From c6c9630eecb78ea164dd31304adea827e6c35437 Mon Sep 17 00:00:00 2001 From: ms Date: Sun, 10 Jun 2007 19:10:01 +0000 Subject: [PATCH] Erstmal ein Commit: OpenVPN zurueck auf den Stand des alten gebracht. Wir bevorzugen die stabile Loesung. ISDN4K-Utils kompiliert - Noch kein rootfile vorhanden. Ibod aktualisiert. Snort-Initscript setzt die Berechtigung der PID auf 644. libxslt hinzugefuegt - Benoetigt vom mISDN-Script. git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@623 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 --- config/isdn4k-utils/config | 120 + config/ovpn/verify | 6 +- config/rootfiles/common/apache2 | 2 - config/rootfiles/common/ibod | 2 +- config/rootfiles/common/initscripts | 1 + config/rootfiles/common/libxml2 | 335 ++ config/rootfiles/common/libxslt | 150 + config/rootfiles/common/openvpn | 5 +- doc/language_issues.de | 2 +- doc/language_issues.en | 2 +- doc/packages-list.txt | 2 + html/cgi-bin/ovpnfunc.pl | 1145 ------ html/cgi-bin/ovpnmain.cgi | 3225 ++++++++--------- lfs/ibod | 44 +- lfs/isdn4k-utils | 68 +- lfs/libxslt | 79 + lfs/mISDN | 2 + lfs/openswan | 5 +- make.sh | 3 +- src/ibod/ibod.c | 367 -- src/ibod/ibod.cf | 58 - src/ibod/ibod.h | 39 - src/initscripts/init.d/mISDN | 475 +++ src/initscripts/init.d/snort | 1 + src/patches/ibod-config.patch | 11 + .../isdn4k-utils-0202131200-true.patch | 13 + ...n4k-utils-CVS-2004-11-18-autoconf25x.patch | 564 +++ .../isdn4k-utils-CVS-2006-02-13-cleanup.patch | 125 + ...dn4k-utils-CVS-2006-07-20-pppd-2.4.4.patch | 11 + .../isdn4k-utils-CVS-2006-07-20-redhat.patch | 967 +++++ src/patches/isdn4k-utils-capiinit.patch | 41 + src/patches/isdn4k-utils-statfs.patch | 84 + src/patches/isdn4k-utils-v3.2p1-c89.patch | 69 - src/patches/isdn4k-utils-v3.2p1-config.patch | 96 - src/scripts/vpn-watch | 416 ++- 35 files changed, 4842 insertions(+), 3693 deletions(-) create mode 100644 config/isdn4k-utils/config create mode 100644 config/rootfiles/common/libxml2 create mode 100644 config/rootfiles/common/libxslt delete mode 100644 html/cgi-bin/ovpnfunc.pl create mode 100644 lfs/libxslt delete mode 100644 src/ibod/ibod.c delete mode 100644 src/ibod/ibod.cf delete mode 100644 src/ibod/ibod.h create mode 100644 src/initscripts/init.d/mISDN create mode 100644 src/patches/ibod-config.patch create mode 100644 src/patches/isdn4k-utils-0202131200-true.patch create mode 100644 src/patches/isdn4k-utils-CVS-2004-11-18-autoconf25x.patch create mode 100644 src/patches/isdn4k-utils-CVS-2006-02-13-cleanup.patch create mode 100644 src/patches/isdn4k-utils-CVS-2006-07-20-pppd-2.4.4.patch create mode 100644 src/patches/isdn4k-utils-CVS-2006-07-20-redhat.patch create mode 100644 src/patches/isdn4k-utils-capiinit.patch create mode 100644 src/patches/isdn4k-utils-statfs.patch delete mode 100644 src/patches/isdn4k-utils-v3.2p1-c89.patch delete mode 100644 src/patches/isdn4k-utils-v3.2p1-config.patch diff --git a/config/isdn4k-utils/config b/config/isdn4k-utils/config new file mode 100644 index 0000000000..acb092d567 --- /dev/null +++ b/config/isdn4k-utils/config @@ -0,0 +1,120 @@ +# +# Automatically generated by make menuconfig: don't edit +# + +# +# Code maturity level options +# +# CONFIG_EXPERIMENTAL is not set + +# +# General configuration +# +# CONFIG_BUILDX11 is not set +CONFIG_KERNELDIR='/usr/src/linux' +CONFIG_BINDIR='/usr/bin' +CONFIG_SBINDIR='/usr/sbin' +CONFIG_CARD_SBINDIR='/sbin' +CONFIG_MANDIR='/usr/share/man' +CONFIG_FIRMWAREDIR='/usr/lib/isdn' +CONFIG_RUNDIR='/var/run' +CONFIG_LOCKDIR='/var/lock' +CONFIG_LOCKFILE='LCK..' +CONFIG_I4LCONFDIR='/etc/isdn' +CONFIG_CONFFILE='isdn.conf' +CONFIG_CALLERIDFILE='callerid.conf' +CONFIG_USERCONFFILE='~/.isdn' +CONFIG_COUNTRYCODE='49' +CONFIG_AREACODE='2363' +CONFIG_COUNTRY_PREFIX='+' +CONFIG_AREA_PREFIX='0' +CONFIG_DATADIR='/usr/lib/isdn' +LIBDIR='/usr/lib' + +# +# Runtime configuration tools +# +CONFIG_ISDNCTRL=y +CONFIG_ISDNCTRL_CONF=y +CONFIG_ISDNCTRL_TIMRU=y +CONFIG_IPROFD=y +CONFIG_DIVERTCTRL=y + +# +# Card configuration tools +# +CONFIG_HISAXCTRL=y +CONFIG_ICNCTRL=y +# CONFIG_ICNCTRL_DEBUG is not set +# CONFIG_ACTCTRL is not set +CONFIG_PCBITCTL=y +CONFIG_AVMCAPICTRL=y +# CONFIG_ACTCTRL is not set +CONFIG_EICONCTRL=y + +# +# Tools for monitoring activity +# +CONFIG_IMON=y +CONFIG_IMONTTY=y +CONFIG_ISDNLOG=y + +# +# Options for isdnlog package +# +CONFIG_ISDNLOG_SERV_PORT=20011 +CONFIG_ISDNLOG_USERFILE='isdnlog.users' +CONFIG_ISDNLOG_CHARGEFILE='charge.dat' +CONFIG_ISDNLOG_LOGFILE='/var/log/isdn.log' +CONFIG_ISDNLOG_RELOADCMD='/etc/rc.d/init.d/isdn restart' +CONFIG_ISDNLOG_STOPCMD='/etc/rc.d/init.d/isdn stop' +CONFIG_ISDNLOG_REBOOTCMD='/sbin/reboot' +CONFIG_ISDNLOG_DOCDIR='' +CONFIG_ISDNLOG_OLDI4LCONFDIR='/etc/isdnlog' +CONFIG_ISDNLOG_OLDI4LCONFFILE='isdnlog.conf' +# CONFIG_ISDNLOG_POSTGRES is not set +# CONFIG_ISDNLOG_MYSQLDB is not set +# CONFIG_ISDNLOG_ORACLE is not set +CONFIG_ISDN_LOG_DE=y +CONFIG_ISDN_LOG_CC_DE=y +CONFIG_ISDN_LOG_DEST_DE=y +CONFIG_ISDN_LOG_DEST_AT=y +CONFIG_ISDN_LOG_DEST_NL=y +CONFIG_ISDN_LOG_DEST_CH=y +# CONFIG_ISDN_LOG_DEST_BE is not set +# CONFIG_ISDN_LOG_DEST_CN is not set +CONFIG_IPPPSTATS=y +# CONFIG_XISDNLOAD is not set +# CONFIG_XMONISDN is not set + +# +# Applications +# +CONFIG_VBOX=y + +# +# Options for vbox package +# +VBOX_SPOOLDIR='/var/spool/vbox' +VBOX_LOGDIR='/var/log/vbox' +VBOX_PIDDIR='/var/run' +VBOX_LOCKDIR='/var/lock' +VBOX_DOCDIR='/usr/share/doc/vbox' +VBOX_TCL='tcl8.3' +# VBOX_SUSPEND_ID is not set +CONFIG_IPPPD=y + +# +# Options for ipppd +# +# CONFIG_IPPPD_MSCHAP is not set +CONFIG_IPPP_FILTER=y +# CONFIG_IPPPD_RADIUS is not set +# CONFIG_RADIUS_WTMP_LOGGING is not set +RADIUS_CLIENT_CONFIG_FILE='' + +# +# Documentation +# +# CONFIG_GENMAN is not set +# CONFIG_FAQ is not set diff --git a/config/ovpn/verify b/config/ovpn/verify index 41f4432576..8fbe59e0e1 100644 --- a/config/ovpn/verify +++ b/config/ovpn/verify @@ -5,12 +5,8 @@ if [ $1 -eq 0 ]; then name4=${name3##*CN=} clientdisabled=`/bin/grep -iwc off,.*,$name4 /var/ipfire/ovpn/ovpnconfig` if [ "$clientdisabled" = "1" ]; then - exit 1 + exit 1 fi exit 0 fi - exit 0 - - - diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2 index e43accb52f..9dbeeeee9c 100644 --- a/config/rootfiles/common/apache2 +++ b/config/rootfiles/common/apache2 @@ -1303,7 +1303,6 @@ srv/web/ipfire/cgi-bin/network.cgi srv/web/ipfire/cgi-bin/networks.cgi srv/web/ipfire/cgi-bin/optionsfw.cgi srv/web/ipfire/cgi-bin/outgoingfw.cgi -srv/web/ipfire/cgi-bin/ovpnfunc.pl srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/pakfire.cgi srv/web/ipfire/cgi-bin/portfw.cgi @@ -1320,7 +1319,6 @@ srv/web/ipfire/cgi-bin/speed.cgi srv/web/ipfire/cgi-bin/system.cgi srv/web/ipfire/cgi-bin/time.cgi srv/web/ipfire/cgi-bin/traffic.cgi -#srv/web/ipfire/cgi-bin/trafficadm.cgi srv/web/ipfire/cgi-bin/traffics.cgi srv/web/ipfire/cgi-bin/updatexlrator.cgi srv/web/ipfire/cgi-bin/upload.cgi diff --git a/config/rootfiles/common/ibod b/config/rootfiles/common/ibod index 5afff3e190..a9e0b4a6b8 100644 --- a/config/rootfiles/common/ibod +++ b/config/rootfiles/common/ibod @@ -1,2 +1,2 @@ -etc/ppp/ibod.cf +etc/isdn/ibod.cf usr/sbin/ibod diff --git a/config/rootfiles/common/initscripts b/config/rootfiles/common/initscripts index cbd8d774e6..f15782ec35 100644 --- a/config/rootfiles/common/initscripts +++ b/config/rootfiles/common/initscripts @@ -15,6 +15,7 @@ etc/rc.d/init.d/firewall etc/rc.d/init.d/functions etc/rc.d/init.d/halt etc/rc.d/init.d/localnet +etc/rc.d/init.d/mISDN etc/rc.d/init.d/modules etc/rc.d/init.d/mountfs etc/rc.d/init.d/mountkernfs diff --git a/config/rootfiles/common/libxml2 b/config/rootfiles/common/libxml2 new file mode 100644 index 0000000000..8e78911e11 --- /dev/null +++ b/config/rootfiles/common/libxml2 @@ -0,0 +1,335 @@ +#usr/bin/xml2-config +#usr/bin/xmlcatalog +#usr/bin/xmllint +#usr/include/libxml2 +#usr/include/libxml2/libxml +#usr/include/libxml2/libxml/DOCBparser.h +#usr/include/libxml2/libxml/HTMLparser.h +#usr/include/libxml2/libxml/HTMLtree.h +#usr/include/libxml2/libxml/SAX.h +#usr/include/libxml2/libxml/SAX2.h +#usr/include/libxml2/libxml/c14n.h +#usr/include/libxml2/libxml/catalog.h +#usr/include/libxml2/libxml/chvalid.h +#usr/include/libxml2/libxml/debugXML.h +#usr/include/libxml2/libxml/dict.h +#usr/include/libxml2/libxml/encoding.h +#usr/include/libxml2/libxml/entities.h +#usr/include/libxml2/libxml/globals.h +#usr/include/libxml2/libxml/hash.h +#usr/include/libxml2/libxml/list.h +#usr/include/libxml2/libxml/nanoftp.h +#usr/include/libxml2/libxml/nanohttp.h +#usr/include/libxml2/libxml/parser.h +#usr/include/libxml2/libxml/parserInternals.h +#usr/include/libxml2/libxml/pattern.h +#usr/include/libxml2/libxml/relaxng.h +#usr/include/libxml2/libxml/schemasInternals.h +#usr/include/libxml2/libxml/schematron.h +#usr/include/libxml2/libxml/threads.h +#usr/include/libxml2/libxml/tree.h +#usr/include/libxml2/libxml/uri.h +#usr/include/libxml2/libxml/valid.h +#usr/include/libxml2/libxml/xinclude.h +#usr/include/libxml2/libxml/xlink.h +#usr/include/libxml2/libxml/xmlIO.h +#usr/include/libxml2/libxml/xmlautomata.h +#usr/include/libxml2/libxml/xmlerror.h +#usr/include/libxml2/libxml/xmlexports.h +#usr/include/libxml2/libxml/xmlmemory.h +#usr/include/libxml2/libxml/xmlmodule.h +#usr/include/libxml2/libxml/xmlreader.h +#usr/include/libxml2/libxml/xmlregexp.h +#usr/include/libxml2/libxml/xmlsave.h +#usr/include/libxml2/libxml/xmlschemas.h +#usr/include/libxml2/libxml/xmlschemastypes.h +#usr/include/libxml2/libxml/xmlstring.h +#usr/include/libxml2/libxml/xmlunicode.h +#usr/include/libxml2/libxml/xmlversion.h +#usr/include/libxml2/libxml/xmlwriter.h +#usr/include/libxml2/libxml/xpath.h +#usr/include/libxml2/libxml/xpathInternals.h +#usr/include/libxml2/libxml/xpointer.h +#usr/lib/libxml2.a +#usr/lib/libxml2.la +usr/lib/libxml2.so +usr/lib/libxml2.so.2 +usr/lib/libxml2.so.2.6.26 +#usr/lib/pkgconfig/libxml-2.0.pc +usr/lib/python2.4/site-packages/drv_libxml2.py +usr/lib/python2.4/site-packages/libxml2.py +#usr/lib/python2.4/site-packages/libxml2mod.a +#usr/lib/python2.4/site-packages/libxml2mod.la +usr/lib/python2.4/site-packages/libxml2mod.so +#usr/lib/xml2Conf.sh +#usr/man/man1/xml2-config.1 +#usr/man/man1/xmlcatalog.1 +#usr/man/man1/xmllint.1 +#usr/man/man3/libxml.3 +#usr/share/aclocal/libxml.m4 +#usr/share/doc/libxml2-2.6.26 +#usr/share/doc/libxml2-2.6.26/Copyright +#usr/share/doc/libxml2-2.6.26/examples +#usr/share/doc/libxml2-2.6.26/examples/testHTML.c +#usr/share/doc/libxml2-2.6.26/examples/testSAX.c +#usr/share/doc/libxml2-2.6.26/examples/testXPath.c +#usr/share/doc/libxml2-2.6.26/examples/xmllint.c +#usr/share/doc/libxml2-2.6.26/html +#usr/share/doc/libxml2-2.6.26/html/DOM.gif +#usr/share/doc/libxml2-2.6.26/html/FAQ.html +#usr/share/doc/libxml2-2.6.26/html/Libxml2-Logo-180x168.gif +#usr/share/doc/libxml2-2.6.26/html/Libxml2-Logo-90x34.gif +#usr/share/doc/libxml2-2.6.26/html/encoding.html +#usr/share/doc/libxml2-2.6.26/html/examples.xml +#usr/share/doc/libxml2-2.6.26/html/examples.xsl +#usr/share/doc/libxml2-2.6.26/html/html +#usr/share/doc/libxml2-2.6.26/html/html/book1.html +#usr/share/doc/libxml2-2.6.26/html/html/home.png +#usr/share/doc/libxml2-2.6.26/html/html/index.html +#usr/share/doc/libxml2-2.6.26/html/html/left.png +#usr/share/doc/libxml2-2.6.26/html/html/libxml-DOCBparser.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-HTMLparser.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-HTMLtree.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-SAX.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-SAX2.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-c14n.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-catalog.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-chvalid.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-debugXML.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-dict.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-encoding.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-entities.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-globals.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-hash.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-lib.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-list.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-nanoftp.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-nanohttp.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-parser.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-parserInternals.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-pattern.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-relaxng.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-schemasInternals.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-schematron.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-threads.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-tree.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-uri.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-valid.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xinclude.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xlink.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlIO.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlautomata.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlerror.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlexports.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlmemory.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlmodule.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlreader.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlregexp.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlsave.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlschemas.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlschemastypes.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlstring.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlunicode.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlversion.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xmlwriter.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xpath.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xpathInternals.html +#usr/share/doc/libxml2-2.6.26/html/html/libxml-xpointer.html +#usr/share/doc/libxml2-2.6.26/html/html/right.png +#usr/share/doc/libxml2-2.6.26/html/html/up.png +#usr/share/doc/libxml2-2.6.26/html/io1.c +#usr/share/doc/libxml2-2.6.26/html/io1.res +#usr/share/doc/libxml2-2.6.26/html/io2.c +#usr/share/doc/libxml2-2.6.26/html/io2.res +#usr/share/doc/libxml2-2.6.26/html/libxml.gif +#usr/share/doc/libxml2-2.6.26/html/parse1.c +#usr/share/doc/libxml2-2.6.26/html/parse2.c +#usr/share/doc/libxml2-2.6.26/html/parse3.c +#usr/share/doc/libxml2-2.6.26/html/parse4.c +#usr/share/doc/libxml2-2.6.26/html/reader1.c +#usr/share/doc/libxml2-2.6.26/html/reader1.res +#usr/share/doc/libxml2-2.6.26/html/reader2.c +#usr/share/doc/libxml2-2.6.26/html/reader3.c +#usr/share/doc/libxml2-2.6.26/html/reader3.res +#usr/share/doc/libxml2-2.6.26/html/reader4.c +#usr/share/doc/libxml2-2.6.26/html/reader4.res +#usr/share/doc/libxml2-2.6.26/html/redhat.gif +#usr/share/doc/libxml2-2.6.26/html/smallfootonly.gif +#usr/share/doc/libxml2-2.6.26/html/structure.gif +#usr/share/doc/libxml2-2.6.26/html/test1.xml +#usr/share/doc/libxml2-2.6.26/html/test2.xml +#usr/share/doc/libxml2-2.6.26/html/test3.xml +#usr/share/doc/libxml2-2.6.26/html/testWriter.c +#usr/share/doc/libxml2-2.6.26/html/tree1.c +#usr/share/doc/libxml2-2.6.26/html/tree1.res +#usr/share/doc/libxml2-2.6.26/html/tree2.c +#usr/share/doc/libxml2-2.6.26/html/tree2.res +#usr/share/doc/libxml2-2.6.26/html/tst.xml +#usr/share/doc/libxml2-2.6.26/html/tutorial +#usr/share/doc/libxml2-2.6.26/html/tutorial/apa.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/apb.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/apc.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/apd.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/ape.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/apf.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/apg.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/aph.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/api.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/ar01s02.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/ar01s03.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/ar01s04.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/ar01s05.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/ar01s06.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/ar01s07.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/ar01s08.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/ar01s09.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/images +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/blank.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/callouts +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/callouts/1.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/callouts/10.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/callouts/2.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/callouts/3.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/callouts/4.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/callouts/5.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/callouts/6.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/callouts/7.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/callouts/8.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/callouts/9.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/caution.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/draft.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/home.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/important.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/next.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/note.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/prev.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/tip.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/toc-blank.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/toc-minus.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/toc-plus.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/up.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/images/warning.png +#usr/share/doc/libxml2-2.6.26/html/tutorial/includeaddattribute.c +#usr/share/doc/libxml2-2.6.26/html/tutorial/includeaddkeyword.c +#usr/share/doc/libxml2-2.6.26/html/tutorial/includeconvert.c +#usr/share/doc/libxml2-2.6.26/html/tutorial/includegetattribute.c +#usr/share/doc/libxml2-2.6.26/html/tutorial/includekeyword.c +#usr/share/doc/libxml2-2.6.26/html/tutorial/includexpath.c +#usr/share/doc/libxml2-2.6.26/html/tutorial/index.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/ix01.html +#usr/share/doc/libxml2-2.6.26/html/tutorial/xmltutorial.pdf +#usr/share/doc/libxml2-2.6.26/html/w3c.png +#usr/share/doc/libxml2-2.6.26/html/writer.xml +#usr/share/doc/libxml2-2.6.26/html/xml.html +#usr/share/doc/libxml2-2.6.26/html/xpath1.c +#usr/share/doc/libxml2-2.6.26/html/xpath1.res +#usr/share/doc/libxml2-2.6.26/html/xpath2.c +#usr/share/doc/libxml2-2.6.26/html/xpath2.res +#usr/share/doc/libxml2-python-2.6.26 +#usr/share/doc/libxml2-python-2.6.26/TODO +#usr/share/doc/libxml2-python-2.6.26/examples +#usr/share/doc/libxml2-python-2.6.26/examples/attribs.py +#usr/share/doc/libxml2-python-2.6.26/examples/build.py +#usr/share/doc/libxml2-python-2.6.26/examples/ctxterror.py +#usr/share/doc/libxml2-python-2.6.26/examples/cutnpaste.py +#usr/share/doc/libxml2-python-2.6.26/examples/dtdvalid.py +#usr/share/doc/libxml2-python-2.6.26/examples/error.py +#usr/share/doc/libxml2-python-2.6.26/examples/inbuf.py +#usr/share/doc/libxml2-python-2.6.26/examples/indexes.py +#usr/share/doc/libxml2-python-2.6.26/examples/invalid.xml +#usr/share/doc/libxml2-python-2.6.26/examples/nsdel.py +#usr/share/doc/libxml2-python-2.6.26/examples/outbuf.py +#usr/share/doc/libxml2-python-2.6.26/examples/push.py +#usr/share/doc/libxml2-python-2.6.26/examples/pushSAX.py +#usr/share/doc/libxml2-python-2.6.26/examples/pushSAXhtml.py +#usr/share/doc/libxml2-python-2.6.26/examples/reader.py +#usr/share/doc/libxml2-python-2.6.26/examples/reader2.py +#usr/share/doc/libxml2-python-2.6.26/examples/reader3.py +#usr/share/doc/libxml2-python-2.6.26/examples/reader4.py +#usr/share/doc/libxml2-python-2.6.26/examples/reader5.py +#usr/share/doc/libxml2-python-2.6.26/examples/reader6.py +#usr/share/doc/libxml2-python-2.6.26/examples/reader7.py +#usr/share/doc/libxml2-python-2.6.26/examples/reader8.py +#usr/share/doc/libxml2-python-2.6.26/examples/readererr.py +#usr/share/doc/libxml2-python-2.6.26/examples/readernext.py +#usr/share/doc/libxml2-python-2.6.26/examples/regexp.py +#usr/share/doc/libxml2-python-2.6.26/examples/relaxng.py +#usr/share/doc/libxml2-python-2.6.26/examples/resolver.py +#usr/share/doc/libxml2-python-2.6.26/examples/schema.py +#usr/share/doc/libxml2-python-2.6.26/examples/serialize.py +#usr/share/doc/libxml2-python-2.6.26/examples/sync.py +#usr/share/doc/libxml2-python-2.6.26/examples/test.dtd +#usr/share/doc/libxml2-python-2.6.26/examples/thread2.py +#usr/share/doc/libxml2-python-2.6.26/examples/tst.py +#usr/share/doc/libxml2-python-2.6.26/examples/tst.xml +#usr/share/doc/libxml2-python-2.6.26/examples/tstLastError.py +#usr/share/doc/libxml2-python-2.6.26/examples/tstURI.py +#usr/share/doc/libxml2-python-2.6.26/examples/tstmem.py +#usr/share/doc/libxml2-python-2.6.26/examples/tstxpath.py +#usr/share/doc/libxml2-python-2.6.26/examples/valid.xml +#usr/share/doc/libxml2-python-2.6.26/examples/validDTD.py +#usr/share/doc/libxml2-python-2.6.26/examples/validRNG.py +#usr/share/doc/libxml2-python-2.6.26/examples/validSchemas.py +#usr/share/doc/libxml2-python-2.6.26/examples/validate.py +#usr/share/doc/libxml2-python-2.6.26/examples/walker.py +#usr/share/doc/libxml2-python-2.6.26/examples/xpath.py +#usr/share/doc/libxml2-python-2.6.26/examples/xpathext.py +#usr/share/doc/libxml2-python-2.6.26/examples/xpathret.py +#usr/share/gtk-doc +#usr/share/gtk-doc/html +#usr/share/gtk-doc/html/libxml2 +#usr/share/gtk-doc/html/libxml2/general.html +#usr/share/gtk-doc/html/libxml2/home.png +#usr/share/gtk-doc/html/libxml2/index.html +#usr/share/gtk-doc/html/libxml2/left.png +#usr/share/gtk-doc/html/libxml2/libxml2-DOCBparser.html +#usr/share/gtk-doc/html/libxml2/libxml2-HTMLparser.html +#usr/share/gtk-doc/html/libxml2/libxml2-HTMLtree.html +#usr/share/gtk-doc/html/libxml2/libxml2-SAX.html +#usr/share/gtk-doc/html/libxml2/libxml2-SAX2.html +#usr/share/gtk-doc/html/libxml2/libxml2-c14n.html +#usr/share/gtk-doc/html/libxml2/libxml2-catalog.html +#usr/share/gtk-doc/html/libxml2/libxml2-chvalid.html +#usr/share/gtk-doc/html/libxml2/libxml2-debugXML.html +#usr/share/gtk-doc/html/libxml2/libxml2-dict.html +#usr/share/gtk-doc/html/libxml2/libxml2-encoding.html +#usr/share/gtk-doc/html/libxml2/libxml2-entities.html +#usr/share/gtk-doc/html/libxml2/libxml2-globals.html +#usr/share/gtk-doc/html/libxml2/libxml2-hash.html +#usr/share/gtk-doc/html/libxml2/libxml2-list.html +#usr/share/gtk-doc/html/libxml2/libxml2-nanoftp.html +#usr/share/gtk-doc/html/libxml2/libxml2-nanohttp.html +#usr/share/gtk-doc/html/libxml2/libxml2-parser.html +#usr/share/gtk-doc/html/libxml2/libxml2-parserInternals.html +#usr/share/gtk-doc/html/libxml2/libxml2-pattern.html +#usr/share/gtk-doc/html/libxml2/libxml2-relaxng.html +#usr/share/gtk-doc/html/libxml2/libxml2-schemasInternals.html +#usr/share/gtk-doc/html/libxml2/libxml2-schematron.html +#usr/share/gtk-doc/html/libxml2/libxml2-threads.html +#usr/share/gtk-doc/html/libxml2/libxml2-tree.html +#usr/share/gtk-doc/html/libxml2/libxml2-uri.html +#usr/share/gtk-doc/html/libxml2/libxml2-valid.html +#usr/share/gtk-doc/html/libxml2/libxml2-xinclude.html +#usr/share/gtk-doc/html/libxml2/libxml2-xlink.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlIO.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlautomata.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlerror.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlexports.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlmemory.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlmodule.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlreader.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlregexp.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlsave.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlschemas.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlschemastypes.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlstring.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlunicode.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlversion.html +#usr/share/gtk-doc/html/libxml2/libxml2-xmlwriter.html +#usr/share/gtk-doc/html/libxml2/libxml2-xpath.html +#usr/share/gtk-doc/html/libxml2/libxml2-xpathInternals.html +#usr/share/gtk-doc/html/libxml2/libxml2-xpointer.html +#usr/share/gtk-doc/html/libxml2/libxml2.devhelp +#usr/share/gtk-doc/html/libxml2/right.png +#usr/share/gtk-doc/html/libxml2/style.css +#usr/share/gtk-doc/html/libxml2/up.png diff --git a/config/rootfiles/common/libxslt b/config/rootfiles/common/libxslt new file mode 100644 index 0000000000..bdcf7b696b --- /dev/null +++ b/config/rootfiles/common/libxslt @@ -0,0 +1,150 @@ +#usr/bin/xslt-config +usr/bin/xsltproc +#usr/include/libexslt +#usr/include/libexslt/exslt.h +#usr/include/libexslt/exsltconfig.h +#usr/include/libexslt/exsltexports.h +#usr/include/libxslt +#usr/include/libxslt/attributes.h +#usr/include/libxslt/documents.h +#usr/include/libxslt/extensions.h +#usr/include/libxslt/extra.h +#usr/include/libxslt/functions.h +#usr/include/libxslt/imports.h +#usr/include/libxslt/keys.h +#usr/include/libxslt/namespaces.h +#usr/include/libxslt/numbersInternals.h +#usr/include/libxslt/pattern.h +#usr/include/libxslt/preproc.h +#usr/include/libxslt/security.h +#usr/include/libxslt/templates.h +#usr/include/libxslt/transform.h +#usr/include/libxslt/variables.h +#usr/include/libxslt/xslt.h +#usr/include/libxslt/xsltInternals.h +#usr/include/libxslt/xsltconfig.h +#usr/include/libxslt/xsltexports.h +#usr/include/libxslt/xsltutils.h +#usr/lib/libexslt.a +#usr/lib/libexslt.la +usr/lib/libexslt.so +usr/lib/libexslt.so.0 +usr/lib/libexslt.so.0.8.13 +#usr/lib/libxslt-plugins +#usr/lib/libxslt.a +#usr/lib/libxslt.la +usr/lib/libxslt.so +usr/lib/libxslt.so.1 +usr/lib/libxslt.so.1.1.17 +#usr/lib/pkgconfig/libexslt.pc +#usr/lib/pkgconfig/libxslt.pc +usr/lib/python2.4/site-packages/libxslt.py +#usr/lib/python2.4/site-packages/libxsltmod.a +#usr/lib/python2.4/site-packages/libxsltmod.la +usr/lib/python2.4/site-packages/libxsltmod.so +#usr/lib/xsltConf.sh +#usr/man/man1/xsltproc.1 +#usr/man/man3/libexslt.3 +#usr/man/man3/libxslt.3 +#usr/share/aclocal/libxslt.m4 +#usr/share/doc/libxslt-1.1.17 +#usr/share/doc/libxslt-1.1.17/html +#usr/share/doc/libxslt-1.1.17/html/API.html +#usr/share/doc/libxslt-1.1.17/html/APIchunk0.html +#usr/share/doc/libxslt-1.1.17/html/APIchunk1.html +#usr/share/doc/libxslt-1.1.17/html/APIchunk2.html +#usr/share/doc/libxslt-1.1.17/html/APIchunk3.html +#usr/share/doc/libxslt-1.1.17/html/APIchunk4.html +#usr/share/doc/libxslt-1.1.17/html/APIchunk5.html +#usr/share/doc/libxslt-1.1.17/html/APIchunk6.html +#usr/share/doc/libxslt-1.1.17/html/APIchunk7.html +#usr/share/doc/libxslt-1.1.17/html/APIchunk8.html +#usr/share/doc/libxslt-1.1.17/html/APIchunk9.html +#usr/share/doc/libxslt-1.1.17/html/APIconstructors.html +#usr/share/doc/libxslt-1.1.17/html/APIfiles.html +#usr/share/doc/libxslt-1.1.17/html/APIfunctions.html +#usr/share/doc/libxslt-1.1.17/html/APIsymbols.html +#usr/share/doc/libxslt-1.1.17/html/EXSLT +#usr/share/doc/libxslt-1.1.17/html/EXSLT/APIchunk0.html +#usr/share/doc/libxslt-1.1.17/html/EXSLT/APIconstructors.html +#usr/share/doc/libxslt-1.1.17/html/EXSLT/APIfiles.html +#usr/share/doc/libxslt-1.1.17/html/EXSLT/APIfunctions.html +#usr/share/doc/libxslt-1.1.17/html/EXSLT/APIsymbols.html +#usr/share/doc/libxslt-1.1.17/html/EXSLT/bugs.html +#usr/share/doc/libxslt-1.1.17/html/EXSLT/docs.html +#usr/share/doc/libxslt-1.1.17/html/EXSLT/downloads.html +#usr/share/doc/libxslt-1.1.17/html/EXSLT/exslt.html +#usr/share/doc/libxslt-1.1.17/html/EXSLT/help.html +#usr/share/doc/libxslt-1.1.17/html/EXSLT/index.html +#usr/share/doc/libxslt-1.1.17/html/EXSLT/intro.html +#usr/share/doc/libxslt-1.1.17/html/FAQ.html +#usr/share/doc/libxslt-1.1.17/html/Libxslt-Logo-180x168.gif +#usr/share/doc/libxslt-1.1.17/html/Libxslt-Logo-90x34.gif +#usr/share/doc/libxslt-1.1.17/html/bugs.html +#usr/share/doc/libxslt-1.1.17/html/contexts.gif +#usr/share/doc/libxslt-1.1.17/html/contribs.html +#usr/share/doc/libxslt-1.1.17/html/docbook.html +#usr/share/doc/libxslt-1.1.17/html/docs.html +#usr/share/doc/libxslt-1.1.17/html/downloads.html +#usr/share/doc/libxslt-1.1.17/html/extensions.html +#usr/share/doc/libxslt-1.1.17/html/help.html +#usr/share/doc/libxslt-1.1.17/html/html +#usr/share/doc/libxslt-1.1.17/html/html/book1.html +#usr/share/doc/libxslt-1.1.17/html/html/home.png +#usr/share/doc/libxslt-1.1.17/html/html/index.html +#usr/share/doc/libxslt-1.1.17/html/html/left.png +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-attributes.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-documents.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-extensions.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-extra.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-functions.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-imports.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-keys.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-lib.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-namespaces.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-numbersInternals.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-pattern.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-preproc.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-security.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-templates.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-transform.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-variables.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-xslt.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-xsltInternals.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-xsltexports.html +#usr/share/doc/libxslt-1.1.17/html/html/libxslt-xsltutils.html +#usr/share/doc/libxslt-1.1.17/html/html/right.png +#usr/share/doc/libxslt-1.1.17/html/html/up.png +#usr/share/doc/libxslt-1.1.17/html/index.html +#usr/share/doc/libxslt-1.1.17/html/internals.html +#usr/share/doc/libxslt-1.1.17/html/intro.html +#usr/share/doc/libxslt-1.1.17/html/news.html +#usr/share/doc/libxslt-1.1.17/html/node.gif +#usr/share/doc/libxslt-1.1.17/html/object.gif +#usr/share/doc/libxslt-1.1.17/html/processing.gif +#usr/share/doc/libxslt-1.1.17/html/python.html +#usr/share/doc/libxslt-1.1.17/html/redhat.gif +#usr/share/doc/libxslt-1.1.17/html/smallfootonly.gif +#usr/share/doc/libxslt-1.1.17/html/stylesheet.gif +#usr/share/doc/libxslt-1.1.17/html/templates.gif +#usr/share/doc/libxslt-1.1.17/html/tutorial +#usr/share/doc/libxslt-1.1.17/html/tutorial/libxslt_tutorial.c +#usr/share/doc/libxslt-1.1.17/html/tutorial/libxslttutorial.html +#usr/share/doc/libxslt-1.1.17/html/tutorial/libxslttutorial.xml +#usr/share/doc/libxslt-1.1.17/html/tutorial2 +#usr/share/doc/libxslt-1.1.17/html/tutorial2/libxslt_pipes.c +#usr/share/doc/libxslt-1.1.17/html/tutorial2/libxslt_pipes.html +#usr/share/doc/libxslt-1.1.17/html/tutorial2/libxslt_pipes.xml +#usr/share/doc/libxslt-1.1.17/html/xslt.html +#usr/share/doc/libxslt-1.1.17/html/xsltproc.html +#usr/share/doc/libxslt-1.1.17/html/xsltproc2.html +#usr/share/doc/libxslt-python-1.1.17 +#usr/share/doc/libxslt-python-1.1.17/TODO +#usr/share/doc/libxslt-python-1.1.17/examples +#usr/share/doc/libxslt-python-1.1.17/examples/basic.py +#usr/share/doc/libxslt-python-1.1.17/examples/exslt.py +#usr/share/doc/libxslt-python-1.1.17/examples/extelem.py +#usr/share/doc/libxslt-python-1.1.17/examples/extfunc.py +#usr/share/doc/libxslt-python-1.1.17/examples/pyxsltproc.py +#usr/share/doc/libxslt-python-1.1.17/examples/test.xml +#usr/share/doc/libxslt-python-1.1.17/examples/test.xsl diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn index 012296f0d2..f415476a9a 100644 --- a/config/rootfiles/common/openvpn +++ b/config/rootfiles/common/openvpn @@ -3,12 +3,11 @@ usr/sbin/openvpn var/ipfire/ovpn var/ipfire/ovpn/ca var/ipfire/ovpn/caconfig -var/ipfire/ovpn/certs +#var/ipfire/ovpn/certs var/ipfire/ovpn/certs/index.txt var/ipfire/ovpn/certs/serial var/ipfire/ovpn/crls -var/ipfire/ovpn/n2nconf -var/ipfire/ovpn/openssl +#var/ipfire/ovpn/openssl var/ipfire/ovpn/openssl/ovpn.cnf var/ipfire/ovpn/ovpnconfig var/ipfire/ovpn/settings diff --git a/doc/language_issues.de b/doc/language_issues.de index 5db31c9876..0974360c1f 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -174,7 +174,6 @@ WARNING: translation string unused: invalid upstream proxy username or password WARNING: translation string unused: iowait WARNING: translation string unused: ip address in use WARNING: translation string unused: ipfire side -WARNING: translation string unused: ipfire side is invalid WARNING: translation string unused: iptable rules WARNING: translation string unused: javascript menu error1 WARNING: translation string unused: javascript menu error2 @@ -365,3 +364,4 @@ WARNING: translation string unused: written sectors WARNING: translation string unused: xtaccess bad transfert WARNING: translation string unused: year WARNING: translation string unused: yearly firewallhits +WARNING: untranslated string: OVPN diff --git a/doc/language_issues.en b/doc/language_issues.en index 0f7239ba52..3371a94d8d 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -185,7 +185,6 @@ WARNING: translation string unused: invalid upstream proxy username or password WARNING: translation string unused: iowait WARNING: translation string unused: ip address in use WARNING: translation string unused: ipfire side -WARNING: translation string unused: ipfire side is invalid WARNING: translation string unused: iptable rules WARNING: translation string unused: javascript menu error1 WARNING: translation string unused: javascript menu error2 @@ -368,3 +367,4 @@ WARNING: translation string unused: weekly firewallhits WARNING: translation string unused: written sectors WARNING: translation string unused: year WARNING: translation string unused: yearly firewallhits +WARNING: untranslated string: OVPN diff --git a/doc/packages-list.txt b/doc/packages-list.txt index 6a9f145b3f..8fb7909f66 100644 --- a/doc/packages-list.txt +++ b/doc/packages-list.txt @@ -120,6 +120,7 @@ * iptables-1.3.5 * iptstate-2.1 * iputils-ss020927 +* isdn4k-utils-CVS-2006-07-20 * java-1.5.0_06-for-ipfire * jpegsrc.v6b * kbd-1.12 @@ -144,6 +145,7 @@ * libvorbis-1.1.2 * libwww-perl-5.803 * libxml2-2.6.26 +* libxslt-1.1.17 * linux-2.6.16.50 * linux-atm-2.4.1 * linux-libc-headers-2.6.12.0 diff --git a/html/cgi-bin/ovpnfunc.pl b/html/cgi-bin/ovpnfunc.pl deleted file mode 100644 index 42199cc233..0000000000 --- a/html/cgi-bin/ovpnfunc.pl +++ /dev/null @@ -1,1145 +0,0 @@ -#!/usr/bin/perl -w -package Ovpnfunc; -use Archive::Zip qw(:ERROR_CODES :CONSTANTS); -use Net::DNS; -use File::Copy; -use File::Temp qw/ tempfile tempdir /; -use strict; -require '/var/ipfire/general-functions.pl'; -my %netsettings=(); -my $errormessage = ''; -my $errormessage2 = ''; -my @subnets; # array of anonymous hashes {cn, from, to} -my @subnets2; # array of anonymous hashes {cn, from, to} -my %overlaps; # hash {cn} of anonymous arrays of subnets -my ($subnet, $from, $to, $i, $j); -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); -sub haveOrangeNet -{ - if ($netsettings{'CONFIG_TYPE'} == 1) {return 1;} - if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;} - if ($netsettings{'CONFIG_TYPE'} == 5) {return 1;} - if ($netsettings{'CONFIG_TYPE'} == 7) {return 1;} - return 0; -} - -sub haveBlueNet -{ - if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;} - if ($netsettings{'CONFIG_TYPE'} == 5) {return 1;} - if ($netsettings{'CONFIG_TYPE'} == 6) {return 1;} - if ($netsettings{'CONFIG_TYPE'} == 7) {return 1;} - return 0; -} - -sub sizeformat{ - my $bytesize = $_[0]; - my $i = 0; - - while(abs($bytesize) >= 1024){ - $bytesize=$bytesize/1024; - $i++; - last if($i==6); - } - - my @units = ("Bytes","KB","MB","GB","TB","PB","EB"); - my $newsize=(int($bytesize*100 +0.5))/100; - return("$newsize $units[$i]"); -} - -sub valid_dns_host { - my $hostname = $_[0]; - unless ($hostname) { return "No hostname"}; - my $res = new Net::DNS::Resolver; - my $query = $res->search("$hostname"); - if ($query) { - foreach my $rr ($query->answer) { - ## Potential bug - we are only looking at A records: - return 0 if $rr->type eq "A"; - } - } else { - return $res->errorstring; - } -} - -sub cleanssldatabase -{ - if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) { - print FILE "01"; - close FILE; - } - if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) { - print FILE ""; - close FILE; - } - unlink ("${General::swroot}/ovpn/certs/index.txt.old"); - unlink ("${General::swroot}/ovpn/certs/serial.old"); - unlink ("${General::swroot}/ovpn/certs/01.pem"); -} - -sub newcleanssldatabase -{ - if (! -s "${General::swroot}/ovpn/certs/serial" ) { - open(FILE, ">${General::swroot}(ovpn/certs/serial"); - print FILE "01"; - close FILE; - } - if (! -s ">${General::swroot}/ovpn/certs/index.txt") { - system ("touch ${General::swroot}/ovpn/certs/index.txt"); - } - unlink ("${General::swroot}/ovpn/certs/index.txt.old"); - unlink ("${General::swroot}/ovpn/certs/serial.old"); -} - -sub deletebackupcert -{ - if (open(FILE, "${General::swroot}/ovpn/certs/serial.old")) { - my $hexvalue = ; - chomp $hexvalue; - close FILE; - unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem"); - } -} - -sub checkportfw { - my $KEY2 = $_[0]; # key2 - my $SRC_PORT = $_[1]; # src_port - my $PROTOCOL = $_[2]; # protocol - my $SRC_IP = $_[3]; # sourceip - my $pfwfilename = "${General::swroot}/portfw/config"; - open(FILE, $pfwfilename) or die 'Unable to open config file.'; - my @pfwcurrent = ; - close(FILE); - my $pfwkey1 = 0; # used for finding last sequence number used - foreach my $pfwline (@pfwcurrent) - { - my @pfwtemp = split(/\,/,$pfwline); - - chomp ($pfwtemp[8]); - if ($KEY2 eq "0"){ # if key2 is 0 then it is a portfw addition - if ( $SRC_PORT eq $pfwtemp[3] && - $PROTOCOL eq $pfwtemp[2] && - $SRC_IP eq $pfwtemp[7]) - { - $errormessage = "$Lang::tr{'source port in use'} $SRC_PORT"; - } - # Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number - if ( $pfwtemp[1] eq "0") { - $pfwkey1=$pfwtemp[0]; - } - # Darren Critchley - Duplicate or overlapping Port range check - if ($pfwtemp[1] eq "0" && - $PROTOCOL eq $pfwtemp[2] && - $SRC_IP eq $pfwtemp[7] && - $errormessage eq '') - { - &portchecks($SRC_PORT, $pfwtemp[5]); -# &portchecks($pfwtemp[3], $pfwtemp[5]); -# &portchecks($pfwtemp[3], $SRC_IP); - } - } - } -# $errormessage="$KEY2 $SRC_PORT $PROTOCOL $SRC_IP"; - - return $errormessage; -} - -sub checkportoverlap -{ - my $portrange1 = $_[0]; # New port range - my $portrange2 = $_[1]; # existing port range - my @tempr1 = split(/\:/,$portrange1); - my @tempr2 = split(/\:/,$portrange2); - - unless (&checkportinc($tempr1[0], $portrange2)){ return 0;} - unless (&checkportinc($tempr1[1], $portrange2)){ return 0;} - - unless (&checkportinc($tempr2[0], $portrange1)){ return 0;} - unless (&checkportinc($tempr2[1], $portrange1)){ return 0;} - - return 1; # Everything checks out! -} - -# Darren Critchley - we want to make sure that a port entry is not within an already existing range -sub checkportinc -{ - my $port1 = $_[0]; # Port - my $portrange2 = $_[1]; # Port range - my @tempr1 = split(/\:/,$portrange2); - - if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) { - return 1; - } else { - return 0; - } -} -# Darren Critchley - Duplicate or overlapping Port range check -sub portchecks -{ - my $p1 = $_[0]; # New port range - my $p2 = $_[1]; # existing port range -# $_ = $_[0]; - our ($prtrange1, $prtrange2); - $prtrange1 = 0; -# if (m/:/ && $prtrange1 == 1) { # comparing two port ranges -# unless (&checkportoverlap($p1,$p2)) { -# $errormessage = "$Lang::tr{'source port overlaps'} $p1"; -# } -# } - if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range - unless (&checkportinc($p2,$p1)) { - $errormessage = "$Lang::tr{'srcprt within existing'} $p1"; - } - } - $prtrange1 = 1; - if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range - unless (&checkportinc($p1,$p2)) { - $errormessage = "$Lang::tr{'srcprt range overlaps'} $p2"; - } - } - return; -} - -# Darren Critchley - certain ports are reserved for IPFire -# TCP 67,68,81,222,444 -# UDP 67,68 -# Params passed in -> port, rangeyn, protocol -sub disallowreserved -{ - # port 67 and 68 same for tcp and udp, don't bother putting in an array - my $msg = ""; - my @tcp_reserved = (81,222,444); - my $prt = $_[0]; # the port or range - my $ryn = $_[1]; # tells us whether or not it is a port range - my $prot = $_[2]; # protocol - my $srcdst = $_[3]; # source or destination - if ($ryn) { # disect port range - if ($srcdst eq "src") { - $msg = "$Lang::tr{'rsvd src port overlap'}"; - } else { - $msg = "$Lang::tr{'rsvd dst port overlap'}"; - } - my @tmprng = split(/\:/,$prt); - unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; } - unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; } - if ($prot eq "tcp") { - foreach my $prange (@tcp_reserved) { - unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; } - } - } - } else { - if ($srcdst eq "src") { - $msg = "$Lang::tr{'reserved src port'}"; - } else { - $msg = "$Lang::tr{'reserved dst port'}"; - } - if ($prt == 67) { $errormessage="$msg 67"; return; } - if ($prt == 68) { $errormessage="$msg 68"; return; } - if ($prot eq "tcp") { - foreach my $prange (@tcp_reserved) { - if ($prange == $prt) { - $errormessage = "$msg $prange"; - return $errormessage; } - } - } - } - return $errormessage; -} - -sub writeserverconf { - my %sovpnsettings = (); - &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings); - - open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!"; - flock CONF, 2; - print CONF "#OpenVPN Server conf\n"; - print CONF "\n"; - print CONF "daemon openvpnserver\n"; - print CONF "writepid /var/run/openvpn.pid\n"; - print CONF "#DAN prepare ZERINA for listening on blue and orange\n"; - print CONF ";local $sovpnsettings{'VPN_IP'}\n"; - print CONF "dev $sovpnsettings{'DDEVICE'}\n"; - print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; - if ($sovpnsettings{'DPROTOCOL'} eq 'tcp') { - print CONF "proto $sovpnsettings{'DPROTOCOL'}-server\n"; - } else { - print CONF "proto $sovpnsettings{'DPROTOCOL'}\n"; - } - print CONF "port $sovpnsettings{'DDEST_PORT'}\n"; - print CONF "tls-server\n"; - print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n"; - print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n"; - print CONF "key /var/ipfire/ovpn/certs/serverkey.pem\n"; - print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n"; - my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'}); - print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; - print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; - if ($sovpnsettings{AD_ROUTE1} ne '') { - my @tempovpnsubnet = split("\/",$sovpnsettings{'AD_ROUTE1'}); - print CONF "push \"route $tempovpnsubnet[0] $tempovpnsubnet[1]\"\n"; - } - if ($sovpnsettings{AD_ROUTE2} ne '') { - my @tempovpnsubnet = split("\/",$sovpnsettings{'AD_ROUTE2'}); - print CONF "push \"route $tempovpnsubnet[0] $tempovpnsubnet[1]\"\n"; - } - if ($sovpnsettings{AD_ROUTE3} ne '') { - my @tempovpnsubnet = split("\/",$sovpnsettings{'AD_ROUTE3'}); - print CONF "push \"route $tempovpnsubnet[0] $tempovpnsubnet[1]\"\n"; - } - if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { - print CONF "client-to-client\n"; - } - if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) { - print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n"; - } - print CONF "status-version 1\n"; - print CONF "status /var/log/ovpnserver.log 30\n"; - print CONF "cipher $sovpnsettings{DCIPHER}\n"; - if ($sovpnsettings{DCOMPLZO} eq 'on') { - print CONF "comp-lzo\n"; - } - if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') { - print CONF "push \"redirect-gateway def1\"\n"; - } - if ($sovpnsettings{DHCP_DOMAIN} ne '') { - print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n"; - } - - if ($sovpnsettings{DHCP_DNS} ne '') { - print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS}\"\n"; - } - - if ($sovpnsettings{DHCP_WINS} ne '') { - print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n"; - } - - if ($sovpnsettings{DHCP_WINS} eq '') { - print CONF "max-clients 100\n"; - } - - if ($sovpnsettings{DHCP_WINS} ne '') { - print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n"; - } - - ################################################################################# - # Added by Philipp Jenni # - # # - # Contact: philipp.jenni-at-gmx.ch # - # Date: 2006-04-22 # - # Description: Add the FAST-IO Parameter from OpenVPN to der Server.Config. # - # Add the NICE Parameter from OpenVPN to der Server.Config. # - # Add the MTU-DISC Parameter from OpenVPN to der Server.Config. # - # Add the MSSFIX Parameter from OpenVPN to der Server.Config. # - # Add the FRAMGMENT Parameter from OpenVPN to der Server.Config. # - ################################################################################# - if ($sovpnsettings{EXTENDED_FASTIO} eq 'on') { - print CONF "fast-io\n"; - } - if ($sovpnsettings{EXTENDED_NICE} != 0) { - print CONF "nice $sovpnsettings{EXTENDED_NICE}\n"; - } - if ($sovpnsettings{EXTENDED_MTUDISC} eq 'on') { - print CONF "mtu-disc yes\n"; - } - if ($sovpnsettings{EXTENDED_MSSFIX} ne '') { - print CONF "mssfix $sovpnsettings{EXTENDED_MSSFIX}\n"; - } - if ($sovpnsettings{EXTENDED_FRAGMENT} ne '') { - print CONF "fragment $sovpnsettings{EXTENDED_FRAGMENT}\n"; - } - ################################################################################# - # End of Inserted Data # - ################################################################################# - - print CONF "tls-verify /var/ipfire/ovpn/verify\n"; - print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n"; - print CONF "user nobody\n"; - print CONF "group nobody\n"; - print CONF "persist-key\n"; - print CONF "persist-tun\n"; - if ($sovpnsettings{LOG_VERB} ne '') { - print CONF "verb $sovpnsettings{LOG_VERB}\n"; - } else { - print CONF "verb 3\n"; - } - print CONF "\n"; - - close(CONF); -} - -sub writenet2netconf { - my $n2nkey = $_[0]; - my $zerinaclient = $_[1]; - my %n2nconfighash = (); - my $file = ''; -# my $file = ''; - my $clientovpn = ''; - my @fileholder; - my $tempdir = tempdir( CLEANUP => 1 ); - my $zippath = "$tempdir/"; - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%n2nconfighash); - if (! $n2nkey) { - $n2nkey = &General::findhasharraykey (\%n2nconfighash); - foreach my $i (0 .. 25) { $n2nconfighash{$n2nkey}[$i] = "";} - } - my $zipname = "$n2nconfighash{$n2nkey}[1].zip"; - my $zippathname = "$zippath$zipname"; - if ($n2nconfighash{$n2nkey}[3] eq 'net') { - if ($zerinaclient eq '') { - if ( -d "${General::swroot}/ovpn/n2nconf/$n2nconfighash{$n2nkey}[1]"){ - while ($file = glob("${General::swroot}/ovpn/n2nconf/$n2nconfighash{$n2nkey}[1]/*.conf")) { - unlink $file - } - } else { - mkdir("${General::swroot}/ovpn/n2nconf/$n2nconfighash{$n2nkey}[1]", 0770); - } - open(CONF, ">${General::swroot}/ovpn/n2nconf/$n2nconfighash{$n2nkey}[1]/$n2nconfighash{$n2nkey}[1].conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$n2nconfighash{$n2nkey}[1]/$n2nconfighash{$n2nkey}[1].conf: $!"; - } else { - $clientovpn = "$n2nconfighash{$n2nkey}[1].conf"; - open(CONF, ">$tempdir/$clientovpn") or die "Unable to open $tempdir/$clientovpn: $!"; - } - flock CONF, 2; - print CONF "dev tun\n"; - print CONF "tun-mtu $n2nconfighash{$n2nkey}[17]\n"; - if ($n2nconfighash{$n2nkey}[14] eq 'udp') { - print CONF "proto $n2nconfighash{$n2nkey}[14]\n"; - } elsif ((($zerinaclient eq '') && ($n2nconfighash{$n2nkey}[6] eq 'server'))) { - print CONF "proto $n2nconfighash{$n2nkey}[14]-server\n"; - } else { - print CONF "proto $n2nconfighash{$n2nkey}[14]-client\n"; - } - print CONF "port $n2nconfighash{$n2nkey}[15]\n"; - my @tempovpnsubnet = split("\/",$n2nconfighash{$n2nkey}[13]); - my @ovpnip = split /\./,$tempovpnsubnet[0]; -# if ((($zerinaclient eq '') && ($n2nconfighash{$n2nkey}[19] eq 'no'))) { - if ((($zerinaclient eq '') && ($n2nconfighash{$n2nkey}[6] eq 'server'))) { - print CONF "ifconfig $ovpnip[0].$ovpnip[1].$ovpnip[2].1 $ovpnip[0].$ovpnip[1].$ovpnip[2].2\n"; - print CONF "remote $n2nconfighash{$n2nkey}[10]\n"; - print CONF "tls-server\n"; - print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n"; - print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n"; - print CONF "key /var/ipfire/ovpn/certs/serverkey.pem\n"; - print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n"; - my @tempremotesubnet = split("\/",$n2nconfighash{$n2nkey}[11]); - print CONF "route $tempremotesubnet[0] $tempremotesubnet[1]\n"; - } else { - print CONF "ifconfig $ovpnip[0].$ovpnip[1].$ovpnip[2].2 $ovpnip[0].$ovpnip[1].$ovpnip[2].1\n"; - #print CONF "$zerinaclient ufuk 10=$n2nconfighash{$n2nkey}[10] 18=$n2nconfighash{$n2nkey}[18] 19=$n2nconfighash{$n2nkey}[19] \n"; - if ($zerinaclient ne 'true'){ - if ($n2nconfighash{$n2nkey}[19] eq 'no'){ - print CONF "remote $n2nconfighash{$n2nkey}[10]\n"; - } else { - print CONF "remote $n2nconfighash{$n2nkey}[10]\n"; - } - } else { - print CONF "remote $n2nconfighash{$n2nkey}[18]\n"; - } - print CONF "tls-client\n"; - if ($zerinaclient ne 'true'){ - print CONF "pkcs12 ${General::swroot}/ovpn/n2nconf/$n2nconfighash{$n2nkey}[1]/$n2nconfighash{$n2nkey}[1].p12\n"; - } else { - print CONF "pkcs12 $n2nconfighash{$n2nkey}[1].p12\n"; - } - if ($n2nconfighash{$n2nkey}[19] eq 'no'){ - my @tempremotesubnet = split("\/",$n2nconfighash{$n2nkey}[8]); - print CONF "route $tempremotesubnet[0] $tempremotesubnet[1]\n"; - } else { - my @tempremotesubnet = split("\/",$n2nconfighash{$n2nkey}[11]); - print CONF "route $tempremotesubnet[0] $tempremotesubnet[1]\n"; - } - } - if ($n2nconfighash{$n2nkey}[26] > 0 && $n2nconfighash{$n2nkey}[27] > 0) { - print CONF "keepalive $n2nconfighash{$n2nkey}[26] $n2nconfighash{$n2nkey}[27]\n"; - } else { - print CONF "keepalive 10 60\n"; - } - print CONF "cipher $n2nconfighash{$n2nkey}[20]\n"; - if ($n2nconfighash{$n2nkey}[16] eq 'on') { - print CONF "comp-lzo\n"; - } - if ($n2nconfighash{$n2nkey}[42] ne '') { - print CONF "verb $n2nconfighash{$n2nkey}[42]\n"; - } else { - print CONF "verb 3\n"; - } - if ($n2nconfighash{$n2nkey}[19] eq 'no'){ - print CONF "#$n2nconfighash{$n2nkey}[11]\n"; - } else { - print CONF "#$n2nconfighash{$n2nkey}[8]\n"; - } - if ($zerinaclient ne 'true') { - print CONF "daemon OVPN_$n2nconfighash{$n2nkey}[1]\n"; - print CONF "#status ${General::swroot}/ovpn/n2nconf/$n2nconfighash{$n2nkey}[1]/$n2nconfighash{$n2nkey}[1].log 2\n"; - } - close(CONF); - if ($zerinaclient eq 'true') { - my $zip = Archive::Zip->new(); - $zip->addFile( "${General::swroot}/ovpn/certs/$n2nconfighash{$n2nkey}[1].p12", "$n2nconfighash{$n2nkey}[1].p12") or die "Can't add file ${General::swroot}/ovpn/certs/$n2nconfighash{$n2nkey}[1].p12\n"; - $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n"; - my $status = $zip->writeToFileNamed($zippathname); - open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!"; - @fileholder = ; - print "Content-Type:application/x-download\n"; - print "Content-Disposition:attachment;filename=$zipname\n\n"; - print @fileholder; - exit (0); - } - } -} - -sub removenet2netconf { - my %n2nconfighash = (); - my $key = $_[0]; - my $file = ''; - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%n2nconfighash); - if ($n2nconfighash{$key}[3] eq 'net') { - if ( -d "${General::swroot}/ovpn/n2nconf/$n2nconfighash{$key}[1]"){ - while ($file = glob("${General::swroot}/ovpn/n2nconf/$n2nconfighash{$key}[1]/*")) { - unlink $file - } - rmdir("${General::swroot}/ovpn/n2nconf/$n2nconfighash{$key}[1]"); - } - } -} - -sub emptyserverlog{ - if (open(FILE, ">/var/log/ovpnserver.log")) { - flock FILE, 2; - print FILE ""; - close FILE; - } -} - -sub displayca { - my $key = $_[0]; - my %cahash = (); - &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash); - if ( -f "${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem") { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', $errormessage); - &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:"); - my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem`; - $output = &Header::cleanhtml($output,"y"); - print "
$output
\n"; - &Header::closebox(); - print "
$Lang::tr{'back'}
"; - &Header::closebigbox(); - &Header::closepage(); - exit(0); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } -} -sub displayroothost { - my $roothost = $_[0]; - my $output; - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - if ($roothost eq $Lang::tr{'show root certificate'}) { - &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:"); - $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; - } else { - &Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:"); - $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`; - } - $output = &Header::cleanhtml($output,"y"); - print "
$output
\n"; - &Header::closebox(); - print "
$Lang::tr{'back'}
"; - &Header::closebigbox(); - &Header::closepage(); - exit(0); -} - -sub killconnection { - my $key = $_[0]; - my %n2nconfighash = (); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%n2nconfighash); - my $n2nactive = `/bin/ps ax|grep $n2nconfighash{$key}[1].conf|grep -v grep|awk \'{print \$1}\'`; - if ($n2nactive ne ''){ - system('/usr/local/bin/openvpnctrl', '-kn2n', $n2nactive); - } -} - -sub cidrormask { - my $cidrmask = $_[0]; - my $cidrmask2 = $cidrmask; - if ("/$cidrmask" =~ /^\/(\d+)/){#cidr - if ($cidrmask2 = &cidr2mask("/$cidrmask")) { - return $cidrmask2; - } else { - if ($cidrmask =~ /^\d+\.\d+\.\d+\.\d+/){#mask - return $cidrmask; - } - } - } else { - if ($cidrmask =~ /^\d+\.\d+\.\d+\.\d+/){#mask - return $cidrmask; - } - } -} -sub cidr2mask { - my( $cidr ) = @_; - my( $one32 ) = 0xffffffff; - my( @d, $n, $bits ); - - if ( $cidr eq "/0" ) { - return "0.0.0.0"; - } - - if ( $cidr !~ /\/(\d+)/ ) { - return undef; - } - $bits = $1; - - if ( $bits > 32 ) { - return undef; - } - - #-- convert to subnet-style mask - $n = $one32 << (32 - $bits); - $d[3] = $n % 256; $n = int( $n / 256); - $d[2] = $n % 256; $n = int( $n / 256); - $d[1] = $n % 256; $n = int( $n / 256); - $d[0] = $n; - return join '.', @d; -} - - -# ---------------------------------------------------------------------------- -# $cidr = &mask2cidr( $mask ) -# ---------------------------------------------------------------------------- - -sub mask2cidr { - my( $mask ) = @_; - my( @d, $n, $bits ); - - if ( $mask eq "0.0.0.0" ) { - return "/0"; - } - - if ( ! &validMask( $mask ) ) { - return undef; - } - - @d = split /\./, $mask; - $n = ((((($d[0] * 256) + $d[1]) * 256) + $d[2]) * 256) + $d[3]; - $bits = 32; - while ( ($n % 2) == 0 ) { - $n >>= 1; - $bits -= 1; - } - return "/$bits"; -} - - -# ---------------------------------------------------------------------------- -# $yesno = &validMask( $mask ) -# ---------------------------------------------------------------------------- - -sub validMask { - my( $mask ) = @_; - my( @d, $n, $str ); - - @d = split /\./, $mask; - $n = ((((($d[0] * 256) + $d[1]) * 256) + $d[2]) * 256) + $d[3]; - $str = sprintf "%b", $n; - return ( $str =~ /^1+0*$/ ); -} - -sub overlapping { - # read all subnets from AD, convert to integer range, and sort. - foreach $subnet (@subnets2) { - ($from, $to) = &subnet2range ($subnet); - push @subnets, { cn => $subnet, from => $from, to => $to }; - } - @subnets = sort { $a->{from} <=> $b->{from} } @subnets; - - # compare all possible subnets for overlap; depend on sort order. - for ($i=0; $i<=$#subnets; $i++) { - for ($j=$i+1; $j<=$#subnets; $j++) { - last if $subnets[$i]->{to} < $subnets[$j]->{from}; # no possible overlap anymore; - push @{$overlaps{$subnets[$i]->{cn}}}, $subnets[$j]->{cn} if $subnets[$i]->{to} >= $subnets[$j]->{from}; - } - } - - if (scalar (keys %overlaps)) { - foreach $subnet (sort keys %overlaps) { - #$errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire IPSEC : %s\n", $subnet, join (", ", sort @{$overlaps{$subnet}}); - $errormessage = "$subnet : $overlaps{$subnet}[0]"; - last; - } - } - return $errormessage; -} - -# &subnet2range ($subnet) -# convert subnets to integers in order to compare them later. -# A subnet looks like this: 10.1.2.0/24 -# returns beginning and end of subnet as integer -# -sub subnet2range { - my $subnet = shift (@_); - my ($from, $to); - - $subnet =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)\/(\d+)$/ || die "bad subnet $subnet\n"; - $from = $1*2**24 + $2*2**16 + $3*2**8 + $4; - $to = $from + 2**(32-$5) - 1; - return ($from, $to); -} - -sub ovelapplausi { - my $tmpovpnsubnet0 = $_[0]; - my $tmpovpnsubnet1 = $_[1]; - my %vpnconfighash = (); - my $tmpcidr = ''; - my @tmpremotevpnsubnet; - &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfighash); - - if (&General::IpInSubnet ( $netsettings{'GREEN_ADDRESS'}, - $tmpovpnsubnet0, $tmpovpnsubnet1)) { - $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Green Network $netsettings{'GREEN_ADDRESS'}"; - return $errormessage; - } - - if (&haveBlueNet()) { - if (&General::IpInSubnet ( $netsettings{'BLUE_ADDRESS'}, - $tmpovpnsubnet0, $tmpovpnsubnet1)) { - $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Blue Network $netsettings{'BLUE_ADDRESS'}"; - return $errormessage; - } - } - if (&haveOrangeNet()) { - if (&General::IpInSubnet ( $netsettings{'ORANGE_ADDRESS'}, - $tmpovpnsubnet0, $tmpovpnsubnet1)) { - $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Orange Network $netsettings{'ORANGE_ADDRESS'}"; - return $errormessage; - } - } - open(ALIASES, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.'; - while () - { - chomp($_); - my @tempalias = split(/\,/,$_); - if ($tempalias[1] eq 'on') { - if (&General::IpInSubnet ($tempalias[0] , - $tmpovpnsubnet0, $tmpovpnsubnet1)) { - $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire alias entry $tempalias[0]"; - exit $errormessage; - } - } - } - close(ALIASES); - - #check against ipsec connections - foreach my $key (keys %vpnconfighash) { - #$confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; - #$confighash{$key}[3]#host or net - #$confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; - #$confighash{$key}[10] = $cgiparams{'REMOTE'}; - &emptyarray(); - $tmpcidr = &mask2cidr($tmpovpnsubnet1); - push @subnets2, "$tmpovpnsubnet0$tmpcidr"; - @tmpremotevpnsubnet = split("\/",$vpnconfighash{$key}[8]); - $tmpcidr = &mask2cidr($tmpremotevpnsubnet[1]); - push @subnets2, "$tmpremotevpnsubnet[0]$tmpcidr"; - $errormessage2 = &overlapping(); - if ($errormessage2 ne '') { - $errormessage = "$Lang::tr{'ovpn subnet overlap'}IPSCEC Connection=$vpnconfighash{$key}[1] $Lang::tr{'local subnet'} $errormessage2 "; - last; - } - &emptyarray(); - if ($vpnconfighash{$key}[3] eq 'net'){ - if (&General::IpInSubnet ($vpnconfighash{$key}[10],$tmpovpnsubnet0, $tmpovpnsubnet1)) { - $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire IPSEC Connection/IP: $vpnconfighash{$key}[1]/$vpnconfighash{$key}[10]"; - last; - } - #check agains ipsec local subent - push @subnets2, "$tmpovpnsubnet0$tmpcidr"; - @tmpremotevpnsubnet = split("\/",$vpnconfighash{$key}[11]); - $tmpcidr = &mask2cidr($tmpremotevpnsubnet[1]); - push @subnets2, "$tmpremotevpnsubnet[0]$tmpcidr"; - $errormessage2 = &overlapping(); - if ($errormessage2 ne '') { - $errormessage = "$Lang::tr{'ovpn subnet overlap'}IPSCEC Connection=$vpnconfighash{$key}[1] $Lang::tr{'remote subnet'} $errormessage2 "; - last; - } - &emptyarray(); - push @subnets2, "$tmpovpnsubnet0$tmpcidr"; - @tmpremotevpnsubnet = split("\/",$vpnconfighash{$key}[8]); - $tmpcidr = &mask2cidr($tmpremotevpnsubnet[1]); - push @subnets2, "$tmpremotevpnsubnet[0]$tmpcidr"; - $errormessage2 = &overlapping(); - if ($errormessage2 ne '') { - $errormessage = "$Lang::tr{'ovpn subnet overlap'}IPSCEC Connection=$vpnconfighash{$key}[1] $Lang::tr{'local subnet'} $errormessage2 "; - last; - } - &emptyarray(); - } - } - #check against OpenVPN Connections (aware check against itself) - return $errormessage; -} -sub emptyarray { - @subnets2 = (); - @subnets = (); -} -sub rwclientstatus { - my $activeonrun = $_[0]; - my @status = `/bin/cat /var/log/ovpnserver.log`; - my %confighash = (); - my $dis = '' - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) { - $dis = ''; - } else { - $dis = "disabled='disabled'"; - } - - &Header::openbox('100%', 'LEFT', "Roadwarrior $Lang::tr{'Client status and controlc'}"); - print < - - $Lang::tr{'name'} - $Lang::tr{'type'} - $Lang::tr{'common name'} - $Lang::tr{'valid till'} - $Lang::tr{'remark'}
L2089 - $Lang::tr{'status'} - $Lang::tr{'action'} - -END - ; - my $id = 0; - my $gif; - foreach my $key (keys %confighash) { - if ($confighash{$key}[3] eq 'host') { - if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } - if ($id % 2) { - print "\n"; - } else { - print "\n"; - } - print "$confighash{$key}[1]"; - print "" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")"; - if ($confighash{$key}[4] eq 'cert') { - print "$confighash{$key}[2]"; - } else { - print " "; - } - if ($confighash{$key}[19] ne 'yes') { - my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; - $cavalid =~ /Not After : (.*)[\n]/; - $cavalid = $1; - print "$cavalid"; - } else { - print " "; - } - print "$confighash{$key}[25]"; - my $active = "
$Lang::tr{'capsclosed'}
"; - if ($confighash{$key}[0] eq 'off') { - $active = "
$Lang::tr{'capsclosed'}
"; - } else { - my $cn; - my @match = (); - foreach my $line (@status) { - chomp($line); - if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) { - @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line); - if ($match[1] ne "Common Name") { - $cn = $match[1]; - } - $cn =~ s/[_]/ /g; - if ($cn eq "$confighash{$key}[2]") { - $active = "
$Lang::tr{'capsopen'}
"; - } - } - } - } - print "$active"; - my $disable_clientdl = ""; - if ($confighash{$key}[6] ne 'client') { - print < - - - - -END - ; } else { - print " "; - } - if ($confighash{$key}[4] eq 'cert' && $confighash{$key}[19] ne 'yes') { - print < - - - - -END - ; } else { - print " "; - } - if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") { - print < - - - - -END - ; } elsif ($confighash{$key}[4] eq 'cert' && $confighash{$key}[19] ne 'yes') { - print < - - - - -END - ; } else { - print " "; - } - print < - - - - -
- - - -
-
- - - -
- -END - ; - $id++; - } - } - ; - # If the config file contains entries, print Key to action icons - if ( $id ) { - print < - -   $Lang::tr{'legend'}: -   $Lang::tr{ - $Lang::tr{'click to disable'} -     $Lang::tr{ - $Lang::tr{'show certificate'} -     $Lang::tr{ - $Lang::tr{'edit'} -     $Lang::tr{ - $Lang::tr{'remove'} - - -   -   ?OFF - $Lang::tr{'click to enable'} -     ?FLOPPY - $Lang::tr{'download certificate'} -     ?RELOAD - $Lang::tr{'dl client arch'} - - -END - ; - } - print < -
- - - -
- -END - ; - &Header::closebox(); - #} -} -sub net2netstatus { -#net2net connections - my $activeonrun = $_[0]; - my @status = `/bin/cat /var/log/ovpnserver.log`; - my %confighash = (); - my $dis = '' - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) { - $dis = ''; - } else { - $dis = "disabled='disabled'"; - } - &Header::openbox('100%', 'LEFT', "Net to Net Connection status and control:"); - print < - - $Lang::tr{'name'} - $Lang::tr{'type'} - $Lang::tr{'common name'} - $Lang::tr{'valid till'} - $Lang::tr{'remark'}
L2089 - $Lang::tr{'status'} - $Lang::tr{'action'} - -END - ; - my $id = 0; - my $gif; - foreach my $key (keys %confighash) { - if ($confighash{$key}[3] eq 'net') { - if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } - if ($id % 2) { - print "\n"; - } else { - print "\n"; - } - print "$confighash{$key}[1]"; - print "" . $confighash{$key}[6] . "-" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")"; - if ($confighash{$key}[4] eq 'cert') { - print "$confighash{$key}[2]"; - } else { - print " "; - } - if ($confighash{$key}[19] ne 'yes') { - my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; - $cavalid =~ /Not After : (.*)[\n]/; - $cavalid = $1; - print "$cavalid"; - } else { - print " "; - } - print "$confighash{$key}[25]"; - my $active = "
$Lang::tr{'capsclosed'}
"; - if ($confighash{$key}[0] eq 'off') { - $active = "
$Lang::tr{'capsclosed'}
"; - } else { - my @tempovpnsubnet = split("\/",$confighash{$key}[13]); - my @ovpnip = split /\./,$tempovpnsubnet[0]; - my $pingip = ""; - if ($confighash{$key}[6] eq 'server') { - $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].2"; - } else { - $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].1"; - } - my $p = Net::Ping->new("udp",1); - if ($p->ping($pingip)) { - $active = "
$Lang::tr{'capsopen'}
"; - } - $p->close(); - } - print "$active"; - my $disable_clientdl = ""; - if ($confighash{$key}[6] ne 'client') { - print < - - - - -END - ; } else { - print " "; - } - if ($confighash{$key}[4] eq 'cert' && $confighash{$key}[19] ne 'yes') { - print < - - - - -END - ; } else { - print " "; - } - if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") { - print < - - - - -END - ; } elsif ($confighash{$key}[4] eq 'cert' && $confighash{$key}[19] ne 'yes') { - print < - - - - -END - ; } else { - print " "; - } - - print < - - - - -
- - - -
-
- - - -
- -END - ; - $id++; - } - } - ; - - # If the config file contains entries, print Key to action icons - if ( $id ) { - print < - -   $Lang::tr{'legend'}: -   $Lang::tr{ - $Lang::tr{'click to disable'} -     $Lang::tr{ - $Lang::tr{'show certificate'} -     $Lang::tr{ - $Lang::tr{'edit'} -     $Lang::tr{ - $Lang::tr{'remove'} - - -   -   ?OFF - $Lang::tr{'click to enable'} -     ?FLOPPY - $Lang::tr{'download certificate'} -     ?RELOAD - $Lang::tr{'dl client arch'} - - -END - ; - } - print < -
- -
- -END - ; - &Header::closebox(); - #} -#net2net connections -} diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 7610414020..1c2d42c822 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -3,10 +3,8 @@ # # This code is distributed under the terms of the GPL # Main idea from zeroconcept -# ZERNINA-VERSION:0.9.7a9 -# (c) 2005 Ufuk Altinkaynak -# -# Ipcop and OpenVPN eas as one two three.. +# ZERNINA-VERSION:0.9.4i +# (c) 2007 Ufuk Altinkaynak # use CGI; @@ -16,9 +14,7 @@ use File::Copy; use File::Temp qw/ tempfile tempdir /; use strict; use Archive::Zip qw(:ERROR_CODES :CONSTANTS); -use Net::Ping; require '/var/ipfire/general-functions.pl'; -require '/srv/web/ipfire/cgi-bin/ovpnfunc.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; require "${General::swroot}/countries.pl"; @@ -35,6 +31,8 @@ my %mainsettings = (); &General::readhash("${General::swroot}/main/settings", \%mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); + + ### ### Initialize variables ### @@ -48,7 +46,6 @@ my %selected=(); my $warnmessage = ''; my $errormessage = ''; my %settings=(); -my $zerinaclient = ''; &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); $cgiparams{'ENABLED'} = 'off'; $cgiparams{'ENABLED_BLUE'} = 'off'; @@ -69,6 +66,337 @@ $cgiparams{'DCOMPLZO'} = 'off'; ### ### Useful functions ### +sub haveOrangeNet +{ + if ($netsettings{'CONFIG_TYPE'} == 1) {return 1;} + if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;} + if ($netsettings{'CONFIG_TYPE'} == 5) {return 1;} + if ($netsettings{'CONFIG_TYPE'} == 7) {return 1;} + return 0; +} + +sub haveBlueNet +{ + if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;} + if ($netsettings{'CONFIG_TYPE'} == 5) {return 1;} + if ($netsettings{'CONFIG_TYPE'} == 6) {return 1;} + if ($netsettings{'CONFIG_TYPE'} == 7) {return 1;} + return 0; +} + +sub sizeformat{ + my $bytesize = shift; + my $i = 0; + + while(abs($bytesize) >= 1024){ + $bytesize=$bytesize/1024; + $i++; + last if($i==6); + } + + my @units = ("Bytes","KB","MB","GB","TB","PB","EB"); + my $newsize=(int($bytesize*100 +0.5))/100; + return("$newsize $units[$i]"); +} + +sub valid_dns_host { + my $hostname = $_[0]; + unless ($hostname) { return "No hostname"}; + my $res = new Net::DNS::Resolver; + my $query = $res->search("$hostname"); + if ($query) { + foreach my $rr ($query->answer) { + ## Potential bug - we are only looking at A records: + return 0 if $rr->type eq "A"; + } + } else { + return $res->errorstring; + } +} + +sub cleanssldatabase +{ + if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) { + print FILE "01"; + close FILE; + } + if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) { + print FILE ""; + close FILE; + } + unlink ("${General::swroot}/ovpn/certs/index.txt.old"); + unlink ("${General::swroot}/ovpn/certs/serial.old"); + unlink ("${General::swroot}/ovpn/certs/01.pem"); +} + +sub newcleanssldatabase +{ + if (! -s "${General::swroot}/ovpn/certs/serial" ) { + open(FILE, ">${General::swroot}(ovpn/certs/serial"); + print FILE "01"; + close FILE; + } + if (! -s ">${General::swroot}/ovpn/certs/index.txt") { + system ("touch ${General::swroot}/ovpn/certs/index.txt"); + } + unlink ("${General::swroot}/ovpn/certs/index.txt.old"); + unlink ("${General::swroot}/ovpn/certs/serial.old"); +} + +sub deletebackupcert +{ + if (open(FILE, "${General::swroot}/ovpn/certs/serial.old")) { + my $hexvalue = ; + chomp $hexvalue; + close FILE; + unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem"); + } +} + +sub checkportfw { + my $KEY2 = $_[0]; # key2 + my $SRC_PORT = $_[1]; # src_port + my $PROTOCOL = $_[2]; # protocol + my $SRC_IP = $_[3]; # sourceip + + my $pfwfilename = "${General::swroot}/portfw/config"; + open(FILE, $pfwfilename) or die 'Unable to open config file.'; + my @pfwcurrent = ; + close(FILE); + my $pfwkey1 = 0; # used for finding last sequence number used + foreach my $pfwline (@pfwcurrent) + { + my @pfwtemp = split(/\,/,$pfwline); + + chomp ($pfwtemp[8]); + if ($KEY2 eq "0"){ # if key2 is 0 then it is a portfw addition + if ( $SRC_PORT eq $pfwtemp[3] && + $PROTOCOL eq $pfwtemp[2] && + $SRC_IP eq $pfwtemp[7]) + { + $errormessage = "$Lang::tr{'source port in use'} $SRC_PORT"; + } + # Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number + if ( $pfwtemp[1] eq "0") { + $pfwkey1=$pfwtemp[0]; + } + # Darren Critchley - Duplicate or overlapping Port range check + if ($pfwtemp[1] eq "0" && + $PROTOCOL eq $pfwtemp[2] && + $SRC_IP eq $pfwtemp[7] && + $errormessage eq '') + { + &portchecks($SRC_PORT, $pfwtemp[5]); +# &portchecks($pfwtemp[3], $pfwtemp[5]); +# &portchecks($pfwtemp[3], $SRC_IP); + } + } + } +# $errormessage="$KEY2 $SRC_PORT $PROTOCOL $SRC_IP"; + + return; +} + +sub checkportoverlap +{ + my $portrange1 = $_[0]; # New port range + my $portrange2 = $_[1]; # existing port range + my @tempr1 = split(/\:/,$portrange1); + my @tempr2 = split(/\:/,$portrange2); + + unless (&checkportinc($tempr1[0], $portrange2)){ return 0;} + unless (&checkportinc($tempr1[1], $portrange2)){ return 0;} + + unless (&checkportinc($tempr2[0], $portrange1)){ return 0;} + unless (&checkportinc($tempr2[1], $portrange1)){ return 0;} + + return 1; # Everything checks out! +} + +# Darren Critchley - we want to make sure that a port entry is not within an already existing range +sub checkportinc +{ + my $port1 = $_[0]; # Port + my $portrange2 = $_[1]; # Port range + my @tempr1 = split(/\:/,$portrange2); + + if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) { + return 1; + } else { + return 0; + } +} +# Darren Critchley - Duplicate or overlapping Port range check +sub portchecks +{ + my $p1 = $_[0]; # New port range + my $p2 = $_[1]; # existing port range +# $_ = $_[0]; + our ($prtrange1, $prtrange2); + $prtrange1 = 0; +# if (m/:/ && $prtrange1 == 1) { # comparing two port ranges +# unless (&checkportoverlap($p1,$p2)) { +# $errormessage = "$Lang::tr{'source port overlaps'} $p1"; +# } +# } + if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range + unless (&checkportinc($p2,$p1)) { + $errormessage = "$Lang::tr{'srcprt within existing'} $p1"; + } + } + $prtrange1 = 1; + if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range + unless (&checkportinc($p1,$p2)) { + $errormessage = "$Lang::tr{'srcprt range overlaps'} $p2"; + } + } + return; +} + +# Darren Critchley - certain ports are reserved for IPFire +# TCP 67,68,81,222,445 +# UDP 67,68 +# Params passed in -> port, rangeyn, protocol +sub disallowreserved +{ + # port 67 and 68 same for tcp and udp, don't bother putting in an array + my $msg = ""; + my @tcp_reserved = (81,222,445); + my $prt = $_[0]; # the port or range + my $ryn = $_[1]; # tells us whether or not it is a port range + my $prot = $_[2]; # protocol + my $srcdst = $_[3]; # source or destination + if ($ryn) { # disect port range + if ($srcdst eq "src") { + $msg = "$Lang::tr{'rsvd src port overlap'}"; + } else { + $msg = "$Lang::tr{'rsvd dst port overlap'}"; + } + my @tmprng = split(/\:/,$prt); + unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; } + unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; } + if ($prot eq "tcp") { + foreach my $prange (@tcp_reserved) { + unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; } + } + } + } else { + if ($srcdst eq "src") { + $msg = "$Lang::tr{'reserved src port'}"; + } else { + $msg = "$Lang::tr{'reserved dst port'}"; + } + if ($prt == 67) { $errormessage="$msg 67"; return; } + if ($prt == 68) { $errormessage="$msg 68"; return; } + if ($prot eq "tcp") { + foreach my $prange (@tcp_reserved) { + if ($prange == $prt) { $errormessage="$msg $prange"; return; } + } + } + } + return; +} + +sub writeserverconf { + my %sovpnsettings = (); + &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings); + + open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!"; + flock CONF, 2; + print CONF "#OpenVPN Server conf\n"; + print CONF "\n"; + print CONF "daemon openvpnserver\n"; + print CONF "writepid /var/run/openvpn.pid\n"; + print CONF "#DAN prepare ZERINA for listening on blue and orange\n"; + print CONF ";local $sovpnsettings{'VPN_IP'}\n"; + print CONF "dev $sovpnsettings{'DDEVICE'}\n"; + print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; + print CONF "proto $sovpnsettings{'DPROTOCOL'}\n"; + print CONF "port $sovpnsettings{'DDEST_PORT'}\n"; + print CONF "tls-server\n"; + print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n"; + print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n"; + print CONF "key /var/ipfire/ovpn/certs/serverkey.pem\n"; + print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n"; + my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'}); + print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; + print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; + if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { + print CONF "client-to-client\n"; + } + if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) { + print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n"; + } + print CONF "status-version 1\n"; + print CONF "status /var/ipfire/ovpn/server.log 30\n"; + print CONF "cipher $sovpnsettings{DCIPHER}\n"; + if ($sovpnsettings{DCOMPLZO} eq 'on') { + print CONF "comp-lzo\n"; + } + if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') { + print CONF "push \"redirect-gateway def1\"\n"; + } + if ($sovpnsettings{DHCP_DOMAIN} ne '') { + print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n"; + } + + if ($sovpnsettings{DHCP_DNS} ne '') { + print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS}\"\n"; + } + + if ($sovpnsettings{DHCP_WINS} ne '') { + print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n"; + } + + if ($sovpnsettings{DHCP_WINS} eq '') { + print CONF "max-clients 100\n"; + } + + if ($sovpnsettings{DHCP_WINS} ne '') { + print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n"; + } + print CONF "tls-verify /var/ipfire/ovpn/verify\n"; + print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n"; + print CONF "user nobody\n"; + print CONF "group nobody\n"; + print CONF "persist-key\n"; + print CONF "persist-tun\n"; + if ($sovpnsettings{LOG_VERB} ne '') { + print CONF "verb $sovpnsettings{LOG_VERB}\n"; + } else { + print CONF "verb 3\n"; + } + print CONF "\n"; + + close(CONF); +} +# +sub emptyserverlog{ + if (open(FILE, ">${General::swroot}/ovpn/server.log")) { + flock FILE, 2; + print FILE ""; + close FILE; + } + +} + +#hier die refresh page +if ( -e "${General::swroot}/ovpn/gencanow") { + my $refresh = ''; + $refresh = ""; + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'OVPN'}, 1, $refresh); + &Header::openbigbox('100%', 'center'); + &Header::openbox('100%', 'left', "$Lang::tr{'generate root/host certificates'}:"); + print "\n\n"; + print "Please be patient this realy can take some time on older hardware...\n"; + &Header::closebox(); + &Header::closebigbox(); + &Header::closepage(); + exit (0); +} +##hier die refresh page + ### ### OpenVPN Server Control @@ -76,29 +404,21 @@ $cgiparams{'DCOMPLZO'} = 'off'; if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} || $cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'} || $cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}) { - my $serveractive = `/bin/ps ax|grep server.conf|grep -v grep|awk \'{print \$1}\'`; #start openvpn server if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){ - &Ovpnfunc::emptyserverlog(); + &emptyserverlog(); system('/usr/local/bin/openvpnctrl', '-s'); } #stop openvpn server if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){ - if ($serveractive ne ''){ - system('/usr/local/bin/openvpnctrl', '-kn2n', $serveractive); - } system('/usr/local/bin/openvpnctrl', '-k'); - &Ovpnfunc::emptyserverlog(); + &emptyserverlog(); } # #restart openvpn server if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){ #workarund, till SIGHUP also works when running as nobody - if ($serveractive ne ''){ - system('/usr/local/bin/openvpnctrl', '-kn2n', $serveractive); - } - system('/usr/local/bin/openvpnctrl', '-k'); - &Ovpnfunc::emptyserverlog(); - system('/usr/local/bin/openvpnctrl', '-s'); + system('/usr/local/bin/openvpnctrl', '-r'); + &emptyserverlog(); } } @@ -120,32 +440,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'}; $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'}; $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'}; - #additional push route - $vpnsettings{'AD_ROUTE1'} = $cgiparams{'AD_ROUTE1'}; - $vpnsettings{'AD_ROUTE2'} = $cgiparams{'AD_ROUTE2'}; - $vpnsettings{'AD_ROUTE3'} = $cgiparams{'AD_ROUTE3'}; - #additional push route - - ################################################################################# - # Added by Philipp Jenni # - # # - # Contact: philipp.jenni-at-gmx.ch # - # Date: 2006-04-22 # - # Description: Add the FAST-IO Parameter from OpenVPN to the Zerina Config # - # Add the NICE Parameter from OpenVPN to the Zerina Config # - # Add the MTU-DISC Parameter from OpenVPN to the Zerina Config # - # Add the MSSFIX Parameter from OpenVPN to the Zerina Config # - # Add the FRAMGMENT Parameter from OpenVPN to the Zerina Config # - ################################################################################# - $vpnsettings{'EXTENDED_FASTIO'} = $cgiparams{'EXTENDED_FASTIO'}; - $vpnsettings{'EXTENDED_NICE'} = $cgiparams{'EXTENDED_NICE'}; - $vpnsettings{'EXTENDED_MTUDISC'} = $cgiparams{'EXTENDED_MTUDISC'}; - $vpnsettings{'EXTENDED_MSSFIX'} = $cgiparams{'EXTENDED_MSSFIX'}; - $vpnsettings{'EXTENDED_FRAGMENT'} = $cgiparams{'EXTENDED_FRAGMENT'}; - ################################################################################# - # End of Inserted Data # - ################################################################################# - if ($cgiparams{'DHCP_DOMAIN'} ne ''){ unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) { @@ -165,25 +459,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { goto ADV_ERROR; } } - if ($cgiparams{'AD_ROUTE1'} ne ''){ - if (! &General::validipandmask($cgiparams{'AD_ROUTE1'})) { - $errormessage = $Lang::tr{'route subnet is invalid'}; - goto ADV_ERROR; - } - } - if ($cgiparams{'AD_ROUTE2'} ne ''){ - if (! &General::validipandmask($cgiparams{'AD_ROUTE2'})) { - $errormessage = $Lang::tr{'route subnet is invalid'}; - goto ADV_ERROR; - } - } - if ($cgiparams{'AD_ROUTE3'} ne ''){ - if (! &General::validipandmask($cgiparams{'AD_ROUTE3'})) { - $errormessage = $Lang::tr{'route subnet is invalid'}; - goto ADV_ERROR; - } - } - if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) { $errormessage = $Lang::tr{'invalid input for max clients'}; goto ADV_ERROR; @@ -206,47 +481,81 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { } &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings); - &Ovpnfunc::writeserverconf();#hier ok + &writeserverconf();#hier ok } + + + ### ### Save main settings ### if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too, #DAN this value has to leave. if ($cgiparams{'ENABLED'} eq 'on'){ unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})) { $errormessage = $Lang::tr{'invalid input for hostname'}; - goto SETTINGS_ERROR; + goto SETTINGS_ERROR; } } if ($cgiparams{'ENABLED'} eq 'on'){ - $errormessage = &Ovpnfunc::disallowreserved($cgiparams{'DDEST_PORT'},0,$cgiparams{'DPROTOCOL'},"dest"); + &disallowreserved($cgiparams{'DDEST_PORT'},0,$cgiparams{'DPROTOCOL'},"dest"); } if ($errormessage) { goto SETTINGS_ERROR; } if ($cgiparams{'ENABLED'} eq 'on'){ - $errormessage = &Ovpnfunc::checkportfw(0,$cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'},'0.0.0.0'); + &checkportfw(0,$cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'},'0.0.0.0'); } if ($errormessage) { goto SETTINGS_ERROR; } if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) { - $errormessage = $Lang::tr{'ovpn subnet is invalid'}; - goto SETTINGS_ERROR; - } - my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'}); - $tmpovpnsubnet[1] = &Ovpnfunc::cidrormask($tmpovpnsubnet[1]); - $cgiparams{'DOVPN_SUBNET'} = "$tmpovpnsubnet[0]/$tmpovpnsubnet[1]";#convert from cidr - #plausi1 - $errormessage = &Ovpnfunc::ovelapplausi($tmpovpnsubnet[0],$tmpovpnsubnet[1]); - #plausi1 + $errormessage = $Lang::tr{'ovpn subnet is invalid'}; + goto SETTINGS_ERROR; + } + my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'}); + + if (&General::IpInSubnet ( $netsettings{'RED_ADDRESS'}, + $tmpovpnsubnet[0], $tmpovpnsubnet[1])) { + $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire RED Network $netsettings{'RED_ADDRESS'}"; + goto SETTINGS_ERROR; + } + + if (&General::IpInSubnet ( $netsettings{'GREEN_ADDRESS'}, + $tmpovpnsubnet[0], $tmpovpnsubnet[1])) { + $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Green Network $netsettings{'GREEN_ADDRESS'}"; + goto SETTINGS_ERROR; + } + + if (&General::IpInSubnet ( $netsettings{'BLUE_ADDRESS'}, + $tmpovpnsubnet[0], $tmpovpnsubnet[1])) { + $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Blue Network $netsettings{'BLUE_ADDRESS'}"; + goto SETTINGS_ERROR; + } + + if (&General::IpInSubnet ( $netsettings{'ORANGE_ADDRESS'}, + $tmpovpnsubnet[0], $tmpovpnsubnet[1])) { + $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Orange Network $netsettings{'ORANGE_ADDRESS'}"; + goto SETTINGS_ERROR; + } + open(ALIASES, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.'; + while () + { + chomp($_); + my @tempalias = split(/\,/,$_); + if ($tempalias[1] eq 'on') { + if (&General::IpInSubnet ($tempalias[0] , + $tmpovpnsubnet[0], $tmpovpnsubnet[1])) { + $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire alias entry $tempalias[0]"; + } + } + } + close(ALIASES); if ($errormessage ne ''){ - goto SETTINGS_ERROR; + goto SETTINGS_ERROR; } if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) { $errormessage = $Lang::tr{'invalid input'}; @@ -258,17 +567,9 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg } unless (&General::validport($cgiparams{'DDEST_PORT'})) { - $errormessage = $Lang::tr{'invalid port'}; - goto SETTINGS_ERROR; + $errormessage = $Lang::tr{'invalid port'}; + goto SETTINGS_ERROR; } - #hhh - foreach my $dkey (keys %confighash) {#Check if there is no other entry with this name - if ($confighash{$dkey}[14] eq $cgiparams{'DPROTOCOL'} && $confighash{$dkey}[15] eq $cgiparams{'DDEST_PORT'}){ - $errormessage = "Choosed Protocol/Port combination is already used by connection: $confighash{$dkey}[1]"; - goto SETTINGS_ERROR; - } - } - #hhh $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'}; $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'}; $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'}; @@ -283,7 +584,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'}; #new settings for daemon &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings); - &Ovpnfunc::writeserverconf();#hier ok + &writeserverconf();#hier ok SETTINGS_ERROR: ### ### Reset all step 2 @@ -293,25 +594,26 @@ SETTINGS_ERROR: &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); foreach my $key (keys %confighash) { - if ($confighash{$key}[4] eq 'cert') { - delete $confighash{$cgiparams{'$key'}}; - } + if ($confighash{$key}[4] eq 'cert') { + delete $confighash{$cgiparams{'$key'}}; + } } while ($file = glob("${General::swroot}/ovpn/ca/*")) { - unlink $file + unlink $file } while ($file = glob("${General::swroot}/ovpn/certs/*")) { - unlink $file + unlink $file } while ($file = glob("${General::swroot}/ovpn/crls/*")) { - unlink $file + unlink $file } - &Ovpnfunc::cleanssldatabase(); + &cleanssldatabase(); if (open(FILE, ">${General::swroot}/ovpn/caconfig")) { print FILE ""; close FILE; } &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + #&writeserverconf(); ### ### Reset all step 1 ### @@ -358,34 +660,34 @@ END # Check if there is no other entry with this name foreach my $key (keys %cahash) { - if ($cahash{$key}[0] eq $cgiparams{'CA_NAME'}) { - $errormessage = $Lang::tr{'a ca certificate with this name already exists'}; - goto UPLOADCA_ERROR; - } + if ($cahash{$key}[0] eq $cgiparams{'CA_NAME'}) { + $errormessage = $Lang::tr{'a ca certificate with this name already exists'}; + goto UPLOADCA_ERROR; + } } if (ref ($cgiparams{'FH'}) ne 'Fh') { - $errormessage = $Lang::tr{'there was no file upload'}; - goto UPLOADCA_ERROR; + $errormessage = $Lang::tr{'there was no file upload'}; + goto UPLOADCA_ERROR; } # Move uploaded ca to a temporary file (my $fh, my $filename) = tempfile( ); if (copy ($cgiparams{'FH'}, $fh) != 1) { - $errormessage = $!; - goto UPLOADCA_ERROR; + $errormessage = $!; + goto UPLOADCA_ERROR; } my $temp = `/usr/bin/openssl x509 -text -in $filename`; - if ($temp !~ /CA:TRUE/i) { - $errormessage = $Lang::tr{'not a valid ca certificate'}; - unlink ($filename); - goto UPLOADCA_ERROR; + if ($temp !~ /CA:TRUE/i) { + $errormessage = $Lang::tr{'not a valid ca certificate'}; + unlink ($filename); + goto UPLOADCA_ERROR; } else { - move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem"); - if ($? ne 0) { - $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; - unlink ($filename); - goto UPLOADCA_ERROR; - } + move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem"); + if ($? ne 0) { + $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + unlink ($filename); + goto UPLOADCA_ERROR; + } } my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`; @@ -399,13 +701,33 @@ END $cahash{$key}[0] = $cgiparams{'CA_NAME'}; $cahash{$key}[1] = $casubject; &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash); +# system('/usr/local/bin/ipsecctrl', 'R'); + UPLOADCA_ERROR: ### ### Display ca certificate ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show ca certificate'}) { - &Ovpnfunc::displayca($cgiparams{'KEY'}); + &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash); + + if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', $errormessage); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:"); + my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`; + $output = &Header::cleanhtml($output,"y"); + print "
$output
\n"; + &Header::closebox(); + print ""; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + } else { + $errormessage = $Lang::tr{'invalid key'}; + } + ### ### Download ca certificate ### @@ -432,15 +754,22 @@ END foreach my $key (keys %confighash) { my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; if ($test =~ /: OK/) { + # Delete connection +# if ($vpnsettings{'ENABLED'} eq 'on' || +# $vpnsettings{'ENABLED_BLUE'} eq 'on') { +# system('/usr/local/bin/ipsecctrl', 'D', $key); +# } unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem"); unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12"); delete $confighash{$key}; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); +# &writeipsecfiles(); } } unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem"); delete $cahash{$cgiparams{'KEY'}}; &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash); +# system('/usr/local/bin/ipsecctrl', 'R'); } else { $errormessage = $Lang::tr{'invalid key'}; } @@ -492,8 +821,27 @@ END ### ### Display root certificate ### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} || $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) { - &Ovpnfunc::displayroothost($cgiparams{'ACTION'}); +}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} || + $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) { + my $output; + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) { + &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:"); + $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; + } else { + &Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:"); + $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`; + } + $output = &Header::cleanhtml($output,"y"); + print "
$output
\n"; + &Header::closebox(); + print ""; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + ### ### Download root certificate ### @@ -721,7 +1069,7 @@ END (my $state = $cgiparams{'ROOTCERT_STATE'}) =~ s/^\s*$/\./; # refresh - #system ('/usr/bin/touch', "${General::swroot}/ovpn/gencanow"); + #system ('/bin/touch', "${General::swroot}/ovpn/gencanow"); # Create the CA certificate my $pid = open(OPENSSL, "|-"); @@ -802,11 +1150,11 @@ END unlink ("${General::swroot}/ovpn/serverkey.pem"); unlink ("${General::swroot}/ovpn/certs/serverreq.pem"); unlink ("${General::swroot}/ovpn/certs/servercert.pem"); - &Ovpnfunc::newcleanssldatabase(); + &newcleanssldatabase(); goto ROOTCERT_ERROR; } else { unlink ("${General::swroot}/ovpn/certs/serverreq.pem"); - &Ovpnfunc::deletebackupcert(); + &deletebackupcert(); } # Create an empty CRL @@ -819,8 +1167,10 @@ END unlink ("${General::swroot}/ovpn/certs/servercert.pem"); unlink ("${General::swroot}/ovpn/ca/cacert.pem"); unlink ("${General::swroot}/ovpn/crls/cacrl.pem"); - &Ovpnfunc::cleanssldatabase(); + &cleanssldatabase(); goto ROOTCERT_ERROR; +# } else { +# &cleanssldatabase(); } # Create Diffie Hellmann Parameter system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache', @@ -833,8 +1183,10 @@ END unlink ("${General::swroot}/ovpn/ca/cacert.pem"); unlink ("${General::swroot}/ovpn/crls/cacrl.pem"); unlink ("${General::swroot}/ovpn/ca/dh1024.pem"); - &Ovpnfunc::cleanssldatabase(); + &cleanssldatabase(); goto ROOTCERT_ERROR; +# } else { +# &cleanssldatabase(); } goto ROOTCERT_SUCCESS; } @@ -919,33 +1271,40 @@ END ROOTCERT_SUCCESS: system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem"); +# if ($vpnsettings{'ENABLED'} eq 'on' || +# $vpnsettings{'ENABLE_BLUE'} eq 'on') { +# system('/usr/local/bin/ipsecctrl', 'S'); +# } ### ### Enable/Disable connection ### }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { + + &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + if ($confighash{$cgiparams{'KEY'}}) { - my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1].conf|grep -v grep|awk \'{print \$1}\'`; - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { - $confighash{$cgiparams{'KEY'}}[0] = 'on'; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - if ($n2nactive eq ''){ - system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); - } else { - system('/usr/local/bin/openvpnctrl', '-kn2n', $n2nactive); - system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); - } - } else { - $confighash{$cgiparams{'KEY'}}[0] = 'off'; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - if ($n2nactive ne ''){ - system('/usr/local/bin/openvpnctrl', '-kn2n', $n2nactive); - } - } - } else { - $errormessage = $Lang::tr{'invalid key'}; + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + $confighash{$cgiparams{'KEY'}}[0] = 'on'; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + #&writeserverconf(); +# if ($vpnsettings{'ENABLED'} eq 'on' || +# $vpnsettings{'ENABLED_BLUE'} eq 'on') { +# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}); +# } + } else { + $confighash{$cgiparams{'KEY'}}[0] = 'off'; +# if ($vpnsettings{'ENABLED'} eq 'on' || +# $vpnsettings{'ENABLED_BLUE'} eq 'on') { +# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); +# } + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + #&writeserverconf(); } + } else { + $errormessage = $Lang::tr{'invalid key'}; + } ### ### Download OpenVPN client package @@ -956,69 +1315,51 @@ END my $file = ''; my $clientovpn = ''; my @fileholder; - my $uhost3 = ''; - my $uhost = `/bin/uname -n`; - if ($uhost ne '') { - my @uhost2 = split /\./, $uhost; - $uhost3 = $uhost2[0]; - } else { - $uhost3 = "IPFire"; - } my $tempdir = tempdir( CLEANUP => 1 ); my $zippath = "$tempdir/"; - my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-$uhost3.zip"; + my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip"; my $zippathname = "$zippath$zipname"; - #anna - if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ - $zerinaclient = 'true'; - &Ovpnfunc::writenet2netconf($cgiparams{'KEY'},$zerinaclient); - exit(0); - } - $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-$uhost3.ovpn"; - open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $clientovpn $!"; + $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn"; + open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!"; flock CLIENTCONF, 2; my $zip = Archive::Zip->new(); - print CLIENTCONF "#OpenVPN Client conf\r\n"; + print CLIENTCONF "#OpenVPN Server conf\r\n"; print CLIENTCONF "tls-client\r\n"; print CLIENTCONF "client\r\n"; print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n"; - if ($vpnsettings{'DPROTOCOL'} eq 'tcp') { - print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}-client\r\n"; - } else { - print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n"; - } + print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n"; print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; if ( $vpnsettings{'ENABLED'} eq 'on'){ print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n"; - if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&Ovpnfunc::haveBlueNet())){ - print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Blue interface\r\n"; - print CLIENTCONF ";remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; - } - if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&Ovpnfunc::haveOrangeNet())){ - print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n"; - print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; - } - } elsif ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&Ovpnfunc::haveBlueNet())){ - print CLIENTCONF "remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; - if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&Ovpnfunc::haveOrangeNet())){ - print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n"; - print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; - } - } elsif ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&Ovpnfunc::haveOrangeNet())){ - print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; + if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){ + print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Blue interface\r\n"; + print CLIENTCONF ";remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; + } + if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){ + print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n"; + print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; + } + } elsif ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){ + print CLIENTCONF "remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; + if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){ + print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n"; + print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; + } + } elsif ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){ + print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; } if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { - print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n"; - $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; + print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n"; + $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; } else { - print CLIENTCONF "ca cacert.pem\r\n"; - print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n"; - print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n"; - $zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n"; - $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n"; + print CLIENTCONF "ca cacert.pem\r\n"; + print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n"; + print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n"; + $zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n"; + $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n"; } print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n"; if ($vpnsettings{DCOMPLZO} eq 'on') { @@ -1043,24 +1384,22 @@ END } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - if ($confighash{$cgiparams{'KEY'}}) { - if ($confighash{$cgiparams{'KEY'}}[19] eq 'yes') { - &Ovpnfunc::killconnection($cgiparams{'KEY'}); - &Ovpnfunc::removenet2netconf($cgiparams{'KEY'}); - delete $confighash{$cgiparams{'KEY'}}; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - } else { - my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); - &Ovpnfunc::killconnection($cgiparams{'KEY'}); - &Ovpnfunc::removenet2netconf($cgiparams{'KEY'}); - delete $confighash{$cgiparams{'KEY'}}; - my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - } + + if ($confighash{$cgiparams{'KEY'}}) { +# if ($vpnsettings{'ENABLED'} eq 'on' || +# $vpnsettings{'ENABLED_BLUE'} eq 'on') { +# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); +# } +# + my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + delete $confighash{$cgiparams{'KEY'}}; + my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + #&writeserverconf(); } else { - $errormessage = $Lang::tr{'invalid key'}; + $errormessage = $Lang::tr{'invalid key'}; } ### ### Download PKCS12 file @@ -1080,36 +1419,38 @@ END &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:"); - my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`; - $output = &Header::cleanhtml($output,"y"); - print "
$output
\n"; - &Header::closebox(); - print ""; - &Header::closebigbox(); - &Header::closepage(); - exit(0); + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:"); + my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`; + $output = &Header::cleanhtml($output,"y"); + print "
$output
\n"; + &Header::closebox(); + print ""; + &Header::closebigbox(); + &Header::closepage(); + exit(0); } ### ### Display Certificate Revoke List ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) { +# &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + if ( -f "${General::swroot}/ovpn/crls/cacrl.pem") { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:"); - my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`; - $output = &Header::cleanhtml($output,"y"); - print "
$output
\n"; - &Header::closebox(); - print ""; - &Header::closebigbox(); - &Header::closepage(); - exit(0); + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:"); + my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`; + $output = &Header::cleanhtml($output,"y"); + print "
$output
\n"; + &Header::closebox(); + print ""; + &Header::closebigbox(); + &Header::closepage(); + exit(0); } ### @@ -1122,23 +1463,23 @@ END %confighash = (); &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams); +# if ($cgiparams{'CLIENT2CLIENT'} eq '') { +# $cgiparams{'CLIENT2CLIENT'} = 'on'; +# } ADV_ERROR: if ($cgiparams{'MAX_CLIENTS'} eq '') { - $cgiparams{'MAX_CLIENTS'} = '100'; + $cgiparams{'MAX_CLIENTS'} = '100'; } if ($cgiparams{'KEEPALIVE_1'} eq '') { - $cgiparams{'KEEPALIVE_1'} = '10'; + $cgiparams{'KEEPALIVE_1'} = '10'; } if ($cgiparams{'KEEPALIVE_2'} eq '') { - $cgiparams{'KEEPALIVE_2'} = '60'; + $cgiparams{'KEEPALIVE_2'} = '60'; } if ($cgiparams{'LOG_VERB'} eq '') { - $cgiparams{'LOG_VERB'} = '3'; + $cgiparams{'LOG_VERB'} = '3'; } - if ($cgiparams{'EXTENDED_NICE'} eq '') { - $cgiparams{'EXTENDED_NICE'} = '0'; - } $checked{'CLIENT2CLIENT'}{'off'} = ''; $checked{'CLIENT2CLIENT'}{'on'} = ''; $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED'; @@ -1158,44 +1499,15 @@ ADV_ERROR: $selected{'LOG_VERB'}{'11'} = ''; $selected{'LOG_VERB'}{'0'} = ''; $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED'; - - ################################################################################# - # Added by Philipp Jenni # - # # - # Contact: philipp.jenni-at-gmx.ch # - # Date: 2006-04-22 # - # Description: Definitions to set the FASTIO Checkbox # - # Definitions to set the MTUDISC Checkbox # - # Definitions to set the NICE Selectionbox # - ################################################################################# - $checked{'EXTENDED_FASTIO'}{'off'} = ''; - $checked{'EXTENDED_FASTIO'}{'on'} = ''; - $checked{'EXTENDED_FASTIO'}{$cgiparams{'EXTENDED_FASTIO'}} = 'CHECKED'; - $checked{'EXTENDED_MTUDISC'}{'off'} = ''; - $checked{'EXTENDED_MTUDISC'}{'on'} = ''; - $checked{'EXTENDED_MTUDISC'}{$cgiparams{'EXTENDED_MTUDISC'}} = 'CHECKED'; - $selected{'EXTENDED_NICE'}{'-13'} = ''; - $selected{'EXTENDED_NICE'}{'-10'} = ''; - $selected{'EXTENDED_NICE'}{'-7'} = ''; - $selected{'EXTENDED_NICE'}{'-3'} = ''; - $selected{'EXTENDED_NICE'}{'0'} = ''; - $selected{'EXTENDED_NICE'}{'3'} = ''; - $selected{'EXTENDED_NICE'}{'7'} = ''; - $selected{'EXTENDED_NICE'}{'10'} = ''; - $selected{'EXTENDED_NICE'}{'13'} = ''; - $selected{'EXTENDED_NICE'}{$cgiparams{'EXTENDED_NICE'}} = 'SELECTED'; - ################################################################################# - # End of inserted Data # - ################################################################################# &Header::showhttpheaders(); &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); if ($errormessage) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); - print "$errormessage\n"; - print " \n"; - &Header::closebox(); + &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); + print "$errormessage\n"; + print " \n"; + &Header::closebox(); } &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'}); print <
- - - - - - - - - - - - - - - - - - - - -
$Lang::tr{'add-route'}
$Lang::tr{'subnet'} 1
$Lang::tr{'subnet'} 2
$Lang::tr{'subnet'} 3
-
- @@ -1267,71 +1556,6 @@ ADV_ERROR: - - - - - - - - - - - - - - - - - - - - - - - - - - -
$Lang::tr{'misc-options'}
$Lang::tr{'ovpn_processprio'} - -
$Lang::tr{'ovpn_fastio'} - -
$Lang::tr{'ovpn_mtudisc'} - -
$Lang::tr{'ovpn_mssfix'} - -
$Lang::tr{'ovpn_fragment'} - -
@@ -1354,23 +1578,7 @@ ADV_ERROR: - - - - - +
@@ -1386,6 +1594,7 @@ END ; &Header::closebox(); +# print ""; &Header::closebigbox(); &Header::closepage(); exit(0); @@ -1415,7 +1624,7 @@ END END ; - my $filename = "/var/log/ovpnserver.log"; + my $filename = "${General::swroot}/ovpn/server.log"; open(FILE, $filename) or die 'Unable to open config file.'; my @current = ; close(FILE); @@ -1434,6 +1643,7 @@ END @match = split( /^Updated,(.+)/, $line); $status = $match[1]; } +#gian if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) { @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line); if ($match[1] ne "Common Name") { @@ -1441,8 +1651,8 @@ END $userlookup{$match[2]} = $uid; $users[$uid]{'CommonName'} = $match[1]; $users[$uid]{'RealAddress'} = $match[2]; - $users[$uid]{'BytesReceived'} = &Ovpnfunc::sizeformat($match[3]); - $users[$uid]{'BytesSent'} = &Ovpnfunc::sizeformat($match[4]); + $users[$uid]{'BytesReceived'} = &sizeformat($match[3]); + $users[$uid]{'BytesSent'} = &sizeformat($match[4]); $users[$uid]{'Since'} = $match[5]; $users[$uid]{'Proto'} = $proto; $uid++; @@ -1463,9 +1673,9 @@ END if ($user2 >= 1){ for (my $idx = 1; $idx <= $user2; $idx++){ if ($idx % 2) { - print "\n"; + print "\n"; } else { - print "\n"; + print "\n"; } print ""; print ""; @@ -1500,11 +1710,42 @@ END ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download certificate'}) { &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") { - print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n"; - print "Content-Type: application/octet-stream\r\n\r\n"; - print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`; - exit (0); + print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n"; + print "Content-Type: application/octet-stream\r\n\r\n"; + print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`; + exit (0); + } + +### +### Enable/Disable connection +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { + + &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + if ($confighash{$cgiparams{'KEY'}}) { + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + $confighash{$cgiparams{'KEY'}}[0] = 'on'; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + #&writeserverconf(); +# if ($vpnsettings{'ENABLED'} eq 'on' || +# $vpnsettings{'ENABLED_BLUE'} eq 'on') { +# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}); +# } + } else { + $confighash{$cgiparams{'KEY'}}[0] = 'off'; +# if ($vpnsettings{'ENABLED'} eq 'on' || +# $vpnsettings{'ENABLED_BLUE'} eq 'on') { +# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); +# } + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + #&writeserverconf(); + } + } else { + $errormessage = $Lang::tr{'invalid key'}; } ### @@ -1515,28 +1756,53 @@ END &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); if ($confighash{$cgiparams{'KEY'}}) { +# if ($vpnsettings{'ENABLED'} eq 'on' || +# $vpnsettings{'ENABLED_BLUE'} eq 'on') { +# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}); +# } } else { - $errormessage = $Lang::tr{'invalid key'}; + $errormessage = $Lang::tr{'invalid key'}; } ### -### Choose between adding a host-net or net-net connection +### Remove connection ### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') { - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &Header::showhttpheaders(); +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { + &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + if ($confighash{$cgiparams{'KEY'}}) { +# if ($vpnsettings{'ENABLED'} eq 'on' || +# $vpnsettings{'ENABLED_BLUE'} eq 'on') { +# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); +# } + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + delete $confighash{$cgiparams{'KEY'}}; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + #&writeserverconf(); + } else { + $errormessage = $Lang::tr{'invalid key'}; + } +#test33 + +### +### Choose between adding a host-net or net-net connection +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') { + &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', "Net to Net $Lang::tr{'connection type'}"); + &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'}); print <$Lang::tr{'connection type'}:
-
$users[$idx-1]{'CommonName'}$users[$idx-1]{'RealAddress'}
- +
+ + + - - - - +
$Lang::tr{'host to net vpn'}
$Lang::tr{'net to net vpn'}
upload a ZERINA Net-to-Net package
END ; @@ -1544,230 +1810,6 @@ END &Header::closebigbox(); &Header::closepage(); exit (0); - -### -### uploading a ZERINA n2n connection package -### -} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'zerinan2n')){ - my @zerinaconf; - my @confdetails; - my $uplconffilename =''; - my $uplp12name = ''; - my $complzoactive =''; - my @rem_subnet; - my @rem_subnet2; - my @tmposupnet3; - my $key; - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); -# Move uploaded ZERINA n2n package to a temporary file - if (ref ($cgiparams{'FH'}) ne 'Fh') { - $errormessage = $Lang::tr{'there was no file upload'}; - goto ZERINA_ERROR; - } - # Move uploaded ca to a temporary file - (my $fh, my $filename) = tempfile( ); - if (copy ($cgiparams{'FH'}, $fh) != 1) { - $errormessage = $!; - goto ZERINA_ERROR; - } - - my $zip = Archive::Zip->new(); - my $zipName = $filename; - my $status = $zip->read( $zipName ); - if ($status != AZ_OK) { - $errormessage = "Read of $zipName failed\n"; - goto ZERINA_ERROR; - } - #my $tempdir = tempdir( CLEANUP => 1 ); - my $tempdir = tempdir(); - my @files = $zip->memberNames(); - for(@files) { - $zip->extractMemberWithoutPaths($_,"$tempdir/$_"); - } - my $countfiles = @files; - # see if we have 2 files - if ( $countfiles == 2){ - foreach (@files){ - if ( $_ =~ /.conf$/){ - $uplconffilename = $_; - } - if ( $_ =~ /.p12$/){ - $uplp12name = $_; - } - } - if (($uplconffilename eq '') || ($uplp12name eq '')){ - $errormessage = "Either no *.conf or no *.p12 file found\n"; - goto ZERINA_ERROR; - } - open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file'; - @zerinaconf = ; - close (FILE); - chomp(@zerinaconf); - } else { - # only 2 files are allowed - $errormessage = "Filecount does not match only 2 files are allowed\n"; - goto ZERINA_ERROR; - } - #prepare imported data not elegant, will be changed later - my $ufuk = (@zerinaconf); - push(@confdetails, substr($zerinaconf[0],4));#dev tun 0 - push(@confdetails, substr($zerinaconf[1],8));#mtu value 1 - push(@confdetails, substr($zerinaconf[2],6));#protocol 2 - if ($confdetails[2] eq 'tcp-client' || $confdetails[2] eq 'tcp-server') { - $confdetails[2] = 'tcp'; - } - push(@confdetails, substr($zerinaconf[3],5));#port 3 - push(@confdetails, substr($zerinaconf[4],9));#ovpn subnet 4 - push(@confdetails, substr($zerinaconf[5],7));#remote ip 5 - push(@confdetails, $zerinaconf[6]); #tls-server/tls-client 6 - push(@confdetails, substr($zerinaconf[7],7));#pkcs12 name 7 - push(@confdetails, substr($zerinaconf[$ufuk-1],1));#remote subnet 8 - push(@confdetails, substr($zerinaconf[9],10));#keepalive 9 - push(@confdetails, substr($zerinaconf[10],7));#cipher 10 - if ($ufuk == 14) { - push(@confdetails, $zerinaconf[$ufuk-3]);#complzo 11 - $complzoactive = "on"; - } else { - $complzoactive = "off"; - } - push(@confdetails, substr($zerinaconf[$ufuk-2],5));#verb 12 - push(@confdetails, substr($zerinaconf[8],6));#localsubnet 13 - #push(@confdetails, substr($uplconffilename,0,-5));#connection Name 14 - push(@confdetails, substr($uplp12name,0,-4));#connection Name 14 - #chomp(@confdetails); - foreach my $dkey (keys %confighash) {#Check if there is no other entry with this name - if ($confighash{$dkey}[1] eq $confdetails[$ufuk]) { - $errormessage = $Lang::tr{'a connection with this name already exists'}; - goto ZERINA_ERROR; - } - } - if ($confdetails[$ufuk] eq 'server') { - $errormessage = $Lang::tr{'server reserved'}; - goto ZERINA_ERROR; - } - @rem_subnet2 = split(/ /,$confdetails[4]); - @tmposupnet3 = split /\./,$rem_subnet2[0]; - $errormessage = &Ovpnfunc::ovelapplausi("$tmposupnet3[0].$tmposupnet3[1].$tmposupnet3[2].0","255.255.255.0"); - if ($errormessage ne ''){ - goto ZERINA_ERROR; - } - - $key = &General::findhasharraykey (\%confighash); - foreach my $i (0 .. 42) { $confighash{$key}[$i] = "";} - $confighash{$key}[0] = 'off'; - $confighash{$key}[1] = $confdetails[$ufuk]; - #$confighash{$key}[2] = $confdetails[7]; - $confighash{$key}[2] = $confdetails[$ufuk]; - $confighash{$key}[3] = 'net'; - $confighash{$key}[4] = 'cert'; - $confighash{$key}[6] = 'client'; - $confighash{$key}[8] = $confdetails[8]; - @rem_subnet = split(/ /,$confdetails[$ufuk-1]); - $confighash{$key}[11] = "$rem_subnet[0]/$rem_subnet[1]"; - $confighash{$key}[10] = $confdetails[5]; - $confighash{$key}[25] = 'imported'; - $confighash{$key}[12] = 'red'; - my @tmposupnet = split(/ /,$confdetails[4]); - my @tmposupnet2 = split /\./,$tmposupnet[0]; - $confighash{$key}[13] = "$tmposupnet2[0].$tmposupnet2[1].$tmposupnet2[2].0/255.255.255.0"; - $confighash{$key}[14] = $confdetails[2]; - $confighash{$key}[15] = $confdetails[3]; - $confighash{$key}[16] = $complzoactive; - $confighash{$key}[17] = $confdetails[1]; - $confighash{$key}[18] = '';# nn2nvpn_ip - $confighash{$key}[19] = 'yes';# nn2nvpn_ip - $confighash{$key}[20] = $confdetails[10]; - $cgiparams{'KEY'} = $key; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - mkdir("${General::swroot}/ovpn/n2nconf/$confdetails[$ufuk]", 0770); - move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$confdetails[$ufuk]/$uplconffilename"); - if ($? ne 0) { - $errormessage = "*.conf move failed: $!"; - unlink ($filename); - goto ZERINA_ERROR; - } - move("$tempdir/$uplp12name", "${General::swroot}/ovpn/n2nconf/$confdetails[$ufuk]/$uplp12name"); - if ($? ne 0) { - $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; - unlink ($filename); - goto ZERINA_ERROR; - } - ZERINA_ERROR: - - &Header::showhttpheaders(); - &Header::openpage('Validate imported configuration', 1, ''); - &Header::openbigbox('100%', 'LEFT', '', $errormessage); - if ($errormessage) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); - print "$errormessage"; - print " "; - &Header::closebox(); - } else { - &Header::openbox('100%', 'LEFT', 'Validate imported configuration'); - } - if ($errormessage eq ''){ - print < -   -   - $Lang::tr{'name'}: - $confdetails[$ufuk] - $Lang::tr{'Act as'} - $confdetails[6] - $Lang::tr{'remote host/ip'}: - $confdetails[5] - $Lang::tr{'local subnet'} - $confighash{$key}[8] - $Lang::tr{'remote subnet'} - $confighash{$key}[11] - $Lang::tr{'ovpn subnet'} - $confighash{$key}[$ufuk-1] - $Lang::tr{'protocol'} - $confdetails[2] - $Lang::tr{'destination port'}: - $confdetails[3] - $Lang::tr{'comp-lzo'} - $complzoactive - $Lang::tr{'cipher'} - $confdetails[10] - $Lang::tr{'MTU'}  - $confdetails[1] -END -; - - &Header::closebox(); - } - if ($errormessage) { - print ""; - } else { - print "
"; - print ""; - print ""; - print "
"; - } - &Header::closebigbox(); - &Header::closepage(); - exit(0); - -### -### Approve Zerina n2n -### -} elsif (($cgiparams{'ACTION'} eq 'Approved') && ($cgiparams{'TYPE'} eq 'zerinan2n')){ - &Ovpnfunc::writenet2netconf($cgiparams{'KEY'},$zerinaclient); -### -### Discard Zerina n2n -### -} elsif (($cgiparams{'ACTION'} eq 'Discard') && ($cgiparams{'TYPE'} eq 'zerinan2n')){ - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ($confighash{$cgiparams{'KEY'}}) { - &Ovpnfunc::removenet2netconf(); - delete $confighash{$cgiparams{'KEY'}}; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } ### ### Adding a new connection ### @@ -1780,498 +1822,431 @@ END &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { - if (! $confighash{$cgiparams{'KEY'}}[0]) { - $errormessage = $Lang::tr{'invalid key'}; - goto VPNCONF_END; - } - $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; - $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; - $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; - $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; - $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; - $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; - $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; - $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; - $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; - $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; - $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[12]; - $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[13];#new fields - $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[14]; - $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[15]; - $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[16]; - $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[17]; - $cgiparams{'N2NVPN_IP'} = $confighash{$cgiparams{'KEY'}}[18];#new fields - $cgiparams{'ZERINA_CLIENT'} = $confighash{$cgiparams{'KEY'}}[19];#new fields - $cgiparams{'CIPHER'} = $confighash{$cgiparams{'KEY'}}[20];#new fields - if ($cgiparams{'ZERINA_CLIENT'} eq ''){ - $cgiparams{'ZERINA_CLIENT'} = 'no'; - } - } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {#ab hiere error uebernehmen - $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); - # n2n error - if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { - $errormessage = $Lang::tr{'connection type is invalid'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) { - $errormessage = $Lang::tr{'name must only contain characters'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault|server)$/) { - $errormessage = $Lang::tr{'name is invalid'}; - goto VPNCONF_ERROR; - } - if (length($cgiparams{'NAME'}) >60) { - $errormessage = $Lang::tr{'name too long'}; - goto VPNCONF_ERROR; - } - if (! $cgiparams{'KEY'}) {# Check if there is no other entry with this name - foreach my $key (keys %confighash) { - if ($confighash{$key}[1] eq $cgiparams{'NAME'}) { - $errormessage = $Lang::tr{'a connection with this name already exists'}; - goto VPNCONF_ERROR; - } - } - } - if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) { - $errormessage = $Lang::tr{'invalid input for remote host/ip'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'REMOTE'}) { - if (! &General::validip($cgiparams{'REMOTE'})) { - if (! &General::validfqdn ($cgiparams{'REMOTE'})) { - $errormessage = $Lang::tr{'invalid input for remote host/ip'}; - goto VPNCONF_ERROR; - } else { - if (&Ovpnfunc::valid_dns_host($cgiparams{'REMOTE'})) { - $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}"; - } - } - } - } - if ($cgiparams{'TYPE'} ne 'host') { - unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) { - $errormessage = $Lang::tr{'local subnet is invalid'}; - goto VPNCONF_ERROR; - } - } - #hier1 - my @tmpovpnsubnet = split("\/",$cgiparams{'LOCAL_SUBNET'}); - $tmpovpnsubnet[1] = &Ovpnfunc::cidrormask($tmpovpnsubnet[1]); - $cgiparams{'LOCAL_SUBNET'} = "$tmpovpnsubnet[0]/$tmpovpnsubnet[1]";#convert from cidr - #hier1 - if ($cgiparams{'REMOTE'} eq '') {# Check if there is no other entry without IP-address and PSK - foreach my $key (keys %confighash) { - if(($cgiparams{'KEY'} ne $key) && ($confighash{$key}[4] eq 'psk' || $cgiparams{'AUTH'} eq 'psk') && $confighash{$key}[10] eq '') { - $errormessage = $Lang::tr{'you can only define one roadwarrior connection when using pre-shared key authentication'}; - goto VPNCONF_ERROR; - } - } - } - if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) { - $errormessage = $Lang::tr{'remote subnet is invalid'}; - goto VPNCONF_ERROR; - } - #hier2 - my @tmpovpnsubnet = split("\/",$cgiparams{'REMOTE_SUBNET'}); - $tmpovpnsubnet[1] = &Ovpnfunc::cidrormask($tmpovpnsubnet[1]); - $cgiparams{'REMOTE_SUBNET'} = "$tmpovpnsubnet[0]/$tmpovpnsubnet[1]";#convert from cidr - #hier2 - if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) { - $errormessage = $Lang::tr{'invalid input'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'EDIT_ADVANCED'} !~ /^(on|off)$/) { - $errormessage = $Lang::tr{'invalid input'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'ENABLED'} eq 'on'){ - $errormessage = &Ovpnfunc::disallowreserved($cgiparams{'DEST_PORT'},0,$cgiparams{'PROTOCOL'},"dest"); - } - if ($errormessage) { goto VPNCONF_ERROR; } - - if ($cgiparams{'ENABLED'} eq 'on'){ - $errormessage = &Ovpnfunc::checkportfw(0,$cgiparams{'DEST_PORT'},$cgiparams{'PROTOCOL'},'0.0.0.0'); - } - if ($errormessage) { goto VPNCONF_ERROR; } -#raul - if ($cgiparams{'TYPE'} eq 'net') { - if (! &General::validipandmask($cgiparams{'OVPN_SUBNET'})) { - $errormessage = $Lang::tr{'ovpn subnet is invalid'}; - goto VPNCONF_ERROR; - } - #hier3 - my @tmpovpnsubnet = split("\/",$cgiparams{'OVPN_SUBNET'}); - $tmpovpnsubnet[1] = &Ovpnfunc::cidrormask($tmpovpnsubnet[1]); - $cgiparams{'OVPN_SUBNET'} = "$tmpovpnsubnet[0]/$tmpovpnsubnet[1]";#convert from cidr - #hier3 - #plausi2 - $errormessage = &Ovpnfunc::ovelapplausi($tmpovpnsubnet[0],$tmpovpnsubnet[1]); - #plausi2 - if ($errormessage ne ''){ - goto VPNCONF_ERROR; - } - if ((length($cgiparams{'MTU'})==0) || (($cgiparams{'MTU'}) < 1000 )) { - $errormessage = $Lang::tr{'invalid mtu input'}; - goto VPNCONF_ERROR; - } - unless (&General::validport($cgiparams{'DEST_PORT'})) { - $errormessage = $Lang::tr{'invalid port'}; - goto VPNCONF_ERROR; - } - # check protcol/port overlap against existing connections gian - foreach my $dkey (keys %confighash) {#Check if there is no other entry with this name - if ($dkey ne $cgiparams{'KEY'}) { - if ($confighash{$dkey}[14] eq $cgiparams{'PROTOCOL'} && $confighash{$dkey}[15] eq $cgiparams{'DEST_PORT'}){ - #if ($confighash{$dkey}[14] eq 'on') { - $errormessage = "Choosed Protocol/Port combination is already used by connection: $confighash{$dkey}[1]"; - goto VPNCONF_ERROR; - #} else { - # $warnmessage = "Choosed Protcol/Port combination is used by inactive connection: $confighash{$dkey}[1]"; - #} - } - } - } - #check protcol/port overlap against RWserver gian - if ($vpnsettings{'ENABLED'} eq 'on') { - if ($vpnsettings{'DPROTOCOL'} eq $cgiparams{'PROTOCOL'} && $vpnsettings{'DDEST_PORT'} eq $cgiparams{'DEST_PORT'}){ - $errormessage = "Choosed Protocol/Port combination is already used OpenVPN Roadwarrior Server"; - goto VPNCONF_ERROR; - } - } + if (! $confighash{$cgiparams{'KEY'}}[0]) { + $errormessage = $Lang::tr{'invalid key'}; + goto VPNCONF_END; + } + $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; + $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; + $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; + $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; + $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; + $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; + $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; + $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; + $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; + $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; + $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; +#new fields + $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; + $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; + $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; + $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; + $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; +#new fields +#ab hiere error uebernehmen + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { + $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); + if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { + $errormessage = $Lang::tr{'connection type is invalid'}; + goto VPNCONF_ERROR; + } + + + if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) { + $errormessage = $Lang::tr{'name must only contain characters'}; + goto VPNCONF_ERROR; + } + + if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) { + $errormessage = $Lang::tr{'name is invalid'}; + goto VPNCONF_ERROR; + } + + if (length($cgiparams{'NAME'}) >60) { + $errormessage = $Lang::tr{'name too long'}; + goto VPNCONF_ERROR; + } + +# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) { +# $errormessage = $Lang::tr{'ipfire side is invalid'}; +# goto VPNCONF_ERROR; +# } + + # Check if there is no other entry with this name + if (! $cgiparams{'KEY'}) { + foreach my $key (keys %confighash) { + if ($confighash{$key}[1] eq $cgiparams{'NAME'}) { + $errormessage = $Lang::tr{'a connection with this name already exists'}; + goto VPNCONF_ERROR; } - if ($cgiparams{'AUTH'} eq 'psk') { - #removed - } elsif ($cgiparams{'AUTH'} eq 'certreq') { - # { - if ($cgiparams{'KEY'}) { - $errormessage = $Lang::tr{'cant change certificates'}; - goto VPNCONF_ERROR; - } - if (ref ($cgiparams{'FH'}) ne 'Fh') { - $errormessage = $Lang::tr{'there was no file upload'}; - goto VPNCONF_ERROR; - } - (my $fh, my $filename) = tempfile( );# Move uploaded certificate request to a temporary file - if (copy ($cgiparams{'FH'}, $fh) != 1) { - $errormessage = $!; - goto VPNCONF_ERROR; - } - # Sign the certificate request and move it - # Sign the host certificate request - system('/usr/bin/openssl', 'ca', '-days', '999999', - '-batch', '-notext', - '-in', $filename, - '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", - '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf"); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ($filename); - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); - &Ovpnfunc::newcleanssldatabase(); - goto VPNCONF_ERROR; - } else { - unlink ($filename); - &Ovpnfunc::deletebackupcert(); - } - my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`; - $temp =~ /Subject:.*CN=(.*)[\n]/; - $temp = $1; - $temp =~ s+/Email+, E+; - $temp =~ s/ ST=/ S=/; - $cgiparams{'CERT_NAME'} = $temp; - $cgiparams{'CERT_NAME'} =~ s/,//g; - $cgiparams{'CERT_NAME'} =~ s/\'//g; - if ($cgiparams{'CERT_NAME'} eq '') { - $errormessage = $Lang::tr{'could not retrieve common name from certificate'}; - goto VPNCONF_ERROR; - } - } elsif ($cgiparams{'AUTH'} eq 'certfile') { - if ($cgiparams{'KEY'}) { - $errormessage = $Lang::tr{'cant change certificates'}; - goto VPNCONF_ERROR; - } - if (ref ($cgiparams{'FH'}) ne 'Fh') { - $errormessage = $Lang::tr{'there was no file upload'}; - goto VPNCONF_ERROR; - } - (my $fh, my $filename) = tempfile( );# Move uploaded certificate to a temporary file - if (copy ($cgiparams{'FH'}, $fh) != 1) { - $errormessage = $!; - goto VPNCONF_ERROR; - } - my $validca = 0;# Verify the certificate has a valid CA and move it - my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`; - if ($test =~ /: OK/) { - $validca = 1; - } else { - foreach my $key (keys %cahash) { - $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`; - if ($test =~ /: OK/) { - $validca = 1; - } - } - } - if (! $validca) { - $errormessage = $Lang::tr{'certificate does not have a valid ca associated with it'}; - unlink ($filename); - goto VPNCONF_ERROR; - } else { - move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); - if ($? ne 0) { - $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; - unlink ($filename); - goto VPNCONF_ERROR; - } - } - my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`; - $temp =~ /Subject:.*CN=(.*)[\n]/; - $temp = $1; - $temp =~ s+/Email+, E+; - $temp =~ s/ ST=/ S=/; - $cgiparams{'CERT_NAME'} = $temp; - $cgiparams{'CERT_NAME'} =~ s/,//g; - $cgiparams{'CERT_NAME'} =~ s/\'//g; - if ($cgiparams{'CERT_NAME'} eq '') { - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); - $errormessage = $Lang::tr{'could not retrieve common name from certificate'}; - goto VPNCONF_ERROR; - } - } elsif ($cgiparams{'AUTH'} eq 'certgen'){ - if ($cgiparams{'KEY'}) { - $errormessage = $Lang::tr{'cant change certificates'}; - goto VPNCONF_ERROR; - } - if (length($cgiparams{'CERT_NAME'}) >60) {# Validate input since the form was submitted - $errormessage = $Lang::tr{'name too long'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) { - $errormessage = $Lang::tr{'invalid input for name'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) { - $errormessage = $Lang::tr{'invalid input for e-mail address'}; - goto VPNCONF_ERROR; - } - if (length($cgiparams{'CERT_EMAIL'}) > 40) { - $errormessage = $Lang::tr{'e-mail address too long'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_OU'} ne '' && $cgiparams{'CERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) { - $errormessage = $Lang::tr{'invalid input for department'}; - goto VPNCONF_ERROR; - } - if (length($cgiparams{'CERT_ORGANIZATION'}) >60) { - $errormessage = $Lang::tr{'organization too long'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) { - $errormessage = $Lang::tr{'invalid input for organization'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_CITY'} ne '' && $cgiparams{'CERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) { - $errormessage = $Lang::tr{'invalid input for city'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_STATE'} ne '' && $cgiparams{'CERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) { - $errormessage = $Lang::tr{'invalid input for state or province'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_COUNTRY'} !~ /^[A-Z]*$/) { - $errormessage = $Lang::tr{'invalid input for country'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_PASS1'} ne '' && $cgiparams{'CERT_PASS2'} ne ''){ - if (length($cgiparams{'CERT_PASS1'}) < 5) { - $errormessage = $Lang::tr{'password too short'}; - goto VPNCONF_ERROR; - } - } - if ($cgiparams{'CERT_PASS1'} ne $cgiparams{'CERT_PASS2'}) { - $errormessage = $Lang::tr{'passwords do not match'}; - goto VPNCONF_ERROR; - } - (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;# Replace empty strings with a . - (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./; - (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./; - my $pid = open(OPENSSL, "|-");# Create the Host certificate request client - $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto VPNCONF_ERROR;}; - if ($pid) { # parent - print OPENSSL "$cgiparams{'CERT_COUNTRY'}\n"; - print OPENSSL "$state\n"; - print OPENSSL "$city\n"; - print OPENSSL "$cgiparams{'CERT_ORGANIZATION'}\n"; - print OPENSSL "$ou\n"; - print OPENSSL "$cgiparams{'CERT_NAME'}\n"; - print OPENSSL "$cgiparams{'CERT_EMAIL'}\n"; - print OPENSSL ".\n"; - print OPENSSL ".\n"; - close (OPENSSL); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}key.pem"); - unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}req.pem"); - goto VPNCONF_ERROR; - } - } else { # child - unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-newkey', 'rsa:1024', - '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem", - '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem", - '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) { - $errormessage = "$Lang::tr{'cant start openssl'}: $!"; - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem"); - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem"); - goto VPNCONF_ERROR; - } - } - # Sign the host certificate request - system('/usr/bin/openssl', 'ca', '-days', '999999', - '-batch', '-notext', - '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem", - '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", - '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf"); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem"); - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem"); - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); - &Ovpnfunc::newcleanssldatabase(); - goto VPNCONF_ERROR; - } else { - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem"); - &Ovpnfunc::deletebackupcert(); - } - # Create the pkcs12 file - system('/usr/bin/openssl', 'pkcs12', '-export', - '-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem", - '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", - '-name', $cgiparams{'NAME'}, - '-passout', "pass:$cgiparams{'CERT_PASS1'}", - '-certfile', "${General::swroot}/ovpn/ca/cacert.pem", - '-caname', "$vpnsettings{'ROOTCERT_ORGANIZATION'} CA", - '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12"); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem"); - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12"); - goto VPNCONF_ERROR; - } else { - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem"); - } - } elsif ($cgiparams{'AUTH'} eq 'cert') { - ;# Nothing, just editing + } + } + + if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) { + $errormessage = $Lang::tr{'invalid input for remote host/ip'}; + goto VPNCONF_ERROR; + } + + if ($cgiparams{'REMOTE'}) { + if (! &General::validip($cgiparams{'REMOTE'})) { + if (! &General::validfqdn ($cgiparams{'REMOTE'})) { + $errormessage = $Lang::tr{'invalid input for remote host/ip'}; + goto VPNCONF_ERROR; } else { - $errormessage = $Lang::tr{'invalid input for authentication method'}; - goto VPNCONF_ERROR; + if (&valid_dns_host($cgiparams{'REMOTE'})) { + $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}"; + } } - if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {# Check if there is no other entry with this common name - foreach my $key (keys %confighash) { - if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) { - $errormessage = $Lang::tr{'a connection with this common name already exists'}; - goto VPNCONF_ERROR; - } - } + } + } + if ($cgiparams{'TYPE'} ne 'host') { + unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) { + $errormessage = $Lang::tr{'local subnet is invalid'}; + goto VPNCONF_ERROR;} + } + # Check if there is no other entry without IP-address and PSK + if ($cgiparams{'REMOTE'} eq '') { + foreach my $key (keys %confighash) { + if(($cgiparams{'KEY'} ne $key) && + ($confighash{$key}[4] eq 'psk' || $cgiparams{'AUTH'} eq 'psk') && + $confighash{$key}[10] eq '') { + $errormessage = $Lang::tr{'you can only define one roadwarrior connection when using pre-shared key authentication'}; + goto VPNCONF_ERROR; } + } + } + if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) { + $errormessage = $Lang::tr{'remote subnet is invalid'}; + goto VPNCONF_ERROR; + } + + if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) { + $errormessage = $Lang::tr{'invalid input'}; + goto VPNCONF_ERROR; + } + if ($cgiparams{'EDIT_ADVANCED'} !~ /^(on|off)$/) { + $errormessage = $Lang::tr{'invalid input'}; + goto VPNCONF_ERROR; + } + +#fixplausi + if ($cgiparams{'AUTH'} eq 'psk') { +# if (! length($cgiparams{'PSK'}) ) { +# $errormessage = $Lang::tr{'pre-shared key is too short'}; +# goto VPNCONF_ERROR; +# } +# if ($cgiparams{'PSK'} =~ /['",&]/) { +# $errormessage = $Lang::tr{'invalid characters found in pre-shared key'}; +# goto VPNCONF_ERROR; +# } + } elsif ($cgiparams{'AUTH'} eq 'certreq') { + if ($cgiparams{'KEY'}) { + $errormessage = $Lang::tr{'cant change certificates'}; + goto VPNCONF_ERROR; + } + if (ref ($cgiparams{'FH'}) ne 'Fh') { + $errormessage = $Lang::tr{'there was no file upload'}; + goto VPNCONF_ERROR; + } + + # Move uploaded certificate request to a temporary file + (my $fh, my $filename) = tempfile( ); + if (copy ($cgiparams{'FH'}, $fh) != 1) { + $errormessage = $!; + goto VPNCONF_ERROR; + } - my $key = $cgiparams{'KEY'};# Save the config - if (! $key) { - $key = &General::findhasharraykey (\%confighash); - foreach my $i (0 .. 42) { $confighash{$key}[$i] = "";} + # Sign the certificate request and move it + # Sign the host certificate request + system('/usr/bin/openssl', 'ca', '-days', '999999', + '-batch', '-notext', + '-in', $filename, + '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", + '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf"); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + unlink ($filename); + unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); + &newcleanssldatabase(); + goto VPNCONF_ERROR; + } else { + unlink ($filename); + &deletebackupcert(); + } + + my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`; + $temp =~ /Subject:.*CN=(.*)[\n]/; + $temp = $1; + $temp =~ s+/Email+, E+; + $temp =~ s/ ST=/ S=/; + $cgiparams{'CERT_NAME'} = $temp; + $cgiparams{'CERT_NAME'} =~ s/,//g; + $cgiparams{'CERT_NAME'} =~ s/\'//g; + if ($cgiparams{'CERT_NAME'} eq '') { + $errormessage = $Lang::tr{'could not retrieve common name from certificate'}; + goto VPNCONF_ERROR; + } + } elsif ($cgiparams{'AUTH'} eq 'certfile') { + if ($cgiparams{'KEY'}) { + $errormessage = $Lang::tr{'cant change certificates'}; + goto VPNCONF_ERROR; + } + if (ref ($cgiparams{'FH'}) ne 'Fh') { + $errormessage = $Lang::tr{'there was no file upload'}; + goto VPNCONF_ERROR; + } + # Move uploaded certificate to a temporary file + (my $fh, my $filename) = tempfile( ); + if (copy ($cgiparams{'FH'}, $fh) != 1) { + $errormessage = $!; + goto VPNCONF_ERROR; + } + + # Verify the certificate has a valid CA and move it + my $validca = 0; + my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`; + if ($test =~ /: OK/) { + $validca = 1; + } else { + foreach my $key (keys %cahash) { + $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`; + if ($test =~ /: OK/) { + $validca = 1; + } } - $confighash{$key}[0] = $cgiparams{'ENABLED'}; - $confighash{$key}[1] = $cgiparams{'NAME'}; - if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') { - $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; + } + if (! $validca) { + $errormessage = $Lang::tr{'certificate does not have a valid ca associated with it'}; + unlink ($filename); + goto VPNCONF_ERROR; + } else { + move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); + if ($? ne 0) { + $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + unlink ($filename); + goto VPNCONF_ERROR; } - $confighash{$key}[3] = $cgiparams{'TYPE'}; - if ($cgiparams{'AUTH'} eq 'psk') { - $confighash{$key}[4] = 'psk'; - $confighash{$key}[5] = $cgiparams{'PSK'}; - } else { - $confighash{$key}[4] = 'cert'; + } + + my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`; + $temp =~ /Subject:.*CN=(.*)[\n]/; + $temp = $1; + $temp =~ s+/Email+, E+; + $temp =~ s/ ST=/ S=/; + $cgiparams{'CERT_NAME'} = $temp; + $cgiparams{'CERT_NAME'} =~ s/,//g; + $cgiparams{'CERT_NAME'} =~ s/\'//g; + if ($cgiparams{'CERT_NAME'} eq '') { + unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); + $errormessage = $Lang::tr{'could not retrieve common name from certificate'}; + goto VPNCONF_ERROR; + } + } elsif ($cgiparams{'AUTH'} eq 'certgen') { + if ($cgiparams{'KEY'}) { + $errormessage = $Lang::tr{'cant change certificates'}; + goto VPNCONF_ERROR; + } + # Validate input since the form was submitted + if (length($cgiparams{'CERT_NAME'}) >60) { + $errormessage = $Lang::tr{'name too long'}; + goto VPNCONF_ERROR; + } + if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) { + $errormessage = $Lang::tr{'invalid input for name'}; + goto VPNCONF_ERROR; + } + if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) { + $errormessage = $Lang::tr{'invalid input for e-mail address'}; + goto VPNCONF_ERROR; + } + if (length($cgiparams{'CERT_EMAIL'}) > 40) { + $errormessage = $Lang::tr{'e-mail address too long'}; + goto VPNCONF_ERROR; + } + if ($cgiparams{'CERT_OU'} ne '' && $cgiparams{'CERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) { + $errormessage = $Lang::tr{'invalid input for department'}; + goto VPNCONF_ERROR; + } + if (length($cgiparams{'CERT_ORGANIZATION'}) >60) { + $errormessage = $Lang::tr{'organization too long'}; + goto VPNCONF_ERROR; + } + if ($cgiparams{'CERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) { + $errormessage = $Lang::tr{'invalid input for organization'}; + goto VPNCONF_ERROR; + } + if ($cgiparams{'CERT_CITY'} ne '' && $cgiparams{'CERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) { + $errormessage = $Lang::tr{'invalid input for city'}; + goto VPNCONF_ERROR; + } + if ($cgiparams{'CERT_STATE'} ne '' && $cgiparams{'CERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) { + $errormessage = $Lang::tr{'invalid input for state or province'}; + goto VPNCONF_ERROR; + } + if ($cgiparams{'CERT_COUNTRY'} !~ /^[A-Z]*$/) { + $errormessage = $Lang::tr{'invalid input for country'}; + goto VPNCONF_ERROR; + } + if ($cgiparams{'CERT_PASS1'} ne '' && $cgiparams{'CERT_PASS2'} ne ''){ + if (length($cgiparams{'CERT_PASS1'}) < 5) { + $errormessage = $Lang::tr{'password too short'}; + goto VPNCONF_ERROR; } - if ($cgiparams{'TYPE'} eq 'net') { - $confighash{$key}[6] = $cgiparams{'SIDE'}; - $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; - if ( $cgiparams{'SIDE'} eq 'client') { - $confighash{$key}[19] = 'yes'; - } else{ - $confighash{$key}[19] = 'no'; - } + } + if ($cgiparams{'CERT_PASS1'} ne $cgiparams{'CERT_PASS2'}) { + $errormessage = $Lang::tr{'passwords do not match'}; + goto VPNCONF_ERROR; + } + + # Replace empty strings with a . + (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./; + (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./; + (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./; + + # Create the Host certificate request client + my $pid = open(OPENSSL, "|-"); + $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto VPNCONF_ERROR;}; + if ($pid) { # parent + print OPENSSL "$cgiparams{'CERT_COUNTRY'}\n"; + print OPENSSL "$state\n"; + print OPENSSL "$city\n"; + print OPENSSL "$cgiparams{'CERT_ORGANIZATION'}\n"; + print OPENSSL "$ou\n"; + print OPENSSL "$cgiparams{'CERT_NAME'}\n"; + print OPENSSL "$cgiparams{'CERT_EMAIL'}\n"; + print OPENSSL ".\n"; + print OPENSSL ".\n"; + close (OPENSSL); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}key.pem"); + unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}req.pem"); + goto VPNCONF_ERROR; } - $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; - $confighash{$key}[10] = $cgiparams{'REMOTE'}; - $confighash{$key}[25] = $cgiparams{'REMARK'}; - $confighash{$key}[12] = $cgiparams{'INTERFACE'}; - $confighash{$key}[13] = $cgiparams{'OVPN_SUBNET'};# new fields - $confighash{$key}[14] = $cgiparams{'PROTOCOL'}; - $confighash{$key}[15] = $cgiparams{'DEST_PORT'}; - $confighash{$key}[16] = $cgiparams{'COMPLZO'}; - $confighash{$key}[17] = $cgiparams{'MTU'}; - $confighash{$key}[18] = $cgiparams{'N2NVPN_IP'};# new fileds - $confighash{$key}[19] = $cgiparams{'ZERINA_CLIENT'};# new fileds - $confighash{$key}[20] = $cgiparams{'CIPHER'}; - - #default n2n advanced - $confighash{$key}[26] = '10';#keepalive ping - $confighash{$key}[27] = '60';#keepalive restart - $confighash{$key}[28] = '0';#nice - $confighash{$key}[42] = '3';#verb - #default n2n advanced - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - &Ovpnfunc::writenet2netconf($key,$zerinaclient); - #ppp - my $n2nactive = `/bin/ps ax|grep $cgiparams{'NAME'}.conf|grep -v grep|awk \'{print \$1}\'`; - if ($cgiparams{'ENABLED'}) { - if ($n2nactive eq ''){ - system('/usr/local/bin/openvpnctrl', '-sn2n', $cgiparams{'NAME'}); - } else { - system('/usr/local/bin/openvpnctrl', '-kn2n', $n2nactive); - system('/usr/local/bin/openvpnctrl', '-sn2n', $cgiparams{'NAME'}); - } - } else { - if ($n2nactive ne ''){ - system('/usr/local/bin/openvpnctrl', '-kn2n', $cgiparams{'NAME'}); - } + } else { # child + unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache', + '-newkey', 'rsa:1024', + '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem", + '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem", + '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) { + $errormessage = "$Lang::tr{'cant start openssl'}: $!"; + unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem"); + unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem"); + goto VPNCONF_ERROR; } - if ($cgiparams{'EDIT_ADVANCED'} eq 'on') { - $cgiparams{'KEY'} = $key; - $cgiparams{'ACTION'} = $Lang::tr{'advanced'}; + } + + # Sign the host certificate request + system('/usr/bin/openssl', 'ca', '-days', '999999', + '-batch', '-notext', + '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem", + '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", + '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf"); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem"); + unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem"); + unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); + &newcleanssldatabase(); + goto VPNCONF_ERROR; + } else { + unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem"); + &deletebackupcert(); + } + + # Create the pkcs12 file + system('/usr/bin/openssl', 'pkcs12', '-export', + '-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem", + '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", + '-name', $cgiparams{'NAME'}, + '-passout', "pass:$cgiparams{'CERT_PASS1'}", + '-certfile', "${General::swroot}/ovpn/ca/cacert.pem", + '-caname', "$vpnsettings{'ROOTCERT_ORGANIZATION'} CA", + '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12"); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem"); + unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); + unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12"); + goto VPNCONF_ERROR; + } else { + unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem"); + } + } elsif ($cgiparams{'AUTH'} eq 'cert') { + ;# Nothing, just editing + } else { + $errormessage = $Lang::tr{'invalid input for authentication method'}; + goto VPNCONF_ERROR; + } + + # Check if there is no other entry with this common name + if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) { + foreach my $key (keys %confighash) { + if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) { + $errormessage = $Lang::tr{'a connection with this common name already exists'}; + goto VPNCONF_ERROR; } - goto VPNCONF_END; + } + } + + # Save the config + my $key = $cgiparams{'KEY'}; + if (! $key) { + $key = &General::findhasharraykey (\%confighash); + foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + } + $confighash{$key}[0] = $cgiparams{'ENABLED'}; + $confighash{$key}[1] = $cgiparams{'NAME'}; + if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') { + $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; + } + $confighash{$key}[3] = $cgiparams{'TYPE'}; + if ($cgiparams{'AUTH'} eq 'psk') { + $confighash{$key}[4] = 'psk'; + $confighash{$key}[5] = $cgiparams{'PSK'}; + } else { + $confighash{$key}[4] = 'cert'; + } + if ($cgiparams{'TYPE'} eq 'net') { + $confighash{$key}[6] = $cgiparams{'SIDE'}; + $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; + } + $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; + $confighash{$key}[10] = $cgiparams{'REMOTE'}; + $confighash{$key}[25] = $cgiparams{'REMARK'}; + $confighash{$key}[26] = $cgiparams{'INTERFACE'}; +# new fields + $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'}; + $confighash{$key}[28] = $cgiparams{'PROTOCOL'}; + $confighash{$key}[29] = $cgiparams{'DEST_PORT'}; + $confighash{$key}[30] = $cgiparams{'COMPLZO'}; + $confighash{$key}[31] = $cgiparams{'MTU'}; +# new fileds + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + if ($cgiparams{'EDIT_ADVANCED'} eq 'on') { + $cgiparams{'KEY'} = $key; + $cgiparams{'ACTION'} = $Lang::tr{'advanced'}; + } + goto VPNCONF_END; } else { - $cgiparams{'ENABLED'} = 'on'; - if ($cgiparams{'ZERINA_CLIENT'} eq ''){ - $cgiparams{'ZERINA_CLIENT'} = 'no'; - } - if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { - $cgiparams{'AUTH'} = 'psk'; - } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") { - $cgiparams{'AUTH'} = 'certfile'; - } else { + $cgiparams{'ENABLED'} = 'on'; + $cgiparams{'SIDE'} = 'left'; + if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { + $cgiparams{'AUTH'} = 'psk'; + } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") { + $cgiparams{'AUTH'} = 'certfile'; + } else { $cgiparams{'AUTH'} = 'certgen'; - } - $cgiparams{'LOCAL_SUBNET'} ="$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"; - $cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'}; - $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'}; - $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'}; - $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'}; + } + $cgiparams{'LOCAL_SUBNET'} ="$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"; + $cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'}; + $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'}; + $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'}; + $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'}; } + VPNCONF_ERROR: - # n2n default settings - if ($cgiparams{'CIPHER'} eq '') { - $cgiparams{'CIPHER'} = 'BF-CBC'; - } - if ($cgiparams{'MTU'} eq '') { - $cgiparams{'MTU'} = '1400'; - } - if ($cgiparams{'OVPN_SUBNET'} eq '') { - $cgiparams{'OVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0'; - } - #n2n default settings $checked{'ENABLED'}{'off'} = ''; $checked{'ENABLED'}{'on'} = ''; $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED'; @@ -2281,43 +2256,28 @@ END $checked{'ENABLED_ORANGE'}{'off'} = ''; $checked{'ENABLED_ORANGE'}{'on'} = ''; $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED'; + + $checked{'EDIT_ADVANCED'}{'off'} = ''; $checked{'EDIT_ADVANCED'}{'on'} = ''; $checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = 'CHECKED'; + $selected{'SIDE'}{'server'} = ''; $selected{'SIDE'}{'client'} = ''; $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED'; - -# $selected{'DDEVICE'}{'tun'} = ''; -# $selected{'DDEVICE'}{'tap'} = ''; -# $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED'; - - $selected{'PROTOCOL'}{'udp'} = ''; - $selected{'PROTOCOL'}{'tcp'} = ''; - $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = 'SELECTED'; - + $checked{'AUTH'}{'psk'} = ''; $checked{'AUTH'}{'certreq'} = ''; $checked{'AUTH'}{'certgen'} = ''; $checked{'AUTH'}{'certfile'} = ''; $checked{'AUTH'}{$cgiparams{'AUTH'}} = 'CHECKED'; + $selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = 'SELECTED'; + $checked{'COMPLZO'}{'off'} = ''; $checked{'COMPLZO'}{'on'} = ''; $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED'; - $selected{'CIPHER'}{'DES-CBC'} = ''; - $selected{'CIPHER'}{'DES-EDE-CBC'} = ''; - $selected{'CIPHER'}{'DES-EDE3-CBC'} = ''; - $selected{'CIPHER'}{'DESX-CBC'} = ''; - $selected{'CIPHER'}{'RC2-CBC'} = ''; - $selected{'CIPHER'}{'RC2-40-CBC'} = ''; - $selected{'CIPHER'}{'RC2-64-CBC'} = ''; - $selected{'CIPHER'}{'BF-CBC'} = ''; - $selected{'CIPHER'}{'CAST5-CBC'} = ''; - $selected{'CIPHER'}{'AES-128-CBC'} = ''; - $selected{'CIPHER'}{'AES-192-CBC'} = ''; - $selected{'CIPHER'}{'AES-256-CBC'} = ''; - $selected{'CIPHER'}{$cgiparams{'CIPHER'}} = 'SELECTED'; + if (1) { &Header::showhttpheaders(); @@ -2329,19 +2289,22 @@ END print " "; &Header::closebox(); } + if ($warnmessage) { &Header::openbox('100%', 'LEFT', "$Lang::tr{'warning messages'}:"); print "$warnmessage"; print " "; &Header::closebox(); } + print "
"; print ""; - print ""; + if ($cgiparams{'KEY'}) { print ""; print ""; } + &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:"); print "\n"; print ""; @@ -2351,77 +2314,81 @@ END } else { print ""; } +# print ""; +# print ""; +# print <"; if ($cgiparams{'KEY'}) { - print ""; + print ""; } else { - print ""; + print ""; } - print ""; - print ""; - print ""; - if ((($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) && ($cgiparams{'ZERINA_CLIENT'} eq 'no')) || - (($cgiparams{'ACTION'} eq $Lang::tr{'save'}) && ($cgiparams{'ZERINA_CLIENT'} eq 'no')) || - (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'ZERINA_CLIENT'} eq 'no'))) { - print ""; - print ""; - print ""; - print ""; - print ""; - } else { - print ""; - print ""; - print ""; - } - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; + print <  + + + + + + + + + +ttt + + + + + + + + + + + + +END + ; } print ""; print ""; + # if ($cgiparams{'TYPE'} eq 'net') { print "\n"; - if ($cgiparams{'TYPE'} eq 'host') { +# if ($cgiparams{'KEY'}) { +# print "
$Lang::tr{'name'}:
$Lang::tr{'interface'}
$cgiparams{'NAME'}$cgiparams{'NAME'}  
$Lang::tr{'Act as'}
$Lang::tr{'local vpn hostname/ip'}:$Lang::tr{'remote host/ip'}:
$Lang::tr{'Act as'}$cgiparams{'SIDE'}$Lang::tr{'remote host/ip'}:
$Lang::tr{'local subnet'}$Lang::tr{'remote subnet'}
$Lang::tr{'ovpn subnet'}
$Lang::tr{'protocol'}$Lang::tr{'destination port'}:
$Lang::tr{'comp-lzo'}$Lang::tr{'cipher'}
$Lang::tr{'MTU'}   
$Lang::tr{'Act as'}$Lang::tr{'remote host/ip'}:
$Lang::tr{'local subnet'}$Lang::tr{'remote subnet'}
$Lang::tr{'ovpn subnet'}
$Lang::tr{'protocol'}$Lang::tr{'destination port'}:
$Lang::tr{'comp-lzo'}
$Lang::tr{'MTU'} 
$Lang::tr{'remark title'} 
$Lang::tr{'enabled'}  
"; +# } else { +# print " $Lang::tr{'edit advanced settings when done'}"; +# } +# }else{ print " "; - } elsif ($cgiparams{'ACTION'} ne $Lang::tr{'edit'}){ - print " $Lang::tr{'edit advanced settings when done'}"; - } else { - print ""; - } +# } + &Header::closebox(); + if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') { - ;#we dont have psk + # &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'}); + # print < + # $Lang::tr{'use a pre-shared key'} + # + # +END + # ; + # &Header::closebox(); } elsif (! $cgiparams{'KEY'}) { my $disabled=''; my $cakeydisabled=''; @@ -2462,6 +2429,7 @@ END $Lang::tr{'country'}:  $Lang::tr{'pkcs12 file password'}:
($Lang::tr{'confirmation'}) - -END - ; - &Header::closebox(); - } - print "
"; - if ($cgiparams{'KEY'}) { - if ($cgiparams{'TYPE'} ne 'host') { - print ""; - } - } - print "
"; - &Header::closebigbox(); - &Header::closepage(); - exit (0); - } - VPNCONF_END: -} -### -### Advanced settings -### -if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || - ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq 'yes')) { - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if (! $confighash{$cgiparams{'KEY'}}) { - $errormessage = $Lang::tr{'invalid key'}; - goto ADVANCED_END; - } - #n2n advanced error - if ($cgiparams{'KEEPALIVE_1'} ne '') { - if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) { - $errormessage = $Lang::tr{'invalid input for keepalive 1'}; - goto ADVANCED_ERROR; - } - } - if ($cgiparams{'KEEPALIVE_2'} ne ''){ - if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) { - $errormessage = $Lang::tr{'invalid input for keepalive 2'}; - goto ADVANCED_ERROR; - } - } - if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){ - $errormessage = $Lang::tr{'invalid input for keepalive 1:2'}; - goto ADVANCED_ERROR; - } - if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { -# if ($cgiparams{'NAT'} !~ /^(on|off)$/) { -# $errormessage = $Lang::tr{'invalid input'}; -# goto ADVANCED_ERROR; -# } - #n2n advanced error - #cgi an config - $confighash{$cgiparams{'KEY'}}[26] = $cgiparams{'KEEPALIVE_1'}; - $confighash{$cgiparams{'KEY'}}[27] = $cgiparams{'KEEPALIVE_2'}; - $confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'EXTENDED_NICE'}; - $confighash{$cgiparams{'KEY'}}[29] = $cgiparams{'EXTENDED_FASTIO'}; - $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'EXTENDED_MTUDISC'}; - $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'EXTENDED_MSSFIX'}; - $confighash{$cgiparams{'KEY'}}[32] = $cgiparams{'EXTENDED_FRAGMENT'}; - $confighash{$cgiparams{'KEY'}}[33] = $cgiparams{'PROXY_HOST'}; - $confighash{$cgiparams{'KEY'}}[34] = $cgiparams{'PROXY_PORT'}; - $confighash{$cgiparams{'KEY'}}[35] = $cgiparams{'PROXY_USERNAME'}; - $confighash{$cgiparams{'KEY'}}[36] = $cgiparams{'PROXY_PASS'}; - $confighash{$cgiparams{'KEY'}}[37] = $cgiparams{'PROXY_AUTH_METHOD'}; - $confighash{$cgiparams{'KEY'}}[38] = $cgiparams{'http-proxy-retry'}; - $confighash{$cgiparams{'KEY'}}[39] = $cgiparams{'PROXY_TIMEOUT'}; - $confighash{$cgiparams{'KEY'}}[40] = $cgiparams{'PROXY_OPT_VERSION'}; - $confighash{$cgiparams{'KEY'}}[41] = $cgiparams{'PROXY_OPT_AGENT'}; - $confighash{$cgiparams{'KEY'}}[42] = $cgiparams{'LOG_VERB'}; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - &Ovpnfunc::writenet2netconf($cgiparams{'KEY'},$zerinaclient); - # restart n2n after advanced save ? - goto ADVANCED_END; - } else { - $cgiparams{'KEEPALIVE_1'} = $confighash{$cgiparams{'KEY'}}[26]; - $cgiparams{'KEEPALIVE_2'} = $confighash{$cgiparams{'KEY'}}[27]; - $cgiparams{'EXTENDED_NICE'} = $confighash{$cgiparams{'KEY'}}[28]; - $cgiparams{'EXTENDED_FASTIO'} = $confighash{$cgiparams{'KEY'}}[29]; - $cgiparams{'EXTENDED_MTUDISC'} = $confighash{$cgiparams{'KEY'}}[30]; - $cgiparams{'EXTENDED_MSSFIX'} = $confighash{$cgiparams{'KEY'}}[31]; - $cgiparams{'EXTENDED_FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[32]; - $cgiparams{'PROXY_HOST'} = $confighash{$cgiparams{'KEY'}}[33]; - $cgiparams{'PROXY_PORT'} = $confighash{$cgiparams{'KEY'}}[34]; - $cgiparams{'PROXY_USERNAME'} = $confighash{$cgiparams{'KEY'}}[35]; - $cgiparams{'PROXY_PASS'} = $confighash{$cgiparams{'KEY'}}[36]; - $cgiparams{'PROXY_AUTH_METHOD'} = $confighash{$cgiparams{'KEY'}}[37]; - $cgiparams{'http-proxy-retry'} = $confighash{$cgiparams{'KEY'}}[38]; - $cgiparams{'PROXY_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[39]; - $cgiparams{'PROXY_OPT_VERSION'} = $confighash{$cgiparams{'KEY'}}[40]; - $cgiparams{'PROXY_OPT_AGENT'} = $confighash{$cgiparams{'KEY'}}[41]; - $cgiparams{'LOG_VERB'} = $confighash{$cgiparams{'KEY'}}[42]; - #cgi an config - } - ADVANCED_ERROR: - #Schalter setzen - $selected{'EXTENDED_NICE'}{'-13'} = ''; - $selected{'EXTENDED_NICE'}{'-10'} = ''; - $selected{'EXTENDED_NICE'}{'-7'} = ''; - $selected{'EXTENDED_NICE'}{'-3'} = ''; - $selected{'EXTENDED_NICE'}{'0'} = ''; - $selected{'EXTENDED_NICE'}{'3'} = ''; - $selected{'EXTENDED_NICE'}{'7'} = ''; - $selected{'EXTENDED_NICE'}{'10'} = ''; - $selected{'EXTENDED_NICE'}{'13'} = ''; - $selected{'EXTENDED_NICE'}{$cgiparams{'EXTENDED_NICE'}} = 'SELECTED'; - $checked{'EXTENDED_FASTIO'}{'off'} = ''; - $checked{'EXTENDED_FASTIO'}{'on'} = ''; - $checked{'EXTENDED_FASTIO'}{$cgiparams{'EXTENDED_FASTIO'}} = 'CHECKED'; - $checked{'EXTENDED_MTUDISC'}{'off'} = ''; - $checked{'EXTENDED_MTUDISC'}{'on'} = ''; - $checked{'EXTENDED_MTUDISC'}{$cgiparams{'EXTENDED_MTUDISC'}} = 'CHECKED'; - $selected{'LOG_VERB'}{'1'} = ''; - $selected{'LOG_VERB'}{'2'} = ''; - $selected{'LOG_VERB'}{'3'} = ''; - $selected{'LOG_VERB'}{'4'} = ''; - $selected{'LOG_VERB'}{'5'} = ''; - $selected{'LOG_VERB'}{'6'} = ''; - $selected{'LOG_VERB'}{'7'} = ''; - $selected{'LOG_VERB'}{'8'} = ''; - $selected{'LOG_VERB'}{'9'} = ''; - $selected{'LOG_VERB'}{'10'} = ''; - $selected{'LOG_VERB'}{'11'} = ''; - $selected{'LOG_VERB'}{'0'} = ''; - $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED'; - $selected{'PROXY_AUTH_METHOD'}{'none'} = ''; - $selected{'PROXY_AUTH_METHOD'}{'basic'} = ''; - $selected{'PROXY_AUTH_METHOD'}{'ntlm'} = ''; - $selected{'PROXY_AUTH_METHOD'}{$cgiparams{'PROXY_AUTH_METHOD'}} = 'SELECTED'; - $checked{'PROXY_RETRY'}{'off'} = ''; - $checked{'PROXY_RETRY'}{'on'} = ''; - $checked{'PROXY_RETRY'}{$cgiparams{'PROXY_RETRY'}} = 'CHECKED'; - #Schalter setzen - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', $errormessage); - - if ($errormessage) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); - print "$errormessage"; - print " "; - &Header::closebox(); - } + +END + ; + &Header::closebox(); + } - if ($warnmessage) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'}); - print "$warnmessage"; - print " "; - &Header::closebox(); + print "
"; + if ($cgiparams{'KEY'}) { +# print ""; + } + print "
"; + &Header::closebigbox(); + &Header::closepage(); + exit (0); } - - print "
\n"; - print "\n"; - print "\n"; - - &Header::openbox('100%', 'LEFT', "$Lang::tr{'advanced'}:"); - print < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$Lang::tr{'misc-options'}
Keppalive (ping/ping-restart)
$Lang::tr{'ovpn_processprio'} - -
$Lang::tr{'ovpn_fastio'} - -
$Lang::tr{'ovpn_mtudisc'} - -
$Lang::tr{'ovpn_mssfix'} - -
$Lang::tr{'ovpn_fragment'} - -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$Lang::tr{'proxy'} $Lang::tr{'settings'}
$Lang::tr{'proxy'} $Lang::tr{'host'}:$Lang::tr{'proxy port'}:
$Lang::tr{'username'}$Lang::tr{'password'}
$Lang::tr{'authentication'} $Lang::tr{'method'} - -
http-proxy-retryhttp-proxy-timeout
http-proxy-option VERSIONhttp-proxy-option AGENT
-
- - - - - - - - - - -
$Lang::tr{'log-options'}
VERB
- -EOF - ; - &Header::closebox(); - print "
"; - print "
"; - &Header::closebigbox(); - &Header::closepage(); - exit(0); - - ADVANCED_END: + VPNCONF_END: } + +# SETTINGS_ERROR: ### ### Default status page ### -%cgiparams = (); -%cahash = (); -%confighash = (); -&General::readhash("${General::swroot}/ovpn/settings", \%cgiparams); -&General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash); -&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); -my @status = `/bin/cat /var/log/ovpnserver.log`; -if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") { + %cgiparams = (); + %cahash = (); + %confighash = (); + &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams); + &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + my @status = `/bin/cat /var/ipfire/ovpn/server.log`; + + if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") { if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) { my $ipaddr = ; close IPADDR; chomp ($ipaddr); $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0]; if ($cgiparams{'VPN_IP'} eq '') { - $cgiparams{'VPN_IP'} = $ipaddr; + $cgiparams{'VPN_IP'} = $ipaddr; } } -} + } + #default setzen -if ($cgiparams{'DCIPHER'} eq '') { + if ($cgiparams{'DCIPHER'} eq '') { $cgiparams{'DCIPHER'} = 'BF-CBC'; -} + } # if ($cgiparams{'DCOMPLZO'} eq '') { # $cgiparams{'DCOMPLZO'} = 'on'; # } -if ($cgiparams{'DDEST_PORT'} eq '') { + if ($cgiparams{'DDEST_PORT'} eq '') { $cgiparams{'DDEST_PORT'} = '1194'; -} -if ($cgiparams{'DMTU'} eq '') { + } + if ($cgiparams{'DMTU'} eq '') { $cgiparams{'DMTU'} = '1400'; -} -if ($cgiparams{'DOVPN_SUBNET'} eq '') { + } + if ($cgiparams{'DOVPN_SUBNET'} eq '') { $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0'; -} -$checked{'ENABLED'}{'off'} = ''; -$checked{'ENABLED'}{'on'} = ''; -$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED'; -$checked{'ENABLED_BLUE'}{'off'} = ''; -$checked{'ENABLED_BLUE'}{'on'} = ''; -$checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED'; -$checked{'ENABLED_ORANGE'}{'off'} = ''; -$checked{'ENABLED_ORANGE'}{'on'} = ''; -$checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED'; + } + + $checked{'ENABLED'}{'off'} = ''; + $checked{'ENABLED'}{'on'} = ''; + $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED'; + $checked{'ENABLED_BLUE'}{'off'} = ''; + $checked{'ENABLED_BLUE'}{'on'} = ''; + $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED'; + $checked{'ENABLED_ORANGE'}{'off'} = ''; + $checked{'ENABLED_ORANGE'}{'on'} = ''; + $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED'; + + #new settings -$selected{'DDEVICE'}{'tun'} = ''; -$selected{'DDEVICE'}{'tap'} = ''; -$selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED'; -$selected{'DPROTOCOL'}{'udp'} = ''; -$selected{'DPROTOCOL'}{'tcp'} = ''; -$selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED'; -$selected{'DCIPHER'}{'DES-CBC'} = ''; -$selected{'DCIPHER'}{'DES-EDE-CBC'} = ''; -$selected{'DCIPHER'}{'DES-EDE3-CBC'} = ''; -$selected{'DCIPHER'}{'DESX-CBC'} = ''; -$selected{'DCIPHER'}{'RC2-CBC'} = ''; -$selected{'DCIPHER'}{'RC2-40-CBC'} = ''; -$selected{'DCIPHER'}{'RC2-64-CBC'} = ''; -$selected{'DCIPHER'}{'BF-CBC'} = ''; -$selected{'DCIPHER'}{'CAST5-CBC'} = ''; -$selected{'DCIPHER'}{'AES-128-CBC'} = ''; -$selected{'DCIPHER'}{'AES-192-CBC'} = ''; -$selected{'DCIPHER'}{'AES-256-CBC'} = ''; -$selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED'; -$checked{'DCOMPLZO'}{'off'} = ''; -$checked{'DCOMPLZO'}{'on'} = ''; -$checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED'; + $selected{'DDEVICE'}{'tun'} = ''; + $selected{'DDEVICE'}{'tap'} = ''; + $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED'; + + $selected{'DPROTOCOL'}{'udp'} = ''; + $selected{'DPROTOCOL'}{'tcp'} = ''; + $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED'; + + $selected{'DCIPHER'}{'DES-CBC'} = ''; + $selected{'DCIPHER'}{'DES-EDE-CBC'} = ''; + $selected{'DCIPHER'}{'DES-EDE3-CBC'} = ''; + $selected{'DCIPHER'}{'DESX-CBC'} = ''; + $selected{'DCIPHER'}{'RC2-CBC'} = ''; + $selected{'DCIPHER'}{'RC2-40-CBC'} = ''; + $selected{'DCIPHER'}{'RC2-64-CBC'} = ''; + $selected{'DCIPHER'}{'BF-CBC'} = ''; + $selected{'DCIPHER'}{'CAST5-CBC'} = ''; + $selected{'DCIPHER'}{'AES-128-CBC'} = ''; + $selected{'DCIPHER'}{'AES-192-CBC'} = ''; + $selected{'DCIPHER'}{'AES-256-CBC'} = ''; + $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED'; + $checked{'DCOMPLZO'}{'off'} = ''; + $checked{'DCOMPLZO'}{'on'} = ''; + $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED'; #new settings -&Header::showhttpheaders(); -&Header::openpage($Lang::tr{'status ovpn'}, 1, ''); -&Header::openbigbox('100%', 'LEFT', '', $errormessage); + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', $errormessage); -if ($errormessage) { + if ($errormessage) { &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); print "$errormessage\n"; print " \n"; &Header::closebox(); -} + } -my $sactive = "
$Lang::tr{'stopped'}
"; -my $srunning = "no"; -my $activeonrun = ""; -if ( -e "/var/run/openvpn.pid"){ + my $sactive = "
$Lang::tr{'stopped'}
"; + my $srunning = "no"; + my $activeonrun = ""; + if ( -e "/var/run/openvpn.pid"){ $sactive = "
$Lang::tr{'running'}
"; $srunning ="yes"; $activeonrun = ""; -} else { + } else { $activeonrun = "disabled='disabled'"; -} -#ufuk -#CERT -&Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}:"); -print "
ZERINA-0.9.7a9
"; -print " "; -print < - - $Lang::tr{'name'} + } + &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'}); + print "
ZERINA-0.9.4i
"; + print < +
+   +   +   + $Lang::tr{'ovpn server status'} + $sactive + $Lang::tr{'ovpn on red'} + +END +; + if (&haveBlueNet()) { + print "$Lang::tr{'ovpn on blue'}"; + print ""; + } + if (&haveOrangeNet()) { + print "$Lang::tr{'ovpn on orange'}"; + print ""; + } + print <$Lang::tr{'local vpn hostname/ip'}: + + $Lang::tr{'ovpn subnet'} + + $Lang::tr{'ovpn device'} + + $Lang::tr{'protocol'} + + $Lang::tr{'destination port'}: + + $Lang::tr{'MTU'}  + + $Lang::tr{'comp-lzo'} + + $Lang::tr{'cipher'} + +END +; + + if ( $srunning eq "yes" ) { + print ""; + print ""; + print ""; + print ""; + } else{ + print ""; + print ""; + if (( -e "${General::swroot}/ovpn/ca/cacert.pem" && + -e "${General::swroot}/ovpn/ca/dh1024.pem" && + -e "${General::swroot}/ovpn/certs/servercert.pem" && + -e "${General::swroot}/ovpn/certs/serverkey.pem") && + (( $cgiparams{'ENABLED'} eq 'on') || + ( $cgiparams{'ENABLED_BLUE'} eq 'on') || + ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){ + print ""; + print ""; + } else { + print ""; + print ""; + } + } + print ""; + &Header::closebox(); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}:"); + print < + + $Lang::tr{'name'} $Lang::tr{'subject'} $Lang::tr{'action'} - + EOF ; -if (-f "${General::swroot}/ovpn/ca/cacert.pem") { + if (-f "${General::swroot}/ovpn/ca/cacert.pem") { my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; $casubject =~ /Subject: (.*)[\n]/; $casubject = $1; $casubject =~ s+/Email+, E+; $casubject =~ s/ ST=/ S=/; + print < - $Lang::tr{'root certificate'} - $casubject -
- - -
-
+ + $Lang::tr{'root certificate'} + $casubject + + + +
+
-
-   + +   END ; -} else { + } else { # display rootcert generation buttons print < + $Lang::tr{'root certificate'}: $Lang::tr{'not present'}   END ; -} + } -if (-f "${General::swroot}/ovpn/certs/servercert.pem") { + if (-f "${General::swroot}/ovpn/certs/servercert.pem") { my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`; $hostsubject =~ /Subject: (.*)[\n]/; $hostsubject = $1; $hostsubject =~ s+/Email+, E+; $hostsubject =~ s/ ST=/ S=/; + print < + $Lang::tr{'host certificate'} $hostsubject
- - + +
- - + +
  END ; -} else { + } else { # Nothing print < + $Lang::tr{'host certificate'}: $Lang::tr{'not present'}   END ; -} + } -if (! -f "${General::swroot}/ovpn/ca/cacert.pem") { - print "
"; + if (! -f "${General::swroot}/ovpn/ca/cacert.pem") { + print ""; print ""; - print "
\n"; -} + print "\n"; + } -if (keys %cahash > 0) { + if (keys %cahash > 0) { foreach my $key (keys %cahash) { - if (($key + 1) % 2) { - print "\n"; - } else { - print "\n"; - } - print "$cahash{$key}[0]\n"; - print "$cahash{$key}[1]\n"; - print < + if (($key + 1) % 2) { + print "\n"; + } else { + print "\n"; + } + print "$cahash{$key}[0]\n"; + print "$cahash{$key}[1]\n"; + print < - -
+
+
-
-
+
+
-
+ END ; } -} -print ""; -if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {# If the file contains entries, print Key to action icons - print < - + } + + print ""; + + # If the file contains entries, print Key to action icons + if ( -f "${General::swroot}/ovpn/ca/cacert.pem") { + print < +   $Lang::tr{'legend'}:     $Lang::tr{ $Lang::tr{'show certificate'}     $Lang::tr{ $Lang::tr{'download certificate'} - - + + END ; -} -print < - - - - -
$Lang::tr{'ca name'}: -
+ } + print < + + + + + +
$Lang::tr{'ca name'}: +
END ; -&Header::closebox(); -if ( $srunning eq "yes" ) { + + &Header::closebox(); + if ( $srunning eq "yes" ) { print "
\n"; -}else{ - print "
\n"; -} -#CERT -#RWSERVER -#&Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'}); -&Header::openbox('100%', 'LEFT', 'Roadwarrior Server'); -print < -
-  -  -  -$Lang::tr{'ovpn server status'} -$sactive -$Lang::tr{'ovpn on red'} - -END -; -if (&Ovpnfunc::haveBlueNet()) { - print "$Lang::tr{'ovpn on blue'}"; - print ""; -} -if (&Ovpnfunc::haveOrangeNet()) { - print "$Lang::tr{'ovpn on orange'}"; - print ""; -} -print <$Lang::tr{'local vpn hostname/ip'}: - - $Lang::tr{'ovpn subnet'} -
-$Lang::tr{'ovpn device'} - -$Lang::tr{'protocol'} - - $Lang::tr{'destination port'}: - -$Lang::tr{'MTU'}  - -$Lang::tr{'comp-lzo'} - - $Lang::tr{'cipher'} - + }else{ + print "
\n"; + } + if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) { + &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' }); + print < + + $Lang::tr{'name'} + $Lang::tr{'type'} + $Lang::tr{'common name'} + $Lang::tr{'valid till'} + $Lang::tr{'remark'}
L2089 + $Lang::tr{'status'} + $Lang::tr{'action'} + END -; - -if ( $srunning eq "yes" ) { - print ""; - print ""; - print ""; - print ""; -} else{ - print ""; - print ""; - if (( -e "${General::swroot}/ovpn/ca/cacert.pem" && - -e "${General::swroot}/ovpn/ca/dh1024.pem" && - -e "${General::swroot}/ovpn/certs/servercert.pem" && - -e "${General::swroot}/ovpn/certs/serverkey.pem") && - (( $cgiparams{'ENABLED'} eq 'on') || - ( $cgiparams{'ENABLED_BLUE'} eq 'on') || - ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){ - print ""; - print ""; + ; + my $id = 0; + my $gif; + foreach my $key (keys %confighash) { + if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } + + if ($id % 2) { + print "\n"; } else { - print ""; - print ""; - } + print "\n"; + } + print "$confighash{$key}[1]"; + print "" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")"; + if ($confighash{$key}[4] eq 'cert') { + print "$confighash{$key}[2]"; + } else { + print " "; + } + my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; + $cavalid =~ /Not After : (.*)[\n]/; + $cavalid = $1; + print "$cavalid"; + print "$confighash{$key}[25]"; + my $active = "
$Lang::tr{'capsclosed'}
"; + if ($confighash{$key}[0] eq 'off') { + $active = "
$Lang::tr{'capsclosed'}
"; + } else { + my $cn; + my @match = (); + foreach my $line (@status) { + chomp($line); + if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) { + @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line); + if ($match[1] ne "Common Name") { + $cn = $match[1]; + } + $cn =~ s/[_]/ /g; + if ($cn eq "$confighash{$key}[2]") { + $active = "
$Lang::tr{'capsopen'}
"; + } + } + } + } + my $disable_clientdl = "disabled='disabled'"; + if (( $cgiparams{'ENABLED'} eq 'on') || + ( $cgiparams{'ENABLED_BLUE'} eq 'on') || + ( $cgiparams{'ENABLED_ORANGE'} eq 'on')){ + $disable_clientdl = ""; + } + print <$active + +
+ + + +
+END + ; + if ($confighash{$key}[4] eq 'cert') { + print < + + + + +END + ; } else { + print " "; + } + if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") { + print < + + + + +END + ; } elsif ($confighash{$key}[4] eq 'cert') { + print < + + + + +END + ; } else { + print " "; + } + print < + + + + + +
+ + + +
+
+ + + +
+ +END + ; + $id++; + } + ; + + # If the config file contains entries, print Key to action icons + if ( $id ) { + print < + +   $Lang::tr{'legend'}: +   $Lang::tr{ + $Lang::tr{'click to disable'} +     $Lang::tr{ + $Lang::tr{'show certificate'} +     $Lang::tr{ + $Lang::tr{'edit'} +     $Lang::tr{ + $Lang::tr{'remove'} + + +   +   ?OFF + $Lang::tr{'click to enable'} +     ?FLOPPY + $Lang::tr{'download certificate'} +     ?RELOAD + $Lang::tr{'dl client arch'} + + +END + ; + } + + print < +
+ + +
+ +END + ; + &Header::closebox(); } -print ""; -&Header::closebox(); -#RWSERVER -&Ovpnfunc::rwclientstatus($activeonrun); -&Ovpnfunc::net2netstatus($activeonrun); + print "$Lang::tr{'this feature has been sponsored by'} : "; + print "Star Events Group Ltd.\n"; + print "IBDOZING.\n"; + print "Xen by x|encon.\n"; + print "SAVATEC e.K..\n"; &Header::closepage(); diff --git a/lfs/ibod b/lfs/ibod index bfeeed7a0e..8e35c982ac 100644 --- a/lfs/ibod +++ b/lfs/ibod @@ -26,33 +26,55 @@ include Config -VER = ipfire +VER = 1.4 -THISAPP = ibod -DIR_APP = $(DIR_SRC)/src/$(THISAPP) +THISAPP = ibod-$(VER) +DL_FILE = $(THISAPP)-src.tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) ############################################################################### # Top-level Rules ############################################################################### +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 38b45be27c0a82b38380f680fdee0aff install : $(TARGET) -check : +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) -download : +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) -md5 : +$(subst %,%_MD5,$(objects)) : + @$(MD5) ############################################################################### # Installation Details ############################################################################### -$(TARGET) : +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - cd $(DIR_APP) && make ibod - mkdir -p /etc/ppp - cd $(DIR_APP) && install -m 0644 ibod.cf /etc/ppp + @-mkdir -p $(DIR_APP) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) -C $(DIR_APP) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ibod-config.patch + cd $(DIR_APP) && gcc $(CFLAGS) ibod.c -o ibod + cd $(DIR_APP) && install -m 0644 ibod.cf /etc/isdn cd $(DIR_APP) && install -m 0755 ibod /usr/sbin - cd $(DIR_APP) && rm -f ibod + @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/isdn4k-utils b/lfs/isdn4k-utils index d8cfb3417d..cac21fdd33 100644 --- a/lfs/isdn4k-utils +++ b/lfs/isdn4k-utils @@ -18,12 +18,6 @@ # Makefiles are based on LFSMake, which is # # Copyright (C) 2002 Rod Roard # # # -# Modifications by: # -# ??-12-2003 Mark Wormgoor < mark@wormgoor.com> # -# - Modified Makefile for IPCop build # -# # -# $Id: isdn4k-utils,v 1.8.2.4 2005/02/05 15:38:15 gespinasse Exp $ -# # ############################################################################### ############################################################################### @@ -32,24 +26,24 @@ include Config -VER = v3.2p1 +VER = CVS-2006-07-20 -THISAPP = isdn4k-utils.$(VER) +THISAPP = isdn4k-utils-$(VER) DL_FILE = $(THISAPP).tar.bz2 -DL_FROM = ftp://ftp.isdn4linux.de/pub/isdn4linux/utils -DIR_APP = $(DIR_SRC)/isdn4k-utils +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) +CFLAGS += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE +RPM_OPT_FLAGS = "$(CFLAGS)" ############################################################################### # Top-level Rules ############################################################################### -objects = $(DL_FILE) isdn4k-utils_ippp-filter.diff +objects = $(DL_FILE) -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) -isdn4k-utils_ippp-filter.diff = http://trash.net/~kaber/ippp-filter/isdn4k-utils_ippp-filter.diff +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = d347afa462e46eccfd1284aebae227b6 -isdn4k-utils_ippp-filter.diff_MD5 = b8ff58859b9e379d1f9842d43ce5956e +$(DL_FILE)_MD5 = 7cde4a61e870bb7e53cd912a3fc30207 install : $(TARGET) @@ -79,30 +73,28 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_DL)/isdn4k-utils_ippp-filter.diff - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/isdn4k-utils-v3.2p1-c89.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/isdn4k-utils-v3.2p1-config.patch - cd $(DIR_APP) && sed -i 's%-lt 64%-lt 16%' scripts/makedev.sh - cd $(DIR_APP)/capi20 && rm -f lt* aclocal.m4 - cd $(DIR_APP)/capi20 && aclocal - cd $(DIR_APP)/capi20 && libtoolize --force --automake - cd $(DIR_APP)/capi20 && automake --add-missing - cd $(DIR_APP)/capi20 && autoconf - cd $(DIR_APP)/capiinfo && rm -f aclocal.m4 - cd $(DIR_APP)/capiinfo && aclocal - cd $(DIR_APP)/capiinfo && libtoolize --force --automake - cd $(DIR_APP)/capiinfo && automake --add-missing - cd $(DIR_APP)/capiinfo && autoconf - cd $(DIR_APP)/capiinit && rm -f aclocal.m4 - cd $(DIR_APP)/capiinit && aclocal - cd $(DIR_APP)/capiinit && libtoolize --force --automake - cd $(DIR_APP)/capiinit && automake --add-missing - cd $(DIR_APP)/capiinit && autoconf - cd $(DIR_APP)/ipppd && autoconf - cd $(DIR_APP)/ipppd && sed -i -e 's/net\/bpf/pcap/' sys-linux.c - cd $(DIR_APP)/ipppd && sed -i -e 's/net\/bpf/pcap/' ipppd.h + #cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/isdn4k-utils_ippp-filter.diff + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/isdn4k-utils-CVS-2006-07-20-redhat.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/isdn4k-utils-CVS-2004-11-18-autoconf25x.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/isdn4k-utils-0202131200-true.patch + cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/isdn4k-utils-CVS-2006-02-13-cleanup.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/isdn4k-utils-statfs.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/isdn4k-utils-capiinit.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/isdn4k-utils-CVS-2006-07-20-pppd-2.4.4.patch + + cd $(DIR_APP) && for i in */configure; do \ + cd `dirname $$i`; \ + autoreconf --force --install; \ + cd ..; \ + done + + cd $(DIR_APP) && iconv -f iso-8859-1 -t utf-8 < imontty/imontty.8.in > imontty/imontty.8.in_ + cd $(DIR_APP) && mv imontty/imontty.8.in_ imontty/imontty.8.in + + cd $(DIR_APP) && cp -fv $(DIR_SRC)/config/isdn4k-utils/config .config + cd $(DIR_APP) && sed -e "s,',,g" .config > .config.h + cd $(DIR_APP) && make subconfig - cd $(DIR_APP)/ipppd && sed -i 's/^IPPP_FILTER.*$$/IPPP_FILTER := 1/' Makefile cd $(DIR_APP) && make cd $(DIR_APP) && make install @rm -rf $(DIR_APP) diff --git a/lfs/libxslt b/lfs/libxslt new file mode 100644 index 0000000000..0e99fd0986 --- /dev/null +++ b/lfs/libxslt @@ -0,0 +1,79 @@ +############################################################################### +# This file is part of the IPCop Firewall. # +# # +# IPCop is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPCop is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPCop; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Makefiles are based on LFSMake, which is # +# Copyright (C) 2002 Rod Roard # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.1.17 + +THISAPP = libxslt-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = fde6a7a93c0eb14cba628692fa3a1000 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/mISDN b/lfs/mISDN index b48d83b97c..d05e526a51 100644 --- a/lfs/mISDN +++ b/lfs/mISDN @@ -74,5 +74,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && make MISDNDIR=/usr/src/linux cd $(DIR_APP) && make install MISDNDIR=/usr/src/linux + -mkdir -p /usr/lib/mISDN + cd $(DIR_APP) && cp config/*.xsl /usr/lib/mISDN @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/openswan b/lfs/openswan index 989ce96aa4..e46b840aa8 100644 --- a/lfs/openswan +++ b/lfs/openswan @@ -76,12 +76,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -e 's%^INC_USRLOCAL.*$$%INC_USRLOCAL=/usr%' \ -e 's%^USERCOMPILE.*$$%USERCOMPILE=$(CFLAGS)%' \ -e 's%^KLIPSCOMPILE.*$$%KLIPSCOMPILE=$(CFLAGS)%' Makefile.inc - cd $(DIR_APP) && sed -i -e 's/CWARNINGS = -Werror/CWARNINGS =/' \ - lib/liblwres/Makefile cd $(DIR_APP) && make programs cd $(DIR_APP) && make install - #mv -f /etc/rc.d/init.d/ipsec /etc/rc.d/ + -rm -rfv /etc/rc*.d/*ipsec + cd $(DIR_SRC) && cp src/initscripts/init.d/ipsec /etc/rc.d/init.d/ipsec rm -f /etc/ipsec.conf /etc/ipsec.secrets ln -sf $(CONFIG_ROOT)/vpn/ipsec.conf /etc/ipsec.conf ln -sf $(CONFIG_ROOT)/vpn/ipsec.secrets /etc/ipsec.secrets diff --git a/make.sh b/make.sh index 603bb78517..95bf7dc6b4 100755 --- a/make.sh +++ b/make.sh @@ -374,6 +374,7 @@ buildipfire() { ipfiremake libcap ipfiremake pciutils ipfiremake libxml2 + ipfiremake libxslt ipfiremake BerkeleyDB ipfiremake mysql ipfiremake cyrus-sasl @@ -413,7 +414,7 @@ buildipfire() { ipfiremake iptstate ipfiremake iputils ipfiremake l7-protocols -# ipfiremake isdn4k-utils # What about mISDN??? + ipfiremake isdn4k-utils ipfiremake mISDN ipfiremake hwdata ipfiremake kudzu diff --git a/src/ibod/ibod.c b/src/ibod/ibod.c deleted file mode 100644 index 6c8e0e0a9e..0000000000 --- a/src/ibod/ibod.c +++ /dev/null @@ -1,367 +0,0 @@ -/* Customised version of ibod - GUI code removed by Mark Wormgoor - * Buffer overflow fixes by Robert Kerr - * - * ibod originally by Bjoern Smith - */ - -static char *rcsId = "$Id: ibod.c,v 1.1.1.1.8.1 2005/05/07 12:46:16 rkerr Exp $"; -static char *rcsSymbol = "$Symbol$"; - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ibod.h" - -static int setattr(); -static void reread(int sig); -static void pipehndl(int sig); -static void setinterval(); -static void get_if_state(); -static int bring_up_slave(); -static int bring_down_slave(); -static Conf cf; -static struct timeval timeout, tv_last, tv_up; -static int usageflags[ISDN_MAX_CHANNELS]; -static char phone[ISDN_MAX_CHANNELS][20]; -static Siobytes iobytes[ISDN_MAX_CHANNELS]; -static unsigned long in_bytes_last, out_bytes_last; -static unsigned long in_bytes_per_sec, out_bytes_per_sec; -static unsigned long channels_last; -static int channels_now; - -main(int argc, char *argv[]) -{ - openlog("ibod", LOG_PID, LOG_DAEMON); - - channels_last = -1; - - /* Setup initial attributes */ - if (setattr() == -1) { - closelog(); - exit(1); - } - - setinterval(); - - /* Setup handlig of signal SIGHUP and SIGPIPE */ - signal(SIGHUP, reread); - signal(SIGPIPE, pipehndl); - - do { - setinterval(); - - usleep(timeout.tv_usec); - - /* Gate state of interface */ - get_if_state(); - - } while (1); -} - - -static int setattr() -{ - FILE *fd; - char config_filename[MAX_STR_LEN] = IBOD_DEFAULT_DIR "/ibod.cf"; - char linebuf[MAX_STR_LEN]; - char *key, *value; - int val; - - strcpy(cf.dev, DEVICE); - cf.enable = ENABLE; - cf.interval = INTERVAL; - cf.filter = FILTER; - cf.limit = LIMIT; - cf.stayup = STAYUP; - cf.stayup_time = STAYUP_TIME; - - /* Open config file */ - if ((fd = fopen(config_filename, "r")) == NULL) { - syslog(LOG_ERR, "%s: %s\n", config_filename, strerror(errno)); - return -1; - } - - /* Loop over the config file to setup attributes */ - while (fgets(linebuf, MAX_STR_LEN, fd) != NULL) { - - if (*linebuf == '#') /* Ignore comments */ - continue; - - key = strtok(linebuf, " \t"); - value = strtok(NULL, " \t\n"); - - if (strcmp(key, "DEVICE") == 0) { - if (strcmp(cf.dev, value) != 0) - syslog(LOG_NOTICE, - "Parameter DEVICE reconfigured to %s\n", value); - snprintf(cf.dev, 32,"%s", value); - } - - if (strcmp(key, "ENABLE") == 0) { - val = atoi(value); - if (cf.enable != val) - syslog(LOG_NOTICE, - "Parameter ENABLE reconfigured to %d\n", val); - cf.enable = val; - } - - if (strcmp(key, "INTERVAL") == 0) { - val = atoi(value); - if (cf.interval != val) - syslog(LOG_NOTICE, - "Parameter INTERVAL reconfigured to %d\n", val); - cf.interval = atoi(value); - } - - if (strcmp(key, "FILTER") == 0) { - val = atoi(value); - if (cf.filter != val) - syslog(LOG_NOTICE, - "Parameter FILTER reconfigured to %d\n", val); - cf.filter = atoi(value); - } - - if (strcmp(key, "LIMIT") == 0) { - val = atoi(value); - if (cf.limit != val) - syslog(LOG_NOTICE, - "Parameter LIMIT reconfigured to %d\n", val); - cf.limit = atoi(value); - } - - if (strcmp(key, "STAYUP") == 0) { - val = atoi(value); - if (cf.stayup != val) - syslog(LOG_NOTICE, - "Parameter STAYUP reconfigured to %d\n", val); - cf.stayup = atoi(value); - } - - if (strcmp(key, "STAYUP_TIME") == 0) { - val = atoi(value); - if (cf.stayup_time != val) - syslog(LOG_NOTICE, - "Parameter STAYUP_TIME reconfigured to %d\n", val); - cf.stayup_time = atoi(value); - } - } - - fclose(fd); - return 0; -} - - - -static void setinterval() -{ - timeout.tv_sec = cf.interval / 1000; - timeout.tv_usec = (cf.interval % 1000) * 1000; -} - - -static void reread(int sig) -{ - (void) setattr(); - - setinterval(); - - signal(SIGHUP, reread); -} - - -static void pipehndl(int sig) -{ - syslog(LOG_ERR, "caught SIGPIPE: %s\n", sys_errlist[errno]); - - signal(SIGPIPE, pipehndl); -} - - -static void get_if_state() -{ - static char buf[4096]; - struct timeval tv_now; - int ms_delta; - int in_bytes_now, out_bytes_now; - int fd; - int i; - - /* Open the info device */ - if ((fd = open(ISDN_INFO_DEV, O_RDONLY | O_NDELAY)) < 0) { - syslog(LOG_ERR, "%s: %s\n", ISDN_INFO_DEV, sys_errlist[errno]); - closelog(); - exit(1); - } - - /* Whats the time now */ - gettimeofday(&tv_now, NULL); - ms_delta = (tv_now.tv_sec * 1000 + tv_now.tv_usec / 1000) - - (tv_last.tv_sec * 1000 + tv_last.tv_usec / 1000); - tv_last = tv_now; - - /* Get info from interface */ - if (read(fd, buf, sizeof(buf))> 0) { - sscanf(strstr(buf, "usage:"), - "usage: %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d", - &usageflags[0], &usageflags[1], &usageflags[2], &usageflags[3], - &usageflags[4], &usageflags[5], &usageflags[6], &usageflags[7], - &usageflags[8], &usageflags[9], &usageflags[10], &usageflags[11], - &usageflags[12], &usageflags[13], &usageflags[14], &usageflags[15]); - sscanf(strstr(buf, "phone:"), - "phone: %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s", - phone[0], phone[1], phone[2], phone[3], - phone[4], phone[5], phone[6], phone[7], - phone[8], phone[8], phone[10], phone[11], - phone[12], phone[13], phone[14], phone[15]); - } - - in_bytes_now = 0; - out_bytes_now = 0; - channels_now = 0; - - /* Get byte in/out for all channels */ - if (ioctl(fd, IIOCGETCPS, &iobytes)) { - syslog(LOG_ERR, "%s: %s\n", IIOCGETCPS, sys_errlist[errno]); - closelog(); - exit(1); - } - close(fd); - - /* Count number of open channes and total in/out bytes */ - for (i = 0; i < ISDN_MAX_CHANNELS; i++) { - if (usageflags[i]) { - channels_now++; - in_bytes_now += iobytes[i].ibytes; - out_bytes_now += iobytes[i].obytes; - } - } - - if (channels_last == -1 || channels_now < channels_last) { - channels_last = channels_now; - in_bytes_last = in_bytes_now; - out_bytes_last = out_bytes_now; - return; - } - - /* Calculate the total through put in bytes/sec */ - if (cf.filter < 1) { - in_bytes_per_sec = - (in_bytes_now - in_bytes_last) * 1000 / ms_delta; - out_bytes_per_sec = - (out_bytes_now - out_bytes_last) * 1000 / ms_delta; - } - else { - in_bytes_per_sec = (in_bytes_per_sec * (cf.filter - 1) + - (in_bytes_now - in_bytes_last) * 1000 / ms_delta) / cf.filter; - out_bytes_per_sec = (out_bytes_per_sec * (cf.filter - 1) + - (out_bytes_now - out_bytes_last) * 1000 / ms_delta) / cf.filter; - } - - in_bytes_last = in_bytes_now; - out_bytes_last = out_bytes_now; - - if (channels_now == 0) { - channels_last = channels_now; - return; - } - - /* Take up or down slave channel */ - - if (cf.enable == 0) { - channels_last = channels_now; - return; - } - - if (channels_now == 1 && - (in_bytes_per_sec > cf.limit || out_bytes_per_sec > cf.limit)) { - - /* Bring up slave interface */ - if (bring_up_slave() == -1) - exit(1); - - /* Start stay up timer */ - gettimeofday(&tv_up, NULL); - } - - if ((channels_now > 1) && - (in_bytes_per_sec <= cf.limit) && - (out_bytes_per_sec <= cf.limit) && - (cf.stayup == 0)) { - - /* Check that the min stay up timer has expired */ - gettimeofday(&tv_now, NULL); - if (tv_now.tv_sec - tv_up.tv_sec > cf.stayup_time) { - - /* Bring down slave interface */ - if (bring_down_slave() == -1) - exit(1); - } - } - - channels_last = channels_now; -} - - -static int bring_up_slave() -{ - int fd, rc; - - if ((fd = open(ISDN_CTLR_DEV, O_RDWR)) < 0) { - syslog(LOG_ERR, "%s: %s\n", ISDN_CTLR_DEV, sys_errlist[errno]); - closelog(); - return -1; - } - - if ((rc = ioctl(fd, IIOCNETALN, cf.dev)) < 0) { - syslog(LOG_ERR, "%s: %s\n", cf.dev, sys_errlist[errno]); - closelog(); - return -1; - } - - close(fd); - - if (! rc) { - syslog(LOG_NOTICE, "added new link\n"); - channels_now = 2; - } - - return 0; -} - - -static int bring_down_slave() -{ - int fd, rc; - - if ((fd = open(ISDN_CTLR_DEV, O_RDWR)) < 0) { - syslog(LOG_ERR, "%s: %s\n", ISDN_CTLR_DEV, sys_errlist[errno]); - closelog(); - return -1; - } - - if ((rc = ioctl(fd, IIOCNETDLN, cf.dev)) < 0) { - syslog(LOG_ERR, "%s: %s\n", cf.dev, sys_errlist[errno]); - closelog(); - return -1; - } - - close(fd); - - if (rc) - syslog(LOG_ERR, "unable to remove additional link: %d\n", rc); - else { - syslog(LOG_NOTICE, "removed link\n"); - } - - return 0; -} diff --git a/src/ibod/ibod.cf b/src/ibod/ibod.cf deleted file mode 100644 index 8a49598d67..0000000000 --- a/src/ibod/ibod.cf +++ /dev/null @@ -1,58 +0,0 @@ -# $Id: ibod.cf,v 1.1.1.1 2001/11/27 08:08:03 riddles Exp $ -# $Symbol$ -# -# -# -# Configuration file for ibod (ISDN Bandwidth On Demand) -# -# This file contain the initial configuration values for the -# ibod daemon. Each line contain a keyword and a value. -# -# Boolean attributes are set with 0 or 1 which corresponds to -# false and true respectively. A boolean attribute not specified -# at all is allways false. -# -# Lines beginning with # are treated as comments and are ignored. -# -# IMPORTANT RULES! -# -# 1. Keywords are case sensitive. -# 2. Kewords must begin at first column. -# 3. Keyword and value must be separated by exctly one (1) -# space ot tab chracter. -# -# This file is re-read every time ibod receives SIGHUP (1) signal. -# -# DEVICE Name of ISDN PPP device. -# Default is ippp0. -# -# ENABLE 1|0 Enable/disable bandwidth-on-demand. -# Default is enable (1). -# -# INTERVAL Specify the sample time interval in ms. -# Default is 500 ms. -# -# FILTER Defines "filtering factor". A value of 10 means -# that the average bytes/sec value measured over 10 -# intervals must pass the limit defined by LIMIT -# to bring up or down the slave link. -# Default is 5. -# -# LIMIT Transfer rate limit in bytes/sec for bringing -# up or down isdn slave channel. -# Default is 5000. -# -# STAYUP 0|1 Enable/disable slave channel stay up function. -# If enabled the 2:nd cannel (slave link) will stay -# up even if the average bytes/sec decrease the value -# defined by LIMIT. In this case the slave link will -# stay up until hangup time is reached. -# (Example: isdnctrl huptimeout ippp1 60) -# If disabled the slave link will be brought down in -# the same way it is brought up. -# Default is 0. -# -# STAYUP_TIME Defines the minimum time in seconds the 2:nd -# channel will unconditionally stay up after it has -# been brought up. Default value is 30. -# diff --git a/src/ibod/ibod.h b/src/ibod/ibod.h deleted file mode 100644 index eba19225ec..0000000000 --- a/src/ibod/ibod.h +++ /dev/null @@ -1,39 +0,0 @@ -/* $Id: ibod.h,v 1.1.1.1 2001/11/27 08:08:03 riddles Exp $ - * $Symbol$ - */ - -#define DEVICE "ippp0" -#define ENABLE 1 -#define INTERVAL 500 -#define FILTER 5 -#define LIMIT 7000 -#define STAYUP 0 -#define STAYUP_TIME 30 - -#define IBOD_DEFAULT_DIR "/etc/ppp" -#define MAX_STR_LEN 512 -#define ISDN_INFO_DEV "/dev/isdninfo" -#define ISDN_CTLR_DEV "/dev/isdnctrl" -#define IBOD_PORT 6050 - -#define CMD_OPEN 0 -#define CMD_CLOSE 1 -#define CMD_ENABLE 2 -#define CMD_DISABLE 3 -#define CMD_UP2 4 -#define CMD_DOWN2 5 - -typedef struct { - char dev[32]; - int enable; - int interval; - int limit; - int filter; - int stayup; - int stayup_time; -} Conf; - -typedef struct { - unsigned long ibytes; - unsigned long obytes; -} Siobytes; diff --git a/src/initscripts/init.d/mISDN b/src/initscripts/init.d/mISDN new file mode 100644 index 0000000000..bbe054a0a2 --- /dev/null +++ b/src/initscripts/init.d/mISDN @@ -0,0 +1,475 @@ +#!/bin/bash + +#---------------------------------------------- +# +# CONFIGURATION: +# +MISDN_CONF="/etc/mISDN.conf" +MISDN_CONF_XSL="/usr/lib/mISDN/mISDN.conf.xsl" +# +#---------------------------------------------- + +SELF="${0}" +USAGE="Usage: ${SELF} start|stop|restart|config|scan|help" + +function die { + echo "[!!] ${1}" + exit 1 +} + +function check_cmd +{ + if ! type -p "${1}" > /dev/null; then + if [ "${2}" = "opt" ]; then + return + fi + if [ "$(id -u)" != "0" ]; then + die "$1 not in path, please install and/or be root." + else + die "$1 not in path, please install." + fi + exit 1 + else + local var=$(echo ${1} | tr a-z A-Z) + eval "$var=`type -p ${1}`" + fi +} + +function check_misdn_conf +{ + if [ ! -f ${MISDN_CONF} ]; then + die "${MISDN_CONF} not found. Please run: ${SELF} config" + fi +} + +check_cmd sed +check_cmd cut +check_cmd cp +check_cmd wc +check_cmd grep +check_cmd xsltproc +check_cmd modprobe +check_cmd sleep +check_cmd lspci +check_cmd lsusb opt +check_cmd mknod +check_cmd chown +check_cmd chmod + +declare -a START_COMMANDS +declare -a STOP_COMMANDS + +declare -a HFCMULTI_card +declare -a HFCMULTI_type +declare -a HFCMULTI_protocol +declare -a HFCMULTI_layermask +HFCMULTI_options='' +MISDNDSP_options='' +L1OIP_options='' + +AVMFRITZ_protocol='' +AVMFRITZ_layermask='' + +HFCPCI_protocol='' +HFCPCI_layermask='' + +L1OIP_type='' +L1OIP_protocol='' +L1OIP_layermask='' +L1OIP_codec='' +L1OIP_ip='' +L1OIP_port='' +L1OIP_localport='' +L1OIP_ondemand='' +L1OIP_id='' + +DEVNODE_user='root' +DEVNODE_group='root' +DEVNODE_mode='0644' + +declare -a SCAN_card +declare -a SCAN_opts +declare -a SCAN_num_ports +declare -a SCAN_port_opts + +function parse_config +{ + local CONFIG=$(${XSLTPROC} ${MISDN_CONF_XSL} ${MISDN_CONF}) + local t p l line i tmpcmd curr tmpstr val + local IFS=$'\n' + + START_COMMANDS[${#START_COMMANDS[@]}]="${MODPROBE} --ignore-install capi" + START_COMMANDS[${#START_COMMANDS[@]}]="${MODPROBE} --ignore-install mISDN_core debug=0" + START_COMMANDS[${#START_COMMANDS[@]}]="${MODPROBE} --ignore-install mISDN_l1 debug=0" + START_COMMANDS[${#START_COMMANDS[@]}]="${MODPROBE} --ignore-install mISDN_l2 debug=0" + START_COMMANDS[${#START_COMMANDS[@]}]="${MODPROBE} --ignore-install l3udss1 debug=0" + START_COMMANDS[${#START_COMMANDS[@]}]="${MODPROBE} --ignore-install mISDN_capi" + + for line in ${CONFIG}; do + case "${line}" in + DEVNODE:mISDN*) + tmpstr=$(echo ${line} | ${SED} -n 's/.*user:\([^ ]*\).*/\1/p') + if [ ! -z "${tmpstr}" ]; then + DEVNODE_user="${tmpstr}" + fi + tmpstr=$(echo ${line} | ${SED} -n 's/.*group:\([^ ]*\).*/\1/p') + if [ ! -z "${tmpstr}" ]; then + DEVNODE_group="${tmpstr}" + fi + tmpstr=$(echo ${line} | ${SED} -n 's/.*mode:\([^ ]*\).*/\1/p') + if [ ! -z "${tmpstr}" ]; then + DEVNODE_mode="${tmpstr}" + fi + ;; + MODULE:hfcmulti*) + HFCMULTI_options=${line:16} + ;; + MODULE:mISDN_dsp*) + MISDNDSP_options=${line:17} + ;; + MODULE:l1oip*) + L1OIP_options=${line:13} + ;; + CARD:BN*) + curr='hfcmulti' + i=${#HFCMULTI_type[@]} + let "t = $(echo ${line} | ${SED} -n 's/.*type:\([^,]*\).*/\1/p')" + HFCMULTI_type[${i}]=$(printf "0x%x" ${t}) + +# this is for the BN2E1 card that needs two type numbers + t=$(echo ${line} | ${SED} -n 's/.*type:[^,]*,\([^ ]*\).*/\1/p') + if [ ! -z "${t}" ]; then + let "t = ${t}" + HFCMULTI_type[${i}]="${HFCMULTI_type[${i}]},$(printf "0x%x" ${t})" + fi + + HFCMULTI_card[${i}]=$(echo ${line:5} | ${CUT} -d" " -f1) + ;; + CARD:hfcpci*) + curr='hfcpci' + ;; + CARD:avmfritz*) + curr='avmfritz' + ;; + CARD:l1oip*) + curr='l1oip' + ;; + PORT*) + case "${curr}" in + hfcmulti) + let "p = $(echo ${line} | ${SED} -n 's/.*protocol:\([^ ]*\).*/\1/p')" + HFCMULTI_protocol[${i}]="${HFCMULTI_protocol[${i}]:+"${HFCMULTI_protocol[${i}]},"}$(printf "0x%x" ${p})" + let "l = $(echo ${line} | ${SED} -n 's/.*layermask:\([^ ]*\).*/\1/p')" + HFCMULTI_layermask[${i}]="${HFCMULTI_layermask[${i}]:+"${HFCMULTI_layermask[${i}]},"}$(printf "0x%x" ${l})" + ;; + hfcpci) + let "p = $(echo ${line} | ${SED} -n 's/.*protocol:\([^ ]*\).*/\1/p')" + HFCPCI_protocol="${HFCPCI_protocol:+"${HFCPCI_protocol},"}$(printf "0x%x" ${p})" + let "l = $(echo ${line} | ${SED} -n 's/.*layermask:\([^ ]*\).*/\1/p')" + HFCPCI_layermask="${HFCPCI_layermask:+"${HFCPCI_layermask},"}$(printf "0x%x" ${l})" + ;; + avmfritz) + let "p = $(echo ${line} | ${SED} -n 's/.*protocol:\([^ ]*\).*/\1/p')" + AVMFRITZ_protocol="${AVMFRITZ_protocol:+"${AVMFRITZ_protocol},"}$(printf "0x%x" ${p})" + let "l = $(echo ${line} | ${SED} -n 's/.*layermask:\([^ ]*\).*/\1/p')" + AVMFRITZ_layermask="${AVMFRITZ_layermask:+"${AVMFRITZ_layermask},"}$(printf "0x%x" ${l})" + ;; + l1oip) + let "val = $(echo ${line} | ${SED} -n 's/.*type:\([^ ]*\).*/\1/p')" + L1OIP_type="${L1OIP_type:+"${L1OIP_type},"}$(printf "0x%x" ${val})" + let "val = $(echo ${line} | ${SED} -n 's/.*protocol:\([^ ]*\).*/\1/p')" + L1OIP_protocol="${L1OIP_protocol:+"${L1OIP_protocol},"}$(printf "0x%x" ${val})" + let "val = $(echo ${line} | ${SED} -n 's/.*layermask:\([^ ]*\).*/\1/p')" + L1OIP_layermask="${L1OIP_layermask:+"${L1OIP_layermask},"}$(printf "0x%x" ${val})" + val="$(echo ${line} | ${SED} -n 's/.*codec:\([^ ]*\).*/\1/p')" + L1OIP_codec="${L1OIP_codec:+"${L1OIP_codec},"}${val}" + val="$(echo ${line} | ${SED} -n 's/.*ip:\([^ ]*\).*/\1/p')" + L1OIP_ip="${L1OIP_ip:+"${L1OIP_ip},"}${val}" + val="$(echo ${line} | ${SED} -n 's/.*port:\([^ ]*\).*/\1/p')" + L1OIP_port="${L1OIP_port:+"${L1OIP_port},"}${val}" + val="$(echo ${line} | ${SED} -n 's/.*localport:\([^ ]*\).*/\1/p')" + L1OIP_localport="${L1OIP_localport:+"${L1OIP_localport},"}${val}" + val="$(echo ${line} | ${SED} -n 's/.*ondemand:\([^ ]*\).*/\1/p')" + L1OIP_ondemand="${L1OIP_ondemand:+"${L1OIP_ondemand},"}${val}" + val="$(echo ${line} | ${SED} -n 's/.*id:\([^ ]*\).*/\1/p')" + L1OIP_id="${L1OIP_id:+"${L1OIP_id},"}${val}" + ;; + esac + ;; + esac + done + + if [ ! -z "${HFCMULTI_protocol[0]}" ]; then + tmpcmd="${MODPROBE} --ignore-install hfcmulti type=${HFCMULTI_type[0]}" + i=1 + while [ ! -z "${HFCMULTI_type[${i}]}" ]; do + tmpcmd="${tmpcmd},${HFCMULTI_type[${i}]}" + let "i = ${i} + 1" + done + tmpcmd="${tmpcmd} protocol=${HFCMULTI_protocol[0]}" + i=1 + while [ ! -z "${HFCMULTI_protocol[${i}]}" ]; do + tmpcmd="${tmpcmd},${HFCMULTI_protocol[${i}]}" + let "i = ${i} + 1" + done + tmpcmd="${tmpcmd} layermask=${HFCMULTI_layermask[0]}" + i=1 + while [ ! -z "${HFCMULTI_layermask[${i}]}" ]; do + tmpcmd="${tmpcmd},${HFCMULTI_layermask[${i}]}" + let "i = ${i} + 1" + done + START_COMMANDS[${#START_COMMANDS[@]}]="${tmpcmd} ${HFCMULTI_options}" + fi + + if [ ! -z "${HFCPCI_protocol}" ]; then + START_COMMANDS[${#START_COMMANDS[@]}]="${MODPROBE} --ignore-install hfcpci protocol=${HFCPCI_protocol} layermask=${HFCPCI_layermask}" + fi + + if [ ! -z "${AVMFRITZ_protocol}" ]; then + START_COMMANDS[${#START_COMMANDS[@]}]="${MODPROBE} --ignore-install avmfritz protocol=${AVMFRITZ_protocol} layermask=${AVMFRITZ_layermask}" + fi + + if [ ! -z "${L1OIP_type}" ]; then + START_COMMANDS[${#START_COMMANDS[@]}]="${MODPROBE} --ignore-install l1oip type=${L1OIP_type} protocol=${L1OIP_protocol} layermask=${L1OIP_layermask} codec=${L1OIP_codec} ip=${L1OIP_ip} port=${L1OIP_port} localport=${L1OIP_localport} ondemand=${L1OIP_ondemand} id=${L1OIP_id} ${L1OIP_options}" + fi + + START_COMMANDS[${#START_COMMANDS[@]}]="${MODPROBE} --ignore-install mISDN_dsp ${MISDNDSP_options}" +} + +function run_start_commands +{ + local i=0 + + echo "-- Loading mISDN modules --" + while [ ! -z "${START_COMMANDS[${i}]}" ]; do + echo ">> ${START_COMMANDS[${i}]}" + eval "${START_COMMANDS[${i}]}" + let "i = ${i} + 1" + done +} + +function run_stop_commands +{ + local mod i=0 + + for mod in $(lsmod | ${SED} -ne '/Module/!{s/\([^ ]*\).*/\1/;p}'); do + case "${mod}" in + mISDN_capi | mISDN_dsp | l3udss1 | mISDN_l2 | mISDN_l1 | mISDN_isac | hfcmulti | avmfritz | l1oip) + STOP_COMMANDS[0]="${STOP_COMMANDS[0]:-"${MODPROBE} -r --ignore-remove"} ${mod}" + ;; + mISDN_core) + STOP_COMMANDS[1]="${MODPROBE} -r --ignore-remove mISDN_core" + ;; + esac + done + + echo "-- Unloading mISDN modules --" + while [ ! -z "${STOP_COMMANDS[${i}]}" ]; do + echo ">> ${STOP_COMMANDS[${i}]}" + eval "${STOP_COMMANDS[${i}]}" + let "i = ${i} + 1" + done +} + +function scan_devices +{ + local skipnext=0 IFS=$'\n' + local NL=" +" + + function addcard { + SCAN_card[${#SCAN_card[@]}]="${1}" + SCAN_opts[${#SCAN_opts[@]}]="${2}" + SCAN_num_ports[${#SCAN_num_ports[@]}]="${3}" + SCAN_port_opts[${#SCAN_port_opts[@]}]="${4}" + } + + for line in $(${LSPCI} -n -d 0xd161:b410); do + addcard "BN4S0" "" 4 'mode="te" link="ptmp"' + done + + for line in $(${LSPCI} -n | ${SED} -n 's/^\(0000:\|\)\([0-9a-f]\{2\}:[0-9a-f]\{2\}.[0-9a-f]\{1\}\)\( Class \| \)[0-9a-f]\{4\}: 1397:\([0-9a-f]\{4\}\).*$/\4 \2/p'); do + if [ ${skipnext} -eq 1 ]; then + skipnext=0 + continue + fi + case "${line}" in + 30b1*) + case "${line:5}" in + 00*) + addcard "BN1E1" "" 1 'mode="nt" link="ptp"' + ;; + *) + if [ $(${LSPCI} -n -s "${line:5:3}" | ${WC} -l) -eq 2 ]; then + addcard "BN2E1" "" 2 'mode="nt" link="ptp"' + skipnext=1 + else + addcard "BN1E1" "" 1 'mode="nt" link="ptp"' + fi + ;; + esac + ;; + 16b8*) + addcard "BN8S0" "" 8 'mode="te" link="ptmp"' + ;; + 08b4*) + if ${LSPCI} -n -v -s "${line:5}" | ${GREP} "Subsystem" | ${GREP} "1397:b567" > /dev/null ; then + addcard "BN1S0" "" 1 'mode="te" link="ptmp"' + elif ${LSPCI} -n -v -s "${line:5}" | ${GREP} "Subsystem" | ${GREP} "1397:b566\|1397:b569" > /dev/null ; then + addcard "BN2S0" "" 2 'mode="te" link="ptmp"' + else + addcard "BN4S0" "" 4 'mode="te" link="ptmp"' + fi + ;; + esac + done + for line in $(${LSPCI} -n | ${GREP} "1397:\(2bd\(0\|6\|7\|8\|9\|a\|b\|c\)\|b100\)\|1043:0675\|0871:ffa\(1\|2\)\|1051:0100\|15b0:2bd0\|114f:007\(0\|1\|2\|3\)\|13d1:2bd1\|182d:3069"); do + addcard "hfcpci" "" 1 'mode="te" link="ptmp"' + done + for line in $(${LSPCI} -n | ${GREP} "1244:\(0a00\|0e00\)"); do + addcard "avmfritz" "" 1 'mode="te" link="ptmp"' + done + for line in $(${LSPCI} -n -d 1050:6692); do + addcard "w6692pci" "" 1 'mode="te" link="ptmp"' + done + if [ -e ${LSUSB} ]; then + for line in $(${LSUSB} | ${GREP} "0959:2bd0\|0675:1688\|07b0:0007\|0742:200\(7\|8\|9\|A\)\|08e3:0301\|07fa:084\(7\|8\)\|07ba:0006"); do + addcard "hfcsusb" "" 1 'mode="te" link="ptmp"' + done + fi +} + +function write_mISDN_conf +{ + local NL=" +" + local TAB=" " + local HEADER=" + + +${TAB}hfcmulti +${TAB}mISDN_dsp +${TAB}mISDN" + local FOOTER="" + local i=0 j=0 MAIN="" + + echo "Writing ${MISDN_CONF} for ${#SCAN_card[@]} mISDN compatible device(s):" + while [ ! -z "${SCAN_card[${i}]}" ]; do + echo ">> ${SCAN_card[${i}]}" + MAIN="${MAIN}${NL}${TAB}" + j=1 + while [ ${j} -le ${SCAN_num_ports[${i}]} ]; do + MAIN="${MAIN}${NL}${TAB}${TAB}${j}" + let "j = ${j} + 1" + done + MAIN="${MAIN}${NL}${TAB}" + let "i = ${i} + 1" + done + + if [ -f ${MISDN_CONF} ]; then + echo "${MISDN_CONF} already present, saving a backup: ${MISDN_CONF}.bak" + ${CP} "${MISDN_CONF}" "${MISDN_CONF}.bak" || die "Could not backup your existing ${MISDN_CONF}!" + fi + echo "${HEADER}${MAIN}${NL}${FOOTER}" > ${MISDN_CONF} +} + +function print_scan_results +{ + local i=0 + + echo "${#SCAN_card[@]} mISDN compatible device(s) found:" + while [ ! -z "${SCAN_card[${i}]}" ]; do + echo ">> ${SCAN_card[${i}]}" + let "i = ${i} + 1" + done +} + +function mk_misdn_dev +{ + if [ ! -e /dev/mISDN ]; then + echo "creating device node: /dev/mISDN" + ${MKNOD} /dev/mISDN c 46 0 + fi + ${CHOWN} ${DEVNODE_user}:${DEVNODE_group} /dev/mISDN + ${CHMOD} ${DEVNODE_mode} /dev/mISDN +} + +# +# MAIN +# + +case "${1}" in + + start|--start) + + check_misdn_conf + parse_config + run_start_commands + mk_misdn_dev + ;; + + stop|--stop) + + run_stop_commands + ;; + + restart|--restart) + + check_misdn_conf + parse_config + run_stop_commands + ${SLEEP} 2 + run_start_commands + mk_misdn_dev + ;; + + config|--config) + + scan_devices + write_mISDN_conf + ;; + + scan|--scan) + + scan_devices + print_scan_results + ;; + + help|--help) + echo "${USAGE}" + exit 0 + ;; + + *) + echo "${USAGE}" + exit 2 + ;; + +esac + diff --git a/src/initscripts/init.d/snort b/src/initscripts/init.d/snort index 0087cb54a7..b139a6c2e3 100755 --- a/src/initscripts/init.d/snort +++ b/src/initscripts/init.d/snort @@ -64,6 +64,7 @@ case "$1" in boot_mesg "Starting Intrusion Detection System on $DEVICE..." /usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --pid-path /var/run/snort_$DEVICE.pid evaluate_retval + chmod 644 /var/run/snort_$DEVICE.pid done ;; diff --git a/src/patches/ibod-config.patch b/src/patches/ibod-config.patch new file mode 100644 index 0000000000..6c92ddcac2 --- /dev/null +++ b/src/patches/ibod-config.patch @@ -0,0 +1,11 @@ +--- isdn4k-utils-07022001/ibod.h.orig Wed Nov 1 21:06:07 2000 ++++ isdn4k-utils-07022001/ibod.h Wed Nov 1 21:06:29 2000 +@@ -10,7 +10,7 @@ + #define STAYUP 0 + #define STAYUP_TIME 30 + +-#define IBOD_DEFAULT_DIR "/etc/ppp" ++#define IBOD_DEFAULT_DIR "/etc/isdn" + #define MAX_STR_LEN 512 + #define ISDN_INFO_DEV "/dev/isdninfo" + #define ISDN_CTLR_DEV "/dev/isdnctrl" diff --git a/src/patches/isdn4k-utils-0202131200-true.patch b/src/patches/isdn4k-utils-0202131200-true.patch new file mode 100644 index 0000000000..33ef17c150 --- /dev/null +++ b/src/patches/isdn4k-utils-0202131200-true.patch @@ -0,0 +1,13 @@ +--- isdn4k-utils/imon/imon.c.orig Fri Feb 22 17:24:54 2002 ++++ isdn4k-utils/imon/imon.c Fri Feb 22 17:28:00 2002 +@@ -63,6 +63,10 @@ + + #include + ++#ifndef TRUE ++#define TRUE 1 ++#endif ++ + #define KEY_Q 81 + #define KEY_q 113 + diff --git a/src/patches/isdn4k-utils-CVS-2004-11-18-autoconf25x.patch b/src/patches/isdn4k-utils-CVS-2004-11-18-autoconf25x.patch new file mode 100644 index 0000000000..fa8dd31507 --- /dev/null +++ b/src/patches/isdn4k-utils-CVS-2004-11-18-autoconf25x.patch @@ -0,0 +1,564 @@ +--- isdn4k-utils-CVS-2004-11-18/vbox/configure.in.ac25x 1998-11-23 10:18:04.000000000 +0100 ++++ isdn4k-utils-CVS-2004-11-18/vbox/configure.in 2004-11-18 17:47:52.638741078 +0100 +@@ -17,9 +17,9 @@ + + AC_PREFIX_DEFAULT() + +-AC_DEFINE_UNQUOTED(PACKAGE, "${PACKAGE}") +-AC_DEFINE_UNQUOTED(VERSION, "${VERSION}") +-AC_DEFINE_UNQUOTED(VERDATE, "${VERDATE}") ++AC_DEFINE_UNQUOTED(PACKAGE, "${PACKAGE}", [package]) ++AC_DEFINE_UNQUOTED(VERSION, "${VERSION}", [version]) ++AC_DEFINE_UNQUOTED(VERDATE, "${VERDATE}", [verdate]) + + AC_SUBST(PACKAGE) + AC_SUBST(VERSION) +@@ -87,7 +87,7 @@ + + AC_MSG_RESULT(${VBOX_SPOOLDIR}) + +-AC_DEFINE_UNQUOTED(SPOOLDIR, "${VBOX_SPOOLDIR}") ++AC_DEFINE_UNQUOTED(SPOOLDIR, "${VBOX_SPOOLDIR}", [spool dir]) + AC_SUBST(VBOX_SPOOLDIR) + + dnl #===============# +@@ -105,7 +105,7 @@ + + AC_MSG_RESULT(${VBOX_LOGDIR}) + +-AC_DEFINE_UNQUOTED(LOGFILEDIR, "${VBOX_LOGDIR}") ++AC_DEFINE_UNQUOTED(LOGFILEDIR, "${VBOX_LOGDIR}", [log dir]) + AC_SUBST(VBOX_LOGDIR) + + dnl #===============# +@@ -123,7 +123,7 @@ + + AC_MSG_RESULT(${VBOX_PIDDIR}) + +-AC_DEFINE_UNQUOTED(PIDFILEDIR, "${VBOX_PIDDIR}") ++AC_DEFINE_UNQUOTED(PIDFILEDIR, "${VBOX_PIDDIR}", [pid dir]) + AC_SUBST(VBOX_PIDDIR) + + dnl #================# +@@ -141,7 +141,7 @@ + + AC_MSG_RESULT(${VBOX_LCKDIR}) + +-AC_DEFINE_UNQUOTED(LCKFILEDIR, "${VBOX_LCKDIR}") ++AC_DEFINE_UNQUOTED(LCKFILEDIR, "${VBOX_LCKDIR}", [lock dir]) + AC_SUBST(VBOX_LCKDIR) + + dnl #===================# +@@ -159,7 +159,7 @@ + + AC_MSG_RESULT(${ISDN_GLOBAL_CONFIG}) + +-AC_DEFINE_UNQUOTED(I4LCONFDIR, "${ISDN_GLOBAL_CONFIG}") ++AC_DEFINE_UNQUOTED(I4LCONFDIR, "${ISDN_GLOBAL_CONFIG}", [global config]) + + dnl #------------------------------------------------------------------------# + dnl # Check and optimize compiler flags: # +--- isdn4k-utils-CVS-2004-11-18/vbox/acinclude.m4.ac25x 2002-07-06 02:11:19.000000000 +0200 ++++ isdn4k-utils-CVS-2004-11-18/vbox/acinclude.m4 2004-11-18 17:47:52.639740930 +0100 +@@ -49,23 +49,23 @@ + cos, + AC_CHECK_LIB(dl, + dlerror, +- [AC_CHECK_LIB(${gnd_1st_tcl_lib_test}, ++ AC_CHECK_LIB(${gnd_1st_tcl_lib_test}, + Tcl_CreateInterp, + LINK_TCL_LIBS="${gnd_tcl_lib_dir} -l${gnd_1st_tcl_lib_test} -lm -ldl", +- [AC_CHECK_LIB(${gnd_2nd_tcl_lib_test}, ++ AC_CHECK_LIB(${gnd_2nd_tcl_lib_test}, + Tcl_CreateInterp, + LINK_TCL_LIBS="${gnd_tcl_lib_dir} -l${gnd_2nd_tcl_lib_test} -lm -ldl", +- [AC_CHECK_LIB(${gnd_3rd_tcl_lib_test}, ++ AC_CHECK_LIB(${gnd_3rd_tcl_lib_test}, + Tcl_CreateInterp, + LINK_TCL_LIBS="${gnd_tcl_lib_dir} -l${gnd_3rd_tcl_lib_test} -lm -ldl", + , + ${gnd_tcl_lib_dir} -lm -ldl +- )], ++ ), + ${gnd_tcl_lib_dir} -lm -ldl +- )], ++ ), + ${gnd_tcl_lib_dir} -lm -ldl +- )], +- )], ++ ), ++ ), + ) + + if (test "${LINK_TCL_LIBS}" != "") +@@ -154,7 +154,7 @@ + + AC_CHECK_LIB(ncurses, + resizeterm, +- AC_DEFINE(HAVE_RESIZETERM) ++ AC_DEFINE(HAVE_RESIZETERM, 1, [have resizeterm]) + ) + fi + +--- isdn4k-utils-CVS-2004-11-18/vbox/aclocal.m4.ac25x 2002-07-06 02:11:19.000000000 +0200 ++++ isdn4k-utils-CVS-2004-11-18/vbox/aclocal.m4 2004-11-18 17:47:52.640740782 +0100 +@@ -61,23 +61,23 @@ + cos, + [AC_CHECK_LIB(dl, + dlerror, +- [AC_CHECK_LIB(${gnd_1st_tcl_lib_test}, ++ AC_CHECK_LIB(${gnd_1st_tcl_lib_test}, + Tcl_CreateInterp, + LINK_TCL_LIBS="${gnd_tcl_lib_dir} -l${gnd_1st_tcl_lib_test} -lm -ldl", +- [AC_CHECK_LIB(${gnd_2nd_tcl_lib_test}, ++ AC_CHECK_LIB(${gnd_2nd_tcl_lib_test}, + Tcl_CreateInterp, + LINK_TCL_LIBS="${gnd_tcl_lib_dir} -l${gnd_2nd_tcl_lib_test} -lm -ldl", +- [AC_CHECK_LIB(${gnd_3rd_tcl_lib_test}, ++ AC_CHECK_LIB(${gnd_3rd_tcl_lib_test}, + Tcl_CreateInterp, + LINK_TCL_LIBS="${gnd_tcl_lib_dir} -l${gnd_3rd_tcl_lib_test} -lm -ldl", + , + ${gnd_tcl_lib_dir} -lm -ldl +- )], ++ ), + ${gnd_tcl_lib_dir} -lm -ldl +- )], ++ ), + ${gnd_tcl_lib_dir} -lm -ldl +- )], +- )], ++ ), ++ ), + ) + + if (test "${LINK_TCL_LIBS}" != "") +@@ -103,15 +103,7 @@ + + HAVE_TCL_INCL="y" + LINK_TCL_INCL="${gnd_tcl_inc_dir}" +- fi +- else +- AC_MSG_CHECKING("for tcl header in /usr/include/tcl8.3/tcl.h") +- if (test -e "/usr/include/tcl8.3/tcl.h") +- then +- AC_MSG_RESULT("yes") +- HAVE_TCL_INCL="y" +- LINK_TCL_INCL="-I/usr/include/tcl8.3" +- else ++ else + AC_MSG_RESULT("no") + fi + fi +--- isdn4k-utils-CVS-2004-11-18/ipppd/configure.in.ac25x 2004-08-30 16:56:36.000000000 +0200 ++++ isdn4k-utils-CVS-2004-11-18/ipppd/configure.in 2004-11-18 17:55:56.899083430 +0100 +@@ -17,21 +17,21 @@ + AC_PROG_CC + + dnl Checks for libraries. +-AC_CHECK_LIB(bsd, daemon,HAVE_LIBBSD=1; AC_DEFINE(HAVE_LIBBSD), ++AC_CHECK_LIB(bsd, daemon,HAVE_LIBBSD=1; AC_DEFINE(HAVE_LIBBSD,1,[libbsd]), + [AC_MSG_WARN(Could not find libbsd, build disabled)]) + dnl Replace `main' with a function in -lcrypt: +-AC_CHECK_LIB(crypt, main,HAVE_LIBCRYPT=1; AC_DEFINE(HAVE_LIBCRYPT)) +-AC_CHECK_LIB(des, des_ecb_encrypt, HAVE_LIBDES=1; AC_DEFINE(HAVE_LIBDES)) +-AC_CHECK_LIB(ssl, DES_ecb_encrypt, HAVE_LIBSSL=1; AC_DEFINE(HAVE_LIBSSL)) ++AC_CHECK_LIB(crypt, main,HAVE_LIBCRYPT=1; AC_DEFINE(HAVE_LIBCRYPT,1,[libcrypt])) ++AC_CHECK_LIB(des, des_ecb_encrypt, HAVE_LIBDES=1; AC_DEFINE(HAVE_LIBDES,1,[libdes])) ++AC_CHECK_LIB(ssl, DES_ecb_encrypt, HAVE_LIBSSL=1; AC_DEFINE(HAVE_LIBSSL,1,[libssl])) + + dnl Checks for header files. + AC_HEADER_STDC + AC_HEADER_SYS_WAIT + AC_CHECK_HEADERS(fcntl.h limits.h paths.h sys/file.h sys/ioctl.h sys/time.h syslog.h unistd.h) +-AC_CHECK_HEADER(shadow.h, HAVE_SHADOW_H=1; AC_DEFINE(HAVE_SHADOW_H)) +-AC_CHECK_HEADER(linux/isdn_lzscomp.h, HAVE_LZSCOMP_H=1; AC_DEFINE(HAVE_LZSCOMP_H)) +-AC_CHECK_HEADER(pcap-bpf.h, [HAVE_PCAP_BPF_H=1; AC_DEFINE(HAVE_PCAP_BPF_H)], +- [AC_CHECK_HEADER(net/bpf.h, [HAVE_NET_BPF_H=1; AC_DEFINE(HAVE_NET_BPF_H)], ++AC_CHECK_HEADER(shadow.h, HAVE_SHADOW_H=1; AC_DEFINE(HAVE_SHADOW_H,1,[have shadow.h])) ++AC_CHECK_HEADER(linux/isdn_lzscomp.h, HAVE_LZSCOMP_H=1; AC_DEFINE(HAVE_LZSCOMP_H,1,[isdn_lzscomp.h])) ++AC_CHECK_HEADER(pcap-bpf.h, [HAVE_PCAP_BPF_H=1; AC_DEFINE(HAVE_PCAP_BPF_H,1,[pcap-bpf.h])], ++ [AC_CHECK_HEADER(net/bpf.h, [HAVE_NET_BPF_H=1; AC_DEFINE(HAVE_NET_BPF_H,1,[net/bpf.h])], + [AC_MSG_ERROR(Could not find pcap header file)])]) + + dnl Checks for typedefs, structures, and compiler characteristics. +@@ -51,62 +51,63 @@ + AC_ARG_WITH(sbin, + [ --with-sbin=DIR Set directory where ipppd is istalled. [/sbin]], + CONFIG_SBINDIR="${withval}" +- AC_DEFINE(CONFIG_SBINDIR,"${withval}"), ++ AC_DEFINE(CONFIG_SBINDIR,"${withval}",[sbin dir]), + ) + + dnl Optional man directory + AC_ARG_WITH(sbin, + [ --with-man=DIR Set manpage directory. [/usr/man]], + CONFIG_MANDIR="${withval}" +- AC_DEFINE(CONFIG_MANDIR,"${withval}"), ++ AC_DEFINE(CONFIG_MANDIR,"${withval}",[man dir]), + ) + + dnl Optional /var/run directory + AC_ARG_WITH(sbin, + [ --with-varrun=DIR Set directory for .pid files. [/var/run]], + CONFIG_RUNDIR="${withval}" +- AC_DEFINE(CONFIG_RUNDIR,"${withval}"), ++ AC_DEFINE(CONFIG_RUNDIR,"${withval}",[/var/run dir]), + ) + + dnl Optional MSCHAP + AC_ARG_ENABLE(mschap, + [ --enable-mschap Enable Microsoft chap authentication [no]], + CONFIG_IPPPD_MSCHAP="y" +- AC_DEFINE(CONFIG_IPPPD_MSCHAP,"y"), ++ AC_DEFINE(CONFIG_IPPPD_MSCHAP,"y",[support M$-chap]), + ) + + dnl Optional RADIUS + AC_ARG_ENABLE(radius, + [ --enable-radius Enable RADIUS authentication [no]], + CONFIG_IPPPD_RADIUS="y" +- AC_DEFINE(CONFIG_IPPPD_RADIUS,"y"), ++ AC_DEFINE(CONFIG_IPPPD_RADIUS,"y",[support radius]), + ) + + dnl Optional radiusclient config file + AC_ARG_WITH(radiusclient_config, + [ --with-radiusclient=FILE Set filename for radiusclient configuration], + RADIUS_CLIENT_CONFIG_FILE="${withval}" +- AC_DEFINE(RADIUS_CLIENT_CONFIG_FILE,"${withval}"), ++ AC_DEFINE(RADIUS_CLIENT_CONFIG_FILE,"${withval}",[radius config]), + ) + + dnl Optional RADIUS_WTMP_LOGGING + AC_ARG_ENABLE(radius_wtmp_logging, + [ --enable-radius-wtmp Enable RADIUS_WTMP_LOGGING authentication [no]], + CONFIG_IPPPD_RADIUS_WTMP_LOGGING="y" +- AC_DEFINE(CONFIG_IPPPD_RADIUS_WTMP_LOGGING,"y"), ++ AC_DEFINE(CONFIG_IPPPD_RADIUS_WTMP_LOGGING,"y",[radius logging]), + ) + + dnl Optional DEBUGGING + AC_ARG_ENABLE(debug, + [ --enable-debug Enable debugging [no]], + CONFIG_IPPPD_DEBUGFLAGS="-DDEBUGALL" +- AC_DEFINE(CONFIG_IPPPD_DEBUGFLAGS,"-DDEBUGALL"), ++ AC_DEFINE(CONFIG_IPPPD_DEBUGFLAGS,"-DDEBUGALL",[options]), + ) + + AC_ARG_ENABLE(ippp-filter, + [ --enable-ippp-filter Enable IPPP Filters (needs kernel supports) [no]], + CONFIG_IPPP_FILTER="y" + AC_DEFINE(CONFIG_IPPP_FILTER,"y"), ++ AC_DEFINE(CONFIG_IPPP_FILTER,"y", [ipppd filter]), + ) + + AC_SUBST(I4LVERSION) +--- isdn4k-utils-CVS-2004-11-18/isdnlog/configure.in.ac25x 2004-10-28 03:53:29.000000000 +0200 ++++ isdn4k-utils-CVS-2004-11-18/isdnlog/configure.in 2004-11-18 17:47:52.642740487 +0100 +@@ -79,45 +79,46 @@ + dnl To make it possible to set variables in policy.h + dnl they have to be defined with AC_DEFINE... + dnl +-AC_DEFINE_UNQUOTED(OLDCONFDIR,"$OLDCONFDIR") +-AC_DEFINE_UNQUOTED(OLDCONFFILE,"$OLDCONFFILE") +-AC_DEFINE_UNQUOTED(DATADIR,"$datadir") +-AC_DEFINE_UNQUOTED(SERV_PORT,$SERV_PORT) +-AC_DEFINE_UNQUOTED(USERFILE,"$USERFILE") +-AC_DEFINE_UNQUOTED(LOGFILE,"$LOGFILE") +-AC_DEFINE_UNQUOTED(CHARGEFILE,"$CHARGEFILE") +-AC_DEFINE_UNQUOTED(RELOADCMD,"$RELOADCMD") +-AC_DEFINE_UNQUOTED(STOPCMD,"$STOPCMD") +-AC_DEFINE_UNQUOTED(REBOOTCMD,"$REBOOTCMD") ++AC_DEFINE_UNQUOTED(OLDCONFDIR,"$OLDCONFDIR", [old config dir]) ++AC_DEFINE_UNQUOTED(OLDCONFFILE,"$OLDCONFFILE", [old config file]) ++AC_DEFINE_UNQUOTED(DATADIR,"$datadir", [data dir]) ++AC_DEFINE_UNQUOTED(SERV_PORT,$SERV_PORT, [server port]) ++AC_DEFINE_UNQUOTED(USERFILE,"$USERFILE", [user file]) ++AC_DEFINE_UNQUOTED(LOGFILE,"$LOGFILE", [log file]) ++AC_DEFINE_UNQUOTED(CHARGEFILE,"$CHARGEFILE", [charge file]) ++AC_DEFINE_UNQUOTED(RELOADCMD,"$RELOADCMD", [reload command]) ++AC_DEFINE_UNQUOTED(STOPCMD,"$STOPCMD", [stop command]) ++AC_DEFINE_UNQUOTED(REBOOTCMD,"$REBOOTCMD", [reboot command]) ++ + if test "$CONFIG_ISDN_LOG_DE" = "y" ; then + NATION="de" + NATION_MACRO="ISDN_DE" +- AC_DEFINE(ISDN_DE) ++ AC_DEFINE(ISDN_DE, 1, [German ISDN]) + fi + if test "$CONFIG_ISDN_LOG_AT" = "y" ; then + NATION="at" + NATION_MACRO="ISDN_AT" +- AC_DEFINE(ISDN_AT) ++ AC_DEFINE(ISDN_AT, 1, [Austrian ISDN]) + fi + if test "$CONFIG_ISDN_LOG_CH" = "y" ; then + NATION="ch" + NATION_MACRO="ISDN_CH" +- AC_DEFINE(ISDN_CH) ++ AC_DEFINE(ISDN_CH, 1, [Swiss ISDN]) + fi + if test "$CONFIG_ISDN_LOG_NL" = "y" ; then + NATION="nl" + NATION_MACRO="ISDN_NL" +- AC_DEFINE(ISDN_NL) ++ AC_DEFINE(ISDN_NL, 1, [Dutch ISDN]) + fi + if test "$CONFIG_ISDN_LOG_LU" = "y" ; then + NATION="lu" + NATION_MACRO="ISDN_LU" +- AC_DEFINE(ISDN_LU) ++ AC_DEFINE(ISDN_LU, 1, [Luxembourg ISDN]) + fi + if test "$CONFIG_ISDN_LOG_XX" = "y" ; then + NATION=$CONFIG_ISDN_LOG_CC + NATION_MACRO="ISDN_XX" +- AC_DEFINE(ISDN_XX) ++ AC_DEFINE(ISDN_XX, 1, [Other country]) + fi + + dnl Checks for programs. +@@ -130,17 +131,17 @@ + + dnl Checks for libraries. + if test -e tools/cdb/i4l_cdb.c ; then +- AC_DEFINE(USE_CDB) ++ AC_DEFINE(USE_CDB, 1, [Use CDB]) + CDBEXTRALIBS="tools/cdb/i4l_cdb.a" + DBEXT=".cdb" + RDBEXT=".cdb" + AC_MSG_RESULT(Using 'cdb' as database) + else +-AC_CHECK_LIB(gdbm, gdbm_open, DBMLIB=-lgdbm; AC_DEFINE(HAVE_LIBGDBM), +- [AC_CHECK_LIB(dbm, dbm_open, DBMLIB=-ldbm; AC_DEFINE(HAVE_LIBDBM), +- [AC_CHECK_LIB(db, dbm_open, DBMLIB=-ldb; AC_DEFINE(HAVE_LIBDB))])]) ++AC_CHECK_LIB(gdbm, gdbm_open, DBMLIB=-lgdbm; AC_DEFINE(HAVE_LIBGDBM, 1, [Use libgdbm]), ++ AC_CHECK_LIB(dbm, dbm_open, DBMLIB=-ldbm; AC_DEFINE(HAVE_LIBDBM, 1, [Use libdbm]), ++ AC_CHECK_LIB(db, dbm_open, DBMLIB=-ldb; AC_DEFINE(HAVE_LIBDB, 1, [use libdb])))) + fi +-AC_DEFINE_UNQUOTED(RDBEXT,"$RDBEXT") ++AC_DEFINE_UNQUOTED(RDBEXT,"$RDBEXT",[rdb extension]) + + dnl log database support + AC_CHECK_POSTGRES +@@ -158,7 +159,7 @@ + dnl Manual config + AC_ARG_WITH(isdnlib, + [ --with-isdnlib=DIR Set isdn library [../lib]], +- LIBISDNDIR=$withval; AC_DEFINE_UNQUOTED(LIBISDNDIR,"$withval")) ++ LIBISDNDIR=$withval; AC_DEFINE_UNQUOTED(LIBISDNDIR,"$withval",[libisdn dir])) + AC_ARG_WITH(area-lib, + [ --with-area-lib=STRING Set area library type [area]], + ALIB=$withval) +@@ -167,16 +168,16 @@ + CHARGECOUNTRY=$withval) + AC_ARG_WITH(oldconfdir, + [ --with-oldconfdir=DIR Set old config directory [/etc/isdnlog]], +- OLDCONFDIR=$withval; AC_DEFINE_UNQUOTED(OLDCONFDIR,"$withval")) ++ OLDCONFDIR=$withval; AC_DEFINE_UNQUOTED(OLDCONFDIR,"$withval", [old config dir])) + AC_ARG_WITH(oldconf, + [ --with-oldconf=NAME Set old config file name [isdnlog.conf]], +- OLDCONFFILE=$withval; AC_DEFINE_UNQUOTED(OLDCONFFILE,"$withval")) ++ OLDCONFFILE=$withval; AC_DEFINE_UNQUOTED(OLDCONFFILE,"$withval", [old config file])) + AC_ARG_WITH(datadir, + [ --with-datadir=DIR Set data directory [/usr/lib/isdn]], +- datadir=$withval; AC_DEFINE_UNQUOTED(DATADIR,"$withval")) ++ datadir=$withval; AC_DEFINE_UNQUOTED(DATADIR,"$withval", [data dir])) + AC_ARG_WITH(sport, + [ --with-sport=INT Set server port [20011]], +- SERV_PORT=$withval; AC_DEFINE_UNQUOTED(SERV_PORT,$withval)) ++ SERV_PORT=$withval; AC_DEFINE_UNQUOTED(SERV_PORT,$withval, [server port])) + + dnl Checks for typedefs, structures, and compiler characteristics. + AC_C_CONST +@@ -196,28 +197,28 @@ + + if test "$ALIB" = "area" ; then + LIBAREA=1 +- AC_DEFINE(LIBAREA) ++ AC_DEFINE(LIBAREA, 1, [libarea]) + fi + case "$CHARGECOUNTRY" in + DE) + NATION="de" + NATION_MACRO="ISDN_DE" +- AC_DEFINE(ISDN_DE) ++ AC_DEFINE(ISDN_DE, 1, [German ISDN]) + ;; + AT) + NATION="at" + NATION_MACRO="ISDN_AT" +- AC_DEFINE(ISDN_AT) ++ AC_DEFINE(ISDN_AT, 1, [Austrian ISDN]) + ;; + CH) + NATION="ch" + NATION_MACRO="ISDN_CH" +- AC_DEFINE(ISDN_CH) ++ AC_DEFINE(ISDN_CH, 1, [Swiss ISDN]) + ;; + NL) + NATION="nl" + NATION_MACRO="ISDN_NL" +- AC_DEFINE(ISDN_NL) ++ AC_DEFINE(ISDN_NL, 1, [Dutch ISDN]) + ;; + esac + +--- isdn4k-utils-CVS-2004-11-18/isdnlog/aclocal.m4.ac25x 2002-07-19 21:03:55.000000000 +0200 ++++ isdn4k-utils-CVS-2004-11-18/isdnlog/aclocal.m4 2004-11-18 17:47:52.643740339 +0100 +@@ -45,13 +45,13 @@ + if test "$pqdir" != "no" ; then + AC_MSG_RESULT("yes") + POSTGRES=1 +- AC_DEFINE_UNQUOTED(POSTGRES,1) ++ AC_DEFINE_UNQUOTED(POSTGRES,1,[postgres support]) + else + AC_MSG_RESULT("no POSTGRES DISABLED") + pqdir="" + fi + POSTGRESDIR="$pqdir" +- AC_DEFINE_UNQUOTED(POSTGRESDIR,"$pqdir") ++ AC_DEFINE_UNQUOTED(POSTGRESDIR,"$pqdir",[postgres dir]) + AC_SUBST(POSTGRES) + AC_SUBST(POSTGRESDIR) + ]) +@@ -108,13 +108,13 @@ + if test "$mydir" != "no" ; then + AC_MSG_RESULT("yes") + MYSQLDB=1 +- AC_DEFINE_UNQUOTED(MYSQLDB,1) ++ AC_DEFINE_UNQUOTED(MYSQLDB,1,[MySQL support]) + else + AC_MSG_RESULT("no MYSQL DISABLED") + mydir="" + fi + MYSQLDIR="$mydir" +- AC_DEFINE_UNQUOTED(MYSQLDIR,"$mydir") ++ AC_DEFINE_UNQUOTED(MYSQLDIR,"$mydir",[MySQL dir]) + AC_SUBST(MYSQLDB) + AC_SUBST(MYSQLDIR) + ]) +@@ -134,7 +134,7 @@ + if test "$oradir" != "no" ; then + AC_MSG_RESULT("yes") + ORACLE=1 +- AC_DEFINE_UNQUOTED(ORACLE,1) ++ AC_DEFINE_UNQUOTED(ORACLE,1,[oracle support, unsupported]) + else + AC_MSG_RESULT("no ORACLE DISABLED") + fi +--- isdn4k-utils-CVS-2004-11-18/vbox3/configure.in.ac25x 1998-11-10 19:36:19.000000000 +0100 ++++ isdn4k-utils-CVS-2004-11-18/vbox3/configure.in 2004-11-18 17:47:52.644740191 +0100 +@@ -17,11 +17,9 @@ + ## programs ############################################################### + + AC_PROG_CC +-AC_PROG_CC_WORKS +-AC_PROG_CC_GNU + + AC_PROG_RANLIB +-AM_PROG_INSTALL ++AC_PROG_INSTALL + + ## libraries ############################################################## + +--- isdn4k-utils-CVS-2004-11-18/vbox3/vboxgetty/Makefile.am.ac25x 1998-11-10 19:36:25.000000000 +0100 ++++ isdn4k-utils-CVS-2004-11-18/vbox3/vboxgetty/Makefile.am 2004-11-18 17:47:52.644740191 +0100 +@@ -12,7 +12,7 @@ + + ## vboxgetty ############################################################## + +-DEFS += -DSYSCONFDIR='"$(sysconfdir)"' -DPKGDATADIR='"$(pkgdatadir)"' -DLOGDIR='"$(packagelogdir)"' -DLOCKDIR='"$(packagelockdir)"' -DPIDDIR='"$(packagepiddir)"' ++DEFS = -DSYSCONFDIR='"$(sysconfdir)"' -DPKGDATADIR='"$(pkgdatadir)"' -DLOGDIR='"$(packagelogdir)"' -DLOCKDIR='"$(packagelockdir)"' -DPIDDIR='"$(packagepiddir)"' + + INCLUDES = $(all_includes) $(tcl_include) + +--- isdn4k-utils-CVS-2004-11-18/isdnctrl/configure.in.ac25x 2002-07-19 23:23:54.000000000 +0200 ++++ isdn4k-utils-CVS-2004-11-18/isdnctrl/configure.in 2004-11-18 17:47:52.645740043 +0100 +@@ -30,21 +30,21 @@ + AC_ARG_WITH(sbin, + [ --with-sbin=DIR Set dir where binary is istalled. [/sbin]], + CONFIG_SBINDIR="${withval}" +- AC_DEFINE(CONFIG_SBINDIR,"${withval}"), ++ AC_DEFINE(CONFIG_SBINDIR,"${withval}",[sbin dir]), + ) + + dnl Optional man directory + AC_ARG_WITH(man, + [ --with-man=DIR Set manpage dir. [/usr/man]], + CONFIG_MANDIR="${withval}" +- AC_DEFINE(CONFIG_MANDIR,"${withval}"), ++ AC_DEFINE(CONFIG_MANDIR,"${withval}",[man dir]), + ) + + dnl Optional config-file-option + AC_ARG_ENABLE(cfile, + [ --enable-cfile Enable configfile option [no]], + CONFIG_ISDNCTRL_CONF=y +- AC_DEFINE(CONFIG_ISDNCTRL_CONF,y), ++ AC_DEFINE(CONFIG_ISDNCTRL_CONF,y,[enable config file]), + ) + + AC_SUBST(INSTALL) +--- isdn4k-utils-CVS-2004-11-18/imon/configure.in.ac25x 2002-07-19 21:03:53.000000000 +0200 ++++ isdn4k-utils-CVS-2004-11-18/imon/configure.in 2004-11-18 17:47:52.646739895 +0100 +@@ -38,14 +38,14 @@ + AC_ARG_WITH(sbin, + [ --with-sbin=DIR Set dir where binary is istalled. [/sbin]], + CONFIG_SBINDIR="${withval}" +- AC_DEFINE(CONFIG_SBINDIR,"${withval}"), ++ AC_DEFINE(CONFIG_SBINDIR,"${withval}",[kernel directory]), + ) + + dnl Optional man directory + AC_ARG_WITH(man, +- [ --with-man=DIR Set manpage dir. [/usr/man]], ++ [ --with-man=DIR Set manpage dir. [/usr/share/man]], + CONFIG_MANDIR="${withval}" +- AC_DEFINE(CONFIG_MANDIR,"${withval}"), ++ AC_DEFINE(CONFIG_MANDIR,"${withval}",[man directory]), + ) + + AC_SUBST(INSTALL) +--- isdn4k-utils-CVS-2004-11-18/eicon/configure.in.ac25x 2002-07-19 20:42:01.000000000 +0200 ++++ isdn4k-utils-CVS-2004-11-18/eicon/configure.in 2004-11-18 17:47:52.646739895 +0100 +@@ -35,21 +35,21 @@ + AC_ARG_WITH(firmware, + [ --with-firmware=DIR Set dir where firmware istalled. [/usr/lib/isdn]], + CONFIG_DATADIR="${withval}" +- AC_DEFINE(CONFIG_DATADIR,"${withval}"), ++ AC_DEFINE(CONFIG_DATADIR,"${withval}",[data dir]), + ) + + dnl Optional sbin directory + AC_ARG_WITH(sbin, + [ --with-sbin=DIR Set dir where binary is istalled. [/sbin]], + CONFIG_SBINDIR="${withval}" +- AC_DEFINE(CONFIG_SBINDIR,"${withval}"), ++ AC_DEFINE(CONFIG_SBINDIR,"${withval}",[sbin dir]), + ) + + dnl Optional man directory + AC_ARG_WITH(man, + [ --with-man=DIR Set manpage dir. [/usr/man]], + CONFIG_MANDIR="${withval}" +- AC_DEFINE(CONFIG_MANDIR,"${withval}"), ++ AC_DEFINE(CONFIG_MANDIR,"${withval}",[man dir]), + ) + + dnl Check, if user wants dump option for debugging +@@ -58,10 +58,10 @@ + CONFIG_EICONCTRL_DEBUG="y" + ) + +-AC_DEFINE(HAVE_XLOG) ++AC_DEFINE(HAVE_XLOG,1,[define if you have xlog]) + AC_SUBST(HAVE_XLOG) + +-AC_DEFINE(HAVE_TRACE) ++AC_DEFINE(HAVE_TRACE,1,[define if you have trace]) + AC_SUBST(HAVE_TRACE) + + AC_SUBST(HAVE_NPCI) diff --git a/src/patches/isdn4k-utils-CVS-2006-02-13-cleanup.patch b/src/patches/isdn4k-utils-CVS-2006-02-13-cleanup.patch new file mode 100644 index 0000000000..09a3118234 --- /dev/null +++ b/src/patches/isdn4k-utils-CVS-2006-02-13-cleanup.patch @@ -0,0 +1,125 @@ +*** ./icn/icnctrl.c.old 2002-11-27 14:30:43.000000000 +0000 +--- ./icn/icnctrl.c 2002-11-27 14:31:10.000000000 +0000 +*************** +*** 223,229 **** + icn_cdef newcard; + + cmd = strrchr(argv[0], '/'); +! cmd = (cmd == NULL) ? argv[0] : ++cmd; + if (argc > 1) { + if (!strcmp(argv[1], "-d")) { + strcpy(ioctl_s.drvid, argv[2]); +--- 223,229 ---- + icn_cdef newcard; + + cmd = strrchr(argv[0], '/'); +! cmd = (cmd == NULL) ? argv[0] : (cmd + 1); + if (argc > 1) { + if (!strcmp(argv[1], "-d")) { + strcpy(ioctl_s.drvid, argv[2]); +*** ./isdnlog/isdnlog/processor.c.old 2002-11-27 14:27:28.000000000 +0000 +--- ./isdnlog/isdnlog/processor.c 2002-11-27 14:27:41.000000000 +0000 +*************** +*** 3497,3503 **** + isdn_net_ioctl_phone netdvX_phone; + #endif + } phone; +! auto int rc, chan, l1, l2, lmin, lmax, ldiv, match; + + if ((iflst = fopen("/proc/net/dev", "r")) == NULL) + return(-1); +--- 3497,3503 ---- + isdn_net_ioctl_phone netdvX_phone; + #endif + } phone; +! auto int rc, chan = 0, l1, l2, lmin, lmax, ldiv, match; + + if ((iflst = fopen("/proc/net/dev", "r")) == NULL) + return(-1); +*** ./isdnlog/isdnrep/isdnbill.c.old 2002-11-27 14:30:11.000000000 +0000 +--- ./isdnlog/isdnrep/isdnbill.c 2002-11-27 14:30:22.000000000 +0000 +*************** +*** 874,880 **** + #endif + auto char s[BUFSIZ], sx[BUFSIZ]; + auto int i, l, col, day, lday = UNKNOWN, month, lmonth = UNKNOWN; +! auto double dur; + auto char *version; + auto char *myname = basename(argv[0]); + auto int opt, go, s0, indent; +--- 874,880 ---- + #endif + auto char s[BUFSIZ], sx[BUFSIZ]; + auto int i, l, col, day, lday = UNKNOWN, month, lmonth = UNKNOWN; +! auto double dur = 0.0; + auto char *version; + auto char *myname = basename(argv[0]); + auto int opt, go, s0, indent; +*** ./isdnlog/isdnrep/isdnrep.c.old 2002-11-27 14:29:13.000000000 +0000 +--- ./isdnlog/isdnrep/isdnrep.c 2002-11-27 14:29:50.000000000 +0000 +*************** +*** 2593,2599 **** + { + static char String[256]; + one_call *tmp_call; +! int RetCode; + + + if (bill) +--- 2593,2599 ---- + { + static char String[256]; + one_call *tmp_call; +! int RetCode = 0; + + + if (bill) +*** ./isdnlog/tools/zone.c.old 2002-11-27 14:28:01.000000000 +0000 +--- ./isdnlog/tools/zone.c 2002-11-27 14:28:11.000000000 +0000 +*************** +*** 531,537 **** + char *p = value.dptr; + char to[10]; + US count; +! int ito; + unsigned char z=0; + if (sthp->cc) /* if areacodes */ + /* here is since 1.00 a zero-terminated strring */ +--- 531,537 ---- + char *p = value.dptr; + char to[10]; + US count; +! int ito = 0; + unsigned char z=0; + if (sthp->cc) /* if areacodes */ + /* here is since 1.00 a zero-terminated strring */ +*** ./loop/loopctrl.c.old 2002-11-27 14:32:08.000000000 +0000 +--- ./loop/loopctrl.c 2002-11-27 14:32:23.000000000 +0000 +*************** +*** 175,181 **** + isdnloop_sdef startparm; + + cmd = strrchr(argv[0], '/'); +! cmd = (cmd == NULL) ? argv[0] : ++cmd; + if (argc > 1) { + if (!strcmp(argv[1], "-d")) { + strcpy(ioctl_s.drvid, argv[2]); +--- 175,181 ---- + isdnloop_sdef startparm; + + cmd = strrchr(argv[0], '/'); +! cmd = (cmd == NULL) ? argv[0] : (cmd + 1); + if (argc > 1) { + if (!strcmp(argv[1], "-d")) { + strcpy(ioctl_s.drvid, argv[2]); +--- eicon/eiconctrl.c.orig 2006-04-19 16:16:02.000000000 +0200 ++++ eicon/eiconctrl.c 2006-04-19 16:17:25.000000000 +0200 +@@ -1970,7 +1970,7 @@ + val = strtol(p, &q, 16); + p = q; + val = strtol(p, &q, 16); +- (unsigned short) *buffer = (unsigned short) val; ++ *buffer = (unsigned short) val; + pos = 2; + while ((p != q) && (*q != 0)) { + p = q; diff --git a/src/patches/isdn4k-utils-CVS-2006-07-20-pppd-2.4.4.patch b/src/patches/isdn4k-utils-CVS-2006-07-20-pppd-2.4.4.patch new file mode 100644 index 0000000000..64918c0130 --- /dev/null +++ b/src/patches/isdn4k-utils-CVS-2006-07-20-pppd-2.4.4.patch @@ -0,0 +1,11 @@ +--- isdn4k-utils-CVS-2006-07-20/pppdcapiplugin/Makefile.me 2006-07-19 16:43:45.000000000 +0200 ++++ isdn4k-utils-CVS-2006-07-20/pppdcapiplugin/Makefile 2006-07-19 16:43:59.000000000 +0200 +@@ -18,7 +18,7 @@ + PPPSRCDIRS=/src/isdn/pppd + + ifeq ($(PPPVERSIONS),) +-PPPVERSIONS = 2.4.3 ++PPPVERSIONS = 2.4.3 2.4.4 + endif + + PEERDIR=${DESTDIR}/etc/ppp/peers/isdn diff --git a/src/patches/isdn4k-utils-CVS-2006-07-20-redhat.patch b/src/patches/isdn4k-utils-CVS-2006-07-20-redhat.patch new file mode 100644 index 0000000000..ff1fc6d4b9 --- /dev/null +++ b/src/patches/isdn4k-utils-CVS-2006-07-20-redhat.patch @@ -0,0 +1,967 @@ +--- isdn4k-utils-CVS-2003-09-23/act2000/Makefile.in.redhat 2002-07-19 21:03:49.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/act2000/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -5,8 +5,8 @@ + # + # + SHELL = /bin/sh +-CFLAGS = -Wall -O2 +-INCLUDES = -I. ++CFLAGS = $(RPM_OPT_FLAGS) ++INCLUDES = -I. + DEFS = + LDFLAGS = -L../lib @LIBS@ + PROGRAM = actctrl +@@ -18,9 +18,9 @@ + MANDIR = @CONFIG_MANDIR@ + MAN8DIR = $(MANDIR)/man8 + INSTALL = @INSTALL@ +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0750 +-INSTALL_DATA = $(INSTALL) -o 0 -g 0 -m 0644 +-INSTALL_MAN = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0750 ++INSTALL_DATA = $(INSTALL) -m 0644 ++INSTALL_MAN = $(INSTALL) -m 0644 + prefix = @prefix@ + exec_prefix = @exec_prefix@ + CC = @CC@ +--- isdn4k-utils-CVS-2003-09-23/areacode/Makefile.in.redhat 1999-06-19 11:39:59.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/areacode/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -12,7 +12,7 @@ + # only ones that _really_ exist on _every_ system. + # + BUILDOPTS := $(DATAOPTS) +- INSTALLOPTS := $(DATAOPTS) INSTALL="install -o 0 -g 0 -m 644" ++ INSTALLOPTS := $(DATAOPTS) INSTALL="install -m 644" + endif + + all: .depend +--- isdn4k-utils-CVS-2003-09-23/avmb1/Makefile.in.redhat 2002-07-19 21:03:50.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/avmb1/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -5,7 +5,7 @@ + # + # + SHELL = /bin/sh +-CFLAGS = -Wall -O2 ++CFLAGS = $(RPM_OPT_FLAGS) + LDFLAGS = -L../lib @LIBS@ + INCLUDES = -I. + PROGRAMS = avmcapictrl +@@ -15,8 +15,8 @@ + MANDIR = @CONFIG_MANDIR@ + MAN8DIR = $(MANDIR)/man8 + INSTALL = @INSTALL@ +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0750 +-INSTALL_MAN = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0750 ++INSTALL_MAN = $(INSTALL) -m 0644 + prefix = @prefix@ + exec_prefix = @exec_prefix@ + CC = @CC@ +--- isdn4k-utils-CVS-2003-09-23/capifax/Makefile.am.redhat 2000-03-03 16:54:12.000000000 +0100 ++++ isdn4k-utils-CVS-2003-09-23/capifax/Makefile.am 2003-09-30 17:44:24.000000000 +0200 +@@ -8,7 +8,7 @@ + stamp-h.in + + INCLUDES = -I../capi20 $(all_includes) +-CFLAGS = -Wall -O2 ++CFLAGS = -Wall $(RPM_OPT_FLAGS) + LDFLAGS = -L../capi20/.libs -L../capi20 $(all_libraries) + LDADD = -lcapi20 + +--- isdn4k-utils-CVS-2003-09-23/capiinfo/Makefile.am.redhat 2000-10-20 19:14:20.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/capiinfo/Makefile.am 2003-09-30 17:44:24.000000000 +0200 +@@ -8,7 +8,7 @@ + stamp-h.in comperr + + INCLUDES = -I../capi20 $(all_includes) +-CFLAGS = -Wall -O2 ++CFLAGS = -Wall $(RPM_OPT_FLAGS) + LDFLAGS = -L../capi20/.libs -L../capi20 $(all_libraries) + LDADD = -lcapi20 + +--- isdn4k-utils-CVS-2003-09-23/capiinit/Makefile.am.redhat 2000-03-17 17:19:43.000000000 +0100 ++++ isdn4k-utils-CVS-2003-09-23/capiinit/Makefile.am 2003-09-30 17:44:24.000000000 +0200 +@@ -8,7 +8,7 @@ + stamp-h.in comperr core + + INCLUDES = $(all_includes) +-CFLAGS = -Wall -O2 -D_GNU_SOURCE # -g ++CFLAGS = -Wall -D_GNU_SOURCE $(RPM_OPT_FLAGS) + LDFLAGS = $(all_libraries) + LDADD = + +--- isdn4k-utils-CVS-2003-09-23/divertctrl/Makefile.in.redhat 2002-07-19 21:03:51.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/divertctrl/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -5,16 +5,16 @@ + # + # + SHELL = /bin/sh +-CFLAGS = -Wall -O2 +-INCLUDES = -I. ++CFLAGS = -Wall $(RPM_OPT_FLAGS) ++INCLUDES = -I. + DEFS = + LDFLAGS = -L../lib @LIBS@ + PROGRAM = divertctrl + MODULES = divertctrl.o + MANPAGE = divertctrl.8 + INSTALL = @INSTALL@ +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0750 +-INSTALL_MAN = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0750 ++INSTALL_MAN = $(INSTALL) -m 0644 + prefix = @prefix@ + exec_prefix = @exec_prefix@ + ifeq (../.config,$(wildcard ../.config)) +--- isdn4k-utils-CVS-2003-09-23/doc/Makefile.in.redhat 1999-12-24 15:14:50.000000000 +0100 ++++ isdn4k-utils-CVS-2003-09-23/doc/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -9,7 +9,7 @@ + SED = @SED@ + MANDIR = @CONFIG_MANDIR@ + MANPAGES = ttyI.4 isdninfo.4 isdn_audio.4 isdnctrl.4 isdn_cause.7 +-INSTALL_MAN = @INSTALL@ -o 0 -g 0 -m 0644 ++INSTALL_MAN = @INSTALL@ -m 0644 + prefix = @prefix@ + + %.1: %.man +--- isdn4k-utils-CVS-2003-09-23/eicon/Makefile.in.redhat 2002-07-19 20:42:01.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/eicon/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -7,8 +7,8 @@ + # + + SHELL = /bin/sh +-CFLAGS = -Wall -O2 -DUNIX -DLINUX +-INCLUDES = -I. -Iinclude ++CFLAGS = -Wall -DUNIX -DLINUX $(RPM_OPT_FLAGS) ++INCLUDES = -I. -Iinclude + LDFLAGS = -L../lib @LIBS@ + PROGRAMS = + PROGRAM = eiconctrl +@@ -22,9 +22,9 @@ + DATA_DIR = @CONFIG_DATADIR@ + MANDIR = @CONFIG_MANDIR@ + MAN8DIR = $(MANDIR)/man8 +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0750 +-INSTALL_DATA = $(INSTALL) -o 0 -g 0 -m 0644 +-INSTALL_MAN = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0750 ++INSTALL_DATA = $(INSTALL) -m 0644 ++INSTALL_MAN = $(INSTALL) -m 0644 + CC = @CC@ + COPTS = -DDATADIR=\"$(shell echo $(DESTDIR)$(DATA_DIR))\" + +--- isdn4k-utils-CVS-2003-09-23/hisax/Makefile.in.redhat 2002-07-19 21:03:51.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/hisax/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -6,7 +6,7 @@ + # + # + SHELL = /bin/sh +-CFLAGS = -Wall -O2 -I. ++CFLAGS = -Wall $(RPM_OPT_FLAGS) -I. + LDFLAGS = -L../lib @LIBS@ + PROGRAMS = + MODULES = hisaxctrl.o +@@ -16,9 +16,9 @@ + DATADIR = @CONFIG_DATADIR@ + MANDIR = @CONFIG_MANDIR@ + MAN8DIR = $(MANDIR)/man8 +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0750 +-INSTALL_DATA = $(INSTALL) -o 0 -g 0 -m 0644 +-INSTALL_MAN = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0750 ++INSTALL_DATA = $(INSTALL) -m 0644 ++INSTALL_MAN = $(INSTALL) -m 0644 + prefix = @prefix@ + exec_prefix = @exec_prefix@ + ifeq ("@CONFIG_HISAXCTRL@","y") +--- isdn4k-utils-CVS-2003-09-23/icn/Makefile.in.redhat 2002-07-19 21:03:52.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/icn/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -5,8 +5,8 @@ + # + # + SHELL = /bin/sh +-CFLAGS = -Wall -O2 +-INCLUDES = -I. ++CFLAGS = -Wall $(RPM_OPT_FLAGS) ++INCLUDES = -I. + DEFS = + LDFLAGS = -L../lib @LIBS@ + PROGRAM = icnctrl +@@ -17,9 +17,9 @@ + DATADIR = @CONFIG_DATADIR@ + MANDIR = @CONFIG_MANDIR@ + MAN8DIR = $(MANDIR)/man8 +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0750 +-INSTALL_DATA = $(INSTALL) -o 0 -g 0 -m 0644 +-INSTALL_MAN = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0750 ++INSTALL_DATA = $(INSTALL) -m 0644 ++INSTALL_MAN = $(INSTALL) -m 0644 + CC = @CC@ + COPTS = + +--- isdn4k-utils-CVS-2003-09-23/imon/Makefile.in.redhat 2002-07-19 21:03:53.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/imon/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -7,8 +7,8 @@ + # + # + SHELL = /bin/sh +-CFLAGS = -Wall -O2 +-INCLUDES = -I. ++CFLAGS = -Wall $(RPM_OPT_FLAGS) ++INCLUDES = -I. + LDFLAGS = -L../lib @LIBS@ + PROGRAM = imon + MODULES = imon.o +@@ -18,8 +18,8 @@ + SBINDIR = @CONFIG_SBINDIR@ + MAN8DIR = $(MANDIR)/man8 + INSTALL = @INSTALL@ +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0750 +-INSTALL_MAN = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0750 ++INSTALL_MAN = $(INSTALL) -m 0644 + prefix = @prefix@ + exec_prefix = @exec_prefix@ + CC = @CC@ +--- isdn4k-utils-CVS-2003-09-23/imontty/Makefile.redhat 2002-07-19 23:23:53.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/imontty/Makefile 2003-09-30 17:44:24.000000000 +0200 +@@ -15,14 +15,14 @@ + # Manual config standalone + # + CONFIG_SBINDRIR := /sbin +- MAN8DIR := /usr/man/man8 ++ MAN8DIR := /usr/share/man/man8 + endif + + INSTALL=install +-INSTALL_MAN=$(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_MAN=$(INSTALL) -m 0644 + MANPAGE=imontty.8 + +-CCFLAGS=-O2 ++CCFLAGS=$(RPM_OPT_FLAGS) + #CCFLAGS=-I$(ISDN_INCLUDE) -g + + # nothing to change behind this line +@@ -34,13 +34,6 @@ + imontty: imontty.c imontty.h + cc $(CCFLAGS) -o imontty imontty.c + +-rootperm: +- @echo 'main(int argc,char**argv){unlink(argv[0]);return(getuid()==0);}'>g +- @if gcc -x c -o G g && rm -f g && ./G ; then \ +- echo -e "\n\n Need root permission for (de)installation!\n\n"; \ +- exit 1; \ +- fi +- + imontty.8: imontty.8.in + MANDATE=`grep CHECKIN $< | awk '{print $$4}'`; \ + sed \ +@@ -52,10 +45,10 @@ + mkdir -p $(DESTDIR)$(MAN8DIR) + $(INSTALL_MAN) $< $(DESTDIR)$(MAN8DIR)/$(MANPAGE) + +-install: $(PROGS) rootperm install-man +- install -s -o 0 -g 0 -m 0755 $(PROGS) $(DESTDIR)$(CONFIG_SBINDIR) ++install: $(PROGS) install-man ++ install -m 0755 $(PROGS) $(DESTDIR)$(CONFIG_SBINDIR) + +-uninstall: rootperm ++uninstall: + for i in $(PROGS) ; do rm -f $(DESTDIR)$(CONFIG_SBINDIR)/$$i; done + + clean: +--- isdn4k-utils-CVS-2003-09-23/ipppstats/Makefile.in.redhat 2002-07-19 21:03:54.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/ipppstats/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -6,14 +6,14 @@ + MANDIR = @CONFIG_MANDIR@ + CC = @CC@ + INSTALL = @INSTALL@ +-INSTALL_SBIN = $(INSTALL) -m 755 -o 0 -g 0 +-INSTALL_DATA = $(INSTALL) -m 644 -o 0 -g 0 +-INSTALL_DIR = $(INSTALL) -m 755 -o 0 -g 0 -d ++INSTALL_SBIN = $(INSTALL) -m 755 ++INSTALL_DATA = $(INSTALL) -m 644 ++INSTALL_DIR = $(INSTALL) -m 755 -d + + PPPSTATSRCS = ipppstats.c + PPPSTATOBJS = ipppstats.o + +-CFLAGS = -fomit-frame-pointer -O2 ++CFLAGS = $(RPM_OPT_FLAGS) + + all: ipppstats + +--- isdn4k-utils-CVS-2003-09-23/iprofd/Makefile.in.redhat 2002-07-19 23:23:53.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/iprofd/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -5,8 +5,8 @@ + # + # + SHELL = /bin/sh +-CFLAGS = -Wall -O2 +-INCLUDES = -I. ++CFLAGS = -Wall $(RPM_OPT_FLAGS) ++INCLUDES = -I. + LDFLAGS = -L../lib @LIBS@ + PROGRAM = iprofd + MODULES = iprofd.o +@@ -15,8 +15,8 @@ + MANDIR = @CONFIG_MANDIR@ + MAN8DIR = $(MANDIR)/man8 + INSTALL = @INSTALL@ +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0750 +-INSTALL_MAN = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0750 ++INSTALL_MAN = $(INSTALL) -m 0644 + prefix = @prefix@ + exec_prefix = @exec_prefix@ + CC = @CC@ +--- isdn4k-utils-CVS-2003-09-23/isdnctrl/Makefile.in.redhat 2002-07-19 23:23:54.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/isdnctrl/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -5,8 +5,8 @@ + # + # + SHELL = /bin/sh +-CFLAGS = -Wall -O2 +-INCLUDES = -I. ++CFLAGS = -Wall $(RPM_OPT_FLAGS) ++INCLUDES = -I. + LDFLAGS = @LIBS@ + PROGRAM = isdnctrl + MODULES = isdnctrl.o +@@ -15,8 +15,8 @@ + MANDIR = @CONFIG_MANDIR@ + MAN8DIR = $(MANDIR)/man8 + INSTALL = @INSTALL@ +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0750 +-INSTALL_MAN = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0750 ++INSTALL_MAN = $(INSTALL) -m 0644 + CC = @CC@ -DVERSION=\"@I4LVERSION@\" + prefix = @prefix@ + exec_prefix = @exec_prefix@ +--- isdn4k-utils-CVS-2003-09-23/isdnlog/samples/callerid.conf.redhat 2000-09-08 10:55:51.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/isdnlog/samples/callerid.conf 2003-09-30 17:44:24.000000000 +0200 +@@ -2,38 +2,31 @@ + # + # More information: See the isdnlog documentation + ++#INTERFACE = ippp0 # Isdn network interface. This information is required ++ # with the "-hx" / hangup="value" option. ++ ++ + [MSN] + NUMBER = 4711 + ALIAS = Phone + SI = 1 + ZONE = 1 +-START = { +- [FLAG] +- FLAGS = I|O|R|C|B|A|E|H +- PROGRAM = /bin/myprog \$1 \$2 \$3 Phone +-} ++#START = { ++# [FLAG] ++# FLAGS = I|O|R|C|B|A|E|H ++# PROGRAM = /bin/myprog \$1 \$2 \$3 Phone ++#} + + [MSN] + NUMBER = 4711 + ALIAS = HDLC + SI = 7 + ZONE = 1 +-START = { +- [FLAG] +- FLAGS = I|O|R|C|B|A|E| +- PROGRAM = /bin/myprog \$1 \$2 \$3 HDLC @/home/user1/parameter +-} +- +-[MSN] +-NUMBER = 4712 +-ALIAS = Modem +-SI = 1 +-ZONE = 1 +-START = { +- [FLAG] +- FLAGS = I|O|R|C|B|A|E|H +- PROGRAM = /bin/myprog \$1 \$2 \$3 Modem +-} ++#START = { ++# [FLAG] ++# FLAGS = I|O|R|C|B|A|E| ++# PROGRAM = /bin/myprog \$1 \$2 \$3 HDLC @/home/user1/parameter ++#} + + [NUMBER] + NUMBER = 01910 +--- isdn4k-utils-CVS-2003-09-23/isdnlog/tools/cdb/Makefile.in.redhat 2000-08-15 17:16:23.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/isdnlog/tools/cdb/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -20,7 +20,7 @@ + BINDIR:=$(DESTDIR)@prefix@/bin + INCDIR:=$(DESTDIR)@prefix@/include + +-CFLAGS:=-Wall -O2 ++CFLAGS:=-Wall $(RPM_OPT_FLAGS) + + all: depend $(FILES) + +@@ -46,7 +46,7 @@ + install -d -m0755 $(MAN1DIR) $(MAN3DIR) $(LIBDIR) $(BINDIR) \ + $(INCDIR) + +-install: ++install: install-dirs + install -m0755 $(BINS) $(BINDIR) + install -m0644 $(MAN1) $(MAN1DIR) + install -m0644 $(MAN3) $(MAN3DIR) +--- isdn4k-utils-CVS-2003-09-23/isdnlog/tools/dest/Makefile.in.redhat 2003-07-25 23:23:15.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/isdnlog/tools/dest/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -6,7 +6,7 @@ + -include ../../../.config + BZIP2 = @BZIP2@ + SHELL = /bin/sh +-CFLAGS = -Wall -g ++CFLAGS = -Wall $(RPM_OPT_FLAGS) + INCLUDES = + LDFLAGS = @DBMLIB@ + export DBEXT = @DBEXT@ +@@ -20,9 +20,9 @@ + SBINDIR = @CONFIG_SBINDIR@ + MAN8DIR = $(MANDIR)/man8 + INSTALL = @INSTALL@ +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0750 +-INSTALL_MAN = $(INSTALL) -o 0 -g 0 -m 0644 +-INSTALL_DATA = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0750 ++INSTALL_MAN = $(INSTALL) -m 0644 ++INSTALL_DATA = $(INSTALL) -m 0644 + prefix = @prefix@ + exec_prefix = @exec_prefix@ + DATADIR = @datadir@ +--- isdn4k-utils-CVS-2003-09-23/isdnlog/tools/telrate/Makefile.in.redhat 1999-12-24 15:17:08.000000000 +0100 ++++ isdn4k-utils-CVS-2003-09-23/isdnlog/tools/telrate/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -8,8 +8,8 @@ + CGIDIR = @CGIDIR@ + TELDIR = @TELDIR@ + INSTALL = @INSTALL@ +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0755 +-INSTALL_FILE = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0755 ++INSTALL_FILE = $(INSTALL) -m 0644 + + FILES = index.html info.html *.jpg *.gif tt.js + +--- isdn4k-utils-CVS-2003-09-23/isdnlog/tools/zone/Makefile.in.redhat 2003-03-11 14:08:00.000000000 +0100 ++++ isdn4k-utils-CVS-2003-09-23/isdnlog/tools/zone/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -5,7 +5,7 @@ + # + BZIP2 = @BZIP2@ + SHELL = /bin/sh +-CFLAGS = -Wall -g ++CFLAGS = -Wall $(RPM_OPT_FLAGS) + INCLUDES = + LDFLAGS = @DBMLIB@ + CDBEXTRALIBS = @CDBEXTRALIBS@ +@@ -20,8 +20,8 @@ + SBINDIR = @CONFIG_SBINDIR@ + MAN8DIR = $(MANDIR)/man8 + INSTALL = @INSTALL@ +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0750 +-INSTALL_MAN = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0750 ++INSTALL_MAN = $(INSTALL) -m 0644 + prefix = @prefix@ + exec_prefix = @exec_prefix@ + #CC = @CC@ -V2.7.2.3 +--- isdn4k-utils-CVS-2003-09-23/isdnlog/Makefile.in.redhat 2003-08-26 21:46:11.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/isdnlog/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -1542,10 +1542,10 @@ + # autoconf isdnlog specific stuff + # + INSTALL := @INSTALL@ +-INSTALL_DIR := $(INSTALL) -m 0755 -o 0 -g 0 -d +-INSTALL_SBIN := $(INSTALL) -m 0700 -o 0 -g 0 +-INSTALL_BIN := $(INSTALL) -m 0755 -o 0 -g 0 +-INSTALL_DATA := $(INSTALL) -m 0644 -o 0 -g 0 ++INSTALL_DIR := $(INSTALL) -m 0755 -d ++INSTALL_SBIN := $(INSTALL) -m 0700 ++INSTALL_BIN := $(INSTALL) -m 0755 ++INSTALL_DATA := $(INSTALL) -m 0644 + + BZIP2 := @BZIP2@ + BUNZIP2 := $(BZIP2) -f -d +@@ -1600,9 +1600,9 @@ + SUBDIRS += $(LIBISDNDIR) + endif + +-# export CFLAGS = -Wall -pipe -O6 -fomit-frame-pointer -fforce-mem -fforce-addr -funroll-loops -fstrength-reduce ++# export CFLAGS = -Wall -pipe -frame-pointer -fforce-mem -fforce-addr -funroll-loops -fstrength-reduce + +-export CFLAGS = -Wall -pipe ++export CFLAGS = -Wall $(RPM_OPT_FLAGS) + ifndef _CC + export _CC = gcc + endif +@@ -1837,8 +1837,7 @@ + echo ""; echo 'Do "make (un)install" as root!' ;echo ""; false; \ + fi + +-uninstall: rootperm +- if ps x | fgrep $(ISDNLOG) >/dev/null; then kill `cat $(RUNDIR)/isdnlog.isdnctrl0.pid` 2>/dev/null; fi ++uninstall: + rm -f $(DESTDIR)$(SBINDIR)/$(ISDNLOG) \ + $(DESTDIR)$(BINDIR)/$(ISDNREP) \ + $(DESTDIR)$(BINDIR)/$(ISDNCONF) +@@ -1859,7 +1858,7 @@ + $(DESTDIR)$(DATADIR)/dest.cdb + + +-installdirs: rootperm ++installdirs: + $(INSTALL_DIR) $(DESTDIR)$(I4LCONFDIR) + $(INSTALL_DIR) $(DESTDIR)$(BINDIR) + $(INSTALL_DIR) $(DESTDIR)$(SBINDIR) +@@ -1868,7 +1867,7 @@ + $(INSTALL_DIR) $(DESTDIR)$(MAN8DIR) + $(INSTALL_DIR) $(DESTDIR)$(DATADIR) + +-install: all rootperm installdirs install-conf install-data install-progs ++install: all installdirs install-conf install-data install-progs + + install-old-conf: + @if [ -n "$(DESTDIR)$(OLDCONFDIR)" -a "$(DESTDIR)$(OLDCONFDIR)" != '/' ] ; then \ +--- isdn4k-utils-CVS-2003-09-23/lib/Makefile.in.redhat 1999-12-12 18:22:36.000000000 +0100 ++++ isdn4k-utils-CVS-2003-09-23/lib/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -11,7 +11,7 @@ + # Install as root with numeric Id's, since these are the + # only ones that _really_ exist on _every_ system. + # +- INSTALLOPTS += INSTALL= install -o 0 -g 0 -m 644 ++ INSTALLOPTS += INSTALL= install -m 644 + endif + + all: .depend +--- isdn4k-utils-CVS-2003-09-23/loop/Makefile.in.redhat 2002-07-19 21:03:56.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/loop/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -5,16 +5,16 @@ + # + # + SHELL = /bin/sh +-CFLAGS = -Wall -O2 +-INCLUDES = -I. ++CFLAGS = -Wall $(RPM_OPT_FLAGS) ++INCLUDES = -I. + DEFS = + LDFLAGS = -L../lib @LIBS@ + PROGRAM = loopctrl + MODULES = loopctrl.o + MANPAGE = loopctrl.8 + INSTALL = @INSTALL@ +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0750 +-INSTALL_MAN = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0750 ++INSTALL_MAN = $(INSTALL) -m 0644 + prefix = @prefix@ + exec_prefix = @exec_prefix@ + ifeq (../.config,$(wildcard ../.config)) +--- isdn4k-utils-CVS-2003-09-23/pcbit/Makefile.in.redhat 2002-07-19 21:03:57.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/pcbit/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -5,8 +5,8 @@ + # + # + SHELL = /bin/sh +-CFLAGS = -Wall -Wstrict-prototypes -O2 -g +-INCLUDES = -I. -DDEBUG ++CFLAGS = -Wall -Wstrict-prototypes $(RPM_OPT_FLAGS) ++INCLUDES = -I. -DDEBUG + LDFLAGS = -L../lib @LIBS@ + PROGRAM = pcbitctl + MODULES = pcbitctl.o convhexbin.o +@@ -15,8 +15,8 @@ + MANDIR = @CONFIG_MANDIR@ + MAN8DIR = $(MANDIR)/man8 + INSTALL = @INSTALL@ +-INSTALL_PROGRAM = $(INSTALL) -o 0 -g 0 -m 0750 +-INSTALL_MAN = $(INSTALL) -o 0 -g 0 -m 0644 ++INSTALL_PROGRAM = $(INSTALL) -m 0750 ++INSTALL_MAN = $(INSTALL) -m 0644 + prefix = @prefix@ + exec_prefix = @exec_prefix@ + CC = @CC@ +--- isdn4k-utils-CVS-2003-09-23/pppdcapiplugin/ppp-2.4.1/Makefile.redhat 2001-05-01 14:43:50.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/pppdcapiplugin/ppp-2.4.1/Makefile 2003-09-30 17:44:24.000000000 +0200 +@@ -8,7 +8,7 @@ + # as published by the Free Software Foundation; either version + # 2 of the License, or (at your option) any later version. + +-PLUGINDIR=${DESTDIR}/usr/lib/pppd/$(PPPVERSION) ++PLUGINDIR=${DESTDIR}/$(LIBDIR)/pppd/$(PPPVERSION) + + include $(TOPDIR)/Rules.make + +--- isdn4k-utils-CVS-2003-09-23/rcapid/Makefile.am.redhat 2002-07-19 23:23:54.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/rcapid/Makefile.am 2003-09-30 17:44:24.000000000 +0200 +@@ -8,7 +8,7 @@ + stamp-h.in comperr + + INCLUDES = -I../capi20 $(all_includes) +-CFLAGS = -Wall -O2 ++CFLAGS = -Wall $(RPM_OPT_FLAGS) + LDFLAGS = -L../capi20/.libs -L../capi20 $(all_libraries) + LDADD = -lcapi20 + +--- isdn4k-utils-CVS-2003-09-23/vbox/examples/vboxd.conf.example.redhat 1997-04-28 18:51:29.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/vbox/examples/vboxd.conf.example 2003-09-30 17:44:24.000000000 +0200 +@@ -5,7 +5,7 @@ + # login (server startup) time. If access is 'yes' the host can login + # and count messages without special access. + +-L:localhost:Y ++#L:localhost:Y + L:*:N + + # Full access list +@@ -13,7 +13,7 @@ + # All hosts in the full access list (begins with 'A') are checked if the + # server gets the 'login' command. + +-A:localhost:RW:michael:xxx:/var/spool/vbox/michael:incoming +-A:localhost:RW:nicole:xxx:/var/spool/vbox/nicole:incoming ++#A:localhost:RW:michael:xxx:/var/spool/vbox/michael:incoming ++#A:localhost:RW:nicole:xxx:/var/spool/vbox/nicole:incoming + + A:*:!:!:!:!:! +--- isdn4k-utils-CVS-2003-09-23/vbox/examples/vboxgetty.conf.example.redhat 1997-10-22 22:46:58.000000000 +0200 ++++ isdn4k-utils-CVS-2003-09-23/vbox/examples/vboxgetty.conf.example 2003-09-30 17:44:24.000000000 +0200 +@@ -20,18 +20,18 @@ + + # Settings for port ttyI6 + +-port /dev/ttyI6 +- modeminit ATZ&B512&E7830022 +- user nicole +- group users +- spooldir /var/spool/vbox/nicole ++#port /dev/ttyI6 ++# modeminit ATZ&B512&E7830022 ++# user nicole ++# group users ++# spooldir /var/spool/vbox/nicole + + + # Settings for port ttyI7 + +-port /dev/ttyI7 +- modeminit ATZ&B512&E7850413 +- user michael +- group users +- spooldir /var/spool/vbox/michael ++#port /dev/ttyI7 ++# modeminit ATZ&B512&E7850413 ++# user michael ++# group users ++# spooldir /var/spool/vbox/michael + +--- isdn4k-utils-CVS-2003-09-23/vbox/Makefile.in.redhat 2002-01-31 21:05:40.000000000 +0100 ++++ isdn4k-utils-CVS-2003-09-23/vbox/Makefile.in 2003-09-30 17:44:24.000000000 +0200 +@@ -14,33 +14,33 @@ + # [*] Program to install binaries to the sbin directory (eg vboxgetty): # + #----------------------------------------------------------------------------# + +-INSTALL_SBIN = @INSTALL@ -m 750 -o root -g root -s ++INSTALL_SBIN = @INSTALL@ -m 750 + + #----------------------------------------------------------------------------# + # [*] Program to install binaries to the bin directory (eg vboxconvert): # + #----------------------------------------------------------------------------# + +-INSTALL_BIN = @INSTALL@ -m 755 -o root -g root -s ++INSTALL_BIN = @INSTALL@ -m 755 + + #----------------------------------------------------------------------------# + # [*] Program to install bash scripts to the bin directory (eg vboxplay): # + #----------------------------------------------------------------------------# + +-INSTALL_SHBIN = @INSTALL@ -m 755 -o root -g root ++INSTALL_SHBIN = @INSTALL@ -m 755 + + #----------------------------------------------------------------------------# + # [*] Program to install binaries to the bin directory and set the suid bit # + # (eg vboxbeep): # + #----------------------------------------------------------------------------# + +-INSTALL_UBIN = @INSTALL@ -m 4755 -o root -g root -s ++INSTALL_UBIN = @INSTALL@ -m 4755 + + #----------------------------------------------------------------------------# + # [*] Program to install configurations to sysconf directory # + # (eg vboxgetty.conf): # + #----------------------------------------------------------------------------# + +-INSTALL_SYSCONF = @INSTALL@ -m 640 -o root -g root ++INSTALL_SYSCONF = @INSTALL@ -m 640 + + #----------------------------------------------------------------------------# + # [*] Program to create missing directories: # +--- isdn4k-utils-CVS-2003-09-23/xisdnload/Imakefile.redhat 1998-03-08 19:54:01.000000000 +0100 ++++ isdn4k-utils-CVS-2003-09-23/xisdnload/Imakefile 2003-09-30 17:44:24.000000000 +0200 +@@ -21,7 +21,7 @@ + OBJS = xisdnload.o + OSMAJORVERSION = OSMajorVersion + OSMINORVERSION = OSMinorVersion +- DEFINES = -DOSMAJORVERSION=$(OSMAJORVERSION) -DOSMINORVERSION=$(OSMINORVERSION) -DREGEX_NUMBER ++ DEFINES = -D_GNU_SOURCE -DOSMAJORVERSION=$(OSMAJORVERSION) -DOSMINORVERSION=$(OSMINORVERSION) -DREGEX_NUMBER + + AllTarget(xisdnload) + NormalProgramTarget(xisdnload,$(OBJS),$(DEPLIBS),$(LOCAL_LIBRARIES),NullParameter) +--- isdn4k-utils-CVS-2003-09-23/.config.rpm.redhat 1998-11-23 13:12:04.000000000 +0100 ++++ isdn4k-utils-CVS-2003-09-23/.config.rpm 2003-09-30 17:59:55.000000000 +0200 +@@ -5,16 +5,16 @@ + # + # Code maturity level options + # +-CONFIG_EXPERIMENTAL=y ++# CONFIG_EXPERIMENTAL is not set + + # + # General configuration + # + CONFIG_BUILDX11=y +-CONFIG_KERNELDIR='/usr/src/linux' ++CONFIG_KERNELDIR='/usr/src/linux' + CONFIG_BINDIR='/usr/bin' +-CONFIG_SBINDIR='/sbin' +-CONFIG_MANDIR='/usr/man' ++CONFIG_SBINDIR='/usr/sbin' ++CONFIG_MANDIR='/usr/share/man' + CONFIG_RUNDIR='/var/run' + CONFIG_LOCKDIR='/var/lock' + CONFIG_LOCKFILE='LCK..' +@@ -23,11 +23,9 @@ + CONFIG_CALLERIDFILE='callerid.conf' + CONFIG_USERCONFFILE='~/.isdn' + CONFIG_COUNTRYCODE='49' +-CONFIG_AREACODE='' ++CONFIG_AREACODE='9999' + CONFIG_COUNTRY_PREFIX='+' + CONFIG_AREA_PREFIX='0' +-CONFIG_DATADIR='/usr/lib/isdn' +-CONFIG_LIB_AREACODE=y + + # + # Runtime configuration tools +@@ -36,18 +34,20 @@ + CONFIG_ISDNCTRL_CONF=y + CONFIG_ISDNCTRL_TIMRU=y + CONFIG_IPROFD=y ++CONFIG_DIVERTCTRL=y + + # + # Card configuration tools + # +-# CONFIG_TELESCTRL is not set ++CONFIG_TELESCTRL=y + CONFIG_HISAXCTRL=y + CONFIG_ICNCTRL=y + # CONFIG_ICNCTRL_DEBUG is not set + CONFIG_PCBITCTL=y + CONFIG_AVMCAPICTRL=y ++CONFIG_EICONCTRL=y + CONFIG_LOOPCTRL=y +-CONFIG_LOOPCTRL_LOOPDIR='/usr/src/linux/drivers/isdn/isdnloop' ++CONFIG_LOOPCTRL_LOOPDIR='/usr/src/linux-2.4/drivers/isdn/isdnloop' + # CONFIG_LOOPCTRL_DEBUG is not set + + # +@@ -64,14 +64,20 @@ + CONFIG_ISDNLOG_USERFILE='isdnlog.users' + CONFIG_ISDNLOG_CHARGEFILE='charge.dat' + CONFIG_ISDNLOG_LOGFILE='/var/log/isdn.log' +-CONFIG_ISDNLOG_RELOADCMD='reload' +-CONFIG_ISDNLOG_STOPCMD='stop' ++CONFIG_ISDNLOG_RELOADCMD='/etc/rc.d/init.d/isdn restart' ++CONFIG_ISDNLOG_STOPCMD='/etc/rc.d/init.d/isdn stop' + CONFIG_ISDNLOG_REBOOTCMD='/sbin/reboot' + CONFIG_ISDNLOG_OLDI4LCONFDIR='/etc/isdnlog' + CONFIG_ISDNLOG_OLDI4LCONFFILE='isdnlog.conf' + # CONFIG_ISDNLOG_POSTGRES is not set + # CONFIG_ISDNLOG_MYSQLDB is not set ++# CONFIG_ISDNLOG_ORACLE is not set + CONFIG_ISDN_LOG_DE=y ++CONFIG_ISDN_LOG_CC_DE=y ++CONFIG_ISDN_LOG_DEST_DE=y ++# CONFIG_ISDN_LOG_DEST_AT is not set ++# CONFIG_ISDN_LOG_DEST_NL is not set ++# CONFIG_ISDN_LOG_DEST_CH is not set + CONFIG_IPPPSTATS=y + CONFIG_XISDNLOAD=y + CONFIG_XMONISDN=y +@@ -79,8 +85,8 @@ + # + # Options for xmonisdn + # +-CONFIG_XMONISDN_UPCMD='/sbin/netup' +-CONFIG_XMONISDN_DOWNCMD='/sbin/netdown' ++CONFIG_XMONISDN_UPCMD='/sbin/ifup' ++CONFIG_XMONISDN_DOWNCMD='/sbin/ifdown' + + # + # Applications +@@ -94,23 +100,22 @@ + VBOX_LOGDIR='/var/log/vbox' + VBOX_PIDDIR='/var/run' + VBOX_LOCKDIR='/var/lock' +-VBOX_DOCDIR='/usr/doc/vbox' +-VBOX_TCL='tcl8.0' ++VBOX_DOCDIR='/usr/share/doc/vbox' ++VBOX_TCL='tcl8.3' ++# VBOX_SUSPEND_ID is not set + CONFIG_IPPPD=y + + # + # Options for ipppd + # +-CONFIG_IPPPD_MSCHAP=y ++# CONFIG_IPPPD_MSCHAP is not set ++CONFIG_IPPP_FILTER=y + # CONFIG_IPPPD_RADIUS is not set + # CONFIG_RADIUS_WTMP_LOGGING is not set + RADIUS_CLIENT_CONFIG_FILE='' + CONFIG_CAPIFAX=y + CONFIG_RCAPID=y + +-# +-# Documentation +-# +-CONFIG_GENMAN=y +-CONFIG_FAQ=y +-CONFIG_FAQDIR='/usr/doc/faq/isdn4linux' ++# CAPI plugins ++CONFIG_PPPDCAPIPLUGIN=y ++ +--- isdn4k-utils-CVS-2003-09-23/ipppd/ccp.c.redhat 2000-11-12 17:06:42.000000000 +0100 ++++ isdn4k-utils-CVS-2003-09-23/ipppd/ccp.c 2004-01-20 19:14:07.000000000 +0100 +@@ -41,7 +41,7 @@ + + #include "compressions.h" + +-#if 0 ++#if HAVE_LZSCOMP_H + #include + #else + #include "../ipppcomp/isdn_lzscomp.h" +--- isdn4k-utils-CVS-2004-11-18/pppdcapiplugin/Makefile.redhat 2004-02-14 16:02:46.000000000 +0100 ++++ isdn4k-utils-CVS-2004-11-18/pppdcapiplugin/Makefile 2004-11-18 16:48:54.848276370 +0100 +@@ -12,13 +12,13 @@ + export CAPIINC=$(TOPDIR)/../capi20 + export CAPILIB=$(TOPDIR)/../capi20 + export INSTALL=$(TOPDIR)/install-sh -c +-export INSTALLDATA=$(TOPDIR)/install-sh -c -o root -m 600 ++export INSTALLDATA=$(TOPDIR)/install-sh -c -m 600 + export MKDIR=$(TOPDIR)/mkinstalldirs + + PPPSRCDIRS=/src/isdn/pppd + + ifeq ($(PPPVERSIONS),) +-PPPVERSIONS = 2.3.11 2.4.0 2.4.1 2.4.1b1 2.4.1b2 2.4.2b3 2.4.2 2.4.3 ++PPPVERSIONS = 2.4.3 + endif + + PEERDIR=${DESTDIR}/etc/ppp/peers/isdn +@@ -62,7 +62,7 @@ + done + + install-man: +- for i in ${DESTDIR}/usr/share/man ${DESTDIR}/usr/man; do \ ++ for i in ${DESTDIR}/usr/share/man ; do \ + if [ -d $$i/man8 ] ; then \ + echo $(INSTALLDATA) capiplugin.8 $$i/man8; \ + $(INSTALLDATA) capiplugin.8 $$i/man8; \ +--- isdn4k-utils-CVS-2004-11-18/Makefile.redhat 2004-08-30 16:06:42.000000000 +0200 ++++ isdn4k-utils-CVS-2004-11-18/Makefile 2004-12-01 22:19:13.193347501 +0100 +@@ -16,8 +16,8 @@ + # Following line is important for lib and isdnlog (sl). + export ROOTDIR=$(shell pwd) + +-ifeq (.config,$(wildcard .config)) +-include .config ++ifeq (.config.h,$(wildcard .config.h)) ++include .config.h + do-it-all: subtargets + else + CONFIGURATION = config +@@ -130,16 +130,10 @@ + exit 1; \ + fi + +-install: rootperm ++install: + set -e; for i in `echo $(SUBDIRS)`; do $(MAKE) -C $$i install; done +- @if [ -c $(DESTDIR)/dev/isdnctrl0 ] && ls -l $(DESTDIR)/dev/isdnctrl0 | egrep "[[:space:]]45,[[:space:]]+64[[:space:]]" > /dev/null; \ +- then \ +- /bin/echo -e '(some) ISDN devices already exist, not creating them.\nUse scripts/makedev.sh manually if necessary.'; \ +- else \ +- sh scripts/makedev.sh $(DESTDIR) ; \ +- fi + +-uninstall: rootperm ++uninstall: + set -e; for i in `echo $(SUBDIRS)`; do $(MAKE) -C $$i uninstall; done + + # +@@ -202,7 +196,7 @@ + @set -e; for i in `echo $(BUILD_ONLY) $(SUBDIRS)`; do \ + if [ -x $$i/configure ] ; then \ + /bin/echo -e "\nRunning configure in $$i ...\n"; sleep 1; \ +- (cd $$i; ./configure --sbindir=$(CONFIG_SBINDIR) --bindir=$(CONFIG_BINDIR) --mandir=$(CONFIG_MANDIR) --datadir=$(CONFIG_DATADIR) || $(MAKE) -C ../ ERRDIR=$$i cfgerror); \ ++ (cd $$i; ./configure --sbindir=$(CONFIG_SBINDIR) --bindir=$(CONFIG_BINDIR) --mandir=$(CONFIG_MANDIR) --libdir=$(LIBDIR) --datadir=$(CONFIG_DATADIR) --enable-ippp-filter || $(MAKE) -C ../ ERRDIR=$$i cfgerror); \ + elif [ -f $$i/Makefile.in ] ; then \ + /bin/echo -e "\nRunning make -f Makefile.in config in $$i ...\n"; sleep 1; \ + $(MAKE) -C $$i -f Makefile.in config; \ +--- isdn4k-utils-CVS-2005-02-16/ipppd/Makefile.in.redhat 2004-08-30 16:56:36.000000000 +0200 ++++ isdn4k-utils-CVS-2005-02-16/ipppd/Makefile.in 2005-02-16 18:42:54.119955183 +0100 +@@ -15,10 +15,10 @@ + MANDIR := @CONFIG_MANDIR@ + CC := @CC@ + INSTALL := @INSTALL@ +-INSTALL_DIR := $(INSTALL) -m 0755 -o 0 -g 0 -d +-INSTALL_SBIN := $(INSTALL) -m 0700 -o 0 -g 0 +-INSTALL_BIN := $(INSTALL) -m 0755 -o 0 -g 0 +-INSTALL_DATA := $(INSTALL) -m 0644 -o 0 -g 0 ++INSTALL_DIR := $(INSTALL) -m 0755 -d ++INSTALL_SBIN := $(INSTALL) -m 0700 ++INSTALL_BIN := $(INSTALL) -m 0755 ++INSTALL_DATA := $(INSTALL) -m 0644 + RADIUS_CLIENT_CONFIG_FILE := @RADIUS_CLIENT_CONFIG_FILE@ + + ifeq (@CONFIG_IPPPD_MSCHAP@,y) +@@ -73,7 +73,7 @@ + + DEBUG_FLAGS = @CONFIG_IPPPD_DEBUGFLAGS@ + COMPILE_FLAGS = +-CFLAGS = -O2 -fomit-frame-pointer -Wall ++CFLAGS = $(RPM_OPT_FLAGS) + VER = 2.2.0 + + # it's a hack +--- isdn4k-utils-CVS-2005-02-16/isdnlog/tools/Makefile.cflags 2005-02-16 18:53:15.393382578 +0100 ++++ isdn4k-utils-CVS-2005-02-16/isdnlog/tools/Makefile 2005-02-16 18:53:51.914999474 +0100 +@@ -1,4 +1,4 @@ +-CC=gcc -m486 -O2 -Wall -DSTANDALONE -I. -I.. -I../isdnlog -I../connect -I../../lib ++CC=gcc $(RPM_OPT_FLAGS) -DSTANDALONE -I. -I.. -I../isdnlog -I../connect -I../../lib + #CC=gcc -m486 -O2 -g -pg -Wall -DSTANDALONE -I. -I.. -I../isdnlog + + all: rate-at +--- isdn4k-utils-CVS-2005-02-16/lib/Makefile.cflags 2005-02-16 19:04:04.338731270 +0100 ++++ isdn4k-utils-CVS-2005-02-16/lib/Makefile 2005-02-16 19:04:24.150811068 +0100 +@@ -28,7 +28,7 @@ + # USER CONFIGURATION AREA + ###################################################################### + +-CFLAGS = -g -Wall -pipe #-O6 ++CFLAGS = $(RPM_OPT_FLAGS) + DEFS = + ifndef _CC + export _CC = gcc diff --git a/src/patches/isdn4k-utils-capiinit.patch b/src/patches/isdn4k-utils-capiinit.patch new file mode 100644 index 0000000000..7593d07b5f --- /dev/null +++ b/src/patches/isdn4k-utils-capiinit.patch @@ -0,0 +1,41 @@ +--- isdn4k-utils.orig/capiinit/capiinit.c 2006-04-18 19:27:03.689945766 +0200 ++++ isdn4k-utils/capiinit/capiinit.c 2006-04-18 19:36:53.130636890 +0200 +@@ -1251,6 +1251,7 @@ + if (check_procfs() < 0) return -1; + if (check_for_kernelcapi() < 0) return -1; + if (check_for_capi() < 0) return -1; ++ sleep(5); /* wait until the device node is created successfully by udev */ + if (check_for_devcapi() < 0) return -1; + if (check_for_capifs() < 0) return 0; /* only warning */ + if (check_for_capifs_mounted() < 0) return -1; +--- isdn4k-utils.orig/capiinit/capi.conf 2006-04-18 19:37:43.515250539 +0200 ++++ isdn4k-utils/capiinit/capi.conf 2006-04-18 19:37:53.953559630 +0200 +@@ -1,10 +1,10 @@ + # card file proto io irq mem cardnr options + #b1isa b1.t4 DSS1 0x150 7 - - P2P +-b1pci b1.t4 DSS1 - - - - +-c4 c4.bin DSS1 - - - - +-c4 - DSS1 - - - - +-c4 - DSS1 - - - - P2P +-c4 - DSS1 - - - - P2P ++#b1pci b1.t4 DSS1 - - - - ++#c4 c4.bin DSS1 - - - - ++#c4 - DSS1 - - - - ++#c4 - DSS1 - - - - P2P ++#c4 - DSS1 - - - - P2P + #c2 c2.bin DSS1 - - - - + #c2 - DSS1 - - - - + #t1isa t1.t4 DSS1 0x340 9 - 0 +--- isdn4k-utils-CVS-2003-09-23/capiinit/capiinit.c.capi 2006-04-18 20:53:22.437430551 +0200 ++++ isdn4k-utils-CVS-2003-09-23/capiinit/capiinit.c 2006-04-19 11:50:56.385891286 +0200 +@@ -1495,8 +1496,8 @@ + unload_module("capiutil"); + if ((mp = mounted("capifs")) != 0 && strcmp(mp, "/dev/capi") == 0) + system("umount /dev/capi"); +- if (filesystem_available("capifs")) +- unload_filesystem("capifs"); ++ /*if (filesystem_available("capifs")) ++ unload_filesystem("capifs"); */ + } + if (cardname && cname[0] == 0) { + fprintf(stderr,"ERROR: card \"%s\" not found\n", cardname); diff --git a/src/patches/isdn4k-utils-statfs.patch b/src/patches/isdn4k-utils-statfs.patch new file mode 100644 index 0000000000..7c6b2c3a87 --- /dev/null +++ b/src/patches/isdn4k-utils-statfs.patch @@ -0,0 +1,84 @@ +--- isdn4k-utils-CVS-2005-03-09/vbox/src/vboxgetty.c.old 2000-11-30 16:35:20.000000000 +0100 ++++ isdn4k-utils-CVS-2005-03-09/vbox/src/vboxgetty.c 2005-04-20 16:30:31.000000000 +0200 +@@ -434,7 +434,7 @@ + static int check_spool_space(unsigned long need) + { + struct statfs stat; +- unsigned long have; ++ unsigned long long have; + + log(L_DEBUG, "Checking free space on \"%s\"...\n", setup.spool); + +@@ -449,7 +449,7 @@ + { + have = (stat.f_bfree * stat.f_bsize); + +- log_line(L_JUNK, "%ld bytes available; %ld bytes needed... ", have, need); ++ log_line(L_JUNK, "%lld bytes available; %ld bytes needed... ", have, need); + + if (have >= need) + { +--- isdn4k-utils-CVS-2005-03-09/eurofile/src/wuauth/extensions.h.old 2005-04-20 16:35:37.000000000 +0200 ++++ isdn4k-utils-CVS-2005-03-09/eurofile/src/wuauth/extensions.h 2005-04-20 16:37:02.000000000 +0200 +@@ -42,3 +42,8 @@ + #define ARG8 entry->arg[8] + #define ARG9 entry->arg[9] + #define ARG entry->arg ++ ++#if defined(HAVE_STATVFS) || defined(HAVE_SYS_VFS) || defined (HAVE_SYS_MOUNT) ++unsigned long long getSize(s); ++#endif ++ +--- isdn4k-utils-CVS-2005-03-09/eurofile/src/wuauth/extensions.c.old 2005-04-20 16:20:17.000000000 +0200 ++++ isdn4k-utils-CVS-2005-03-09/eurofile/src/wuauth/extensions.c 2005-04-20 16:24:56.000000000 +0200 +@@ -154,7 +154,7 @@ + } + + #if defined(HAVE_STATVFS) +-int getSize(s) ++unsigned long long getSize(s) + char *s; + { + int c; +@@ -163,10 +163,10 @@ + if (( c = statvfs(s, &buf)) != 0) + return(0); + +- return(buf.f_bavail * buf.f_frsize / 1024); ++ return((unsigned long long)(buf.f_bavail * buf.f_frsize / 1024)); + } + #elif defined(HAVE_SYS_VFS) || defined (HAVE_SYS_MOUNT) +-int getSize(s) ++unsigned long long getSize(s) + char *s; + { + int c; +@@ -175,7 +175,7 @@ + if (( c = statfs(s, &buf)) != 0) + return(0); + +- return(buf.f_bavail * buf.f_bsize / 1024); ++ return((unsigned long long)(buf.f_bavail * buf.f_bsize / 1024)); + } + #endif + +@@ -236,7 +236,7 @@ + + case 'F': + #if defined(HAVE_STATVFS) || defined(HAVE_SYS_VFS) || defined(HAVE_SYS_MOUNT) +- sprintf(outptr, "%lu", getSize(".")); ++ sprintf(outptr, "%llu",(unsigned long long)getSize(".")); + #endif + break; + +--- isdn4k-utils-CVS-2005-03-09/eurofile/src/wuauth/divfunc.c.old 2001-03-01 15:59:14.000000000 +0100 ++++ isdn4k-utils-CVS-2005-03-09/eurofile/src/wuauth/divfunc.c 2005-04-20 16:34:26.000000000 +0200 +@@ -121,7 +121,7 @@ + + case 'F': + #if defined(HAVE_STATVFS) || defined(HAVE_SYS_VFS) || defined(HAVE_SYS_MOUNT) +- sprintf(outptr, "%lu", getSize(".")); ++ sprintf(outptr, "%llu",(unsigned long long)getSize(".")); + #endif + break; + diff --git a/src/patches/isdn4k-utils-v3.2p1-c89.patch b/src/patches/isdn4k-utils-v3.2p1-c89.patch deleted file mode 100644 index e5c0f872e2..0000000000 --- a/src/patches/isdn4k-utils-v3.2p1-c89.patch +++ /dev/null @@ -1,69 +0,0 @@ -# --- ROCK-COPYRIGHT-NOTE-BEGIN --- -# -# This copyright note is auto-generated by ./scripts/Create-CopyPatch. -# Please add additional copyright information _after_ the line containing -# the ROCK-COPYRIGHT-NOTE-END tag. Otherwise it might get removed by -# the ./scripts/Create-CopyPatch script. Do not edit this copyright text! -# -# ROCK Linux: rock-src/package/base/isdn4k-utils/multi-line-strings.patch -# ROCK Linux is Copyright (C) 1998 - 2003 Clifford Wolf -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. A copy of the GNU General Public -# License can be found at Documentation/COPYING. -# -# Many people helped and are helping developing ROCK Linux. Please -# have a look at http://www.rocklinux.org/ and the Documentation/TEAM -# file for details. -# -# --- ROCK-COPYRIGHT-NOTE-END --- - -diff -urN -x '*~' isdn4k-utils/ipppd/options.c isdn4k-utils-gcc-3.3.1/ipppd/options.c ---- isdn4k-utils-old/ipppd/options.c 2002-07-06 02:34:08.000000000 +0200 -+++ isdn4k-utils-new/ipppd/options.c 2003-08-19 22:36:18.000000000 +0200 -@@ -479,26 +479,25 @@ - #define IMPLEMENTATION "" - #endif - --static char *usage_string = "\ --ipppd version %s patch level %d%s\n\ --Usage: %s [ options ], where options are:\n\ --\t Communicate over the named device\n\ -+static char *usage_string = "" -+"ipppd version %s patch level %d%s\n" -+"Usage: %s [ options ], where options are:\n" -+"\t Communicate over the named device\n" - #ifdef INCLUDE_OBSOLETE_FEATURES --\tcrtscts Use hardware RTS/CTS flow control\n\ --\t Set the baud rate to \n\ --\tmodem Use modem control lines\n\ -+"\tcrtscts Use hardware RTS/CTS flow control\n" -+"\t Set the baud rate to \n" -+"\tmodem Use modem control lines\n" - #endif --\t: Set the local and/or remote interface IP\n\ --\t\taddresses. (you also may use the option 'useifip' to get IPs).\n\ --\tasyncmap Set the desired async map to hex \n\ --\tauth Require authentication from peer\n\ --\tconnect

Invoke shell command

to set up the serial line\n\ --\tdefaultroute Add default route through interface\n\ --\tfile Take options from file \n\ --\tmru Set MRU value to for negotiation\n\ --\tnetmask Set interface netmask to \n\ --See ipppd(8) for more options.\n\ --"; -+"\t: Set the local and/or remote interface IP\n" -+"\t\taddresses. (you also may use the option 'useifip' to get IPs).\n" -+"\tasyncmap Set the desired async map to hex \n" -+"\tauth Require authentication from peer\n" -+"\tconnect

Invoke shell command

to set up the serial line\n" -+"\tdefaultroute Add default route through interface\n" -+"\tfile Take options from file \n" -+"\tmru Set MRU value to for negotiation\n" -+"\tnetmask Set interface netmask to \n" -+"See ipppd(8) for more options.\n"; - - static char *current_option; /* the name of the option being parsed */ - diff --git a/src/patches/isdn4k-utils-v3.2p1-config.patch b/src/patches/isdn4k-utils-v3.2p1-config.patch deleted file mode 100644 index 4bdec4490a..0000000000 --- a/src/patches/isdn4k-utils-v3.2p1-config.patch +++ /dev/null @@ -1,96 +0,0 @@ -diff -ruN isdn4k-utils.old/.config isdn4k-utils/.config ---- isdn4k-utils.old/.config Thu Jan 1 01:00:00 1970 -+++ isdn4k-utils/.config Mon Dec 1 13:47:00 2003 -@@ -0,0 +1,92 @@ -+# -+# Automatically generated by make menuconfig: don't edit -+# -+ -+# -+# Code maturity level options -+# -+CONFIG_EXPERIMENTAL=y -+ -+# -+# General configuration -+# -+# CONFIG_BUILDX11 is not set -+CONFIG_KERNELDIR='/usr/src/linux' -+CONFIG_BINDIR='/usr/bin' -+CONFIG_SBINDIR='/usr/sbin' -+CONFIG_MANDIR='/usr/share/man' -+CONFIG_RUNDIR='/var/run' -+CONFIG_LOCKDIR='/var/lock' -+CONFIG_LOCKFILE='LCK..' -+CONFIG_I4LCONFDIR='/etc/isdn' -+CONFIG_CONFFILE='isdn.conf' -+CONFIG_CALLERIDFILE='callerid.conf' -+CONFIG_USERCONFFILE='' -+CONFIG_COUNTRYCODE='' -+CONFIG_AREACODE='' -+CONFIG_COUNTRY_PREFIX='+' -+CONFIG_AREA_PREFIX='0' -+CONFIG_DATADIR='/usr/lib/isdn' -+ -+# -+# Runtime configuration tools -+# -+CONFIG_ISDNCTRL=y -+CONFIG_ISDNCTRL_CONF=y -+# CONFIG_ISDNCTRL_TIMRU is not set -+# CONFIG_ISDNCTRL_DWABC_UDP_INFO is not set -+# CONFIG_IPROFD is not set -+# CONFIG_DIVERTCTRL is not set -+ -+# -+# Card configuration tools -+# -+CONFIG_HISAXCTRL=y -+CONFIG_ICNCTRL=y -+# CONFIG_ICNCTRL_DEBUG is not set -+CONFIG_PCBITCTL=y -+#CONFIG_AVMCAPICTRL is not set -+CONFIG_EICONCTRL=y -+# CONFIG_LOOPCTRL is not set -+ -+# -+# Tools for monitoring activity -+# -+# CONFIG_IMON is not set -+# CONFIG_IMONTTY is not set -+# CONFIG_ISDNLOG is not set -+# CONFIG_IPPPSTATS is not set -+# CONFIG_XISDNLOAD is not set -+# CONFIG_XMONISDN is not set -+ -+# -+# Applications -+# -+# CONFIG_VBOX is not set -+CONFIG_IPPPD=y -+ -+# -+# Options for ipppd -+# -+CONFIG_IPPPD_MSCHAP=y -+CONFIG_IPPP_FILTER=y -+# CONFIG_IPPPD_RADIUS is not set -+# CONFIG_RADIUS_WTMP_LOGGING is not set -+RADIUS_CLIENT_CONFIG_FILE='' -+# CONFIG_CAPIFAX is not set -+# CONFIG_RCAPID is not set -+# CONFIG_PPPDCAPIPLUGIN is not set -+# CONFIG_EUROFILE is not set -+ -+# -+# Options for eurofile -+# -+# CONFIG_EFTD is not set -+# CONFIG_EFTP is not set -+# CONFIG_EFT_INSTALL_CONF is not set -+ -+# -+# Documentation -+# -+CONFIG_GENMAN=y -+# CONFIG_FAQ is not set diff --git a/src/scripts/vpn-watch b/src/scripts/vpn-watch index 70345dbccb..8bd7521575 100755 --- a/src/scripts/vpn-watch +++ b/src/scripts/vpn-watch @@ -1,181 +1,239 @@ -#!/bin/sh -# IPsec startup and shutdown script -# Copyright (C) 1998, 1999, 2001 Henry Spencer. -# Copyright (C) 2002 Michael Richardson +#!/bin/sh +################################################## +##### VPN-Watch.sh Version 1.6.3 ##### +################################################## + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. # -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# Written by: Daniel Berlin . +# Download: http://www.itechnology.de/front_content.php?idcat=87 +# + +# changed by: Rüdiger Sobeck +# last changed: 31-01-2006 + +# Configuration # -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: setup.in,v 1.122.6.3 2006/10/26 23:54:32 paul Exp $ -# -# ipsec init.d script for starting and stopping -# the IPsec security subsystem (KLIPS and Pluto). -# -# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec) -# and is also accessible as "ipsec setup" (the preferred route for human -# invocation). -# -# The startup and shutdown times are a difficult compromise (in particular, -# it is almost impossible to reconcile them with the insanely early/late -# times of NFS filesystem startup/shutdown). Startup is after startup of -# syslog and pcmcia support; shutdown is just before shutdown of syslog. -# -# chkconfig: 2345 47 76 -# description: IPsec provides encrypted and authenticated communications; \ -# KLIPS is the kernel half of it, Pluto is the user-level management daemon. - -me='ipsec setup' # for messages - -# where the private directory and the config files are -IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}" -IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}" -IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}" -IPSEC_CONFS="${IPSEC_CONFS-/etc}" - -if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command -then - # we must establish a suitable PATH ourselves - PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin - export PATH - - IPSEC_DIR="$IPSEC_LIBDIR" - export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR -fi - -# Check that the ipsec command is available. -found= -for dir in `echo $PATH | tr ':' ' '` -do - if test -f $dir/ipsec -a -x $dir/ipsec - then - found=yes - break # NOTE BREAK OUT - fi -done -if ! test "$found" -then - echo "cannot find ipsec command -- \`$1' aborted" | - logger -s -p daemon.error -t ipsec_setup - exit 1 -fi - -# accept a few flags - -export IPSEC_setupflags -IPSEC_setupflags="" - -config="" - -for dummy -do - case "$1" in - --showonly|--show) IPSEC_setupflags="$1" ;; - --config) config="--config $2" ; shift ;; - *) break ;; - esac - shift -done - - -# Pick up IPsec configuration (until we have done this, successfully, we -# do not know where errors should go, hence the explicit "daemon.error"s.) -# Note the "--export", which exports the variables created. -eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup` - -if test " $IPSEC_confreadstatus" != " " -then - case $1 in - stop|--stop|_autostop) - echo "$IPSEC_confreadstatus -- \`$1' may not work" | - logger -s -p daemon.error -t ipsec_setup;; - - *) echo "$IPSEC_confreadstatus -- \`$1' aborted" | - logger -s -p daemon.error -t ipsec_setup; - exit 1;; - esac -fi - -IPSEC_confreadsection=${IPSEC_confreadsection:-setup} -export IPSEC_confreadsection - -IPSECsyslog=${IPSECsyslog-daemon.error} -export IPSECsyslog - -# misc setup -umask 022 - -mkdir -p /var/run/pluto - - -# do it -case "$1" in - start|--start|stop|--stop|_autostop|_autostart) - wanttodo=$1 - if test " `id -u`" != " 0" - then - echo "permission denied (must be superuser)" | - logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 - exit 1 - fi - tmp=/var/run/pluto/ipsec_setup.st - outtmp=/var/run/pluto/ipsec_setup.out - ( - ipsec _realsetup $1 - echo "$?" >$tmp - ) > ${outtmp} 2>&1 - st=$? - if test -f $tmp - then - st=`cat $tmp` - rm -f $tmp - fi - if [ -f ${outtmp} ]; then - cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 - rm -f ${outtmp} - fi - if [ "$wanttodo" = "start" -o "$wanttodo" = "--start" -o "$wanttodo" = "_autostart" ]; then - sleep 20 && chown root:nobody /var/run/pluto -R && chmod 770 /var/run/pluto -R && ln -f /var/run/pluto/pluto.pid /var/run/pluto.pid 2>&1 & - fi - exit $st - ;; - - restart|--restart|force-reload) - $0 $IPSEC_setupflags stop - $0 $IPSEC_setupflags start - ;; - - _autorestart) # for internal use only - $0 $IPSEC_setupflags _autostop - $0 $IPSEC_setupflags _autostart - ;; - - status|--status) - ipsec _realsetup $1 - exit - ;; - - --version) - echo "$me $IPSEC_VERSION" - exit 0 - ;; - - --help) - echo "Usage: $me [ --showonly ] {--start|--stop|--restart}" - echo " $me --status" - exit 0 - ;; - - *) - echo "Usage: $me [ --showonly ] {--start|--stop|--restart}" - echo " $me --status" - exit 2 -esac - -exit 0 +CHECK_INTERVAL='120' # Check this often (in seconds) +DNS_RESOLVE_TRIES='3' # Try to resolve IPs this often (each try takes max. 2 seconds) +NICENESS='+5' # Adjust niceness of child processes: '-20' ... '+19'; '0' is default +ipfire_VPN_CONFIG='/var/ipfire/vpn/config' # Location of ipfire's vpn configuration file +ipfire_VPN_SETTINGS='/var/ipfire/vpn/settings' # Location of ipfire's vpn settings file +VERSION='1.6.3' + +# Workaround for nonexistent "nl" command on ipfire 1.4.x +nl --help >/dev/null 2>&1 +if test $? -ne 0; then + alias nl='cat' +fi + +MyHost=`grep VPN_IP /var/ipfire/vpn/settings | cut --delimiter='=' --output-delimiter=' ' -f2` +MyIP=`cat /var/ipfire/red/local-ipaddress` +MyDynDnsIP=`ping -c 1 "$1" 2>/dev/null | head -n1 | awk '{print $3}' | tr -d '()' | tr -d ':'` + +case "$1" in + 'start' | '--start') + if test ! -r "$ipfire_VPN_CONFIG"; then + echo 'Error: cannot read ipfire VPN configuration file; exit.' >&2 + exit 1 + fi + + mknod -m 0660 "/var/run/$(basename $0)" p >/dev/null 2>&1 # Create pipe for status-information + + # Read VPN configuration and fork a child process for each VPN connection + # + while read line; do + VPN=($(echo $line | cut --delimiter=',' --output-delimiter=' ' -f1,2,3,5,6,12)) # + CONNR=${VPN[0]} # connection number + CONACTIVE=${VPN[1]} # active (on|off) + CONNAME=${VPN[2]} # connection name + CONTYPE=${VPN[3]} # connection type (host|net) + CONCERTPSK=${VPN[4]} # key type (cert|psk) + CONDNSNAME=${VPN[5]} # FQDN name of other side + + echo -n "${CONACTIVE}" | grep -qi '^off$' && continue # Ignore: deactivated connections + echo -n "${CONTYPE}" | grep -qi '^host$' && continue # Ignore: Roadwarriors (->DPD) +# echo -n "${VPN[1]}${MyHost}" | grep -q '^[[:digit:]\.]\+$' && continue # Ignore: "left" and "right" side set to an IP + + $0 'conn:' "${CONNAME}" "${MyHost}" "${CONDNSNAME}" "${CONNR}" >/dev/null 2>&1 & # Fork child process (parameters: "conn: NAME LEFT RIGHT NUMBER") + echo -n 'S' + done < "$ipfire_VPN_CONFIG" + echo Â"ÂStarte VPN-Watch" + exit 0 # Parent dies here... RIP + ;; + 'stop' | '--stop') + # Terminate processes + for proc in $(pidof -x -o %PPID $(basename $0)); do + kill -15 $proc + echo -n 'T' + done + sleep 1 + # Kill remaining processes + for proc in $(pidof -x -o %PPID $(basename $0)); do + kill -9 $proc + echo -n 'K' + done + rm -f "/var/run/$(basename $0)" # Remove pipe + echo "Stoppe VPN-Watch" + exit 0 + ;; + 'restart' | '--restart') + $0 stop + $0 start + exit 0 + ;; + 'status' | '--status') + echo "VPN-Watch ${VERSION} (mail: daniel@itechnology.de, web: www.itechnology.de/vpn-watch)" + if ps --no-heading axw | grep -v 'grep' | grep -q "$(basename $0) conn: "; then + trap '' USR1 + killall -q -g -s USR1 -- $(basename $0) + sleep 1 + cat "/var/run/$(basename $0)" | sort | nl # Read children's info from pipe + else + echo ' no instances running.' + fi + exit 0 + ;; + 'conn:') + # Children proceed here... + renice ${NICENESS:-0} -p $$ >/dev/null 2>&1 # Adjust niceness + shift # Remove the first positional parameter ("conn:"), as we don't need it anymore + ;; + *) + echo "Usage: $0 { start | stop | restart | status }" >&2 + exit 1 + ;; +esac + +# Logging, signal handlers +# +alias log="logger -t '$(basename $0 | cut -d '.' -f 1) ${VERSION}' \(${1}\)" +trap 'log "terminated after ${RESTART_COUNT} restarts."' EXIT +trap 'echo "connection \"${1}\" restarted ${RESTART_COUNT} times" >>/var/run/$(basename $0)' USR1 + +log "started" + +# Get IP of a FQDN... using 'arp', 'traceroute' or 'ping', +# because ipfire has no 'nslookup', 'host' or 'dig' command. +# +function get_ip () { + local RESULT='' + for ((i=1; ${i} <= ${DNS_RESOLVE_TRIES}; i++)); do + if which arp >/dev/null 2>&1; then + RESULT=$(arp "$1" 2>/dev/null | awk '{ print $2 }' | tr -d '()') + elif which traceroute >/dev/null 2>&1; then + RESULT=$(traceroute -m1 -q1 "$1" 2>/dev/null | head -n1 | awk '{ print $4 }' | tr -d '(),') + else + RESULT=$(ping -c 1 "$1" 2>/dev/null | head -n1 | awk '{print $3}' | tr -d '()' | tr -d ':') + fi + test -n "$RESULT" && break + done + test -z "$RESULT" && log "Warning: could not resolve ${1} after ${DNS_RESOLVE_TRIES} tries..." + echo -n "$RESULT" +} + +function get_tunnelip () { + file=/var/tmp/$1.remoteip + local TRESULT='' + TVPN=`grep "$1" /var/ipfire/vpn/config| awk 'BEGIN{FS=","}{print $2}'` + DYNHOST=`grep "$1" /var/ipfire/vpn/config| awk 'BEGIN{FS=","}{print $12}'` + CONNR=`grep "$1" /var/ipfire/vpn/config| awk 'BEGIN{FS=","}{print $1}'` + REMOTEIP=`/usr/bin/ping -c 1 "$DYNHOST" 2>/dev/null | head -n1 | awk '{print $3}' | tr -d '()' | tr -d ':'` + if ! test -f $file; then + cat $REMOTEIP > $file + fi + OLDIP=`cat $file` + TUNIP=`ipsec whack --status | grep "$1"` + if [ "$TUNIP" != "" ]; then + TUNIP=`ipsec whack --status | grep "$1" | awk 'BEGIN{FS="["}{print $2}' | awk 'BEGIN{FS="---"}{print $3}'` + log "currently used tunnel IP = $TUNIP, current remote IP = $REMOTEIP" + echo $REMOTEIP > $file + TRESULT=${TUNIP} + fi + + test -n "$TRESULT" && break + test -z "$TRESULT" && log "Warning: could not retrieve last used VPN tunnel IP..." + echo -n "$TRESULT" +} + +# Restarts a VPN connection +# +function restart_vpn () { + if test -x /usr/local/bin/ipsecctrl; then + /usr/local/bin/ipsecctrl D "$1" # This works for ipfire 1.4.x + /usr/local/bin/ipsecctrl R # re-read secrets + /usr/local/bin/ipsecctrl S "$1" # start tunnel + else + ipsec auto --down "$1" # This works for ipfire 1.3.x + ipsec auto --unroute "$1" + ipsec auto --delete "$1" + ipsec auto --rereadall + ipsec auto --add "$1" + ipsec auto --route "$1" + ipsec auto --up "$1" + fi +} + +# Get left and right IP +# +LEFT_IP_OLD=$MyIP +RIGHT_IP_OLD=$(get_ip $3) + +# Infinite loop; checks, whether the IP of a left or right FQDN has changed. +# If so, the affected connection gets restarted; this is logged to syslog. +# +RESTART_COUNT=0 +while :; do + sleep $CHECK_INTERVAL + + # Skip check until IPSec is running + ipsec auto --status >/dev/null 2>&1 || continue + + # get own IP (may have changed) + ThisHostIP=`cat /var/ipfire/red/local-ipaddress` + + # this our own IP as reported in /var/ipfire/ppp/local-ipadress + LEFT_IP_NEW=$ThisHostIP + # check our own DYNDNS IP + LEFT_IP_DYN=$(get_ip $MyHost) + # this is DYNDNS IP of other side + RIGHT_IP_NEW=$(get_ip $3) + # this the last used (right) IP for VPN-Tunnel + RIGHT_TUN_IP_OLD=$(get_tunnelip $1) + +# for whatever reason, ipsec did not notice our own IP has changed for this connection + if [ "${LEFT_IP_NEW}" != "${LEFT_IP_DYN}" ]; then + restart_vpn "$4" + let RESTART_COUNT++ + log "Red IP = $LEFT_IP_NEW, IP by DynDNS = $LEFT_IP_DYN" + log 'incorrect dynamic IP in tunnel used: restarting connection...' + fi + +# left or right IP has changed... + if test "${LEFT_IP_OLD} ${RIGHT_IP_OLD}" != "${LEFT_IP_NEW} ${RIGHT_IP_NEW}"; then + restart_vpn "$4" + let RESTART_COUNT++ + log 'left or right IP has changed: restarting connection...' + fi + +# right IP / IP of tunnel endpoint has changed... + if [ "$RIGHT_TUN_IP_OLD" != "" ]; then + if test "${RIGHT_TUN_IP_OLD}" != "${RIGHT_IP_NEW}"; then + restart_vpn "$4" + let RESTART_COUNT++ + log 'VPN tunnel IP has changed: restarting connection...' + fi + fi + + LEFT_IP_OLD=$LEFT_IP_NEW + RIGHT_IP_OLD=$RIGHT_IP_NEW +done + -- 2.39.2