--- smeserver-openvpn-bridge-2.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpnbridge.pm.code_cleanup1 2009-11-17 23:18:32.000000000 +0100
+++ smeserver-openvpn-bridge-2.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpnbridge.pm 2009-11-18 08:48:37.000000000 +0100
@@ -24,9 +24,9 @@
download_file
print_custom_button
print_section_bar
- write_pem
- read_pem
- disconnect_client
+ write_pem
+ read_pem
+ disconnect_client
);
our $config_db = esmith::ConfigDB->open || die "Couldn't open ConfigDB\n";
@@ -47,43 +47,43 @@
# Retourne le paramètre demandé
sub get_prop{
- my ($fm, $prop, $default) = @_;
- return $config_db->get_prop("openvpn-bridge", $prop) || $default;
+ my ($fm, $prop, $default) = @_;
+ return $config_db->get_prop("openvpn-bridge", $prop) || $default;
}
# Retourne l'état du service
sub get_status{
- my ($fm) = @_;
- my $status = get_prop('','status','disabled');
- if ($status eq 'enabled'){
- return $fm->localise('ENABLED');
- }
- else{
- return $fm->localise('DISABLED');
- }
+ my ($fm) = @_;
+ my $status = get_prop('','status','disabled');
+ if ($status eq 'enabled'){
+ return $fm->localise('ENABLED');
+ }
+ else{
+ return $fm->localise('DISABLED');
+ }
}
# Retourne le mode d'authentification
sub get_auth_type{
- my ($fm) = @_;
- my $auth_type = get_prop('','userAuth');
- if ($auth_type eq 'CrtOnly'){
- return $fm->localise('CRT_ONLY');
- }
- elsif ($auth_type eq 'CrtWithPass'){
- return $fm->localise('CRT_WITH_PASS');
- }
- else{
- return $fm->localise('BAD_VALUE');
- }
+ my ($fm) = @_;
+ my $auth_type = get_prop('','userAuth');
+ if ($auth_type eq 'CrtOnly'){
+ return $fm->localise('CRT_ONLY');
+ }
+ elsif ($auth_type eq 'CrtWithPass'){
+ return $fm->localise('CRT_WITH_PASS');
+ }
+ else{
+ return $fm->localise('BAD_VALUE');
+ }
}
# Retourne la plage d'adresses
sub get_ip_pool{
- my ($fm) = @_;
- my $start = get_prop('','startPool') || "x.x.x.x";
- my $end = get_prop('','endPool') || "x.x.x.x";
- return "$start - $end";
+ my ($fm) = @_;
+ my $start = get_prop('','startPool') || "x.x.x.x";
+ my $end = get_prop('','endPool') || "x.x.x.x";
+ return "$start - $end";
}
# Inscrit les valeurs de la configuration dans la db
@@ -93,8 +93,8 @@
$config_db->set_prop('openvpn-bridge', 'status', $q->param("status"));
$config_db->set_prop('openvpn-bridge', 'userAuth', $q->param("auth_type"));
- $config_db->set_prop('openvpn-bridge', 'startPool', $q->param("start_pool"));
- $config_db->set_prop('openvpn-bridge', 'endPool', $q->param("end_pool"));
+ $config_db->set_prop('openvpn-bridge', 'startPool', $q->param("start_pool"));
+ $config_db->set_prop('openvpn-bridge', 'endPool', $q->param("end_pool"));
unless ( system ("/sbin/e-smith/signal-event", "openvpn-bridge-update") == 0 ){
return $fm->error('ERROR_OCCURED', 'FIRST');;
@@ -105,7 +105,7 @@
# Affiche les connexions en cours
sub print_clients_table{
- my $fm = shift;
+ my $fm = shift;
my $q = $fm->{cgi};
my $common_name = $fm->localise('COMMON_NAME');
my $real_ip = $fm->localise('REAL_IP');
@@ -113,12 +113,12 @@
my $sent = $fm->localise('SENT');
my $received = $fm->localise('RECEIVED');
my $connected_since = $fm->localise('CONNECTED_SINCE');
- my $disconnect = $fm->localise('DISCONNECT');
-
- # On récupère les paramètre et on les parse
- my $param = get_prop('',"management");
- my @param = split(/:/,$param);
- my $host = $param[0];
+ my $disconnect = $fm->localise('DISCONNECT');
+
+ # On récupère les paramètre et on les parse
+ my $param = get_prop('',"management");
+ my @param = split(/:/,$param);
+ my $host = $param[0];
my $port = $param[1];
my $pass = $param[2];
@@ -127,17 +127,17 @@
host => $host,
port => $port,
password => $pass,
- timeout => 3
+ timeout => 3
});
- # On se connecte ou on retourne le message d'erreur
- unless($vpn->connect()){
- print $q->Tr($q->td($fm->localise('ERROR_CONNECT_TO_MANAGER')));
- return "";
- }
+ # On se connecte ou on retourne le message d'erreur
+ unless($vpn->connect()){
+ print $q->Tr($q->td($fm->localise('ERROR_CONNECT_TO_MANAGER')));
+ return "";
+ }
my $r = $vpn->status_ref();
-
- my %virtIP;
+
+ my %virtIP;
my %realIP;
my %remotePort;
my %sentBytes;
@@ -148,167 +148,158 @@
foreach( @{$r->{CLIENT_LIST}} ){
my $CN = $$_[0];
- unshift (@commonNames,$CN);
- $virtIP{$_} = $$_[1];
- my @ipPort = split (/:/,$$_[1]);
- $realIP{$CN} = $ipPort[0];
- $remotePort{$CN} = $ipPort[1];
- $virtIP{$CN} = $$_[2];
- $receivedBytes{$CN} = $$_[3]/1048576;
- $receivedBytes{$CN} = sprintf("%.2f", $receivedBytes{$CN});
- $sentBytes{$CN} = $$_[4]/1048576;
- $sentBytes{$CN} = sprintf("%.2f", $sentBytes{$CN});
- $connectedSince{$CN} = $$_[5];
- }
-
- # Si @commonName est vide, il n'y a aucun client connecté
- unless ( scalar @commonNames ){
- print $q->Tr($q->td($fm->localise('NO_CLIENTS_CONNECTED')));
- return "";
+ unshift (@commonNames,$CN);
+ $virtIP{$_} = $$_[1];
+ my @ipPort = split (/:/,$$_[1]);
+ $realIP{$CN} = $ipPort[0];
+ $remotePort{$CN} = $ipPort[1];
+ $virtIP{$CN} = $$_[2];
+ $receivedBytes{$CN} = $$_[3]/1048576;
+ $receivedBytes{$CN} = sprintf("%.2f", $receivedBytes{$CN});
+ $sentBytes{$CN} = $$_[4]/1048576;
+ $sentBytes{$CN} = sprintf("%.2f", $sentBytes{$CN});
+ $connectedSince{$CN} = $$_[5];
+ }
+
+ # Si @commonName est vide, il n'y a aucun client connecté
+ unless ( scalar @commonNames ){
+ print $q->Tr($q->td($fm->localise('NO_CLIENTS_CONNECTED')));
+ return "";
}
- print $q->start_table({-CLASS => "sme-border"}),"\n";
+ print $q->start_table({-CLASS => "sme-border"}),"\n";
print $q->Tr (
- esmith::cgi::genSmallCell($q, $common_name,"header"),
- esmith::cgi::genSmallCell($q, $real_ip,"header"),
- esmith::cgi::genSmallCell($q, $virtual_ip,"header"),
- esmith::cgi::genSmallCell($q, $sent,"header"),
- esmith::cgi::genSmallCell($q, $received,"header"),
- esmith::cgi::genSmallCell($q, $connected_since,"header"),
- esmith::cgi::genSmallCell($q, $disconnect,"header", 3)),"\n";
+ esmith::cgi::genSmallCell($q, $common_name,"header"),
+ esmith::cgi::genSmallCell($q, $real_ip,"header"),
+ esmith::cgi::genSmallCell($q, $virtual_ip,"header"),
+ esmith::cgi::genSmallCell($q, $sent,"header"),
+ esmith::cgi::genSmallCell($q, $received,"header"),
+ esmith::cgi::genSmallCell($q, $connected_since,"header"),
+ esmith::cgi::genSmallCell($q, $disconnect,"header", 3)),"\n";
+
+ foreach my $cn (@commonNames){
+ print $q->Tr (esmith::cgi::genSmallCell($q,"$cn"),
+ esmith::cgi::genSmallCell($q,"$realIP{$cn} ($remotePort{$cn})"),
+ esmith::cgi::genSmallCell ($q, "$virtIP{$cn}"),
+ esmith::cgi::genSmallCell ($q, "$sentBytes{$cn}".' MB'),
+ esmith::cgi::genSmallCell ($q, "$receivedBytes{$cn}".' MB'),
+ esmith::cgi::genSmallCell ($q, "$connectedSince{$cn}"),
+ esmith::cgi::genSmallCell ($q, $q->a ({href => $q->url (-absolute => 1).
+ $base_url."CLIENT_DISCONNECT_PAGE&common_name=".
+ $cn}, $disconnect)));
- foreach my $cn (@commonNames){
- print $q->Tr (esmith::cgi::genSmallCell($q,"$cn"),
- esmith::cgi::genSmallCell($q,"$realIP{$cn} ($remotePort{$cn})"),
- esmith::cgi::genSmallCell ($q, "$virtIP{$cn}"),
- esmith::cgi::genSmallCell ($q, "$sentBytes{$cn}".' MB'),
- esmith::cgi::genSmallCell ($q, "$receivedBytes{$cn}".' MB'),
- esmith::cgi::genSmallCell ($q, "$connectedSince{$cn}"),
- esmith::cgi::genSmallCell ($q, $q->a ({href => $q->url (-absolute => 1).
- $base_url."CLIENT_DISCONNECT_PAGE&common_name=".
- $cn}, $disconnect)));
-
- }
- print $q->end_table,"\n";
- return "";
+ }
+ print $q->end_table,"\n";
+ return "";
}
# Retourne la liste des règles
sub print_rules{
- my $fm = shift;
- my $q = $fm->{cgi};
-
- my @rules = $rules_db->get_all_by_prop(type => 'rule');
-
- unless (@rules){
+ my $fm = shift;
+ my $q = $fm->{cgi};
+
+ my @rules = $rules_db->get_all_by_prop(type => 'rule');
+
+ unless (@rules){
print $q->Tr($q->td($fm->localise('NO_RULE')));
return "";
}
-
- print $q->start_table({-CLASS => "sme-border"}),"\n";
- print $q->Tr (
- esmith::cgi::genSmallCell(
- $q, $fm->localise('COMMON_NAME'),"header"
- ),
- esmith::cgi::genSmallCell(
- $q, $fm->localise('IP_ADDRESS'),"header"
- ),
- esmith::cgi::genSmallCell(
- $q, $fm->localise('COMMENT'),"header"
- ),
- esmith::cgi::genSmallCell(
- $q, $fm->localise('GATEWAY_REDIRECTION'),"header"
- ),
- esmith::cgi::genSmallCell(
- $q, $fm->localise('ACCESS'),"header"
- ),
- esmith::cgi::genSmallCell(
- $q, $fm->localise('MODIFY'),"header"
- ),
+
+ print $q->start_table({-CLASS => "sme-border"}),"\n";
+ print $q->Tr (
esmith::cgi::genSmallCell(
- $q, $fm->localise('REMOVE'),"header"
- )
+ $q, $fm->localise('COMMON_NAME'),"header"),
+ esmith::cgi::genSmallCell(
+ $q, $fm->localise('IP_ADDRESS'),"header"),
+ esmith::cgi::genSmallCell(
+ $q, $fm->localise('COMMENT'),"header"),
+ esmith::cgi::genSmallCell(
+ $q, $fm->localise('GATEWAY_REDIRECTION'),"header"),
+ esmith::cgi::genSmallCell(
+ $q, $fm->localise('ACCESS'),"header"),
+ esmith::cgi::genSmallCell(
+ $q, $fm->localise('MODIFY'),"header"),
+ esmith::cgi::genSmallCell(
+ $q, $fm->localise('REMOVE'),"header")
),"\n";
- foreach (@rules){
+ foreach (@rules){
- my $rule = $_->key;
- my $rec_rule = $rules_db->get("$rule");
+ my $rule = $_->key;
+ my $rec_rule = $rules_db->get("$rule");
- my $ip = $rec_rule->prop("ip") || $fm->localise('DYNAMIC');
- my $gw = $rec_rule->prop("redirectGW") || 'disabled';
- my $access = $rec_rule->prop("access") || 'allowed';
- $gw = ( $gw eq 'enabled')
- ? $fm->localise('ENABLED')
- : $fm->localise('DISABLED');
- $access = ( $access eq 'allowed')
- ? $fm->localise('ALLOWED')
- : $fm->localise('DENIED');
- print $q->Tr (esmith::cgi::genSmallCell($q,"$rule"),
- esmith::cgi::genSmallCell($q,"$ip"),
- esmith::cgi::genSmallCell($q,$rec_rule->prop("comment")),
- esmith::cgi::genSmallCell($q,$gw),
- esmith::cgi::genSmallCell($q,$access),
+ my $ip = $rec_rule->prop("ip") || $fm->localise('DYNAMIC');
+ my $gw = $rec_rule->prop("redirectGW") || 'disabled';
+ my $access = $rec_rule->prop("access") || 'allowed';
+ $gw = ( $gw eq 'enabled')
+ ? $fm->localise('ENABLED')
+ : $fm->localise('DISABLED');
+ $access = ( $access eq 'allowed')
+ ? $fm->localise('ALLOWED')
+ : $fm->localise('DENIED');
+ print $q->Tr (esmith::cgi::genSmallCell($q,"$rule"),
+ esmith::cgi::genSmallCell($q,"$ip"),
+ esmith::cgi::genSmallCell($q,$rec_rule->prop("comment")),
+ esmith::cgi::genSmallCell($q,$gw),
+ esmith::cgi::genSmallCell($q,$access),
esmith::cgi::genSmallCell ($q,
- $q->a ({href => $q->url (-absolute => 1).
- $base_url."CREATE_OR_MODIFY_RULE_PAGE&action=modify&common_name=".$rule}, $fm->localise('MODIFY'))),
+ $q->a ({href => $q->url (-absolute => 1).
+ $base_url."CREATE_OR_MODIFY_RULE_PAGE&action=modify&common_name=".$rule}, $fm->localise('MODIFY'))),
esmith::cgi::genSmallCell ($q,
- $q->a ({href => $q->url (-absolute => 1).
- $base_url."REMOVE_RULE_PAGE&common_name=".$rule}, $fm->localise('REMOVE'))));
+ $q->a ({href => $q->url (-absolute => 1).
+ $base_url."REMOVE_RULE_PAGE&common_name=".$rule}, $fm->localise('REMOVE'))));
}
- print $q->end_table,"\n";
- return "";
+ print $q->end_table,"\n";
+ return "";
}
# Ajouter ou modifier une règle
sub create_or_modify_rule{
- my ($fm) = @_;
- my $q = $fm->{cgi};
- my $rule = $q->param('common_name');
- my $comment = $q->param('comment');
- my $ip = $q->param('reserved_ip');
- my $gw_redirection = $q->param('gw_redirection');
- my $access = $q->param('access');
- my $action = $q->param('action');
-
- if ($action eq 'create'){
- if ($rules_db->get($rule)){
- $fm->error('CN_CONFLICT','RULES_PAGE');
- return undef;
- }
- my $msg = $fm->validate_common_name($rule);
- unless ($msg eq "OK"){
- return $fm->error($msg,'RULES_PAGE');
- }
- else{
- $rules_db->new_record(
- $rule,
- {
- comment => $comment,
- ip => $ip,
- redirectGW => $gw_redirection,
- access => $access,
- type => 'rule',
- }
- );
- }
-
- $fm->success('SUCCESS','RULES_PAGE');
- }
- elsif ($action eq 'modify'){
- my $rec_rule = $rules_db->get($rule);
- $rec_rule->set_prop('comment',$comment);
- $rec_rule->set_prop('ip',$ip);
- $rec_rule->set_prop('redirectGW',$gw_redirection);
- $rec_rule->set_prop('access',$access);
- }
- unless ( system ("/sbin/e-smith/signal-event", "openvpn-bridge-reload-ccd") == 0 ){
- $fm->error('ERROR_OCCURED','RULES_PAGE');
- return undef;
+ my ($fm) = @_;
+ my $q = $fm->{cgi};
+ my $rule = $q->param('common_name');
+ my $comment = $q->param('comment');
+ my $ip = $q->param('reserved_ip');
+ my $gw_redirection = $q->param('gw_redirection');
+ my $access = $q->param('access');
+ my $action = $q->param('action');
+
+ if ($action eq 'create'){
+ if ($rules_db->get($rule)){
+ $fm->error('CN_CONFLICT','RULES_PAGE');
+ return undef;
+ }
+ my $msg = $fm->validate_common_name($rule);
+ unless ($msg eq "OK"){
+ return $fm->error($msg,'RULES_PAGE');
+ }
+ else{
+ $rules_db->new_record(
+ $rule,{
+ comment => $comment,
+ ip => $ip,
+ redirectGW => $gw_redirection,
+ access => $access,
+ type => 'rule',
+ }
+ );
+ }
+
+ $fm->success('SUCCESS','RULES_PAGE');
}
- $fm->success('SUCCESS','RULES_PAGE');
-
+ elsif ($action eq 'modify'){
+ my $rec_rule = $rules_db->get($rule);
+ $rec_rule->set_prop('comment',$comment);
+ $rec_rule->set_prop('ip',$ip);
+ $rec_rule->set_prop('redirectGW',$gw_redirection);
+ $rec_rule->set_prop('access',$access);
+ }
+ unless ( system ("/sbin/e-smith/signal-event", "openvpn-bridge-reload-ccd") == 0 ){
+ $fm->error('ERROR_OCCURED','RULES_PAGE');
+ return undef;
+ }
+ $fm->success('SUCCESS','RULES_PAGE');
}
# Afficher le champ Nom Commun
@@ -317,9 +308,9 @@
my $q = $fm->{cgi};
my $rule = $fm->{cgi}->param('common_name') || '';
my $action = $fm->{cgi}->param('action') || '';
- print qq(
) . $fm->localise('DESC_COMMON_NAME').qq( |
);
+ print qq() . $fm->localise('DESC_COMMON_NAME').qq( |
);
print qq() .
- $fm->localise('COMMON_NAME') . qq( | \n);
+ $fm->localise('COMMON_NAME') . qq(\n);
if ($action eq 'modify' and $rule) {
print qq(
$rule
@@ -339,7 +330,8 @@
$q->param(-name=>'access',-value=>
$rec_rule->prop('access'));
}
- } else {
+ }
+ else {
print qq(
|
@@ -349,35 +341,34 @@
print qq( |
\n);
return undef;
-
}
sub print_rule_to_remove{
- my ($fm) = @_;
- my $q = $fm->{cgi};
- my $rule = $q->param('common_name');
- my $rec_rule = $rules_db->get($rule);
- my $comment = $rec_rule->prop('comment');
-
- print $q->Tr(
- $q->td(
- { -class => 'sme-noborders-label' },
- $fm->localise('COMMON_NAME')
- ),
- $q->td( { -class => 'sme-noborders-content' }, $rule )
- ),
- "\n";
+ my ($fm) = @_;
+ my $q = $fm->{cgi};
+ my $rule = $q->param('common_name');
+ my $rec_rule = $rules_db->get($rule);
+ my $comment = $rec_rule->prop('comment');
+
print $q->Tr(
- $q->td(
- { -class => 'sme-noborders-label' },
- $fm->localise('COMMENT')
- ),
- $q->td( { -class => 'sme-noborders-content' }, $comment )
- ),
- "\n";
-
- print $q->table(
+ $q->td(
+ { -class => 'sme-noborders-label' },
+ $fm->localise('COMMON_NAME')
+ ),
+ $q->td( { -class => 'sme-noborders-content' }, $rule )
+ ),
+ "\n";
+ print $q->Tr(
+ $q->td(
+ { -class => 'sme-noborders-label' },
+ $fm->localise('COMMENT')
+ ),
+ $q->td( { -class => 'sme-noborders-content' }, $comment )
+ ),
+ "\n";
+
+ print $q->table(
{ -width => '100%' },
$q->Tr(
$q->th(
@@ -404,37 +395,37 @@
}
sub print_client_to_disconnect{
- my ($fm) = @_;
- my $q = $fm->{cgi};
- my $cn = $q->param('common_name');
-
- print $q->Tr(
- $q->td(
- { -class => 'sme-noborders-label' },
- $fm->localise('COMMON_NAME')
- ),
- $q->td( { -class => 'sme-noborders-content' }, $cn )
- ),
- "\n";
-
- print $q->table(
- { -width => '100%' },
- $q->Tr(
- $q->th(
- { -class => 'sme-layout' },
- $q->submit(
- -name => 'cancel',
- -value => $fm->localise('CANCEL')
- ),
- ' ',
- $q->submit(
- -name => 'disconnect',
- -value => $fm->localise('DISCONNECT')
- )
- )
- )
- ),
- "\n";
+ my ($fm) = @_;
+ my $q = $fm->{cgi};
+ my $cn = $q->param('common_name');
+
+ print $q->Tr(
+ $q->td(
+ { -class => 'sme-noborders-label' },
+ $fm->localise('COMMON_NAME')
+ ),
+ $q->td( { -class => 'sme-noborders-content' }, $cn )
+ ),
+ "\n";
+
+ print $q->table(
+ { -width => '100%' },
+ $q->Tr(
+ $q->th(
+ { -class => 'sme-layout' },
+ $q->submit(
+ -name => 'cancel',
+ -value => $fm->localise('CANCEL')
+ ),
+ ' ',
+ $q->submit(
+ -name => 'disconnect',
+ -value => $fm->localise('DISCONNECT')
+ )
+ )
+ )
+ ),
+ "\n";
# Clear these values to prevent collisions when the page reloads.
$q->delete("cancel");
@@ -444,301 +435,297 @@
}
sub disconnect_client{
- my ($fm) = @_;
- my $q = $fm->{cgi};
- my $cn = $q->param('common_name');
- # On récupère les paramètre et on les parse
- my $param = get_prop('',"management");
- my @param = split(/:/,$param);
- my $host = $param[0];
+ my ($fm) = @_;
+ my $q = $fm->{cgi};
+ my $cn = $q->param('common_name');
+ # On récupère les paramètre et on les parse
+ my $param = get_prop('',"management");
+ my @param = split(/:/,$param);
+ my $host = $param[0];
my $port = $param[1];
my $pass = $param[2];
- my $vpn = Net::OpenVPN::Manage->new({
+ my $vpn = Net::OpenVPN::Manage->new({
host => $host,
port => $port,
password => $pass,
- timeout => 3
- });
- unless($q->param('cancel')){
- unless($vpn->connect()){
- $fm->error('ERROR_CONNECT_TO_MANAGER','SHOW_CLIENTS_PAGE');
- return undef;
- }
-
- unless($vpn->kill($cn)){
- $fm->error('ERROR_CONNECT_TO_MANAGER','SHOW_CLIENTS_PAGE');
- return undef;
- }
- $fm->success('CLIENT_DISCONNECTED','SHOW_CLIENTS_PAGE');
- return undef;
- }
- $fm->error('CANCELED','SHOW_CLIENTS_PAGE');
- return undef;
+ timeout => 3
+ });
+ unless($q->param('cancel')){
+ unless($vpn->connect()){
+ $fm->error('ERROR_CONNECT_TO_MANAGER','SHOW_CLIENTS_PAGE');
+ return undef;
+ }
+ unless($vpn->kill($cn)){
+ $fm->error('ERROR_CONNECT_TO_MANAGER','SHOW_CLIENTS_PAGE');
+ return undef;
+ }
+ $fm->success('CLIENT_DISCONNECTED','SHOW_CLIENTS_PAGE');
+ return undef;
+ }
+ $fm->error('CANCELED','SHOW_CLIENTS_PAGE');
+ return undef;
}
sub print_crt_not_ready_warning{
- my ($fm) = @_;
+ my ($fm) = @_;
- # First, check the service "bridge" is running
- my $bridge = $config_db->get_prop('bridge', 'status') || 'disabled';
+ # First, check the service "bridge" is running
+ my $bridge = $config_db->get_prop('bridge', 'status') || 'disabled';
- unless ($bridge eq 'enabled'){
- return $fm->localise('BRIDGE_NOT_ENABLED');
- }
-
- # If any of the required files is missing or empty
- # Warn the user
- if (
- (( -z "$pubdir/cacert.pem" ) || ( ! -e "$pubdir/cacert.pem" )) ||
- (( -z "$pubdir/cert.pem") || ( ! -e "$pubdir/cert.pem" )) ||
- (( -z "$privdir/key.pem") || ( ! -e "$privdir/key.pem" )) ||
- (( -z "$pubdir/cacrl.pem") || ( ! -e "$pubdir/cacrl.pem" )) ||
- (( -z "$pubdir/dh.pem") || ( ! -e "$pubdir/dh.pem" ))
- ){
-
- return $fm->localise('CRT_CONFIG_ERROR');
- }
- return $fm->localise('CRT_CONFIG_OK');
+ unless ($bridge eq 'enabled'){
+ return $fm->localise('BRIDGE_NOT_ENABLED');
+ }
+
+ # If any of the required files is missing or empty
+ # Warn the user
+ if (
+ (( -z "$pubdir/cacert.pem" ) || ( ! -e "$pubdir/cacert.pem" )) ||
+ (( -z "$pubdir/cert.pem") || ( ! -e "$pubdir/cert.pem" )) ||
+ (( -z "$privdir/key.pem") || ( ! -e "$privdir/key.pem" )) ||
+ (( -z "$pubdir/cacrl.pem") || ( ! -e "$pubdir/cacrl.pem" )) ||
+ (( -z "$pubdir/dh.pem") || ( ! -e "$pubdir/dh.pem" ))
+ ){
+
+ return $fm->localise('CRT_CONFIG_ERROR');
+ }
+ return $fm->localise('CRT_CONFIG_OK');
}
sub print_client_config{
- my ($fm) = @_;
- my $q = $fm->{cgi};
- my $proto = get_prop('','proto','udp');
- $proto = 'tcp-client' if ($proto eq 'tcp');
- my $port = ($proto eq 'udp' ? (get_prop('','UDPPort','1194')):(get_prop('','TCPPort','1194')));
- my $mtutest = get_prop('','mtuTest','enabled');
- my $fragment = get_prop('','fragment','');
- my $tunmtu = get_prop('','tunMtu','');
- my $cipher = get_prop('','cipher','');
- if ($proto eq 'tcp'){
- $mtutest = 'disabled';
- $fragment = '';
- }
+ my ($fm) = @_;
+ my $q = $fm->{cgi};
+ my $proto = get_prop('','proto','udp');
+ $proto = 'tcp-client' if ($proto eq 'tcp');
+ my $port = ($proto eq 'udp' ? (get_prop('','UDPPort','1194')):(get_prop('','TCPPort','1194')));
+ my $mtutest = get_prop('','mtuTest','enabled');
+ my $fragment = get_prop('','fragment','');
+ my $tunmtu = get_prop('','tunMtu','');
+ my $cipher = get_prop('','cipher','');
+ if ($proto eq 'tcp'){
+ $mtutest = 'disabled';
+ $fragment = '';
+ }
my $fic = '';
- $fic .= "rport $port\n";
- $fic .= "proto $proto\n";
- $fic .= "dev tap\n";
- $fic .= "nobind\n";
- $fic .= "remote ".$config_db->get('SystemName')->value.".".$config_db->get('DomainName')->value."\n\n";
- $fic .= "tls-client\n";
- $fic .= "tls-auth takey.pem 1\n"
- if (( -e "$privdir/takey.pem")&&( !-z "$privdir/takey.pem"));
- $fic .= "ns-cert-type server\n\n";
- $fic .= (get_prop('','userAuth','CrtWithPass') eq 'CrtWithPass' ? "auth-user-pass\n\n" : "\n");
- $fic .= "# Replace user.p12 with the certificate\n# bundle in PKCS12 format\n";
- $fic .= "pkcs12 user.p12\n\n";
- $fic .= "# You can replace the pkcs12\n# directive with the old ones\n";
- $fic .= "#ca cacert.pem\n#cert user.pem\n#key user-key.pem\n\n";
- if ($mtutest eq 'enabled'){
- $fic .= "mtu-test\n";
- }
- elsif (($mtutest eq 'disabled')){
- if ($tunmtu ne ''){
- $fic .= "tun-mtu $tunmtu\n";
- }
- if (($proto eq 'udp') && ($fragment ne '')){
- $fic .= "fragment $fragment\nmssfix\n";
- }
- }
- $fic .= (get_prop('','compLzo','enabled') eq 'enabled' ? "comp-lzo\n" : "");
-
- $fic .= "cipher $cipher\n" if (($cipher ne '') && ($cipher ne 'auto'));
-
- $fic .= "pull\n";
-
- print(esmith::cgi::genTextRow($q, $q->textarea (-name => "config_file",
- -override => 1,
- -default => $fic,
- -rows => 30,
- -columns => 60)));
+ $fic .= "rport $port\n";
+ $fic .= "proto $proto\n";
+ $fic .= "dev tap\n";
+ $fic .= "nobind\n";
+ $fic .= "remote ".$config_db->get('SystemName')->value.".".$config_db->get('DomainName')->value."\n\n";
+ $fic .= "tls-client\n";
+ $fic .= "tls-auth takey.pem 1\n"
+ if (( -e "$privdir/takey.pem")&&( !-z "$privdir/takey.pem"));
+ $fic .= "ns-cert-type server\n\n";
+ $fic .= (get_prop('','userAuth','CrtWithPass') eq 'CrtWithPass' ? "auth-user-pass\n\n" : "\n");
+ $fic .= "# Replace user.p12 with the certificate\n# bundle in PKCS12 format\n";
+ $fic .= "pkcs12 user.p12\n\n";
+ $fic .= "# You can replace the pkcs12\n# directive with the old ones\n";
+ $fic .= "#ca cacert.pem\n#cert user.pem\n#key user-key.pem\n\n";
+ if ($mtutest eq 'enabled'){
+ $fic .= "mtu-test\n";
+ }
+ elsif (($mtutest eq 'disabled')){
+ if ($tunmtu ne ''){
+ $fic .= "tun-mtu $tunmtu\n";
+ }
+ if (($proto eq 'udp') && ($fragment ne '')){
+ $fic .= "fragment $fragment\nmssfix\n";
+ }
+ }
+ $fic .= (get_prop('','compLzo','enabled') eq 'enabled' ? "comp-lzo\n" : "");
+ $fic .= "cipher $cipher\n" if (($cipher ne '') && ($cipher ne 'auto'));
+ $fic .= "pull\n";
+
+ print(esmith::cgi::genTextRow($q,
+ $q->textarea (
+ -name => "config_file",
+ -override => 1,
+ -default => $fic,
+ -rows => 30,
+ -columns => 60)
+ )
+ );
return "";
}
sub remove_rule{
- my ($fm) = @_;
- my $q = $fm->{cgi};
-
- my $rule = $q->param('common_name');
-
- unless($q->param("cancel")){
- unless ($rules_db->get($rule)->delete()){
- $fm->error('ERROR_OCCURED','RULES_PAGE');
- return undef;
- }
- unless (system ("/sbin/e-smith/signal-event", "openvpn-bridge-reload-ccd") == 0 ){
- $fm->error('ERROR_OCCURED','RULES_PAGE');
- return undef;
- }
- $fm->success('SUCCESS','RULES_PAGE');
- return undef;
+ my ($fm) = @_;
+ my $q = $fm->{cgi};
+ my $rule = $q->param('common_name');
+ unless($q->param("cancel")){
+ unless ($rules_db->get($rule)->delete()){
+ $fm->error('ERROR_OCCURED','RULES_PAGE');
+ return undef;
+ }
+ unless (system ("/sbin/e-smith/signal-event", "openvpn-bridge-reload-ccd") == 0 ){
+ $fm->error('ERROR_OCCURED','RULES_PAGE');
+ return undef;
+ }
+ $fm->success('SUCCESS','RULES_PAGE');
+ return undef;
}
- $fm->error('CANCELED','RULES_PAGE');
- return undef;
+ $fm->error('CANCELED','RULES_PAGE');
+ return undef;
}
sub print_custom_button{
- my ($fm,$desc,$url) = @_;
- my $q = $fm->{cgi};
- $url="openvpnbridge?page=0&page_stack=&Next=Next&wherenext=".$url;
-
- print " \n \n";
+ my ($fm,$desc,$url) = @_;
+ my $q = $fm->{cgi};
+ $url="openvpnbridge?page=0&page_stack=&Next=Next&wherenext=".$url;
+
+ print " |
\n \n";
print $q->p($q->a({href => $url, -class => "button-like"},
- $fm->localise($desc)));
+ $fm->localise($desc)));
print qq( |
\n);
return undef;
}
sub print_section_bar{
- my ($fm) = @_;
- print " \n \n";
- print " \n";
- return undef;
+ my ($fm) = @_;
+ print " |
\n \n";
+ print " \n";
+ return undef;
}
sub read_pem{
- my ($fm,$pem) = @_;
- my $q = $fm->{cgi};
- my $dir = '';
- my $ret;
- if (($pem eq 'cacert.pem') || ($pem eq 'cert.pem') || ($pem eq 'dh.pem')){
- $dir = $pubdir;
- }
- elsif (($pem eq 'key.pem') || ($pem eq 'takey.pem')){
- $dir = $privdir;
- }
-
- if (! open (PEM, "<$dir/$pem")){
- $fm->error('ERROR_OPEN_PEM','FIRST');
- # Tell the user something bad has happened
- return;
+ my ($fm,$pem) = @_;
+ my $q = $fm->{cgi};
+ my $dir = '';
+ my $ret;
+ if (($pem eq 'cacert.pem') || ($pem eq 'cert.pem') || ($pem eq 'dh.pem')){
+ $dir = $pubdir;
+ }
+ elsif (($pem eq 'key.pem') || ($pem eq 'takey.pem')){
+ $dir = $privdir;
}
- while (){
- $ret .= $_;
- }
+ if (! open (PEM, "<$dir/$pem")){
+ $fm->error('ERROR_OPEN_PEM','FIRST');
+ # Tell the user something bad has happened
+ return;
+ }
+ while (){
+ $ret .= $_;
+ }
+ close PEM;
- close PEM;
-
- return $ret;
+ return $ret;
}
sub write_pem{
- my ($fm) = @_;
- my $q = $fm->{cgi};
+ my ($fm) = @_;
+ my $q = $fm->{cgi};
- my $ca = $q->param('ca_pem');
- my $crt = $q->param('crt_pem');
- my $key = $q->param('key_pem');
- my $dh = $q->param('dhpar_pem');
- my $ta = $q->param('ta_pem');
-
- $config_db->set_prop('openvpn-bridge', 'CrlUrl', $q->param('crl_url'));
-
- if (! open (CA, ">$pubdir/cacert.pem")){
- $fm->error('ERROR_OPEN_CA','FIRST');
- # Tell the user something bad has happened
+ my $ca = $q->param('ca_pem');
+ my $crt = $q->param('crt_pem');
+ my $key = $q->param('key_pem');
+ my $dh = $q->param('dhpar_pem');
+ my $ta = $q->param('ta_pem');
+
+ $config_db->set_prop('openvpn-bridge', 'CrlUrl', $q->param('crl_url'));
+
+ if (! open (CA, ">$pubdir/cacert.pem")){
+ $fm->error('ERROR_OPEN_CA','FIRST');
+ # Tell the user something bad has happened
return;
- }
- print CA $ca;
- close CA;
-
- if (! open (CRT, ">$pubdir/cert.pem")){
- $fm->error('ERROR_OPEN_CRT','FIRST');
- # Tell the user something bad has happened
+ }
+ print CA $ca;
+ close CA;
+
+ if (! open (CRT, ">$pubdir/cert.pem")){
+ $fm->error('ERROR_OPEN_CRT','FIRST');
+ # Tell the user something bad has happened
return;
- }
- print CRT $crt;
- close CRT;
-
- if (! open (KEY, ">$privdir/key.pem")){
- $fm->error('ERROR_OPEN_KEY','FIRST');
- # Tell the user something bad has happened
+ }
+ print CRT $crt;
+ close CRT;
+
+ if (! open (KEY, ">$privdir/key.pem")){
+ $fm->error('ERROR_OPEN_KEY','FIRST');
+ # Tell the user something bad has happened
return;
- }
- print KEY $key;
- close KEY;
-
- if (! open (DH, ">$pubdir/dh.pem")){
- $fm->error('ERROR_OPEN_DH','FIRST');
- # Tell the user something bad has happened
+ }
+ print KEY $key;
+ close KEY;
+
+ if (! open (DH, ">$pubdir/dh.pem")){
+ $fm->error('ERROR_OPEN_DH','FIRST');
+ # Tell the user something bad has happened
return;
- }
- print DH $dh;
- close DH;
-
- if (! open (TA, ">$privdir/takey.pem")){
- $fm->error('ERROR_OPEN_TA','FIRST');
- # Tell the user something bad has happened
+ }
+ print DH $dh;
+ close DH;
+
+ if (! open (TA, ">$privdir/takey.pem")){
+ $fm->error('ERROR_OPEN_TA','FIRST');
+ # Tell the user something bad has happened
return;
- }
- print TA $ta;
- close TA;
-
- # Restrict permissions on sensitive data
- esmith::util::chownFile("root", "root","$privdir");
- esmith::util::chownFile("root", "root","$pubdir");
- chmod 0700, "$privdir";
- chmod 0755, "$pubdir";
-
- unless(system("/sbin/e-smith/signal-event openvpn-bridge-update") == 0){
- $fm->error('ERROR_OCCURED','RULES_PAGE');
- return undef;
- }
- $fm->success('SUCCESS','FIRST');
- return undef;
+ }
+ print TA $ta;
+ close TA;
+
+ # Restrict permissions on sensitive data
+ esmith::util::chownFile("root", "root","$privdir");
+ esmith::util::chownFile("root", "root","$pubdir");
+ chmod 0700, "$privdir";
+ chmod 0755, "$pubdir";
+
+ unless(system("/sbin/e-smith/signal-event openvpn-bridge-update") == 0){
+ $fm->error('ERROR_OCCURED','RULES_PAGE');
+ return undef;
+ }
+ $fm->success('SUCCESS','FIRST');
+ return undef;
}
# Validations
sub is_ip{
- my ($fm,$ip) = @_;
- return CGI::FormMagick::Validator::ip_number($fm, $ip);
+ my ($fm,$ip) = @_;
+ return CGI::FormMagick::Validator::ip_number($fm, $ip);
}
sub ip_is_in_local_net {
my ($fm,$ip) = @_;
-
+
unless(is_ip($fm, $ip) eq 'OK'){
- return $fm->localise('NOT_A_VALID_IP',{ip => $ip});
+ return $fm->localise('NOT_A_VALID_IP',{ip => $ip});
}
-
+
my $local_ip = $config_db->get('LocalIP')->value();
my $local_netmask = $config_db->get('LocalNetmask')->value;
my ($local_network, $local_broadcast) =
- esmith::util::computeNetworkAndBroadcast( $local_ip, $local_netmask );
-
+ esmith::util::computeNetworkAndBroadcast( $local_ip, $local_netmask );
+
my ($ip_network,$ip_broadcast) =
- esmith::util::computeNetworkAndBroadcast($ip, $local_netmask);
-
- if ($ip_network ne $local_network){
+ esmith::util::computeNetworkAndBroadcast($ip, $local_netmask);
- return $fm->localise('NOT_IN_LOCAL_NET',{ip => $ip});
+ if ($ip_network ne $local_network){
+ return $fm->localise('NOT_IN_LOCAL_NET',{ip => $ip});
}
return "OK";
}
sub ip_is_in_local_net_or_blank {
- my ($fm,$ip) = @_;
-
- if ($ip eq ''){
- return 'OK';
- }
- return ip_is_in_local_net ($fm,$ip);
+ my ($fm,$ip) = @_;
+
+ if ($ip eq ''){
+ return 'OK';
+ }
+ return ip_is_in_local_net ($fm,$ip);
}
sub end_is_after_start{
- my ($fm,$end) = @_;
- my $start = $fm->{cgi}->param('start_pool');
- my $start_ip = new Net::IP($start);
- my $end_ip = new Net::IP($end);
- unless ($end_ip->bincomp('gt',$start_ip)){
- return $fm->localise('START_AFTER_END');
- }
- return 'OK';
+ my ($fm,$end) = @_;
+ my $start = $fm->{cgi}->param('start_pool');
+ my $start_ip = new Net::IP($start);
+ my $end_ip = new Net::IP($end);
+ unless ($end_ip->bincomp('gt',$start_ip)){
+ return $fm->localise('START_AFTER_END');
+ }
+ return 'OK';
}
sub not_in_dhcp_range
@@ -754,19 +741,18 @@
&&
esmith::util::IPquadToAddr($address)
<= esmith::util::IPquadToAddr($end)){
- return $fm->localise("ADDR_IN_DHCP_RANGE",{ip => $address});
- }
- else{
+ return $fm->localise("ADDR_IN_DHCP_RANGE",{ip => $address});
+ }
+ else{
return "OK";
- }
+ }
}
sub validate_common_name
{
my ($fm, $common_name) = @_;
- unless ($common_name =~ /^([a-zA-Z0-9][\_\.\-a-zA-Z0-9]*)$/)
- {
+ unless ($common_name =~ /^([a-zA-Z0-9][\_\.\-a-zA-Z0-9]*)$/){
return $fm->localise('INVALID_CHARS',{string => $common_name});
}
return "OK";
@@ -777,10 +763,9 @@
my ($fm, $url) = @_;
unless ($url =~ /^(http:\/\/)|(https:\/\/)/){
- return $fm->localise('NOT_A_VALID_URL',{string => $url});
- }
+ return $fm->localise('NOT_A_VALID_URL',{string => $url});
+ }
return "OK";
-
}
|