git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Thu, 20 May 2021 15:11:40 +0000 (17:11 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Fri, 18 Jun 2021 13:08:54 +0000 (15:08 +0200)
commit	716049923e3e70c3de938d6da5d05f529ec515b5
tree	883da4bf05673d84f808d2bd68d906379dfa3030	tree \| snapshot
parent	84d5079b0f40387317b348025c99097f7876807a	commit \| diff

Move auth_token_state from multi to key_state

The auth-token check is tied to the username/password that is coming
via a specific SSL session, so keep the state also in the key_state
structure.

This also ensures the auth_token_state is always set to 0 on a new
session since we clear the key_state object at the start of a new
SSL session.

This is a prerequisite patch to fix 2020-15078 in the following two
commits.

This also applies the changes to the auth_token_test.c. The change of
tls_session to a pointer is necessary since before that we had tls_session
not tied to the multi and had two tls_session used in the test. One
implicitly in tls_multi and one explicit one. Merge these to one.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20210520151148.2565578-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22415.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/auth_token.c		diff \| blob \| blame \| history
src/openvpn/ssl_common.h		diff \| blob \| blame \| history
src/openvpn/ssl_verify.c		diff \| blob \| blame \| history
tests/unit_tests/openvpn/test_auth_token.c		diff \| blob \| blame \| history