From: Selva Nair Date: Mon, 30 Mar 2020 18:05:27 +0000 (-0400) Subject: When auth-user-pass file has no password query the management interface X-Git-Tag: v2.4.9~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2fe84732d19243df6c7713c185998507419155cd;p=thirdparty%2Fopenvpn.git When auth-user-pass file has no password query the management interface (if available). When only username is found in the file, redirect the auth-user-pass query to the management interface if management-query-passwords is enabled. Otherwise the user is prompted on console, if available, as before. This changes the behaviour for those who run from the command line, with --management-query-passwords, but still expect the prompt on the console. Note that the management interface will prompt for both username and password ignoring the username read from the file. As most GUIs can save the the username, this is a one-time inconvenience. Currently, the password is queried on the console (or systemd) in such cases. This is not sensible when console is not available (windows GUI, tunnelblick etc.) or when the log is redirected to a file on Windows (for some reason prompt goes to the log file). Trac # 757 Signed-off-by: Selva Nair Acked-by: Gert Doering Message-Id: <1585591527-23734-2-git-send-email-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19655.html Signed-off-by: Gert Doering (cherry picked from commit 57578310992d1fbe8eff97049087c5308089acb5) --- diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 2b0d10cb0..9c5e96ed7 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -1030,6 +1030,22 @@ get_user_pass_cr(struct user_pass *up, { strncpy(up->password, password_buf, USER_PASS_LEN); } + /* The auth-file does not have the password: get both username + * and password from the management interface if possible. + * Otherwise set to read password from console. + */ +#if defined(ENABLE_MANAGEMENT) + else if (management + && (flags & GET_USER_PASS_MANAGEMENT) + && management_query_user_pass_enabled(management)) + { + msg(D_LOW, "No password found in %s authfile '%s'. Querying the management interface", prefix, auth_file); + if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge)) + { + return false; + } + } +#endif else { password_from_stdin = 1;