diff mbox series

[Openvpn-devel,v1] manage: Do not trigger actions on management disconnect if not authenticated

Message ID 20260122125707.108048-1-frank@lichtenheld.com
State New
Headers show
Series [Openvpn-devel,v1] manage: Do not trigger actions on management disconnect if not authenticated | expand

Commit Message

Frank Lichtenheld Jan. 22, 2026, 12:57 p.m. UTC 
If the management interface requires authentication via password
and the remote did not specify it, do not do trigger actions
requested by --management-forget-disconnect and --management-signal
on disconnect.

Reported-By: Joshua Rogers <contact@joshua.hu>
Found-By: ZeroPath (https://zeropath.com)
Github: openvpn-private-issues#5
Change-Id: I575d65912ce9065a0b0868e73998b4a9aece62af
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1484
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1484
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Arne Schwabe <arne-openvpn@rfc2549.org>
diff mbox series

Patch

diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 8fa8784..37ae6b3 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -2073,13 +2073,14 @@ 
     }
     if (!exiting)
     {
-        if (man->settings.flags & MF_FORGET_DISCONNECT)
+        if (man->settings.flags & MF_FORGET_DISCONNECT && !man_password_needed(man))
         {
+            msg(D_MANAGEMENT, "MANAGEMENT: Reset authentication on disconnect");
             ssl_purge_auth(false);
             (void)ssl_clean_auth_token();
         }
 
-        if (man->settings.flags & MF_SIGNAL)
+        if (man->settings.flags & MF_SIGNAL && !man_password_needed(man))
         {
             int mysig = man_mod_signal(man, SIGUSR1);
             if (mysig >= 0)