Hi, It is not easy to find cid for using client-kill command, so make kill command support killmsg is very useful for stopping remote client with AUTH_FAILED.
From d74e3f79c6c3ba2ee2e5dfafa39d4728cea721cb Mon Sep 17 00:00:00 2001
From: Yafeng Shan <cuc...@kokonur.me>
Date: Tue, 3 Mar 2015 16:33:15 +0800
Subject: [PATCH] Make openvpn management kill command support killmsg
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index e59776d..444e1c8 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -450,7 +450,7 @@ man_bytecount_output_server (struct management *man,
#endif
static void
-man_kill (struct management *man, const char *victim)
+man_kill (struct management *man, const char *victim, const char *kill_msg)
{
struct gc_arena gc = gc_new ();
@@ -475,7 +475,7 @@ man_kill (struct management *man, const char *victim)
const int port = atoi (p2);
if (port > 0 && port < 65536)
{
- n_killed = (*man->persist.callback.kill_by_addr)
(man->persist.callback.arg, addr, port);
+ n_killed = (*man->persist.callback.kill_by_addr)
(man->persist.callback.arg, addr, port, kill_msg);
if (n_killed > 0)
{
msg (M_CLIENT, "SUCCESS: %d client(s) at address %s:%d
killed",
@@ -503,7 +503,7 @@ man_kill (struct management *man, const char *victim)
else if (strlen (p1))
{
/* common name specified */
- n_killed = (*man->persist.callback.kill_by_cn)
(man->persist.callback.arg, p1);
+ n_killed = (*man->persist.callback.kill_by_cn)
(man->persist.callback.arg, p1, kill_msg);
if (n_killed > 0)
{
msg (M_CLIENT, "SUCCESS: common name '%s' found, %d client(s)
killed", p1, n_killed);
@@ -1162,7 +1162,7 @@ man_dispatch_command (struct management *man, struct
status_output *so, const ch
else if (streq (p[0], "kill"))
{
if (man_need (man, p, 1, 0))
- man_kill (man, p[1]);
+ man_kill (man, p[1], p[2]);
}
else if (streq (p[0], "verb"))
{
diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h
index 1c8dda6..4266757 100644
--- a/src/openvpn/manage.h
+++ b/src/openvpn/manage.h
@@ -151,8 +151,8 @@ struct management_callback
void (*status) (void *arg, const int version, struct status_output *so);
void (*show_net) (void *arg, const int msglevel);
- int (*kill_by_cn) (void *arg, const char *common_name);
- int (*kill_by_addr) (void *arg, const in_addr_t addr, const int port);
+ int (*kill_by_cn) (void *arg, const char *common_name, const char *kill_msg);
+ int (*kill_by_addr) (void *arg, const in_addr_t addr, const int port, const
char *kill_msg);
void (*delete_event) (void *arg, event_t event);
int (*n_clients) (void *arg);
#ifdef MANAGEMENT_DEF_AUTH
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 4412491..ad9ba33 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -2763,7 +2763,7 @@ management_callback_n_clients (void *arg)
}
static int
-management_callback_kill_by_cn (void *arg, const char *del_cn)
+management_callback_kill_by_cn (void *arg, const char *del_cn, const char
*kill_msg)
{
struct multi_context *m = (struct multi_context *) arg;
struct hash_iterator hi;
@@ -2779,7 +2779,9 @@ management_callback_kill_by_cn (void *arg, const char
*del_cn)
const char *cn = tls_common_name (mi->context.c2.tls_multi, false);
if (cn && !strcmp (cn, del_cn))
{
- multi_signal_instance (m, mi, SIGTERM);
+ //multi_signal_instance (m, mi, SIGTERM);
+ send_restart (&mi->context, kill_msg); /* was:
multi_signal_instance (m, mi, SIGTERM); */
+ multi_schedule_context_wakeup(m, mi);
++count;
}
}
@@ -2789,7 +2791,7 @@ management_callback_kill_by_cn (void *arg, const char
*del_cn)
}
static int
-management_callback_kill_by_addr (void *arg, const in_addr_t addr, const int
port)
+management_callback_kill_by_addr (void *arg, const in_addr_t addr, const int
port, const char *kill_msg)
{
struct multi_context *m = (struct multi_context *) arg;
struct hash_iterator hi;
@@ -2810,7 +2812,9 @@ management_callback_kill_by_addr (void *arg, const
in_addr_t addr, const int por
struct multi_instance *mi = (struct multi_instance *) he->value;
if (!mi->halt && mroute_addr_equal (&maddr, &mi->real))
{
- multi_signal_instance (m, mi, SIGTERM);
+ //multi_signal_instance (m, mi, SIGTERM);
+ send_restart (&mi->context, kill_msg); /* was:
multi_signal_instance (m, mi, SIGTERM); */
+ multi_schedule_context_wakeup(m, mi);
++count;
}
}
--
2.1.4
0001-Make-openvpn-management-kill-command-support-killmsg.patch
Description: Binary data
