Re: [Openvpn-devel] [PATCH] auth-token with auth-nocache fix broke --disable-crypto builds

Mon, 19 Jun 2017 06:25:13 -0700 

On 19/06/17 15:16, Gert Doering wrote:
> HI,
> 
> On Mon, Jun 19, 2017 at 03:05:07PM +0200, David Sommerseth wrote:
>> After adding commit 571165360db0392fa83e, it broke builds where
>> the --disable-crypto was used with ./configure.  This was due to
>> the delayed_auth_pass_purge() which requires the crypto code paths
>> being called from init.c without the proper #ifdef encapsulation.
>>
>> Signed-off-by: David Sommerseth <dav...@openvpn.net>
>> ---
>>  src/openvpn/init.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/src/openvpn/init.c b/src/openvpn/init.c
>> index 0832f1d1..a54307ad 100644
>> --- a/src/openvpn/init.c
>> +++ b/src/openvpn/init.c
>> @@ -1382,6 +1382,8 @@ initialization_sequence_completed(struct context *c, 
>> const unsigned int flags)
>>      /* If we delayed UID/GID downgrade or chroot, do it now */
>>      do_uid_gid_chroot(c, true);
>>  
>> +
>> +#ifdef ENABLE_CRYPTO
>>      /*
>>       * In some cases (i.e. when receiving auth-token via
>>       * push-reply) the auth-nocache option configured on the
>> @@ -1393,6 +1395,7 @@ initialization_sequence_completed(struct context *c, 
>> const unsigned int flags)
>>      {
>>          delayed_auth_pass_purge();
>>      }
>> +#endif /* ENABLE_CRYPTO */
>>  
>>      /* Test if errors */
>>      if (flags & ISC_ERRORS)
> 
> ACK.
> 
> Somewhat ugly (is there no existing #ifdef ENABLE_CRYPTO block nearby
> that we could hide this in?) but I need a clean tree tonight, and this
> will fix things.  So, will to go with it.

There are no other ENABLE_CRYPTO blocks in
initialization_sequence_completed() [init.c:1375].  The alternative
could be to put this #ifdef inside the delayed_auth_pass_purge() and
make that function be "empty" without ENABLE_CRYPTO.  But as init.c is
the only place this is called outside the ENABLE_CRYPTO scope, this is
where my dice rolled.


-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to