From patchwork Mon Jul 27 08:34:36 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 1341
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director11.mail.ord1d.rsapps.net ([172.27.255.54])
	by backend30.mail.ord1d.rsapps.net with LMTP id mOVRDXQeH197TwAAIUCqbw
	for <patchwork@openvpn.net>; Mon, 27 Jul 2020 14:35:32 -0400
Received: from proxy8.mail.iad3a.rsapps.net ([172.27.255.54])
	by director11.mail.ord1d.rsapps.net with LMTP
	id IKXoC3QeH186EgAAvGGmqA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Mon, 27 Jul 2020 14:35:32 -0400
Received: from smtp32.gate.iad3a ([172.27.255.54])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy8.mail.iad3a.rsapps.net with LMTP id iKyKBHQeH1+HKAAAsBr/qg
	; Mon, 27 Jul 2020 14:35:32 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp32.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=greenie.muc.de
X-Suspicious-Flag: YES
X-Classification-ID: f2f86f4c-d037-11ea-bca9-5254001741cc-1-1
Received: from [216.105.38.7] ([216.105.38.7:35028]
 helo=lists.sourceforge.net)
	by smtp32.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 6A/83-10967-37E1F1F5; Mon, 27 Jul 2020 14:35:31 -0400
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1k07xa-0005gc-4e; Mon, 27 Jul 2020 18:34:50 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <gert@gentoo.ov.greenie.net>) id 1k07xY-0005gL-Gl
 for openvpn-devel@lists.sourceforge.net; Mon, 27 Jul 2020 18:34:48 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=F+ojrTxFYr7+IhiVvDLIIKtaWDeWbLQueFWeHat6YU0=; b=IgD8pXa/a7BwCNYyf4X+nlCt4q
 woOpNO1kEH+p/m6EcUJrpRf3WuO7LZXPxiJ4sS9fUiLl+rj+BrIjr5/EBWVFaqV5fBdpG8an9icRm
 fZDnlcWw3MzvjGYtkXNUFm8MCFesiokF9aBl5X5NbQ0JVSMj7ybaqLHi6bR5sh9EfCNQ=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=F+ojrTxFYr7+IhiVvDLIIKtaWDeWbLQueFWeHat6YU0=; b=ed16i67tHZVAAvWEfSsG2GVlhe
 t+n7KF8dp2tlijilezDwe7C80zqECFBfPbas5K2qwBIiDws8THJ0gcNknP631VHXWCMlsyDqs7hy1
 2fyd3iOTPWem98PL6UCTEF6WD+Bn6ohLjar67SOmnqIBm2aI4rEY5ozECj8xE6exxJMk=;
Received: from vmail1.greenie.net ([195.30.8.66])
 by sfi-mx-4.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2)
 id 1k07xW-004KIr-9n
 for openvpn-devel@lists.sourceforge.net; Mon, 27 Jul 2020 18:34:48 +0000
Received: from gentoo.ov.greenie.net (gentoo.ov.greenie.net
 [IPv6:2001:608:0:814:0:0:f000:11])
 by vmail1.greenie.net (8.15.2/8.12.11) with SMTP id 06RIYa0p075677
 for <openvpn-devel@lists.sourceforge.net>;
 Mon, 27 Jul 2020 20:34:36 +0200 (CEST)
Received: (nullmailer pid 6674 invoked by uid 1000);
 Mon, 27 Jul 2020 18:34:36 -0000
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Mon, 27 Jul 2020 20:34:36 +0200
Message-Id: <20200727183436.6625-2-gert@greenie.muc.de>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20200727183436.6625-1-gert@greenie.muc.de>
References: <20200727183436.6625-1-gert@greenie.muc.de>
MIME-Version: 1.0
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2
 (vmail1.greenie.net [IPv6:2001:608:1:995a:20c:29ff:feb8:10eb]);
 Mon, 27 Jul 2020 20:34:36 +0200 (CEST)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
 domains are different
 0.0 SPF_NONE               SPF: sender does not publish an SPF Record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
X-Headers-End: 1k07xW-004KIr-9n
Subject: [Openvpn-devel] [PATCH 2/2] Abort client-connect handler loop after
 first handler sets 'disable'.
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

The old code would run all (succeeding) handlers, then discover "one of
them set the 'disable' flag for this client", and then unroll all the
handlers.

Moving the 'disable' check into the loop makes it stop after the first
handler that fails or (succeeds and sets 'disable').  This is a bit
more logical in the log files, and has less potential side effects
due to running "later" client-connect handlers when we already know
they will have to be unrolled.

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-By: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/multi.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index cfb34720..0f9c586b 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -2617,18 +2617,18 @@ multi_connection_established(struct multi_context *m, struct multi_instance *mi)
                 ASSERT(0);
         }
 
-        (*cur_handler_index)++;
-    }
+        /*
+         * Check for "disable" directive in client-config-dir file
+         * or config file generated by --client-connect script.
+         */
+        if (mi->context.options.disable)
+        {
+            msg(D_MULTI_ERRORS, "MULTI: client has been rejected due to "
+                "'disable' directive");
+            cc_succeeded = false;
+        }
 
-    /*
-     * Check for "disable" directive in client-config-dir file
-     * or config file generated by --client-connect script.
-     */
-    if (mi->context.options.disable)
-    {
-        msg(D_MULTI_ERRORS, "MULTI: client has been rejected due to "
-            "'disable' directive");
-        cc_succeeded = false;
+        (*cur_handler_index)++;
     }
 
     if (cc_succeeded)