diff options
author | Arne Schwabe | 2020-12-02 12:59:28 +0100 |
---|---|---|
committer | Gert Doering | 2020-12-02 14:00:34 +0100 |
commit | dfd624b52bce7ddd0eeaab516df9848e432f3242 (patch) | |
tree | 517b0a34e8c045a3c90a8672bf14449db3f9e6c9 /src/openvpn/ssl.c | |
parent | fb789947ab1eba3e68fb8e4b3551d095a53962bd (diff) | |
download | openvpn-dfd624b52bce7ddd0eeaab516df9848e432f3242.zip openvpn-dfd624b52bce7ddd0eeaab516df9848e432f3242.tar.gz |
Remove auth_user_pass.wait_for_push variable
This variable was first introduce in earlier attempt to fix the
auth-token problems with auth-nocache before user_password and
auth_token were split into two variables. The idea of the variable it
is being set if --pull is in use. However the variable was not always
set correctly, especially if username/password are queried after an
expired auth-token. Instead using that variable use session->opt->pull
directly.
Patch V2: rename delayed_auth_pass_purge to ssl_clean_user_pass to give
a more fitting name since this function is not only used in
the delayed code path and also the new name aligns with
ssl_clean_auth_token. Also fix a leftover wait_for_push
in that function
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20201202115928.16615-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21297.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/ssl.c')
-rw-r--r-- | src/openvpn/ssl.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 950bf42..efbf688 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -434,8 +434,6 @@ ssl_set_auth_nocache(void) { passbuf.nocache = true; auth_user_pass.nocache = true; - /* wait for push-reply, because auth-token may still need the username */ - auth_user_pass.wait_for_push = true; } /* @@ -2414,14 +2412,15 @@ key_method_2_write(struct buffer *buf, struct tls_session *session) } /* if auth-nocache was specified, the auth_user_pass object reaches * a "complete" state only after having received the push-reply - * message. + * message. The push message might contain an auth-token that needs + * the username of auth_user_pass. * * For this reason, skip the purge operation here if no push-reply * message has been received yet. * * This normally happens upon first negotiation only. */ - if (!auth_user_pass.wait_for_push) + if (!session->opt->pull) { purge_user_pass(&auth_user_pass, false); } @@ -4195,8 +4194,7 @@ done: } void -delayed_auth_pass_purge(void) +ssl_clean_user_pass(void) { - auth_user_pass.wait_for_push = false; purge_user_pass(&auth_user_pass, false); } |