From: Arne Schwabe <arne@rfc2549.org>
Date: Mon, 30 Nov 2020 12:39:28 +0000 (+0100)
Subject: Fix auth-token not being updated if auth-nocache is set
X-Git-Tag: v2.5.1~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95e183723fc6571c73ed070b22923df2ce666af2;p=thirdparty%2Fopenvpn.git

Fix auth-token not being updated if auth-nocache is set

This fixes the auth-token not being updated if auth-nocache is set. Our
set_auth_token method ensures that the auth-token always has a username
but is a little bit too strict in the check.

Also add doxygen documentation and remove null checks. We use this function
only with non-null pointers and it makes it a bit nicer to read.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20201130123928.21837-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21291.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit fb789947ab1eba3e68fb8e4b3551d095a53962bd)
---

diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 1038b3835..c0c72dd70 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -510,10 +510,15 @@ void
 set_auth_token(struct user_pass *up, struct user_pass *tk, const char *token)
 {
 
-    if (token && strlen(token) && up && up->defined)
+    if (strlen(token) && (up->defined || tk->defined))
     {
+        /* auth-token has no password, so it needs the username
+         * either already set or copied from up */
         strncpynt(tk->password, token, USER_PASS_LEN);
-        strncpynt(tk->username, up->username, USER_PASS_LEN);
+        if (up->defined)
+        {
+            strncpynt(tk->username, up->username, USER_PASS_LEN);
+        }
         tk->defined = true;
     }
 
diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
index a03d94e26..8c3a12279 100644
--- a/src/openvpn/misc.h
+++ b/src/openvpn/misc.h
@@ -145,6 +145,17 @@ void fail_user_pass(const char *prefix,
 
 void purge_user_pass(struct user_pass *up, const bool force);
 
+/**
+ * Sets the auth-token to token if a username is available from either
+ * up or already present in tk. The method will also purge up if
+ * the auth-nocache option is active.
+ *
+ * @param up        (non Auth-token) Username/password
+ * @param tk        auth-token userpass to set
+ * @param token     token to use as password for the
+ *
+ * @note    all parameters to this function must not be null.
+ */
 void set_auth_token(struct user_pass *up, struct user_pass *tk,
                     const char *token);