use Imager::QRCode;
use MIME::Base32;
use MIME::Base64;
+use URI::Encode qw(uri_encode uri_decode);;
use Net::DNS;
use Net::Ping;
use Net::Telnet;
print CONF "# Log clients connecting/disconnecting\n";
print CONF "client-connect \"/usr/sbin/openvpn-metrics client-connect\"\n";
print CONF "client-disconnect \"/usr/sbin/openvpn-metrics client-disconnect\"\n";
+ print CONF "\n";
+
+ print CONF "# Enable Management Socket\n";
+ print CONF "management /var/run/openvpn.sock unix\n";
+ print CONF "management-client-auth\n";
# Print server.conf.local if entries exist to server.conf
if ( !-z $local_serverconf && $sovpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
return
}
- if(!&General::validhostname($ccdname))
+ if(!&General::validccdname($ccdname))
{
$errormessage=$Lang::tr{'ccd err invalidname'};
return;
print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
- print "@tmp";
+ print @tmp;
exit(0);
} else {
print "Content-Disposition: filename=cacert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
- print "@tmp";
+ print @tmp;
exit(0);
}
print "Content-Disposition: filename=servercert.pem\r\n\r\n";
my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
- print "@tmp";
+ print @tmp;
exit(0);
}
my @tmp = <FILE>;
close(FILE);
- print "@tmp";
+ print @tmp;
exit(0);
}
if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
}
- if ($confighash{$cgiparams{'KEY'}}[43] eq 'on') {
- print CLIENTCONF "auth-nocache\r\n";
- print CLIENTCONF "auth-user-pass credentials\r\n";
- print CLIENTCONF "static-challenge \"One Time Password (OTP): \" 1\r\n";
- open(CLIENTCREDS, ">$tempdir/credentials") or die "Unable to open tempfile: $!";
- print CLIENTCREDS "user\r\n";
- print CLIENTCREDS "password";
- close(CLIENTCREDS);
- $zip->addFile( "$tempdir/credentials", "credentials") or die "Can't add file credentials\n";
- }
+ # Disable storing any credentials in memory
+ print CLIENTCONF "auth-nocache\r\n";
+
+ # Set a fake user name for authentication
+ print CLIENTCONF "auth-token-user USER\r\n";
+ print CLIENTCONF "auth-token TOTP\r\n";
+
+ # If the server is asking for TOTP this needs to happen interactively
+ print CLIENTCONF "auth-retry interact\r\n";
if ($include_certs) {
print CLIENTCONF "\r\n";
my @tmp = <FILE>;
close(FILE);
- print "@tmp";
+ print @tmp;
exit (0);
###
lightcolor => Imager::Color->new(255, 255, 255),
darkcolor => Imager::Color->new(0, 0, 0),
);
- my $cn = $confighash{$cgiparams{'KEY'}}[2];
- my $secret = encode_base32($confighash{$cgiparams{'KEY'}}[44]);
- my $issuer = "$mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}";
+ my $cn = uri_encode($confighash{$cgiparams{'KEY'}}[2]);
+ my $secret = encode_base32(pack('H*', $confighash{$cgiparams{'KEY'}}[44]));
+ my $issuer = uri_encode("$mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}");
my $qrcodeimg = $qrcode->plot("otpauth://totp/$cn?secret=$secret&issuer=$issuer");
my $qrcodeimgdata;
$qrcodeimg->write(data => \$qrcodeimgdata, type=> 'png')
my @tmp = <FILE>;
close(FILE);
- print "@tmp";
+ print @tmp;
exit (0);
}
$confighash{$key}[42] = 'HOTP/T30/6';
$confighash{$key}[43] = $cgiparams{'OTP_STATE'};
- if (($confighash{$key}[43] == 'on') && ($confighash{$key}[44] == '')) {
+ if (($confighash{$key}[43] eq 'on') && ($confighash{$key}[44] eq '')) {
my @otp_secret = &General::system_output("/usr/bin/openssl", "rand", "-hex", "20");
+ chomp($otp_secret[0]);
$confighash{$key}[44] = $otp_secret[0];
- } elsif ($confighash{$key}[43] == '') {
+ } elsif ($confighash{$key}[43] eq '') {
$confighash{$key}[44] = '';
}
projects / ipfire-2.x.git / blobdiff