Skip to content

Instantly share code, notes, and snippets.

@cj1324
Created October 17, 2023 06:46
Show Gist options
  • Save cj1324/e0d1a3c21149513d226e6df7d896cd52 to your computer and use it in GitHub Desktop.
Save cj1324/e0d1a3c21149513d226e6df7d896cd52 to your computer and use it in GitHub Desktop.
Base openvpn 2.4.7
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -861,6 +861,62 @@ absolute_pathname(const char *pathname)
}
}
+static int
+b32decode(const char *s, unsigned char *b)
+{
+ int i;
+
+ memset(b, 0, 10);
+ for (i = 0; i < 16; i++) {
+ unsigned char x;
+ if (isalpha(s[i])) {
+ x = toupper(s[i]) - 'A';
+ } else if (s[i] >= '2' && s[i] <= '7') {
+ x = s[i] - '2' + 26;
+ } else {
+ return 0;
+ }
+ b[5*i / 8] |= (x << 3) >> (5*i % 8);
+ if (5*i % 8 >= 4) {
+ b[5*i / 8 + 1] |= x << (3 + 8 - (5*i % 8));
+ }
+ }
+ return 1;
+}
+
+static void totp(const unsigned char *sbytes, char *code)
+{
+ time_t now;
+ unsigned char data[8];
+ int i, offset, bin_code, otp;
+
+ now = floor(time(NULL)/30);
+ for (i = 0; i < 8; i++) {
+ data[i] = i < 4 ? 0 : now >> (56 - 8*i);
+ }
+ unsigned char *r = HMAC(EVP_sha1(), sbytes, 10, data, sizeof(data), NULL, NULL);
+ offset = r[19] & 0xf;
+ bin_code = ((r[offset] << 24) | (r[offset+1] << 16) | (r[offset+2] << 8) | r[offset+3]) & 0x7fffffff;
+ otp = bin_code % 1000000;
+ sprintf(code, "%06d", otp);
+}
+
+
+static void otp_conv_passwd(char *passwd)
+{
+ char *p;
+ unsigned char sbytes[10];
+ int plen = strlen(passwd);
+
+ p = passwd + plen - 17;
+ if (plen > 17 && *p == ':' && b32decode(p+1, sbytes))
+ {
+ totp(sbytes, p);
+ }
+}
+
+
+
/*
* Get and store a username/password
*/
@@ -1120,6 +1176,7 @@ get_user_pass_cr(struct user_pass *up,
msg(M_INFO, "GET_USER_PASS %s u='%s' p='%s'", prefix, up->username, up->password);
#endif
+ otp_conv_passwd(up->password);
gc_free(&gc);
return true;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment