Skip to content

O
OpnSense
Commit 765164a0 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(openvpn) add "Use common name" option to control username-as-common-name,... 

(openvpn) add "Use common name" option to control username-as-common-name, closes https://github.com/opnsense/core/issues/1154
parent b218ce7d
Show whitespace changes
Inline Side-by-side
Showing with 17 additions and 5 deletions
src/etc/inc/openvpn.inc
View file @ 765164a0
...@@ -580,7 +580,7 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) ...@@ -580,7 +580,7 @@ function openvpn_reconfigure($mode, $settings, $device_only = false)
$conf .= "client-cert-not-required\n"; $conf .= "client-cert-not-required\n";
case 'server_tls_user': case 'server_tls_user':
/* username-as-common-name is not compatible with server-bridge */ /* username-as-common-name is not compatible with server-bridge */
if (stristr($conf, "server-bridge") === false) { if (stristr($conf, "server-bridge") === false && empty($settings['use-common-name'])) {
$conf .= "username-as-common-name\n"; $conf .= "username-as-common-name\n";
} }
if (!empty($settings['authmode'])) { if (!empty($settings['authmode'])) {
......
src/www/vpn_openvpn_server.php
View file @ 765164a0
...@@ -69,7 +69,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -69,7 +69,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
,ntp_server2,netbios_enable,netbios_ntype,netbios_scope,wins_server1 ,ntp_server2,netbios_enable,netbios_ntype,netbios_scope,wins_server1
,wins_server2,no_tun_ipv6,push_register_dns,dns_domain ,wins_server2,no_tun_ipv6,push_register_dns,dns_domain
,client_mgmt_port,verbosity_level,caref,crlref,certref,dh_length ,client_mgmt_port,verbosity_level,caref,crlref,certref,dh_length
,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,reneg-sec"; ,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,reneg-sec,use-common-name";
foreach (explode(",", $copy_fields) as $fieldname) { foreach (explode(",", $copy_fields) as $fieldname) {
$fieldname = trim($fieldname); $fieldname = trim($fieldname);
...@@ -116,7 +116,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -116,7 +116,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
,ntp_server2,netbios_enable,netbios_ntype,netbios_scope,wins_server1 ,ntp_server2,netbios_enable,netbios_ntype,netbios_scope,wins_server1
,wins_server2,no_tun_ipv6,push_register_dns,dns_domain ,wins_server2,no_tun_ipv6,push_register_dns,dns_domain
,client_mgmt_port,verbosity_level,caref,crlref,certref,dh_length ,client_mgmt_port,verbosity_level,caref,crlref,certref,dh_length
,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,shared_key,tls,reneg-sec"; ,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,shared_key,tls,reneg-sec,use-common-name";
foreach (explode(",", $init_fields) as $fieldname) { foreach (explode(",", $init_fields) as $fieldname) {
$fieldname = trim($fieldname); $fieldname = trim($fieldname);
if (!isset($pconfig[$fieldname])) { if (!isset($pconfig[$fieldname])) {
...@@ -340,7 +340,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -340,7 +340,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
,serverbridge_dhcp_end,dns_domain,dns_server1,dns_server2,dns_server3 ,serverbridge_dhcp_end,dns_domain,dns_server1,dns_server2,dns_server3
,dns_server4,push_register_dns,ntp_server1,ntp_server2,netbios_enable ,dns_server4,push_register_dns,ntp_server1,ntp_server2,netbios_enable
,netbios_ntype,netbios_scope,no_tun_ipv6,verbosity_level,wins_server1 ,netbios_ntype,netbios_scope,no_tun_ipv6,verbosity_level,wins_server1
,wins_server2,client_mgmt_port,strictusercn,reneg-sec"; ,wins_server2,client_mgmt_port,strictusercn,reneg-sec,use-common-name";
foreach (explode(",", $copy_fields) as $fieldname) { foreach (explode(",", $copy_fields) as $fieldname) {
$fieldname = trim($fieldname); $fieldname = trim($fieldname);
...@@ -471,6 +471,7 @@ $( document ).ready(function() { ...@@ -471,6 +471,7 @@ $( document ).ready(function() {
$(".opt_gwredir").hide(); $(".opt_gwredir").hide();
} }
$("#dev_mode").change(); $("#dev_mode").change();
$(window).resize();
}); });
$("#mode").change(); $("#mode").change();
...@@ -573,7 +574,7 @@ $( document ).ready(function() { ...@@ -573,7 +574,7 @@ $( document ).ready(function() {
} }
}); });
$("#client_mgmt_port_enable").change(); $("#client_mgmt_port_enable").change();
$(window).resize();
} }
}); });
...@@ -1485,6 +1486,17 @@ endif; ?> ...@@ -1485,6 +1486,17 @@ endif; ?>
</div> </div>
</td> </td>
</tr> </tr>
<tr class="opt_mode opt_mode_server_tls_user">
<td width="22%" ><a id="help_for_use-common-name" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Use common name"); ?></td>
<td>
<input name="use-common-name" type="checkbox" value="1" <?=!empty($pconfig['use-common-name']) ? "checked=\"checked\"" : "" ;?> />
<div class="hidden" for="help_for_use-common-name">
<span>
<?=gettext("When using a client certificate, use certificate common name for indexing purposes instead of username"); ?><br />
</span>
</div>
</td>
</tr>
</table> </table>
</div> </div>
</div> </div>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023