From: David Sommerseth <[email protected]>
It was discovered an issue with OpenVPN 2.x when multiple --plugin
modules were loaded and more than one of them used deferred
authentication. To fix this properly will require a larger refactoring
of the plug-in code, so it was decided in the mean time to disable the
possibility to run an OpenVPN server with such a setup. This issue
affects the OpenVPN server mode only.
This patch set adds a new test plug-in and adds some test documentation
on how to test various combinations of authentication plug-ins. Since
this new plug-in (multi-auth.c) is fairly close to the simple.c plug-in,
just more flexible for test setups, we remove the old one. The fix
itself is isolated in a separate patch in this set.
The order of patches are insignificant; there are no inter-dependencies
between them.
--
kind regards,
David Sommerseth
OpenVPN Inc
---
David Sommerseth (3):
sample-plugin: New plugin for testing multiple auth plugins
plug-ins: Disallow multiple deferred authentication plug-ins
plugins: Remove defer/simple.c sample plugin
doc/man-sections/plugin-options.rst | 9 +
doc/tests/authentication-plugins.md | 153 +++++++++++
include/openvpn-plugin.h.in | 4 +-
sample/sample-plugins/Makefile.plugins | 2 +-
sample/sample-plugins/README | 6 +-
.../defer/{simple.c => multi-auth.c} | 248 ++++++++++--------
sample/sample-plugins/defer/simple.def | 6 -
src/openvpn/plugin.c | 33 ++-
8 files changed, 333 insertions(+), 128 deletions(-)
create mode 100644 doc/tests/authentication-plugins.md
rename sample/sample-plugins/defer/{simple.c => multi-auth.c} (61%)
delete mode 100755 sample/sample-plugins/defer/simple.def
--
2.27.0
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
