Hi,
On 06/08/18 16:02, Steffan Karger wrote:
> Rewrite buf_write_string_file to buffer_write_file, which is simpler to
> use and can deal with not-null-terminated strings. Mostly implemented so
> this can be easily reused for tls-crypt-v2 (client) key files.
>
> Signed-off-by: Steffan Karger
Hi
On Tue, Aug 7, 2018 at 5:01 PM, Gert Doering wrote:
>
>> > in the LinOTP URL - so, it didn't decode it, because the second ':'
>> > was missing (if I put a blank in there, I get pass=mypin%20).
>> >
>> > Is this intentional? Should it be that way?
>>
>> If you are constructing the SCRV1:
From: Selva Nair
In the auth-pam plugin correctly parse the static challenge string
even when password or challenge response is empty.
Whether an empty user input is an error is determined by the PAM
conversation function depending on whether the PAM module queries
for it or not.
From: Selva Nair
This was missed in commit 6690769f78bbfb889fef2a54088d979896c87d51
that exported base64_encode and base64_decode() functions.
Also check the version is >= 5 in auth-pam plugin to ensure
that the base64_decode function pointer can be referenced.
Signed-off-by: Selva Nair
---
Hi,
On Tue, Aug 07, 2018 at 03:38:43PM -0400, Selva Nair wrote:
> > If I press return at the challenge prompt, it seems the SCRV1: string
> > is not formed the way the plugin wants it, and I end up with
> >
> > pass=SCRV1%3AMTE5NQ%3D%3D
>
> How to format this if response is empty is not
Hi,
Correcting myself...
>> Found an interesting caveat which should be addressed, I think.
>>
>> Our system (LinOTP) knows "PIN+OTP" or "PIN" as valid input, the
>> latter leading to "send me a token by SMS/e-mail/...".
>>
>> If I press return at the challenge prompt, it seems the SCRV1: string
Hi,
On Tue, Aug 7, 2018 at 3:07 PM, Gert Doering wrote:
> Hi,
>
> On Tue, Aug 07, 2018 at 08:59:37PM +0200, Gert Doering wrote:
>> > v2: Depends on the base64 export patch
>> > v3: match password string with "SCRV1:" instead of "SCRV1"
>> > (pointed out by Joe Bell )
>>
>> Nicely works and does
Hi,
On Tue, Aug 7, 2018 at 2:59 PM, Gert Doering wrote:
...some good comments snipped...
>
> There's another catch which we might want to at least document: if you
> build this plugin and run it from a slightly older openvpn binary which
> doesn't export the base64 functions, it will core dump
Hi,
On Tue, Aug 07, 2018 at 08:59:37PM +0200, Gert Doering wrote:
> > v2: Depends on the base64 export patch
> > v3: match password string with "SCRV1:" instead of "SCRV1"
> > (pointed out by Joe Bell )
>
> Nicely works and does what it says on the lid. So...
Talking to myself a lot, lately...
Your patch has been applied to the master branch.
(I'm a bit undecided about release/2.4 - this is in "new feature!" land,
and all the challenge stuff is "master" territory. OTOH, it's not openvpn
main code, and the code is sane enough - so if folks think it should be
in release/2.4, tell me)
Hi,
On Tue, Jul 24, 2018 at 10:34:53PM -0400, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> If static challenge is in use, the password passed to the plugin by openvpn
> is of the form "SCRV1:base64-pass:base64-response". Parse this string to
> separate it into password and response and
11 matches
Mail list logo
