Re: [Openvpn-devel] [PATCH v2 2/2] When auth-user-pass file has no password, query the management

Thu, 02 Apr 2020 09:57:40 -0700 

Hi,

On Mon, Mar 30, 2020 at 2:06 PM <selva.n...@gmail.com> wrote:
>
> From: Selva Nair <selva.n...@gmail.com>
>
> When only username is found in the file, redirect the auth-user-pass
> query to the management if management-query-passwords is enabled.
> Otherwise the user is prompted on console, if available, as before.
>
> This changes the behaviour for those who run from the command line,
> with --management-query-passwords, but still expect the prompt
> on the console.
>
> Note that the management will prompt for both username and password
> ignoring the username read from the file. As most GUIs can save the
> the username, this is a one-time inconvenience.
>
> Currently, the password is queried on the console (or systemd)
> in such cases. This is not sensible when console is not available
> (windows GUI, tunnelblick etc.) or when the log is redirected
> to a file on Windows (for some reason prompt goes to the log file).
>
> Trac # 757
>
> Signed-off-by: Selva Nair <selva.n...@gmail.com>
> ---
>
> v2: Following discussions with Jonathan and Gert, removed the dependence
> on stdout redirection and applied to all platforms.
>
>  src/openvpn/misc.c | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
>
> diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
> index 0d5ac30..546cd71 100644
> --- a/src/openvpn/misc.c
> +++ b/src/openvpn/misc.c
> @@ -261,6 +261,22 @@ get_user_pass_cr(struct user_pass *up,
>              {
>                  strncpy(up->password, password_buf, USER_PASS_LEN);
>              }
> +            /* The auth-file does not have the password: get both username
> +             * and password from the management if possible.
> +             * Otherwise set to read password from console.
> +             */
> +#if defined(ENABLE_MANAGEMENT)
> +            else if (management
> +                     && (flags & GET_USER_PASS_MANAGEMENT)
> +                     && management_query_user_pass_enabled(management))
> +            {
> +                msg(D_LOW, "No password found in %s authfile '%s'. Querying 
> the management", prefix, auth_file);
> +                if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge))
> +                {
> +                    return false;
> +                }
> +            }
> +#endif
>              else
>              {
>                  password_from_stdin = 1;

Works for Tunnelblick, thanks!

One minor point: in all four places, plus in the email subject, "the
management" should be changed to "the management interface".

"Management interface" is the term that is used on the man page.

Best regards,

Jon Bullard


_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to