If the management interface requires authentication via password
and the remote did not specify it, do not do trigger actions
requested by --management-forget-disconnect and --management-signal
on disconnect.
Reported-By: Joshua Rogers <contact@joshua.hu>
Found-By: ZeroPath (https://zeropath.com)
Github: openvpn-private-issues#5
Change-Id: I575d65912ce9065a0b0868e73998b4a9aece62af
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1484
Message-Id: <
20260122125707.108048-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35390.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
}
if (!exiting)
{
- if (man->settings.flags & MF_FORGET_DISCONNECT)
+ if (man->settings.flags & MF_FORGET_DISCONNECT && !man_password_needed(man))
{
+ msg(D_MANAGEMENT, "MANAGEMENT: Reset authentication on disconnect");
ssl_purge_auth(false);
(void)ssl_clean_auth_token();
}
- if (man->settings.flags & MF_SIGNAL)
+ if (man->settings.flags & MF_SIGNAL && !man_password_needed(man))
{
int mysig = man_mod_signal(man, SIGUSR1);
if (mysig >= 0)
projects / thirdparty / openvpn.git / commitdiff
