GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-09 08:16:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

use REMOTE_HOSTNAME to pass the user's advertised hostname

Browse Source 
The previously used HOSTNAME variable is being overriden by bash and
thus was not a reliable one. We switch to setting REMOTE_HOSTNAME,
but keep the HOSTNAME for compatibility.

This also changes 'test-pass-script' to check for the new variable.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This commit is contained in:
Nikos Mavrogiannopoulos
2020-08-04 17:48:42 +02:00
parent 91712b3420
commit 7a7d432d0f
4 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
doc/sample.config
View File

@@ -405,7 +405,8 @@ rekey-method = ssl
# Script to call when a client connects and obtains an IP.
# The following parameters are passed on the environment.
# REASON, VHOST, USERNAME, GROUPNAME, DEVICE, IP_REAL (the real IP of the client),
# IP_REAL_LOCAL (the local interface IP the client connected), IP_LOCAL
# REMOTE_HOSTNAME (the remotely advertised hostname), IP_REAL_LOCAL
# (the local interface IP the client connected), IP_LOCAL
# (the local IP in the P-t-P connection), IP_REMOTE (the VPN IP of the client),
# IPV6_LOCAL (the IPv6 local address if there are both IPv4 and IPv6
# assigned), IPV6_REMOTE (the IPv6 remote address), IPV6_PREFIX, and
@@ -426,7 +427,7 @@ rekey-method = ssl
# This script is to be called when the client's advertised hostname becomes
# available. It will contain REASON with "host-update" value and the
# variable HOSTNAME in addition to the connect variables.
# variable REMOTE_HOSTNAME in addition to the connect variables.
#host-update-script = /usr/bin/myhostnamescript

1
src/main-user.c
View File

@@ -341,6 +341,7 @@ const char* script, *next_script = NULL;
setenv("USERNAME", proc->username, 1);
setenv("GROUPNAME", proc->groupname, 1);
setenv("HOSTNAME", proc->hostname, 1);
setenv("REMOTE_HOSTNAME", proc->hostname, 1);
setenv("DEVICE", proc->tun_lease.name, 1);
setenv("USER_AGENT", proc->user_agent, 1);
setenv("DEVICE_TYPE", proc->device_type, 1);

1
tests/connect-script
View File

@@ -14,6 +14,7 @@ verify_env_set() {
verify_env_set "IP_REMOTE"
verify_env_set "REASON"
verify_env_set "HOSTNAME"
verify_env_set "REMOTE_HOSTNAME"
verify_env_set "USERNAME"
verify_env_set "USER_AGENT"
verify_env_set "DEVICE_PLATFORM"

16
tests/test-pass-script
View File

@@ -80,7 +80,15 @@ echo " * Connecting to obtain cookie... "
echo " * Re-connecting to force script run... "
echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT -q --local-hostname='mylocalname' localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true
sleep 5
TIMEOUT=5
while ! test -f ${builddir}/disconnect.ok; do
TIMEOUT=$(($TIMEOUT - 1))
if [ $TIMEOUT -eq 0 ]; then
echo "Timed out waiting for ${builddir}/disconnect.ok (1)"
exit 1
fi
sleep 1
done
if ! test -f ${builddir}/connect.ok;then
echo "Connect script was not run"
@@ -117,7 +125,7 @@ fi
echo " * Re-connecting to force session stealing... "
eval "$(grep COOKIE ${PARAMSFILE})"
echo ${COOKIE}| $OPENCONNECT localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE} -b
echo ${COOKIE}| $OPENCONNECT --local-hostname='mylocalname' localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE} -b
echo " - Pausing client"
TIMEOUT=4
@@ -146,7 +154,7 @@ rm -f ${builddir}/connect.ok
rm -f ${builddir}/disconnect.ok
echo " * Re-connecting to steal previous IP address... "
echo ${COOKIE} | $OPENCONNECT -q localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE2} -b
echo ${COOKIE} | $OPENCONNECT -q --local-hostname='mylocalname' localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE2} -b
echo " - Resuming (disconnected) client"
kill -s CONT $(cat ${OPIDFILE})
@@ -195,7 +203,7 @@ done
sleep 5
echo " - Check server status"
( echo "!@#$%^&*()<>" | $OPENCONNECT -q localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
( echo "!@#$%^&*()<>" | $OPENCONNECT --local-hostname='mylocalname' -q localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
fail $PID "Could not receive cookie from server"
echo " - Killing server"