/[smecontribs]/rpms/smeserver-openvpn-s2s/contribs8/smeserver-openvpn-s2s-0.1-tls_auth_1.patch
ViewVC logotype

Contents of /rpms/smeserver-openvpn-s2s/contribs8/smeserver-openvpn-s2s-0.1-tls_auth_1.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Sun Mar 3 21:10:29 2013 UTC (11 years, 8 months ago) by unnilennium
Branch: MAIN
CVS Tags: smeserver-openvpn-s2s-0_1-21_el5_sme, smeserver-openvpn-s2s-0_1-22_el5_sme, smeserver-openvpn-s2s-0_1-25_el5_sme, smeserver-openvpn-s2s-0_1-26_el5_sme, smeserver-openvpn-s2s-0_1-24_el5_sme, smeserver-openvpn-s2s-0_1-23_el5_sme, smeserver-openvpn-s2s-0_1-27_el5_sme, HEAD
Initial import

1 diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key
2 --- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key 2010-10-15 19:37:57.000000000 +0200
3 +++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key 2010-10-17 15:46:44.000000000 +0200
4 @@ -1,6 +1,32 @@
5 -# Secret Key config
6 +# Authentication
7 {
8
9 -$OUT .= "secret priv/$key"."_key.pem\n";
10 +my $auth = $db->get_prop($key,'Authentication') || 'TLS';
11
12 +if ($auth eq 'SharedKey'){
13 + $OUT .= "secret priv/$key"."_sharedkey.pem\n";
14 }
15 +elsif ($auth eq 'TLS'){
16 + if ($type eq 'server'){
17 + $OUT .= "tls-server\n";
18 + $OUT .= "ca pub/$key" . "_cacert.pem\n";
19 + $OUT .= "cert pub/$key" . "_cert.pem\n";
20 + $OUT .= "key priv/$key" . "_key.pem\n";
21 + $OUT .= "dh pub/$key" . "_dh.pem\n";
22 + $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 0\n"
23 + if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
24 + ( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
25 + }
26 + else{
27 + $OUT .= "tls-client\n";
28 + $OUT .= "ca pub/$key" . "_cacert.pem\n";
29 + $OUT .= "cert pub/$key" . "_cert.pem\n";
30 + $OUT .= "key priv/$key" . "_key.pem\n";
31 + $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 1\n"
32 + if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
33 + ( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
34 + }
35 +}
36 +
37 +}
38 +
39 diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s
40 --- smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s 2010-10-16 17:56:47.000000000 +0200
41 +++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/web/functions/openvpns2s 2010-10-17 15:36:34.000000000 +0200
42 @@ -74,7 +74,7 @@
43 #----------------------------------------------------------------
44 # CLIENT CONFIGURATION PAGE
45 #----------------------------------------------------------------
46 - <page name="CREATE_OR_MODIFY_CLIENT_CONF_PAGE" pre-event="turn_off_buttons()" post-event="apply_conf('client')">
47 + <page name="CREATE_OR_MODIFY_CLIENT_CONF_PAGE" pre-event="turn_off_buttons()" post-event="write_db_conf('client')">
48
49 <field type="literal" id="add_client_desc" value="">
50 <description>DESC_ADD_CLIENT_PAGE</description>
51 @@ -94,6 +94,11 @@
52 <label>LABEL_STATUS</label>
53 </field>
54
55 + <field type="select" id="auth" options="'TLS' => 'TLS', 'SharedKey' => 'SECRET_KEY'">
56 + <description>DESC_AUTH</description>
57 + <label>LABEL_AUTH</label>
58 + </field>
59 +
60 <field type="text" id="remote_host" validation="is_hostname_or_ip()">
61 <description>DESC_REMOTE_HOST</description>
62 <label>LABEL_REMOTE_HOST</label>
63 @@ -119,19 +124,14 @@
64 <label>LABEL_REMOTE_NET</label>
65 </field>
66
67 - <field type="textarea" id="shared_key" validation="is_valid_key()">
68 - <description>DESC_SHARED_KEY</description>
69 - <label>LABEL_SHARED_KEY</label>
70 - </field>
71 -
72 - <subroutine src="print_button('SAVE')"/>
73 + <subroutine src="print_button('NEXT')"/>
74
75 </page>
76
77 #----------------------------------------------------------------
78 # SERVER CONFIGURATION PAGE
79 #----------------------------------------------------------------
80 - <page name="CREATE_OR_MODIFY_SERVER_CONF_PAGE" pre-event="turn_off_buttons()" post-event="apply_conf('server')">
81 + <page name="CREATE_OR_MODIFY_SERVER_CONF_PAGE" pre-event="turn_off_buttons()" post-event="write_db_conf('server')">
82
83 <field type="literal" id="add_server" value="">
84 <description>DESC_ADD_SERVER_PAGE</description>
85 @@ -151,6 +151,11 @@
86 <label>LABEL_STATUS</label>
87 </field>
88
89 + <field type="select" id="auth" options="'TLS' => 'TLS', 'SharedKey' => 'SECRET_KEY'">
90 + <description>DESC_AUTH</description>
91 + <label>LABEL_AUTH</label>
92 + </field>
93 +
94 <field type="text" id="port" validation="is_valid_and_available_port()">
95 <description>DESC_LOCAL_PORT</description>
96 <label>LABEL_LOCAL_PORT</label>
97 @@ -171,13 +176,16 @@
98 <label>LABEL_REMOTE_NET</label>
99 </field>
100
101 - <field type="textarea" id="shared_key" validation="is_valid_key()">
102 - <description>DESC_SHARED_KEY</description>
103 - <label>LABEL_SHARED_KEY</label>
104 - </field>
105 + <subroutine src="print_button('NEXT')"/>
106
107 - <subroutine src="print_button('SAVE')"/>
108 + </page>
109
110 + <page name="CONFIG_CERT_PAGE" pre-event="print_status_message()" post-event="write_pem()">
111 + <field type="literal" id="cert_conf" value="">
112 + <description>DESC_CONFIGURE_CERT</description>
113 + </field>
114 + <subroutine src="print_cert_fields()"/>
115 + <subroutine src="print_button('SAVE')"/>
116 </page>
117
118 <page name="REMOVE_CONF_PAGE" pre-event="turn_off_buttons()" post-event="remove_conf()">
119 diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm mezzanine_patched_smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm
120 --- smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm 2010-10-17 15:47:04.000000000 +0200
121 +++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/openvpns2s.pm 2010-10-17 15:46:55.000000000 +0200
122 @@ -19,13 +19,13 @@
123 our @EXPORT = qw(
124 print_custom_button
125 print_section_bar
126 - apply_conf
127 + write_db_conf
128 update_ports
129 print_conf_table
130 print_conf_name_field
131 remove_conf
132 print_conf_to_remove
133 - read_key
134 + read_file
135 );
136
137 our $pubdir = '/etc/openvpn/s2s/pub';
138 @@ -62,7 +62,7 @@
139 return undef;
140 }
141
142 -sub apply_conf{
143 +sub write_db_conf{
144 my ($fm,$type) = @_;
145 my $q = $fm->{cgi};
146 my $conf = $q->param('conf_name');
147 @@ -84,6 +84,7 @@
148 }
149
150 $ovpn_db->set_prop($conf, 'status', $q->param("status"));
151 + $ovpn_db->set_prop($conf, 'Authentication', $q->param("auth"));
152 $ovpn_db->set_prop($conf, 'LocalIP', $q->param("local_ip"));
153 $ovpn_db->set_prop($conf, 'RemoteIP', $q->param("remote_ip"));
154 $ovpn_db->set_prop($conf, 'Port', $q->param("port"));
155 @@ -91,33 +92,96 @@
156 $ovpn_db->set_prop($conf, 'Comment', $q->param("comment"));
157 $ovpn_db->set_prop($conf, 'RemoteNetworks', $q->param("remote_net"));
158
159 + # Now, update the main configuration entry
160 + update_ports();
161 +
162 + $fm->success('SUCCESS','CONFIG_CERT_PAGE');
163 + return undef;
164 +}
165 +
166 +sub write_pem{
167 + my ($fm,$type) = @_;
168 + my $q = $fm->{cgi};
169 + my $conf = $q->param('conf_name');
170 + my $type = $ovpn_db->get_prop($conf, 'type') || 'server';
171 + my $auth = $ovpn_db->get_prop($conf, 'Authentication') || 'TLS';
172 +
173 + # Run validation routines
174 + my $msg = $fm->is_url_or_empty( $q->param("crl_url"));
175 + unless ($msg eq "OK"){
176 + return $fm->error($msg,'CONFIG_CERT_PAGE');
177 + }
178 +
179 + my @pems = ();
180 +
181 + if ($auth eq 'TLS'){
182 + push @pems, qw/cacert_pem cert_pem key_pem/;
183 + push @pems, 'dh_pem' if $type eq 'server';
184 + }
185 + else{
186 + push @pems, 'shared_key' if $auth eq 'SharedKey';
187 + }
188 +
189 + foreach my $pem (@pems){
190 + $msg = $fm->is_valid_key( $q->param("$pem") );
191 + unless ($msg eq "OK"){
192 + return $fm->error($msg,'CONFIG_CERT_PAGE');
193 + }
194 + }
195 +
196 # Untaint $conf
197 $conf =~ m/(.*)/;
198 $conf = $1;
199
200 - # Write the shared_key
201 - if (! open (KEY, ">$privdir/$conf".'_key.pem')){
202 - $fm->error('ERROR_OPENING_KEY_FILE','FIRST_PAGE');
203 + if (! open (CA, ">$pubdir/$conf". "_cacert.pem")){
204 + $fm->error('ERROR_OPEN_CA','FIRST_PAGE');
205 + return;
206 + }
207 + print CA $q->param('cacert_pem');
208 + close CA;
209 +
210 + if (! open (CRT, ">$pubdir/$conf" . "_cert.pem")){
211 + $fm->error('ERROR_OPEN_CRT','FIRST_PAGE');
212 return;
213 }
214 - print KEY $q->param('shared_key');
215 + print CRT $q->param('cert_pem');
216 + close CRT;
217 +
218 + if (! open (KEY, ">$privdir/$conf" . "_key.pem")){
219 + $fm->error('ERROR_OPEN_KEY','FIRST_PAGE');
220 + return;
221 + }
222 + print KEY $q->param('key_pem');
223 close KEY;
224
225 - esmith::util::chownFile("root", "root", "$privdir/$conf".'_key.pem');
226 - chmod 0600, "$privdir/$conf".'_key.pem';
227 + if (! open (DH, ">$pubdir/$conf" . "_dh.pem")){
228 + $fm->error('ERROR_OPEN_DH','FIRST_PAGE');
229 + return;
230 + }
231 + print DH $q->param('dh_pem');
232 + close DH;
233
234 - # Now, update the main configuration entry
235 - update_ports();
236 + if (! open (TA, ">$privdir/$conf" . "_sharedkey.pem")){
237 + $fm->error('ERROR_OPEN_TA','FIRST_PAGE');
238 + return;
239 + }
240 + print TA $q->param('shared_key');
241 + close TA;
242
243 - # Now, run the signal-event
244 - unless (system ("/sbin/e-smith/signal-event", "openvpn-s2s-update") == 0 ){
245 - $fm->error('ERROR_OCCURED','FIRST_PAGE');
246 - return undef;
247 + esmith::util::chownFile("root", "root", "$privdir/$conf*");
248 + esmith::util::chownFile("root", "root", "$pubdir/$conf*");
249 + chmod 0600, "$privdir/$conf*";
250 + chmod 0644, "$pubdir/$conf*";
251 +
252 + $ovpn_db->set_prop($conf, 'CrlUrl', $q->param("crl_url"));
253 +
254 + unless ( system ("/sbin/e-smith/signal-event", "openvpn-s2s-update") == 0 ){
255 + return $fm->error("ERROR_OCCURED", 'FIRST_PAGE');
256 }
257 -
258
259 - $fm->success('SUCCESS','CONFIG_CERT_PAGE');
260 + $fm->success('SUCCESS','FIRST_PAGE');
261 return undef;
262 +
263 }
264
265 # Update ports used in the configuration DB
266 @@ -139,6 +203,96 @@
267 $conf_db->set_prop('openvpn-s2s', 'TCPPorts', join(',',@tcp_ports));
268 }
269
270 +sub print_cert_fields{
271 + my $fm = shift;
272 + my $q = $fm->{cgi};
273 + my $conf = $q->param('conf_name');
274 + my $rec = $ovpn_db->get("$conf");
275 + my $type = $rec->prop('type') || 'server';
276 + my $auth = $rec->prop('Authentication') || 'TLS';
277 + my $crlurl = $rec->prop('CrlUrl') || '';
278 +
279 + # Untaint $conf
280 + $conf =~ m/(.*)/;
281 + $conf = $1;
282 +
283 + if ($auth eq 'TLS'){
284 + print esmith::cgi::genTextRow($q,$fm->localise('DESC_CRL_URL'));
285 + print $q->Tr (
286 + $q->td ({-class => "sme-noborders-label"},
287 + $fm->localise('LABEL_CRL_URL')),"\n",
288 + $q->td ({-class => "sme-noborders-content"},
289 + $q->textfield (
290 + -name => 'crl_url',
291 + -override => 1,
292 + -default => $crlurl,
293 + -size => 62))),"\n";
294 + print esmith::cgi::genTextRow($q,$fm->localise('DESC_CA_PEM'));
295 + print $q->Tr (
296 + $q->td ({-class => "sme-noborders-label"},
297 + $fm->localise('LABEL_CA_PEM')),"\n",
298 + $q->td ({-class => "sme-noborders-content"},
299 + $q->textarea (
300 + -name => 'cacert_pem',
301 + -override => 1,
302 + -default => read_file("$pubdir/$conf"."_cacert.pem"),
303 + -rows => 15,
304 + -columns => 70))),"\n";
305 + print esmith::cgi::genTextRow($q,$fm->localise('DESC_CRT_PEM'));
306 + print $q->Tr (
307 + $q->td ({-class => "sme-noborders-label"},
308 + $fm->localise('LABEL_CRT_PEM')),"\n",
309 + $q->td ({-class => "sme-noborders-content"},
310 + $q->textarea (
311 + -name => 'cert_pem',
312 + -override => 1,
313 + -default => read_file("$pubdir/$conf"."_cert.pem"),
314 + -rows => 15,
315 + -columns => 70))),"\n";
316 + print esmith::cgi::genTextRow($q,$fm->localise('DESC_KEY_PEM'));
317 + print $q->Tr (
318 + $q->td ({-class => "sme-noborders-label"},
319 + $fm->localise('LABEL_KEY_PEM')),"\n",
320 + $q->td ({-class => "sme-noborders-content"},
321 + $q->textarea (
322 + -name => 'key_pem',
323 + -override => 1,
324 + -default => read_file("$privdir/$conf"."_key.pem"),
325 + -rows => 15,
326 + -columns => 70))),"\n";
327 + if ($type eq 'server'){
328 + print esmith::cgi::genTextRow($q,$fm->localise('DESC_DH_PEM'));
329 + print $q->Tr (
330 + $q->td ({-class => "sme-noborders-label"},
331 + $fm->localise('LABEL_DH_PEM')),"\n",
332 + $q->td ({-class => "sme-noborders-content"},
333 + $q->textarea (
334 + -name => 'dh_pem',
335 + -override => 1,
336 + -default => read_file("$pubdir/$conf"."_dh.pem"),
337 + -rows => 8,
338 + -columns => 70))),"\n";
339 + }
340 + print esmith::cgi::genTextRow($q,$fm->localise('DESC_SHARED_KEY_TLS'));
341 + }
342 + else{
343 + print esmith::cgi::genTextRow($q,$fm->localise('DESC_SHARED_KEY'));
344 + }
345 +
346 + print $q->Tr (
347 + $q->td ({-class => "sme-noborders-label"},
348 + $fm->localise('LABEL_SHARED_KEY')),"\n",
349 + $q->td ({-class => "sme-noborders-content"},
350 + $q->textarea (
351 + -name => 'shared_key',
352 + -override => 1,
353 + -default => read_file("$privdir/$conf"."_sharedkey.pem"),
354 + -rows => 5,
355 + -columns => 70))),"\n";
356 + return undef;
357 +}
358 +
359 +
360 # Print clients or servers table
361 sub print_conf_table{
362 my $fm = shift;
363 @@ -208,6 +362,8 @@
364 $q->param(-name=>'remote_host',-value=>
365 $rec->prop('RemoteHost'));
366 }
367 + $q->param(-name=>'auth',-value=>
368 + $rec->prop('Authentication'));
369 $q->param(-name=>'local_ip',-value=>
370 $rec->prop('LocalIP'));
371 $q->param(-name=>'remote_ip',-value=>
372 @@ -220,8 +376,6 @@
373 $rec->prop('status'));
374 $q->param(-name=>'remote_net',-value=>
375 $rec->prop('RemoteNetworks'));
376 - $q->param(-name=>'shared_key',-value=>
377 - read_key($name));
378 }
379 }
380 else {
381 @@ -309,14 +463,12 @@
382 return undef;
383 }
384
385 -sub read_key{
386 - my $conf = shift;
387 +sub read_file{
388 + my $file = shift;
389 my $ret = '';
390
391 - if (open (PEM, "<$privdir/$conf".'_key.pem')){
392 - while (<PEM>){
393 - $ret .= $_;
394 - }
395 + if (open (PEM, "<$file")){
396 + $ret .= $_ while (<PEM>);
397 close PEM;
398 }
399 return $ret;
400 @@ -332,6 +484,15 @@
401 return $ret;
402 }
403
404 +sub is_url_or_empty{
405 + my ($fm, $url) = @_;
406 + my $ret = 'OK';
407 + if (($url !~ /^(http:\/\/)|(https:\/\/)/) && ($url ne '')){
408 + $ret = $fm->localise('NOT_A_VALID_URL',{string => $url});
409 + }
410 + return $ret;
411 +}
412 +
413 sub is_valid_net_or_empty{
414 my ($fm, $nets) = @_;
415 my $ret = 'OK';

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed