diff options
| author | Steffan Karger <steffan@karger.me> | 2015-05-23 15:02:25 +0200 |
|---|---|---|
| committer | Gert Doering <gert@greenie.muc.de> | 2015-05-23 21:20:32 +0200 |
| commit | ac1cb5bfbb9e09e79fd737bc57999d968d77c5ad (patch) | |
| tree | df5ee440e253583635033980e83210ae2fdad646 | |
| parent | 970c4bd2e473f625699bd56db44c1970a9e10ed9 (diff) | |
| download | openvpn-ac1cb5bfbb9e09e79fd737bc57999d968d77c5ad.tar.gz openvpn-ac1cb5bfbb9e09e79fd737bc57999d968d77c5ad.tar.xz openvpn-ac1cb5bfbb9e09e79fd737bc57999d968d77c5ad.zip | |
Re-read auth-user-pass file on (re)connect if required
Fixes trac #225 ('--auth-user-pass FILE' and '--auth-nocache' problem).
This patch is based on the changes suggested by ye_olde_iron in the trac
ticket. Also added a note to the manpage to inform people to use
absolute paths when combining --auth-user-pass file and --auth-nocache.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1432386145-15045-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9717
Signed-off-by: Gert Doering <gert@greenie.muc.de>
| -rw-r--r-- | doc/openvpn.8 | 3 | ||||
| -rw-r--r-- | src/openvpn/init.c | 1 | ||||
| -rw-r--r-- | src/openvpn/ssl.c | 4 | ||||
| -rw-r--r-- | src/openvpn/ssl_common.h | 1 |
4 files changed, 7 insertions, 2 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index ef87bb7..67e6ddd 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4786,6 +4786,9 @@ when OpenVPN needs a username/password, it will prompt for input from stdin, which may be multiple times during the duration of an OpenVPN session. +When using \-\-auth\-nocache in combination with a user/password file +and \-\-chroot or \-\-daemon, make sure to use an absolute path. + This directive does not affect the .B \-\-http\-proxy username/password. It is always cached. diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 3434ce0..d093f46 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2252,6 +2252,7 @@ do_init_crypto_tls (struct context *c, const unsigned int flags) to.tmp_dir = options->tmp_dir; if (options->ccd_exclusive) to.client_config_dir_exclusive = options->client_config_dir; + to.auth_user_pass_file = options->auth_user_pass_file; #endif #ifdef ENABLE_X509_TRACK diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index dce6c30..ebb2f0d 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1920,9 +1920,9 @@ key_method_2_write (struct buffer *buf, struct tls_session *session) if (auth_user_pass_enabled) { #ifdef ENABLE_CLIENT_CR - auth_user_pass_setup (NULL, session->opt->sci); + auth_user_pass_setup (session->opt->auth_user_pass_file, session->opt->sci); #else - auth_user_pass_setup (NULL, NULL); + auth_user_pass_setup (session->opt->auth_user_pass_file, NULL); #endif if (!write_string (buf, auth_user_pass.username, -1)) goto error; diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index bb1c1c2..95cd2f7 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -277,6 +277,7 @@ struct tls_options const char *auth_user_pass_verify_script; bool auth_user_pass_verify_script_via_file; const char *tmp_dir; + const char *auth_user_pass_file; /* use the client-config-dir as a positive authenticator */ const char *client_config_dir_exclusive; |