Added directive to specify HTTP proxy credentials in config.

The inline directive http-proxy-user-pass can be used to
specify proxy credentials in config, e.g.:

http-proxy proxy.tld 3128 auto-nct
<http-proxy-user-pass>
foo
bar
</http-proxy-user-pass>

This usage is already supported by OpenVPN 3.

Signed-off-by: James Yonan <james@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1456993146-63968-9-git-send-email-james@openvpn.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11283
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 1e0088fe672a7256b7d3c68d4fdb9c5b92cfc34a..0991d791707c3503d74e70efb085af040cf47cb9 100644 (file)
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -1092,6 +1092,14 @@ get_user_pass_cr (struct user_pass *up,
          if (!strlen (up->password))
            strcpy (up->password, "ok");
        }
+      else if (flags & GET_USER_PASS_INLINE_CREDS)
+       {
+         struct buffer buf;
+         buf_set_read (&buf, (uint8_t*) auth_file, strlen (auth_file) + 1);
+         if (!(flags & GET_USER_PASS_PASSWORD_ONLY))
+           buf_parse (&buf, '\n', up->username, USER_PASS_LEN);
+         buf_parse (&buf, '\n', up->password, USER_PASS_LEN);
+       }
       /*
        * Read from auth file unless this is a dynamic challenge request.
        */

diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
index 65a6e55a00bc34a058c08adc9f3ff6459f96ab0f..b69409684a8ad128c5e5fb5f829e92b8b3fff90a 100644 (file)
--- a/src/openvpn/misc.h
+++ b/src/openvpn/misc.h
@@ -256,6 +256,8 @@ struct static_challenge_info {};
 #define GET_USER_PASS_STATIC_CHALLENGE       (1<<8) /* SCRV1 protocol -- static challenge */
 #define GET_USER_PASS_STATIC_CHALLENGE_ECHO  (1<<9) /* SCRV1 protocol -- echo response */
 
+#define GET_USER_PASS_INLINE_CREDS (1<<10)  /* indicates that auth_file is actually inline creds */
+
 bool get_user_pass_cr (struct user_pass *up,
                       const char *auth_file,
                       const char *prefix,

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 313fd9431787b186d938f57dcabc454defec2f27..c6477932d2fcd5b6d1e3fca39ae2c09c6f350fa6 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -5214,6 +5214,19 @@ add_option (struct options *options,
          ho->auth_method_string = "none";
        }
     }
+  else if (streq (p[0], "http-proxy-user-pass") && p[1])
+    {
+      struct http_proxy_options *ho;
+      VERIFY_PERMISSION (OPT_P_GENERAL);
+      ho = init_http_proxy_options_once (&options->ce.http_proxy_options, &options->gc);
+      if (streq (p[1], INLINE_FILE_TAG) && p[2])
+       {
+         ho->auth_file = p[2];
+         ho->inline_creds = true;
+       }
+      else
+       ho->auth_file = p[1];
+    }
   else if (streq (p[0], "http-proxy-retry") && !p[1])
     {
       struct http_proxy_options *ho;

diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
index b051355ac0f60255cfbaf6c157c41c018a58b6e0..4853193f003e1b48cdf7db3db4e8d11b06694cd2 100644 (file)
--- a/src/openvpn/proxy.c
+++ b/src/openvpn/proxy.c
@@ -241,6 +241,8 @@ get_user_pass_http (struct http_proxy_info *p, const bool force)
       unsigned int flags = GET_USER_PASS_MANAGEMENT;
       if (p->queried_creds)
        flags |= GET_USER_PASS_PREVIOUS_CREDS_FAILED;
+      if (p->options.inline_creds)
+       flags |= GET_USER_PASS_INLINE_CREDS;
       get_user_pass (&static_proxy_user_pass,
                     p->options.auth_file,
                     UP_TYPE_PROXY,

diff --git a/src/openvpn/proxy.h b/src/openvpn/proxy.h
index f5b4519812067624a2ca5de50b2d1c6a8172ff0a..9a52e7e59709e34d889dfe5a14cdecaba17d960f 100644 (file)
--- a/src/openvpn/proxy.h
+++ b/src/openvpn/proxy.h
@@ -57,6 +57,7 @@ struct http_proxy_options {
   const char *http_version;
   const char *user_agent;
   struct http_custom_header custom_headers[MAX_CUSTOM_HTTP_HEADER];
+  bool inline_creds;
 };
 
 struct http_proxy_options_simple {