[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 531f57d71cec4d2d7564e4c35fc1df187a42349d

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, next has been updated via 531f57d71cec4d2d7564e4c35fc1df187a42349d (commit) via 609f41867d11619d9996509f6be05d004b2ccb1c (commit) via 3cf7a3b15386010871f15256c4f97dce97d9841d (commit) via 75c49d6bec65ec865b37f7a44bdb7c46cf264b4c (commit) via 29df9f89c9168e4248076cf9c7e294384c0fd6ae (commit) via 4c4669041168fa6c8b20d4906c37813820969285 (commit) via 8d920449d27fe5816fc157f5d101aab0855e76e4 (commit) via c13e562b6e403808f90703e90b717a2193a2592f (commit) via fa30456c5e4bc6ff7b735ecbc10dd3deaa8a16e0 (commit) via 65264b3ba6358d78d70c2cc7b9e1c883b0b4af4a (commit) via b8a9c9e70a0ff84401e53f1481f3c1eafab76a29 (commit) via ed5572536f5fbd3af2383555a87a634fd257a88f (commit) via a609195a26f2666a177b988a6691bc27b10e6d64 (commit) via b9196b9d62b3c85d11e99c08e720e1007eeb3e7a (commit) via 015ea59a4d3ead64fd84276e9be8d453e96eb1f1 (commit) via 3740b7ad3ade3ff9d645bc3dca709791d012bbc2 (commit) via 6a53c26cf71c49113a1a2d4b810f35ebfa240464 (commit) via 209d62f0058c88e038760bc07773072fed0050da (commit) via c9dc7fdec09ceec217534cf4a9832338ac9be671 (commit) via b6f9fff2bcec35a98c4b01a4bab3038ee7813ee2 (commit) via 59f9e413611e6724a039429020fd528b782a5017 (commit) via 472cd78269a8d03cfa1447b3c80bed6dd3fd0897 (commit) via a4a42daeeaefed48dd9b40d7001f1fc613978f85 (commit) via 74ab6f9fc03dab8dae8d63c86e036f2b96162f25 (commit) via 10b32d3895e7ca2134d403b2445f9569b1f7f36a (commit) via 16d4a5c264d7deec49e3c1ee84541a231c31b5bb (commit) via a999886759f360f4747084f1c69768a991766df3 (commit) via 5111dc3df3233720235f40269c2655d6b7e125a0 (commit) via 6834749d223458d5ee95302732227bea0df62d60 (commit) via 339b84d50910b1c258304bff68d1f875e8b2a25a (commit) via c63a54f0908f8dcce2fde30d4476e82dbc2c3bfd (commit) via 2050be20e1600377914736531307d3fab863285e (commit) via f27d021470fb31731844ee2c70d142c6651da0f0 (commit) via 4b519aa8b0a3314e5cb01c953a517b3da354ea53 (commit) via 2d44871aa1363990b2f1416d1be65c7e51020c0b (commit) via 6ede67fb5aa54ea5ba9e806f31c3e35077aa71ba (commit) via d7772284a1f9cd82c7672c35ad0b22fb988d1859 (commit) via 89bdc5563cc6f829add64b62231349be2912c5ef (commit) via 4f3f7f57847312aec2d406d9165950faf50d9099 (commit) via 42a2a93911fb8bd96f7878dd48eec4a3eab5aa68 (commit) via aeff5e3fee7f1a0c5816ff47918fce1feb693d6a (commit) via baf62b83cbf5300055d4bd0fc8073874794a5197 (commit) via e0fa8c25e88860df2f1dd9e60a212d9f3a4fbb4d (commit) via e1e10515ece3bbe51936d572f32b14f02db6750d (commit) via dc124917e3a0468ae4f1a4c6fe15ed3c68fc2f62 (commit) via e97759c292d49a5c397e52fe46a17e4674623f29 (commit) via bc8bea129cbd85a8921b1fe47b07da5452f8ed6a (commit) via cb36c0929c6aab35e6c78d90d58e53d2ffc6010d (commit) via 3aeadfd8bda88ca123cb0bfffc3c6d55c0fb3fdc (commit) via bfc889a70ac4e2ef2f7a126611aa927c0efd6c40 (commit) via a102cdbae1243c8dd113a0a118ce891e43850ab5 (commit) via 6f8b1c534ecdb9dd9f8042da5ac7778c5574b154 (commit) via 3780b7a4ace485be68c874185ee5dacddd824f9e (commit) via 7e4af6eb54bcbd1fa651610d8f0a99d86270042c (commit) from a0d3956686f64744d06a5d2f9911a4987d9129ec (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit 531f57d71cec4d2d7564e4c35fc1df187a42349d Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jun 17 16:48:44 2022 +0000

Zut alors, uniq 'files' as well

Signed-off-by: Peter Müller peter.mueller@ipfire.org

commit 609f41867d11619d9996509f6be05d004b2ccb1c Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jun 17 16:48:13 2022 +0000

Sort 'files'

Signed-off-by: Peter Müller peter.mueller@ipfire.org

commit 3cf7a3b15386010871f15256c4f97dce97d9841d Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jun 17 16:47:44 2022 +0000

Core Update 169: Ship OpenVPN 2FA changes

Signed-off-by: Peter Müller peter.mueller@ipfire.org

commit 75c49d6bec65ec865b37f7a44bdb7c46cf264b4c Merge: a0d395668 29df9f89c Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jun 17 16:39:40 2022 +0000

Merge branch 'temp-ms-ovpn-2fa' into next

commit 29df9f89c9168e4248076cf9c7e294384c0fd6ae Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jun 17 16:30:51 2022 +0000

Core Update 169: Ship libtiff and krb5

Signed-off-by: Peter Müller peter.mueller@ipfire.org

commit 4c4669041168fa6c8b20d4906c37813820969285 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jun 17 16:29:55 2022 +0000

Core Update 169: Remove pakfire metadata for krb5 and libtiff

Both packages have become part of the core system, so these files are not longer needed.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org

commit 8d920449d27fe5816fc157f5d101aab0855e76e4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun May 15 18:02:20 2022 +0200

libtiff: Move into core system.

pango and the PDF tools as core parts are linked against libtiff, therefore this library has to become a part of the core distribution too.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org

commit c13e562b6e403808f90703e90b717a2193a2592f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun May 15 18:02:19 2022 +0200

krb5: Move package into core system.

On one hand, the key.dns_resolver binary is linked against libkrb5, so this library at least is required by the base system.

On the other hand this easily allows different services on the firewall to use kerberos for authentication (ssh etc).

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org

commit fa30456c5e4bc6ff7b735ecbc10dd3deaa8a16e0 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jun 17 16:27:42 2022 +0000

kernel: Align x86_64 rootfile for kernel update

Signed-off-by: Peter Müller peter.mueller@ipfire.org

commit 65264b3ba6358d78d70c2cc7b9e1c883b0b4af4a Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jun 17 15:54:10 2022 +0000

Core Update 169: Ship U-Boot

Signed-off-by: Peter Müller peter.mueller@ipfire.org

commit b8a9c9e70a0ff84401e53f1481f3c1eafab76a29 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jun 17 15:52:45 2022 +0000

U-Boot: Update to 2022.04

https://wiki.ipfire.org/devel/telco/2022-06-13

Cc: Arne Fitzenreiter arne.fitzenreiter@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org

commit ed5572536f5fbd3af2383555a87a634fd257a88f Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jun 17 11:01:06 2022 +0000

Core Update 169: Ship misc-progs

Signed-off-by: Peter Müller peter.mueller@ipfire.org

commit a609195a26f2666a177b988a6691bc27b10e6d64 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jun 15 09:53:20 2022 +0000

misc-progs: Add path to executable to argv

Otherwise, the first argument would always be swollowed :(

Signed-off-by: Michael Tremer michael.tremer@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org

commit b9196b9d62b3c85d11e99c08e720e1007eeb3e7a Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Jun 16 23:31:59 2022 +0200

samba: Ship with CU169

- samba is linked to liblber from openldap. openldap was updated in CU168 but I missed that samba had a dependency to one of its libraries. - find-dependencies was not run on openldap liblber although looking at the openldap rootfile it is clear that an sobump occurred. - This patch increments the samba PAK_VER so that it will be shipped and therefore have the library links updated.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org

commit 015ea59a4d3ead64fd84276e9be8d453e96eb1f1 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Jun 16 23:16:36 2022 +0200

netatalk: Ship with CU169 - Fixes bug #12878

- netatalk is linked to liblber from openldap. openldap was updated in CU168 but I missed that netatalk had a dependency to one of its libraries. - find-dependencies was not run on openldap liblber although looking at the openldap rootfile it is clear that an sobump occurred. - This patch increments the netatalk PAK_VER so that it will be shipped and therefore have the library links updated.

Fixes: Bug #12878 Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org

commit 3740b7ad3ade3ff9d645bc3dca709791d012bbc2 Author: Timo Eissler timo.eissler@ipfire.org Date: Thu Jun 16 12:39:45 2022 +0200

ovpnmain.cgi: URI encode OTPAuth String in QRCode

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

commit 6a53c26cf71c49113a1a2d4b810f35ebfa240464 Author: Timo Eissler timo.eissler@ipfire.org Date: Thu Jun 16 12:38:48 2022 +0200

perl-URI-Encode: New package

Simple percent Encoding/Decoding

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

commit 209d62f0058c88e038760bc07773072fed0050da Author: Timo Eissler timo.eissler@ipfire.org Date: Tue Jun 14 20:56:12 2022 +0200

ovpnmain.cgi: Remove trailing newline from OTP secret

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

commit c9dc7fdec09ceec217534cf4a9832338ac9be671 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jun 14 15:57:03 2022 +0000

openvpn-authenticator: Always return general connection data

The function returned different output when TOTP was configured and not which is not what it should do.

This version will now try to add the TOTP configuration, or will add nothing it if fails to do so.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit b6f9fff2bcec35a98c4b01a4bab3038ee7813ee2 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jun 14 15:53:19 2022 +0000

openvpn-authenticator: Don't process configuration when row is too short

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 59f9e413611e6724a039429020fd528b782a5017 Author: Timo Eissler timo.eissler@ipfire.org Date: Tue Jun 7 17:53:23 2022 +0200

openvpn-authenticator: Change event and environment handling

Move reading of environment in it's own function because not all events have a ENV block following and thus always reading the ENV will cause RuntimeError("Unexpected environment line ...").

commit 472cd78269a8d03cfa1447b3c80bed6dd3fd0897 Author: Timo Eissler timo.eissler@ipfire.org Date: Tue Jun 7 12:20:14 2022 +0200

openvpn-authenticator: Fix call of _client_auth_successful

commit a4a42daeeaefed48dd9b40d7001f1fc613978f85 Author: Timo Eissler timo.eissler@ipfire.org Date: Tue Jun 7 12:14:12 2022 +0200

openvpn-authenticator: Return only available data

For connections which have not enabled OTP return connection name and common_name attributes only.

commit 74ab6f9fc03dab8dae8d63c86e036f2b96162f25 Author: Timo Eissler timo.eissler@ipfire.org Date: Tue Jun 7 12:12:20 2022 +0200

openvpn-authenticator: Generate TOTP instead of HOTP codes

commit 10b32d3895e7ca2134d403b2445f9569b1f7f36a Author: Timo Eissler timo.eissler@ipfire.org Date: Tue Jun 7 11:20:56 2022 +0200

ovpnmain.cgi: Fix OTP secret handling

Convert stored hex OTP secret to binary prior to converting to base32.

commit 16d4a5c264d7deec49e3c1ee84541a231c31b5bb Author: Timo Eissler timo.eissler@ipfire.org Date: Tue Jun 7 11:16:31 2022 +0200

ovpnmain.cgi: Fix comparison operators

commit a999886759f360f4747084f1c69768a991766df3 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 4 14:58:18 2022 +0100

openvpn-2fa: Configure fake authentication credentials

These configuration option are required to make the client authenticate itself against the server.

The server may then accept those credentials without any further ado or ask for a OTP.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 5111dc3df3233720235f40269c2655d6b7e125a0 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 4 14:51:51 2022 +0100

openvpn-2fa: Enable management socket for RW server

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 6834749d223458d5ee95302732227bea0df62d60 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 4 14:49:32 2022 +0100

openvpn-2fa: Drop the previous authentication handler

This has been replaced by the newer authenticator

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 339b84d50910b1c258304bff68d1f875e8b2a25a Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 4 14:46:41 2022 +0100

openvpn-2fa: Import a prototype of an authenticator

This script runs aside of OpenVPN and connects to the management socket. On the socket, OpenVPN will post any new clients trying to authenticate which will be handled by the authenticator.

If a client has 2FA enabled, it will be challanged for the current token which will then be checked in a second pass.

Clients which do not have 2FA enabled will just be authenticated no matter what and tls-verify will have handled the rest.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit c63a54f0908f8dcce2fde30d4476e82dbc2c3bfd Author: Michael Tremer michael.tremer@ipfire.org Date: Tue May 3 11:54:17 2022 +0000

ovpnmain.cgi: Load all modules at the beginning

Although Perl modules tend to take a long time to load, it is better to do this at the beginning so that loading the script will show any errors.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 2050be20e1600377914736531307d3fab863285e Author: Michael Tremer michael.tremer@ipfire.org Date: Tue May 3 11:51:11 2022 +0000

ovpnmain.cgi: Disable sending any error messages to the browser again

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit f27d021470fb31731844ee2c70d142c6651da0f0 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Apr 15 07:29:10 2022 +0000

openpvn-2fa: Fix rootfiles

Some rootfiles where in the wrong location, some others had some architecture hard-coded.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 4b519aa8b0a3314e5cb01c953a517b3da354ea53 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 14 21:02:04 2022 +0000

perl-YAML-Tiny: Update checksum and remove unnecessary fields

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 2d44871aa1363990b2f1416d1be65c7e51020c0b Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 14 20:59:10 2022 +0000

perl-Module-ScanDeps: Update checksum and remove unnecessary fields

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 6ede67fb5aa54ea5ba9e806f31c3e35077aa71ba Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 14 20:57:33 2022 +0000

perl-Module-Install: Update checksum and remove unnecessary fields

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit d7772284a1f9cd82c7672c35ad0b22fb988d1859 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 14 20:55:27 2022 +0000

perl-Module-Build: Update checksum and remove unnecessary fields

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 89bdc5563cc6f829add64b62231349be2912c5ef Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 14 20:53:31 2022 +0000

perl-MIME-Base32: Update checksum and remove unnecessary fields

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 4f3f7f57847312aec2d406d9165950faf50d9099 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 14 20:52:12 2022 +0000

perl-Imager-QRCode: Update checksum and remove unnecessary fields

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 42a2a93911fb8bd96f7878dd48eec4a3eab5aa68 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 14 20:50:12 2022 +0000

perl-Imager: Update checksum and remove unnecessary fields

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit aeff5e3fee7f1a0c5816ff47918fce1feb693d6a Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 14 20:48:39 2022 +0000

perl-File-Remove: Update checksum and drop unnecessary fields

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit baf62b83cbf5300055d4bd0fc8073874794a5197 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 14 20:48:20 2022 +0000

oauth-toolkit: Update checksum and drop unnecessary fields

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit e0fa8c25e88860df2f1dd9e60a212d9f3a4fbb4d Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 14 19:15:42 2022 +0000

qrencode: Rename package and update checksum

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit e1e10515ece3bbe51936d572f32b14f02db6750d Author: Timo Eissler timo.eissler@ipfire.org Date: Fri Apr 8 10:50:20 2022 +0200

OpenVPN: Add support for 2FA / One-Time Password

Add two-factor authentication (2FA) to OpenVPN host connections with one-time passwords.

The 2FA can be enabled or disabled per host connection and requires the client to download it's configuration again after 2FA has beend enabled for it. Additionally the client needs to configure an TOTP application, like "Google Authenticator" which then provides the second factor. To faciliate this every connection with enabled 2FA gets an "show qrcode" button after the "show file" button in the host connection list to show the 2FA secret and an 2FA configuration QRCode.

When 2FA is enabled, the client needs to provide the second factor plus the private key password (if set) to successfully authorize.

This only supports time based one-time passwords, TOTP with 30s window and 6 digits, for now but we may update this in the future.

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

commit dc124917e3a0468ae4f1a4c6fe15ed3c68fc2f62 Author: Timo Eissler timo.eissler@ipfire.org Date: Fri Apr 8 08:11:07 2022 +0200

perl-MIME-Base32: New package

Base32 encoder and decoder

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

commit e97759c292d49a5c397e52fe46a17e4674623f29 Author: Timo Eissler timo.eissler@ipfire.org Date: Mon Apr 4 17:58:19 2022 +0200

perl-Imager-QRCode: New package

Generate QR Code with Imager using libqrencode

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

commit bc8bea129cbd85a8921b1fe47b07da5452f8ed6a Author: Timo Eissler timo.eissler@ipfire.org Date: Mon Apr 4 17:56:44 2022 +0200

perl-Imager: New package

Perl extension for Generating 24 bit Images

Required by perl-Imager-QRCode.

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

commit cb36c0929c6aab35e6c78d90d58e53d2ffc6010d Author: Timo Eissler timo.eissler@ipfire.org Date: Mon Apr 4 17:54:36 2022 +0200

perl-Module-Install: New package

Module::Install configuration system

Required by perl-Imager-QRCode.

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

commit 3aeadfd8bda88ca123cb0bfffc3c6d55c0fb3fdc Author: Timo Eissler timo.eissler@ipfire.org Date: Mon Apr 4 17:49:42 2022 +0200

perl-YAML-Tiny: New package

Read/Write YAML files with as little code as possible

Required by perl-Module-Install.

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

commit bfc889a70ac4e2ef2f7a126611aa927c0efd6c40 Author: Timo Eissler timo.eissler@ipfire.org Date: Mon Apr 4 17:48:32 2022 +0200

perl-Module-ScanDeps: New package

Recursively scan Perl code for dependencies

Required by perl-Module-Install.

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

commit a102cdbae1243c8dd113a0a118ce891e43850ab5 Author: Timo Eissler timo.eissler@ipfire.org Date: Mon Apr 4 17:46:56 2022 +0200

perl-Module-Build: New package

Build and install Perl modules

Required by perl-Module-Install.

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

commit 6f8b1c534ecdb9dd9f8042da5ac7778c5574b154 Author: Timo Eissler timo.eissler@ipfire.org Date: Mon Apr 4 17:45:01 2022 +0200

perl-File-Remove: New package

Remove files and directories

Required by perl-Module-Install.

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

commit 3780b7a4ace485be68c874185ee5dacddd824f9e Author: Timo Eissler timo.eissler@ipfire.org Date: Mon Apr 4 12:47:37 2022 +0200

libqrcode: New package

A fast and compact QR Code encoding library.

Homepage: https://fukuchi.org/works/qrencode/ Source: https://fukuchi.org/works/qrencode/qrencode-4.1.1.tar.gz

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

commit 7e4af6eb54bcbd1fa651610d8f0a99d86270042c Author: Timo Eissler timo.eissler@ipfire.org Date: Mon Apr 4 11:38:43 2022 +0200

oath-toolkit: New package

OATH Toolkit provide components to build one-time password authentication systems.

Homepage: https://www.nongnu.org/oath-toolkit/index.html Source: https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6....

Signed-off-by: Timo Eissler timo.eissler@ipfire.org

-----------------------------------------------------------------------

Summary of changes: config/httpd/vhosts.d/ipfire-interface-ssl.conf | 2 +- config/httpd/vhosts.d/ipfire-interface.conf | 2 +- config/ovpn/openvpn-authenticator | 381 +++++++++++++++++++++ config/rootfiles/common/oath-toolkit | 219 ++++++++++++ config/rootfiles/common/openvpn | 1 + config/rootfiles/common/perl-File-Remove | 4 + config/rootfiles/common/perl-Imager | 165 +++++++++ config/rootfiles/common/perl-Imager-QRCode | 5 + config/rootfiles/common/perl-MIME-Base32 | 4 + config/rootfiles/common/perl-Module-Build | 51 +++ config/rootfiles/common/perl-Module-Install | 66 ++++ config/rootfiles/common/perl-Module-ScanDeps | 8 + config/rootfiles/common/perl-URI-Encode | 4 + config/rootfiles/common/perl-YAML-Tiny | 6 + config/rootfiles/common/qrencode | 8 + config/rootfiles/core/169/filelists/files | 4 + config/rootfiles/core/169/filelists/oath-toolkit | 1 + .../rootfiles/core/169/filelists/perl-File-Remove | 1 + config/rootfiles/core/169/filelists/perl-Imager | 1 + .../core/169/filelists/perl-Imager-QRCode | 1 + .../rootfiles/core/169/filelists/perl-MIME-Base32 | 1 + .../rootfiles/core/169/filelists/perl-Module-Build | 1 + .../core/169/filelists/perl-Module-Install | 1 + .../core/169/filelists/perl-Module-ScanDeps | 1 + .../rootfiles/core/169/filelists/perl-URI-Encode | 1 + config/rootfiles/core/169/filelists/perl-YAML-Tiny | 1 + config/rootfiles/core/169/filelists/qrencode | 1 + html/cgi-bin/ovpnmain.cgi | 93 ++++- html/html/images/qr-code.png | Bin 0 -> 760 bytes html/html/images/qr-code.svg | 49 +++ langs/de/cgi-bin/de.pl | 4 + langs/en/cgi-bin/en.pl | 4 + lfs/{openvpn => oath-toolkit} | 48 +-- lfs/openvpn | 4 + lfs/{openvpn => perl-File-Remove} | 51 +-- lfs/{openvpn => perl-Imager} | 51 +-- lfs/{openvpn => perl-Imager-QRCode} | 51 +-- lfs/{openvpn => perl-MIME-Base32} | 51 +-- lfs/{openvpn => perl-Module-Build} | 51 +-- lfs/{openvpn => perl-Module-Install} | 51 +-- lfs/{openvpn => perl-Module-ScanDeps} | 52 +-- lfs/{openvpn => perl-URI-Encode} | 51 +-- lfs/{openvpn => perl-YAML-Tiny} | 51 +-- lfs/{openvpn => qrencode} | 51 +-- make.sh | 11 + src/misc-progs/openvpnctrl.c | 21 ++ 46 files changed, 1263 insertions(+), 423 deletions(-) create mode 100644 config/ovpn/openvpn-authenticator create mode 100644 config/rootfiles/common/oath-toolkit create mode 100644 config/rootfiles/common/perl-File-Remove create mode 100644 config/rootfiles/common/perl-Imager create mode 100644 config/rootfiles/common/perl-Imager-QRCode create mode 100644 config/rootfiles/common/perl-MIME-Base32 create mode 100644 config/rootfiles/common/perl-Module-Build create mode 100644 config/rootfiles/common/perl-Module-Install create mode 100644 config/rootfiles/common/perl-Module-ScanDeps create mode 100644 config/rootfiles/common/perl-URI-Encode create mode 100644 config/rootfiles/common/perl-YAML-Tiny create mode 100644 config/rootfiles/common/qrencode create mode 120000 config/rootfiles/core/169/filelists/oath-toolkit create mode 120000 config/rootfiles/core/169/filelists/perl-File-Remove create mode 120000 config/rootfiles/core/169/filelists/perl-Imager create mode 120000 config/rootfiles/core/169/filelists/perl-Imager-QRCode create mode 120000 config/rootfiles/core/169/filelists/perl-MIME-Base32 create mode 120000 config/rootfiles/core/169/filelists/perl-Module-Build create mode 120000 config/rootfiles/core/169/filelists/perl-Module-Install create mode 120000 config/rootfiles/core/169/filelists/perl-Module-ScanDeps create mode 120000 config/rootfiles/core/169/filelists/perl-URI-Encode create mode 120000 config/rootfiles/core/169/filelists/perl-YAML-Tiny create mode 120000 config/rootfiles/core/169/filelists/qrencode create mode 100644 html/html/images/qr-code.png create mode 100644 html/html/images/qr-code.svg copy lfs/{openvpn => oath-toolkit} (65%) copy lfs/{openvpn => perl-File-Remove} (65%) copy lfs/{openvpn => perl-Imager} (65%) copy lfs/{openvpn => perl-Imager-QRCode} (65%) copy lfs/{openvpn => perl-MIME-Base32} (65%) copy lfs/{openvpn => perl-Module-Build} (65%) copy lfs/{openvpn => perl-Module-Install} (65%) copy lfs/{openvpn => perl-Module-ScanDeps} (65%) copy lfs/{openvpn => perl-URI-Encode} (65%) copy lfs/{openvpn => perl-YAML-Tiny} (65%) copy lfs/{openvpn => qrencode} (65%)

Difference in files: diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf index 8c4cf3806..639f1d479 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -21,7 +21,7 @@ SSLCertificateKeyFile /etc/httpd/server-ecdsa.key

Header always set X-Content-Type-Options nosniff - Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'" + Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:" Header always set Referrer-Policy strict-origin Header always set X-Frame-Options sameorigin

diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhosts.d/ipfire-interface.conf index 2cf57dd29..caa4b92f0 100644 --- a/config/httpd/vhosts.d/ipfire-interface.conf +++ b/config/httpd/vhosts.d/ipfire-interface.conf @@ -7,7 +7,7 @@ RewriteRule .* - [F]

Header always set X-Content-Type-Options nosniff - Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'" + Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src: 'self' data:" Header always set Referrer-Policy strict-origin Header always set X-Frame-Options sameorigin

diff --git a/config/ovpn/openvpn-authenticator b/config/ovpn/openvpn-authenticator new file mode 100644 index 000000000..65844012b --- /dev/null +++ b/config/ovpn/openvpn-authenticator @@ -0,0 +1,381 @@ +#!/usr/bin/python3 +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2022 Michael Tremer # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +import argparse +import base64 +import csv +import daemon +import logging +import logging.handlers +import signal +import socket +import subprocess +import sys + +OPENVPN_CONFIG = "/var/ipfire/ovpn/ovpnconfig" + +CHALLENGETEXT = "One Time Token: " + +log = logging.getLogger() +log.setLevel(logging.DEBUG) + +def setup_logging(daemon=True, loglevel=logging.INFO): + log.setLevel(loglevel) + + # Log to syslog by default + handler = logging.handlers.SysLogHandler(address="/dev/log", facility="daemon") + log.addHandler(handler) + + # Format everything + formatter = logging.Formatter("%(name)s[%(process)d]: %(message)s") + handler.setFormatter(formatter) + + handler.setLevel(loglevel) + + # If we are running in foreground, we should write everything to the console, too + if not daemon: + handler = logging.StreamHandler() + log.addHandler(handler) + + handler.setLevel(loglevel) + + return log + +class OpenVPNAuthenticator(object): + def __init__(self, socket_path): + self.socket_path = socket_path + + def _read_line(self): + buf = [] + + while True: + char = self.sock.recv(1) + buf.append(char) + + # Reached end of line + if char == b"\n": + break + + line = b"".join(buf).decode() + line = line.rstrip() + + log.debug("< %s" % line) + + return line + + def _write_line(self, line): + log.debug("> %s" % line) + + if not line.endswith("\n"): + line = "%s\n" % line + + # Convert into bytes + buf = line.encode() + + # Send to socket + self.sock.send(buf) + + def _send_command(self, command): + # Send the command + self._write_line(command) + + return # XXX Code below doesn't work + + # Read response + response = self._read_line() + + # Handle response + if not response.startswith("SUCCESS:"): + log.error("Command '%s' returned an error:" % command) + log.error(" %s" % response) + + return response + + def run(self): + # Connect to socket + self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) + self.sock.connect(self.socket_path) + + log.info("OpenVPN Authenticator started") + + while True: + line = self._read_line() + + if line.startswith(">CLIENT"): + self._client_event(line) + + log.info("OpenVPN Authenticator terminated") + + def terminate(self, *args): + # XXX TODO + raise SystemExit + + def _client_event(self, line): + # Strip away "CLIENT:" + client, delim, line = line.partition(":") + + # Extract the event & split any arguments + event, delim, arguments = line.partition(",") + arguments = arguments.split(",") + + environ = {} + + if event == "CONNECT": + environ = self._read_env(environ) + self._client_connect(*arguments, environ=environ) + elif event == "DISCONNECT": + environ = self._read_env(environ) + self._client_disconnect(*arguments, environ=environ) + elif event == "REAUTH": + environ = self._read_env(environ) + self._client_reauth(*arguments, environ=environ) + elif event == "ESTABLISHED": + environ = self._read_env(environ) + else: + log.debug("Unhandled event: %s" % event) + + def _read_env(self, environ): + # Read environment + while True: + line = self._read_line() + + if not line.startswith(">CLIENT:ENV,"): + raise RuntimeError("Unexpected environment line: %s" % line) + + # Strip >CLIENT:ENV, + line = line[12:] + + # Done + if line == "END": + break + + # Parse environment + key, delim, value = line.partition("=") + environ[key] = value + + return environ + + def _client_connect(self, cid, kid, environ={}): + log.debug("Received client connect (cid=%s, kid=%s)" % (cid, kid)) + for key in sorted(environ): + log.debug(" %s : %s" % (key, environ[key])) + + # Fetch common name + common_name = environ.get("common_name") + + # Find connection details + conn = self._find_connection(common_name) + if not conn: + log.warning("Could not find connection '%s'" % common_name) + # XXX deny auth? + + log.debug("Found connection:") + for key in conn: + log.debug(" %s : %s" % (key, conn[key])) + + # Perform no further checks if TOTP is disabled for this client + if not conn.get("totp_status") == "on": + return self._client_auth_successful(cid, kid) + + # Fetch username & password + username = environ.get("username") + password = environ.get("password") + + # Client sent the special password TOTP to start challenge authentication + if password == "TOTP": + return self._client_auth_challenge(cid, kid, + username=common_name, password="TOTP") + + elif password.startswith("CRV1:"): + log.debug("Received dynamic challenge response %s" % password) + + # Decode the string + (command, flags, username, password, token) = password.split(":", 5) + + # Decode username + username = self._b64decode(username) + + # Check if username matches common name + if username == common_name: + # Check if TOTP token matches + if self._check_totp_token(token, conn.get("totp_secret")): + return self._client_auth_successful(cid, kid) + + # Restart authentication + self._client_auth_challenge(cid, kid, + username=common_name, password="TOTP") + + def _client_disconnect(self, cid, environ={}): + """ + Handles CLIENT:DISCONNECT events + """ + pass + + def _client_reauth(self, cid, kid, environ={}): + """ + Handles CLIENT:REAUTH events + """ + # Perform no checks + self._client_auth_successful(cid, kid) + + def _client_auth_challenge(self, cid, kid, username, password): + """ + Initiates a dynamic challenge authentication with the client + """ + log.debug("Sending request for dynamic challenge...") + + self._send_command( + "client-deny %s %s "CRV1" "CRV1:R,E:%s:%s:%s"" % ( + cid, + kid, + self._b64encode(username), + self._b64encode(password), + self._escape(CHALLENGETEXT), + ), + ) + + def _client_auth_successful(self, cid, kid): + """ + Sends a positive authentication response + """ + log.debug("Client Authentication Successful (cid=%s, kid=%s)" % (cid, kid)) + + self._send_command( + "client-auth-nt %s %s" % (cid, kid), + ) + + @staticmethod + def _b64encode(s): + return base64.b64encode(s.encode()).decode() + + @staticmethod + def _b64decode(s): + return base64.b64decode(s.encode()).decode() + + @staticmethod + def _escape(s): + return s.replace(" ", "\ ") + + def _find_connection(self, common_name): + with open(OPENVPN_CONFIG, "r") as f: + for row in csv.reader(f, dialect="unix"): + # Skip empty rows or rows that are too short + if not row or len(row) < 5: + continue + + # Skip disabled connections + if not row[1] == "on": + continue + + # Skip any net-2-net connections + if not row[4] == "host": + continue + + # Skip if common name does not match + if not row[3] == common_name: + continue + + # Return match! + conn = { + "name" : row[2], + "common_name" : row[3], + } + + # TOTP options + try: + conn |= { + "totp_protocol" : row[43], + "totp_status" : row[44], + "totp_secret" : row[45], + } + except IndexError: + pass + + return conn + + + def _check_totp_token(self, token, secret): + p = subprocess.run( + ["oathtool", "--totp", "-w", "3", "%s" % secret], + capture_output=True, + ) + + # Catch any errors if we could not run the command + if p.returncode: + log.error("Could not run oathtool: %s" % p.stderr) + + return False + + # Reading returned tokens looking for a match + for line in p.stdout.split(b"\n"): + # Skip empty/last line(s) + if not line: + continue + + # Decode bytes into string + line = line.decode() + + # Return True if a token matches + if line == token: + return True + + # No match + return False + + +if __name__ == "__main__": + parser = argparse.ArgumentParser(description="OpenVPN Authenticator") + + # Daemon Stuff + parser.add_argument("--daemon", "-d", action="store_true", + help="Launch as daemon in background") + parser.add_argument("--verbose", "-v", action="count", help="Be more verbose") + + # Paths + parser.add_argument("--socket", default="/var/run/openvpn.sock", + metavar="PATH", help="Path to OpenVPN Management Socket") + + # Parse command line arguments + args = parser.parse_args() + + # Setup logging + loglevel = logging.WARN + + if args.verbose: + if args.verbose == 1: + loglevel = logging.INFO + elif args.verbose >= 2: + loglevel = logging.DEBUG + + # Create an authenticator + authenticator = OpenVPNAuthenticator(args.socket) + + with daemon.DaemonContext( + detach_process=args.daemon, + stderr=None if args.daemon else sys.stderr, + signal_map = { + signal.SIGINT : authenticator.terminate, + signal.SIGTERM : authenticator.terminate, + }, + ) as daemon: + setup_logging(daemon=args.daemon, loglevel=loglevel) + + authenticator.run() diff --git a/config/rootfiles/common/oath-toolkit b/config/rootfiles/common/oath-toolkit new file mode 100644 index 000000000..ef10a861f --- /dev/null +++ b/config/rootfiles/common/oath-toolkit @@ -0,0 +1,219 @@ +usr/bin/oathtool +#usr/bin/pskctool +#usr/include/liboath +#usr/include/liboath/oath.h +#usr/include/pskc +#usr/include/pskc/container.h +#usr/include/pskc/enums.h +#usr/include/pskc/errors.h +#usr/include/pskc/exports.h +#usr/include/pskc/global.h +#usr/include/pskc/keypackage.h +#usr/include/pskc/pskc.h +#usr/include/pskc/version.h +#usr/lib/liboath.a +#usr/lib/liboath.la +#usr/lib/liboath.so +usr/lib/liboath.so.0 +usr/lib/liboath.so.0.1.3 +#usr/lib/libpskc.a +#usr/lib/libpskc.la +#usr/lib/libpskc.so +#usr/lib/libpskc.so.0 +#usr/lib/libpskc.so.0.0.1 +#usr/lib/pkgconfig/liboath.pc +#usr/lib/pkgconfig/libpskc.pc +#usr/lib/security/pam_oath.la +#usr/lib/security/pam_oath.so +#usr/share/gtk-doc/html/liboath +#usr/share/gtk-doc/html/liboath/api-index-1-10-0.html +#usr/share/gtk-doc/html/liboath/api-index-1-12-0.html +#usr/share/gtk-doc/html/liboath/api-index-1-4-0.html +#usr/share/gtk-doc/html/liboath/api-index-1-6-0.html +#usr/share/gtk-doc/html/liboath/api-index-1-8-0.html +#usr/share/gtk-doc/html/liboath/api-index-2-4-0.html +#usr/share/gtk-doc/html/liboath/api-index-2-6-0.html +#usr/share/gtk-doc/html/liboath/api-index-full.html +#usr/share/gtk-doc/html/liboath/deprecated-api-index.html +#usr/share/gtk-doc/html/liboath/home.png +#usr/share/gtk-doc/html/liboath/index.html +#usr/share/gtk-doc/html/liboath/intro.html +#usr/share/gtk-doc/html/liboath/left-insensitive.png +#usr/share/gtk-doc/html/liboath/left.png +#usr/share/gtk-doc/html/liboath/liboath-oath.h.html +#usr/share/gtk-doc/html/liboath/liboath.devhelp2 +#usr/share/gtk-doc/html/liboath/right-insensitive.png +#usr/share/gtk-doc/html/liboath/right.png +#usr/share/gtk-doc/html/liboath/style.css +#usr/share/gtk-doc/html/liboath/up-insensitive.png +#usr/share/gtk-doc/html/liboath/up.png +#usr/share/gtk-doc/html/libpskc +#usr/share/gtk-doc/html/libpskc/api-index-2-2-0.html +#usr/share/gtk-doc/html/libpskc/api-index-full.html +#usr/share/gtk-doc/html/libpskc/deprecated-api-index.html +#usr/share/gtk-doc/html/libpskc/home.png +#usr/share/gtk-doc/html/libpskc/index.html +#usr/share/gtk-doc/html/libpskc/left-insensitive.png +#usr/share/gtk-doc/html/libpskc/left.png +#usr/share/gtk-doc/html/libpskc/libpskc-container.html +#usr/share/gtk-doc/html/libpskc/libpskc-enums.html +#usr/share/gtk-doc/html/libpskc/libpskc-errors.html +#usr/share/gtk-doc/html/libpskc/libpskc-global.html +#usr/share/gtk-doc/html/libpskc/libpskc-keypackage.html +#usr/share/gtk-doc/html/libpskc/libpskc-pskc.html +#usr/share/gtk-doc/html/libpskc/libpskc-version.html +#usr/share/gtk-doc/html/libpskc/libpskc.devhelp2 +#usr/share/gtk-doc/html/libpskc/pskc-reference.html +#usr/share/gtk-doc/html/libpskc/pskc-tutorial-libpskc-create.html +#usr/share/gtk-doc/html/libpskc/pskc-tutorial-libpskc-sign.html +#usr/share/gtk-doc/html/libpskc/pskc-tutorial-libpskc-verify.html +#usr/share/gtk-doc/html/libpskc/pskc-tutorial-library.html +#usr/share/gtk-doc/html/libpskc/pskc-tutorial-pskctool-sign.html +#usr/share/gtk-doc/html/libpskc/pskc-tutorial-pskctool-validate.html +#usr/share/gtk-doc/html/libpskc/pskc-tutorial-pskctool-verify.html +#usr/share/gtk-doc/html/libpskc/pskc-tutorial-pskctool.html +#usr/share/gtk-doc/html/libpskc/pskc-tutorial-quickstart.html +#usr/share/gtk-doc/html/libpskc/pskc-tutorial.html +#usr/share/gtk-doc/html/libpskc/right-insensitive.png +#usr/share/gtk-doc/html/libpskc/right.png +#usr/share/gtk-doc/html/libpskc/style.css +#usr/share/gtk-doc/html/libpskc/up-insensitive.png +#usr/share/gtk-doc/html/libpskc/up.png +#usr/share/man/man1/oathtool.1 +#usr/share/man/man1/pskctool.1 +#usr/share/man/man3/oath_authenticate_usersfile.3 +#usr/share/man/man3/oath_base32_decode.3 +#usr/share/man/man3/oath_base32_encode.3 +#usr/share/man/man3/oath_bin2hex.3 +#usr/share/man/man3/oath_check_version.3 +#usr/share/man/man3/oath_done.3 +#usr/share/man/man3/oath_hex2bin.3 +#usr/share/man/man3/oath_hotp_generate.3 +#usr/share/man/man3/oath_hotp_validate.3 +#usr/share/man/man3/oath_hotp_validate_callback.3 +#usr/share/man/man3/oath_init.3 +#usr/share/man/man3/oath_strerror.3 +#usr/share/man/man3/oath_strerror_name.3 +#usr/share/man/man3/oath_totp_generate.3 +#usr/share/man/man3/oath_totp_generate2.3 +#usr/share/man/man3/oath_totp_validate.3 +#usr/share/man/man3/oath_totp_validate2.3 +#usr/share/man/man3/oath_totp_validate2_callback.3 +#usr/share/man/man3/oath_totp_validate3.3 +#usr/share/man/man3/oath_totp_validate3_callback.3 +#usr/share/man/man3/oath_totp_validate4.3 +#usr/share/man/man3/oath_totp_validate4_callback.3 +#usr/share/man/man3/oath_totp_validate_callback.3 +#usr/share/man/man3/pskc_add_keypackage.3 +#usr/share/man/man3/pskc_build_xml.3 +#usr/share/man/man3/pskc_check_version.3 +#usr/share/man/man3/pskc_done.3 +#usr/share/man/man3/pskc_free.3 +#usr/share/man/man3/pskc_get_cryptomodule_id.3 +#usr/share/man/man3/pskc_get_device_devicebinding.3 +#usr/share/man/man3/pskc_get_device_expirydate.3 +#usr/share/man/man3/pskc_get_device_issueno.3 +#usr/share/man/man3/pskc_get_device_manufacturer.3 +#usr/share/man/man3/pskc_get_device_model.3 +#usr/share/man/man3/pskc_get_device_serialno.3 +#usr/share/man/man3/pskc_get_device_startdate.3 +#usr/share/man/man3/pskc_get_device_userid.3 +#usr/share/man/man3/pskc_get_id.3 +#usr/share/man/man3/pskc_get_key_algorithm.3 +#usr/share/man/man3/pskc_get_key_algparm_chall_checkdigits.3 +#usr/share/man/man3/pskc_get_key_algparm_chall_encoding.3 +#usr/share/man/man3/pskc_get_key_algparm_chall_max.3 +#usr/share/man/man3/pskc_get_key_algparm_chall_min.3 +#usr/share/man/man3/pskc_get_key_algparm_resp_checkdigits.3 +#usr/share/man/man3/pskc_get_key_algparm_resp_encoding.3 +#usr/share/man/man3/pskc_get_key_algparm_resp_length.3 +#usr/share/man/man3/pskc_get_key_algparm_suite.3 +#usr/share/man/man3/pskc_get_key_data_b64secret.3 +#usr/share/man/man3/pskc_get_key_data_counter.3 +#usr/share/man/man3/pskc_get_key_data_secret.3 +#usr/share/man/man3/pskc_get_key_data_time.3 +#usr/share/man/man3/pskc_get_key_data_timedrift.3 +#usr/share/man/man3/pskc_get_key_data_timeinterval.3 +#usr/share/man/man3/pskc_get_key_friendlyname.3 +#usr/share/man/man3/pskc_get_key_id.3 +#usr/share/man/man3/pskc_get_key_issuer.3 +#usr/share/man/man3/pskc_get_key_policy_expirydate.3 +#usr/share/man/man3/pskc_get_key_policy_keyusages.3 +#usr/share/man/man3/pskc_get_key_policy_numberoftransactions.3 +#usr/share/man/man3/pskc_get_key_policy_pinencoding.3 +#usr/share/man/man3/pskc_get_key_policy_pinkeyid.3 +#usr/share/man/man3/pskc_get_key_policy_pinmaxfailedattempts.3 +#usr/share/man/man3/pskc_get_key_policy_pinmaxlength.3 +#usr/share/man/man3/pskc_get_key_policy_pinminlength.3 +#usr/share/man/man3/pskc_get_key_policy_pinusagemode.3 +#usr/share/man/man3/pskc_get_key_policy_startdate.3 +#usr/share/man/man3/pskc_get_key_profileid.3 +#usr/share/man/man3/pskc_get_key_reference.3 +#usr/share/man/man3/pskc_get_key_userid.3 +#usr/share/man/man3/pskc_get_keypackage.3 +#usr/share/man/man3/pskc_get_signed_p.3 +#usr/share/man/man3/pskc_get_version.3 +#usr/share/man/man3/pskc_global_done.3 +#usr/share/man/man3/pskc_global_init.3 +#usr/share/man/man3/pskc_global_log.3 +#usr/share/man/man3/pskc_init.3 +#usr/share/man/man3/pskc_keyusage2str.3 +#usr/share/man/man3/pskc_output.3 +#usr/share/man/man3/pskc_parse_from_memory.3 +#usr/share/man/man3/pskc_pinusagemode2str.3 +#usr/share/man/man3/pskc_set_cryptomodule_id.3 +#usr/share/man/man3/pskc_set_device_devicebinding.3 +#usr/share/man/man3/pskc_set_device_expirydate.3 +#usr/share/man/man3/pskc_set_device_issueno.3 +#usr/share/man/man3/pskc_set_device_manufacturer.3 +#usr/share/man/man3/pskc_set_device_model.3 +#usr/share/man/man3/pskc_set_device_serialno.3 +#usr/share/man/man3/pskc_set_device_startdate.3 +#usr/share/man/man3/pskc_set_device_userid.3 +#usr/share/man/man3/pskc_set_id.3 +#usr/share/man/man3/pskc_set_key_algorithm.3 +#usr/share/man/man3/pskc_set_key_algparm_chall_checkdigits.3 +#usr/share/man/man3/pskc_set_key_algparm_chall_encoding.3 +#usr/share/man/man3/pskc_set_key_algparm_chall_max.3 +#usr/share/man/man3/pskc_set_key_algparm_chall_min.3 +#usr/share/man/man3/pskc_set_key_algparm_resp_checkdigits.3 +#usr/share/man/man3/pskc_set_key_algparm_resp_encoding.3 +#usr/share/man/man3/pskc_set_key_algparm_resp_length.3 +#usr/share/man/man3/pskc_set_key_algparm_suite.3 +#usr/share/man/man3/pskc_set_key_data_b64secret.3 +#usr/share/man/man3/pskc_set_key_data_counter.3 +#usr/share/man/man3/pskc_set_key_data_secret.3 +#usr/share/man/man3/pskc_set_key_data_time.3 +#usr/share/man/man3/pskc_set_key_data_timedrift.3 +#usr/share/man/man3/pskc_set_key_data_timeinterval.3 +#usr/share/man/man3/pskc_set_key_friendlyname.3 +#usr/share/man/man3/pskc_set_key_id.3 +#usr/share/man/man3/pskc_set_key_issuer.3 +#usr/share/man/man3/pskc_set_key_policy_expirydate.3 +#usr/share/man/man3/pskc_set_key_policy_keyusages.3 +#usr/share/man/man3/pskc_set_key_policy_numberoftransactions.3 +#usr/share/man/man3/pskc_set_key_policy_pinencoding.3 +#usr/share/man/man3/pskc_set_key_policy_pinkeyid.3 +#usr/share/man/man3/pskc_set_key_policy_pinmaxfailedattempts.3 +#usr/share/man/man3/pskc_set_key_policy_pinmaxlength.3 +#usr/share/man/man3/pskc_set_key_policy_pinminlength.3 +#usr/share/man/man3/pskc_set_key_policy_pinusagemode.3 +#usr/share/man/man3/pskc_set_key_policy_startdate.3 +#usr/share/man/man3/pskc_set_key_profileid.3 +#usr/share/man/man3/pskc_set_key_reference.3 +#usr/share/man/man3/pskc_set_key_userid.3 +#usr/share/man/man3/pskc_set_version.3 +#usr/share/man/man3/pskc_sign_x509.3 +#usr/share/man/man3/pskc_str2keyusage.3 +#usr/share/man/man3/pskc_str2pinusagemode.3 +#usr/share/man/man3/pskc_str2valueformat.3 +#usr/share/man/man3/pskc_strerror.3 +#usr/share/man/man3/pskc_strerror_name.3 +#usr/share/man/man3/pskc_validate.3 +#usr/share/man/man3/pskc_valueformat2str.3 +#usr/share/man/man3/pskc_verify_x509crt.3 +#usr/share/xml/pskc +#usr/share/xml/pskc/catalog-pskc.xml +#usr/share/xml/pskc/pskc-schema.xsd +#usr/share/xml/pskc/xenc-schema.xsd +#usr/share/xml/pskc/xmldsig-core-schema.xsd diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn index 6c3457d01..1784651b4 100644 --- a/config/rootfiles/common/openvpn +++ b/config/rootfiles/common/openvpn @@ -9,6 +9,7 @@ usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so usr/lib/openvpn/plugins/openvpn-plugin-down-root.so usr/lib/openvpn/verify usr/sbin/openvpn +usr/sbin/openvpn-authenticator #usr/share/doc/openvpn #usr/share/doc/openvpn/COPYING #usr/share/doc/openvpn/COPYRIGHT.GPL diff --git a/config/rootfiles/common/perl-File-Remove b/config/rootfiles/common/perl-File-Remove new file mode 100644 index 000000000..b9b646143 --- /dev/null +++ b/config/rootfiles/common/perl-File-Remove @@ -0,0 +1,4 @@ +usr/lib/perl5/site_perl/5.32.1/File/Remove.pm +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/File/Remove +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/File/Remove/.packlist +#usr/share/man/man3/File::Remove.3 diff --git a/config/rootfiles/common/perl-Imager b/config/rootfiles/common/perl-Imager new file mode 100644 index 000000000..2416a78b5 --- /dev/null +++ b/config/rootfiles/common/perl-Imager @@ -0,0 +1,165 @@ +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/API.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/APIRef.pod +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Color +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Color.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Color/Float.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Color/Table.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Cookbook.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/CountColor.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Draw.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Engines.pod +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Expr +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Expr.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Expr/Assem.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/ExtUtils.pm +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/CUR.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/ICO.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/JPEG.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/PNG.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/SGI.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/TIFF.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Files.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Fill.pm +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filter +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filter/DynTest.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filter/Flines.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filter/Mandelbrot.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filters.pod +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/BBox.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/FT2.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/FreeType2.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Image.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Test.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Truetype.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Type1.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Wrap.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Fountain.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Handy.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/IO.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/ImageTypes.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Inline.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Install.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/LargeSamples.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Matrix2d.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Preprocess.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Probe.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Regops.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Security.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Test.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Threads.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Transform.pm +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Transformations.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Tutorial.pod +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/draw.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/dynaload.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/ext.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/feat.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imager.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imageri.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imconfig.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imdatatypes.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imerror.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imexif.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imext.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imextdef.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imextpl.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imextpltypes.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imexttypes.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imio.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/immacros.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imperl.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imperlio.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imrender.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/iolayer.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/iolayert.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/log.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/plug.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/ppport.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/regmach.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/rendert.h +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/stackmach.h +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/interface.pod +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/regmach.pod +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/typemap +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/.packlist +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/CountColor +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/CountColor/CountColor.so +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/ICO +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/ICO/ICO.so +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/JPEG +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/JPEG/JPEG.so +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/PNG +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/PNG/PNG.so +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/SGI +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/SGI/SGI.so +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/TIFF +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/TIFF/TIFF.so +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/DynTest +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/DynTest/DynTest.so +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/Flines +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/Flines/Flines.so +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/Mandelbrot +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/Mandelbrot/Mandelbrot.so +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Font +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Font/FT2 +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Font/FT2/FT2.so +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Imager.so +#usr/share/man/man3/Imager.3 +#usr/share/man/man3/Imager::API.3 +#usr/share/man/man3/Imager::APIRef.3 +#usr/share/man/man3/Imager::Color.3 +#usr/share/man/man3/Imager::Color::Float.3 +#usr/share/man/man3/Imager::Color::Table.3 +#usr/share/man/man3/Imager::Cookbook.3 +#usr/share/man/man3/Imager::CountColor.3 +#usr/share/man/man3/Imager::Draw.3 +#usr/share/man/man3/Imager::Engines.3 +#usr/share/man/man3/Imager::Expr.3 +#usr/share/man/man3/Imager::Expr::Assem.3 +#usr/share/man/man3/Imager::ExtUtils.3 +#usr/share/man/man3/Imager::File::ICO.3 +#usr/share/man/man3/Imager::File::JPEG.3 +#usr/share/man/man3/Imager::File::PNG.3 +#usr/share/man/man3/Imager::File::SGI.3 +#usr/share/man/man3/Imager::File::TIFF.3 +#usr/share/man/man3/Imager::Files.3 +#usr/share/man/man3/Imager::Fill.3 +#usr/share/man/man3/Imager::Filter::Flines.3 +#usr/share/man/man3/Imager::Filter::Mandelbrot.3 +#usr/share/man/man3/Imager::Filters.3 +#usr/share/man/man3/Imager::Font.3 +#usr/share/man/man3/Imager::Font::BBox.3 +#usr/share/man/man3/Imager::Font::FT2.3 +#usr/share/man/man3/Imager::Font::FreeType2.3 +#usr/share/man/man3/Imager::Font::Test.3 +#usr/share/man/man3/Imager::Font::Truetype.3 +#usr/share/man/man3/Imager::Font::Type1.3 +#usr/share/man/man3/Imager::Font::Wrap.3 +#usr/share/man/man3/Imager::Fountain.3 +#usr/share/man/man3/Imager::Handy.3 +#usr/share/man/man3/Imager::IO.3 +#usr/share/man/man3/Imager::ImageTypes.3 +#usr/share/man/man3/Imager::Inline.3 +#usr/share/man/man3/Imager::Install.3 +#usr/share/man/man3/Imager::LargeSamples.3 +#usr/share/man/man3/Imager::Matrix2d.3 +#usr/share/man/man3/Imager::Preprocess.3 +#usr/share/man/man3/Imager::Probe.3 +#usr/share/man/man3/Imager::Regops.3 +#usr/share/man/man3/Imager::Security.3 +#usr/share/man/man3/Imager::Test.3 +#usr/share/man/man3/Imager::Threads.3 +#usr/share/man/man3/Imager::Transform.3 +#usr/share/man/man3/Imager::Transformations.3 +#usr/share/man/man3/Imager::Tutorial.3 +#usr/share/man/man3/Imager::interface.3 +#usr/share/man/man3/Imager::regmach.3 diff --git a/config/rootfiles/common/perl-Imager-QRCode b/config/rootfiles/common/perl-Imager-QRCode new file mode 100644 index 000000000..0ca11f270 --- /dev/null +++ b/config/rootfiles/common/perl-Imager-QRCode @@ -0,0 +1,5 @@ +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/QRCode.pm +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/QRCode +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/QRCode/.packlist +usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/QRCode/QRCode.so +#usr/share/man/man3/Imager::QRCode.3 diff --git a/config/rootfiles/common/perl-MIME-Base32 b/config/rootfiles/common/perl-MIME-Base32 new file mode 100644 index 000000000..31c21ef21 --- /dev/null +++ b/config/rootfiles/common/perl-MIME-Base32 @@ -0,0 +1,4 @@ +usr/lib/perl5/site_perl/5.32.1/MIME/Base32.pm +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/MIME/Base32 +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/MIME/Base32/.packlist +#usr/share/man/man3/MIME::Base32.3 diff --git a/config/rootfiles/common/perl-Module-Build b/config/rootfiles/common/perl-Module-Build new file mode 100644 index 000000000..16cecf272 --- /dev/null +++ b/config/rootfiles/common/perl-Module-Build @@ -0,0 +1,51 @@ +#usr/bin/config_data +#usr/lib/perl5/site_perl/5.32.1/Module +#usr/lib/perl5/site_perl/5.32.1/Module/Build +#usr/lib/perl5/site_perl/5.32.1/Module/Build.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/API.pod +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Authoring.pod +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Base.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Bundling.pod +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Compat.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Config.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/ConfigData.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Cookbook.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Dumper.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Notes.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/PPMMaker.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/Default.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/MacOS.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/Unix.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/VMS.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/VOS.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/Windows.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/aix.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/cygwin.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/darwin.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/os2.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Build/PodParser.pm +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/Build +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/Build/.packlist +#usr/share/man/man1/config_data.1 +#usr/share/man/man3/Module::Build.3 +#usr/share/man/man3/Module::Build::API.3 +#usr/share/man/man3/Module::Build::Authoring.3 +#usr/share/man/man3/Module::Build::Base.3 +#usr/share/man/man3/Module::Build::Bundling.3 +#usr/share/man/man3/Module::Build::Compat.3 +#usr/share/man/man3/Module::Build::ConfigData.3 +#usr/share/man/man3/Module::Build::Cookbook.3 +#usr/share/man/man3/Module::Build::Notes.3 +#usr/share/man/man3/Module::Build::PPMMaker.3 +#usr/share/man/man3/Module::Build::Platform::Default.3 +#usr/share/man/man3/Module::Build::Platform::MacOS.3 +#usr/share/man/man3/Module::Build::Platform::Unix.3 +#usr/share/man/man3/Module::Build::Platform::VMS.3 +#usr/share/man/man3/Module::Build::Platform::VOS.3 +#usr/share/man/man3/Module::Build::Platform::Windows.3 +#usr/share/man/man3/Module::Build::Platform::aix.3 +#usr/share/man/man3/Module::Build::Platform::cygwin.3 +#usr/share/man/man3/Module::Build::Platform::darwin.3 +#usr/share/man/man3/Module::Build::Platform::os2.3 diff --git a/config/rootfiles/common/perl-Module-Install b/config/rootfiles/common/perl-Module-Install new file mode 100644 index 000000000..caabe9375 --- /dev/null +++ b/config/rootfiles/common/perl-Module-Install @@ -0,0 +1,66 @@ +#usr/lib/perl5/site_perl/5.32.1/Module/AutoInstall.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install +#usr/lib/perl5/site_perl/5.32.1/Module/Install.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install.pod +#usr/lib/perl5/site_perl/5.32.1/Module/Install/API.pod +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Bundle.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Compiler.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Find.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Include.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Makefile.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Manifest.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Metadata.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/ScanDeps.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/WriteAll.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/AutoInstall.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Base.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Bundle.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Can.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Compiler.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/DSL.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Deprecated.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/External.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/FAQ.pod +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Fetch.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Include.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Inline.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/MakeMaker.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Makefile.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Metadata.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/PAR.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Philosophy.pod +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Run.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Scripts.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Share.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/Win32.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/With.pm +#usr/lib/perl5/site_perl/5.32.1/Module/Install/WriteAll.pm +#usr/lib/perl5/site_perl/5.32.1/inc +#usr/lib/perl5/site_perl/5.32.1/inc/Module +#usr/lib/perl5/site_perl/5.32.1/inc/Module/Install +#usr/lib/perl5/site_perl/5.32.1/inc/Module/Install.pm +#usr/lib/perl5/site_perl/5.32.1/inc/Module/Install/DSL.pm +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/Install +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/Install/.packlist +#usr/share/man/man3/Module::AutoInstall.3 +#usr/share/man/man3/Module::Install.3 +#usr/share/man/man3/Module::Install::API.3 +#usr/share/man/man3/Module::Install::Admin.3 +#usr/share/man/man3/Module::Install::Admin::Include.3 +#usr/share/man/man3/Module::Install::Admin::Manifest.3 +#usr/share/man/man3/Module::Install::Base.3 +#usr/share/man/man3/Module::Install::Bundle.3 +#usr/share/man/man3/Module::Install::Can.3 +#usr/share/man/man3/Module::Install::Compiler.3 +#usr/share/man/man3/Module::Install::Deprecated.3 +#usr/share/man/man3/Module::Install::External.3 +#usr/share/man/man3/Module::Install::FAQ.3 +#usr/share/man/man3/Module::Install::Makefile.3 +#usr/share/man/man3/Module::Install::PAR.3 +#usr/share/man/man3/Module::Install::Philosophy.3 +#usr/share/man/man3/Module::Install::Share.3 +#usr/share/man/man3/Module::Install::With.3 +#usr/share/man/man3/inc::Module::Install.3 +#usr/share/man/man3/inc::Module::Install::DSL.3 diff --git a/config/rootfiles/common/perl-Module-ScanDeps b/config/rootfiles/common/perl-Module-ScanDeps new file mode 100644 index 000000000..3886fb3ac --- /dev/null +++ b/config/rootfiles/common/perl-Module-ScanDeps @@ -0,0 +1,8 @@ +#usr/bin/scandeps.pl +#usr/lib/perl5/site_perl/5.32.1/Module/ScanDeps +#usr/lib/perl5/site_perl/5.32.1/Module/ScanDeps.pm +#usr/lib/perl5/site_perl/5.32.1/Module/ScanDeps/Cache.pm +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/ScanDeps +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/ScanDeps/.packlist +#usr/share/man/man1/scandeps.pl.1 +#usr/share/man/man3/Module::ScanDeps.3 diff --git a/config/rootfiles/common/perl-URI-Encode b/config/rootfiles/common/perl-URI-Encode new file mode 100644 index 000000000..2bae6f8c3 --- /dev/null +++ b/config/rootfiles/common/perl-URI-Encode @@ -0,0 +1,4 @@ +usr/lib/perl5/site_perl/5.32.1/URI/Encode.pm +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/URI/Encode +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/URI/Encode/.packlist +#usr/share/man/man3/URI::Encode.3 diff --git a/config/rootfiles/common/perl-YAML-Tiny b/config/rootfiles/common/perl-YAML-Tiny new file mode 100644 index 000000000..7114b12ac --- /dev/null +++ b/config/rootfiles/common/perl-YAML-Tiny @@ -0,0 +1,6 @@ +#usr/lib/perl5/site_perl/5.32.1/YAML +usr/lib/perl5/site_perl/5.32.1/YAML/Tiny.pm +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/YAML +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/YAML/Tiny +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/YAML/Tiny/.packlist +#usr/share/man/man3/YAML::Tiny.3 diff --git a/config/rootfiles/common/qrencode b/config/rootfiles/common/qrencode new file mode 100644 index 000000000..c0406bd9e --- /dev/null +++ b/config/rootfiles/common/qrencode @@ -0,0 +1,8 @@ +usr/bin/qrencode +#usr/include/qrencode.h +#usr/lib/libqrencode.la +#usr/lib/libqrencode.so +usr/lib/libqrencode.so.4 +usr/lib/libqrencode.so.4.1.1 +#usr/lib/pkgconfig/libqrencode.pc +#usr/share/man/man1/qrencode.1 diff --git a/config/rootfiles/core/169/filelists/files b/config/rootfiles/core/169/filelists/files index 4f1eaf57f..3b80f1385 100644 --- a/config/rootfiles/core/169/filelists/files +++ b/config/rootfiles/core/169/filelists/files @@ -1,3 +1,5 @@ +etc/httpd/conf/vhosts.d/ipfire-interface.conf +etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf etc/rc.d/helper/aws-setup etc/rc.d/helper/azure-setup etc/rc.d/helper/exoscale-setup @@ -209,6 +211,8 @@ lib/firmware/rtl_bt/rtl8852cu_fw.bin lib/firmware/rtw89/rtw8852c_fw.bin opt/pakfire/etc/pakfire.conf srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/html/images/qr-code.png +srv/web/ipfire/html/images/qr-code.svg srv/web/ipfire/html/themes/ipfire/include/functions.pl usr/sbin/setup var/ipfire/header.pl diff --git a/config/rootfiles/core/169/filelists/oath-toolkit b/config/rootfiles/core/169/filelists/oath-toolkit new file mode 120000 index 000000000..589cc0d9f --- /dev/null +++ b/config/rootfiles/core/169/filelists/oath-toolkit @@ -0,0 +1 @@ +../../../common/oath-toolkit \ No newline at end of file diff --git a/config/rootfiles/core/169/filelists/perl-File-Remove b/config/rootfiles/core/169/filelists/perl-File-Remove new file mode 120000 index 000000000..1fe57c84c --- /dev/null +++ b/config/rootfiles/core/169/filelists/perl-File-Remove @@ -0,0 +1 @@ +../../../common/perl-File-Remove \ No newline at end of file diff --git a/config/rootfiles/core/169/filelists/perl-Imager b/config/rootfiles/core/169/filelists/perl-Imager new file mode 120000 index 000000000..380cf519e --- /dev/null +++ b/config/rootfiles/core/169/filelists/perl-Imager @@ -0,0 +1 @@ +../../../common/perl-Imager \ No newline at end of file diff --git a/config/rootfiles/core/169/filelists/perl-Imager-QRCode b/config/rootfiles/core/169/filelists/perl-Imager-QRCode new file mode 120000 index 000000000..f7c97c753 --- /dev/null +++ b/config/rootfiles/core/169/filelists/perl-Imager-QRCode @@ -0,0 +1 @@ +../../../common/perl-Imager-QRCode \ No newline at end of file diff --git a/config/rootfiles/core/169/filelists/perl-MIME-Base32 b/config/rootfiles/core/169/filelists/perl-MIME-Base32 new file mode 120000 index 000000000..66dfd7b1d --- /dev/null +++ b/config/rootfiles/core/169/filelists/perl-MIME-Base32 @@ -0,0 +1 @@ +../../../common/perl-MIME-Base32 \ No newline at end of file diff --git a/config/rootfiles/core/169/filelists/perl-Module-Build b/config/rootfiles/core/169/filelists/perl-Module-Build new file mode 120000 index 000000000..9885efd2b --- /dev/null +++ b/config/rootfiles/core/169/filelists/perl-Module-Build @@ -0,0 +1 @@ +../../../common/perl-Module-Build \ No newline at end of file diff --git a/config/rootfiles/core/169/filelists/perl-Module-Install b/config/rootfiles/core/169/filelists/perl-Module-Install new file mode 120000 index 000000000..4eac44f69 --- /dev/null +++ b/config/rootfiles/core/169/filelists/perl-Module-Install @@ -0,0 +1 @@ +../../../common/perl-Module-Install \ No newline at end of file diff --git a/config/rootfiles/core/169/filelists/perl-Module-ScanDeps b/config/rootfiles/core/169/filelists/perl-Module-ScanDeps new file mode 120000 index 000000000..8aa94dd53 --- /dev/null +++ b/config/rootfiles/core/169/filelists/perl-Module-ScanDeps @@ -0,0 +1 @@ +../../../common/perl-Module-ScanDeps \ No newline at end of file diff --git a/config/rootfiles/core/169/filelists/perl-URI-Encode b/config/rootfiles/core/169/filelists/perl-URI-Encode new file mode 120000 index 000000000..08ee7c47a --- /dev/null +++ b/config/rootfiles/core/169/filelists/perl-URI-Encode @@ -0,0 +1 @@ +../../../common/perl-URI-Encode \ No newline at end of file diff --git a/config/rootfiles/core/169/filelists/perl-YAML-Tiny b/config/rootfiles/core/169/filelists/perl-YAML-Tiny new file mode 120000 index 000000000..9b00d0b44 --- /dev/null +++ b/config/rootfiles/core/169/filelists/perl-YAML-Tiny @@ -0,0 +1 @@ +../../../common/perl-YAML-Tiny \ No newline at end of file diff --git a/config/rootfiles/core/169/filelists/qrencode b/config/rootfiles/core/169/filelists/qrencode new file mode 120000 index 000000000..d6aa23da9 --- /dev/null +++ b/config/rootfiles/core/169/filelists/qrencode @@ -0,0 +1 @@ +../../../common/qrencode \ No newline at end of file diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index c2558bd81..b8c3e5064 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -23,6 +23,10 @@ ### use CGI; use CGI qw/:standard/; +use Imager::QRCode; +use MIME::Base32; +use MIME::Base64; +use URI::Encode qw(uri_encode uri_decode);; use Net::DNS; use Net::Ping; use Net::Telnet; @@ -40,6 +44,7 @@ require "${General::swroot}/location-functions.pl"; # enable only the following on debugging purpose #use warnings; #use CGI::Carp 'fatalsToBrowser'; + #workaround to suppress a warning when a variable is used only once my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} ); undef (@dummy); @@ -372,6 +377,8 @@ sub writeserverconf { } print CONF "tls-verify /usr/lib/openvpn/verify\n"; print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n"; + print CONF "auth-user-pass-optional\n"; + print CONF "reneg-sec 86400\n"; print CONF "user nobody\n"; print CONF "group nobody\n"; print CONF "persist-key\n"; @@ -385,6 +392,11 @@ sub writeserverconf { print CONF "# Log clients connecting/disconnecting\n"; print CONF "client-connect "/usr/sbin/openvpn-metrics client-connect"\n"; print CONF "client-disconnect "/usr/sbin/openvpn-metrics client-disconnect"\n"; + print CONF "\n"; + + print CONF "# Enable Management Socket\n"; + print CONF "management /var/run/openvpn.sock unix\n"; + print CONF "management-client-auth\n";

# Print server.conf.local if entries exist to server.conf if ( !-z $local_serverconf && $sovpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') { @@ -2431,6 +2443,16 @@ else print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n"; }

+ # Disable storing any credentials in memory + print CLIENTCONF "auth-nocache\r\n"; + + # Set a fake user name for authentication + print CLIENTCONF "auth-token-user USER\r\n"; + print CLIENTCONF "auth-token TOTP\r\n"; + + # If the server is asking for TOTP this needs to happen interactively + print CLIENTCONF "auth-retry interact\r\n"; + if ($include_certs) { print CLIENTCONF "\r\n";

@@ -2617,6 +2639,45 @@ else exit(0); }

+### +### Display OTP QRCode +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show otp qrcode'}) { + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + + my $qrcode = Imager::QRCode->new( + size => 6, + margin => 0, + version => 0, + level => 'M', + mode => '8-bit', + casesensitive => 1, + lightcolor => Imager::Color->new(255, 255, 255), + darkcolor => Imager::Color->new(0, 0, 0), + ); + my $cn = uri_encode($confighash{$cgiparams{'KEY'}}[2]); + my $secret = encode_base32(pack('H*', $confighash{$cgiparams{'KEY'}}[44])); + my $issuer = uri_encode("$mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}"); + my $qrcodeimg = $qrcode->plot("otpauth://totp/$cn?secret=$secret&issuer=$issuer"); + my $qrcodeimgdata; + $qrcodeimg->write(data => $qrcodeimgdata, type=> 'png') + or die $qrcodeimg->errstr; + $qrcodeimgdata = encode_base64($qrcodeimgdata, ''); + + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'otp qrcode'}:"); + print <<END; +$Lang::tr{'secret'}:&nbsp;$secret</br></br> +<img alt="$Lang::tr{'otp qrcode'}" src="data:image/png;base64,$qrcodeimgdata"> +END + &Header::closebox(); + print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + ### ### Display Diffie-Hellman key ### @@ -3660,6 +3721,7 @@ if ($confighash{$cgiparams{'KEY'}}) { $cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39]; $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40]; $cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41]; + $cgiparams{'OTP_STATE'} = $confighash{$cgiparams{'KEY'}}[43]; } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});

@@ -4422,6 +4484,16 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[41] = "no-pass"; }

+ $confighash{$key}[42] = 'HOTP/T30/6'; + $confighash{$key}[43] = $cgiparams{'OTP_STATE'}; + if (($confighash{$key}[43] eq 'on') && ($confighash{$key}[44] eq '')) { + my @otp_secret = &General::system_output("/usr/bin/openssl", "rand", "-hex", "20"); + chomp($otp_secret[0]); + $confighash{$key}[44] = $otp_secret[0]; + } elsif ($confighash{$key}[43] eq '') { + $confighash{$key}[44] = ''; + } + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);

if ($cgiparams{'CHECK1'} ){ @@ -4835,6 +4907,7 @@ if ($cgiparams{'TYPE'} eq 'host') { print"</td></tr></table><br><br>"; my $name=$cgiparams{'CHECK1'}; $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED'; + $checked{'OTP_STATE'}{$cgiparams{'OTP_STATE'}} = 'CHECKED';

if (! -z "${General::swroot}/ovpn/ccd.conf"){ print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>"; @@ -4970,6 +5043,7 @@ if ($cgiparams{'TYPE'} eq 'host') {

print <<END; <table border='0' width='100%'> + <tr><td width='20%'>$Lang::tr{'enable otp'}:</td><td colspan='3'><input type='checkbox' name='OTP_STATE' $checked{'OTP_STATE'}{'on'} /></td></tr> <tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr> <tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr> <tr><td colspan='4'>&nbsp</td></tr> @@ -5413,7 +5487,7 @@ END <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th> <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th> <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th> - <th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th> + <th width='5%' class='boldbase' colspan='8' align='center'><b>$Lang::tr{'action'}</b></th> </tr> END } @@ -5427,7 +5501,7 @@ END <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th> <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th> <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th> - <th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th> + <th width='5%' class='boldbase' colspan='8' align='center'><b>$Lang::tr{'action'}</b></th> </tr> END } @@ -5560,6 +5634,19 @@ END ; } else { print "<td>&nbsp;</td>"; } + + if ($confighash{$key}[43] eq 'on') { + print <<END; +<form method='post' name='frm${key}o'><td align='center' $col> +<input type='image' name='$Lang::tr{'show otp qrcode'}' src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}' title='$Lang::tr{'show otp qrcode'}' border='0' /> +<input type='hidden' name='ACTION' value='$Lang::tr{'show otp qrcode'}' /> +<input type='hidden' name='KEY' value='$key' /> +</td></form> +END +; } else { + print "<td $col>&nbsp;</td>"; + } + if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") { print <<END; <form method='post' name='frm${key}c'><td align='center' $col> @@ -5628,6 +5715,8 @@ END <td class='base'>$Lang::tr{'download certificate'}</td> <td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td> <td class='base'>$Lang::tr{'dl client arch'}</td> + <td>&nbsp; &nbsp; <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td> + <td class='base'>$Lang::tr{'show otp qrcode'}</td> </tr> </table><br> END diff --git a/html/html/images/qr-code.png b/html/html/images/qr-code.png new file mode 100644 index 000000000..946e10a2a Binary files /dev/null and b/html/html/images/qr-code.png differ diff --git a/html/html/images/qr-code.svg b/html/html/images/qr-code.svg new file mode 100644 index 000000000..66c6b9d17 --- /dev/null +++ b/html/html/images/qr-code.svg @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!-- Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) --> +<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" + viewBox="0 0 512 512" style="enable-background:new 0 0 512 512;" xml:space="preserve"> +<path d="M0,0v233.739h233.739V0H0z M200.348,200.348H33.391V33.391h166.957V200.348z"/> +<rect x="66.783" y="66.783" width="100.174" height="100.174"/> +<path d="M278.261,0v233.739H512V0H278.261z M478.609,200.348H311.652V33.391h166.957V200.348z"/> +<rect x="345.043" y="66.783" width="100.174" height="100.174"/> +<path d="M0,278.261V512h233.739V278.261H0z M200.348,478.609H33.391V311.652h166.957V478.609z"/> +<rect x="66.783" y="345.043" width="100.174" height="100.174"/> +<polygon points="278.261,278.261 278.261,512 345.043,512 345.043,478.609 311.652,478.609 311.652,411.826 345.043,411.826 + 345.043,378.435 311.652,378.435 311.652,311.652 345.043,311.652 345.043,278.261 "/> +<rect x="478.609" y="278.261" width="33.391" height="33.391"/> +<polygon points="478.609,478.609 445.217,478.609 445.217,512 512,512 512,356.174 478.609,356.174 "/> +<rect x="378.435" y="278.261" width="66.783" height="33.391"/> +<polygon points="445.217,411.826 411.826,411.826 411.826,378.435 445.217,378.435 445.217,345.043 378.435,345.043 + 378.435,445.217 445.217,445.217 "/> +<rect x="378.435" y="478.609" width="33.391" height="33.391"/> +<g> +</g> +<g> +</g> +<g> +</g> +<g> +</g> +<g> +</g> +<g> +</g> +<g> +</g> +<g> +</g> +<g> +</g> +<g> +</g> +<g> +</g> +<g> +</g> +<g> +</g> +<g> +</g> +<g> +</g> +</svg> diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 7a39e233b..1799d8c74 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -979,6 +979,7 @@ 'empty profile' => 'Unbenannt', 'enable ignore filter' => '&quot;Ignorieren&quot;-Filter ein', 'enable javascript' => 'Javascript aktivieren', +'enable otp' => 'Aktiviere OTP', 'enable smt' => 'Simultaneous Multi-Threading (SMT) einschalten', 'enable wildcards' => 'Wildcards erlauben:', 'enabled' => 'Aktiviert:', @@ -1903,6 +1904,7 @@ 'other login script' => 'Anderes Anmeldeskript', 'otherip' => 'Andere IP', 'otherport' => 'Anderer Port', +'otp qrcode' => 'OTP QRCode', 'our donors' => 'Unsere Unterstützer', 'out' => 'Aus', 'outgoing' => 'ausgehend', @@ -2201,6 +2203,7 @@ 'secondary ntp server' => 'Sekundärer NTP-Server', 'secondary wins server address' => 'Sekundärer WINS-Server', 'seconds' => 'Sek.', +'secret' => 'Geheimnis', 'section' => 'Abschnitt', 'secure shell server' => 'Secure Shell Server', 'security' => 'Sicherheit', @@ -2244,6 +2247,7 @@ 'show last x lines' => 'die letzten x Zeilen anzeigen', 'show root certificate' => 'Root-Zertifikat anzeigen', 'show share options' => 'Anzeige der Freigabeeinstellungen', +'show otp qrcode' => 'Zeige OTP QRCode', 'shuffle' => 'Zufall', 'shutdown' => 'Herunterfahren', 'shutdown ask' => 'Herunterfahren?', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index f90e3103b..9cc2fde05 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1018,6 +1018,7 @@ 'empty' => 'This field may be left blank', 'empty profile' => 'empty', 'enable' => 'Enable', +'enable otp' => 'Enable OTP', 'enable ignore filter' => 'Enable ignore filter', 'enable javascript' => 'Enable javascript', 'enable smt' => 'Enable Simultaneous Multi-Threading (SMT)', @@ -1955,6 +1956,7 @@ 'other login script' => 'Other login script', 'otherip' => 'other IP', 'otherport' => 'other Port', +'otp qrcode' => 'OTP QRCode', 'our donors' => 'Our donors', 'out' => 'Out', 'outgoing' => 'outgoing', @@ -2253,6 +2255,7 @@ 'secondary ntp server' => 'Secondary NTP server', 'secondary wins server address' => 'Secondary WINS server address', 'seconds' => 'Secs', +'secret' => 'Secret', 'section' => 'Section', 'secure shell server' => 'Secure Shell Server', 'security' => 'Security', @@ -2297,6 +2300,7 @@ 'show host certificate' => 'Show host certificate', 'show last x lines' => 'Show last x lines', 'show lines' => 'Show lines', +'show otp qrcode' => 'Show OTP QRCode', 'show root certificate' => 'Show root certificate', 'show share options' => 'Show shares options', 'show tls-auth key' => 'Show tls-auth key', diff --git a/lfs/oath-toolkit b/lfs/oath-toolkit new file mode 100644 index 000000000..e3225f45b --- /dev/null +++ b/lfs/oath-toolkit @@ -0,0 +1,77 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2022 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 2.6.7 + +THISAPP = oath-toolkit-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 23f377c51eb633bf01d6085d33c7362cd91b6bed1cf4c2bbf32dc9433849e20c53f6896b16e5056b13f420f6a65a3c593fa1dafd7e184ed9e52666d94a7f75d1 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/openvpn b/lfs/openvpn index 27a052ae1..8d6ba07ed 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -101,5 +101,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) chown root:root /etc/fcron.daily/openvpn-crl-updater chmod 750 /etc/fcron.daily/openvpn-crl-updater

+ # Install authenticator + install -v -m 755 $(DIR_SRC)/config/ovpn/openvpn-authenticator \ + /usr/sbin/openvpn-authenticator + @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/perl-File-Remove b/lfs/perl-File-Remove new file mode 100644 index 000000000..88a567349 --- /dev/null +++ b/lfs/perl-File-Remove @@ -0,0 +1,80 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2022 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.60 + +THISAPP = File-Remove-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = ffb98155d757bae6ec0d4f56dabdb78749fc968845e284797d0f0611fe9068722a007c7e0e890179720745d1451c926575949f36642dceef7071468a2863c7c6 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +dist:. + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && yes 'n' | perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/perl-Imager b/lfs/perl-Imager new file mode 100644 index 000000000..e7301b92b --- /dev/null +++ b/lfs/perl-Imager @@ -0,0 +1,80 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2022 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.012 + +THISAPP = Imager-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 32dad83e9cfd66a162380b502ab49b343dae8c87eca8e6c0537d260956bf466e200511a7b4f89eed9b0bc1f20447584c7c4aabffaad77f0824ee9d5126848c39 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +dist:. + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && yes 'n' | perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/perl-Imager-QRCode b/lfs/perl-Imager-QRCode new file mode 100644 index 000000000..303671540 --- /dev/null +++ b/lfs/perl-Imager-QRCode @@ -0,0 +1,80 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2022 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.035 + +THISAPP = Imager-QRCode-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 740119e2d7fab7286f8eeb0c1d9690f94146d51b09b721eaa65a8f9849784c6f113f64344d0fb2550cd5981665369b3881fe8f034b00f925987bb69ccd537b59 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +dist:. + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && yes 'n' | perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/perl-MIME-Base32 b/lfs/perl-MIME-Base32 new file mode 100644 index 000000000..4cb7c9616 --- /dev/null +++ b/lfs/perl-MIME-Base32 @@ -0,0 +1,80 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2022 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.303 + +THISAPP = MIME-Base32-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = d9dad50d7474a42741f7a61fad4a7b30c4acb72eb80684e24c45d0478480cfe936d6b87ab37b735ff2065afeb0b5457cc50130187264fcb6addefa8e8cb8d934 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +dist:. + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && yes 'n' | perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/perl-Module-Build b/lfs/perl-Module-Build new file mode 100644 index 000000000..977f7f653 --- /dev/null +++ b/lfs/perl-Module-Build @@ -0,0 +1,80 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2022 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.4231 + +THISAPP = Module-Build-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = f35be09072a2facc505b199dd69cdb2605ab32c34376ef393170dca9d67871bc00cbe25b1fa6dcb925e92724a778ad5ddc3157afb33d18a10648ef1133c83991 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +dist:. + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && yes 'n' | perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/perl-Module-Install b/lfs/perl-Module-Install new file mode 100644 index 000000000..3389aa63d --- /dev/null +++ b/lfs/perl-Module-Install @@ -0,0 +1,80 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2022 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.19 + +THISAPP = Module-Install-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = a6f4b93ba964ff6f4b16a8db7117bee8c125cd8a280c649b007622ece8c14b79e36f6747a1b792fb312d2c6c8153aee05e7479ca53a76a253a415374839e6b90 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +dist:. + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && yes 'n' | perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/perl-Module-ScanDeps b/lfs/perl-Module-ScanDeps new file mode 100644 index 000000000..19c36c689 --- /dev/null +++ b/lfs/perl-Module-ScanDeps @@ -0,0 +1,79 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2022 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.31 + +THISAPP = Module-ScanDeps-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 61d7438359d035d847fefdfa1427b4e444935c8207d41b7e4994a3704fb4c6fb48d7fac169214abed3d71212fd372f478b01cb91d8876c0fdb68962c791101ba +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +dist:. + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && yes 'n' | perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/perl-URI-Encode b/lfs/perl-URI-Encode new file mode 100644 index 000000000..6a1478738 --- /dev/null +++ b/lfs/perl-URI-Encode @@ -0,0 +1,80 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2022 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.1.1 + +THISAPP = URI-Encode-v$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 2eb668d645be7ab726689dee7d3e1c9aa333623653b34d538666eb3b70cf28b3f2e0a27b4380db6148a85b3cdd738193262ab58c0b828d8119531c7011264449 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +dist:. + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && yes 'n' | perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/perl-YAML-Tiny b/lfs/perl-YAML-Tiny new file mode 100644 index 000000000..052bcb8ce --- /dev/null +++ b/lfs/perl-YAML-Tiny @@ -0,0 +1,80 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2022 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.73 + +THISAPP = YAML-Tiny-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 42e9c5cffa2b9babb0dd1453af69866405fd7273c2b340ceb010d78d8fe28db61268b6bb5ad1840b1aa72819ae048150bf5c416bed1b2e518b28f77b2ba978be + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +dist:. + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && yes 'n' | perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/qrencode b/lfs/qrencode new file mode 100644 index 000000000..aaf004b4d --- /dev/null +++ b/lfs/qrencode @@ -0,0 +1,80 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2022 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 4.1.1 + +THISAPP = qrencode-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 03416ffdb8bf992ef2323a0bc92b52f3a6605e7eb182e3839178fea3c3669242780171b10e77674f0945224e57bcd1a841282a0d5f396d3955f23e3990d761c7 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +dist:. + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 2a4f6d0bd..fde39bb29 100755 --- a/make.sh +++ b/make.sh @@ -1693,6 +1693,17 @@ buildipfire() { lfsmake2 squid-asnbl lfsmake2 qemu-ga lfsmake2 gptfdisk + lfsmake2 oath-toolkit + lfsmake2 qrencode + lfsmake2 perl-File-Remove + lfsmake2 perl-Module-Build + lfsmake2 perl-Module-ScanDeps + lfsmake2 perl-YAML-Tiny + lfsmake2 perl-Module-Install + lfsmake2 perl-Imager + lfsmake2 perl-Imager-QRCode + lfsmake2 perl-MIME-Base32 + lfsmake2 perl-URI-Encode }

buildinstaller() { diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c index db23e9f00..b9e4fd2a6 100644 --- a/src/misc-progs/openvpnctrl.c +++ b/src/misc-progs/openvpnctrl.c @@ -457,6 +457,15 @@ void setFirewallRules(void) { } }

+static void stopAuthenticator() { + const char* argv[] = { + "/usr/sbin/openvpn-authenticator", + NULL, + }; + + run("/sbin/killall", argv); +} + void stopDaemon(void) { char command[STRING_SIZE];

@@ -470,6 +479,15 @@ void stopDaemon(void) {

snprintf(command, STRING_SIZE - 1, "/bin/rm -f /var/run/openvpn.pid"); executeCommand(command); + + // Stop OpenVPN authenticator + stopAuthenticator(); +} + +static int startAuthenticator(void) { + const char* argv[] = { "-d", NULL }; + + return run("/usr/sbin/openvpn-authenticator", argv); }

void startDaemon(void) { @@ -487,6 +505,9 @@ void startDaemon(void) { executeCommand(command); snprintf(command, STRING_SIZE-1, "/bin/chmod 644 /var/run/ovpnserver.log"); executeCommand(command); + + // Start OpenVPN Authenticator + startAuthenticator(); } }

hooks/post-receive -- IPFire 2.x development tree