From patchwork Sun Dec 3 17:26:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 129 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director6.mail.ord1d.rsapps.net ([172.28.255.1]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id uyoxMvfOJFpHQQAAgoeIoA for ; Sun, 03 Dec 2017 23:28:39 -0500 Received: from director4.mail.ord1c.rsapps.net ([172.28.255.1]) by director6.mail.ord1d.rsapps.net (Dovecot) with LMTP id sTwrJ/fOJFqIUwAAhgvE6Q ; Sun, 03 Dec 2017 23:28:39 -0500 Received: from smtp7.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by director4.mail.ord1c.rsapps.net (Dovecot) with LMTP id 0BbKEvjOJFp+ZwAAsEL7Xg ; Sun, 03 Dec 2017 23:28:40 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp7.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Classification-ID: 988f72ac-d8ab-11e7-9889-bc305bf04148-1-1 Received: from [216.34.181.88] ([216.34.181.88:42513] helo=lists.sourceforge.net) by smtp7.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 65/CA-16821-4FEC42A5; Sun, 03 Dec 2017 23:28:37 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1eLiML-0007nu-4J; Mon, 04 Dec 2017 04:28:01 +0000 Received: from sfi-mx-2.v28.ch3.sourceforge.com ([172.29.28.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1eLiMK-0007nm-BC for openvpn-devel@lists.sourceforge.net; Mon, 04 Dec 2017 04:28:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=fSc7ilW8qhrmwcFDpUxTizzv3Hkbuk08i1Rt6H9LkWU=; b=jePAmswlAQQk0j8XayGj6+lCYC Xs/vUkF1uxcEAv08UVER7VDra7U3LU90zZMjTOkRwQKCkVdfmTgm2KFam6223VbNRfHDtVR7spZda xwch7qb3ONzfcbPWvr7vB9LIwl7eJIlBUe2Aq3wyxeoGqaUIIadpE0W7KDCjUagfx8z8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=fSc7ilW8qhrmwcFDpUxTizzv3Hkbuk08i1Rt6H9LkWU=; b=MH/29w2fcnfB/P2S0OQAc/PsVa weSXWAe0BwxGu6mMVWUr+YVho/ohqOqdWdVI8ZyYQtAEnN9gXImfjd5QIpceuhx6e3LFK6o6Km2Uh dOWAvvlxpS55d2r8YQSQVgFMfDfD8YTG7wmvRln/BvLLpgfp3HdLq75fDsb7tJ4JaFls=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.ch3.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) id 1eLiMJ-0000jg-1c for openvpn-devel@lists.sourceforge.net; Mon, 04 Dec 2017 04:28:00 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 4 Dec 2017 12:26:58 +0800 Message-Id: <20171204042658.23426-1-a@unstable.cc> In-Reply-To: <40f364f6-9347-56a2-6915-82f9005d9d20@unstable.cc> References: <40f364f6-9347-56a2-6915-82f9005d9d20@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1eLiMJ-0000jg-1c Subject: [Openvpn-devel] [PATCH v3] reload HTTP proxy credentials when moving to the next connection profile X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The HTTP proxy credentials are stored in a static variable that is possibly initialized before each connection attempt. However, the variable is never "released" therefore get_user_pass() refuses to overwrite its content and leaves it as it is. Consequently, if the user config contains multiple connection profiles with different http-proxy, each having its own credentials, only the first user/pass couple is loaded and the others are all ignored. This leads to connection failures because the proper credentials are not associated with the right proxy server. The root of the misbehaviour seems to be located in the fact that, despite the argument force passed to get_user_pass_http() being true, no action is taken to release the static object containing the credentials. Fix the misbehaviour by releasing the http-proxy credential object when the reload is "forced". Trac: #836 Signed-off-by: Antonio Quartulli --- v3: - call clear_user_pass_http() directly to clear user/pass object v2: - rebased on current master src/openvpn/proxy.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index fdc73b4a..af619f10 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -255,7 +255,16 @@ username_password_as_base64(const struct http_proxy_info *p, static void get_user_pass_http(struct http_proxy_info *p, const bool force) { - if (!static_proxy_user_pass.defined || force) + /* + * in case of forced (re)load, make sure the static storage is set as + * undefined, otherwise get_user_pass() won't try to load any credential + */ + if (force) + { + clear_user_pass_http(); + } + + if (!static_proxy_user_pass.defined) { unsigned int flags = GET_USER_PASS_MANAGEMENT; if (p->queried_creds)