From patchwork Tue Dec 6 10:01:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 6283 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4NRGD24hCSz3xkh for ; Tue, 6 Dec 2022 10:01:54 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NRGCz1tXKzt7; Tue, 6 Dec 2022 10:01:51 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4NRGCy3xzFz30CP; Tue, 6 Dec 2022 10:01:50 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4NRGCx5TRkz2yTC for ; Tue, 6 Dec 2022 10:01:49 +0000 (UTC) Received: from michael.haj.ipfire.org (michael.haj.ipfire.org [172.28.1.242]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "michael.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NRGCw1HjDzQT; Tue, 6 Dec 2022 10:01:48 +0000 (UTC) Received: by michael.haj.ipfire.org (Postfix, from userid 0) id 4NRGCv65kkzTjrj; Tue, 6 Dec 2022 10:01:47 +0000 (UTC) From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 1/3] openvpn-authenticator: Avoid infinite loop when losing socket connection Date: Tue, 6 Dec 2022 10:01:42 +0000 Message-Id: <20221206100144.4150532-1-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This patch will gracefully terminate the daemon when it loses its connection to the OpenVPN daemon. Fixes: #12963 Signed-off-by: Michael Tremer Tested-by: Adolf Belka --- config/ovpn/openvpn-authenticator | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/config/ovpn/openvpn-authenticator b/config/ovpn/openvpn-authenticator index 65844012b..5d9348d7e 100644 --- a/config/ovpn/openvpn-authenticator +++ b/config/ovpn/openvpn-authenticator @@ -116,11 +116,16 @@ class OpenVPNAuthenticator(object): log.info("OpenVPN Authenticator started") - while True: - line = self._read_line() + try: + while True: + line = self._read_line() - if line.startswith(">CLIENT"): - self._client_event(line) + if line.startswith(">CLIENT"): + self._client_event(line) + + # Terminate the daemon when it loses its connection to the OpenVPN daemon + except ConnectionResetError as e: + log.error("Connection to OpenVPN has been lost: %s" % e) log.info("OpenVPN Authenticator terminated") @@ -269,7 +274,7 @@ class OpenVPNAuthenticator(object): @staticmethod def _b64decode(s): return base64.b64decode(s.encode()).decode() - + @staticmethod def _escape(s): return s.replace(" ", "\ ") From patchwork Tue Dec 6 10:01:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 6282 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4NRGD23DjDz3xk3 for ; Tue, 6 Dec 2022 10:01:54 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NRGCz1yZJzvD; Tue, 6 Dec 2022 10:01:51 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4NRGCy3c0Hz30CK; Tue, 6 Dec 2022 10:01:50 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4NRGCx5S94z2xbH for ; Tue, 6 Dec 2022 10:01:49 +0000 (UTC) Received: from michael.haj.ipfire.org (michael.haj.ipfire.org [172.28.1.242]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "michael.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NRGCw1QdpzY1; Tue, 6 Dec 2022 10:01:48 +0000 (UTC) Received: by michael.haj.ipfire.org (Postfix, from userid 0) id 4NRGCv6DBMzTgvR; Tue, 6 Dec 2022 10:01:47 +0000 (UTC) From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 2/3] openvpn-authenticator: Drop some dead code Date: Tue, 6 Dec 2022 10:01:43 +0000 Message-Id: <20221206100144.4150532-2-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221206100144.4150532-1-michael.tremer@ipfire.org> References: <20221206100144.4150532-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer Tested-by: Adolf Belka --- config/ovpn/openvpn-authenticator | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/config/ovpn/openvpn-authenticator b/config/ovpn/openvpn-authenticator index 5d9348d7e..c22e08f0a 100644 --- a/config/ovpn/openvpn-authenticator +++ b/config/ovpn/openvpn-authenticator @@ -97,18 +97,6 @@ class OpenVPNAuthenticator(object): # Send the command self._write_line(command) - return # XXX Code below doesn't work - - # Read response - response = self._read_line() - - # Handle response - if not response.startswith("SUCCESS:"): - log.error("Command '%s' returned an error:" % command) - log.error(" %s" % response) - - return response - def run(self): # Connect to socket self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) From patchwork Tue Dec 6 10:01:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 6281 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4NRGD20TDJz3wgN for ; Tue, 6 Dec 2022 10:01:54 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NRGCy4ZJWzY1; Tue, 6 Dec 2022 10:01:50 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4NRGCy2rZZz2yqt; Tue, 6 Dec 2022 10:01:50 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4NRGCx5Qq2z2xJQ for ; Tue, 6 Dec 2022 10:01:49 +0000 (UTC) Received: from michael.haj.ipfire.org (michael.haj.ipfire.org [172.28.1.242]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "michael.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NRGCw1bFfzcp; Tue, 6 Dec 2022 10:01:48 +0000 (UTC) Received: by michael.haj.ipfire.org (Postfix, from userid 0) id 4NRGCv6NFRzTjs6; Tue, 6 Dec 2022 10:01:47 +0000 (UTC) From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 3/3] openvpn-authenticator: Break read loop when daemon goes away Date: Tue, 6 Dec 2022 10:01:44 +0000 Message-Id: <20221206100144.4150532-3-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221206100144.4150532-1-michael.tremer@ipfire.org> References: <20221206100144.4150532-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Fixes: #12963 Signed-off-by: Michael Tremer Tested-by: Adolf Belka --- config/ovpn/openvpn-authenticator | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/config/ovpn/openvpn-authenticator b/config/ovpn/openvpn-authenticator index c22e08f0a..4341993e6 100644 --- a/config/ovpn/openvpn-authenticator +++ b/config/ovpn/openvpn-authenticator @@ -68,6 +68,12 @@ class OpenVPNAuthenticator(object): while True: char = self.sock.recv(1) + + # Break if we could not read from the socket + if not char: + raise EOFError("Could not read from socket") + + # Append to buffer buf.append(char) # Reached end of line @@ -112,7 +118,7 @@ class OpenVPNAuthenticator(object): self._client_event(line) # Terminate the daemon when it loses its connection to the OpenVPN daemon - except ConnectionResetError as e: + except (ConnectionResetError, EOFError) as e: log.error("Connection to OpenVPN has been lost: %s" % e) log.info("OpenVPN Authenticator terminated")