git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2652 e7ae566f-a301-0410-adde-c780ea21d3b5
james authored on 2008/01/23 09:19:51... | ... |
@@ -2469,6 +2469,7 @@ open_management (struct context *c) |
2469 | 2469 |
c->options.management_state_buffer_size, |
2470 | 2470 |
c->options.management_hold, |
2471 | 2471 |
c->options.management_signal, |
2472 |
+ c->options.management_forget_disconnect, |
|
2472 | 2473 |
c->options.management_client, |
2473 | 2474 |
c->options.management_write_peer_info_file, |
2474 | 2475 |
c->options.remap_sigusr1)) |
... | ... |
@@ -1080,6 +1080,9 @@ man_reset_client_socket (struct management *man, const bool exiting) |
1080 | 1080 |
} |
1081 | 1081 |
if (!exiting) |
1082 | 1082 |
{ |
1083 |
+ if (man->settings.management_forget_disconnect) |
|
1084 |
+ ssl_purge_auth (); |
|
1085 |
+ |
|
1083 | 1086 |
if (man->settings.signal_on_disconnect) { |
1084 | 1087 |
int mysig = man_mod_signal (man, SIGUSR1); |
1085 | 1088 |
if (mysig >= 0) |
... | ... |
@@ -1333,6 +1336,7 @@ man_settings_init (struct man_settings *ms, |
1333 | 1333 |
const int state_buffer_size, |
1334 | 1334 |
const bool hold, |
1335 | 1335 |
const bool signal_on_disconnect, |
1336 |
+ const bool management_forget_disconnect, |
|
1336 | 1337 |
const bool connect_as_client, |
1337 | 1338 |
const char *write_peer_info_file, |
1338 | 1339 |
const int remap_sigusr1) |
... | ... |
@@ -1371,6 +1375,12 @@ man_settings_init (struct man_settings *ms, |
1371 | 1371 |
ms->signal_on_disconnect = signal_on_disconnect; |
1372 | 1372 |
|
1373 | 1373 |
/* |
1374 |
+ * Should OpenVPN forget passwords when managmenet |
|
1375 |
+ * session disconnects? |
|
1376 |
+ */ |
|
1377 |
+ ms->management_forget_disconnect = management_forget_disconnect; |
|
1378 |
+ |
|
1379 |
+ /* |
|
1374 | 1380 |
* Should OpenVPN connect to management interface as a client |
1375 | 1381 |
* rather than a server? |
1376 | 1382 |
*/ |
... | ... |
@@ -1513,6 +1523,7 @@ management_open (struct management *man, |
1513 | 1513 |
const int state_buffer_size, |
1514 | 1514 |
const bool hold, |
1515 | 1515 |
const bool signal_on_disconnect, |
1516 |
+ const bool management_forget_disconnect, |
|
1516 | 1517 |
const bool connect_as_client, |
1517 | 1518 |
const char *write_peer_info_file, |
1518 | 1519 |
const int remap_sigusr1) |
... | ... |
@@ -1534,6 +1545,7 @@ management_open (struct management *man, |
1534 | 1534 |
state_buffer_size, |
1535 | 1535 |
hold, |
1536 | 1536 |
signal_on_disconnect, |
1537 |
+ management_forget_disconnect, |
|
1537 | 1538 |
connect_as_client, |
1538 | 1539 |
write_peer_info_file, |
1539 | 1540 |
remap_sigusr1); |
... | ... |
@@ -206,6 +206,7 @@ struct man_settings { |
206 | 206 |
bool server; |
207 | 207 |
bool hold; |
208 | 208 |
bool signal_on_disconnect; |
209 |
+ bool management_forget_disconnect; |
|
209 | 210 |
bool connect_as_client; |
210 | 211 |
char *write_peer_info_file; |
211 | 212 |
|
... | ... |
@@ -283,6 +284,7 @@ bool management_open (struct management *man, |
283 | 283 |
const int state_buffer_size, |
284 | 284 |
const bool hold, |
285 | 285 |
const bool signal_on_disconnect, |
286 |
+ const bool management_forget_disconnect, |
|
286 | 287 |
const bool connect_as_client, |
287 | 288 |
const char *write_peer_info_file, |
288 | 289 |
const int remap_sigusr1); |
... | ... |
@@ -179,6 +179,7 @@ openvpn \- secure IP tunnel daemon. |
179 | 179 |
[\ \fB\-\-log\fR\ \fIfile\fR\ ] |
180 | 180 |
[\ \fB\-\-suppress-timestamps\fR\ ] |
181 | 181 |
[\ \fB\-\-lport\fR\ \fIport\fR\ ] |
182 |
+[\ \fB\-\-management\-forget\-disconnect\fR\ ] |
|
182 | 183 |
[\ \fB\-\-management\-hold\fR\ ] |
183 | 184 |
[\ \fB\-\-management\-log\-cache\fR\ \fIn\fR\ ] |
184 | 185 |
[\ \fB\-\-management\-signal\fR\ ] |
... | ... |
@@ -2325,6 +2326,15 @@ for inputs which ordinarily would have been queried from the |
2325 | 2325 |
console. |
2326 | 2326 |
.\"********************************************************* |
2327 | 2327 |
.TP |
2328 |
+.B --management-forget-disconnect |
|
2329 |
+Make OpenVPN forget passwords when management session |
|
2330 |
+disconnects. |
|
2331 |
+ |
|
2332 |
+This directive does not affect the |
|
2333 |
+.B --http-proxy |
|
2334 |
+username/password. It is always cached. |
|
2335 |
+.\"********************************************************* |
|
2336 |
+.TP |
|
2328 | 2337 |
.B --management-hold |
2329 | 2338 |
Start OpenVPN in a hibernating state, until a client |
2330 | 2339 |
of the management interface explicitly starts it |
... | ... |
@@ -318,6 +318,8 @@ static const char usage_message[] = |
318 | 318 |
"--management-hold : Start " PACKAGE_NAME " in a hibernating state, until a client\n" |
319 | 319 |
" of the management interface explicitly starts it.\n" |
320 | 320 |
"--management-signal : Issue SIGUSR1 when management disconnect event occurs.\n" |
321 |
+ "--management-forget-disconnect : Forget passwords when management disconnect\n" |
|
322 |
+ " event occurs.\n" |
|
321 | 323 |
"--management-log-cache n : Cache n lines of log file history for usage\n" |
322 | 324 |
" by the management channel.\n" |
323 | 325 |
#endif |
... | ... |
@@ -1202,6 +1204,7 @@ show_settings (const struct options *o) |
1202 | 1202 |
SHOW_BOOL (management_hold); |
1203 | 1203 |
SHOW_BOOL (management_client); |
1204 | 1204 |
SHOW_BOOL (management_signal); |
1205 |
+ SHOW_BOOL (management_forget_disconnect); |
|
1205 | 1206 |
SHOW_STR (management_write_peer_info_file); |
1206 | 1207 |
#endif |
1207 | 1208 |
#ifdef ENABLE_PLUGIN |
... | ... |
@@ -1527,7 +1530,8 @@ options_postprocess (struct options *options, bool first_time) |
1527 | 1527 |
#ifdef ENABLE_MANAGEMENT |
1528 | 1528 |
if (!options->management_addr && |
1529 | 1529 |
(options->management_query_passwords || options->management_hold || options->management_signal |
1530 |
- || options->management_client || options->management_write_peer_info_file |
|
1530 |
+ || options->management_forget_disconnect || options->management_client |
|
1531 |
+ || options->management_write_peer_info_file |
|
1531 | 1532 |
|| options->management_log_history_cache != defaults.management_log_history_cache)) |
1532 | 1533 |
msg (M_USAGE, "--management is not specified, however one or more options which modify the behavior of --management were specified"); |
1533 | 1534 |
#endif |
... | ... |
@@ -3152,6 +3156,11 @@ add_option (struct options *options, |
3152 | 3152 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
3153 | 3153 |
options->management_signal = true; |
3154 | 3154 |
} |
3155 |
+ else if (streq (p[0], "management-forget-disconnect")) |
|
3156 |
+ { |
|
3157 |
+ VERIFY_PERMISSION (OPT_P_GENERAL); |
|
3158 |
+ options->management_forget_disconnect = true; |
|
3159 |
+ } |
|
3155 | 3160 |
else if (streq (p[0], "management-client")) |
3156 | 3161 |
{ |
3157 | 3162 |
VERIFY_PERMISSION (OPT_P_GENERAL); |