Samuel Thibault, le Fri 31 Jul 2015 11:32:06 +0200, a écrit :
> # Allows the plugin to use auth control files if OpenVPN (>= 2.1 rc8) 
> provides them.
> # default is false
> # useauthcontrolfile=false
> 
> Why is the default false??

And still... The main loop uses

   pthread_mutex_lock(context->getMutexSend());
   context->addNewUser(newuser);
   pthread_cond_signal( context->getCondSend( ));
   pthread_mutex_unlock (context->getMutexSend());
   return OPENVPN_PLUGIN_FUNC_DEFERRED;

to signal the auth thread that a new connection is being tried, and the
auth thread basically does

   pthread_mutex_lock(context->getMutexSend());
   while(1)
   {
     if (nobody_yet)
       pthread_cond_wait(context->getCondSend(),context->getMutexSend());
     ...
     Do auth
     ...
   }
   pthread_mutex_unlock(context->getMutexSend());

I.e. it keeps the MutexSend busy all along the authentication! So even
with deferred authentication, the main loop can not manage to grasp the
mutex until the auth thread has finished authenticating the previous
user...

Anyway, this is an issue in the plugin, I'll switch over to the plugin
mailing list.

Samuel

Reply via email to