diff options
author | Ermal Luçi <eri@pfsense.org> | 2010-03-02 10:21:12 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2010-03-02 10:21:12 +0000 |
commit | a13ce628f8a2c1292bf222387ea59cd63e9b9234 (patch) | |
tree | 122a0bea8c20aac2a535cabe8de496b23d10ff78 /etc/inc/openvpn.auth-user.php | |
parent | d91f8b8c76fbf66cc52b5a0a9f702d7f125a4ef6 (diff) | |
download | pfsense-a13ce628f8a2c1292bf222387ea59cd63e9b9234.zip pfsense-a13ce628f8a2c1292bf222387ea59cd63e9b9234.tar.gz |
Do not allow login for expired and disabled users. Fix this even in openvpn authentication script. While here clean up the code quite a bit.
Diffstat (limited to 'etc/inc/openvpn.auth-user.php')
-rwxr-xr-x | etc/inc/openvpn.auth-user.php | 24 |
1 files changed, 4 insertions, 20 deletions
diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php index 4d5871e..725b807 100755 --- a/etc/inc/openvpn.auth-user.php +++ b/etc/inc/openvpn.auth-user.php @@ -41,14 +41,7 @@ */ require_once("config.inc"); - -function & lookup_user($name) { - global $config; - - foreach($config['system']['user'] as & $userent) - if ($userent['name'] == $name) - return $userent; -} +require_once("auth.inc"); /* setup syslog logging */ openlog("openvpn", LOG_ODELAY, LOG_AUTH); @@ -63,22 +56,13 @@ if (!$username || !$password) { } /* lookup user object by name */ -$user =& lookup_user($username); - -if (!$user) { - syslog(LOG_WARNING, "user {$username} is unknown"); - exit(-2); -} - -/* authenticate the user */ -$password = crypt($password, $user['password']); - -if ($password != $user['password']) { +if (!local_backed($username, $password)) { syslog(LOG_WARNING, "user {$username} supplied an invalid password\n"); - exit(-3); + exit(-2); } syslog(LOG_WARNING, "user {$username} authenticated\n"); + exit(0); ?> |