The problematic behaviour happens when starting a profile without
auth-user-pass and then connecting to a server that pushes auth-token.
When the auth token expires OpenVPN asks for auth User and password
again (but it shouldn't).
The problem is that the auth_user_pass_setup sets
auth_user_pass_enabled = true; This function is called from two places.
In ssl.c it is only called with an auth-token present or that
variable already set. The other one is init_query_passwords.
Move setting auth_user_pass_enabled to the second place to ensure it is
only set if we really want passwords.
Patch v2: Remove unrelated code change
Patch v3: Rebase to master
Patch v4: Rebase to master
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: David Sommerseth <davids@openvpn.net>
Acked-by: Heiko Hund <heiko@ist.eigentlich.net>
Message-Id: <
20221009130805.
1556517-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25367.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
/* Auth user/pass input */
if (c->options.auth_user_pass_file)
{
+ enable_auth_user_pass();
#ifdef ENABLE_MANAGEMENT
auth_user_pass_setup(c->options.auth_user_pass_file,
c->options.auth_user_pass_file_inline,
static char *auth_challenge; /* GLOBAL */
#endif
+void
+enable_auth_user_pass()
+{
+ auth_user_pass_enabled = true;
+}
+
void
auth_user_pass_setup(const char *auth_file, bool is_inline,
const struct static_challenge_info *sci)
flags |= GET_USER_PASS_INLINE_CREDS;
}
- auth_user_pass_enabled = true;
if (!auth_user_pass.defined && !auth_token.defined)
{
#ifdef ENABLE_MANAGEMENT
*/
void pem_password_setup(const char *auth_file);
+/* Enables the use of user/password authentication */
+void enable_auth_user_pass();
+
/*
* Setup authentication username and password. If auth_file is given, use the
* credentials stored in the file, however, if is_inline is true then auth_file
projects / thirdparty / openvpn.git / commitdiff
