Fix passsite in split mode

We should identify conn user before setting dst up in split mode. Because in split mode dst setup also sets src up too, which tries to apply passsite rules and switch to passthrough mode. But since user identification has not run yet, we don't know the user owner of the conn, which fails passsite rules.
3 years ago · d26c3fd079
parent 45b34678de
commit d26c3fd079
2 changed files with 14 additions and 12 deletions
--- a/src/protopassthrough.c
+++ b/src/protopassthrough.c
@ -254,6 +254,13 @@ protopassthrough_bev_eventcb_connected_srvdst(struct bufferevent *bev, pxy_conn_
 {
 	log_finest("ENTER");

+#ifndef WITHOUT_USERAUTH
+	pxy_userauth(ctx);
+	if (ctx->term || ctx->enomem) {
+		return;
+	}
+#endif /* !WITHOUT_USERAUTH */
+
 	ctx->connected = 1;
 	bufferevent_enable(bev, EV_READ|EV_WRITE);

@ -261,12 +268,6 @@ protopassthrough_bev_eventcb_connected_srvdst(struct bufferevent *bev, pxy_conn_
 	if (!ctx->src.bev && protopassthrough_enable_src(ctx) == -1) {
 		return;
 	}
-
-#ifndef WITHOUT_USERAUTH
-	if (!ctx->term && !ctx->enomem) {
-		pxy_userauth(ctx);
-	}
-#endif /* !WITHOUT_USERAUTH */
 }

 static void NONNULL(1,2)
--- a/src/prototcp.c
+++ b/src/prototcp.c
@ -509,6 +509,13 @@ prototcp_bev_eventcb_connected_srvdst(UNUSED struct bufferevent *bev, pxy_conn_c
 {
 	log_finest("ENTER");

+#ifndef WITHOUT_USERAUTH
+	pxy_userauth(ctx);
+	if (ctx->term || ctx->enomem) {
+		return;
+	}
+#endif /* !WITHOUT_USERAUTH */
+
 	if (prototcp_setup_dst(ctx) == -1) {
 		return;
 	}
@ -521,12 +528,6 @@ prototcp_bev_eventcb_connected_srvdst(UNUSED struct bufferevent *bev, pxy_conn_c
 			return;
 		}
 	}
-
-#ifndef WITHOUT_USERAUTH
-	if (!ctx->term && !ctx->enomem) {
-		pxy_userauth(ctx);
-	}
-#endif /* !WITHOUT_USERAUTH */
 }

 void