From 145ae6b04a8a1a58be36dbcf1b70d3bf424cbe77 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Fri, 8 Aug 2008 14:00:15 +0000 Subject: [PATCH] 2008-08-08 Dan Williams * src/nm-openvpn-service.c - (nm_openvpn_socket_data_cb): handle spaces in passwords and usernames (bgo #482139) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3917 4912f4e0-d625-0410-9fb7-b9a5a253dbdc --- vpn-daemons/openvpn/ChangeLog | 6 +++ vpn-daemons/openvpn/src/nm-openvpn-service.c | 47 +++++++++++++++++--- 2 files changed, 47 insertions(+), 6 deletions(-) diff --git a/vpn-daemons/openvpn/ChangeLog b/vpn-daemons/openvpn/ChangeLog index 9bc3bcd1e7..d3bbfd4150 100644 --- a/vpn-daemons/openvpn/ChangeLog +++ b/vpn-daemons/openvpn/ChangeLog @@ -1,3 +1,9 @@ +2008-08-08 Dan Williams + + * src/nm-openvpn-service.c + - (nm_openvpn_socket_data_cb): handle spaces in passwords and usernames + (bgo #482139) + 2008-08-06 Dan Williams * src/nm-openvpn-service-openvpn-helper.c diff --git a/vpn-daemons/openvpn/src/nm-openvpn-service.c b/vpn-daemons/openvpn/src/nm-openvpn-service.c index fb9226aff9..91fbe63197 100644 --- a/vpn-daemons/openvpn/src/nm-openvpn-service.c +++ b/vpn-daemons/openvpn/src/nm-openvpn-service.c @@ -166,6 +166,26 @@ nm_openvpn_disconnect_management_socket (NMOpenvpnPlugin *plugin) priv->io_data = NULL; } +static char * +ovpn_quote_string (const char *unquoted) +{ + char *quoted = NULL, *q; + char *u = (char *) unquoted; + + g_return_val_if_fail (unquoted != NULL, NULL); + + /* FIXME: use unpaged memory */ + quoted = q = g_malloc0 (strlen (unquoted) * 2); + while (*u) { + /* Escape certain characters */ + if (*u == ' ' || *u == '\\' || *u == '"') + *q++ = '\\'; + *q++ = *u++; + } + + return quoted; +} + static gboolean nm_openvpn_socket_data_cb (GIOChannel *source, GIOCondition condition, gpointer user_data) { @@ -189,10 +209,19 @@ nm_openvpn_socket_data_cb (GIOChannel *source, GIOCondition condition, gpointer if (sscanf (str, ">PASSWORD:Need '%a[^']'", &auth) > 0 ) { if (strcmp (auth, "Auth") == 0) { if (io_data->username != NULL && io_data->password != NULL) { - buf = g_strdup_printf ("username \"%s\" %s\n" - "password \"%s\" %s\n", - auth, io_data->username, - auth, io_data->password); + char *quser, *qpass; + + /* Quote strings passed back to openvpn */ + quser = ovpn_quote_string (io_data->username); + qpass = ovpn_quote_string (io_data->password); + buf = g_strdup_printf ("username \"%s\" \"%s\"\n" + "password \"%s\" \"%s\"\n", + auth, quser, + auth, qpass); + memset (qpass, 0, strlen (qpass)); + g_free (qpass); + g_free (quser); + /* Will always write everything in blocking channels (on success) */ g_io_channel_write_chars (source, buf, strlen (buf), &written, NULL); g_io_channel_flush (source, NULL); @@ -200,7 +229,14 @@ nm_openvpn_socket_data_cb (GIOChannel *source, GIOCondition condition, gpointer } } else if (!strcmp (auth, "Private Key")) { if (io_data->certpass) { - buf = g_strdup_printf ("password \"%s\" %s\n", auth, io_data->certpass); + char *qpass; + + /* Quote strings passed back to openvpn */ + qpass = ovpn_quote_string (io_data->certpass); + buf = g_strdup_printf ("password \"%s\" \"%s\"\n", auth, qpass); + memset (qpass, 0, strlen (qpass)); + g_free (qpass); + /* Will always write everything in blocking channels (on success) */ g_io_channel_write_chars (source, buf, strlen (buf), &written, NULL); g_io_channel_flush (source, NULL); @@ -213,7 +249,6 @@ nm_openvpn_socket_data_cb (GIOChannel *source, GIOCondition condition, gpointer nm_vpn_plugin_failure (NM_VPN_PLUGIN (plugin), NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED); nm_openvpn_disconnect_management_socket (plugin); } - } else if (strstr (str, ">PASSWORD:Verification Failed: ") == str) { nm_warning ("Password verification failed"); nm_vpn_plugin_failure (NM_VPN_PLUGIN (plugin), NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED);