28 #elif defined(_MSC_VER) 60 #if defined(HAVE_DUP) && defined(HAVE_DUP2) 62 if ((fd = open(
"/dev/null", O_RDWR, 0)) != -1)
93 rnd_str =
format_hex_ex(rnd_bytes,
sizeof(rnd_bytes), 40, 0, NULL, gc);
94 buf_printf(&hname,
"%s.%s", rnd_str, hostname);
99 #ifdef ENABLE_MANAGEMENT 105 const char *sc = NULL;
124 msg(
M_FATAL,
"ERROR: could not read %s username/password/ok/string from management interface", prefix);
137 const char *auth_file,
139 const unsigned int flags,
146 bool from_authfile = (auth_file && !
streq(auth_file,
"stdin"));
147 bool username_from_stdin =
false;
148 bool password_from_stdin =
false;
149 bool response_from_stdin =
true;
153 msg(
M_WARN,
"Note: previous '%s' credentials failed", prefix);
156 #ifdef ENABLE_MANAGEMENT 164 response_from_stdin =
false;
183 msg(
M_FATAL,
"ERROR: could not read %s ok-confirmation from stdin", prefix);
194 buf_set_read(&buf, (uint8_t *) auth_file, strlen(auth_file) + 1);
215 msg(
M_ERR,
"Error opening '%s' auth file: %s", prefix, auth_file);
223 msg(
M_FATAL,
"Error reading username from %s authfile: %s",
235 if (flags & GET_USER_PASS_PASSWORD_ONLY && !password_buf[0])
237 msg(
M_FATAL,
"Error reading password from %s authfile: %s", prefix, auth_file);
248 #if defined(ENABLE_MANAGEMENT) 250 && (flags & GET_USER_PASS_MANAGEMENT)
253 msg(
D_LOW,
"No password found in %s authfile '%s'. Querying the management interface", prefix, auth_file);
262 password_from_stdin = 1;
267 if (!(flags & GET_USER_PASS_PASSWORD_ONLY) && strlen(up->
username) == 0)
269 msg(
M_FATAL,
"ERROR: username from %s authfile '%s' is empty", prefix, auth_file);
274 username_from_stdin =
true;
275 password_from_stdin =
true;
281 if (username_from_stdin || password_from_stdin || response_from_stdin)
283 #ifdef ENABLE_MANAGEMENT 284 if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE) && response_from_stdin)
290 struct buffer packed_resp, challenge;
299 msg(
M_FATAL,
"ERROR: could not read challenge response from stdin");
306 msg(
M_FATAL,
"ERROR: received malformed challenge request from server");
316 buf_printf(&user_prompt,
"Enter %s Username:", prefix);
317 buf_printf(&pass_prompt,
"Enter %s Password:", prefix);
325 if (password_from_stdin)
333 msg(
M_FATAL,
"ERROR: Failed retrieving username or password");
336 if (!(flags & GET_USER_PASS_PASSWORD_ONLY))
340 msg(
M_FATAL,
"ERROR: %s username is empty", prefix);
344 #ifdef ENABLE_MANAGEMENT 348 struct buffer packed_resp, challenge;
349 char *pw64 = NULL, *resp64 = NULL;
351 challenge =
alloc_buf_gc(14+strlen(auth_challenge), &gc);
352 buf_printf(&challenge,
"CHALLENGE: %s", auth_challenge);
358 msg(
M_FATAL,
"ERROR: could not retrieve static challenge response");
363 msg(
M_FATAL,
"ERROR: could not base64-encode password/static_response");
366 buf_printf(&packed_resp,
"SCRV1:%s:%s", pw64, resp64);
391 #ifdef ENABLE_MANAGEMENT 403 const int len = strlen(auth_challenge);
404 char *work = (
char *)
gc_malloc(len+1,
false, gc);
417 if (strcmp(work,
"CRV1"))
427 for (cp = work; *cp !=
'\0'; ++cp)
471 const bool nocache = up->
nocache;
472 static bool warn_shown =
false;
473 if (nocache || force)
482 else if (!warn_shown)
484 msg(
M_WARN,
"WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this");
520 if (strlen(username))
530 msg(
D_PUSH,
"Error decoding auth-token-username");
567 n =
parse_line(parms, &ret[base], max_parms - base - 1,
"make_arg_array", 0,
M_WARN, gc);
568 ASSERT(n >= 0 && n + base + 1 <= max_parms);
570 ret[base + n] = NULL;
572 return (
const char **)ret;
585 while (
buf_parse(&buf,
'\n', line,
sizeof(line)))
594 while (
buf_parse(&buf,
'\n', line,
sizeof(line)))
603 return (
const char **)ret;
611 const int max_parms = len + 1;
617 for (i = 0; i <
len; ++i)
622 return (
const char **)ret;
658 char *ret =
gc_malloc(strlen(src)+1,
false, gc);
670 if (c ==
'S' && !strncmp(src,
"SESS_ID_", 8))
675 else if (c ==
'e' && !strncmp(src,
"echo ", 5))
681 && (c ==
'a' && !strncmp(src,
"auth-token ", 11)))
730 if (c ==
'=' && state == 1)
734 else if (isalnum(c) || c ==
'_')
745 if (!isprint(c) || isspace(c)
746 || c ==
'$' || c ==
'(' || c ==
'`')
761 buf_set_read(&buf, (
const uint8_t *) peer_info, strlen(peer_info));
762 while (
buf_parse(&buf,
'\n', line,
sizeof(line)))
766 && (strncmp(line,
"IV_", 3) == 0 || strncmp(line,
"UV_", 3) == 0) )
773 msg(
M_WARN,
"validation failed on peer_info line received from client");
781 int string_len = strlen(
string);
785 int element_count = 1;
787 for (
int i = 0; i < string_len; i++)
789 if (
string[i] == delimiter)
795 return element_count;
806 return combined_path;
void set_std_files_to_null(bool stdin_only)
static void strncpynt(char *dest, const char *src, size_t maxlen)
char * string_alloc(const char *str, struct gc_arena *gc)
bool validate_peer_info_line(char *line)
#define GET_USER_PASS_STATIC_CHALLENGE
void string_clear(char *str)
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
static void gc_free(struct gc_arena *a)
void management_auth_failure(struct management *man, const char *type, const char *reason)
#define GET_USER_PASS_INLINE_CREDS
#define PATH_SEPARATOR_STR
bool buf_printf(struct buffer *buf, const char *format,...)
#define GET_USER_PASS_NOFATAL
const char * hostname_randomize(const char *hostname, struct gc_arena *gc)
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
static bool query_user_SINGLE(char *prompt, size_t prompt_len, char *resp, size_t resp_len, bool echo)
A plain "make Gert happy" wrapper.
static bool check_debug_level(unsigned int level)
const char * skip_leading_whitespace(const char *str)
char username[USER_PASS_LEN]
void query_user_add(char *prompt, size_t prompt_len, char *resp, size_t resp_len, bool echo)
Adds an item to ask the user for.
bool management_query_user_pass(struct management *man, struct user_pass *up, const char *type, const unsigned int flags, const char *static_challenge)
int len
Length in bytes of the actual content within the allocated memory.
#define GET_USER_PASS_PREVIOUS_CREDS_FAILED
const char * safe_print(const char *str, struct gc_arena *gc)
static char * auth_challenge
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
static struct gc_arena gc_new(void)
const char * challenge_text
static bool query_user_exec(void)
Wrapper function enabling query_user_exec() if no alternative methods have been enabled.
void prng_bytes(uint8_t *output, int len)
void env_set_add(struct env_set *es, const char *str)
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
int openvpn_base64_decode(const char *str, void *data, int size)
#define GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_NEED_OK
static bool auth_user_pass_mgmt(struct user_pass *up, const char *prefix, const unsigned int flags, const char *auth_challenge)
void set_auth_token(struct user_pass *up, struct user_pass *tk, const char *token)
Sets the auth-token to token.
const char * sanitize_control_message(const char *src, struct gc_arena *gc)
const char ** make_extended_arg_array(char **p, bool is_inline, struct gc_arena *gc)
char * format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int space_break_flags, const char *separator, struct gc_arena *gc)
int openvpn_base64_encode(const void *data, int size, char **str)
void query_user_clear(void)
Wipes all data put into all of the query_user structs.
const char ** make_arg_array(const char *first, const char *parms, struct gc_arena *gc)
const char * string_mod_const(const char *str, const unsigned int inclusive, const unsigned int exclusive, const char replace, struct gc_arena *gc)
struct auth_challenge_info * get_auth_challenge(const char *auth_challenge, struct gc_arena *gc)
static const char ** make_arg_copy(char **p, struct gc_arena *gc)
#define GET_USER_PASS_DYNAMIC_CHALLENGE
bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge)
bool string_mod(char *str, const unsigned int inclusive, const unsigned int exclusive, const char replace)
#define ALLOC_ARRAY_CLEAR_GC(dptr, type, n, gc)
void purge_user_pass(struct user_pass *up, const bool force)
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
int string_array_len(const char **array)
void set_auth_token_user(struct user_pass *tk, const char *username)
Sets the auth-token username by base64 decoding the passed username.
bool buf_parse(struct buffer *buf, const int delim, char *line, const int size)
static bool management_query_user_pass_enabled(const struct management *man)
void output_peer_info_env(struct env_set *es, const char *peer_info)
Wrapper structure for dynamically allocated memory.
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
int get_num_elements(const char *string, char delimiter)
Returns the occurrences of 'delimiter' in a string +1 This is typically used to find out the number e...
static const char ** make_inline_array(const char *str, struct gc_arena *gc)
Garbage collection arena used to keep track of dynamically allocated memory.
char password[USER_PASS_LEN]
static void buf_set_write(struct buffer *buf, uint8_t *data, int size)
struct buffer prepend_dir(const char *dir, const char *path, struct gc_arena *gc)
Prepend a directory to a path.
#define GET_USER_PASS_MANAGEMENT