diff options
author | Ermal <eri@pfsense.org> | 2013-12-19 08:53:32 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2013-12-19 08:53:32 +0000 |
commit | 5e28dad4a34bc3b8da8134b23c85a8f922ebb401 (patch) | |
tree | a307678a095f3044ee0b7149e5bea3df9ea18515 /etc/inc/openvpn.inc | |
parent | 00e8315b3d5db09870ca93f380f7ba577e90be88 (diff) | |
download | pfsense-5e28dad4a34bc3b8da8134b23c85a8f922ebb401.zip pfsense-5e28dad4a34bc3b8da8134b23c85a8f922ebb401.tar.gz |
Migrate openvpn authentication to use fcgicli rather than forking a php process. Maybe should could consider to write a short library todo this
Diffstat (limited to 'etc/inc/openvpn.inc')
-rw-r--r-- | etc/inc/openvpn.inc | 17 |
1 files changed, 3 insertions, 14 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 3e04318..c1c4579 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -582,22 +582,11 @@ function openvpn_reconfigure($mode, $settings) { if (stristr($conf, "server-bridge") === false) $conf .= "username-as-common-name\n"; if (!empty($settings['authmode'])) { - $authcfgs = explode(",", $settings['authmode']); - $sed = "\$authmodes=array("; - $firstsed = 0; - foreach ($authcfgs as $authcfg) { - if ($firstsed > 0) - $sed .= ","; - $firstsed = 1; - $sed .= "\"{$authcfg}\""; - } - $sed .= ");\\\n"; + $strictusercn = "false"; if ($settings['strictusercn']) - $sed .= "\$strictusercn = true;"; - $sed .= " \$modeid = \"{$mode_id}\";"; + $strictusercn = "true"; mwexec("/bin/cat /etc/inc/openvpn.auth-user.php | /usr/bin/sed 's/\/\/<template>/{$sed}/g' > {$g['varetc_path']}/openvpn/{$mode_id}.php"); - mwexec("/bin/chmod a+x {$g['varetc_path']}/openvpn/{$mode_id}.php"); - $conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn/{$mode_id}.php via-env\n"; + $conf .= "auth-user-pass-verify /usr/local/sbin/ovpn_auth_verify '{$settings['authmode']}' {$strictusercn} {$mode_id} via-env\n"; } break; } |