$authenticated = false; if (($strictusercn === true) && (mb_strtolower($common_name) !== mb_strtolower($username))) { syslog(LOG_WARNING, "Username does not match certificate common name (\"{$username}\" != \"{$common_name}\"), access denied."); if (isset($_GET['username'])) { echo "FAILED"; closelog(); return; } else { closelog(); return (1); } } if (!is_array($authmodes)) { syslog(LOG_WARNING, "No authentication server has been selected to authenticate against. Denying authentication for user {$username}"); if (isset($_GET['username'])) { echo "FAILED"; closelog(); return; } else { closelog(); return (1); } } $attributes = array("nas_identifier" => "openVPN", "nas_port_type" => RADIUS_VIRTUAL, "nas_port" => $_GET['nas_port'], "calling_station_id" => get_interface_ip() . ":" . $_GET['nas_port']); foreach ($authmodes as $authmode) { $authcfg = auth_get_authserver($authmode); if (!$authcfg && $authmode != "Local Database") { continue; } $authenticated = authenticate_user($username, $password, $authcfg, $attributes); if ($authenticated == true) { break; } } if ($authenticated == false) { syslog(LOG_WARNING, "user '{$username}' could not authenticate."); if (isset($_GET['username'])) { echo "FAILED"; closelog(); return; } else { closelog(); return (-1); } } if (file_exists("/etc/inc/openvpn.attributes.php")) { include_once("/etc/inc/openvpn.attributes.php"); } $content = ""; if (is_array($attributes['dns-servers'])) { foreach ($attributes['dns-servers'] as $dnssrv) { if (is_ipaddr($dnssrv)) { $content .= "push \"dhcp-option DNS {$dnssrv}\"\n"; } } } if (is_array($attributes['routes'])) { foreach ($attributes['routes'] as $route) { $content .= "push \"route {$route} vpn_gateway\"\n"; } } if (isset($attributes['framed_ip'])) { if (isset($attributes['framed_mask'])) { $content .= "topology subnet\n"; $content .= "ifconfig-push {$attributes['framed_ip']} {$attributes['framed_mask']}"; } else { $content .= "topology net30\n"; $content .= "ifconfig-push {$attributes['framed_ip']} ". long2ip((ip2long($attributes['framed_ip']) - 1)); } } if (!empty($content)) { @file_put_contents("{$g['tmp_path']}/{$username}", $content); } syslog(LOG_NOTICE, "user '{$username}' authenticated"); closelog(); if (isset($_GET['username'])) { echo "OK"; } else { return (0); } ?>