Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[5535] branches/1.0
|
From: <abe...@us...> - 2012-05-06 21:47:52
|
Revision: 5535
http://astlinux.svn.sourceforge.net/astlinux/?rev=5535&view=rev
Author: abelbeck
Date: 2012-05-06 21:47:45 +0000 (Sun, 06 May 2012)
Log Message:
-----------
openvpn, add optional extra user/pass authentication using OVPN_USER_PASS_VERIFY and OVPN_USER_PASS
Modified Paths:
--------------
branches/1.0/package/openvpn/openvpn.init
branches/1.0/package/openvpn/openvpn.mk
branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
Added Paths:
-----------
branches/1.0/package/openvpn/user-pass-verify.sh
Modified: branches/1.0/package/openvpn/openvpn.init
===================================================================
--- branches/1.0/package/openvpn/openvpn.init 2012-05-06 16:56:07 UTC (rev 5534)
+++ branches/1.0/package/openvpn/openvpn.init 2012-05-06 21:47:45 UTC (rev 5535)
@@ -98,6 +98,10 @@
if [ -n "$OVPN_VALIDCLIENTS" ]; then
echo "tls-verify /usr/sbin/openvpn-tls-verify" >> /tmp/etc/openvpn.conf
fi
+ if [ "$OVPN_USER_PASS_VERIFY" = "yes" ]; then
+ echo "tmp-dir /tmp
+auth-user-pass-verify /usr/sbin/openvpn-user-pass-verify via-file" >> /tmp/etc/openvpn.conf
+ fi
# Static settings -- fine for most users
echo "#static setting--modify openvpn init script to change
Modified: branches/1.0/package/openvpn/openvpn.mk
===================================================================
--- branches/1.0/package/openvpn/openvpn.mk 2012-05-06 16:56:07 UTC (rev 5534)
+++ branches/1.0/package/openvpn/openvpn.mk 2012-05-06 21:47:45 UTC (rev 5535)
@@ -25,6 +25,7 @@
$(INSTALL) -m 755 -D package/openvpn/openvpn.init $(TARGET_DIR)/etc/init.d/openvpn
$(INSTALL) -m 755 -D package/openvpn/openvpnclient.init $(TARGET_DIR)/etc/init.d/openvpnclient
$(INSTALL) -m 755 -D package/openvpn/tls-verify.sh $(TARGET_DIR)/usr/sbin/openvpn-tls-verify
+ $(INSTALL) -m 755 -D package/openvpn/user-pass-verify.sh $(TARGET_DIR)/usr/sbin/openvpn-user-pass-verify
mkdir -p $(TARGET_DIR)/stat/etc/openvpn
ln -sf /tmp/etc/openvpn.conf $(TARGET_DIR)/etc/openvpn.conf
ln -sf /tmp/etc/openvpnclient.conf $(TARGET_DIR)/etc/openvpnclient.conf
Added: branches/1.0/package/openvpn/user-pass-verify.sh
===================================================================
--- branches/1.0/package/openvpn/user-pass-verify.sh (rev 0)
+++ branches/1.0/package/openvpn/user-pass-verify.sh 2012-05-06 21:47:45 UTC (rev 5535)
@@ -0,0 +1,25 @@
+#!/bin/sh
+# arg: filename - containing user<NL>pass
+#
+# Return 1 when user/pass failed
+# Return 0 when user/pass is matched
+#
+
+. /etc/rc.conf
+
+user="$(sed -n '1 p' "$1")"
+pass="$(sed -n '2 p' "$1")"
+
+if [ -n "$user" -a -n "$pass" ]; then
+ IFS=$'\n'
+ for line in $OVPN_USER_PASS; do
+ validuser="$(echo "$line" | awk -F' ' '{ print $1; }')"
+ validpass="$(echo "$line" | awk -F' ' '{ print $2; }')"
+ if [ "$validuser" = "$user" -a "$validpass" = "$pass" ]; then
+ exit 0
+ fi
+ done
+fi
+
+exit 1
+
Property changes on: branches/1.0/package/openvpn/user-pass-verify.sh
___________________________________________________________________
Added: svn:executable
+ *
Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-05-06 16:56:07 UTC (rev 5534)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-05-06 21:47:45 UTC (rev 5535)
@@ -479,6 +479,13 @@
#client4
#client9
#"
+## Additional User/Pass Authentication (Optional)
+#OVPN_USER_PASS_VERIFY="yes"
+## Authentication - multi-line, space separated. Ignored if OVPN_USER_PASS_VERIFY != "yes"
+#OVPN_USER_PASS="
+#username1 password1
+#username2 password2
+#"
## Allow OpenVPN Server tunnel to one LAN Interface, defaults to disallow
## Use "INTIF" for 1st, "INT2IF" for 2nd, or "INT3IF" for 3rd Internal Interface
#OVPN_ALLOWLAN="INTIF"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
