On 14/10/16 15:30, Steffan Karger wrote:
> 
> 
> On 13-10-16 21:59, David Sommerseth wrote:
>> If --auth-gen-token has been enabled and a token has been generated,
>> ensure this token is pushed to the client using the 'auth-token' option.
>>
>> Signed-off-by: David Sommerseth <dav...@openvpn.net>
>> ---
>>  src/openvpn/misc.c       | 5 +++++
>>  src/openvpn/push.c       | 9 ++++++++-
>>  src/openvpn/ssl_common.h | 2 ++
>>  3 files changed, 15 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
>> index 225f0bf..b74ac9d 100644
>> --- a/src/openvpn/misc.c
>> +++ b/src/openvpn/misc.c
>> @@ -2073,6 +2073,11 @@ sanitize_control_message(const char *src, struct 
>> gc_arena *gc)
> 
> Wait, what?  We have over 2000 lines of 'misc.c'...?
> 
>> +      else if (!check_debug_level(D_SHOW_KEYS) && (c == 'a' && 
>> !strncmp(src, "auth-token ", 11)))
> 
> Overly long line.  (And not so clear code, but this is in line with the
> surrounding code, and you already sent an explanation.)
> 
>> diff --git a/src/openvpn/push.c b/src/openvpn/push.c
>> index ee2eda4..0fb87ba 100644
>> --- a/src/openvpn/push.c
>> +++ b/src/openvpn/push.c
>> @@ -309,7 +309,7 @@ prepare_push_reply (struct context *c, struct gc_arena 
>> *gc,
>>                  struct push_list *push_list)
>>  {
>>    const char *optstr = NULL;
>> -  const struct tls_multi *tls_multi = c->c2.tls_multi;
>> +  struct tls_multi *tls_multi = c->c2.tls_multi;
>>    const char * const peer_info = tls_multi->peer_info;
>>    struct options *o = &c->options;
>>  
>> @@ -371,6 +371,13 @@ prepare_push_reply (struct context *c, struct gc_arena 
>> *gc,
>>        push_option_fmt(gc, push_list, M_USAGE, "cipher %s", o->ciphername);
>>      }
>>      }
>> +
>> +  /* If server uses --auth-gen-token and we have an auth token to send to 
>> client */
>> +  if (false == tls_multi->auth_token_sent && NULL != tls_multi->auth_token)
>> +    {
>> +      push_option_fmt(gc, push_list, M_USAGE, "auth-token %s", 
>> tls_multi->auth_token);
>> +      tls_multi->auth_token_sent = true;
>> +    }
>>    return true;
>>  }
>>  
>> diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h
>> index 1b90c5e..3d802c9 100644
>> --- a/src/openvpn/ssl_common.h
>> +++ b/src/openvpn/ssl_common.h
>> @@ -526,6 +526,8 @@ struct tls_multi
>>    uint32_t peer_id;
>>    bool use_peer_id;
>>  
>> +  bool auth_token_sent;  /**< If server uses --auth-gen-token and
>> +                          *   token has been sent to client */
>>    char *auth_token;      /** If server sends a generated auth-token,
>>                            * this is the token to use for future
>>                            * user/pass authentications in this session.
>>
> 
> ACK, if you wrap the long lines and update the commit message.
> 

Thanks a lot! As there were some more slight changes, I decided to send
a v2 patch, just for avoid any further confusion.


-- 
kind regards,

David Sommerseth

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to