Stared at code ("straight-forward enough"), tested v8, made it crash :-) -
fixed in v9. Does what it says on the lid.
Note that there are two ways this can be used
- "auth-gen-token" in use in the server, and "override-username foo"
in ccd/script -> in this case the server will generate the necessary
"push auth-token-user $base64(foo)" + a corresponding "push auth-token",
and will also do the token verification on TLS renegotiation
- no "auth-gen-token" in the server config, and tokens generated by
a ccd script (or plugin), to be consumed by an external auth-verify
script (or plugin). In this case the OpenVPN server doesn't know
anything about tokens, and *will not* auto-generate the push command
for "auth-token-user". So the ccd script needs to, basically, generate
3 commands
push "auth-token MyMagicScheme"
push "auth-token-user $base64($username)"
override-username $username
which is a bit awkward. I assume I could talk Arne into generating the
"auth-token-user" push automatically in this case as well (it's a
fairly trivial change) - but this is a particularily small niche case,
and it's easy enough to do from the script. Especially as it's documented
now what needs to be done :-)
I've added a github reference to issue #299 to the commit message.
Your patch has been applied to the master branch.
commit ebd433bd1e40917793903f76883d114d820e992d
Author: Arne Schwabe
Date: Tue Mar 11 16:59:04 2025 +0100
Implement override-username
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: Gert Doering <g...@greenie.muc.de>
Message-Id: <20250311155904.4446-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31091.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
