Added the ability for the server to provide a custom reason string

when an AUTH_FAILED message is returned to the client.  This
string can be set by the server-side managment interface and read
by the client-side management interface.

For more info, see management/management-notes.txt, and look for
references to "client-reason-text".


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5012 e7ae566f-a301-0410-adde-c780ea21d3b5

1 files changed, 18 insertions, 1 deletions

diff --git a/ssl.c b/ssl.c
index 224721a..bc8b2da 100644
--- a/ssl.c
+++ b/ssl.c
@@ -908,6 +908,18 @@ tls_lock_common_name (struct tls_multi *multi)
 #endif
 
 #ifdef MANAGEMENT_DEF_AUTH
+static void
+man_def_auth_set_client_reason (struct tls_multi *multi, const char *client_reason)
+{
+  if (multi->client_reason)
+    {
+      free (multi->client_reason);
+      multi->client_reason = NULL;
+    }
+  if (client_reason && strlen (client_reason))
+    multi->client_reason = string_alloc (client_reason, NULL);
+}
+
 static inline unsigned int
 man_def_auth_test (const struct key_state *ks)
 {
@@ -1077,12 +1089,13 @@ tls_authentication_status (struct tls_multi *multi, const int latency)
 
 #ifdef MANAGEMENT_DEF_AUTH
 bool
-tls_authenticate_key (struct tls_multi *multi, const unsigned int mda_key_id, const bool auth)
+tls_authenticate_key (struct tls_multi *multi, const unsigned int mda_key_id, const bool auth, const char *client_reason)
 {
   bool ret = false;
   if (multi)
     {
       int i;
+      man_def_auth_set_client_reason (multi, client_reason);
       for (i = 0; i < KEY_SCAN_SIZE; ++i)
 	{
 	  struct key_state *ks = multi->key_scan[i];
@@ -2397,6 +2410,10 @@ tls_multi_free (struct tls_multi *multi, bool clear)
 
   ASSERT (multi);
 
+#ifdef MANAGEMENT_DEF_AUTH
+  man_def_auth_set_client_reason(multi, NULL);  
+#endif
+
   if (multi->locked_cn)
     free (multi->locked_cn);