From c40100dd8680e93454fbc70a562b3a57519f93e9 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sun, 8 Jun 2014 01:29:22 +0200
Subject: [PATCH] ocserv: require hashed passwords in the config file, and a
 sed fix.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---
 net/ocserv/files/ocserv.init | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/net/ocserv/files/ocserv.init b/net/ocserv/files/ocserv.init
index 54ed0c10b7..87307dcf2e 100644
--- a/net/ocserv/files/ocserv.init
+++ b/net/ocserv/files/ocserv.init
@@ -53,14 +53,14 @@ setup_config() {
 	ipv6_addr=`echo $ip6addr|cut -d '/' -f 1`
 	ipv6_prefix=`echo $ip6addr|cut -d '/' -f 2`
 
-	test $auth = "plain" && authsuffix="[/var/etc/ocpasswd]"
+	test $auth = "plain" && authsuffix="\[/var/etc/ocpasswd\]"
 
 	mkdir -p /var/etc
 	sed -e "s/|PORT|/$port/g" \
 	    -e "s/|MAX_CLIENTS|/$max_clients/g" \
 	    -e "s/|MAX_SAME|/$max_same/g" \
 	    -e "s/|DPD|/$dpd/g" \
-	    -e "s/|AUTH|/$auth$authsuffix/g" \
+	    -e "s#|AUTH|#$auth$authsuffix#g" \
 	    -e "s/|PREDICTABLE_IPS|/$predictable_ips/g" \
 	    -e "s/|CISCO_COMPAT|/$cisco_compat/g" \
 	    -e "s/|UDP|/$udp/g" \
@@ -74,14 +74,17 @@ setup_config() {
 
 setup_users() {
 	local name
+	local group
 	local password
 
 	config_get name $1 name
+	config_get group $1 group
 	config_get password $1 password
 
+	[ -z "$group" ] && group='*'
 	[ -z "$name" -o -z "$password" ] && return
 
-	echo "$password"|ocpasswd -c /var/etc/ocpasswd "$name"
+	echo "$name:$group:$password" >> /var/etc/ocpasswd
 }
 
 setup_routes() {
@@ -165,6 +168,7 @@ start() {
 
 	rm -f /var/etc/ocpasswd
 	touch /var/etc/ocpasswd
+	chmod 600 /var/etc/ocpasswd
 	config_foreach setup_users ocservusers
 
 	setup_firewall config