Web-based extra authentication

This adds support for web-based extra authentication, which may be used by OpenVPN Cloud. When enabled and client sends IV_SSO=openurl, server pushes Info command OPEN_URL:<url>. The client opens that URL and user authenticates. Signed-off-by: Lev Stipakov <lev@openvpn.net>
2021-05-31 23:13:10 +03:00 · 2021-05-31 23:13:10 +03:00 · bb00d95f86
parent e14287e93e
commit bb00d95f86
5 changed files with 28 additions and 1 deletions
--- a/main.c
+++ b/main.c
@ -186,6 +186,7 @@ int WINAPI _tWinMain (HINSTANCE hThisInstance,
      { needstr_,  OnNeedStr },
      { echo_,     OnEcho },
      { bytecount_,OnByteCount },
+      { infomsg_,  OnInfoMsg },
      { 0,        NULL }
  };
  InitManagement(handler);
--- a/manage.c
+++ b/manage.c
@ -332,6 +332,11 @@ OnManagement(SOCKET sk, LPARAM lParam)
                    if (rtmsg_handler[bytecount_])
                        rtmsg_handler[bytecount_](c, pos + 10);
                }
+                else if (strncmp(pos, "INFOMSG:", 8) == 0)
+                {
+                    if (rtmsg_handler[infomsg_])
+                        rtmsg_handler[infomsg_](c, pos + 8);
+                }
            }
            else if (c->manage.cmd_queue)
            {
--- a/manage.h
+++ b/manage.h
@ -37,6 +37,7 @@ typedef enum {
    needok_,
    needstr_,
    pkcs11_id_count_,
+    infomsg_,
    mgmt_rtmsg_type_max
 } mgmt_rtmsg_type;

--- a/openvpn.c
+++ b/openvpn.c
@ -1281,6 +1281,25 @@ void OnByteCount(connection_t *c, char *msg)
            LoadLocalizedString(IDS_NFO_BYTECOUNT, in, out));
 }

+/*
+ * Handle INFOMSG from OpenVPN. At the moment in only handles
+ * "OPEN_URL:<url>" message used by web-based extra authentication.
+ */
+void OnInfoMsg(connection_t* c, char* msg)
+{
+    PrintDebug(L"OnInfoMsg with msg = %S", msg);
+
+    if (strbegins(msg, "OPEN_URL:"))
+    {
+        wchar_t* url = Widen(msg + 9);
+        if (!open_url(url))
+        {
+            WriteStatusLog(c, L"GUI> ", L"Error: failed to open url from info msg", false);
+        }
+        free(url);
+    }
+}
+
 /*
 * Break a long line into shorter segments
 */
@ -1986,7 +2005,7 @@ StartOpenVPN(connection_t *c)

    /* Construct command line -- put log first */
    _sntprintf_0(cmdline, _T("openvpn --log%s \"%s\" --config \"%s\" "
-        "--setenv IV_GUI_VER \"%S\" --service %s 0 --auth-retry interact "
+        "--setenv IV_GUI_VER \"%S\" --setenv IV_SSO openurl --service %s 0 --auth-retry interact "
        "--management %S %hd stdin --management-query-passwords %s"
        "--management-hold"),
        (o.log_append ? _T("-append") : _T("")), c->log_path,
--- a/openvpn.h
+++ b/openvpn.h
@ -40,6 +40,7 @@ void OnNeedOk(connection_t *, char *);
 void OnNeedStr(connection_t *, char *);
 void OnEcho(connection_t *, char *);
 void OnByteCount(connection_t *, char *);
+void OnInfoMsg(connection_t*, char*);

 void ResetSavePasswords(connection_t *);