Added the default-select-group directive.

doc/sample.config

@@ -279,6 +279,10 @@ route = 192.168.5.0/255.255.255.0
 #select-group = group2
 #select-group = tost
 
+# The name of the group that if selected it would allow to use
+# the assigned by default group.
+#default-select-group = DEFAULT
+
 # Instead of specifying manually all the allowed groups, you may instruct
 # ocserv to scan all available groups and include the full list. That
 # option is only functional on plain authentication.

src/config.c

@@ -84,6 +84,7 @@ static struct cfg_options available_options[] = {
 	{ .name = "banner", .type = OPTION_STRING, .mandatory = 0 },
 	{ .name = "predictable-ips", .type = OPTION_BOOLEAN, .mandatory = 0 },
 	{ .name = "auto-select-group", .type = OPTION_BOOLEAN, .mandatory = 0 },
+	{ .name = "default-select-group", .type = OPTION_STRING, .mandatory = 0 },
 	/* this is alias for cisco-client-compat */
 	{ .name = "always-require-cert", .type = OPTION_BOOLEAN, .mandatory = 0 },
 	{ .name = "cisco-client-compat", .type = OPTION_BOOLEAN, .mandatory = 0 },
@@ -500,6 +501,7 @@ unsigned force_cert_auth;
 		}
 	}
 
+	READ_STRING("default-select-group", config->default_select_group);
 	READ_TF("auto-select-group", auto_select_group, 0);
 	if (auto_select_group != 0 && amod != NULL && amod->group_list != NULL) {
 		amod->group_list(config, config->plain_passwd, &config->group_list, &config->group_list_size);
@@ -709,6 +711,7 @@ unsigned i;
 	for (i=0;i<config->group_list_size;i++)
 		DEL(config->group_list[i]);
 	DEL(config->group_list);
+	DEL(config->default_select_group);
 #ifdef HAVE_LIBTALLOC
 	/* our included talloc don't include that */
 	talloc_free_children(config);

src/ocserv-args.def

@@ -352,6 +352,10 @@ route = 192.168.5.0/255.255.255.0
 #select-group = group1
 #select-group = group2
 
+# The name of the group that if selected it would allow to use
+# the assigned by default group.
+#default-select-group = DEFAULT
+
 # Instead of specifying manually all the allowed groups, you may instruct
 # ocserv to scan all available groups and include the full list. That
 # option is only functional on plain authentication.

src/vpn.h

@@ -201,6 +201,7 @@ struct cfg_st {
 
 	char **group_list; /* select_group */
 	unsigned int group_list_size;
+	char *default_select_group;
 
 	char **custom_header;
 	unsigned custom_header_size;;

src/worker-auth.c

@@ -157,6 +157,15 @@ int get_auth_handler2(worker_st * ws, unsigned http_ver, const char *pmsg)
 				goto cleanup;
 			}
 
+			if (ws->config->default_select_group) {
+				snprintf(temp, sizeof(temp), "<option>%s</option>\n", ws->config->default_select_group);
+				ret = str_append_str(&str, temp);
+				if (ret < 0) {
+					ret = -1;
+					goto cleanup;
+				}
+			}
+
 			for (i=0;i<ws->config->group_list_size;i++) {
 				snprintf(temp, sizeof(temp), "<option>%s</option>\n", ws->config->group_list[i]);
 				ret = str_append_str(&str, temp);
@@ -859,12 +868,13 @@ int post_auth_handler(worker_st * ws, unsigned http_ver)
 					&groupname);
 			if (ret < 0) {
 				oclog(ws, LOG_DEBUG, "failed reading groupname");
-			} else {
+			} else if (ws->config->default_select_group == NULL ||
+				   strcmp(groupname, ws->config->default_select_group) != 0) {
 				snprintf(ws->groupname, sizeof(ws->groupname), "%s",
 				 	groupname);
 				ireq.group_name = ws->groupname;
-				talloc_free(groupname);
 			}
+			talloc_free(groupname);
 
 			ret = parse_reply(ws, req->body, req->body_length,
 					USERNAME_FIELD, sizeof(USERNAME_FIELD)-1,