aboutsummaryrefslogtreecommitdiffstats
path: root/config/openvpn-client-export/openvpn-client-export.inc
diff options
context:
space:
mode:
Diffstat (limited to 'config/openvpn-client-export/openvpn-client-export.inc')
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc79
1 files changed, 64 insertions, 15 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index 31565656..b9ac8866 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -3,7 +3,7 @@
openvpn-client-export.inc
Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com>
Copyright (C) 2008 Shrew Soft Inc
- Copyright (C) 2010 Ermal Luçi
+ Copyright (C) 2010 Ermal Lu�i
All rights reserved.
Parts of this code was originally based on vpn_ipsec_sad.php
@@ -95,7 +95,7 @@ function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $cap
unlink($capath);
}
-function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy, $zipconf = false, $outpass = "", $skiptls=false, $doslines=false) {
+function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy, $zipconf = false, $outpass = "", $skiptls=false, $doslines=false, $advancedoptions = "") {
global $config, $input_errors, $g;
$nl = ($doslines) ? "\r\n" : "\n";
@@ -132,7 +132,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
}
// lookup user certificate info
- if ($settings['mode'] != "server_user") {
+ if ($settings['mode'] == "server_tls_user") {
if ($settings['authmode'] == "Local Database") {
$cert = $user['cert'][$crtid];
} else {
@@ -143,6 +143,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
// If $cert is not an array, it's a certref not a cert.
if (!is_array($cert))
$cert = lookup_cert($cert);
+ } elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) {
+ $cert = $config['cert'][$crtid];
+ if (!$cert)
+ return false;
} else
$nokeys = true;
@@ -226,11 +230,25 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
// - Disable for now, it requires the server cert to include special options
//$conf .= "remote-cert-tls server{$nl}";
+ // Extra protection for the server cert, if it's supported
+ if (function_exists("cert_get_purpose")) {
+ if (is_array($server_cert) && ($server_cert['crt'])) {
+ $purpose = cert_get_purpose($server_cert['crt'], true);
+ if ($purpose['server'] == 'Yes')
+ $conf .= "ns-cert-type server";
+ }
+ }
+
// add optional settings
if ($settings['compression'])
$conf .= "comp-lzo{$nl}";
if ($settings['passtos'])
$conf .= "passtos{$nl}";
+
+ // add advanced options
+ $advancedoptions = str_replace(";", $nl, $advancedoptions);
+ $conf .= $advancedoptions;
+ $conf .= $nl;
if ($zipconf == true) {
// create template directory
@@ -270,8 +288,9 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
return $conf;
}
-function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy) {
+function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) {
global $config, $g, $input_errors;
+ $uname_p = trim(exec("uname -p"));
$ovpndir = "/usr/local/share/openvpn";
$workdir = "{$ovpndir}/client-export";
@@ -309,7 +328,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
}
// lookup user certificate info
- if ($settings['mode'] != "server_user") {
+ if ($settings['mode'] == "server_tls_user") {
if ($settings['authmode'] == "Local Database") {
$cert = $user['cert'][$crtid];
} else {
@@ -320,6 +339,10 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
// If $cert is not an array, it's a certref not a cert.
if (!is_array($cert))
$cert = lookup_cert($cert);
+ } elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) {
+ $cert = $config['cert'][$crtid];
+ if (!$cert)
+ return false;
} else
$nokeys = true;
@@ -344,7 +367,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
$pwdfle .= "{$proxy['password']}\r\n";
file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle);
}
- $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, false, "", false, $doslines=true);
+ $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, false, "", false, true, $advancedoptions);
if (!$conf) {
$input_errors[] = "Could not create a config to export.";
return false;
@@ -384,7 +407,10 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
else
$files .= "procchain-standard";
- exec("/usr/local/libexec/p7zip/7z -y a archive.7z {$files}");
+ if(file_exists("/usr/pbi/p7zip-{$uname_p}/bin/7z"))
+ exec("/usr/pbi/p7zip-{$uname_p}/bin/7z -y a archive.7z {$files}");
+ else
+ exec("/usr/local/libexec/p7zip/7z -y a archive.7z {$files}");
// create the final installer
$outfile = "{$tempdir}-install.exe";
@@ -400,8 +426,9 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
return $outfile;
}
-function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy) {
+function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) {
global $config, $g;
+ $uname_p = trim(exec("uname -p"));
$ovpndir = "/usr/local/share/openvpn/";
if (!file_exists($workdir . "/template/openvpn-install.exe"))
@@ -432,7 +459,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
}
// lookup user certificate info
- if ($settings['mode'] != "server_user") {
+ if ($settings['mode'] == "server_tls_user") {
if ($settings['authmode'] == "Local Database") {
$cert = $user['cert'][$crtid];
} else {
@@ -443,7 +470,12 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
// If $cert is not an array, it's a certref not a cert.
if (!is_array($cert))
$cert = lookup_cert($cert);
- }
+ } elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) {
+ $cert = $config['cert'][$crtid];
+ if (!$cert)
+ return false;
+ } else
+ $nokeys = true;
// create template directory
mkdir($tempdir, 0700, true);
@@ -461,7 +493,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle);
}
- $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, true, $proxy, false, "", true);
+ $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, true, $proxy, false, "", true, $advancedoptions);
if (!$conf)
return false;
@@ -509,8 +541,19 @@ EOF;
file_put_contents($crtfile, base64_decode($cert['crt']));
// write user .key
- $keyfile = "{$tempdir}/key.key";
- file_put_contents($keyfile, base64_decode($cert['prv']));
+ if (!empty($outpass)) {
+ $keyfile = "{$tempdir}/key.key";
+ $clearkeyfile = "{$tempdir}/key-clear.key";
+ file_put_contents($clearkeyfile, base64_decode($cert['prv']));
+ $eoutpass = escapeshellarg($outpass);
+ $ekeyfile = escapeshellarg($keyfile);
+ $eclearkeyfile = escapeshellarg($clearkeyfile);
+ exec("/usr/bin/openssl rsa -in ${eclearkeyfile} -out ${ekeyfile} -des3 -passout pass:${eoutpass}");
+ unlink($clearkeyfile);
+ } else {
+ $keyfile = "{$tempdir}/key.key";
+ file_put_contents($keyfile, base64_decode($cert['prv']));
+ }
}
// TLS support?
@@ -520,7 +563,10 @@ EOF;
}
// Zip Viscosity file
- exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$zipfile} Viscosity.visc");
+ if(file_exists("/usr/pbi/zip-{$uname_p}/bin/zip"))
+ exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r {$zipfile} Viscosity.visc");
+ else
+ exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$zipfile} Viscosity.visc");
// Remove temporary directory
exec("rm -rf {$tempdir}");
@@ -626,7 +672,10 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
$shkeyfile = "{$tempdir}/{$shkeyfile}";
file_put_contents("{$shkeyfile}", base64_decode($settings['shared_key']));
- exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
+ if(file_exists("/usr/pbi/zip-{$uname_p}/bin/zip"))
+ exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
+ else
+ exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
// Remove temporary directory
exec("rm -rf {$tempdir}");
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 11:25:22 +0000