mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 12:02:28 +02:00
Move NCP saving and restore to the prepush restore code
This unifies save/restoring options that might be changed by a push from the server. It also removes using the context_1 to store something that is not related to a SIGHUP lifetime. Patch v2: rebase on master. Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Antonio Quartulli <antonio@openvpn.net> Message-Id: <20210317160038.25828-2-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21674.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
parent
528a78fb14
commit
7064ccb9fd
@ -668,28 +668,6 @@ uninit_proxy(struct context *c)
|
|||||||
uninit_proxy_dowork(c);
|
uninit_proxy_dowork(c);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* Saves the initial state of NCP-regotiable
|
|
||||||
* options into a storage which persists over SIGUSR1.
|
|
||||||
*/
|
|
||||||
static void
|
|
||||||
save_ncp_options(struct context *c)
|
|
||||||
{
|
|
||||||
c->c1.ciphername = c->options.ciphername;
|
|
||||||
c->c1.authname = c->options.authname;
|
|
||||||
c->c1.keysize = c->options.keysize;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Restores NCP-negotiable options to original values */
|
|
||||||
static void
|
|
||||||
restore_ncp_options(struct context *c)
|
|
||||||
{
|
|
||||||
c->options.ciphername = c->c1.ciphername;
|
|
||||||
c->options.authname = c->c1.authname;
|
|
||||||
c->options.keysize = c->c1.keysize;
|
|
||||||
c->options.data_channel_use_ekm = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
void
|
void
|
||||||
context_init_1(struct context *c)
|
context_init_1(struct context *c)
|
||||||
{
|
{
|
||||||
@ -699,8 +677,6 @@ context_init_1(struct context *c)
|
|||||||
|
|
||||||
init_connection_list(c);
|
init_connection_list(c);
|
||||||
|
|
||||||
save_ncp_options(c);
|
|
||||||
|
|
||||||
#if defined(ENABLE_PKCS11)
|
#if defined(ENABLE_PKCS11)
|
||||||
if (c->first_time)
|
if (c->first_time)
|
||||||
{
|
{
|
||||||
@ -2868,8 +2844,8 @@ do_init_crypto_tls(struct context *c, const unsigned int flags)
|
|||||||
to.replay_window = options->replay_window;
|
to.replay_window = options->replay_window;
|
||||||
to.replay_time = options->replay_time;
|
to.replay_time = options->replay_time;
|
||||||
to.tcp_mode = link_socket_proto_connection_oriented(options->ce.proto);
|
to.tcp_mode = link_socket_proto_connection_oriented(options->ce.proto);
|
||||||
to.config_ciphername = c->c1.ciphername;
|
to.config_ciphername = c->options.ciphername;
|
||||||
to.config_ncp_ciphers = options->ncp_ciphers;
|
to.config_ncp_ciphers = c->options.ncp_ciphers;
|
||||||
to.ncp_enabled = options->ncp_enabled;
|
to.ncp_enabled = options->ncp_enabled;
|
||||||
to.transition_window = options->transition_window;
|
to.transition_window = options->transition_window;
|
||||||
to.handshake_window = options->handshake_window;
|
to.handshake_window = options->handshake_window;
|
||||||
@ -4467,8 +4443,6 @@ close_instance(struct context *c)
|
|||||||
/* free key schedules */
|
/* free key schedules */
|
||||||
do_close_free_key_schedule(c, (c->mode == CM_P2P || c->mode == CM_TOP));
|
do_close_free_key_schedule(c, (c->mode == CM_P2P || c->mode == CM_TOP));
|
||||||
|
|
||||||
restore_ncp_options(c);
|
|
||||||
|
|
||||||
/* close TCP/UDP connection */
|
/* close TCP/UDP connection */
|
||||||
do_close_link_socket(c);
|
do_close_link_socket(c);
|
||||||
|
|
||||||
@ -4539,9 +4513,9 @@ inherit_context_child(struct context *dest,
|
|||||||
dest->c1.ks.tls_auth_key_type = src->c1.ks.tls_auth_key_type;
|
dest->c1.ks.tls_auth_key_type = src->c1.ks.tls_auth_key_type;
|
||||||
dest->c1.ks.tls_crypt_v2_server_key = src->c1.ks.tls_crypt_v2_server_key;
|
dest->c1.ks.tls_crypt_v2_server_key = src->c1.ks.tls_crypt_v2_server_key;
|
||||||
/* inherit pre-NCP ciphers */
|
/* inherit pre-NCP ciphers */
|
||||||
dest->c1.ciphername = src->c1.ciphername;
|
dest->options.ciphername = src->options.ciphername;
|
||||||
dest->c1.authname = src->c1.authname;
|
dest->options.authname = src->options.authname;
|
||||||
dest->c1.keysize = src->c1.keysize;
|
dest->options.keysize = src->options.keysize;
|
||||||
|
|
||||||
/* inherit auth-token */
|
/* inherit auth-token */
|
||||||
dest->c1.ks.auth_token_key = src->c1.ks.auth_token_key;
|
dest->c1.ks.auth_token_key = src->c1.ks.auth_token_key;
|
||||||
|
@ -203,10 +203,6 @@ struct context_1
|
|||||||
struct user_pass *auth_user_pass;
|
struct user_pass *auth_user_pass;
|
||||||
/**< Username and password for
|
/**< Username and password for
|
||||||
* authentication. */
|
* authentication. */
|
||||||
|
|
||||||
const char *ciphername; /**< Data channel cipher from config file */
|
|
||||||
const char *authname; /**< Data channel auth from config file */
|
|
||||||
int keysize; /**< Data channel keysize from config file */
|
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -3606,7 +3606,13 @@ pre_pull_save(struct options *o)
|
|||||||
o->pre_pull->client_nat = clone_client_nat_option_list(o->client_nat, &o->gc);
|
o->pre_pull->client_nat = clone_client_nat_option_list(o->client_nat, &o->gc);
|
||||||
o->pre_pull->client_nat_defined = true;
|
o->pre_pull->client_nat_defined = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* NCP related options that can be overwritten by a push */
|
||||||
|
o->pre_pull->ciphername = o->ciphername;
|
||||||
|
o->pre_pull->authname = o->authname;
|
||||||
|
o->pre_pull->keysize = o->keysize;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
@ -3652,10 +3658,15 @@ pre_pull_restore(struct options *o, struct gc_arena *gc)
|
|||||||
}
|
}
|
||||||
|
|
||||||
o->foreign_option_index = pp->foreign_option_index;
|
o->foreign_option_index = pp->foreign_option_index;
|
||||||
|
|
||||||
|
o->ciphername = pp->ciphername;
|
||||||
|
o->authname = pp->authname;
|
||||||
|
o->keysize = pp->keysize;
|
||||||
}
|
}
|
||||||
|
|
||||||
o->push_continuation = 0;
|
o->push_continuation = 0;
|
||||||
o->push_option_types_found = 0;
|
o->push_option_types_found = 0;
|
||||||
|
o->data_channel_use_ekm = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* if P2MP */
|
#endif /* if P2MP */
|
||||||
|
@ -75,6 +75,10 @@ struct options_pre_pull
|
|||||||
bool client_nat_defined;
|
bool client_nat_defined;
|
||||||
struct client_nat_option_list *client_nat;
|
struct client_nat_option_list *client_nat;
|
||||||
|
|
||||||
|
const char* ciphername;
|
||||||
|
const char* authname;
|
||||||
|
int keysize;
|
||||||
|
|
||||||
int foreign_option_index;
|
int foreign_option_index;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user