mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 08:46:58 +08:00
28e5d62f3f
That eliminates the need to read the IP address from the tun device (which can be quite tricky to implement in a clean portable way).
147 lines
3.0 KiB
Protocol Buffer
147 lines
3.0 KiB
Protocol Buffer
/*
|
||
* == Auth with username/password ==
|
||
*
|
||
* main worker
|
||
* <------ AUTH_INIT (username)
|
||
* AUTH_REP(MSG) ------>
|
||
* <------ AUTH_REQ (password)
|
||
* .
|
||
* .
|
||
* .
|
||
* AUTH_REP(ΟΚ) ------>
|
||
*
|
||
*
|
||
* == Auth with cookie ==
|
||
*
|
||
* main worker
|
||
* <------ AUTH_COOKIE_REQ
|
||
* AUTH_REP(OK) ------>
|
||
*
|
||
*
|
||
* == Auth with legacy client ==
|
||
*
|
||
* main worker
|
||
* <------ AUTH_INIT (username, sid)
|
||
* AUTH_REP(MSG) ------>
|
||
*
|
||
* (worker terminates as client disconnects)
|
||
*
|
||
* <------ AUTH_REINIT (password, sid)
|
||
* AUTH_REP(ΟΚ) ------>
|
||
*
|
||
*/
|
||
|
||
/* AUTH_INIT */
|
||
message auth_init_msg
|
||
{
|
||
required bool user_present = 1;
|
||
required bool tls_auth_ok = 2 [default = false];
|
||
required string user_name = 3;
|
||
optional string cert_user_name = 4;
|
||
optional string cert_group_name = 5;
|
||
optional string hostname = 6;
|
||
optional bytes sid = 7;
|
||
}
|
||
|
||
/* AUTH_REINIT - used in cisco compatible clients, to
|
||
* revive open authentication in zombie mode. */
|
||
message auth_reinit_msg
|
||
{
|
||
required bool tls_auth_ok = 1 [default = false];
|
||
required string password = 2;
|
||
required bytes sid = 3;
|
||
}
|
||
|
||
/* AUTH_COOKIE_REQ */
|
||
message auth_cookie_request_msg
|
||
{
|
||
required bytes cookie = 1;
|
||
required bool tls_auth_ok = 2 [default = false];
|
||
optional string cert_user_name = 3;
|
||
optional string cert_group_name = 4;
|
||
}
|
||
|
||
/* AUTH_REQ */
|
||
message auth_request_msg
|
||
{
|
||
required string password = 1;
|
||
}
|
||
|
||
/* AUTH_REP */
|
||
message auth_reply_msg
|
||
{
|
||
enum AUTH_REP {
|
||
OK = 1;
|
||
MSG = 2;
|
||
FAILED = 3;
|
||
}
|
||
required AUTH_REP reply = 1;
|
||
optional bytes cookie = 2;
|
||
optional bytes session_id = 3;
|
||
optional string vname = 4;
|
||
optional string user_name = 5;
|
||
optional string msg = 6;
|
||
|
||
/* the ips of the tun device */
|
||
optional string ipv4 = 7;
|
||
optional string ipv6 = 8;
|
||
optional string ipv4_local = 9;
|
||
optional string ipv6_local = 10;
|
||
|
||
/* additional config */
|
||
optional string ipv4_dns = 11;
|
||
optional string ipv6_dns = 12;
|
||
optional string ipv4_nbns = 13;
|
||
optional string ipv6_nbns = 14;
|
||
optional string ipv4_netmask = 15;
|
||
optional string ipv6_netmask = 16;
|
||
optional uint32 rx_per_sec = 17;
|
||
optional uint32 tx_per_sec = 18;
|
||
optional uint32 net_priority = 19;
|
||
repeated string routes = 20;
|
||
}
|
||
|
||
/* RESUME_FETCH_REQ + RESUME_DELETE_REQ */
|
||
message session_resume_fetch_msg
|
||
{
|
||
required bytes session_id = 1;
|
||
}
|
||
|
||
/* RESUME_STORE_REQ */
|
||
message session_resume_store_req_msg
|
||
{
|
||
required bytes session_id = 1;
|
||
required bytes session_data = 2;
|
||
}
|
||
|
||
/* RESUME_FETCH_REP */
|
||
message session_resume_reply_msg
|
||
{
|
||
enum RESUME_REP {
|
||
OK = 1;
|
||
FAILED = 2;
|
||
}
|
||
required RESUME_REP reply = 1;
|
||
optional bytes session_data = 2;
|
||
}
|
||
|
||
/* TUN_MTU */
|
||
message tun_mtu_msg
|
||
{
|
||
required uint32 mtu = 1;
|
||
}
|
||
|
||
/* UDP_FD */
|
||
message udp_fd_msg
|
||
{
|
||
|
||
}
|
||
|
||
/* SESSION_INFO */
|
||
message session_info_msg
|
||
{
|
||
required string tls_ciphersuite = 1;
|
||
required string dtls_ciphersuite = 2;
|
||
required string user_agent = 3;
|
||
}
|