OpenVPN 3 Core Library
Loading...
Searching...
No Matches
clicreds.hpp
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2012- OpenVPN Inc.
8//
9// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
10//
11
12// This class encapsulates the state of authentication credentials
13// maintained by an OpenVPN client. It understands dynamic
14// challenge/response cookies, and Session Token IDs (where the
15// password in the object is wiped and replaced by a token used
16// for further authentications).
17
18#ifndef OPENVPN_CLIENT_CLICREDS_H
19#define OPENVPN_CLIENT_CLICREDS_H
20
21#include <string>
22
23#include <openvpn/common/exception.hpp>
24#include <openvpn/common/rc.hpp>
25#include <openvpn/transport/protocol.hpp>
26#include <openvpn/auth/cr.hpp>
27
28namespace openvpn {
29
30class ClientCreds : public RC<thread_unsafe_refcount>
31{
32 public:
33 typedef RCPtr<ClientCreds> Ptr;
34
35 ClientCreds() = default;
36
37 void set_username(const std::string &username_arg)
38 {
39 username = username_arg;
40 }
41
42 void set_password(const std::string &password_arg)
43 {
44 password = password_arg;
45 if (!password.empty())
46 {
47 password_needed_ = true;
48 }
49 }
50
51 void set_http_proxy_username(const std::string &username)
52 {
53 http_proxy_user = username;
54 }
55
56 void set_http_proxy_password(const std::string &password)
57 {
58 http_proxy_pass = password;
59 }
60
61 void set_response(const std::string &response_arg)
62 {
63 response = response_arg;
64 if (!response.empty())
65 {
66 need_user_interaction_ = true;
67 }
68 }
69
70 void set_dynamic_challenge_cookie(const std::string &cookie, const std::string &username)
71 {
72 if (!cookie.empty())
73 dynamic_challenge.reset(new ChallengeResponse(cookie, username));
74 }
75
76 void set_session_id(const std::string &user, const std::string &sess_id)
77 {
78 if (dynamic_challenge)
79 {
80 session_id_username = dynamic_challenge->get_username();
81 // for dynamic challenge we use dynamic password only once
82 dynamic_challenge.reset();
83 }
84 else if (!user.empty())
85 {
86 session_id_username = user;
87 }
88
89 // response is used only once
90 response.clear();
91
92 session_id = sess_id;
93 }
94
95 std::string get_username() const
96 {
97 if (dynamic_challenge)
98 return dynamic_challenge->get_username();
99 else if (!session_id_username.empty())
100 return session_id_username;
101 else
102 return username;
103 }
104
105 std::string get_password() const
106 {
107 if (dynamic_challenge)
108 return dynamic_challenge->construct_dynamic_password(response);
109 else if (response.empty())
110 {
111 if (!session_id.empty())
112 return session_id;
113 else
114 return password;
115 }
116 else
117 return ChallengeResponse::construct_static_password(password, response);
118 }
119
120 std::string get_http_proxy_username() const
121 {
122 return http_proxy_user;
123 }
124
125 std::string get_http_proxy_password() const
126 {
127 return http_proxy_pass;
128 }
129
130 bool username_defined() const
131 {
132 return !username.empty();
133 }
134
135 bool password_defined() const
136 {
137 return !password.empty();
138 }
139
140 bool http_proxy_username_defined() const
141 {
142 return !http_proxy_user.empty();
143 }
144
145 bool http_proxy_password_defined() const
146 {
147 return !http_proxy_pass.empty();
148 }
149
150 bool session_id_defined() const
151 {
152 return !session_id.empty();
153 }
154
155 void purge_session_id()
156 {
157 OPENVPN_LOG("Clearing session-id");
158 session_id.clear();
159 session_id_username.clear();
160 }
161
162 void purge_user_pass()
163 {
164 OPENVPN_LOG("Clearing credentials");
165 username.clear();
166 password.clear();
167 }
168
169 void save_username_for_session_id()
170 {
171 if (session_id_username.empty())
172 {
173 session_id_username = username;
174 }
175 }
176
177 void set_need_user_interaction()
178 {
179 need_user_interaction_ = true;
180 }
181
182 bool need_user_interaction() const
183 {
184 return need_user_interaction_;
185 }
186
187 bool password_needed() const
188 {
189 return password_needed_;
190 }
191
192 std::string auth_info() const
193 {
194 std::string ret;
195 if (dynamic_challenge)
196 {
197 ret = "DynamicChallenge";
198 }
199 else if (response.empty())
200 {
201 if (!username.empty())
202 {
203 ret += "Username";
204 }
205 else if (!session_id_username.empty())
206 {
207 ret += "UsernameSessionId";
208 }
209 else
210 {
211 ret += "UsernameEmpty";
212 }
213 ret += '/';
214 if (!session_id.empty())
215 {
216 ret += "SessionID";
217 }
218 else if (!password.empty())
219 {
220 ret += "Password";
221 }
222 else
223 {
224 ret += "PasswordEmpty";
225 }
226 }
227 else
228 {
229 ret = "StaticChallenge";
230 }
231 return ret;
232 }
233
234 private:
235 // Standard credentials
236 std::string username;
237 std::string password;
238
239 // HTTP proxy credentials
240 std::string http_proxy_user;
241 std::string http_proxy_pass;
242
243 std::string session_id;
244 std::string session_id_username;
245
246 // Response to a challenge
247 std::string response;
248
249 // Need user interaction to authenticate - such as static/dynamic challenge or SAML
250 bool need_user_interaction_ = false;
251
252 // Non-empty password provided
253 bool password_needed_ = false;
254
255 // Info describing a dynamic challenge
256 ChallengeResponse::Ptr dynamic_challenge;
257};
258
259} // namespace openvpn
260
261#endif
openvpn::ChallengeResponse::construct_dynamic_password
std::string construct_dynamic_password(const std::string &response) const
Definition cr.hpp:129
openvpn::ChallengeResponse::get_username
const std::string & get_username() const
Definition cr.hpp:211
openvpn::ChallengeResponse::construct_static_password
static std::string construct_static_password(const std::string &password, const std::string &response)
Definition cr.hpp:136
openvpn::ClientCreds::set_http_proxy_username
void set_http_proxy_username(const std::string &username)
Definition clicreds.hpp:51
openvpn::ClientCreds::set_dynamic_challenge_cookie
void set_dynamic_challenge_cookie(const std::string &cookie, const std::string &username)
Definition clicreds.hpp:70
openvpn::ClientCreds::session_id_username
std::string session_id_username
Definition clicreds.hpp:244
openvpn::ClientCreds::password_defined
bool password_defined() const
Definition clicreds.hpp:135
openvpn::ClientCreds::get_password
std::string get_password() const
Definition clicreds.hpp:105
openvpn::ClientCreds::session_id
std::string session_id
Definition clicreds.hpp:243
openvpn::ClientCreds::username_defined
bool username_defined() const
Definition clicreds.hpp:130
openvpn::ClientCreds::password_needed
bool password_needed() const
Definition clicreds.hpp:187
openvpn::ClientCreds::http_proxy_pass
std::string http_proxy_pass
Definition clicreds.hpp:241
openvpn::ClientCreds::set_username
void set_username(const std::string &username_arg)
Definition clicreds.hpp:37
openvpn::ClientCreds::auth_info
std::string auth_info() const
Definition clicreds.hpp:192
openvpn::ClientCreds::Ptr
RCPtr< ClientCreds > Ptr
Definition clicreds.hpp:33
openvpn::ClientCreds::set_need_user_interaction
void set_need_user_interaction()
Definition clicreds.hpp:177
openvpn::ClientCreds::username
std::string username
Definition clicreds.hpp:236
openvpn::ClientCreds::need_user_interaction
bool need_user_interaction() const
Definition clicreds.hpp:182
openvpn::ClientCreds::get_http_proxy_username
std::string get_http_proxy_username() const
Definition clicreds.hpp:120
openvpn::ClientCreds::response
std::string response
Definition clicreds.hpp:247
openvpn::ClientCreds::set_session_id
void set_session_id(const std::string &user, const std::string &sess_id)
Definition clicreds.hpp:76
openvpn::ClientCreds::http_proxy_password_defined
bool http_proxy_password_defined() const
Definition clicreds.hpp:145
openvpn::ClientCreds::get_http_proxy_password
std::string get_http_proxy_password() const
Definition clicreds.hpp:125
openvpn::ClientCreds::password
std::string password
Definition clicreds.hpp:237
openvpn::ClientCreds::set_http_proxy_password
void set_http_proxy_password(const std::string &password)
Definition clicreds.hpp:56
openvpn::ClientCreds::get_username
std::string get_username() const
Definition clicreds.hpp:95
openvpn::ClientCreds::http_proxy_user
std::string http_proxy_user
Definition clicreds.hpp:240
openvpn::ClientCreds::set_response
void set_response(const std::string &response_arg)
Definition clicreds.hpp:61
openvpn::ClientCreds::session_id_defined
bool session_id_defined() const
Definition clicreds.hpp:150
openvpn::ClientCreds::dynamic_challenge
ChallengeResponse::Ptr dynamic_challenge
Definition clicreds.hpp:256
openvpn::ClientCreds::set_password
void set_password(const std::string &password_arg)
Definition clicreds.hpp:42
openvpn::ClientCreds::http_proxy_username_defined
bool http_proxy_username_defined() const
Definition clicreds.hpp:140
openvpn::ClientCreds::save_username_for_session_id
void save_username_for_session_id()
Definition clicreds.hpp:169
openvpn::RCPtr
The smart pointer class.
Definition rc.hpp:119
openvpn::RCPtr::reset
void reset() noexcept
Points this RCPtr<T> to nullptr safely.
Definition rc.hpp:290
openvpn::RC
Reference count base class for objects tracked by RCPtr. Disallows copying and assignment.
Definition rc.hpp:912
OPENVPN_LOG
#define OPENVPN_LOG(args)
Definition logdatetime.hpp:23
ret
std::string ret
Definition test_capture.cpp:268