summaryrefslogtreecommitdiff
path: root/src/openvpn/misc.c
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2016-05-10 17:40:25 +0200
committerAlberto Gonzalez Iniesta <agi@inittab.org>2016-05-10 17:40:25 +0200
commitfd1989a44e8b5f8a1204268c0b831e1215d345c5 (patch)
treeb7953a8e1b3bd31ab9b25ed4a87b66f43cba2007 /src/openvpn/misc.c
parent5ed34d2384cae48c45501f30c9e69512fe54b3ec (diff)
parentffca24bed7a03d95585ad02278667abe75d8b272 (diff)
Merge tag 'upstream/2.3.11'
Upstream version 2.3.11
Diffstat (limited to 'src/openvpn/misc.c')
-rw-r--r--src/openvpn/misc.c37
1 files changed, 25 insertions, 12 deletions
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 04a5b5f..48ca0d5 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -1044,6 +1044,7 @@ get_user_pass_cr (struct user_pass *up,
bool from_authfile = (auth_file && !streq (auth_file, "stdin"));
bool username_from_stdin = false;
bool password_from_stdin = false;
+ bool response_from_stdin = true;
if (flags & GET_USER_PASS_PREVIOUS_CREDS_FAILED)
msg (M_WARN, "Note: previous '%s' credentials failed", prefix);
@@ -1053,10 +1054,11 @@ get_user_pass_cr (struct user_pass *up,
* Get username/password from management interface?
*/
if (management
- && ((auth_file && streq (auth_file, "management")) || (!from_authfile && (flags & GET_USER_PASS_MANAGEMENT)))
+ && (!from_authfile && (flags & GET_USER_PASS_MANAGEMENT))
&& management_query_user_pass_enabled (management))
{
const char *sc = NULL;
+ response_from_stdin = false;
if (flags & GET_USER_PASS_PREVIOUS_CREDS_FAILED)
management_auth_failure (management, prefix, "previous auth credentials failed");
@@ -1090,7 +1092,10 @@ get_user_pass_cr (struct user_pass *up,
if (!strlen (up->password))
strcpy (up->password, "ok");
}
- else if (from_authfile)
+ /*
+ * Read from auth file unless this is a dynamic challenge request.
+ */
+ else if (from_authfile && !(flags & GET_USER_PASS_DYNAMIC_CHALLENGE))
{
/*
* Try to get username/password from a file.
@@ -1141,10 +1146,10 @@ get_user_pass_cr (struct user_pass *up,
/*
* Get username/password from standard input?
*/
- if (username_from_stdin || password_from_stdin)
+ if (username_from_stdin || password_from_stdin || response_from_stdin)
{
#ifdef ENABLE_CLIENT_CR
- if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE))
+ if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE) && response_from_stdin)
{
struct auth_challenge_info *ac = get_auth_challenge (auth_challenge, &gc);
if (ac)
@@ -1154,7 +1159,8 @@ get_user_pass_cr (struct user_pass *up,
buf_set_write (&packed_resp, (uint8_t*)up->password, USER_PASS_LEN);
msg (M_INFO|M_NOPREFIX, "CHALLENGE: %s", ac->challenge_text);
- if (!get_console_input ("Response:", BOOL_CAST(ac->flags&CR_ECHO), response, USER_PASS_LEN))
+ if (!get_console_input (ac->challenge_text, BOOL_CAST(ac->flags&CR_ECHO),
+ response, USER_PASS_LEN))
msg (M_FATAL, "ERROR: could not read challenge response from stdin");
strncpynt (up->username, ac->user, USER_PASS_LEN);
buf_printf (&packed_resp, "CRV1::%s::%s", ac->state_id, response);
@@ -1185,14 +1191,16 @@ get_user_pass_cr (struct user_pass *up,
msg (M_FATAL, "ERROR: could not not read %s password from stdin", prefix);
#ifdef ENABLE_CLIENT_CR
- if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE))
+ if (auth_challenge && (flags & GET_USER_PASS_STATIC_CHALLENGE) && response_from_stdin)
{
char *response = (char *) gc_malloc (USER_PASS_LEN, false, &gc);
struct buffer packed_resp;
char *pw64=NULL, *resp64=NULL;
msg (M_INFO|M_NOPREFIX, "CHALLENGE: %s", auth_challenge);
- if (!get_console_input ("Response:", BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO), response, USER_PASS_LEN))
+
+ if (!get_console_input (auth_challenge, BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO),
+ response, USER_PASS_LEN))
msg (M_FATAL, "ERROR: could not read static challenge response from stdin");
if (openvpn_base64_encode(up->password, strlen(up->password), &pw64) == -1
|| openvpn_base64_encode(response, strlen(response), &resp64) == -1)
@@ -1648,22 +1656,27 @@ argv_system_str_append (struct argv *a, const char *str, const bool enquote)
static char *
argv_extract_cmd_name (const char *path)
{
+ char *ret = NULL;
if (path)
{
char *path_cp = string_alloc(path, NULL); /* POSIX basename() implementaions may modify its arguments */
const char *bn = basename (path_cp);
if (bn)
{
- char *ret = string_alloc (bn, NULL);
- char *dot = strrchr (ret, '.');
+ char *dot = NULL;
+ ret = string_alloc (bn, NULL);
+ dot = strrchr (ret, '.');
if (dot)
*dot = '\0';
free(path_cp);
- if (ret[0] != '\0')
- return ret;
+ if (ret[0] == '\0')
+ {
+ free(ret);
+ ret = NULL;
+ }
}
}
- return NULL;
+ return ret;
}
const char *