From patchwork Sun Mar 13 09:07:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Sommerseth X-Patchwork-Id: 2334 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id qCKOMz1PLmKuLwAAqwncew (envelope-from ) for ; Sun, 13 Mar 2022 16:08:29 -0400 Received: from proxy3.mail.ord1d.rsapps.net ([172.30.191.6]) by director13.mail.ord1d.rsapps.net with LMTP id INmMCz5PLmJ4WAAA91zNiA (envelope-from ) for ; Sun, 13 Mar 2022 16:08:30 -0400 Received: from smtp9.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1d.rsapps.net with LMTPS id IDl9Cz5PLmLaSQAA7WKfLA (envelope-from ) for ; Sun, 13 Mar 2022 16:08:30 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp9.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=sf.lists.topphemmelig.net; dmarc=fail (p=none; dis=none) header.from=sf.lists.topphemmelig.net X-Suspicious-Flag: YES X-Classification-ID: 5958f8e2-a309-11ec-b28e-525400bd3b1f-1-1 Received: from [216.105.38.7] ([216.105.38.7:39790] helo=lists.sourceforge.net) by smtp9.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 5E/5D-02354-D3F4E226; Sun, 13 Mar 2022 16:08:29 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nTUV8-0005qO-0e; Sun, 13 Mar 2022 20:07:36 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nTUV6-0005qG-Iq for openvpn-devel@lists.sourceforge.net; Sun, 13 Mar 2022 20:07:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=2YupL4aqvLKUwyOLCDWNnZceq5wLVBMmjJFBgw6BGvY=; b=X8jxxPHif+hKnxbX75W7kEbMkI FEkOLeCKrCa7wKbhg8Pxr9GBpDRjKSGyw3yzwaYOZzGtpalUjDdnlPv4D7diKKruR70MEo8aYasVL InQYGXd0NmNFa9Rv7BnPrR4iIn5vG6jGI3iUpgGx1Z3UgAn/gFYkUqHr5Vxxdkx14YY4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=2YupL4aqvLKUwyOLCDWNnZceq5wLVBMmjJFBgw6BGvY=; b=g EptptNXp+dqjru3y2x1s0PlFmImsMLPZPmHBrKvW6AhfGFS2DoQf+Abp6cwcXgN63OdkFCIFQcrEJ C2dVzziGM0VxYslEebj5puJ9yoXBU3BIJyoVDxjcE9iIwNqY/9ZrW6ixRKrYOBtmQ10cWu6pRg0Nd RYCVgFjfF5clF20Y=; Received: from mx1.basenordic.cloud ([217.170.196.134]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nTUV4-0004PC-2z for openvpn-devel@lists.sourceforge.net; Sun, 13 Mar 2022 20:07:34 +0000 Received: from localhost (unknown [127.0.0.1]) by mx1.basenordic.cloud (Postfix) with ESMTP id 3DF0EE714 for ; Sun, 13 Mar 2022 20:07:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sf.lists.topphemmelig.net; s=inouz9eefah2too5; t=1647202045; bh=2YupL4aqvLKUwyOLCDWNnZceq5wLVBMmjJFBgw6BGvY=; h=From:To:Subject:Date:From; b=dkgzP18hd3FJMzUN7KxdxMuq3xu09IilDpxRgfrWUf8UUDOEA5qEPOI0wErMOV0JV 6NIz5NDKpnyvU3gWfwQOnVoOOtZwXIgo6pG7flXkrxHlpp/rHMXboh0qdF2y2yL/Ki bYdQFomJkTAW5hUxkLskHgLCejvU+v4ab/MFK+M8M4VhMRDsP7R23y+F8/ZgipjiQi Db7inHMV2LvQfAi0ufFE4lsh1kJLvd9zpkM/tKVmTzQhr6II/AdQVZOV/P2hMbSMTX NfOvrrz8dcRLAuV4aO8LRgHu+tBLPByzIIoXmNkjmqHQZNidoJ2SoAFE1UQX24+QdO mpF5LVTsbdvHQ== Received: from mx1.basenordic.cloud ([127.0.0.1]) by localhost (mx1.basenordic.cloud [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MMPSul_1ri-A for ; Sun, 13 Mar 2022 21:07:24 +0100 (CET) Received: from xplorer.net (xplorer.sommerseth.xyz [10.35.7.11]) by mx1.basenordic.cloud (Postfix) with ESMTP id 13AD8E713 for ; Sun, 13 Mar 2022 21:07:24 +0100 (CET) From: David Sommerseth To: openvpn-devel@lists.sourceforge.net Date: Sun, 13 Mar 2022 21:07:12 +0100 Message-Id: <20220313200715.13518-1-openvpn@sf.lists.topphemmelig.net> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: David Sommerseth This is an adopted version of [0] for the OpenVPN 2.4 release branch. It was discovered an issue with OpenVPN 2.x when multiple --plugin modules were loaded and more than one of them used deferred authentication. To fix this properly will require a larger refactoring of [...] Content analysis details: (-2.4 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [217.170.196.134 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1nTUV4-0004PC-2z Subject: [Openvpn-devel] [PATCH v2.4 v4 0/3] Disable multiple deferred authentication plug-ins X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: David Sommerseth This is an adopted version of [0] for the OpenVPN 2.4 release branch. It was discovered an issue with OpenVPN 2.x when multiple --plugin modules were loaded and more than one of them used deferred authentication. To fix this properly will require a larger refactoring of the plug-in code, so it was decided in the mean time to disable the possibility to run an OpenVPN server with such a setup. This issue affects the OpenVPN server mode only. This patch set adds a new test plug-in and adds some test documentation on how to test various combinations of authentication plug-ins. Since this new plug-in (multi-auth.c) is fairly close to the simple.c plug-in, just more flexible for test setups, we remove the old one. The fix itself is isolated in a separate patch in this set. The order of patches are insignificant; there are no inter-dependencies between them. [0] Message-ID: <20220313193154.9350-1-openvpn@sf.lists.topphemmelig.net> --- kind regards, David Sommerseth OpenVPN Inc David Sommerseth (3): sample-plugin: New plugin for testing multiple auth plugins plug-ins: Disallow multiple deferred authentication plug-ins plug-ins: Remove defer/simple.c sample plugin doc/openvpn.8 | 13 + doc/tests/authentication-plugins.md | 153 +++++++ sample/sample-plugins/defer/README | 9 +- sample/sample-plugins/defer/multi-auth.c | 413 +++++++++++++++++ sample/sample-plugins/defer/simple.c | 541 ----------------------- sample/sample-plugins/defer/simple.def | 6 - src/openvpn/plugin.c | 33 +- 7 files changed, 616 insertions(+), 552 deletions(-) create mode 100644 doc/tests/authentication-plugins.md create mode 100644 sample/sample-plugins/defer/multi-auth.c delete mode 100644 sample/sample-plugins/defer/simple.c delete mode 100755 sample/sample-plugins/defer/simple.def