From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 1/6] ovpnmain.cgi: Fix for bug#11048 - insecure download icon shown for connections with a password
Date: Thu, 28 Sep 2023 10:38:18 +0100 [thread overview]
Message-ID: <82110F85-588B-464D-9EB3-D2BAAF71FD1B@ipfire.org> (raw)
In-Reply-To: <4824b6c7-fa50-4aba-87ed-8bed07f08935@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 8775 bytes --]
Hello Adolf,
No problem. I took care of this when merging the patchset.
-Michael
> On 27 Sep 2023, at 09:20, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>
> Hi All,
>
> Yesterday I submitted this updated patch set for bug#11048 (better late than never).
>
> One of the patches is adding update code for the fix to the update.sh script in Core Update 180, as that was still the version in next.
>
> As CU180 has now been released for Testing, then that update code will likely need to be in the update.sh script for CU181.
>
>
> Do I need to resubmit a v2 version of my patch set, once next has been updated to CU181, or can the patch set still be merged without problems as it is?
>
>
> Regards,
>
> Adolf
>
>
> On 25/09/2023 18:41, Adolf Belka wrote:
>> - At long last I have re-visited the patch submission for bug #11048 and fixed the issues
>> that caused the problems last time I evaluated it in Testing.
>> - The insecure package download icon is shown if entry 41 in /var/ipfire/ovpn/ovpnconfig
>> is set to no-pass. The code block on ovpnmain.cgi that deals with this checks if the
>> connection is a host and if the first password entry is a null. Then it adds no-pass
>> to ovpnconfig.
>> - The same block of code is also used for when he connection is edited. However at this
>> stage the password entry is back to null because the password value is only kept until
>> the connection has been saved. Therefore doing an edit results in the password value
>> being taken as null even for connections with a password.
>> - This fix enters no-pass if the connection type is host and the password is null, pass if
>> the connection type is host and the password has characters. If the connection type is
>> net then no-pass is used as net2net connections dop not have encrypted certificates.
>> - The code has been changed to show a different icon for unencrypted and encrypted
>> certificates.
>> - Separate patches are provided for the language file change, the provision of a new icon
>> and the code for the update.sh script for the Core Update to update all existing
>> connections, if any exist, to have either pass or no-pass in index 41.
>> - This patch set was a joint collaboration between Erik Kapfer and Adolf Belka
>> - Patch set, including the code for the Core Update 180 update.sh script has been tested
>> on a vm testbed
>> Fixes: Bug#11048
>> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
>> Suggested-by: Adolf Belka <adolf.belka(a)ipfire.org>
>> Suggested-by: Erik Kapfer <ummeegge(a)ipfire.org>
>> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
>> ---
>> html/cgi-bin/ovpnmain.cgi | 75 +++++++++++++++++++++++----------------
>> 1 file changed, 44 insertions(+), 31 deletions(-)
>> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
>> index 5afe54f55..eb89c5095 100755
>> --- a/html/cgi-bin/ovpnmain.cgi
>> +++ b/html/cgi-bin/ovpnmain.cgi
>> @@ -4370,9 +4370,15 @@ if ($cgiparams{'TYPE'} eq 'net') {
>> $confighash{$key}[39] = $cgiparams{'DAUTH'};
>> $confighash{$key}[40] = $cgiparams{'DCIPHER'};
>> - if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
>> - $confighash{$key}[41] = "no-pass";
>> - }
>> + if ($confighash{$key}[41] eq "") {
>> + if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
>> + $confighash{$key}[41] = "no-pass";
>> + } elsif (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} ne "")) {
>> + $confighash{$key}[41] = "pass";
>> + } elsif ($cgiparams{'TYPE'} eq 'net') {
>> + $confighash{$key}[41] = "no-pass";
>> + }
>> + }
>> $confighash{$key}[42] = 'HOTP/T30/6';
>> $confighash{$key}[43] = $cgiparams{'OTP_STATE'};
>> @@ -5512,20 +5518,24 @@ END
>> }
>> - print <<END;
>> - <td align='center' $col1>$active</td>
>> + if ($confighash{$key}[41] eq "pass") {
>> + print <<END;
>> + <td align='center' $col1>$active</td>
>> - <form method='post' name='frm${key}a'><td align='center' $col>
>> - <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
>> - <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
>> - <input type='hidden' name='KEY' value='$key' />
>> - </td></form>
>> + <form method='post' name='frm${key}a'><td align='center' $col>
>> + <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn_encrypted.png'
>> + alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
>> + <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
>> + <input type='hidden' name='MODE' value='secure' />
>> + <input type='hidden' name='KEY' value='$key' />
>> + </td></form>
>> END
>> - ;
>> - if ($confighash{$key}[41] eq "no-pass") {
>> + ; } elsif ($confighash{$key}[41] eq "no-pass") {
>> print <<END;
>> - <form method='post' name='frm${key}g'><td align='center' $col>
>> + <td align='center' $col1>$active</td>
>> +
>> + <form method='post' name='frm${key}a'><td align='center' $col>
>> <input type='image' name='$Lang::tr{'dl client arch insecure'}' src='/images/openvpn.png'
>> alt='$Lang::tr{'dl client arch insecure'}' title='$Lang::tr{'dl client arch insecure'}' border='0' />
>> <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
>> @@ -5533,7 +5543,7 @@ END
>> <input type='hidden' name='KEY' value='$key' />
>> </td></form>
>> END
>> - } else {
>> + ; } else {
>> print "<td $col> </td>";
>> }
>> @@ -5609,30 +5619,33 @@ END
>> # If the config file contains entries, print Key to action icons
>> if ( $id ) {
>> print <<END;
>> - <table border='0'>
>> - <tr>
>> + <table width='85%' border='0'>
>> + <tr>
>> <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
>> - <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
>> - <td class='base'>$Lang::tr{'click to disable'}</td>
>> + <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
>> + <td class='base'>$Lang::tr{'dl client arch insecure'}</td>
>> + <td> <img src='/images/openvpn_encrypted.png' alt='?RELOAD'/></td>
>> + <td class='base'>$Lang::tr{'dl client arch'}</td>
>> <td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
>> <td class='base'>$Lang::tr{'show certificate'}</td>
>> + <td> <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
>> + <td class='base'>$Lang::tr{'show otp qrcode'}</td>
>> + </tr>
>> + <tr>
>> + <td> </td>
>> + <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
>> + <td class='base'>$Lang::tr{'download certificate'}</td>
>> + <td> <img src='/images/off.gif' alt='?OFF' /></td>
>> + <td class='base'>$Lang::tr{'click to enable'}</td>
>> + <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
>> + <td class='base'>$Lang::tr{'click to disable'}</td>
>> +
>> <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
>> <td class='base'>$Lang::tr{'edit'}</td>
>> <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
>> <td class='base'>$Lang::tr{'remove'}</td>
>> - </tr>
>> - <tr>
>> - <td> </td>
>> - <td> <img src='/images/off.gif' alt='?OFF' /></td>
>> - <td class='base'>$Lang::tr{'click to enable'}</td>
>> - <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
>> - <td class='base'>$Lang::tr{'download certificate'}</td>
>> - <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
>> - <td class='base'>$Lang::tr{'dl client arch'}</td>
>> - <td> <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
>> - <td class='base'>$Lang::tr{'show otp qrcode'}</td>
>> - </tr>
>> - </table><br>
>> + </tr>
>> + </table><br>
>> END
>> ;
>> }
prev parent reply other threads:[~2023-09-28 9:38 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-25 16:41 Adolf Belka
2023-09-25 16:41 ` [PATCH 2/6] de.pl: Change language text for secure icon wording Adolf Belka
2023-09-25 16:41 ` [PATCH 3/6] en.pl: " Adolf Belka
2023-09-25 16:41 ` [PATCH 4/6] nl.pl: " Adolf Belka
2023-09-25 16:41 ` [PATCH 5/6] web-user-interface: Addition of new icon for secure connection certificate download Adolf Belka
2023-09-25 16:41 ` [PATCH 6/6] update.sh: Adds code to update an existing ovpnconfig with pass or no-pass Adolf Belka
2023-09-27 8:20 ` [PATCH 1/6] ovpnmain.cgi: Fix for bug#11048 - insecure download icon shown for connections with a password Adolf Belka
2023-09-28 9:38 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=82110F85-588B-464D-9EB3-D2BAAF71FD1B@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox