Browse code
Added directive to specify HTTP proxy credentials in config.
The inline directive http-proxy-user-pass can be used to
specify proxy credentials in config, e.g.:
http-proxy proxy.tld 3128 auto-nct
<http-proxy-user-pass>
foo
bar
</http-proxy-user-pass>
This usage is already supported by OpenVPN 3.
Signed-off-by: James Yonan <james@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1456993146-63968-9-git-send-email-james@openvpn.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11283
Signed-off-by: Gert Doering <gert@greenie.muc.de>
James Yonan authored on 2016/03/03 17:19:05Showing 5 changed files
| ... | ... |
@@ -1092,6 +1092,14 @@ get_user_pass_cr (struct user_pass *up, |
| 1092 | 1092 |
if (!strlen (up->password)) |
| 1093 | 1093 |
strcpy (up->password, "ok"); |
| 1094 | 1094 |
} |
| 1095 |
+ else if (flags & GET_USER_PASS_INLINE_CREDS) |
|
| 1096 |
+ {
|
|
| 1097 |
+ struct buffer buf; |
|
| 1098 |
+ buf_set_read (&buf, (uint8_t*) auth_file, strlen (auth_file) + 1); |
|
| 1099 |
+ if (!(flags & GET_USER_PASS_PASSWORD_ONLY)) |
|
| 1100 |
+ buf_parse (&buf, '\n', up->username, USER_PASS_LEN); |
|
| 1101 |
+ buf_parse (&buf, '\n', up->password, USER_PASS_LEN); |
|
| 1102 |
+ } |
|
| 1095 | 1103 |
/* |
| 1096 | 1104 |
* Read from auth file unless this is a dynamic challenge request. |
| 1097 | 1105 |
*/ |
| ... | ... |
@@ -256,6 +256,8 @@ struct static_challenge_info {};
|
| 256 | 256 |
#define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /* SCRV1 protocol -- static challenge */ |
| 257 | 257 |
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /* SCRV1 protocol -- echo response */ |
| 258 | 258 |
|
| 259 |
+#define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */ |
|
| 260 |
+ |
|
| 259 | 261 |
bool get_user_pass_cr (struct user_pass *up, |
| 260 | 262 |
const char *auth_file, |
| 261 | 263 |
const char *prefix, |
| ... | ... |
@@ -5214,6 +5214,19 @@ add_option (struct options *options, |
| 5214 | 5214 |
ho->auth_method_string = "none"; |
| 5215 | 5215 |
} |
| 5216 | 5216 |
} |
| 5217 |
+ else if (streq (p[0], "http-proxy-user-pass") && p[1]) |
|
| 5218 |
+ {
|
|
| 5219 |
+ struct http_proxy_options *ho; |
|
| 5220 |
+ VERIFY_PERMISSION (OPT_P_GENERAL); |
|
| 5221 |
+ ho = init_http_proxy_options_once (&options->ce.http_proxy_options, &options->gc); |
|
| 5222 |
+ if (streq (p[1], INLINE_FILE_TAG) && p[2]) |
|
| 5223 |
+ {
|
|
| 5224 |
+ ho->auth_file = p[2]; |
|
| 5225 |
+ ho->inline_creds = true; |
|
| 5226 |
+ } |
|
| 5227 |
+ else |
|
| 5228 |
+ ho->auth_file = p[1]; |
|
| 5229 |
+ } |
|
| 5217 | 5230 |
else if (streq (p[0], "http-proxy-retry") && !p[1]) |
| 5218 | 5231 |
{
|
| 5219 | 5232 |
struct http_proxy_options *ho; |
| ... | ... |
@@ -241,6 +241,8 @@ get_user_pass_http (struct http_proxy_info *p, const bool force) |
| 241 | 241 |
unsigned int flags = GET_USER_PASS_MANAGEMENT; |
| 242 | 242 |
if (p->queried_creds) |
| 243 | 243 |
flags |= GET_USER_PASS_PREVIOUS_CREDS_FAILED; |
| 244 |
+ if (p->options.inline_creds) |
|
| 245 |
+ flags |= GET_USER_PASS_INLINE_CREDS; |
|
| 244 | 246 |
get_user_pass (&static_proxy_user_pass, |
| 245 | 247 |
p->options.auth_file, |
| 246 | 248 |
UP_TYPE_PROXY, |