GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-12 01:46:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

check_multiple_users: do not account disconnected ones

Browse Source 
When max-same-clients is set to 1 and a user re-using a cookie
connects, check_multiple_users() would prevent the user from
reconnecting. This corrects the issue by taking into account
only valid sessions that have not yet been disconnected.

Resolves: #223

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
This commit is contained in:
Nikos Mavrogiannopoulos
2019-12-15 20:43:22 +01:00
parent 935818346d
commit 55d5af2ebc
7 changed files with 286 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/main-auth.c
View File

@@ -205,8 +205,9 @@ struct proc_st *old_proc;
/* steal its leases */
steal_ip_leases(old_proc, proc);
if (old_proc->pid > 0)
kill(old_proc->pid, SIGTERM);
if (old_proc->pid > 0) {
kill_proc(old_proc);
}
mslog(s, proc, LOG_DEBUG, "re-using session");
} else {
mslog(s, proc, LOG_INFO, "new user session");
@@ -237,9 +238,9 @@ struct proc_st *old_proc;
*/
int check_multiple_users(main_server_st *s, struct proc_st* proc)
{
struct proc_st *ctmp = NULL, *cpos;
unsigned int entries = 1; /* that one */
unsigned max;
struct proc_st *ctmp = NULL, *cpos;
unsigned int entries = 1; /* that one */
unsigned max;
max = proc->config->max_same_clients;
@@ -248,7 +249,7 @@ unsigned max;
list_for_each_safe(&s->proc_list.head, ctmp, cpos, list) {
if (ctmp != proc && ctmp->pid != -1) {
if (strcmp(proc->username, ctmp->username) == 0) {
if (!ctmp->pid_killed && strcmp(proc->username, ctmp->username) == 0) {
entries++;
if (entries > max)

5
src/main-worker-cmd.c
View File

@@ -381,8 +381,9 @@ int handle_worker_commands(main_server_st * s, struct proc_st *proc)
/* If the address is in the BAN list, terminate it */
if (check_if_banned(s, &proc->remote_addr, proc->remote_addr_len) != 0) {
if (proc->pid != -1 && proc->pid != 0)
kill(proc->pid, SIGTERM);
if (proc->pid != -1 && proc->pid != 0) {
kill_proc(proc);
}
}
}

9
src/main.h
View File

@@ -32,6 +32,7 @@
#include <common.h>
#include <sys/un.h>
#include <sys/uio.h>
#include <signal.h>
#include <ev.h>
#include "vhost.h"
@@ -90,6 +91,8 @@ typedef struct proc_st {
struct list_node list;
int fd; /* the command file descriptor */
pid_t pid;
unsigned pid_killed; /* if explicitly disconnected */
time_t udp_fd_receive_time; /* when the corresponding process has received a UDP fd */
time_t conn_time; /* the time the user connected */
@@ -160,6 +163,12 @@ typedef struct proc_st {
vhost_cfg_st *vhost;
} proc_st;
inline static void kill_proc(proc_st *proc)
{
kill(proc->pid, SIGTERM);
proc->pid_killed = 1;
}
struct ip_lease_db_st {
struct htable ht;
};