mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-09 08:16:58 +08:00
Communicate secmod address to worker after successful authentication
This ensures all subsequent worker communications reach the original secmod instance that authenticated the client, enabling correct session accounting after IP address changes. Closes: #674 Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
This commit is contained in:
Grigory Trenin
committed by
Nikos Mavrogiannopoulos
Nikos Mavrogiannopoulos
parent
afa34bbd10
commit
0f53e0d6d9
1
NEWS
1
NEWS
@@ -6,6 +6,7 @@
|
||||
- Fixed "unexpected URL" errors for Cisco AnyConnect clients
|
||||
- Fixed the 'ping-leases' option, which was broken since version 1.1.1
|
||||
- Fixed 'iroute' option processing to handle multiple routes (#625)
|
||||
- Fixed session accounting for roaming users (#674)
|
||||
- occtl: fix invalid JSON output in `occtl -j show iroutes` (#661)
|
||||
- occtl: fix regression with trailing commas in `occtl -j show sessions` (#669)
|
||||
- occtl: fix missing column headers in 'show ip bans' output (#677)
|
||||
|
||||
@@ -83,6 +83,7 @@ message auth_cookie_reply_msg
|
||||
optional string ipv6_local = 10;
|
||||
|
||||
required bytes sid = 11;
|
||||
required bytes secmod_addr = 13;
|
||||
|
||||
/* additional config */
|
||||
optional group_cfg_st config = 20;
|
||||
|
||||
@@ -145,6 +145,13 @@ int send_cookie_auth_reply(main_server_st *s, struct proc_st *proc, AUTHREP r)
|
||||
}
|
||||
|
||||
msg.config = proc->config;
|
||||
msg.secmod_addr.data =
|
||||
(uint8_t *)&s
|
||||
->sec_mod_instances[proc->sec_mod_instance_index]
|
||||
.secmod_addr;
|
||||
msg.secmod_addr.len =
|
||||
s->sec_mod_instances[proc->sec_mod_instance_index]
|
||||
.secmod_addr_len;
|
||||
|
||||
ret = send_socket_msg_to_worker(
|
||||
s, proc, AUTH_COOKIE_REP, proc->tun_lease.fd, &msg,
|
||||
|
||||
@@ -707,6 +707,17 @@ static int recv_cookie_auth_reply(worker_st *ws)
|
||||
memcpy(ws->sid, msg->sid.data, sizeof(ws->sid));
|
||||
ws->sid_set = 1;
|
||||
|
||||
if (msg->secmod_addr.len > sizeof(ws->secmod_addr)) {
|
||||
oclog(ws, LOG_ERR,
|
||||
"msg->secmod_addr.len too large");
|
||||
ret = ERR_AUTH_FAIL;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
ws->secmod_addr_len = msg->secmod_addr.len;
|
||||
memcpy(&ws->secmod_addr, msg->secmod_addr.data,
|
||||
msg->secmod_addr.len);
|
||||
|
||||
strlcpy(ws->vinfo.name, msg->vname,
|
||||
sizeof(ws->vinfo.name));
|
||||
strlcpy(ws->username, msg->user_name,
|
||||
|
||||
Reference in New Issue
Block a user