Remove --enable-password-save option

author Arne Schwabe <arne@rfc2549.org>

Sun, 29 Nov 2015 14:55:59 +0000 (15:55 +0100)

committer Gert Doering <gert@greenie.muc.de>

Sun, 29 Nov 2015 15:43:54 +0000 (16:43 +0100)
author Arne Schwabe <arne@rfc2549.org>
Sun, 29 Nov 2015 14:55:59 +0000 (15:55 +0100)
committer Gert Doering <gert@greenie.muc.de>
Sun, 29 Nov 2015 15:43:54 +0000 (16:43 +0100)
diff --git a/configure.ac b/configure.ac

index a8675fedd8fdd2c6f2f64a0f027bdd872e661990..721395db2b3d804c0aa99da785001a3b12f79eea 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -169,13 +169,6 @@ AC_ARG_ENABLE(
         [enable_small="no"]
  )
  
-AC_ARG_ENABLE(
-       [password-save],
-       [AS_HELP_STRING([--enable-password-save], [allow --askpass and --auth-user-pass passwords to be read from a file @<:@default=no@:>@])],
-       ,
-       [enable_password_save="no"]
-)
-
  AC_ARG_ENABLE(
         [iproute2],
         [AS_HELP_STRING([--enable-iproute2], [enable support for iproute2 @<:@default=no@:>@])],
@@ -1054,7 +1047,6 @@ test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], [Enab
  test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable deferred authentication])
  test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
  test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
-test "${enable_password_save}" = "yes" && AC_DEFINE([ENABLE_PASSWORD_SAVE], [1], [Allow --askpass and --auth-user-pass passwords to be read from a file])
  
  case "${with_crypto_library}" in
         openssl)
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c

index 31815cb54a08ff6a7dad826a674f8bd46b48d6d2..5713d2e89426c1458a1889cbcd7f3507d9562652 100644 (file)
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -1110,14 +1110,6 @@ get_user_pass_cr (struct user_pass *up,
  
            if (fgets (password_buf, USER_PASS_LEN, fp) != NULL)
              {
-#ifndef ENABLE_PASSWORD_SAVE
-              /*
-               * Unless ENABLE_PASSWORD_SAVE is defined, don't allow sensitive passwords
-               * to be read from a file.
-               */
-              if (flags & GET_USER_PASS_SENSITIVE)
-                msg (M_FATAL, "Sorry, '%s' password cannot be read from a file", prefix);
-#endif
                chomp (password_buf);
              }
  
diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h

index be93daa549a68f72c7151e7ddfd6b7534b782863..dbe899e9b7848e10c653dc0637674687c1d2ff4a 100644 (file)
--- a/src/openvpn/misc.h
+++ b/src/openvpn/misc.h
@@ -242,7 +242,7 @@ struct static_challenge_info {};
   * Flags for get_user_pass and management_query_user_pass
   */
  #define GET_USER_PASS_MANAGEMENT    (1<<0)
-#define GET_USER_PASS_SENSITIVE     (1<<1)
+/* GET_USER_PASS_SENSITIVE     (1<<1)  not used anymore */
  #define GET_USER_PASS_PASSWORD_ONLY (1<<2)
  #define GET_USER_PASS_NEED_OK       (1<<3)
  #define GET_USER_PASS_NOFATAL       (1<<4)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c

index 817bc49d52e706228c125dc429fc85ba9b9578ad..887bd75e637d8ffdcc3fce142a05647cee6a534d 100644 (file)
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -332,7 +332,7 @@ void
  pem_password_setup (const char *auth_file)
  {
    if (!strlen (passbuf.password))
-    get_user_pass (&passbuf, auth_file, UP_TYPE_PRIVATE_KEY, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE|GET_USER_PASS_PASSWORD_ONLY);
+    get_user_pass (&passbuf, auth_file, UP_TYPE_PRIVATE_KEY, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY);
  }
  
  int
@@ -375,11 +375,11 @@ auth_user_pass_setup (const char *auth_file, const struct static_challenge_info
         get_user_pass_cr (&auth_user_pass,
                           auth_file,
                           UP_TYPE_AUTH,
-                         GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE|GET_USER_PASS_DYNAMIC_CHALLENGE,
+                         GET_USER_PASS_MANAGEMENT|GET_USER_PASS_DYNAMIC_CHALLENGE,
                           auth_challenge);
        else if (sci) /* static challenge response */
         {
-         int flags = GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE|GET_USER_PASS_STATIC_CHALLENGE;
+         int flags = GET_USER_PASS_MANAGEMENT|GET_USER_PASS_STATIC_CHALLENGE;
           if (sci->flags & SC_ECHO)
             flags |= GET_USER_PASS_STATIC_CHALLENGE_ECHO;
           get_user_pass_cr (&auth_user_pass,
@@ -390,7 +390,7 @@ auth_user_pass_setup (const char *auth_file, const struct static_challenge_info
         }
        else
  # endif
-       get_user_pass (&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE);
+       get_user_pass (&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT);
  #endif
      }
  }
author	Arne Schwabe <arne@rfc2549.org>
	Sun, 29 Nov 2015 14:55:59 +0000 (15:55 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 29 Nov 2015 15:43:54 +0000 (16:43 +0100)
configure.ac		patch \| blob \| blame \| history
src/openvpn/misc.c		patch \| blob \| blame \| history
src/openvpn/misc.h		patch \| blob \| blame \| history
src/openvpn/ssl.c		patch \| blob \| blame \| history