finish OTP code
This commit is contained in:
Xavier Henner
parent
68de442333
commit
88f5ac3765
15
crypto.go
15
crypto.go
|
|
@ -5,21 +5,36 @@ import (
|
|||
"crypto/sha1"
|
||||
"crypto/sha256"
|
||||
"encoding/base32"
|
||||
"encoding/base64"
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
"fmt"
|
||||
"hash"
|
||||
"math"
|
||||
"math/rand"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
func NewSalt() string {
|
||||
var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
|
||||
b := make([]rune, 4)
|
||||
for i := range b {
|
||||
b[i] = letterRunes[rand.Intn(len(letterRunes))]
|
||||
}
|
||||
return string(b)
|
||||
}
|
||||
|
||||
func ComputeHmac256(message string, secret string) []byte {
|
||||
h := hmac.New(sha256.New, []byte(secret))
|
||||
h.Write([]byte(message))
|
||||
return h.Sum(nil)
|
||||
}
|
||||
|
||||
func encode64(secret []byte) string {
|
||||
return strings.TrimRight(base64.StdEncoding.EncodeToString(secret), "=")
|
||||
}
|
||||
|
||||
func encodeSecret(secret []byte) string {
|
||||
return strings.TrimRight(base32.StdEncoding.EncodeToString(secret), "=")
|
||||
}
|
||||
|
|
|
|||
5
main.go
5
main.go
|
|
@ -4,8 +4,10 @@ import (
|
|||
"flag"
|
||||
"log"
|
||||
"log/syslog"
|
||||
"math/rand"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/pyke369/golang-support/uconfig"
|
||||
)
|
||||
|
|
@ -24,6 +26,9 @@ func main() {
|
|||
os.Exit(1)
|
||||
}
|
||||
|
||||
// seed the prng
|
||||
rand.Seed(time.Now().UnixNano())
|
||||
|
||||
server := NewVPNServer(config.GetString("config.openvpnPort", "127.0.0.01:5000"))
|
||||
server.vpnlogUrl = config.GetString("config.vpnLogUrl", "")
|
||||
server.mailRelay = config.GetString("config.mailRelay", "")
|
||||
|
|
|
|||
16
otp.go
16
otp.go
|
|
@ -14,11 +14,19 @@ func (s *OpenVpnMgt) GenerateOTP(user string) ([]string, error) {
|
|||
// }
|
||||
|
||||
func (s *OpenVpnMgt) TokenPassword(c *vpnSession) (bool, string) {
|
||||
//TODO implement that correcly
|
||||
if c.password == "maith1wiePuw3ieb4heiNie5y" {
|
||||
return true, "maith1wiePuw3ieb4heiNie5y"
|
||||
now := time.Now().Unix()
|
||||
if len(c.password) > 40 {
|
||||
salt := c.password[:4]
|
||||
for i := 0; i < 3; i++ {
|
||||
test := encode64(ComputeHmac256(c.baseHash(salt, now/30-int64(i)), s.otpMasterSecrets[0]))
|
||||
if salt+test == c.password {
|
||||
return true, c.password
|
||||
}
|
||||
}
|
||||
}
|
||||
return false, "maith1wiePuw3ieb4heiNie5y"
|
||||
|
||||
salt := NewSalt()
|
||||
return false, salt + encode64(ComputeHmac256(c.baseHash(salt, now/30), s.otpMasterSecrets[0]))
|
||||
}
|
||||
|
||||
func (s *OpenVpnMgt) GenerateOTPGeneric(user string, period int, algo string, secretLen int, digits int) ([]string, error) {
|
||||
|
|
|
|||
|
|
@ -67,6 +67,10 @@ func (c *vpnSession) b64Login() string {
|
|||
return base64.StdEncoding.EncodeToString([]byte(c.Login))
|
||||
}
|
||||
|
||||
func (c *vpnSession) baseHash(salt string, i int64) string {
|
||||
return fmt.Sprintf("%s%s%s%s", salt, c.Login, c.IP, i)
|
||||
}
|
||||
|
||||
func (c *vpnSession) ParseSessionId(line string) error {
|
||||
var err error
|
||||
client_id := strings.Split(strings.Replace(line, ">CLIENT:CONNECT,", "", 1), ",")
|
||||
|
|
|
|||
Loading…
Reference in New Issue