Merge remote-tracking branch 'ummeegge/OpenVPN_validating_N2N' into next
authorMichael Tremer <michael.tremer@ipfire.org>
Mon, 8 Dec 2014 18:12:39 +0000 (19:12 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 8 Dec 2014 18:12:39 +0000 (19:12 +0100)
1  2 
html/cgi-bin/ovpnmain.cgi

@@@ -1203,7 -1203,8 +1203,7 @@@ EN
          unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
        }
        # Create Diffie Hellmann Parameter
 -      system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
 -      '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
 +      system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
        if ($?) {
                $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
                unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
@@@ -1756,7 -1757,7 +1756,7 @@@ EN
                goto ROOTCERT_ERROR;
            }
        } else {        # child
 -          unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
 +          unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes',
                        '-days', '999999', '-newkey', 'rsa:4096', '-sha512',
                        '-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
                        '-out', "${General::swroot}/ovpn/ca/cacert.pem",
                goto ROOTCERT_ERROR;
            }
        } else {        # child
 -          unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
 +          unless (exec ('/usr/bin/openssl', 'req', '-nodes',
                        '-newkey', 'rsa:2048',
                        '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
                        '-out', "${General::swroot}/ovpn/certs/serverreq.pem",
  #         &cleanssldatabase();
        }
        # Create Diffie Hellmann Parameter
 -      system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
 -             '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
 +      system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
        if ($?) {
            $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
            unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
@@@ -4012,6 -4014,10 +4012,10 @@@ if ($cgiparams{'TYPE'} eq 'net') 
                $errormessage = $Lang::tr{'passwords do not match'};
                goto VPNCONF_ERROR;
            }
+           if ($cgiparams{'DAYS_VALID'} ne '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) {
+               $errormessage = $Lang::tr{'invalid input for valid till days'};
+               goto VPNCONF_ERROR;
+           }
  
            # Replace empty strings with a .
            (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
                    goto VPNCONF_ERROR;
                }
            } else {    # child
 -              unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
 +              unless (exec ('/usr/bin/openssl', 'req', '-nodes',
                        '-newkey', 'rsa:2048',
                        '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
                        '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
        $cgiparams{'CERT_CITY'}         = $vpnsettings{'ROOTCERT_CITY'};
        $cgiparams{'CERT_STATE'}        = $vpnsettings{'ROOTCERT_STATE'};
        $cgiparams{'CERT_COUNTRY'}      = $vpnsettings{'ROOTCERT_COUNTRY'};
+       $cgiparams{'DAYS_VALID'}        = $vpnsettings{'DAYS_VALID'};
      }
  
      VPNCONF_ERROR:
  
  if ($cgiparams{'TYPE'} eq 'host') {
        print <<END;
-           </select></td></tr>
-       <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):</td>
-       <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
-    <tr><td>&nbsp;</td>
+       </select></td></tr>
+               <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):</td>
+               <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
+               <tr><td>&nbsp;</td>
                <td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
                <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
-           <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'pkcs12 file password'}:<br>($Lang::tr{'confirmation'})</td>
+               <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'pkcs12 file password'}:<br>($Lang::tr{'confirmation'})</td>
                <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
-      <tr><td colspan='3'>&nbsp;</td></tr>
-      <tr><td colspan='3'><hr /></td></tr>
-      <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
-      </table>
+               <tr><td colspan='3'>&nbsp;</td></tr>
+               <tr><td colspan='3'><hr /></td></tr>
+               <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
+       </table>
  END
  }else{
        print <<END;
-           </select></td></tr>
-    <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
-        <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
-        <tr><td colspan='3'><hr /></td></tr>
-        <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
+       </select></td></tr>
+               <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):</td>
+               <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
+               <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+               <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+               <tr><td colspan='3'><hr /></td></tr>
+               <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
         </table>
   
  END