From patchwork Fri Jun 17 10:40:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 5689 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4LPbCj3Y7rz3wcT for ; Fri, 17 Jun 2022 10:40:17 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4LPbCg2w8Xz1Pl; Fri, 17 Jun 2022 10:40:15 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4LPbCg0bF5z2xjj; Fri, 17 Jun 2022 10:40:15 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4LPbCf2Ts1z2xKb for ; Fri, 17 Jun 2022 10:40:14 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4LPbCf0Bcjz136; Fri, 17 Jun 2022 10:40:13 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1655462414; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=28nXu9WpvUnD72kZUHPt5zbPiVIYbs1H5FsjlD+fVjE=; b=QDJlCojVAa6TpgcI9738UtI8sYO0BtH5LJHPUDY9rtyvlxveUATnwt4wrR4m5YDV7xJjZz pX3fyz6s78cep3Dg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1655462414; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=28nXu9WpvUnD72kZUHPt5zbPiVIYbs1H5FsjlD+fVjE=; b=C5XsPhkeFYlhNUZ565ob2NEzEk2JuRTKJG3KhHIUaozhsCh7I9G4U2v1oAzVGQNkZlcfPv fPEh3BhYa6P7hUE0ES/uDTi5OdcSSeAhCncw423iw23mwv5/LCKQ/A6M7Ckfxol6OIS15q K46bzDtIkEAtKdO2kcLGVVjGME9PnMaFD21LLL49iZNTU9MJrBhULCIjG2I7jajDNHm4sP zw2JTO72jsh/Iy+jbHZuuMlOZUiFq08SmSkUI5ecIFToCzQHjnN7Vynxkncp20xYOtTZ3b HVjzJACez0Gknju9B9s/sEiNEye6UmhOJTBvkTYsJkdR2fZuZJmXqKBKkal+ng== From: Michael Tremer Mime-Version: 1.0 Subject: [PULL] OpenVPN Two-Factor Authentication Message-Id: Date: Fri, 17 Jun 2022 11:40:13 +0100 To: "IPFire: Development" X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" The following changes since commit 7e4af6eb54bcbd1fa651610d8f0a99d86270042c: oath-toolkit: New package (2022-06-17 10:20:14 +0000) are available in the Git repository at: https://git.ipfire.org/pub/git/people/ms/ipfire-2.x.git openvpn-2fa for you to fetch changes up to 3740b7ad3ade3ff9d645bc3dca709791d012bbc2: ovpnmain.cgi: URI encode OTPAuth String in QRCode (2022-06-17 10:22:31 +0000) ---------------------------------------------------------------- Michael Tremer (19): qrencode: Rename package and update checksum oauth-toolkit: Update checksum and drop unnecessary fields perl-File-Remove: Update checksum and drop unnecessary fields perl-Imager: Update checksum and remove unnecessary fields perl-Imager-QRCode: Update checksum and remove unnecessary fields perl-MIME-Base32: Update checksum and remove unnecessary fields perl-Module-Build: Update checksum and remove unnecessary fields perl-Module-Install: Update checksum and remove unnecessary fields perl-Module-ScanDeps: Update checksum and remove unnecessary fields perl-YAML-Tiny: Update checksum and remove unnecessary fields openpvn-2fa: Fix rootfiles ovpnmain.cgi: Disable sending any error messages to the browser again ovpnmain.cgi: Load all modules at the beginning openvpn-2fa: Import a prototype of an authenticator openvpn-2fa: Drop the previous authentication handler openvpn-2fa: Enable management socket for RW server openvpn-2fa: Configure fake authentication credentials openvpn-authenticator: Don't process configuration when row is too short openvpn-authenticator: Always return general connection data Timo Eissler (19): libqrcode: New package perl-File-Remove: New package perl-Module-Build: New package perl-Module-ScanDeps: New package perl-YAML-Tiny: New package perl-Module-Install: New package perl-Imager: New package perl-Imager-QRCode: New package perl-MIME-Base32: New package OpenVPN: Add support for 2FA / One-Time Password ovpnmain.cgi: Fix comparison operators ovpnmain.cgi: Fix OTP secret handling openvpn-authenticator: Generate TOTP instead of HOTP codes openvpn-authenticator: Return only available data openvpn-authenticator: Fix call of _client_auth_successful openvpn-authenticator: Change event and environment handling ovpnmain.cgi: Remove trailing newline from OTP secret perl-URI-Encode: New package ovpnmain.cgi: URI encode OTPAuth String in QRCode config/httpd/vhosts.d/ipfire-interface-ssl.conf | 2 +- config/httpd/vhosts.d/ipfire-interface.conf | 2 +- config/ovpn/openvpn-authenticator | 381 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ config/rootfiles/{packages => common}/oath-toolkit | 4 +- config/rootfiles/common/openvpn | 1 + config/rootfiles/common/perl-File-Remove | 4 ++ config/rootfiles/common/perl-Imager | 165 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ config/rootfiles/common/perl-Imager-QRCode | 5 ++ config/rootfiles/common/perl-MIME-Base32 | 4 ++ config/rootfiles/common/perl-Module-Build | 51 +++++++++++++++++++ config/rootfiles/common/perl-Module-Install | 66 +++++++++++++++++++++++++ config/rootfiles/common/perl-Module-ScanDeps | 8 +++ config/rootfiles/common/perl-URI-Encode | 4 ++ config/rootfiles/common/perl-YAML-Tiny | 6 +++ config/rootfiles/common/qrencode | 8 +++ html/cgi-bin/ovpnmain.cgi | 93 +++++++++++++++++++++++++++++++++- html/html/images/qr-code.png | Bin 0 -> 760 bytes html/html/images/qr-code.svg | 49 ++++++++++++++++++ langs/de/cgi-bin/de.pl | 4 ++ langs/en/cgi-bin/en.pl | 4 ++ lfs/oath-toolkit | 15 +----- lfs/openvpn | 4 ++ lfs/perl-File-Remove | 80 ++++++++++++++++++++++++++++++ lfs/perl-Imager | 80 ++++++++++++++++++++++++++++++ lfs/perl-Imager-QRCode | 80 ++++++++++++++++++++++++++++++ lfs/perl-MIME-Base32 | 80 ++++++++++++++++++++++++++++++ lfs/perl-Module-Build | 80 ++++++++++++++++++++++++++++++ lfs/perl-Module-Install | 80 ++++++++++++++++++++++++++++++ lfs/perl-Module-ScanDeps | 79 +++++++++++++++++++++++++++++ lfs/perl-URI-Encode | 80 ++++++++++++++++++++++++++++++ lfs/perl-YAML-Tiny | 80 ++++++++++++++++++++++++++++++ lfs/qrencode | 80 ++++++++++++++++++++++++++++++ make.sh | 10 ++++ src/misc-progs/openvpnctrl.c | 21 ++++++++ 34 files changed, 1692 insertions(+), 18 deletions(-) create mode 100644 config/ovpn/openvpn-authenticator rename config/rootfiles/{packages => common}/oath-toolkit (99%) create mode 100644 config/rootfiles/common/perl-File-Remove create mode 100644 config/rootfiles/common/perl-Imager create mode 100644 config/rootfiles/common/perl-Imager-QRCode create mode 100644 config/rootfiles/common/perl-MIME-Base32 create mode 100644 config/rootfiles/common/perl-Module-Build create mode 100644 config/rootfiles/common/perl-Module-Install create mode 100644 config/rootfiles/common/perl-Module-ScanDeps create mode 100644 config/rootfiles/common/perl-URI-Encode create mode 100644 config/rootfiles/common/perl-YAML-Tiny create mode 100644 config/rootfiles/common/qrencode create mode 100644 html/html/images/qr-code.png create mode 100644 html/html/images/qr-code.svg create mode 100644 lfs/perl-File-Remove create mode 100644 lfs/perl-Imager create mode 100644 lfs/perl-Imager-QRCode create mode 100644 lfs/perl-MIME-Base32 create mode 100644 lfs/perl-Module-Build create mode 100644 lfs/perl-Module-Install create mode 100644 lfs/perl-Module-ScanDeps create mode 100644 lfs/perl-URI-Encode create mode 100644 lfs/perl-YAML-Tiny create mode 100644 lfs/qrencode