Hi,
On Tue, Jan 31, 2017 at 1:22 PM, Antonio Quartulli <a...@unstable.cc> wrote:
> iff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
> index b0ed3279..27f34bed 100644
> --- a/src/openvpn/proxy.c
> +++ b/src/openvpn/proxy.c
> @@ -256,7 +256,16 @@ username_password_as_base64(const struct
> http_proxy_info *p,
> static void
> get_user_pass_http(struct http_proxy_info *p, const bool force)
> {
> - if (!static_proxy_user_pass.defined || force)
> + /*
> + * in case of forced (re)load, make sure the static storage is set as
> + * undefined, otherwise get_user_pass() won't try to load any
> credential
> + */
> + if (force)
> + {
> + static_proxy_user_pass.defined = false;
> + }
>
While unsetting the define attribute appears to have no unintended side
effects, purge_user_pass(&static_proxy_user_pass, true) would be cleaner.
> +
> + if (!static_proxy_user_pass.defined)
> {
> unsigned int flags = GET_USER_PASS_MANAGEMENT;
> if (p->queried_creds)
>
That said, there is one issue with this approach. Looks like SIGUSR1
restarts will now always prompt for proxy password, which is not proper. If
so, a more nuanced fix that preserves the current behaviour for a single
proxy credentials is required. May be, do the "purge proxy pass" in init.c
only if the connection entry has http-proxy specified?
I think the intent of the original code/man page is to have proxy password
work the same way as auth-user-pass with an implicit auth-nocache assumed.
Then multiple credentials is not expected, but could still work if the
proxy password is purged when an authentication error happens instead of
when the remote changes.
Finally, socks credentials may also be affected.
Selva
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
