From patchwork Sun Mar 29 09:32:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 1056 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id SDzDHEIGgV7RFgAAIUCqbw for ; Sun, 29 Mar 2020 16:34:10 -0400 Received: from proxy19.mail.iad3b.rsapps.net ([172.31.255.6]) by director8.mail.ord1d.rsapps.net with LMTP id GK1/GkIGgV4pMQAAfY0hYg ; Sun, 29 Mar 2020 16:34:10 -0400 Received: from smtp23.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy19.mail.iad3b.rsapps.net with LMTP id wKxaFUIGgV6kHgAAIG4riQ ; Sun, 29 Mar 2020 16:34:10 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp23.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: a45f7efa-71fc-11ea-bb4f-525400aa5716-1-1 Received: from [216.105.38.7] ([216.105.38.7:36106] helo=lists.sourceforge.net) by smtp23.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id AF/82-26570-146018E5; Sun, 29 Mar 2020 16:34:10 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jIecH-0006a2-4E; Sun, 29 Mar 2020 20:33:09 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jIecF-0006Zu-2D for openvpn-devel@lists.sourceforge.net; Sun, 29 Mar 2020 20:33:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=naRR7Cg5QMzalseeNqCn6vcM341tm9/oodc51RtBQpE=; b=EvkWFVF7YFzw1QBx9NRuqS9lQa P821AByEFZcrcoqpm3uEuaTev0ME8tEDhZFL7v8u20HKtNunllIrsdtGXsmNYGsBmXRn+D+QCnabA y1x4z5LAmq1dwkLQkDEbtwcilAgcRPVb6p9pfyddJbubmRrdsmGMer3PSGji9dE2RKHo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=naRR7Cg5QMzalseeNqCn6vcM341tm9/oodc51RtBQpE=; b=TvI5cW/BhPyfo2uWPTh+epUIvZ NcTCMpzevVGKhtNfvJ1XRIAvg9ZB61QTbdIYYiEiVyCvl3LKoeCdavbxaTl69GaNAzKwXI4uoFIip WAwJ9VyC4p5WpyysSOJ7Gc16IRD0OSnAlGdGAartgXA8As95it+dp5gPKyJEFDVwpLcM=; Received: from mail-qk1-f196.google.com ([209.85.222.196]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2) id 1jIecD-00EazB-PR for openvpn-devel@lists.sourceforge.net; Sun, 29 Mar 2020 20:33:07 +0000 Received: by mail-qk1-f196.google.com with SMTP id v7so16981394qkc.0 for ; Sun, 29 Mar 2020 13:33:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=naRR7Cg5QMzalseeNqCn6vcM341tm9/oodc51RtBQpE=; b=jxAzy1hmZkTuretCzOKBh7cdTyPb20TxLa4vx3BoCDG0HZYJmhwWi7yYip1glqETrv MyzF0FD4cBFtyiSe9WN7Qmg6ky7DSDlaXoa6FaFEEJmzhL1WLkWh4An4ZcikWUqB4NVx Gtqrf7gu+67o6wf49WqUd7Re4uFEkSGwbw93XZUWbLjdHr7BvwRnieCup6LY/sr19mRZ rLhNju+fvCKG+tA20V0uDYo1iDIFWruV967SuNdv7XTffEBmrzwc3lxxYu4f2bLG4M8n X841BEms9uFNk2E6+KRbcIl9lVctL8HpfoqrEu2qiQbCtuGYD2Ha7ZDB/d1/MKB3DJ0V eAvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=naRR7Cg5QMzalseeNqCn6vcM341tm9/oodc51RtBQpE=; b=gphaFwLFVNYCdiSjIVCvDE1Fc/kpVPfobWJxZgNmoAXwThvnrELlE/oiMLx5XB55CF 9+pD7W3RrnEx8Dy6aGT1DB2uiTEAjKtHjd2TV/uRwqJRGbpieAn7+o4CPHRzAGGCWdt/ IUq3iXLoZ/USHb17GxjdiyDkGARDCnS3gXBU2gPYAcsKlF0Nbjg6eMSox06AU3KNKhcL rRrtHURa9t6i06CEC7qZ4Zlq6Mew4z8t5RGi8bza9cBTwNgeGFfBdJUh1TUWrdlAsSrH zbfZbQ41sJ1gmUSZFs1pWLMF5m1B0Z8k2LXqxuSoW7EpMAJPfresne1jnV8mznvCIThV +iIg== X-Gm-Message-State: ANhLgQ21mWRp5c8hCQG84G4UhDyAJBONwA7Fz7g/H4nESrktWT/Y8S1S fDegkA0MDJasvhKnsx0sfA2WEqNOrvE= X-Google-Smtp-Source: ADFU+vtA2jrLXadpLl6NnEFhH/tYbJJ8yWmalP/Xk6uv0L2v4Gaz5sM/V7cPj/4d8O2dmkwxo/JFOA== X-Received: by 2002:a05:620a:1275:: with SMTP id b21mr5922714qkl.198.1585513978444; Sun, 29 Mar 2020 13:32:58 -0700 (PDT) Received: from saturn.home.sansel.ca (CPE40167ea0e1c2-CM788df74daaa0.cpe.net.cable.rogers.com. [99.228.216.21]) by smtp.gmail.com with ESMTPSA id f19sm8989794qtq.78.2020.03.29.13.32.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 29 Mar 2020 13:32:57 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 29 Mar 2020 16:32:49 -0400 Message-Id: <1585513970-32658-1-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.1.4 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.222.196 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.222.196 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1jIecD-00EazB-PR Subject: [Openvpn-devel] [PATCH 1/2] Move querying username/password from management to a function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair This helps the next patch. No functionality changes, only refactoring. Signed-off-by: Selva Nair --- src/openvpn/misc.c | 54 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 34 insertions(+), 20 deletions(-) diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 1931149..0d5ac30 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -116,6 +116,38 @@ hostname_randomize(const char *hostname, struct gc_arena *gc) #undef n_rnd_bytes } +#ifdef ENABLE_MANAGEMENT +/* Get username/password from the management interface */ +static bool +auth_user_pass_mgmt(struct user_pass *up, const char *prefix, const unsigned int flags, + const char *auth_challenge) +{ + const char *sc = NULL; + + if (flags & GET_USER_PASS_PREVIOUS_CREDS_FAILED) + { + management_auth_failure(management, prefix, "previous auth credentials failed"); + } + + if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE)) + { + sc = auth_challenge; + } + if (!management_query_user_pass(management, up, prefix, flags, sc)) + { + if ((flags & GET_USER_PASS_NOFATAL) != 0) + { + return false; + } + else + { + msg(M_FATAL, "ERROR: could not read %s username/password/ok/string from management interface", prefix); + } + } + return true; +} +#endif + /* * Get and store a username/password */ @@ -149,28 +181,10 @@ get_user_pass_cr(struct user_pass *up, && (!from_authfile && (flags & GET_USER_PASS_MANAGEMENT)) && management_query_user_pass_enabled(management)) { - const char *sc = NULL; response_from_stdin = false; - - if (flags & GET_USER_PASS_PREVIOUS_CREDS_FAILED) + if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge)) { - management_auth_failure(management, prefix, "previous auth credentials failed"); - } - - if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE)) - { - sc = auth_challenge; - } - if (!management_query_user_pass(management, up, prefix, flags, sc)) - { - if ((flags & GET_USER_PASS_NOFATAL) != 0) - { - return false; - } - else - { - msg(M_FATAL, "ERROR: could not read %s username/password/ok/string from management interface", prefix); - } + return false; } } else From patchwork Sun Mar 29 09:32:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 1057 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 2CRTBUMGgV7lFgAAIUCqbw for ; Sun, 29 Mar 2020 16:34:11 -0400 Received: from proxy13.mail.iad3b.rsapps.net ([172.31.255.6]) by director12.mail.ord1d.rsapps.net with LMTP id CIf6AkMGgV6iGwAAIasKDg ; Sun, 29 Mar 2020 16:34:11 -0400 Received: from smtp14.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.iad3b.rsapps.net with LMTP id eG+jOEIGgV7vQAAAvUvv+w ; Sun, 29 Mar 2020 16:34:10 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp14.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: a4d58fa0-71fc-11ea-8c96-52540057873d-1-1 Received: from [216.105.38.7] ([216.105.38.7:40808] helo=lists.sourceforge.net) by smtp14.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 83/20-22400-246018E5; Sun, 29 Mar 2020 16:34:10 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jIecH-0001Ka-RY; Sun, 29 Mar 2020 20:33:09 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jIecG-0001KS-Ha for openvpn-devel@lists.sourceforge.net; Sun, 29 Mar 2020 20:33:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=4AiXTtERiskRMV9zDjOqFR81IiBJya5x3fX5hcoggyQ=; b=Eev16O36Rh30MPGwF20FRqXFKJ 1HpHNzKHEhRr7F9Sx5T1OfOifhKQAAExD+l0rET5T4tT1VGntkao4KUqbCtnsSbpbhoP3cMfzenSK iti7dtBVDQ2ETcZTB9DT4HXnRhlxT2VhuYk8XPQosrfE7TdugV0/bNN5QOTlta977ZfM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=4AiXTtERiskRMV9zDjOqFR81IiBJya5x3fX5hcoggyQ=; b=Db0UeLQIQkCbLWfEwmBQ1zvIFz Z5GCcZrMxp9BfiQ2KjhylYA8eseQbFnb96a9CUDiTlm4+r468/FvBnHe/H7WcLN7Pm7zr205lY8B3 HwqtQXVdsbwAstMT9LkOstfsrxLnUH3tTtcxL/VLAA72cSCyquzm34v/D+XInc6vs08c=; Received: from mail-qk1-f195.google.com ([209.85.222.195]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2) id 1jIecE-00EazR-HI for openvpn-devel@lists.sourceforge.net; Sun, 29 Mar 2020 20:33:08 +0000 Received: by mail-qk1-f195.google.com with SMTP id x3so16947536qki.4 for ; Sun, 29 Mar 2020 13:33:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4AiXTtERiskRMV9zDjOqFR81IiBJya5x3fX5hcoggyQ=; b=EXAeV5D3qcfMlCSKlhOYfrNRS83bXrobQ5szzjAcPk6Ld90I4tiJHYqOfvkvDRZSsA zd7xWnmGQXeuCQfrb19buthdLxzYYxiDYH+4tw0SrBzdTMOODBfgXg8acdCVErOrA7iA 8cl9F3gJ8HHPJTs9QsGEMbFPGEhICVrXOc9aSJJ2ADrIwxpmQKFbVp6XL7P643YLD8mL hkjNvesiyTPohXrUR+QTA7KgRrJZEh3a4SwwsMEIpOtzexD6z+Jf0D3wU0+I091NHgPP ml0JsZgvKUqAwuANWIGtzSRUhsUFs1tABBH9D5NOFZn9DuPEjLqX0iHk4VvxPKVq5wzK VuxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4AiXTtERiskRMV9zDjOqFR81IiBJya5x3fX5hcoggyQ=; b=dViAq66NydG9HmcFlUlQ80t/PVcVVY56IMQgc+BePrESgpOQElA1Xz2Cskd1Luj47d 0GERQ9PBdheUf47L1TVmiu1Kvq3QSk2JEI2DwX0PyGPzF2pQ1VnAplqfJ8TocDp7MUxt gTzskBwUqbB/2Onop5k3leRAgSxwgyBrkslFDW5xt7OZRgTgKF3ooYMGgpz/ukXrwzCB DaouNqiJI10r+OOkSIqee0mlEwQxiYR9x/7NSrPdCLM9KZ89+AyKerHJJ1T014X4Hd7V DRhuQUUjsx96Df0x+Cmfq2IWKAk3D9hguDZhJ82EJ5ehVodsABYS/iKXwBnpOP6aJYId EEyw== X-Gm-Message-State: ANhLgQ3o2NwLy46ezBJSLUWk4FBCVtOURctqyD+mcpehz1w64CKezUPF bURzWWnn4mdVDeNgOeVx1m6kzLD5IXc= X-Google-Smtp-Source: ADFU+vuEFbS5jWF1mTyHc0QYjbasEyDf7vXS/sKAwbjf7sCpQgbBrx7fHGtNBsH0aiZzsJ0ufvpOVg== X-Received: by 2002:a05:620a:1f1:: with SMTP id x17mr7167790qkn.60.1585513980300; Sun, 29 Mar 2020 13:33:00 -0700 (PDT) Received: from saturn.home.sansel.ca (CPE40167ea0e1c2-CM788df74daaa0.cpe.net.cable.rogers.com. [99.228.216.21]) by smtp.gmail.com with ESMTPSA id f19sm8989794qtq.78.2020.03.29.13.32.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 29 Mar 2020 13:32:59 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 29 Mar 2020 16:32:50 -0400 Message-Id: <1585513970-32658-2-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1585513970-32658-1-git-send-email-selva.nair@gmail.com> References: <1585513970-32658-1-git-send-email-selva.nair@gmail.com> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.222.195 listed in list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.222.195 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1jIecE-00EazR-HI Subject: [Openvpn-devel] [PATCH 2/2] When auth-user-pass file has no password, query the management X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair If only username is found in the file, redirect the auth-user-pass query to the management on Windows if (i) management-query-passwords is enabled and (ii) stdout is redirected to a log file. These restrictions avoid regressive behaviour: those running from the command line will continue to get the prompt on the console and if both username and password are in the file those will continue to get used. Note that the management will prompt for both username and password ignoring the username read from the file. As the GUI saves the username, this is a one-time inconvenience. Currently, the password is queried on the console (or systemd) in such cases. This is not sensible on windows if log file is redirected (prompt goes to the log file), or the console is not available as happens when the GUI is in use. Trac # 757 Signed-off-by: Selva Nair --- src/openvpn/error.c | 9 +++++++++ src/openvpn/error.h | 3 +++ src/openvpn/misc.c | 17 +++++++++++++++++ 3 files changed, 29 insertions(+) diff --git a/src/openvpn/error.c b/src/openvpn/error.c index ad4f0ef..8ce6873 100644 --- a/src/openvpn/error.c +++ b/src/openvpn/error.c @@ -190,6 +190,15 @@ errors_to_stderr(void) } /* + * Return true if stdout is redirected to log file + */ +bool +is_stdout_redirected(void) +{ + return std_redir; +} + +/* * Return a file to print messages to before syslog is opened. */ FILE * diff --git a/src/openvpn/error.h b/src/openvpn/error.h index eaedf17..5078f6a 100644 --- a/src/openvpn/error.h +++ b/src/openvpn/error.h @@ -398,6 +398,9 @@ nonfatal(const unsigned int err) return err & M_FATAL ? (err ^ M_FATAL) | M_NONFATAL : err; } +/** Return true if stdout is redirected to log file */ +bool is_stdout_redirected(void); + #include "errlevel.h" #endif /* ifndef ERROR_H */ diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 0d5ac30..02afd98 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -261,6 +261,23 @@ get_user_pass_cr(struct user_pass *up, { strncpy(up->password, password_buf, USER_PASS_LEN); } + /* The auth-file does not have the password: if we are on Windows + * and stdout has been redirected to log file, try to get both username + * and password from the management. + * Otherwise set to read password from console. + */ +#if defined(ENABLE_MANAGEMENT) && defined(_WIN32) + else if (is_stdout_redirected() + && management + && (flags & GET_USER_PASS_MANAGEMENT) + && management_query_user_pass_enabled(management)) + { + if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge)) + { + return false; + } + } +#endif else { password_from_stdin = 1;