From: Erik Kapfer <erik.kapfer@ipfire.org>
Date: Mon, 13 Mar 2023 12:56:41 +0000 (+0100)
Subject: OpenVPN: Added correct index for ovpnconfig, modified legend in WUI
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fheads%2Fovpn_pass;p=people%2Fummeegge%2Fipfire-2.x.git

OpenVPN: Added correct index for ovpnconfig, modified legend in WUI

- Fix for #11048 which includes now an index parameter for 'pass' or 'no-pass' for all connections.
- Modification via update.sh to deliver an 'pass' (all crypted *.p12 files) or 'no-pass' (N2N and not encrypted files) index for all existing connections.
- Only one place for two different icons (encrypted or not encrypted) in HTML section in 'Connection Status and -Control'.
- Added new icon with already existing openvpn.png combined with an lock icon from https://www.freepik.com/ with the specific address https://www.flaticon.com/free-icon/lock_891399 which is free for personla and commercial use.
- Change 'Legend' order in 'Connection status and -Control' for better overview and change table width.
- Added new icon 'openvpn_encrypted.png' in 'Legend' section.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
---

diff --git a/config/rootfiles/core/174/update.sh b/config/rootfiles/core/174/update.sh
index 7acaad64e9..e15b31df2a 100644
--- a/config/rootfiles/core/174/update.sh
+++ b/config/rootfiles/core/174/update.sh
@@ -184,6 +184,34 @@ if [ -e "/opt/pakfire/db/installed/meta-perl-TimeDate" ] && [ -e "/opt/pakfire/d
 		/opt/pakfire/db/rootfiles/perl-TimeDate
 fi
 
+## Modify ovpnconfig according to bug 11048 for pass, no-pass modification in ovpnconfig index
+# Check if ovpnconfig is not empty and exists
+if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
+	# Sort all N2N connections out since they do not use encryption
+	awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+	# Investigate roadwarrior connection names for *.p12 files
+	for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
+		# Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index
+		if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'Encrypted') ]]; then
+			awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+		fi
+	done
+
+	# Investigate connection names for *.p12 files
+	for x in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
+		# Sort all encrypted roadwarriors out and set 'pass' in [43] index
+		if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${x}.p12 -noout -password pass:'' 2>&1 | grep 'error')  ]]; then
+			awk -v var="$x" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+		fi
+	done
+fi
+
+# Renew existing ovpnconfig with refreshed index
+mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
+# Set correct ownerschip
+chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
+
 # This update needs a reboot...
 touch /var/run/need_reboot
 
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 87bda4f1ef..f2c3e81f34 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -4327,8 +4327,14 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	$confighash{$key}[39]		= $cgiparams{'DAUTH'};
 	$confighash{$key}[40]		= $cgiparams{'DCIPHER'};
 
-	if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
-		$confighash{$key}[41] = "no-pass";
+	if ($confighash{$key}[41] eq "") {
+		if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
+			$confighash{$key}[41] = "no-pass";
+		} elsif (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} ne "")) {
+			$confighash{$key}[41] = "pass";
+		} elsif ($cgiparams{'TYPE'} eq 'net') {
+			$confighash{$key}[41] = "no-pass";
+		}
 	}
 
    $confighash{$key}[42] = 'HOTP/T30/6';
@@ -5459,20 +5465,24 @@ END
 }
 
 
-    print <<END;
-	<td align='center' $col1>$active</td>
-
-	<form method='post' name='frm${key}a'><td align='center' $col>
-	    <input type='image'  name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
-	    <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
-	    <input type='hidden' name='KEY' value='$key' />
-	</td></form>
+	if ($confighash{$key}[41] eq "pass") {
+		print <<END;
+			<td align='center' $col1>$active</td>
+
+			<form method='post' name='frm${key}a'><td align='center' $col>
+			    <input type='image'  name='$Lang::tr{'dl client arch'}' src='/images/openvpn_encrypted.png'
+					alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
+			    <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
+			    <input type='hidden' name='MODE' value='secure' />
+			    <input type='hidden' name='KEY' value='$key' />
+			</td></form>
 END
-	;
 
-	if ($confighash{$key}[41] eq "no-pass") {
+	; } elsif ($confighash{$key}[41] eq "no-pass") {
 		print <<END;
-			<form method='post' name='frm${key}g'><td align='center' $col>
+			<td align='center' $col1>$active</td>
+
+			<form method='post' name='frm${key}a'><td align='center' $col>
 				<input type='image'  name='$Lang::tr{'dl client arch insecure'}' src='/images/openvpn.png'
 					alt='$Lang::tr{'dl client arch insecure'}' title='$Lang::tr{'dl client arch insecure'}' border='0' />
 				<input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
@@ -5480,7 +5490,7 @@ END
 				<input type='hidden' name='KEY' value='$key' />
 			</td></form>
 END
-	} else {
+	; } else {
 		print "<td $col>&nbsp;</td>";
 	}
 
@@ -5556,30 +5566,32 @@ END
     # If the config file contains entries, print Key to action icons
     if ( $id ) {
     print <<END;
-    <table border='0'>
-    <tr>
+	<table width='85%' border='0'>
+	<tr>
 		<td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
-		<td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
-		<td class='base'>$Lang::tr{'click to disable'}</td>
+		<td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
+		<td class='base'>$Lang::tr{'dl client arch insecure'}</td>
+		<td>&nbsp; &nbsp; <img src='/images/openvpn_encrypted.png' alt='?RELOAD'/></td>
+		<td class='base'>$Lang::tr{'dl client arch'}</td>
 		<td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
 		<td class='base'>$Lang::tr{'show certificate'}</td>
+		<td>&nbsp; &nbsp; <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
+		<td class='base'>$Lang::tr{'show otp qrcode'}</td>
+	</tr>
+	<tr>
+		<td>&nbsp; </td>
+		<td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
+		<td class='base'>$Lang::tr{'download certificate'}</td>
+		<td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
+		<td class='base'>$Lang::tr{'click to enable'}</td>
+		<td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
+		<td class='base'>$Lang::tr{'click to disable'}</td>
 		<td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
 		<td class='base'>$Lang::tr{'edit'}</td>
 		<td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
 		<td class='base'>$Lang::tr{'remove'}</td>
-    </tr>
-    <tr>
-		<td>&nbsp; </td>
-		<td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
-		<td class='base'>$Lang::tr{'click to enable'}</td>
-		<td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
-		<td class='base'>$Lang::tr{'download certificate'}</td>
-		<td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
-		<td class='base'>$Lang::tr{'dl client arch'}</td>
-		<td>&nbsp; &nbsp; <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
-		<td class='base'>$Lang::tr{'show otp qrcode'}</td>
-		</tr>
-    </table><br>
+	</tr>
+	</table><br>
 END
     ;
     }
diff --git a/html/html/images/openvpn_encrypted.png b/html/html/images/openvpn_encrypted.png
new file mode 100644
index 0000000000..fdedc7b33c
Binary files /dev/null and b/html/html/images/openvpn_encrypted.png differ
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 33730f0c31..b9665e62d4 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -817,7 +817,7 @@
 'display hostname in window title' => 'Hostname im Fenstertitel anzeigen',
 'display traffic at home' => 'Berechneten Traffic auf der Startseite anzeigen',
 'display webinterface effects' => 'Überblendeffekte einschalten',
-'dl client arch' => 'Client Paket herunterladen (zip)',
+'dl client arch' => 'Verschlüsseltes Client Paket herunterladen (zip)',
 'dl client arch insecure' => 'Ungesichertes Client-Paket herunterladen (zip)',
 'dmz' => 'DMZ',
 'dmz pinhole configuration' => 'Einstellungen des DMZ-Schlupfloches',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 729516538b..7b16704945 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -859,7 +859,7 @@
 'display hostname in window title' => 'Display hostname in window title',
 'display traffic at home' => 'Display calculated traffic on startpage',
 'display webinterface effects' => 'Activate effects',
-'dl client arch' => 'Download Client Package (zip)',
+'dl client arch' => 'Download Encrypted Client Package (zip)',
 'dl client arch insecure' => 'Download insecure Client Package (zip)',
 'dmz' => 'DMZ',
 'dmz pinhole configuration' => 'DMZ pinhole configuration',