Signed-off-by: Arne Schwabe
---
src/openvpn/manage.c | 26 +--
src/openvpn/manage.h | 3 ++-
src/openvpn/multi.c | 27 +++-
src/openvpn/push.c | 55 +---
src/openvpn/push.h | 10
src/openvpn/ssl.c| 1 +
src/openvpn/ssl_common.h | 1 +
7 files changed, 87 insertions(+), 36 deletions(-)
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 898cb3b3..8df60d7a 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -990,19 +990,26 @@ parse_cid(const char *str, unsigned long *cid)
}
static bool
-parse_kid(const char *str, unsigned int *kid)
+parse_uint(const char *str, const char* what, unsigned int *uint)
{
-if (sscanf(str, "%u", kid) == 1)
+if (sscanf(str, "%u", uint) == 1)
{
return true;
}
else
{
-msg(M_CLIENT, "ERROR: cannot parse KID");
+msg(M_CLIENT, "ERROR: cannot parse %s", what);
return false;
}
}
+static bool
+parse_kid(const char *str, unsigned int *kid)
+{
+return parse_uint(str, "KID", kid);
+}
+
+
/**
* Will send a notification to the client that succesful authentication
* will require an additional step (web based SSO/2-factor auth/etc)
@@ -1013,15 +1020,18 @@ parse_kid(const char *str, unsigned int *kid)
* the information of the additional steps
*/
static void
-man_client_pending_auth(struct management *man, const char *cid_str, const
char *extra)
+man_client_pending_auth(struct management *man, const char *cid_str,
+const char *extra, const char *timeout_str)
{
unsigned long cid = 0;
-if (parse_cid(cid_str, ))
+unsigned int timeout = 0;
+if (parse_cid(cid_str, )
+&& parse_uint(timeout_str, "TIMEOUT", ))
{
if (man->persist.callback.client_pending_auth)
{
bool ret = (*man->persist.callback.client_pending_auth)
- (man->persist.callback.arg, cid, extra);
+ (man->persist.callback.arg, cid, extra, timeout);
if (ret)
{
@@ -1582,9 +1592,9 @@ man_dispatch_command(struct management *man, struct
status_output *so, const cha
}
else if (streq(p[0], "client-pending-auth"))
{
-if (man_need(man, p, 2, 0))
+if (man_need(man, p, 3, 0))
{
-man_client_pending_auth(man, p[1], p[2]);
+man_client_pending_auth(man, p[1], p[2], p[3]);
}
}
#ifdef MANAGEMENT_PF
diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h
index 881bfb14..1c497427 100644
--- a/src/openvpn/manage.h
+++ b/src/openvpn/manage.h
@@ -176,7 +176,8 @@ struct management_callback
struct buffer_list *cc_config); /* ownership
transferred */
bool (*client_pending_auth) (void *arg,
const unsigned long cid,
- const char *url);
+ const char *extra,
+ unsigned int timeout);
char *(*get_peer_info) (void *arg, const unsigned long cid);
#endif
#ifdef MANAGEMENT_PF
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 13738180..50e2e350 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -1771,28 +1771,6 @@ multi_client_connect_setenv(struct multi_context *m,
gc_free();
}
-/**
- * Extracts the IV_PROTO variable and returns its value or 0
- * if it cannot be extracted.
- *
- */
-static unsigned int
-extract_iv_proto(const char *peer_info)
-{
-
-const char *optstr = peer_info ? strstr(peer_info, "IV_PROTO=") : NULL;
-if (optstr)
-{
-int proto = 0;
-int r = sscanf(optstr, "IV_PROTO=%d", );
-if (r == 1 && proto > 0)
-{
-return proto;
-}
-}
-return 0;
-}
-
/**
* Calculates the options that depend on the client capabilities
* based on local options and available peer info
@@ -3917,14 +3895,15 @@ management_kill_by_cid(void *arg, const unsigned long
cid, const char *kill_msg)
static bool
management_client_pending_auth(void *arg,
const unsigned long cid,
- const char *extra)
+ const char *extra,
+ unsigned int timeout)
{
struct multi_context *m = (struct multi_context *) arg;
struct multi_instance *mi = lookup_by_cid(m, cid);
if (mi)
{
/* sends INFO_PRE and AUTH_PENDING messages to client */
-bool ret = send_auth_pending_messages(>context, extra);
+bool ret = send_auth_pending_messages(>context, extra, timeout);
multi_schedule_context_wakeup(m, mi);
return ret;
}
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 44633dc6..ece63650 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -347,26 +347,58 @@