[PATCH 1/5] ovpnmain.cgi: Fix for bug#11048 - insecure download icon shown for connections with a password
- The insecure package download icon is shown if entry 41 in /var/ipfire/ovpn/ovpnconfig is set to no-pass. The code block on ovpnmain.cgi that deals with this checks if the connection is a host and if the first password entry is a null. Then it adds no-pass to ovpnconfig. - The same block of code is also used for when he connection is edited. However at this stage the password entry is back to null because the password value is only kept until the connection has been saved. Therefore doing an edit results in the password value being taken as null even for connections with a password. - This fix enters no-pass if the connection type is host and the password is null, pass if the connection type is host and the password has characters. If the connection type is net then no-pass is used as net2net connections dop not have encrypted certificates. - The code has been changed to show a different icon for unencrypted and encrypted certificates. - Separate patches are provided for the language file change, the provision of a new icon and the code for the update.sh script for the Core Update to update all existing connections, if any exist, to have either pass or no-pass in index 41. - This patch set was a joint collaboration between Erik Kapfer and Adolf Belka - Patch set, including the code for the Core Update 175 update.sh script has been tested on a vm testbed
Fixes: Bug#11048 Tested-by: Adolf Belka adolf.belka@ipfire.org Tested-by: Erik Kapfer ummeegge@ipfire.org Suggested-by: Adolf Belka adolf.belka@ipfire.org Suggested-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- html/cgi-bin/ovpnmain.cgi | 72 +++++++++++++++++++++++---------------- 1 file changed, 42 insertions(+), 30 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 51d6e8431..50ad21e79 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4327,8 +4327,14 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[39] = $cgiparams{'DAUTH'}; $confighash{$key}[40] = $cgiparams{'DCIPHER'};
- if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) { - $confighash{$key}[41] = "no-pass"; + if ($confighash{$key}[41] eq "") { + if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) { + $confighash{$key}[41] = "no-pass"; + } elsif (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} ne "")) { + $confighash{$key}[41] = "pass"; + } elsif ($cgiparams{'TYPE'} eq 'net') { + $confighash{$key}[41] = "no-pass"; + } }
$confighash{$key}[42] = 'HOTP/T30/6'; @@ -5470,20 +5476,24 @@ END }
- print <<END; - <td align='center' $col1>$active</td> + if ($confighash{$key}[41] eq "pass") { + print <<END; + <td align='center' $col1>$active</td>
- <form method='post' name='frm${key}a'><td align='center' $col> - <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' /> - <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' /> - <input type='hidden' name='KEY' value='$key' /> - </td></form> + <form method='post' name='frm${key}a'><td align='center' $col> + <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn_encrypted.png' + alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' /> + <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' /> + <input type='hidden' name='MODE' value='secure' /> + <input type='hidden' name='KEY' value='$key' /> + </td></form> END - ;
- if ($confighash{$key}[41] eq "no-pass") { + ; } elsif ($confighash{$key}[41] eq "no-pass") { print <<END; - <form method='post' name='frm${key}g'><td align='center' $col> + <td align='center' $col1>$active</td> + + <form method='post' name='frm${key}a'><td align='center' $col> <input type='image' name='$Lang::tr{'dl client arch insecure'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch insecure'}' title='$Lang::tr{'dl client arch insecure'}' border='0' /> <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' /> @@ -5491,7 +5501,7 @@ END <input type='hidden' name='KEY' value='$key' /> </td></form> END - } else { + ; } else { print "<td $col> </td>"; }
@@ -5567,30 +5577,32 @@ END # If the config file contains entries, print Key to action icons if ( $id ) { print <<END; - <table border='0'> - <tr> + <table width='85%' border='0'> + <tr> <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td> - <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td> - <td class='base'>$Lang::tr{'click to disable'}</td> + <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td> + <td class='base'>$Lang::tr{'dl client arch insecure'}</td> + <td> <img src='/images/openvpn_encrypted.png' alt='?RELOAD'/></td> + <td class='base'>$Lang::tr{'dl client arch'}</td> <td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td> <td class='base'>$Lang::tr{'show certificate'}</td> + <td> <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td> + <td class='base'>$Lang::tr{'show otp qrcode'}</td> + </tr> + <tr> + <td> </td> + <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td> + <td class='base'>$Lang::tr{'download certificate'}</td> + <td> <img src='/images/off.gif' alt='?OFF' /></td> + <td class='base'>$Lang::tr{'click to enable'}</td> + <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td> + <td class='base'>$Lang::tr{'click to disable'}</td> <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td> <td class='base'>$Lang::tr{'edit'}</td> <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td> <td class='base'>$Lang::tr{'remove'}</td> - </tr> - <tr> - <td> </td> - <td> <img src='/images/off.gif' alt='?OFF' /></td> - <td class='base'>$Lang::tr{'click to enable'}</td> - <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td> - <td class='base'>$Lang::tr{'download certificate'}</td> - <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td> - <td class='base'>$Lang::tr{'dl client arch'}</td> - <td> <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td> - <td class='base'>$Lang::tr{'show otp qrcode'}</td> - </tr> - </table><br> + </tr> + </table><br> END ; }
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- langs/de/cgi-bin/de.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 33730f0c3..b9665e62d 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -817,7 +817,7 @@ 'display hostname in window title' => 'Hostname im Fenstertitel anzeigen', 'display traffic at home' => 'Berechneten Traffic auf der Startseite anzeigen', 'display webinterface effects' => 'Überblendeffekte einschalten', -'dl client arch' => 'Client Paket herunterladen (zip)', +'dl client arch' => 'Verschlüsseltes Client Paket herunterladen (zip)', 'dl client arch insecure' => 'Ungesichertes Client-Paket herunterladen (zip)', 'dmz' => 'DMZ', 'dmz pinhole configuration' => 'Einstellungen des DMZ-Schlupfloches',
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- langs/en/cgi-bin/en.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 729516538..7b1670494 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -859,7 +859,7 @@ 'display hostname in window title' => 'Display hostname in window title', 'display traffic at home' => 'Display calculated traffic on startpage', 'display webinterface effects' => 'Activate effects', -'dl client arch' => 'Download Client Package (zip)', +'dl client arch' => 'Download Encrypted Client Package (zip)', 'dl client arch insecure' => 'Download insecure Client Package (zip)', 'dmz' => 'DMZ', 'dmz pinhole configuration' => 'DMZ pinhole configuration',
- This uses a padlock icon from https://commons.wikimedia.org/wiki/File:Encrypted.png - The license for this image is the following:- This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See version 2.1 and version 3 of the GNU Lesser General Public License for more details. - Based on the above license I believe it can be used by IPFire covered by the GNU General Public License that is used for it. - The icon image was made by taking the existing openvpn.png file and superimposing the padlock icon on top of it at a 12x12 pixel format and naming it openvpn_encrypted.png
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/web-user-interface | 1 + html/html/images/openvpn_encrypted.png | Bin 0 -> 7004 bytes 2 files changed, 1 insertion(+) create mode 100644 html/html/images/openvpn_encrypted.png
diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index 33f0d30a7..9aec3bdbc 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -233,6 +233,7 @@ srv/web/ipfire/html/images/off.gif srv/web/ipfire/html/images/on.gif srv/web/ipfire/html/images/openvpn.gif srv/web/ipfire/html/images/openvpn.png +srv/web/ipfire/html/images/openvpn_encrypted.png srv/web/ipfire/html/images/package-x-generic.png srv/web/ipfire/html/images/printer-error.png srv/web/ipfire/html/images/printer.png diff --git a/html/html/images/openvpn_encrypted.png b/html/html/images/openvpn_encrypted.png new file mode 100644 index 0000000000000000000000000000000000000000..873c6c46113df0b973022c9c0f3a01cba19c0fbd GIT binary patch literal 7004 zcmeHKc{J4h_aFOO_9gXbnigAQHq4kzw!tXMmaH)=BQwLyFry?{LbM1GQiyih+AL9) z$W{_XNGVHsEM-gb`%q6$&+qp==XaiSe!u^kIiKym?|r@Reck)M=lzbe+hw&%QcV&B z0<E$p;2nUc?D8cp3f$L!S|S3ETL+w6xDG@fIDpNf(fz4lZb$$XOy$#QAP~RX)6R5t z4OqH-Na>(ig!z#n_^qUwNZjFklfBAuwQ*3fQ*S?oHReWBRZeQLs6EL8bvrK$yB<tN zWqdhnm8-Cob1$}9&gE&3Q%qQ^t%}Aq{3J~;wTH8L3T*Zbr568$sVF`}blS2WOWeLM zXjpBYcWPJs&YlDJWQ-<LX9!AW7;igT^#Y_+$f>izpU`1%ZnMj!y61AJ!0SJ4j!8q` zxPd^DSh~5not-a>%i{R50>IYh=6{6(1dw^|4A04_OF5>kl6N4x1+J)NK3=&BT#3HY zjwhzA@zxYtjnXUHkRvE(ffrUXjev+I9EB7?jzx!iKTtmfzEJC}Xm1~aDt6|+dsms7 z+P~iC(Ejt4vpApeL!D)yQx%K%D!49^;d)u&>)*WFaWdgpK6ybvdIBWW4Dv2Uq6E!w zHQ|Kq>denJi3)QN@o+S+RtJPWUJ*IWomjF?PkEpc+b$gUBBG^{5_i|G_R7l$>7qlH zwH<Sch#F1ACkrvfqKY&Hm6sDGZIEs8XV2A><6T1EO9!jDH{&3E>6-^*RVP&f?UhrL zpl{qEoi<AOffiq#*JacbX@cR9xG}-iI@Y!MkS&unX0PxSilB8`lR77sj)`QhJ2L0M z99eTOlu0@rUeMH@oAI(6Ioy}|(dmSVw_+_N4?gc-=6=9UG$~c8`pr4xot7T%WtST| zX}3E&E#KGEyp%?(nBQ#U4we&cMi|dZ=S&|eT1@defCDAC+B1Sfi|WQjE|5{6soAO* zdNP7wtx@-d>b<ksaYLJ}!3~8dL}P2K!F#q#{hNqy*-Il6=+Dn*6Y563Y0C7TOR84P zmmGdmR@CnJEIRZ6O*E-4d+lOK>{8%suk$tVsHExv4nHS0;AwJTNL)_vrxzXq=yO&> zQ{NmFmWVITmtwjg_G;S&{H`NTsa+5p?AjilBP$@!F)0;Ve2P9Cijl3V5Pu$5cW-Iy zaDT}|>YL3;8FPlM&`k-g@>3<sv$bvV7X$<dg4%W<Z4;qk!HwRl{ljqqqUzNu!Vz#; z5oZBqf*?Iyrr31*3-Mzn5-$XTBmL~8)Jzn71vE^=FspRKn_gq@3NRzZyoD1YhrC5A z1U|_M6E`67M-;((2vW%K<_)5Q;vpvA?8FsC>P+KgW#rA~pKQ4-tQ~VT8+%#ei#k@s zGrYho@(IpYF+CzIrmsfaCgMsV^7^WbYUvjuGm$l~Qvx6rYORq{17iV79y04Adj_N? zg60g21dU^S<icg;)N+ohZji2BC4tXL6plK1-TYYMj*IGa)3Q_h2Dcz1Y&MSDsVa(C zSgpzaXy14Fou;y%zTY2L755y+M)+AxUts1~+M_P-_C>l$Fv4$}FI?F8G;Y|RD_17p z8_P8JGV8ZIncMFTS5>nVBS%iw<B6vc`{8+Mi)qfyA<bZ#G%CK1q*N&CBIXZ16Q|@I zUwE+SQQ=Ub`HR4h?(5_(9YZ||d6N@p<RMTX&r{?nqoXpaTi)hPxbe4zg0qgd)uj%s zo$#C!_=*Y30^2^>fRTMD-WYW}O503oKz?AufKnpCNuygnGS1_TC`oA&GbtIEJa=M~ zdAr8FL=wTQJ-D6N9@36$*Fm1WZX3MCDoJE;Y;enz#T0qUUE)|&QPfFccTy$(IKI60 zRIQYC#l<rh;|H}HjT(0}CY=^K{mg-{#n3`)<#%AOs9kY%sBtK1SEQpxOh)uZ97b~6 z_vUF(3z6MOb)^4Uv$N(%6>7bvxJBd}OQOAjy_#mK=36J}Ju#!^w)to5s&Z!>eJE54 zlv+dOQ1(;W8csZsO*d$XIkQ72_uPfv?8;QfGn~Y?4UDAyiEB@1BzZx`x3(q1&ahId zpiBFX6uizpl~d@LZ9b3)*<tU6a6!0FhQHZdH?p~7^UO|{oySr$UD#d{&h2|8?cH*@ zge$x0&aM_OcN&_9+?=v_M^{QeR<fgbNAzRY6s<kSuI6g*y=69?If^RV+8dp<<7Uq6 z6Q7Rcj*90|enEbVexF9MqfO7HI^3VHr_1W8s!6CRsr9O%(yyiqq|c|fq|e@(aFf2V z=?2cN(v8!N?Uw6yFWpwE5i}SS%AMk-2dR&q4m!u(`=RqgUwh3k;<Ll&nGd~BVy16= zPWrt6vzWBE(0-wU2Vs$>=B3#;HnbJ?1-yu*43d(m9sYWLHmDi2F8oh;7%_(~&nSL& zv1>5tN(%idJ#s_{wFc!?B3PnZ(%&-O;`(0y{hh51%2~=EpjhZWH#HabRvDMRTRAQw zE{vkl+h2Sc<d!?kqO9VlrEw)MeNfF8kP)hR2|BlZ-S_rP-@e4?f9cvI@p0FSMH-88 zo^-e)jD4lmp|$;J9(ncXYMU5rjGR>&IrFXQBRLIyjeN(-X9_;6d~S1cKSjl7?JRCW zq^cC;7ld{hbQz+z-MPga>XqZcW=XSQGHXu0Q-7|0689XZfXl%7R9vs<<e!_hJh%`t z{#kv-eug-&H{U$hJy$S2Ho0*=`pcdL++^46&;n1STHwAwxuCl4Gq-y8PC0SGLxMb! z?UL;hZhw3x!?$2G?{1l+$GQ^22rSLbdIq0;hcn<^g~f$pO+l$rsl1q-M;}F@quVU* zS|wX0;M4I1$1BwHRO^n9Ce&NTSfMT33MO2N4%YD#_So1rpG(2&aGdvf=H1l}dVbcW z(S`Q05ySPszj}ICrrCss;~4a5gn50HZaRJ|W;%1MxxjmO;5y8^%sAngsHvz%d`zup zoTK$F>lEu}9%!ciEVY=&W=whP@P0gy9NiJy(W&R*=FzQ{B@K)2N-8*=m9#yLc*;H* zQQXa({_{C1)Hsa1CHWq*#L+})(PmmAC^{oL*Y$*}zALMwreybf!q5c!3wxS#=iRQs zkoSkmMQ<IwmA}mkdYJre*e&%|(1!~_lOM{u_Fsp27~g-ezb5f`)N!q~hqd8QO&GsY zi{!XBn>}#!VNuJzjEwkA$L1_*+&|vwU|KNVF~|C8MU3&=yX!u_*}pk|bIRuRJ6!X+ z?jsiRM>C?wBzhK_t~agzSpD(!*xiz6^r1xd$W+Btk*7d;x6ZIqozhL-qd)Jv(Oq53 zV+yVA`doZmb(M4TecvAkjh!_1^cMu)p!Z%XW%b;@xA<|<Tr5+jv_re=OvioW1|0uR z>$QT)edYJ3WZ&C$W?x!0u&S~jd7t6u<iC~vm7m7r4-y&@v$ka9=jZOQYDyoV5kGYl zrIFG1IZFj4b(ixBQaat(>(;5LAD%h%YL>Ta?%eS9M$F5p$WEDsZcRqrnB76<f{m5K zBZ809&}*%J$6n7FPlmDD5`V6=dn6rI?DM!)zEwHP6O+ng&V<&_k4VL-)R&RV*Lx&X z@ULmyy|i??KTjtW2lM(EG=k&R4LlyX7QA=2C)wk}UFM<6%C@UF$26{;@BVUQp-0SL z6w7+iH>~D?<p(#=hacL`W~8#_UzLR&d^z@DThsWfKTfPszt?nsTL^5ruW7+`c4)mn zKQ_$eD`C|B9XapOwDE_<S6C8`P3t&RI&M9jBu2hoG*m_THbtzM(3+>eiyFm0yEs2M zqSba~ZJV>v+QV6sp<!jidq=!xE1w*itYNiQO}F4%6RHNQJmxAtr#!q?a}(;tYZGnR z9+osi3oDqr@vvv(xa#<UeyfV}X>H%a7wx9)$H`q9Rl8+W+Le{Ri3p{A`f9LFrXAQG z^Xb4g*u~ZcOJ*^2i4+!zs>^2t0Q+MQ$jF!<KqT*{a=|3351omFjF(qIz;p@@vRB_0 zZW~}u^`#RIu&Is*b~%v`>?a#iAjaDzjrdpqfI;OF!F+~4lY`~sAS<|7;C)#PgMe35 zxchMs7h5~9Ig3pN>*?z0!l4#?dN2~QT@q}>rqHksc*`FUz!whU%jE`OVK5$#r^`d> zve-T_grT7!432~$kx)Pb$_Zg|iF_!NvvC>XI|iQ0A+zZLTsn&hUdAMnSV3GI1OkkM z|MHI!U~Bsmp2_*a0>B51PYi$|bm1@t1NN&0hiefGfc$XiKU#2{fYSubfy!Y8vB^}6 zU@DWl@mB~6`KNtA5Ziwx910mm^`|lbRSqyK;vZ95S=-wEv{<IVht3FCu>#2chbEU! z`<twP__jQ<63(xV0Omh&|DpX?>?_KEmaQ!o&mspcyJwBZL6+yoQdnd<1-tSJN01E+ zFl00o2`3ps^=JqR6hkHfH=;fjV*p1O67`9{Kv^?6Tq2W9U4{a{b?E>O(Ey1?Q_#SM zfwBx?NTxtZBpMNFK+;2_C<p`wMMeGsv71c?s*>pct5?fV6ab2X(lbO;_4T1hA_flC zBf<5dL^u)+r5IqSR1(bqi9w@RpeSUlC5z1<0_mhPh(1(U0Mln>V3}~Nshu?rg4Bio zEwS?_a%q484q`)R2J!zMaH2D)j$Gn0n+OAp9twdlK<OD^^bO$OCtAUCrm{IeB`#wk z;JPTi74zk^V1Zx&Vu{Oj3IMFgfmpESY$}n<Vmq-|{y4}o1bEr<=ddlXoG3&t5l`e& z0Z=#+g@x;55ojj_9E*fwQAiy)5)1!DpGBe5LjE`H<;4Rw`krzEode7tvLgDvq8zD# z-@m?p`qNjI5*WO)D6mBG_YgS5U@B$BPXO!t5ZRZ=^q~UX<43vvC8z&~QXm;n^?+QF zp>RDakUxF2KGcv(G=!qaWCJP!rB5Ow{u?@nMdR{_Y^tdbz$3sFP@XGXfi+hWrS(r= zc)rx-EC7T-fztS!Fufmy!F~h`TkaWuMQjB7ADkGiDE!i70K4xppm_nk5cabf{@`r6 z?fgIfe&pi+aRvbT_ay&{-`{lort4oZ@UN7ASJ!X4{uKlNO8Iwn{h!e#`S)>($^>>n zJm9cY0ym2X4qBq5omP0z((?a8<)tJ*A`w7v<$yp^3d@%OC_PgZ5Q=fFZ7sxxMC8O3 zA@Zx{*MLBR`>gS%PM9V}(r$tiQL*lD|7;ej8{@2rPbYY<UUU_9wT}--v>5YqWU%GT zZsgf!<bY4*Fc^X=q-%nv+S1&_qb?nGt~5Vs-THMgX@RuNknx3Qq-JzJFK8h1;Gc#n z1(>kKmz*2Z7LTbCSBv}QlN?q*>FXVr*|lkGDKE*fbL}DDO7!fFT{g^z3rB|-2YFRN z0;MnSHm^UNVB8*`8}AJr?N!Lk^^9um^&CpOwMIhxMiA&C&2D35L+7*DEUnrWy6?DI z)wp@vNs*n&`&3Lus*hx;TaH4)9zpxUcEP^{st0`(MS4VjGf<o;6{v<vsg`zPP6!E3 zl_DnxR9^0pc@#MRc@M{~KGwP3gY){##<VH;>(X-@w!2=?UW`=uV@NC6sJO(jS>N-0 z!;$yZN06pbkJmmaJZX3-%Y_4dnX>LMGQ=(Td7)D;2&!@C{*kJD=jI_oOI=)d|L~W} zyVsiVd(>b~@gCNNdTV|3Q+pv1NRNZ?dM#YTbDi>g+y~(Yj-0n9HOfzUq?6^5H&s>r z-UekSb>^2n-sm?WNysqMRB0f7l6qCXc-q5s^0JT2!$4D~fw`d9D)!p);&VI538vx# zc_Okp;w25={y0-Xmdo2j5GWSis!Fy?kxRI(N-kVojZBkHK69nbZ`9}lR=Q_XtgLvv zzFNPG@I+{|j(~83MPW!RKeO^#19qombsYp=|5|6y(TlPQljj?2it4-l+Lg;IB{x7! zgbgZlg<OIy&5sC?89tDdHC{HC$d6Y=FPv8woE#^P)$hJNaY(CK#W<x4vQ@bGtB8WG Wi<pASU;<ElAZv?V_yRNUi2nlR@?R_f
literal 0 HcmV?d00001
- The code checks first if ovpnconfig exists and is not empty. - Then it makes all net2net connections no-pass since they do not use encryption - Then it cycles through all .p12 files and checks with openssl if a password exists or not. If a password is present then pass is added to index 41 and if not then no-pass is added to index 41 - This code should be left in update.sh for future Core Updates in case people don't update with Core Update 175 but leave it till later. This code works fine on code that already has pass or no-pass entered into index 41 in ovpnconfig
Fixes: Bug#11048 Suggested-by: Erik Kapfer ummeegge@ipfire.org Suggested-by: Adolf Belka adolf.belka@ipfire.org Tested-by: Erik Kapfer ummeegge@ipfire.org Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/core/175/update.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
diff --git a/config/rootfiles/core/175/update.sh b/config/rootfiles/core/175/update.sh index 03ce4a93d..8ed34f39e 100644 --- a/config/rootfiles/core/175/update.sh +++ b/config/rootfiles/core/175/update.sh @@ -175,6 +175,30 @@ if [ -e /boot/pakfire-kernel-update ]; then /boot/pakfire-kernel-update ${KVER} fi
+## Modify ovpnconfig according to bug 11048 for pass, no-pass modification in ovpnconfig index +# Check if ovpnconfig exists and is not empty +if [ -s /var/ipfire/ovpn/ovpnconfig ]; then + # Make all N2N connections 'no-pass' since they do not use encryption + awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + + # Evaluate roadwarrior connection names for *.p12 files + for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do + # Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index + if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'Encrypted') ]]; then + awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + fi + # Sort all encrypted roadwarriors out and set 'pass' in [43] index + if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'error') ]]; then + awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + fi + done +fi + +# Replace existing ovpnconfig with updated index +mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig +# Set correct ownership +chown nobody:nobody /var/ipfire/ovpn/ovpnconfig + # This update needs a reboot... touch /var/run/need_reboot
-
Adolf Belka