Revision befad728
Added by Ermal LUÇI over 14 years ago
| etc/inc/openvpn.auth-user.php | ||
|---|---|---|
| 41 | 41 |
* in our config.xml file and check the credentials. |
| 42 | 42 |
*/ |
| 43 | 43 |
|
| 44 |
require_once("globals.inc");
|
|
| 44 | 45 |
require_once("config.inc");
|
| 45 | 46 |
require_once("radius.inc");
|
| 46 | 47 |
require_once("auth.inc");
|
| ... | ... | |
| 95 | 96 |
/* Replaced by a sed with propper variables used below(ldap parameters). */ |
| 96 | 97 |
//<template> |
| 97 | 98 |
|
| 99 |
if (file_exists("{$g['varetc_path']}/openvpn/{$modeid}.ca")) {
|
|
| 100 |
putenv("LDAPTLS_CACERT={$g['varetc_path']}/openvpn/{$modeid}.ca");
|
|
| 101 |
putenv("LDAPTLS_REQCERT=never");
|
|
| 102 |
} |
|
| 103 |
|
|
| 98 | 104 |
$authenticated = false; |
| 99 | 105 |
|
| 100 | 106 |
if (($strictusercn === true) && ($common_name != $username)) {
|
| ... | ... | |
| 121 | 127 |
|
| 122 | 128 |
exit(0); |
| 123 | 129 |
|
| 124 |
?> |
|
| 130 |
?> |
|
| etc/inc/openvpn.inc | ||
|---|---|---|
| 394 | 394 |
} |
| 395 | 395 |
$sed .= ");\\\n"; |
| 396 | 396 |
if ($settings['strictusercn']) |
| 397 |
$sed .= "\$strictusercn = true;\n"; |
|
| 398 |
$sed .= "putenv(\"LDAPTLS_CACERT={$g['varetc_path']}/openvpn/{$modeid}.ca\");\n";
|
|
| 399 |
$sed .= "putenv(\"LDAPTLS_REQCERT=never\");\n"; |
|
| 397 |
$sed .= "\$strictusercn = true;"; |
|
| 398 |
$sed .= " \$modeid = \"{$mode_id}\"";
|
|
| 400 | 399 |
mwexec("/bin/cat /etc/inc/openvpn.auth-user.php | /usr/bin/sed 's/\/\/<template>/{$sed}/g' > {$g['varetc_path']}/openvpn/{$mode_id}.php");
|
| 401 | 400 |
mwexec("/bin/chmod a+x {$g['varetc_path']}/openvpn/{$mode_id}.php");
|
| 402 | 401 |
$conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn/{$mode_id}.php via-env\n";
|
Also available in: Unified diff
Ticket #1037. Move environment manipulation to the authentication script since escaping slashes is not so easz on dynamic built paths.