From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/5] ovpnmain.cgi: Fix for bug#11048 - insecure download icon shown for connections with a password
Date: Wed, 17 May 2023 11:56:48 +0200 [thread overview]
Message-ID: <20230517095652.8248-1-adolf.belka@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 7458 bytes --]
- The insecure package download icon is shown if entry 41 in /var/ipfire/ovpn/ovpnconfig
is set to no-pass. The code block on ovpnmain.cgi that deals with this checks if the
connection is a host and if the first password entry is a null. Then it adds no-pass
to ovpnconfig.
- The same block of code is also used for when he connection is edited. However at this
stage the password entry is back to null because the password value is only kept until
the connection has been saved. Therefore doing an edit results in the password value
being taken as null even for connections with a password.
- This fix enters no-pass if the connection type is host and the password is null, pass if
the connection type is host and the password has characters. If the connection type is
net then no-pass is used as net2net connections dop not have encrypted certificates.
- The code has been changed to show a different icon for unencrypted and encrypted
certificates.
- Separate patches are provided for the language file change, the provision of a new icon
and the code for the update.sh script for the Core Update to update all existing
connections, if any exist, to have either pass or no-pass in index 41.
- This patch set was a joint collaboration between Erik Kapfer and Adolf Belka
- Patch set, including the code for the Core Update 175 update.sh script has been tested
on a vm testbed
Fixes: Bug#11048
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Tested-by: Erik Kapfer <ummeegge(a)ipfire.org>
Suggested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Suggested-by: Erik Kapfer <ummeegge(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
html/cgi-bin/ovpnmain.cgi | 72 +++++++++++++++++++++++----------------
1 file changed, 42 insertions(+), 30 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 51d6e8431..50ad21e79 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -4327,8 +4327,14 @@ if ($cgiparams{'TYPE'} eq 'net') {
$confighash{$key}[39] = $cgiparams{'DAUTH'};
$confighash{$key}[40] = $cgiparams{'DCIPHER'};
- if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
- $confighash{$key}[41] = "no-pass";
+ if ($confighash{$key}[41] eq "") {
+ if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
+ $confighash{$key}[41] = "no-pass";
+ } elsif (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} ne "")) {
+ $confighash{$key}[41] = "pass";
+ } elsif ($cgiparams{'TYPE'} eq 'net') {
+ $confighash{$key}[41] = "no-pass";
+ }
}
$confighash{$key}[42] = 'HOTP/T30/6';
@@ -5470,20 +5476,24 @@ END
}
- print <<END;
- <td align='center' $col1>$active</td>
+ if ($confighash{$key}[41] eq "pass") {
+ print <<END;
+ <td align='center' $col1>$active</td>
- <form method='post' name='frm${key}a'><td align='center' $col>
- <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
- <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
- <input type='hidden' name='KEY' value='$key' />
- </td></form>
+ <form method='post' name='frm${key}a'><td align='center' $col>
+ <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn_encrypted.png'
+ alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
+ <input type='hidden' name='MODE' value='secure' />
+ <input type='hidden' name='KEY' value='$key' />
+ </td></form>
END
- ;
- if ($confighash{$key}[41] eq "no-pass") {
+ ; } elsif ($confighash{$key}[41] eq "no-pass") {
print <<END;
- <form method='post' name='frm${key}g'><td align='center' $col>
+ <td align='center' $col1>$active</td>
+
+ <form method='post' name='frm${key}a'><td align='center' $col>
<input type='image' name='$Lang::tr{'dl client arch insecure'}' src='/images/openvpn.png'
alt='$Lang::tr{'dl client arch insecure'}' title='$Lang::tr{'dl client arch insecure'}' border='0' />
<input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
@@ -5491,7 +5501,7 @@ END
<input type='hidden' name='KEY' value='$key' />
</td></form>
END
- } else {
+ ; } else {
print "<td $col> </td>";
}
@@ -5567,30 +5577,32 @@ END
# If the config file contains entries, print Key to action icons
if ( $id ) {
print <<END;
- <table border='0'>
- <tr>
+ <table width='85%' border='0'>
+ <tr>
<td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
- <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
- <td class='base'>$Lang::tr{'click to disable'}</td>
+ <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
+ <td class='base'>$Lang::tr{'dl client arch insecure'}</td>
+ <td> <img src='/images/openvpn_encrypted.png' alt='?RELOAD'/></td>
+ <td class='base'>$Lang::tr{'dl client arch'}</td>
<td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
<td class='base'>$Lang::tr{'show certificate'}</td>
+ <td> <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
+ <td class='base'>$Lang::tr{'show otp qrcode'}</td>
+ </tr>
+ <tr>
+ <td> </td>
+ <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
+ <td class='base'>$Lang::tr{'download certificate'}</td>
+ <td> <img src='/images/off.gif' alt='?OFF' /></td>
+ <td class='base'>$Lang::tr{'click to enable'}</td>
+ <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
+ <td class='base'>$Lang::tr{'click to disable'}</td>
<td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
<td class='base'>$Lang::tr{'edit'}</td>
<td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
<td class='base'>$Lang::tr{'remove'}</td>
- </tr>
- <tr>
- <td> </td>
- <td> <img src='/images/off.gif' alt='?OFF' /></td>
- <td class='base'>$Lang::tr{'click to enable'}</td>
- <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
- <td class='base'>$Lang::tr{'download certificate'}</td>
- <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
- <td class='base'>$Lang::tr{'dl client arch'}</td>
- <td> <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
- <td class='base'>$Lang::tr{'show otp qrcode'}</td>
- </tr>
- </table><br>
+ </tr>
+ </table><br>
END
;
}
--
2.40.1
next reply other threads:[~2023-05-17 9:56 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-17 9:56 Adolf Belka [this message]
2023-05-17 9:56 ` [PATCH 2/5] de.pl: Change language text for secure icon wording Adolf Belka
2023-05-17 9:56 ` [PATCH 3/5] en.pl: Update to language wording for secure connection icon Adolf Belka
2023-05-17 9:56 ` [PATCH 4/5] web-user-interface: Addition of new icon for secure connection certificate download Adolf Belka
2023-05-17 9:56 ` [PATCH 5/5] update.sh: Adds code to update an existing ovpnconfig with pass or no-pass Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230517095652.8248-1-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox