From e8a58de43ba4b6561673a8ec8290788c95fc29c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ermal=20Lu=E7i?= <eri@pfsense.org>
Date: Wed, 24 Feb 2010 23:56:47 +0000
Subject: Add support for authenticating users against server specified in the
 system->user manager->servers for openvpn. While there propperly fill the
 shared secret field for raidus in the servers page.

---
 usr/local/www/system_authservers.php |  1 +
 usr/local/www/vpn_openvpn_server.php | 29 ++++++++++++++++++++++++++++-
 2 files changed, 29 insertions(+), 1 deletion(-)

(limited to 'usr')

diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php
index c0ed3dd..edf2e0a 100644
--- a/usr/local/www/system_authservers.php
+++ b/usr/local/www/system_authservers.php
@@ -95,6 +95,7 @@ if ($act == "edit") {
 			$pconfig['radius_host'] = $a_server[$id]['host'];
 			$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
 			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
+			$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
 
 			if ($pconfig['radius_auth_port'] &&
 				$pconfig['radius_acct_port'] ) {
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php
index 4617e5c..c58942f 100644
--- a/usr/local/www/vpn_openvpn_server.php
+++ b/usr/local/www/vpn_openvpn_server.php
@@ -44,6 +44,10 @@ if (!is_array($config['openvpn']['openvpn-server']))
 
 $a_server = &$config['openvpn']['openvpn-server'];
 
+if (!is_array($config['system']['authserver']))
+	$config['system']['authserver'] = array();
+$auth_servers =& $config['system']['authserver'];
+
 $id = $_GET['id'];
 if (isset($_POST['id']))
 	$id = $_POST['id'];
@@ -82,6 +86,7 @@ if($_GET['act']=="edit"){
 		$pconfig['disable'] = isset($a_server[$id]['disable']);
 		$pconfig['mode'] = $a_server[$id]['mode'];
 		$pconfig['protocol'] = $a_server[$id]['protocol'];
+		$pconfig['authmode'] = $a_server[$id]['authmode'];
 		$pconfig['interface'] = $a_server[$id]['interface'];
 		if (!empty($a_server[$id]['ipaddr'])) {
 			$pconfig['interface'] = $pconfig['interface'] . '|' . $a_server[$id]['ipaddr'];
@@ -238,7 +243,7 @@ if ($_POST) {
 	if (!$tls_mode && !$pconfig['autokey_enable']) {
 		$reqdfields = array('shared_key');
 		$reqdfieldsn = array('Shared key');
-    } else {
+	} else {
 		$reqdfields = explode(" ", "caref certref");
 		$reqdfieldsn = explode(",", "Certificate Authority,Certificate");;
 	}
@@ -260,6 +265,7 @@ if ($_POST) {
 		if ($_POST['disable'] == "yes")
 			$server['disable'] = true;
 		$server['mode'] = $pconfig['mode'];
+		$server['authmode'] = $pconfig['authmode'];
 		$server['protocol'] = $pconfig['protocol'];
 		list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']);
 		$server['local_port'] = $pconfig['local_port'];
@@ -370,7 +376,12 @@ function mode_change() {
 		case "p2p_shared_key":
 			document.getElementById("client_opts").style.display="none";
 			document.getElementById("remote_opts").style.display="";
+			document.getElementById("authmodetr").style.display="none";
 			break;
+		case "server_user":
+                case "server_tls_user":
+			document.getElementById("authmodetr").style.display="";
+			/* FALL THROUGH */
 		default:
 			document.getElementById("client_opts").style.display="";
 			document.getElementById("remote_opts").style.display="none";
@@ -531,6 +542,22 @@ function netbios_change() {
 							</select>
 						</td>
 					</tr>
+					<tr id="authmodetr" style="display:none">
+                                                <td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td>
+                                                        <td width="78%" class="vtable">
+                                                        <select name='authmode' id='authmode' class="formselect">
+                                                                <option value="local" <?php if ($pconfig['authmode'] == "local") echo "selected";?>>Local authentication database</option>
+                                                        <?php
+                                                                foreach ($auth_servers as $auth_server):
+                                                                        $selected = "";
+                                                                        if ($pconfig['authmode'] == $auth_server['name'])
+                                                                                $selected = "selected";
+                                                        ?>
+                                                                <option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option>
+                                                        <?php 	endforeach; ?>
+                                                        </select>
+                                                </td>
+                                        </tr>
 					<tr>
 						<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
 							<td width="78%" class="vtable">
-- 
cgit v1.1