Bug #12509
open
Deffered authentication does not work with auth-gen-token external-auth or pusk "auth-token"
0%
Description
I am able to use properly deferred authentication on normal login.
Problem rises when I try to use auth-gen-token 0 external-auth (so that I can do additional validation in auth-user-pass-verify script) or by pushing custom auth-token.
Even though script gets triggered in those cases, no matter how I return result (either through control file or exit code=0).
Sample code used below (always authenticates user just a sample).
```
reneg-sec 30
auth-gen-token 0 external-auth
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /auth/wrapper.sh
```
wrapper.sh
```
#!/bin/sh
php /auth/auth.php
```
auth.php
```
$controlFile = getenv('auth_control_file');
if(isset($_SERVER['session_state']) && $_SERVER['session_state'] === 'Authenticated') {
if ($controlFile) {
file_put_contents($controlFile, "1");
exit(0);
}exit(0);
} elseif($_SERVER['session_state'] === 'Initial') {
if ($controlFile) {
file_put_contents($controlFile, "1");
exit(0);
}exit(0);
}if ($controlFile) {
file_put_contents($controlFile, "0");
exit(0);
}
exit(1);
```
Updated by Arkadiusz Rzadkowolski about 3 years ago
Some more info - with deferred plugin we get:
Nov 8 10:02:46 openvpn 53695 arek/192.168.100.3:58560 TLS Error: local/remote TLS keys are out of sync: [AF_INET]192.168.100.3:58560 [1]
Nov 8 10:02:41 openvpn 53695 arek/192.168.100.3:58560 TLS Error: local/remote TLS keys are out of sync: [AF_INET]192.168.100.3:58560 [1]
which cause connection to be unstable.
That doesn't happen if we use it in blocking mode (calling script from auth-user-pass-verify directly)