From patchwork Sun Dec  3 02:16:51 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 123
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director4.mail.ord1d.rsapps.net ([172.27.255.7])
	by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 k4aACaD5I1ouaQAAgoeIoA
	for <patchwork@openvpn.net>; Sun, 03 Dec 2017 08:18:24 -0500
Received: from proxy17.mail.iad3a.rsapps.net ([172.27.255.7])
	by director4.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 O8NIAqD5I1qrWAAAHDmxtw
	; Sun, 03 Dec 2017 08:18:24 -0500
Received: from smtp1.gate.iad3a ([172.27.255.7])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy17.mail.iad3a.rsapps.net (Dovecot) with LMTP id
 3u5ZOp/5I1o6VwAAR4KW9A
	; Sun, 03 Dec 2017 08:18:23 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.34.181.88]
Authentication-Results: smtp1.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.34.181.88";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Classification-ID: 706ee57a-d82c-11e7-a697-52540091dea5-1-1
Received: from [216.34.181.88] ([216.34.181.88:23028]
 helo=lists.sourceforge.net)
	by smtp1.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS
 (cipher=DHE-RSA-AES256-GCM-SHA384)
	id A6/15-04923-F99F32A5; Sun, 03 Dec 2017 08:18:23 -0500
Received: from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.89)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1eLU9a-0001d3-0W; Sun, 03 Dec 2017 13:17:54 +0000
Received: from sfi-mx-4.v28.ch3.sourceforge.com ([172.29.28.194]
 helo=mx.sourceforge.net)
 by sfs-ml-2.v29.ch3.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 (envelope-from <a@unstable.cc>) id 1eLU9Y-0001cw-HG
 for openvpn-devel@lists.sourceforge.net; Sun, 03 Dec 2017 13:17:52 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:
 MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=XAVTrKbNiqpyJc24dJ/y1S2byuTvlOvEzOWlvPDE5ug=; b=l19J2Ldc0TjWTCxMlsmXkCNn+5
 Daf1DRPn6nlKxSSZVtWKmYIsJyZajE6cQRGhC8oTot3ahtp/Sy4hYlgWSkz1epsYxCkiwin11pBX+
 kkJ50aeO8i1fU+lD15vgVPMThRkUK0VIhHZeuY4FaQWrZiHAD6Z+VUH+AKoqZU7h6WOI=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version:
 Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
 Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
 In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=XAVTrKbNiqpyJc24dJ/y1S2byuTvlOvEzOWlvPDE5ug=; b=DLOoDiPCacic5sSrc0Fb3TW2ic
 dN0PDYMr3Ao1TspLC8IuADseCh/e9TSvV6li1gjYIqBTfIB441yLFjiV6fG2X3QJ3a7i2xeER39VX
 d6XkCl2gQvuYS/XaaQRkrMbV6GHbq+p/pUsxVPD7BbBk53ku0RbgXpWOlQy1NoVrxHBA=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-4.v28.ch3.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 id 1eLU9X-0007Us-Cb
 for openvpn-devel@lists.sourceforge.net; Sun, 03 Dec 2017 13:17:52 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Sun,  3 Dec 2017 21:16:51 +0800
Message-Id: <20171203131651.622-1-a@unstable.cc>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [5.148.176.60 listed in list.dnswl.org]
 -0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1eLU9X-0007Us-Cb
Subject: [Openvpn-devel] [PATCH v2] reload HTTP proxy credentials when
 moving to the next connection profile
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

The HTTP proxy credentials are stored in a static variable that is
possibly initialized before each connection attempt.

However, the variable is never "released" therefore get_user_pass()
refuses to overwrite its content and leaves it as it is.
Consequently, if the user config contains multiple connection profiles
with different http-proxy, each having its own credentials, only the
first user/pass couple is loaded and the others are all ignored.
This leads to connection failures because the proper credentials are
not associated with the right proxy server.

The root of the misbehaviour seems to be located in the fact that,
despite the argument force passed to get_user_pass_http() being true,
no action is taken to release the static object containing the
credentials.

Fix the misbehaviour by releasing the http-proxy credential object
when the reload is "forced".

Trac: #836
Signed-off-by: Antonio Quartulli <a@unstable.cc>
---

v2:
- rebased on current master

 src/openvpn/proxy.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
index fdc73b4a..cfc1d11c 100644
--- a/src/openvpn/proxy.c
+++ b/src/openvpn/proxy.c
@@ -255,7 +255,16 @@ username_password_as_base64(const struct http_proxy_info *p,
 static void
 get_user_pass_http(struct http_proxy_info *p, const bool force)
 {
-    if (!static_proxy_user_pass.defined || force)
+    /*
+     * in case of forced (re)load, make sure the static storage is set as
+     * undefined, otherwise get_user_pass() won't try to load any credential
+     */
+    if (force)
+    {
+        static_proxy_user_pass.defined = false;
+    }
+
+    if (!static_proxy_user_pass.defined)
     {
         unsigned int flags = GET_USER_PASS_MANAGEMENT;
         if (p->queried_creds)