diff options
author | Ermal LUÇI <eri@pfsense.org> | 2015-01-10 22:17:28 +0100 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2015-01-11 16:38:25 +0100 |
commit | 30656f66407ab42c6f42e9552371090ca84165bb (patch) | |
tree | 9c18b37b926836a454432fefea65d83f64b44921 | |
parent | fc03ca011259d829a42ce47353cb5ced84c3b345 (diff) | |
download | pfsense-30656f66407ab42c6f42e9552371090ca84165bb.zip pfsense-30656f66407ab42c6f42e9552371090ca84165bb.tar.gz |
Fixes #4177 convert password to base64 to be submitted to avoid issues with special chars in shell and HTTP GET parameter passing. Probably should add POST support to fcgicli.
-rw-r--r-- | etc/inc/openvpn.auth-user.php | 2 | ||||
-rwxr-xr-x | usr/local/sbin/ovpn_auth_verify | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php index b7be6ac..3f199e3 100644 --- a/etc/inc/openvpn.auth-user.php +++ b/etc/inc/openvpn.auth-user.php @@ -85,7 +85,7 @@ openlog("openvpn", LOG_ODELAY, LOG_AUTH); if (isset($_GET)) { $authmodes = explode(",", $_GET['authcfg']); $username = $_GET['username']; - $password = urldecode($_GET['password']); + $password = base64_decode(str_replace('%3D', '=', $_GET['password'])); $common_name = $_GET['cn']; $modeid = $_GET['modeid']; $strictusercn = $_GET['strictcn'] == "false" ? false : true; diff --git a/usr/local/sbin/ovpn_auth_verify b/usr/local/sbin/ovpn_auth_verify index c1e147f..5f19b9e 100755 --- a/usr/local/sbin/ovpn_auth_verify +++ b/usr/local/sbin/ovpn_auth_verify @@ -1,10 +1,12 @@ #!/bin/sh +password="asdfsad +%$" if [ "$1" = "tls" ]; then RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "servercn=$2&depth=$3&certdepth=$4&certsubject=$5") else # Single quoting $password breaks getting the value from the variable. - password=$(echo ${password} | /usr/bin/sed -e 's/&/%26/g' -e 's/ /%20/g') + password=$(echo ${password} | openssl enc -base64 | sed -e 's/=/%3D/g') + echo "(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4')" RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d "username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4") fi |