10:29 +01:00
Nikos Mavrogiannopoulos
c5e656a916 simplified setting of additional configuration in the worker process 2013-12-09 19:59:46 +01:00
Nikos Mavrogiannopoulos
e367acc41d corrected typo 2013-12-09 19:56:50 +01:00
Nikos Mavrogiannopoulos
e2c5db109e doc update 2013-12-09 19:49:01 +01:00
Nikos Mavrogiannopoulos
480c5f5a44 do not require a certificate when authenticating with cookie and always-require-cert is set to false. 2013-12-09 19:47:52 +01:00
Nikos Mavrogiannopoulos
8f40c5c18e Added more verbose logging 2013-12-09 19:45:29 +01:00
Nikos Mavrogiannopoulos
3fbac00817 sec-mod ensures that requests come from the correct user. 2013-12-09 15:39:40 +01:00
Nikos Mavrogiannopoulos
665d390746 doc update 2013-12-09 15:39:23 +01:00
Nikos Mavrogiannopoulos
4f9a09a3ff doc update 2013-12-09 15:16:59 +01:00
Nikos Mavrogiannopoulos
6cb553e9a8 Added the net-priority configuration option. 
That option allows setting the protocol-defined priority (via SO_PRIORITY)
for the UDP and TCP sockets, per user/group or globally.
 2013-12-09 14:40:55 +01:00
Nikos Mavrogiannopoulos
74a566c540 enforce the RLIMIT_FSIZE and RLIMIT_AS 2013-12-09 11:44:22 +01:00
Nikos Mavrogiannopoulos
8148367e16 use iphdr only when available 2013-12-09 10:27:30 +01:00
Nikos Mavrogiannopoulos
f3dd34d409 doc update 2013-12-08 14:00:34 +01:00
Nikos Mavrogiannopoulos
bfb272ff99 do not return empty usernames 2013-12-08 13:57:02 +01:00
Nikos Mavrogiannopoulos
cd2a4d1abf Added test-pam (which is only run manually) 2013-12-08 13:42:57 +01:00
Nikos Mavrogiannopoulos
816c51c7d2 reduced fragility of the tests 2013-12-08 13:28:26 +01:00
Nikos Mavrogiannopoulos
32bfe5f6ae store temp files in a fixed dir 2013-12-08 13:07:10 +01:00
Nikos Mavrogiannopoulos
c256f14c33 Allow PAM to update username 2013-12-08 13:00:28 +01:00
Nikos Mavrogiannopoulos
babf53c442 explicitly initialize module 2013-12-08 12:43:59 +01:00
Nikos Mavrogiannopoulos
d407ef7978 removed newline from log messages 2013-12-08 11:37:27 +01:00
Nikos Mavrogiannopoulos
a30abe3bb7 Only add new leases to hash table (and print the assigned IPs). 2013-12-08 11:32:43 +01:00
Nikos Mavrogiannopoulos
d8f1ec4473 print more details on certificate verification failure. 2013-12-08 08:41:06 +01:00
Nikos Mavrogiannopoulos
842025c979 Conditionally include system specific headers. 2013-12-08 08:35:14 +01:00
Nikos Mavrogiannopoulos
56f10baad3 if no udp port is set do not bother sending DTLS info to client. 2013-12-07 20:42:36 +01:00
Nikos Mavrogiannopoulos
85eedc9f05 doc update 2013-12-07 18:58:56 +01:00
Nikos Mavrogiannopoulos
16629faffd removed unneeded include 2013-12-07 18:28:25 +01:00
Nikos Mavrogiannopoulos
8a919d236f udp-port can now be unset, and that will disable listening to UDP. 2013-12-07 17:44:31 +01:00
Nikos Mavrogiannopoulos
a53c4dba8e doc update 2013-12-06 17:52:38 +01:00
Nikos Mavrogiannopoulos
5929c7a171 doc update 2013-12-06 17:09:04 +01:00
Nikos Mavrogiannopoulos
55b6af3460 doc update 2013-12-06 16:17:48 +01:00
Nikos Mavrogiannopoulos
d4a56c6a33 initialize values prior to list_for_each() calls, to avoid static analysers complaints on garbage values. 2013-12-06 14:50:48 +01:00
Nikos Mavrogiannopoulos
b90c160b01 undefine LIST_HEAD and LIST_HEAD_INIT 2013-12-06 14:18:57 +01:00
Nikos Mavrogiannopoulos
f1ddf6729e bumped version 2013-12-06 10:11:58 +01:00
Nikos Mavrogiannopoulos
cde9324363 Use the correct sighandler definition on different systems. 2013-12-06 09:46:59 +01:00
Nikos Mavrogiannopoulos
190e81707e use regex for comparison 2013-12-05 20:53:35 +01:00