As I mentioned on the list I have a need for immediate disconnect feature. There are some related features already present, but they do not fit my particular use case:
- The standard logout option only logs out the requesting IP address
- The auth server can already return a disconnect authcode when the gateway does its regular
update process. This means there will be a, possibly signficant, delay between requesting a
disconnect in the auth server and the gateway actually disconnecting someone. When dealing with
abuse, spamruns, etc. this is undesirable.
I have implemented this in two patches:
- 0001-Add-a-basic-disconnect-command.patch
-
This implements a very basic disconnect command and hooks it into the http server.
- 0002-Refactor-logout-logic-so-we-can-share-code.patch
-
This refactors various bits of code so the logout logic is shared between the
firewall update process, wdctl_reset and the disconnect handler
This feature requires the patches from #463 to secure the status page: the status page contains
enough information to allow abusers to disconnect every user connected to a gateway/
