summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErmal LUÇI <eri@pfsense.org>2015-01-10 22:17:28 +0100
committerErmal LUÇI <eri@pfsense.org>2015-01-11 16:38:25 +0100
commit30656f66407ab42c6f42e9552371090ca84165bb (patch)
tree9c18b37b926836a454432fefea65d83f64b44921
parentfc03ca011259d829a42ce47353cb5ced84c3b345 (diff)
downloadpfsense-30656f66407ab42c6f42e9552371090ca84165bb.zip
pfsense-30656f66407ab42c6f42e9552371090ca84165bb.tar.gz
Fixes #4177 convert password to base64 to be submitted to avoid issues with special chars in shell and HTTP GET parameter passing. Probably should add POST support to fcgicli.
-rw-r--r--etc/inc/openvpn.auth-user.php2
-rwxr-xr-xusr/local/sbin/ovpn_auth_verify4
2 files changed, 4 insertions, 2 deletions
diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php
index b7be6ac..3f199e3 100644
--- a/etc/inc/openvpn.auth-user.php
+++ b/etc/inc/openvpn.auth-user.php
@@ -85,7 +85,7 @@ openlog("openvpn", LOG_ODELAY, LOG_AUTH);
if (isset($_GET)) {
$authmodes = explode(",", $_GET['authcfg']);
$username = $_GET['username'];
- $password = urldecode($_GET['password']);
+ $password = base64_decode(str_replace('%3D', '=', $_GET['password']));
$common_name = $_GET['cn'];
$modeid = $_GET['modeid'];
$strictusercn = $_GET['strictcn'] == "false" ? false : true;
diff --git a/usr/local/sbin/ovpn_auth_verify b/usr/local/sbin/ovpn_auth_verify
index c1e147f..5f19b9e 100755
--- a/usr/local/sbin/ovpn_auth_verify
+++ b/usr/local/sbin/ovpn_auth_verify
@@ -1,10 +1,12 @@
#!/bin/sh
+password="asdfsad +%$"
if [ "$1" = "tls" ]; then
RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "servercn=$2&depth=$3&certdepth=$4&certsubject=$5")
else
# Single quoting $password breaks getting the value from the variable.
- password=$(echo ${password} | /usr/bin/sed -e 's/&/%26/g' -e 's/ /%20/g')
+ password=$(echo ${password} | openssl enc -base64 | sed -e 's/=/%3D/g')
+ echo "(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4')"
RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d "username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4")
fi
OpenPOWER on IntegriCloud