2026-02-10 00:37:00 +08:00 · 2015-10-25 22:42:22 +01:00
parent c47a843825
commit 5a10283125
5 changed files with 93 additions and 3 deletions
							
							
								
							
							
						
@@ -454,6 +454,11 @@ route = 192.168.0.0/255.255.0.0
no-route = 192.168.5.0/255.255.255.0
# When set to true, all client's iroutes are made visible to all
# connecting clients except for the ones offering them. This option
# only makes sense if config-per-user is set.
#expose-iroutes = true
# Groups that a client is allowed to select from.
# A client may belong in multiple groups, and in certain use-cases
# it is needed to switch between them. For these cases the client can
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -43,6 +43,7 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <dirent.h>
#include <netdb.h>
#include <vpn.h>
							
							
							
								
							
						
@@ -68,6 +69,7 @@ struct cfg_options {
static struct cfg_options available_options[] = {
	{ .name = "auth", .type = OPTION_MULTI_LINE, .mandatory = 1 },
	{ .name = "enable-auth", .type = OPTION_MULTI_LINE, .mandatory = 0 },
	{ .name = "expose-iroutes", .type = OPTION_BOOLEAN, .mandatory = 0 },
	{ .name = "route", .type = OPTION_MULTI_LINE, .mandatory = 0 },
	{ .name = "no-route", .type = OPTION_MULTI_LINE, .mandatory = 0 },
	{ .name = "select-group", .type = OPTION_MULTI_LINE, .mandatory = 0 },
							
								
							
							
								
							
							
						
@@ -572,6 +574,55 @@ static void parse_kkdcp(struct cfg_st *config, char **urlfw, unsigned urlfw_size
}
#endif
static void append_iroutes_from_file(struct cfg_st *config, const char *file)
{
	tOptionValue const * pov;
	const tOptionValue* val;
	int ret;
	pov = configFileLoad(file);
	if (pov == NULL)
		return;
	val = optionGetValue(pov, NULL);
	if (val == NULL)
		goto exit;
	ret = add_multi_line_val(config, "iroute", &config->known_iroutes,
				 &config->known_iroutes_size, pov, val);
	if (ret < 0) {
		fprintf(stderr, "Error loading iroute from %s\n", file);
	}
 exit:
	optionUnloadNested(pov);
	return;
}
static void load_iroutes(struct cfg_st *config)
{
	DIR *dir;
	struct dirent *r;
	char path[_POSIX_PATH_MAX];
	dir = opendir(config->per_user_dir);
	if (dir != NULL) {
		do {
			r = readdir(dir);
			if (r != NULL && r->d_type == DT_REG) {
				snprintf(path, sizeof(path), "%s/%s", config->per_user_dir, r->d_name);
				append_iroutes_from_file(config, path);
			}
		} while(r != NULL);
	}
	closedir(dir);
unsigned i;
	for (i=0;i<config->known_iroutes_size;i++){
		fprintf(stderr, "iroute: %s\n", config->known_iroutes[i]);
	}
}
static void parse_cfg_file(void *pool, const char* file, struct perm_cfg_st *perm_config, unsigned reload)
{
tOptionValue const * pov;
							
								
							
							
								
							
							
						
@@ -953,6 +1004,13 @@ size_t urlfw_size = 0;
	READ_STRING("config-per-user", config->per_user_dir);
	READ_STRING("config-per-group", config->per_group_dir);
	if (config->per_user_dir) {
		READ_TF("expose-iroutes", i, 0);
		if (i != 0) {
			load_iroutes(config);
		}
	}
	READ_STRING("default-user-config", config->default_user_conf);
	READ_STRING("default-group-config", config->default_group_conf);
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -175,7 +175,7 @@ int session_open(main_server_st * s, struct proc_st *proc, const uint8_t *cookie
	int ret, e;
	SecAuthSessionMsg ireq = SEC_AUTH_SESSION_MSG__INIT;
	SecAuthSessionReplyMsg *msg = NULL;
	unsigned i;
	unsigned i, j, append;
	PROTOBUF_ALLOCATOR(pa, proc);
	char str_ipv4[MAX_IP_STR];
	char str_ipv6[MAX_IP_STR];
							
								
							
							
								
							
							
						
@@ -290,14 +290,31 @@ int session_open(main_server_st * s, struct proc_st *proc, const uint8_t *cookie
		proc->config.explicit_ipv6 = talloc_strdup(proc, msg->explicit_ipv6);
	}
	if (msg->n_routes > 0) {
		proc->config.routes = talloc_size(proc, sizeof(char*)*msg->n_routes);
	/* Append any custom routes for this user */
	if (msg->n_routes > 0 || s->config->known_iroutes_size > 0) {
		proc->config.routes = talloc_size(proc, sizeof(char*)*(msg->n_routes+s->config->known_iroutes_size));
		for (i=0;i<msg->n_routes;i++) {
			proc->config.routes[i] = talloc_strdup(proc, msg->routes[i]);
		}
		proc->config.routes_size = msg->n_routes;
	}
	/* Append any iroutes that are known and don't match the client's */
	for (i=0;i<s->config->known_iroutes_size;i++) {
		append = 1;
		for (j=0;j<msg->n_iroutes;j++) {
			if (strcmp(msg->iroutes[j], s->config->known_iroutes[i]) == 0) {
				append = 0;
				break;
			}
		}
		if (append) {
			proc->config.routes[proc->config.routes_size] = talloc_strdup(proc, s->config->known_iroutes[i]);
			proc->config.routes_size++;
		}
	}
	if (msg->n_no_routes > 0) {
		proc->config.no_routes = talloc_size(proc, sizeof(char*)*msg->n_no_routes);
		for (i=0;i<msg->n_no_routes;i++) {
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -538,6 +538,11 @@ route = 192.168.0.0/255.255.0.0
no-route = 192.168.5.0/255.255.255.0
# When set to true, all client's iroutes are made visible to all
# connecting clients except for the ones offering them. This option
# only makes sense if config-per-user is set.
#expose-iroutes = true
# Groups that a client is allowed to select from.
# A client may belong in multiple groups, and in certain use-cases
# it is needed to switch between them. For these cases the client can
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -392,6 +392,11 @@ struct cfg_st {
	bool gssapi_no_local_user_map;
	/* known iroutes - only sent to the users who are not registering them 
	 */
	char **known_iroutes;
	size_t known_iroutes_size;
	/* the tun network */
	struct vpn_st network;
};