GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

enabling cisco-client-compat allows 'stealing' of processes.

Browse Source 
This change puts a proc_st that its client has terminated to a "zombie"
state. That state will allow a client that connects later using the
same TLS session ID to reclaim it. That way clients that try to authenticate
by sending their credentials in different sessions can still authenticate with
ocserv. That however puts more trust to worker processes (as the main
process has no way of telling whether a TLS session is certainly
resumed).
This commit is contained in:
Nikos Mavrogiannopoulos
2014-01-18 10:24:47 +01:00
parent d454557649
commit b1af6f2829
14 changed files with 666 additions and 438 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/ipc.proto
View File

@@ -7,6 +7,16 @@ message auth_init_msg
optional string cert_user_name = 4;
optional string cert_group_name = 5;
optional string hostname = 6;
required bytes session_id = 7;
}
/* AUTH_REINIT - used in cisco compatible clients, to
* revive open authentication in zombie mode. */
message auth_reinit_msg
{
required bool tls_auth_ok = 1 [default = false];
required string password = 2;
required bytes session_id = 3;
}
/* AUTH_COOKIE_REQ */