[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 83803caf386c3a7fd55215ecad348131be56bba6 - IPFire-SCM

20 Jul 2013

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
       via  83803caf386c3a7fd55215ecad348131be56bba6 (commit)
       via  c125d8a2b4770e3cd63ef18ae720dd6e5fb8576c (commit)
       via  92b87e17f1497be27cc61038b4852b00e84f5d15 (commit)
       via  f48074bacbf1e3835ca8975d82e5dd2dc514bcb1 (commit)
      from  6666897c5c4f6e328e56e66e53750a906ef04ee6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 83803caf386c3a7fd55215ecad348131be56bba6
Merge: 6666897 c125d8a
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sat Jul 20 11:08:56 2013 +0200
Merge remote-tracking branch 'stevee/ovpnmain.cgi-fixes' into next
commit c125d8a2b4770e3cd63ef18ae720dd6e5fb8576c
Author: Stefan Schantl stefan.schantl@ipfire.org
Date:   Wed Jul 17 22:30:29 2013 +0200
ovpnmain.cgi: Allow to keep the Remote field empty for N2N connections.
* It's now possible to keep the Remote Host/IP field empty.
    * Cleaned up code.
Fixes #10392.
commit 92b87e17f1497be27cc61038b4852b00e84f5d15
Author: Stefan Schantl stefan.schantl@ipfire.org
Date:   Wed Jul 17 21:01:14 2013 +0200
ovpnmain.cgi: Set mtu-disc to off if not configured.
Fixes #10391.
commit f48074bacbf1e3835ca8975d82e5dd2dc514bcb1
Author: Stefan Schantl stefan.schantl@ipfire.org
Date:   Wed Jul 17 19:58:20 2013 +0200
ovpnmain.cgi: Add check for a valid N2N network.
Fixes #10390.
-----------------------------------------------------------------------
Summary of changes:
 html/cgi-bin/ovpnmain.cgi | 67 ++++++++++++++++++++++++++---------------------
 1 file changed, 37 insertions(+), 30 deletions(-)
Difference in files:

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index a4953ff..5e18d3c 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -127,21 +127,6 @@ sub sizeformat{
     return("$newsize $units[$i]");
 }
-sub valid_dns_host {
-	my $hostname = $_[0];
-	unless ($hostname) { return "No hostname"};
-	my $res = new Net::DNS::Resolver;
-	my $query = $res->search("$hostname");
-	if ($query) {
-		foreach my $rr ($query->answer) {
-			## Potential bug - we are only looking at A records:
-			return 0 if $rr->type eq "A";
-		}
-	} else {
-		return $res->errorstring;
-	}
-}
-
 sub cleanssldatabase
 {
     if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
@@ -982,7 +967,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   print SERVERCONF "persist-key\n";
   print SERVERCONF "script-security 2\n";
   print SERVERCONF "# IP/DNS for remote Server Gateway\n"; 
+
+  if ($cgiparams{'REMOTE'} ne '') {
   print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
+  }
+
   print SERVERCONF "float\n";
   print SERVERCONF "# IP adresses of the VPN Subnet\n"; 
   print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; 
@@ -2339,6 +2328,9 @@ ADV_ERROR:
     if ($cgiparams{'LOG_VERB'} eq '') {
    $cgiparams{'LOG_VERB'} =  '3';
     }
+    if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
+	$cgiparams{'PMTU_DISCOVERY'} = 'off';
+    }
     $checked{'CLIENT2CLIENT'}{'off'} = '';
     $checked{'CLIENT2CLIENT'}{'on'} = '';
     $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
@@ -3520,6 +3512,14 @@ if ($cgiparams{'TYPE'} eq 'net') {
       goto VPNCONF_ERROR;			
    	}
+    # Check if the input for the transfer net is valid.
+    if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){
+			$errormessage = $Lang::tr{'ccd err invalidnet'};
+			unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+			goto VPNCONF_ERROR;
+		}
+
     if ($cgiparams{'OVPN_SUBNET'} eq  $vpnsettings{'DOVPN_SUBNET'}) {
    		$errormessage = $Lang::tr{'openvpn subnet is used'};
    		unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
@@ -3603,34 +3603,38 @@ if ($cgiparams{'TYPE'} eq 'net') {
        }
    }
-	if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) {
+	# Check if a remote host/IP has been set for the client.
+	if ($cgiparams{'REMOTE'} eq '' && $cgiparams{'SIDE'} ne 'server') {
        $errormessage = $Lang::tr{'invalid input for remote host/ip'};
+
+	    # Check if this is a N2N connection and drop temporary config.
        if ($cgiparams{'TYPE'} eq 'net') {
-      unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
-	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
-      }
+		unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+		rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+	    }
        goto VPNCONF_ERROR;
    }
-	if ($cgiparams{'REMOTE'}) {
+	# Check if a remote host/IP has been configured - the field can be empty on the server side.
+	if ($cgiparams{'REMOTE'} ne '') {
+
+	    # Check if the given IP is valid - otherwise check if it is a valid domain.
        if (! &General::validip($cgiparams{'REMOTE'})) {
+
+		# Check for a valid domain.
    	if (! &General::validfqdn ($cgiparams{'REMOTE'}))  {
    	    $errormessage = $Lang::tr{'invalid input for remote host/ip'};
+
+		    # Check if this is a N2N connection and drop temporary config.
    	    if ($cgiparams{'TYPE'} eq 'net') {
-        unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
-	      rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
-        }
+			unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	      		rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+        	    }
    	    goto VPNCONF_ERROR;
-		} else {
-		    if (&valid_dns_host($cgiparams{'REMOTE'})) {
-			$warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}";
-			if ($cgiparams{'TYPE'} eq 'net') {
-
-      }
-		    }
    	}
        }
    }
+
    if ($cgiparams{'TYPE'} ne 'host') {
             unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
                $errormessage = $Lang::tr{'local subnet is invalid'}; 
@@ -4147,6 +4151,9 @@ if ($cgiparams{'TYPE'} eq 'net') {
     $checked{'MSSFIX'}{'on'} = '';
     $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
+    if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
+	$cgiparams{'PMTU_DISCOVERY'} = 'off';
+    }
     $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked'';
hooks/post-receive
--
IPFire 2.x development tree

    