Re: [Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout
Acked-by: Lev Stipakov ke 3. maalisk. 2021 klo 14.39 Arne Schwabe (a...@rfc2549.org) kirjoitti: > > Patch V2: eliminate parse_kid function, fix style > Patch V3: adding missing parameter in function, this was added > by a later patch in the original series > > Signed-off-by: Arne Schwabe > --- > src/openvpn/manage.c | 23 + > src/openvpn/manage.h | 3 ++- > src/openvpn/multi.c | 27 +++- > src/openvpn/push.c | 55 +--- > src/openvpn/push.h | 14 +- > src/openvpn/ssl.c| 1 + > src/openvpn/ssl_common.h | 1 + > 7 files changed, 84 insertions(+), 40 deletions(-) > > diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c > index 169e645f..df987f53 100644 > --- a/src/openvpn/manage.c > +++ b/src/openvpn/manage.c > @@ -975,15 +975,15 @@ parse_cid(const char *str, unsigned long *cid) > } > > static bool > -parse_kid(const char *str, unsigned int *kid) > +parse_uint(const char *str, const char* what, unsigned int *uint) > { > -if (sscanf(str, "%u", kid) == 1) > +if (sscanf(str, "%u", uint) == 1) > { > return true; > } > else > { > -msg(M_CLIENT, "ERROR: cannot parse KID"); > +msg(M_CLIENT, "ERROR: cannot parse %s", what); > return false; > } > } > @@ -998,15 +998,18 @@ parse_kid(const char *str, unsigned int *kid) > * the information of the additional steps > */ > static void > -man_client_pending_auth(struct management *man, const char *cid_str, const > char *extra) > +man_client_pending_auth(struct management *man, const char *cid_str, > +const char *extra, const char *timeout_str) > { > unsigned long cid = 0; > -if (parse_cid(cid_str, )) > +unsigned int timeout = 0; > +if (parse_cid(cid_str, ) > +&& parse_uint(timeout_str, "TIMEOUT", )) > { > if (man->persist.callback.client_pending_auth) > { > bool ret = (*man->persist.callback.client_pending_auth) > - (man->persist.callback.arg, cid, extra); > + (man->persist.callback.arg, cid, extra, timeout); > > if (ret) > { > @@ -1032,7 +1035,7 @@ man_client_auth(struct management *man, const char > *cid_str, const char *kid_str > mc->in_extra_cid = 0; > mc->in_extra_kid = 0; > if (parse_cid(cid_str, >in_extra_cid) > -&& parse_kid(kid_str, >in_extra_kid)) > +&& parse_uint(kid_str, "KID", >in_extra_kid)) > { > mc->in_extra_cmd = IEC_CLIENT_AUTH; > in_extra_reset(mc, IER_NEW); > @@ -1048,7 +1051,7 @@ man_client_deny(struct management *man, const char > *cid_str, const char *kid_str > { > unsigned long cid = 0; > unsigned int kid = 0; > -if (parse_cid(cid_str, ) && parse_kid(kid_str, )) > +if (parse_cid(cid_str, ) && parse_uint(kid_str, "KID", )) > { > if (man->persist.callback.client_auth) > { > @@ -1563,9 +1566,9 @@ man_dispatch_command(struct management *man, struct > status_output *so, const cha > } > else if (streq(p[0], "client-pending-auth")) > { > -if (man_need(man, p, 2, 0)) > +if (man_need(man, p, 3, 0)) > { > -man_client_pending_auth(man, p[1], p[2]); > +man_client_pending_auth(man, p[1], p[2], p[3]); > } > } > #ifdef MANAGEMENT_PF > diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h > index 9797842b..41eacc02 100644 > --- a/src/openvpn/manage.h > +++ b/src/openvpn/manage.h > @@ -173,7 +173,8 @@ struct management_callback > struct buffer_list *cc_config); /* ownership > transferred */ > bool (*client_pending_auth) (void *arg, > const unsigned long cid, > - const char *url); > + const char *extra, > + unsigned int timeout); > char *(*get_peer_info) (void *arg, const unsigned long cid); > #ifdef MANAGEMENT_PF > bool (*client_pf)(void *arg, > diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c > index dd713049..ac5d3f5b 100644 > --- a/src/openvpn/multi.c > +++ b/src/openvpn/multi.c > @@ -1768,28 +1768,6 @@ multi_client_connect_setenv(struct multi_context *m, > gc_free(); > } > > -/** > - * Extracts the IV_PROTO variable and returns its value or 0 > - * if it cannot be extracted. > - * > - */ > -static unsigned int > -extract_iv_proto(const char *peer_info) > -{ > - > -const char *optstr = peer_info ? strstr(peer_info, "IV_PROTO=") : NULL; > -if (optstr) > -{ > -int proto = 0; > -int r = sscanf(optstr, "IV_PROTO=%d", ); > -if (r == 1 && proto > 0) > -{ > -return proto; > -} > -} > -return 0; > -} > - > /** > * Calculates the options that depend on the
[Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout
Patch V2: eliminate parse_kid function, fix style Patch V3: adding missing parameter in function, this was added by a later patch in the original series Signed-off-by: Arne Schwabe --- src/openvpn/manage.c | 23 + src/openvpn/manage.h | 3 ++- src/openvpn/multi.c | 27 +++- src/openvpn/push.c | 55 +--- src/openvpn/push.h | 14 +- src/openvpn/ssl.c| 1 + src/openvpn/ssl_common.h | 1 + 7 files changed, 84 insertions(+), 40 deletions(-) diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 169e645f..df987f53 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -975,15 +975,15 @@ parse_cid(const char *str, unsigned long *cid) } static bool -parse_kid(const char *str, unsigned int *kid) +parse_uint(const char *str, const char* what, unsigned int *uint) { -if (sscanf(str, "%u", kid) == 1) +if (sscanf(str, "%u", uint) == 1) { return true; } else { -msg(M_CLIENT, "ERROR: cannot parse KID"); +msg(M_CLIENT, "ERROR: cannot parse %s", what); return false; } } @@ -998,15 +998,18 @@ parse_kid(const char *str, unsigned int *kid) * the information of the additional steps */ static void -man_client_pending_auth(struct management *man, const char *cid_str, const char *extra) +man_client_pending_auth(struct management *man, const char *cid_str, +const char *extra, const char *timeout_str) { unsigned long cid = 0; -if (parse_cid(cid_str, )) +unsigned int timeout = 0; +if (parse_cid(cid_str, ) +&& parse_uint(timeout_str, "TIMEOUT", )) { if (man->persist.callback.client_pending_auth) { bool ret = (*man->persist.callback.client_pending_auth) - (man->persist.callback.arg, cid, extra); + (man->persist.callback.arg, cid, extra, timeout); if (ret) { @@ -1032,7 +1035,7 @@ man_client_auth(struct management *man, const char *cid_str, const char *kid_str mc->in_extra_cid = 0; mc->in_extra_kid = 0; if (parse_cid(cid_str, >in_extra_cid) -&& parse_kid(kid_str, >in_extra_kid)) +&& parse_uint(kid_str, "KID", >in_extra_kid)) { mc->in_extra_cmd = IEC_CLIENT_AUTH; in_extra_reset(mc, IER_NEW); @@ -1048,7 +1051,7 @@ man_client_deny(struct management *man, const char *cid_str, const char *kid_str { unsigned long cid = 0; unsigned int kid = 0; -if (parse_cid(cid_str, ) && parse_kid(kid_str, )) +if (parse_cid(cid_str, ) && parse_uint(kid_str, "KID", )) { if (man->persist.callback.client_auth) { @@ -1563,9 +1566,9 @@ man_dispatch_command(struct management *man, struct status_output *so, const cha } else if (streq(p[0], "client-pending-auth")) { -if (man_need(man, p, 2, 0)) +if (man_need(man, p, 3, 0)) { -man_client_pending_auth(man, p[1], p[2]); +man_client_pending_auth(man, p[1], p[2], p[3]); } } #ifdef MANAGEMENT_PF diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h index 9797842b..41eacc02 100644 --- a/src/openvpn/manage.h +++ b/src/openvpn/manage.h @@ -173,7 +173,8 @@ struct management_callback struct buffer_list *cc_config); /* ownership transferred */ bool (*client_pending_auth) (void *arg, const unsigned long cid, - const char *url); + const char *extra, + unsigned int timeout); char *(*get_peer_info) (void *arg, const unsigned long cid); #ifdef MANAGEMENT_PF bool (*client_pf)(void *arg, diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index dd713049..ac5d3f5b 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1768,28 +1768,6 @@ multi_client_connect_setenv(struct multi_context *m, gc_free(); } -/** - * Extracts the IV_PROTO variable and returns its value or 0 - * if it cannot be extracted. - * - */ -static unsigned int -extract_iv_proto(const char *peer_info) -{ - -const char *optstr = peer_info ? strstr(peer_info, "IV_PROTO=") : NULL; -if (optstr) -{ -int proto = 0; -int r = sscanf(optstr, "IV_PROTO=%d", ); -if (r == 1 && proto > 0) -{ -return proto; -} -} -return 0; -} - /** * Calculates the options that depend on the client capabilities * based on local options and available peer info @@ -3918,14 +3896,15 @@ management_kill_by_cid(void *arg, const unsigned long cid, const char *kill_msg) static bool management_client_pending_auth(void *arg, const unsigned long cid, - const char *extra) +
Re: [Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout
Almost there. Here we still need context, not tls_multi. > -bool send_auth_pending_messages(struct context *c, const char *extra); > +bool > +send_auth_pending_messages(struct tls_multi *tls_multi, const char *extra, > + unsigned int timeout); >C:\Users\lev\Projects\openvpn\src\openvpn\multi.c(3907,59): error C2220: the >following warning is treated as an error >C:\Users\lev\Projects\openvpn\src\openvpn\multi.c(3907,59): warning C4133: >'function': incompatible types - from 'context *' to 'tls_multi *' ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout
Patch V2: eliminate parse_kid function, fix style Patch V3: adding missing parameter in function, this was added by a later patch in the original series Signed-off-by: Arne Schwabe --- src/openvpn/manage.c | 23 + src/openvpn/manage.h | 3 ++- src/openvpn/multi.c | 27 +++- src/openvpn/push.c | 55 +--- src/openvpn/push.h | 14 +- src/openvpn/ssl.c| 1 + src/openvpn/ssl_common.h | 1 + 7 files changed, 84 insertions(+), 40 deletions(-) diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index ed9dde1e..98a9a4cc 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -972,15 +972,15 @@ parse_cid(const char *str, unsigned long *cid) } static bool -parse_kid(const char *str, unsigned int *kid) +parse_uint(const char *str, const char* what, unsigned int *uint) { -if (sscanf(str, "%u", kid) == 1) +if (sscanf(str, "%u", uint) == 1) { return true; } else { -msg(M_CLIENT, "ERROR: cannot parse KID"); +msg(M_CLIENT, "ERROR: cannot parse %s", what); return false; } } @@ -995,15 +995,18 @@ parse_kid(const char *str, unsigned int *kid) * the information of the additional steps */ static void -man_client_pending_auth(struct management *man, const char *cid_str, const char *extra) +man_client_pending_auth(struct management *man, const char *cid_str, +const char *extra, const char *timeout_str) { unsigned long cid = 0; -if (parse_cid(cid_str, )) +unsigned int timeout = 0; +if (parse_cid(cid_str, ) +&& parse_uint(timeout_str, "TIMEOUT", )) { if (man->persist.callback.client_pending_auth) { bool ret = (*man->persist.callback.client_pending_auth) - (man->persist.callback.arg, cid, extra); + (man->persist.callback.arg, cid, extra, timeout); if (ret) { @@ -1029,7 +1032,7 @@ man_client_auth(struct management *man, const char *cid_str, const char *kid_str mc->in_extra_cid = 0; mc->in_extra_kid = 0; if (parse_cid(cid_str, >in_extra_cid) -&& parse_kid(kid_str, >in_extra_kid)) +&& parse_uint(kid_str, "KID", >in_extra_kid)) { mc->in_extra_cmd = IEC_CLIENT_AUTH; in_extra_reset(mc, IER_NEW); @@ -1045,7 +1048,7 @@ man_client_deny(struct management *man, const char *cid_str, const char *kid_str { unsigned long cid = 0; unsigned int kid = 0; -if (parse_cid(cid_str, ) && parse_kid(kid_str, )) +if (parse_cid(cid_str, ) && parse_uint(kid_str, "KID", )) { if (man->persist.callback.client_auth) { @@ -1560,9 +1563,9 @@ man_dispatch_command(struct management *man, struct status_output *so, const cha } else if (streq(p[0], "client-pending-auth")) { -if (man_need(man, p, 2, 0)) +if (man_need(man, p, 3, 0)) { -man_client_pending_auth(man, p[1], p[2]); +man_client_pending_auth(man, p[1], p[2], p[3]); } } #ifdef MANAGEMENT_PF diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h index a3364644..aaa3b848 100644 --- a/src/openvpn/manage.h +++ b/src/openvpn/manage.h @@ -173,7 +173,8 @@ struct management_callback struct buffer_list *cc_config); /* ownership transferred */ bool (*client_pending_auth) (void *arg, const unsigned long cid, - const char *url); + const char *extra, + unsigned int timeout); char *(*get_peer_info) (void *arg, const unsigned long cid); #ifdef MANAGEMENT_PF bool (*client_pf)(void *arg, diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index dd713049..ac5d3f5b 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1768,28 +1768,6 @@ multi_client_connect_setenv(struct multi_context *m, gc_free(); } -/** - * Extracts the IV_PROTO variable and returns its value or 0 - * if it cannot be extracted. - * - */ -static unsigned int -extract_iv_proto(const char *peer_info) -{ - -const char *optstr = peer_info ? strstr(peer_info, "IV_PROTO=") : NULL; -if (optstr) -{ -int proto = 0; -int r = sscanf(optstr, "IV_PROTO=%d", ); -if (r == 1 && proto > 0) -{ -return proto; -} -} -return 0; -} - /** * Calculates the options that depend on the client capabilities * based on local options and available peer info @@ -3918,14 +3896,15 @@ management_kill_by_cid(void *arg, const unsigned long cid, const char *kill_msg) static bool management_client_pending_auth(void *arg, const unsigned long cid, - const char *extra) +