From patchwork Wed Oct 23 13:49:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Razvan Cojocaru X-Patchwork-Id: 3908 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6bd6:b0:5b9:581e:f939 with SMTP id c22csp405408max; Wed, 23 Oct 2024 06:49:12 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWRxUnZqaSU/dg6n5gelNkCZx75N3qaJ8GL79T4pqSCXTtMjPBP/KgvhUR0D1DDMqYFRlSSKyV13Z0=@openvpn.net X-Google-Smtp-Source: AGHT+IFD0Fdo3A88E0x02SdCpiThA1QUNdT0sG7iW5hgI7sHwJglnpi0ntEmCZpT02uVR+20sODZ X-Received: by 2002:a05:6870:96a6:b0:288:6d7e:2e19 with SMTP id 586e51a60fabf-28ccb39a50fmr3086436fac.10.1729691352586; Wed, 23 Oct 2024 06:49:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1729691352; cv=none; d=google.com; s=arc-20240605; b=jqJdbZS3t5AsDHcxkkEup704myIppdYapr9SW7DDu3GoS8a4MV+0wLydrWHos2qhI3 wddSV0HuhQb4LtC9CgAjLWlO6AHZpFTGNo9S7OT6TJmjDRqXJxbr0CPAv+hwFJZ4coHe DMf5nD1GhOUlXc/1RyferokrDKlsrv+sDprjl18beMqXtLEPJAyWwOi7guZfAX/37etw Bo5Nf/r47MpqBR3E6D82ow9T+EOJB9/m1inoGPhwu2oxNwF1QPnLz6DBCICPK9nNm7BP GEZRw3lc/vFr6KmC4xuoj8jrs2QqLgBuLsFOapyEqOV9ijMwQH5Sik6sxq+KHrP/6d7y AcIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature; bh=C2Tk958qA6YVpQizc4VNQ4Xngb75SXfD4MRYow6RRWU=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=efN7DWRA3H3GIAsN6cEBnZoLRmI6Yo7GAn2VLEOzjSb1VM4rmm9VtzrjdTQQyq4eQI C6RxblyoDx67eSV/Aax4sNw6ZAMrL3N9UXmCN1y8n11b4rqckNxMqBm+EYMSMqPXLSja /EsjifLp4fDVztfzJjMxkiZYoWrAcvLLQtxRyUAyFRSSZy/wIsad89zhEGLNi/ke+tHo 2R9+QECBImJT/nk/uwocnq9h1GOJJGzAn76UP0W7Ib3TqmlRd3pZL54oS68oZRvILfvQ sOI3nFt2WKwCbr+ElwsCOU0G/lW2DWHhpkaVvLVU/hOhKsv+cobwao61dbmPBCXdRNJr KjqQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PwQSqVeP; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="dh/PVLcJ"; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=avRXTGGi; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-28c793e2ed9si4347583fac.162.2024.10.23.06.49.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Oct 2024 06:49:12 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PwQSqVeP; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="dh/PVLcJ"; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=avRXTGGi; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1t3bjR-0006Wy-OT; Wed, 23 Oct 2024 13:49:01 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1t3bjQ-0006Wo-KG for openvpn-devel@lists.sourceforge.net; Wed, 23 Oct 2024 13:49:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=hql+TH+AabuCM8FI0sdWhW9a5Ewm+xj13Y2BuJwR7dI=; b=PwQSqVePcWGJtfuefuhnUUq2XO AiCUeeb3NfrHseufDtJjdHTaLtdPa58b/SWvPbnWihiF3UhZNVgOcOAhnakC0EJhwBawunIwquIzl wApIs8QtPTyvBBYVv6LB+x3xtXsspsa22AcTr+F0xfg9lpoc6oQQxRMylzSuApCuBr3A=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=hql+TH+AabuCM8FI0sdWhW9a5Ewm+xj13Y2BuJwR7dI=; b=d h/PVLcJlSj4NiR9G8HqUvC9Zqk0a9yVr9lsUKwxSLwqSHG2HnH+/VStIDDGGzqxZG8sFYnD17lI7V VdHnQyASX/OV6NKWUHlJ48rVFsWU8cCNDy5pVPCzE1dVFC5ABl7at52CQx2O3S1qfSIp/+312A0cQ f3ZFNzvn7HDCXlY0=; Received: from mail-wr1-f47.google.com ([209.85.221.47]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1t3bjP-0004ns-FU for openvpn-devel@lists.sourceforge.net; Wed, 23 Oct 2024 13:48:59 +0000 Received: by mail-wr1-f47.google.com with SMTP id ffacd0b85a97d-37ec4e349f4so4039998f8f.0 for ; Wed, 23 Oct 2024 06:48:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729691328; x=1730296128; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=hql+TH+AabuCM8FI0sdWhW9a5Ewm+xj13Y2BuJwR7dI=; b=avRXTGGizHkDrsz1KBI3tdmMxtl675JFdun4mUpJu/Z3oCFxtJvdWQiXDdQc8KV+68 IWDTNvePwPmM/Xrrx0XDHkeQkZv7JYpV8VnJS+uTScGq+ftSdQDtJ0m08QvKRwCyHQq0 q86nD2507oWl1A5ri3r4YKKvAmuiq6rFsr8sC6ce635cdGjFFFsByPa2gwLScZtKq+rB pFQdsWnMj2eOtU8+LG+IkxCRYGyI3DT966uBnKRW8RFEGykA1lcoUcRETzMVhrix3S5a 3cq+e4mi2bNh3yM5RCk8FApAg7yErKgDt45wI+YXZragWfqkaMGzQ7UO/r830eN2EZy8 kVlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729691328; x=1730296128; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hql+TH+AabuCM8FI0sdWhW9a5Ewm+xj13Y2BuJwR7dI=; b=VK7bx85J0kMmWA662lnYPD5Can6Y5XT2urYAIx6hab73VE8f2QOalTPwwynoONXSCF P9/NF93JgXr1rPGBS0+eKQumvOBdxrTOokE6AaTXoD1hSnI8KDxPmHU6LmGxwUFjy1LS Klg2gZxV17hxaZf4kQN1Ioy2o+FD5TayqcTPWSpUYBwbS5V1wYwNDuwXcSQZXZ5Wlekv z7cuaIXmzuv/gEpiC6tLKOubL05Wsbh7wZEFScTLCcf1AY/RwpQvBmt22ilr+OZUj2qD 4GGNTpXENSzpRtfPVPyiI56VUs8wDc5g6oLo3FTkjuLFTP/EDTMBlprEFS/M8nXzTiXn D/Jg== X-Gm-Message-State: AOJu0YyFCz4JJMSOK32bXOEO6Que2RNUdGsd0DdnhTJaFXEnrxQWMAhM kw0Qi6h/fj/odQPdKh9wILlCrOgVc/Cd3SwkWzCWPIT/C4FNNFnSGRDarjRz X-Received: by 2002:adf:fa50:0:b0:37d:4cee:55b with SMTP id ffacd0b85a97d-37efcfb7ec6mr1802669f8f.59.1729691327780; Wed, 23 Oct 2024 06:48:47 -0700 (PDT) Received: from localhost.localdomain ([188.27.87.77]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-37ee0b9cd48sm8939960f8f.111.2024.10.23.06.48.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Oct 2024 06:48:47 -0700 (PDT) From: Razvan Cojocaru To: openvpn-devel@lists.sourceforge.net Date: Wed, 23 Oct 2024 16:49:03 +0300 Message-ID: <20241023134903.66485-1-rzvncj@gmail.com> X-Mailer: git-send-email 2.47.0 MIME-Version: 1.0 X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This in turn allows the server to signal to the client that it should no longer attempt to reconnect, if it wants to keep the client out after an AUTH_FAILED. Signed-off-by: Razvan Cojocaru --- src/openvpn/misc.c | 5 +++++ 1 file changed, 5 insertions(+) Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.0 HK_RANDOM_FROM From username looks random 0.0 HK_RANDOM_ENVFROM Envelope sender username looks random 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [rzvncj[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.47 listed in list.dnswl.org] -1.7 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.47 listed in wl.mailspike.net] X-Headers-End: 1t3bjP-0004ns-FU Subject: [Openvpn-devel] [PATCH] Allow setting an empty auth-token in push replies X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1813712839512226929?= X-GMAIL-MSGID: =?utf-8?q?1813712839512226929?= This in turn allows the server to signal to the client that it should no longer attempt to reconnect, if it wants to keep the client out after an AUTH_FAILED. Signed-off-by: Razvan Cojocaru --- src/openvpn/misc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 70ba5e4d..82ac8056 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -524,6 +524,11 @@ set_auth_token(struct user_pass *tk, const char *token) } protect_user_pass(tk); } + else + { + tk->defined = false; + tk->token_defined = false; + } } void