#!/bin/bash

# clients file must contain one client subject per line (grep regexp actually)
# example: /CN=Mirko_Doelle/emailAddress=mid@ct.de

logfile=/etc/openvpn/verify-cn.log
clients=/etc/openvpn/verify-cn.allow

CA='/O=Root_CA/OU=http://www.cacert.org/CN=CA_Cert_Signing_Authority/emailAddress=support@cacert.org'

case "$1" in
    1)
        [ "$2" == "$CA" ] && exit 0
        echo "Falsche CA" >> $logfile
    ;;
    0)
        echo "$2" | grep -q -f $clients && exit 0;
    ;;
esac

echo "$(date +%Y%m%d-%H%M%S) AUTH FAILED: $*" >> $logfile
exit 1
