diff options
author | Ermal Luçi <eri@pfsense.org> | 2010-03-02 17:07:06 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2010-03-02 17:07:06 +0000 |
commit | c61e4626269fb099f4b7e9c12ceaeffd163c968f (patch) | |
tree | fe99cd1c66aa9e456bc9b16de0f462bfc982c249 /etc/inc/openvpn.inc | |
parent | a13ce628f8a2c1292bf222387ea59cd63e9b9234 (diff) | |
download | pfsense-c61e4626269fb099f4b7e9c12ceaeffd163c968f.zip pfsense-c61e4626269fb099f4b7e9c12ceaeffd163c968f.tar.gz |
Allow the GUI auth API to be used for doing authentication against authentication servers specified. Teach Openvpn to use this API. Allow openvpn to authenticate against multiple servers that can be selected on the server configuration page.
Diffstat (limited to 'etc/inc/openvpn.inc')
-rw-r--r-- | etc/inc/openvpn.inc | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index a62e01a..081e109 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -49,6 +49,7 @@ require_once('config.inc'); require_once("certs.inc"); require_once('pfsense-utils.inc'); +require_once("auth.inc"); $openvpn_prots = array("UDP", "TCP"); @@ -379,16 +380,19 @@ function openvpn_reconfigure($mode,& $settings) { $conf .= "client-cert-not-required\n"; case 'server_tls_user': $conf .= "username-as-common-name\n"; - if ($settings['authmode'] == "local") - $conf .= "auth-user-pass-verify /etc/inc/openvpn.auth-user.php via-env\n"; - else { - $authcfg = system_get_authserver($settings['authmode']); - if ($authcfg) { - mwexec("/bin/cat /etc/inc/openvpn.auth-{$authcfg['type']}.php | /usr/bin/sed 's/\/\/<template>/\$authmode=\"{$authcfg['name']}\";/g' > {$g['varetc_path']}/openvpn/{$mode_id}.php"); - mwexec("/bin/chmod a+x {$g['varetc_path']}/openvpn/{$mode_id}.php"); - $conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn/{$mode_id}.php via-env\n"; - } + $authcfgs = explode(",", $settings['authmode']); + $sed = "\$authmodes=array("; + $firstsed = 0; + foreach ($authcfgs as $authcfg) { + if ($firstsed > 0) + $sed .= ","; + $firstsed = 1; + $sed .= "\"{$authcfg}\""; } + $sed .= ");"; + mwexec("/bin/cat /etc/inc/openvpn.auth-user.php | /usr/bin/sed 's/\/\/<template>/{$sed}/g' > {$g['varetc_path']}/openvpn/{$mode_id}.php"); + mwexec("/bin/chmod a+x {$g['varetc_path']}/openvpn/{$mode_id}.php"); + $conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn//{$mode_id}.php via-env\n"; break; } |