git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@openvpn.net>
	Tue, 17 Sep 2019 12:10:39 +0000 (14:10 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 1 Oct 2019 10:45:39 +0000 (12:45 +0200)
commit	c8723aa7bebb0ddb088819590d5a9bea6ea0d669
tree	8e3509a1396872fbcf80a40cf0a148d7971df2c0	tree
parent	1b9a88a2c38a6a29f8ccbec4fd529d7b363bfc06	commit \| diff

Implement a permanent session id in auth-token

This allows an external authentication method
(e.g. management interface) to track the connection and distinguish a
reconnection from multiple connections.

Addtionally this now also checks to workaround a problem with
OpenVPN 3 core that sometimes uses a username hint from the config
instead of using an empty username if the token would be valid
with an empty username. Accepting such token can be only done
explicitly when the external-auth keyword to auth-gen-token is present.

Patch V2: Add Empty variants to work around behaviour in openvpn 3
Patch V3: document the behaviour of external-auth better in the man page,
rename 'auth' parameter to 'external-auth'
Patch V4: Rebase on current master
Patch V6: Fix tls_lock_username rejecting clients with empty username
when explicitly accepting them with external-auth
Patch V7: Fix compiling with disable-server

Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20190917121039.13791-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18819.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>

doc/openvpn.8		diff \| blob \| blame \| history
src/openvpn/auth_token.c		diff \| blob \| blame \| history
src/openvpn/auth_token.h		diff \| blob \| blame \| history
src/openvpn/init.c		diff \| blob \| blame \| history
src/openvpn/manage.c		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history
src/openvpn/options.h		diff \| blob \| blame \| history
src/openvpn/ssl_common.h		diff \| blob \| blame \| history
src/openvpn/ssl_verify.c		diff \| blob \| blame \| history