The inline directive http-proxy-user-pass can be used to
specify proxy credentials in config, e.g.:
http-proxy proxy.tld 3128 auto-nct
<http-proxy-user-pass>
foo
bar
</http-proxy-user-pass>
This usage is already supported by OpenVPN 3.
Signed-off-by: James Yonan <james@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1456993146-63968-9-git-send-email-james@openvpn.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11283
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -1092,6 +1092,14 @@ get_user_pass_cr (struct user_pass *up, |
1092 | 1092 |
if (!strlen (up->password)) |
1093 | 1093 |
strcpy (up->password, "ok"); |
1094 | 1094 |
} |
1095 |
+ else if (flags & GET_USER_PASS_INLINE_CREDS) |
|
1096 |
+ { |
|
1097 |
+ struct buffer buf; |
|
1098 |
+ buf_set_read (&buf, (uint8_t*) auth_file, strlen (auth_file) + 1); |
|
1099 |
+ if (!(flags & GET_USER_PASS_PASSWORD_ONLY)) |
|
1100 |
+ buf_parse (&buf, '\n', up->username, USER_PASS_LEN); |
|
1101 |
+ buf_parse (&buf, '\n', up->password, USER_PASS_LEN); |
|
1102 |
+ } |
|
1095 | 1103 |
/* |
1096 | 1104 |
* Read from auth file unless this is a dynamic challenge request. |
1097 | 1105 |
*/ |
... | ... |
@@ -256,6 +256,8 @@ struct static_challenge_info {}; |
256 | 256 |
#define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /* SCRV1 protocol -- static challenge */ |
257 | 257 |
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /* SCRV1 protocol -- echo response */ |
258 | 258 |
|
259 |
+#define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */ |
|
260 |
+ |
|
259 | 261 |
bool get_user_pass_cr (struct user_pass *up, |
260 | 262 |
const char *auth_file, |
261 | 263 |
const char *prefix, |
... | ... |
@@ -5214,6 +5214,19 @@ add_option (struct options *options, |
5214 | 5214 |
ho->auth_method_string = "none"; |
5215 | 5215 |
} |
5216 | 5216 |
} |
5217 |
+ else if (streq (p[0], "http-proxy-user-pass") && p[1]) |
|
5218 |
+ { |
|
5219 |
+ struct http_proxy_options *ho; |
|
5220 |
+ VERIFY_PERMISSION (OPT_P_GENERAL); |
|
5221 |
+ ho = init_http_proxy_options_once (&options->ce.http_proxy_options, &options->gc); |
|
5222 |
+ if (streq (p[1], INLINE_FILE_TAG) && p[2]) |
|
5223 |
+ { |
|
5224 |
+ ho->auth_file = p[2]; |
|
5225 |
+ ho->inline_creds = true; |
|
5226 |
+ } |
|
5227 |
+ else |
|
5228 |
+ ho->auth_file = p[1]; |
|
5229 |
+ } |
|
5217 | 5230 |
else if (streq (p[0], "http-proxy-retry") && !p[1]) |
5218 | 5231 |
{ |
5219 | 5232 |
struct http_proxy_options *ho; |
... | ... |
@@ -241,6 +241,8 @@ get_user_pass_http (struct http_proxy_info *p, const bool force) |
241 | 241 |
unsigned int flags = GET_USER_PASS_MANAGEMENT; |
242 | 242 |
if (p->queried_creds) |
243 | 243 |
flags |= GET_USER_PASS_PREVIOUS_CREDS_FAILED; |
244 |
+ if (p->options.inline_creds) |
|
245 |
+ flags |= GET_USER_PASS_INLINE_CREDS; |
|
244 | 246 |
get_user_pass (&static_proxy_user_pass, |
245 | 247 |
p->options.auth_file, |
246 | 248 |
UP_TYPE_PROXY, |