ovpnmain.cgi: Fix Bug#13136 - Allow spaces when editing a static ip address pool...

[people/pmueller/ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
old mode 100644 (file)
new mode 100755 (executable)
index 50ad21e..f734331
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -138,6 +138,17 @@ unless (-e "$local_clientconf") {
 ###
 ### Useful functions
 ###
+sub iscertlegacy
+{
+       my $file=$_[0];
+       my @certinfo = &General::system_output("/usr/bin/openssl", "pkcs12", "-info", "-nodes", 
+       "-in", "$file.p12", "-noout", "-passin", "pass:''");
+       if (index ($certinfo[0], "MAC: sha1") != -1) {
+               return 1;
+       }
+       return 0;
+}
+
 sub haveOrangeNet
 {
        if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
@@ -494,7 +505,7 @@ sub modccdnet
        my %ccdhash=();
 
        # Check if the new name is valid.
-       if(!&General::validhostname($newname)) {
+       if(!&General::validccdname($newname)) {
                $errormessage=$Lang::tr{'ccd err invalidname'};
                return;
        }
@@ -1115,6 +1126,9 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   print CLIENTCONF "# Activate Management Interface and Port\n";
   if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
   else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
+  if (&iscertlegacy("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}")) {
+       print CLIENTCONF "providers legacy default\n";
+  }
   close(CLIENTCONF);
 
 }
@@ -2156,6 +2170,10 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
    if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"}
     else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"};
    print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
+  if (&iscertlegacy("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]")) {
+       print CLIENTCONF "providers legacy default\n";
+  }
+
 
 
     close(CLIENTCONF);
@@ -2227,10 +2245,18 @@ else
 
                # Extract the certificate
                # This system call is safe, because all arguments are passed as an array.
-               system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
-                       '-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:');
-               if ($?) {
-                       die "openssl error: $?";
+               if (&iscertlegacy("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]")) {
+                       system('/usr/bin/openssl', 'pkcs12', '-legacy', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
+                               '-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:');
+                       if ($?) {
+                               die "openssl error: $?";
+                       }
+               } else {
+                       system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
+                               '-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:');
+                       if ($?) {
+                               die "openssl error: $?";
+                       }
                }
 
                $zip->addFile("$file_crt", "$confighash{$cgiparams{'KEY'}}[1].pem") or die;
@@ -2238,10 +2264,18 @@ else
 
                # Extract the key
                # This system call is safe, because all arguments are passed as an array.
-               system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
-                       '-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:');
-               if ($?) {
-                       die "openssl error: $?";
+               if (&iscertlegacy("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]")) {
+                       system('/usr/bin/openssl', 'pkcs12', '-legacy', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
+                               '-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:');
+                       if ($?) {
+                               die "openssl error: $?";
+                       }
+               } else {
+                       system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
+                               '-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:');
+                       if ($?) {
+                               die "openssl error: $?";
+                       }
                }
 
                $zip->addFile("$file_key", "$confighash{$cgiparams{'KEY'}}[1].key") or die;
@@ -2300,6 +2334,11 @@ else
     # If the server is asking for TOTP this needs to happen interactively
     print CLIENTCONF "auth-retry interact\r\n";
 
+    # Add provider line if certificate is legacy type
+    if (&iscertlegacy("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]")) {
+       print CLIENTCONF "providers legacy default\r\n";
+    }
+
     if ($include_certs) {
        print CLIENTCONF "\r\n";
 
@@ -3296,6 +3335,10 @@ END
        print FILE "# Logfile\n";
        print FILE "status-version 1\n";
        print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n";
+       if (&iscertlegacy("${General::swroot}/ovpn/certs/$cgiparams{'n2nname'}")) {
+               print CLIENTCONF "providers legacy default\n";
+       }
+
        close FILE;
 
        unless(move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2")) {
@@ -4327,14 +4370,8 @@ if ($cgiparams{'TYPE'} eq 'net') {
        $confighash{$key}[39]           = $cgiparams{'DAUTH'};
        $confighash{$key}[40]           = $cgiparams{'DCIPHER'};
 
-       if ($confighash{$key}[41] eq "") {
-               if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
-                       $confighash{$key}[41] = "no-pass";
-               } elsif (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} ne "")) {
-                       $confighash{$key}[41] = "pass";
-               } elsif ($cgiparams{'TYPE'} eq 'net') {
-                       $confighash{$key}[41] = "no-pass";
-               }
+       if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
+               $confighash{$key}[41] = "no-pass";
        }
 
    $confighash{$key}[42] = 'HOTP/T30/6';
@@ -5476,24 +5513,20 @@ END
 }
 
 
-       if ($confighash{$key}[41] eq "pass") {
-               print <<END;
-                       <td align='center' $col1>$active</td>
+    print <<END;
+       <td align='center' $col1>$active</td>
 
-                       <form method='post' name='frm${key}a'><td align='center' $col>
-                           <input type='image'  name='$Lang::tr{'dl client arch'}' src='/images/openvpn_encrypted.png'
-                                       alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
-                           <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
-                           <input type='hidden' name='MODE' value='secure' />
-                           <input type='hidden' name='KEY' value='$key' />
-                       </td></form>
+       <form method='post' name='frm${key}a'><td align='center' $col>
+           <input type='image'  name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
+           <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
+           <input type='hidden' name='KEY' value='$key' />
+       </td></form>
 END
+       ;
 
-       ; } elsif ($confighash{$key}[41] eq "no-pass") {
+       if ($confighash{$key}[41] eq "no-pass") {
                print <<END;
-                       <td align='center' $col1>$active</td>
-
-                       <form method='post' name='frm${key}a'><td align='center' $col>
+                       <form method='post' name='frm${key}g'><td align='center' $col>
                                <input type='image'  name='$Lang::tr{'dl client arch insecure'}' src='/images/openvpn.png'
                                        alt='$Lang::tr{'dl client arch insecure'}' title='$Lang::tr{'dl client arch insecure'}' border='0' />
                                <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
@@ -5501,7 +5534,7 @@ END
                                <input type='hidden' name='KEY' value='$key' />
                        </td></form>
 END
-       ; } else {
+       } else {
                print "<td $col>&nbsp;</td>";
        }
 
@@ -5577,32 +5610,30 @@ END
     # If the config file contains entries, print Key to action icons
     if ( $id ) {
     print <<END;
-       <table width='85%' border='0'>
-       <tr>
+    <table border='0'>
+    <tr>
                <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
-              <td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
-              <td class='base'>$Lang::tr{'dl client arch insecure'}</td>
-              <td>&nbsp; &nbsp; <img src='/images/openvpn_encrypted.png' alt='?RELOAD'/></td>
-              <td class='base'>$Lang::tr{'dl client arch'}</td>
+               <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
+               <td class='base'>$Lang::tr{'click to disable'}</td>
                <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
                <td class='base'>$Lang::tr{'show certificate'}</td>
-              <td>&nbsp; &nbsp; <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
-              <td class='base'>$Lang::tr{'show otp qrcode'}</td>
-       </tr>
-       <tr>
-              <td>&nbsp; </td>
-              <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
-              <td class='base'>$Lang::tr{'download certificate'}</td>
-              <td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
-              <td class='base'>$Lang::tr{'click to enable'}</td>
-              <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
-              <td class='base'>$Lang::tr{'click to disable'}</td>
                <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
                <td class='base'>$Lang::tr{'edit'}</td>
                <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
                <td class='base'>$Lang::tr{'remove'}</td>
-       </tr>
-       </table><br>
+    </tr>
+    <tr>
+               <td>&nbsp; </td>
+               <td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
+               <td class='base'>$Lang::tr{'click to enable'}</td>
+               <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
+               <td class='base'>$Lang::tr{'download certificate'}</td>
+               <td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
+               <td class='base'>$Lang::tr{'dl client arch'}</td>
+               <td>&nbsp; &nbsp; <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
+               <td class='base'>$Lang::tr{'show otp qrcode'}</td>
+               </tr>
+    </table><br>
 END
     ;
     }