Allow option to specify just 1 of user and pass in OpenVPN .up file

As per comment in https://redmine.pfsense.org/issues/3633 sometimes the
server end only requires a password, no username. Usually 1 long string
that serves as the hard-to-guess authentication. OpenVPN expects
something to be on the first line of the ".up" file - traditionally
called the username. It also insists on the second line being present,
but is happy with it being empty - this is the authentication
information traditionally called "password".
Let the user put the single piece of authentication information in
either the Username or Password field on the web GUI - whichever they
feel comfortable calling it. In the ".up" file it has to always be the
first line to keep OpenVPN happy.

1 files changed, 13 insertions, 3 deletions

diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 927a3ec..23ae85c 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -789,11 +789,21 @@ function openvpn_reconfigure($mode, $settings) {
 			}
 		}
 
-		if ($settings['auth_user'] && $settings['auth_pass']) {
+		if ($settings['auth_user'] || $settings['auth_pass']) {
 			$up_file = "{$g['varetc_path']}/openvpn/{$mode_id}.up";
 			$conf .= "auth-user-pass {$up_file}\n";
-			$userpass = "{$settings['auth_user']}\n";
-			$userpass .= "{$settings['auth_pass']}\n";
+			if ($settings['auth_user']) {
+				$userpass = "{$settings['auth_user']}\n";
+			} else {
+				$userpass = "";
+			}
+			if ($settings['auth_pass']) {
+				$userpass .= "{$settings['auth_pass']}\n";
+			}
+			// If only auth_pass is given, then it acts like a user name and we put a blank line where pass would normally go.
+			if (!($settings['auth_user'] && $settings['auth_pass'])) {
+				$userpass .= "\n";
+			}
 			file_put_contents($up_file, $userpass);
 		}