Skip to content

O
OpnSense
Commit d7dfa801 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(legacy) spaces and curly braces in openvpn_wizard.inc

parent 0af2ca39
Show whitespace changes
Inline Side-by-side
Showing with 684 additions and 626 deletions
src/etc/inc/openvpn_wizard.inc
View file @ d7dfa801
......@@ -24,36 +24,39 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
require_once("openvpn.inc");
require_once("pfsense-utils.inc");
function cert_get_subject_hash($crt) {
function cert_get_subject_hash($crt)
{
$str_crt = base64_decode($crt);
$inf_crt = openssl_x509_parse($str_crt);
return $inf_crt['subject'];
}
function has_special_chars($text) {
function has_special_chars($text)
{
return preg_match('/[^A-Za-z0-9 _-]/', $text);
}
function step1_submitphpaction() {
function step1_submitphpaction()
{
global $stepid, $config;
if ($_POST['authtype'] == "local") {
$stepid = 4;
$config['ovpnserver']['step1']['type'] = "local";
} else if ($_POST['authtype'] == "ldap") {
} elseif ($_POST['authtype'] == "ldap") {
$stepid = 0;
} else if ($_POST['authtype'] == "radius") {
} elseif ($_POST['authtype'] == "radius") {
$stepid = 2;
$config['ovpnserver']['step1']['type'] = "radius";
unset($config['ovpnserver']['step1']['uselist']);
}
}
function step2_stepbeforeformdisplay() {
function step2_stepbeforeformdisplay()
{
global $pkg, $stepid;
$fields =& $pkg['step'][1]['fields']['field'];
......@@ -76,7 +79,8 @@ function step2_stepbeforeformdisplay() {
}
}
function step2_submitphpaction() {
function step2_submitphpaction()
{
global $stepid;
if (isset($_POST['next'])) {
......@@ -90,10 +94,11 @@ function step3_submitphpaction() {
/* Default LDAP port is 389 for TCP and 636 for SSL */
if (empty($_POST['port'])) {
if ($_POST['transport'] == "tcp")
if ($_POST['transport'] == "tcp") {
$config['ovpnserver']['step2']['port'] = 389;
elseif ($_POST['transport'] == "ssl")
} elseif ($_POST['transport'] == "ssl") {
$config['ovpnserver']['step2']['port'] = 636;
}
} elseif (!is_port($_POST['port'])) {
$stepid--;
$savemsg = "Please enter a valid port number.";
......@@ -103,7 +108,7 @@ function step3_submitphpaction() {
empty($_POST['scope']) || empty($_POST['basedn']) || empty($_POST['authscope']) || empty($_POST['nameattr'])) {
$stepid--;
$savemsg = "Please enter all information for authentication server.";
} else if (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) {
} elseif (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) {
$stepid--;
$savemsg = "Please choose a different name because an authentication server with this name already exists.";
} elseif (!is_fqdn($_POST['ip']) && !is_ipaddr($_POST['ip'])) {
......@@ -134,11 +139,13 @@ function step4_stepbeforeformdisplay() {
$opts['value'] = $key;
$fields[1]['options']['option'][] = $opts;
}
if ($found == false)
if ($found == false) {
$stepid = 4;
}
}
function step4_submitphpaction() {
function step4_submitphpaction()
{
global $stepid;
if (isset($_POST['next'])) {
......@@ -147,7 +154,8 @@ function step4_submitphpaction() {
}
}
function step5_submitphpaction() {
function step5_submitphpaction()
{
global $stepid, $savemsg, $config;
/* Default RADIUS Auth port = 1812 */
......@@ -161,7 +169,7 @@ function step5_submitphpaction() {
if (empty($_POST['name']) || empty($_POST['ip']) || empty($_POST['secret'])) {
$stepid--;
$savemsg = "Please enter all information for authentication server.";
} else if (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) {
} elseif (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) {
$stepid--;
$savemsg = "Please choose a different name because an authentication server with this name already exists.";
} elseif (!is_fqdn($_POST['ip']) && !is_ipaddr($_POST['ip'])) {
......@@ -173,7 +181,8 @@ function step5_submitphpaction() {
}
}
function step6_stepbeforeformdisplay() {
function step6_stepbeforeformdisplay()
{
global $stepid, $config;
if (count($config['ca']) < 1) {
......@@ -181,7 +190,8 @@ function step6_stepbeforeformdisplay() {
}
}
function step6_submitphpaction() {
function step6_submitphpaction()
{
global $stepid, $config;
if (isset($_POST['next'])) {
......@@ -228,11 +238,11 @@ function step7_submitphpaction() {
}
}
function step8_stepbeforeformdisplay() {
function step8_stepbeforeformdisplay()
{
global $stepid, $config;
if (count($config['cert']) < 1 ||
(count($config['cert']) == 1 && stristr($config['cert'][0]['descr'], "webconf"))) {
if (count($config['cert']) < 1 || (count($config['cert']) == 1 && stristr($config['cert'][0]['descr'], "webconf"))) {
$stepid++;
}
}
......@@ -293,7 +303,8 @@ function step9_stepbeforeformdisplay() {
}
}
function step9_submitphpaction() {
function step9_submitphpaction()
{
global $input_errors, $stepid, $savemsg, $_POST, $config;
$certnames = array();
......@@ -327,7 +338,8 @@ function step9_submitphpaction() {
}
}
function step10_stepbeforeformdisplay() {
function step10_stepbeforeformdisplay()
{
global $pkg, $stepid, $netbios_nodetypes;
foreach ($pkg['step'][$stepid]['fields']['field'] as $idx => $field) {
......@@ -340,7 +352,7 @@ function step10_stepbeforeformdisplay() {
$opt['value'] = $name;
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
}
} else if ($field['name'] == "digest") {
} elseif ($field['name'] == "digest") {
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
$digestlist = openvpn_get_digestlist();
foreach ($digestlist as $name => $desc) {
......@@ -349,7 +361,7 @@ function step10_stepbeforeformdisplay() {
$opt['value'] = $name;
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
}
} else if ($field['name'] == "compression") {
} elseif ($field['name'] == "compression") {
global $openvpn_compression_modes;
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
foreach ($openvpn_compression_modes as $name => $desc) {
......@@ -358,7 +370,7 @@ function step10_stepbeforeformdisplay() {
$opt['value'] = $name;
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
}
} else if ($field['name'] == "engine") {
} elseif ($field['name'] == "engine") {
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
$engines = openvpn_get_engines();
foreach ($engines as $name => $desc) {
......@@ -367,7 +379,7 @@ function step10_stepbeforeformdisplay() {
$opt['value'] = $name;
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
}
} else if ($field['name'] == "nbttype") {
} elseif ($field['name'] == "nbttype") {
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
foreach ($netbios_nodetypes as $type => $name) {
$opt = array();
......@@ -375,62 +387,80 @@ function step10_stepbeforeformdisplay() {
$opt['value'] = $type;
$pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
}
} else if ($field['name'] == "localport") {
} elseif ($field['name'] == "localport") {
$pkg['step'][$stepid]['fields']['field'][$idx]['value'] = openvpn_port_next('UDP');
}
}
}
function step10_submitphpaction() {
function step10_submitphpaction()
{
global $savemsg, $stepid;
/* Default OpenVPN port to next available port if left empty. */
if (empty($_POST['localport']))
if (empty($_POST['localport'])) {
$pconfig["step10"]["localport"] = openvpn_port_next('UDP');
}
/* input validation */
if ($result = openvpn_validate_port($_POST['localport'], 'Local port'))
if ($result = openvpn_validate_port($_POST['localport'], 'Local port')) {
$input_errors[] = $result;
}
if ($result = openvpn_validate_cidr($_POST['tunnelnet'], 'Tunnel Network', false, "ipv4"))
if ($result = openvpn_validate_cidr($_POST['tunnelnet'], 'Tunnel Network', false, "ipv4")) {
$input_errors[] = $result;
}
if ($result = openvpn_validate_cidr($_POST['localnet'], 'Local Network', true, "ipv4"))
if ($result = openvpn_validate_cidr($_POST['localnet'], 'Local Network', true, "ipv4")) {
$input_errors[] = $result;
}
$portused = openvpn_port_used($_POST['protocol'], $_POST['interface'], $_POST['localport']);
if ($portused != 0)
if ($portused != 0) {
$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value.");
}
if (!isset($_POST['generatetlskey']) && isset($_POST['tlsauthentication']))
if (!isset($_POST['generatetlskey']) && isset($_POST['tlsauthentication'])) {
if (!strstr($_POST['tlssharedkey'], "-----BEGIN OpenVPN Static key V1-----") ||
!strstr($_POST['tlssharedkey'], "-----END OpenVPN Static key V1-----"))
!strstr($_POST['tlssharedkey'], "-----END OpenVPN Static key V1-----")) {
$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid.");
}
}
if (!empty($_POST['dnsserver1']) && !is_ipaddr(trim($_POST['dnsserver1'])))
if (!empty($_POST['dnsserver1']) && !is_ipaddr(trim($_POST['dnsserver1']))) {
$input_errors[] = gettext("The field 'DNS Server #1' must contain a valid IP address");
if (!empty($_POST['dnsserver2']) && !is_ipaddr(trim($_POST['dnsserver2'])))
}
if (!empty($_POST['dnsserver2']) && !is_ipaddr(trim($_POST['dnsserver2']))) {
$input_errors[] = gettext("The field 'DNS Server #2' must contain a valid IP address");
if (!empty($_POST['dnsserver3']) && !is_ipaddr(trim($_POST['dnsserver3'])))
}
if (!empty($_POST['dnsserver3']) && !is_ipaddr(trim($_POST['dnsserver3']))) {
$input_errors[] = gettext("The field 'DNS Server #3' must contain a valid IP address");
if (!empty($_POST['dnsserver4']) && !is_ipaddr(trim($_POST['dnsserver4'])))
}
if (!empty($_POST['dnsserver4']) && !is_ipaddr(trim($_POST['dnsserver4']))) {
$input_errors[] = gettext("The field 'DNS Server #4' must contain a valid IP address");
}
if (!empty($_POST['ntpserver1']) && !is_ipaddr(trim($_POST['ntpserver1'])))
if (!empty($_POST['ntpserver1']) && !is_ipaddr(trim($_POST['ntpserver1']))) {
$input_errors[] = gettext("The field 'NTP Server #1' must contain a valid IP address");
if (!empty($_POST['ntpserver2']) && !is_ipaddr(trim($_POST['ntpserver2'])))
}
if (!empty($_POST['ntpserver2']) && !is_ipaddr(trim($_POST['ntpserver2']))) {
$input_errors[] = gettext("The field 'NTP Server #2' must contain a valid IP address");
}
if (!empty($_POST['winsserver1']) && !is_ipaddr(trim($_POST['winsserver1'])))
if (!empty($_POST['winsserver1']) && !is_ipaddr(trim($_POST['winsserver1']))) {
$input_errors[] = gettext("The field 'WINS Server #1' must contain a valid IP address");
if (!empty($_POST['winsserver2']) && !is_ipaddr(trim($_POST['winsserver2'])))
}
if (!empty($_POST['winsserver2']) && !is_ipaddr(trim($_POST['winsserver2']))) {
$input_errors[] = gettext("The field 'WINS Server #2' must contain a valid IP address");
}
if ($_POST['concurrentcon'] && !is_numeric($_POST['concurrentcon']))
if ($_POST['concurrentcon'] && !is_numeric($_POST['concurrentcon'])) {
$input_errors[] = gettext("The field 'Concurrent connections' must be numeric.");
}
if (empty($_POST['tunnelnet']))
if (empty($_POST['tunnelnet'])) {
$input_errors[] = gettext("You must specify a 'Tunnel network'.");
}
if (count($input_errors) > 0) {
$savemsg = $input_errors[0];
......@@ -438,7 +468,8 @@ function step10_submitphpaction() {
}
}
function step12_submitphpaction() {
function step12_submitphpaction()
{
global $config;
$pconfig = $config['ovpnserver'];
......@@ -453,7 +484,7 @@ function step12_submitphpaction() {
$auth = array();
$auth['name'] = "Local Database";
$auth['type'] = "local";
} else if (isset($pconfig['step2']['uselist'])) {
} elseif (isset($pconfig['step2']['uselist'])) {
$auth = array();
$auth['type'] = $pconfig['step1']['type'];
$auth['refid'] = uniqid();
......@@ -462,10 +493,11 @@ function step12_submitphpaction() {
if ($auth['type'] == "ldap") {
$auth['host'] = $pconfig['step2']['ip'];
$auth['ldap_port'] = $pconfig['step2']['port'];
if ($pconfig['step1']['transport'] == "tcp")
if ($pconfig['step1']['transport'] == "tcp") {
$auth['ldap_urltype'] = 'TCP - Standard';
else
} else {
$auth['ldap_urltype'] = 'SSL - Encrypted';
}
$auth['ldap_protver'] = 3;
$auth['ldap_scope'] = $pconfig['step2']['scope'];
$auth['ldap_basedn'] = $pconfig['step2']['basedn'];
......@@ -475,21 +507,22 @@ function step12_submitphpaction() {
$auth['ldap_attr_user'] = $pconfig['step1']['nameattr'];
$auth['ldap_attr_member'] = $pconfig['step1']['memberattr'];
$auth['ldap_attr_group'] = $pconfig['step1']['groupattr'];
} else if ($auth['type'] == "radius") {
} elseif ($auth['type'] == "radius") {
$auth['host'] = $pconfig['step2']['ip'];
$auth['radius_auth_port'] = $pconfig['step2']['port'];
$auth['radius_secret'] = $pconfig['step2']['password'];
$auth['radius_srvcs'] = "auth";
}
if (!is_array($config['system']['authserver']))
if (!is_array($config['system']['authserver'])) {
$config['system']['authserver'] = array();
}
$config['system']['authserver'][] = $auth;
} else if (!isset($pconfig['step2']['uselist']) && empty($pconfig['step2']['authserv'])) {
} elseif (!isset($pconfig['step2']['uselist']) && empty($pconfig['step2']['authserv'])) {
$message = "Please choose an authentication server .";
header("Location:wizard.php?xml=openvpn&stepid=1&message={$message}");
exit;
} else if (!($auth = auth_get_authserver($pconfig['step2']['authserv']))) {
} elseif (!($auth = auth_get_authserver($pconfig['step2']['authserv']))) {
$message = "Not a valid authentication server has been specified.";
header("Location:wizard.php?xml=openvpn&stepid=1&message={$message}");
exit;
......@@ -508,15 +541,16 @@ function step12_submitphpaction() {
'commonName' => $pconfig['step6']['certca']);
ca_create($ca, $pconfig['step6']['keylength'], $pconfig['step6']['lifetime'], $dn, "sha256");
if (!is_array($config['ca']))
if (!is_array($config['ca'])) {
$config['ca'] = array();
}
$config['ca'][] = $ca;
} else if (!isset($pconfig['step6']['uselist']) && empty($pconfig['step6']['authcertca'])) {
} elseif (!isset($pconfig['step6']['uselist']) && empty($pconfig['step6']['authcertca'])) {
$message = "Please choose a Certificate Authority.";
header("Location:wizard.php?xml=openvpn&stepid=5&message={$message}");
exit;
} else if (!($ca = lookup_ca($pconfig['step6']['authcertca']))) {
} elseif (!($ca = lookup_ca($pconfig['step6']['authcertca']))) {
$message = "Not a valid Certificate Authority specified.";
header("Location:wizard.php?xml=openvpn&stepid=5&message={$message}");
exit;
......@@ -542,11 +576,11 @@ function step12_submitphpaction() {
}
$config['cert'][] = $cert;
} else if (!isset($pconfig['step9']['uselist']) && empty($pconfig['step9']['authcertname'])) {
} elseif (!isset($pconfig['step9']['uselist']) && empty($pconfig['step9']['authcertname'])) {
$message = "Please choose a Certificate.";
header("Location:wizard.php?xml=openvpn&stepid=7&message={$message}");
exit;
} else if (!($cert = lookup_cert($pconfig['step9']['authcertname']))) {
} elseif (!($cert = lookup_cert($pconfig['step9']['authcertname']))) {
$message = "Not a valid Certificate specified.";
header("Location:wizard.php?xml=openvpn&stepid=7&message={$message}");
exit;
......@@ -571,62 +605,84 @@ function step12_submitphpaction() {
$server['certref'] = $cert['refid'];
$server['protocol'] = $pconfig['step10']['protocol'];
$server['interface'] = $pconfig['step10']['interface'];
if (isset($pconfig['step10']['localport']))
if (isset($pconfig['step10']['localport'])) {
$server['local_port'] = $pconfig['step10']['localport'];
}
if (strlen($pconfig['step10']['descr']) > 30)
if (strlen($pconfig['step10']['descr']) > 30) {
$pconfig['step10']['descr'] = substr($pconfig['step10']['descr'], 0, 30);
}
$server['description'] = $pconfig['step10']['descr'];
$server['custom_options'] = $pconfig['step10']['advanced'];
if (isset($pconfig['step10']['tlsauth'])) {
if (isset($pconfig['step10']['gentlskey']))
if (isset($pconfig['step10']['gentlskey'])) {
$tlskey = openvpn_create_key();
else
} else {
$tlskey = $pconfig['step10']['tlskey'];
}
$server['tls'] = base64_encode($tlskey);
}
$server['dh_length'] = $pconfig['step10']['dhkey'];
$server['tunnel_network'] = $pconfig['step10']['tunnelnet'];
if (isset($pconfig['step10']['rdrgw']))
if (isset($pconfig['step10']['rdrgw'])) {
$server['gwredir'] = $pconfig['step10']['rdrgw'];
if (isset($pconfig['step10']['localnet']))
}
if (isset($pconfig['step10']['localnet'])) {
$server['local_network'] = $pconfig['step10']['localnet'];
if (isset($pconfig['step10']['concurrentcon']))
}
if (isset($pconfig['step10']['concurrentcon'])) {
$server['maxclients'] = $pconfig['step10']['concurrentcon'];
if (isset($pconfig['step10']['compression']))
}
if (isset($pconfig['step10']['compression'])) {
$server['compression'] = $pconfig['step10']['compression'];
if (isset($pconfig['step10']['tos']))
}
if (isset($pconfig['step10']['tos'])) {
$server['passtos'] = $pconfig['step10']['tos'];
if (isset($pconfig['step10']['interclient']))
}
if (isset($pconfig['step10']['interclient'])) {
$server['client2client'] = $pconfig['step10']['interclient'];
if (isset($pconfig['step10']['duplicate_cn']))
}
if (isset($pconfig['step10']['duplicate_cn'])) {
$server['duplicate_cn'] = $pconfig['step10']['duplicate_cn'];
if (isset($pconfig['step10']['dynip']))
}
if (isset($pconfig['step10']['dynip'])) {
$server['dynamic_ip'] = $pconfig['step10']['dynip'];
if (isset($pconfig['step10']['addrpool']))
}
if (isset($pconfig['step10']['addrpool'])) {
$server['pool_enable'] = $pconfig['step10']['addrpool'];
if (isset($pconfig['step10']['defaultdomain']))
}
if (isset($pconfig['step10']['defaultdomain'])) {
$server['dns_domain'] = $pconfig['step10']['defaultdomain'];
if (isset($pconfig['step10']['dns1']))
}
if (isset($pconfig['step10']['dns1'])) {
$server['dns_server1'] = $pconfig['step10']['dns1'];
if (isset($pconfig['step10']['dns2']))
}
if (isset($pconfig['step10']['dns2'])) {
$server['dns_server2'] = $pconfig['step10']['dns2'];
if (isset($pconfig['step10']['dns3']))
}
if (isset($pconfig['step10']['dns3'])) {
$server['dns_server3'] = $pconfig['step10']['dns3'];
if (isset($pconfig['step10']['dns4']))
}
if (isset($pconfig['step10']['dns4'])) {
$server['dns_server4'] = $pconfig['step10']['dns4'];
if (isset($pconfig['step10']['ntp1']))
}
if (isset($pconfig['step10']['ntp1'])) {
$server['ntp_server1'] = $pconfig['step10']['ntp1'];
if (isset($pconfig['step10']['ntp2']))
}
if (isset($pconfig['step10']['ntp2'])) {
$server['ntp_server2'] = $pconfig['step10']['ntp2'];
if (isset($pconfig['step10']['wins1']))
}
if (isset($pconfig['step10']['wins1'])) {
$server['wins_server1'] = $pconfig['step10']['wins1'];
if (isset($pconfig['step10']['wins2']))
}
if (isset($pconfig['step10']['wins2'])) {
$server['wins_server2'] = $pconfig['step10']['wins2'];
}
if (isset($pconfig['step10']['nbtenable'])) {
$server['netbios_ntype'] = $pconfig['step10']['nbttype'];
if (isset($pconfig['step10']['nbtscope']))
if (isset($pconfig['step10']['nbtscope'])) {
$server['netbios_scope'] = $pconfig['step10']['nbtscope'];
}
$server['netbios_enable'] = $pconfig['step10']['nbtenable'];
}
$server['crypto'] = $pconfig['step10']['crypto'];
......@@ -637,8 +693,9 @@ function step12_submitphpaction() {
$rule = array();
$rule['descr'] = sprintf(gettext("OpenVPN %s wizard"),$server['description']);
/* Ensure the rule descr is not too long for pf to handle */
if (strlen($rule['descr']) > 52)
if (strlen($rule['descr']) > 52) {
$rule['descr'] = substr($rule['descr'], 0, 52);
}
$rule['direction'] = "in";
$rule['source']['any'] = TRUE;
$rule['destination']['network'] = $server['interface'] . "ip";
......@@ -654,8 +711,9 @@ function step12_submitphpaction() {
$rule = array();
$rule['descr'] = sprintf(gettext("OpenVPN %s wizard"),$server['description']);
/* Ensure the rule descr is not too long for pf to handle */
if (strlen($rule['descr']) > 52)
if (strlen($rule['descr']) > 52) {
$rule['descr'] = substr($rule['descr'], 0, 52);
}
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['interface'] = "openvpn";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023