diff options
| author | Stephen Beaver <sbeaver@netgate.com> | 2016-01-08 12:24:04 -0500 |
|---|---|---|
| committer | Stephen Beaver <sbeaver@netgate.com> | 2016-01-08 12:24:04 -0500 |
| commit | 5aba7eedc0ab249b15cc7da486424a13201c2e64 (patch) | |
| tree | f70b9d09b204f16fa09776127296f374e471adaf /src/usr/local/sbin | |
| parent | 79563cb670ef0759cd29b2feec9a8935b240af1a (diff) | |
| download | pfsense-5aba7eedc0ab249b15cc7da486424a13201c2e64.zip pfsense-5aba7eedc0ab249b15cc7da486424a13201c2e64.tar.gz | |
Merge branch 'bugfix-for-4605' of https://github.com/the-real-ed/pfsense
* 'bugfix-for-4605' of https://github.com/the-real-ed/pfsense:
Bug fix for #4605. After base64 encoding username/password, properly escape characters =,+,/ before submitting auth details
Diffstat (limited to 'src/usr/local/sbin')
| -rwxr-xr-x | src/usr/local/sbin/ovpn_auth_verify | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/usr/local/sbin/ovpn_auth_verify b/src/usr/local/sbin/ovpn_auth_verify index b38fcb9..e84aad2 100755 --- a/src/usr/local/sbin/ovpn_auth_verify +++ b/src/usr/local/sbin/ovpn_auth_verify @@ -4,8 +4,9 @@ if [ "$1" = "tls" ]; then RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "servercn=$2&depth=$3&certdepth=$4&certsubject=$5") else # Single quoting $password breaks getting the value from the variable. - password=$(echo -n "${password}" | openssl enc -base64 | sed -e 's/=/%3D/g') - username=$(echo -n "${username}" | openssl enc -base64 | sed -e 's/=/%3D/g') + # Base64 and urlEncode usernames and passwords + password=$(echo -n "${password}" | openssl enc -base64 | sed -e 's_=_%3D_g;s_+_%2B_g;s_/_%2F_g') + username=$(echo -n "${username}" | openssl enc -base64 | sed -e 's_=_%3D_g;s_+_%2B_g;s_/_%2F_g') RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d "username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4") fi |
