diff options
| author | Selva Nair | 2020-03-30 14:05:27 -0400 |
|---|---|---|
| committer | Gert Doering | 2020-04-03 10:34:23 +0200 |
| commit | 57578310992d1fbe8eff97049087c5308089acb5 (patch) | |
| tree | 30f8126ad6de29f28a13664d2800d2aa2e286031 /src | |
| parent | 8e5d30cf47da63040114c00eab838bbb1c520781 (diff) | |
| download | openvpn-57578310992d1fbe8eff97049087c5308089acb5.zip openvpn-57578310992d1fbe8eff97049087c5308089acb5.tar.gz | |
When auth-user-pass file has no password query the management interface
(if available).
When only username is found in the file, redirect the auth-user-pass
query to the management interface if management-query-passwords is
enabled. Otherwise the user is prompted on console, if available,
as before.
This changes the behaviour for those who run from the command line,
with --management-query-passwords, but still expect the prompt
on the console.
Note that the management interface will prompt for both username and
password ignoring the username read from the file. As most GUIs can
save the the username, this is a one-time inconvenience.
Currently, the password is queried on the console (or systemd)
in such cases. This is not sensible when console is not available
(windows GUI, tunnelblick etc.) or when the log is redirected
to a file on Windows (for some reason prompt goes to the log file).
Trac # 757
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1585591527-23734-2-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19655.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src')
| -rw-r--r-- | src/openvpn/misc.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 0d5ac30..1c17948 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -261,6 +261,22 @@ get_user_pass_cr(struct user_pass *up, { strncpy(up->password, password_buf, USER_PASS_LEN); } + /* The auth-file does not have the password: get both username + * and password from the management interface if possible. + * Otherwise set to read password from console. + */ +#if defined(ENABLE_MANAGEMENT) + else if (management + && (flags & GET_USER_PASS_MANAGEMENT) + && management_query_user_pass_enabled(management)) + { + msg(D_LOW, "No password found in %s authfile '%s'. Querying the management interface", prefix, auth_file); + if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge)) + { + return false; + } + } +#endif else { password_from_stdin = 1; |