get_user_pass_cr: get password from stdin if missing inline

Until now, when HTTP proxy user and password were specified inline,
it was assumed that both creds were specified. A missing password would
result in an empty password being stored.

This behaviour is not ideal, as we want to allow the user to store the
username, but let the password be entered via stdin.

This affects both http proxy and authentication inline'd creds.

Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20220914185937.31423-2-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25215.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/Changes.rst b/Changes.rst
index 5a80dc0db9e3663e599ab45e14fa31ebbb1ec821..df56f76ae11a409d27b354f39dfec898cb135d2e 100644 (file)
--- a/Changes.rst
+++ b/Changes.rst
@@ -95,7 +95,9 @@ Session timeout
 
 Inline auth username and password
     Username and password can now be specified inline in the configuration file
-    within the <auth-user-pass></auth-user-pass> tags.
+    within the <auth-user-pass></auth-user-pass> tags. If the password is
+    missing OpenVPN will prompt for input via stdin. This applies to inline'd
+    http-proxy-user-pass too.
 
 
 Deprecated features

diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 07f6e202cc9b1b2a70899e36ad3a34300eb16876..50f7f97581bd835c0e400a1cdae8c1c335a347f6 100644 (file)
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -197,6 +197,11 @@ get_user_pass_cr(struct user_pass *up,
                 buf_parse(&buf, '\n', up->username, USER_PASS_LEN);
             }
             buf_parse(&buf, '\n', up->password, USER_PASS_LEN);
+
+            if (strlen(up->password) == 0)
+            {
+                password_from_stdin = 1;
+            }
         }
         /*
          * Read from auth file unless this is a dynamic challenge request.