From patchwork Sun Dec  3 17:49:07 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 130
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director1.mail.ord1d.rsapps.net ([172.28.255.1])
	by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 nOyfAWvUJFq0LgAAgoeIoA
	for <patchwork@openvpn.net>; Sun, 03 Dec 2017 23:51:55 -0500
Received: from director4.mail.ord1c.rsapps.net ([172.28.255.1])
	by director1.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 U+v4G2vUJFoRXwAANGzteQ
	; Sun, 03 Dec 2017 23:51:55 -0500
Received: from smtp37.gate.ord1c ([172.28.255.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by director4.mail.ord1c.rsapps.net (Dovecot) with LMTP id
 uozZNmvUJFqUaAAAsEL7Xg
	; Sun, 03 Dec 2017 23:51:55 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.34.181.88]
Authentication-Results: smtp37.gate.ord1c.rsapps.net;
 iprev=pass policy.iprev="216.34.181.88";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Classification-ID: d9f2342a-d8ae-11e7-9280-0026b94ab8ea-1-1
Received: from [216.34.181.88] ([216.34.181.88:33671]
 helo=lists.sourceforge.net)
	by smtp37.gate.ord1c.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS
 (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 8F/86-08193-B64D42A5; Sun, 03 Dec 2017 23:51:55 -0500
Received: from localhost ([127.0.0.1] helo=sfs-ml-4.v29.ch3.sourceforge.com)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.89)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1eLihk-0007rl-4h; Mon, 04 Dec 2017 04:50:08 +0000
Received: from sfi-mx-4.v28.ch3.sourceforge.com ([172.29.28.194]
 helo=mx.sourceforge.net)
 by sfs-ml-4.v29.ch3.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 (envelope-from <a@unstable.cc>) id 1eLihj-0007re-DO
 for openvpn-devel@lists.sourceforge.net; Mon, 04 Dec 2017 04:50:07 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:
 To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=QVrinXUC/96XtzMox7DIoGIMjUzahiEkr/7EGLB99ms=; b=UWv2rp8DDv1ZbBH8Lm44VU3cLp
 y46boCfupSit4bfSTnaYhaVRH+UaqoQgNOcQKLn1Kve7o5Hx1hLnaabEHXu5FmfHHci7z/as6qqT2
 ohHcZ1QO8uFD4VY/pmXtN2UwqJvgkvnb/0tOGH1kjNHBVyJ+Rdtu9iUE0vIh5HJYdiog=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=QVrinXUC/96XtzMox7DIoGIMjUzahiEkr/7EGLB99ms=; b=JNCZVJ4guOfxwNAMH8Mgp1eXVj
 H5NWrOaFT86CvKBUOwzF5bdCVKo/G4Mhy1o7iCqJFCpF8tn6vw/rLdOOpJonoHUmBS1J4+e92G58r
 dtUd+TTjzwOliEblp9hwZxLNhIQQpuYcwITjEZ59uXxP0hVikGigeuUcBTdid3g5WEQQ=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-4.v28.ch3.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 id 1eLihi-0005Kv-Dg
 for openvpn-devel@lists.sourceforge.net; Mon, 04 Dec 2017 04:50:07 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Mon,  4 Dec 2017 12:49:07 +0800
Message-Id: <20171204044907.32261-1-a@unstable.cc>
In-Reply-To: <20171204042658.23426-1-a@unstable.cc>
References: <20171204042658.23426-1-a@unstable.cc>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [5.148.176.60 listed in list.dnswl.org]
 -0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1eLihi-0005Kv-Dg
Subject: [Openvpn-devel] [PATCH v4] reload HTTP proxy credentials when
 moving to the next connection profile
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

The HTTP proxy credentials are stored in a static variable that is
possibly initialized before each connection attempt.

However, the variable is never "released" therefore get_user_pass()
refuses to overwrite its content and leaves it as it is.
Consequently, if the user config contains multiple connection profiles
with different http-proxy, each having its own credentials, only the
first user/pass couple is loaded and the others are all ignored.
This leads to connection failures because the proper credentials are
not associated with the right proxy server.

The root of the misbehaviour seems to be located in the fact that,
despite the argument force passed to get_user_pass_http() being true,
no action is taken to release the static object containing the
credentials.

Fix the misbehaviour by releasing the http-proxy credential object
when the reload is "forced".

Trac: #836
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan@karger.me>
---

v4:
- move clear_user_pass_http() above its invocation to prevent compile error

v3:
- call clear_user_pass_http() directly to clear user/pass object

v2:
- rebased on current master


 src/openvpn/proxy.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
index fdc73b4a..de0188a9 100644
--- a/src/openvpn/proxy.c
+++ b/src/openvpn/proxy.c
@@ -252,10 +252,25 @@ username_password_as_base64(const struct http_proxy_info *p,
     return (const char *)make_base64_string((const uint8_t *)BSTR(&out), gc);
 }
 
+static void
+clear_user_pass_http(void)
+{
+    purge_user_pass(&static_proxy_user_pass, true);
+}
+
 static void
 get_user_pass_http(struct http_proxy_info *p, const bool force)
 {
-    if (!static_proxy_user_pass.defined || force)
+    /*
+     * in case of forced (re)load, make sure the static storage is set as
+     * undefined, otherwise get_user_pass() won't try to load any credential
+     */
+    if (force)
+    {
+        clear_user_pass_http();
+    }
+
+    if (!static_proxy_user_pass.defined)
     {
         unsigned int flags = GET_USER_PASS_MANAGEMENT;
         if (p->queried_creds)
@@ -274,11 +289,6 @@ get_user_pass_http(struct http_proxy_info *p, const bool force)
         p->up = static_proxy_user_pass;
     }
 }
-static void
-clear_user_pass_http(void)
-{
-    purge_user_pass(&static_proxy_user_pass, true);
-}
 
 #if 0
 /* function only used in #if 0 debug statement */