From bcbf847c111d9780581e38ef656ea9ad6eaf7636 Mon Sep 17 00:00:00 2001 From: "Sergey V. Lobanov" Date: Sun, 10 Nov 2019 13:41:04 +0300 Subject: Added single-session-ignore-case option If multisession behavior is managed by accel-ppp and Radius server ignores the case of the User-Name attribute, it might be required to ignore the case in accel-ppp to prevent multiple session with different letter cases. --- accel-pppd/accel-ppp.conf | 1 + accel-pppd/accel-ppp.conf.5 | 3 +++ accel-pppd/session.c | 11 +++++++++-- 3 files changed, 13 insertions(+), 2 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/accel-ppp.conf b/accel-pppd/accel-ppp.conf index 2eba8309..7f341b62 100644 --- a/accel-pppd/accel-ppp.conf +++ b/accel-pppd/accel-ppp.conf @@ -37,6 +37,7 @@ thread-count=4 [common] #single-session=replace +#single-session-ignore-case=0 #sid-case=upper #sid-source=seq #max-sessions=1000 diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index 3ac7511b..982bbd10 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -105,6 +105,9 @@ If this option is .B deny then accel-ppp will deny second session authorization. .TP +.BI "single-session-ignore-case=" 0|1 +Specifies whether accel-ppp should ignore the case when comparing username within single-session validation (default 0). +.TP .BI "sid-case=" upper|lower Specifies in which case generate session identifier (default lower). .TP diff --git a/accel-pppd/session.c b/accel-pppd/session.c index f96c193b..bf7d712a 100644 --- a/accel-pppd/session.c +++ b/accel-pppd/session.c @@ -31,6 +31,7 @@ static int conf_sid_ucase; static int conf_single_session = -1; +static int conf_single_session_ignore_case; static int conf_sid_source; static int conf_seq_save_timeout = 10; static const char *conf_seq_file; @@ -418,7 +419,7 @@ int __export ap_session_set_username(struct ap_session *s, char *username) pthread_rwlock_wrlock(&ses_lock); if (conf_single_session >= 0) { list_for_each_entry(ses, &ses_list, entry) { - if (ses->username && ses->terminate_cause != TERM_AUTH_ERROR && !strcmp(ses->username, username)) { + if (ses->username && ses->terminate_cause != TERM_AUTH_ERROR && !(conf_single_session_ignore_case == 1 ? strcasecmp(ses->username, username) : strcmp(ses->username, username))) { if (conf_single_session == 0) { pthread_rwlock_unlock(&ses_lock); log_ppp_info1("%s: second session denied\n", username); @@ -455,7 +456,7 @@ int __export ap_check_username(const char *username) pthread_rwlock_rdlock(&ses_lock); list_for_each_entry(ses, &ses_list, entry) { - if (ses->username && !strcmp(ses->username, username)) { + if (ses->username && !(conf_single_session_ignore_case == 1 ? strcasecmp(ses->username, username) : strcmp(ses->username, username))) { r = 1; break; } @@ -510,6 +511,12 @@ static void load_config(void) } else conf_single_session = -1; + opt = conf_get_opt("common", "single-session-ignore-case"); + if (opt) + conf_single_session_ignore_case = atoi(opt); + else + conf_single_session_ignore_case = 0; + opt = conf_get_opt("common", "sid-source"); if (opt) { if (strcmp(opt, "seq") == 0) -- cgit v1.2.3