diff options
| author | James Yonan <james@openvpn.net> | 2011-06-03 21:21:20 +0000 |
|---|---|---|
| committer | James Yonan <james@openvpn.net> | 2011-06-03 21:21:20 +0000 |
| commit | eab3e22f8261c07d5f906c05fce69917034d9e53 (patch) | |
| tree | b1d5d26dcb1edd657f75f4fb03fc46123157be60 /ssl.c | |
| parent | a114cb750e26e96a727253f316d7415fe34447f6 (diff) | |
| download | openvpn-eab3e22f8261c07d5f906c05fce69917034d9e53.tar.gz openvpn-eab3e22f8261c07d5f906c05fce69917034d9e53.tar.xz openvpn-eab3e22f8261c07d5f906c05fce69917034d9e53.zip | |
Added support for static challenge/response protocol.
This includes the new "static-challenge" directive.
See management/management-notes.txt for details on both
static and dynamic challenge/response protocols.
All client-side challenge/response code is #ifdefed on
ENABLE_CLIENT_CR and can be removed from the build
by commenting out the definition of ENABLE_CLIENT_CR
in syshead.h.
Version 2.1.3x.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7316 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'ssl.c')
| -rw-r--r-- | ssl.c | 32 |
1 files changed, 27 insertions, 5 deletions
@@ -292,17 +292,35 @@ static char *auth_challenge; /* GLOBAL */ #endif void -auth_user_pass_setup (const char *auth_file) +auth_user_pass_setup (const char *auth_file, const struct static_challenge_info *sci) { auth_user_pass_enabled = true; if (!auth_user_pass.defined) { #if AUTO_USERID get_user_pass_auto_userid (&auth_user_pass, auth_file); -#elif defined(ENABLE_CLIENT_CR) - get_user_pass_cr (&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE, auth_challenge); #else - get_user_pass (&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE); +# ifdef ENABLE_CLIENT_CR + if (auth_challenge) /* dynamic challenge/response */ + get_user_pass_cr (&auth_user_pass, + auth_file, + UP_TYPE_AUTH, + GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE|GET_USER_PASS_DYNAMIC_CHALLENGE, + auth_challenge); + else if (sci) /* static challenge response */ + { + int flags = GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE|GET_USER_PASS_STATIC_CHALLENGE; + if (sci->flags & SC_ECHO) + flags |= GET_USER_PASS_STATIC_CHALLENGE_ECHO; + get_user_pass_cr (&auth_user_pass, + auth_file, + UP_TYPE_AUTH, + flags, + sci->challenge_text); + } + else +# endif + get_user_pass (&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE); #endif } } @@ -3945,7 +3963,11 @@ key_method_2_write (struct buffer *buf, struct tls_session *session) /* write username/password if specified */ if (auth_user_pass_enabled) { - auth_user_pass_setup (NULL); +#ifdef ENABLE_CLIENT_CR + auth_user_pass_setup (NULL, session->opt->sci); +#else + auth_user_pass_setup (NULL, NULL); +#endif if (!write_string (buf, auth_user_pass.username, -1)) goto error; if (!write_string (buf, auth_user_pass.password, -1)) |