mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 12:12:15 +02:00
Code

fix reset of auth-token on AUTH_FAILED,SESSION

Browse Source 
This is e.g. sent during renegotiation when the lifetime of an auth-token
on the server has expired.

Due to shortcut evaluation of the logical OR expression the call to
can_retry_auth_with_cached_password() never happened with connections
that use autologin(_session). Since the called function has side effects
on the ClientCreds object, i.e. resetting the session_id to the saved
password, an endless loop of retries with the expired auth-token
followed.

Signed-off-by: Heiko Hund <heiko@openvpn.net>
This commit is contained in:
Heiko Hund 2021-08-10 14:44:12 +02:00
parent 0c57e23aca
commit 468fcaf0ac
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openvpn/client/cliproto.hpp
View File

@ -637,8 +637,8 @@ namespace openvpn {
// If session token problem (such as expiration), and we have a cached
// password, retry with it. Otherwise, fail without retry.
if (string::starts_with(reason, "SESSION:")
&& (autologin_sessions
|| (creds && creds->can_retry_auth_with_cached_password())))
&& ((creds && creds->can_retry_auth_with_cached_password())
|| autologin_sessions))
{
log_reason = "SESSION_AUTH_FAILED";
}