enforce maximum number of same clients

src/config.c

@@ -165,6 +165,7 @@ unsigned j;
 	READ_NUMERIC("cookie-validity", config->cookie_validity, 1);
 	READ_NUMERIC("auth-timeout", config->auth_timeout, 0);
 	READ_NUMERIC("max-clients", config->max_clients, 0);
+	READ_NUMERIC("max-same-clients", config->max_same_clients, 0);
 
 	val = optionGetValue(pov, "run-as-user"); \
 	if (val != NULL && val->valType == OPARG_TYPE_STRING) {

src/main-auth.c

@@ -200,3 +200,27 @@ unsigned username_set = 0;
 	
 	return ret;
 }
+
+int check_multiple_users(main_server_st *s, struct proc_st* proc)
+{
+struct proc_st *ctmp;
+unsigned int entries = 1; /* that one */
+
+	if (s->config->max_same_clients == 0)
+		return 0; /* ok */
+
+	list_for_each(&s->clist->head, ctmp, list) {
+
+		if (ctmp != proc) {
+			if (strcmp(proc->username, ctmp->username) == 0) {
+				entries++;
+			}
+		}
+	}
+	
+	if (entries > s->config->max_same_clients)
+		return -1;
+	
+	return 0;
+}
+

src/main-misc.c

@@ -113,8 +113,6 @@ int send_udp_fd(main_server_st* s, struct proc_st * proc,
 	return(sendmsg(proc->fd, &hdr, 0));
 }
 
-
-
 int handle_commands(main_server_st *s, struct proc_st* proc)
 {
 	struct iovec iov[2];
@@ -234,12 +232,21 @@ int handle_commands(main_server_st *s, struct proc_st* proc)
 				ret = handle_auth_cookie_req(s, proc, &cmd_data.cauth, &lease);
 			}
 
+			if (ret == 0) {
+				/* check for multiple connections */
+				ret = check_multiple_users(s, proc);
+				if (ret < 0) {
+					mslog(s, proc, LOG_INFO, "User '%s' tried to connect more than %u times", proc->username, s->config->max_same_clients);
+				}
+
+				/* do scripts and utmp */
 				if (ret == 0) {
 					ret = user_connected(s, proc, lease);
 					if (ret < 0) {
 						mslog(s, proc, LOG_INFO, "User '%s' disconnected due to script", proc->username);
 					}
 				}
+			}
 
 			if (ret == 0) {
 				if (cmd == AUTH_REQ) {

src/main.h

@@ -109,4 +109,6 @@ int generate_and_store_vals(main_server_st *s, struct proc_st* proc);
 int handle_auth_req(main_server_st *s, struct proc_st* proc,
 		   const struct cmd_auth_req_st * req, struct lease_st **lease);
 
+int check_multiple_users(main_server_st *s, struct proc_st* proc);
+
 #endif

src/ocserv-args.c

@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (ocserv-args.c)
  *  
- *  It has been AutoGen-ed  February  9, 2013 at 08:06:02 PM by AutoGen 5.16
+ *  It has been AutoGen-ed  February  9, 2013 at 08:11:58 PM by AutoGen 5.16
  *  From the definitions    ocserv-args.def
  *  and the template file   options
  *

src/ocserv-args.def

@@ -74,6 +74,10 @@ auth = "pam"
 #max-clients = 1024
 max-clients = 16
 
+# Limit the number of identical clients (i.e., users connecting multiple times)
+# Unset or set to zero for unlimited.
+max-same-clients = 1
+
 # TCP and UDP port number
 tcp-port = 3333
 udp-port = 3333

src/ocserv-args.h

@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (ocserv-args.h)
  *  
- *  It has been AutoGen-ed  February  9, 2013 at 08:06:02 PM by AutoGen 5.16
+ *  It has been AutoGen-ed  February  9, 2013 at 08:11:58 PM by AutoGen 5.16
  *  From the definitions    ocserv-args.def
  *  and the template file   options
  *

src/sample.config

@@ -14,6 +14,10 @@ pid-file = /var/run/ocserv.pid
 # max-clients = 1024
 max-clients = 4
 
+# Limit the number of identical clients (i.e., users connecting multiple times)
+# Unset or set to zero for unlimited.
+max-same-clients = 1
+
 # Use listen-host to limit to specific IPs or to the IPs of a provided hostname.
 # listen-host = [IP|HOSTNAME]
 

src/vpn.h

@@ -72,6 +72,7 @@ struct cfg_st {
 	unsigned tls_debug;
 	unsigned debug;
 	unsigned max_clients;
+	unsigned max_same_clients;
 	unsigned use_utmp;
 
 	/* if gdbm is there */