Ticket #538: bug538-workaround.patch
| File bug538-workaround.patch, 7.8 KB (added by , 7 years ago) |
|---|
-
src/openvpn/console.h
old new query_user_SINGLE(char *prompt, size_t p 117 117 return query_user_exec(); 118 118 } 119 119 120 /** 121 * A plain "make Gert happy" wrapper over built-in user querying method. 122 * Same arguments as @query_user_add 123 * 124 * Allows to use built-in method for PKCS11 PIN prompt regardless of 125 * the systemd support status and presence, 126 * see https://community.openvpn.net/openvpn/ticket/538 for details. 127 */ 128 static inline bool 129 query_user_builtin_SINGLE(char *prompt, size_t prompt_len, 130 char *resp, size_t resp_len, 131 bool echo) 132 { 133 query_user_clear(); 134 query_user_add(prompt, prompt_len, resp, resp_len, echo); 135 return query_user_exec_builtin(); 136 } 137 120 138 #endif /* ifndef CONSOLE_H */ -
src/openvpn/pkcs11.c
old new _pkcs11_openvpn_pin_prompt( 249 249 &token_pass, 250 250 NULL, 251 251 prompt, 252 GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY|GET_USER_PASS_NOFATAL 252 GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY|GET_USER_PASS_NOFATAL|GET_USER_PASS_FORCE_BUILTIN 253 253 ) 254 254 ) 255 255 { … … _pkcs11_openvpn_show_pkcs11_ids_pin_prom 795 795 ASSERT(token!=NULL); 796 796 797 797 buf_printf(&pass_prompt, "Please enter '%s' token PIN or 'cancel': ", token->display); 798 if (!query_user_ SINGLE(BSTR(&pass_prompt), BLEN(&pass_prompt),798 if (!query_user_builtin_SINGLE(BSTR(&pass_prompt), BLEN(&pass_prompt), 799 799 pin, pin_max, false)) 800 800 { 801 801 msg(M_FATAL, "Could not retrieve the PIN"); -
src/openvpn/misc.c
old new get_user_pass_cr(struct user_pass *up, 1154 1154 struct buffer user_prompt = alloc_buf_gc(128, &gc); 1155 1155 1156 1156 buf_printf(&user_prompt, "NEED-OK|%s|%s:", prefix, up->username); 1157 if (!query_user_SINGLE(BSTR(&user_prompt), BLEN(&user_prompt), 1158 up->password, USER_PASS_LEN, false)) 1159 { 1160 msg(M_FATAL, "ERROR: could not read %s ok-confirmation from stdin", prefix); 1157 if (flags & GET_USER_PASS_FORCE_BUILTIN) { 1158 if (!query_user_builtin_SINGLE(BSTR(&user_prompt), BLEN(&user_prompt), 1159 up->password, USER_PASS_LEN, false)) 1160 { 1161 msg(M_FATAL, "ERROR: could not read %s ok-confirmation from stdin", prefix); 1162 } 1163 } 1164 else { 1165 if (!query_user_SINGLE(BSTR(&user_prompt), BLEN(&user_prompt), 1166 up->password, USER_PASS_LEN, false)) 1167 { 1168 msg(M_FATAL, "ERROR: could not read %s ok-confirmation from stdin", prefix); 1169 } 1161 1170 } 1162 1171 1163 1172 if (!strlen(up->password)) … … get_user_pass_cr(struct user_pass *up, 1254 1263 buf_printf(&challenge, "CHALLENGE: %s", ac->challenge_text); 1255 1264 buf_set_write(&packed_resp, (uint8_t *)up->password, USER_PASS_LEN); 1256 1265 1257 if (!query_user_SINGLE(BSTR(&challenge), BLEN(&challenge), 1258 response, USER_PASS_LEN, BOOL_CAST(ac->flags&CR_ECHO))) 1259 { 1260 msg(M_FATAL, "ERROR: could not read challenge response from stdin"); 1266 if (flags & GET_USER_PASS_FORCE_BUILTIN) { 1267 if (!query_user_builtin_SINGLE(BSTR(&challenge), BLEN(&challenge), 1268 response, USER_PASS_LEN, BOOL_CAST(ac->flags&CR_ECHO))) 1269 { 1270 msg(M_FATAL, "ERROR: could not read challenge response from stdin"); 1271 } 1272 } 1273 else { 1274 if (!query_user_SINGLE(BSTR(&challenge), BLEN(&challenge), 1275 response, USER_PASS_LEN, BOOL_CAST(ac->flags&CR_ECHO))) 1276 { 1277 msg(M_FATAL, "ERROR: could not read challenge response from stdin"); 1278 } 1261 1279 } 1262 1280 strncpynt(up->username, ac->user, USER_PASS_LEN); 1263 1281 buf_printf(&packed_resp, "CRV1::%s::%s", ac->state_id, response); … … get_user_pass_cr(struct user_pass *up, 1289 1307 up->password, USER_PASS_LEN, false); 1290 1308 } 1291 1309 1292 if (!query_user_exec() ) 1293 { 1294 msg(M_FATAL, "ERROR: Failed retrieving username or password"); 1310 if (flags & GET_USER_PASS_FORCE_BUILTIN) { 1311 if (!query_user_exec_builtin() ) 1312 { 1313 msg(M_FATAL, "ERROR: Failed retrieving username or password"); 1314 } 1315 } 1316 else { 1317 if (!query_user_exec() ) 1318 { 1319 msg(M_FATAL, "ERROR: Failed retrieving username or password"); 1320 } 1295 1321 } 1296 1322 1297 1323 if (!(flags & GET_USER_PASS_PASSWORD_ONLY)) … … get_user_pass_cr(struct user_pass *up, 1312 1338 challenge = alloc_buf_gc(14+strlen(auth_challenge), &gc); 1313 1339 buf_printf(&challenge, "CHALLENGE: %s", auth_challenge); 1314 1340 1315 if (!query_user_SINGLE(BSTR(&challenge), BLEN(&challenge), 1316 response, USER_PASS_LEN, 1317 BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO))) 1318 { 1319 msg(M_FATAL, "ERROR: could not retrieve static challenge response"); 1341 if (flags & GET_USER_PASS_FORCE_BUILTIN) { 1342 if (!query_user_builtin_SINGLE(BSTR(&challenge), BLEN(&challenge), 1343 response, USER_PASS_LEN, 1344 BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO))) 1345 { 1346 msg(M_FATAL, "ERROR: could not retrieve static challenge response"); 1347 } 1348 } 1349 else { 1350 if (!query_user_SINGLE(BSTR(&challenge), BLEN(&challenge), 1351 response, USER_PASS_LEN, 1352 BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO))) 1353 { 1354 msg(M_FATAL, "ERROR: could not retrieve static challenge response"); 1355 } 1320 1356 } 1321 1357 if (openvpn_base64_encode(up->password, strlen(up->password), &pw64) == -1 1322 1358 || openvpn_base64_encode(response, strlen(response), &resp64) == -1) -
src/openvpn/misc.h
old new struct static_challenge_info {}; 265 265 266 266 #define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */ 267 267 268 #define GET_USER_PASS_FORCE_BUILTIN (1<<11) /* force builtin prompt to work around 538 */ 269 268 270 bool get_user_pass_cr(struct user_pass *up, 269 271 const char *auth_file, 270 272 const char *prefix,
