VPN: OpenVPN: Client Specific Overrides - fix mismatch issue when pin…

…ning a CSO to a specific instance. As new CSO's are stored by uuid, we should make sure to send events using them as well. cc @fichtner
opnsense · Aug 25, 2023 · d3af50a · d3af50a
1 parent ea92afa
commit d3af50a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
@@ -442,14 +442,14 @@ public function generateInstanceConfig($uuid = null)
                         $options['client-config-dir'] = "/var/etc/openvpn-csc/{$node->vpnid}";
                         // hook event handlers
                         if (!empty((string)$node->authmode)) {
-                            $options['auth-user-pass-verify'] = "\"{$event_script} --defer '{$node->vpnid}'\" via-env";
+                            $options['auth-user-pass-verify'] = "\"{$event_script} --defer '{$node_uuid}'\" via-env";
                             $options['learn-address'] =  "\"{$event_script} '{$node->vpnid}'\"";
                         } else {
                             // client specific profiles are being deployed using the connect event when no auth is used
-                            $options['client-connect'] = "\"{$event_script} '{$node->vpnid}'\"";
+                            $options['client-connect'] = "\"{$event_script} '{$node_uuid}'\"";
                         }
-                        $options['client-disconnect'] = "\"{$event_script} '{$node->vpnid}'\"";
-                        $options['tls-verify'] = "\"{$event_script} '{$node->vpnid}'\"";
+                        $options['client-disconnect'] = "\"{$event_script} '{$node_uuid}'\"";
+                        $options['tls-verify'] = "\"{$event_script} '{$node_uuid}'\"";
                     }
 
                     if (!empty((string)$node->maxclients)) {

diff --git a/src/opnsense/scripts/openvpn/user_pass_verify.php b/src/opnsense/scripts/openvpn/user_pass_verify.php
@@ -119,10 +119,9 @@ function do_auth($common_name, $serverid, $method, $auth_file)
         $authenticator = $authFactory->get($authName);
         if ($authenticator) {
             if ($authenticator->authenticate($username, $password)) {
-                $vpnid = filter_var($a_server['vpnid'], FILTER_SANITIZE_NUMBER_INT);
                 // fetch or  create client specif override
                 $common_name = empty($a_server['cso_login_matching']) ? $common_name : $username;
-                $cso = (new OPNsense\OpenVPN\OpenVPN())->getOverwrite($vpnid, $common_name);
+                $cso = (new OPNsense\OpenVPN\OpenVPN())->getOverwrite($serverid, $common_name);
                 if (empty($cso)) {
                     $cso = array("common_name" => $common_name);
                 }