From patchwork Fri Apr 3 14:17:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 1073 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id UNnuMqPgh16bSwAAIUCqbw for ; Fri, 03 Apr 2020 21:19:31 -0400 Received: from proxy9.mail.ord1c.rsapps.net ([172.28.255.1]) by director12.mail.ord1d.rsapps.net with LMTP id iB/GMqPgh17aDAAAIasKDg ; Fri, 03 Apr 2020 21:19:31 -0400 Received: from smtp5.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy9.mail.ord1c.rsapps.net with LMTP id OHaXMqPgh14TAwAAgxtkuw ; Fri, 03 Apr 2020 21:19:31 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp5.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 55ca32f2-7612-11ea-b476-a4badb0b200d-1-1 Received: from [216.105.38.7] ([216.105.38.7:56974] helo=lists.sourceforge.net) by smtp5.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id FA/D4-28661-3A0E78E5; Fri, 03 Apr 2020 21:19:31 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jKXS1-0001u7-Oa; Sat, 04 Apr 2020 01:18:21 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jKXRz-0001tr-0z for openvpn-devel@lists.sourceforge.net; Sat, 04 Apr 2020 01:18:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=qIkY5qCXdkirs1kCHCwjO+KPFoi3NvwLNDZfVWDkOmA=; b=Y25rbHI5j2xN0R4REj+XLBAQa2 gfCDxGRMrLgTnE9scab8+pANBeWPOX+ynnkz8/Me3SIUUuyKW4n0qRXGirwgD0CfHvGW6diTzKrUP 2C/KoTCecyvXyvFPKsG0j+xStcrblkVIRPQS4udOcFAaKgpec1s8y2OotLCMC1VU/4KU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=qIkY5qCXdkirs1kCHCwjO+KPFoi3NvwLNDZfVWDkOmA=; b=V6jsjJOwzjM6ZGY4JjtCWnwr/G 5S7CRp9JqpUAx6927TTrlmy06FsGYbf730t/6A0etGoXdPPttP0F6YOb1USjYzHEQt5idcloelKXL cHLhSRQReivB3iVPrbQcrG1AzQOSN9kDlSoYsMVey2NsBzuG+wEfh/voI+iDq8uEw40A=; Received: from mail-qv1-f47.google.com ([209.85.219.47]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2) id 1jKXRt-0016d1-RI for openvpn-devel@lists.sourceforge.net; Sat, 04 Apr 2020 01:18:18 +0000 Received: by mail-qv1-f47.google.com with SMTP id q73so4620293qvq.2 for ; Fri, 03 Apr 2020 18:18:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=qIkY5qCXdkirs1kCHCwjO+KPFoi3NvwLNDZfVWDkOmA=; b=IEB/0s/oDe3PU5YkTom55sV13vbjSLvWQNSdlWJftsfStraco0AnCxYcWWCJLrH3DT GTUFxGa43/gMUyyeSziD50ktXZM/1t8V6E4lQTkUZW9PhStDSCJ6WOqf+35acJF677Qs TpXzUon/koh1uzCihju8PWLssjNrrhtl6X93T84k4gTG789MOKrrz3ucAyiDF3wlUsQx PoQi14ObQUhiJyA2IiOZ+CrocJPa49eG21audFlW4YsxCZZ5v8PXYrY084fZnwMPkCyh CN9HRTdG5VjWbyZ5voMqjPMPW8Lx1ZHNvpIs1EAtx26+33R7CU57s8lEbMYFyeoILAP0 yw2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=qIkY5qCXdkirs1kCHCwjO+KPFoi3NvwLNDZfVWDkOmA=; b=euwB0ikhn3CWk9033XWxBVSy2nhKdtwsZYG2XB6AAvnda7gRnEgo0PalMufvVXWMfc e8fvCu9zRFRgpSknMwBoo+SM02YNyyF58g5aeJoF3W3JBMqcAEku62vJQbPlqOhQh8NY 48v6dkTXZhTG1XFhJv2M6OX8FivqW53SY0Uk1ti3l7KqRpJbmoRJgAmEQLgtQerlpo75 HLOdL5J1pCSpGRZ0anjJHsCNtVkyNw0Kw82T1kVOGtF8NT46avRokxMsrROpHQLG1Kqg qzvMlEa088qQePM7zPkjbRiLEipXC1dC+SWbqnwFYjjPYJiZNpcbc1pYTeaV31i6+KYU 8a9g== X-Gm-Message-State: AGi0PuYTy0vnr3IgDGT0VJkHR6TMQdytxmKN0ESoiuoPS5abVGeuq5wG 3+Bvdy5fuHn/Zdk5MlBNMs3A9LjTiUo= X-Google-Smtp-Source: APiQypLlR32ekEx1wMIO3k1/4BmgY3gvFzDs3UqN9uQnvgHbFN516lo1H9lIrnJneD3fclzTcgSVpw== X-Received: by 2002:a0c:9ae6:: with SMTP id k38mr11313037qvf.17.1585963087465; Fri, 03 Apr 2020 18:18:07 -0700 (PDT) Received: from saturn.home.sansel.ca (CPE40167ea0e1c2-CM788df74daaa0.cpe.net.cable.rogers.com. [99.228.216.21]) by smtp.gmail.com with ESMTPSA id j2sm1370970qth.57.2020.04.03.18.18.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 03 Apr 2020 18:18:07 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Fri, 3 Apr 2020 21:17:44 -0400 Message-Id: <1585963064-10311-2-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1585963064-10311-1-git-send-email-selva.nair@gmail.com> References: <1585591527-23734-1-git-send-email-selva.nair@gmail.com> <1585963064-10311-1-git-send-email-selva.nair@gmail.com> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.219.47 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1jKXRt-0016d1-RI Subject: [Openvpn-devel] [PATCH 2/2] When auth-user-pass file has no password query the management interface (if available). X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair When only username is found in the file, redirect the auth-user-pass query to the management interface if management-query-passwords is enabled. Otherwise the user is prompted on console, if available, as before. This changes the behaviour for those who run from the command line, with --management-query-passwords, but still expect the prompt on the console. Note that the management interface will prompt for both username and password ignoring the username read from the file. As most GUIs can save the the username, this is a one-time inconvenience. Currently, the password is queried on the console (or systemd) in such cases. This is not sensible when console is not available (windows GUI, tunnelblick etc.) or when the log is redirected to a file on Windows (for some reason prompt goes to the log file). Trac # 757 Signed-off-by: Selva Nair Acked-by: Gert Doering --- This may be cherry-picked from 57578310992d1fbe8eff97049087c5308089acb5 in master without conflicts. src/openvpn/misc.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 2b0d10c..9c5e96e 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -1030,6 +1030,22 @@ get_user_pass_cr(struct user_pass *up, { strncpy(up->password, password_buf, USER_PASS_LEN); } + /* The auth-file does not have the password: get both username + * and password from the management interface if possible. + * Otherwise set to read password from console. + */ +#if defined(ENABLE_MANAGEMENT) + else if (management + && (flags & GET_USER_PASS_MANAGEMENT) + && management_query_user_pass_enabled(management)) + { + msg(D_LOW, "No password found in %s authfile '%s'. Querying the management interface", prefix, auth_file); + if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge)) + { + return false; + } + } +#endif else { password_from_stdin = 1;