From: Selva Nair Date: Sat, 23 Oct 2021 00:07:05 +0000 (-0400) Subject: Ensure the current common_name is in the environment for scripts X-Git-Tag: v2.6_beta1~407 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa5ab2438a;p=thirdparty%2Fopenvpn.git Ensure the current common_name is in the environment for scripts When username-as-common-name is in effect, the common_name is "CN" from the certificate for auth-user-pass-verify. It gets changed to "username" after successful authentication. This changed value gets into the env when client-connect script is called. However, "common_name" goes through the cycle of being "CN", then "username" during every reauth (renegotiation). As the client-connect script is not called during reneg, the changed value never gets back into the env. The end result is that the disconnect script gets "common_name=" instead of the username. Unless no reneg steps have happened before disconnect. (For a more detailed analysis see https://community.openvpn.net/openvpn/ticket/1434#comment:12) Fix by adding common_name to env whenever it changes. Trac: #1434 Very likely applies to #160 as well, but that's too old and some of the relevant code path has evolved since then. Signed-off-by: Selva Nair Acked-by: Gert Doering Message-Id: <20211023000706.25016-1-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23051.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index b745b3c79..8dbbf5f55 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -101,6 +101,8 @@ set_common_name(struct tls_session *session, const char *common_name) /* FIXME: Last alloc will never be freed */ session->common_name = string_alloc(common_name, NULL); } + /* update common name in env */ + setenv_str(session->opt->es, "common_name", common_name); } /*