search

Jamie- / openvpn-api

A Python API for the OpenVPN management interface.
MIT License
60 stars 18 forks source link

management password #24

Open jkroepke opened 4 years ago

jkroepke commented 4 years ago

Hi

how I could enter a password if the management interface require a password?

Jamie- commented 4 years ago

I believe this is related to the other issue you opened about client notifications. After server-initiated event support lands you should be able to register a callback for the >PASSWORD event which will do what you need. Currently not yet supported on the current code.

jkroepke commented 4 years ago

Thanks! I take a look at #14 (https://github.com/Jamie-/openvpn-api/pull/14/files#diff-4f82b16515cab347ce3c2b39f140bac4R85) and it wont be resolved, since there is a check for a >INFO immediately. If a password is required, OpenVPN will ask for a password first and the script will throw an assert error.

See: https://github.com/jkroepke/openvpn_aad_authenticator/blob/380cf4d93d78533393b9e76ac55d6c0f99520d82/openvpn/__init__.py#L64-L72 for a better understanding.

Jamie- commented 4 years ago

Oh nice spot. Thanks for that info! In that case I shall re-open this to track and that needs fixing.

Artucuno commented 1 year ago

Can you please add password support?

Thanks!

Artucuno commented 1 year ago 
    def connect(self) -> Optional[bool]:
        """Connect to management interface socket.
        """
        try:
            if self.type == VPNType.IP:
                assert self._mgmt_host is not None and self._mgmt_port is not None
                self._socket = socket.create_connection((self._mgmt_host, self._mgmt_port), timeout=3)
            elif self.type == VPNType.UNIX_SOCKET:
                assert self._mgmt_socket is not None
                self._socket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
                self._socket.connect(self._mgmt_socket)
            else:
                raise ValueError("Invalid connection type")

            resp = self._socket_recv()
            print(resp)
            if self._password != None:
                if resp.startswith("ENTER PASSWORD:"):
                    self._socket_send(self._password+'\n')
                    resp = self._socket_recv()
                    print(resp)
                    if resp.startswith("ENTER PASSWORD:"):
                        raise errors.ConnectError('Incorrect Password')
                    if resp.startswith("SUCCESS:"):
                        return True
                    else:
                        raise errors.ConnectError('Login did not return success', resp)
            assert resp.startswith(">INFO"), "Did not get expected response from interface when opening socket."
            return True
        except (socket.timeout, socket.error) as e:
            raise errors.ConnectError(str(e)) from None

Made a small change to allow for passwords, it could be improved.