Re: [Openvpn-devel] Topics for today's (Monday, 13th July 2015) community meeting

Hi, Here's the summary of today's IRC meeting. --- COMMUNITY MEETING Place: #openvpn-devel on irc.freenode.net List-Post: openvpn-devel@lists.sourceforge.net Date: Monday, 13th July 2015 Time: 20:00 CEST (18:00 UTC) Planned meeting*topics* for this meeting were here: <

[Openvpn-devel] [PATCH applied] Re: Fix --askpass not allowing for password input via stdin

Your patch has been applied to the master and release/2.3 branch (took us long enough :-) - thanks). commit 4e1e3ba1d8582a1e95dd6f9564e97c99784959a7 (master) commit 4d093fff305a3054d88ae2c803665cf90d512c7e (release/2.3) Author: James Geboski List-Post: openvpn-devel@lists.sourceforge.net Date:

[Openvpn-devel] [PATCH applied] Re: Produce a meaningful error message if --daemon gets in the way of asking for passwords.

Patch has been applied to the master and release/2.3 branch. commit 079e5b9c13bf81d7afc6f932b5417d2f08f8e64b (master) commit b131c7b974d9d4d3f0a6ab3a81719af6f7ab2ad6 (release/2.3) Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Jul 13 21:10:07 2015 +0200

[Openvpn-devel] [PATCH applied] Re: fix regression: query password before becoming daemon

Your patch has been applied to the master and release/2.3 branch. commit 315f6fbc7f657a7f1127628bd714f468709d5185 (master) commit 7bde2e1b19e66af22c26c90e1187a4365c9087fc (release/2.3) Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Thu Jul 9 23:35:59 2015 +0200

[Openvpn-devel] [PATCH] Fix --askpass not allowing for password input via stdin

ACK to the attached (rebase by me) patch from trac: https://community.openvpn.net/openvpn/ticket/248 -Steffan >From 0e132ca6733ede1f066b0cd717b1886a28e09d32 Mon Sep 17 00:00:00 2001 From: James Geboski List-Post: openvpn-devel@lists.sourceforge.net Date: Tue, 8 Jan 2013

Re: [Openvpn-devel] [PATCH] Produce a meaningful error message if --daemon gets in the way of asking for passwords.

On 13-07-15 21:10, Gert Doering wrote: With the --daemon / SSL init reordering in da9b292733, we fail if we daemonize first and then try to ask for a private key passphrase (or, for that matter, username+password if --auth-nocache is set) - but no meaningful error message was printed, instead

[Openvpn-devel] [PATCH] Produce a meaningful error message if --daemon gets in the way of asking for passwords.

With the --daemon / SSL init reordering in da9b292733, we fail if we daemonize first and then try to ask for a private key passphrase (or, for that matter, username+password if --auth-nocache is set) - but no meaningful error message was printed, instead depending on operating system and library

[Openvpn-devel] [PATCH v2 6/6] Improve docs and detail new functionality

Hopefully clarify usage, and fix spelling errors. Document new functionality WRT PAM_USER and implicit password responses when a non-matching non-echoing PROMPT is made by a PAM module. Signed-off-by: Tim Small --- src/plugins/auth-pam/README.auth-pam | 152

[Openvpn-devel] [PATCH v2 5/6] Allow administrator to supply a user to pam_start

If the user doesn't supply any arguments to the plugin in the OpenVPN configuration file, then it defaults to setting the second argument to the pam_start() function with the username that the other end of the vpn supplied. The pam libraries use this as the initial value for the PAM_USER pam

[Openvpn-devel] [PATCH v2 4/6] Add default password reply with name_value_list

If the user doesn't supply any arguments to the plugin in the OpenVPN configuration file, then it defaults to answering any PAM conversation 'questions' where the pam module sets the message style to PAM_PROMPT_ECHO_OFF with the password, and where the style is set to PAM_PROMPT_ECHO_ON with the

[Openvpn-devel] [PATCH v2 3/6] Refactor name/value list search and substitution code.

Pull out the code which searches the name_value_list for a matching prompt, and also substitutes keywords (USERNAME etc.) into a separate function, for clarity and to support forthcoming changes. Signed-off-by: Tim Small --- src/plugins/auth-pam/auth-pam.c | 96

[Openvpn-devel] [PATCH v2 2/6] Log common name as well as username for pam auth

Improve debugability by logging the common name as well as the user name. Signed-off-by: Tim Small --- src/plugins/auth-pam/auth-pam.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c

[Openvpn-devel] [PATCH v2 1/6] Separate error logging for pam auth and account

The plugin carries out separate checks on authorisation and account validity, but only prints a single "user X failed to authenticate" message, even if the PAM authenticate tests pass, but the PAM account check fails. Print separate error messages if failure occurs in either step. Signed-off-by:

[Openvpn-devel] [PATCH v2 0/6] RFC changes to the auth-pam plugin.

Take 2 - sorry for the noise - this update to the series splits some patches down further, fixes a security bug vs the first iteration, and hopefully makes various improvements to patches. I wanted to use OpenVPN with PAM whilst enforcing the use of the TLS client cert common name in place of the

Re: [Openvpn-devel] [PATCH v2] Add TFTP and WPAD DHCP options

Jan Just Keijser wrote: Jan Just Keijser wrote: Gert Doering wrote: On Thu, Jul 02, 2015 at 11:56:28AM +0200, Jan Just Keijser wrote: +write_dhcp_str (buf, 66, o->tftp, ); +write_dhcp_str (buf, 150, o->tftp, ); This does not look safe to me (or I'm overlooking something) - if

[Openvpn-devel] Topics for today's (Monday, 13th July 2015) community meeting

Hi, We're going to have an IRC meeting today, 13th July, starting at 20:00 CEST (18:00 UTC) on #openvpn-devel irc.freenode.net. Current topic list along with basic information is here: If you have any other things you'd like to