OpenVPN password authentication

2026-05-25 04:16:43 +03:00 · 2024-06-16 23:43:35 +03:00
8 changed files with 108 additions and 1 deletions
--- a/client/core/controllers/serverController.cpp
+++ b/client/core/controllers/serverController.cpp
@@ -504,6 +504,19 @@ ErrorCode ServerController::startupContainerWorker(const ServerCredentials &cred
    if (e)
        return e;

+    if (container == DockerContainer::OpenVpn)
+    {
+        QFile file(":/server_scripts/openvpn/password_auth.sh");
+        file.open(QIODevice::ReadOnly);
+        QString scriptContent = QString(file.readAll());
+        const QString serverScriptPath = "/opt/amnezia/password_auth.sh";
+
+        uploadTextFileToContainer(container, credentials, scriptContent, serverScriptPath);
+        runScript(credentials,
+                  replaceVars(QStringLiteral("sudo docker exec -d $CONTAINER_NAME sh -c \"chmod +rx %1\"").arg(serverScriptPath),
+                              genVarsForScript(credentials, container, config)));
+    }
+
    return runScript(credentials,
                     replaceVars("sudo docker exec -d $CONTAINER_NAME sh -c \"chmod a+x /opt/amnezia/start.sh && "
                                 "/opt/amnezia/start.sh\"",
--- a/client/core/scripts_registry.cpp
+++ b/client/core/scripts_registry.cpp
@@ -47,6 +47,7 @@ QString amnezia::scriptName(ProtocolScriptType type)
    case ProtocolScriptType::configure_container: return QLatin1String("configure_container.sh");
    case ProtocolScriptType::container_startup: return QLatin1String("start.sh");
    case ProtocolScriptType::openvpn_template: return QLatin1String("template.ovpn");
+    case ProtocolScriptType::openvpn_password_auth: return QLatin1String("password_auth.sh");
    case ProtocolScriptType::wireguard_template: return QLatin1String("template.conf");
    case ProtocolScriptType::awg_template: return QLatin1String("template.conf");
    case ProtocolScriptType::xray_template: return QLatin1String("template.json");
--- a/client/core/scripts_registry.h
+++ b/client/core/scripts_registry.h
@@ -26,6 +26,7 @@ enum ProtocolScriptType {
    configure_container,
    container_startup,
    openvpn_template,
+    openvpn_password_auth,
    wireguard_template,
    awg_template,
    xray_template
--- a/client/resources.qrc
+++ b/client/resources.qrc
@@ -43,6 +43,7 @@
        <file>server_scripts/openvpn/template.ovpn</file>
        <file>server_scripts/openvpn/Dockerfile</file>
        <file>server_scripts/openvpn/start.sh</file>
+        <file>server_scripts/openvpn/password_auth.sh</file>
        <file>server_scripts/openvpn_shadowsocks/configure_container.sh</file>
        <file>server_scripts/openvpn_shadowsocks/Dockerfile</file>
        <file>server_scripts/openvpn_shadowsocks/run_container.sh</file>
--- a/client/server_scripts/openvpn/password_auth.sh
+++ b/client/server_scripts/openvpn/password_auth.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+readarray -t lines < $1
+current_login=${lines[0]}
+current_password=${lines[1]}
+
+credentials_file_path=/opt/amnezia/openvpn/auth_credentials.txt
+
+saved_login=$(awk 'NR==1' $credentials_file_path)
+saved_password=$(awk 'NR==2' $credentials_file_path)
+
+if [ "$current_login" == "$saved_login" ] && [ "$current_password" == "$saved_password" ]; then
+  exit 0
+fi
+exit 1
--- a/client/ui/models/protocols/openvpnConfigModel.cpp
+++ b/client/ui/models/protocols/openvpnConfigModel.cpp
@@ -34,6 +34,12 @@ bool OpenVpnConfigModel::setData(const QModelIndex &index, const QVariant &value
        break;
    case Roles::AdditionalServerCommandsRole:
        m_protocolConfig.insert(config_key::additional_server_config, value.toString());
+        break;
+    case Roles::AuthLogin:
+
+        break;
+    case Roles::AuthPassword:
+
        break;
    }

@@ -72,6 +78,8 @@ QVariant OpenVpnConfigModel::data(const QModelIndex &index, int role) const
    case Roles::IsPortEditable: return m_container == DockerContainer::OpenVpn ? true : false;
    case Roles::IsTransportProtoEditable: return m_container == DockerContainer::OpenVpn ? true : false;
    case Roles::HasRemoveButton: return m_container == DockerContainer::OpenVpn ? true : false;
+    case Roles::AuthLogin:return {};
+    case Roles::AuthPassword: return {};
    }
    return QVariant();
 }
@@ -146,6 +154,8 @@ QHash<int, QByteArray> OpenVpnConfigModel::roleNames() const
    roles[IsTransportProtoEditable] = "isTransportProtoEditable";

    roles[HasRemoveButton] = "hasRemoveButton";
+    roles[AuthLogin] = "authLogin";
+    roles[AuthPassword] = "authPassword";

    return roles;
 }
--- a/client/ui/models/protocols/openvpnConfigModel.h
+++ b/client/ui/models/protocols/openvpnConfigModel.h
@@ -26,7 +26,10 @@ public:
        IsPortEditable,
        IsTransportProtoEditable,

-        HasRemoveButton
+        HasRemoveButton,
+
+        AuthLogin,
+        AuthPassword,
    };

    explicit OpenVpnConfigModel(QObject *parent = nullptr);
--- a/client/ui/qml/Pages2/PageProtocolOpenVpnSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolOpenVpnSettings.qml
@@ -426,6 +426,68 @@ PageType {
                            }
                        }

+                        SwitcherType {
+                            id: authCredentialsSwitcher
+                            Layout.fillWidth: true
+                            Layout.topMargin: 24
+                            parentFlickable: fl
+
+                            checked: authLogin !== "" && authPassword !== ""
+
+                            text: qsTr("Authentication credentials")
+
+                            onCheckedChanged: {
+                                //if (!checked) {
+                                //    additionalServerCommands = ""
+                                //}
+                            }
+                        }
+
+                        TextFieldWithHeaderType {
+                            id: loginTextField
+
+                            Layout.fillWidth: true
+                            parentFlickable: fl
+
+                            //enabled: isPortEditable
+
+                            headerText: qsTr("Login")
+                            textFieldText: authLogin
+                            //textField.maximumLength: 5
+                            //textField.validator: IntValidator { bottom: 1; top: 65535 }
+
+                            textField.onEditingFinished: {
+                                if (textFieldText !== authLogin) {
+                                    authLogin = textFieldText
+                                }
+                            }
+
+                           // KeyNavigation.tab: autoNegotiateEncryprionSwitcher
+                        }
+
+                        TextFieldWithHeaderType {
+                            id: passwordTextField
+
+                            Layout.fillWidth: true
+                            Layout.topMargin: 20
+                            parentFlickable: fl
+
+                            //enabled: isPortEditable
+
+                            headerText: qsTr("Password")
+                             textFieldText: authPassword
+                            //textField.maximumLength: 5
+                            //textField.validator: IntValidator { bottom: 1; top: 65535 }
+
+                            textField.onEditingFinished: {
+                                  if (textFieldText !== authPassword) {
+                                      authPassword = textFieldText
+                                 }
+                            }
+
+                            // KeyNavigation.tab: autoNegotiateEncryprionSwitcher
+                        }
+
                        BasicButtonType {
                            id: saveRestartButton

@@ -449,6 +511,7 @@ PageType {
                                InstallController.updateContainer(OpenVpnConfigModel.getConfig())
                            }
                        }
+
                    }
                }
            }