From c314ac09e457f9ae48ae2dfa7d666fde6715a351 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Mon, 1 Oct 2018 21:45:41 +0200
Subject: [PATCH] small cleanups for https://github.com/opnsense/core/pull/2748

---
 .../inc/plugins.inc.d/openvpn/auth-user.php   | 23 +++++++------------
 src/www/vpn_openvpn_server.php                |  5 ++--
 2 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/src/etc/inc/plugins.inc.d/openvpn/auth-user.php b/src/etc/inc/plugins.inc.d/openvpn/auth-user.php
index 1275ef480..df9537783 100644
--- a/src/etc/inc/plugins.inc.d/openvpn/auth-user.php
+++ b/src/etc/inc/plugins.inc.d/openvpn/auth-user.php
@@ -115,28 +115,21 @@ if (count($argv) > 6) {
         if ($authenticator) {
             if ($authenticator->authenticate($username, $password)) {
                 $vpnid = filter_var($a_server['vpnid'], FILTER_SANITIZE_NUMBER_INT);
-                $cso_login_matching = $a_server['cso_login_matching'];
                 // fetch or  create client specif override
                 $all_cso = openvpn_fetch_csc_list();
-                if (empty($cso_login_matching)){
-                    syslog(LOG_NOTICE, "CSO Login - CN" );
-                    if (!empty($all_cso[$vpnid][$common_name])) {
-                        $cso = $all_cso[$vpnid][$common_name];
-                    } else {
-                        $cso = array("common_name" => $common_name);
-                    }
+                $common_name = empty($a_server['cso_login_matching']) ? $common_name : $username;
+                $login_type = empty($a_server['cso_login_matching']) ? "CN" : "USER";
+                if (!empty($all_cso[$vpnid][$common_name])) {
+                    $cso = $all_cso[$vpnid][$common_name];
                 } else {
-                    syslog(LOG_NOTICE, "CSO Login - USER" );
-                    if (!empty($all_cso[$vpnid][$username])) {
-                         $cso = $all_cso[$vpnid][$username];
-                    } else {
-                         $cso = array("common_name" => $username);
-                    } 
+                    $cso = array("common_name" => $common_name);
                 }
+
                 $cso = array_merge($cso, parse_auth_properties($authenticator->getLastAuthProperties()));
                 $cso_filename = openvpn_csc_conf_write($cso, $a_server);
                 if (!empty($cso_filename)) {
-                    syslog(LOG_NOTICE, "user '{$username}' authenticated using '{$authName}' cso :{$cso_filename}");
+                    $tmp = empty($a_server['cso_login_matching']) ? "CSO [CN]" : "CSO [USER]";
+                    syslog(LOG_NOTICE, "user '{$username}' authenticated using '{$authName}' {$tmp}:{$cso_filename}");
                 } else {
                     syslog(LOG_NOTICE, "user '{$username}' authenticated using '{$authName}'");
                 }
diff --git a/src/www/vpn_openvpn_server.php b/src/www/vpn_openvpn_server.php
index a2fd7e95f..e43e64559 100644
--- a/src/www/vpn_openvpn_server.php
+++ b/src/www/vpn_openvpn_server.php
@@ -117,7 +117,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             ,ntp_server2,netbios_enable,netbios_ntype,netbios_scope,wins_server1
             ,wins_server2,no_tun_ipv6,push_register_dns,dns_domain
             ,client_mgmt_port,verbosity_level,caref,crlref,certref,dh_length
-            ,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,shared_key,tls,reneg-sec,use-common-name,cso_login_matching";
+            ,cert_depth,strictusercn,digest,disable,duplicate_cn,vpnid,shared_key,tls,reneg-sec,use-common-name
+            ,cso_login_matching";
         foreach (explode(",", $init_fields) as $fieldname) {
             $fieldname = trim($fieldname);
             if (!isset($pconfig[$fieldname])) {
@@ -1591,7 +1592,7 @@ endif; ?>
                         <input name="cso_login_matching" type="checkbox" value="yes" <?=!empty($pconfig['cso_login_matching']) ? "checked=\"checked\"" : "" ;?> />
                         <div class="hidden" data-for="help_for_cso_login_matching">
                           <span>
-                            <?=gettext("Use Login instead CN to match against CSO."); ?><br />
+                            <?=gettext("Use username instead of common name to match client specfic override."); ?><br />
                           </span>
                         </div>
                       </td>