[people/teissler/ipfire-2.x.git] / config / ovpn / verify

#!/usr/bin/perl
############################################################################
#                                                                          #
# This file is part of the IPFire Firewall.                                #
#                                                                          #
# IPFire is free software; you can redistribute it and/or modify           #
# it under the terms of the GNU General Public License as published by     #
# the Free Software Foundation; either version 2 of the License, or        #
# (at your option) any later version.                                      #
#                                                                          #
# IPFire is distributed in the hope that it will be useful,                #
# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
# GNU General Public License for more details.                             #
#                                                                          #
# You should have received a copy of the GNU General Public License        #
# along with IPFire; if not, write to the Free Software                    #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
#                                                                          #
# Copyright (C) 2013 IPFire Team <info@ipfire.org>.                        #
#                                                                          #
############################################################################

require '/var/ipfire/general-functions.pl';

my $DEPTH = $ARGV[0];
my $CN    = $ARGV[1];

# Exit immediately for every certificate depth other than 0.
exit 0 unless ($DEPTH eq "0");

# Strip the CN from the X509 identifier.
$CN =~ /\/CN=(.*)$/i;
$CN = $1;

my %confighash = ();
if (-f "${General::swroot}/ovpn/ovpnconfig"){
	&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
	foreach my $key (keys %confighash) {
		my $cn = $confighash{$key}[2];

		# Skip disabled connections.
		next unless ($confighash{$key}[0] eq "on");

		# Skip non-roadwarrior connections.
		next unless ($confighash{$key}[3] eq "host");

		# Search for a matching CN.
		exit 0 if ($cn eq $CN);

		# Compatibility code for incorrectly saved CNs.
		$cn =~ s/\ /_/;
		exit 0 if ($cn eq $CN);
	}
}

# Return an error if ovpnconfig could not be found.
exit 1;
Commit	Line	Data
c6556649 MT	1	#!/usr/bin/perl
	2	############################################################################
	3	# #
	4	# This file is part of the IPFire Firewall. #
	5	# #
	6	# IPFire is free software; you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation; either version 2 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# IPFire is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with IPFire; if not, write to the Free Software #
	18	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
	19	# #
	20	# Copyright (C) 2013 IPFire Team <info@ipfire.org>. #
	21	# #
	22	############################################################################
	23
	24	require '/var/ipfire/general-functions.pl';
	25
	26	my $DEPTH = $ARGV[0];
	27	my $CN = $ARGV[1];
	28
	29	# Exit immediately for every certificate depth other than 0.
	30	exit 0 unless ($DEPTH eq "0");
	31
	32	# Strip the CN from the X509 identifier.
	33	$CN =~ /\/CN=(.*)$/i;
	34	$CN = $1;
	35
	36	my %confighash = ();
	37	if (-f "${General::swroot}/ovpn/ovpnconfig"){
	38	&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
	39	foreach my $key (keys %confighash) {
	40	my $cn = $confighash{$key}[2];
	41
	42	# Skip disabled connections.
	43	next unless ($confighash{$key}[0] eq "on");
	44
	45	# Skip non-roadwarrior connections.
	46	next unless ($confighash{$key}[3] eq "host");
	47
	48	# Search for a matching CN.
	49	exit 0 if ($cn eq $CN);
	50
	51	# Compatibility code for incorrectly saved CNs.
	52	$cn =~ s/\ /_/;
	53	exit 0 if ($cn eq $CN);
	54	}
	55	}
	56
	57	# Return an error if ovpnconfig could not be found.
	58	exit 1;