[Openvpn-devel] [PATCH] Fix using management interface to get passwords

Wed, 15 Jul 2015 18:43:17 +0000 

Commits da9b292733e929a2900dc32d37f0424c3d588366 and
315f6fbc7f657a7f1127628bd714f468709d5185 broke the use case where we are asking
password from the management client. The password is always asked before
daemonization. With this fix we avoid this and ask it via management interface
in the same spot as before the mentioned commits. Tested on Linux.

From 55172b6104c47374c062f3581617068840e5b51a Mon Sep 17 00:00:00 2001
From: Christian Pellegrin <chrip...@google.com>
Date: Wed, 15 Jul 2015 16:45:58 +0100
Subject: [PATCH] Fix using management interface to get passwords.

Commits da9b292733e929a2900dc32d37f0424c3d588366 and
315f6fbc7f657a7f1127628bd714f468709d5185 broke the use case where we are asking
password from the management client. The password is always asked before
daemonization. With this fix we avoid this and ask it via management interface
in the same spot as before the mentioned commits. Tested on Linux.
---
 src/openvpn/init.c    | 10 ++++++++++
 src/openvpn/openvpn.c |  8 ++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index c24a646..7d7a209 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -502,6 +502,16 @@ context_init_1 (struct context *c)
 
   init_connection_list (c);
 
+#ifdef ENABLE_MANAGEMENT
+  if (c->options.management_flags & MF_QUERY_PASSWORDS) {
+#ifdef ENABLE_CLIENT_CR
+    auth_user_pass_setup ("management", &c->options.sc_info);
+#else
+    auth_user_pass_setup ("management", NULL);
+#endif
+  }
+#endif
+
 #if defined(ENABLE_PKCS11)
   if (c->first_time) {
     int i;
diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c
index d05acde..2a176b6 100644
--- a/src/openvpn/openvpn.c
+++ b/src/openvpn/openvpn.c
@@ -229,8 +229,12 @@ openvpn_main (int argc, char *argv[])
 	  if (do_test_crypto (&c.options))
 	    break;
 
-	  /* Query passwords before becoming a daemon */
-	  init_query_passwords (&c);
+	  /* Query passwords before becoming a daemon if we don't use the
+           * management interface to get them. */
+#ifdef ENABLE_MANAGEMENT
+          if (! (c.options.management_flags & MF_QUERY_PASSWORDS))
+#endif
+            init_query_passwords (&c);
 
 	  /* become a daemon if --daemon */
 	  if (c.first_time)
-- 
2.4.3.573.g4eafbef

Reply via email to