On Sat, 2014-08-16 at 14:30 +0200, Kalle Carlbark wrote: > Hi all, > > I would like to begin to thank you guys for making openconnect happen! > > I've been successfully compiling and running ocserv on FreeBSD > 10.0-RELEASE amd64 with one slight problem. Clients cannot connect > because sec-mod thinks the connecting worker peer is uid 0, hence: > > ocserv-0.8.2 run with the following flags: > > $ ocserv -d 9999 -f -c /usr/local/etc/ocserv/ocserv.conf > > From the log: > ocserv[93036]: worker: x.x.x.x:30875 sending message 'auth cookie > request' to main > ocserv[93025]: main: x.x.x.x:30875 main received message 'auth cookie > request' of 114 bytes > ocserv[93025]: main: x.x.x.x:30875 new cookie for 'kc' (93036) > ocserv[93025]: main: x.x.x.x:30875 sending msg sm: session open to sec-mod > ocserv[93026]: sec-mod: received request from a processes with uid 0 > ocserv[93026]: sec-mod: received unauthorized request from a process > with uid 0 > ocserv[93026]: sec-mod: rejected unauthorized connection Thanks for reporting that. It seems that the uid check wasn't updated in the bsd part of the code. I've committed a fix in master. regards, Nikos
