From 780af2e7678dcccf0fd730a06549facd00906707 Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 26 Apr 2011 17:11:11 -0400 Subject: Allow exporting OpenVPN with SSL/TLS+User Auth+External source (LDAP, Radius), by listing certificates from the same CA as the OpenVPN server. --- .../openvpn-client-export/vpn_openvpn_export.php | 93 +++++++++++++++++----- 1 file changed, 72 insertions(+), 21 deletions(-) (limited to 'config/openvpn-client-export/vpn_openvpn_export.php') diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index c4ae806c..837b854b 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -46,31 +46,49 @@ if (!is_array($config['system']['user'])) $a_user = $config['system']['user']; +if (!is_array($config['cert'])) + $config['cert'] = array(); + +$a_cert = $config['cert']; + $ras_server = array(); foreach($a_server as $sindex => $server) { if (isset($server['disable'])) continue; $ras_user = array(); + $ras_certs = array(); if (stripos($server['mode'], "server") === false) continue; - foreach($a_user as $uindex => $user) { - if (!is_array($user['cert'])) - continue; - foreach($user['cert'] as $cindex => $cert) { - // If $cert is not an array, it's a certref not a cert. - if (!is_array($cert)) - $cert = lookup_cert($cert); - + if ($server['authmode'] == "Local Database" && ($server['mode'] != "server_user")) { + foreach($a_user as $uindex => $user) { + if (!is_array($user['cert'])) + continue; + foreach($user['cert'] as $cindex => $cert) { + // If $cert is not an array, it's a certref not a cert. + if (!is_array($cert)) + $cert = lookup_cert($cert); + + if ($cert['caref'] != $server['caref']) + continue; + $ras_userent = array(); + $ras_userent['uindex'] = $uindex; + $ras_userent['cindex'] = $cindex; + $ras_userent['name'] = $user['name']; + $ras_userent['certname'] = $cert['descr']; + $ras_user[] = $ras_userent; + } + } + } elseif (!empty($server['authmode']) && ($server['mode'] != "server_user")) { + foreach($a_cert as $cindex => $cert) { if ($cert['caref'] != $server['caref']) continue; - $ras_userent = array(); - $ras_userent['uindex'] = $uindex; - $ras_userent['cindex'] = $cindex; - $ras_userent['name'] = $user['name']; - $ras_userent['certname'] = $cert['descr']; - $ras_user[] = $ras_userent; + $ras_cert_entry['cindex'] = $cindex; + $ras_cert_entry['certname'] = $cert['descr']; + $ras_cert_entry['certref'] = $cert['refid']; + $ras_certs[] = $ras_cert_entry; } } + $ras_serverent = array(); $prot = $server['protocol']; $port = $server['local_port']; @@ -81,6 +99,7 @@ foreach($a_server as $sindex => $server) { $ras_serverent['index'] = $sindex; $ras_serverent['name'] = $name; $ras_serverent['users'] = $ras_user; + $ras_serverent['certs'] = $ras_certs; $ras_serverent['mode'] = $server['mode']; $ras_server[] = $ras_serverent; } @@ -342,20 +361,29 @@ var servers = new Array(); servers[] = new Array(); servers[][0] = ''; servers[][1] = new Array(); -servers[][2] = '';; - $user): ?> +servers[][2] = ''; +servers[][3] = new Array(); + $user): ?> servers[][1][] = new Array(); servers[][1][][0] = ''; servers[][1][][1] = ''; servers[][1][][2] = ''; servers[][1][][3] = ''; + +servers[][3][] = new Array(); +servers[][3][][0] = ''; +servers[][3][][1] = ''; + -function download_begin(act, i) { +function download_begin(act, i, j) { var index = document.getElementById("server").selectedIndex; var users = servers[index][1]; + var certs = servers[index][3]; var useaddr; if (document.getElementById("useaddr").value == "other") { @@ -430,6 +458,10 @@ function download_begin(act, i) { dlurl += "&usrid=" + escape(users[i][0]); dlurl += "&crtid=" + escape(users[i][1]); } + if (certs[j]) { + dlurl += "&usrid="; + dlurl += "&crtid=" + escape(certs[j][0]); + } dlurl += "&useaddr=" + escape(useaddr); dlurl += "&usetoken=" + escape(usetoken); if (usepass) @@ -455,6 +487,7 @@ function server_changed() { var index = document.getElementById("server").selectedIndex; var users = servers[index][1]; + var certs = servers[index][3]; for (i=0; i < users.length; i++) { var row = table.insertRow(table.rows.length); var cell0 = row.insertCell(0); @@ -465,13 +498,31 @@ function server_changed() { cell1.className = "listr"; cell1.innerHTML = users[i][3]; cell2.className = "listr"; - cell2.innerHTML = "Configuration"; + cell2.innerHTML = "Configuration"; cell2.innerHTML += "
"; - cell2.innerHTML += "Configuration archive"; + cell2.innerHTML += "Configuration archive"; cell2.innerHTML += "
"; - cell2.innerHTML += "Windows Installer"; + cell2.innerHTML += "Windows Installer"; cell2.innerHTML += "
"; - cell2.innerHTML += "Viscosity Bundle"; + cell2.innerHTML += "Viscosity Bundle"; + } + for (j=0; j < certs.length; j++) { + var row = table.insertRow(table.rows.length); + var cell0 = row.insertCell(0); + var cell1 = row.insertCell(1); + var cell2 = row.insertCell(2); + cell0.className = "listlr"; + cell0.innerHTML = "External Auth+Cert"; + cell1.className = "listr"; + cell1.innerHTML = certs[j][1]; + cell2.className = "listr"; + cell2.innerHTML = "Configuration"; + cell2.innerHTML += "
"; + cell2.innerHTML += "Configuration archive"; + cell2.innerHTML += "
"; + cell2.innerHTML += "Windows Installer"; + cell2.innerHTML += "
"; + cell2.innerHTML += "Viscosity Bundle"; } if (servers[index][2] == 'server_user') { var row = table.insertRow(table.rows.length); -- cgit v1.2.3