From patchwork Mon Mar 30 07:05:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 1061 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.27.255.50]) by backend30.mail.ord1d.rsapps.net with LMTP id 4JO7ID81gl7GDwAAIUCqbw for ; Mon, 30 Mar 2020 14:06:55 -0400 Received: from proxy21.mail.iad3a.rsapps.net ([172.27.255.50]) by director11.mail.ord1d.rsapps.net with LMTP id +MNrHj81gl6ZLwAAvGGmqA ; Mon, 30 Mar 2020 14:06:55 -0400 Received: from smtp12.gate.iad3a ([172.27.255.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy21.mail.iad3a.rsapps.net with LMTP id kBFyGT81gl4RfQAASBQwCQ ; Mon, 30 Mar 2020 14:06:55 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp12.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 3c80edcc-72b1-11ea-9bfd-525400068c1c-1-1 Received: from [216.105.38.7] ([216.105.38.7:48466] helo=lists.sourceforge.net) by smtp12.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id BE/46-14857-E35328E5; Mon, 30 Mar 2020 14:06:54 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jIynJ-0007cD-2s; Mon, 30 Mar 2020 18:05:53 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jIynH-0007c1-8C for openvpn-devel@lists.sourceforge.net; Mon, 30 Mar 2020 18:05:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=kBsPwDMLawqfWuWlJJ2BlOZNxb3Q+/QTnGYMHTi7BYY=; b=lxHDTriHjBswi7Lkyydq/lxypn 3Cf+EsB5Yo5yWgo9iiYdn4Rn50etEPt0ndzh2ze0CtYBvAM2QLf/zCL0AtZy4GC9jpo9/fQN3xVJv ZptaSUt0OdXE9bAYmNNlDWoP0ocJcOlxgh9310htqVuFuwkSe7BQ0qQFJvWdEu2bt6uk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=kBsPwDMLawqfWuWlJJ2BlOZNxb3Q+/QTnGYMHTi7BYY=; b=ITA9WD4XSnQg6cM4PKE5hiEhOU WAHH1jaRamQ0tWUYrYQW5DAOrq9pI0z8OYBGz9PSznnx6HOcHMo+X/uU8U4ICU8Eq9TZBhuZ3Z7+n GTTiOEW7Q1h42RlKqGsuvq1KxS0+ngdLlgeZfLRFJo9mw4nHFjimvTkE40p29ony24eg=; Received: from mail-qk1-f196.google.com ([209.85.222.196]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2) id 1jIynE-00ChX3-7Y for openvpn-devel@lists.sourceforge.net; Mon, 30 Mar 2020 18:05:51 +0000 Received: by mail-qk1-f196.google.com with SMTP id j4so20011124qkc.11 for ; Mon, 30 Mar 2020 11:05:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=kBsPwDMLawqfWuWlJJ2BlOZNxb3Q+/QTnGYMHTi7BYY=; b=rdYikXUu5Oi5WTwP9wSHs7SSooPGIzpZ0WNq0AE1N2pHz7YW6wMTJlWNQ5l3aPhohS aifuPRurJC/OmRwqWt0gYnSsYMPdfLNXz6p1/OoyJcxO82zmXYRvRvCSGk0CxlBbXq8Q 7a3GqNo+ztdGxmRh6oQlsj13A1WHZ0OttrKL+/V/dOo1dWr0K2bQboQ2CMXKEPAKJRKG DWjOGyFb+i5As44tx0ATETHN+p2ha5FsG0CdvO2mLWXeLf6EDPtYC0Sl8x9lMkcQ0PXw 8s5emoTF/7AbbzmNn1lzzT5jCrfoa5T3WpsV0riTdcLLoEbjNv+pVSRNDO7NTL28nVWo FzMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=kBsPwDMLawqfWuWlJJ2BlOZNxb3Q+/QTnGYMHTi7BYY=; b=ksgCm42owU9WzF2g/fTXQxcobGxQGucMY/qaYtlT/n5SNJu9+o0e6ykf6Thm3vFCqU bLo+T/idj0O6pDx7IMhH0czaxL0cb8+Y4nTzUERuQwsMUiaM8Z652VB+lms9um0HCz1N rUDZpLSdIhwUdhN5AlRRs5EDjJeV5hY1W2EC7dulasokF7xzRR8Nja23pgkElcaHbC7m 13SrYMqopq01h9/oFSIgUKWIRErdz8qk4A/AGv5uDSXiyaJBzdzNtGMICKUyb8hYRJdH jS3K0vcaeGag0eyM1p0CCVP6uMTHw8SfrJIXnVn3zPSjyQtteZOh0/GeDp3RoYfTqMyK FG8Q== X-Gm-Message-State: ANhLgQ0Z2Lswp+onmV1FByfAsWF5aryE6ihoBs2peig1ix60rODnzFXX 9RfEPmfrU2+eK++Fc4mPwjYIcbf/Vks= X-Google-Smtp-Source: ADFU+vu/mkwf9hMPHyIbNVYFo2+YpNT6ZtgXtgZxHIiXCD3utpSj5WrgIUJ74tY4gnCMlHHT4bjEEg== X-Received: by 2002:a37:bec5:: with SMTP id o188mr1253969qkf.165.1585591540964; Mon, 30 Mar 2020 11:05:40 -0700 (PDT) Received: from saturn.home.sansel.ca (CPE40167ea0e1c2-CM788df74daaa0.cpe.net.cable.rogers.com. [99.228.216.21]) by smtp.gmail.com with ESMTPSA id h129sm10432430qkf.54.2020.03.30.11.05.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 30 Mar 2020 11:05:40 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Mon, 30 Mar 2020 14:05:26 -0400 Message-Id: <1585591527-23734-1-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1585513970-32658-2-git-send-email-selva.nair@gmail.com> References: <1585513970-32658-2-git-send-email-selva.nair@gmail.com> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.222.196 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.222.196 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1jIynE-00ChX3-7Y Subject: [Openvpn-devel] [PATCH v2 1/2] Move querying username/password from management to a function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair This helps the next patch. No functionality changes, only refactoring. Signed-off-by: Selva Nair Acked-by: Gert Doering --- No changes from v1 src/openvpn/misc.c | 54 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 34 insertions(+), 20 deletions(-) diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 1931149..0d5ac30 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -116,6 +116,38 @@ hostname_randomize(const char *hostname, struct gc_arena *gc) #undef n_rnd_bytes } +#ifdef ENABLE_MANAGEMENT +/* Get username/password from the management interface */ +static bool +auth_user_pass_mgmt(struct user_pass *up, const char *prefix, const unsigned int flags, + const char *auth_challenge) +{ + const char *sc = NULL; + + if (flags & GET_USER_PASS_PREVIOUS_CREDS_FAILED) + { + management_auth_failure(management, prefix, "previous auth credentials failed"); + } + + if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE)) + { + sc = auth_challenge; + } + if (!management_query_user_pass(management, up, prefix, flags, sc)) + { + if ((flags & GET_USER_PASS_NOFATAL) != 0) + { + return false; + } + else + { + msg(M_FATAL, "ERROR: could not read %s username/password/ok/string from management interface", prefix); + } + } + return true; +} +#endif + /* * Get and store a username/password */ @@ -149,28 +181,10 @@ get_user_pass_cr(struct user_pass *up, && (!from_authfile && (flags & GET_USER_PASS_MANAGEMENT)) && management_query_user_pass_enabled(management)) { - const char *sc = NULL; response_from_stdin = false; - - if (flags & GET_USER_PASS_PREVIOUS_CREDS_FAILED) + if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge)) { - management_auth_failure(management, prefix, "previous auth credentials failed"); - } - - if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE)) - { - sc = auth_challenge; - } - if (!management_query_user_pass(management, up, prefix, flags, sc)) - { - if ((flags & GET_USER_PASS_NOFATAL) != 0) - { - return false; - } - else - { - msg(M_FATAL, "ERROR: could not read %s username/password/ok/string from management interface", prefix); - } + return false; } } else From patchwork Mon Mar 30 07:05:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 1060 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.27.255.53]) by backend30.mail.ord1d.rsapps.net with LMTP id +HcBFj81gl4jJQAAIUCqbw for ; Mon, 30 Mar 2020 14:06:55 -0400 Received: from proxy15.mail.iad3a.rsapps.net ([172.27.255.53]) by director12.mail.ord1d.rsapps.net with LMTP id +GqtEj81gl60LgAAIasKDg ; Mon, 30 Mar 2020 14:06:55 -0400 Received: from smtp2.gate.iad3a ([172.27.255.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy15.mail.iad3a.rsapps.net with LMTP id OJkTDD81gl7RPgAAHi9b9g ; Mon, 30 Mar 2020 14:06:55 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp2.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 3c9ffca8-72b1-11ea-bfb8-525400de56ae-1-1 Received: from [216.105.38.7] ([216.105.38.7:41228] helo=lists.sourceforge.net) by smtp2.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 7A/58-22350-E35328E5; Mon, 30 Mar 2020 14:06:54 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jIynY-0005ML-K0; Mon, 30 Mar 2020 18:06:08 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jIynW-0005MC-CF for openvpn-devel@lists.sourceforge.net; Mon, 30 Mar 2020 18:06:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=xOKkDHG2GWZ126/rCzcxDp3KuSmwJLVWMwqLiIBnhws=; b=VyWnoVwGIbOHoor5YMG5f3VMS0 CS9sNIlOqvjDc3vQkuMVTUVaPY/SvlwIKQLzHnGtsteRF86y5TrUxk4rLRwWhdWaIX9Rj/hey4w8l YFCeRmxEWGKhFIjIR6FzLNeW9rbm/R1PXnoN5fUlL943tI0IhyoXZXrEtziHvaB54/KU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=xOKkDHG2GWZ126/rCzcxDp3KuSmwJLVWMwqLiIBnhws=; b=SMObJI7eE51xCUIm3h8dYs/Zs8 +ZO0eoDcMv6piLqLXO6mdI7HsJwP01zExZlO8W7+Kehn0RO57/Tupt5IlFTVc3IKGXGc761fbCFgS 3s5E0JkxtLWvuALbSbu1pnyd4mWm/MPzYmpZWLPUBV5h7puvKuTJhPrb6tTM11q1TX1E=; Received: from mail-qt1-f193.google.com ([209.85.160.193]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2) id 1jIynU-00ChXR-5a for openvpn-devel@lists.sourceforge.net; Mon, 30 Mar 2020 18:06:06 +0000 Received: by mail-qt1-f193.google.com with SMTP id a5so15900886qtw.10 for ; Mon, 30 Mar 2020 11:06:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=xOKkDHG2GWZ126/rCzcxDp3KuSmwJLVWMwqLiIBnhws=; b=X/t3G774fTBnLb7nHjipXoaWaGm38ZzeCZZBTd9vlspardvSRSXB8KivS3C4NtkE7U y91lgsBha5bJWHWRjvpSTdefXsg+TICKqAKxw0dFsYSPjTcmd5I/vvJqyx3K2YdM4DsV DmF6CTIuaYjjrSpeL37VUogRmDZfKra806A9IJ1Kjrb6hinMv1tNNkpHVafHC6VGGYd+ oJsVo51yGbjlgixo6omyOTgAXL+2RQv9GBZPLA5U31LG3xJstKOWs6ELOqnYU1JQG169 hHaF7l/AvsPQAiLd++kLOYMX9IQQ8+9YwyIH7zE0d3Q5rV6txaO74jhV0z6LRx4/bEPn aqiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=xOKkDHG2GWZ126/rCzcxDp3KuSmwJLVWMwqLiIBnhws=; b=GTc2AhLQyZlXgfASPKS4EDe9uF2VdfAh1P7csWBHYt1qeY4ITxZ9BUGCS/QeRiQdb6 pWdvDJ20yNHE/KKYNWULA5X4UAX/zyhZAz3UazUlIyF+STM+d4+KVov/eG1l6UoIatNO r1QycjpxYCH16kkKPWd0CwazMqiqqqntIKYYDP/4CRdbnO8a4e/DSY7G9kSgcAVfV1lb xlLBp4PpWnLzjWY+cY23J6W9dsMfjQ2cZUQhnfui75GSfE6C+PAtHT2FL5dTEHIpPYXE 8psuO18aavYPizNEWJmTrPeUQwiUF8zGptnKYctqDY/DmO6GGnAriWi9nPUP5aBzed2Q WjBg== X-Gm-Message-State: ANhLgQ1S3z6kr1cTfYyKkSKH+ld5JETvL8A38ykmuwKw+/cPmriAMRvF qYwB4cZ+1zDQPiRJBXgokWGDdQ7hnSQ= X-Google-Smtp-Source: ADFU+vt8viXjULQxoGCc4QXU96gBBVXFVFeToJwHj7LlYEPeKCESv4k5B5jWveQyvuXRZkMYaXJWEw== X-Received: by 2002:ac8:366d:: with SMTP id n42mr1265391qtb.180.1585591557754; Mon, 30 Mar 2020 11:05:57 -0700 (PDT) Received: from saturn.home.sansel.ca (CPE40167ea0e1c2-CM788df74daaa0.cpe.net.cable.rogers.com. [99.228.216.21]) by smtp.gmail.com with ESMTPSA id h129sm10432430qkf.54.2020.03.30.11.05.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 30 Mar 2020 11:05:57 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Mon, 30 Mar 2020 14:05:27 -0400 Message-Id: <1585591527-23734-2-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1585591527-23734-1-git-send-email-selva.nair@gmail.com> References: <1585513970-32658-2-git-send-email-selva.nair@gmail.com> <1585591527-23734-1-git-send-email-selva.nair@gmail.com> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.160.193 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [209.85.160.193 listed in wl.mailspike.net] -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1jIynU-00ChXR-5a Subject: [Openvpn-devel] [PATCH v2 2/2] When auth-user-pass file has no password, query the management X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair When only username is found in the file, redirect the auth-user-pass query to the management if management-query-passwords is enabled. Otherwise the user is prompted on console, if available, as before. This changes the behaviour for those who run from the command line, with --management-query-passwords, but still expect the prompt on the console. Note that the management will prompt for both username and password ignoring the username read from the file. As most GUIs can save the the username, this is a one-time inconvenience. Currently, the password is queried on the console (or systemd) in such cases. This is not sensible when console is not available (windows GUI, tunnelblick etc.) or when the log is redirected to a file on Windows (for some reason prompt goes to the log file). Trac # 757 Signed-off-by: Selva Nair Acked-by: Gert Doering --- v2: Following discussions with Jonathan and Gert, removed the dependence on stdout redirection and applied to all platforms. src/openvpn/misc.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 0d5ac30..546cd71 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -261,6 +261,22 @@ get_user_pass_cr(struct user_pass *up, { strncpy(up->password, password_buf, USER_PASS_LEN); } + /* The auth-file does not have the password: get both username + * and password from the management if possible. + * Otherwise set to read password from console. + */ +#if defined(ENABLE_MANAGEMENT) + else if (management + && (flags & GET_USER_PASS_MANAGEMENT) + && management_query_user_pass_enabled(management)) + { + msg(D_LOW, "No password found in %s authfile '%s'. Querying the management", prefix, auth_file); + if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge)) + { + return false; + } + } +#endif else { password_from_stdin = 1;