aboutsummaryrefslogtreecommitdiff
path: root/misc.h
diff options
context:
space:
mode:
authorJames Yonan <james@openvpn.net>2010-10-24 09:12:47 +0000
committerJames Yonan <james@openvpn.net>2010-10-24 09:12:47 +0000
commit3cf9dd88fd84108eccfcce0ebf44e00f9481cd82 (patch)
tree03264d8f2741babc01a8ab2bbe9a8d2b546f3147 /misc.h
parentFixed initialization bug in route_list_add_default_gateway (diff)
downloadopenvpn-3cf9dd88fd84108eccfcce0ebf44e00f9481cd82.tar.xz
Implement challenge/response authentication support in client mode,
where credentials are entered from stdin. This capability is compiled when ENABLE_CLIENT_CR is defined in syshead.h (enabled by default). Challenge/response support was previously implemented for creds that are queried via the management interface. In this case, the challenge message will be returned as a custom client-reason-text string (see management-notes.txt for more info) on auth failure. Also, see the comments in misc.c above get_auth_challenge() for info on the OpenVPN challenge/response protocol. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6568 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'misc.h')
-rw-r--r--misc.h38
1 files changed, 34 insertions, 4 deletions
diff --git a/misc.h b/misc.h
index 328107d..3cd7d9e 100644
--- a/misc.h
+++ b/misc.h
@@ -252,6 +252,26 @@ struct user_pass
char password[USER_PASS_LEN];
};
+#ifdef ENABLE_CLIENT_CR
+/*
+ * Challenge response info on client as pushed by server.
+ */
+struct auth_challenge_info {
+# define CR_ECHO (1<<0) /* echo response when typed by user */
+# define CR_RESPONSE (1<<1) /* response needed */
+ unsigned int flags;
+
+ const char *user;
+ const char *state_id;
+ const char *challenge_text;
+};
+
+struct auth_challenge_info *get_auth_challenge (const char *auth_challenge, struct gc_arena *gc);
+
+#else
+struct auth_challenge_info {};
+#endif
+
bool get_console_input (const char *prompt, const bool echo, char *input, const int capacity);
/*
@@ -265,10 +285,20 @@ bool get_console_input (const char *prompt, const bool echo, char *input, const
#define GET_USER_PASS_NEED_STR (1<<5)
#define GET_USER_PASS_PREVIOUS_CREDS_FAILED (1<<6)
-bool get_user_pass (struct user_pass *up,
- const char *auth_file,
- const char *prefix,
- const unsigned int flags);
+bool get_user_pass_cr (struct user_pass *up,
+ const char *auth_file,
+ const char *prefix,
+ const unsigned int flags,
+ const char *auth_challenge);
+
+static inline bool
+get_user_pass (struct user_pass *up,
+ const char *auth_file,
+ const char *prefix,
+ const unsigned int flags)
+{
+ return get_user_pass_cr (up, auth_file, prefix, flags, NULL);
+}
void fail_user_pass (const char *prefix,
const unsigned int flags,