Hi,

I was toying with the management interface of openvpn (on server side),
to monitor the connections/disconnections of my clients. The clients
are authenticated with TLS certificates, without a password. I needed to
patch two things in order to get things working as I wanted, but since
I'm new to the code base, I'm not sure at all that those patches make
sense, especially the second one. I still attach them to this email,
in the hope that people here will point where I'm wrong :)

Cheers

Adrien
From b3f7a1bc9b0d6510f20b7e27d2385f716590d6fb Mon Sep 17 00:00:00 2001
From: Adrien Bustany <adrien.bust...@nokia.com>
Date: Mon, 7 May 2012 14:26:59 +0300
Subject: [PATCH 1/2] Don't call management_notify_client_close twice for
 multi clients

management_notify_client_close is already called in
multi_client_disconnect_script for those.
---
 src/openvpn/init.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 61ced5d..159d67d 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -3569,7 +3569,9 @@ close_instance (struct context *c)
 	do_close_tun (c, false);
 
 #ifdef MANAGEMENT_DEF_AUTH
-	if (management)
+	// For child contexts, we already called management_notify_client_close
+	// in multi_client_disconnect_script
+	if (management && c->mode != CM_CHILD_UDP && c->mode != CM_CHILD_TCP)
 	  management_notify_client_close (management, &c->c2.mda_context, NULL);
 #endif
 
-- 
1.7.8.1

From d6364de14ba629bb6000c7252929050f9625d5cc Mon Sep 17 00:00:00 2001
From: Adrien Bustany <adrien.bust...@nokia.com>
Date: Mon, 7 May 2012 14:42:07 +0300
Subject: [PATCH 2/2] management: Don't require DAF_INITIAL_AUTH to send
 DISCONNECT message

DAF_INITIAL_AUTH will only be set if a password was needed for client
authentication. This means that for password-less certificate
authentication, no DISCONNECT message would be sent.
---
 src/openvpn/manage.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 1dddd41..51f41bb 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -2474,7 +2474,7 @@ management_notify_client_close (struct management *management,
 				struct man_def_auth_context *mdac,
 				const struct env_set *es)
 {
-  if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
+  if (!(mdac->flags & DAF_CONNECTION_CLOSED))
     {
       msg (M_CLIENT, ">CLIENT:DISCONNECT,%lu", mdac->cid);
       man_output_env (es, true, management->connection.env_filter_level, "CLIENT");
-- 
1.7.8.1

Reply via email to