This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via bd54ff030eee920be813de64e8b4ffec8d57315b (commit) via e2429e8d3452e39128a8c8f2806b97314f9c9470 (commit) via ac87f37110a5cfb41ed65c1b2b83cd3d340ce125 (commit) via df9b48b753cb84e8bd5a338c593202e9aaf1d07f (commit) from 1e0419c8da24544cbadf03f7eadb320cec41e675 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit bd54ff030eee920be813de64e8b4ffec8d57315b Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 28 20:25:28 2012 +0100
Update translations.
commit e2429e8d3452e39128a8c8f2806b97314f9c9470 Author: Alexander Marx amarx@ipfire.org Date: Mon Nov 26 13:13:16 2012 +0100
OpenVPN ccd: created subnet checkfunction in general_functions, because ipsec needs this too!
This should prevent ipsec Hosts/Nets to have same ip addresses than openvpn Hosts/Nets
commit ac87f37110a5cfb41ed65c1b2b83cd3d340ce125 Author: Alexander Marx amarx@ipfire.org Date: Tue Nov 27 14:48:33 2012 +0100
OpenVPN ccd: fixed counter in static networks. Only 63 hosts are possible in /24 subnet Now IP-Range begins with ".2"
commit df9b48b753cb84e8bd5a338c593202e9aaf1d07f Author: Alexander Marx amarx@ipfire.org Date: Tue Nov 27 12:40:36 2012 +0100
OpenVPN ccd: added alphanumeric sort of static networks and under ROUTING, NONE is selected if no route is specified
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/general-functions.pl | 79 +++++++++++++++++++++++++++++++++++++ doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_missings | 4 ++ html/cgi-bin/ovpnmain.cgi | 60 ++++++++++++++-------------- langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 9 files changed, 118 insertions(+), 31 deletions(-)
Difference in files: diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 6055567..c14f990 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -399,6 +399,85 @@ sub validipandmask return 0; }
+sub checksubnets +{ + + my %ccdconfhash=(); + my @ccdconf=(); + my $ccdname=$_[0]; + my $ccdnet=$_[1]; + my $errormessage; + my ($ip,$cidr)=split(///,$ccdnet); + $cidr=&iporsubtocidr($cidr); + + + #get OVPN-Subnet (dynamic range) + my %ovpnconf=(); + &readhash("${General::swroot}/ovpn/settings", %ovpnconf); + my ($ovpnip,$ovpncidr)= split (///,$ovpnconf{'DOVPN_SUBNET'}); + $ovpncidr=&iporsubtocidr($ovpncidr); + + #check if we try to use same network as ovpn server + if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") { + $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>"; + return $errormessage; + } + + #check if we use a network-name/subnet that already exists + &readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + foreach my $key (keys %ccdconfhash) { + @ccdconf=split(///,$ccdconfhash{$key}[1]); + if ($ccdname eq $ccdconfhash{$key}[0]) + { + $errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."<br>"; + return $errormessage; + } + my ($newip,$newsub) = split(///,$ccdnet); + if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1]))) + { + $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>"; + return $errormessage; + } + + } + #check if we use a name which is already used by ovpn + + + + + + #check if we use a ipsec right network which is already defined + my %ipsecconf=(); + &General::readhasharray("${General::swroot}/vpn/config", %ipsecconf); + foreach my $key (keys %ipsecconf){ + if ($ipsecconf{$key}[11] ne ''){ + #$errormessage="DRIN!"; + #return $errormessage; + + my ($ipsecip,$ipsecsub) = split (///, $ipsecconf{$key}[11]); + $ipsecsub=&iporsubtodec($ipsecsub); + + if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){ + $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[2]"; + return $errormessage; + } + } + } + + + #check if we use one of ipfire's networks (green,orange,blue) + my %ownnet=(); + &readhash("${General::swroot}/ethernet/settings", %ownnet); + if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;} + if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;} + if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;} + if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;} + + + +} + + sub validport { $_ = $_[0]; diff --git a/doc/language_issues.es b/doc/language_issues.es index 3cd95a8..eca067d 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -514,6 +514,7 @@ WARNING: untranslated string: ccd err inuse WARNING: untranslated string: ccd err invalidname WARNING: untranslated string: ccd err invalidnet WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet WARNING: untranslated string: ccd err isovpnnet WARNING: untranslated string: ccd err issubnet WARNING: untranslated string: ccd err name diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 406c422..91beb6f 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -513,6 +513,7 @@ WARNING: untranslated string: ccd err inuse WARNING: untranslated string: ccd err invalidname WARNING: untranslated string: ccd err invalidnet WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet WARNING: untranslated string: ccd err isovpnnet WARNING: untranslated string: ccd err issubnet WARNING: untranslated string: ccd err name diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 3cd95a8..eca067d 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -514,6 +514,7 @@ WARNING: untranslated string: ccd err inuse WARNING: untranslated string: ccd err invalidname WARNING: untranslated string: ccd err invalidnet WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet WARNING: untranslated string: ccd err isovpnnet WARNING: untranslated string: ccd err issubnet WARNING: untranslated string: ccd err name diff --git a/doc/language_issues.ru b/doc/language_issues.ru index a6efe4d..e36449a 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -505,6 +505,7 @@ WARNING: untranslated string: ccd err inuse WARNING: untranslated string: ccd err invalidname WARNING: untranslated string: ccd err invalidnet WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet WARNING: untranslated string: ccd err isovpnnet WARNING: untranslated string: ccd err issubnet WARNING: untranslated string: ccd err name diff --git a/doc/language_missings b/doc/language_missings index 9b7400e..83fbf90 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -26,6 +26,7 @@ < ccd err invalidnet < ccd err iroute < ccd err irouteexist +< ccd err isipsecnet < ccd err isovpnnet < ccd err issubnet < ccd err name @@ -147,6 +148,7 @@ < ccd err invalidnet < ccd err iroute < ccd err irouteexist +< ccd err isipsecnet < ccd err isovpnnet < ccd err issubnet < ccd err name @@ -259,6 +261,7 @@ < ccd err invalidnet < ccd err iroute < ccd err irouteexist +< ccd err isipsecnet < ccd err isovpnnet < ccd err issubnet < ccd err name @@ -348,6 +351,7 @@ < ccd err invalidnet < ccd err iroute < ccd err irouteexist +< ccd err isipsecnet < ccd err isovpnnet < ccd err issubnet < ccd err name diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 3c090b0..cd13a14 100755 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -64,6 +64,10 @@ my $warnmessage = ''; my $errormessage = ''; my %settings=(); my $routes_push_file = ''; +my $confighost="${General::swroot}/fwhosts/customhosts"; +my $configgrp="${General::swroot}/fwhosts/customgroups"; +my $customnet="${General::swroot}/fwhosts/customnetworks"; +my $name; &General::readhash("${General::swroot}/ethernet/settings", %netsettings); $cgiparams{'ENABLED'} = 'off'; $cgiparams{'ENABLED_BLUE'} = 'off'; @@ -493,7 +497,6 @@ sub addccdnet my @ccdconf=(); my $ccdname=$_[0]; my $ccdnet=$_[1]; - my $ovpnsubnet=$_[2]; my $subcidr; my @ip2=(); my $checkup; @@ -528,29 +531,8 @@ sub addccdnet return; } + $errormessage=&General::checksubnets($ccdname,$ccdnet); - #check if we try to use same network as ovpn server - if (&General::iporsubtocidr($ccdnet) eq &General::iporsubtocidr($ovpnsubnet)) { - $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>"; - } - - #check if we use a name/subnet that already exists - &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); - foreach my $key (keys %ccdconfhash) { - @ccdconf=split(///,$ccdconfhash{$key}[1]); - if ($ccdname eq $ccdconfhash{$key}[0]) {$errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."<br>";} - my ($newip,$newsub) = split(///,$ccdnet); - if (&General::IpInSubnet($newip,$ccdconf[0],&General::iporsubtodec($ccdconf[1]))) {$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";} - - } - #check if we use one of ipfire's networks (green,orange,blue) - my %ownnet=(); - &General::readhash("${General::swroot}/ethernet/settings", %ownnet); - if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err green'};} - if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err orange'};} - if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err blue'};} - if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'RED_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err red'};} - if (!$errormessage) { my %ccdconfhash=(); @@ -631,7 +613,7 @@ sub getccdadresses my %ccdhash=(); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ccdhash); $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2; - for (my $i=0;$i<=$count-1;$i++) { + for (my $i=1;$i<=$count;$i++) { my $tmpip=$iprange[$i-1]; my $stepper=$i*4; $iprange[$i]= &General::getnextip($tmpip,4); @@ -2584,7 +2566,7 @@ END } if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) { - &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'},$cgiparams{'DOVPN_SUBNET'}); + &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'}); } if ($errormessage) { &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); @@ -2651,7 +2633,7 @@ END &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); my @ccdconf=(); my $count=0; - foreach my $key (keys %ccdconfhash) { + foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) { @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); $count++; my $ccdhosts = &hostsinnet($ccdconf[0]); @@ -3295,7 +3277,7 @@ if ($confighash{$cgiparams{'KEY'}}) { $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32]; - my $name=$cgiparams{'CHECK1'} ; + $name=$cgiparams{'CHECK1'} ; $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33]; $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34]; $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35]; @@ -3979,7 +3961,7 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[30] = $cgiparams{'COMPLZO'}; $confighash{$key}[31] = $cgiparams{'MTU'}; $confighash{$key}[32] = $cgiparams{'CHECK1'}; - my $name=$cgiparams{'CHECK1'}; + $name=$cgiparams{'CHECK1'}; $confighash{$key}[33] = $cgiparams{$name}; $confighash{$key}[34] = $cgiparams{'RG'}; $confighash{$key}[35] = $cgiparams{'CCD_DNS1'}; @@ -3994,7 +3976,9 @@ if ($cgiparams{'TYPE'} eq 'net') { my ($ccdip,$ccdsub)=split "/",$cgiparams{$name}; my ($a,$b,$c,$d) = split (/./,$ccdip); - if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";} + if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){ + unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}"; + } open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!"; print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n"; if($cgiparams{'CHECK1'} eq 'dynamic'){ @@ -4300,7 +4284,7 @@ if ($cgiparams{'TYPE'} eq 'host') { if (! -z "${General::swroot}/ovpn/ccd.conf"){ print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>"; - foreach my $key (keys %ccdconfhash) { + foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) { $count++; @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";} @@ -4466,6 +4450,7 @@ END my $helpblue=0; my $helporange=0; my $other=0; + my $none=0; my @temp=(); our @current = (); @@ -4473,7 +4458,20 @@ END @current = <FILE>; close (FILE); &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); - print"<option>$Lang::tr{'ccd none'}</option>"; + #check for "none" + foreach my $key (keys %ccdroute2hash) { + if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){ + if ($ccdroute2hash{$key}[1] eq ''){ + $none=1; + last; + } + } + } + if ($none ne '1'){ + print"<option>$Lang::tr{'ccd none'}</option>"; + }else{ + print"<option selected>$Lang::tr{'ccd none'}</option>"; + } #check if static routes are defined for client foreach my $line (@current) { chomp($line); diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index f7ab1ea..05e1d85 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -469,6 +469,7 @@ 'ccd err invalidnet' => 'Ungültige IP-Addresse. Format: 192.168.0.0/24 oder 192.168.0.0/255.255.255.0.', 'ccd err iroute' => 'Netzadresse für Route ungültig.', 'ccd err irouteexist' => 'Diese Route wird bereits verwendet.', +'ccd err isipsecnet' => 'Diese Subnetzadresse wird bereits für ein IPsec-Netzwerk verwendet.', 'ccd err isovpnnet' => 'Subnetzadresse wird für bereits für den OpenVPN-Server verwendet!', 'ccd err issubnet' => 'Subnetzadresse wird bereits verwendet.', 'ccd err name' => 'Es muss ein Name angegeben werden.', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 5080559..f0fa2c2 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -488,6 +488,7 @@ 'ccd err invalidnet' => 'Invalid IP address. Format: 192.168.0.0/24 or 192.168.0.0/255.255.255.0.', 'ccd err iroute' => 'Network address for route is invalid.', 'ccd err irouteexist' => 'This route is already in use.', +'ccd err isipsecnet' => 'The given subnet address already used by an IPsec network.', 'ccd err isovpnnet' => 'Subnet address already in use for OpenVPN Server.', 'ccd err issubnet' => 'Subnet address already in use.', 'ccd err name' => 'Please choose a name.',
hooks/post-receive -- IPFire 2.x development tree