diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2009-09-29 23:10:14 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2009-09-29 23:10:14 +0000 |
| commit | 5733ef668ff51d7a553fb5bc76a1c4ff00352e27 (patch) | |
| tree | 25a355111e3442d04c35136456eaf741ac96f6e1 /push.c | |
| parent | Fixed a bug introduced in r4436 (2.1_rc17) where using the (diff) | |
| download | openvpn-5733ef668ff51d7a553fb5bc76a1c4ff00352e27.tar.xz | |
Added the ability for the server to provide a custom reason string
when an AUTH_FAILED message is returned to the client. This
string can be set by the server-side managment interface and read
by the client-side management interface.
For more info, see management/management-notes.txt, and look for
references to "client-reason-text".
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5012 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
| -rw-r--r-- | push.c | 32 |
1 files changed, 28 insertions, 4 deletions
@@ -61,7 +61,13 @@ receive_auth_failed (struct context *c, const struct buffer *buffer) c->sig->signal_text = "auth-failure"; #ifdef ENABLE_MANAGEMENT if (management) - management_auth_failure (management, UP_TYPE_AUTH); + { + const char *reason = UP_TYPE_AUTH; + struct buffer buf = *buffer; + if (buf_string_compare_advance (&buf, "AUTH_FAILED,") && BLEN (&buf)) + reason = BSTR (&buf); + management_auth_failure (management, reason); + } #endif } } @@ -71,10 +77,27 @@ receive_auth_failed (struct context *c, const struct buffer *buffer) * Send auth failed message from server to client. */ void -send_auth_failed (struct context *c) +send_auth_failed (struct context *c, const char *client_reason) { + struct gc_arena gc = gc_new (); + static const char auth_failed[] = "AUTH_FAILED"; + size_t len; + schedule_exit (c, c->options.scheduled_exit_interval); - send_control_channel_string (c, "AUTH_FAILED", D_PUSH); + + len = (client_reason ? strlen(client_reason)+1 : 0) + sizeof(auth_failed); + if (len > TLS_CHANNEL_BUF_SIZE) + len = TLS_CHANNEL_BUF_SIZE; + + { + struct buffer buf = alloc_buf_gc (len, &gc); + buf_printf (&buf, auth_failed); + if (client_reason) + buf_printf (&buf, ",%s", client_reason); + send_control_channel_string (c, BSTR (&buf), D_PUSH); + } + + gc_free (&gc); } #endif @@ -258,7 +281,8 @@ process_incoming_push_msg (struct context *c, { if (tls_authentication_status (c->c2.tls_multi, 0) == TLS_AUTHENTICATION_FAILED || c->c2.context_auth == CAS_FAILED) { - send_auth_failed (c); + const char *client_reason = tls_client_reason (c->c2.tls_multi); + send_auth_failed (c, client_reason); ret = PUSH_MSG_AUTH_FAILURE; } else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED) |