OpenVPN certificate authorization with cn_username in 'email' format #1980
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch addresses such a scenario when OpenVPN clients utilize the certificate-only authorization scheme. It works out-of-the box in case
cn_username
contains a 'plain' username that is identical to corresponding user name of default Hub user database. However, ifcn_username
is inuser@domain.tld
format, the wholecn_username
string is compared to Hub user database entries and does not match as Hub usernames cannot contain@
sign.Changes proposed in this pull request:
cn_username
contains @ sign, it is being split into user name and domain name which are being passed along asusername
andhubname
, respectively.cn_username
does not contain @ sign,username
andhubname
are set as usual.This patch has been tested on an experimental installation and shows the desired behavior:
cn_username
is a bare name, user is being authenticated agains the default hub.cn_username
has the 'domain' part and a Hub with corresponding name exists, user is being authenticated and connected to the corresponding Hub.cn_username
has the 'domain' part and a Hub with corresponding name does not exist, error messagesVirtual Hub "company.tld" that the client is trying to connect to does not exist on the server.
andThe specified Virtual Hub does not exist on the server.
are being logged and user is disconnected.