diff options
author | Ermal Luçi <eri@pfsense.org> | 2010-03-02 17:07:06 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2010-03-02 17:07:06 +0000 |
commit | c61e4626269fb099f4b7e9c12ceaeffd163c968f (patch) | |
tree | fe99cd1c66aa9e456bc9b16de0f462bfc982c249 /etc/inc/openvpn.auth-user.php | |
parent | a13ce628f8a2c1292bf222387ea59cd63e9b9234 (diff) | |
download | pfsense-c61e4626269fb099f4b7e9c12ceaeffd163c968f.zip pfsense-c61e4626269fb099f4b7e9c12ceaeffd163c968f.tar.gz |
Allow the GUI auth API to be used for doing authentication against authentication servers specified. Teach Openvpn to use this API. Allow openvpn to authenticate against multiple servers that can be selected on the server configuration page.
Diffstat (limited to 'etc/inc/openvpn.auth-user.php')
-rwxr-xr-x | etc/inc/openvpn.auth-user.php | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php index 725b807..ecde6b6 100755 --- a/etc/inc/openvpn.auth-user.php +++ b/etc/inc/openvpn.auth-user.php @@ -55,10 +55,21 @@ if (!$username || !$password) { exit(-1); } -/* lookup user object by name */ -if (!local_backed($username, $password)) { - syslog(LOG_WARNING, "user {$username} supplied an invalid password\n"); - exit(-2); +/* Replaced by a sed with propper variables used below(ldap parameters). */ +//<template> + +$authenticated = false; +foreach ($authmodes as $authmode) { + $authcfg = auth_get_authserver($authmode); + if (!$authcfg) + continue; + + $authenticated = authenticate_user($username, $password, $authcfg); +} + +if ($authenticated == false) { + syslog(LOG_WARNING, "user {$username} could not authenticate.\n"); + exit(-1); } syslog(LOG_WARNING, "user {$username} authenticated\n"); |