From patchwork Thu Sep 16 06:46:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard T Bonhomme X-Patchwork-Id: 1951 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.27.255.54]) by backend30.mail.ord1d.rsapps.net with LMTP id EvgBDkt1Q2EaVAAAIUCqbw (envelope-from ) for ; Thu, 16 Sep 2021 12:48:11 -0400 Received: from proxy19.mail.iad3a.rsapps.net ([172.27.255.54]) by director11.mail.ord1d.rsapps.net with LMTP id gKhHDUt1Q2H+AwAAvGGmqA (envelope-from ) for ; Thu, 16 Sep 2021 12:48:11 -0400 Received: from smtp3.gate.iad3a ([172.27.255.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy19.mail.iad3a.rsapps.net with LMTPS id 8GUJBUt1Q2GDXAAAXy6Yeg (envelope-from ) for ; Thu, 16 Sep 2021 12:48:11 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp3.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: df802450-170d-11ec-8dba-525400af4d07-1-1 Received: from [216.105.38.7] ([216.105.38.7:44510] helo=lists.sourceforge.net) by smtp3.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id A9/F4-28195-94573416; Thu, 16 Sep 2021 12:48:10 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1mQuXP-0006H6-TU; Thu, 16 Sep 2021 16:47:04 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1mQuXN-0006Gy-NM for openvpn-devel@lists.sourceforge.net; Thu, 16 Sep 2021 16:47:01 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=CCHk2XzVBM/Yw/4lD4tLHoBEkGJRFPmQ0YIwVpTIjUA=; b=PZegd6FD7nHa9BdixBFqGu+4Ql DnuLbAYmlwSCh8IpAtEEANu4JqlqBC7ptg7abh2h32MFja10gII4HCJB4XwUKfSjq4Meqedb1T/7z Os58pbevPmDiHtOBhSB2LS/Qa2bf3TT1LaVXMfiPrmmqOM3+MYowNUXPMXcQB0rDi4dk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=CCHk2XzVBM/Yw/4lD4tLHoBEkGJRFPmQ0YIwVpTIjUA=; b=H epx/XCB0GkmO64tAb5fmXH9OygclVsjPe3jhtwwhqs8bCeirfbYCIyNK8iBunCI6Tfprv0GckLZGO sh23U7C3voDi0B+ZRV++lBY5kHzeZ/l5nZPTdx7F5AY1TiiohBMD2+7yLZDtRjy0ek7u/doNZq6v4 tirEucKoTknzWmng=; Received: from mail-wr1-f54.google.com ([209.85.221.54]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1mQuXL-0002MR-Vy for openvpn-devel@lists.sourceforge.net; Thu, 16 Sep 2021 16:47:01 +0000 Received: by mail-wr1-f54.google.com with SMTP id g16so10540555wrb.3 for ; Thu, 16 Sep 2021 09:46:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=CCHk2XzVBM/Yw/4lD4tLHoBEkGJRFPmQ0YIwVpTIjUA=; b=ZsxDCAHLLEATcQwJaAdb2kLBbNddrKAkfy4w0vuNNAmzM663RsNwXwcysjOBv977aA Y6pX6iPUIf0YeOXtF3DbKo0xGJGvYn3Tvhl+lFmkyxT95jOoiu84KJ9ZlNVikk2jt1pr AiTxkYX4q36scUs7BnrIyNMkwMVOcC9kZki+YjwKM0rTX6fWzV6R/GRFDbJ+i8LOqjrF 1QiqttSSMpBzqLRfJ/KH/lkfh8LHkVoH1HSmFz3W7LK9V9wpgK4siNLcfhfWMqNLBua2 72q5VNa6iuAKuG5y7tpxQxgZCCrFgTnGx+4zYcKkfhVkd7TqNDU9BtAK3Nop32f4rBLT y5HQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=CCHk2XzVBM/Yw/4lD4tLHoBEkGJRFPmQ0YIwVpTIjUA=; b=ckHQf362mR5yjvSSjwJFKF/YpAsWAsBm0iZ4Ztm+NA4SbfD9BY+/208zpzTP86qodO yQn95+iHOzTx/M4TPF9Wm9DWIMGfeYTFaUIacfsR/enqNQXS28u0gpCq00H3CJInUK0W VTorAIhZNWmPRJPFgvpYweABDF/yizfcE9MdyJ1DsN9zAwkppsGt2noNbo2dvCdxgVjR 13fVQdVjbAv4+soLqHrD7KoWxg9/VP1kBcetYAGkQmxiVWdQnlxWXg1ryJb6ZZmuF8Gd 9PU9p7To+6ChVNHD8696t8lSevtWI4ZITBVPToDzDPkuUHr/vkDJnayjoGwKm4nHbDLT vluA== X-Gm-Message-State: AOAM531s9ZkPrRhtoqmyqMJNTZSbH925UjwOUMjq38C+p2P2muWbI8Yb rJeLvVaWdluuywky4SWGNsLwRCAuBfs= X-Google-Smtp-Source: ABdhPJyTnddCqYzl+IcGpheCdk1dc773yyc+vomClxjlLwy1Lr2iQGpRE1xoZFmdodmHhu1XhqQfOA== X-Received: by 2002:a5d:4a46:: with SMTP id v6mr7162396wrs.262.1631810813721; Thu, 16 Sep 2021 09:46:53 -0700 (PDT) Received: from localhost.localdomain (host-92-0-144-106.as13285.net. [92.0.144.106]) by smtp.gmail.com with ESMTPSA id p4sm3706933wmg.16.2021.09.16.09.46.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Sep 2021 09:46:53 -0700 (PDT) From: stringvest88@gmail.com X-Google-Original-From: tincantech@protonmail.com To: openvpn-devel@lists.sourceforge.net Date: Thu, 16 Sep 2021 17:46:41 +0100 Message-Id: <20210916164641.867248-1-tincantech@protonmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Richard T Bonhomme --client-disconnect is always passed the X509 certificate common_name, which is incorrect when --username-as-common-name is used. Set the environment variable common_name to the correct value, prior to calling --client-disconnect. Content analysis details: (0.1 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.54 listed in list.dnswl.org] 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit [stringvest88[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [stringvest88[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.54 listed in wl.mailspike.net] X-Headers-End: 1mQuXL-0002MR-Vy Subject: [Openvpn-devel] [PATCH] Correct --client-disconnect environment variable common_name X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Richard T Bonhomme --client-disconnect is always passed the X509 certificate common_name, which is incorrect when --username-as-common-name is used. Set the environment variable common_name to the correct value, prior to calling --client-disconnect. Resolves https://community.openvpn.net/openvpn/ticket/160 Signed-off-by: Richard T Bonhomme --- src/openvpn/multi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 22357cfb..18ee5e52 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -557,6 +557,9 @@ setenv_stats(struct context *c) static void multi_client_disconnect_setenv(struct multi_instance *mi) { + /* setenv client current common-name */ + setenv_str(mi->context.c2.es, "common_name", tls_common_name(mi->context.c2.tls_multi, true)); + /* setenv client real IP address */ setenv_trusted(mi->context.c2.es, get_link_socket_info(&mi->context));