From ac1cb5bfbb9e09e79fd737bc57999d968d77c5ad Mon Sep 17 00:00:00 2001 From: Steffan Karger Date: Sat, 23 May 2015 15:02:25 +0200 Subject: Re-read auth-user-pass file on (re)connect if required Fixes trac #225 ('--auth-user-pass FILE' and '--auth-nocache' problem). This patch is based on the changes suggested by ye_olde_iron in the trac ticket. Also added a note to the manpage to inform people to use absolute paths when combining --auth-user-pass file and --auth-nocache. Signed-off-by: Steffan Karger Acked-by: Gert Doering Message-Id: <1432386145-15045-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9717 Signed-off-by: Gert Doering --- doc/openvpn.8 | 3 +++ src/openvpn/init.c | 1 + src/openvpn/ssl.c | 4 ++-- src/openvpn/ssl_common.h | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index ef87bb7..67e6ddd 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4786,6 +4786,9 @@ when OpenVPN needs a username/password, it will prompt for input from stdin, which may be multiple times during the duration of an OpenVPN session. +When using \-\-auth\-nocache in combination with a user/password file +and \-\-chroot or \-\-daemon, make sure to use an absolute path. + This directive does not affect the .B \-\-http\-proxy username/password. It is always cached. diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 3434ce0..d093f46 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2252,6 +2252,7 @@ do_init_crypto_tls (struct context *c, const unsigned int flags) to.tmp_dir = options->tmp_dir; if (options->ccd_exclusive) to.client_config_dir_exclusive = options->client_config_dir; + to.auth_user_pass_file = options->auth_user_pass_file; #endif #ifdef ENABLE_X509_TRACK diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index dce6c30..ebb2f0d 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1920,9 +1920,9 @@ key_method_2_write (struct buffer *buf, struct tls_session *session) if (auth_user_pass_enabled) { #ifdef ENABLE_CLIENT_CR - auth_user_pass_setup (NULL, session->opt->sci); + auth_user_pass_setup (session->opt->auth_user_pass_file, session->opt->sci); #else - auth_user_pass_setup (NULL, NULL); + auth_user_pass_setup (session->opt->auth_user_pass_file, NULL); #endif if (!write_string (buf, auth_user_pass.username, -1)) goto error; diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index bb1c1c2..95cd2f7 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -277,6 +277,7 @@ struct tls_options const char *auth_user_pass_verify_script; bool auth_user_pass_verify_script_via_file; const char *tmp_dir; + const char *auth_user_pass_file; /* use the client-config-dir as a positive authenticator */ const char *client_config_dir_exclusive; -- cgit