From c55b5a9c6892e2f9ff58fbaa458a051f363affb2 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 2 Jul 2013 01:54:39 +0200 Subject: [PATCH] Allow session resumption database access, and allow more graceful cleanup on authentication failure. --- src/main-misc.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/main-misc.c b/src/main-misc.c index f8c34a85..44e16bd3 100644 --- a/src/main-misc.c +++ b/src/main-misc.c @@ -237,11 +237,6 @@ int handle_commands(main_server_st *s, struct proc_st* proc) cmd_data_len = ret - 1; - if (proc->auth_status == PS_AUTH_INIT && cmd != AUTH_REQ) { - mslog(s, proc, LOG_ERR, "received message %u when expecting auth req.", (unsigned)cmd); - return ERR_BAD_COMMAND; - } - switch(cmd) { case CMD_TUN_MTU: if (cmd_data_len != sizeof(cmd_data.tmtu)) { @@ -319,12 +314,13 @@ int handle_commands(main_server_st *s, struct proc_st* proc) break; /* wait for another command */ } else if (ret < 0) { add_to_ip_ban_list(s, &proc->remote_addr, proc->remote_addr_len); - return ret; + goto cleanup; } break; case AUTH_REQ: + if (proc->auth_status != PS_AUTH_INIT) { mslog(s, proc, LOG_ERR, "received authentication request when not initialized."); return ERR_BAD_COMMAND; @@ -345,7 +341,7 @@ int handle_commands(main_server_st *s, struct proc_st* proc) break; /* wait for another command */ } else if (ret < 0) { add_to_ip_ban_list(s, &proc->remote_addr, proc->remote_addr_len); - return ret; + goto cleanup; } ret = accept_user(s, proc, cmd); @@ -362,10 +358,15 @@ int handle_commands(main_server_st *s, struct proc_st* proc) return ERR_BAD_COMMAND; } + if (proc->auth_status != PS_AUTH_INACTIVE) { + mslog(s, proc, LOG_ERR, "received unexpected cookie authentication."); + return ERR_BAD_COMMAND; + } + ret = handle_auth_cookie_req(s, proc, &cmd_data.cauth); if (ret < 0) { add_to_ip_ban_list(s, &proc->remote_addr, proc->remote_addr_len); - return ret; + goto cleanup; } ret = accept_user(s, proc, cmd);