From patchwork Wed Sep 14 08:59:37 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 2757
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director7.mail.ord1d.rsapps.net ([172.27.255.54])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id qC5SEy8lImMOLgAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 14 Sep 2022 15:02:07 -0400
Received: from proxy16.mail.iad3a.rsapps.net ([172.27.255.54])
	by director7.mail.ord1d.rsapps.net with LMTP
	id SMMnEy8lImNfDQAAovjBpQ
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 14 Sep 2022 15:02:07 -0400
Received: from smtp40.gate.iad3a ([172.27.255.54])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy16.mail.iad3a.rsapps.net with LMTPS
	id MNNPDC8lImMiHAAADc5QwQ
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 14 Sep 2022 15:02:07 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp40.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed) header.d=unstable.cc;
 dmarc=none (p=nil; dis=none) header.from=unstable.cc
X-Suspicious-Flag: YES
X-Classification-ID: b97d687e-345f-11ed-bfa7-5254003a14f9-1-1
Received: from [216.105.38.7] ([216.105.38.7:50638]
 helo=lists.sourceforge.net)
	by smtp40.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id DD/F9-16710-E2522236; Wed, 14 Sep 2022 15:02:06 -0400
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1oYXdd-0007FL-4G;
	Wed, 14 Sep 2022 19:01:33 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <a@unstable.cc>) id 1oYXdb-0007FF-3g
 for openvpn-devel@lists.sourceforge.net;
 Wed, 14 Sep 2022 19:01:31 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=BXWFSCLV1df5Kiq2yRqODvU90M9f2rjR88Xp2SfsEMY=; b=ZWOclV7+c69aRQR8PZ4k2s9ZhX
 07dazyGDSfyBv0QOwVuwT3+5vhAv+Dq9Vjgawfc3LftDKH3T0oXQzJES4zuGcoCDXqo7Di4zBmCtn
 tkiM7Mq64gNhemvXxlcT1r0AXNVrDeQKj/hbh8fPSgFOfK9kHktAQDGsYqgZGF9oPdOM=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=BXWFSCLV1df5Kiq2yRqODvU90M9f2rjR88Xp2SfsEMY=; b=aQtG1s0Du+6GNXAIbsY2zR9dA4
 /+5el36YfTsmadQopJX6C/ejJvGcsMUVySM1j1J4vikaPn6eLlmzmhP211Z9SSwLfAhG526rBaCiZ
 mZyHaJYRWoc9Uzu5shtfw0deQhzgmvVFoDNATgEdQqcVtq4KEd5gMmGiMByCoR2x4DMM=;
Received: from wilbur.contactoffice.com ([212.3.242.68])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1oYXdX-0003P5-G8 for openvpn-devel@lists.sourceforge.net;
 Wed, 14 Sep 2022 19:01:31 +0000
Received: from smtpauth1.co-bxl (smtpauth1.co-bxl [10.2.0.15])
 by wilbur.contactoffice.com (Postfix) with ESMTP id 2718438C5;
 Wed, 14 Sep 2022 21:01:21 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1663182081;
 s=20220809-q8oc; d=unstable.cc; i=a@unstable.cc;
 h=From:Cc:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding;
 l=1562; bh=BXWFSCLV1df5Kiq2yRqODvU90M9f2rjR88Xp2SfsEMY=;
 b=oqMmB/yaiBIJYadL070QxMuDPKFl7ufMjX1uPkjkATmb0BIZZYmpz0oV/Bqllw7k
 HzTNvw0lEn3AGv4hNsy4bABT282lLaIAuMo5byZ5SrNPuSLOpQcEhDDwFxm/a3HFcx1
 p90SPcsXlAoyxXnMeFwFF4qFgEJV3XiT3b5N8dMXuveMFSYGA+HQHVMSKvQpXzlGUyt
 7a/sfUQf65mr3prGYJAEFgeXLNpW627vCq/leexXyxTZStbPs6lVK7hlTuIeBu+dkvX
 S8COyzYUtgTYVUTYgA+Ex5I32DXILBPxmCJ5z2OSpWeGyfeWMCUEA793hUkO+2UOxzT
 VgyMOLVLyA==
Received: by smtp.mailfence.com with ESMTPSA ;
 Wed, 14 Sep 2022 21:01:17 +0200 (CEST)
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Wed, 14 Sep 2022 20:59:37 +0200
Message-Id: <20220914185937.31423-2-a@unstable.cc>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220914185937.31423-1-a@unstable.cc>
References: <20220914185937.31423-1-a@unstable.cc>
MIME-Version: 1.0
X-Spam-Status: No, hits=-2.9 required=4.7 symbols=ALL_TRUSTED, BAYES_00,
 T_FILL_THIS_FORM_SHORT, T_SCC_BODY_TEXT_LINE device=10.2.0.20
X-ContactOffice-Account: com:375058688
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Until now, when HTTP proxy user and password were specified
 inline, it was assumed that both creds were specified. A missing password
 would result in an empty password being stored. This behaviour is not ideal,
 as we want to allow the user to store the username, but let the password
 be entered via stdin.
 Content analysis details:   (-0.9 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
 blocked.  See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information. [URIs: unstable.cc]
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [212.3.242.68 listed in list.dnswl.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
 information
X-Headers-End: 1oYXdX-0003P5-G8
Subject: [Openvpn-devel] [PATCH 2/2] get_user_pass_cr: get password from
 stdin if missing inline
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

Until now, when HTTP proxy user and password were specified inline,
it was assumed that both creds were specified. A missing password would
result in an empty password being stored.

This behaviour is not ideal, as we want to allow the user to store the
username, but let the password be entered via stdin.

This affects both http proxy and authentication inline'd creds.

Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
---
 Changes.rst        | 4 +++-
 src/openvpn/misc.c | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/Changes.rst b/Changes.rst
index 2967533a..2daa97fb 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -89,7 +89,9 @@ Data channel offloading with ovpn-dco
 
 Inline auth username and password
     Username and password can now be specified inline in the configuration file
-    within the <auth-user-pass></auth-user-pass> tags.
+    within the <auth-user-pass></auth-user-pass> tags. If the password is
+    missing OpenVPN will prompt for input via stdin. This applies to inline'd
+    http-proxy-user-pass too.
 
 
 Deprecated features
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 07f6e202..50f7f975 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -197,6 +197,11 @@ get_user_pass_cr(struct user_pass *up,
                 buf_parse(&buf, '\n', up->username, USER_PASS_LEN);
             }
             buf_parse(&buf, '\n', up->password, USER_PASS_LEN);
+
+            if (strlen(up->password) == 0)
+            {
+                password_from_stdin = 1;
+            }
         }
         /*
          * Read from auth file unless this is a dynamic challenge request.