Re: [Openvpn-devel] [PATCH 2/2] get_user_pass_cr: get password from stdin if missing inline

Wed, 14 Sep 2022 12:42:21 -0700 

On Wed, Sep 14, 2022 at 3:30 PM Antonio Quartulli <a...@unstable.cc> wrote:

> Hi,
>
> On 14/09/2022 21:26, Selva Nair wrote:
> >     diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
> >     index 07f6e202..50f7f975 100644
> >     --- a/src/openvpn/misc.c
> >     +++ b/src/openvpn/misc.c
> >     @@ -197,6 +197,11 @@ get_user_pass_cr(struct user_pass *up,
> >                       buf_parse(&buf, '\n', up->username, USER_PASS_LEN);
> >                   }
> >                   buf_parse(&buf, '\n', up->password, USER_PASS_LEN);
> >     +
> >     +            if (strlen(up->password) == 0)
> >     +            {
> >     +                password_from_stdin = 1;
> >
> >
> > This works when stdin is available, but reading username from file and
> > password from the management interface is still not possible. Currently,
> > if --management-query-passwords and --auth-user-pass are used, the file
> > must contain username and password (management i/f not queried). This
> > patch allows username only files, but only if reading from stdin is
> > possible.
>
> Just to make sure I got your comment right: this patch is not allowing
> files to have no password (this is allowed already without this patch).
> This patch is only allowing having no password when doing inline
> credentials.
>
> Does your comment still apply?
>
> If the mgmt interface has troubles with querying the password, then it
> means we already have this problem without the patch, right?
>

Yes, on re-reading the patches, my comment was not totally accurate..

The issue is long-standing one with username/password in file --- if
password is missing it's not prompted from the management interface even if
management-query-passwords is in effect. Instead it's prompted from stdin
which is generally not available when run from a GUI.

So, yes, its not a fault of this patch, except that its committing the same
"mistake" of not using the management interface instead of stdin as the
fallback when "--management-query-passwords" is in effect.

Selva

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to