From patchwork Fri Sep 17 05:35:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard T Bonhomme X-Patchwork-Id: 1952 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id 6HwuMCa2RGE+AgAAIUCqbw (envelope-from ) for ; Fri, 17 Sep 2021 11:37:10 -0400 Received: from proxy3.mail.ord1c.rsapps.net ([172.28.255.1]) by director7.mail.ord1d.rsapps.net with LMTP id 2Ar8Lya2RGFbMQAAovjBpQ (envelope-from ) for ; Fri, 17 Sep 2021 11:37:10 -0400 Received: from smtp6.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1c.rsapps.net with LMTPS id IICoLya2RGEPBgAANIxBXg (envelope-from ) for ; Fri, 17 Sep 2021 11:37:10 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp6.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 1f33a3a0-17cd-11ec-af43-bc305bf03f9c-1-1 Received: from [216.105.38.7] ([216.105.38.7:42170] helo=lists.sourceforge.net) by smtp6.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 1D/09-13379-626B4416; Fri, 17 Sep 2021 11:37:10 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1mRFuI-0001vo-9e; Fri, 17 Sep 2021 15:36:06 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1mRFuF-0001vb-Vd for openvpn-devel@lists.sourceforge.net; Fri, 17 Sep 2021 15:36:04 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=7yFRCQy4TTpg24p3jzCMNqU+D4gxHbMa7DbIFjfp7Oc=; b=bqq7iqu/+BOdpIN7n6CwDOIWVa /Sgb2BoWRmxS6YyJA0xXU99H4G2MUy0v89ZWFM+1CyZ83Xj0xZtoLMjX5u3aVLw5MaIItdFy6/1/z FSw3mtvqy4HiVitWxy6zwvG+qxAVHfg3Vp+Oi82jeXWrzoHPHUejbhVIauzgxTGle9ZA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=7yFRCQy4TTpg24p3jzCMNqU+D4gxHbMa7DbIFjfp7Oc=; b=Y k1yvarGSLid3T8clu8ChJYy7wmXN7sZpwhVSR6THqYJwYEp4NT+bnb5+JVfkinifUOHtyBukJbVum 5RV1wAkFpM4T/wTieqaUDo+0k0mXciX9NROjxkqrTAn6BIH9X1lPwt8L2iRu8RIOOU4RcBUMd9F5S Ect1pUKtSEPnJsJs=; Received: from mail-wm1-f45.google.com ([209.85.128.45]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1mRFuF-00Dvmk-EP for openvpn-devel@lists.sourceforge.net; Fri, 17 Sep 2021 15:36:03 +0000 Received: by mail-wm1-f45.google.com with SMTP id v20-20020a1cf714000000b002e71f4d2026so7771903wmh.1 for ; Fri, 17 Sep 2021 08:36:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=7yFRCQy4TTpg24p3jzCMNqU+D4gxHbMa7DbIFjfp7Oc=; b=Tqktay9wQ+W16+wes8YvFVAjNCY/kAj0+yEWWb+kYognzyQxNdzCDs0LYzvpkmNJ8e BFcoGud1ePDEvzVPCRr59nd/PJ4eDDOTLvUVtkSsUq2jkalKMWORorWoduI/TwQ0jpSm /ep9uc9om3sTA0wDN9HAQjA6YThZdSGjDFy+0/keRX+jw0jPJrVCys1ONTVC9MeGL0G+ yRhD0Bgp9qj4iYVKf85dGscdmuVUiAmMne43t+MZQW4WvdcRnZg/elpn+ttGV+jD3kp5 /TYqwfCYWV+vtUNxK89gV9XbOz6vOO5mNVMX7iN2Ku4FOpNL7FzPcYkdnO4w7aCR4dn3 DFgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=7yFRCQy4TTpg24p3jzCMNqU+D4gxHbMa7DbIFjfp7Oc=; b=icGtAIwfkShPcAgYr+15D0P87cALhDtwNgP3HX00d/m0Y9R149Nqq95Gi+vXXLLxDm qutzZOAjMnyMW00/zVy2UztsrrQSQb61Xd7hZSw1jvrieWm9zrzhBx2B95OpsLPlq8Tp uPfyRz274lgjCtgdT8bfckDTJSfk9ZScrlSTIaQkL3v+WOgLme91+omaaVaLk0vnteQ9 cJ9Bmvi6sY7Wyg8+QI1Tedhz6nUGcnimQaMCUYqGcZjF2mOGtZgZRkMsAttIVzqS+1NI 0vGZURIMeV99XTWVf8a+oTi3KT+MdXcf9xbX+g3wBo6PzfhWbKOfAntu0P7Ik34zdDuO D9tg== X-Gm-Message-State: AOAM531StlisKopNuGKRBSvQqdsdeREE92jo42bm3mXAh34ILjUomYWX kSCbrASW0icXkdEfZ2xQaFlXlExzaE4= X-Google-Smtp-Source: ABdhPJzMqH9OYAq5Tfqc1KY+Ih/Wjrppv46lZAkz3/fMte41+TPBCdcu9tRyJMsyU6vPVDZv7pCJ6w== X-Received: by 2002:a05:600c:19d4:: with SMTP id u20mr15463330wmq.28.1631892957076; Fri, 17 Sep 2021 08:35:57 -0700 (PDT) Received: from localhost.localdomain (host-92-0-144-106.as13285.net. [92.0.144.106]) by smtp.gmail.com with ESMTPSA id e3sm8953930wrv.18.2021.09.17.08.35.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 Sep 2021 08:35:55 -0700 (PDT) From: stringvest88@gmail.com X-Google-Original-From: tincantech@protonmail.com To: openvpn-devel@lists.sourceforge.net Date: Fri, 17 Sep 2021 16:35:26 +0100 Message-Id: <20210917153526.912375-1-tincantech@protonmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Richard T Bonhomme A server configured with --client-disconnect and --username-as-common-name will pass the X509-CN not username, after the client has completed a renegotiation, to --client-disconnect. Content analysis details: (0.1 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.45 listed in list.dnswl.org] 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit [stringvest88[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [stringvest88[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.45 listed in wl.mailspike.net] X-Headers-End: 1mRFuF-00Dvmk-EP Subject: [Openvpn-devel] [PATCH] Correct value for --client-disconnect env variable common_name X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Richard T Bonhomme A server configured with --client-disconnect and --username-as-common-name will pass the X509-CN not username, after the client has completed a renegotiation, to --client-disconnect. Explicitly set the environment variable common_name to the current value, which will be username in this case, prior to calling --client-disconnect. Trac: #160 Signed-off-by: Richard T Bonhomme --- src/openvpn/multi.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 22357cfb..c72e8e95 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -557,6 +557,10 @@ setenv_stats(struct context *c) static void multi_client_disconnect_setenv(struct multi_instance *mi) { + /* setenv client current common-name */ + setenv_str(mi->context.c2.es, "common_name", + tls_common_name(mi->context.c2.tls_multi, true)); + /* setenv client real IP address */ setenv_trusted(mi->context.c2.es, get_link_socket_info(&mi->context));