euclide
/
openvpn-mgt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

finish OTP code

This commit is contained in:
Xavier Henner 2019-07-10 18:40:15 +02:00
parent 68de442333
commit 88f5ac3765
4 changed files with 36 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
crypto.go
View File

@ -5,21 +5,36 @@ import (
"crypto/sha1" "crypto/sha1"
"crypto/sha256" "crypto/sha256"
"encoding/base32" "encoding/base32"
"encoding/base64"
"encoding/binary" "encoding/binary"
"errors" "errors"
"fmt" "fmt"
"hash" "hash"
"math" "math"
"math/rand"
"strings" "strings"
"time" "time"
) )
func NewSalt() string {
var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
b := make([]rune, 4)
for i := range b {
b[i] = letterRunes[rand.Intn(len(letterRunes))]
}
return string(b)
}
func ComputeHmac256(message string, secret string) []byte { func ComputeHmac256(message string, secret string) []byte {
h := hmac.New(sha256.New, []byte(secret)) h := hmac.New(sha256.New, []byte(secret))
h.Write([]byte(message)) h.Write([]byte(message))
return h.Sum(nil) return h.Sum(nil)
} }
func encode64(secret []byte) string {
return strings.TrimRight(base64.StdEncoding.EncodeToString(secret), "=")
}
func encodeSecret(secret []byte) string { func encodeSecret(secret []byte) string {
return strings.TrimRight(base32.StdEncoding.EncodeToString(secret), "=") return strings.TrimRight(base32.StdEncoding.EncodeToString(secret), "=")
} }

5
main.go
View File

@ -4,8 +4,10 @@ import (
"flag" "flag"
"log" "log"
"log/syslog" "log/syslog"
"math/rand"
"os" "os"
"strings" "strings"
"time"
"github.com/pyke369/golang-support/uconfig" "github.com/pyke369/golang-support/uconfig"
) )
@ -24,6 +26,9 @@ func main() {
os.Exit(1) os.Exit(1)
} }
// seed the prng
rand.Seed(time.Now().UnixNano())
server := NewVPNServer(config.GetString("config.openvpnPort", "127.0.0.01:5000")) server := NewVPNServer(config.GetString("config.openvpnPort", "127.0.0.01:5000"))
server.vpnlogUrl = config.GetString("config.vpnLogUrl", "") server.vpnlogUrl = config.GetString("config.vpnLogUrl", "")
server.mailRelay = config.GetString("config.mailRelay", "") server.mailRelay = config.GetString("config.mailRelay", "")

16
otp.go
View File

@ -14,11 +14,19 @@ func (s *OpenVpnMgt) GenerateOTP(user string) ([]string, error) {
// } // }
func (s *OpenVpnMgt) TokenPassword(c *vpnSession) (bool, string) { func (s *OpenVpnMgt) TokenPassword(c *vpnSession) (bool, string) {
//TODO implement that correcly now := time.Now().Unix()
if c.password == "maith1wiePuw3ieb4heiNie5y" { if len(c.password) > 40 {
return true, "maith1wiePuw3ieb4heiNie5y" salt := c.password[:4]
for i := 0; i < 3; i++ {
test := encode64(ComputeHmac256(c.baseHash(salt, now/30-int64(i)), s.otpMasterSecrets[0]))
if salt+test == c.password {
return true, c.password
}
}
} }
return false, "maith1wiePuw3ieb4heiNie5y"
salt := NewSalt()
return false, salt + encode64(ComputeHmac256(c.baseHash(salt, now/30), s.otpMasterSecrets[0]))
} }
func (s *OpenVpnMgt) GenerateOTPGeneric(user string, period int, algo string, secretLen int, digits int) ([]string, error) { func (s *OpenVpnMgt) GenerateOTPGeneric(user string, period int, algo string, secretLen int, digits int) ([]string, error) {

4
vpnsession.go
View File

@ -67,6 +67,10 @@ func (c *vpnSession) b64Login() string {
return base64.StdEncoding.EncodeToString([]byte(c.Login)) return base64.StdEncoding.EncodeToString([]byte(c.Login))
} }
func (c *vpnSession) baseHash(salt string, i int64) string {
return fmt.Sprintf("%s%s%s%s", salt, c.Login, c.IP, i)
}
func (c *vpnSession) ParseSessionId(line string) error { func (c *vpnSession) ParseSessionId(line string) error {
var err error var err error
client_id := strings.Split(strings.Replace(line, ">CLIENT:CONNECT,", "", 1), ",") client_id := strings.Split(strings.Replace(line, ">CLIENT:CONNECT,", "", 1), ",")