Bug#692936: "No remote address supplied" after a while

Sat, 10 Nov 2012 19:33:14 -0800 

tags 692936 + patch
thanks

Here's the patch I have submitted upstream.


Description: move address checks further down to avoid certain failures
 this tries to avoid certain failures with the LDAP plugin where it
 doesn't get passed the remoteAddress in certain cases. since we do
 may not care about this address, we fail only when really necessary.

Author: Antoine Beaupré <anar...@debian.org>

Origin: vendor
Bug: https://code.google.com/p/openvpn-auth-ldap/issues/detail?id=4
Bug-Debian: http://bugs.debian.org/692936
Forwarded: yes
Last-Update: 2012-11-10

--- openvpn-auth-ldap-2.0.3.orig/src/auth-ldap.m
+++ openvpn-auth-ldap-2.0.3/src/auth-ldap.m
@@ -533,7 +533,10 @@ static int handle_client_connect_disconn
 	}
 
 	if (tableName)
-		if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting))
+        	if (!remoteAddress) {
+			[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."];
+			ret = OPENVPN_PLUGIN_FUNC_ERROR;
+		} else if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting))
 			return OPENVPN_PLUGIN_FUNC_ERROR;
 #endif /* HAVE_PF */
 
@@ -587,20 +590,10 @@ openvpn_plugin_func_v1(openvpn_plugin_ha
 			break;
 		/* New connection established */
 		case OPENVPN_PLUGIN_CLIENT_CONNECT:
-			if (!remoteAddress) {
-				[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."];
-				ret = OPENVPN_PLUGIN_FUNC_ERROR;
-			} else {
-				ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES);
-			}
+			ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES);
 			break;
 		case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
-			if (!remoteAddress) {
-				[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_DISCONNECT)."];
-				ret = OPENVPN_PLUGIN_FUNC_ERROR;
-			} else {
-				ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO);
-			}
+			ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO);
 			break;
 		default:
 			[TRLog debug: "Unhandled plugin type in OpenVPN LDAP Plugin (type=%d)", type];

We are running this in production now. I'd be happy to NMU this if there are no 
objections.

A.

-- 
Antoine Beaupré +++ Réseau Koumbit Networks +++ +1.514.387.6262 #208
--------------------------------------------------------------------

Attachment: pgpR48eI03LAX.pgp
Description: PGP signature

Reply via email to