[Openvpn-devel,v2.4,v4,0/3] Disable multiple deferred authentication plug-ins

Message ID 20220313200715.13518-1-openvpn@sf.lists.topphemmelig.net
Headers show
  • Disable multiple deferred authentication plug-ins
Related show


David Sommerseth March 13, 2022, 8:07 p.m.
From: David Sommerseth <davids@openvpn.net>

This is an adopted version of [0] for the OpenVPN 2.4 release branch.

It was discovered an issue with OpenVPN 2.x when multiple --plugin
modules were loaded and more than one of them used deferred
authentication.  To fix this properly will require a larger refactoring
of the plug-in code, so it was decided in the mean time to disable the
possibility to run an OpenVPN server with such a setup.  This issue
affects the OpenVPN server mode only.

This patch set adds a new test plug-in and adds some test documentation
on how to test various combinations of authentication plug-ins.  Since
this new plug-in (multi-auth.c) is fairly close to the simple.c plug-in,
just more flexible for test setups, we remove the old one.  The fix
itself is isolated in a separate patch in this set.

The order of patches are insignificant; there are no inter-dependencies
between them.

[0] <https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23934.html>
    Message-ID: <20220313193154.9350-1-openvpn@sf.lists.topphemmelig.net>

kind regards,

David Sommerseth
OpenVPN Inc

David Sommerseth (3):
  sample-plugin: New plugin for testing multiple auth plugins
  plug-ins: Disallow multiple deferred authentication plug-ins
  plug-ins: Remove defer/simple.c sample plugin

 doc/openvpn.8                            |  13 +
 doc/tests/authentication-plugins.md      | 153 +++++++
 sample/sample-plugins/defer/README       |   9 +-
 sample/sample-plugins/defer/multi-auth.c | 413 +++++++++++++++++
 sample/sample-plugins/defer/simple.c     | 541 -----------------------
 sample/sample-plugins/defer/simple.def   |   6 -
 src/openvpn/plugin.c                     |  33 +-
 7 files changed, 616 insertions(+), 552 deletions(-)
 create mode 100644 doc/tests/authentication-plugins.md
 create mode 100644 sample/sample-plugins/defer/multi-auth.c
 delete mode 100644 sample/sample-plugins/defer/simple.c
 delete mode 100755 sample/sample-plugins/defer/simple.def