diff options
author | Ermal Luçi <eri@pfsense.org> | 2010-02-24 23:56:47 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2010-02-24 23:58:51 +0000 |
commit | e8a58de43ba4b6561673a8ec8290788c95fc29c5 (patch) | |
tree | ddf746fea31df3e0a6fa9cb1613032a00afb528c /etc/inc/openvpn.inc | |
parent | 44be6dba37be635997b482af5cffc48f15257461 (diff) | |
download | pfsense-e8a58de43ba4b6561673a8ec8290788c95fc29c5.zip pfsense-e8a58de43ba4b6561673a8ec8290788c95fc29c5.tar.gz |
Add support for authenticating users against server specified in the system->user manager->servers for openvpn. While there propperly fill the shared secret field for raidus in the servers page.
Diffstat (limited to 'etc/inc/openvpn.inc')
-rw-r--r-- | etc/inc/openvpn.inc | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 7033254..eec3425 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -379,7 +379,29 @@ function openvpn_reconfigure($mode,& $settings) { $conf .= "client-cert-not-required\n"; case 'server_tls_user': $conf .= "username-as-common-name\n"; - $conf .= "auth-user-pass-verify /etc/inc/openvpn.auth-user.php via-env\n"; + if ($settings['authmode'] == "local") + $conf .= "auth-user-pass-verify /etc/inc/openvpn.auth-user.php via-env\n"; + else { + $authcfg = system_get_authserver($settings['authmode']); + if ($authcfg) { + switch ($authcfg['type']) { + case 'ldap': + $sed = "\$ldaphost={$authcfg['host']};"; + $sed .= "\$ldapport={$authcfg['ldap_port']};"; + $sed .= "\$ldapuserattr={$authcfg['ldap_attr_user']};"; + $sed .= "\$ldapbasedn={$authcfg['ldap_basedn']};"; + break; + case 'radius': + $sed = "\$radsrv={$authcfg['host']};"; + $sed .= "\$radport={$authcfg['radius_auth_port']};"; + $sed .= "\$radsecret={$authcfg['radius_secret']};"; + break; + } + mwexec("/bin/cat /etc/inc/openvpn.auth-{$authcfg['type']}.php | /usr/bin/sed 's/\/\/<template>/{$sed}/g' > {$g['varetc_path']}/openvpn/{$mode_id}.php"); + mwexec("/bin/chmod a+x {$g['varetc_path']}/openvpn/{$mode_id}.php"); + $conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn/{$mode_id}.php via-env\n"; + } + } break; } |