Comments (12)
@YuriDenison β LF characters are not stripped from the output of the dynamic-challenge-response.user.sh
and static-challenge-response.user.sh
scripts.
The echo $(pass otp name)
in your script outputs a LF character after the TOTP, which Tunnelblick passes on to the OpenVPN server, which rejects it because of the LF character. Try using printf "%s" "$(pass otp name)"
instead, which will avoid appending the LF character.
Edited 2024-02-14
from tunnelblick.
Thank you for the answer.
I've tried printf "%s" "$(pass otp name)"
and nothing changed.
The same with pass otp name | tr -d '\n'
.
from tunnelblick.
@YuriDenison β Maybe the "sleep 1" in your script is exposing a bug in Tunnelblick. I don't know of any reason to have it in the script. Try removing it and see if that helps.
Change the script to use printf "%s" "$(pass otp name)"
, also. It is necessary as I described earlier.
You originally wrote:
My script successfully generates 6 letter time-based code, it uses echo as flag E always present in challenge.
The "E" flag has nothing to do with the "echo" command. The "E" flag means that if the user is asked to type in the response, each letter of the response should be displayed to the user as the user types it, instead of displaying "*" characters. The flag is ignored when the response is coming from the script.
from tunnelblick.
@jkbullard I've tried trimming LF previously, with and without sleep
, with and without parsing the argument in first line.
I've created the issue only when I was out of ideas what causes the problem.
This one-liner should work fine but it doesn't.
printf "%s" "$(pass otp name)"
Unfortunately on the server side there is no verbose logs, only Failed two-step authentication
message.
from tunnelblick.
Is it possible to add more logs to the message sent to server?
For example to this line
from tunnelblick.
@YuriDenison - When you wrote that the script is
#!/bin/bash
challenge="$1"
sleep 1
echo $(pass otp name)
-
Why do you set the bash variable "challenge"? It is not used in your script!
-
Why did you include the "sleep" command?
-
I'm not familiar with the "pass" command; it is not part of macOS. Please provide a link to where you downloaded it from.
-
Did you mean that the last line was literally
echo $(pass otp name)
?
Or are "otp" and/or "name" actually other strings, and you substituted "otp" and "name" for the two strings because you didn't want to post them for privacy reasons?
from tunnelblick.
@jkbullard I've built Tunnelblick from sources, added some logs and found that the problem is somehow related to environment of NSTask launch.
With this script the parsed output is always aaabbb
#!/bin/bash
printf "aaa$(/opt/homebrew/bin/pass otp name)bbb"
I'm using pass with otp extension installed with homebrew. It works fine in default terminal, but doesn't work when launched with runToolExtended
.
Digging futher.
from tunnelblick.
@YuriDenison - runToolExtended
sets the environment of the NSTask from getSafeEnvironment
, which creates a very limited environment for security reasons, and sets PATH
in that environment to /usr/bin:/bin:/usr/sbin:/sbin
.
If pass
or otp_extension
need that path include /opt/homebrew/bin/pass
, that could be a problem.
from tunnelblick.
@jkbullard I've added /opt/homebrew/bin
to STANDARD_PATH
for the test sake in my local build and finally my script worked as expected. It would be nice if there will be an option to "trust" user-defined scripts with wider environment setting, turned off by default.
from tunnelblick.
Thanks for reporting the problem and a potential solution.
However, itβs really a problem with pass and/or the otp extension. Iβm not inclined to add something that would break security, because it would need to be authorized by an administrator.
from tunnelblick.
Can your script add /opt/homebrew/bin
to PATH
before it invokes pass
? Wouldn't that solve the problem?
from tunnelblick.
Sure, this script works fine with current 4.0.0beta15 version, thank you for help.
#!/bin/bash
export PATH="$PATH:/opt/homebrew/bin"
printf "$(pass otp name)"
from tunnelblick.
Related Issues (20)
- New icon HOT 3
- Unable to update and install HOT 4
- Broken pipe on 3.8.8.g, downgrading to f fixed it. HOT 6
- IPv6 TLS negotiation fails; IPv4 fallback after timeout works HOT 11
- Tunnelblick doesn't work anymore with Sonoma 14.2 HOT 12
- My Tunnelblick config file stopped working all of a sudden HOT 1
- How to trigger an OTP to be sent from VPN server at start of a connection attempt? HOT 17
- An error occurred when using the configuration file of aws clientvpn HOT 2
- Username with space improperly handled HOT 7
- Tunnelblick 4.0.0 not able to connect HOT 10
- Losing local DNS configuration on tunnel disconnect HOT 10
- TunnelBlick 4.0.0 - asking for passphrase with openssl 3.0.13 but no passphrase is required HOT 15
- "This copy of Tunnelblick has been tampered with" when restarting Tunnelblick after using VPN profile for first time HOT 7
- Asking for pass phrase when there is none defined for the connection HOT 1
- Apple just released TN3158, is Tunnelblick affected by anything they wrote? HOT 2
- Ping in IPv6 works, no web requests
- Tunnelblick does not start automatically HOT 6
- The icon width for top menu bar HOT 3
- When I connected to VPN I lose internet access HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tunnelblick.