From patchwork Thu Nov 11 04:00:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pete Nelson X-Patchwork-Id: 2071 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id yEa5LVAwjWEbawAAIUCqbw (envelope-from ) for ; Thu, 11 Nov 2021 10:01:36 -0500 Received: from proxy5.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id iKF7LVAwjWE/WgAApN4f7A (envelope-from ) for ; Thu, 11 Nov 2021 10:01:36 -0500 Received: from smtp37.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.ord1d.rsapps.net with LMTPS id 4JAvLVAwjWGNVwAA8Zzt7w (envelope-from ) for ; Thu, 11 Nov 2021 10:01:36 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp37.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 434a26b6-4300-11ec-9150-525400a11cf3-1-1 Received: from [216.105.38.7] ([216.105.38.7:38008] helo=lists.sourceforge.net) by smtp37.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B8/6A-09386-F403D816; Thu, 11 Nov 2021 10:01:35 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1mlBZD-0002Ie-AW; Thu, 11 Nov 2021 15:00:43 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mlBZA-0002IO-6t for openvpn-devel@lists.sourceforge.net; Thu, 11 Nov 2021 15:00:40 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:To:Subject:Message-ID:Date:From: MIME-Version:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=XD+los9I0uvHt7u3l/Nf6fvimpQvuyZUrDuJnPyblKE=; b=SdWPz9SPnVzkNkZQnKieVFPw5/ ajhytM1J7CAs+mPUhzQ32j44Bz91d3oaruoFymopEpSuBU4GOk/S8U19pUOn37r99Kdqj9ZfstekS Ch5JEmOrUldmvlkanClc4OzaAu1xMgEMc5v+X7rUOKmdS7P5u9wKJ1BjTxpH7Xmn8vww=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:To:Subject:Message-ID:Date:From:MIME-Version:Sender:Reply-To :Cc:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=XD+los9I0uvHt7u3l/Nf6fvimpQvuyZUrDuJnPyblKE=; b=B gM18Um5erg6PR7GpIJY9GOSgke5NNLX/rg6Y3vLhI7f8u5tPAuIugCPTcqGlXbmuIf6efTvGdk50z WWLa6tm1MOG56Gw08pt58L70tOWn16cI1V/+B8HUSp96ryGjcgLbjSyfseLoUuKBrOoxhiOfKjo6I fnjPnexr2MqfVT5A=; Received: from mail-pf1-f171.google.com ([209.85.210.171]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1mlBZ8-0000ZP-2X for openvpn-devel@lists.sourceforge.net; Thu, 11 Nov 2021 15:00:38 +0000 Received: by mail-pf1-f171.google.com with SMTP id m14so5799235pfc.9 for ; Thu, 11 Nov 2021 07:00:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=XD+los9I0uvHt7u3l/Nf6fvimpQvuyZUrDuJnPyblKE=; b=Uukn5KPBbWvvkMIPuPBmu4p5t5k042wL/aWpQoGIHA1/F35OT0CIIAwK0JgV3pFnbF RU6vJSuzXQlIQYWs2XnaooJSK34e85adH7viYMCEs4tWiDUkmea9D8lfe1xGzoM9ifgj mWiAK8S9T6n9X35wpGQuzUnfZDEFHwRCNNML6f4Qm0kHJGiPCwu0sYZRmY+1Wl4trbhb H8GOsYtfDBYnCZtZeBTnhtUWxmBg1rWBaT06HDmfrAZXmhIU2oKBHgx/oc/tw+OpdxI0 QmPzN5RTxPaseDGfKencRKiaTivoEwnfPzNMmDzVO17/zsCcQSGEMjJbru1T2dlaKAZS J+Yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=XD+los9I0uvHt7u3l/Nf6fvimpQvuyZUrDuJnPyblKE=; b=eYL069I32eZYRqXL5GLGjI8oZnigdt9hQ2vaUlK8dscprYvIK8vE6KhmSTyoP2DerD CRlgHk1m2NE8HW7srF3Qf3o/gHj522I51g7bNLZHUWcILPxRLg+vD4YzBphlNLsMgP2s /O2eGS/+7iUxqzEYRqAFv2MeiMo/PAUVE9EBBo6hazM5W1zqRlqi+XsLOm0TUBV4cZ+r PKgZemRFfIjedPaDxF+wviA075nLxrpYK2SsIy7Laft484dzoGG4BtWMO+ncIjcT9I7n I4FwzqrruSOwome3++tylsq1j2CrQS8y4edklkJUzuEXWqBLUEbK24o78DxNLLpqioyL dFYg== X-Gm-Message-State: AOAM531lGcq0faomsu8AbFh9CKdGfGo543vC0+6vxlFqtP9GQrhSyzLO HLU3XpTcxtG7DImJQUOOQA0QDeLCHdz50nP0hlnABbcxIU4= X-Google-Smtp-Source: ABdhPJyd99R4TD6yapXsjfg2oMIo59Ca6VLO66ZRiK+MnXTAfReuS2kiaAiS7cdmw4+GRuqbs8jv7y9g4lqsAuVhT/M= X-Received: by 2002:a05:6a00:b83:b0:49f:b555:1183 with SMTP id g3-20020a056a000b8300b0049fb5551183mr7244771pfj.32.1636642830258; Thu, 11 Nov 2021 07:00:30 -0800 (PST) MIME-Version: 1.0 From: Pete Nelson Date: Thu, 11 Nov 2021 15:00:19 +0000 Message-ID: To: openvpn-devel@lists.sourceforge.net X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: When evaluating authentication plugins, stop further evaluation once the first failure is detected. implementation notes: refactoring from a switch-case to an if-else block allows the break statement to break out of the outer for loop without additional control variables. Also, moving the pr->n sett [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.210.171 listed in list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [petiepooo[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.210.171 listed in wl.mailspike.net] X-Headers-End: 1mlBZ8-0000ZP-2X Subject: [Openvpn-devel] [PATCH v2] boolean short-circuit plugins upon failure X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox When evaluating authentication plugins, stop further evaluation once the first failure is detected. implementation notes: refactoring from a switch-case to an if-else block allows the break statement to break out of the outer for loop without additional control variables. Also, moving the pr->n setting to within the loop keeps the value correct if one does break out early. v2: add check for auth plugin before breaking loop Signed-off-by: Peter Nelson --- src/openvpn/plugin.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/src/openvpn/plugin.c b/src/openvpn/plugin.c index d5704e07..02b17378 100644 --- a/src/openvpn/plugin.c +++ b/src/openvpn/plugin.c @@ -818,26 +818,24 @@ plugin_call_ssl(const struct plugin_list *pl, certdepth, current_cert ); - switch (status) + if (pr) { - case OPENVPN_PLUGIN_FUNC_SUCCESS: - break; - - case OPENVPN_PLUGIN_FUNC_DEFERRED: - deferred = true; - break; - - default: - error = true; + pr->n = i + 1; + } + if (status == OPENVPN_PLUGIN_FUNC_DEFERRED) + { + deferred = true; + } + else if (status != OPENVPN_PLUGIN_FUNC_SUCCESS) + { + error = true; + if (type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) + { break; + } } } - if (pr) - { - pr->n = i; - } - gc_free(&gc); if (error)