From 0c093ad8f3a4b58b1d89394172753468dcddf84a Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 18 Jun 2016 11:08:44 +0200
Subject: [PATCH] ocserv: allow overriding hostname on the per-user
 configuration

This allows for the administrator to set specific hostnames, or even
empty hostname for specific users.
---
 doc/sample.config     | 6 +++---
 src/ipc.proto         | 1 +
 src/main-worker-cmd.c | 1 +
 src/ocserv-args.def   | 7 ++++---
 src/sup-config/file.c | 3 +++
 src/worker-vpn.c      | 3 +++
 6 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/doc/sample.config b/doc/sample.config
index 7812d186..2a72bc02 100644
--- a/doc/sample.config
+++ b/doc/sample.config
@@ -524,9 +524,9 @@ no-route = 192.168.5.0/255.255.255.0
 # based on a user or group. The syntax depends on the input accepted
 # by the commands route-add-cmd and route-del-cmd (see below). The no-udp
 # is a boolean option (e.g., no-udp = true), and will prevent a UDP session
-# for that specific user or group. Note also, that, any DNS or NBNS servers
-# present will overwrite the global ones, while any routes or no-routes set
-# will be appended to the default set.
+# for that specific user or group. The hostname option will set a
+# hostname to override any proposed by the user. Note also, that, any 
+# routes, no-routes, DNS or NBNS servers present will overwrite the global ones.
 
 #config-per-user = /etc/ocserv/config-per-user/
 #config-per-group = /etc/ocserv/config-per-group/
diff --git a/src/ipc.proto b/src/ipc.proto
index 0080d06d..77e26dcf 100644
--- a/src/ipc.proto
+++ b/src/ipc.proto
@@ -59,6 +59,7 @@ message group_cfg_st
 	optional uint32 idle_timeout = 37;
 	optional uint32 mobile_idle_timeout = 38;
 	repeated fw_port_st fw_ports = 39;
+	optional string hostname = 40;
 }
 
 /* AUTH_COOKIE_REP */
diff --git a/src/main-worker-cmd.c b/src/main-worker-cmd.c
index aac1ef65..5d286933 100644
--- a/src/main-worker-cmd.c
+++ b/src/main-worker-cmd.c
@@ -366,6 +366,7 @@ int handle_worker_commands(main_server_st * s, struct proc_st *proc)
 			if (tmsg->hostname) {
 				strlcpy(proc->hostname, tmsg->hostname,
 					 sizeof(proc->hostname));
+				mslog(s, proc, LOG_DEBUG, "setting worker hostname to '%s'", proc->hostname);
 				user_hostname_update(s, proc);
 			}
 
diff --git a/src/ocserv-args.def b/src/ocserv-args.def
index 7ba4b411..fa9117c8 100644
--- a/src/ocserv-args.def
+++ b/src/ocserv-args.def
@@ -636,14 +636,15 @@ no-route = 192.168.5.0/255.255.255.0
 #  keepalive, dpd, mobile-dpd, max-same-clients, tunnel-all-dns,
 #  restrict-user-to-routes, user-profile, cgroup, stats-report-time,
 #  mtu, idle-timeout, mobile-idle-timeout, restrict-user-to-ports,
-#  and session-timeout.
+#  hostname, and session-timeout.
 #
 # Note that the 'iroute' option allows to add routes on the server
 # based on a user or group. The syntax depends on the input accepted
 # by the commands route-add-cmd and route-del-cmd (see below). The no-udp
 # is a boolean option (e.g., no-udp = true), and will prevent a UDP session
-# for that specific user or group. Note also, that, any routes, no-routes, 
-# DNS or NBNS servers present will overwrite the global ones.
+# for that specific user or group. The hostname option will set a
+# hostname to override any proposed by the user. Note also, that, any 
+# routes, no-routes, DNS or NBNS servers present will overwrite the global ones.
 #
 # Also explicit addresses, are only allowed when they are odd. In that
 # case the next even address will be used as the remote address (in PtP).
diff --git a/src/sup-config/file.c b/src/sup-config/file.c
index 9506e4aa..9e1644e1 100644
--- a/src/sup-config/file.c
+++ b/src/sup-config/file.c
@@ -65,6 +65,7 @@ static struct cfg_options available_options[] = {
 	{ .name = "ipv6-subnet-prefix", .type = OPTION_NUMERIC },
 	{ .name = "explicit-ipv4", .type = OPTION_STRING },
 	{ .name = "explicit-ipv6", .type = OPTION_STRING },
+	{ .name = "hostname", .type = OPTION_STRING },
 	{ .name = "restrict-user-to-ports", .type = OPTION_STRING },
 	{ .name = "rx-data-per-sec", .type = OPTION_NUMERIC },
 	{ .name = "tx-data-per-sec", .type = OPTION_NUMERIC },
@@ -260,6 +261,8 @@ unsigned j;
 		}
 	}
 
+	READ_RAW_STRING("hostname", msg->config->hostname);
+
 	READ_RAW_NUMERIC("rx-data-per-sec", msg->config->rx_per_sec, msg->config->has_rx_per_sec);
 	READ_RAW_NUMERIC("tx-data-per-sec", msg->config->tx_per_sec, msg->config->has_tx_per_sec);
 	msg->config->rx_per_sec /= 1000; /* in kb */
diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index 72687475..aed44803 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -1404,6 +1404,9 @@ static int connect_handler(worker_st * ws)
 		return -1;
 	}
 
+	if (ws->user_config->hostname)
+		strlcpy(ws->req.hostname, ws->user_config->hostname, sizeof(ws->req.hostname));
+
 	FUZZ(ws->user_config->interim_update_secs, 5, rnd);
 	FUZZ(ws->config->rekey_time, 30, rnd);