From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 1/6] ovpnmain.cgi: Fix for bug#11048 - insecure download icon shown for connections with a password Date: Thu, 28 Sep 2023 10:38:18 +0100 Message-ID: <82110F85-588B-464D-9EB3-D2BAAF71FD1B@ipfire.org> In-Reply-To: <4824b6c7-fa50-4aba-87ed-8bed07f08935@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1212132402071727448==" List-Id: --===============1212132402071727448== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Adolf, No problem. I took care of this when merging the patchset. -Michael > On 27 Sep 2023, at 09:20, Adolf Belka wrote: >=20 > Hi All, >=20 > Yesterday I submitted this updated patch set for bug#11048 (better late tha= n never). >=20 > One of the patches is adding update code for the fix to the update.sh scrip= t in Core Update 180, as that was still the version in next. >=20 > As CU180 has now been released for Testing, then that update code will like= ly need to be in the update.sh script for CU181. >=20 >=20 > Do I need to resubmit a v2 version of my patch set, once next has been upda= ted to CU181, or can the patch set still be merged without problems as it is? >=20 >=20 > Regards, >=20 > Adolf >=20 >=20 > On 25/09/2023 18:41, Adolf Belka wrote: >> - At long last I have re-visited the patch submission for bug #11048 and f= ixed the issues >> that caused the problems last time I evaluated it in Testing. >> - The insecure package download icon is shown if entry 41 in /var/ipfire/o= vpn/ovpnconfig >> is set to no-pass. The code block on ovpnmain.cgi that deals with this = checks if the >> connection is a host and if the first password entry is a null. Then it= adds no-pass >> to ovpnconfig. >> - The same block of code is also used for when he connection is edited. Ho= wever at this >> stage the password entry is back to null because the password value is = only kept until >> the connection has been saved. Therefore doing an edit results in the p= assword value >> being taken as null even for connections with a password. >> - This fix enters no-pass if the connection type is host and the password = is null, pass if >> the connection type is host and the password has characters. If the con= nection type is >> net then no-pass is used as net2net connections dop not have encrypted = certificates. >> - The code has been changed to show a different icon for unencrypted and e= ncrypted >> certificates. >> - Separate patches are provided for the language file change, the provisio= n of a new icon >> and the code for the update.sh script for the Core Update to update all= existing >> connections, if any exist, to have either pass or no-pass in index 41. >> - This patch set was a joint collaboration between Erik Kapfer and Adolf B= elka >> - Patch set, including the code for the Core Update 180 update.sh script h= as been tested >> on a vm testbed >> Fixes: Bug#11048 >> Tested-by: Adolf Belka >> Suggested-by: Adolf Belka >> Suggested-by: Erik Kapfer >> Signed-off-by: Adolf Belka >> --- >> html/cgi-bin/ovpnmain.cgi | 75 +++++++++++++++++++++++---------------- >> 1 file changed, 44 insertions(+), 31 deletions(-) >> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi >> index 5afe54f55..eb89c5095 100755 >> --- a/html/cgi-bin/ovpnmain.cgi >> +++ b/html/cgi-bin/ovpnmain.cgi >> @@ -4370,9 +4370,15 @@ if ($cgiparams{'TYPE'} eq 'net') { >> $confighash{$key}[39] =3D $cgiparams{'DAUTH'}; >> $confighash{$key}[40] =3D $cgiparams{'DCIPHER'}; >> - if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq ""))= { >> - $confighash{$key}[41] =3D "no-pass"; >> - } >> + if ($confighash{$key}[41] eq "") { >> + if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PA= SS1'} eq "")) { >> + $confighash{$key}[41] =3D "no-pass"; >> + } elsif (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CE= RT_PASS1'} ne "")) { >> + $confighash{$key}[41] =3D "pass"; >> + } elsif ($cgiparams{'TYPE'} eq 'net') { >> + $confighash{$key}[41] =3D "no-pass"; >> + } >> + } >> $confighash{$key}[42] =3D 'HOTP/T30/6'; >> $confighash{$key}[43] =3D $cgiparams{'OTP_STATE'}; >> @@ -5512,20 +5518,24 @@ END >> } >> - print <> - $active >> + if ($confighash{$key}[41] eq "pass") { >> + print <> + $active >> -
>> - >> - >> - >> -
>> +
>> + > + alt=3D'$Lang::tr{'dl client arch'}= ' title=3D'$Lang::tr{'dl client arch'}' border=3D'0' /> >> + >> + >> + >> +
>> END >> - ; >> - if ($confighash{$key}[41] eq "no-pass") { >> + ; } elsif ($confighash{$key}[41] eq "no-pass") { >> print <> -
>> + $active >> + >> + >> > alt=3D'$Lang::tr{'dl client arch insecure'}' title=3D'$Lang::tr{'dl clie= nt arch insecure'}' border=3D'0' /> >> >> @@ -5533,7 +5543,7 @@ END >> >>
>> END >> - } else { >> + ; } else { >> print " "; >> } >> @@ -5609,30 +5619,33 @@ END >> # If the config file contains entries, print Key to action icons >> if ( $id ) { >> print <> - >> - >> +
>> + >> >> - >> - >> + >> + >> + >> + >> >> >> + >> + >> + >> + >> + >> + >> + >> + >> + >> + >> + =20 >> + >> >> >> >> >> - >> - >> - >> - >> - >> - >> - >> - >> - >> - >> - >> - >> -
  $Lang::tr{'legend'}:  3D'$Lang::tr{'click$Lang::tr{'click to disable'}    3D'?=$Lang::tr{'dl client arch insecure'}    3D'?RELOAD'/$Lang::tr{'dl client arch'}    3D'$Lang::tr{'show$Lang::tr{'show certificate'}    3D'$=$Lang::tr{'show otp qrcode'}
      =3D'?FLOPPY'$Lang::tr{'download certificate'}  3D'?OFF'$Lang::tr{'click to enable'}  3D'$Lang::tr{'cl=$Lang::tr{'click to disable'}    3D'$Lang::tr{'edit'}=$Lang::tr{'edit'}    3D'$Lang::tr{'remo=$Lang::tr{'remove'}
    3D'?OFF'$Lang::tr{'click to enable'}    3D'?FLOPPY'$Lang::tr{'download certificate'}    3D'?RELOAD'/$Lang::tr{'dl client arch'}    3D'$Lang::tr{'sho=$Lang::tr{'show otp qrcode'}

>> + >> +
>> END >> ; >> } --===============1212132402071727448==--