On 13-10-16 21:59, David Sommerseth wrote:
> If --auth-gen-token has been enabled and a token has been generated,
> ensure this token is pushed to the client using the 'auth-token' option.
>
> Signed-off-by: David Sommerseth <dav...@openvpn.net>
> ---
> src/openvpn/misc.c | 5 +++++
> src/openvpn/push.c | 9 ++++++++-
> src/openvpn/ssl_common.h | 2 ++
> 3 files changed, 15 insertions(+), 1 deletion(-)
>
> diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
> index 225f0bf..b74ac9d 100644
> --- a/src/openvpn/misc.c
> +++ b/src/openvpn/misc.c
> @@ -2073,6 +2073,11 @@ sanitize_control_message(const char *src, struct
> gc_arena *gc)
Wait, what? We have over 2000 lines of 'misc.c'...?
> + else if (!check_debug_level(D_SHOW_KEYS) && (c == 'a' && !strncmp(src,
> "auth-token ", 11)))
Overly long line. (And not so clear code, but this is in line with the
surrounding code, and you already sent an explanation.)
> diff --git a/src/openvpn/push.c b/src/openvpn/push.c
> index ee2eda4..0fb87ba 100644
> --- a/src/openvpn/push.c
> +++ b/src/openvpn/push.c
> @@ -309,7 +309,7 @@ prepare_push_reply (struct context *c, struct gc_arena
> *gc,
> struct push_list *push_list)
> {
> const char *optstr = NULL;
> - const struct tls_multi *tls_multi = c->c2.tls_multi;
> + struct tls_multi *tls_multi = c->c2.tls_multi;
> const char * const peer_info = tls_multi->peer_info;
> struct options *o = &c->options;
>
> @@ -371,6 +371,13 @@ prepare_push_reply (struct context *c, struct gc_arena
> *gc,
> push_option_fmt(gc, push_list, M_USAGE, "cipher %s", o->ciphername);
> }
> }
> +
> + /* If server uses --auth-gen-token and we have an auth token to send to
> client */
> + if (false == tls_multi->auth_token_sent && NULL != tls_multi->auth_token)
> + {
> + push_option_fmt(gc, push_list, M_USAGE, "auth-token %s",
> tls_multi->auth_token);
> + tls_multi->auth_token_sent = true;
> + }
> return true;
> }
>
> diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h
> index 1b90c5e..3d802c9 100644
> --- a/src/openvpn/ssl_common.h
> +++ b/src/openvpn/ssl_common.h
> @@ -526,6 +526,8 @@ struct tls_multi
> uint32_t peer_id;
> bool use_peer_id;
>
> + bool auth_token_sent; /**< If server uses --auth-gen-token and
> + * token has been sent to client */
> char *auth_token; /** If server sends a generated auth-token,
> * this is the token to use for future
> * user/pass authentications in this session.
>
ACK, if you wrap the long lines and update the commit message.
-Steffan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
