diff options
author | James Yonan <james@openvpn.net> | 2010-10-24 09:12:47 +0000 |
---|---|---|
committer | James Yonan <james@openvpn.net> | 2010-10-24 09:12:47 +0000 |
commit | 3cf9dd88fd84108eccfcce0ebf44e00f9481cd82 (patch) | |
tree | 03264d8f2741babc01a8ab2bbe9a8d2b546f3147 /push.c | |
parent | Fixed initialization bug in route_list_add_default_gateway (diff) | |
download | openvpn-3cf9dd88fd84108eccfcce0ebf44e00f9481cd82.tar.xz |
Implement challenge/response authentication support in client mode,
where credentials are entered from stdin. This capability is
compiled when ENABLE_CLIENT_CR is defined in syshead.h (enabled
by default).
Challenge/response support was previously implemented for creds
that are queried via the management interface. In this case,
the challenge message will be returned as a custom
client-reason-text string (see management-notes.txt for more
info) on auth failure.
Also, see the comments in misc.c above get_auth_challenge()
for info on the OpenVPN challenge/response protocol.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6568 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'push.c')
-rw-r--r-- | push.c | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -68,8 +68,18 @@ receive_auth_failed (struct context *c, const struct buffer *buffer) if (buf_string_compare_advance (&buf, "AUTH_FAILED,") && BLEN (&buf)) reason = BSTR (&buf); management_auth_failure (management, UP_TYPE_AUTH, reason); - } + } else #endif + { +#ifdef ENABLE_CLIENT_CR + struct buffer buf = *buffer; + if (buf_string_match_head_str (&buf, "AUTH_FAILED,CRV1:") && BLEN (&buf)) + { + buf_advance (&buf, 12); /* Length of "AUTH_FAILED," substring */ + ssl_put_auth_challenge (BSTR (&buf)); + } +#endif + } } } |