Commit d415996b authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner

(legacy) spaces and curly braces in openvpn.auth-user.php

(cherry picked from commit f64321db)
parent eccfa60f
...@@ -39,9 +39,11 @@ require_once("auth.inc"); ...@@ -39,9 +39,11 @@ require_once("auth.inc");
require_once("util.inc"); require_once("util.inc");
require_once("interfaces.inc"); require_once("interfaces.inc");
function cisco_to_cidr($addr) { function cisco_to_cidr($addr)
if (!is_ipaddr($addr)) {
if (!is_ipaddr($addr)) {
return 0; return 0;
}
$mask = decbin(~ip2long($addr)); $mask = decbin(~ip2long($addr));
$mask = substr($mask, -32); $mask = substr($mask, -32);
$k = 0; $k = 0;
...@@ -51,20 +53,22 @@ function cisco_to_cidr($addr) { ...@@ -51,20 +53,22 @@ function cisco_to_cidr($addr) {
return $k; return $k;
} }
function cisco_extract_index($prule) { function cisco_extract_index($prule)
{
$index = explode("#", $prule); $index = explode("#", $prule);
if (is_numeric($index[1])) if (is_numeric($index[1])) {
return intval($index[1]); return intval($index[1]);
else } else {
syslog(LOG_WARNING, "Error parsing rule {$prule}: Could not extract index"); syslog(LOG_WARNING, "Error parsing rule {$prule}: Could not extract index");
}
return -1;; return -1;;
} }
function parse_cisco_acl($attribs) { function parse_cisco_acl($attribs) {
global $devname, $attributes; global $devname, $attributes;
if (!is_array($attribs)) if (!is_array($attribs)) {
return ""; return "";
}
$finalrules = ""; $finalrules = "";
if (is_array($attribs['ciscoavpair'])) { if (is_array($attribs['ciscoavpair'])) {
$inrules = array(); $inrules = array();
...@@ -74,29 +78,31 @@ function parse_cisco_acl($attribs) { ...@@ -74,29 +78,31 @@ function parse_cisco_acl($attribs) {
$dir = ""; $dir = "";
if (strstr($rule[0], "inacl")) { if (strstr($rule[0], "inacl")) {
$dir = "in"; $dir = "in";
} else if (strstr($rule[0], "outacl")) } elseif (strstr($rule[0], "outacl")) {
$dir = "out"; $dir = "out";
else if (strstr($rule[0], "dns-servers")) { } elseif (strstr($rule[0], "dns-servers")) {
$attributes['dns-servers'] = explode(" ", $rule[1]); $attributes['dns-servers'] = explode(" ", $rule[1]);
continue; continue;
} else if (strstr($rule[0], "route")) { } elseif (strstr($rule[0], "route")) {
if (!is_array($attributes['routes'])) if (!is_array($attributes['routes'])) {
$attributes['routes'] = array(); $attributes['routes'] = array();
}
$attributes['routes'][] = $rule[1]; $attributes['routes'][] = $rule[1];
continue; continue;
} }
$rindex = cisco_extract_index($rule[0]); $rindex = cisco_extract_index($rule[0]);
if ($rindex < 0) if ($rindex < 0) {
continue; continue;
}
$rule = $rule[1]; $rule = $rule[1];
$rule = explode(" ", $rule); $rule = explode(" ", $rule);
$tmprule = ""; $tmprule = "";
$index = 0; $index = 0;
$isblock = false; $isblock = false;
if ($rule[$index] == "permit") if ($rule[$index] == "permit") {
$tmprule = "pass {$dir} quick on {$devname} "; $tmprule = "pass {$dir} quick on {$devname} ";
else if ($rule[$index] == "deny") { } elseif ($rule[$index] == "deny") {
//continue; //continue;
$isblock = true; $isblock = true;
$tmprule = "block {$dir} quick on {$devname} "; $tmprule = "block {$dir} quick on {$devname} ";
...@@ -111,7 +117,6 @@ function parse_cisco_acl($attribs) { ...@@ -111,7 +117,6 @@ function parse_cisco_acl($attribs) {
case "udp": case "udp":
$tmprule .= "proto {$rule[$index]} "; $tmprule .= "proto {$rule[$index]} ";
break; break;
} }
$index++; $index++;
...@@ -120,9 +125,10 @@ function parse_cisco_acl($attribs) { ...@@ -120,9 +125,10 @@ function parse_cisco_acl($attribs) {
$index++; $index++;
$tmprule .= "from {$rule[$index]} "; $tmprule .= "from {$rule[$index]} ";
$index++; $index++;
if ($isblock == true) if ($isblock == true) {
$isblock = false; $isblock = false;
} else if (trim($rule[$index]) == "any") { }
} elseif (trim($rule[$index]) == "any") {
$tmprule .= "from any"; $tmprule .= "from any";
$index++; $index++;
} else { } else {
...@@ -131,17 +137,19 @@ function parse_cisco_acl($attribs) { ...@@ -131,17 +137,19 @@ function parse_cisco_acl($attribs) {
$netmask = cisco_to_cidr($rule[$index]); $netmask = cisco_to_cidr($rule[$index]);
$tmprule .= "/{$netmask} "; $tmprule .= "/{$netmask} ";
$index++; $index++;
if ($isblock == true) if ($isblock == true) {
$isblock = false; $isblock = false;
} }
}
/* Destination */ /* Destination */
if (trim($rule[$index]) == "host") { if (trim($rule[$index]) == "host") {
$index++; $index++;
$tmprule .= "to {$rule[$index]} "; $tmprule .= "to {$rule[$index]} ";
$index++; $index++;
if ($isblock == true) if ($isblock == true) {
$isblock = false; $isblock = false;
} else if (trim($rule[$index]) == "any") { }
} elseif (trim($rule[$index]) == "any") {
$index++; $index++;
$tmprule .= "to any"; $tmprule .= "to any";
} else { } else {
...@@ -150,32 +158,37 @@ function parse_cisco_acl($attribs) { ...@@ -150,32 +158,37 @@ function parse_cisco_acl($attribs) {
$netmask = cisco_to_cidr($rule[$index]); $netmask = cisco_to_cidr($rule[$index]);
$tmprule .= "/{$netmask} "; $tmprule .= "/{$netmask} ";
$index++; $index++;
if ($isblock == true) if ($isblock == true) {
$isblock = false; $isblock = false;
} }
}
if ($isblock == true) if ($isblock == true) {
continue; continue;
}
if ($dir == "in") if ($dir == "in") {
$inrules[$rindex] = $tmprule; $inrules[$rindex] = $tmprule;
else if ($dir == "out") } elseif ($dir == "out") {
$outrules[$rindex] = $tmprule; $outrules[$rindex] = $tmprule;
} }
}
$state = ""; $state = "";
if (!empty($outrules)) if (!empty($outrules)) {
$state = "no state"; $state = "no state";
}
ksort($inrules, SORT_NUMERIC); ksort($inrules, SORT_NUMERIC);
foreach ($inrules as $inrule) foreach ($inrules as $inrule) {
$finalrules .= "{$inrule} {$state}\n"; $finalrules .= "{$inrule} {$state}\n";
}
if (!empty($outrules)) { if (!empty($outrules)) {
ksort($outrules, SORT_NUMERIC); ksort($outrules, SORT_NUMERIC);
foreach ($outrules as $outrule) foreach ($outrules as $outrule) {
$finalrules .= "{$outrule} {$state}\n"; $finalrules .= "{$outrule} {$state}\n";
} }
} }
}
return $finalrules; return $finalrules;
} }
...@@ -186,15 +199,16 @@ function parse_cisco_acl($attribs) { ...@@ -186,15 +199,16 @@ function parse_cisco_acl($attribs) {
* We will use our local hostname to make up the nas_id * We will use our local hostname to make up the nas_id
*/ */
if (!function_exists("getNasID")) { if (!function_exists("getNasID")) {
function getNasID() function getNasID()
{ {
global $g; global $g;
$nasId = gethostname(); $nasId = gethostname();
if(empty($nasId)) if (empty($nasId)) {
$nasId = $g['product_name']; $nasId = $g['product_name'];
}
return $nasId; return $nasId;
} }
} }
/* setup syslog logging */ /* setup syslog logging */
...@@ -245,12 +259,14 @@ if (!is_array($authmodes)) { ...@@ -245,12 +259,14 @@ if (!is_array($authmodes)) {
$attributes = array(); $attributes = array();
foreach ($authmodes as $authmode) { foreach ($authmodes as $authmode) {
$authcfg = auth_get_authserver($authmode); $authcfg = auth_get_authserver($authmode);
if (!$authcfg && $authmode != "local") if (!$authcfg && $authmode != "local") {
continue; continue;
}
$authenticated = authenticate_user($username, $password, $authcfg); $authenticated = authenticate_user($username, $password, $authcfg);
if ($authenticated == true) if ($authenticated == true) {
break; break;
}
} }
if ($authenticated == false) { if ($authenticated == false) {
...@@ -261,14 +277,15 @@ if ($authenticated == false) { ...@@ -261,14 +277,15 @@ if ($authenticated == false) {
if (empty($common_name)) { if (empty($common_name)) {
$common_name = getenv("common_name"); $common_name = getenv("common_name");
if (empty($common_name)) if (empty($common_name)) {
$common_name = getenv("username"); $common_name = getenv("username");
}
} }
$devname = getenv("dev"); $devname = getenv("dev");
if (empty($devname)) if (empty($devname)) {
$devname = "openvpn"; $devname = "openvpn";
}
$rules = parse_cisco_acl($attributes); $rules = parse_cisco_acl($attributes);
if (!empty($rules)) { if (!empty($rules)) {
...@@ -281,13 +298,15 @@ if (!empty($rules)) { ...@@ -281,13 +298,15 @@ if (!empty($rules)) {
$content = ""; $content = "";
if (is_array($attributes['dns-servers'])) { if (is_array($attributes['dns-servers'])) {
foreach ($attributes['dns-servers'] as $dnssrv) { foreach ($attributes['dns-servers'] as $dnssrv) {
if (is_ipaddr($dnssrv)) if (is_ipaddr($dnssrv)) {
$content .= "push \"dhcp-option DNS {$dnssrv}\"\n"; $content .= "push \"dhcp-option DNS {$dnssrv}\"\n";
} }
}
} }
if (is_array($attributes['routes'])) { if (is_array($attributes['routes'])) {
foreach ($attributes['routes'] as $route) foreach ($attributes['routes'] as $route) {
$content .= "push \"route {$route} vpn_gateway\"\n"; $content .= "push \"route {$route} vpn_gateway\"\n";
}
} }
if (isset($attributes['framed_ip'])) { if (isset($attributes['framed_ip'])) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment