diff options
author | Bernhard Schmidt <berni@debian.org> | 2020-04-19 15:52:33 +0200 |
---|---|---|
committer | Bernhard Schmidt <berni@debian.org> | 2020-04-19 15:52:33 +0200 |
commit | 620785fe268a1221c1ba7a9cb5a70f3140a4f1ca (patch) | |
tree | 7b876715822d9620801283022ba73f2fce7387a3 /src/openvpn/misc.c | |
parent | 8a3450ef8682b9085637d7b94afc5c7e6f92e64b (diff) |
New upstream version 2.4.9upstream/2.4.9
Diffstat (limited to 'src/openvpn/misc.c')
-rw-r--r-- | src/openvpn/misc.c | 77 |
1 files changed, 55 insertions, 22 deletions
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index f44c65f..9c5e96e 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -880,6 +880,43 @@ absolute_pathname(const char *pathname) } } +#ifdef ENABLE_MANAGEMENT + +/* Get username/password from the management interface */ +static bool +auth_user_pass_mgmt(struct user_pass *up, const char *prefix, const unsigned int flags, + const char *auth_challenge) +{ + const char *sc = NULL; + + if (flags & GET_USER_PASS_PREVIOUS_CREDS_FAILED) + { + management_auth_failure(management, prefix, "previous auth credentials failed"); + } + +#ifdef ENABLE_CLIENT_CR + if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE)) + { + sc = auth_challenge; + } +#endif + + if (!management_query_user_pass(management, up, prefix, flags, sc)) + { + if ((flags & GET_USER_PASS_NOFATAL) != 0) + { + return false; + } + else + { + msg(M_FATAL, "ERROR: could not read %s username/password/ok/string from management interface", prefix); + } + } + return true; +} + +#endif /* ifdef ENABLE_MANAGEMENT */ + /* * Get and store a username/password */ @@ -913,30 +950,10 @@ get_user_pass_cr(struct user_pass *up, && (!from_authfile && (flags & GET_USER_PASS_MANAGEMENT)) && management_query_user_pass_enabled(management)) { - const char *sc = NULL; response_from_stdin = false; - - if (flags & GET_USER_PASS_PREVIOUS_CREDS_FAILED) - { - management_auth_failure(management, prefix, "previous auth credentials failed"); - } - -#ifdef ENABLE_CLIENT_CR - if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE)) + if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge)) { - sc = auth_challenge; - } -#endif - if (!management_query_user_pass(management, up, prefix, flags, sc)) - { - if ((flags & GET_USER_PASS_NOFATAL) != 0) - { - return false; - } - else - { - msg(M_FATAL, "ERROR: could not read %s username/password/ok/string from management interface", prefix); - } + return false; } } else @@ -1013,6 +1030,22 @@ get_user_pass_cr(struct user_pass *up, { strncpy(up->password, password_buf, USER_PASS_LEN); } + /* The auth-file does not have the password: get both username + * and password from the management interface if possible. + * Otherwise set to read password from console. + */ +#if defined(ENABLE_MANAGEMENT) + else if (management + && (flags & GET_USER_PASS_MANAGEMENT) + && management_query_user_pass_enabled(management)) + { + msg(D_LOW, "No password found in %s authfile '%s'. Querying the management interface", prefix, auth_file); + if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge)) + { + return false; + } + } +#endif else { password_from_stdin = 1; |