If the management interface requires authentication via password and the remote did not specify it, do not do trigger actions requested by --management-forget-disconnect and --management-signal on disconnect.
Reported-By: Joshua Rogers <[email protected]> Found-By: ZeroPath (https://zeropath.com) Github: openvpn-private-issues#5 Change-Id: I575d65912ce9065a0b0868e73998b4a9aece62af Signed-off-by: Frank Lichtenheld <[email protected]> Acked-by: Arne Schwabe <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1484 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1484 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe <[email protected]> diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 8fa8784..37ae6b3 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -2073,13 +2073,14 @@ } if (!exiting) { - if (man->settings.flags & MF_FORGET_DISCONNECT) + if (man->settings.flags & MF_FORGET_DISCONNECT && !man_password_needed(man)) { + msg(D_MANAGEMENT, "MANAGEMENT: Reset authentication on disconnect"); ssl_purge_auth(false); (void)ssl_clean_auth_token(); } - if (man->settings.flags & MF_SIGNAL) + if (man->settings.flags & MF_SIGNAL && !man_password_needed(man)) { int mysig = man_mod_signal(man, SIGUSR1); if (mysig >= 0) _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
