mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-09 08:16:58 +08:00
ocserv: added support for per-user split-dns directive
Resolves: #229 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
This commit is contained in:
Nikos Mavrogiannopoulos
1
NEWS
1
NEWS
@@ -1,5 +1,6 @@
|
||||
* Version 0.12.6 (unreleased)
|
||||
- Improved IPv6 support for anyconnect clients. Patch by Leendert van Doorn.
|
||||
- The 'split-dns' configuration directive can be used per-user (#229).
|
||||
|
||||
|
||||
* Version 0.12.5 (released 2019-10-16)
|
||||
|
||||
@@ -581,7 +581,7 @@ no-route = 192.168.5.0/255.255.255.0
|
||||
# keepalive, dpd, mobile-dpd, max-same-clients, tunnel-all-dns,
|
||||
# restrict-user-to-routes, user-profile, cgroup, stats-report-time,
|
||||
# mtu, idle-timeout, mobile-idle-timeout, restrict-user-to-ports,
|
||||
# and session-timeout.
|
||||
# split-dns and session-timeout.
|
||||
#
|
||||
# Note that the 'iroute' option allows one to add routes on the server
|
||||
# based on a user or group. The syntax depends on the input accepted
|
||||
|
||||
@@ -62,6 +62,7 @@ message group_cfg_st
|
||||
optional uint32 mobile_idle_timeout = 38;
|
||||
repeated fw_port_st fw_ports = 39;
|
||||
optional string hostname = 40;
|
||||
repeated string split_dns = 41;
|
||||
}
|
||||
|
||||
/* AUTH_COOKIE_REP */
|
||||
|
||||
@@ -324,6 +324,11 @@ void apply_default_config(main_server_st *s, proc_st *proc, GroupCfgSt *gc)
|
||||
gc->n_nbns = vhost->perm_config.config->network.nbns_size;
|
||||
}
|
||||
|
||||
if (gc->split_dns == NULL) {
|
||||
gc->split_dns = vhost->perm_config.config->split_dns;
|
||||
gc->n_split_dns = vhost->perm_config.config->split_dns_size;
|
||||
}
|
||||
|
||||
if (!gc->has_interim_update_secs) {
|
||||
gc->interim_update_secs = vhost->perm_config.config->stats_report_time;
|
||||
gc->has_interim_update_secs = 1;
|
||||
|
||||
@@ -111,6 +111,8 @@ static int group_cfg_ini_handler(void *_ctx, const char *section, const char *na
|
||||
READ_TF(msg->config->deny_roaming, msg->config->has_deny_roaming);
|
||||
} else if (strcmp(name, "route") == 0) {
|
||||
READ_RAW_MULTI_LINE(msg->config->routes, msg->config->n_routes);
|
||||
} else if (strcmp(name, "split-dns") == 0) {
|
||||
READ_RAW_MULTI_LINE(msg->config->split_dns, msg->config->n_split_dns);
|
||||
} else if (strcmp(name, "no-route") == 0) {
|
||||
READ_RAW_MULTI_LINE(msg->config->no_routes, msg->config->n_no_routes);
|
||||
} else if (strcmp(name, "iroute") == 0) {
|
||||
|
||||
@@ -2023,8 +2023,8 @@ static int connect_handler(worker_st * ws)
|
||||
SEND_ERR(ret);
|
||||
}
|
||||
|
||||
for (i = 0; i < WSCONFIG(ws)->split_dns_size; i++) {
|
||||
if (strchr(WSCONFIG(ws)->split_dns[i], ':') != 0)
|
||||
for (i = 0; i < ws->user_config->n_split_dns; i++) {
|
||||
if (strchr(ws->user_config->split_dns[i], ':') != 0)
|
||||
ip6 = 1;
|
||||
else
|
||||
ip6 = 0;
|
||||
@@ -2035,10 +2035,10 @@ static int connect_handler(worker_st * ws)
|
||||
continue;
|
||||
|
||||
oclog(ws, LOG_INFO, "adding split DNS %s",
|
||||
WSCONFIG(ws)->split_dns[i]);
|
||||
ws->user_config->split_dns[i]);
|
||||
ret =
|
||||
cstp_printf(ws, "X-CSTP-Split-DNS: %s\r\n",
|
||||
WSCONFIG(ws)->split_dns[i]);
|
||||
ws->user_config->split_dns[i]);
|
||||
SEND_ERR(ret);
|
||||
}
|
||||
|
||||
|
||||
@@ -153,6 +153,10 @@ ipv4-dns = 192.168.5.1
|
||||
# The NBNS server (if any)
|
||||
#ipv4-nbns = 192.168.2.3
|
||||
|
||||
# The domains over which the provided DNS should be used. Use
|
||||
# multiple lines for multiple domains.
|
||||
split-dns = example.com
|
||||
|
||||
#ipv6-address =
|
||||
#ipv6-mask =
|
||||
#ipv6-dns =
|
||||
|
||||
@@ -83,7 +83,7 @@ echo -n "Checking if proper dns was sent... "
|
||||
|
||||
CONTENTS=`cat ${TMPFILE1}|grep "X-CSTP-DNS: 8.8.8.8"`
|
||||
if test -z "$CONTENTS";then
|
||||
cat ${TMPFILE1}
|
||||
cat ${TMPFILE1}|grep X-CSTP-DNS
|
||||
fail $PID "Expected DNS was not sent"
|
||||
fi
|
||||
|
||||
@@ -99,6 +99,26 @@ fi
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Checking if split-dns has been sent... "
|
||||
|
||||
CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Split-DNS|grep example6.com`
|
||||
if test -z "$CONTENTS";then
|
||||
cat ${TMPFILE1}|grep X-CSTP-Split-DNS
|
||||
fail $PID "Temporary file contents are not correct; X-CSTP-Split-DNS was not found"
|
||||
fi
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Checking if split-dns has not been sent... "
|
||||
|
||||
cat ${TMPFILE1}|grep X-CSTP-Split-DNS|grep example.com >/dev/null
|
||||
if test $? = 0;then
|
||||
cat ${TMPFILE1}|grep X-CSTP-Split-DNS
|
||||
fail $PID "Temporary file contents are not correct; X-CSTP-Split-DNS contained main config value"
|
||||
fi
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Checking if user-specific DPD has been sent... "
|
||||
|
||||
CONTENTS=`cat ${TMPFILE1}|grep X-DTLS-DPD|grep 880`
|
||||
@@ -150,6 +170,16 @@ if test -z "$CONTENTS";then
|
||||
fail $PID "Temporary file contents are not correct; address was not the expected (10.9.)"
|
||||
fi
|
||||
|
||||
echo -n "Checking if main config split-dns has been sent... "
|
||||
|
||||
cat ${TMPFILE1}|grep X-CSTP-Split-DNS|grep example.com >/dev/null
|
||||
if test $? != 0;then
|
||||
cat ${TMPFILE1}|grep X-CSTP-Split-DNS
|
||||
fail $PID "Temporary file contents are not correct; X-CSTP-Split-DNS did not contain main config value"
|
||||
fi
|
||||
|
||||
echo ok
|
||||
|
||||
|
||||
kill $kpid3
|
||||
rm -f ${TMPFILE1}
|
||||
|
||||
@@ -4,3 +4,5 @@ keepalive = 14400
|
||||
max-same-clients = 1
|
||||
dns = 8.8.8.8
|
||||
hostname = xxxx
|
||||
split-dns = example5.com
|
||||
split-dns = example6.com
|
||||
|
||||
Reference in New Issue
Block a user