ovpnmain.cgi: Fix comparison operators

[ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 8581d63bec5a8d0a4ee433bb771548c186fd492a..ee7b38f3f9c5a04891058a508aaae36b2861e35a 100644 (file)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -23,6 +23,9 @@
 ###
 use CGI;
 use CGI qw/:standard/;
+use Imager::QRCode;
+use MIME::Base32;
+use MIME::Base64;
 use Net::DNS;
 use Net::Ping;
 use Net::Telnet;
@@ -373,7 +376,6 @@ sub writeserverconf {
     }
     print CONF "tls-verify /usr/lib/openvpn/verify\n";
     print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
-    print CONF "auth-user-pass-verify \"/usr/lib/openvpn/otp-verify\" via-file\n";
     print CONF "auth-user-pass-optional\n";
     print CONF "reneg-sec 86400\n";
     print CONF "user nobody\n";
@@ -389,6 +391,11 @@ sub writeserverconf {
     print CONF "# Log clients connecting/disconnecting\n";
     print CONF "client-connect \"/usr/sbin/openvpn-metrics client-connect\"\n";
     print CONF "client-disconnect \"/usr/sbin/openvpn-metrics client-disconnect\"\n";
+    print CONF "\n";
+
+    print CONF "# Enable Management Socket\n";
+    print CONF "management /var/run/openvpn.sock unix\n";
+    print CONF "management-client-auth\n";
 
     # Print server.conf.local if entries exist to server.conf
     if ( !-z $local_serverconf  && $sovpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
@@ -2434,17 +2441,16 @@ else
     if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
        print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
     }
-   if ($confighash{$cgiparams{'KEY'}}[43] eq 'on') {
-      print CLIENTCONF "auth-nocache\r\n";
-      print CLIENTCONF "auth-user-pass credentials\r\n";
-      print CLIENTCONF "static-challenge \"One Time Password (OTP): \" 1\r\n";
 
-      open(CLIENTCREDS, ">$tempdir/credentials") or die "Unable to open tempfile: $!";
-      print CLIENTCREDS "user\r\n";
-      print CLIENTCREDS "password";
-      close(CLIENTCREDS);
-      $zip->addFile( "$tempdir/credentials", "credentials")  or die "Can't add file credentials\n";
-   }
+    # Disable storing any credentials in memory
+    print CLIENTCONF "auth-nocache\r\n";
+
+    # Set a fake user name for authentication
+    print CLIENTCONF "auth-token-user USER\r\n";
+    print CLIENTCONF "auth-token TOTP\r\n";
+
+    # If the server is asking for TOTP this needs to happen interactively
+    print CLIENTCONF "auth-retry interact\r\n";
 
     if ($include_certs) {
        print CLIENTCONF "\r\n";
@@ -2638,9 +2644,6 @@ else
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show otp qrcode'}) {
    &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
-   use MIME::Base32;
-   use MIME::Base64;
-   use Imager::QRCode;
    my $qrcode = Imager::QRCode->new(
       size          => 6,
       margin        => 0,
@@ -4482,10 +4485,10 @@ if ($cgiparams{'TYPE'} eq 'net') {
 
    $confighash{$key}[42] = 'HOTP/T30/6';
        $confighash{$key}[43] = $cgiparams{'OTP_STATE'};
-       if (($confighash{$key}[43] == 'on') && ($confighash{$key}[44] == '')) {
+       if (($confighash{$key}[43] eq 'on') && ($confighash{$key}[44] eq '')) {
                my @otp_secret = &General::system_output("/usr/bin/openssl", "rand", "-hex", "20");
                $confighash{$key}[44] = $otp_secret[0];
-       } elsif ($confighash{$key}[43] == '') {
+       } elsif ($confighash{$key}[43] eq '') {
                $confighash{$key}[44] = '';
        }