From 3cf9dd88fd84108eccfcce0ebf44e00f9481cd82 Mon Sep 17 00:00:00 2001 From: James Yonan Date: Sun, 24 Oct 2010 09:12:47 +0000 Subject: Implement challenge/response authentication support in client mode, where credentials are entered from stdin. This capability is compiled when ENABLE_CLIENT_CR is defined in syshead.h (enabled by default). Challenge/response support was previously implemented for creds that are queried via the management interface. In this case, the challenge message will be returned as a custom client-reason-text string (see management-notes.txt for more info) on auth failure. Also, see the comments in misc.c above get_auth_challenge() for info on the OpenVPN challenge/response protocol. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6568 e7ae566f-a301-0410-adde-c780ea21d3b5 --- misc.h | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) (limited to 'misc.h') diff --git a/misc.h b/misc.h index 328107d..3cd7d9e 100644 --- a/misc.h +++ b/misc.h @@ -252,6 +252,26 @@ struct user_pass char password[USER_PASS_LEN]; }; +#ifdef ENABLE_CLIENT_CR +/* + * Challenge response info on client as pushed by server. + */ +struct auth_challenge_info { +# define CR_ECHO (1<<0) /* echo response when typed by user */ +# define CR_RESPONSE (1<<1) /* response needed */ + unsigned int flags; + + const char *user; + const char *state_id; + const char *challenge_text; +}; + +struct auth_challenge_info *get_auth_challenge (const char *auth_challenge, struct gc_arena *gc); + +#else +struct auth_challenge_info {}; +#endif + bool get_console_input (const char *prompt, const bool echo, char *input, const int capacity); /* @@ -265,10 +285,20 @@ bool get_console_input (const char *prompt, const bool echo, char *input, const #define GET_USER_PASS_NEED_STR (1<<5) #define GET_USER_PASS_PREVIOUS_CREDS_FAILED (1<<6) -bool get_user_pass (struct user_pass *up, - const char *auth_file, - const char *prefix, - const unsigned int flags); +bool get_user_pass_cr (struct user_pass *up, + const char *auth_file, + const char *prefix, + const unsigned int flags, + const char *auth_challenge); + +static inline bool +get_user_pass (struct user_pass *up, + const char *auth_file, + const char *prefix, + const unsigned int flags) +{ + return get_user_pass_cr (up, auth_file, prefix, flags, NULL); +} void fail_user_pass (const char *prefix, const unsigned int flags, -- cgit v1.2.3