diff options
author | Ermal LUÇI <eri@pfsense.org> | 2015-01-31 10:13:37 +0100 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2015-01-31 10:14:04 +0100 |
commit | fdf6fcb3b1405016146088f547085c5d08ff0398 (patch) | |
tree | 27d11a19734b5d72e4940e86a05f7313ebe94bf3 | |
parent | fa77655557586453a0279566a84d01cd25645978 (diff) | |
download | pfsense-fdf6fcb3b1405016146088f547085c5d08ff0398.zip pfsense-fdf6fcb3b1405016146088f547085c5d08ff0398.tar.gz |
Fixes #4340 encode username same as with password to avoid issues with special chars.
-rw-r--r-- | etc/inc/openvpn.auth-user.php | 2 | ||||
-rwxr-xr-x | usr/local/sbin/ovpn_auth_verify | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php index 3f199e3..e212fb3 100644 --- a/etc/inc/openvpn.auth-user.php +++ b/etc/inc/openvpn.auth-user.php @@ -84,7 +84,7 @@ openlog("openvpn", LOG_ODELAY, LOG_AUTH); if (isset($_GET)) { $authmodes = explode(",", $_GET['authcfg']); - $username = $_GET['username']; + $username = base64_decode(str_replace('%3D', '=', $_GET['username'])); $password = base64_decode(str_replace('%3D', '=', $_GET['password'])); $common_name = $_GET['cn']; $modeid = $_GET['modeid']; diff --git a/usr/local/sbin/ovpn_auth_verify b/usr/local/sbin/ovpn_auth_verify index 894c8da..b38fcb9 100755 --- a/usr/local/sbin/ovpn_auth_verify +++ b/usr/local/sbin/ovpn_auth_verify @@ -5,6 +5,7 @@ if [ "$1" = "tls" ]; then else # Single quoting $password breaks getting the value from the variable. password=$(echo -n "${password}" | openssl enc -base64 | sed -e 's/=/%3D/g') + username=$(echo -n "${username}" | openssl enc -base64 | sed -e 's/=/%3D/g') RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d "username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4") fi |