ns-openvpn: add ns-openvpnrw-print-2fa

NethServer · Dec 4, 2023 · 5a70a2b · 5a70a2b
1 parent d82e7ac
commit 5a70a2b
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 1 deletion.
diff --git a/packages/ns-openvpn/Makefile b/packages/ns-openvpn/Makefile
@@ -21,7 +21,7 @@ define Package/ns-openvpn
 	CATEGORY:=NethSecurity
 	TITLE:=NethSecurity OpenVPN extensions
 	URL:=https://github.com/NethServer/nethsecurity/
-	DEPENDS:=+openvpn +openvpn-easy-rsa +python3-sqlite3 +python3-nethsec +openldap-utils
+	DEPENDS:=+openvpn +openvpn-easy-rsa +python3-sqlite3 +python3-nethsec +openldap-utils +qrencode
 	PKGARCH:=all
 endef
 
@@ -44,6 +44,7 @@ define Package/ns-openvpn/install
 	$(INSTALL_BIN) ./files/ns-openvpnrw-init-pki $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/ns-openvpnrw-print-client $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/ns-openvpnrw-print-pem $(1)/usr/sbin
+	$(INSTALL_BIN) ./files/ns-openvpnrw-print-2fa $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/ns-openvpntunnel-add-client $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/ns-openvpnrw-revoke  $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/ns-openvpnrw-regenerate  $(1)/usr/sbin

diff --git a/packages/ns-openvpn/files/ns-openvpnrw-print-2fa b/packages/ns-openvpn/files/ns-openvpnrw-print-2fa
@@ -0,0 +1,35 @@
+#!/usr/bin/python3
+
+#
+# Copyright (C) 2023 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+import sys
+import subprocess
+from euci import EUci
+
+def slurp(path):
+    with open(path) as fp:
+        return fp.read()
+
+instance=sys.argv[1]
+user=sys.argv[2]
+
+u = EUci()
+cert_dir=f"/etc/openvpn/{instance}/pki"
+
+try:
+    user_obj = u.get_all("openvpn", user)
+except:
+    sys.exit(2)
+
+if user_obj.get("instance") != instance:
+    sys.exit(3)
+
+secret = u.get("openvpn", user, "2fa", default="")
+if secret:
+    p = subprocess.run(["/usr/bin/qrencode", "-t", "svg", secret], capture_output=True, text=True)
+    print(p.stdout)
+else:
+    sys.exit(4)