summaryrefslogtreecommitdiff
path: root/src/openvpn/misc.c
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2020-04-19 15:52:38 +0200
committerBernhard Schmidt <berni@debian.org>2020-04-19 15:52:38 +0200
commit7728a9676dc67128c9adf56bc1d31a4e5b815b26 (patch)
treeae25e1ac822e848183a4e61eac8d5c53f520f128 /src/openvpn/misc.c
parentf90a78a23c77c840b764b0a95732f3ee3738ef99 (diff)
parent620785fe268a1221c1ba7a9cb5a70f3140a4f1ca (diff)
Update upstream source from tag 'upstream/2.4.9'
Update to upstream version '2.4.9' with Debian dir b64ac777b141e10bd0a11149a47506fd704401b8
Diffstat (limited to 'src/openvpn/misc.c')
-rw-r--r--src/openvpn/misc.c77
1 files changed, 55 insertions, 22 deletions
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index f44c65f..9c5e96e 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -880,6 +880,43 @@ absolute_pathname(const char *pathname)
}
}
+#ifdef ENABLE_MANAGEMENT
+
+/* Get username/password from the management interface */
+static bool
+auth_user_pass_mgmt(struct user_pass *up, const char *prefix, const unsigned int flags,
+ const char *auth_challenge)
+{
+ const char *sc = NULL;
+
+ if (flags & GET_USER_PASS_PREVIOUS_CREDS_FAILED)
+ {
+ management_auth_failure(management, prefix, "previous auth credentials failed");
+ }
+
+#ifdef ENABLE_CLIENT_CR
+ if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE))
+ {
+ sc = auth_challenge;
+ }
+#endif
+
+ if (!management_query_user_pass(management, up, prefix, flags, sc))
+ {
+ if ((flags & GET_USER_PASS_NOFATAL) != 0)
+ {
+ return false;
+ }
+ else
+ {
+ msg(M_FATAL, "ERROR: could not read %s username/password/ok/string from management interface", prefix);
+ }
+ }
+ return true;
+}
+
+#endif /* ifdef ENABLE_MANAGEMENT */
+
/*
* Get and store a username/password
*/
@@ -913,30 +950,10 @@ get_user_pass_cr(struct user_pass *up,
&& (!from_authfile && (flags & GET_USER_PASS_MANAGEMENT))
&& management_query_user_pass_enabled(management))
{
- const char *sc = NULL;
response_from_stdin = false;
-
- if (flags & GET_USER_PASS_PREVIOUS_CREDS_FAILED)
- {
- management_auth_failure(management, prefix, "previous auth credentials failed");
- }
-
-#ifdef ENABLE_CLIENT_CR
- if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE))
+ if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge))
{
- sc = auth_challenge;
- }
-#endif
- if (!management_query_user_pass(management, up, prefix, flags, sc))
- {
- if ((flags & GET_USER_PASS_NOFATAL) != 0)
- {
- return false;
- }
- else
- {
- msg(M_FATAL, "ERROR: could not read %s username/password/ok/string from management interface", prefix);
- }
+ return false;
}
}
else
@@ -1013,6 +1030,22 @@ get_user_pass_cr(struct user_pass *up,
{
strncpy(up->password, password_buf, USER_PASS_LEN);
}
+ /* The auth-file does not have the password: get both username
+ * and password from the management interface if possible.
+ * Otherwise set to read password from console.
+ */
+#if defined(ENABLE_MANAGEMENT)
+ else if (management
+ && (flags & GET_USER_PASS_MANAGEMENT)
+ && management_query_user_pass_enabled(management))
+ {
+ msg(D_LOW, "No password found in %s authfile '%s'. Querying the management interface", prefix, auth_file);
+ if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge))
+ {
+ return false;
+ }
+ }
+#endif
else
{
password_from_stdin = 1;