mirror of https://github.com/OpenVPN/openvpn-gui
Fix handling of dynamic challenge when response is not required
In this case, as per management-notes.txt, a CRV1 response with an empty password should be submitted. Currently we ignore such "challenges" causing the regular user-auth dialog to be shown instead. Fix by displaying the message received from the server. Depending on user action (OK or CANCEL), a properly formatted reponse with an empty password is returned or the connection is aborted. Signed-off-by: Selva Nair <selva.nair@gmail.com>pull/420/head
parent
21e09d4603
commit
69e772d681
20
openvpn.c
20
openvpn.c
|
@ -642,6 +642,19 @@ GenericPassDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
|
|||
{
|
||||
SetDlgItemTextW(hwndDlg, ID_TXT_DESCRIPTION, wstr);
|
||||
|
||||
/* If response is not required show a message box with the challenge
|
||||
* text and autosubmit an empty password (see management-notes.txt)
|
||||
*/
|
||||
if ((param->flags & FLAG_CR_RESPONSE) == 0)
|
||||
{
|
||||
wchar_t title[256];
|
||||
GetWindowTextW(hwndDlg, title, _countof(title));
|
||||
if (MessageBox(param->c->hwndStatus, wstr, title, MB_OKCANCEL) == IDOK)
|
||||
SimulateButtonPress(hwndDlg, IDOK);
|
||||
else
|
||||
SimulateButtonPress(hwndDlg, IDCANCEL);
|
||||
}
|
||||
|
||||
/* Set password echo on if needed */
|
||||
if (param->flags & FLAG_CR_ECHO)
|
||||
SendMessage(GetDlgItem(hwndDlg, ID_EDT_RESPONSE), EM_SETPASSWORDCHAR, 0, 0);
|
||||
|
@ -1049,13 +1062,6 @@ OnPassword(connection_t *c, char *msg)
|
|||
{
|
||||
chstr += 5; /* beginning of dynamic CR string */
|
||||
|
||||
/* Check if a response is required: ie., starts with R or E,R */
|
||||
if (strncmp (chstr, "R", 1) != 0 && strncmp (chstr, "E,R", 3) != 0)
|
||||
{
|
||||
PrintDebug(L"Got dynamic challenge request with no response required: <%S>", chstr);
|
||||
return;
|
||||
}
|
||||
|
||||
/* Save the string for later processing during next Auth request */
|
||||
c->dynamic_cr = strdup(chstr);
|
||||
if (c->dynamic_cr && (chstr = strstr (c->dynamic_cr, "']")) != NULL)
|
||||
|
|
Loading…
Reference in New Issue