diff options
| author | James Yonan <james@openvpn.net> | 2010-10-24 09:12:47 +0000 |
|---|---|---|
| committer | James Yonan <james@openvpn.net> | 2010-10-24 09:12:47 +0000 |
| commit | 3cf9dd88fd84108eccfcce0ebf44e00f9481cd82 (patch) | |
| tree | 03264d8f2741babc01a8ab2bbe9a8d2b546f3147 /misc.h | |
| parent | Fixed initialization bug in route_list_add_default_gateway (diff) | |
| download | openvpn-3cf9dd88fd84108eccfcce0ebf44e00f9481cd82.tar.xz | |
Implement challenge/response authentication support in client mode,
where credentials are entered from stdin. This capability is
compiled when ENABLE_CLIENT_CR is defined in syshead.h (enabled
by default).
Challenge/response support was previously implemented for creds
that are queried via the management interface. In this case,
the challenge message will be returned as a custom
client-reason-text string (see management-notes.txt for more
info) on auth failure.
Also, see the comments in misc.c above get_auth_challenge()
for info on the OpenVPN challenge/response protocol.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6568 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'misc.h')
| -rw-r--r-- | misc.h | 38 |
1 files changed, 34 insertions, 4 deletions
@@ -252,6 +252,26 @@ struct user_pass char password[USER_PASS_LEN]; }; +#ifdef ENABLE_CLIENT_CR +/* + * Challenge response info on client as pushed by server. + */ +struct auth_challenge_info { +# define CR_ECHO (1<<0) /* echo response when typed by user */ +# define CR_RESPONSE (1<<1) /* response needed */ + unsigned int flags; + + const char *user; + const char *state_id; + const char *challenge_text; +}; + +struct auth_challenge_info *get_auth_challenge (const char *auth_challenge, struct gc_arena *gc); + +#else +struct auth_challenge_info {}; +#endif + bool get_console_input (const char *prompt, const bool echo, char *input, const int capacity); /* @@ -265,10 +285,20 @@ bool get_console_input (const char *prompt, const bool echo, char *input, const #define GET_USER_PASS_NEED_STR (1<<5) #define GET_USER_PASS_PREVIOUS_CREDS_FAILED (1<<6) -bool get_user_pass (struct user_pass *up, - const char *auth_file, - const char *prefix, - const unsigned int flags); +bool get_user_pass_cr (struct user_pass *up, + const char *auth_file, + const char *prefix, + const unsigned int flags, + const char *auth_challenge); + +static inline bool +get_user_pass (struct user_pass *up, + const char *auth_file, + const char *prefix, + const unsigned int flags) +{ + return get_user_pass_cr (up, auth_file, prefix, flags, NULL); +} void fail_user_pass (const char *prefix, const unsigned int flags, |