diff options
| author | Konstantin Shalygin | 2022-01-28 23:03:02 +0700 |
|---|---|---|
| committer | Konstantin Shalygin | 2022-01-28 23:03:02 +0700 |
| commit | 66b2bced153154ebebc7ae6c7c95b1df368e92c1 (patch) | |
| tree | 63155036b5400eb245855cc561fdd1220fd94eea | |
| parent | 608b66cf5ef7eb486820500a41460ea6348315ef (diff) | |
| download | aur-openvpn-otp.tar.gz | |
Added patches for support OpenSSL 1.1.1 and IPV6
| -rw-r--r-- | .SRCINFO | 11 | ||||
| -rw-r--r-- | 35.patch | 107 | ||||
| -rw-r--r-- | 41.patch | 36 | ||||
| -rw-r--r-- | PKGBUILD | 16 |
4 files changed, 161 insertions, 9 deletions
@@ -1,16 +1,17 @@ -# Generated by mksrcinfo v8 -# Thu Feb 7 08:47:57 UTC 2019 pkgbase = openvpn-otp - pkgdesc = This plugin adds support for TOTP and HOTP tokens (like Google Authenticator) for OpenVPN. + pkgdesc = This plugin adds support for TOTP and HOTP tokens (like Google Authenticator) for OpenVPN pkgver = 1.0 - pkgrel = 3 + pkgrel = 4 url = https://github.com/evgeny-gridasov/openvpn-otp arch = any license = GPL makedepends = openssl depends = openvpn source = https://github.com/evgeny-gridasov/openvpn-otp/archive/v1.0.tar.gz + source = https://github.com/evgeny-gridasov/openvpn-otp/pull/35.patch + source = https://github.com/evgeny-gridasov/openvpn-otp/pull/41.patch md5sums = 3ff2b8f9cc054ccac31f99e9ee704f67 + md5sums = b199454e79e9c9cb962cbde9626429a0 + md5sums = 0a90d12752229ac283c9adb975ca9eac pkgname = openvpn-otp - diff --git a/35.patch b/35.patch new file mode 100644 index 000000000000..1b717bee5c49 --- /dev/null +++ b/35.patch @@ -0,0 +1,107 @@ +From 9708ba2036f719a6431c3464168d3f755d46f9fe Mon Sep 17 00:00:00 2001 +From: Christoph Klaffl <christoph@phreaker.eu> +Date: Tue, 5 Nov 2019 16:49:54 +0100 +Subject: [PATCH] support for openssl 1.1.1 and later + +--- + src/otp.c | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +diff --git a/src/otp.c b/src/otp.c +index 09f5489..5fed65e 100644 +--- a/src/otp.c ++++ b/src/otp.c +@@ -405,13 +405,13 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret) + LOG("OTP-AUTH: unknown encoding '%s'\n", otp_params.encoding); + goto done; + } +- ++ + uint64_t T, Tn, Ti; + uint8_t mac[EVP_MAX_MD_SIZE]; + unsigned maclen; + + if (!strncasecmp("totp", otp_params.method, 4)) { +-#ifdef HAVE_OPENSSL_110 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX* hmac = HMAC_CTX_new(); + #else + HMAC_CTX hmac; +@@ -436,7 +436,7 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret) + for (i = -range; !ok && i <= range; ++i) { + Tn = htobe64(T + i); + +-#ifdef HAVE_OPENSSL_110 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_reset(hmac); + HMAC_Init_ex(hmac, otp_key, key_len, otp_digest, NULL); + HMAC_Update(hmac, (uint8_t *)&Tn, sizeof(Tn)); +@@ -462,12 +462,12 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret) + DEBUG("OTP-AUTH: auth ok for method='%s', client_username='%s', client_secret='%s'\n", otp_params.method, vpn_username, vpn_secret); + } + } +-#ifdef HAVE_OPENSSL_110 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_free(hmac); + #endif + } + else if (!strncasecmp("hotp", otp_params.method, 4)) { +-#ifdef HAVE_OPENSSL_110 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX* hmac = HMAC_CTX_new(); + #else + HMAC_CTX hmac; +@@ -489,7 +489,7 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret) + for (i = 0; !ok && i <= hotp_syncwindow; i++) { + Ti = T+i; + Tn = htobe64(Ti); +-#ifdef HAVE_OPENSSL_110 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_reset(hmac); + HMAC_Init_ex(hmac, otp_key, key_len, otp_digest, NULL); + HMAC_Update(hmac, (uint8_t *)&Tn, sizeof(Tn)); +@@ -517,13 +517,13 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret) + hotp_set_counter(otp_params.key, Ti+1); + } + } +-#ifdef HAVE_OPENSSL_110 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_free(hmac); + #endif + } + } + else if (!strcasecmp("motp", otp_params.method)) { +-#ifdef HAVE_OPENSSL_110 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + EVP_MD_CTX* ctx = EVP_MD_CTX_new(); + #else + EVP_MD_CTX ctx; +@@ -535,8 +535,8 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret) + T = time(NULL) / motp_step; + + for (i = -range; !ok && i <= range; ++i) { +-#ifdef HAVE_OPENSSL_110 +- EVP_MD_CTX_reset(ctx); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX_reset(ctx); + EVP_DigestInit_ex(ctx, otp_digest, NULL); + n = sprintf(buf, "%" PRIu64, T + i); + EVP_DigestUpdate(ctx, buf, n); +@@ -573,7 +573,7 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret) + DEBUG("OTP-AUTH: auth ok for method='%s', client_username='%s', client_secret='%s'\n", otp_params.method, vpn_username, vpn_secret); + } + } +-#ifdef HAVE_OPENSSL_110 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + EVP_MD_CTX_free(ctx); + #endif + } +@@ -755,7 +755,7 @@ openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const ch + LOG("OTP_AUTH: OTP Password is missing\n"); + return OPENVPN_PLUGIN_FUNC_ERROR; + } +- ++ + /* check entered username/password against what we require */ + int ok = otp_verify(username, otp_password); + diff --git a/41.patch b/41.patch new file mode 100644 index 000000000000..d1a2ca3e433f --- /dev/null +++ b/41.patch @@ -0,0 +1,36 @@ +From 8529255c22858c784aca6649f80acf43cba78725 Mon Sep 17 00:00:00 2001 +From: Jonathan Ravat <jonathan.ravat@gmail.com> +Date: Tue, 6 Apr 2021 19:16:24 +0200 +Subject: [PATCH] Fix an error when remote IPv6 address is used + +--- + src/otp.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/otp.c b/src/otp.c +index 5fed65e..5bab2fc 100644 +--- a/src/otp.c ++++ b/src/otp.c +@@ -714,6 +714,7 @@ openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const ch + const char *username = get_env ("username", envp); + const char *password = get_env ("password", envp); + const char *ip = get_env ("untrusted_ip", envp); ++ const char *ip6 = get_env ("untrusted_ip6", envp); + const char *port = get_env ("untrusted_port", envp); + + if (username == NULL) { +@@ -724,10 +725,13 @@ openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const ch + LOG("OTP_AUTH: Password is missing\n"); + return OPENVPN_PLUGIN_FUNC_ERROR; + } +- if (ip == NULL || port == NULL) { ++ if ((ip == NULL && ip6 == NULL) || port == NULL) { + LOG("OTP_AUTH: IP or Port number is missing\n"); + return OPENVPN_PLUGIN_FUNC_ERROR; + } ++ if (ip == NULL) { ++ ip = ip6; ++ } + + const int ulen = strlen(username); + const int pwlen = strlen(password); @@ -3,18 +3,25 @@ pkgname='openvpn-otp' pkgver='1.0' -pkgrel='3' -pkgdesc='This plugin adds support for TOTP and HOTP tokens (like Google Authenticator) for OpenVPN.' +pkgrel='4' +pkgdesc='This plugin adds support for TOTP and HOTP tokens (like Google Authenticator) for OpenVPN' arch=('any') url="https://github.com/evgeny-gridasov/${pkgname}" license=('GPL') depends=('openvpn') -source=("${url}/archive/v${pkgver}.tar.gz") +source=("${url}/archive/v${pkgver}.tar.gz" + "${url}/pull/35.patch" + "${url}/pull/41.patch") makedepends=('openssl') -md5sums=('3ff2b8f9cc054ccac31f99e9ee704f67') +md5sums=('3ff2b8f9cc054ccac31f99e9ee704f67' + 'b199454e79e9c9cb962cbde9626429a0' + '0a90d12752229ac283c9adb975ca9eac') prepare() { cd "${srcdir}/${pkgname}-${pkgver}" + patch -p1 -i "${srcdir}/35.patch" + patch -p1 -i "${srcdir}/41.patch" + ./autogen.sh ./configure \ --prefix="/usr" \ @@ -29,4 +36,5 @@ build() { package() { cd "${srcdir}/${pkgname}-${pkgver}" make DESTDIR="${pkgdir}" install + libtool --finish "${pkgdir}/usr/lib/openvpn/plugins" } |