diff options
author | Ermal <eri@pfsense.org> | 2010-03-30 21:34:49 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2010-03-30 21:34:49 +0000 |
commit | 8e97b1d4fff0b09864e53f18ed6da606f0aca148 (patch) | |
tree | e5e2dff1173d99507aa3c20f5c6b8d0d0652c55a /config | |
parent | e54cf5a0b18acb44fd85e5905147de3d50c6e36b (diff) | |
download | pfsense-packages-8e97b1d4fff0b09864e53f18ed6da606f0aca148.tar.gz pfsense-packages-8e97b1d4fff0b09864e53f18ed6da606f0aca148.tar.bz2 pfsense-packages-8e97b1d4fff0b09864e53f18ed6da606f0aca148.zip |
Add option to export the openvpn configuration and its certs with a .zip file.
Diffstat (limited to 'config')
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 53 | ||||
-rwxr-xr-x | config/openvpn-client-export/vpn_openvpn_export.php | 36 |
2 files changed, 70 insertions, 19 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index aabb32eb..ddc97025 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -90,8 +90,8 @@ function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $cap unlink($capath); } -function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy) { - global $config, $input_errors; +function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy, $zipconf = false, $outpass = "") { + global $config, $input_errors, $g; // lookup server settings $settings = $config['openvpn']['openvpn-server'][$srvid]; @@ -195,7 +195,41 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke if ($settings['passtos']) $conf .= "passtos\n"; - return $conf; + if ($zipconf == true) { + // create template directory + $tempdir = "{$g['tmp_path']}/{$prefix}"; + mkdir($tempdir, 0700, true); + + file_put_contents("{$tempdir}/{$prefix}-ovpn.conf", $conf); + + file_put_contents("{$tempdir}/{$prefix}-ca.crt", base64_decode($server_ca['crt'])); + if ($settings['tls']) { + $tlsfile = "{$tempdir}/{$prefix}-tls.key"; + file_put_contents($tlsfile, base64_decode($settings['tls'])); + } + + // write key files + if ($settings['mode'] != "server_user") { + $crtfile = "{$tempdir}/{$prefix}-cert.crt"; + file_put_contents($crtfile, base64_decode($cert['crt'])); + $keyfile = "{$tempdir}/{$prefix}.key"; + file_put_contents($keyfile, base64_decode($cert['prv'])); + + // convert to pkcs12 format + $p12file = "{$tempdir}/{$prefix}.p12"; + if ($usetoken) + openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); + else + openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); + + exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}"); + + // Remove temporary directory + exec("rm -rf {$tempdir}"); + return "{$prefix}-config.zip"; + } + } else + return $conf; } function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy) { @@ -284,13 +318,12 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset file_put_contents($crtfile, base64_decode($cert['crt'])); $keyfile = "{$tempdir}/config/{$prefix}-{$user['name']}.key"; file_put_contents($keyfile, base64_decode($cert['prv'])); - - // convert to pkcs12 format - $p12file = "{$tempdir}/config/{$prefix}.p12"; - if ($usetoken) - openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); - else - openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); + // convert to pkcs12 format + $p12file = "{$tempdir}/{$prefix}.p12"; + if ($usetoken) + openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); + else + openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); } // 7zip the configuration data diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 05d108a6..861dda89 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -90,7 +90,7 @@ if (isset($_POST['act'])) $act = $_POST['act']; $error = false; -if($act == "conf") { +if($act == "conf" || $act == "confall") { $srvid = $_GET['srvid']; $usrid = $_GET['usrid']; $crtid = $_GET['crtid']; @@ -115,6 +115,9 @@ if($act == "conf") { $useaddr = $_GET['useaddr']; $usetoken = $_GET['usetoken']; + $password = ""; + if ($_GET['password']) + $password = $_GET['password']; $proxy = ""; if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) { @@ -145,20 +148,31 @@ if($act == "conf") { } $exp_name = openvpn_client_export_prefix($srvid); - $exp_data = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy); + if ($act == "confall") + $zipconf = true; + $exp_data = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, $zipconf, $password); if (!$exp_data) { $input_errors[] = "Failed to export config files!"; $error = true; } if (!$error) { - $exp_name = urlencode($exp_name."-config.ovpn"); - $exp_size = strlen($exp_data); + if ($act == "confall") { + $exp_name = urlencode($exp_data); + $exp_size = filesize("{$g['tmp_path']}/{$exp_data}"); + } else { + $exp_name = urlencode($exp_name."-config.ovpn"); + $exp_size = strlen($exp_data); + } header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: $exp_size"); - echo $exp_data; + if ($act == "confall") + readfile("{$g['tmp_path']}/{$exp_data}"); + else + echo $exp_data; + @unlink($exp_data); exit; } } @@ -184,7 +198,7 @@ if($act == "visc") { $usetoken = $_GET['usetoken']; $password = ""; if ($_GET['password']) - $password = $_GET['password']; ; + $password = $_GET['password']; $proxy = ""; if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) { @@ -441,7 +455,9 @@ function server_changed() { cell1.className = "listr"; cell1.innerHTML = users[i][3]; cell2.className = "listr"; - cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ")'>Configuration</a>"; + cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ")'>Configuration</a>"; + cell2.innerHTML += " / "; + cell2.innerHTML += "<a href='javascript:download_begin(\"confall\"," + i + ")'>Configuration archive</a>"; cell2.innerHTML += " / "; cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ")'>Windows Installer</a>"; cell2.innerHTML += " / "; @@ -457,8 +473,10 @@ function server_changed() { cell1.className = "listr"; cell1.innerHTML = "none"; cell2.className = "listr"; - cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ")'>Configuration</a>"; + cell2.innerHTML = "<a href='javascript:download_begin(\"conf\"," + i + ")'>Configuration</a>"; cell2.innerHTML += " / "; + cell2.innerHTML += "<a href='javascript:download_begin(\"confall\"," + i + ")'>Configuration archive</a>"; + cell2.innerHTML += " / "; cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ")'>Windows Installer</a>"; cell2.innerHTML += " / "; cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ")'>Viscosity Bundle</a>"; @@ -485,7 +503,7 @@ function usepass_changed() { function useproxy_changed(obj) { if ((obj.id == "useproxy" && obj.checked) || - $(obj.id).value != 'none') { + $(obj.id + 'pass').value != 'none') { $(obj.id + '_opts').show(); } else { $(obj.id + '_opts').hide(); |