mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 00:37:00 +08:00
Added support for multiple DNS and NBNS servers.
This patch also combines ipv4-dns and ipv6-dns options that are now handled as aliases to dns. A side-effect of this patch is that the local keyword is no longer supported.
This commit is contained in:
Nikos Mavrogiannopoulos
2
NEWS
2
NEWS
@@ -7,6 +7,8 @@
|
||||
for BSD-derivatives is untested).
|
||||
- Default configuration file changed to /etc/ocserv/ocserv.conf and
|
||||
default password file for ocpasswd to /etc/ocserv/ocpasswd.
|
||||
- Added support for multiple DNS and NBNS servers in ocserv.conf.
|
||||
The 'local' keyword is no longer supported.
|
||||
- occtl: fixed gathering of interface statistics.
|
||||
|
||||
|
||||
|
||||
@@ -137,7 +137,7 @@ socket-file = /var/run/ocserv-socket
|
||||
# The user the worker processes will be run as. It should be
|
||||
# unique (no other services run as this user).
|
||||
run-as-user = nobody
|
||||
run-as-group = nobody
|
||||
run-as-group = daemon
|
||||
|
||||
# Set the protocol-defined priority (SO_PRIORITY) for packets to
|
||||
# be sent. That is a number from 0 to 6 with 0 being the lowest
|
||||
@@ -159,9 +159,10 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# ipv4-dns = 192.168.2.1
|
||||
ipv4-dns = local
|
||||
|
||||
# dns = 192.168.2.1
|
||||
dns = 192.168.1.1
|
||||
dns = fe80::1
|
||||
|
||||
# The NBNS server (if any)
|
||||
#ipv4-nbns = 192.168.2.3
|
||||
|
||||
99
src/config.c
99
src/config.c
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2013 Nikos Mavrogiannopoulos
|
||||
* Copyright (C) 2013, 2014 Nikos Mavrogiannopoulos
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@@ -101,13 +101,16 @@ static struct cfg_options available_options[] = {
|
||||
|
||||
{ .name = "ipv4-network", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "ipv4-netmask", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "ipv4-dns", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "ipv4-nbns", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "dns", .type = OPTION_MULTI_LINE, .mandatory = 0 },
|
||||
{ .name = "ipv4-dns", .type = OPTION_MULTI_LINE, .mandatory = 0 }, /* alias dns */
|
||||
{ .name = "ipv6-dns", .type = OPTION_MULTI_LINE, .mandatory = 0 }, /* alias dns */
|
||||
{ .name = "nbns", .type = OPTION_MULTI_LINE, .mandatory = 0 },
|
||||
{ .name = "ipv4-nbns", .type = OPTION_MULTI_LINE, .mandatory = 0 }, /* alias nbns */
|
||||
{ .name = "ipv6-nbns", .type = OPTION_MULTI_LINE, .mandatory = 0 }, /* alias nbns */
|
||||
|
||||
{ .name = "ipv6-network", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "ipv6-netmask", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "ipv6-prefix", .type = OPTION_NUMERIC, .mandatory = 0 },
|
||||
{ .name = "ipv6-dns", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "ipv6-nbns", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "route-add-cmd", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "route-del-cmd", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "config-per-user", .type = OPTION_STRING, .mandatory = 0 },
|
||||
@@ -125,7 +128,7 @@ unsigned j;
|
||||
return available_options[j].val;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -135,16 +138,16 @@ unsigned j;
|
||||
if (s_name == NULL) { \
|
||||
num = 0; \
|
||||
s_name = malloc(sizeof(char*)*MAX_CONFIG_ENTRIES); \
|
||||
do { \
|
||||
if (val && !strcmp(val->pzName, name)==0) \
|
||||
continue; \
|
||||
s_name[num] = strdup(val->v.strVal); \
|
||||
num++; \
|
||||
if (num>=MAX_CONFIG_ENTRIES) \
|
||||
break; \
|
||||
} while((val = optionNextValue(pov, val)) != NULL); \
|
||||
s_name[num] = NULL; \
|
||||
} \
|
||||
do { \
|
||||
if (val && !strcmp(val->pzName, name)==0) \
|
||||
continue; \
|
||||
s_name[num] = strdup(val->v.strVal); \
|
||||
num++; \
|
||||
if (num>=MAX_CONFIG_ENTRIES) \
|
||||
break; \
|
||||
} while((val = optionNextValue(pov, val)) != NULL); \
|
||||
s_name[num] = NULL; \
|
||||
} else if (mand != 0) { \
|
||||
fprintf(stderr, "Configuration option %s is mandatory.\n", name); \
|
||||
exit(1); \
|
||||
@@ -222,7 +225,7 @@ unsigned j;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -307,7 +310,7 @@ unsigned force_cert_auth;
|
||||
free(auth[j]);
|
||||
}
|
||||
free(auth);
|
||||
|
||||
|
||||
/* When adding allocated data, remember to modify
|
||||
* reload_cfg_file();
|
||||
*/
|
||||
@@ -337,7 +340,7 @@ unsigned force_cert_auth;
|
||||
|
||||
READ_STRING("connect-script", config->connect_script);
|
||||
READ_STRING("disconnect-script", config->disconnect_script);
|
||||
|
||||
|
||||
if (pid_file == NULL)
|
||||
READ_STRING("pid-file", pid_file);
|
||||
|
||||
@@ -401,7 +404,6 @@ unsigned force_cert_auth;
|
||||
|
||||
READ_STRING("ipv4-network", config->network.ipv4);
|
||||
READ_STRING("ipv4-netmask", config->network.ipv4_netmask);
|
||||
READ_STRING("ipv4-dns", config->network.ipv4_dns);
|
||||
|
||||
READ_STRING("ipv6-network", config->network.ipv6);
|
||||
READ_STRING("ipv6-netmask", config->network.ipv6_netmask);
|
||||
@@ -409,19 +411,34 @@ unsigned force_cert_auth;
|
||||
READ_NUMERIC("ipv6-prefix", prefix);
|
||||
if (prefix > 0)
|
||||
config->network.ipv6_netmask = ipv6_prefix_to_mask(prefix);
|
||||
|
||||
READ_STRING("ipv6-dns", config->network.ipv6_dns);
|
||||
|
||||
READ_STRING("ipv4-nbns", config->network.ipv4_nbns);
|
||||
READ_STRING("ipv6-nbns", config->network.ipv6_nbns);
|
||||
|
||||
READ_MULTI_LINE("route", config->network.routes, config->network.routes_size);
|
||||
READ_MULTI_LINE("dns", config->network.dns, config->network.dns_size);
|
||||
if (config->network.dns_size == 0) {
|
||||
/* try the aliases */
|
||||
READ_MULTI_LINE("ipv6-dns", config->network.dns, config->network.dns_size);
|
||||
READ_MULTI_LINE("ipv4-dns", config->network.dns, config->network.dns_size);
|
||||
}
|
||||
|
||||
for (j=0;j<config->network.dns_size;j++) {
|
||||
if (strcmp(config->network.dns[j], "local") == 0) {
|
||||
fprintf(stderr, "The 'local' DNS keyword is no longer supported.\n");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
READ_MULTI_LINE("nbns", config->network.nbns, config->network.nbns_size);
|
||||
if (config->network.nbns_size == 0) {
|
||||
/* try the aliases */
|
||||
READ_MULTI_LINE("ipv6-nbns", config->network.nbns, config->network.nbns_size);
|
||||
READ_MULTI_LINE("ipv4-nbns", config->network.nbns, config->network.nbns_size);
|
||||
}
|
||||
|
||||
READ_STRING("route-add-cmd", config->route_add_cmd);
|
||||
READ_STRING("route-del-cmd", config->route_del_cmd);
|
||||
READ_STRING("config-per-user", config->per_user_dir);
|
||||
READ_STRING("config-per-group", config->per_group_dir);
|
||||
|
||||
|
||||
optionUnloadNested(pov);
|
||||
}
|
||||
|
||||
@@ -443,7 +460,7 @@ static void check_cfg( struct cfg_st *config)
|
||||
fprintf(stderr, "No mask found for IPv6 network.\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
||||
if (config->banner && strlen(config->banner) > MAX_BANNER_SIZE) {
|
||||
fprintf(stderr, "Banner size is too long\n");
|
||||
exit(1);
|
||||
@@ -460,7 +477,7 @@ static void check_cfg( struct cfg_st *config)
|
||||
else
|
||||
config->cert_req = GNUTLS_CERT_REQUEST;
|
||||
}
|
||||
|
||||
|
||||
if (config->plain_passwd != NULL) {
|
||||
if (access(config->plain_passwd, R_OK) != 0) {
|
||||
fprintf(stderr, "cannot access password file '%s'\n", config->plain_passwd);
|
||||
@@ -477,10 +494,10 @@ static void check_cfg( struct cfg_st *config)
|
||||
config->xml_config_hash = calc_sha1_hash(config->xml_config_file, 0);
|
||||
if (config->xml_config_hash == NULL && config->chroot_dir != NULL) {
|
||||
char path[_POSIX_PATH_MAX];
|
||||
|
||||
|
||||
snprintf(path, sizeof(path), "%s/%s", config->chroot_dir, config->xml_config_file);
|
||||
config->xml_config_hash = calc_sha1_hash(path, 0);
|
||||
|
||||
|
||||
if (config->xml_config_hash == NULL) {
|
||||
fprintf(stderr, "Cannot open file '%s'\n", path);
|
||||
exit(1);
|
||||
@@ -492,7 +509,7 @@ static void check_cfg( struct cfg_st *config)
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
if (config->keepalive == 0)
|
||||
config->keepalive = 3600;
|
||||
|
||||
@@ -524,18 +541,18 @@ int cmd_parser (int argc, char **argv, struct cfg_st* config)
|
||||
|
||||
if (HAVE_OPT(DEBUG))
|
||||
config->debug = 1;
|
||||
|
||||
|
||||
if (HAVE_OPT(CONFIG)) {
|
||||
cfg_file = OPT_ARG(CONFIG);
|
||||
} else if (access(cfg_file, R_OK) != 0) {
|
||||
fprintf(stderr, "%s -c [config]\nUse %s --help for more information.\n", argv[0], argv[0]);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
||||
parse_cfg_file(cfg_file, config);
|
||||
|
||||
|
||||
check_cfg(config);
|
||||
|
||||
|
||||
return 0;
|
||||
|
||||
}
|
||||
@@ -575,19 +592,23 @@ unsigned i;
|
||||
|
||||
DEL(config->network.ipv4);
|
||||
DEL(config->network.ipv4_netmask);
|
||||
DEL(config->network.ipv4_dns);
|
||||
DEL(config->network.ipv6);
|
||||
DEL(config->network.ipv6_netmask);
|
||||
DEL(config->network.ipv6_dns);
|
||||
for (i=0;i<config->network.routes_size;i++)
|
||||
DEL(config->network.routes[i]);
|
||||
DEL(config->network.routes);
|
||||
for (i=0;i<config->network.dns_size;i++)
|
||||
DEL(config->network.dns[i]);
|
||||
DEL(config->network.dns);
|
||||
for (i=0;i<config->network.nbns_size;i++)
|
||||
DEL(config->network.nbns[i]);
|
||||
DEL(config->network.nbns);
|
||||
for (i=0;i<config->key_size;i++)
|
||||
DEL(config->key[i]);
|
||||
DEL(config->key);
|
||||
for (i=0;i<config->cert_size;i++)
|
||||
DEL(config->cert[i]);
|
||||
DEL(config->cert);
|
||||
DEL(config->network.routes);
|
||||
|
||||
return;
|
||||
}
|
||||
@@ -601,7 +622,7 @@ void reload_cfg_file(struct cfg_st* config)
|
||||
parse_cfg_file(cfg_file, config);
|
||||
|
||||
check_cfg(config);
|
||||
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -617,7 +638,7 @@ FILE* fp;
|
||||
fprintf(stderr, "Cannot open pid file '%s'\n", pid_file);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
||||
fprintf(fp, "%u", (unsigned)getpid());
|
||||
fclose(fp);
|
||||
}
|
||||
|
||||
@@ -42,10 +42,12 @@ struct cfg_options {
|
||||
static struct cfg_options available_options[] = {
|
||||
{ .name = "route", .type = OPTION_MULTI_LINE },
|
||||
{ .name = "iroute", .type = OPTION_MULTI_LINE },
|
||||
{ .name = "ipv4-dns", .type = OPTION_STRING },
|
||||
{ .name = "ipv6-dns", .type = OPTION_STRING },
|
||||
{ .name = "ipv4-nbns", .type = OPTION_STRING },
|
||||
{ .name = "ipv6-nbns", .type = OPTION_STRING },
|
||||
{ .name = "dns", .type = OPTION_MULTI_LINE },
|
||||
{ .name = "ipv4-dns", .type = OPTION_MULTI_LINE }, /* alias of dns */
|
||||
{ .name = "ipv6-dns", .type = OPTION_MULTI_LINE }, /* alias of dns */
|
||||
{ .name = "nbns", .type = OPTION_MULTI_LINE },
|
||||
{ .name = "ipv4-nbns", .type = OPTION_MULTI_LINE }, /* alias of nbns */
|
||||
{ .name = "ipv6-nbns", .type = OPTION_MULTI_LINE }, /* alias of nbns */
|
||||
{ .name = "ipv4-network", .type = OPTION_STRING },
|
||||
{ .name = "ipv6-network", .type = OPTION_STRING },
|
||||
{ .name = "ipv4-netmask", .type = OPTION_STRING },
|
||||
@@ -63,16 +65,16 @@ static struct cfg_options available_options[] = {
|
||||
if (s_name == NULL) { \
|
||||
num = 0; \
|
||||
s_name = malloc(sizeof(char*)*MAX_CONFIG_ENTRIES); \
|
||||
do { \
|
||||
if (val && !strcmp(val->pzName, name)==0) \
|
||||
continue; \
|
||||
s_name[num] = strdup(val->v.strVal); \
|
||||
num++; \
|
||||
if (num>=MAX_CONFIG_ENTRIES) \
|
||||
break; \
|
||||
} while((val = optionNextValue(pov, val)) != NULL); \
|
||||
s_name[num] = NULL; \
|
||||
} \
|
||||
do { \
|
||||
if (val && !strcmp(val->pzName, name)==0) \
|
||||
continue; \
|
||||
s_name[num] = strdup(val->v.strVal); \
|
||||
num++; \
|
||||
if (num>=MAX_CONFIG_ENTRIES) \
|
||||
break; \
|
||||
} while((val = optionNextValue(pov, val)) != NULL); \
|
||||
s_name[num] = NULL; \
|
||||
}
|
||||
|
||||
#define READ_RAW_STRING(name, s_name) \
|
||||
@@ -148,11 +150,21 @@ unsigned prefix = 0;
|
||||
READ_RAW_MULTI_LINE("route", config->routes, config->routes_size);
|
||||
READ_RAW_MULTI_LINE("iroute", config->iroutes, config->iroutes_size);
|
||||
|
||||
READ_RAW_MULTI_LINE("dns", config->dns, config->dns_size);
|
||||
if (config->dns_size == 0) {
|
||||
/* try aliases */
|
||||
READ_RAW_MULTI_LINE("ipv6-dns", config->dns, config->dns_size);
|
||||
READ_RAW_MULTI_LINE("ipv4-dns", config->dns, config->dns_size);
|
||||
}
|
||||
|
||||
READ_RAW_MULTI_LINE("nbns", config->nbns, config->nbns_size);
|
||||
if (config->nbns_size == 0) {
|
||||
/* try aliases */
|
||||
READ_RAW_MULTI_LINE("ipv6-nbns", config->nbns, config->nbns_size);
|
||||
READ_RAW_MULTI_LINE("ipv4-nbns", config->nbns, config->nbns_size);
|
||||
}
|
||||
|
||||
READ_RAW_STRING("cgroup", config->cgroup);
|
||||
READ_RAW_STRING("ipv4-dns", config->ipv4_dns);
|
||||
READ_RAW_STRING("ipv6-dns", config->ipv6_dns);
|
||||
READ_RAW_STRING("ipv4-nbns", config->ipv4_nbns);
|
||||
READ_RAW_STRING("ipv6-nbns", config->ipv6_nbns);
|
||||
READ_RAW_STRING("ipv4-network", config->ipv4_network);
|
||||
READ_RAW_STRING("ipv6-network", config->ipv6_network);
|
||||
READ_RAW_STRING("ipv4-netmask", config->ipv4_netmask);
|
||||
@@ -189,11 +201,17 @@ unsigned i;
|
||||
}
|
||||
free(config->iroutes);
|
||||
|
||||
for(i=0;i<config->dns_size;i++) {
|
||||
free(config->dns[i]);
|
||||
}
|
||||
free(config->dns);
|
||||
|
||||
for(i=0;i<config->nbns_size;i++) {
|
||||
free(config->nbns[i]);
|
||||
}
|
||||
free(config->nbns);
|
||||
|
||||
free(config->cgroup);
|
||||
free(config->ipv4_dns);
|
||||
free(config->ipv6_dns);
|
||||
free(config->ipv4_nbns);
|
||||
free(config->ipv6_nbns);
|
||||
free(config->ipv4_network);
|
||||
free(config->ipv6_network);
|
||||
free(config->ipv4_netmask);
|
||||
|
||||
@@ -89,16 +89,14 @@ message auth_reply_msg
|
||||
optional string ipv6_local = 10;
|
||||
|
||||
/* additional config */
|
||||
optional string ipv4_dns = 11;
|
||||
optional string ipv6_dns = 12;
|
||||
optional string ipv4_nbns = 13;
|
||||
optional string ipv6_nbns = 14;
|
||||
optional string ipv4_netmask = 15;
|
||||
optional string ipv6_netmask = 16;
|
||||
optional uint32 rx_per_sec = 17;
|
||||
optional uint32 tx_per_sec = 18;
|
||||
optional uint32 net_priority = 19;
|
||||
repeated string routes = 20;
|
||||
repeated string dns = 21;
|
||||
repeated string nbns = 22;
|
||||
}
|
||||
|
||||
/* RESUME_FETCH_REQ + RESUME_DELETE_REQ */
|
||||
|
||||
@@ -107,10 +107,6 @@ int send_auth_reply(main_server_st* s, struct proc_st* proc,
|
||||
ipv6_local, sizeof(ipv6_local), 0);
|
||||
}
|
||||
|
||||
msg.ipv4_dns = proc->config.ipv4_dns;
|
||||
msg.ipv6_dns = proc->config.ipv6_dns;
|
||||
msg.ipv4_nbns = proc->config.ipv4_nbns;
|
||||
msg.ipv6_nbns = proc->config.ipv6_nbns;
|
||||
msg.ipv4_netmask = proc->config.ipv4_netmask;
|
||||
msg.ipv6_netmask = proc->config.ipv6_netmask;
|
||||
if (proc->config.rx_per_sec != 0) {
|
||||
@@ -128,6 +124,18 @@ int send_auth_reply(main_server_st* s, struct proc_st* proc,
|
||||
msg.net_priority = proc->config.net_priority;
|
||||
}
|
||||
|
||||
msg.n_dns = proc->config.dns_size;
|
||||
for (i=0;i<proc->config.dns_size;i++) {
|
||||
mslog(s, proc, LOG_DEBUG, "sending dns '%s'", proc->config.dns[i]);
|
||||
msg.dns = proc->config.dns;
|
||||
}
|
||||
|
||||
msg.n_nbns = proc->config.nbns_size;
|
||||
for (i=0;i<proc->config.nbns_size;i++) {
|
||||
mslog(s, proc, LOG_DEBUG, "sending nbns '%s'", proc->config.nbns[i]);
|
||||
msg.nbns = proc->config.nbns;
|
||||
}
|
||||
|
||||
msg.n_routes = proc->config.routes_size;
|
||||
for (i=0;i<proc->config.routes_size;i++) {
|
||||
mslog(s, proc, LOG_DEBUG, "sending route '%s'", proc->config.routes[i]);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2013 Nikos Mavrogiannopoulos
|
||||
* Copyright (C) 2013, 2014 Nikos Mavrogiannopoulos
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@@ -180,24 +180,20 @@ static int read_additional_config_file(main_server_st * s, struct proc_st *proc,
|
||||
cfg.iroutes_size = 0;
|
||||
}
|
||||
|
||||
if (proc->config.ipv4_dns == NULL) {
|
||||
proc->config.ipv4_dns = cfg.ipv4_dns;
|
||||
cfg.ipv4_dns = NULL;
|
||||
if (proc->config.dns == NULL) {
|
||||
proc->config.dns = cfg.dns;
|
||||
proc->config.dns_size = cfg.dns_size;
|
||||
|
||||
cfg.dns = NULL;
|
||||
cfg.dns_size = 0;
|
||||
}
|
||||
|
||||
if (proc->config.ipv6_dns == NULL) {
|
||||
proc->config.ipv6_dns = cfg.ipv6_dns;
|
||||
cfg.ipv6_dns = NULL;
|
||||
}
|
||||
if (proc->config.nbns == NULL) {
|
||||
proc->config.nbns = cfg.nbns;
|
||||
proc->config.nbns_size = cfg.nbns_size;
|
||||
|
||||
if (proc->config.ipv4_nbns == NULL) {
|
||||
proc->config.ipv4_nbns = cfg.ipv4_nbns;
|
||||
cfg.ipv4_nbns = NULL;
|
||||
}
|
||||
|
||||
if (proc->config.ipv6_nbns == NULL) {
|
||||
proc->config.ipv6_nbns = cfg.ipv6_nbns;
|
||||
cfg.ipv6_nbns = NULL;
|
||||
cfg.nbns = NULL;
|
||||
cfg.nbns_size = 0;
|
||||
}
|
||||
|
||||
if (proc->config.ipv4_network == NULL) {
|
||||
|
||||
@@ -255,16 +255,11 @@ ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
|
||||
# The DNS advertized server
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# ipv4-dns = local
|
||||
ipv4-dns = 192.168.1.2
|
||||
# dns = fc00::4be0
|
||||
dns = 192.168.1.2
|
||||
|
||||
# The NBNS server (if any)
|
||||
#ipv4-nbns = 192.168.1.3
|
||||
|
||||
# The same, but for IPv6.
|
||||
#ipv6-dns =
|
||||
#ipv6-nbns =
|
||||
#nbns = 192.168.1.3
|
||||
|
||||
# The IPv6 subnet that leases will be given from.
|
||||
#ipv6-network = fc00::
|
||||
|
||||
21
src/vpn.h
21
src/vpn.h
@@ -117,10 +117,12 @@ struct group_cfg_st {
|
||||
char **iroutes;
|
||||
unsigned int iroutes_size;
|
||||
|
||||
char *ipv4_dns;
|
||||
char *ipv6_dns;
|
||||
char *ipv4_nbns;
|
||||
char *ipv6_nbns;
|
||||
char **dns;
|
||||
unsigned int dns_size;
|
||||
|
||||
char **nbns;
|
||||
unsigned int nbns_size;
|
||||
|
||||
char *ipv4_network;
|
||||
char *ipv6_network;
|
||||
char *ipv4_netmask;
|
||||
@@ -142,13 +144,16 @@ struct vpn_st {
|
||||
char *ipv6_netmask;
|
||||
char *ipv6;
|
||||
char *ipv6_local; /* local IPv6 address */
|
||||
char *ipv4_dns;
|
||||
char *ipv6_dns;
|
||||
char *ipv4_nbns;
|
||||
char *ipv6_nbns;
|
||||
unsigned int mtu;
|
||||
|
||||
char **routes;
|
||||
unsigned int routes_size;
|
||||
|
||||
char **dns;
|
||||
unsigned int dns_size;
|
||||
|
||||
char **nbns;
|
||||
unsigned int nbns_size;
|
||||
};
|
||||
|
||||
struct cfg_st {
|
||||
|
||||
@@ -298,30 +298,6 @@ static int recv_auth_reply(worker_st * ws, char *txt, size_t max_txt_size)
|
||||
}
|
||||
|
||||
/* Read any additional data */
|
||||
if (msg->ipv4_dns != NULL) {
|
||||
free(ws->config->network.ipv4_dns);
|
||||
ws->config->network.ipv4_dns =
|
||||
strdup(msg->ipv4_dns);
|
||||
}
|
||||
|
||||
if (msg->ipv6_dns != NULL) {
|
||||
free(ws->config->network.ipv6_dns);
|
||||
ws->config->network.ipv4_dns =
|
||||
strdup(msg->ipv6_dns);
|
||||
}
|
||||
|
||||
if (msg->ipv4_nbns != NULL) {
|
||||
free(ws->config->network.ipv4_nbns);
|
||||
ws->config->network.ipv4_nbns =
|
||||
strdup(msg->ipv4_nbns);
|
||||
}
|
||||
|
||||
if (msg->ipv6_nbns != NULL) {
|
||||
free(ws->config->network.ipv6_nbns);
|
||||
ws->config->network.ipv4_nbns =
|
||||
strdup(msg->ipv6_nbns);
|
||||
}
|
||||
|
||||
if (msg->ipv4_netmask != NULL) {
|
||||
free(ws->config->network.ipv4_netmask);
|
||||
ws->config->network.ipv4_netmask =
|
||||
@@ -349,6 +325,18 @@ static int recv_auth_reply(worker_st * ws, char *txt, size_t max_txt_size)
|
||||
for (i = 0; i < ws->routes_size; i++) {
|
||||
ws->routes[i] = strdup(msg->routes[i]);
|
||||
}
|
||||
|
||||
ws->dns_size = msg->n_dns;
|
||||
|
||||
for (i = 0; i < ws->dns_size; i++) {
|
||||
ws->dns[i] = strdup(msg->dns[i]);
|
||||
}
|
||||
|
||||
ws->nbns_size = msg->n_nbns;
|
||||
|
||||
for (i = 0; i < ws->nbns_size; i++) {
|
||||
ws->nbns[i] = strdup(msg->nbns[i]);
|
||||
}
|
||||
} else {
|
||||
oclog(ws, LOG_ERR, "error in received message");
|
||||
ret = ERR_AUTH_FAIL;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2013 Nikos Mavrogiannopoulos
|
||||
* Copyright (C) 2013, 2014 Nikos Mavrogiannopoulos
|
||||
*
|
||||
* This file is part of ocserv.
|
||||
*
|
||||
@@ -149,30 +149,14 @@ int complete_vpn_info(worker_st * ws, struct vpn_st *vinfo)
|
||||
if (vinfo->ipv4 == NULL && vinfo->ipv6 == NULL) {
|
||||
return -1;
|
||||
}
|
||||
#define LOCAL "local"
|
||||
if (ws->config->network.ipv4_dns
|
||||
&& strcmp(ws->config->network.ipv4_dns, LOCAL) == 0)
|
||||
vinfo->ipv4_dns = vinfo->ipv4_local;
|
||||
else
|
||||
vinfo->ipv4_dns = ws->config->network.ipv4_dns;
|
||||
|
||||
if (ws->config->network.ipv6_dns
|
||||
&& strcmp(ws->config->network.ipv6_dns, LOCAL) == 0)
|
||||
vinfo->ipv6_dns = vinfo->ipv6_local;
|
||||
else
|
||||
vinfo->ipv6_dns = ws->config->network.ipv6_dns;
|
||||
vinfo->dns_size = ws->config->network.dns_size;
|
||||
if (ws->config->network.dns_size > 0)
|
||||
vinfo->dns = ws->config->network.dns;
|
||||
|
||||
if (ws->config->network.ipv4_nbns
|
||||
&& strcmp(ws->config->network.ipv4_nbns, LOCAL) == 0)
|
||||
vinfo->ipv4_nbns = vinfo->ipv4_local;
|
||||
else
|
||||
vinfo->ipv4_nbns = ws->config->network.ipv4_nbns;
|
||||
|
||||
if (ws->config->network.ipv6_nbns
|
||||
&& strcmp(ws->config->network.ipv6_nbns, LOCAL) == 0)
|
||||
vinfo->ipv6_nbns = vinfo->ipv6_local;
|
||||
else
|
||||
vinfo->ipv6_nbns = ws->config->network.ipv6_nbns;
|
||||
vinfo->nbns_size = ws->config->network.nbns_size;
|
||||
if (ws->config->network.nbns_size > 0)
|
||||
vinfo->nbns = ws->config->network.nbns;
|
||||
|
||||
vinfo->routes_size = ws->config->network.routes_size;
|
||||
if (ws->config->network.routes_size > 0)
|
||||
|
||||
@@ -1136,20 +1136,6 @@ static int connect_handler(worker_st * ws)
|
||||
ws->vinfo.ipv4_netmask);
|
||||
SEND_ERR(ret);
|
||||
}
|
||||
|
||||
if (ws->vinfo.ipv4_dns) {
|
||||
ret =
|
||||
tls_printf(ws->session, "X-CSTP-DNS: %s\r\n",
|
||||
ws->vinfo.ipv4_dns);
|
||||
SEND_ERR(ret);
|
||||
}
|
||||
|
||||
if (ws->vinfo.ipv4_nbns) {
|
||||
ret =
|
||||
tls_printf(ws->session, "X-CSTP-NBNS: %s\r\n",
|
||||
ws->vinfo.ipv4_nbns);
|
||||
SEND_ERR(ret);
|
||||
}
|
||||
}
|
||||
|
||||
if (ws->vinfo.ipv6 && req->no_ipv6 == 0) {
|
||||
@@ -1165,20 +1151,30 @@ static int connect_handler(worker_st * ws)
|
||||
ws->vinfo.ipv6_netmask);
|
||||
SEND_ERR(ret);
|
||||
}
|
||||
}
|
||||
|
||||
if (ws->vinfo.ipv6_dns) {
|
||||
ret =
|
||||
tls_printf(ws->session, "X-CSTP-DNS: %s\r\n",
|
||||
ws->vinfo.ipv6_dns);
|
||||
SEND_ERR(ret);
|
||||
}
|
||||
for (i = 0; i < ws->vinfo.dns_size; i++) {
|
||||
if (req->no_ipv6 != 0 && strchr(ws->vinfo.dns[i], ':') != 0)
|
||||
continue;
|
||||
if (req->no_ipv4 != 0 && strchr(ws->vinfo.dns[i], '.') != 0)
|
||||
continue;
|
||||
|
||||
if (ws->vinfo.ipv6_nbns) {
|
||||
ret =
|
||||
tls_printf(ws->session, "X-CSTP-NBNS: %s\r\n",
|
||||
ws->vinfo.ipv6_nbns);
|
||||
SEND_ERR(ret);
|
||||
}
|
||||
ret =
|
||||
tls_printf(ws->session, "X-CSTP-DNS: %s\r\n",
|
||||
ws->vinfo.dns[i]);
|
||||
SEND_ERR(ret);
|
||||
}
|
||||
|
||||
for (i = 0; i < ws->vinfo.nbns_size; i++) {
|
||||
if (req->no_ipv6 != 0 && strchr(ws->vinfo.nbns[i], ':') != 0)
|
||||
continue;
|
||||
if (req->no_ipv4 != 0 && strchr(ws->vinfo.nbns[i], '.') != 0)
|
||||
continue;
|
||||
|
||||
ret =
|
||||
tls_printf(ws->session, "X-CSTP-NBNS: %s\r\n",
|
||||
ws->vinfo.nbns[i]);
|
||||
SEND_ERR(ret);
|
||||
}
|
||||
|
||||
for (i = 0; i < ws->vinfo.routes_size; i++) {
|
||||
|
||||
@@ -112,6 +112,8 @@ typedef struct worker_st {
|
||||
gnutls_session_t session;
|
||||
gnutls_session_t dtls_session;
|
||||
|
||||
struct http_req_st req;
|
||||
|
||||
/* inique session identifier */
|
||||
uint8_t sid[SID_SIZE];
|
||||
|
||||
@@ -164,8 +166,10 @@ typedef struct worker_st {
|
||||
/* additional data - received per user or per group */
|
||||
unsigned routes_size;
|
||||
char* routes[MAX_ROUTES];
|
||||
|
||||
struct http_req_st req;
|
||||
unsigned dns_size;
|
||||
char* dns[MAX_ROUTES];
|
||||
unsigned nbns_size;
|
||||
char* nbns[MAX_ROUTES];
|
||||
} worker_st;
|
||||
|
||||
void vpn_server(struct worker_st* ws);
|
||||
|
||||
@@ -146,8 +146,7 @@ default-domain = example.com
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# ipv4-dns = 192.168.2.1
|
||||
ipv4-dns = local
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
#ipv4-nbns = 192.168.2.3
|
||||
|
||||
@@ -146,14 +146,13 @@ default-domain = example.com
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# ipv4-dns = 192.168.2.1
|
||||
ipv4-dns = local
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
#ipv4-nbns = 192.168.2.3
|
||||
|
||||
#ipv6-address =
|
||||
#ipv6-mask =
|
||||
ipv6-network = fe80::
|
||||
ipv6-prefix = 16
|
||||
#ipv6-dns =
|
||||
|
||||
# Prior to leasing any IP from the pool ping it to verify that
|
||||
|
||||
@@ -145,8 +145,7 @@ default-domain = example.com
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# ipv4-dns = 192.168.2.1
|
||||
ipv4-dns = local
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
#ipv4-nbns = 192.168.2.3
|
||||
|
||||
@@ -146,8 +146,7 @@ default-domain = example.com
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# ipv4-dns = 192.168.2.1
|
||||
ipv4-dns = local
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
#ipv4-nbns = 192.168.2.3
|
||||
|
||||
@@ -146,8 +146,7 @@ default-domain = example.com
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# ipv4-dns = 192.168.2.1
|
||||
ipv4-dns = local
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
#ipv4-nbns = 192.168.2.3
|
||||
|
||||
@@ -146,8 +146,7 @@ default-domain = example.com
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# ipv4-dns = 192.168.2.1
|
||||
ipv4-dns = local
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
#ipv4-nbns = 192.168.2.3
|
||||
|
||||
@@ -146,8 +146,7 @@ default-domain = example.com
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# ipv4-dns = 192.168.2.1
|
||||
ipv4-dns = local
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
#ipv4-nbns = 192.168.2.3
|
||||
|
||||
Reference in New Issue
Block a user