From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated.
 6dac44d40c4e1e80c497959f7098158462b033cb
Date: Sun, 03 Mar 2024 10:15:23 +0000
Message-ID: <4Tnd4W6lb1z2xg8@people01.haj.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3117094436947551066=="
List-Id: <ipfire-scm.lists.ipfire.org>

--===============3117094436947551066==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  6dac44d40c4e1e80c497959f7098158462b033cb (commit)
       via  4a0648243b991b00130aca4fcc615e717ddb1003 (commit)
      from  6ea7d8c67e0ea53188d6dc356b9cdbc5bf7b5d97 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6dac44d40c4e1e80c497959f7098158462b033cb
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date:   Thu Feb 22 13:43:39 2024 +0100

    update.sh: Fixes bug#13548 - make key 41 contain no-pass for N2N connecti=
ons
   =20
    - This code ensures that all existing N2N connections have no-pass in key=
 41 in place
       of disabled for some of them.
    - Tested out and confirmed on my vm testbed.
   =20
    Fixes: Bug#13548
    Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
    Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 4a0648243b991b00130aca4fcc615e717ddb1003
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date:   Thu Feb 22 13:43:38 2024 +0100

    ovpnmain.cgi: Fixes bug#13548 - imported N2N client connections get disab=
led instead of no-pass
   =20
    - When bug#11408 was fixed it was missed that key 41 has disabled inserte=
d into it when
       uploading into the N2N client. This replaced the no-pass entry for all=
 N2N connections
       resulting in the ovpnmain.cgi not being able to show the status correc=
tly as the code
       looks for pass or no-pass.
    - The disabled entry has been present for a very long time and is not uti=
lised anywhere
       in the code.
    - This fix ensures that key 41 in the uploaded N2N connection has no-pass=
 entered
    - Tested out and confirmed in my vm testbed.
   =20
    Fixes: Bug#13548
    Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
    Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/core/185/update.sh | 21 +++++++++++++++++++++
 html/cgi-bin/ovpnmain.cgi           |  2 +-
 2 files changed, 22 insertions(+), 1 deletion(-)

Difference in files:
diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/=
update.sh
index 903fe1753..0a3fae638 100644
--- a/config/rootfiles/core/185/update.sh
+++ b/config/rootfiles/core/185/update.sh
@@ -88,6 +88,27 @@ telinit u
 /etc/init.d/unbound restart
 /etc/init.d/ntp start
=20
+## Modify ovpnconfig according to bug 13548 for no-pass entry for N2N client=
 connections
+# Check if ovpnconfig exists and is not empty
+if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
+       # Add blank line at top of ovpnconfig otherwise the first roadwarrior=
 entry is treated like a blank line and missed out from update
+       awk 'NR=3D=3D1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/=
ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
+
+       # Make all N2N connections 'no-pass' since they do not use encryption
+       awk '{FS=3DOFS=3D","} {if($5=3D=3D"net") {$43=3D"no-pass"; print $0}}=
' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+       # Copy all RW connections unchanged to the new ovpnconfig file
+       for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfi=
g); do
+           awk -v var=3D"$y" '{FS=3DOFS=3D","} {if($3=3D=3Dvar) {print $0}}'=
 /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+       done
+fi
+
+# Replace existing ovpnconfig with updated index
+mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
+# Set correct ownership
+chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
+
 # This update needs a reboot...
 #touch /var/run/need_reboot
=20
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 98900b277..c92d0237d 100755
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -3472,7 +3472,7 @@ foreach my $dkey (keys %confighash) {
 	$confighash{$key}[31] =3D $n2ntunmtu[1];
 	$confighash{$key}[39] =3D $n2nauth[1];
 	$confighash{$key}[40] =3D $n2ncipher[1];
-	$confighash{$key}[41] =3D 'disabled';
+	$confighash{$key}[41] =3D 'no-pass';
=20
   &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighas=
h);
=20


hooks/post-receive
--
IPFire 2.x development tree

--===============3117094436947551066==--