diff options
author | Charles DELFLY | 2018-03-30 23:27:26 +0700 |
---|---|---|
committer | Charles DELFLY | 2018-03-30 23:27:26 +0700 |
commit | 3df3c75a57f913dea65cc05fbb6c591284f07e5b (patch) | |
tree | e6e48bc053119b9b330586bd521a36c73a11302d | |
parent | 0186d26c1824b5f8aae9fe0a947fbf8d305bbea2 (diff) | |
download | aur-3df3c75a57f913dea65cc05fbb6c591284f07e5b.tar.gz |
Add patch to make 2FA use OTP
-rw-r--r-- | .SRCINFO | 2 | ||||
-rw-r--r-- | PKGBUILD | 8 | ||||
-rw-r--r-- | use-otp-for-2fa.patch | 52 |
3 files changed, 58 insertions, 4 deletions
@@ -1,7 +1,7 @@ pkgbase = openfortivpn pkgdesc = An open implementation of Fortinet's proprietary PPP+SSL VPN solution pkgver = 1.6.0 - pkgrel = 1 + pkgrel = 2 url = https://github.com/adrienverge/openfortivpn arch = i686 arch = x86_64 @@ -1,7 +1,7 @@ # Maintainer: Patrick Hanft <mail@patrick-hanft.de> pkgname=openfortivpn pkgver=1.6.0 -pkgrel=1 +pkgrel=2 pkgdesc="An open implementation of Fortinet's proprietary PPP+SSL VPN solution" arch=('i686' 'x86_64') url="https://github.com/adrienverge/openfortivpn" @@ -15,14 +15,16 @@ replaces=() backup=('etc/openfortivpn/config') options=() install= -source=("git+https://github.com/adrienverge/$pkgname.git#tag=v$pkgver" "allow-no-unused-functions.patch") +source=("git+https://github.com/adrienverge/$pkgname.git#tag=v$pkgver" "allow-no-unused-functions.patch" "use-otp-for-2fa.patch") noextract=() md5sums=('SKIP' - 'cb2d5a8b3f799ec3d0267722f0a0206b') + 'cb2d5a8b3f799ec3d0267722f0a0206b' + '039b464ef44a7c9e13130f938e5fc255') prepare() { cd "$srcdir/$pkgname" patch -Np0 -i "${srcdir}/allow-no-unused-functions.patch" + patch -Np0 -i "${srcdir}/use-otp-for-2fa.patch" } build() { diff --git a/use-otp-for-2fa.patch b/use-otp-for-2fa.patch new file mode 100644 index 000000000000..f4f4e6b49126 --- /dev/null +++ b/use-otp-for-2fa.patch @@ -0,0 +1,52 @@ +--- src/http.c 2018-03-30 20:06:27.834717998 +0700 ++++ src/http.c.new 2018-03-30 20:07:07.524800224 +0700 +@@ -155,8 +155,8 @@ + } + + if (header_size) { +- /* We saw the whole header, let's check if the +- * body is done as well */ ++ /* We saw the whole header, */ ++ /* let's check if the body is done as well */ + if (chunked) { + /* Last chunk terminator. Done naively. */ + if (bytes_read >= 7 && +@@ -481,7 +481,7 @@ + char reqid[32] = { '\0' }; + char polid[32] = { '\0' }; + char group[128] = { '\0' }; +- char data[256], token[128], tokenresponse[256]; ++ char data[256], token[128]; + char *res = NULL; + + url_encode(username, tunnel->config->username); +@@ -511,6 +511,8 @@ + } + ret = get_auth_cookie(tunnel, res); + if (ret == ERR_HTTP_NO_COOKIE) { ++ struct vpn_config *cfg = tunnel->config; ++ + /* If the response body includes a tokeninfo= parameter, + * it means the VPN gateway expects two-factor authentication. + * It sends a one-time authentication credential for example +@@ -534,11 +536,18 @@ + get_value_from_response(res, "reqid=", reqid, 32); + get_value_from_response(res, "polid=", polid, 32); + +- read_password("Two-factor authentication token: ", tokenresponse, 255); ++ if (cfg->otp[0] == '\0') { ++ read_password("Two-factor authentication token: ", ++ cfg->otp, FIELD_SIZE); ++ if (cfg->otp[0] == '\0') { ++ log_error("No token specified\n"); ++ return 0; ++ } ++ } + + snprintf(data, 256, "username=%s&realm=%s&reqid=%s&polid=%s&grp=%s" + "&code=%s&code2=&redir=%%2Fremote%%2Findex&just_logged_in=1", +- username, realm, reqid, polid, group, tokenresponse); ++ username, realm, reqid, polid, group, cfg->otp); + + ret = http_request(tunnel, "POST", "/remote/logincheck", data, &res); + if (ret != 1) |