This patchset brings a number of improvements: - Allow a tiemout that is different from the default 60s for pending authentication. 60s is a bit tight, especially when being redirected to a complicated web login process. - Make the server side auth-pending support no longer dependent on management interface but also allow scripts and plugins to utilise it. - Introduce deffered authentication support for scripts. Deferred authentication is a necessary requirement for pending authentication.
The branch is also available here: https://github.com/schwabe/openvpn/tree/schwabe/auth_pending The v2 patches ae modified from the v1 if they contain a Patch v2 note in the commit message, otherwise they are just rebased and resent with the patchset. Arne Schwabe (11): Change pull request timeout use a timeout rather than a number Implement client side handling of AUTH_PENDING message Implement server side of AUTH_PENDING with extending timeout Introduce management client state for AUTH_PENDING notifications Change parameter of send_auth_pending_messages from context to tls_multi Add S_EXITCODE flag for openvpn_run_script to report exit code Refactor extract_var_peer_info into standalone function and add ssl_util.c Allow pending auth to be send from a auth plugin Implement deferred auth for scripts Implement --client-crresponse script options and plugin interface Add example script demonstrating TOTP via auth-pending Changes.rst | 21 ++ doc/man-sections/generic-options.rst | 3 +- doc/man-sections/script-options.rst | 45 +++- doc/man-sections/server-options.rst | 4 + doc/man-sections/tls-options.rst | 3 + doc/management-notes.txt | 39 +++- include/openvpn-plugin.h.in | 15 +- sample/sample-scripts/totpauth.py | 107 +++++++++ src/openvpn/Makefile.am | 1 + src/openvpn/forward.c | 27 ++- src/openvpn/forward.h | 9 + src/openvpn/init.c | 1 + src/openvpn/integer.h | 25 +++ src/openvpn/manage.c | 26 ++- src/openvpn/manage.h | 5 +- src/openvpn/multi.c | 29 +-- src/openvpn/openvpn.h | 2 +- src/openvpn/openvpn.vcxproj | 2 + src/openvpn/openvpn.vcxproj.filters | 6 + src/openvpn/options.c | 15 ++ src/openvpn/options.h | 1 + src/openvpn/platform.c | 34 +++ src/openvpn/platform.h | 5 +- src/openvpn/push.c | 153 ++++++++++++- src/openvpn/push.h | 23 +- src/openvpn/run_command.c | 25 ++- src/openvpn/run_command.h | 15 +- src/openvpn/ssl.c | 10 +- src/openvpn/ssl.h | 3 + src/openvpn/ssl_common.h | 4 + src/openvpn/ssl_ncp.c | 20 +- src/openvpn/ssl_util.c | 59 +++++ src/openvpn/ssl_util.h | 49 +++++ src/openvpn/ssl_verify.c | 311 ++++++++++++++++++++++++--- src/openvpn/ssl_verify.h | 25 ++- tests/unit_tests/openvpn/Makefile.am | 3 +- 36 files changed, 988 insertions(+), 137 deletions(-) create mode 100755 sample/sample-scripts/totpauth.py create mode 100644 src/openvpn/ssl_util.c create mode 100644 src/openvpn/ssl_util.h -- 2.30.0 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
