[Openvpn-devel] [XS] Change in openvpn[master]: manage: Do not trigger actions on management disconnect if not authen...

flichtenheld (Code Review) Wed, 21 Jan 2026 06:31:39 -0800

Attention is currently required from: plaisthos.

Hello plaisthos,


I'd like you to do a code review.
Please visit

    http://gerrit.openvpn.net/c/openvpn/+/1484?usp=email

to review the following change.


Change subject: manage: Do not trigger actions on management disconnect if not 
authenticated
......................................................................

manage: Do not trigger actions on management disconnect if not authenticated

If the management interface requires authentication via password
and the remote did not specify it, do not do trigger actions
requested by --management-forget-disconnect and --management-signal
on disconnect.

Reported-By: Joshua Rogers <[email protected]>
Found-By: ZeroPath (https://zeropath.com)
Github: openvpn-private-issues#5
Change-Id: I575d65912ce9065a0b0868e73998b4a9aece62af
Signed-off-by: Frank Lichtenheld <[email protected]>
---
M src/openvpn/manage.c
1 file changed, 3 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/84/1484/1

diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 8fa8784..37ae6b3 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -2073,13 +2073,14 @@
     }
     if (!exiting)
     {
-        if (man->settings.flags & MF_FORGET_DISCONNECT)
+        if (man->settings.flags & MF_FORGET_DISCONNECT && 
!man_password_needed(man))
         {
+            msg(D_MANAGEMENT, "MANAGEMENT: Reset authentication on 
disconnect");
             ssl_purge_auth(false);
             (void)ssl_clean_auth_token();
         }

-        if (man->settings.flags & MF_SIGNAL)
+        if (man->settings.flags & MF_SIGNAL && !man_password_needed(man))
         {
             int mysig = man_mod_signal(man, SIGUSR1);
             if (mysig >= 0)

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1484?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I575d65912ce9065a0b0868e73998b4a9aece62af
Gerrit-Change-Number: 1484
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>

_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [XS] Change in openvpn[master]: manage: Do not trigger actions on management disconnect if not authen...

Reply via email to