diff options
| author | David Sommerseth <dazo@users.sourceforge.net> | 2008-09-26 07:09:26 +0200 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2008-09-26 07:09:26 +0200 |
| commit | 372ef358481bab5dcb3d4b34fab07409b935d485 (patch) | |
| tree | 8e633919e7182c7365a38ce867c671119ac159a5 /database | |
| parent | 757f8229d3407e96962eeb5573ca0024d97abd31 (diff) | |
| download | eurephia-372ef358481bab5dcb3d4b34fab07409b935d485.tar.gz eurephia-372ef358481bab5dcb3d4b34fab07409b935d485.tar.xz eurephia-372ef358481bab5dcb3d4b34fab07409b935d485.zip | |
BUGFIX: Made sure that eDBget_sessionkey_seed(...) only returns a sessionkey for sessions which is in open status (sessionstatus is 1 or 2).
When a client does a disconnect for session_A, the status of the session is 3,
as logged out but not yet deleted. In this status, the session is not deleted,
nor is the record in openvpn_sessionkeys for that sessions's sessionseed.
If the client then does a new reconnection (session_B) before the session is
deleted, it will get the sessionkey for the session which was just logged out,
session_A's sessionkey. When OpenVPN then calls the learn_address function
to delete the session_A, that session will be closed. This results in that
session_B will then do not match any open sessions at all, since session_A and
session_B shared the sessionseed to a sessionkey.
By changing the eDBget_sessionkey_seed(...) to check that the sessionstatus
is 1 or 2 (open session statuses), it should generate a new sessionkey for
the session_B, since no sessionkey would be returned for that sessionseed.
The destruction of the session (done via eurephia_learn_address(...)) will
still work, since this function uses the MAC address of the client and not
the sessionseed.
Diffstat (limited to 'database')
| -rw-r--r-- | database/eurephiadb-driver_template.c | 8 | ||||
| -rw-r--r-- | database/sqlite/eurephiadb-sqlite.c | 7 |
2 files changed, 12 insertions, 3 deletions
diff --git a/database/eurephiadb-driver_template.c b/database/eurephiadb-driver_template.c index 5bcea91..a840b25 100644 --- a/database/eurephiadb-driver_template.c +++ b/database/eurephiadb-driver_template.c @@ -641,8 +641,12 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) { } /* WORK TO DO -- DO SQL: - "SELECT sessionkey FROM openvpn_sessionkeys WHERE sessionseed = '%q'", - sessionseed + "SELECT sessionkey " + " FROM openvpn_sessionkeys " + " JOIN openvpn_lastlog USING (sessionkey)" + " WHERE sessionstatus IN (1,2)" + " AND sessionseed = '%q'", + sessionseed */ if( /* IF SQL QUERY FAILED */ ) { eurephia_log(ctx, LOG_CRITICAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)", diff --git a/database/sqlite/eurephiadb-sqlite.c b/database/sqlite/eurephiadb-sqlite.c index 926e94e..9c24c07 100644 --- a/database/sqlite/eurephiadb-sqlite.c +++ b/database/sqlite/eurephiadb-sqlite.c @@ -615,7 +615,12 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) { "eDBget_sessionkey: No session seed given - cannot locate sessionkey"); return NULL; } - res = sqlite_query(ctx, "SELECT sessionkey FROM openvpn_sessionkeys WHERE sessionseed = '%q'", + res = sqlite_query(ctx, + "SELECT sessionkey " + " FROM openvpn_sessionkeys " + " JOIN openvpn_lastlog USING (sessionkey)" + " WHERE sessionstatus IN (1,2)" + " AND sessionseed = '%q'", sessionseed); if( res == NULL ) { eurephia_log(ctx, LOG_CRITICAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)", |