mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 04:02:15 +02:00
Code

omi: support for dynamic challenge

Browse Source 
When server responds with AUTH_FAILED/dynamic challenge,
openvpn stores dc cookie and prompts omi client for response. After receiving
response, openvpn sends it to server along with dc cookie.

Signed-off-by: Lev Stipakov <lev@openvpn.net>
This commit is contained in:
Lev Stipakov 2020-03-27 14:44:59 +02:00
parent 2141e23ecd
commit 557ff6249b
1 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
openvpn/omi/openvpn.cpp
View File

@ -374,7 +374,7 @@ private:
config->wintun = true;
if (!eval.autologin && management_query_passwords && !creds)
query_username_password("Auth", false, eval.staticChallenge, eval.staticChallengeEcho);
query_username_password("Auth", !dc_cookie.empty(), eval.staticChallenge, eval.staticChallengeEcho);
else if (proxy_need_creds)
query_username_password("HTTP Proxy", false, "", false);
else if (management_query_remote && !did_query_remote)
@ -465,7 +465,23 @@ private:
void provide_username_password(const std::string& type, const std::string& username, const std::string& password)
{
if (type == "Auth")
if (!dc_cookie.empty())
{
creds.reset(new ClientAPI::ProvideCreds);
creds->dynamicChallengeCookie = dc_cookie;
try {
// response could be whole challenge string in case of connect 2.x
ChallengeResponse cr{ auth_password };
creds->response = std::string{ cr.get_challenge_text() };
}
catch (const ChallengeResponse::dynamic_challenge_parse_error&) {
// response contains only challenge text
creds->response = auth_password;
}
creds->cachePassword = !auth_nocache;
creds->replacePasswordWithSessionID = true;
}
else if (type == "Auth")
{
creds.reset(new ClientAPI::ProvideCreds);
creds->username = username;
@ -772,6 +788,15 @@ private:
// process events
if ((ev.name == "AUTH_FAILED" || ev.name == "DYNAMIC_CHALLENGE") && management_query_passwords)
{
if (ev.name == "DYNAMIC_CHALLENGE")
{
dc_cookie = ev.info;
}
else
{
dc_cookie = "";
}
// handle auth failures
std::string msg = ">PASSWORD:Verification Failed: 'Auth'";
if (!ev.info.empty())
@ -947,6 +972,7 @@ private:
bool auth_password_only = false;
std::string auth_username;
std::string auth_password;
std::string dc_cookie;
// remote override
bool management_query_remote = false;