Hi, On Sun, Jul 29, 2018 at 3:34 PM, Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Tue, Jul 24, 2018 at 10:34:53PM -0400, selva.n...@gmail.com wrote: >> From: Selva Nair <selva.n...@gmail.com> >> >> If static challenge is in use, the password passed to the plugin by openvpn >> is of the form "SCRV1:base64-pass:base64-response". Parse this string to >> separate it into password and response and use them to respond to queries >> in the pam conversation function. >> >> On the plugin parameters line the substitution keyword for the static >> challenge response is "OTP". For example, for pam config named "test" that >> prompts for "user", "password" and "pin", use >> >> plugin openvpn-auth-pam.so "test user USERNAME password PASSWORD pin OTP" >> >> Signed-off-by: Selva Nair <selva.n...@gmail.com> >> >> --- >> v2: Depends on the base64 export patch >> v3: match password string with "SCRV1:" instead of "SCRV1" >> (pch ointed out by Joe Bell <joeainte...@gmail.com>) > > I'm a bit confused about the prerequisites for this - if I found the > right "base64 export patch", this is still pending some reworking > because you and David disagreed on details, and then David got sucked > into "Client for OpenVPN 3 on Linux" and had no time working on the > plugin API for v2.x anymore.
Yes that's the base64 patch. What is stopping it is not the disagreement on that patch but an "error" [*] in the plugin header that I had discovered. David wants to fix that before this one, but it seems he is too busy with other things. And there is a pending patch to fix that : https://patchwork.openvpn.net/patch/87/ Actually we can get base64 export merged without "fixing" the API (header) as the only place it is referred to in David's patch is in the accompanying sample that shows how to use the exported function. If David is okay with it I can volunteer to split his patch into two and get the base64 export merged sooner as its generally useful. Selva [*] A function signature uses a pointer to an opaque handle (a void *) while it should be just the handle. It generates no warning as it is void * vs void ** and all existing codes out there must be correctly passing the pointer (handle) ignoring the signature in the header -- else they wont work. I wanted the header to be fixed and David seems to agree with that. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
