From patchwork Mon Mar 30 07:05:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 1060 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.27.255.53]) by backend30.mail.ord1d.rsapps.net with LMTP id +HcBFj81gl4jJQAAIUCqbw for ; Mon, 30 Mar 2020 14:06:55 -0400 Received: from proxy15.mail.iad3a.rsapps.net ([172.27.255.53]) by director12.mail.ord1d.rsapps.net with LMTP id +GqtEj81gl60LgAAIasKDg ; Mon, 30 Mar 2020 14:06:55 -0400 Received: from smtp2.gate.iad3a ([172.27.255.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy15.mail.iad3a.rsapps.net with LMTP id OJkTDD81gl7RPgAAHi9b9g ; Mon, 30 Mar 2020 14:06:55 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp2.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 3c9ffca8-72b1-11ea-bfb8-525400de56ae-1-1 Received: from [216.105.38.7] ([216.105.38.7:41228] helo=lists.sourceforge.net) by smtp2.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 7A/58-22350-E35328E5; Mon, 30 Mar 2020 14:06:54 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jIynY-0005ML-K0; Mon, 30 Mar 2020 18:06:08 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jIynW-0005MC-CF for openvpn-devel@lists.sourceforge.net; Mon, 30 Mar 2020 18:06:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=xOKkDHG2GWZ126/rCzcxDp3KuSmwJLVWMwqLiIBnhws=; b=VyWnoVwGIbOHoor5YMG5f3VMS0 CS9sNIlOqvjDc3vQkuMVTUVaPY/SvlwIKQLzHnGtsteRF86y5TrUxk4rLRwWhdWaIX9Rj/hey4w8l YFCeRmxEWGKhFIjIR6FzLNeW9rbm/R1PXnoN5fUlL943tI0IhyoXZXrEtziHvaB54/KU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=xOKkDHG2GWZ126/rCzcxDp3KuSmwJLVWMwqLiIBnhws=; b=SMObJI7eE51xCUIm3h8dYs/Zs8 +ZO0eoDcMv6piLqLXO6mdI7HsJwP01zExZlO8W7+Kehn0RO57/Tupt5IlFTVc3IKGXGc761fbCFgS 3s5E0JkxtLWvuALbSbu1pnyd4mWm/MPzYmpZWLPUBV5h7puvKuTJhPrb6tTM11q1TX1E=; Received: from mail-qt1-f193.google.com ([209.85.160.193]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2) id 1jIynU-00ChXR-5a for openvpn-devel@lists.sourceforge.net; Mon, 30 Mar 2020 18:06:06 +0000 Received: by mail-qt1-f193.google.com with SMTP id a5so15900886qtw.10 for ; Mon, 30 Mar 2020 11:06:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=xOKkDHG2GWZ126/rCzcxDp3KuSmwJLVWMwqLiIBnhws=; b=X/t3G774fTBnLb7nHjipXoaWaGm38ZzeCZZBTd9vlspardvSRSXB8KivS3C4NtkE7U y91lgsBha5bJWHWRjvpSTdefXsg+TICKqAKxw0dFsYSPjTcmd5I/vvJqyx3K2YdM4DsV DmF6CTIuaYjjrSpeL37VUogRmDZfKra806A9IJ1Kjrb6hinMv1tNNkpHVafHC6VGGYd+ oJsVo51yGbjlgixo6omyOTgAXL+2RQv9GBZPLA5U31LG3xJstKOWs6ELOqnYU1JQG169 hHaF7l/AvsPQAiLd++kLOYMX9IQQ8+9YwyIH7zE0d3Q5rV6txaO74jhV0z6LRx4/bEPn aqiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=xOKkDHG2GWZ126/rCzcxDp3KuSmwJLVWMwqLiIBnhws=; b=GTc2AhLQyZlXgfASPKS4EDe9uF2VdfAh1P7csWBHYt1qeY4ITxZ9BUGCS/QeRiQdb6 pWdvDJ20yNHE/KKYNWULA5X4UAX/zyhZAz3UazUlIyF+STM+d4+KVov/eG1l6UoIatNO r1QycjpxYCH16kkKPWd0CwazMqiqqqntIKYYDP/4CRdbnO8a4e/DSY7G9kSgcAVfV1lb xlLBp4PpWnLzjWY+cY23J6W9dsMfjQ2cZUQhnfui75GSfE6C+PAtHT2FL5dTEHIpPYXE 8psuO18aavYPizNEWJmTrPeUQwiUF8zGptnKYctqDY/DmO6GGnAriWi9nPUP5aBzed2Q WjBg== X-Gm-Message-State: ANhLgQ1S3z6kr1cTfYyKkSKH+ld5JETvL8A38ykmuwKw+/cPmriAMRvF qYwB4cZ+1zDQPiRJBXgokWGDdQ7hnSQ= X-Google-Smtp-Source: ADFU+vt8viXjULQxoGCc4QXU96gBBVXFVFeToJwHj7LlYEPeKCESv4k5B5jWveQyvuXRZkMYaXJWEw== X-Received: by 2002:ac8:366d:: with SMTP id n42mr1265391qtb.180.1585591557754; Mon, 30 Mar 2020 11:05:57 -0700 (PDT) Received: from saturn.home.sansel.ca (CPE40167ea0e1c2-CM788df74daaa0.cpe.net.cable.rogers.com. [99.228.216.21]) by smtp.gmail.com with ESMTPSA id h129sm10432430qkf.54.2020.03.30.11.05.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 30 Mar 2020 11:05:57 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Mon, 30 Mar 2020 14:05:27 -0400 Message-Id: <1585591527-23734-2-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1585591527-23734-1-git-send-email-selva.nair@gmail.com> References: <1585513970-32658-2-git-send-email-selva.nair@gmail.com> <1585591527-23734-1-git-send-email-selva.nair@gmail.com> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.160.193 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [209.85.160.193 listed in wl.mailspike.net] -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1jIynU-00ChXR-5a Subject: [Openvpn-devel] [PATCH v2 2/2] When auth-user-pass file has no password, query the management X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair When only username is found in the file, redirect the auth-user-pass query to the management if management-query-passwords is enabled. Otherwise the user is prompted on console, if available, as before. This changes the behaviour for those who run from the command line, with --management-query-passwords, but still expect the prompt on the console. Note that the management will prompt for both username and password ignoring the username read from the file. As most GUIs can save the the username, this is a one-time inconvenience. Currently, the password is queried on the console (or systemd) in such cases. This is not sensible when console is not available (windows GUI, tunnelblick etc.) or when the log is redirected to a file on Windows (for some reason prompt goes to the log file). Trac # 757 Signed-off-by: Selva Nair Acked-by: Gert Doering --- v2: Following discussions with Jonathan and Gert, removed the dependence on stdout redirection and applied to all platforms. src/openvpn/misc.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 0d5ac30..546cd71 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -261,6 +261,22 @@ get_user_pass_cr(struct user_pass *up, { strncpy(up->password, password_buf, USER_PASS_LEN); } + /* The auth-file does not have the password: get both username + * and password from the management if possible. + * Otherwise set to read password from console. + */ +#if defined(ENABLE_MANAGEMENT) + else if (management + && (flags & GET_USER_PASS_MANAGEMENT) + && management_query_user_pass_enabled(management)) + { + msg(D_LOW, "No password found in %s authfile '%s'. Querying the management", prefix, auth_file); + if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge)) + { + return false; + } + } +#endif else { password_from_stdin = 1;