2026-02-09 08:16:58 +08:00 · 2023-09-11 19:18:00 +02:00
parent 6dd533a10c
commit b29d915699
8 changed files with 11 additions and 11 deletions
							
							
								
							
							
						
@@ -245,7 +245,7 @@
* Version 0.11.7 (released 2017-02-12)
- Fixed compilation issue related to autogen file re-use
- Fixed compilation issue related to autogen file reuse
- Send the "vpn-profile-manifest" fields after successful authentication.
  This enables openconnect to retrieve the XML configuration.
- Enhanced the cert-user-oid config option to read the SAN(rfc822name) value.
							
								
							
							
								
							
							
						
@@ -577,7 +577,7 @@
- Added configuration option 'listen-host-is-dyndns'. That,
  if set, notifies the client with "X-CSTP-DynDNS: true", in
  CSTP headers.
- When a client's IP is re-used by the same client connecting with
- When a client's IP is reused by the same client connecting with
  the cookie (e.g., when roaming), call the disconnect script.
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -376,7 +376,7 @@ cookie-timeout = 300
#persistent-cookies = true
# Whether roaming is allowed, i.e., if true a cookie is
# restricted to a single IP address and cannot be re-used
# restricted to a single IP address and cannot be reused
# from a different IP.
deny-roaming = false
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -104,7 +104,7 @@ struct ip_lease_st t;
void steal_ip_leases(struct proc_st* proc, struct proc_st *thief)
{
	/* here we reset the old tun device, and assign the old addresses
	 * to a new device. We cannot re-use the old device because the
	 * to a new device. We cannot reuse the old device because the
	 * fd is only available to the worker process and not here (main)
	 */
	reset_tun(proc);
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -201,7 +201,7 @@ int handle_auth_cookie_req(sec_mod_instance_st * sec_mod_instance, struct proc_s
		put_into_cgroup(s, proc->config->cgroup, proc->pid);
	}
	/* disconnect and re-use previous session's IPs*/
	/* disconnect and reuse previous session's IPs*/
	if (old_proc != NULL) {
		if (strcmp(proc->username, old_proc->username) != 0) {
			mslog(s, old_proc, LOG_ERR, "the user of the new session doesn't match the old (new: %s)",
							
							
							
								
							
						
@@ -209,7 +209,7 @@ int handle_auth_cookie_req(sec_mod_instance_st * sec_mod_instance, struct proc_s
			return -1;
		}
		mslog(s, old_proc, LOG_INFO, "disconnecting previous user session due to session re-use");
		mslog(s, old_proc, LOG_INFO, "disconnecting previous user session due to session reuse");
		/* steal its leases */
		steal_ip_leases(old_proc, proc);
							
								
							
							
								
							
							
						
@@ -245,7 +245,7 @@ int handle_auth_cookie_req(sec_mod_instance_st * sec_mod_instance, struct proc_s
 * users are found.
 *
 * In addition this function will also check whether the cookie
 * used had been re-used before, and then disconnect the old session
 * used had been reused before, and then disconnect the old session
 * (cookies are unique).
 */
int check_multiple_users(main_server_st *s, struct proc_st* proc)
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -86,7 +86,7 @@ typedef struct common_acct_info_st {
typedef struct client_entry_st {
	/* A unique session identifier used to distinguish sessions
	 * prior to authentication. It is sent as cookie to the client
	 * who re-uses it when it performs authentication in multiple
	 * who reuses it when it performs authentication in multiple
	 * sessions.
	 */
	uint8_t sid[SID_SIZE];
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -364,7 +364,7 @@ client localhost2 {
#  the same as above, but they are nested inside of a section.
#
#  You can have as many per-socket client lists as you have "listen"
#  sections, or you can re-use a list among multiple "listen" sections.
#  sections, or you can reuse a list among multiple "listen" sections.
#
#  Un-comment this section, and edit a "listen" section to add:
#  "clients = per_socket_clients".  That IP address/port combination
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -25,7 +25,7 @@ srcdir=${srcdir:-.}
eval "${GETPORT}"
echo "Testing whether max-same-clients=1 allows cookie re-use... "
echo "Testing whether max-same-clients=1 allows cookie reuse... "
PIDFILE1="${srcdir}/ci$$-1.pid.tmp"
PIDFILE2="${srcdir}/ci$$-2.pid.tmp"
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -25,7 +25,7 @@ srcdir=${srcdir:-.}
eval "${GETPORT}"
echo "Testing whether cookies are being re-used... "
echo "Testing whether cookies are being reused... "
PIDFILE1="${srcdir}/ci$$-1.pid.tmp"
PIDFILE2="${srcdir}/ci$$-2.pid.tmp"