Remove --enable-password-save option

author Arne Schwabe <arne@rfc2549.org>

Sun, 29 Nov 2015 14:55:59 +0000 (15:55 +0100)

committer Gert Doering <gert@greenie.muc.de>

Sun, 29 Nov 2015 15:45:29 +0000 (16:45 +0100)
author Arne Schwabe <arne@rfc2549.org>
Sun, 29 Nov 2015 14:55:59 +0000 (15:55 +0100)
committer Gert Doering <gert@greenie.muc.de>
Sun, 29 Nov 2015 15:45:29 +0000 (16:45 +0100)
diff --git a/configure.ac b/configure.ac

index 54b01a43a3b8f498226d08a207891dd4d3add81d..338ac9ca680f9139c4ebf6e4fe1c286e2a0266d9 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -179,13 +179,6 @@ AC_ARG_ENABLE(
         [enable_small="no"]
  )
  
-AC_ARG_ENABLE(
-       [password-save],
-       [AS_HELP_STRING([--enable-password-save], [allow --askpass and --auth-user-pass passwords to be read from a file @<:@default=no@:>@])],
-       ,
-       [enable_password_save="no"]
-)
-
  AC_ARG_ENABLE(
         [iproute2],
         [AS_HELP_STRING([--enable-iproute2], [enable support for iproute2 @<:@default=no@:>@])],
@@ -977,7 +970,6 @@ test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], [Enab
  test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable deferred authentication])
  test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
  test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
-test "${enable_password_save}" = "yes" && AC_DEFINE([ENABLE_PASSWORD_SAVE], [1], [Allow --askpass and --auth-user-pass passwords to be read from a file])
  
  case "${with_crypto_library}" in
         openssl)
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c

index c0d601eef59c6a967af2c9d82b3df8322ba6dc8f..cdbb883b79bf8f7a0c5aebdf8938322878bc4616 100644 (file)
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -1110,14 +1110,6 @@ get_user_pass_cr (struct user_pass *up,
  
            if (fgets (password_buf, USER_PASS_LEN, fp) != NULL)
              {
-#ifndef ENABLE_PASSWORD_SAVE
-              /*
-               * Unless ENABLE_PASSWORD_SAVE is defined, don't allow sensitive passwords
-               * to be read from a file.
-               */
-              if (flags & GET_USER_PASS_SENSITIVE)
-                msg (M_FATAL, "Sorry, '%s' password cannot be read from a file", prefix);
-#endif
                chomp (password_buf);
              }
  
diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h

index e67b5e4e8e6d4d82b31d28d11ed6eb4169242bb1..59267b824983d3c90daa04009cc00662a5c27723 100644 (file)
--- a/src/openvpn/misc.h
+++ b/src/openvpn/misc.h
@@ -239,7 +239,7 @@ struct static_challenge_info {};
   * Flags for get_user_pass and management_query_user_pass
   */
  #define GET_USER_PASS_MANAGEMENT    (1<<0)
-#define GET_USER_PASS_SENSITIVE     (1<<1)
+/* GET_USER_PASS_SENSITIVE     (1<<1)  not used anymore */
  #define GET_USER_PASS_PASSWORD_ONLY (1<<2)
  #define GET_USER_PASS_NEED_OK       (1<<3)
  #define GET_USER_PASS_NOFATAL       (1<<4)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c

index 5f2f965d104cdccedc1ab0a98053838e34a3cdfd..202a03fea8bc876caebd085cfc3a8dd76de8da1e 100644 (file)
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -334,7 +334,7 @@ void
  pem_password_setup (const char *auth_file)
  {
    if (!strlen (passbuf.password))
-    get_user_pass (&passbuf, auth_file, UP_TYPE_PRIVATE_KEY, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE|GET_USER_PASS_PASSWORD_ONLY);
+    get_user_pass (&passbuf, auth_file, UP_TYPE_PRIVATE_KEY, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY);
  }
  
  int
@@ -377,11 +377,11 @@ auth_user_pass_setup (const char *auth_file, const struct static_challenge_info
         get_user_pass_cr (&auth_user_pass,
                           auth_file,
                           UP_TYPE_AUTH,
-                         GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE|GET_USER_PASS_DYNAMIC_CHALLENGE,
+                         GET_USER_PASS_MANAGEMENT|GET_USER_PASS_DYNAMIC_CHALLENGE,
                           auth_challenge);
        else if (sci) /* static challenge response */
         {
-         int flags = GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE|GET_USER_PASS_STATIC_CHALLENGE;
+         int flags = GET_USER_PASS_MANAGEMENT|GET_USER_PASS_STATIC_CHALLENGE;
           if (sci->flags & SC_ECHO)
             flags |= GET_USER_PASS_STATIC_CHALLENGE_ECHO;
           get_user_pass_cr (&auth_user_pass,
@@ -392,7 +392,7 @@ auth_user_pass_setup (const char *auth_file, const struct static_challenge_info
         }
        else
  # endif
-       get_user_pass (&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE);
+       get_user_pass (&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT);
  #endif
      }
  }
author	Arne Schwabe <arne@rfc2549.org>
	Sun, 29 Nov 2015 14:55:59 +0000 (15:55 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 29 Nov 2015 15:45:29 +0000 (16:45 +0100)
configure.ac		patch \| blob \| blame \| history
src/openvpn/misc.c		patch \| blob \| blame \| history
src/openvpn/misc.h		patch \| blob \| blame \| history
src/openvpn/ssl.c		patch \| blob \| blame \| history