diff --git a/src/config.c b/src/config.c index c3101d61..b55aa860 100644 --- a/src/config.c +++ b/src/config.c @@ -226,6 +226,11 @@ static void check_cfg( struct cfg_st *config) exit(1); } + if (config->banner && strlen(config->banner) > MAX_BANNER_SIZE) { + fprintf(stderr, "Banner size is too long\n"); + exit(1); + } + if (config->keepalive == 0) config->keepalive = 3600; diff --git a/src/vpn.h b/src/vpn.h index f83ffe7e..5bb8247f 100644 --- a/src/vpn.h +++ b/src/vpn.h @@ -101,6 +101,7 @@ struct main_server_st; #include +#define MAX_BANNER_SIZE 256 #define MAX_USERNAME_SIZE 64 #define MAX_PASSWORD_SIZE 64 #define TLS_MASTER_SIZE 48 diff --git a/src/worker-auth.c b/src/worker-auth.c index 517ddaee..f2eb5e42 100644 --- a/src/worker-auth.c +++ b/src/worker-auth.c @@ -40,18 +40,18 @@ #include -#define SUCCESS_MSG "\r\n" \ - "\r\n" \ - "Success\r\n" \ - "\r\n" +#define SUCCESS_MSG_HEAD "\n" \ + "\n" -const char login_msg[] = "\r\n" - "\r\n" - "Please enter your username and password.\r\n" - "
\r\n" - "\r\n" - "\r\n" - "
\r\n"; +#define SUCCESS_MSG_FOOT "\n" + +const char login_msg[] = "\n" + "\n" + "Please enter your username and password.\n" + "
\n" + "\n" + "\n" + "
\n"; int get_auth_handler(worker_st *ws) { @@ -343,7 +343,7 @@ struct cmd_auth_cookie_req_st areq; int post_old_auth_handler(worker_st *ws) { -int ret; +int ret, size; struct http_req_st *req = &ws->req; const char* reason = "Authentication failed"; char str_cookie[2*COOKIE_SIZE+1]; @@ -352,6 +352,7 @@ char * password = NULL; char *p; unsigned int i; struct cmd_auth_req_st areq; +char msg[MAX_BANNER_SIZE+32]; memset(&areq, 0, sizeof(areq)); @@ -427,7 +428,18 @@ struct cmd_auth_req_st areq; if (ret < 0) return -1; - ret = tls_printf(ws->session, "Content-Length: %u\r\n", (unsigned)(sizeof(SUCCESS_MSG)-1)); + if (ws->config->banner) { + size = snprintf(msg, sizeof(msg), "%s", ws->config->banner); + if (size <= 0) + return -1; + } else { + msg[0] = 0; + size = 0; + } + + size += (sizeof(SUCCESS_MSG_HEAD)-1) + (sizeof(SUCCESS_MSG_FOOT)-1); + + ret = tls_printf(ws->session, "Content-Length: %u\r\n", (unsigned)size); if (ret < 0) return -1; @@ -439,7 +451,7 @@ struct cmd_auth_req_st areq; if (ret < 0) return -1; - ret = tls_puts(ws->session, "\r\n"SUCCESS_MSG); + ret = tls_printf(ws->session, "\r\n"SUCCESS_MSG_HEAD"%s"SUCCESS_MSG_FOOT, msg); if (ret < 0) return -1; @@ -463,7 +475,7 @@ auth_fail: int post_new_auth_handler(worker_st *ws) { -int ret; +int ret, size; struct http_req_st *req = &ws->req; const char* reason = "Authentication failed"; char str_cookie[2*COOKIE_SIZE+1]; @@ -472,6 +484,7 @@ char * password = NULL; char *p; unsigned int i; struct cmd_auth_req_st areq; +char msg[MAX_BANNER_SIZE+32]; memset(&areq, 0, sizeof(areq)); @@ -543,7 +556,18 @@ struct cmd_auth_req_st areq; if (ret < 0) return -1; - ret = tls_printf(ws->session, "Content-Length: %u\r\n", (unsigned)(sizeof(SUCCESS_MSG)-1)); + if (ws->config->banner) { + size = snprintf(msg, sizeof(msg), "%s", ws->config->banner); + if (size <= 0) + return -1; + } else { + msg[0] = 0; + size = 0; + } + + size += (sizeof(SUCCESS_MSG_HEAD)-1) + (sizeof(SUCCESS_MSG_FOOT)-1); + + ret = tls_printf(ws->session, "Content-Length: %u\r\n", (unsigned)size); if (ret < 0) return -1; @@ -555,7 +579,7 @@ struct cmd_auth_req_st areq; if (ret < 0) return -1; - ret = tls_puts(ws->session, "\r\n"SUCCESS_MSG); + ret = tls_printf(ws->session, "\r\n"SUCCESS_MSG_HEAD"%s"SUCCESS_MSG_FOOT, msg); if (ret < 0) return -1;