From patchwork Mon Oct 8 07:16:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 517 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id mAG/ASGfu1tALAAAIUCqbw for ; Mon, 08 Oct 2018 14:17:05 -0400 Received: from director8.mail.ord1c.rsapps.net ([172.28.255.1]) by director8.mail.ord1d.rsapps.net with LMTP id mO5ZASGfu1sySAAAfY0hYg ; Mon, 08 Oct 2018 14:17:05 -0400 Received: from smtp39.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by director8.mail.ord1c.rsapps.net with LMTP id mI5FByGfu1tzLAAAPBwpBw ; Mon, 08 Oct 2018 14:17:05 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp39.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 5ab692bc-cb26-11e8-8011-5452006c005a-1-1 Received: from [216.105.38.7] ([216.105.38.7:58892] helo=lists.sourceforge.net) by smtp39.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 6C/94-09543-E1F9BBB5; Mon, 08 Oct 2018 14:17:03 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1g9a52-0000G8-HM; Mon, 08 Oct 2018 18:16:32 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1g9a51-0000Fu-EX for openvpn-devel@lists.sourceforge.NET; Mon, 08 Oct 2018 18:16:31 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=/7IoVy2f5j0up/+ZwqSO7nGJMTctYHeCkPpamBMJMio=; b=ZjnrN5eYJOnMWQ0ICitmXxJkk+ kTczOTbf2WqWWQqFH+Zb3IqhJYR0zVYiO/vuoXacshVeENNa3j3rjCyIx9FI+IcTQXqZJXZG0Lhe4 OoyPtdRSsKSA6tTmaLXABFb2/BHMX/oTvvwCrvaNPjb+21N1IRHNjnboz59XCpuOr4dM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=/7IoVy2f5j0up/+ZwqSO7nGJMTctYHeCkPpamBMJMio=; b=V1pVFQ/+9Djri6meBXbgska5E+ 1IcIxBP1R73+JJgd52ZkjW3H8L2NdmiBQQhrfivZEP2JY+JNVjkCw/wew2J8cF7JTvesiTt8194KR 03yDlO/5Hyl7OsJt4O4vhhp+Vm/YlY0w06A2asv440ELX5fI47ybQG/PKx+LP+EVYyME=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-4.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1g9a4z-00Ebvm-Ul for openvpn-devel@lists.sourceforge.NET; Mon, 08 Oct 2018 18:16:31 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.91 (FreeBSD)) (envelope-from ) id 1g9a4o-000APw-F0 for openvpn-devel@lists.sourceforge.net; Mon, 08 Oct 2018 20:16:18 +0200 Received: (nullmailer pid 9023 invoked by uid 10006); Mon, 08 Oct 2018 18:16:18 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Oct 2018 20:16:16 +0200 Message-Id: <20181008181618.8976-2-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181008181618.8976-1-arne@rfc2549.org> References: <20181008181618.8976-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1g9a4z-00Ebvm-Ul Subject: [Openvpn-devel] [PATCH 2/4] Remove AUTO_USERID feature X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox There is no user facing way to enable this feature and way that feature works (username build from MAC of primary net device) is questionable. It also does not compile anymore. Acked-by: Gert Doering --- src/openvpn/errlevel.h | 1 - src/openvpn/misc.c | 45 ------------------------------------------ src/openvpn/misc.h | 5 ----- src/openvpn/ssl.c | 4 ---- src/openvpn/syshead.h | 9 --------- 5 files changed, 64 deletions(-) diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h index 5ca4fa8f..c30284fc 100644 --- a/src/openvpn/errlevel.h +++ b/src/openvpn/errlevel.h @@ -139,7 +139,6 @@ #define D_PACKET_TRUNC_DEBUG LOGLEV(7, 70, M_DEBUG) /* PACKET_TRUNCATION_CHECK verbose */ #define D_PING LOGLEV(7, 70, M_DEBUG) /* PING send/receive messages */ #define D_PS_PROXY_DEBUG LOGLEV(7, 70, M_DEBUG) /* port share proxy debug */ -#define D_AUTO_USERID LOGLEV(7, 70, M_DEBUG) /* AUTO_USERID debugging */ #define D_TLS_KEYSELECT LOGLEV(7, 70, M_DEBUG) /* show information on key selection for data channel */ #define D_ARGV_PARSE_CMD LOGLEV(7, 70, M_DEBUG) /* show parse_line() errors in argv_parse_cmd */ #define D_CRYPTO_DEBUG LOGLEV(7, 70, M_DEBUG) /* show detailed info from crypto.c routines */ diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 51d539d2..75f4ff47 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -455,51 +455,6 @@ get_auth_challenge(const char *auth_challenge, struct gc_arena *gc) #endif /* ifdef ENABLE_MANAGEMENT */ -#if AUTO_USERID - -void -get_user_pass_auto_userid(struct user_pass *up, const char *tag) -{ - struct gc_arena gc = gc_new(); - struct buffer buf; - uint8_t macaddr[6]; - static uint8_t digest [MD5_DIGEST_LENGTH]; - static const uint8_t hashprefix[] = "AUTO_USERID_DIGEST"; - - const md_kt_t *md5_kt = md_kt_get("MD5"); - md_ctx_t *ctx; - - CLEAR(*up); - buf_set_write(&buf, (uint8_t *)up->username, USER_PASS_LEN); - buf_printf(&buf, "%s", TARGET_PREFIX); - if (get_default_gateway_mac_addr(macaddr)) - { - dmsg(D_AUTO_USERID, "GUPAU: macaddr=%s", format_hex_ex(macaddr, sizeof(macaddr), 0, 1, ":", &gc)); - ctx = md_ctx_new(); - md_ctx_init(ctx, md5_kt); - md_ctx_update(ctx, hashprefix, sizeof(hashprefix) - 1); - md_ctx_update(ctx, macaddr, sizeof(macaddr)); - md_ctx_final(ctx, digest); - md_ctx_cleanup(ctx); - md_ctx_free(ctx); - buf_printf(&buf, "%s", format_hex_ex(digest, sizeof(digest), 0, 256, " ", &gc)); - } - else - { - buf_printf(&buf, "UNKNOWN"); - } - if (tag && strcmp(tag, "stdin")) - { - buf_printf(&buf, "-%s", tag); - } - up->defined = true; - gc_free(&gc); - - dmsg(D_AUTO_USERID, "GUPAU: AUTO_USERID: '%s'", up->username); -} - -#endif /* if AUTO_USERID */ - void purge_user_pass(struct user_pass *up, const bool force) { diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index 7092685f..fad53de8 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -158,11 +158,6 @@ void configure_path(void); const char *sanitize_control_message(const char *str, struct gc_arena *gc); -#if AUTO_USERID -void get_user_pass_auto_userid(struct user_pass *up, const char *tag); - -#endif - /* * /sbin/ip path, may be overridden */ diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 0a947c6e..5a136d69 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -410,9 +410,6 @@ auth_user_pass_setup(const char *auth_file, const struct static_challenge_info * auth_user_pass_enabled = true; if (!auth_user_pass.defined && !auth_token.defined) { -#if AUTO_USERID - get_user_pass_auto_userid(&auth_user_pass, auth_file); -#else #ifdef ENABLE_MANAGEMENT if (auth_challenge) /* dynamic challenge/response */ { @@ -438,7 +435,6 @@ auth_user_pass_setup(const char *auth_file, const struct static_challenge_info * else #endif /* ifdef ENABLE_MANAGEMENT */ get_user_pass(&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT); -#endif /* if AUTO_USERID */ } } diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h index 807f7b9b..d2a50341 100644 --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h @@ -643,15 +643,6 @@ socket_defined(const socket_descriptor_t sd) #define CONNECT_NONBLOCK #endif -/* - * Do we have the capability to support the AUTO_USERID feature? - */ -#if defined(ENABLE_AUTO_USERID) -#define AUTO_USERID 1 -#else -#define AUTO_USERID 0 -#endif - /* * Compression support */