The inline directive http-proxy-user-pass can be used to specify proxy credentials in config, e.g.:
http-proxy proxy.tld 3128 auto-nct <http-proxy-user-pass> foo bar </http-proxy-user-pass> This usage is already supported by OpenVPN 3. Signed-off-by: James Yonan <ja...@openvpn.net> --- src/openvpn/misc.c | 8 ++++++++ src/openvpn/misc.h | 2 ++ src/openvpn/options.c | 13 +++++++++++++ src/openvpn/proxy.c | 2 ++ src/openvpn/proxy.h | 1 + 5 files changed, 26 insertions(+) diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 05ed073..4766a17 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -1090,6 +1090,14 @@ get_user_pass_cr (struct user_pass *up, if (!strlen (up->password)) strcpy (up->password, "ok"); } + else if (flags & GET_USER_PASS_INLINE_CREDS) + { + struct buffer buf; + buf_set_read (&buf, (uint8_t*) auth_file, strlen (auth_file) + 1); + if (!(flags & GET_USER_PASS_PASSWORD_ONLY)) + buf_parse (&buf, '\n', up->username, USER_PASS_LEN); + buf_parse (&buf, '\n', up->password, USER_PASS_LEN); + } else if (from_authfile) { /* diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index 65a6e55..b694096 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -256,6 +256,8 @@ struct static_challenge_info {}; #define GET_USER_PASS_STATIC_CHALLENGE (1<<8) /* SCRV1 protocol -- static challenge */ #define GET_USER_PASS_STATIC_CHALLENGE_ECHO (1<<9) /* SCRV1 protocol -- echo response */ +#define GET_USER_PASS_INLINE_CREDS (1<<10) /* indicates that auth_file is actually inline creds */ + bool get_user_pass_cr (struct user_pass *up, const char *auth_file, const char *prefix, diff --git a/src/openvpn/options.c b/src/openvpn/options.c index b53f7ac..8f560a7 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -5121,6 +5121,19 @@ add_option (struct options *options, ho->auth_method_string = "none"; } } + else if (streq (p[0], "http-proxy-user-pass") && p[1]) + { + struct http_proxy_options *ho; + VERIFY_PERMISSION (OPT_P_GENERAL); + ho = init_http_proxy_options_once (&options->ce.http_proxy_options, &options->gc); + if (streq (p[1], INLINE_FILE_TAG) && p[2]) + { + ho->auth_file = p[2]; + ho->inline_creds = true; + } + else + ho->auth_file = p[1]; + } else if (streq (p[0], "http-proxy-retry") && !p[1]) { struct http_proxy_options *ho; diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 2568e19..865a026 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -241,6 +241,8 @@ get_user_pass_http (struct http_proxy_info *p, const bool force) unsigned int flags = GET_USER_PASS_MANAGEMENT; if (p->queried_creds) flags |= GET_USER_PASS_PREVIOUS_CREDS_FAILED; + if (p->options.inline_creds) + flags |= GET_USER_PASS_INLINE_CREDS; get_user_pass (&static_proxy_user_pass, p->options.auth_file, UP_TYPE_PROXY, diff --git a/src/openvpn/proxy.h b/src/openvpn/proxy.h index 4715940..864d3b9 100644 --- a/src/openvpn/proxy.h +++ b/src/openvpn/proxy.h @@ -58,6 +58,7 @@ struct http_proxy_options { const char *http_version; const char *user_agent; struct http_custom_header custom_headers[MAX_CUSTOM_HTTP_HEADER]; + bool inline_creds; }; struct http_proxy_options_simple { -- 1.9.1