From fd8a1c2031dcb6b6e2879e7c8843f6b85231d4e0 Mon Sep 17 00:00:00 2001 From: Pankaj Tolani Date: Wed, 11 Mar 2020 17:39:48 +1100 Subject: [PATCH 1/2] otp generation without prompt, libqrencode --- Dockerfile | 2 +- bin/ovpn_otp_user | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index a85cb24b..5f8d0ea8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ LABEL maintainer="Kyle Manna " # Testing: pamtester RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories && \ - apk add --update openvpn iptables bash easy-rsa openvpn-auth-pam google-authenticator pamtester && \ + apk add --update openvpn iptables bash easy-rsa openvpn-auth-pam google-authenticator pamtester libqrencode && \ ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin && \ rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/* diff --git a/bin/ovpn_otp_user b/bin/ovpn_otp_user index 7af9c1ec..f69307ff 100755 --- a/bin/ovpn_otp_user +++ b/bin/ovpn_otp_user @@ -24,10 +24,14 @@ fi # Binary is present in image, save an $user.google_authenticator file in /etc/openvpn/otp if [ "$2" == "interactive" ]; then + echo "interactive" + echo "google-authenticator --time-based --force -l \"${1}@${OVPN_CN}\" -s /etc/openvpn/otp/${1}.google_authenticator" # Authenticator will ask for other parameters. User can choose rate limit, token reuse policy and time window policy # Always use time base OTP otherwise storage for counters must be configured somewhere in volume google-authenticator --time-based --force -l "${1}@${OVPN_CN}" -s /etc/openvpn/otp/${1}.google_authenticator else + echo "non-interactive" + echo "google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 -l \"${1}@${OVPN_CN}\" -s /etc/openvpn/otp/${1}.google_authenticator" google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \ - -l "${1}@${OVPN_CN}" -s /etc/openvpn/otp/${1}.google_authenticator -fi \ No newline at end of file + -l "${1}@${OVPN_CN}" -s /etc/openvpn/otp/${1}.google_authenticator --no-confirm +fi From d3591fdbd33472aaab0d737bb45036aa26b3a263 Mon Sep 17 00:00:00 2001 From: Pankaj Tolani Date: Wed, 11 Mar 2020 17:44:17 +1100 Subject: [PATCH 2/2] echo remove --- bin/ovpn_otp_user | 2 -- 1 file changed, 2 deletions(-) diff --git a/bin/ovpn_otp_user b/bin/ovpn_otp_user index f69307ff..3538181e 100755 --- a/bin/ovpn_otp_user +++ b/bin/ovpn_otp_user @@ -24,13 +24,11 @@ fi # Binary is present in image, save an $user.google_authenticator file in /etc/openvpn/otp if [ "$2" == "interactive" ]; then - echo "interactive" echo "google-authenticator --time-based --force -l \"${1}@${OVPN_CN}\" -s /etc/openvpn/otp/${1}.google_authenticator" # Authenticator will ask for other parameters. User can choose rate limit, token reuse policy and time window policy # Always use time base OTP otherwise storage for counters must be configured somewhere in volume google-authenticator --time-based --force -l "${1}@${OVPN_CN}" -s /etc/openvpn/otp/${1}.google_authenticator else - echo "non-interactive" echo "google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 -l \"${1}@${OVPN_CN}\" -s /etc/openvpn/otp/${1}.google_authenticator" google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \ -l "${1}@${OVPN_CN}" -s /etc/openvpn/otp/${1}.google_authenticator --no-confirm