From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/5] ovpnmain.cgi: Fix for bug#11048 - insecure download icon
 shown for connections with a password
Date: Wed, 17 May 2023 11:56:48 +0200
Message-ID: <20230517095652.8248-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3101443967393188196=="
List-Id: <development.lists.ipfire.org>

--===============3101443967393188196==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

- The insecure package download icon is shown if entry 41 in /var/ipfire/ovpn=
/ovpnconfig
   is set to no-pass. The code block on ovpnmain.cgi that deals with this che=
cks if the
   connection is a host and if the first password entry is a null. Then it ad=
ds no-pass
   to ovpnconfig.
- The same block of code is also used for when he connection is edited. Howev=
er at this
   stage the password entry is back to null because the password value is onl=
y kept until
   the connection has been saved. Therefore doing an edit results in the pass=
word value
   being taken as null even for connections with a password.
- This fix enters no-pass if the connection type is host and the password is =
null, pass if
   the connection type is host and the password has characters. If the connec=
tion type is
   net then no-pass is used as net2net connections dop not have encrypted cer=
tificates.
- The code has been changed to show a different icon for unencrypted and encr=
ypted
   certificates.
- Separate patches are provided for the language file change, the provision o=
f a new icon
   and the code for the update.sh script for the Core Update to update all ex=
isting
   connections, if any exist, to have either pass or no-pass in index 41.
- This patch set was a joint collaboration between Erik Kapfer and Adolf Belka
- Patch set, including the code for the Core Update 175 update.sh script has =
been tested
   on a vm testbed

Fixes: Bug#11048
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Tested-by: Erik Kapfer <ummeegge(a)ipfire.org>
Suggested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Suggested-by: Erik Kapfer <ummeegge(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 72 +++++++++++++++++++++++----------------
 1 file changed, 42 insertions(+), 30 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 51d6e8431..50ad21e79 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -4327,8 +4327,14 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	$confighash{$key}[39]		=3D $cgiparams{'DAUTH'};
 	$confighash{$key}[40]		=3D $cgiparams{'DCIPHER'};
=20
-	if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
-		$confighash{$key}[41] =3D "no-pass";
+       if ($confighash{$key}[41] eq "") {
+               if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1=
'} eq "")) {
+                       $confighash{$key}[41] =3D "no-pass";
+               } elsif (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_=
PASS1'} ne "")) {
+                       $confighash{$key}[41] =3D "pass";
+               } elsif ($cgiparams{'TYPE'} eq 'net') {
+                       $confighash{$key}[41] =3D "no-pass";
+               }
 	}
=20
    $confighash{$key}[42] =3D 'HOTP/T30/6';
@@ -5470,20 +5476,24 @@ END
 }
=20
=20
-    print <<END;
-	<td align=3D'center' $col1>$active</td>
+       if ($confighash{$key}[41] eq "pass") {
+               print <<END;
+                       <td align=3D'center' $col1>$active</td>
=20
-	<form method=3D'post' name=3D'frm${key}a'><td align=3D'center' $col>
-	    <input type=3D'image'  name=3D'$Lang::tr{'dl client arch'}' src=3D'/ima=
ges/openvpn.png' alt=3D'$Lang::tr{'dl client arch'}' title=3D'$Lang::tr{'dl c=
lient arch'}' border=3D'0' />
-	    <input type=3D'hidden' name=3D'ACTION' value=3D'$Lang::tr{'dl client ar=
ch'}' />
-	    <input type=3D'hidden' name=3D'KEY' value=3D'$key' />
-	</td></form>
+                       <form method=3D'post' name=3D'frm${key}a'><td align=
=3D'center' $col>
+                           <input type=3D'image'  name=3D'$Lang::tr{'dl clie=
nt arch'}' src=3D'/images/openvpn_encrypted.png'
+                                       alt=3D'$Lang::tr{'dl client arch'}' t=
itle=3D'$Lang::tr{'dl client arch'}' border=3D'0' />
+                           <input type=3D'hidden' name=3D'ACTION' value=3D'$=
Lang::tr{'dl client arch'}' />
+                           <input type=3D'hidden' name=3D'MODE' value=3D'sec=
ure' />
+                           <input type=3D'hidden' name=3D'KEY' value=3D'$key=
' />
+                       </td></form>
 END
-	;
=20
-	if ($confighash{$key}[41] eq "no-pass") {
+       ; } elsif ($confighash{$key}[41] eq "no-pass") {
 		print <<END;
-			<form method=3D'post' name=3D'frm${key}g'><td align=3D'center' $col>
+                       <td align=3D'center' $col1>$active</td>
+
+                       <form method=3D'post' name=3D'frm${key}a'><td align=
=3D'center' $col>
 				<input type=3D'image'  name=3D'$Lang::tr{'dl client arch insecure'}' src=
=3D'/images/openvpn.png'
 					alt=3D'$Lang::tr{'dl client arch insecure'}' title=3D'$Lang::tr{'dl cli=
ent arch insecure'}' border=3D'0' />
 				<input type=3D'hidden' name=3D'ACTION' value=3D'$Lang::tr{'dl client arc=
h'}' />
@@ -5491,7 +5501,7 @@ END
 				<input type=3D'hidden' name=3D'KEY' value=3D'$key' />
 			</td></form>
 END
-	} else {
+	; } else {
 		print "<td $col>&nbsp;</td>";
 	}
=20
@@ -5567,30 +5577,32 @@ END
     # If the config file contains entries, print Key to action icons
     if ( $id ) {
     print <<END;
-    <table border=3D'0'>
-    <tr>
+       <table width=3D'85%' border=3D'0'>
+       <tr>
 		<td class=3D'boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
-		<td>&nbsp; <img src=3D'/images/on.gif' alt=3D'$Lang::tr{'click to disable'=
}' /></td>
-		<td class=3D'base'>$Lang::tr{'click to disable'}</td>
+              <td>&nbsp; &nbsp; <img src=3D'/images/openvpn.png' alt=3D'?REL=
OAD'/></td>
+              <td class=3D'base'>$Lang::tr{'dl client arch insecure'}</td>
+              <td>&nbsp; &nbsp; <img src=3D'/images/openvpn_encrypted.png' a=
lt=3D'?RELOAD'/></td>
+              <td class=3D'base'>$Lang::tr{'dl client arch'}</td>
 		<td>&nbsp; &nbsp; <img src=3D'/images/info.gif' alt=3D'$Lang::tr{'show cer=
tificate'}' /></td>
 		<td class=3D'base'>$Lang::tr{'show certificate'}</td>
+              <td>&nbsp; &nbsp; <img src=3D'/images/qr-code.png' alt=3D'$Lan=
g::tr{'show otp qrcode'}'/></td>
+              <td class=3D'base'>$Lang::tr{'show otp qrcode'}</td>
+       </tr>
+       <tr>
+              <td>&nbsp; </td>
+              <td>&nbsp; &nbsp; <img src=3D'/images/media-floppy.png' alt=3D=
'?FLOPPY' /></td>
+              <td class=3D'base'>$Lang::tr{'download certificate'}</td>
+              <td>&nbsp; <img src=3D'/images/off.gif' alt=3D'?OFF' /></td>
+              <td class=3D'base'>$Lang::tr{'click to enable'}</td>
+              <td>&nbsp; <img src=3D'/images/on.gif' alt=3D'$Lang::tr{'click=
 to disable'}' /></td>
+              <td class=3D'base'>$Lang::tr{'click to disable'}</td>
 		<td>&nbsp; &nbsp; <img src=3D'/images/edit.gif' alt=3D'$Lang::tr{'edit'}' =
/></td>
 		<td class=3D'base'>$Lang::tr{'edit'}</td>
 		<td>&nbsp; &nbsp; <img src=3D'/images/delete.gif' alt=3D'$Lang::tr{'remove=
'}' /></td>
 		<td class=3D'base'>$Lang::tr{'remove'}</td>
-    </tr>
-    <tr>
-		<td>&nbsp; </td>
-		<td>&nbsp; <img src=3D'/images/off.gif' alt=3D'?OFF' /></td>
-		<td class=3D'base'>$Lang::tr{'click to enable'}</td>
-		<td>&nbsp; &nbsp; <img src=3D'/images/media-floppy.png' alt=3D'?FLOPPY' />=
</td>
-		<td class=3D'base'>$Lang::tr{'download certificate'}</td>
-		<td>&nbsp; &nbsp; <img src=3D'/images/openvpn.png' alt=3D'?RELOAD'/></td>
-		<td class=3D'base'>$Lang::tr{'dl client arch'}</td>
-		<td>&nbsp; &nbsp; <img src=3D'/images/qr-code.png' alt=3D'$Lang::tr{'show =
otp qrcode'}'/></td>
-		<td class=3D'base'>$Lang::tr{'show otp qrcode'}</td>
-		</tr>
-    </table><br>
+       </tr>
+       </table><br>
 END
     ;
     }
--=20
2.40.1


--===============3101443967393188196==--