add stats and kill http calls
This commit is contained in:
Xavier Henner
@@ -5,7 +5,6 @@ import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
"regexp"
|
||||
@@ -117,6 +116,14 @@ func (c *vpnSession) ParseEnv(s *OpenVpnMgt, infos *[]string) error {
|
||||
c.PrivIP = r.ReplaceAllString(p[1], "")
|
||||
case "ifconfig_local":
|
||||
c.localIP = r.ReplaceAllString(p[1], "")
|
||||
case "bytes_received":
|
||||
if c.BwWrite, err = strconv.Atoi(p[1]); err != nil {
|
||||
break
|
||||
}
|
||||
case "bytes_sent":
|
||||
if c.BwRead, err = strconv.Atoi(p[1]); err != nil {
|
||||
break
|
||||
}
|
||||
case "password":
|
||||
switch {
|
||||
case strings.HasPrefix(p[1], "CRV1"):
|
||||
@@ -129,8 +136,7 @@ func (c *vpnSession) ParseEnv(s *OpenVpnMgt, infos *[]string) error {
|
||||
if c.otpCode == "" {
|
||||
c.otpCode = "***"
|
||||
}
|
||||
// don't check that password agains the ibp database
|
||||
|
||||
// don't check that password against the ibp database
|
||||
case strings.HasPrefix(p[1], "SCRV1"):
|
||||
split := strings.Split(p[1], ":")
|
||||
if len(split) != 3 {
|
||||
@@ -257,52 +263,7 @@ func (c *vpnSession) auth(s *OpenVpnMgt) (error, int) {
|
||||
}
|
||||
}
|
||||
|
||||
c.Profile = ""
|
||||
login := []string{c.Login}
|
||||
pass := c.password
|
||||
|
||||
for {
|
||||
n := c.Profile
|
||||
for k, ldap := range s.ldap {
|
||||
if ldap.upgradeFrom != c.Profile {
|
||||
continue
|
||||
}
|
||||
err, userOk, passOk, secondary := ldap.Auth(login, pass)
|
||||
|
||||
// if there is an error, try the other configurations
|
||||
if err != nil {
|
||||
c.LogPrintln(err)
|
||||
continue
|
||||
}
|
||||
|
||||
// we did find a valid User
|
||||
if userOk {
|
||||
// the login for the new auth level is given by the current one
|
||||
login = secondary
|
||||
|
||||
if c.Mail == "" {
|
||||
c.Mail = secondary[0]
|
||||
}
|
||||
|
||||
if passOk && c.Profile != "" {
|
||||
// it's at least the second auth level, and we have a valid
|
||||
// password on 2 different auth system. It's a dupplicate
|
||||
// password, let's log it
|
||||
log.Printf("User %s has a dupplicate password\n", c.Login)
|
||||
}
|
||||
|
||||
// we have either a positive auth ok a previous valid one
|
||||
if passOk || c.Profile != "" || tokenPasswordOk {
|
||||
c.Profile = k
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// no profile update this turn, no need to continue
|
||||
if n == c.Profile {
|
||||
break
|
||||
}
|
||||
}
|
||||
c.Profile, c.Mail = s.AuthLoop("", c.Login, c.password, tokenPasswordOk)
|
||||
|
||||
// no profile validated, we stop here
|
||||
if c.Profile == "" {
|
||||
|
||||
Reference in New Issue
Block a user