Commit f64321db authored by Ad Schellevis's avatar Ad Schellevis

(legacy) spaces and curly braces in openvpn.auth-user.php

parent 47cd7b9a
......@@ -39,9 +39,11 @@ require_once("auth.inc");
require_once("util.inc");
require_once("interfaces.inc");
function cisco_to_cidr($addr) {
if (!is_ipaddr($addr))
function cisco_to_cidr($addr)
{
if (!is_ipaddr($addr)) {
return 0;
}
$mask = decbin(~ip2long($addr));
$mask = substr($mask, -32);
$k = 0;
......@@ -51,20 +53,22 @@ function cisco_to_cidr($addr) {
return $k;
}
function cisco_extract_index($prule) {
function cisco_extract_index($prule)
{
$index = explode("#", $prule);
if (is_numeric($index[1]))
if (is_numeric($index[1])) {
return intval($index[1]);
else
} else {
syslog(LOG_WARNING, "Error parsing rule {$prule}: Could not extract index");
}
return -1;;
}
function parse_cisco_acl($attribs) {
global $devname, $attributes;
if (!is_array($attribs))
if (!is_array($attribs)) {
return "";
}
$finalrules = "";
if (is_array($attribs['ciscoavpair'])) {
$inrules = array();
......@@ -74,29 +78,31 @@ function parse_cisco_acl($attribs) {
$dir = "";
if (strstr($rule[0], "inacl")) {
$dir = "in";
} else if (strstr($rule[0], "outacl"))
} elseif (strstr($rule[0], "outacl")) {
$dir = "out";
else if (strstr($rule[0], "dns-servers")) {
} elseif (strstr($rule[0], "dns-servers")) {
$attributes['dns-servers'] = explode(" ", $rule[1]);
continue;
} else if (strstr($rule[0], "route")) {
if (!is_array($attributes['routes']))
} elseif (strstr($rule[0], "route")) {
if (!is_array($attributes['routes'])) {
$attributes['routes'] = array();
}
$attributes['routes'][] = $rule[1];
continue;
}
$rindex = cisco_extract_index($rule[0]);
if ($rindex < 0)
if ($rindex < 0) {
continue;
}
$rule = $rule[1];
$rule = explode(" ", $rule);
$tmprule = "";
$index = 0;
$isblock = false;
if ($rule[$index] == "permit")
if ($rule[$index] == "permit") {
$tmprule = "pass {$dir} quick on {$devname} ";
else if ($rule[$index] == "deny") {
} elseif ($rule[$index] == "deny") {
//continue;
$isblock = true;
$tmprule = "block {$dir} quick on {$devname} ";
......@@ -111,7 +117,6 @@ function parse_cisco_acl($attribs) {
case "udp":
$tmprule .= "proto {$rule[$index]} ";
break;
}
$index++;
......@@ -120,9 +125,10 @@ function parse_cisco_acl($attribs) {
$index++;
$tmprule .= "from {$rule[$index]} ";
$index++;
if ($isblock == true)
if ($isblock == true) {
$isblock = false;
} else if (trim($rule[$index]) == "any") {
}
} elseif (trim($rule[$index]) == "any") {
$tmprule .= "from any";
$index++;
} else {
......@@ -131,17 +137,19 @@ function parse_cisco_acl($attribs) {
$netmask = cisco_to_cidr($rule[$index]);
$tmprule .= "/{$netmask} ";
$index++;
if ($isblock == true)
if ($isblock == true) {
$isblock = false;
}
}
/* Destination */
if (trim($rule[$index]) == "host") {
$index++;
$tmprule .= "to {$rule[$index]} ";
$index++;
if ($isblock == true)
if ($isblock == true) {
$isblock = false;
} else if (trim($rule[$index]) == "any") {
}
} elseif (trim($rule[$index]) == "any") {
$index++;
$tmprule .= "to any";
} else {
......@@ -150,32 +158,37 @@ function parse_cisco_acl($attribs) {
$netmask = cisco_to_cidr($rule[$index]);
$tmprule .= "/{$netmask} ";
$index++;
if ($isblock == true)
if ($isblock == true) {
$isblock = false;
}
}
if ($isblock == true)
if ($isblock == true) {
continue;
}
if ($dir == "in")
if ($dir == "in") {
$inrules[$rindex] = $tmprule;
else if ($dir == "out")
} elseif ($dir == "out") {
$outrules[$rindex] = $tmprule;
}
}
$state = "";
if (!empty($outrules))
if (!empty($outrules)) {
$state = "no state";
}
ksort($inrules, SORT_NUMERIC);
foreach ($inrules as $inrule)
foreach ($inrules as $inrule) {
$finalrules .= "{$inrule} {$state}\n";
}
if (!empty($outrules)) {
ksort($outrules, SORT_NUMERIC);
foreach ($outrules as $outrule)
foreach ($outrules as $outrule) {
$finalrules .= "{$outrule} {$state}\n";
}
}
}
return $finalrules;
}
......@@ -186,15 +199,16 @@ function parse_cisco_acl($attribs) {
* We will use our local hostname to make up the nas_id
*/
if (!function_exists("getNasID")) {
function getNasID()
{
function getNasID()
{
global $g;
$nasId = gethostname();
if(empty($nasId))
if (empty($nasId)) {
$nasId = $g['product_name'];
}
return $nasId;
}
}
}
/* setup syslog logging */
......@@ -245,12 +259,14 @@ if (!is_array($authmodes)) {
$attributes = array();
foreach ($authmodes as $authmode) {
$authcfg = auth_get_authserver($authmode);
if (!$authcfg && $authmode != "local")
if (!$authcfg && $authmode != "local") {
continue;
}
$authenticated = authenticate_user($username, $password, $authcfg);
if ($authenticated == true)
if ($authenticated == true) {
break;
}
}
if ($authenticated == false) {
......@@ -261,14 +277,15 @@ if ($authenticated == false) {
if (empty($common_name)) {
$common_name = getenv("common_name");
if (empty($common_name))
if (empty($common_name)) {
$common_name = getenv("username");
}
}
$devname = getenv("dev");
if (empty($devname))
if (empty($devname)) {
$devname = "openvpn";
}
$rules = parse_cisco_acl($attributes);
if (!empty($rules)) {
......@@ -281,13 +298,15 @@ if (!empty($rules)) {
$content = "";
if (is_array($attributes['dns-servers'])) {
foreach ($attributes['dns-servers'] as $dnssrv) {
if (is_ipaddr($dnssrv))
if (is_ipaddr($dnssrv)) {
$content .= "push \"dhcp-option DNS {$dnssrv}\"\n";
}
}
}
if (is_array($attributes['routes'])) {
foreach ($attributes['routes'] as $route)
foreach ($attributes['routes'] as $route) {
$content .= "push \"route {$route} vpn_gateway\"\n";
}
}
if (isset($attributes['framed_ip'])) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment