Stared at the code a bit, tortured it on the server test rig (which
excercises delayed-auth plugin and delayed-client-connect-*anything*,
so breaking something plugin-related "big time" should have been
caught). I have not tested the delayed-auth plugin feature yet.
A few observations, staring at key_state_check_auth_pending_file():
- it would benefit from early-return... 3 levels deep for most of
the function...
- if "timeout" cannot be parsed, the function does an early-return,
but does not call "key_state_rm_auth_pending_file(ks);" - this looks
somewhat intentional ("we keep trying until we can parse the timeout
value")...?
- "char* pending_method = BSTR(iv_buf);" is a bit confusingly named -
especially as "iv_buf" is not continaing the client-side IV_SSO
value set, but the plugin-requested method. So maybe iv_buf could
be renamed to "pending_method_buf" or so?
These are all not reasons to reject the patch, but if you feel like
"ah, today is openvpn source cleanup day", this would be a candidate :-)
I have taken the liberty to fix the comment in verify_user_pass_plugin().
Your patch has been applied to the master branch.
commit fdb4f27685f38621b72467e3038c2116f0e809c4
Author: Arne Schwabe
Date: Mon Jan 25 13:56:25 2021 +0100
Allow pending auth to be send from a auth plugin
Signed-off-by: Arne Schwabe <[email protected]>
Acked-by: David Sommerseth <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg21489.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
