From 54b9de56fecdfeb8848bbe65e28401e8c73ac367 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ermal=20Lu=E7i?= <eri@pfsense.org>
Date: Tue, 2 Mar 2010 20:48:45 +0000
Subject: Allow openvpn server to authenticate only based on username/password
 credentials.

---
 usr/local/www/vpn_openvpn_server.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'usr/local')

diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php
index 87328e0..734c66c 100644
--- a/usr/local/www/vpn_openvpn_server.php
+++ b/usr/local/www/vpn_openvpn_server.php
@@ -173,6 +173,13 @@ if ($_POST) {
 	else
 		$tls_mode = false;
 
+	if (!empty($pconfig['authmode'])) {
+		foreach ($pconfig['authmode'] as $pauthmode) {
+			if ($pauthmode != "local" && $pconfig['mode'] == "server_tls_user") 
+				$input_errors[] = "Only 'Local authentication database'  is allowed with " . $openvpn_server_modes[$pconfig['mode']];
+		}
+	}
+
 	/* input validation */
 	if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
 		$input_errors[] = $result;
@@ -382,7 +389,11 @@ function mode_change() {
 		case "server_user":
                 case "server_tls_user":
 			document.getElementById("authmodetr").style.display="";
-			/* FALL THROUGH */
+			document.getElementById("client_opts").style.display="";
+			document.getElementById("remote_opts").style.display="none";
+			break;
+		case "server_tls":
+			document.getElementById("authmodetr").style.display="none";
 		default:
 			document.getElementById("client_opts").style.display="";
 			document.getElementById("remote_opts").style.display="none";
-- 
cgit v1.1