Add patch to make 2FA use OTP

3 files changed, 58 insertions, 4 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 3a903f7d77be..1ab9231acab4 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = openfortivpn
 	pkgdesc = An open implementation of Fortinet's proprietary PPP+SSL VPN solution
 	pkgver = 1.6.0
-	pkgrel = 1
+	pkgrel = 2
 	url = https://github.com/adrienverge/openfortivpn
 	arch = i686
 	arch = x86_64
diff --git a/PKGBUILD b/PKGBUILD
index b01533caa01d..2c169be1e5a6 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Patrick Hanft <mail@patrick-hanft.de>
 pkgname=openfortivpn
 pkgver=1.6.0
-pkgrel=1
+pkgrel=2
 pkgdesc="An open implementation of Fortinet's proprietary PPP+SSL VPN solution"
 arch=('i686' 'x86_64')
 url="https://github.com/adrienverge/openfortivpn"
@@ -15,14 +15,16 @@ replaces=()
 backup=('etc/openfortivpn/config')
 options=()
 install=
-source=("git+https://github.com/adrienverge/$pkgname.git#tag=v$pkgver" "allow-no-unused-functions.patch")
+source=("git+https://github.com/adrienverge/$pkgname.git#tag=v$pkgver" "allow-no-unused-functions.patch" "use-otp-for-2fa.patch")
 noextract=()
 md5sums=('SKIP'
-         'cb2d5a8b3f799ec3d0267722f0a0206b')
+         'cb2d5a8b3f799ec3d0267722f0a0206b'
+	 '039b464ef44a7c9e13130f938e5fc255')
 
 prepare() {
  cd "$srcdir/$pkgname"
  patch -Np0 -i "${srcdir}/allow-no-unused-functions.patch"
+ patch -Np0 -i "${srcdir}/use-otp-for-2fa.patch"
 }
 
 build() {
diff --git a/use-otp-for-2fa.patch b/use-otp-for-2fa.patch
new file mode 100644
index 000000000000..f4f4e6b49126
--- /dev/null
+++ b/use-otp-for-2fa.patch
@@ -0,0 +1,52 @@
+--- src/http.c	2018-03-30 20:06:27.834717998 +0700
++++ src/http.c.new	2018-03-30 20:07:07.524800224 +0700
+@@ -155,8 +155,8 @@
+ 			}
+ 
+ 			if (header_size) {
+-				/* We saw the whole header, let's check if the
+-				 * body is done as well */
++				/* We saw the whole header, */
++				/* let's check if the body is done as well */
+ 				if (chunked) {
+ 					/* Last chunk terminator. Done naively. */
+ 					if (bytes_read >= 7 &&
+@@ -481,7 +481,7 @@
+ 	char reqid[32] = { '\0' };
+ 	char polid[32] = { '\0' };
+ 	char group[128] = { '\0' };
+-	char data[256], token[128], tokenresponse[256];
++	char data[256], token[128];
+ 	char *res = NULL;
+ 
+ 	url_encode(username, tunnel->config->username);
+@@ -511,6 +511,8 @@
+ 	}
+ 	ret = get_auth_cookie(tunnel, res);
+ 	if (ret == ERR_HTTP_NO_COOKIE) {
++		struct vpn_config *cfg = tunnel->config;
++
+ 		/* If the response body includes a tokeninfo= parameter,
+ 		 * it means the VPN gateway expects two-factor authentication.
+ 		 * It sends a one-time authentication credential for example
+@@ -534,11 +536,18 @@
+ 		get_value_from_response(res, "reqid=", reqid, 32);
+ 		get_value_from_response(res, "polid=", polid, 32);
+ 
+-		read_password("Two-factor authentication token: ", tokenresponse, 255);
++		if (cfg->otp[0] == '\0') {
++			read_password("Two-factor authentication token: ",
++			              cfg->otp, FIELD_SIZE);
++			if (cfg->otp[0] == '\0') {
++				log_error("No token specified\n");
++				return 0;
++			}
++		}
+ 
+ 		snprintf(data, 256, "username=%s&realm=%s&reqid=%s&polid=%s&grp=%s"
+ 		         "&code=%s&code2=&redir=%%2Fremote%%2Findex&just_logged_in=1",
+-		         username, realm, reqid, polid, group, tokenresponse);
++		         username, realm, reqid, polid, group, cfg->otp);
+ 
+ 		ret = http_request(tunnel, "POST", "/remote/logincheck", data, &res);
+ 		if (ret != 1)