GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,443 Commits 19 Branches 88 Tags
ff5b2b7aad7760b15f0d5f978d0c226f23a972c9
Commit Graph

72 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
ff5b2b7aad Use 32-bit length variable for transferring between occtl and ocserv 
This allows to handle the transfer of long data between ocserv and occtl.
Reported by Liviu.

Resolves #29
 2016-01-28 13:53:21 +01:00
Nikos Mavrogiannopoulos
ced5e9b3f4 sec-mod: ensure keys are always initialized to NULL 
Addresses crash due to b6df22c8c3
 2016-01-27 12:08:33 +01:00
Nikos Mavrogiannopoulos
b6df22c8c3 Reload the certificates and private keys on SIGHUP 
Until now this part of the configuration was static, but
there is the need to reload certificates and keys, e.g., on
renewal.
 2016-01-26 12:51:05 +01:00
Nikos Mavrogiannopoulos
e1fc1f3c45 TLS session resumption database was moved to sec-mod 
This reduces the number of sensitive data available to main process.
Resolves #21
 2015-12-07 19:52:30 +01:00
Nikos Mavrogiannopoulos
d378ce0709 doc update 2015-12-07 19:12:31 +01:00
Nikos Mavrogiannopoulos
9252e22298 Added reference counting to configuration values. 
That is, to allow referencing to these values from proc_st
without fearing of them being invalidated on a config reload. We
perform a cleanup of these values on the server periodic check.
 2015-12-05 11:08:51 +01:00
Nikos Mavrogiannopoulos
2473633b8d Added cookie key rotation 2015-11-17 08:33:38 +01:00
Nikos Mavrogiannopoulos
8b186fb53a Allow specifying a PIN and SRK PIN in the config file 
That pin will be used to decrypt encrypted key files as well.
 2015-06-25 14:12:57 +02:00
Nikos Mavrogiannopoulos
9d621d2b5d certificates and keys were moved to permanent configuration 2015-06-25 13:38:59 +02:00
Nikos Mavrogiannopoulos
c371a91736 corrected memset usage 2015-05-21 11:04:30 +02:00
Nikos Mavrogiannopoulos
2ed95206e2 simplified request handling in sec-mod 2015-05-14 10:22:37 +02:00
Nikos Mavrogiannopoulos
33bcfb178e main: use two sockets to communicate with sec-mod 
That allows to have a reliable synchronous socket, and
a socket where messages are sent and received asynchronously.
 2015-05-13 14:04:22 +02:00
Nikos Mavrogiannopoulos
accf63a9e3 Added more debugging messages 2015-05-13 13:49:16 +02:00
Nikos Mavrogiannopoulos
66203e1a6d set cloexec on sec-mod's socket file 2015-05-13 11:50:38 +02:00
Nikos Mavrogiannopoulos
cc04bad753 set close-on-exec flag in sec-mod fds 2015-05-11 14:26:25 +02:00
Nikos Mavrogiannopoulos
519ce111a5 increased MAX_MSG_SIZE 2015-05-11 14:26:05 +02:00
Nikos Mavrogiannopoulos
d1d83d909c sec-mod: eliminated redundant parameters 2015-05-11 14:25:51 +02:00
Nikos Mavrogiannopoulos
10dcf1a82d added sanity checks in commands exchanged from main with sec-mod 2015-05-11 14:25:39 +02:00
Nikos Mavrogiannopoulos
41bcc9d0c0 radius: put the process ID into NAS-Port 2015-05-11 14:15:25 +02:00
Nikos Mavrogiannopoulos
99dd4a6e03 reject bad commands from main 2015-04-07 17:13:29 +02:00
Nikos Mavrogiannopoulos
0967f05f8d sec-mod: do not impose timeouts on reads from main 2015-03-31 10:13:13 +02:00
Nikos Mavrogiannopoulos
7ea22d3aac receive SM_CMD_AUTH_BAN_IP_REPLY asynchronously to prevent race conditions 2015-03-23 11:13:26 +01:00
Nikos Mavrogiannopoulos
872f39f777 sec-mod: handle unknown messages as bad commands 2015-03-15 11:20:42 +01:00
Nikos Mavrogiannopoulos
6c1f88a090 sec-mod: only exit on ERR_BAD_COMMAND errors from main msg handler 2015-03-14 18:46:17 +01:00
Nikos Mavrogiannopoulos
cc16a65819 separated permanent configuration options from the reloaded ones 2015-03-02 13:18:52 +01:00
Nikos Mavrogiannopoulos
f4d14f7000 sec-mod: will exit if it fails to process commands from main 2015-03-02 09:00:18 +01:00
Nikos Mavrogiannopoulos
2c23c86d48 removed unused parameter of select() 2015-02-26 20:36:49 +01:00
Nikos Mavrogiannopoulos
bbee3767dc sec-mod: don't use a timeout value in select() 
There is no need for that.
 2015-02-26 13:41:39 +01:00
Nikos Mavrogiannopoulos
a617485232 enforce of IP banning was moved to main 2015-02-25 13:16:56 +01:00
Nikos Mavrogiannopoulos
3222cedb99 simplify the communication between main and sec-mod 2015-02-25 10:33:25 +01:00
Nikos Mavrogiannopoulos
06e0c69f1d sec-mod: maintainance time was increased to be over the default cookie expiration time 2015-02-21 16:34:55 +01:00
Nikos Mavrogiannopoulos
8bb0af61bc Added GSSAPI as an additional password auth mechanism 
That also adds the ability to support an OR composition of multiple
authentication methods. That is using the 'enable-auth' config option.
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
c954e45e53 silence debugging messages from sec-mod when not in debug 2015-01-18 17:34:59 +01:00
Nikos Mavrogiannopoulos
07e01d06b5 use strlcpy() instead of snprintf() where it make sense 
That should reduce wasted cycles.
 2014-12-14 19:24:14 +01:00
Nikos Mavrogiannopoulos
065753bd57 undid ed5b177691 
It is not currently possible to reload only a part of the
configuration. If the back-end module changes, the server will
bail out instead.
 2014-12-10 15:28:14 +01:00
Nikos Mavrogiannopoulos
0551338a7a sec-mod: preparations for thread safety 2014-12-10 14:10:17 +01:00
Nikos Mavrogiannopoulos
54e6450807 sec-mod: separated request serving from main loop 2014-12-10 13:30:56 +01:00
Nikos Mavrogiannopoulos
320773e80a Added support for radius interim updates 2014-12-10 11:18:29 +01:00
Nikos Mavrogiannopoulos
35e93c6341 added option to send statistics periodically to sec-mod 2014-12-10 11:18:23 +01:00
Nikos Mavrogiannopoulos
2194e11b39 Added support for radius authentication 2014-12-09 10:59:18 +01:00
Nikos Mavrogiannopoulos
baa3e4701e Supplementary configuration is now read by the security module. 
That allows sec-mod to handle both authentication and accounting.
That deprecates the session-control configuration option.
 2014-12-08 13:52:28 +01:00
Nikos Mavrogiannopoulos
7b0e20e6ad sec-mod: made logging consistent with the main server 2014-12-01 22:49:09 +01:00
Nikos Mavrogiannopoulos
1cb35b8b09 use more reasonable names to open and close a session 2014-09-25 16:41:54 +02:00
Nikos Mavrogiannopoulos
30bcf35576 Revert "license upgraded to GPLv3" 
This reverts commit 213f9a63ee.

Conflicts:
	configure.ac
 2014-09-24 11:34:15 +02:00
Nikos Mavrogiannopoulos
c49128f1bb doc update 2014-06-10 15:50:55 +02:00
Nikos Mavrogiannopoulos
cfa74a4e29 Reload the configuration of the security module as well, on main process reload. 2014-06-10 15:47:58 +02:00
Nikos Mavrogiannopoulos
28dca2aa0c Added support for session control (relevant for PAM for now) 
That in effect will utilize the pam_open_session() and pam_close_session().
It is disabled by default as it requires more resources from the security module.
 2014-06-10 15:16:40 +02:00
Nikos Mavrogiannopoulos
0c21e47f85 Always use the native endianness. 2014-05-31 22:09:09 +02:00
Nikos Mavrogiannopoulos
213f9a63ee license upgraded to GPLv3 2014-05-23 11:50:56 +02:00
Nikos Mavrogiannopoulos
d99c527758 memory reorganization in sec-mod. 
It no longer relies on main pool, it uses it's own pool.
In addition the DEBUG_LEAKS definition was added to allow debugging
leaks.
 2014-05-15 16:44:43 +02:00