From patchwork Mon Jul 27 08:34:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 1342 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.27.255.9]) by backend30.mail.ord1d.rsapps.net with LMTP id 2AuhEX0eH1+WJQAAIUCqbw for ; Mon, 27 Jul 2020 14:35:41 -0400 Received: from proxy11.mail.iad3a.rsapps.net ([172.27.255.9]) by director9.mail.ord1d.rsapps.net with LMTP id uIxGEH0eH1/xYgAAalYnBA (envelope-from ) for ; Mon, 27 Jul 2020 14:35:41 -0400 Received: from smtp32.gate.iad3a ([172.27.255.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.iad3a.rsapps.net with LMTP id gP+VCH0eH1/jFAAAxCvdqw ; Mon, 27 Jul 2020 14:35:41 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp32.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: f8857568-d037-11ea-bca9-5254001741cc-1-1 Received: from [216.105.38.7] ([216.105.38.7:35102] helo=lists.sourceforge.net) by smtp32.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B6/A3-10967-C7E1F1F5; Mon, 27 Jul 2020 14:35:40 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1k07xa-0005gT-18; Mon, 27 Jul 2020 18:34:50 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k07xY-0005gF-Cs for openvpn-devel@lists.sourceforge.net; Mon, 27 Jul 2020 18:34:48 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=h9OhdAr/rR87YGh7Yw6FNs4gIDVehrWWiWmIR4kUZuU=; b=cUbSCibDozCKnIfcOF0FL0KQc4 uyOoaF+XJ6FPc+fEbCUH7bd6Lp6JyBY4WNbC1VyzEfQF6zAZSFQBjTN1ayIHX3YoCEvG3XNXSctYt v+hndbYoLmlO46e8UlKfien3SL7at04XJjAwUYVYBrH/VvzOyYdhQlEeV7LdAzjv+jmU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=h9OhdAr/rR87YGh7Yw6FNs4gIDVehrWWiWmIR4kUZuU=; b=a xImLxDtNHtCwKAvoD7hm0qxmGRfT6WDkTG05tRZtuYO/YTc9CxlH4TaZsR/fZYABqQRRuBfQpwGhw Q9Qxg4EtPMnft3bziBqijwOfeqP6WT1kVpoHUGl0q5tbjKo0pDRJsaFOq48ilk5bgGuIPm/f47VvS lS9MHwco7POwcBgI=; Received: from vmail1.greenie.net ([195.30.8.66]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1k07xW-001LVQ-9o for openvpn-devel@lists.sourceforge.net; Mon, 27 Jul 2020 18:34:48 +0000 Received: from gentoo.ov.greenie.net (gentoo.ov.greenie.net [IPv6:2001:608:0:814:0:0:f000:11]) by vmail1.greenie.net (8.15.2/8.12.11) with SMTP id 06RIYa7U075674 for ; Mon, 27 Jul 2020 20:34:36 +0200 (CEST) Received: (nullmailer pid 6671 invoked by uid 1000); Mon, 27 Jul 2020 18:34:36 -0000 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 27 Jul 2020 20:34:35 +0200 Message-Id: <20200727183436.6625-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (vmail1.greenie.net [IPv6:2001:608:1:995a:20c:29ff:feb8:10eb]); Mon, 27 Jul 2020 20:34:36 +0200 (CEST) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1k07xW-001LVQ-9o Subject: [Openvpn-devel] [PATCH 1/2] Fix sequence of events for async plugin v1 handler. X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox If multi_client_connect_call_plugin_v1() goes to "deferred mode", *and* there is no OPENVPN_CLIENT_CONNECT_DEFER handler, we would read the "client specific options" file after every (succeeded-because-not-present) call to plugin_call(). Move this to "after we have checked the deferred-cc file, and we know for sure that we have CC_RET_SUCCEEDED". Signed-off-by: Gert Doering Acked-By: Arne Schwabe --- src/openvpn/multi.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 9bda38b0..cfb34720 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -2065,8 +2065,6 @@ multi_client_connect_call_plugin_v1(struct multi_context *m, &argv, NULL, mi->context.c2.es); if (plug_ret == OPENVPN_PLUGIN_FUNC_SUCCESS) { - multi_client_connect_post(m, mi, ccs->config_file, - option_types_found); ret = CC_RET_SUCCEEDED; } else if (plug_ret == OPENVPN_PLUGIN_FUNC_DEFERRED) @@ -2100,6 +2098,13 @@ multi_client_connect_call_plugin_v1(struct multi_context *m, { ret = CC_RET_DEFERRED; } + + /* if we still think we have succeeded, do postprocessing */ + if (ret == CC_RET_SUCCEEDED) + { + multi_client_connect_post(m, mi, ccs->config_file, + option_types_found); + } cleanup: argv_free(&argv); From patchwork Mon Jul 27 08:34:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 1341 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.27.255.54]) by backend30.mail.ord1d.rsapps.net with LMTP id mOVRDXQeH197TwAAIUCqbw for ; Mon, 27 Jul 2020 14:35:32 -0400 Received: from proxy8.mail.iad3a.rsapps.net ([172.27.255.54]) by director11.mail.ord1d.rsapps.net with LMTP id IKXoC3QeH186EgAAvGGmqA (envelope-from ) for ; Mon, 27 Jul 2020 14:35:32 -0400 Received: from smtp32.gate.iad3a ([172.27.255.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy8.mail.iad3a.rsapps.net with LMTP id iKyKBHQeH1+HKAAAsBr/qg ; Mon, 27 Jul 2020 14:35:32 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp32.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: f2f86f4c-d037-11ea-bca9-5254001741cc-1-1 Received: from [216.105.38.7] ([216.105.38.7:35028] helo=lists.sourceforge.net) by smtp32.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 6A/83-10967-37E1F1F5; Mon, 27 Jul 2020 14:35:31 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1k07xa-0005gc-4e; Mon, 27 Jul 2020 18:34:50 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k07xY-0005gL-Gl for openvpn-devel@lists.sourceforge.net; Mon, 27 Jul 2020 18:34:48 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=F+ojrTxFYr7+IhiVvDLIIKtaWDeWbLQueFWeHat6YU0=; b=IgD8pXa/a7BwCNYyf4X+nlCt4q woOpNO1kEH+p/m6EcUJrpRf3WuO7LZXPxiJ4sS9fUiLl+rj+BrIjr5/EBWVFaqV5fBdpG8an9icRm fZDnlcWw3MzvjGYtkXNUFm8MCFesiokF9aBl5X5NbQ0JVSMj7ybaqLHi6bR5sh9EfCNQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=F+ojrTxFYr7+IhiVvDLIIKtaWDeWbLQueFWeHat6YU0=; b=ed16i67tHZVAAvWEfSsG2GVlhe t+n7KF8dp2tlijilezDwe7C80zqECFBfPbas5K2qwBIiDws8THJ0gcNknP631VHXWCMlsyDqs7hy1 2fyd3iOTPWem98PL6UCTEF6WD+Bn6ohLjar67SOmnqIBm2aI4rEY5ozECj8xE6exxJMk=; Received: from vmail1.greenie.net ([195.30.8.66]) by sfi-mx-4.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1k07xW-004KIr-9n for openvpn-devel@lists.sourceforge.net; Mon, 27 Jul 2020 18:34:48 +0000 Received: from gentoo.ov.greenie.net (gentoo.ov.greenie.net [IPv6:2001:608:0:814:0:0:f000:11]) by vmail1.greenie.net (8.15.2/8.12.11) with SMTP id 06RIYa0p075677 for ; Mon, 27 Jul 2020 20:34:36 +0200 (CEST) Received: (nullmailer pid 6674 invoked by uid 1000); Mon, 27 Jul 2020 18:34:36 -0000 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 27 Jul 2020 20:34:36 +0200 Message-Id: <20200727183436.6625-2-gert@greenie.muc.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200727183436.6625-1-gert@greenie.muc.de> References: <20200727183436.6625-1-gert@greenie.muc.de> MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (vmail1.greenie.net [IPv6:2001:608:1:995a:20c:29ff:feb8:10eb]); Mon, 27 Jul 2020 20:34:36 +0200 (CEST) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1k07xW-004KIr-9n Subject: [Openvpn-devel] [PATCH 2/2] Abort client-connect handler loop after first handler sets 'disable'. X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The old code would run all (succeeding) handlers, then discover "one of them set the 'disable' flag for this client", and then unroll all the handlers. Moving the 'disable' check into the loop makes it stop after the first handler that fails or (succeeds and sets 'disable'). This is a bit more logical in the log files, and has less potential side effects due to running "later" client-connect handlers when we already know they will have to be unrolled. Signed-off-by: Gert Doering Acked-By: Arne Schwabe --- src/openvpn/multi.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index cfb34720..0f9c586b 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -2617,18 +2617,18 @@ multi_connection_established(struct multi_context *m, struct multi_instance *mi) ASSERT(0); } - (*cur_handler_index)++; - } + /* + * Check for "disable" directive in client-config-dir file + * or config file generated by --client-connect script. + */ + if (mi->context.options.disable) + { + msg(D_MULTI_ERRORS, "MULTI: client has been rejected due to " + "'disable' directive"); + cc_succeeded = false; + } - /* - * Check for "disable" directive in client-config-dir file - * or config file generated by --client-connect script. - */ - if (mi->context.options.disable) - { - msg(D_MULTI_ERRORS, "MULTI: client has been rejected due to " - "'disable' directive"); - cc_succeeded = false; + (*cur_handler_index)++; } if (cc_succeeded)