Added support for static challenge/response protocol.

This includes the new "static-challenge" directive.

See management/management-notes.txt for details on both
static and dynamic challenge/response protocols.

All client-side challenge/response code is #ifdefed on
ENABLE_CLIENT_CR and can be removed from the build
by commenting out the definition of ENABLE_CLIENT_CR
in syshead.h.

Version 2.1.3x.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7316 e7ae566f-a301-0410-adde-c780ea21d3b5

1 files changed, 15 insertions, 0 deletions

diff --git a/misc.h b/misc.h
index cc6745a..ae95929 100644
--- a/misc.h
+++ b/misc.h
@@ -268,8 +268,19 @@ struct auth_challenge_info {
 
 struct auth_challenge_info *get_auth_challenge (const char *auth_challenge, struct gc_arena *gc);
 
+/*
+ * Challenge response info on client as pushed by server.
+ */
+struct static_challenge_info {
+# define SC_ECHO     (1<<0) /* echo response when typed by user */
+  unsigned int flags;
+
+  const char *challenge_text;
+};
+
 #else
 struct auth_challenge_info {};
+struct static_challenge_info {};
 #endif
 
 bool get_console_input (const char *prompt, const bool echo, char *input, const int capacity);
@@ -285,6 +296,10 @@ bool get_console_input (const char *prompt, const bool echo, char *input, const
 #define GET_USER_PASS_NEED_STR      (1<<5)
 #define GET_USER_PASS_PREVIOUS_CREDS_FAILED (1<<6)
 
+#define GET_USER_PASS_DYNAMIC_CHALLENGE      (1<<7) /* CRV1 protocol  -- dynamic challenge */
+#define GET_USER_PASS_STATIC_CHALLENGE       (1<<8) /* SCRV1 protocol -- static challenge */
+#define GET_USER_PASS_STATIC_CHALLENGE_ECHO  (1<<9) /* SCRV1 protocol -- echo response */
+
 bool get_user_pass_cr (struct user_pass *up,
 		       const char *auth_file,
 		       const char *prefix,