Message ID | 1585963064-10311-2-git-send-email-selva.nair@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel,for-2.4,1/2] Move querying username/password from management interface to a function | expand |
HI, On Fri, Apr 03, 2020 at 09:17:44PM -0400, selva.nair@gmail.com wrote: > From: Selva Nair <selva.nair@gmail.com> > > When only username is found in the file, redirect the auth-user-pass > query to the management interface if management-query-passwords is > enabled. Otherwise the user is prompted on console, if available, > as before. [..] > --- > This may be cherry-picked from 57578310992d1fbe8eff97049087c5308089acb5 > in master without conflicts. And this is what I've done. So we have: Acked-by: Gert Doering <gert@greenie.muc.de> commit 2fe84732d19243df6c7713c185998507419155cd (HEAD -> release/2.4) Author: Selva Nair <selva.nair@gmail.com> Date: Mon Mar 30 14:05:27 2020 -0400 When auth-user-pass file has no password query the management interface (if available). Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1585591527-23734-2-git-send-email-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19655.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 57578310992d1fbe8eff97049087c5308089acb5) quick test build on MinGW and Linux just to ensure I didn't break anything unexpected due to "different context in 2.4, some variables not available" etc, but no :-) thanks, gert
Hi, On Sun, Apr 05, 2020 at 10:25:56AM +0200, Gert Doering wrote: > On Fri, Apr 03, 2020 at 09:17:44PM -0400, selva.nair@gmail.com wrote: > > From: Selva Nair <selva.nair@gmail.com> > > > > When only username is found in the file, redirect the auth-user-pass > > query to the management interface if management-query-passwords is > > enabled. Otherwise the user is prompted on console, if available, > > as before. > [..] > > --- > > This may be cherry-picked from 57578310992d1fbe8eff97049087c5308089acb5 > > in master without conflicts. > > And this is what I've done. So we have: > > Acked-by: Gert Doering <gert@greenie.muc.de> > > commit 2fe84732d19243df6c7713c185998507419155cd (HEAD -> release/2.4) > Author: Selva Nair <selva.nair@gmail.com> > Date: Mon Mar 30 14:05:27 2020 -0400 Shouldn't do early sunday morning merges - one of the main points of asking for a 2.4-specific commit was "Changes.rst", which needs to be updated to document changed behaviour... which I had forgotten again. I'll do this on the "prepare for 2.4.9 release" commit now, but would really prefer to have it in the commit that contains the actual change (if feasible). gert
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 2b0d10c..9c5e96e 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -1030,6 +1030,22 @@ get_user_pass_cr(struct user_pass *up, { strncpy(up->password, password_buf, USER_PASS_LEN); } + /* The auth-file does not have the password: get both username + * and password from the management interface if possible. + * Otherwise set to read password from console. + */ +#if defined(ENABLE_MANAGEMENT) + else if (management + && (flags & GET_USER_PASS_MANAGEMENT) + && management_query_user_pass_enabled(management)) + { + msg(D_LOW, "No password found in %s authfile '%s'. Querying the management interface", prefix, auth_file); + if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge)) + { + return false; + } + } +#endif else { password_from_stdin = 1;