smeserver-openvpn-s2s/contribs7/smeserver-openvpn-s2s-0.1-tls_auth_1.patch

diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key
--- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key 2010-10-15 19:37:57.000000000 +0200
+++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key       2010-10-17 15:46:44.000000000 +0200
@@ -1,6 +1,32 @@
-# Secret Key config
+# Authentication
 {
 
-$OUT .= "secret priv/$key"."_key.pem\n";
+my $auth = $db->get_prop($key,'Authentication') || 'TLS';
 
+if ($auth eq 'SharedKey'){
+    $OUT .= "secret priv/$key"."_sharedkey.pem\n";
 }
+elsif ($auth eq 'TLS'){
+    if ($type eq 'server'){
+       $OUT .= "tls-server\n";
+       $OUT .= "ca pub/$key" . "_cacert.pem\n";
+       $OUT .= "cert pub/$key" . "_cert.pem\n";
+       $OUT .= "key priv/$key" . "_key.pem\n";
+       $OUT .= "dh pub/$key" . "_dh.pem\n";
+       $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 0\n"
+           if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
+              ( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
+    }
+    else{
+       $OUT .= "tls-client\n";
+       $OUT .= "ca pub/$key" . "_cacert.pem\n";
+       $OUT .= "cert pub/$key" . "_cert.pem\n";
+       $OUT .= "key priv/$key" . "_key.pem\n";
+       $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 1\n"
+           if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
+              ( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
+    }
+}
+
+}
+
diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s
--- smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s 2010-10-16 17:56:47.000000000 +0200
+++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s       2010-10-17 15:36:34.000000000 +0200
@@ -74,7 +74,7 @@
     #----------------------------------------------------------------
     # CLIENT CONFIGURATION PAGE
     #----------------------------------------------------------------
-    <page name="CREATE_OR_MODIFY_CLIENT_CONF_PAGE" pre-event="turn_off_buttons()" post-event="apply_conf('client')">
+    <page name="CREATE_OR_MODIFY_CLIENT_CONF_PAGE" pre-event="turn_off_buttons()" post-event="write_db_conf('client')">
 
         <field type="literal" id="add_client_desc" value="">
             <description>DESC_ADD_CLIENT_PAGE</description>
@@ -94,6 +94,11 @@
             <label>LABEL_STATUS</label>
         </field>
 
+        <field type="select" id="auth" options="'TLS' => 'TLS', 'SharedKey' => 'SECRET_KEY'">
+            <description>DESC_AUTH</description>
+            <label>LABEL_AUTH</label>
+        </field>
+
         <field type="text" id="remote_host" validation="is_hostname_or_ip()">
             <description>DESC_REMOTE_HOST</description>
             <label>LABEL_REMOTE_HOST</label>
@@ -119,19 +124,14 @@
             <label>LABEL_REMOTE_NET</label>
         </field>
 
-        <field type="textarea" id="shared_key" validation="is_valid_key()">
-            <description>DESC_SHARED_KEY</description>
-            <label>LABEL_SHARED_KEY</label>
-        </field>
-
-        <subroutine src="print_button('SAVE')"/>
+        <subroutine src="print_button('NEXT')"/>
 
     </page>
 
     #----------------------------------------------------------------
     # SERVER CONFIGURATION PAGE
     #----------------------------------------------------------------
-    <page name="CREATE_OR_MODIFY_SERVER_CONF_PAGE" pre-event="turn_off_buttons()" post-event="apply_conf('server')">
+    <page name="CREATE_OR_MODIFY_SERVER_CONF_PAGE" pre-event="turn_off_buttons()" post-event="write_db_conf('server')">
 
         <field type="literal" id="add_server" value="">
             <description>DESC_ADD_SERVER_PAGE</description>
@@ -151,6 +151,11 @@
             <label>LABEL_STATUS</label>
         </field>
 
+        <field type="select" id="auth" options="'TLS' => 'TLS', 'SharedKey' => 'SECRET_KEY'">
+            <description>DESC_AUTH</description>
+            <label>LABEL_AUTH</label>
+        </field>
+
         <field type="text" id="port" validation="is_valid_and_available_port()">
             <description>DESC_LOCAL_PORT</description>
             <label>LABEL_LOCAL_PORT</label>
@@ -171,13 +176,16 @@
             <label>LABEL_REMOTE_NET</label>
         </field>
 
-        <field type="textarea" id="shared_key" validation="is_valid_key()">
-            <description>DESC_SHARED_KEY</description>
-            <label>LABEL_SHARED_KEY</label>
-        </field>
+        <subroutine src="print_button('NEXT')"/>
 
-        <subroutine src="print_button('SAVE')"/>
+    </page>
 
+    <page name="CONFIG_CERT_PAGE" pre-event="print_status_message()" post-event="write_pem()">
+        <field type="literal" id="cert_conf" value="">
+            <description>DESC_CONFIGURE_CERT</description>
+        </field>
+        <subroutine src="print_cert_fields()"/>
+        <subroutine src="print_button('SAVE')"/>
     </page>
 
     <page name="REMOVE_CONF_PAGE" pre-event="turn_off_buttons()" post-event="remove_conf()">
diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm mezzanine_patched_smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm
--- smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm        2010-10-17 15:47:04.000000000 +0200
+++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm      2010-10-17 15:46:55.000000000 +0200
@@ -19,13 +19,13 @@
 our @EXPORT = qw(
     print_custom_button
     print_section_bar
-    apply_conf
+    write_db_conf
     update_ports
     print_conf_table
     print_conf_name_field
     remove_conf
     print_conf_to_remove
-    read_key
+    read_file
 );
 
 our $pubdir = '/etc/openvpn/s2s/pub';
@@ -62,7 +62,7 @@
     return undef;
 }   
 
-sub apply_conf{
+sub write_db_conf{
     my ($fm,$type) = @_;
     my $q = $fm->{cgi};
     my $conf = $q->param('conf_name');
@@ -84,6 +84,7 @@
     }
 
     $ovpn_db->set_prop($conf, 'status', $q->param("status"));
+    $ovpn_db->set_prop($conf, 'Authentication', $q->param("auth"));
     $ovpn_db->set_prop($conf, 'LocalIP', $q->param("local_ip"));
     $ovpn_db->set_prop($conf, 'RemoteIP', $q->param("remote_ip"));
     $ovpn_db->set_prop($conf, 'Port', $q->param("port"));
@@ -91,33 +92,96 @@
     $ovpn_db->set_prop($conf, 'Comment', $q->param("comment"));
     $ovpn_db->set_prop($conf, 'RemoteNetworks', $q->param("remote_net"));
 
+    # Now, update the main configuration entry
+    update_ports();
+
+    $fm->success('SUCCESS','CONFIG_CERT_PAGE');
+    return undef;
+}
+
+sub write_pem{
+    my ($fm,$type) = @_;
+    my $q = $fm->{cgi};
+    my $conf = $q->param('conf_name');
+    my $type = $ovpn_db->get_prop($conf, 'type') || 'server';
+    my $auth = $ovpn_db->get_prop($conf, 'Authentication') || 'TLS';
+
+    # Run validation routines
+    my $msg = $fm->is_url_or_empty( $q->param("crl_url"));
+    unless ($msg eq "OK"){
+        return $fm->error($msg,'CONFIG_CERT_PAGE');
+    }
+
+    my @pems = ();
+
+    if ($auth eq 'TLS'){
+        push @pems, qw/cacert_pem cert_pem key_pem/;
+        push @pems, 'dh_pem' if $type eq 'server';
+    }
+    else{
+        push @pems, 'shared_key' if $auth eq 'SharedKey';
+    }
+
+    foreach my $pem (@pems){
+        $msg = $fm->is_valid_key( $q->param("$pem") );
+        unless ($msg eq "OK"){
+            return $fm->error($msg,'CONFIG_CERT_PAGE');
+        }
+    }
+
     # Untaint $conf
     $conf =~ m/(.*)/;
     $conf = $1;
 
-    # Write the shared_key
-    if (! open (KEY, ">$privdir/$conf".'_key.pem')){   
-        $fm->error('ERROR_OPENING_KEY_FILE','FIRST_PAGE');
+    if (! open (CA, ">$pubdir/$conf". "_cacert.pem")){
+        $fm->error('ERROR_OPEN_CA','FIRST_PAGE');
+        return;
+    }
+    print CA $q->param('cacert_pem');
+    close CA;
+
+    if (! open (CRT, ">$pubdir/$conf" . "_cert.pem")){
+        $fm->error('ERROR_OPEN_CRT','FIRST_PAGE');
         return;
     }
-    print KEY $q->param('shared_key');
+    print CRT $q->param('cert_pem');
+    close CRT;
+
+    if (! open (KEY, ">$privdir/$conf" . "_key.pem")){
+        $fm->error('ERROR_OPEN_KEY','FIRST_PAGE');
+        return;
+    }
+    print KEY $q->param('key_pem');
     close KEY;
 
-    esmith::util::chownFile("root", "root", "$privdir/$conf".'_key.pem');
-    chmod 0600, "$privdir/$conf".'_key.pem';
+    if (! open (DH, ">$pubdir/$conf" . "_dh.pem")){
+        $fm->error('ERROR_OPEN_DH','FIRST_PAGE');
+        return;
+    }
+    print DH $q->param('dh_pem');
+    close DH;
 
-    # Now, update the main configuration entry
-    update_ports();
+    if (! open (TA, ">$privdir/$conf" . "_sharedkey.pem")){
+        $fm->error('ERROR_OPEN_TA','FIRST_PAGE');
+        return;
+    }
+    print TA $q->param('shared_key');
+    close TA;
 
-    # Now, run the signal-event
-    unless (system ("/sbin/e-smith/signal-event", "openvpn-s2s-update") == 0 ){
-        $fm->error('ERROR_OCCURED','FIRST_PAGE');
-        return undef;
+    esmith::util::chownFile("root", "root", "$privdir/$conf*");
+    esmith::util::chownFile("root", "root", "$pubdir/$conf*");
+    chmod 0600, "$privdir/$conf*";
+    chmod 0644, "$pubdir/$conf*";
+
+    $ovpn_db->set_prop($conf, 'CrlUrl', $q->param("crl_url"));
+
+    unless ( system ("/sbin/e-smith/signal-event", "openvpn-s2s-update") == 0 ){
+        return $fm->error("ERROR_OCCURED", 'FIRST_PAGE');
     }
-    
 
-    $fm->success('SUCCESS','CONFIG_CERT_PAGE');
+    $fm->success('SUCCESS','FIRST_PAGE');
     return undef;
+
 }
 
 # Update ports used in the configuration DB
@@ -139,6 +203,96 @@
     $conf_db->set_prop('openvpn-s2s', 'TCPPorts', join(',',@tcp_ports));
 }
 
+sub print_cert_fields{
+    my $fm = shift;
+    my $q = $fm->{cgi};
+    my $conf = $q->param('conf_name');
+    my $rec = $ovpn_db->get("$conf");
+    my $type = $rec->prop('type') || 'server';
+    my $auth = $rec->prop('Authentication') || 'TLS';
+    my $crlurl = $rec->prop('CrlUrl') || '';
+
+    # Untaint $conf
+    $conf =~ m/(.*)/;
+    $conf = $1;
+
+    if ($auth eq 'TLS'){
+        print esmith::cgi::genTextRow($q,$fm->localise('DESC_CRL_URL'));
+        print $q->Tr (
+            $q->td ({-class => "sme-noborders-label"},
+                $fm->localise('LABEL_CRL_URL')),"\n",
+            $q->td ({-class => "sme-noborders-content"},
+                $q->textfield (
+                    -name     => 'crl_url',
+                    -override => 1,
+                    -default  => $crlurl,
+                    -size  => 62))),"\n";
+        print esmith::cgi::genTextRow($q,$fm->localise('DESC_CA_PEM'));
+        print $q->Tr (
+            $q->td ({-class => "sme-noborders-label"},
+                $fm->localise('LABEL_CA_PEM')),"\n",
+            $q->td ({-class => "sme-noborders-content"},
+                $q->textarea (
+                    -name     => 'cacert_pem',
+                    -override => 1,
+                    -default  => read_file("$pubdir/$conf"."_cacert.pem"),
+                    -rows     => 15,
+                    -columns  => 70))),"\n";
+        print esmith::cgi::genTextRow($q,$fm->localise('DESC_CRT_PEM'));
+        print $q->Tr (
+            $q->td ({-class => "sme-noborders-label"},
+                $fm->localise('LABEL_CRT_PEM')),"\n",
+            $q->td ({-class => "sme-noborders-content"},
+                $q->textarea (
+                    -name     => 'cert_pem',
+                    -override => 1,
+                    -default  => read_file("$pubdir/$conf"."_cert.pem"),
+                    -rows     => 15,
+                    -columns  => 70))),"\n";
+        print esmith::cgi::genTextRow($q,$fm->localise('DESC_KEY_PEM'));
+        print $q->Tr (
+            $q->td ({-class => "sme-noborders-label"},
+                $fm->localise('LABEL_KEY_PEM')),"\n",
+            $q->td ({-class => "sme-noborders-content"},
+                $q->textarea (
+                    -name     => 'key_pem',
+                    -override => 1,
+                    -default  => read_file("$privdir/$conf"."_key.pem"),
+                    -rows     => 15,
+                    -columns  => 70))),"\n";
+        if ($type eq 'server'){
+            print esmith::cgi::genTextRow($q,$fm->localise('DESC_DH_PEM'));
+            print $q->Tr (
+                $q->td ({-class => "sme-noborders-label"},
+                    $fm->localise('LABEL_DH_PEM')),"\n",
+                $q->td ({-class => "sme-noborders-content"},
+                    $q->textarea (
+                        -name     => 'dh_pem',
+                        -override => 1,
+                        -default  => read_file("$pubdir/$conf"."_dh.pem"),
+                        -rows     => 8,
+                        -columns  => 70))),"\n";
+        }
+        print esmith::cgi::genTextRow($q,$fm->localise('DESC_SHARED_KEY_TLS'));
+    }
+    else{
+        print esmith::cgi::genTextRow($q,$fm->localise('DESC_SHARED_KEY'));
+    }
+
+    print $q->Tr (
+            $q->td ({-class => "sme-noborders-label"},
+                $fm->localise('LABEL_SHARED_KEY')),"\n",
+            $q->td ({-class => "sme-noborders-content"},
+                $q->textarea (
+                    -name     => 'shared_key',
+                    -override => 1,
+                    -default  => read_file("$privdir/$conf"."_sharedkey.pem"),
+                    -rows     => 5,
+                    -columns  => 70))),"\n";
+    return undef;
+}
+
+
 # Print clients or servers table
 sub print_conf_table{
     my $fm = shift;
@@ -208,6 +362,8 @@
                 $q->param(-name=>'remote_host',-value=>
                     $rec->prop('RemoteHost'));
             }
+            $q->param(-name=>'auth',-value=>
+                    $rec->prop('Authentication'));
             $q->param(-name=>'local_ip',-value=>
                     $rec->prop('LocalIP'));
             $q->param(-name=>'remote_ip',-value=>
@@ -220,8 +376,6 @@
                     $rec->prop('status'));
             $q->param(-name=>'remote_net',-value=>
                     $rec->prop('RemoteNetworks'));
-            $q->param(-name=>'shared_key',-value=>
-                    read_key($name));
         }
     }
     else {
@@ -309,14 +463,12 @@
     return undef;
 }
 
-sub read_key{
-    my $conf = shift;
+sub read_file{
+    my $file = shift;
     my $ret = '';
 
-    if (open (PEM, "<$privdir/$conf".'_key.pem')){
-        while (<PEM>){
-            $ret .= $_;
-        }
+    if (open (PEM, "<$file")){
+        $ret .= $_ while (<PEM>);
         close PEM;
     }
     return $ret;
@@ -332,6 +484,15 @@
     return $ret;
 }
 
+sub is_url_or_empty{
+    my ($fm, $url) = @_;
+    my $ret = 'OK';
+    if (($url !~ /^(http:\/\/)|(https:\/\/)/) && ($url ne '')){
+        $ret = $fm->localise('NOT_A_VALID_URL',{string => $url});
+    }
+    return $ret;
+}
+
 sub is_valid_net_or_empty{
     my ($fm, $nets) = @_;
     my $ret = 'OK';
1	slords	1.1	diff -Nur -x '.orig' -x '.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key
2			--- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key 2010-10-15 19:37:57.000000000 +0200
3			+++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key 2010-10-17 15:46:44.000000000 +0200
4			@@ -1,6 +1,32 @@
5			-# Secret Key config
6			+# Authentication
7			{
8
9			-$OUT .= "secret priv/$key"."_key.pem\n";
10			+my $auth = $db->get_prop($key,'Authentication') \|\| 'TLS';
11
12			+if ($auth eq 'SharedKey'){
13			+ $OUT .= "secret priv/$key"."_sharedkey.pem\n";
14			}
15			+elsif ($auth eq 'TLS'){
16			+ if ($type eq 'server'){
17			+ $OUT .= "tls-server\n";
18			+ $OUT .= "ca pub/$key" . "_cacert.pem\n";
19			+ $OUT .= "cert pub/$key" . "_cert.pem\n";
20			+ $OUT .= "key priv/$key" . "_key.pem\n";
21			+ $OUT .= "dh pub/$key" . "_dh.pem\n";
22			+ $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 0\n"
23			+ if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
24			+ ( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
25			+ }
26			+ else{
27			+ $OUT .= "tls-client\n";
28			+ $OUT .= "ca pub/$key" . "_cacert.pem\n";
29			+ $OUT .= "cert pub/$key" . "_cert.pem\n";
30			+ $OUT .= "key priv/$key" . "_key.pem\n";
31			+ $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 1\n"
32			+ if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
33			+ ( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
34			+ }
35			+}
36			+
37			+}
38			+
39			diff -Nur -x '.orig' -x '.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s
40			--- smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s 2010-10-16 17:56:47.000000000 +0200
41			+++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s 2010-10-17 15:36:34.000000000 +0200
42			@@ -74,7 +74,7 @@
43			#----------------------------------------------------------------
44			# CLIENT CONFIGURATION PAGE
45			#----------------------------------------------------------------
46			- <page name="CREATE_OR_MODIFY_CLIENT_CONF_PAGE" pre-event="turn_off_buttons()" post-event="apply_conf('client')">
47			+ <page name="CREATE_OR_MODIFY_CLIENT_CONF_PAGE" pre-event="turn_off_buttons()" post-event="write_db_conf('client')">
48
49			<field type="literal" id="add_client_desc" value="">
50			<description>DESC_ADD_CLIENT_PAGE</description>
51			@@ -94,6 +94,11 @@
52			<label>LABEL_STATUS</label>
53			</field>
54
55			+ <field type="select" id="auth" options="'TLS' => 'TLS', 'SharedKey' => 'SECRET_KEY'">
56			+ <description>DESC_AUTH</description>
57			+ <label>LABEL_AUTH</label>
58			+ </field>
59			+
60			<field type="text" id="remote_host" validation="is_hostname_or_ip()">
61			<description>DESC_REMOTE_HOST</description>
62			<label>LABEL_REMOTE_HOST</label>
63			@@ -119,19 +124,14 @@
64			<label>LABEL_REMOTE_NET</label>
65			</field>
66
67			- <field type="textarea" id="shared_key" validation="is_valid_key()">
68			- <description>DESC_SHARED_KEY</description>
69			- <label>LABEL_SHARED_KEY</label>
70			- </field>
71			-
72			- <subroutine src="print_button('SAVE')"/>
73			+ <subroutine src="print_button('NEXT')"/>
74
75			</page>
76
77			#----------------------------------------------------------------
78			# SERVER CONFIGURATION PAGE
79			#----------------------------------------------------------------
80			- <page name="CREATE_OR_MODIFY_SERVER_CONF_PAGE" pre-event="turn_off_buttons()" post-event="apply_conf('server')">
81			+ <page name="CREATE_OR_MODIFY_SERVER_CONF_PAGE" pre-event="turn_off_buttons()" post-event="write_db_conf('server')">
82
83			<field type="literal" id="add_server" value="">
84			<description>DESC_ADD_SERVER_PAGE</description>
85			@@ -151,6 +151,11 @@
86			<label>LABEL_STATUS</label>
87			</field>
88
89			+ <field type="select" id="auth" options="'TLS' => 'TLS', 'SharedKey' => 'SECRET_KEY'">
90			+ <description>DESC_AUTH</description>
91			+ <label>LABEL_AUTH</label>
92			+ </field>
93			+
94			<field type="text" id="port" validation="is_valid_and_available_port()">
95			<description>DESC_LOCAL_PORT</description>
96			<label>LABEL_LOCAL_PORT</label>
97			@@ -171,13 +176,16 @@
98			<label>LABEL_REMOTE_NET</label>
99			</field>
100
101			- <field type="textarea" id="shared_key" validation="is_valid_key()">
102			- <description>DESC_SHARED_KEY</description>
103			- <label>LABEL_SHARED_KEY</label>
104			- </field>
105			+ <subroutine src="print_button('NEXT')"/>
106
107			- <subroutine src="print_button('SAVE')"/>
108			+ </page>
109
110			+ <page name="CONFIG_CERT_PAGE" pre-event="print_status_message()" post-event="write_pem()">
111			+ <field type="literal" id="cert_conf" value="">
112			+ <description>DESC_CONFIGURE_CERT</description>
113			+ </field>
114			+ <subroutine src="print_cert_fields()"/>
115			+ <subroutine src="print_button('SAVE')"/>
116			</page>
117
118			<page name="REMOVE_CONF_PAGE" pre-event="turn_off_buttons()" post-event="remove_conf()">
119			diff -Nur -x '.orig' -x '.rej' smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm mezzanine_patched_smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm
120			--- smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm 2010-10-17 15:47:04.000000000 +0200
121			+++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm 2010-10-17 15:46:55.000000000 +0200
122			@@ -19,13 +19,13 @@
123			our @EXPORT = qw(
124			print_custom_button
125			print_section_bar
126			- apply_conf
127			+ write_db_conf
128			update_ports
129			print_conf_table
130			print_conf_name_field
131			remove_conf
132			print_conf_to_remove
133			- read_key
134			+ read_file
135			);
136
137			our $pubdir = '/etc/openvpn/s2s/pub';
138			@@ -62,7 +62,7 @@
139			return undef;
140			}
141
142			-sub apply_conf{
143			+sub write_db_conf{
144			my ($fm,$type) = @_;
145			my $q = $fm->{cgi};
146			my $conf = $q->param('conf_name');
147			@@ -84,6 +84,7 @@
148			}
149
150			$ovpn_db->set_prop($conf, 'status', $q->param("status"));
151			+ $ovpn_db->set_prop($conf, 'Authentication', $q->param("auth"));
152			$ovpn_db->set_prop($conf, 'LocalIP', $q->param("local_ip"));
153			$ovpn_db->set_prop($conf, 'RemoteIP', $q->param("remote_ip"));
154			$ovpn_db->set_prop($conf, 'Port', $q->param("port"));
155			@@ -91,33 +92,96 @@
156			$ovpn_db->set_prop($conf, 'Comment', $q->param("comment"));
157			$ovpn_db->set_prop($conf, 'RemoteNetworks', $q->param("remote_net"));
158
159			+ # Now, update the main configuration entry
160			+ update_ports();
161			+
162			+ $fm->success('SUCCESS','CONFIG_CERT_PAGE');
163			+ return undef;
164			+}
165			+
166			+sub write_pem{
167			+ my ($fm,$type) = @_;
168			+ my $q = $fm->{cgi};
169			+ my $conf = $q->param('conf_name');
170			+ my $type = $ovpn_db->get_prop($conf, 'type') \|\| 'server';
171			+ my $auth = $ovpn_db->get_prop($conf, 'Authentication') \|\| 'TLS';
172			+
173			+ # Run validation routines
174			+ my $msg = $fm->is_url_or_empty( $q->param("crl_url"));
175			+ unless ($msg eq "OK"){
176			+ return $fm->error($msg,'CONFIG_CERT_PAGE');
177			+ }
178			+
179			+ my @pems = ();
180			+
181			+ if ($auth eq 'TLS'){
182			+ push @pems, qw/cacert_pem cert_pem key_pem/;
183			+ push @pems, 'dh_pem' if $type eq 'server';
184			+ }
185			+ else{
186			+ push @pems, 'shared_key' if $auth eq 'SharedKey';
187			+ }
188			+
189			+ foreach my $pem (@pems){
190			+ $msg = $fm->is_valid_key( $q->param("$pem") );
191			+ unless ($msg eq "OK"){
192			+ return $fm->error($msg,'CONFIG_CERT_PAGE');
193			+ }
194			+ }
195			+
196			# Untaint $conf
197			$conf =~ m/(.*)/;
198			$conf = $1;
199
200			- # Write the shared_key
201			- if (! open (KEY, ">$privdir/$conf".'_key.pem')){
202			- $fm->error('ERROR_OPENING_KEY_FILE','FIRST_PAGE');
203			+ if (! open (CA, ">$pubdir/$conf". "_cacert.pem")){
204			+ $fm->error('ERROR_OPEN_CA','FIRST_PAGE');
205			+ return;
206			+ }
207			+ print CA $q->param('cacert_pem');
208			+ close CA;
209			+
210			+ if (! open (CRT, ">$pubdir/$conf" . "_cert.pem")){
211			+ $fm->error('ERROR_OPEN_CRT','FIRST_PAGE');
212			return;
213			}
214			- print KEY $q->param('shared_key');
215			+ print CRT $q->param('cert_pem');
216			+ close CRT;
217			+
218			+ if (! open (KEY, ">$privdir/$conf" . "_key.pem")){
219			+ $fm->error('ERROR_OPEN_KEY','FIRST_PAGE');
220			+ return;
221			+ }
222			+ print KEY $q->param('key_pem');
223			close KEY;
224
225			- esmith::util::chownFile("root", "root", "$privdir/$conf".'_key.pem');
226			- chmod 0600, "$privdir/$conf".'_key.pem';
227			+ if (! open (DH, ">$pubdir/$conf" . "_dh.pem")){
228			+ $fm->error('ERROR_OPEN_DH','FIRST_PAGE');
229			+ return;
230			+ }
231			+ print DH $q->param('dh_pem');
232			+ close DH;
233
234			- # Now, update the main configuration entry
235			- update_ports();
236			+ if (! open (TA, ">$privdir/$conf" . "_sharedkey.pem")){
237			+ $fm->error('ERROR_OPEN_TA','FIRST_PAGE');
238			+ return;
239			+ }
240			+ print TA $q->param('shared_key');
241			+ close TA;
242
243			- # Now, run the signal-event
244			- unless (system ("/sbin/e-smith/signal-event", "openvpn-s2s-update") == 0 ){
245			- $fm->error('ERROR_OCCURED','FIRST_PAGE');
246			- return undef;
247			+ esmith::util::chownFile("root", "root", "$privdir/$conf*");
248			+ esmith::util::chownFile("root", "root", "$pubdir/$conf*");
249			+ chmod 0600, "$privdir/$conf*";
250			+ chmod 0644, "$pubdir/$conf*";
251			+
252			+ $ovpn_db->set_prop($conf, 'CrlUrl', $q->param("crl_url"));
253			+
254			+ unless ( system ("/sbin/e-smith/signal-event", "openvpn-s2s-update") == 0 ){
255			+ return $fm->error("ERROR_OCCURED", 'FIRST_PAGE');
256			}
257			-
258
259			- $fm->success('SUCCESS','CONFIG_CERT_PAGE');
260			+ $fm->success('SUCCESS','FIRST_PAGE');
261			return undef;
262			+
263			}
264
265			# Update ports used in the configuration DB
266			@@ -139,6 +203,96 @@
267			$conf_db->set_prop('openvpn-s2s', 'TCPPorts', join(',',@tcp_ports));
268			}
269
270			+sub print_cert_fields{
271			+ my $fm = shift;
272			+ my $q = $fm->{cgi};
273			+ my $conf = $q->param('conf_name');
274			+ my $rec = $ovpn_db->get("$conf");
275			+ my $type = $rec->prop('type') \|\| 'server';
276			+ my $auth = $rec->prop('Authentication') \|\| 'TLS';
277			+ my $crlurl = $rec->prop('CrlUrl') \|\| '';
278			+
279			+ # Untaint $conf
280			+ $conf =~ m/(.*)/;
281			+ $conf = $1;
282			+
283			+ if ($auth eq 'TLS'){
284			+ print esmith::cgi::genTextRow($q,$fm->localise('DESC_CRL_URL'));
285			+ print $q->Tr (
286			+ $q->td ({-class => "sme-noborders-label"},
287			+ $fm->localise('LABEL_CRL_URL')),"\n",
288			+ $q->td ({-class => "sme-noborders-content"},
289			+ $q->textfield (
290			+ -name => 'crl_url',
291			+ -override => 1,
292			+ -default => $crlurl,
293			+ -size => 62))),"\n";
294			+ print esmith::cgi::genTextRow($q,$fm->localise('DESC_CA_PEM'));
295			+ print $q->Tr (
296			+ $q->td ({-class => "sme-noborders-label"},
297			+ $fm->localise('LABEL_CA_PEM')),"\n",
298			+ $q->td ({-class => "sme-noborders-content"},
299			+ $q->textarea (
300			+ -name => 'cacert_pem',
301			+ -override => 1,
302			+ -default => read_file("$pubdir/$conf"."_cacert.pem"),
303			+ -rows => 15,
304			+ -columns => 70))),"\n";
305			+ print esmith::cgi::genTextRow($q,$fm->localise('DESC_CRT_PEM'));
306			+ print $q->Tr (
307			+ $q->td ({-class => "sme-noborders-label"},
308			+ $fm->localise('LABEL_CRT_PEM')),"\n",
309			+ $q->td ({-class => "sme-noborders-content"},
310			+ $q->textarea (
311			+ -name => 'cert_pem',
312			+ -override => 1,
313			+ -default => read_file("$pubdir/$conf"."_cert.pem"),
314			+ -rows => 15,
315			+ -columns => 70))),"\n";
316			+ print esmith::cgi::genTextRow($q,$fm->localise('DESC_KEY_PEM'));
317			+ print $q->Tr (
318			+ $q->td ({-class => "sme-noborders-label"},
319			+ $fm->localise('LABEL_KEY_PEM')),"\n",
320			+ $q->td ({-class => "sme-noborders-content"},
321			+ $q->textarea (
322			+ -name => 'key_pem',
323			+ -override => 1,
324			+ -default => read_file("$privdir/$conf"."_key.pem"),
325			+ -rows => 15,
326			+ -columns => 70))),"\n";
327			+ if ($type eq 'server'){
328			+ print esmith::cgi::genTextRow($q,$fm->localise('DESC_DH_PEM'));
329			+ print $q->Tr (
330			+ $q->td ({-class => "sme-noborders-label"},
331			+ $fm->localise('LABEL_DH_PEM')),"\n",
332			+ $q->td ({-class => "sme-noborders-content"},
333			+ $q->textarea (
334			+ -name => 'dh_pem',
335			+ -override => 1,
336			+ -default => read_file("$pubdir/$conf"."_dh.pem"),
337			+ -rows => 8,
338			+ -columns => 70))),"\n";
339			+ }
340			+ print esmith::cgi::genTextRow($q,$fm->localise('DESC_SHARED_KEY_TLS'));
341			+ }
342			+ else{
343			+ print esmith::cgi::genTextRow($q,$fm->localise('DESC_SHARED_KEY'));
344			+ }
345			+
346			+ print $q->Tr (
347			+ $q->td ({-class => "sme-noborders-label"},
348			+ $fm->localise('LABEL_SHARED_KEY')),"\n",
349			+ $q->td ({-class => "sme-noborders-content"},
350			+ $q->textarea (
351			+ -name => 'shared_key',
352			+ -override => 1,
353			+ -default => read_file("$privdir/$conf"."_sharedkey.pem"),
354			+ -rows => 5,
355			+ -columns => 70))),"\n";
356			+ return undef;
357			+}
358			+
359			+
360			# Print clients or servers table
361			sub print_conf_table{
362			my $fm = shift;
363			@@ -208,6 +362,8 @@
364			$q->param(-name=>'remote_host',-value=>
365			$rec->prop('RemoteHost'));
366			}
367			+ $q->param(-name=>'auth',-value=>
368			+ $rec->prop('Authentication'));
369			$q->param(-name=>'local_ip',-value=>
370			$rec->prop('LocalIP'));
371			$q->param(-name=>'remote_ip',-value=>
372			@@ -220,8 +376,6 @@
373			$rec->prop('status'));
374			$q->param(-name=>'remote_net',-value=>
375			$rec->prop('RemoteNetworks'));
376			- $q->param(-name=>'shared_key',-value=>
377			- read_key($name));
378			}
379			}
380			else {
381			@@ -309,14 +463,12 @@
382			return undef;
383			}
384
385			-sub read_key{
386			- my $conf = shift;
387			+sub read_file{
388			+ my $file = shift;
389			my $ret = '';
390
391			- if (open (PEM, "<$privdir/$conf".'_key.pem')){
392			- while (<PEM>){
393			- $ret .= $_;
394			- }
395			+ if (open (PEM, "<$file")){
396			+ $ret .= $_ while (<PEM>);
397			close PEM;
398			}
399			return $ret;
400			@@ -332,6 +484,15 @@
401			return $ret;
402			}
403
404			+sub is_url_or_empty{
405			+ my ($fm, $url) = @_;
406			+ my $ret = 'OK';
407			+ if (($url !~ /^(http:\/\/)\|(https:\/\/)/) && ($url ne '')){
408			+ $ret = $fm->localise('NOT_A_VALID_URL',{string => $url});
409			+ }
410			+ return $ret;
411			+}
412			+
413			sub is_valid_net_or_empty{
414			my ($fm, $nets) = @_;
415			my $ret = 'OK';