GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Allow for random and for predictable IP assignment.

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2014-05-14 13:00:11 +02:00
parent 09704b8819
commit 3f9a215f53
4 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/config.c
View File

@@ -78,6 +78,7 @@ static struct cfg_options available_options[] = {
{ .name = "socket-file", .type = OPTION_STRING, .mandatory = 1 },
{ .name = "occtl-socket-file", .type = OPTION_STRING, .mandatory = 0 },
{ .name = "banner", .type = OPTION_STRING, .mandatory = 0 },
{ .name = "predictable-ips", .type = OPTION_BOOLEAN, .mandatory = 0 },
/* this is alias for cisco-client-compat */
{ .name = "always-require-cert", .type = OPTION_BOOLEAN, .mandatory = 0 },
{ .name = "cisco-client-compat", .type = OPTION_BOOLEAN, .mandatory = 0 },
@@ -374,6 +375,7 @@ unsigned force_cert_auth;
config->cisco_client_compat = 1;
}
READ_TF("predictable-ips", config->predictable_ips, 1);
READ_TF("use-utmp", config->use_utmp, 1);
READ_TF("use-dbus", config->use_dbus, 0);
if (config->use_dbus != 0) {

4
src/ocserv-args.def
View File

@@ -286,6 +286,10 @@ cgroup = "cpuset,cpu:test"
# The name to use for the tun device
device = vpns
# Whether the generated IPs will be predictable, i.e., IP stays the
# same for the same user when possible.
predictable-ips = true
# The default domain to be advertised
default-domain = example.com

10
src/sec-mod-auth.c
View File

@@ -76,8 +76,14 @@ static int generate_cookie(sec_mod_st * sec, client_entry_st * entry)
return -1;
/* Fixme: possibly we should allow for completely random seeds */
t = hash_any(entry->username, strlen(entry->username), 0);
memcpy(sc.ipv4_seed, &t, 4);
if (sec->config->predictable_ips != 0) {
t = hash_any(entry->username, strlen(entry->username), 0);
memcpy(sc.ipv4_seed, &t, 4);
} else {
ret = gnutls_rnd(GNUTLS_RND_NONCE, sc.ipv4_seed, sizeof(sc.ipv4_seed));
if (ret < 0)
return -1;
}
memcpy(sc.username, entry->username, sizeof(entry->username));
memcpy(sc.groupname, entry->groupname, sizeof(entry->groupname));

1
src/vpn.h
View File

@@ -240,6 +240,7 @@ struct cfg_st {
unsigned output_buffer;
unsigned default_mtu;
unsigned predictable_ips; /* boolean */
char *route_add_cmd;
char *route_del_cmd;