Yo all,
David Sommerseth wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 14/09/10 13:37, Gert Doering wrote:
Hi,
On Tue, Sep 14, 2010 at 11:10:28AM +0200, Jan Just Keijser wrote:
if (buf_string_match_head_str (&buf, "AUTH_FAILED"))
receive_auth_failed (c, &buf);
else if (buf_string_match_head_str (&buf, "PUSH_"))
incoming_push_message (c, &buf);
else if (buf_string_match_head_str (&buf, "RESTART"))
server_pushed_restart (c, &buf);
else
msg (D_PUSH_ERRORS, "WARNING: Received unknown control
message: %s",
BSTR (&buf));
is the control message stage early enough? that means authentication has
been completed, and the client_connect script has been run (or am I
mistaken?
I'm not absolutely sure at what time these messages can be sent. But
most likely you're right, you want this before running client-connect.
Someone around who fully understands the session flow...?
Taken completely from memory, the PUSH_REQ phase comes in _after_ the
authentication process. But, I also believe it comes after
OPENVPN_PLUGIN_CLIENT_CONNECT phase, as that plug-in hook can push
config settings to the client dynamically. And of the
OPENVPN_PLUGIN_CLIENT_CONNECT hook sends a rejection, the connection is
dropped.
Unless somebody else chimes in before I've been able to double check it,
I'll do some more checks here.
I was just browsing through the 2.1.3 source tree and found this in ssl.c:
3379 static bool
3380 push_peer_info(struct buffer *buf, struct tls_session *session)
3381 {
3382 struct gc_arena gc = gc_new ();
3383 bool ret = false;
3384
3385 #ifdef ENABLE_PUSH_PEER_INFO
3386 if (session->opt->push_peer_info) /* write peer info */
3387 {
3388 struct env_set *es = session->opt->es;
3389 struct env_item *e;
3390 struct buffer out = alloc_buf_gc (512*3, &gc);
3391
3392 /* push version */
3393 buf_printf (&out, "IV_VER=%s\n", PACKAGE_VERSION);
3394
3395 /* push platform */
3396 #if defined(TARGET_LINUX)
3397 buf_printf (&out, "IV_PLAT=linux\n");
3398 #elif defined(TARGET_SOLARIS)
this gets called if --push-peer-info is specified . This seems to be new
for 2.1.3 - has anyone tested it?
cheers,
JJK