--- smeserver-openvpn-bridge-2.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpnbridge.pm.code_cleanup1 2009-11-17 23:18:32.000000000 +0100 +++ smeserver-openvpn-bridge-2.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpnbridge.pm 2009-11-18 08:48:37.000000000 +0100 @@ -24,9 +24,9 @@ download_file print_custom_button print_section_bar - write_pem - read_pem - disconnect_client + write_pem + read_pem + disconnect_client ); our $config_db = esmith::ConfigDB->open || die "Couldn't open ConfigDB\n"; @@ -47,43 +47,43 @@ # Retourne le paramètre demandé sub get_prop{ - my ($fm, $prop, $default) = @_; - return $config_db->get_prop("openvpn-bridge", $prop) || $default; + my ($fm, $prop, $default) = @_; + return $config_db->get_prop("openvpn-bridge", $prop) || $default; } # Retourne l'état du service sub get_status{ - my ($fm) = @_; - my $status = get_prop('','status','disabled'); - if ($status eq 'enabled'){ - return $fm->localise('ENABLED'); - } - else{ - return $fm->localise('DISABLED'); - } + my ($fm) = @_; + my $status = get_prop('','status','disabled'); + if ($status eq 'enabled'){ + return $fm->localise('ENABLED'); + } + else{ + return $fm->localise('DISABLED'); + } } # Retourne le mode d'authentification sub get_auth_type{ - my ($fm) = @_; - my $auth_type = get_prop('','userAuth'); - if ($auth_type eq 'CrtOnly'){ - return $fm->localise('CRT_ONLY'); - } - elsif ($auth_type eq 'CrtWithPass'){ - return $fm->localise('CRT_WITH_PASS'); - } - else{ - return $fm->localise('BAD_VALUE'); - } + my ($fm) = @_; + my $auth_type = get_prop('','userAuth'); + if ($auth_type eq 'CrtOnly'){ + return $fm->localise('CRT_ONLY'); + } + elsif ($auth_type eq 'CrtWithPass'){ + return $fm->localise('CRT_WITH_PASS'); + } + else{ + return $fm->localise('BAD_VALUE'); + } } # Retourne la plage d'adresses sub get_ip_pool{ - my ($fm) = @_; - my $start = get_prop('','startPool') || "x.x.x.x"; - my $end = get_prop('','endPool') || "x.x.x.x"; - return "$start - $end"; + my ($fm) = @_; + my $start = get_prop('','startPool') || "x.x.x.x"; + my $end = get_prop('','endPool') || "x.x.x.x"; + return "$start - $end"; } # Inscrit les valeurs de la configuration dans la db @@ -93,8 +93,8 @@ $config_db->set_prop('openvpn-bridge', 'status', $q->param("status")); $config_db->set_prop('openvpn-bridge', 'userAuth', $q->param("auth_type")); - $config_db->set_prop('openvpn-bridge', 'startPool', $q->param("start_pool")); - $config_db->set_prop('openvpn-bridge', 'endPool', $q->param("end_pool")); + $config_db->set_prop('openvpn-bridge', 'startPool', $q->param("start_pool")); + $config_db->set_prop('openvpn-bridge', 'endPool', $q->param("end_pool")); unless ( system ("/sbin/e-smith/signal-event", "openvpn-bridge-update") == 0 ){ return $fm->error('ERROR_OCCURED', 'FIRST');; @@ -105,7 +105,7 @@ # Affiche les connexions en cours sub print_clients_table{ - my $fm = shift; + my $fm = shift; my $q = $fm->{cgi}; my $common_name = $fm->localise('COMMON_NAME'); my $real_ip = $fm->localise('REAL_IP'); @@ -113,12 +113,12 @@ my $sent = $fm->localise('SENT'); my $received = $fm->localise('RECEIVED'); my $connected_since = $fm->localise('CONNECTED_SINCE'); - my $disconnect = $fm->localise('DISCONNECT'); - - # On récupère les paramètre et on les parse - my $param = get_prop('',"management"); - my @param = split(/:/,$param); - my $host = $param[0]; + my $disconnect = $fm->localise('DISCONNECT'); + + # On récupère les paramètre et on les parse + my $param = get_prop('',"management"); + my @param = split(/:/,$param); + my $host = $param[0]; my $port = $param[1]; my $pass = $param[2]; @@ -127,17 +127,17 @@ host => $host, port => $port, password => $pass, - timeout => 3 + timeout => 3 }); - # On se connecte ou on retourne le message d'erreur - unless($vpn->connect()){ - print $q->Tr($q->td($fm->localise('ERROR_CONNECT_TO_MANAGER'))); - return ""; - } + # On se connecte ou on retourne le message d'erreur + unless($vpn->connect()){ + print $q->Tr($q->td($fm->localise('ERROR_CONNECT_TO_MANAGER'))); + return ""; + } my $r = $vpn->status_ref(); - - my %virtIP; + + my %virtIP; my %realIP; my %remotePort; my %sentBytes; @@ -148,167 +148,158 @@ foreach( @{$r->{CLIENT_LIST}} ){ my $CN = $$_[0]; - unshift (@commonNames,$CN); - $virtIP{$_} = $$_[1]; - my @ipPort = split (/:/,$$_[1]); - $realIP{$CN} = $ipPort[0]; - $remotePort{$CN} = $ipPort[1]; - $virtIP{$CN} = $$_[2]; - $receivedBytes{$CN} = $$_[3]/1048576; - $receivedBytes{$CN} = sprintf("%.2f", $receivedBytes{$CN}); - $sentBytes{$CN} = $$_[4]/1048576; - $sentBytes{$CN} = sprintf("%.2f", $sentBytes{$CN}); - $connectedSince{$CN} = $$_[5]; - } - - # Si @commonName est vide, il n'y a aucun client connecté - unless ( scalar @commonNames ){ - print $q->Tr($q->td($fm->localise('NO_CLIENTS_CONNECTED'))); - return ""; + unshift (@commonNames,$CN); + $virtIP{$_} = $$_[1]; + my @ipPort = split (/:/,$$_[1]); + $realIP{$CN} = $ipPort[0]; + $remotePort{$CN} = $ipPort[1]; + $virtIP{$CN} = $$_[2]; + $receivedBytes{$CN} = $$_[3]/1048576; + $receivedBytes{$CN} = sprintf("%.2f", $receivedBytes{$CN}); + $sentBytes{$CN} = $$_[4]/1048576; + $sentBytes{$CN} = sprintf("%.2f", $sentBytes{$CN}); + $connectedSince{$CN} = $$_[5]; + } + + # Si @commonName est vide, il n'y a aucun client connecté + unless ( scalar @commonNames ){ + print $q->Tr($q->td($fm->localise('NO_CLIENTS_CONNECTED'))); + return ""; } - print $q->start_table({-CLASS => "sme-border"}),"\n"; + print $q->start_table({-CLASS => "sme-border"}),"\n"; print $q->Tr ( - esmith::cgi::genSmallCell($q, $common_name,"header"), - esmith::cgi::genSmallCell($q, $real_ip,"header"), - esmith::cgi::genSmallCell($q, $virtual_ip,"header"), - esmith::cgi::genSmallCell($q, $sent,"header"), - esmith::cgi::genSmallCell($q, $received,"header"), - esmith::cgi::genSmallCell($q, $connected_since,"header"), - esmith::cgi::genSmallCell($q, $disconnect,"header", 3)),"\n"; + esmith::cgi::genSmallCell($q, $common_name,"header"), + esmith::cgi::genSmallCell($q, $real_ip,"header"), + esmith::cgi::genSmallCell($q, $virtual_ip,"header"), + esmith::cgi::genSmallCell($q, $sent,"header"), + esmith::cgi::genSmallCell($q, $received,"header"), + esmith::cgi::genSmallCell($q, $connected_since,"header"), + esmith::cgi::genSmallCell($q, $disconnect,"header", 3)),"\n"; + + foreach my $cn (@commonNames){ + print $q->Tr (esmith::cgi::genSmallCell($q,"$cn"), + esmith::cgi::genSmallCell($q,"$realIP{$cn} ($remotePort{$cn})"), + esmith::cgi::genSmallCell ($q, "$virtIP{$cn}"), + esmith::cgi::genSmallCell ($q, "$sentBytes{$cn}".' MB'), + esmith::cgi::genSmallCell ($q, "$receivedBytes{$cn}".' MB'), + esmith::cgi::genSmallCell ($q, "$connectedSince{$cn}"), + esmith::cgi::genSmallCell ($q, $q->a ({href => $q->url (-absolute => 1). + $base_url."CLIENT_DISCONNECT_PAGE&common_name=". + $cn}, $disconnect))); - foreach my $cn (@commonNames){ - print $q->Tr (esmith::cgi::genSmallCell($q,"$cn"), - esmith::cgi::genSmallCell($q,"$realIP{$cn} ($remotePort{$cn})"), - esmith::cgi::genSmallCell ($q, "$virtIP{$cn}"), - esmith::cgi::genSmallCell ($q, "$sentBytes{$cn}".' MB'), - esmith::cgi::genSmallCell ($q, "$receivedBytes{$cn}".' MB'), - esmith::cgi::genSmallCell ($q, "$connectedSince{$cn}"), - esmith::cgi::genSmallCell ($q, $q->a ({href => $q->url (-absolute => 1). - $base_url."CLIENT_DISCONNECT_PAGE&common_name=". - $cn}, $disconnect))); - - } - print $q->end_table,"\n"; - return ""; + } + print $q->end_table,"\n"; + return ""; } # Retourne la liste des règles sub print_rules{ - my $fm = shift; - my $q = $fm->{cgi}; - - my @rules = $rules_db->get_all_by_prop(type => 'rule'); - - unless (@rules){ + my $fm = shift; + my $q = $fm->{cgi}; + + my @rules = $rules_db->get_all_by_prop(type => 'rule'); + + unless (@rules){ print $q->Tr($q->td($fm->localise('NO_RULE'))); return ""; } - - print $q->start_table({-CLASS => "sme-border"}),"\n"; - print $q->Tr ( - esmith::cgi::genSmallCell( - $q, $fm->localise('COMMON_NAME'),"header" - ), - esmith::cgi::genSmallCell( - $q, $fm->localise('IP_ADDRESS'),"header" - ), - esmith::cgi::genSmallCell( - $q, $fm->localise('COMMENT'),"header" - ), - esmith::cgi::genSmallCell( - $q, $fm->localise('GATEWAY_REDIRECTION'),"header" - ), - esmith::cgi::genSmallCell( - $q, $fm->localise('ACCESS'),"header" - ), - esmith::cgi::genSmallCell( - $q, $fm->localise('MODIFY'),"header" - ), + + print $q->start_table({-CLASS => "sme-border"}),"\n"; + print $q->Tr ( esmith::cgi::genSmallCell( - $q, $fm->localise('REMOVE'),"header" - ) + $q, $fm->localise('COMMON_NAME'),"header"), + esmith::cgi::genSmallCell( + $q, $fm->localise('IP_ADDRESS'),"header"), + esmith::cgi::genSmallCell( + $q, $fm->localise('COMMENT'),"header"), + esmith::cgi::genSmallCell( + $q, $fm->localise('GATEWAY_REDIRECTION'),"header"), + esmith::cgi::genSmallCell( + $q, $fm->localise('ACCESS'),"header"), + esmith::cgi::genSmallCell( + $q, $fm->localise('MODIFY'),"header"), + esmith::cgi::genSmallCell( + $q, $fm->localise('REMOVE'),"header") ),"\n"; - foreach (@rules){ + foreach (@rules){ - my $rule = $_->key; - my $rec_rule = $rules_db->get("$rule"); + my $rule = $_->key; + my $rec_rule = $rules_db->get("$rule"); - my $ip = $rec_rule->prop("ip") || $fm->localise('DYNAMIC'); - my $gw = $rec_rule->prop("redirectGW") || 'disabled'; - my $access = $rec_rule->prop("access") || 'allowed'; - $gw = ( $gw eq 'enabled') - ? $fm->localise('ENABLED') - : $fm->localise('DISABLED'); - $access = ( $access eq 'allowed') - ? $fm->localise('ALLOWED') - : $fm->localise('DENIED'); - print $q->Tr (esmith::cgi::genSmallCell($q,"$rule"), - esmith::cgi::genSmallCell($q,"$ip"), - esmith::cgi::genSmallCell($q,$rec_rule->prop("comment")), - esmith::cgi::genSmallCell($q,$gw), - esmith::cgi::genSmallCell($q,$access), + my $ip = $rec_rule->prop("ip") || $fm->localise('DYNAMIC'); + my $gw = $rec_rule->prop("redirectGW") || 'disabled'; + my $access = $rec_rule->prop("access") || 'allowed'; + $gw = ( $gw eq 'enabled') + ? $fm->localise('ENABLED') + : $fm->localise('DISABLED'); + $access = ( $access eq 'allowed') + ? $fm->localise('ALLOWED') + : $fm->localise('DENIED'); + print $q->Tr (esmith::cgi::genSmallCell($q,"$rule"), + esmith::cgi::genSmallCell($q,"$ip"), + esmith::cgi::genSmallCell($q,$rec_rule->prop("comment")), + esmith::cgi::genSmallCell($q,$gw), + esmith::cgi::genSmallCell($q,$access), esmith::cgi::genSmallCell ($q, - $q->a ({href => $q->url (-absolute => 1). - $base_url."CREATE_OR_MODIFY_RULE_PAGE&action=modify&common_name=".$rule}, $fm->localise('MODIFY'))), + $q->a ({href => $q->url (-absolute => 1). + $base_url."CREATE_OR_MODIFY_RULE_PAGE&action=modify&common_name=".$rule}, $fm->localise('MODIFY'))), esmith::cgi::genSmallCell ($q, - $q->a ({href => $q->url (-absolute => 1). - $base_url."REMOVE_RULE_PAGE&common_name=".$rule}, $fm->localise('REMOVE')))); + $q->a ({href => $q->url (-absolute => 1). + $base_url."REMOVE_RULE_PAGE&common_name=".$rule}, $fm->localise('REMOVE')))); } - print $q->end_table,"\n"; - return ""; + print $q->end_table,"\n"; + return ""; } # Ajouter ou modifier une règle sub create_or_modify_rule{ - my ($fm) = @_; - my $q = $fm->{cgi}; - my $rule = $q->param('common_name'); - my $comment = $q->param('comment'); - my $ip = $q->param('reserved_ip'); - my $gw_redirection = $q->param('gw_redirection'); - my $access = $q->param('access'); - my $action = $q->param('action'); - - if ($action eq 'create'){ - if ($rules_db->get($rule)){ - $fm->error('CN_CONFLICT','RULES_PAGE'); - return undef; - } - my $msg = $fm->validate_common_name($rule); - unless ($msg eq "OK"){ - return $fm->error($msg,'RULES_PAGE'); - } - else{ - $rules_db->new_record( - $rule, - { - comment => $comment, - ip => $ip, - redirectGW => $gw_redirection, - access => $access, - type => 'rule', - } - ); - } - - $fm->success('SUCCESS','RULES_PAGE'); - } - elsif ($action eq 'modify'){ - my $rec_rule = $rules_db->get($rule); - $rec_rule->set_prop('comment',$comment); - $rec_rule->set_prop('ip',$ip); - $rec_rule->set_prop('redirectGW',$gw_redirection); - $rec_rule->set_prop('access',$access); - } - unless ( system ("/sbin/e-smith/signal-event", "openvpn-bridge-reload-ccd") == 0 ){ - $fm->error('ERROR_OCCURED','RULES_PAGE'); - return undef; + my ($fm) = @_; + my $q = $fm->{cgi}; + my $rule = $q->param('common_name'); + my $comment = $q->param('comment'); + my $ip = $q->param('reserved_ip'); + my $gw_redirection = $q->param('gw_redirection'); + my $access = $q->param('access'); + my $action = $q->param('action'); + + if ($action eq 'create'){ + if ($rules_db->get($rule)){ + $fm->error('CN_CONFLICT','RULES_PAGE'); + return undef; + } + my $msg = $fm->validate_common_name($rule); + unless ($msg eq "OK"){ + return $fm->error($msg,'RULES_PAGE'); + } + else{ + $rules_db->new_record( + $rule,{ + comment => $comment, + ip => $ip, + redirectGW => $gw_redirection, + access => $access, + type => 'rule', + } + ); + } + + $fm->success('SUCCESS','RULES_PAGE'); } - $fm->success('SUCCESS','RULES_PAGE'); - + elsif ($action eq 'modify'){ + my $rec_rule = $rules_db->get($rule); + $rec_rule->set_prop('comment',$comment); + $rec_rule->set_prop('ip',$ip); + $rec_rule->set_prop('redirectGW',$gw_redirection); + $rec_rule->set_prop('access',$access); + } + unless ( system ("/sbin/e-smith/signal-event", "openvpn-bridge-reload-ccd") == 0 ){ + $fm->error('ERROR_OCCURED','RULES_PAGE'); + return undef; + } + $fm->success('SUCCESS','RULES_PAGE'); } # Afficher le champ Nom Commun @@ -317,9 +308,9 @@ my $q = $fm->{cgi}; my $rule = $fm->{cgi}->param('common_name') || ''; my $action = $fm->{cgi}->param('action') || ''; - print qq() . $fm->localise('DESC_COMMON_NAME').qq(); + print qq() . $fm->localise('DESC_COMMON_NAME').qq(); print qq() . - $fm->localise('COMMON_NAME') . qq(\n); + $fm->localise('COMMON_NAME') . qq(\n); if ($action eq 'modify' and $rule) { print qq( $rule @@ -339,7 +330,8 @@ $q->param(-name=>'access',-value=> $rec_rule->prop('access')); } - } else { + } + else { print qq( @@ -349,35 +341,34 @@ print qq(\n); return undef; - } sub print_rule_to_remove{ - my ($fm) = @_; - my $q = $fm->{cgi}; - my $rule = $q->param('common_name'); - my $rec_rule = $rules_db->get($rule); - my $comment = $rec_rule->prop('comment'); - - print $q->Tr( - $q->td( - { -class => 'sme-noborders-label' }, - $fm->localise('COMMON_NAME') - ), - $q->td( { -class => 'sme-noborders-content' }, $rule ) - ), - "\n"; + my ($fm) = @_; + my $q = $fm->{cgi}; + my $rule = $q->param('common_name'); + my $rec_rule = $rules_db->get($rule); + my $comment = $rec_rule->prop('comment'); + print $q->Tr( - $q->td( - { -class => 'sme-noborders-label' }, - $fm->localise('COMMENT') - ), - $q->td( { -class => 'sme-noborders-content' }, $comment ) - ), - "\n"; - - print $q->table( + $q->td( + { -class => 'sme-noborders-label' }, + $fm->localise('COMMON_NAME') + ), + $q->td( { -class => 'sme-noborders-content' }, $rule ) + ), + "\n"; + print $q->Tr( + $q->td( + { -class => 'sme-noborders-label' }, + $fm->localise('COMMENT') + ), + $q->td( { -class => 'sme-noborders-content' }, $comment ) + ), + "\n"; + + print $q->table( { -width => '100%' }, $q->Tr( $q->th( @@ -404,37 +395,37 @@ } sub print_client_to_disconnect{ - my ($fm) = @_; - my $q = $fm->{cgi}; - my $cn = $q->param('common_name'); - - print $q->Tr( - $q->td( - { -class => 'sme-noborders-label' }, - $fm->localise('COMMON_NAME') - ), - $q->td( { -class => 'sme-noborders-content' }, $cn ) - ), - "\n"; - - print $q->table( - { -width => '100%' }, - $q->Tr( - $q->th( - { -class => 'sme-layout' }, - $q->submit( - -name => 'cancel', - -value => $fm->localise('CANCEL') - ), - ' ', - $q->submit( - -name => 'disconnect', - -value => $fm->localise('DISCONNECT') - ) - ) - ) - ), - "\n"; + my ($fm) = @_; + my $q = $fm->{cgi}; + my $cn = $q->param('common_name'); + + print $q->Tr( + $q->td( + { -class => 'sme-noborders-label' }, + $fm->localise('COMMON_NAME') + ), + $q->td( { -class => 'sme-noborders-content' }, $cn ) + ), + "\n"; + + print $q->table( + { -width => '100%' }, + $q->Tr( + $q->th( + { -class => 'sme-layout' }, + $q->submit( + -name => 'cancel', + -value => $fm->localise('CANCEL') + ), + ' ', + $q->submit( + -name => 'disconnect', + -value => $fm->localise('DISCONNECT') + ) + ) + ) + ), + "\n"; # Clear these values to prevent collisions when the page reloads. $q->delete("cancel"); @@ -444,301 +435,297 @@ } sub disconnect_client{ - my ($fm) = @_; - my $q = $fm->{cgi}; - my $cn = $q->param('common_name'); - # On récupère les paramètre et on les parse - my $param = get_prop('',"management"); - my @param = split(/:/,$param); - my $host = $param[0]; + my ($fm) = @_; + my $q = $fm->{cgi}; + my $cn = $q->param('common_name'); + # On récupère les paramètre et on les parse + my $param = get_prop('',"management"); + my @param = split(/:/,$param); + my $host = $param[0]; my $port = $param[1]; my $pass = $param[2]; - my $vpn = Net::OpenVPN::Manage->new({ + my $vpn = Net::OpenVPN::Manage->new({ host => $host, port => $port, password => $pass, - timeout => 3 - }); - unless($q->param('cancel')){ - unless($vpn->connect()){ - $fm->error('ERROR_CONNECT_TO_MANAGER','SHOW_CLIENTS_PAGE'); - return undef; - } - - unless($vpn->kill($cn)){ - $fm->error('ERROR_CONNECT_TO_MANAGER','SHOW_CLIENTS_PAGE'); - return undef; - } - $fm->success('CLIENT_DISCONNECTED','SHOW_CLIENTS_PAGE'); - return undef; - } - $fm->error('CANCELED','SHOW_CLIENTS_PAGE'); - return undef; + timeout => 3 + }); + unless($q->param('cancel')){ + unless($vpn->connect()){ + $fm->error('ERROR_CONNECT_TO_MANAGER','SHOW_CLIENTS_PAGE'); + return undef; + } + unless($vpn->kill($cn)){ + $fm->error('ERROR_CONNECT_TO_MANAGER','SHOW_CLIENTS_PAGE'); + return undef; + } + $fm->success('CLIENT_DISCONNECTED','SHOW_CLIENTS_PAGE'); + return undef; + } + $fm->error('CANCELED','SHOW_CLIENTS_PAGE'); + return undef; } sub print_crt_not_ready_warning{ - my ($fm) = @_; + my ($fm) = @_; - # First, check the service "bridge" is running - my $bridge = $config_db->get_prop('bridge', 'status') || 'disabled'; + # First, check the service "bridge" is running + my $bridge = $config_db->get_prop('bridge', 'status') || 'disabled'; - unless ($bridge eq 'enabled'){ - return $fm->localise('BRIDGE_NOT_ENABLED'); - } - - # If any of the required files is missing or empty - # Warn the user - if ( - (( -z "$pubdir/cacert.pem" ) || ( ! -e "$pubdir/cacert.pem" )) || - (( -z "$pubdir/cert.pem") || ( ! -e "$pubdir/cert.pem" )) || - (( -z "$privdir/key.pem") || ( ! -e "$privdir/key.pem" )) || - (( -z "$pubdir/cacrl.pem") || ( ! -e "$pubdir/cacrl.pem" )) || - (( -z "$pubdir/dh.pem") || ( ! -e "$pubdir/dh.pem" )) - ){ - - return $fm->localise('CRT_CONFIG_ERROR'); - } - return $fm->localise('CRT_CONFIG_OK'); + unless ($bridge eq 'enabled'){ + return $fm->localise('BRIDGE_NOT_ENABLED'); + } + + # If any of the required files is missing or empty + # Warn the user + if ( + (( -z "$pubdir/cacert.pem" ) || ( ! -e "$pubdir/cacert.pem" )) || + (( -z "$pubdir/cert.pem") || ( ! -e "$pubdir/cert.pem" )) || + (( -z "$privdir/key.pem") || ( ! -e "$privdir/key.pem" )) || + (( -z "$pubdir/cacrl.pem") || ( ! -e "$pubdir/cacrl.pem" )) || + (( -z "$pubdir/dh.pem") || ( ! -e "$pubdir/dh.pem" )) + ){ + + return $fm->localise('CRT_CONFIG_ERROR'); + } + return $fm->localise('CRT_CONFIG_OK'); } sub print_client_config{ - my ($fm) = @_; - my $q = $fm->{cgi}; - my $proto = get_prop('','proto','udp'); - $proto = 'tcp-client' if ($proto eq 'tcp'); - my $port = ($proto eq 'udp' ? (get_prop('','UDPPort','1194')):(get_prop('','TCPPort','1194'))); - my $mtutest = get_prop('','mtuTest','enabled'); - my $fragment = get_prop('','fragment',''); - my $tunmtu = get_prop('','tunMtu',''); - my $cipher = get_prop('','cipher',''); - if ($proto eq 'tcp'){ - $mtutest = 'disabled'; - $fragment = ''; - } + my ($fm) = @_; + my $q = $fm->{cgi}; + my $proto = get_prop('','proto','udp'); + $proto = 'tcp-client' if ($proto eq 'tcp'); + my $port = ($proto eq 'udp' ? (get_prop('','UDPPort','1194')):(get_prop('','TCPPort','1194'))); + my $mtutest = get_prop('','mtuTest','enabled'); + my $fragment = get_prop('','fragment',''); + my $tunmtu = get_prop('','tunMtu',''); + my $cipher = get_prop('','cipher',''); + if ($proto eq 'tcp'){ + $mtutest = 'disabled'; + $fragment = ''; + } my $fic = ''; - $fic .= "rport $port\n"; - $fic .= "proto $proto\n"; - $fic .= "dev tap\n"; - $fic .= "nobind\n"; - $fic .= "remote ".$config_db->get('SystemName')->value.".".$config_db->get('DomainName')->value."\n\n"; - $fic .= "tls-client\n"; - $fic .= "tls-auth takey.pem 1\n" - if (( -e "$privdir/takey.pem")&&( !-z "$privdir/takey.pem")); - $fic .= "ns-cert-type server\n\n"; - $fic .= (get_prop('','userAuth','CrtWithPass') eq 'CrtWithPass' ? "auth-user-pass\n\n" : "\n"); - $fic .= "# Replace user.p12 with the certificate\n# bundle in PKCS12 format\n"; - $fic .= "pkcs12 user.p12\n\n"; - $fic .= "# You can replace the pkcs12\n# directive with the old ones\n"; - $fic .= "#ca cacert.pem\n#cert user.pem\n#key user-key.pem\n\n"; - if ($mtutest eq 'enabled'){ - $fic .= "mtu-test\n"; - } - elsif (($mtutest eq 'disabled')){ - if ($tunmtu ne ''){ - $fic .= "tun-mtu $tunmtu\n"; - } - if (($proto eq 'udp') && ($fragment ne '')){ - $fic .= "fragment $fragment\nmssfix\n"; - } - } - $fic .= (get_prop('','compLzo','enabled') eq 'enabled' ? "comp-lzo\n" : ""); - - $fic .= "cipher $cipher\n" if (($cipher ne '') && ($cipher ne 'auto')); - - $fic .= "pull\n"; - - print(esmith::cgi::genTextRow($q, $q->textarea (-name => "config_file", - -override => 1, - -default => $fic, - -rows => 30, - -columns => 60))); + $fic .= "rport $port\n"; + $fic .= "proto $proto\n"; + $fic .= "dev tap\n"; + $fic .= "nobind\n"; + $fic .= "remote ".$config_db->get('SystemName')->value.".".$config_db->get('DomainName')->value."\n\n"; + $fic .= "tls-client\n"; + $fic .= "tls-auth takey.pem 1\n" + if (( -e "$privdir/takey.pem")&&( !-z "$privdir/takey.pem")); + $fic .= "ns-cert-type server\n\n"; + $fic .= (get_prop('','userAuth','CrtWithPass') eq 'CrtWithPass' ? "auth-user-pass\n\n" : "\n"); + $fic .= "# Replace user.p12 with the certificate\n# bundle in PKCS12 format\n"; + $fic .= "pkcs12 user.p12\n\n"; + $fic .= "# You can replace the pkcs12\n# directive with the old ones\n"; + $fic .= "#ca cacert.pem\n#cert user.pem\n#key user-key.pem\n\n"; + if ($mtutest eq 'enabled'){ + $fic .= "mtu-test\n"; + } + elsif (($mtutest eq 'disabled')){ + if ($tunmtu ne ''){ + $fic .= "tun-mtu $tunmtu\n"; + } + if (($proto eq 'udp') && ($fragment ne '')){ + $fic .= "fragment $fragment\nmssfix\n"; + } + } + $fic .= (get_prop('','compLzo','enabled') eq 'enabled' ? "comp-lzo\n" : ""); + $fic .= "cipher $cipher\n" if (($cipher ne '') && ($cipher ne 'auto')); + $fic .= "pull\n"; + + print(esmith::cgi::genTextRow($q, + $q->textarea ( + -name => "config_file", + -override => 1, + -default => $fic, + -rows => 30, + -columns => 60) + ) + ); return ""; } sub remove_rule{ - my ($fm) = @_; - my $q = $fm->{cgi}; - - my $rule = $q->param('common_name'); - - unless($q->param("cancel")){ - unless ($rules_db->get($rule)->delete()){ - $fm->error('ERROR_OCCURED','RULES_PAGE'); - return undef; - } - unless (system ("/sbin/e-smith/signal-event", "openvpn-bridge-reload-ccd") == 0 ){ - $fm->error('ERROR_OCCURED','RULES_PAGE'); - return undef; - } - $fm->success('SUCCESS','RULES_PAGE'); - return undef; + my ($fm) = @_; + my $q = $fm->{cgi}; + my $rule = $q->param('common_name'); + unless($q->param("cancel")){ + unless ($rules_db->get($rule)->delete()){ + $fm->error('ERROR_OCCURED','RULES_PAGE'); + return undef; + } + unless (system ("/sbin/e-smith/signal-event", "openvpn-bridge-reload-ccd") == 0 ){ + $fm->error('ERROR_OCCURED','RULES_PAGE'); + return undef; + } + $fm->success('SUCCESS','RULES_PAGE'); + return undef; } - $fm->error('CANCELED','RULES_PAGE'); - return undef; + $fm->error('CANCELED','RULES_PAGE'); + return undef; } sub print_custom_button{ - my ($fm,$desc,$url) = @_; - my $q = $fm->{cgi}; - $url="openvpnbridge?page=0&page_stack=&Next=Next&wherenext=".$url; - - print " \n \n"; + my ($fm,$desc,$url) = @_; + my $q = $fm->{cgi}; + $url="openvpnbridge?page=0&page_stack=&Next=Next&wherenext=".$url; + + print " \n \n"; print $q->p($q->a({href => $url, -class => "button-like"}, - $fm->localise($desc))); + $fm->localise($desc))); print qq(\n); return undef; } sub print_section_bar{ - my ($fm) = @_; - print " \n \n"; - print "
\n"; - return undef; + my ($fm) = @_; + print " \n \n"; + print "
\n"; + return undef; } sub read_pem{ - my ($fm,$pem) = @_; - my $q = $fm->{cgi}; - my $dir = ''; - my $ret; - if (($pem eq 'cacert.pem') || ($pem eq 'cert.pem') || ($pem eq 'dh.pem')){ - $dir = $pubdir; - } - elsif (($pem eq 'key.pem') || ($pem eq 'takey.pem')){ - $dir = $privdir; - } - - if (! open (PEM, "<$dir/$pem")){ - $fm->error('ERROR_OPEN_PEM','FIRST'); - # Tell the user something bad has happened - return; + my ($fm,$pem) = @_; + my $q = $fm->{cgi}; + my $dir = ''; + my $ret; + if (($pem eq 'cacert.pem') || ($pem eq 'cert.pem') || ($pem eq 'dh.pem')){ + $dir = $pubdir; + } + elsif (($pem eq 'key.pem') || ($pem eq 'takey.pem')){ + $dir = $privdir; } - while (){ - $ret .= $_; - } + if (! open (PEM, "<$dir/$pem")){ + $fm->error('ERROR_OPEN_PEM','FIRST'); + # Tell the user something bad has happened + return; + } + while (){ + $ret .= $_; + } + close PEM; - close PEM; - - return $ret; + return $ret; } sub write_pem{ - my ($fm) = @_; - my $q = $fm->{cgi}; + my ($fm) = @_; + my $q = $fm->{cgi}; - my $ca = $q->param('ca_pem'); - my $crt = $q->param('crt_pem'); - my $key = $q->param('key_pem'); - my $dh = $q->param('dhpar_pem'); - my $ta = $q->param('ta_pem'); - - $config_db->set_prop('openvpn-bridge', 'CrlUrl', $q->param('crl_url')); - - if (! open (CA, ">$pubdir/cacert.pem")){ - $fm->error('ERROR_OPEN_CA','FIRST'); - # Tell the user something bad has happened + my $ca = $q->param('ca_pem'); + my $crt = $q->param('crt_pem'); + my $key = $q->param('key_pem'); + my $dh = $q->param('dhpar_pem'); + my $ta = $q->param('ta_pem'); + + $config_db->set_prop('openvpn-bridge', 'CrlUrl', $q->param('crl_url')); + + if (! open (CA, ">$pubdir/cacert.pem")){ + $fm->error('ERROR_OPEN_CA','FIRST'); + # Tell the user something bad has happened return; - } - print CA $ca; - close CA; - - if (! open (CRT, ">$pubdir/cert.pem")){ - $fm->error('ERROR_OPEN_CRT','FIRST'); - # Tell the user something bad has happened + } + print CA $ca; + close CA; + + if (! open (CRT, ">$pubdir/cert.pem")){ + $fm->error('ERROR_OPEN_CRT','FIRST'); + # Tell the user something bad has happened return; - } - print CRT $crt; - close CRT; - - if (! open (KEY, ">$privdir/key.pem")){ - $fm->error('ERROR_OPEN_KEY','FIRST'); - # Tell the user something bad has happened + } + print CRT $crt; + close CRT; + + if (! open (KEY, ">$privdir/key.pem")){ + $fm->error('ERROR_OPEN_KEY','FIRST'); + # Tell the user something bad has happened return; - } - print KEY $key; - close KEY; - - if (! open (DH, ">$pubdir/dh.pem")){ - $fm->error('ERROR_OPEN_DH','FIRST'); - # Tell the user something bad has happened + } + print KEY $key; + close KEY; + + if (! open (DH, ">$pubdir/dh.pem")){ + $fm->error('ERROR_OPEN_DH','FIRST'); + # Tell the user something bad has happened return; - } - print DH $dh; - close DH; - - if (! open (TA, ">$privdir/takey.pem")){ - $fm->error('ERROR_OPEN_TA','FIRST'); - # Tell the user something bad has happened + } + print DH $dh; + close DH; + + if (! open (TA, ">$privdir/takey.pem")){ + $fm->error('ERROR_OPEN_TA','FIRST'); + # Tell the user something bad has happened return; - } - print TA $ta; - close TA; - - # Restrict permissions on sensitive data - esmith::util::chownFile("root", "root","$privdir"); - esmith::util::chownFile("root", "root","$pubdir"); - chmod 0700, "$privdir"; - chmod 0755, "$pubdir"; - - unless(system("/sbin/e-smith/signal-event openvpn-bridge-update") == 0){ - $fm->error('ERROR_OCCURED','RULES_PAGE'); - return undef; - } - $fm->success('SUCCESS','FIRST'); - return undef; + } + print TA $ta; + close TA; + + # Restrict permissions on sensitive data + esmith::util::chownFile("root", "root","$privdir"); + esmith::util::chownFile("root", "root","$pubdir"); + chmod 0700, "$privdir"; + chmod 0755, "$pubdir"; + + unless(system("/sbin/e-smith/signal-event openvpn-bridge-update") == 0){ + $fm->error('ERROR_OCCURED','RULES_PAGE'); + return undef; + } + $fm->success('SUCCESS','FIRST'); + return undef; } # Validations sub is_ip{ - my ($fm,$ip) = @_; - return CGI::FormMagick::Validator::ip_number($fm, $ip); + my ($fm,$ip) = @_; + return CGI::FormMagick::Validator::ip_number($fm, $ip); } sub ip_is_in_local_net { my ($fm,$ip) = @_; - + unless(is_ip($fm, $ip) eq 'OK'){ - return $fm->localise('NOT_A_VALID_IP',{ip => $ip}); + return $fm->localise('NOT_A_VALID_IP',{ip => $ip}); } - + my $local_ip = $config_db->get('LocalIP')->value(); my $local_netmask = $config_db->get('LocalNetmask')->value; my ($local_network, $local_broadcast) = - esmith::util::computeNetworkAndBroadcast( $local_ip, $local_netmask ); - + esmith::util::computeNetworkAndBroadcast( $local_ip, $local_netmask ); + my ($ip_network,$ip_broadcast) = - esmith::util::computeNetworkAndBroadcast($ip, $local_netmask); - - if ($ip_network ne $local_network){ + esmith::util::computeNetworkAndBroadcast($ip, $local_netmask); - return $fm->localise('NOT_IN_LOCAL_NET',{ip => $ip}); + if ($ip_network ne $local_network){ + return $fm->localise('NOT_IN_LOCAL_NET',{ip => $ip}); } return "OK"; } sub ip_is_in_local_net_or_blank { - my ($fm,$ip) = @_; - - if ($ip eq ''){ - return 'OK'; - } - return ip_is_in_local_net ($fm,$ip); + my ($fm,$ip) = @_; + + if ($ip eq ''){ + return 'OK'; + } + return ip_is_in_local_net ($fm,$ip); } sub end_is_after_start{ - my ($fm,$end) = @_; - my $start = $fm->{cgi}->param('start_pool'); - my $start_ip = new Net::IP($start); - my $end_ip = new Net::IP($end); - unless ($end_ip->bincomp('gt',$start_ip)){ - return $fm->localise('START_AFTER_END'); - } - return 'OK'; + my ($fm,$end) = @_; + my $start = $fm->{cgi}->param('start_pool'); + my $start_ip = new Net::IP($start); + my $end_ip = new Net::IP($end); + unless ($end_ip->bincomp('gt',$start_ip)){ + return $fm->localise('START_AFTER_END'); + } + return 'OK'; } sub not_in_dhcp_range @@ -754,19 +741,18 @@ && esmith::util::IPquadToAddr($address) <= esmith::util::IPquadToAddr($end)){ - return $fm->localise("ADDR_IN_DHCP_RANGE",{ip => $address}); - } - else{ + return $fm->localise("ADDR_IN_DHCP_RANGE",{ip => $address}); + } + else{ return "OK"; - } + } } sub validate_common_name { my ($fm, $common_name) = @_; - unless ($common_name =~ /^([a-zA-Z0-9][\_\.\-a-zA-Z0-9]*)$/) - { + unless ($common_name =~ /^([a-zA-Z0-9][\_\.\-a-zA-Z0-9]*)$/){ return $fm->localise('INVALID_CHARS',{string => $common_name}); } return "OK"; @@ -777,10 +763,9 @@ my ($fm, $url) = @_; unless ($url =~ /^(http:\/\/)|(https:\/\/)/){ - return $fm->localise('NOT_A_VALID_URL',{string => $url}); - } + return $fm->localise('NOT_A_VALID_URL',{string => $url}); + } return "OK"; - }