/[smecontribs]/rpms/smeserver-openvpn-s2s/contribs7/smeserver-openvpn-s2s-0.1-tls_auth_1.patch
ViewVC logotype

Annotation of /rpms/smeserver-openvpn-s2s/contribs7/smeserver-openvpn-s2s-0.1-tls_auth_1.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Tue Nov 2 16:43:51 2010 UTC (14 years, 1 month ago) by slords
Branch: MAIN
CVS Tags: smeserver-openvpn-s2s-0_1-15_el4_sme, smeserver-openvpn-s2s-0_1-13_el4_sme, smeserver-openvpn-s2s-0_1-19_el4_sme, smeserver-openvpn-s2s-0_1-14_el4_sme, smeserver-openvpn-s2s-0_1-12_el4_sme, smeserver-openvpn-s2s-0_1-18_el4_sme, smeserver-openvpn-s2s-0_1-16_el4_sme, smeserver-openvpn-s2s-0_1-20_el4_sme, smeserver-openvpn-s2s-0_1-21_el4_sme, smeserver-openvpn-s2s-0_1-11_el4_sme, HEAD
Initial import

1 slords 1.1 diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key
2     --- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key 2010-10-15 19:37:57.000000000 +0200
3     +++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key 2010-10-17 15:46:44.000000000 +0200
4     @@ -1,6 +1,32 @@
5     -# Secret Key config
6     +# Authentication
7     {
8    
9     -$OUT .= "secret priv/$key"."_key.pem\n";
10     +my $auth = $db->get_prop($key,'Authentication') || 'TLS';
11    
12     +if ($auth eq 'SharedKey'){
13     + $OUT .= "secret priv/$key"."_sharedkey.pem\n";
14     }
15     +elsif ($auth eq 'TLS'){
16     + if ($type eq 'server'){
17     + $OUT .= "tls-server\n";
18     + $OUT .= "ca pub/$key" . "_cacert.pem\n";
19     + $OUT .= "cert pub/$key" . "_cert.pem\n";
20     + $OUT .= "key priv/$key" . "_key.pem\n";
21     + $OUT .= "dh pub/$key" . "_dh.pem\n";
22     + $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 0\n"
23     + if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
24     + ( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
25     + }
26     + else{
27     + $OUT .= "tls-client\n";
28     + $OUT .= "ca pub/$key" . "_cacert.pem\n";
29     + $OUT .= "cert pub/$key" . "_cert.pem\n";
30     + $OUT .= "key priv/$key" . "_key.pem\n";
31     + $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 1\n"
32     + if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
33     + ( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
34     + }
35     +}
36     +
37     +}
38     +
39     diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s
40     --- smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s 2010-10-16 17:56:47.000000000 +0200
41     +++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s 2010-10-17 15:36:34.000000000 +0200
42     @@ -74,7 +74,7 @@
43     #----------------------------------------------------------------
44     # CLIENT CONFIGURATION PAGE
45     #----------------------------------------------------------------
46     - <page name="CREATE_OR_MODIFY_CLIENT_CONF_PAGE" pre-event="turn_off_buttons()" post-event="apply_conf('client')">
47     + <page name="CREATE_OR_MODIFY_CLIENT_CONF_PAGE" pre-event="turn_off_buttons()" post-event="write_db_conf('client')">
48    
49     <field type="literal" id="add_client_desc" value="">
50     <description>DESC_ADD_CLIENT_PAGE</description>
51     @@ -94,6 +94,11 @@
52     <label>LABEL_STATUS</label>
53     </field>
54    
55     + <field type="select" id="auth" options="'TLS' => 'TLS', 'SharedKey' => 'SECRET_KEY'">
56     + <description>DESC_AUTH</description>
57     + <label>LABEL_AUTH</label>
58     + </field>
59     +
60     <field type="text" id="remote_host" validation="is_hostname_or_ip()">
61     <description>DESC_REMOTE_HOST</description>
62     <label>LABEL_REMOTE_HOST</label>
63     @@ -119,19 +124,14 @@
64     <label>LABEL_REMOTE_NET</label>
65     </field>
66    
67     - <field type="textarea" id="shared_key" validation="is_valid_key()">
68     - <description>DESC_SHARED_KEY</description>
69     - <label>LABEL_SHARED_KEY</label>
70     - </field>
71     -
72     - <subroutine src="print_button('SAVE')"/>
73     + <subroutine src="print_button('NEXT')"/>
74    
75     </page>
76    
77     #----------------------------------------------------------------
78     # SERVER CONFIGURATION PAGE
79     #----------------------------------------------------------------
80     - <page name="CREATE_OR_MODIFY_SERVER_CONF_PAGE" pre-event="turn_off_buttons()" post-event="apply_conf('server')">
81     + <page name="CREATE_OR_MODIFY_SERVER_CONF_PAGE" pre-event="turn_off_buttons()" post-event="write_db_conf('server')">
82    
83     <field type="literal" id="add_server" value="">
84     <description>DESC_ADD_SERVER_PAGE</description>
85     @@ -151,6 +151,11 @@
86     <label>LABEL_STATUS</label>
87     </field>
88    
89     + <field type="select" id="auth" options="'TLS' => 'TLS', 'SharedKey' => 'SECRET_KEY'">
90     + <description>DESC_AUTH</description>
91     + <label>LABEL_AUTH</label>
92     + </field>
93     +
94     <field type="text" id="port" validation="is_valid_and_available_port()">
95     <description>DESC_LOCAL_PORT</description>
96     <label>LABEL_LOCAL_PORT</label>
97     @@ -171,13 +176,16 @@
98     <label>LABEL_REMOTE_NET</label>
99     </field>
100    
101     - <field type="textarea" id="shared_key" validation="is_valid_key()">
102     - <description>DESC_SHARED_KEY</description>
103     - <label>LABEL_SHARED_KEY</label>
104     - </field>
105     + <subroutine src="print_button('NEXT')"/>
106    
107     - <subroutine src="print_button('SAVE')"/>
108     + </page>
109    
110     + <page name="CONFIG_CERT_PAGE" pre-event="print_status_message()" post-event="write_pem()">
111     + <field type="literal" id="cert_conf" value="">
112     + <description>DESC_CONFIGURE_CERT</description>
113     + </field>
114     + <subroutine src="print_cert_fields()"/>
115     + <subroutine src="print_button('SAVE')"/>
116     </page>
117    
118     <page name="REMOVE_CONF_PAGE" pre-event="turn_off_buttons()" post-event="remove_conf()">
119     diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm mezzanine_patched_smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm
120     --- smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm 2010-10-17 15:47:04.000000000 +0200
121     +++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm 2010-10-17 15:46:55.000000000 +0200
122     @@ -19,13 +19,13 @@
123     our @EXPORT = qw(
124     print_custom_button
125     print_section_bar
126     - apply_conf
127     + write_db_conf
128     update_ports
129     print_conf_table
130     print_conf_name_field
131     remove_conf
132     print_conf_to_remove
133     - read_key
134     + read_file
135     );
136    
137     our $pubdir = '/etc/openvpn/s2s/pub';
138     @@ -62,7 +62,7 @@
139     return undef;
140     }
141    
142     -sub apply_conf{
143     +sub write_db_conf{
144     my ($fm,$type) = @_;
145     my $q = $fm->{cgi};
146     my $conf = $q->param('conf_name');
147     @@ -84,6 +84,7 @@
148     }
149    
150     $ovpn_db->set_prop($conf, 'status', $q->param("status"));
151     + $ovpn_db->set_prop($conf, 'Authentication', $q->param("auth"));
152     $ovpn_db->set_prop($conf, 'LocalIP', $q->param("local_ip"));
153     $ovpn_db->set_prop($conf, 'RemoteIP', $q->param("remote_ip"));
154     $ovpn_db->set_prop($conf, 'Port', $q->param("port"));
155     @@ -91,33 +92,96 @@
156     $ovpn_db->set_prop($conf, 'Comment', $q->param("comment"));
157     $ovpn_db->set_prop($conf, 'RemoteNetworks', $q->param("remote_net"));
158    
159     + # Now, update the main configuration entry
160     + update_ports();
161     +
162     + $fm->success('SUCCESS','CONFIG_CERT_PAGE');
163     + return undef;
164     +}
165     +
166     +sub write_pem{
167     + my ($fm,$type) = @_;
168     + my $q = $fm->{cgi};
169     + my $conf = $q->param('conf_name');
170     + my $type = $ovpn_db->get_prop($conf, 'type') || 'server';
171     + my $auth = $ovpn_db->get_prop($conf, 'Authentication') || 'TLS';
172     +
173     + # Run validation routines
174     + my $msg = $fm->is_url_or_empty( $q->param("crl_url"));
175     + unless ($msg eq "OK"){
176     + return $fm->error($msg,'CONFIG_CERT_PAGE');
177     + }
178     +
179     + my @pems = ();
180     +
181     + if ($auth eq 'TLS'){
182     + push @pems, qw/cacert_pem cert_pem key_pem/;
183     + push @pems, 'dh_pem' if $type eq 'server';
184     + }
185     + else{
186     + push @pems, 'shared_key' if $auth eq 'SharedKey';
187     + }
188     +
189     + foreach my $pem (@pems){
190     + $msg = $fm->is_valid_key( $q->param("$pem") );
191     + unless ($msg eq "OK"){
192     + return $fm->error($msg,'CONFIG_CERT_PAGE');
193     + }
194     + }
195     +
196     # Untaint $conf
197     $conf =~ m/(.*)/;
198     $conf = $1;
199    
200     - # Write the shared_key
201     - if (! open (KEY, ">$privdir/$conf".'_key.pem')){
202     - $fm->error('ERROR_OPENING_KEY_FILE','FIRST_PAGE');
203     + if (! open (CA, ">$pubdir/$conf". "_cacert.pem")){
204     + $fm->error('ERROR_OPEN_CA','FIRST_PAGE');
205     + return;
206     + }
207     + print CA $q->param('cacert_pem');
208     + close CA;
209     +
210     + if (! open (CRT, ">$pubdir/$conf" . "_cert.pem")){
211     + $fm->error('ERROR_OPEN_CRT','FIRST_PAGE');
212     return;
213     }
214     - print KEY $q->param('shared_key');
215     + print CRT $q->param('cert_pem');
216     + close CRT;
217     +
218     + if (! open (KEY, ">$privdir/$conf" . "_key.pem")){
219     + $fm->error('ERROR_OPEN_KEY','FIRST_PAGE');
220     + return;
221     + }
222     + print KEY $q->param('key_pem');
223     close KEY;
224    
225     - esmith::util::chownFile("root", "root", "$privdir/$conf".'_key.pem');
226     - chmod 0600, "$privdir/$conf".'_key.pem';
227     + if (! open (DH, ">$pubdir/$conf" . "_dh.pem")){
228     + $fm->error('ERROR_OPEN_DH','FIRST_PAGE');
229     + return;
230     + }
231     + print DH $q->param('dh_pem');
232     + close DH;
233    
234     - # Now, update the main configuration entry
235     - update_ports();
236     + if (! open (TA, ">$privdir/$conf" . "_sharedkey.pem")){
237     + $fm->error('ERROR_OPEN_TA','FIRST_PAGE');
238     + return;
239     + }
240     + print TA $q->param('shared_key');
241     + close TA;
242    
243     - # Now, run the signal-event
244     - unless (system ("/sbin/e-smith/signal-event", "openvpn-s2s-update") == 0 ){
245     - $fm->error('ERROR_OCCURED','FIRST_PAGE');
246     - return undef;
247     + esmith::util::chownFile("root", "root", "$privdir/$conf*");
248     + esmith::util::chownFile("root", "root", "$pubdir/$conf*");
249     + chmod 0600, "$privdir/$conf*";
250     + chmod 0644, "$pubdir/$conf*";
251     +
252     + $ovpn_db->set_prop($conf, 'CrlUrl', $q->param("crl_url"));
253     +
254     + unless ( system ("/sbin/e-smith/signal-event", "openvpn-s2s-update") == 0 ){
255     + return $fm->error("ERROR_OCCURED", 'FIRST_PAGE');
256     }
257     -
258    
259     - $fm->success('SUCCESS','CONFIG_CERT_PAGE');
260     + $fm->success('SUCCESS','FIRST_PAGE');
261     return undef;
262     +
263     }
264    
265     # Update ports used in the configuration DB
266     @@ -139,6 +203,96 @@
267     $conf_db->set_prop('openvpn-s2s', 'TCPPorts', join(',',@tcp_ports));
268     }
269    
270     +sub print_cert_fields{
271     + my $fm = shift;
272     + my $q = $fm->{cgi};
273     + my $conf = $q->param('conf_name');
274     + my $rec = $ovpn_db->get("$conf");
275     + my $type = $rec->prop('type') || 'server';
276     + my $auth = $rec->prop('Authentication') || 'TLS';
277     + my $crlurl = $rec->prop('CrlUrl') || '';
278     +
279     + # Untaint $conf
280     + $conf =~ m/(.*)/;
281     + $conf = $1;
282     +
283     + if ($auth eq 'TLS'){
284     + print esmith::cgi::genTextRow($q,$fm->localise('DESC_CRL_URL'));
285     + print $q->Tr (
286     + $q->td ({-class => "sme-noborders-label"},
287     + $fm->localise('LABEL_CRL_URL')),"\n",
288     + $q->td ({-class => "sme-noborders-content"},
289     + $q->textfield (
290     + -name => 'crl_url',
291     + -override => 1,
292     + -default => $crlurl,
293     + -size => 62))),"\n";
294     + print esmith::cgi::genTextRow($q,$fm->localise('DESC_CA_PEM'));
295     + print $q->Tr (
296     + $q->td ({-class => "sme-noborders-label"},
297     + $fm->localise('LABEL_CA_PEM')),"\n",
298     + $q->td ({-class => "sme-noborders-content"},
299     + $q->textarea (
300     + -name => 'cacert_pem',
301     + -override => 1,
302     + -default => read_file("$pubdir/$conf"."_cacert.pem"),
303     + -rows => 15,
304     + -columns => 70))),"\n";
305     + print esmith::cgi::genTextRow($q,$fm->localise('DESC_CRT_PEM'));
306     + print $q->Tr (
307     + $q->td ({-class => "sme-noborders-label"},
308     + $fm->localise('LABEL_CRT_PEM')),"\n",
309     + $q->td ({-class => "sme-noborders-content"},
310     + $q->textarea (
311     + -name => 'cert_pem',
312     + -override => 1,
313     + -default => read_file("$pubdir/$conf"."_cert.pem"),
314     + -rows => 15,
315     + -columns => 70))),"\n";
316     + print esmith::cgi::genTextRow($q,$fm->localise('DESC_KEY_PEM'));
317     + print $q->Tr (
318     + $q->td ({-class => "sme-noborders-label"},
319     + $fm->localise('LABEL_KEY_PEM')),"\n",
320     + $q->td ({-class => "sme-noborders-content"},
321     + $q->textarea (
322     + -name => 'key_pem',
323     + -override => 1,
324     + -default => read_file("$privdir/$conf"."_key.pem"),
325     + -rows => 15,
326     + -columns => 70))),"\n";
327     + if ($type eq 'server'){
328     + print esmith::cgi::genTextRow($q,$fm->localise('DESC_DH_PEM'));
329     + print $q->Tr (
330     + $q->td ({-class => "sme-noborders-label"},
331     + $fm->localise('LABEL_DH_PEM')),"\n",
332     + $q->td ({-class => "sme-noborders-content"},
333     + $q->textarea (
334     + -name => 'dh_pem',
335     + -override => 1,
336     + -default => read_file("$pubdir/$conf"."_dh.pem"),
337     + -rows => 8,
338     + -columns => 70))),"\n";
339     + }
340     + print esmith::cgi::genTextRow($q,$fm->localise('DESC_SHARED_KEY_TLS'));
341     + }
342     + else{
343     + print esmith::cgi::genTextRow($q,$fm->localise('DESC_SHARED_KEY'));
344     + }
345     +
346     + print $q->Tr (
347     + $q->td ({-class => "sme-noborders-label"},
348     + $fm->localise('LABEL_SHARED_KEY')),"\n",
349     + $q->td ({-class => "sme-noborders-content"},
350     + $q->textarea (
351     + -name => 'shared_key',
352     + -override => 1,
353     + -default => read_file("$privdir/$conf"."_sharedkey.pem"),
354     + -rows => 5,
355     + -columns => 70))),"\n";
356     + return undef;
357     +}
358     +
359     +
360     # Print clients or servers table
361     sub print_conf_table{
362     my $fm = shift;
363     @@ -208,6 +362,8 @@
364     $q->param(-name=>'remote_host',-value=>
365     $rec->prop('RemoteHost'));
366     }
367     + $q->param(-name=>'auth',-value=>
368     + $rec->prop('Authentication'));
369     $q->param(-name=>'local_ip',-value=>
370     $rec->prop('LocalIP'));
371     $q->param(-name=>'remote_ip',-value=>
372     @@ -220,8 +376,6 @@
373     $rec->prop('status'));
374     $q->param(-name=>'remote_net',-value=>
375     $rec->prop('RemoteNetworks'));
376     - $q->param(-name=>'shared_key',-value=>
377     - read_key($name));
378     }
379     }
380     else {
381     @@ -309,14 +463,12 @@
382     return undef;
383     }
384    
385     -sub read_key{
386     - my $conf = shift;
387     +sub read_file{
388     + my $file = shift;
389     my $ret = '';
390    
391     - if (open (PEM, "<$privdir/$conf".'_key.pem')){
392     - while (<PEM>){
393     - $ret .= $_;
394     - }
395     + if (open (PEM, "<$file")){
396     + $ret .= $_ while (<PEM>);
397     close PEM;
398     }
399     return $ret;
400     @@ -332,6 +484,15 @@
401     return $ret;
402     }
403    
404     +sub is_url_or_empty{
405     + my ($fm, $url) = @_;
406     + my $ret = 'OK';
407     + if (($url !~ /^(http:\/\/)|(https:\/\/)/) && ($url ne '')){
408     + $ret = $fm->localise('NOT_A_VALID_URL',{string => $url});
409     + }
410     + return $ret;
411     +}
412     +
413     sub is_valid_net_or_empty{
414     my ($fm, $nets) = @_;
415     my $ret = 'OK';

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed