diff options
| author | Sergey V. Lobanov <sergey@lobanov.in> | 2019-11-10 13:41:04 +0300 |
|---|---|---|
| committer | Sergey V. Lobanov <sergey@lobanov.in> | 2019-11-10 13:41:04 +0300 |
| commit | bcbf847c111d9780581e38ef656ea9ad6eaf7636 (patch) | |
| tree | 9a934054b60a4dc5140c7cc9a9d98f7e5c2d4354 /accel-pppd | |
| parent | a4fe1168dda707a2836f6d74c7a6610645b20152 (diff) | |
| download | accel-ppp-xebd-bcbf847c111d9780581e38ef656ea9ad6eaf7636.tar.gz accel-ppp-xebd-bcbf847c111d9780581e38ef656ea9ad6eaf7636.zip | |
Added single-session-ignore-case option
If multisession behavior is managed by accel-ppp and Radius server
ignores the case of the User-Name attribute, it might be required to
ignore the case in accel-ppp to prevent multiple session with
different letter cases.
Diffstat (limited to 'accel-pppd')
| -rw-r--r-- | accel-pppd/accel-ppp.conf | 1 | ||||
| -rw-r--r-- | accel-pppd/accel-ppp.conf.5 | 3 | ||||
| -rw-r--r-- | accel-pppd/session.c | 11 |
3 files changed, 13 insertions, 2 deletions
diff --git a/accel-pppd/accel-ppp.conf b/accel-pppd/accel-ppp.conf index 2eba830..7f341b6 100644 --- a/accel-pppd/accel-ppp.conf +++ b/accel-pppd/accel-ppp.conf @@ -37,6 +37,7 @@ thread-count=4 [common] #single-session=replace +#single-session-ignore-case=0 #sid-case=upper #sid-source=seq #max-sessions=1000 diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index 3ac7511..982bbd1 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -105,6 +105,9 @@ If this option is .B deny then accel-ppp will deny second session authorization. .TP +.BI "single-session-ignore-case=" 0|1 +Specifies whether accel-ppp should ignore the case when comparing username within single-session validation (default 0). +.TP .BI "sid-case=" upper|lower Specifies in which case generate session identifier (default lower). .TP diff --git a/accel-pppd/session.c b/accel-pppd/session.c index f96c193..bf7d712 100644 --- a/accel-pppd/session.c +++ b/accel-pppd/session.c @@ -31,6 +31,7 @@ static int conf_sid_ucase; static int conf_single_session = -1; +static int conf_single_session_ignore_case; static int conf_sid_source; static int conf_seq_save_timeout = 10; static const char *conf_seq_file; @@ -418,7 +419,7 @@ int __export ap_session_set_username(struct ap_session *s, char *username) pthread_rwlock_wrlock(&ses_lock); if (conf_single_session >= 0) { list_for_each_entry(ses, &ses_list, entry) { - if (ses->username && ses->terminate_cause != TERM_AUTH_ERROR && !strcmp(ses->username, username)) { + if (ses->username && ses->terminate_cause != TERM_AUTH_ERROR && !(conf_single_session_ignore_case == 1 ? strcasecmp(ses->username, username) : strcmp(ses->username, username))) { if (conf_single_session == 0) { pthread_rwlock_unlock(&ses_lock); log_ppp_info1("%s: second session denied\n", username); @@ -455,7 +456,7 @@ int __export ap_check_username(const char *username) pthread_rwlock_rdlock(&ses_lock); list_for_each_entry(ses, &ses_list, entry) { - if (ses->username && !strcmp(ses->username, username)) { + if (ses->username && !(conf_single_session_ignore_case == 1 ? strcasecmp(ses->username, username) : strcmp(ses->username, username))) { r = 1; break; } @@ -510,6 +511,12 @@ static void load_config(void) } else conf_single_session = -1; + opt = conf_get_opt("common", "single-session-ignore-case"); + if (opt) + conf_single_session_ignore_case = atoi(opt); + else + conf_single_session_ignore_case = 0; + opt = conf_get_opt("common", "sid-source"); if (opt) { if (strcmp(opt, "seq") == 0) |