amazon-ssm-agent: Enable build for aarch64

[ipfire-2.x.git] / html / cgi-bin / vpnmain.cgi
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi

index 8f13cf51fa294a3d8d871ccabe51b719514be1b3..3652627e9b3e48d17de98e822ef774e04488c565 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -226,13 +226,9 @@ sub newcleanssldatabase {
  ###
  sub callssl ($) {
         my $opt = shift;
-
-       # Split the given argument string into single pieces and assign them to an array.
-       my @opts = split(/ /, $opt);
-
-       my @retssl = &General::system_output("/usr/bin/openssl", @opts); #redirect stderr
+       my $retssl = `/usr/bin/openssl $opt 2>&1`; #redirect stderr
         my $ret = '';
-       foreach my $line (split (/\n/, @retssl)) {
+       foreach my $line (split (/\n/, $retssl)) {
                 &General::log("ipsec", "$line") if (0); # 1 for verbose logging
                 $ret .= '<br>'.$line if ( $line =~ /error|unknown/ );
         }
@@ -246,21 +242,13 @@ sub callssl ($) {
  ###
  sub getCNfromcert ($) {
         #&General::log("ipsec", "Extracting name from $_[0]...");
-       my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
-       my $temp;
-
-       foreach my $line (@temp) {
-               if ($line =~ /Subject:.*CN = (.*)[\n]/) {
-                       $temp = $1;
-                       $temp =~ s+/Email+, E+;
-                       $temp =~ s/ ST = / S = /;
-                       $temp =~ s/,//g;
-                       $temp =~ s/\'//g;
-
-                       last;
-               }
-       }
-
+       my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+       $temp =~ /Subject:.*CN = (.*)[\n]/;
+       $temp = $1;
+       $temp =~ s+/Email+, E+;
+       $temp =~ s/ ST = / S = /;
+       $temp =~ s/,//g;
+       $temp =~ s/\'//g;
         return $temp;
  }
  ###
@@ -268,19 +256,11 @@ sub getCNfromcert ($) {
  ###
  sub getsubjectfromcert ($) {
         #&General::log("ipsec", "Extracting subject from $_[0]...");
-       my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
-       my $temp;
-
-       foreach my $line (@temp) {
-               if($line =~ /Subject: (.*)[\n]/) {
-                       $temp = $1;
-                       $temp =~ s+/Email+, E+;
-                       $temp =~ s/ ST = / S = /;
-
-                       last;
-               }
-       }
-
+       my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+       $temp =~ /Subject: (.*)[\n]/;
+       $temp = $1;
+       $temp =~ s+/Email+, E+;
+       $temp =~ s/ ST = / S = /;
         return $temp;
  }
  ###
@@ -689,14 +669,13 @@ END
                 $errormessage = $!;
                 goto UPLOADCA_ERROR;
         }
-       my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename");
-       if (! grep(/CA:TRUE/, @temp)) {
+       my $temp = `/usr/bin/openssl x509 -text -in $filename`;
+       if ($temp !~ /CA:TRUE/i) {
                 $errormessage = $Lang::tr{'not a valid ca certificate'};
                 unlink ($filename);
                 goto UPLOADCA_ERROR;
         } else {
-               move($filename, "${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem");
-               if ($? ne 0) {
+               unless(move($filename, "${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem")) {
                         $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
                         unlink ($filename);
                         goto UPLOADCA_ERROR;
@@ -725,8 +704,8 @@ END
                 &Header::openbigbox('100%', 'left', '', '');
                 &Header::openbox('100%', 'left', "$Lang::tr{'ca certificate'}:");
                 my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
-               @output = &Header::cleanhtml(@output,"y");
-               print "<pre>@output</pre>\n";
+               my $output = &Header::cleanhtml(join("", @output) ,"y");
+               print "<pre>$output</pre>\n";
                 &Header::closebox();
                 print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
                 &Header::closebigbox();
@@ -852,8 +831,8 @@ END
                 &Header::openbox('100%', 'left', "$Lang::tr{'host certificate'}:");
                 @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/hostcert.pem");
         }
-       @output = &Header::cleanhtml(@output,"y");
-       print "<pre>@output</pre>\n";
+       my $output = &Header::cleanhtml(join("", @output) ,"y");
+       print "<pre>$output</pre>\n";
         &Header::closebox();
         print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
         &Header::closebigbox();
@@ -869,7 +848,7 @@ END
                 print "Content-Disposition: attachment; filename=cacert.pem\r\n\r\n";
  
                 my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ca/cacert.pem");
-               print "@cert";
+               print join("", @cert);
                 exit(0);
         }
  ###
@@ -881,7 +860,7 @@ END
                 print "Content-Disposition: attachment; filename=hostcert.pem\r\n\r\n";
  
                 my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/certs/hostcert.pem");
-               print "@cert";
+               print join("", @cert);
                 exit(0);
         }
  ###
@@ -967,20 +946,23 @@ END
  
                 if (!$errormessage) {
                         &General::log("ipsec", "Moving cacert...");
-                       move("/tmp/newcacert", "${General::swroot}/ca/cacert.pem");
-                       $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0);
+                       unless(move("/tmp/newcacert", "${General::swroot}/ca/cacert.pem")) {
+                               $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+                       }
                 }
  
                 if (!$errormessage) {
                         &General::log("ipsec", "Moving host cert...");
-                       move("/tmp/newhostcert", "${General::swroot}/certs/hostcert.pem");
-                       $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0);
+                       unless(move("/tmp/newhostcert", "${General::swroot}/certs/hostcert.pem")) {
+                               $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+                       }
                 }
  
                 if (!$errormessage) {
                         &General::log("ipsec", "Moving private key...");
-                       move("/tmp/newhostkey", "${General::swroot}/certs/hostkey.pem");
-                       $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0);
+                       unless(move("/tmp/newhostkey", "${General::swroot}/certs/hostkey.pem")) {
+                               $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+                       }
                 }
  
                 #cleanup temp files
@@ -1260,7 +1242,7 @@ END
         open(FILE, "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
         my @p12 = <FILE>;
         close(FILE);
-       print "@p12";
+       print join("", @p12);
  
         exit (0);
  
@@ -1541,8 +1523,8 @@ END
                 &Header::openbigbox('100%', 'left', '', '');
                 &Header::openbox('100%', 'left', "$Lang::tr{'cert'}:");
                 my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
-               @output = &Header::cleanhtml(@output,"y");
-               print "<pre>@output</pre>\n";
+               my $output = &Header::cleanhtml(join("", @output) ,"y");
+               print "<pre>$output</pre>\n";
                 &Header::closebox();
                 print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
                 &Header::closebigbox();
@@ -1999,8 +1981,11 @@ END
                                         while (grep(/Imported-$idx/, @names) ) {$idx++};
                                         $cgiparams{'CA_NAME'}="Imported-$idx";
                                         $cgiparams{'CERT_NAME'}=&Header::cleanhtml(getCNfromcert ('/tmp/newhostcert'));
-                                       move("/tmp/newcacert", "${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem");
-                                       $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0);
+
+                                       unless(move("/tmp/newcacert", "${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem")) {
+                                               $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+                                       }
+
                                         if (!$errormessage) {
                                                 my $key = &General::findhasharraykey (\%cahash);
                                                 $cahash{$key}[0] = $cgiparams{'CA_NAME'};
@@ -2013,8 +1998,9 @@ END
                 }
                 if (!$errormessage) {
                         &General::log("ipsec", "Moving host cert...");
-                       move("/tmp/newhostcert", "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem");
-                       $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0);
+                       unless(move("/tmp/newhostcert", "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem")) {
+                               $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+                       }
                 }
  
                 #cleanup temp files
@@ -2062,9 +2048,8 @@ END
                         unlink ($filename);
                         goto VPNCONF_ERROR;
                 } else {
-                       move($filename, "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem");
-                       if ($? ne 0) {
-                               $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+                       unless (move($filename, "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem")) {
+                               $errormessage = "$Lang::tr{'certificate file move failed'} ($filename): $!";
                                 unlink ($filename);
                                 goto VPNCONF_ERROR;
                         }
@@ -2375,11 +2360,11 @@ END
         #use default advanced value
         $cgiparams{'IKE_ENCRYPTION'}    = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18];
         $cgiparams{'IKE_INTEGRITY'}             = 'sha2_512|sha2_256'; #[19];
-       $cgiparams{'IKE_GROUPTYPE'}             = 'curve448|curve25519|4096|3072|2048'; #[20];
+       $cgiparams{'IKE_GROUPTYPE'}             = 'curve448|curve25519|4096|3072|2048'; #[20];
         $cgiparams{'IKE_LIFETIME'}              = '3'; #[16];
         $cgiparams{'ESP_ENCRYPTION'}    = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21];
         $cgiparams{'ESP_INTEGRITY'}             = 'sha2_512|sha2_256'; #[22];
-       $cgiparams{'ESP_GROUPTYPE'}             = 'curve448|curve25519|4096|3072|2048'; #[23];
+       $cgiparams{'ESP_GROUPTYPE'}             = 'curve448|curve25519|4096|3072|2048'; #[23];
         $cgiparams{'ESP_KEYLIFE'}               = '1'; #[17];
         $cgiparams{'COMPRESSION'}               = 'off'; #[13];
         $cgiparams{'ONLY_PROPOSED'}             = 'on'; #[24];