Le 2012-05-07 16:51, Alon Bar-Lev a écrit :
On Mon, May 7, 2012 at 2:58 PM, Adrien Bustany <adr...@bustany.org>
wrote:
Hi,
I was toying with the management interface of openvpn (on server
side),
to monitor the connections/disconnections of my clients. The clients
are authenticated with TLS certificates, without a password. I
needed to
patch two things in order to get things working as I wanted, but
since
I'm new to the code base, I'm not sure at all that those patches
make
sense, especially the second one. I still attach them to this email,
in the hope that people here will point where I'm wrong :)
Cheers
Adrien
Hello,
Yes, they are making sense.
But please next time submit them using git send-email and separately,
so we can discuss each.
Sure, I could have done that even though those patches were not meant
to be merged as-is. I'll do that next time.
Regarding 001 - As far as I can see, the code does exactly that... if
not DAF_CONNECTION_CLOSED, issue disconnect message and turn
DAF_CONNECTION_CLOSED, otherwise do nothing. So what is the problem?
Hmm you're right, it does not matter if the method is called twice
since the second time it'll return early and won't send anything. So
that patch is useless.
Regarding 002 - I think this is correct, but then we need to modify
management_learn_addr as well, no? Or the mdac->cid is not
initialized
all the time and the flag marks that this is client session... Did
not
test.
That sounds right, I haven't tested this "learn" feature either, but
I'll have a more thorough review of the use of DAF_INITIAL_AUTH across
the file, and will do a real patch submission.
Alon.
Thanks for the comments
Adrien
