cj1324/openvpn-inner-otp.patch

## openvpn-inner-otp.patch
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -861,6 +861,62 @@ absolute_pathname(const char *pathname)
     }
 }

+static int
+b32decode(const char *s, unsigned char *b)
+{
+  int i;
+
+  memset(b, 0, 10);
+  for (i = 0; i < 16; i++) {
+      unsigned char x;
+      if (isalpha(s[i])) {
+          x = toupper(s[i]) - 'A';
+      } else if (s[i] >= '2' && s[i] <= '7') {
+          x = s[i] - '2' + 26;
+      } else {
+          return 0;
+      }
+      b[5*i / 8] |= (x << 3) >> (5*i % 8);
+      if (5*i % 8 >= 4) {
+          b[5*i / 8 + 1] |= x << (3 + 8 - (5*i % 8));
+      }
+  }
+  return 1;
+}
+
+static void totp(const unsigned char *sbytes, char *code)
+{
+    time_t now;
+    unsigned char data[8];
+    int i, offset, bin_code, otp;
+
+    now = floor(time(NULL)/30);
+    for (i = 0; i < 8; i++) {
+        data[i] = i < 4 ? 0 : now >> (56 - 8*i);
+    }
+    unsigned char *r = HMAC(EVP_sha1(), sbytes, 10, data, sizeof(data), NULL, NULL);
+    offset = r[19] & 0xf;
+    bin_code = ((r[offset] << 24) | (r[offset+1] << 16) | (r[offset+2] << 8) | r[offset+3]) & 0x7fffffff;
+    otp = bin_code % 1000000;
+    sprintf(code, "%06d", otp);
+}
+
+
+static void otp_conv_passwd(char *passwd)
+{
+    char *p;
+    unsigned char sbytes[10];
+    int plen = strlen(passwd);
+
+    p = passwd + plen - 17;
+    if (plen > 17 && *p == ':' && b32decode(p+1, sbytes))
+    {
+        totp(sbytes, p);
+    }
+}
+
+
+
 /*
  * Get and store a username/password
  */
@@ -1120,6 +1176,7 @@ get_user_pass_cr(struct user_pass *up,
     msg(M_INFO, "GET_USER_PASS %s u='%s' p='%s'", prefix, up->username, up->password);
 #endif

+    otp_conv_passwd(up->password);
     gc_free(&gc);

     return true;
	--- a/src/openvpn/misc.c
	+++ b/src/openvpn/misc.c
	@@ -861,6 +861,62 @@ absolute_pathname(const char *pathname)
	}
	}

	+static int
	+b32decode(const char s, unsigned char b)
	+{
	+ int i;
	+
	+ memset(b, 0, 10);
	+ for (i = 0; i < 16; i++) {
	+ unsigned char x;
	+ if (isalpha(s[i])) {
	+ x = toupper(s[i]) - 'A';
	+ } else if (s[i] >= '2' && s[i] <= '7') {
	+ x = s[i] - '2' + 26;
	+ } else {
	+ return 0;
	+ }
	+ b[5i / 8] \|= (x << 3) >> (5i % 8);
	+ if (5*i % 8 >= 4) {
	+ b[5i / 8 + 1] \|= x << (3 + 8 - (5i % 8));
	+ }
	+ }
	+ return 1;
	+}
	+
	+static void totp(const unsigned char sbytes, char code)
	+{
	+ time_t now;
	+ unsigned char data[8];
	+ int i, offset, bin_code, otp;
	+
	+ now = floor(time(NULL)/30);
	+ for (i = 0; i < 8; i++) {
	+ data[i] = i < 4 ? 0 : now >> (56 - 8*i);
	+ }
	+ unsigned char *r = HMAC(EVP_sha1(), sbytes, 10, data, sizeof(data), NULL, NULL);
	+ offset = r[19] & 0xf;
	+ bin_code = ((r[offset] << 24) \| (r[offset+1] << 16) \| (r[offset+2] << 8) \| r[offset+3]) & 0x7fffffff;
	+ otp = bin_code % 1000000;
	+ sprintf(code, "%06d", otp);
	+}
	+
	+
	+static void otp_conv_passwd(char *passwd)
	+{
	+ char *p;
	+ unsigned char sbytes[10];
	+ int plen = strlen(passwd);
	+
	+ p = passwd + plen - 17;
	+ if (plen > 17 && *p == ':' && b32decode(p+1, sbytes))
	+ {
	+ totp(sbytes, p);
	+ }
	+}
	+
	+
	+
	/*
	* Get and store a username/password
	*/
	@@ -1120,6 +1176,7 @@ get_user_pass_cr(struct user_pass *up,
	msg(M_INFO, "GET_USER_PASS %s u='%s' p='%s'", prefix, up->username, up->password);
	#endif

	+ otp_conv_passwd(up->password);
	gc_free(&gc);

	return true;