summaryrefslogtreecommitdiffstats
path: root/etc/inc/openvpn.inc
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2013-12-19 08:53:32 +0000
committerErmal <eri@pfsense.org>2013-12-19 08:53:32 +0000
commit5e28dad4a34bc3b8da8134b23c85a8f922ebb401 (patch)
treea307678a095f3044ee0b7149e5bea3df9ea18515 /etc/inc/openvpn.inc
parent00e8315b3d5db09870ca93f380f7ba577e90be88 (diff)
downloadpfsense-5e28dad4a34bc3b8da8134b23c85a8f922ebb401.zip
pfsense-5e28dad4a34bc3b8da8134b23c85a8f922ebb401.tar.gz
Migrate openvpn authentication to use fcgicli rather than forking a php process. Maybe should could consider to write a short library todo this
Diffstat (limited to 'etc/inc/openvpn.inc')
-rw-r--r--etc/inc/openvpn.inc17
1 files changed, 3 insertions, 14 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 3e04318..c1c4579 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -582,22 +582,11 @@ function openvpn_reconfigure($mode, $settings) {
if (stristr($conf, "server-bridge") === false)
$conf .= "username-as-common-name\n";
if (!empty($settings['authmode'])) {
- $authcfgs = explode(",", $settings['authmode']);
- $sed = "\$authmodes=array(";
- $firstsed = 0;
- foreach ($authcfgs as $authcfg) {
- if ($firstsed > 0)
- $sed .= ",";
- $firstsed = 1;
- $sed .= "\"{$authcfg}\"";
- }
- $sed .= ");\\\n";
+ $strictusercn = "false";
if ($settings['strictusercn'])
- $sed .= "\$strictusercn = true;";
- $sed .= " \$modeid = \"{$mode_id}\";";
+ $strictusercn = "true";
mwexec("/bin/cat /etc/inc/openvpn.auth-user.php | /usr/bin/sed 's/\/\/<template>/{$sed}/g' > {$g['varetc_path']}/openvpn/{$mode_id}.php");
- mwexec("/bin/chmod a+x {$g['varetc_path']}/openvpn/{$mode_id}.php");
- $conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn/{$mode_id}.php via-env\n";
+ $conf .= "auth-user-pass-verify /usr/local/sbin/ovpn_auth_verify '{$settings['authmode']}' {$strictusercn} {$mode_id} via-env\n";
}
break;
}
OpenPOWER on IntegriCloud