From 3cf9dd88fd84108eccfcce0ebf44e00f9481cd82 Mon Sep 17 00:00:00 2001
From: James Yonan <james@openvpn.net>
Date: Sun, 24 Oct 2010 09:12:47 +0000
Subject: Implement challenge/response authentication support in client mode,
 where credentials are entered from stdin.  This capability is compiled when
 ENABLE_CLIENT_CR is defined in syshead.h (enabled by default).

Challenge/response support was previously implemented for creds
that are queried via the management interface.  In this case,
the challenge message will be returned as a custom
client-reason-text string (see management-notes.txt for more
info) on auth failure.

Also, see the comments in misc.c above get_auth_challenge()
for info on the OpenVPN challenge/response protocol.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6568 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 push.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'push.c')

diff --git a/push.c b/push.c
index 9ddc900..0db826a 100644
--- a/push.c
+++ b/push.c
@@ -68,8 +68,18 @@ receive_auth_failed (struct context *c, const struct buffer *buffer)
 	  if (buf_string_compare_advance (&buf, "AUTH_FAILED,") && BLEN (&buf))
 	    reason = BSTR (&buf);
 	  management_auth_failure (management, UP_TYPE_AUTH, reason);
-	}
+	} else
 #endif
+	{
+#ifdef ENABLE_CLIENT_CR
+	  struct buffer buf = *buffer;
+	  if (buf_string_match_head_str (&buf, "AUTH_FAILED,CRV1:") && BLEN (&buf))
+	    {
+	      buf_advance (&buf, 12); /* Length of "AUTH_FAILED," substring */
+	      ssl_put_auth_challenge (BSTR (&buf));
+	    }
+#endif
+	}
     }
 }
 
-- 
cgit v1.2.3