Ticket #465 (new Feature Request)
PATCH: immediate disconnect feature
|Reported by:||wichert@…||Owned by:|
As I mentioned on the list I have a need for immediate disconnect feature. There are some related features already present, but they do not fit my particular use case:
- The standard logout option only logs out the requesting IP address
- The auth server can already return a disconnect authcode when the gateway does its regular update process. This means there will be a, possibly signficant, delay between requesting a disconnect in the auth server and the gateway actually disconnecting someone. When dealing with abuse, spamruns, etc. this is undesirable.
I have implemented this in two patches:
- This implements a very basic disconnect command and hooks it into the http server.
- This refactors various bits of code so the logout logic is shared between the firewall update process, wdctl_reset and the disconnect handler
This feature requires the patches from #463 to secure the status page: the status page contains enough information to allow abusers to disconnect every user connected to a gateway/