OpenVPN server, support static-challenge formatted password, closes #…

…3290
opnsense · Mar 6, 2019 · 2c2eca7 · 2c2eca7
1 parent a98f043
commit 2c2eca7
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/src/etc/inc/plugins.inc.d/openvpn/auth-user.php b/src/etc/inc/plugins.inc.d/openvpn/auth-user.php
@@ -79,6 +79,18 @@ function parse_auth_properties($props)
     $strictusercn = $argv[4] == 'false' ? false : true;
 
     $a_server = get_openvpn_server($modeid);
+    if (strpos($password, 'SCRV1:') === 0) {
+        // static-challenge https://github.com/OpenVPN/openvpn/blob/v2.4.7/doc/management-notes.txt#L1146
+        // validate and concat password into our default pin+password
+        $tmp = explode(':', $password);
+        if (count($tmp) == 3) {
+            $pass = base64_decode($tmp[1]);
+            $pin = base64_decode($tmp[2]);
+            if ($pass !== false && $pin !== false) {
+                $password = $pin . $pass;
+            }
+        }
+    }
 
     // primary input validation
     $error_message = null;