From patchwork Mon Jul 27 12:13:41 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vladislav Grishenko <themiron@yandex-team.ru>
X-Patchwork-Id: 1344
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director12.mail.ord1d.rsapps.net ([172.31.255.6])
	by backend30.mail.ord1d.rsapps.net with LMTP id 8ClHJuRWH19lYQAAIUCqbw
	for <patchwork@openvpn.net>; Mon, 27 Jul 2020 18:36:20 -0400
Received: from proxy14.mail.iad3b.rsapps.net ([172.31.255.6])
	by director12.mail.ord1d.rsapps.net with LMTP
	id gADTJORWH1//cQAAIasKDg
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Mon, 27 Jul 2020 18:36:20 -0400
Received: from smtp13.gate.iad3b ([172.31.255.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy14.mail.iad3b.rsapps.net with LMTP id IHSZHeRWH1+gagAA+7ETDg
	; Mon, 27 Jul 2020 18:36:20 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp13.gate.iad3b.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed) header.d=yandex-team.ru;
 dmarc=fail (p=none; dis=none) header.from=yandex-team.ru
X-Suspicious-Flag: YES
X-Classification-ID: 9703bcb0-d059-11ea-94c6-5254001dfc40-1-1
Received: from [216.105.38.7] ([216.105.38.7:38716]
 helo=lists.sourceforge.net)
	by smtp13.gate.iad3b.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 19/26-03150-3E65F1F5; Mon, 27 Jul 2020 18:36:20 -0400
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1k0BiL-0007b9-0J; Mon, 27 Jul 2020 22:35:21 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <themiron@yandex-team.ru>) id 1k0BiJ-0007b1-AR
 for openvpn-devel@lists.sourceforge.net; Mon, 27 Jul 2020 22:35:19 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:
 MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=+UT/VTHLmTHie3IWRl1QCPvm+mYoiowHwDoPdi+Ffbg=; b=iyw8O5Xm+MTbUHSo7nKCg+rAoK
 41MzAMveRgSCoX1JHIIZedQ6Qn0G1paY3wPUhv82A1B1KkRanCBZ/0KQ7lVeMRt9gDUnyeUB1Rvl3
 mjo8xgxJFfHY9Rz+CCyvfF8sOq8iWi3EOwLjb1psuSAVZIxcz/QGCYGAjXuJYHYIMHaY=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version:
 Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
 Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
 In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=+UT/VTHLmTHie3IWRl1QCPvm+mYoiowHwDoPdi+Ffbg=; b=W3eeRU9r9/l7vFSH9SN1wLpgTn
 mEyAgN1EPGppRRBlx0eXCdTvHAfiLaefhk6atuuuRm2IVICakO+fbMRbCW8Vpapx0z4nHxO4Q0T9C
 x1281vcLZNY/+1LNf2/zf1BBeQEZCwkzSH3JXaXQ81BpcolyBF998knPo7w7lIaeYde0=;
Received: from forwardcorp1p.mail.yandex.net ([77.88.29.217])
 by sfi-mx-3.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2)
 id 1k0BiG-001Ugl-6c
 for openvpn-devel@lists.sourceforge.net; Mon, 27 Jul 2020 22:35:19 +0000
Received: from iva8-d077482f1536.qloud-c.yandex.net
 (iva8-d077482f1536.qloud-c.yandex.net
 [IPv6:2a02:6b8:c0c:2f26:0:640:d077:482f])
 by forwardcorp1p.mail.yandex.net (Yandex) with ESMTP id 2D3752E14C5
 for <openvpn-devel@lists.sourceforge.net>;
 Tue, 28 Jul 2020 01:13:46 +0300 (MSK)
Received: from iva4-7c3d9abce76c.qloud-c.yandex.net
 (iva4-7c3d9abce76c.qloud-c.yandex.net [2a02:6b8:c0c:4e8e:0:640:7c3d:9abc])
 by iva8-d077482f1536.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id
 cMAZUt48zp-DjtGeBnW; Tue, 28 Jul 2020 01:13:46 +0300
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru;
 s=default;
 t=1595888026; bh=+UT/VTHLmTHie3IWRl1QCPvm+mYoiowHwDoPdi+Ffbg=;
 h=Message-Id:Date:Subject:To:From;
 b=y5B5PuPvCjG5Cb0ia0jgz5QrddQzapuIs+HNfoThIhWJ7TLTJQg00j2UJwVVmQIC4
 Pn/svzbtvqJbCVloAAsOMLr5VpyRMoN02AUBj1KZ5+pnCxulySWPPKv+JMn9LBG3Y6
 8s5/l69jpSFVVKwk97/tuFB/Ssra6vAS7UhoB4Ik=
Received: from unknown (unknown [178.154.220.35])
 by iva4-7c3d9abce76c.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id
 GY9BenkvxH-DjiG2g6C; Tue, 28 Jul 2020 01:13:45 +0300
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (Client certificate not present)
From: Vladislav Grishenko <themiron@yandex-team.ru>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 28 Jul 2020 03:13:41 +0500
Message-Id: <20200727221341.22544-2-themiron@yandex-team.ru>
X-Mailer: git-send-email 2.17.1
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
 domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
X-Headers-End: 1k0BiG-001Ugl-6c
Subject: [Openvpn-devel] [PATCH 2/2] Allow killing of client instances by cn
 with wildcards
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

In case of some permanent part of common name (ex. domain) and/or
long complex common name consisting of multiple x509 fields, it's
handly to kill client instances via management interface with just
part of common name, not by exact match only.

Patch allows to use wildcard placeholder '*' as the last trailing
symbol of kill command parameter.
Single '*' wildcard would be too greedy and can be too harmful,
therefore not allowed. Wildcards in the middle of parameter string
are not supported to keep the the things simple at the moment.

Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
---
 doc/management-notes.txt | 2 ++
 src/openvpn/multi.c      | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/doc/management-notes.txt b/doc/management-notes.txt
index 61daaf07..91073693 100644
--- a/doc/management-notes.txt
+++ b/doc/management-notes.txt
@@ -195,6 +195,8 @@ Command examples:
 
   kill Test-Client -- kill the client instance having a
                       common name of "Test-Client".
+  kill Test-Cli*   -- kill the client instances having a
+                      common name starting with "Test-Cli".
   kill 1.2.3.4:4000 -- kill the client instance having a
                        source address and port of 1.2.3.4:4000
 
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 9bda38b0..8952658a 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -3772,6 +3772,10 @@ management_callback_kill_by_cn(void *arg, const char *del_cn)
     struct hash_element *he;
     int count = 0;
 
+    /* Allow trailing wildcard */
+    int len = strlen(del_cn);
+    len += (len > 1 && del_cn[len-1] == '*') ? -1 : 1;
+
     hash_iterator_init(m->iter, &hi);
     while ((he = hash_iterator_next(&hi)))
     {
@@ -3779,7 +3783,7 @@ management_callback_kill_by_cn(void *arg, const char *del_cn)
         if (!mi->halt)
         {
             const char *cn = tls_common_name(mi->context.c2.tls_multi, false);
-            if (cn && !strcmp(cn, del_cn))
+            if (cn && !strncmp(cn, del_cn, len))
             {
                 multi_signal_instance(m, mi, SIGTERM);
                 ++count;