mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 16:57:00 +08:00
Allow aliases to group names.
This commit is contained in:
Nikos Mavrogiannopoulos
@@ -276,8 +276,8 @@ route = 192.168.5.0/255.255.255.0
|
||||
# it is needed to switch between them. For these cases the client can
|
||||
# select prior to authentication. Add multiple entries for multiple groups.
|
||||
#select-group = group1
|
||||
#select-group = group2
|
||||
#select-group = tost
|
||||
#select-group = group2[My group 2]
|
||||
#select-group = tost[The tost group]
|
||||
|
||||
# The name of the group that if selected it would allow to use
|
||||
# the assigned by default group.
|
||||
|
||||
76
src/config.c
76
src/config.c
@@ -30,6 +30,7 @@
|
||||
#include <limits.h>
|
||||
#include <common.h>
|
||||
#include <c-strcase.h>
|
||||
#include <c-ctype.h>
|
||||
#include <auth/pam.h>
|
||||
#include <auth/plain.h>
|
||||
|
||||
@@ -135,6 +136,8 @@ static struct cfg_options available_options[] = {
|
||||
{ .name = "default-group-config", .type = OPTION_STRING, .mandatory = 0 },
|
||||
};
|
||||
|
||||
static char *get_brackets_string(void *pool, const char *str);
|
||||
|
||||
static const tOptionValue* get_option(const char* name, unsigned * mand)
|
||||
{
|
||||
unsigned j;
|
||||
@@ -156,6 +159,10 @@ unsigned j;
|
||||
if (s_name == NULL) { \
|
||||
num = 0; \
|
||||
s_name = talloc_size(config, sizeof(char*)*MAX_CONFIG_ENTRIES); \
|
||||
if (s_name == NULL) { \
|
||||
fprintf(stderr, "memory error\n"); \
|
||||
exit(1); \
|
||||
} \
|
||||
} \
|
||||
do { \
|
||||
if (val && !strcmp(val->pzName, name)==0) \
|
||||
@@ -171,6 +178,36 @@ unsigned j;
|
||||
exit(1); \
|
||||
}
|
||||
|
||||
#define READ_MULTI_BRACKET_LINE(name, s_name, s_name2, num) \
|
||||
val = get_option(name, &mand); \
|
||||
if (val != NULL && val->valType == OPARG_TYPE_STRING) { \
|
||||
if (s_name == NULL || s_name2 == NULL) { \
|
||||
num = 0; \
|
||||
s_name = talloc_size(config, sizeof(char*)*MAX_CONFIG_ENTRIES); \
|
||||
s_name2 = talloc_size(config, sizeof(char*)*MAX_CONFIG_ENTRIES); \
|
||||
if (s_name == NULL || s_name2 == NULL) { \
|
||||
fprintf(stderr, "memory error\n"); \
|
||||
exit(1); \
|
||||
} \
|
||||
} \
|
||||
do { \
|
||||
char *xp; \
|
||||
if (val && !strcmp(val->pzName, name)==0) \
|
||||
continue; \
|
||||
s_name[num] = talloc_strdup(config, val->v.strVal); \
|
||||
xp = strchr(s_name[num], '['); if (xp != NULL) *xp = 0; \
|
||||
s_name2[num] = get_brackets_string(config, val->v.strVal); \
|
||||
num++; \
|
||||
if (num>=MAX_CONFIG_ENTRIES) \
|
||||
break; \
|
||||
} while((val = optionNextValue(pov, val)) != NULL); \
|
||||
s_name[num] = NULL; \
|
||||
s_name2[num] = NULL; \
|
||||
} else if (mand != 0) { \
|
||||
fprintf(stderr, "Configuration option %s is mandatory.\n", name); \
|
||||
exit(1); \
|
||||
}
|
||||
|
||||
#define READ_STRING(name, s_name) \
|
||||
val = get_option(name, &mand); \
|
||||
if (val != NULL && val->valType == OPARG_TYPE_STRING) \
|
||||
@@ -256,6 +293,30 @@ unsigned j;
|
||||
}
|
||||
}
|
||||
|
||||
static char *get_brackets_string(void *pool, const char *str)
|
||||
{
|
||||
char *p, *p2;
|
||||
unsigned len;
|
||||
|
||||
p = strchr(str, '[');
|
||||
if (p == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
p++;
|
||||
while (c_isspace(*p))
|
||||
p++;
|
||||
|
||||
p2 = strchr(p, ']');
|
||||
if (p2 == NULL) {
|
||||
fprintf(stderr, "error parsing %s\n", str);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
len = p2 - p;
|
||||
|
||||
return talloc_strndup(pool, p, len);
|
||||
}
|
||||
|
||||
static void parse_cfg_file(const char* file, struct cfg_st *config)
|
||||
{
|
||||
tOptionValue const * pov;
|
||||
@@ -306,21 +367,17 @@ unsigned force_cert_auth;
|
||||
fprintf(stderr, "PAM support is disabled\n");
|
||||
exit(1);
|
||||
#endif
|
||||
} else if (strncasecmp(auth[j], "plain[", 6) == 0) {
|
||||
char* p;
|
||||
|
||||
} else if (strncasecmp(auth[j], "plain", 5) == 0) {
|
||||
if ((config->auth_types & AUTH_TYPE_USERNAME_PASS) != 0) {
|
||||
fprintf(stderr, "You cannot mix multiple username/password authentication methods\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
config->plain_passwd = talloc_strdup(config, auth[j]+6);
|
||||
p = strchr(config->plain_passwd, ']');
|
||||
if (p == NULL) {
|
||||
config->plain_passwd = get_brackets_string(config, auth[j]+5);
|
||||
if (config->plain_passwd == NULL) {
|
||||
fprintf(stderr, "Format error in %s\n", auth[j]);
|
||||
exit(1);
|
||||
}
|
||||
*p = 0;
|
||||
amod = &plain_auth_funcs;
|
||||
config->auth_types |= AUTH_TYPE_PLAIN;
|
||||
} else if (c_strcasecmp(auth[j], "certificate") == 0) {
|
||||
@@ -506,7 +563,10 @@ unsigned force_cert_auth;
|
||||
if (auto_select_group != 0 && amod != NULL && amod->group_list != NULL) {
|
||||
amod->group_list(config, config->plain_passwd, &config->group_list, &config->group_list_size);
|
||||
} else {
|
||||
READ_MULTI_LINE("select-group", config->group_list, config->group_list_size);
|
||||
READ_MULTI_BRACKET_LINE("select-group",
|
||||
config->group_list,
|
||||
config->friendly_group_list,
|
||||
config->group_list_size);
|
||||
}
|
||||
|
||||
READ_MULTI_LINE("dns", config->network.dns, config->network.dns_size);
|
||||
|
||||
@@ -349,8 +349,9 @@ route = 192.168.5.0/255.255.255.0
|
||||
# A client may belong in multiple groups, and in certain use-cases
|
||||
# it is needed to switch between them. For these cases the client can
|
||||
# select prior to authentication. Add multiple entries for multiple groups.
|
||||
# The group may be followed by a user-friendly name in brackets.
|
||||
#select-group = group1
|
||||
#select-group = group2
|
||||
#select-group = group2[My special group]
|
||||
|
||||
# The name of the group that if selected it would allow to use
|
||||
# the assigned by default group.
|
||||
|
||||
@@ -201,6 +201,9 @@ struct cfg_st {
|
||||
|
||||
char **group_list; /* select_group */
|
||||
unsigned int group_list_size;
|
||||
|
||||
char **friendly_group_list; /* the same size as group_list_size */
|
||||
|
||||
char *default_select_group;
|
||||
|
||||
char **custom_header;
|
||||
|
||||
@@ -81,6 +81,25 @@ static const char login_msg_no_user_end[] =
|
||||
|
||||
static int get_cert_info(worker_st * ws);
|
||||
|
||||
static int append_group_idx(worker_st * ws, str_st *str, unsigned i)
|
||||
{
|
||||
char temp[128];
|
||||
const char *name;
|
||||
const char *value;
|
||||
|
||||
value = ws->config->group_list[i];
|
||||
if (ws->config->friendly_group_list[i] == NULL)
|
||||
name = ws->config->group_list[i];
|
||||
else
|
||||
name = ws->config->friendly_group_list[i];
|
||||
|
||||
snprintf(temp, sizeof(temp), "<option value=\"%s\">%s</option>\n", value, name);
|
||||
if (str_append_str(str, temp) < 0)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int get_auth_handler2(worker_st * ws, unsigned http_ver, const char *pmsg)
|
||||
{
|
||||
int ret;
|
||||
@@ -192,6 +211,7 @@ int get_auth_handler2(worker_st * ws, unsigned http_ver, const char *pmsg)
|
||||
|
||||
if (dup != 0)
|
||||
continue;
|
||||
|
||||
snprintf(temp, sizeof(temp), "<option>%s</option>\n", ws->cert_groups[i]);
|
||||
ret = str_append_str(&str, temp);
|
||||
if (ret < 0) {
|
||||
@@ -201,9 +221,9 @@ int get_auth_handler2(worker_st * ws, unsigned http_ver, const char *pmsg)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
for (i=0;i<ws->config->group_list_size;i++) {
|
||||
snprintf(temp, sizeof(temp), "<option>%s</option>\n", ws->config->group_list[i]);
|
||||
ret = str_append_str(&str, temp);
|
||||
ret = append_group_idx(ws, &str, i);
|
||||
if (ret < 0) {
|
||||
ret = -1;
|
||||
goto cleanup;
|
||||
|
||||
Reference in New Issue
Block a user