Revision: 6904
http://ipcop.svn.sourceforge.net/ipcop/?rev=6904&view=rev
Author: dotzball
Date: 2013-01-17 20:20:27 +0000 (Thu, 17 Jan 2013)
Log Message:
-----------
Fix wrong ca path in openvpn web administration.
Thanks to "harvey637".
Modified Paths:
--------------
ipcop/trunk/html/cgi-bin/openvpn.cgi
ipcop/trunk/lfs/ipcop
ipcop/trunk/src/scripts/upgrade.sh
ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0
Modified: ipcop/trunk/html/cgi-bin/openvpn.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/openvpn.cgi 2013-01-08 23:22:23 UTC (rev
6903)
+++ ipcop/trunk/html/cgi-bin/openvpn.cgi 2013-01-17 20:20:27 UTC (rev
6904)
@@ -241,7 +241,7 @@
print CONF "persist-tun\n";
if ($sovpnsettings{LOG_VERB} ne '') {
print CONF "verb $sovpnsettings{LOG_VERB}\n";
- }
+ }
else {
print CONF "verb 3\n";
}
@@ -301,7 +301,7 @@
return unless ($vpnsettings{'STATICIP'} eq 'on');
my $filename = "/var/ipcop/openvpn/ccd/$confighash{$key}[2]";
$filename =~ tr/ /_/;
-
+
open(CONF, ">$filename") or die "Unable to open $filename $!";
print CONF "# $confighash{$key}[2]\n";
my $serverip =
NetAddr::IP->new("$confighash{$key}[32]/30")->first()->addr();
@@ -365,13 +365,13 @@
### Save Advanced options
###
if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
- map($vpnsettings{$_} = $cgiparams{$_},
+ map($vpnsettings{$_} = $cgiparams{$_},
('LOG_VERB', 'KEEPALIVE_1', 'KEEPALIVE_2', 'MAX_CLIENTS',
'REDIRECT_GW_DEF1', 'STATICIP', 'CLIENT2CLIENT',
'DHCP_DOMAIN', 'DHCP_DNS1', 'DHCP_DNS2', 'DHCP_NTP1', 'DHCP_NTP2',
'DHCP_WINS1', 'DHCP_WINS2',
- 'NOBIND', 'FASTIO', 'MTUDISC',
+ 'NOBIND', 'FASTIO', 'MTUDISC',
'RADIUS_ENABLED', 'RADIUS_HOST', 'RADIUS_AUTHPORT',
'RADIUS_ACCTPORT', 'RADIUS_RETRY', 'RADIUS_TIMEOUT', 'RADIUS_PASS1',
'PUSH_GREEN_1', 'PUSH_BLUE_1', 'PUSH_ORANGE_1'));
-
+
if ($cgiparams{'DHCP_DOMAIN'} ne '') {
unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'})) {
$errormessage = $Lang::tr{'invalid input for dhcp domain'};
@@ -508,7 +508,7 @@
# Verify port (usually udp/1994) only if want to change it.
if
(&DATA::isReservedPort($cgiparams{'DPROTOCOL'},$cgiparams{'DDEST_PORT'})) {
$errormessage = $Lang::tr{'reserved dst port'};
- goto SETTINGS_ERROR;
+ goto SETTINGS_ERROR;
}
}
@@ -524,7 +524,7 @@
$errormessage = $Lang::tr{'openvpn subnet is invalid'};
goto SETTINGS_ERROR;
}
-
+
if (&General::validip($netsettings{'RED_1_ADDRESS'}) &&
$tmpnetaddr->contains(NetAddr::IP->new($netsettings{'RED_1_ADDRESS'}))) {
$errormessage = "$Lang::tr{'openvpn subnet overlap'}: IPCop RED
Network $netsettings{'RED_1_ADDRESS'}";
goto SETTINGS_ERROR;
@@ -572,8 +572,8 @@
$errormessage = $Lang::tr{'invalid port'};
goto SETTINGS_ERROR;
}
-
- map($vpnsettings{$_} = $cgiparams{$_},
+
+ map($vpnsettings{$_} = $cgiparams{$_},
('ENABLED_BLUE_1', 'ENABLED_RED_1', 'VPN_IP', 'DOVPN_SUBNET',
'DDEVICE', 'DPROTOCOL', 'DDEST_PORT', 'DMTU', 'DCOMPLZO', 'DCIPHER'));
&General::writehash('/var/ipcop/openvpn/settings', \%vpnsettings);
&writeserverconf();
@@ -589,13 +589,13 @@
$confighash{$cgiparams{'KEY'}}[0] = 'on';
&General::writehasharray('/var/ipcop/openvpn/config',
\%confighash);
&writeclientconf($cgiparams{'KEY'});
- }
+ }
else {
$confighash{$cgiparams{'KEY'}}[0] = 'off';
&General::writehasharray('/var/ipcop/openvpn/config',
\%confighash);
&removeclientconf($cgiparams{'KEY'});
}
- }
+ }
else {
$errormessage = $Lang::tr{'invalid key'};
}
@@ -632,7 +632,7 @@
}
if ( $vpnsettings{'ENABLED_RED_1'} eq 'on') {
print CLIENTCONF "remote $vpnsettings{'VPN_IP'}
$vpnsettings{'DDEST_PORT'}\r\n";
-
+
if ($vpnsettings{'ENABLED_BLUE_1'} eq 'on' && (&FW::haveBlueNet())) {
print CLIENTCONF "#Comment the above line and uncomment the next
line, if you want to connect on the Blue interface\r\n";
print CLIENTCONF ";remote $netsettings{'BLUE_1_ADDRESS'}
$vpnsettings{'DDEST_PORT'}\r\n";
@@ -640,17 +640,17 @@
}
elsif ($vpnsettings{'ENABLED_BLUE_1'} eq 'on' && (&FW::haveBlueNet())) {
print CLIENTCONF "remote $netsettings{'BLUE_1_ADDRESS'}
$vpnsettings{'DDEST_PORT'}\r\n";
- }
+ }
if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f
"/var/ipcop/openvpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n";
$zip->addFile("/var/ipcop/openvpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
"$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file
$confighash{$cgiparams{'KEY'}}[1].p12\n";
- }
+ }
else {
print CLIENTCONF "ca cacert.pem\r\n";
print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n";
print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
- $zip->addFile("/var/ipcop/openvpn/ca/cacert.pem", "cacert.pem") or
die "Can't add file cacert.pem\n";
+ $zip->addFile("/var/ipcop/ca/cacert.pem", "cacert.pem") or die "Can't
add file cacert.pem\n";
$zip->addFile("/var/ipcop/openvpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem",
"$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file
$confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
}
print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
@@ -683,7 +683,7 @@
delete $confighash{$cgiparams{'KEY'}};
system("/usr/bin/openssl ca -gencrl -out /var/ipcop/crls/cacrl.pem");
&General::writehasharray('/var/ipcop/openvpn/config', \%confighash);
- }
+ }
else {
$errormessage = $Lang::tr{'invalid key'};
}
@@ -1101,7 +1101,7 @@
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'restart'}) {
# TODO: populate with some code?
if ($confighash{$cgiparams{'KEY'}}) {
- }
+ }
else {
$errormessage = $Lang::tr{'invalid key'};
}
@@ -1149,7 +1149,7 @@
($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq
'')) {
&General::readhash('/var/ipcop/vpn/rootcertsettings', \%rootcertsettings)
if (-f '/var/ipcop/vpn/rootcertsettings');
- &General::readhasharray('/var/ipcop/openvpn/caconfig', \%cahash);
+ &General::readhasharray('/var/ipcop/vpn/caconfig', \%cahash);
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
if (! $confighash{$cgiparams{'KEY'}}[0]) {
@@ -1255,7 +1255,7 @@
}
if ($cgiparams{'AUTH'} eq 'psk') {
- }
+ }
elsif ($cgiparams{'AUTH'} eq 'certreq') {
if ($cgiparams{'KEY'}) {
$errormessage = $Lang::tr{'cant change certificates'};
@@ -1285,7 +1285,7 @@
unlink ("/var/ipcop/openvpn/certs/$cgiparams{'NAME'}cert.pem");
&VPN::newcleanssldatabase();
goto VPNCONF_ERROR;
- }
+ }
else {
unlink ($filename);
&deletebackupcert();
@@ -1296,7 +1296,7 @@
$errormessage = $Lang::tr{'could not retrieve common name from
certificate'};
goto VPNCONF_ERROR;
}
- }
+ }
elsif ($cgiparams{'AUTH'} eq 'certfile') {
if ($cgiparams{'KEY'}) {
$errormessage = $Lang::tr{'cant change certificates'};
@@ -1315,13 +1315,13 @@
# Verify the certificate has a valid CA and move it
my $validca = 0;
- my $test = `/usr/bin/openssl verify -CAfile
/var/ipcop/openvpn/ca/cacert.pem $filename`;
+ my $test = `/usr/bin/openssl verify -CAfile
/var/ipcop/ca/cacert.pem $filename`;
if ($test =~ /: OK/) {
$validca = 1;
- }
+ }
else {
foreach my $key (keys %cahash) {
- $test = `/usr/bin/openssl verify -CAfile
/var/ipcop/openvpn/ca/$cahash{$key}[0]cert.pem $filename`;
+ $test = `/usr/bin/openssl verify -CAfile
/var/ipcop/ca/$cahash{$key}[0]cert.pem $filename`;
if ($test =~ /: OK/) {
$validca = 1;
}
@@ -1331,7 +1331,7 @@
$errormessage = $Lang::tr{'certificate does not have a valid
ca associated with it'};
unlink ($filename);
goto VPNCONF_ERROR;
- }
+ }
else {
move($filename,
"/var/ipcop/openvpn/certs/$cgiparams{'NAME'}cert.pem");
if ($? ne 0) {
@@ -1405,7 +1405,7 @@
goto VPNCONF_ERROR;
}
- if (($cgiparams{'YEAR'} < $this_year)
+ if (($cgiparams{'YEAR'} < $this_year)
|| (($cgiparams{'YEAR'} == $this_year) && ($cgiparams{'MONTH'}
< $now[4]))
|| (($cgiparams{'YEAR'} == $this_year) && ($cgiparams{'MONTH'}
== $now[4]) && ($cgiparams{'DAY'} < $now[3])) ) {
$errormessage = $Lang::tr{'invalid date entered'};
@@ -1463,7 +1463,7 @@
unlink ("/var/ipcop/openvpn/certs/$cgiparams{'NAME'}cert.pem");
&VPN::newcleanssldatabase();
goto VPNCONF_ERROR;
- }
+ }
else {
unlink ("/var/ipcop/openvpn/certs/$cgiparams{'NAME'}req.pem");
&deletebackupcert();
@@ -1485,14 +1485,14 @@
unlink ("/var/ipcop/openvpn/certs/$cgiparams{'NAME'}cert.pem");
unlink ("/var/ipcop/openvpn/certs/$cgiparams{'NAME'}.p12");
goto VPNCONF_ERROR;
- }
+ }
else {
unlink ("/var/ipcop/openvpn/certs/$cgiparams{'NAME'}key.pem");
}
}
elsif ($cgiparams{'AUTH'} eq 'cert') {
;# Nothing, just editing
- }
+ }
else {
$errormessage = $Lang::tr{'invalid input for authentication
method'};
goto VPNCONF_ERROR;
@@ -1523,7 +1523,7 @@
if ($cgiparams{'AUTH'} eq 'psk') {
$confighash{$key}[4] = 'psk';
$confighash{$key}[5] = $cgiparams{'PSK'};
- }
+ }
else {
$confighash{$key}[4] = 'cert';
}
@@ -1554,7 +1554,7 @@
$cgiparams{'SIDE'} = 'left';
if ( ! -f '/var/ipcop/private/cakey.pem' ) {
$cgiparams{'AUTH'} = 'psk';
- }
+ }
elsif ( ! -f '/var/ipcop/ca/cacert.pem') {
$cgiparams{'AUTH'} = 'certfile';
}
@@ -1628,7 +1628,7 @@
else {
print "<td width='25%'><input type='text' name='NAME'
value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
}
- }
+ }
print <<END
<td class='base' width='25%'>$Lang::tr{'enabled'}:</td>
<td width='25%'><input type='checkbox' name='ENABLED'
$checked{'ENABLED'}{'on'} /></td>
@@ -1659,17 +1659,17 @@
;
if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
END
- }
+ }
elsif (! $cgiparams{'KEY'}) {
my $disabled='';
my $cakeydisabled='';
my $cacrtdisabled='';
$cakeydisabled = "disabled='disabled'" if ( ! -f
'/var/ipcop/private/cakey.pem' );
$cacrtdisabled = "disabled='disabled'" if ( ! -f
'/var/ipcop/ca/cacert.pem' );
-
+
# Close the previous box
&Header::closebox();
-
+
&Header::openbox('100%', 'left', "$Lang::tr{'authentication'}:");
print <<END
<table width='100%' cellpadding='0' cellspacing='5' border='0'>
@@ -1798,7 +1798,7 @@
$cgiparams{'DDEVICE'} = 'tun';
%cahash = ();
&General::readhash('/var/ipcop/openvpn/settings', \%cgiparams);
-&General::readhasharray('/var/ipcop/openvpn/caconfig', \%cahash);
+&General::readhasharray('/var/ipcop/vpn/caconfig', \%cahash);
my @status = `/bin/cat /var/log/openvpnserver.log`;
my $disableadvanced = '';
@@ -2019,23 +2019,23 @@
my $id = 0;
my $gif;
foreach my $key (keys %confighash) {
- if ($confighash{$key}[0] eq 'on') {
- $gif = 'on.gif';
- }
- else {
- $gif = 'off.gif';
+ if ($confighash{$key}[0] eq 'on') {
+ $gif = 'on.gif';
}
+ else {
+ $gif = 'off.gif';
+ }
print "<tr class='table".int(($id % 2) + 1)."colour'>";
print "<td align='center' nowrap='nowrap'>$confighash{$key}[1]</td>";
print "<td align='center' nowrap='nowrap'>" .
$Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} .
")</td>";
if ($confighash{$key}[4] eq 'cert') {
print "<td align='center'
nowrap='nowrap'>$confighash{$key}[2]</td>";
- }
+ }
else {
print "<td align='left'> </td>";
}
-
+
my $cavalid = `/usr/bin/openssl x509 -text -in
/var/ipcop/openvpn/certs/$confighash{$key}[1]cert.pem`;
$cavalid =~ /Not After : (.*)[\n]/;
$cavalid = $1;
@@ -2044,7 +2044,7 @@
my $active = "<table cellpadding='2' cellspacing='0'
class='ipcop_stopped' width='100%'><tr><td
align='center'>$Lang::tr{'capsclosed'}</td></tr></table>";
if ($confighash{$key}[0] eq 'off') {
$active = "<table cellpadding='2' cellspacing='0'
class='ipcop_closed' width='100%'><tr><td
align='center'>$Lang::tr{'capsclosed'}</td></tr></table>";
- }
+ }
else {
my $cn;
my @match = ();
@@ -2062,7 +2062,7 @@
}
}
}
-
+
print <<END
<td align='center'>$active</td>
<td align='center'><form method='post' name='frm${key}a'
action='$ENV{'SCRIPT_NAME'}'>
@@ -2080,8 +2080,8 @@
<input type='hidden' name='KEY' value='$key' />
</form></td>
END
- ;
- }
+ ;
+ }
else {
print "<td> </td>";
}
@@ -2094,7 +2094,7 @@
</form></td>
END
;
- }
+ }
elsif ($confighash{$key}[4] eq 'cert') {
print <<END
<td align='center'><form method='post' name='frm${key}c'
action='$ENV{'SCRIPT_NAME'}'>
@@ -2103,8 +2103,8 @@
<input type='hidden' name='KEY' value='$key' />
</form></td>
END
- ;
- }
+ ;
+ }
else {
print "<td> </td>";
}
Modified: ipcop/trunk/lfs/ipcop
===================================================================
--- ipcop/trunk/lfs/ipcop 2013-01-08 23:22:23 UTC (rev 6903)
+++ ipcop/trunk/lfs/ipcop 2013-01-17 20:20:27 UTC (rev 6904)
@@ -62,7 +62,7 @@
# Create all directories
for i in addons addons/lang alcatelusb auth backup ca certs cnx_pci
crls ddns dhcp \
eagle-usb eciadsl email email/templates ethernet firewall
firmware key logging main modem \
- ipsec openvpn openvpn/ca openvpn/ccd openvpn/certs openvpn/crls
openvpn/openssl patches \
+ ipsec openvpn openvpn/ccd openvpn/certs openvpn/crls
openvpn/openssl patches \
ppp private proxy proxy/blacklists proxy/blacklistupdate
proxy/redirector red remote shaping time \
traffic vpn ; do \
mkdir -p $(CONFIG_ROOT)/$$i; \
@@ -77,8 +77,7 @@
firewall/customservices firewall/policy firewall/serviceGroups
firewall/settings firewall/wireless \
ipsec/config ipsec/settings ipsec/ipsec.conf
ipsec/ipsec.secrets \
main/hosts main/flashsettings main/scheduler \
- patches/available.xml patches/installed.xml \
- openvpn/caconfig openvpn/config \
+ patches/available.xml patches/installed.xml openvpn/config \
ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4
ppp/settings-5 ppp/settings \
proxy/settings remote/settings shaping/settings shaping/config
traffic/settings \
proxy/filtersettings \
Modified: ipcop/trunk/src/scripts/upgrade.sh
===================================================================
--- ipcop/trunk/src/scripts/upgrade.sh 2013-01-08 23:22:23 UTC (rev 6903)
+++ ipcop/trunk/src/scripts/upgrade.sh 2013-01-17 20:20:27 UTC (rev 6904)
@@ -98,3 +98,7 @@
# 2.0.3 update changed the owner of /var/ipcop/proxy, fix that
chown nobody:nobody /var/ipcop/proxy
+
+# Wrong directory openvpn/ca and file openvpn/caconfig removed in 2.1.1
+rm -rf /var/ipcop/openvpn/ca
+rm -rf /var/ipcop/openvpn/caconfig
Modified: ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0
===================================================================
--- ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0 2013-01-08 23:22:23 UTC
(rev 6903)
+++ ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0 2013-01-17 20:20:27 UTC
(rev 6904)
@@ -17,6 +17,7 @@
/home/httpd/cgi-bin/logproxy.cgi
/home/httpd/cgi-bin/logsystem.cgi
/home/httpd/cgi-bin/logurlfilter.cgi
+/home/httpd/cgi-bin/openvpn.cgi
/home/httpd/cgi-bin/pppsetup.cgi
/home/httpd/cgi-bin/proxy.cgi
/home/httpd/cgi-bin/shaping.cgi
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
