SMS exec script

Good day, I'm trying to use the exec feature of sms with a non numerical identifier by setting the following

multiotp -config sms-provider=exec multiotp -config sms-api-id='/opt/multiotp/sms.sh %from %to %msg'

I have also created a user with the following commands

multiotp -fastcreate username multiotp -set username sms='nonNumericalIdentifier'

the sms.sh script is currently only for testing and contains the following:

#!/bin/bash echo $1 >> /etc/multiotp/smstext.log echo $2 >> /etc/multiotp/smstext.log echo $3 >> /etc/multiotp/smstext.log

But when i try to request a SMS by multiotp.php -debug -display-log -requiresms username it throws an error:

PHP Notice: Undefined variable: real_user in /opt/multiotp/multiotp.php on line 16209 PHP Notice: Undefined variable: real_user in /opt/multiotp/multiotp.php on line 16209 LOG 2020-02-10 11:08:15 warning SMS Error: no information on where to send SMS code for 60 *ERROR: No information on where to send SMS code LOG 2020-02-10 11:08:15 debug Debug Debug: *Attributes sent to the RADIUS server: Reply-Message := "ERROR: No information on where to send SMS code" Reply-Message := "ERROR: No information on where to send SMS code"

This is all worked around by removing the references to the CleanPhoneNumber() function in a few places.

My question is how the "special all-in-one-file multiotp.exe executable created using Enigma Virtual Box" is configured?
Since my ultimate goal is to use the Credential Provider with my currently modified multiphp.php to send the OTP via the exec function with a non numerical SMS "number".

Comments

  • I just discovered that the multiotp.windows.php is used by the Credential Provider, so there seems to be no need for me to package my own multiotp.exe vith EVB. Currently working great on a local install with CP, will soon test with a CP connected to another multiOTP server.
  • edited February 18
    Just to finish my own monologue:

    This endeavor was for being able to send the OTP via mail with a script. In the end I learned enough to just replace the line $sms_number = $this->CleanPhoneNumber($this->GetUserSms()); with $sms_number = $this->GetUserEmail(); in the GenerateSmsToken function and also to change the $sms_number = $this->CleanPhoneNumber($sms_recipient); in the SendSms function so the line is then $sms_number = $sms_recipient; I should probably clean up the log also, but this is the bare minimum to get it to use email from the user instead of sms number.

  • edited February 18
    Powershell script for email looks like this:
    param ( [string]$from, [string]$to, [string]$msg ) $username = "<my smtp username>" $password = get-content C:\cred.txt | convertto-securestring $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password $body = "This is your OTP<p\><h2>$msg</h2></p>Best regards<br/>The support team" Send-MailMessage -To $to -from "$from <my otp mail address>" -Subject 'Your OTP' -Body $body -BodyAsHtml -Encoding UTF8 -smtpserver <my smtp server> -usessl -Credential $cred -Port 587
    Password credential file is generated once by running the following in powershell:
    read-host -assecurestring | convertfrom-securestring | out-file C:\cred.txt
    The mail script is called with the following command from multiOTP:
    powershell -executionpolicy bypass -File C:\mail.ps1 -from %from -to %to -msg %msg
This discussion has been closed.