Browse Source

Support concatenating response with password

Static challenge response and password are optionally
concatenated and submitted instead of using the SCRV1
protocol. The code is activated in the next commit.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
pull/677/merge
Selva Nair 6 months ago committed by Gert Doering
parent
commit
927953021a
  1. 16
      openvpn.c
  2. 1
      openvpn.h

16
openvpn.c

@ -589,7 +589,7 @@ UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
if (RecallAuthPass(param->c->config_name, password)) if (RecallAuthPass(param->c->config_name, password))
{ {
SetDlgItemTextW(hwndDlg, ID_EDT_AUTH_PASS, password); SetDlgItemTextW(hwndDlg, ID_EDT_AUTH_PASS, password);
if (username[0] != L'\0' && !(param->flags & FLAG_CR_TYPE_SCRV1) if (username[0] != L'\0' && !(param->flags & (FLAG_CR_TYPE_SCRV1|FLAG_CR_TYPE_CONCAT))
&& password[0] != L'\0' && param->c->failed_auth_attempts == 0) && password[0] != L'\0' && param->c->failed_auth_attempts == 0)
{ {
/* user/pass available and no challenge response needed: skip dialog /* user/pass available and no challenge response needed: skip dialog
@ -605,7 +605,7 @@ UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{ {
SendMessage(GetDlgItem(hwndDlg, ID_EDT_AUTH_PASS), EM_SETSEL, 0, MAKELONG(0, -1)); SendMessage(GetDlgItem(hwndDlg, ID_EDT_AUTH_PASS), EM_SETSEL, 0, MAKELONG(0, -1));
} }
else if (param->flags & FLAG_CR_TYPE_SCRV1) else if (param->flags & (FLAG_CR_TYPE_SCRV1|FLAG_CR_TYPE_CONCAT))
{ {
SetFocus(GetDlgItem(hwndDlg, ID_EDT_AUTH_CHALLENGE)); SetFocus(GetDlgItem(hwndDlg, ID_EDT_AUTH_CHALLENGE));
} }
@ -662,7 +662,7 @@ UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
/* enable OK button only if username and either password or response are filled */ /* enable OK button only if username and either password or response are filled */
BOOL enableOK = GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_USER)) BOOL enableOK = GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_USER))
&& (GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_PASS)) && (GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_PASS))
|| ((param->flags & FLAG_CR_TYPE_SCRV1) || ((param->flags & (FLAG_CR_TYPE_SCRV1|FLAG_CR_TYPE_CONCAT))
&& GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_CHALLENGE))) && GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_CHALLENGE)))
); );
EnableWindow(GetDlgItem(hwndDlg, IDOK), enableOK); EnableWindow(GetDlgItem(hwndDlg, IDOK), enableOK);
@ -706,9 +706,19 @@ UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{ {
SaveAuthPass(param->c->config_name, password); SaveAuthPass(param->c->config_name, password);
} }
if (param->flags & FLAG_CR_TYPE_CONCAT)
{
GetDlgItemTextW(hwndDlg, ID_EDT_AUTH_CHALLENGE, password + wcslen(password), _countof(password)-wcslen(password));
SetDlgItemTextW(hwndDlg, ID_EDT_AUTH_PASS, password);
/* erase potentially secret contents in the response text box */
memset(password, L'x', wcslen(password));
SetDlgItemTextW(hwndDlg, ID_EDT_AUTH_CHALLENGE, password);
}
SecureZeroMemory(password, sizeof(password)); SecureZeroMemory(password, sizeof(password));
} }
ManagementCommandFromInput(param->c, "username \"Auth\" \"%s\"", hwndDlg, ID_EDT_AUTH_USER); ManagementCommandFromInput(param->c, "username \"Auth\" \"%s\"", hwndDlg, ID_EDT_AUTH_USER);
if (param->flags & FLAG_CR_TYPE_SCRV1) if (param->flags & FLAG_CR_TYPE_SCRV1)
{ {
ManagementCommandFromTwoInputsBase64(param->c, "password \"Auth\" \"SCRV1:%s:%s\"", hwndDlg, ID_EDT_AUTH_PASS, ID_EDT_AUTH_CHALLENGE); ManagementCommandFromTwoInputsBase64(param->c, "password \"Auth\" \"SCRV1:%s:%s\"", hwndDlg, ID_EDT_AUTH_PASS, ID_EDT_AUTH_CHALLENGE);

1
openvpn.h

@ -94,6 +94,7 @@ void WriteStatusLog(connection_t *c, const WCHAR *prefix, const WCHAR *line, BOO
#define FLAG_STRING_PKCS11 0x20 /* PKCS11 id needed */ #define FLAG_STRING_PKCS11 0x20 /* PKCS11 id needed */
#define FLAG_PASS_PKEY 0x40 /* Private key password needed */ #define FLAG_PASS_PKEY 0x40 /* Private key password needed */
#define FLAG_CR_TYPE_CRTEXT 0x80 /* crtext */ #define FLAG_CR_TYPE_CRTEXT 0x80 /* crtext */
#define FLAG_CR_TYPE_CONCAT 0x100 /* concatenate otp with password */
typedef struct { typedef struct {
connection_t *c; connection_t *c;

Loading…
Cancel
Save