From: Antonio Quartulli Date: Wed, 14 Sep 2022 18:59:37 +0000 (+0200) Subject: get_user_pass_cr: get password from stdin if missing inline X-Git-Tag: v2.6_beta1~53 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39619b7fab213e9cadaa4a8b50b795ad63d9d91f;p=thirdparty%2Fopenvpn.git get_user_pass_cr: get password from stdin if missing inline Until now, when HTTP proxy user and password were specified inline, it was assumed that both creds were specified. A missing password would result in an empty password being stored. This behaviour is not ideal, as we want to allow the user to store the username, but let the password be entered via stdin. This affects both http proxy and authentication inline'd creds. Signed-off-by: Antonio Quartulli Acked-by: Gert Doering Message-Id: <20220914185937.31423-2-a@unstable.cc> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25215.html Signed-off-by: Gert Doering --- diff --git a/Changes.rst b/Changes.rst index 5a80dc0db..df56f76ae 100644 --- a/Changes.rst +++ b/Changes.rst @@ -95,7 +95,9 @@ Session timeout Inline auth username and password Username and password can now be specified inline in the configuration file - within the tags. + within the tags. If the password is + missing OpenVPN will prompt for input via stdin. This applies to inline'd + http-proxy-user-pass too. Deprecated features diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 07f6e202c..50f7f9758 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -197,6 +197,11 @@ get_user_pass_cr(struct user_pass *up, buf_parse(&buf, '\n', up->username, USER_PASS_LEN); } buf_parse(&buf, '\n', up->password, USER_PASS_LEN); + + if (strlen(up->password) == 0) + { + password_from_stdin = 1; + } } /* * Read from auth file unless this is a dynamic challenge request.