From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: [PATCH 1/6] ovpnmain.cgi: Fix for bug#11048 - insecure download icon shown for connections with a password Date: Wed, 27 Sep 2023 10:20:57 +0200 Message-ID: <4824b6c7-fa50-4aba-87ed-8bed07f08935@ipfire.org> In-Reply-To: <20230925164204.3500045-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6870587146927793773==" List-Id: --===============6870587146927793773== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi All, Yesterday I submitted this updated patch set for bug#11048 (better late than = never). One of the patches is adding update code for the fix to the update.sh script = in Core Update 180, as that was still the version in next. As CU180 has now been released for Testing, then that update code will likely= need to be in the update.sh script for CU181. Do I need to resubmit a v2 version of my patch set, once next has been update= d to CU181, or can the patch set still be merged without problems as it is? Regards, Adolf On 25/09/2023 18:41, Adolf Belka wrote: > - At long last I have re-visited the patch submission for bug #11048 and fi= xed the issues > that caused the problems last time I evaluated it in Testing. > - The insecure package download icon is shown if entry 41 in /var/ipfire/ov= pn/ovpnconfig > is set to no-pass. The code block on ovpnmain.cgi that deals with this = checks if the > connection is a host and if the first password entry is a null. Then it= adds no-pass > to ovpnconfig. > - The same block of code is also used for when he connection is edited. How= ever at this > stage the password entry is back to null because the password value is = only kept until > the connection has been saved. Therefore doing an edit results in the p= assword value > being taken as null even for connections with a password. > - This fix enters no-pass if the connection type is host and the password i= s null, pass if > the connection type is host and the password has characters. If the con= nection type is > net then no-pass is used as net2net connections dop not have encrypted = certificates. > - The code has been changed to show a different icon for unencrypted and en= crypted > certificates. > - Separate patches are provided for the language file change, the provision= of a new icon > and the code for the update.sh script for the Core Update to update all= existing > connections, if any exist, to have either pass or no-pass in index 41. > - This patch set was a joint collaboration between Erik Kapfer and Adolf Be= lka > - Patch set, including the code for the Core Update 180 update.sh script ha= s been tested > on a vm testbed >=20 > Fixes: Bug#11048 > Tested-by: Adolf Belka > Suggested-by: Adolf Belka > Suggested-by: Erik Kapfer > Signed-off-by: Adolf Belka > --- > html/cgi-bin/ovpnmain.cgi | 75 +++++++++++++++++++++++---------------- > 1 file changed, 44 insertions(+), 31 deletions(-) >=20 > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi > index 5afe54f55..eb89c5095 100755 > --- a/html/cgi-bin/ovpnmain.cgi > +++ b/html/cgi-bin/ovpnmain.cgi > @@ -4370,9 +4370,15 @@ if ($cgiparams{'TYPE'} eq 'net') { > $confighash{$key}[39] =3D $cgiparams{'DAUTH'}; > $confighash{$key}[40] =3D $cgiparams{'DCIPHER'}; > =20 > - if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) { > - $confighash{$key}[41] =3D "no-pass"; > - } > + if ($confighash{$key}[41] eq "") { > + if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PAS= S1'} eq "")) { > + $confighash{$key}[41] =3D "no-pass"; > + } elsif (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CER= T_PASS1'} ne "")) { > + $confighash{$key}[41] =3D "pass"; > + } elsif ($cgiparams{'TYPE'} eq 'net') { > + $confighash{$key}[41] =3D "no-pass"; > + } > + } > =20 > $confighash{$key}[42] =3D 'HOTP/T30/6'; > $confighash{$key}[43] =3D $cgiparams{'OTP_STATE'}; > @@ -5512,20 +5518,24 @@ END > } > =20 > =20 > - print < - $active > + if ($confighash{$key}[41] eq "pass") { > + print < + $active > =20 > -
> - > - > - > -
> +
> + + alt=3D'$Lang::tr{'dl client arch'}'= title=3D'$Lang::tr{'dl client arch'}' border=3D'0' /> > + > + > + > +
> END > - ; > =20 > - if ($confighash{$key}[41] eq "no-pass") { > + ; } elsif ($confighash{$key}[41] eq "no-pass") { > print < -
> + $active > + > + > alt=3D'$Lang::tr{'dl client arch insecure'}' title=3D'$Lang::tr{'dl = client arch insecure'}' border=3D'0' /> > > @@ -5533,7 +5543,7 @@ END > >
> END > - } else { > + ; } else { > print " "; > } > =20 > @@ -5609,30 +5619,33 @@ END > # If the config file contains entries, print Key to action icons > if ( $id ) { > print < - > - > +
> + > > - > - > + > + > + > + > > > + > + > + > + > + > + > + > + > + > + > + =09 > + > > > > > - > - > - > - > - > - > - > - > - > - > - > - > -
  $Lang::tr{'legend'}:  3D'$Lang::tr{'click$Lang::tr{'click to disable'}    3D'?R=$Lang::tr{'dl client arch insecure'}    3D'?RELOAD'/$Lang::tr{'dl client arch'}    3D'$Lang::tr{'show$Lang::tr{'show certificate'}    3D'$L=$Lang::tr{'show otp qrcode'}
      =3D'?FLOPPY'$Lang::tr{'download certificate'}  3D'?OFF'$Lang::tr{'click to enable'}  3D'$Lang::tr{'cli=$Lang::tr{'click to disable'}    3D'$Lang::tr{'edit'=$Lang::tr{'edit'}    3D'$Lang::tr{'rem=$Lang::tr{'remove'}
    3D'?OFF'$Lang::tr{'click to enable'}    3D'?FLOPPY'$Lang::tr{'download certificate'}    3D'?RELOAD'/$Lang::tr{'dl client arch'}    3D'$Lang::tr{'sho=$Lang::tr{'show otp qrcode'}

> + > +
> END > ; > } --===============6870587146927793773==--