mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 00:37:00 +08:00
33bcfb178e
That allows to have a reliable synchronous socket, and a socket where messages are sent and received asynchronously.
139 lines
4.4 KiB
C
139 lines
4.4 KiB
C
/*
|
|
* Copyright (C) 2013 Nikos Mavrogiannopoulos
|
|
*
|
|
* Author: Nikos Mavrogiannopoulos
|
|
*
|
|
* This file is part of ocserv.
|
|
*
|
|
* The GnuTLS is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public License
|
|
* as published by the Free Software Foundation; either version 2.1 of
|
|
* the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
*/
|
|
#ifndef SEC_MOD_H
|
|
# define SEC_MOD_H
|
|
|
|
#include <cookies.h>
|
|
#include <gnutls/abstract.h>
|
|
#include <ccan/htable/htable.h>
|
|
#include <base64.h>
|
|
|
|
#define SESSION_STR "(session: %.5s)"
|
|
|
|
typedef struct sec_mod_st {
|
|
gnutls_datum_t dcookie_key; /* the key to generate cookies */
|
|
uint8_t cookie_key[COOKIE_KEY_SIZE];
|
|
|
|
struct cfg_st *config;
|
|
struct perm_cfg_st *perm_config;
|
|
gnutls_privkey_t *key;
|
|
unsigned key_size;
|
|
struct htable *client_db;
|
|
int cmd_fd;
|
|
int cmd_fd_sync;
|
|
|
|
struct config_mod_st *config_module;
|
|
} sec_mod_st;
|
|
|
|
typedef struct stats_st {
|
|
uint64_t bytes_in;
|
|
uint64_t bytes_out;
|
|
time_t uptime;
|
|
} stats_st;
|
|
|
|
typedef struct common_auth_info_st {
|
|
char username[MAX_USERNAME_SIZE*2];
|
|
char groupname[MAX_GROUPNAME_SIZE]; /* the owner's group */
|
|
char psid[BASE64_LENGTH(SID_SIZE) + 1]; /* printable */
|
|
char remote_ip[MAX_IP_STR];
|
|
char our_ip[MAX_IP_STR];
|
|
char ipv4[MAX_IP_STR];
|
|
char ipv6[MAX_IP_STR];
|
|
unsigned id;
|
|
} common_auth_info_st;
|
|
|
|
typedef struct client_entry_st {
|
|
/* A unique session identifier used to distinguish sessions
|
|
* prior to authentication. It is sent as cookie to the client
|
|
* who re-uses it when it performs authentication in multiple
|
|
* sessions.
|
|
*/
|
|
uint8_t sid[SID_SIZE];
|
|
|
|
void * auth_ctx; /* the context of authentication */
|
|
unsigned session_is_open; /* whether open_session was done */
|
|
unsigned in_use; /* counter of users of this structure */
|
|
unsigned tls_auth_ok;
|
|
|
|
char *msg_str;
|
|
|
|
stats_st saved_stats; /* saved from previous cookie usage */
|
|
stats_st stats; /* current */
|
|
|
|
unsigned status; /* PS_AUTH_ */
|
|
|
|
char hostname[MAX_HOSTNAME_SIZE]; /* the requested hostname */
|
|
uint8_t *cookie; /* the cookie associated with the session */
|
|
unsigned cookie_size;
|
|
|
|
uint8_t dtls_session_id[GNUTLS_MAX_SESSION_ID];
|
|
|
|
/* The time this client entry was last modified (created or closed) */
|
|
time_t time;
|
|
|
|
/* the auth type associated with the user */
|
|
unsigned auth_type;
|
|
unsigned discon_reason; /* reason for disconnection */
|
|
|
|
struct common_auth_info_st auth_info;
|
|
|
|
/* the module this entry is using */
|
|
const struct auth_mod_st *module;
|
|
} client_entry_st;
|
|
|
|
void *sec_mod_client_db_init(sec_mod_st *sec);
|
|
void sec_mod_client_db_deinit(sec_mod_st *sec);
|
|
unsigned sec_mod_client_db_elems(sec_mod_st *sec);
|
|
client_entry_st * new_client_entry(sec_mod_st *sec, const char *ip, unsigned pid);
|
|
client_entry_st * find_client_entry(sec_mod_st *sec, uint8_t sid[SID_SIZE]);
|
|
void del_client_entry(sec_mod_st *sec, client_entry_st * e);
|
|
void expire_client_entry(sec_mod_st *sec, client_entry_st * e);
|
|
void cleanup_client_entries(sec_mod_st *sec);
|
|
|
|
#ifdef __GNUC__
|
|
# define seclog(sec, prio, fmt, ...) \
|
|
if (prio != LOG_DEBUG || sec->config->debug >= 3) { \
|
|
syslog(prio, "sec-mod: "fmt, ##__VA_ARGS__); \
|
|
}
|
|
#else
|
|
# define seclog(sec,prio,...) \
|
|
if (prio != LOG_DEBUG || sec->config->debug >= 3) { \
|
|
syslog(prio, __VA_ARGS__); \
|
|
}
|
|
#endif
|
|
|
|
void seclog_hex(const struct sec_mod_st* sec, int priority,
|
|
const char *prefix, uint8_t* bin, unsigned bin_size, unsigned b64);
|
|
|
|
void sec_auth_init(sec_mod_st *sec, struct perm_cfg_st *config);
|
|
|
|
void handle_sec_auth_ban_ip_reply(sec_mod_st *sec, const BanIpReplyMsg *msg);
|
|
int handle_sec_auth_init(int cfd, sec_mod_st *sec, const SecAuthInitMsg * req, pid_t pid);
|
|
int handle_sec_auth_cont(int cfd, sec_mod_st *sec, const SecAuthContMsg * req);
|
|
int handle_sec_auth_session_cmd(sec_mod_st *sec, int fd, const SecAuthSessionMsg *req, unsigned cmd);
|
|
int handle_sec_auth_stats_cmd(sec_mod_st * sec, const CliStatsMsg * req);
|
|
void sec_auth_user_deinit(sec_mod_st * sec, client_entry_st * e);
|
|
|
|
void sec_mod_server(void *main_pool, struct perm_cfg_st *config, const char *socket_file,
|
|
uint8_t cookie_key[COOKIE_KEY_SIZE], int cmd_fd, int cmd_fd_sync);
|
|
|
|
#endif
|