From: James Yonan Date: Thu, 3 Mar 2016 08:19:05 +0000 (-0700) Subject: Added directive to specify HTTP proxy credentials in config. X-Git-Tag: v2.4_alpha1~67 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c9a35a20812aafdacc3682a0379f52126bd567ae;p=thirdparty%2Fopenvpn.git Added directive to specify HTTP proxy credentials in config. The inline directive http-proxy-user-pass can be used to specify proxy credentials in config, e.g.: http-proxy proxy.tld 3128 auto-nct foo bar This usage is already supported by OpenVPN 3. Signed-off-by: James Yonan Acked-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <1456993146-63968-9-git-send-email-james@openvpn.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/11283 Signed-off-by: Gert Doering --- diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 1e0088fe6..0991d7917 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -1092,6 +1092,14 @@ get_user_pass_cr (struct user_pass *up, if (!strlen (up->password)) strcpy (up->password, "ok"); } + else if (flags & GET_USER_PASS_INLINE_CREDS) + { + struct buffer buf; + buf_set_read (&buf, (uint8_t*) auth_file, strlen (auth_file) + 1); + if (!(flags & GET_USER_PASS_PASSWORD_ONLY)) + buf_parse (&buf, '\n', up->username, USER_PASS_LEN); + buf_parse (&buf, '\n', up->password, USER_PASS_LEN); + } /* * Read from auth file unless this is a dynamic challenge request. */ diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index 65a6e55a0..b69409684 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -256,6 +256,8 @@ struct static_challenge_info {}; #define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /* SCRV1 protocol -- static challenge */ #define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /* SCRV1 protocol -- echo response */ +#define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */ + bool get_user_pass_cr (struct user_pass *up, const char *auth_file, const char *prefix, diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 313fd9431..c6477932d 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -5214,6 +5214,19 @@ add_option (struct options *options, ho->auth_method_string = "none"; } } + else if (streq (p[0], "http-proxy-user-pass") && p[1]) + { + struct http_proxy_options *ho; + VERIFY_PERMISSION (OPT_P_GENERAL); + ho = init_http_proxy_options_once (&options->ce.http_proxy_options, &options->gc); + if (streq (p[1], INLINE_FILE_TAG) && p[2]) + { + ho->auth_file = p[2]; + ho->inline_creds = true; + } + else + ho->auth_file = p[1]; + } else if (streq (p[0], "http-proxy-retry") && !p[1]) { struct http_proxy_options *ho; diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index b051355ac..4853193f0 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -241,6 +241,8 @@ get_user_pass_http (struct http_proxy_info *p, const bool force) unsigned int flags = GET_USER_PASS_MANAGEMENT; if (p->queried_creds) flags |= GET_USER_PASS_PREVIOUS_CREDS_FAILED; + if (p->options.inline_creds) + flags |= GET_USER_PASS_INLINE_CREDS; get_user_pass (&static_proxy_user_pass, p->options.auth_file, UP_TYPE_PROXY, diff --git a/src/openvpn/proxy.h b/src/openvpn/proxy.h index f5b451981..9a52e7e59 100644 --- a/src/openvpn/proxy.h +++ b/src/openvpn/proxy.h @@ -57,6 +57,7 @@ struct http_proxy_options { const char *http_version; const char *user_agent; struct http_custom_header custom_headers[MAX_CUSTOM_HTTP_HEADER]; + bool inline_creds; }; struct http_proxy_options_simple {