Re: [Openvpn-devel] [PATCH v2 2/2] When auth-user-pass file has no password, query the management
Hi, On Thu, Apr 2, 2020 at 12:56 PM Jonathan K. Bullard wrote: > Hi, > > On Mon, Mar 30, 2020 at 2:06 PM wrote: > > > > From: Selva Nair > > > > When only username is found in the file, redirect the auth-user-pass > > query to the management if management-query-passwords is enabled. > > Otherwise the user is prompted on console, if available, as before. > > > > This changes the behaviour for those who run from the command line, > > with --management-query-passwords, but still expect the prompt > > on the console. > > > > Note that the management will prompt for both username and password > > ignoring the username read from the file. As most GUIs can save the > > the username, this is a one-time inconvenience. > > > > Currently, the password is queried on the console (or systemd) > > in such cases. This is not sensible when console is not available > > (windows GUI, tunnelblick etc.) or when the log is redirected > > to a file on Windows (for some reason prompt goes to the log file). > > > > Trac # 757 > > snip.. > > Works for Tunnelblick, thanks! > Good to know. > > One minor point: in all four places, plus in the email subject, "the > management" should be changed to "the management interface". > > agreed. Selva ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH v2 2/2] When auth-user-pass file has no password, query the management
Hi,
On Mon, Mar 30, 2020 at 2:06 PM wrote:
>
> From: Selva Nair
>
> When only username is found in the file, redirect the auth-user-pass
> query to the management if management-query-passwords is enabled.
> Otherwise the user is prompted on console, if available, as before.
>
> This changes the behaviour for those who run from the command line,
> with --management-query-passwords, but still expect the prompt
> on the console.
>
> Note that the management will prompt for both username and password
> ignoring the username read from the file. As most GUIs can save the
> the username, this is a one-time inconvenience.
>
> Currently, the password is queried on the console (or systemd)
> in such cases. This is not sensible when console is not available
> (windows GUI, tunnelblick etc.) or when the log is redirected
> to a file on Windows (for some reason prompt goes to the log file).
>
> Trac # 757
>
> Signed-off-by: Selva Nair
> ---
>
> v2: Following discussions with Jonathan and Gert, removed the dependence
> on stdout redirection and applied to all platforms.
>
> src/openvpn/misc.c | 16
> 1 file changed, 16 insertions(+)
>
> diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
> index 0d5ac30..546cd71 100644
> --- a/src/openvpn/misc.c
> +++ b/src/openvpn/misc.c
> @@ -261,6 +261,22 @@ get_user_pass_cr(struct user_pass *up,
> {
> strncpy(up->password, password_buf, USER_PASS_LEN);
> }
> +/* The auth-file does not have the password: get both username
> + * and password from the management if possible.
> + * Otherwise set to read password from console.
> + */
> +#if defined(ENABLE_MANAGEMENT)
> +else if (management
> + && (flags & GET_USER_PASS_MANAGEMENT)
> + && management_query_user_pass_enabled(management))
> +{
> +msg(D_LOW, "No password found in %s authfile '%s'. Querying
> the management", prefix, auth_file);
> +if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge))
> +{
> +return false;
> +}
> +}
> +#endif
> else
> {
> password_from_stdin = 1;
Works for Tunnelblick, thanks!
One minor point: in all four places, plus in the email subject, "the
management" should be changed to "the management interface".
"Management interface" is the term that is used on the man page.
Best regards,
Jon Bullard
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v2 2/2] When auth-user-pass file has no password, query the management
From: Selva Nair
When only username is found in the file, redirect the auth-user-pass
query to the management if management-query-passwords is enabled.
Otherwise the user is prompted on console, if available, as before.
This changes the behaviour for those who run from the command line,
with --management-query-passwords, but still expect the prompt
on the console.
Note that the management will prompt for both username and password
ignoring the username read from the file. As most GUIs can save the
the username, this is a one-time inconvenience.
Currently, the password is queried on the console (or systemd)
in such cases. This is not sensible when console is not available
(windows GUI, tunnelblick etc.) or when the log is redirected
to a file on Windows (for some reason prompt goes to the log file).
Trac # 757
Signed-off-by: Selva Nair
---
v2: Following discussions with Jonathan and Gert, removed the dependence
on stdout redirection and applied to all platforms.
src/openvpn/misc.c | 16
1 file changed, 16 insertions(+)
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 0d5ac30..546cd71 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -261,6 +261,22 @@ get_user_pass_cr(struct user_pass *up,
{
strncpy(up->password, password_buf, USER_PASS_LEN);
}
+/* The auth-file does not have the password: get both username
+ * and password from the management if possible.
+ * Otherwise set to read password from console.
+ */
+#if defined(ENABLE_MANAGEMENT)
+else if (management
+ && (flags & GET_USER_PASS_MANAGEMENT)
+ && management_query_user_pass_enabled(management))
+{
+msg(D_LOW, "No password found in %s authfile '%s'. Querying
the management", prefix, auth_file);
+if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge))
+{
+return false;
+}
+}
+#endif
else
{
password_from_stdin = 1;
--
2.1.4
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
