subject:"\[Openvpn\-devel\] \[PATCH v3\] Implement server side of AUTH

Re: [Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout

2021-03-05 Thread Lev Stipakov

Acked-by: Lev Stipakov 

ke 3. maalisk. 2021 klo 14.39 Arne Schwabe (a...@rfc2549.org) kirjoitti:
>
> Patch V2: eliminate parse_kid function, fix style
> Patch V3: adding missing parameter in function, this was added
>   by a later patch in the original series
>
> Signed-off-by: Arne Schwabe 
> ---
>  src/openvpn/manage.c | 23 +
>  src/openvpn/manage.h |  3 ++-
>  src/openvpn/multi.c  | 27 +++-
>  src/openvpn/push.c   | 55 +---
>  src/openvpn/push.h   | 14 +-
>  src/openvpn/ssl.c|  1 +
>  src/openvpn/ssl_common.h |  1 +
>  7 files changed, 84 insertions(+), 40 deletions(-)
>
> diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
> index 169e645f..df987f53 100644
> --- a/src/openvpn/manage.c
> +++ b/src/openvpn/manage.c
> @@ -975,15 +975,15 @@ parse_cid(const char *str, unsigned long *cid)
>  }
>
>  static bool
> -parse_kid(const char *str, unsigned int *kid)
> +parse_uint(const char *str, const char* what, unsigned int *uint)
>  {
> -if (sscanf(str, "%u", kid) == 1)
> +if (sscanf(str, "%u", uint) == 1)
>  {
>  return true;
>  }
>  else
>  {
> -msg(M_CLIENT, "ERROR: cannot parse KID");
> +msg(M_CLIENT, "ERROR: cannot parse %s", what);
>  return false;
>  }
>  }
> @@ -998,15 +998,18 @@ parse_kid(const char *str, unsigned int *kid)
>   *  the information of the additional steps
>   */
>  static void
> -man_client_pending_auth(struct management *man, const char *cid_str, const 
> char *extra)
> +man_client_pending_auth(struct management *man, const char *cid_str,
> +const char *extra, const char *timeout_str)
>  {
>  unsigned long cid = 0;
> -if (parse_cid(cid_str, ))
> +unsigned int timeout = 0;
> +if (parse_cid(cid_str, )
> +&& parse_uint(timeout_str, "TIMEOUT", ))
>  {
>  if (man->persist.callback.client_pending_auth)
>  {
>  bool ret = (*man->persist.callback.client_pending_auth)
> -   (man->persist.callback.arg, cid, extra);
> +   (man->persist.callback.arg, cid, extra, timeout);
>
>  if (ret)
>  {
> @@ -1032,7 +1035,7 @@ man_client_auth(struct management *man, const char 
> *cid_str, const char *kid_str
>  mc->in_extra_cid = 0;
>  mc->in_extra_kid = 0;
>  if (parse_cid(cid_str, >in_extra_cid)
> -&& parse_kid(kid_str, >in_extra_kid))
> +&& parse_uint(kid_str, "KID", >in_extra_kid))
>  {
>  mc->in_extra_cmd = IEC_CLIENT_AUTH;
>  in_extra_reset(mc, IER_NEW);
> @@ -1048,7 +1051,7 @@ man_client_deny(struct management *man, const char 
> *cid_str, const char *kid_str
>  {
>  unsigned long cid = 0;
>  unsigned int kid = 0;
> -if (parse_cid(cid_str, ) && parse_kid(kid_str, ))
> +if (parse_cid(cid_str, ) && parse_uint(kid_str, "KID", ))
>  {
>  if (man->persist.callback.client_auth)
>  {
> @@ -1563,9 +1566,9 @@ man_dispatch_command(struct management *man, struct 
> status_output *so, const cha
>  }
>  else if (streq(p[0], "client-pending-auth"))
>  {
> -if (man_need(man, p, 2, 0))
> +if (man_need(man, p, 3, 0))
>  {
> -man_client_pending_auth(man, p[1], p[2]);
> +man_client_pending_auth(man, p[1], p[2], p[3]);
>  }
>  }
>  #ifdef MANAGEMENT_PF
> diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h
> index 9797842b..41eacc02 100644
> --- a/src/openvpn/manage.h
> +++ b/src/openvpn/manage.h
> @@ -173,7 +173,8 @@ struct management_callback
>   struct buffer_list *cc_config); /* ownership 
> transferred */
>  bool (*client_pending_auth) (void *arg,
>   const unsigned long cid,
> - const char *url);
> + const char *extra,
> + unsigned int timeout);
>  char *(*get_peer_info) (void *arg, const unsigned long cid);
>  #ifdef MANAGEMENT_PF
>  bool (*client_pf)(void *arg,
> diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
> index dd713049..ac5d3f5b 100644
> --- a/src/openvpn/multi.c
> +++ b/src/openvpn/multi.c
> @@ -1768,28 +1768,6 @@ multi_client_connect_setenv(struct multi_context *m,
>  gc_free();
>  }
>
> -/**
> - * Extracts the IV_PROTO variable and returns its value or 0
> - * if it cannot be extracted.
> - *
> - */
> -static unsigned int
> -extract_iv_proto(const char *peer_info)
> -{
> -
> -const char *optstr = peer_info ? strstr(peer_info, "IV_PROTO=") : NULL;
> -if (optstr)
> -{
> -int proto = 0;
> -int r = sscanf(optstr, "IV_PROTO=%d", );
> -if (r == 1 && proto > 0)
> -{
> -return proto;
> -}
> -}
> -return 0;
> -}
> -
>  /**
>   * Calculates the options that depend on the

[Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout

2021-03-03 Thread Arne Schwabe

Patch V2: eliminate parse_kid function, fix style
Patch V3: adding missing parameter in function, this was added
  by a later patch in the original series

Signed-off-by: Arne Schwabe 
---
 src/openvpn/manage.c | 23 +
 src/openvpn/manage.h |  3 ++-
 src/openvpn/multi.c  | 27 +++-
 src/openvpn/push.c   | 55 +---
 src/openvpn/push.h   | 14 +-
 src/openvpn/ssl.c|  1 +
 src/openvpn/ssl_common.h |  1 +
 7 files changed, 84 insertions(+), 40 deletions(-)

diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 169e645f..df987f53 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -975,15 +975,15 @@ parse_cid(const char *str, unsigned long *cid)
 }
 
 static bool
-parse_kid(const char *str, unsigned int *kid)
+parse_uint(const char *str, const char* what, unsigned int *uint)
 {
-if (sscanf(str, "%u", kid) == 1)
+if (sscanf(str, "%u", uint) == 1)
 {
 return true;
 }
 else
 {
-msg(M_CLIENT, "ERROR: cannot parse KID");
+msg(M_CLIENT, "ERROR: cannot parse %s", what);
 return false;
 }
 }
@@ -998,15 +998,18 @@ parse_kid(const char *str, unsigned int *kid)
  *  the information of the additional steps
  */
 static void
-man_client_pending_auth(struct management *man, const char *cid_str, const 
char *extra)
+man_client_pending_auth(struct management *man, const char *cid_str,
+const char *extra, const char *timeout_str)
 {
 unsigned long cid = 0;
-if (parse_cid(cid_str, ))
+unsigned int timeout = 0;
+if (parse_cid(cid_str, )
+&& parse_uint(timeout_str, "TIMEOUT", ))
 {
 if (man->persist.callback.client_pending_auth)
 {
 bool ret = (*man->persist.callback.client_pending_auth)
-   (man->persist.callback.arg, cid, extra);
+   (man->persist.callback.arg, cid, extra, timeout);
 
 if (ret)
 {
@@ -1032,7 +1035,7 @@ man_client_auth(struct management *man, const char 
*cid_str, const char *kid_str
 mc->in_extra_cid = 0;
 mc->in_extra_kid = 0;
 if (parse_cid(cid_str, >in_extra_cid)
-&& parse_kid(kid_str, >in_extra_kid))
+&& parse_uint(kid_str, "KID", >in_extra_kid))
 {
 mc->in_extra_cmd = IEC_CLIENT_AUTH;
 in_extra_reset(mc, IER_NEW);
@@ -1048,7 +1051,7 @@ man_client_deny(struct management *man, const char 
*cid_str, const char *kid_str
 {
 unsigned long cid = 0;
 unsigned int kid = 0;
-if (parse_cid(cid_str, ) && parse_kid(kid_str, ))
+if (parse_cid(cid_str, ) && parse_uint(kid_str, "KID", ))
 {
 if (man->persist.callback.client_auth)
 {
@@ -1563,9 +1566,9 @@ man_dispatch_command(struct management *man, struct 
status_output *so, const cha
 }
 else if (streq(p[0], "client-pending-auth"))
 {
-if (man_need(man, p, 2, 0))
+if (man_need(man, p, 3, 0))
 {
-man_client_pending_auth(man, p[1], p[2]);
+man_client_pending_auth(man, p[1], p[2], p[3]);
 }
 }
 #ifdef MANAGEMENT_PF
diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h
index 9797842b..41eacc02 100644
--- a/src/openvpn/manage.h
+++ b/src/openvpn/manage.h
@@ -173,7 +173,8 @@ struct management_callback
  struct buffer_list *cc_config); /* ownership 
transferred */
 bool (*client_pending_auth) (void *arg,
  const unsigned long cid,
- const char *url);
+ const char *extra,
+ unsigned int timeout);
 char *(*get_peer_info) (void *arg, const unsigned long cid);
 #ifdef MANAGEMENT_PF
 bool (*client_pf)(void *arg,
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index dd713049..ac5d3f5b 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -1768,28 +1768,6 @@ multi_client_connect_setenv(struct multi_context *m,
 gc_free();
 }
 
-/**
- * Extracts the IV_PROTO variable and returns its value or 0
- * if it cannot be extracted.
- *
- */
-static unsigned int
-extract_iv_proto(const char *peer_info)
-{
-
-const char *optstr = peer_info ? strstr(peer_info, "IV_PROTO=") : NULL;
-if (optstr)
-{
-int proto = 0;
-int r = sscanf(optstr, "IV_PROTO=%d", );
-if (r == 1 && proto > 0)
-{
-return proto;
-}
-}
-return 0;
-}
-
 /**
  * Calculates the options that depend on the client capabilities
  * based on local options and available peer info
@@ -3918,14 +3896,15 @@ management_kill_by_cid(void *arg, const unsigned long 
cid, const char *kill_msg)
 static bool
 management_client_pending_auth(void *arg,
const unsigned long cid,
-   const char *extra)
+

Re: [Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout

2021-02-01 Thread Lev Stipakov

Almost there.

Here we still need context, not tls_multi.

> -bool send_auth_pending_messages(struct context *c, const char *extra);
> +bool
> +send_auth_pending_messages(struct tls_multi *tls_multi, const char *extra,
> +   unsigned int timeout);


>C:\Users\lev\Projects\openvpn\src\openvpn\multi.c(3907,59): error C2220: the 
>following warning is treated as an error
>C:\Users\lev\Projects\openvpn\src\openvpn\multi.c(3907,59): warning C4133: 
>'function': incompatible types - from 'context *' to 'tls_multi *'


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout

2021-02-01 Thread Arne Schwabe

Patch V2: eliminate parse_kid function, fix style
Patch V3: adding missing parameter in function, this was added
  by a later patch in the original series

Signed-off-by: Arne Schwabe 
---
 src/openvpn/manage.c | 23 +
 src/openvpn/manage.h |  3 ++-
 src/openvpn/multi.c  | 27 +++-
 src/openvpn/push.c   | 55 +---
 src/openvpn/push.h   | 14 +-
 src/openvpn/ssl.c|  1 +
 src/openvpn/ssl_common.h |  1 +
 7 files changed, 84 insertions(+), 40 deletions(-)

diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index ed9dde1e..98a9a4cc 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -972,15 +972,15 @@ parse_cid(const char *str, unsigned long *cid)
 }
 
 static bool
-parse_kid(const char *str, unsigned int *kid)
+parse_uint(const char *str, const char* what, unsigned int *uint)
 {
-if (sscanf(str, "%u", kid) == 1)
+if (sscanf(str, "%u", uint) == 1)
 {
 return true;
 }
 else
 {
-msg(M_CLIENT, "ERROR: cannot parse KID");
+msg(M_CLIENT, "ERROR: cannot parse %s", what);
 return false;
 }
 }
@@ -995,15 +995,18 @@ parse_kid(const char *str, unsigned int *kid)
  *  the information of the additional steps
  */
 static void
-man_client_pending_auth(struct management *man, const char *cid_str, const 
char *extra)
+man_client_pending_auth(struct management *man, const char *cid_str,
+const char *extra, const char *timeout_str)
 {
 unsigned long cid = 0;
-if (parse_cid(cid_str, ))
+unsigned int timeout = 0;
+if (parse_cid(cid_str, )
+&& parse_uint(timeout_str, "TIMEOUT", ))
 {
 if (man->persist.callback.client_pending_auth)
 {
 bool ret = (*man->persist.callback.client_pending_auth)
-   (man->persist.callback.arg, cid, extra);
+   (man->persist.callback.arg, cid, extra, timeout);
 
 if (ret)
 {
@@ -1029,7 +1032,7 @@ man_client_auth(struct management *man, const char 
*cid_str, const char *kid_str
 mc->in_extra_cid = 0;
 mc->in_extra_kid = 0;
 if (parse_cid(cid_str, >in_extra_cid)
-&& parse_kid(kid_str, >in_extra_kid))
+&& parse_uint(kid_str, "KID", >in_extra_kid))
 {
 mc->in_extra_cmd = IEC_CLIENT_AUTH;
 in_extra_reset(mc, IER_NEW);
@@ -1045,7 +1048,7 @@ man_client_deny(struct management *man, const char 
*cid_str, const char *kid_str
 {
 unsigned long cid = 0;
 unsigned int kid = 0;
-if (parse_cid(cid_str, ) && parse_kid(kid_str, ))
+if (parse_cid(cid_str, ) && parse_uint(kid_str, "KID", ))
 {
 if (man->persist.callback.client_auth)
 {
@@ -1560,9 +1563,9 @@ man_dispatch_command(struct management *man, struct 
status_output *so, const cha
 }
 else if (streq(p[0], "client-pending-auth"))
 {
-if (man_need(man, p, 2, 0))
+if (man_need(man, p, 3, 0))
 {
-man_client_pending_auth(man, p[1], p[2]);
+man_client_pending_auth(man, p[1], p[2], p[3]);
 }
 }
 #ifdef MANAGEMENT_PF
diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h
index a3364644..aaa3b848 100644
--- a/src/openvpn/manage.h
+++ b/src/openvpn/manage.h
@@ -173,7 +173,8 @@ struct management_callback
  struct buffer_list *cc_config); /* ownership 
transferred */
 bool (*client_pending_auth) (void *arg,
  const unsigned long cid,
- const char *url);
+ const char *extra,
+ unsigned int timeout);
 char *(*get_peer_info) (void *arg, const unsigned long cid);
 #ifdef MANAGEMENT_PF
 bool (*client_pf)(void *arg,
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index dd713049..ac5d3f5b 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -1768,28 +1768,6 @@ multi_client_connect_setenv(struct multi_context *m,
 gc_free();
 }
 
-/**
- * Extracts the IV_PROTO variable and returns its value or 0
- * if it cannot be extracted.
- *
- */
-static unsigned int
-extract_iv_proto(const char *peer_info)
-{
-
-const char *optstr = peer_info ? strstr(peer_info, "IV_PROTO=") : NULL;
-if (optstr)
-{
-int proto = 0;
-int r = sscanf(optstr, "IV_PROTO=%d", );
-if (r == 1 && proto > 0)
-{
-return proto;
-}
-}
-return 0;
-}
-
 /**
  * Calculates the options that depend on the client capabilities
  * based on local options and available peer info
@@ -3918,14 +3896,15 @@ management_kill_by_cid(void *arg, const unsigned long 
cid, const char *kill_msg)
 static bool
 management_client_pending_auth(void *arg,
const unsigned long cid,
-   const char *extra)
+

Re: [Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout

[Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout

Re: [Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout

[Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout

4 matches

Site Navigation

Mail list logo

Footer information