Document management client versions

Also add an enum to keep track of client version updates.

Change-Id: I1c01fa1bc7d65ac060b334724feb56ef4d0b5d35
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1552
Message-Id: <20260302141811.5697-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35805.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit d5814ecd2323ec7c2e6dad2cbf3884c031d9a5a3)

diff --git a/doc/management-notes.txt b/doc/management-notes.txt
index 86b74f33673cfac7af023796df0c2a1a99304ba1..41e2a9142269d50e278254384aeaa5dbdec4f501 100644 (file)
--- a/doc/management-notes.txt
+++ b/doc/management-notes.txt
@@ -496,6 +496,10 @@ Note: Until version 3, no response was generated when client sets its
 version. This was fixed starting version 4: clients should expect
 "SUCCESS: .. " message only when setting the version to >= 4.
 
+Minimum client version required for certain features is listed below:
+    >PK_SIGN:[base64]           -- version 2 or greater
+    >PK_SIGN:[base64],[alg]     -- version 3 or greater
+
 COMMAND -- auth-retry
 ---------------------
 

diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 03ff5b3774057d96555a2def9344c5c4ef01058a..d26c9b2cd611699faa32ea61716a1ef7f7da5f7e 100644 (file)
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -61,6 +61,17 @@
 /* tag for blank username/password */
 static const char blank_up[] = "[[BLANK]]";
 
+/*
+ * Management client versions indicating feature support in client.
+ * Append new values as needed but do not change exisiting ones.
+ */
+enum mcv
+{
+    MCV_DEFAULT = 1,
+    MCV_PKSIGN = 2,
+    MCV_PKSIGN_ALG = 3,
+};
+
 struct management *management; /* GLOBAL */
 
 /* static forward declarations */
@@ -1333,8 +1344,8 @@ set_client_version(struct management *man, const char *version)
     if (version)
     {
         man->connection.client_version = atoi(version);
-        /* Prior to version 3, we missed to respond to this command. Acknowledge only if version >= 4 */
-        if (man->connection.client_version >= 4)
+        /* Until MCV_PKSIGN_ALG, we missed to respond to this command. Acknowledge only if version is newer */
+        if (man->connection.client_version > MCV_PKSIGN_ALG)
         {
             msg(M_CLIENT, "SUCCESS: Management client version set to %d", man->connection.client_version);
         }
@@ -2656,7 +2667,7 @@ man_connection_init(struct management *man)
             man->connection.es = event_set_init(&maxevents, EVENT_METHOD_FAST);
         }
 
-        man->connection.client_version = 1; /* default version */
+        man->connection.client_version = MCV_DEFAULT; /* default version */
 
         /*
          * Listen/connect socket
@@ -3776,14 +3787,14 @@ management_query_pk_sig(struct management *man, const char *b64_data, const char
     const char *desc = "pk-sign";
     struct buffer buf_data = alloc_buf(strlen(b64_data) + strlen(algorithm) + 20);
 
-    if (man->connection.client_version <= 1)
+    if (man->connection.client_version <= MCV_DEFAULT)
     {
         prompt = "RSA_SIGN";
         desc = "rsa-sign";
     }
 
     buf_write(&buf_data, b64_data, (int)strlen(b64_data));
-    if (man->connection.client_version > 2)
+    if (man->connection.client_version >= MCV_PKSIGN_ALG)
     {
         buf_write(&buf_data, ",", (int)strlen(","));
         buf_write(&buf_data, algorithm, (int)strlen(algorithm));