2026-02-10 00:37:00 +08:00 · 2014-06-10 10:40:59 +02:00
parent 089463840e
commit 01db3e5817
6 changed files with 18 additions and 1 deletions
							
							
								
							
							
						
@@ -161,7 +161,7 @@ message sec_op_msg
	required bytes data = 2;
}
/* Not a real message, but a cookie */
/* Not a real message, but the cookie */
message cookie
{
	required string username = 1;
							
							
							
								
							
						
@@ -171,4 +171,5 @@ message cookie
	required bytes session_id = 5;
	required uint32 expiration = 6;
	required uint32 ipv4_seed = 7;
	required bytes sid = 8;
}
							
							
							
						
 
							
							
								
							
							
						
@@ -186,8 +186,12 @@ struct cookie_entry_st *old;
	if (cmsg->session_id.len != sizeof(proc->dtls_session_id))
		return -1;
	if (cmsg->sid.len != sizeof(proc->sid))
		return -1;
	memcpy(proc->dtls_session_id, cmsg->session_id.data, cmsg->session_id.len);
	proc->dtls_session_id_size = cmsg->session_id.len;
	memcpy(proc->sid, cmsg->sid.data, cmsg->sid.len);
	/* cookie is good so far, now read config (in order to know
	 * whether roaming is allowed or not */
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -109,6 +109,9 @@ typedef struct proc_st {
	struct sockaddr_storage remote_addr; /* peer address */
	socklen_t remote_addr_len;
	/* The SID present in the cookie. Used for session control only */
	uint8_t sid[SID_SIZE];
	/* The DTLS session ID associated with the TLS session 
	 * it is either generated or restored from a cookie.
	 */
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -88,6 +88,11 @@ An example configuration file follows.
# to generate password entries.
#auth = "plain[/etc/ocserv/ocpasswd]"
# Whether to enable the authentication method's session control (i.e., PAM).
# That requires more resources on the server so don't enable unless you need
# it.
#session-control = true
# A banner to be displayed on clients
#banner = "Welcome"
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -93,6 +93,9 @@ static int generate_cookie(sec_mod_st * sec, client_entry_st * entry)
			return -1;
	}
	msg.sid.data = entry->sid;
	msg.sid.len = sizeof(entry->sid);
	/* this is the time when this cookie must be activated (used to authenticate).
	 * if not activated by that time it expires */
	msg.expiration = time(0) + sec->config->cookie_timeout;
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -187,6 +187,7 @@ struct cfg_st {
	char *cert_user_oid;	/* The OID that will be used to extract the username */
	char *cert_group_oid;	/* The OID that will be used to extract the groupname */
	unsigned int auth_types;	/* or'ed sequence of AUTH_TYPE */
	unsigned session_control; /* whether to use the session control part of authentication (PAM) */
	char *auth_additional;	/* the additional string specified in the auth methode */
	gnutls_certificate_request_t cert_req;
	char *priorities;