1 files changed, 198 insertions, 137 deletions

diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index f023bf21..026efabb 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -3,7 +3,7 @@
 	openvpn-client-export.inc
 	Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com>
 	Copyright (C) 2008 Shrew Soft Inc
-	Copyright (C) 2010 Ermal Lu�i
+	Copyright (C) 2010 Ermal Luci
 	All rights reserved.
 
 	Parts of this code was originally based on vpn_ipsec_sad.php
@@ -95,10 +95,8 @@ function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $cap
 		unlink($capath);
 }
 
-function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys = false, $proxy, $zipconf = false, $outpass = "", $skiptls=false, $doslines=false, $advancedoptions = "") {
-	global $config, $input_errors, $g;
-
-	$nl = ($doslines) ? "\r\n" : "\n";
+function openvpn_client_export_validate_config($srvid, $usrid, $crtid) {
+	global $config, $g, $input_errors;
 
 	// lookup server settings
 	$settings = $config['openvpn']['openvpn-server'][$srvid];
@@ -150,6 +148,21 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
 	} else
 		$nokeys = true;
 
+	return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys);
+}
+
+function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $nokeys = false, $proxy, $expformat = "baseconf", $outpass = "", $skiptls=false, $doslines=false, $advancedoptions = "") {
+	global $config, $input_errors, $g;
+
+	$nl = ($doslines) ? "\r\n" : "\n";
+
+	$validconfig = openvpn_client_export_validate_config($srvid, $usrid, $crtid);
+	if ($validconfig) {
+		list($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys) = $validconfig;
+	} else {
+		return false;
+	}
+
 	// determine basic variables
 	if ($useaddr == "serveraddr") {
 		$interface = $settings['interface'];
@@ -162,7 +175,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
 		}
 	} else if ($useaddr == "serverhostname" || empty($useaddr)) {
 		$server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}.";
-		$server_host .= "{{$config['system']['domain']}";
+		$server_host .= "{$config['system']['domain']}";
 	} else
 		$server_host = $useaddr;
 
@@ -185,8 +198,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
 	$conf .= "client{$nl}";
 	$conf .= "resolv-retry infinite{$nl}";
 	$conf .= "remote {$server_host} {$server_port}{$nl}";
-	if (!empty($servercn))
-		$conf .= "tls-remote {$servercn}{$nl}";
+	if (!empty($servercn)) {
+		$qw = ($quoteservercn) ? "\"" : "";
+		$conf .= "tls-remote {$qw}{$servercn}{$qw}{$nl}";
+	}
 
 	if (!empty($proxy)) {
 		if ($proto == "udp") {
@@ -214,17 +229,52 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
 	$prefix = openvpn_client_export_prefix($srvid);
 	$cafile = "{$prefix}-ca.crt";
 	if($nokeys == false) {
-		if ($usetoken) {
+		if ($expformat == "inline") {
+			$conf .= "ca [inline]{$nl}";
+			$conf .= "cert [inline]{$nl}";
+			$conf .= "key [inline]{$nl}";
+		} elseif ($expformat == "yealink_t28") {
+			$conf .= "ca /yealink/config/openvpn/keys/ca.crt{$nl}";
+			$conf .= "cert /yealink/config/openvpn/keys/client1.crt{$nl}";
+			$conf .= "key /yealink/config/openvpn/keys/client1.key{$nl}";
+		} elseif ($expformat == "yealink_t38g") {
+			$conf .= "ca /phone/config/openvpn/keys/ca.crt{$nl}";
+			$conf .= "cert /phone/config/openvpn/keys/client1.crt{$nl}";
+			$conf .= "key /phone/config/openvpn/keys/client1.key{$nl}";
+		} elseif ($expformat == "yealink_t38g2") {
+			$conf .= "ca /config/openvpn/keys/ca.crt{$nl}";
+			$conf .= "cert /config/openvpn/keys/client1.crt{$nl}";
+			$conf .= "key /config/openvpn/keys/client1.key{$nl}";
+		} elseif ($expformat == "snom") {
+			$conf .= "ca /openvpn/ca.crt{$nl}";
+			$conf .= "cert /openvpn/phone1.crt{$nl}";
+			$conf .= "key /openvpn/phone1.key{$nl}";
+		} elseif ($usetoken) {
 			$conf .= "ca {$cafile}{$nl}";
 			$conf .= "cryptoapicert \"SUBJ:{$user['name']}\"{$nl}";
 		} else {
 			$conf .= "pkcs12 {$prefix}.p12{$nl}";
 		}
-	} else if ($settings['mode'] == "server_user")
-		$conf .= "ca {$cafile}{$nl}";
+	} else if ($settings['mode'] == "server_user") {
+		if ($expformat == "inline")
+			$conf .= "ca [inline]{$nl}";
+		else
+			$conf .= "ca {$cafile}{$nl}";
+	}
 
 	if ($settings['tls'] && !$skiptls) {
-		$conf .= "tls-auth {$prefix}-tls.key 1{$nl}";
+		if ($expformat == "inline")
+			$conf .= "tls-auth [inline] 1{$nl}";
+		elseif ($expformat == "yealink_t28")
+			$conf .= "tls-auth /yealink/config/openvpn/keys/ta.key 1{$nl}";
+		elseif ($expformat == "yealink_t38g")
+			$conf .= "tls-auth /phone/config/openvpn/keys/ta.key 1{$nl}";
+		elseif ($expformat == "yealink_t38g2")
+			$conf .= "tls-auth /config/openvpn/keys/ta.key 1{$nl}";
+		elseif ($expformat == "snom")
+			$conf .= "tls-auth /openvpn/ta.key 1{$nl}";
+		else
+			$conf .= "tls-auth {$prefix}-tls.key 1{$nl}";
 	}
 
 	// Prevent MITM attacks by verifying the server certificate.
@@ -251,102 +301,143 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
 	$conf .= $advancedoptions;
 	$conf .= $nl;
 
-	if ($zipconf == true) {
-		// create template directory
-		$tempdir = "{$g['tmp_path']}/{$prefix}";
-		mkdir($tempdir, 0700, true);
-
-		file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf);
-
-		$cafile = "{$tempdir}/{$cafile}";
-		file_put_contents("{$cafile}", base64_decode($server_ca['crt']));
-		if ($settings['tls']) {
-			$tlsfile = "{$tempdir}/{$prefix}-tls.key";
-			file_put_contents($tlsfile, base64_decode($settings['tls']));
-		}
-
-		// write key files
-		if ($settings['mode'] != "server_user") {
-			$crtfile = "{$tempdir}/{$prefix}-cert.crt";
-			file_put_contents($crtfile, base64_decode($cert['crt']));
-			$keyfile = "{$tempdir}/{$prefix}.key";
-			file_put_contents($keyfile, base64_decode($cert['prv']));
-
-			// convert to pkcs12 format
-			$p12file = "{$tempdir}/{$prefix}.p12";
-			if ($usetoken)
-				openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile);
-			else
-				openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile);
-
-		}
-		exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
-
-		// Remove temporary directory
-		exec("rm -rf {$tempdir}");
-		return "{$prefix}-config.zip";
-	} else
-		return $conf;
+	switch ($expformat) {
+		case "zip":
+			// create template directory
+			$tempdir = "{$g['tmp_path']}/{$prefix}";
+			mkdir($tempdir, 0700, true);
+
+			file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf);
+
+			$cafile = "{$tempdir}/{$cafile}";
+			file_put_contents("{$cafile}", base64_decode($server_ca['crt']));
+			if ($settings['tls']) {
+				$tlsfile = "{$tempdir}/{$prefix}-tls.key";
+				file_put_contents($tlsfile, base64_decode($settings['tls']));
+			}
+
+			// write key files
+			if ($settings['mode'] != "server_user") {
+				$crtfile = "{$tempdir}/{$prefix}-cert.crt";
+				file_put_contents($crtfile, base64_decode($cert['crt']));
+				$keyfile = "{$tempdir}/{$prefix}.key";
+				file_put_contents($keyfile, base64_decode($cert['prv']));
+
+				// convert to pkcs12 format
+				$p12file = "{$tempdir}/{$prefix}.p12";
+				if ($usetoken)
+					openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile);
+				else
+					openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile);
+			}
+			exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
+			// Remove temporary directory
+			exec("rm -rf {$tempdir}");
+			return $g['tmp_path'] . "/{$prefix}-config.zip";
+			break;
+		case "inline":
+			// Inline CA
+			$conf .= "<ca>{$nl}" . base64_decode($server_ca['crt']) . "</ca>{$nl}";
+			if ($settings['mode'] != "server_user") {
+				// Inline Cert
+				$conf .= "<cert>{$nl}" . base64_decode($cert['crt']) . "</cert>{$nl}";
+				// Inline Key
+				$conf .= "<key>{$nl}" . base64_decode($cert['prv']) . "</key>{$nl}";
+			}
+			// Inline TLS
+			if ($settings['tls']) {
+				$conf .= "<tls-auth>{$nl}" . base64_decode($settings['tls']) . "</tls-auth>{$nl} key-direction 1{$nl}";
+			}
+			return $conf;
+			break;
+		case "yealink_t28":
+		case "yealink_t38g":
+		case "yealink_t38g2":
+			// create template directory
+			$tempdir = "{$g['tmp_path']}/{$prefix}";
+			$keydir  = "{$tempdir}/keys";
+			mkdir($tempdir, 0700, true);
+			mkdir($keydir, 0700, true);
+
+			file_put_contents("{$tempdir}/vpn.cnf", $conf);
+
+			$cafile = "{$keydir}/ca.crt";
+			file_put_contents("{$cafile}", base64_decode($server_ca['crt']));
+			if ($settings['tls']) {
+				$tlsfile = "{$keydir}/ta.key";
+				file_put_contents($tlsfile, base64_decode($settings['tls']));
+			}
+
+			// write key files
+			if ($settings['mode'] != "server_user") {
+				$crtfile = "{$keydir}/client1.crt";
+				file_put_contents($crtfile, base64_decode($cert['crt']));
+				$keyfile = "{$keydir}/client1.key";
+				file_put_contents($keyfile, base64_decode($cert['prv']));
+			}
+			exec("tar -C {$tempdir} -cf {$g['tmp_path']}/client.tar ./keys ./vpn.cnf");
+			// Remove temporary directory
+			exec("rm -rf {$tempdir}");
+			return $g['tmp_path'] . "/client.tar";
+			break;
+		case "snom":
+			// create template directory
+			$tempdir = "{$g['tmp_path']}/{$prefix}";
+			mkdir($tempdir, 0700, true);
+
+			file_put_contents("{$tempdir}/vpn.cnf", $conf);
+
+			$cafile = "{$tempdir}/ca.crt";
+			file_put_contents("{$cafile}", base64_decode($server_ca['crt']));
+			if ($settings['tls']) {
+				$tlsfile = "{$tempdir}/ta.key";
+				file_put_contents($tlsfile, base64_decode($settings['tls']));
+			}
+
+			// write key files
+			if ($settings['mode'] != "server_user") {
+				$crtfile = "{$tempdir}/phone1.crt";
+				file_put_contents($crtfile, base64_decode($cert['crt']));
+				$keyfile = "{$tempdir}/phone1.key";
+				file_put_contents($keyfile, base64_decode($cert['prv']));
+			}
+			exec("cd {$tempdir}/ && tar -cf {$g['tmp_path']}/vpnclient.tar *");
+			// Remove temporary directory
+			exec("rm -rf {$tempdir}");
+			return $g['tmp_path'] . "/vpnclient.tar";
+			break;
+		default:
+			return $conf;
+	}
 }
 
-function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) {
+function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $outpass, $proxy, $advancedoptions, $openvpn_version = "2.1") {
 	global $config, $g, $input_errors;
 	$uname_p = trim(exec("uname -p"));
 
+	switch ($openvpn_version) {
+		case "2.3-x86":
+			$client_install_exe = "openvpn-install-2.3-i686.exe";
+			break;
+		case "2.3-x64":
+			$client_install_exe = "openvpn-install-2.3-x86_64.exe";
+			break;
+		default:
+			$client_install_exe = "openvpn-install-2.2.exe";
+	}
+
 	$ovpndir = "/usr/local/share/openvpn";
 	$workdir = "{$ovpndir}/client-export";
-	if (!file_exists($workdir . "/template/openvpn-install.exe"))
+	if (!file_exists($workdir . "/template/{$client_install_exe}"))
 		openvpn_client_export_install();
 
-	// lookup server settings
-	$settings = $config['openvpn']['openvpn-server'][$srvid];
-	if (empty($settings)) {
-		$input_errors[] = "Could not find a valid server config for id: {$srvid}";
-		return false;
-	}
-	if ($settings['disable']) {
-		$input_errors[] = "This server is disabled.";
-		return false;
-	}
-
-	$nokeys = false;
-
-	// lookup server certificate info
-	$server_cert = lookup_cert($settings['certref']);
-	$server_ca = lookup_ca($server_cert['caref']);
-	if (!$server_cert || !$server_ca) {
-		$input_errors[] = "Could not find a valid certificate.";
+	$validconfig = openvpn_client_export_validate_config($srvid, $usrid, $crtid);
+	if ($validconfig) {
+		list($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys) = $validconfig;
+	} else {
 		return false;
 	}
 
-	// lookup user info
-	if ($usrid) {
-		$user = $config['system']['user'][$usrid];
-		if (!$user) {
-			$input_errors[] = "Could not find the details about userid: {$usrid}";
-			return false;
-		}
-	}
-
-	// lookup user certificate info
-	if ($settings['mode'] == "server_tls_user") {
-		if ($settings['authmode'] == "Local Database") {
-			$cert = $user['cert'][$crtid];
-		} else {
-			$cert = $config['cert'][$crtid];
-		}
-		if (!$cert)
-			return false;
-		// If $cert is not an array, it's a certref not a cert.
-		if (!is_array($cert))
-			$cert = lookup_cert($cert);
-	} elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) {
-		$cert = $config['cert'][$crtid];
-		if (!$cert)
-			return false;
-	} else
-		$nokeys = true;
-
 	// create template directory
 	$tempdir = $g['tmp_path'] . "/openvpn-export-".uniqid();
 	mkdir($tempdir, 0700, true);
@@ -358,8 +449,10 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
 
 	// copy the template directory
 	exec("cp -r {$workdir}/template/* {$tempdir}");
+	// and put the required installer exe in place
+	exec("/bin/cp {$tempdir}/{$client_install_exe} {$tempdir}/openvpn-install.exe");
 
-	// write cofiguration file
+	// write configuration file
 	$prefix = openvpn_client_export_prefix($srvid);
 	$cfgfile = "{$confdir}/{$prefix}-config.ovpn";
 	if (!empty($proxy) && $proxy['proxy_authtype'] != "none") {
@@ -368,7 +461,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
 		$pwdfle .= "{$proxy['password']}\r\n";
 		file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle);
 	}
-	$conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, false, "", false, true, $advancedoptions);
+	$conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken,  $nokeys, $proxy, "", "baseconf", false, true, $advancedoptions);
 	if (!$conf) {
 		$input_errors[] = "Could not create a config to export.";
 		return false;
@@ -427,7 +520,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
 	return $outfile;
 }
 
-function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $usetoken, $outpass, $proxy, $advancedoptions) {
+function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, $outpass, $proxy, $advancedoptions) {
 	global $config, $g;
 	$uname_p = trim(exec("uname -p"));
 
@@ -439,45 +532,13 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
 	$tempdir = $g['tmp_path'] . "/openvpn-export-" . $uniq;
 	$zipfile = $g['tmp_path'] . "/{$uniq}-Viscosity.visc.zip";
 
-	// lookup server settings
-	$settings = $config['openvpn']['openvpn-server'][$srvid];
-	if (empty($settings))
+	$validconfig = openvpn_client_export_validate_config($srvid, $usrid, $crtid);
+	if ($validconfig) {
+		list($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys) = $validconfig;
+	} else {
 		return false;
-	if ($settings['disable'])
-		return false;
-
-	// lookup server certificate info
-	$server_cert = lookup_cert($settings['certref']);
-	$server_ca = lookup_ca($server_cert['caref']);
-	if (!$server_cert || !$server_ca)
-		return false;
-
-	// lookup user info
-	if ($usrid) {
-		$user = $config['system']['user'][$usrid];
-		if (!$user)
-			return false;
 	}
 
-	// lookup user certificate info
-	if ($settings['mode'] == "server_tls_user") {
-		if ($settings['authmode'] == "Local Database") {
-			$cert = $user['cert'][$crtid];
-		} else {
-			$cert = $config['cert'][$crtid];
-		}
-		if (!$cert)
-			return false;
-		// If $cert is not an array, it's a certref not a cert.
-		if (!is_array($cert))
-			$cert = lookup_cert($cert);
-	} elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) {
-		$cert = $config['cert'][$crtid];
-		if (!$cert)
-			return false;
-	} else
-		$nokeys = true;
-
 	// create template directory
 	mkdir($tempdir, 0700, true);
 	mkdir($tempdir . "/Viscosity.visc", 0700, true);
@@ -494,7 +555,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
 		file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle);
 	}
 
-	$conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, true, $proxy, false, "", true, $advancedoptions);
+	$conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quoteservercn, $usetoken, true, $proxy, "baseconf", "", true, $advancedoptions);
 	if (!$conf)
 		return false;
 
@@ -602,7 +663,7 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
 		}
 	} else if ($useaddr == "serverhostname" || empty($useaddr)) {
 		$server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}.";
-		$server_host .= "{{$config['system']['domain']}";
+		$server_host .= "{$config['system']['domain']}";
 	} else
 		$server_host = $useaddr;