diff options
author | Phil Davis <phil.davis@inf.org> | 2015-02-23 22:16:12 +0545 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2015-02-23 14:18:03 -0300 |
commit | ba7d3bd3f9b620cb83aa8b27f17615e653eff3f9 (patch) | |
tree | 11b6f6e9f1af2f88c004f269e887c0928e0720f3 /usr | |
parent | 683eb992471119a8ec311ba399272d1ec4ad686b (diff) | |
download | pfsense-ba7d3bd3f9b620cb83aa8b27f17615e653eff3f9.zip pfsense-ba7d3bd3f9b620cb83aa8b27f17615e653eff3f9.tar.gz |
OpenVPN server improve handling of authmode
Currently if the user is clicking around while they are setting up an OpenVPN server, they can do stuff like this:
a) Select Server Mode - Remote Access (SSL/TLS + User Auth)
b) Select something in Backend for authentication
c) Change their mind and select Server Mode - Peer to Peer (SSL/TLS)
d) Enter the other settings and Save
Now the OpenVPN server config has an 'authmode' key in it.
Probably does no harm, I suspect it will simply not be used when building the server.conf for Peer to Peer, but it looks a bit odd when analysing/diagnosing a config for problems.
Other fields that are mode-specific have tests to only save the values at the end if the appropriate mode is the one finally selected.
While I am here, I also constantly forget to click on "Local Database" authmode when setting up a new server. It gives the validation error message, then I click on "Local Database" again and save. Seems unnecessary - when defining a new OpenVPN server why not default this to have the first entry in the list be the one selected? So I did that. What do you think? 1 place less for many users to need to click.
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 0777cb6..cb381564 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -370,7 +370,7 @@ if ($_POST) { if ($_POST['disable'] == "yes") $server['disable'] = true; $server['mode'] = $pconfig['mode']; - if (!empty($pconfig['authmode'])) + if (!empty($pconfig['authmode']) && (($pconfig['mode'] == "server_user") || ($pconfig['mode'] == "server_tls_user"))) $server['authmode'] = implode(",", $pconfig['authmode']); $server['protocol'] = $pconfig['protocol']; $server['dev_mode'] = $pconfig['dev_mode']; @@ -798,9 +798,13 @@ if ($savemsg) <td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td> <td width="78%" class="vtable"> <select name='authmode[]' id='authmode' class="formselect" multiple="multiple" size="<?php echo count($auth_servers); ?>"> - <?php $authmodes = explode(",", $pconfig['authmode']); ?> <?php + $authmodes = explode(",", $pconfig['authmode']); $auth_servers = auth_get_authserver_list(); + // If no authmodes set then default to selecting the first entry in auth_servers + if (empty($authmodes[0]) && !empty(key($auth_servers))) + $authmodes[0] = key($auth_servers); + foreach ($auth_servers as $auth_server_key => $auth_server): $selected = ""; if (in_array($auth_server_key, $authmodes)) |