diff options
Diffstat (limited to 'etc/inc/openvpn.auth-user.php')
-rwxr-xr-x | etc/inc/openvpn.auth-user.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php index a611f8c..544e21f 100755 --- a/etc/inc/openvpn.auth-user.php +++ b/etc/inc/openvpn.auth-user.php @@ -85,6 +85,7 @@ openlog("openvpn", LOG_ODELAY, LOG_AUTH); /* read data from environment */ $username = getenv("username"); $password = getenv("password"); +$common_name = getenv("common_name"); if (!$username || !$password) { syslog(LOG_ERR, "invalid user authentication environment"); @@ -95,6 +96,12 @@ if (!$username || !$password) { //<template> $authenticated = false; + +if (($strictusercn === true) && ($common_name != $username)) { + syslog(LOG_WARNING, "Username does not match certificate common name ({$username} != {$common_name}), access denied.\n"); + exit(1); +} + foreach ($authmodes as $authmode) { $authcfg = auth_get_authserver($authmode); if (!$authcfg && $authmode != "local") |