[PATCH ocserv] Fix multiple session disconnect when max-same-clients is 0

Kevin Cernekee cernekee at gmail.com
Wed Dec 11 01:17:26 EST 2013


max-same-clients is used to limit the number of outstanding sessions
(cookies).  If set to 0, it means an unlimited number of active cookies
can be owned by each user.  But it doesn't mean that the same cookie
can be reused for multiple CSTP connections with different IPs, as
the protocol does not normally work this way.
---
 src/main-auth.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/main-auth.c b/src/main-auth.c
index 181c100..67a81b2 100644
--- a/src/main-auth.c
+++ b/src/main-auth.c
@@ -472,9 +472,6 @@ int check_multiple_users(main_server_st *s, struct proc_st* proc)
 struct proc_st *ctmp = NULL, *cpos;
 unsigned int entries = 1; /* that one */
 
-	if (s->config->max_same_clients == 0)
-		return 0; /* ok */
-
 	list_for_each_safe(&s->clist.head, ctmp, cpos, list) {
 		if (ctmp != proc) {
 			if (memcmp(proc->cookie, ctmp->cookie, sizeof(proc->cookie)) == 0) {
@@ -492,7 +489,7 @@ unsigned int entries = 1; /* that one */
 		}
 	}
 	
-	if (entries > s->config->max_same_clients)
+	if (s->config->max_same_clients && entries > s->config->max_same_clients)
 		return -1;
 	
 	return 0;
-- 
1.8.2.1




More information about the openconnect-devel mailing list