summaryrefslogtreecommitdiffstats
path: root/etc/inc/openvpn.auth-user.php
diff options
context:
space:
mode:
authorErmal Luçi <eri@pfsense.org>2010-03-02 17:07:06 +0000
committerErmal Luçi <eri@pfsense.org>2010-03-02 17:07:06 +0000
commitc61e4626269fb099f4b7e9c12ceaeffd163c968f (patch)
treefe99cd1c66aa9e456bc9b16de0f462bfc982c249 /etc/inc/openvpn.auth-user.php
parenta13ce628f8a2c1292bf222387ea59cd63e9b9234 (diff)
downloadpfsense-c61e4626269fb099f4b7e9c12ceaeffd163c968f.zip
pfsense-c61e4626269fb099f4b7e9c12ceaeffd163c968f.tar.gz
Allow the GUI auth API to be used for doing authentication against authentication servers specified. Teach Openvpn to use this API. Allow openvpn to authenticate against multiple servers that can be selected on the server configuration page.
Diffstat (limited to 'etc/inc/openvpn.auth-user.php')
-rwxr-xr-xetc/inc/openvpn.auth-user.php19
1 files changed, 15 insertions, 4 deletions
diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php
index 725b807..ecde6b6 100755
--- a/etc/inc/openvpn.auth-user.php
+++ b/etc/inc/openvpn.auth-user.php
@@ -55,10 +55,21 @@ if (!$username || !$password) {
exit(-1);
}
-/* lookup user object by name */
-if (!local_backed($username, $password)) {
- syslog(LOG_WARNING, "user {$username} supplied an invalid password\n");
- exit(-2);
+/* Replaced by a sed with propper variables used below(ldap parameters). */
+//<template>
+
+$authenticated = false;
+foreach ($authmodes as $authmode) {
+ $authcfg = auth_get_authserver($authmode);
+ if (!$authcfg)
+ continue;
+
+ $authenticated = authenticate_user($username, $password, $authcfg);
+}
+
+if ($authenticated == false) {
+ syslog(LOG_WARNING, "user {$username} could not authenticate.\n");
+ exit(-1);
}
syslog(LOG_WARNING, "user {$username} authenticated\n");
OpenPOWER on IntegriCloud