* [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 1e499e90d76743efe0c9cf71c75636559f980fe3
@ 2015-04-10 11:33 git
0 siblings, 0 replies; only message in thread
From: git @ 2015-04-10 11:33 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 14017 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via 1e499e90d76743efe0c9cf71c75636559f980fe3 (commit)
via 187590f791bc7b96da5d70469783dae4a5bd00df (commit)
via 831a5ef6ad5bbdc158a5fb40a4db78a7d419f082 (commit)
via 82e454712bc7510c0b03ad87bae1143a3c361274 (commit)
via 323be7c44f30b762655aa621bf5f97d5f19ecb29 (commit)
from 2f3e47a042ced0b90c448840765c22d3fb1f44a6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1e499e90d76743efe0c9cf71c75636559f980fe3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 10 13:32:48 2015 +0200
openvpn: Stop N2N connections before they are removed
commit 187590f791bc7b96da5d70469783dae4a5bd00df
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 10 13:27:32 2015 +0200
openvpn: Move remving files in /var/run to openvpnctrl
commit 831a5ef6ad5bbdc158a5fb40a4db78a7d419f082
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Fri Apr 10 13:16:33 2015 +0200
core89: Update OpenVPN configuration during the update
commit 82e454712bc7510c0b03ad87bae1143a3c361274
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Fri Apr 10 13:13:02 2015 +0200
ovpnmain.cgi: Remove duplicate code to remove a connection
commit 323be7c44f30b762655aa621bf5f97d5f19ecb29
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Fri Apr 10 13:12:14 2015 +0200
ovpnmain.cgi: Fix indentation and code cleanup
No functional change
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/stage2 | 1 +
config/rootfiles/core/89/filelists/files | 1 +
config/rootfiles/core/89/update.sh | 3 +
html/cgi-bin/ovpnmain.cgi | 132 +++++++++++--------------------
src/misc-progs/openvpnctrl.c | 32 +++++---
src/scripts/ovpn-collectd-convert | 26 ++++++
6 files changed, 98 insertions(+), 97 deletions(-)
create mode 100644 src/scripts/ovpn-collectd-convert
Difference in files:
diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index 44f24b4..f506daf 100644
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -124,6 +124,7 @@ usr/local/bin/update-lang-cache
#usr/local/src
#usr/sbin
usr/sbin/ovpn-ccd-convert
+usr/sbin/ovpn-collectd-convert
#usr/share
#usr/share/doc
#usr/share/doc/licenses
diff --git a/config/rootfiles/core/89/filelists/files b/config/rootfiles/core/89/filelists/files
index 2be73d7..70c5f3d 100644
--- a/config/rootfiles/core/89/filelists/files
+++ b/config/rootfiles/core/89/filelists/files
@@ -13,6 +13,7 @@ srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
usr/local/bin/collectdctrl
usr/local/bin/openvpnctrl
+usr/sbin/ovpn-collectd-convert
usr/sbin/setup
var/ipfire/backup/bin/backup.pl
var/ipfire/graphs.pl
diff --git a/config/rootfiles/core/89/update.sh b/config/rootfiles/core/89/update.sh
index bc80709..e15f937 100644
--- a/config/rootfiles/core/89/update.sh
+++ b/config/rootfiles/core/89/update.sh
@@ -66,6 +66,9 @@ rm -f \
/opt/pakfire/db/*/meta-sqlite \
/opt/pakfire/db/rootfiles/sqlite
+# Update OpenVPN/collectd configuration
+/usr/sbin/ovpn-collectd-convert
+
# Fix #10625
mkdir -p /etc/logrotate.d
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 1a29be0..9550ca6 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -1189,6 +1189,9 @@ SETTINGS_ERROR:
my $file = '';
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+ # Kill all N2N connections
+ system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null");
+
foreach my $key (keys %confighash) {
my $name = $confighash{$cgiparams{'$key'}}[1];
@@ -1237,9 +1240,6 @@ SETTINGS_ERROR:
while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
system ("rm -rf $file");
}
- while ($file = glob("/var/run/openvpn/*-n2n")) {
- unlink $file;
- }
# Remove everything from the collectd configuration
&writecollectdconf();
@@ -2343,75 +2343,69 @@ else
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
- &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+ &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- if ($confighash{$cgiparams{'KEY'}}) {
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-# }
-#
- my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+ if ($confighash{$cgiparams{'KEY'}}) {
+ my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
###
# m.a.d net2net
###
-if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
- my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
- my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
- unlink ($certfile);
- unlink ($conffile);
+ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
+ # Stop the N2N connection before it is removed
+ system("/usr/local/bin/openvpnctrl -kn2n $confighash{$cgiparams{'KEY'}}[1] &>/dev/null");
- if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
- rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
- }
+ my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
+ my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+ unlink ($certfile);
+ unlink ($conffile);
- unlink("/var/run/openvpn/$confighash{$cgiparams{'KEY'}}[1]-n2n");
-}
+ if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
+ rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
+ }
+ }
- unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
- unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+ unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+ unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
# A.Marx CCD delete ccd files and routes
-
- if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
- {
- unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
- }
-
- &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
- foreach my $key (keys %ccdroutehash) {
- if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
- delete $ccdroutehash{$key};
+ if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
+ {
+ unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
}
- }
- &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
- &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
- foreach my $key (keys %ccdroute2hash) {
- if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
- delete $ccdroute2hash{$key};
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ foreach my $key (keys %ccdroutehash) {
+ if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+ delete $ccdroutehash{$key};
+ }
}
- }
- &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
- &writeserverconf;
-
+ &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
-# CCD end
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+ foreach my $key (keys %ccdroute2hash) {
+ if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+ delete $ccdroute2hash{$key};
+ }
+ }
+ &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+ &writeserverconf;
- delete $confighash{$cgiparams{'KEY'}};
- my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
- &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+# CCD end
+ # Update collectd configuration and delete all RRD files of the removed connection
+ &writecollectdconf();
+ system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
- # Update collectd configuration and delete all RRD files of the removed connection
- &writecollectdconf();
- system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
- } else {
- $errormessage = $Lang::tr{'invalid key'};
- }
+ delete $confighash{$cgiparams{'KEY'}};
+ my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+ &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+ } else {
+ $errormessage = $Lang::tr{'invalid key'};
+ }
&General::firewall_reload();
###
@@ -3084,36 +3078,6 @@ END
}
###
-### Remove connection
-###
-} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
- &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-
- if ($confighash{$cgiparams{'KEY'}}) {
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-# }
- unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
- unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
- delete $confighash{$cgiparams{'KEY'}};
-
- # Delete RRD's for collectd
- system("/usr/local/bin/openvpnctrl", "-drrd", "$confighash{$cgiparams{'KEY'}}[1]", "&>/dev/null");
-
- &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- #&writeserverconf();
- } else {
- $errormessage = $Lang::tr{'invalid key'};
- }
-#test33
-
-###
-### Choose between adding a host-net or net-net connection
-###
-
-###
# m.a.d net2net
###
diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 5d3f8af..bba84ca 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -46,6 +46,18 @@ struct connection_struct {
typedef struct connection_struct connection;
+static int recursive_remove_callback(const char* fpath, const struct stat* sb, int typeflag, struct FTW* ftwbuf) {
+ int rv = remove(fpath);
+ if (rv)
+ perror(fpath);
+
+ return rv;
+}
+
+static int recursive_remove(const char* path) {
+ return nftw(path, recursive_remove_callback, 64, FTW_DEPTH | FTW_PHYS);
+}
+
void exithandler(void)
{
if(kv)
@@ -539,6 +551,7 @@ int startNet2Net(char *name) {
int killNet2Net(char *name) {
connection *conn = NULL;
connection *conn_iter;
+ int rc = 0;
conn_iter = getConnections();
@@ -571,20 +584,13 @@ int killNet2Net(char *name) {
snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile);
executeCommand(command);
- return 0;
-}
-
-
-static int recursive_remove_callback(const char* fpath, const struct stat* sb, int typeflag, struct FTW* ftwbuf) {
- int rv = remove(fpath);
- if (rv)
- perror(fpath);
+ char runfile[STRING_SIZE];
+ snprintf(runfile, STRING_SIZE - 1, "/var/run/openvpn/%s-n2n", conn->name);
+ rc = recursive_remove(runfile);
+ if (rc)
+ perror(runfile);
- return rv;
-}
-
-static int recursive_remove(const char* path) {
- return nftw(path, recursive_remove_callback, 64, FTW_DEPTH | FTW_PHYS);
+ return 0;
}
int deleterrd(char *name) {
diff --git a/src/scripts/ovpn-collectd-convert b/src/scripts/ovpn-collectd-convert
new file mode 100644
index 0000000..59d67b9
--- /dev/null
+++ b/src/scripts/ovpn-collectd-convert
@@ -0,0 +1,26 @@
+#!/usr/bin/perl
+# Converter script for adding existing OpenVPN N2N connections to collectd
+# Used for core update 89
+
+my %ovpnconfig=();
+
+require '/var/ipfire/general-functions.pl';
+
+open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
+print COLLECTDVPN "Loadplugin openvpn\n";
+print COLLECTDVPN "\n";
+print COLLECTDVPN "<Plugin openvpn>\n";
+print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
+
+&General::readhasharray("/var/ipfire/ovpn/ovpnconfig", \%ovpnconfig);
+foreach my $key (keys %ovpnconfig) {
+ if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] eq 'net') {
+ print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ovpnconfig{$key}[1]-n2n\"\n";
+ }
+}
+
+print COLLECTDVPN "</Plugin>\n";
+close(COLLECTDVPN);
+
+# Reload collectd afterwards
+system("/usr/local/bin/collectdctrl restart &>/dev/null");
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-04-10 11:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-04-10 11:33 [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 1e499e90d76743efe0c9cf71c75636559f980fe3 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox