git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Selva Nair <selva.nair@gmail.com>
	Wed, 19 Feb 2020 01:54:21 +0000 (20:54 -0500)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 8 Mar 2020 20:11:36 +0000 (21:11 +0100)
commit	69bbfbdf038c466dceb06e409099a9b41071ee3a
tree	881ce237fc2de77c369b0032b98fe1b6346f118f	tree \| snapshot
parent	0ba4f91667b8931684e704d1836d71c893e3b9f6	commit \| diff

Swap the order of checks for validating interactive service user

Check the config file location and command line options first
and membership in OpenVPNAdministrators group after that as
the latter could be a slow process for active directory users.

When connection to domain controllers is poor or unavailable, checking
the group membership is slow and causes timeouts in the GUI (Trac
1051). However, in cases where the config is in the global directory,
no group membership check should be required. The re-ordering here
avoids the redundant check in such cases.

In addition to this, its also proposed to improve the timeout handling
in the GUI, but this change is still useful as it should completely
eliminate the timeout issue for many users.

v3: Do not send error message to the client pipe from ValidateOptions().
Instead save the error and send it on only if user authorization also
fails. The error buffer size is increased to 512 wide chars as these
messages could get long in some cases and may get truncated otherwise.

Also see: https://github.com/OpenVPN/openvpn-gui/issues/332

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <1582077261-9467-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19474.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>