mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 12:12:15 +02:00
omi: add password protection
Implemented as in openvpn2. If --management option includes "stdin", client immediately prompts for password. When there is incoming OMI connection, client prompts for password and, if it doesn't match the one entered via stdin, closes OMI connection. Signed-off-by: Lev Stipakov <lev@openvpn.net>
This commit is contained in:
parent
0668d9132b
commit
394b5b2258
@ -37,10 +37,12 @@
|
|||||||
#include <openvpn/common/number.hpp>
|
#include <openvpn/common/number.hpp>
|
||||||
#include <openvpn/common/hostport.hpp>
|
#include <openvpn/common/hostport.hpp>
|
||||||
#include <openvpn/common/options.hpp>
|
#include <openvpn/common/options.hpp>
|
||||||
|
#include <openvpn/common/string.hpp>
|
||||||
#include <openvpn/buffer/bufstr.hpp>
|
#include <openvpn/buffer/bufstr.hpp>
|
||||||
#include <openvpn/time/timestr.hpp>
|
#include <openvpn/time/timestr.hpp>
|
||||||
#include <openvpn/time/asiotimersafe.hpp>
|
#include <openvpn/time/asiotimersafe.hpp>
|
||||||
#include <openvpn/asio/asiowork.hpp>
|
#include <openvpn/asio/asiowork.hpp>
|
||||||
|
#include <openvpn/win/console.hpp>
|
||||||
|
|
||||||
// include acceptors for different protocols
|
// include acceptors for different protocols
|
||||||
#include <openvpn/acceptor/base.hpp>
|
#include <openvpn/acceptor/base.hpp>
|
||||||
@ -261,6 +263,14 @@ namespace openvpn {
|
|||||||
const Option& o = opt.get("management");
|
const Option& o = opt.get("management");
|
||||||
const std::string addr = o.get(1, 256);
|
const std::string addr = o.get(1, 256);
|
||||||
const std::string port = o.get(2, 16);
|
const std::string port = o.get(2, 16);
|
||||||
|
const std::string password_file = o.get_optional(3, 256);
|
||||||
|
|
||||||
|
if (password_file == "stdin")
|
||||||
|
{
|
||||||
|
password_defined = true;
|
||||||
|
std::cout << "Enter Management Password:";
|
||||||
|
std::cin >> password;
|
||||||
|
}
|
||||||
|
|
||||||
hold_flag = opt.exists("management-hold");
|
hold_flag = opt.exists("management-hold");
|
||||||
|
|
||||||
@ -683,11 +693,47 @@ namespace openvpn {
|
|||||||
send(">INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info\r\n");
|
send(">INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info\r\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void send_password_prompt()
|
||||||
|
{
|
||||||
|
send("ENTER PASSWORD:");
|
||||||
|
}
|
||||||
|
|
||||||
|
void send_password_correct()
|
||||||
|
{
|
||||||
|
send("SUCCESS: password is correct");
|
||||||
|
}
|
||||||
|
|
||||||
|
bool process_password()
|
||||||
|
{
|
||||||
|
if (password_defined && !password_verified)
|
||||||
|
{
|
||||||
|
if (password == in_partial)
|
||||||
|
{
|
||||||
|
password_verified = true;
|
||||||
|
send_password_correct();
|
||||||
|
send_title_message();
|
||||||
|
hold_cycle();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
// wrong password, kick the client
|
||||||
|
stop_omi_client(false, 250);
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
bool process_in_line() // process incoming line in in_partial
|
bool process_in_line() // process incoming line in in_partial
|
||||||
{
|
{
|
||||||
bool ret = false;
|
bool ret = false;
|
||||||
const bool utf8 = Unicode::is_valid_utf8(in_partial);
|
const bool utf8 = Unicode::is_valid_utf8(in_partial);
|
||||||
string::trim_crlf(in_partial);
|
string::trim_crlf(in_partial);
|
||||||
|
|
||||||
|
if (process_password())
|
||||||
|
return false;
|
||||||
|
|
||||||
if (multiline)
|
if (multiline)
|
||||||
{
|
{
|
||||||
if (!command)
|
if (!command)
|
||||||
@ -825,9 +871,17 @@ namespace openvpn {
|
|||||||
sock->set_cloexec();
|
sock->set_cloexec();
|
||||||
socket = std::move(sock);
|
socket = std::move(sock);
|
||||||
|
|
||||||
send_title_message();
|
password_verified = false;
|
||||||
|
|
||||||
|
if (password_defined)
|
||||||
|
send_password_prompt();
|
||||||
|
else
|
||||||
|
send_title_message();
|
||||||
|
|
||||||
queue_recv();
|
queue_recv();
|
||||||
hold_cycle();
|
|
||||||
|
if (!password_defined)
|
||||||
|
hold_cycle();
|
||||||
}
|
}
|
||||||
catch (const std::exception& e)
|
catch (const std::exception& e)
|
||||||
{
|
{
|
||||||
@ -986,6 +1040,9 @@ namespace openvpn {
|
|||||||
bool multiline = false;
|
bool multiline = false;
|
||||||
bool errors_to_stderr = false;
|
bool errors_to_stderr = false;
|
||||||
bool recv_queued = false;
|
bool recv_queued = false;
|
||||||
|
bool password_defined = false;
|
||||||
|
bool password_verified = false;
|
||||||
|
std::string password;
|
||||||
|
|
||||||
// stopping
|
// stopping
|
||||||
volatile bool stop_called = false;
|
volatile bool stop_called = false;
|
||||||
|
Loading…
Reference in New Issue
Block a user