This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 1e499e90d76743efe0c9cf71c75636559f980fe3 (commit) via 187590f791bc7b96da5d70469783dae4a5bd00df (commit) via 831a5ef6ad5bbdc158a5fb40a4db78a7d419f082 (commit) via 82e454712bc7510c0b03ad87bae1143a3c361274 (commit) via 323be7c44f30b762655aa621bf5f97d5f19ecb29 (commit) from 2f3e47a042ced0b90c448840765c22d3fb1f44a6 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 1e499e90d76743efe0c9cf71c75636559f980fe3 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Apr 10 13:32:48 2015 +0200
openvpn: Stop N2N connections before they are removed
commit 187590f791bc7b96da5d70469783dae4a5bd00df Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Apr 10 13:27:32 2015 +0200
openvpn: Move remving files in /var/run to openvpnctrl
commit 831a5ef6ad5bbdc158a5fb40a4db78a7d419f082 Author: Alexander Marx alexander.marx@ipfire.org Date: Fri Apr 10 13:16:33 2015 +0200
core89: Update OpenVPN configuration during the update
commit 82e454712bc7510c0b03ad87bae1143a3c361274 Author: Alexander Marx alexander.marx@ipfire.org Date: Fri Apr 10 13:13:02 2015 +0200
ovpnmain.cgi: Remove duplicate code to remove a connection
commit 323be7c44f30b762655aa621bf5f97d5f19ecb29 Author: Alexander Marx alexander.marx@ipfire.org Date: Fri Apr 10 13:12:14 2015 +0200
ovpnmain.cgi: Fix indentation and code cleanup
No functional change
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/stage2 | 1 + config/rootfiles/core/89/filelists/files | 1 + config/rootfiles/core/89/update.sh | 3 + html/cgi-bin/ovpnmain.cgi | 132 +++++++++++-------------------- src/misc-progs/openvpnctrl.c | 32 +++++--- src/scripts/ovpn-collectd-convert | 26 ++++++ 6 files changed, 98 insertions(+), 97 deletions(-) create mode 100644 src/scripts/ovpn-collectd-convert
Difference in files: diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index 44f24b4..f506daf 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -124,6 +124,7 @@ usr/local/bin/update-lang-cache #usr/local/src #usr/sbin usr/sbin/ovpn-ccd-convert +usr/sbin/ovpn-collectd-convert #usr/share #usr/share/doc #usr/share/doc/licenses diff --git a/config/rootfiles/core/89/filelists/files b/config/rootfiles/core/89/filelists/files index 2be73d7..70c5f3d 100644 --- a/config/rootfiles/core/89/filelists/files +++ b/config/rootfiles/core/89/filelists/files @@ -13,6 +13,7 @@ srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi usr/local/bin/collectdctrl usr/local/bin/openvpnctrl +usr/sbin/ovpn-collectd-convert usr/sbin/setup var/ipfire/backup/bin/backup.pl var/ipfire/graphs.pl diff --git a/config/rootfiles/core/89/update.sh b/config/rootfiles/core/89/update.sh index bc80709..e15f937 100644 --- a/config/rootfiles/core/89/update.sh +++ b/config/rootfiles/core/89/update.sh @@ -66,6 +66,9 @@ rm -f \ /opt/pakfire/db/*/meta-sqlite \ /opt/pakfire/db/rootfiles/sqlite
+# Update OpenVPN/collectd configuration +/usr/sbin/ovpn-collectd-convert + # Fix #10625 mkdir -p /etc/logrotate.d
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 1a29be0..9550ca6 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -1189,6 +1189,9 @@ SETTINGS_ERROR: my $file = ''; &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
+ # Kill all N2N connections + system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null"); + foreach my $key (keys %confighash) { my $name = $confighash{$cgiparams{'$key'}}[1];
@@ -1237,9 +1240,6 @@ SETTINGS_ERROR: while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) { system ("rm -rf $file"); } - while ($file = glob("/var/run/openvpn/*-n2n")) { - unlink $file; - }
# Remove everything from the collectd configuration &writecollectdconf(); @@ -2343,75 +2343,69 @@ else
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { - &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
- if ($confighash{$cgiparams{'KEY'}}) { -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); -# } -# - my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; + if ($confighash{$cgiparams{'KEY'}}) { + my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
### # m.a.d net2net ###
-if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { - my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); - my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); - unlink ($certfile); - unlink ($conffile); + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { + # Stop the N2N connection before it is removed + system("/usr/local/bin/openvpnctrl -kn2n $confighash{$cgiparams{'KEY'}}[1] &>/dev/null");
- if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") { - rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; - } + my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); + my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ($certfile); + unlink ($conffile);
- unlink("/var/run/openvpn/$confighash{$cgiparams{'KEY'}}[1]-n2n"); -} + if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") { + rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; + } + }
- unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
# A.Marx CCD delete ccd files and routes
- - if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]") - { - unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]"; - } - - &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); - foreach my $key (keys %ccdroutehash) { - if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ - delete $ccdroutehash{$key}; + if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]") + { + unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]"; } - } - &General::writehasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); - &General::readhasharray("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); - foreach my $key (keys %ccdroute2hash) { - if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ - delete $ccdroute2hash{$key}; + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroutehash{$key}; + } } - } - &General::writehasharray("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); - &writeserverconf; - + &General::writehasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); -# CCD end + &General::readhasharray("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); + foreach my $key (keys %ccdroute2hash) { + if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroute2hash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); + &writeserverconf;
- delete $confighash{$cgiparams{'KEY'}}; - my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); +# CCD end + # Update collectd configuration and delete all RRD files of the removed connection + &writecollectdconf(); + system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
- # Update collectd configuration and delete all RRD files of the removed connection - &writecollectdconf(); - system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]"); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } + delete $confighash{$cgiparams{'KEY'}}; + my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + + } else { + $errormessage = $Lang::tr{'invalid key'}; + } &General::firewall_reload();
### @@ -3084,36 +3078,6 @@ END }
### -### Remove connection -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { - &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); - - if ($confighash{$cgiparams{'KEY'}}) { -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); -# } - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); - delete $confighash{$cgiparams{'KEY'}}; - - # Delete RRD's for collectd - system("/usr/local/bin/openvpnctrl", "-drrd", "$confighash{$cgiparams{'KEY'}}[1]", "&>/dev/null"); - - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); - #&writeserverconf(); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } -#test33 - -### -### Choose between adding a host-net or net-net connection -### - -### # m.a.d net2net ###
diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c index 5d3f8af..bba84ca 100644 --- a/src/misc-progs/openvpnctrl.c +++ b/src/misc-progs/openvpnctrl.c @@ -46,6 +46,18 @@ struct connection_struct {
typedef struct connection_struct connection;
+static int recursive_remove_callback(const char* fpath, const struct stat* sb, int typeflag, struct FTW* ftwbuf) { + int rv = remove(fpath); + if (rv) + perror(fpath); + + return rv; +} + +static int recursive_remove(const char* path) { + return nftw(path, recursive_remove_callback, 64, FTW_DEPTH | FTW_PHYS); +} + void exithandler(void) { if(kv) @@ -539,6 +551,7 @@ int startNet2Net(char *name) { int killNet2Net(char *name) { connection *conn = NULL; connection *conn_iter; + int rc = 0;
conn_iter = getConnections();
@@ -571,20 +584,13 @@ int killNet2Net(char *name) { snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile); executeCommand(command);
- return 0; -} - - -static int recursive_remove_callback(const char* fpath, const struct stat* sb, int typeflag, struct FTW* ftwbuf) { - int rv = remove(fpath); - if (rv) - perror(fpath); + char runfile[STRING_SIZE]; + snprintf(runfile, STRING_SIZE - 1, "/var/run/openvpn/%s-n2n", conn->name); + rc = recursive_remove(runfile); + if (rc) + perror(runfile);
- return rv; -} - -static int recursive_remove(const char* path) { - return nftw(path, recursive_remove_callback, 64, FTW_DEPTH | FTW_PHYS); + return 0; }
int deleterrd(char *name) { diff --git a/src/scripts/ovpn-collectd-convert b/src/scripts/ovpn-collectd-convert new file mode 100644 index 0000000..59d67b9 --- /dev/null +++ b/src/scripts/ovpn-collectd-convert @@ -0,0 +1,26 @@ +#!/usr/bin/perl +# Converter script for adding existing OpenVPN N2N connections to collectd +# Used for core update 89 + +my %ovpnconfig=(); + +require '/var/ipfire/general-functions.pl'; + +open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!"; +print COLLECTDVPN "Loadplugin openvpn\n"; +print COLLECTDVPN "\n"; +print COLLECTDVPN "<Plugin openvpn>\n"; +print COLLECTDVPN "Statusfile "/var/run/ovpnserver.log"\n"; + +&General::readhasharray("/var/ipfire/ovpn/ovpnconfig", %ovpnconfig); +foreach my $key (keys %ovpnconfig) { + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] eq 'net') { + print COLLECTDVPN "Statusfile "/var/run/openvpn/$ovpnconfig{$key}[1]-n2n"\n"; + } +} + +print COLLECTDVPN "</Plugin>\n"; +close(COLLECTDVPN); + +# Reload collectd afterwards +system("/usr/local/bin/collectdctrl restart &>/dev/null");
hooks/post-receive -- IPFire 2.x development tree