From 96f4278cb93b04fbd1493328822de6fcd76569b5 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Fri, 31 Jul 2015 16:46:12 +0200 Subject: openvpn-client-export.xml - XML cleanup and fixes - add standard XML and copyright headers - remove bunch of 077 chmods - remove unused tags --- .../openvpn-client-export.xml | 53 ++++++++++++++++++---- 1 file changed, 44 insertions(+), 9 deletions(-) (limited to 'config') diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index 47ad4744..45adb592 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,12 +1,52 @@ + + + + + OpenVPN Client Export - 1.2.16 + 1.2.17 OpenVPN Client Export /usr/local/pkg/openvpn-client-export.inc - - - Client Export @@ -21,28 +61,23 @@ /usr/local/pkg/ - 077 https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.inc /usr/local/pkg/ - 077 https://files.pfsense.org/packages/openvpn-client-export/openvpn-client-export-2.3.6.tgz /usr/local/www/ - 077 https://packages.pfsense.org/packages/config/openvpn-client-export/vpn_openvpn_export.php /usr/local/www/ - 077 https://packages.pfsense.org/packages/config/openvpn-client-export/vpn_openvpn_export_shared.php /etc/inc/priv/ - 077 https://packages.pfsense.org/packages/config/openvpn-client-export/openvpnexport.inc -- cgit v1.2.3 From 34664d0519236cd45ab223963edb2e87aa175804 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Fri, 31 Jul 2015 18:05:35 +0200 Subject: openvpn-client-export.inc - developer style guide fixes --- .../openvpn-client-export.inc | 233 ++++++++++++--------- 1 file changed, 136 insertions(+), 97 deletions(-) (limited to 'config') diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 9488119e..de0ef7e7 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -1,6 +1,7 @@ Copyright (C) 2008 Shrew Soft Inc Copyright (C) 2010 Ermal Luci @@ -39,7 +40,7 @@ require_once("util.inc"); require_once("pfsense-utils.inc"); global $current_openvpn_version, $current_openvpn_version_rev; -$current_openvpn_version = "2.3.6"; +$current_openvpn_version = "2.3.6"; $current_openvpn_version_rev = "03"; function openvpn_client_export_install() { @@ -52,9 +53,9 @@ function openvpn_client_export_install() { $ovpndir = "/usr/local/share/openvpn"; $workdir = "{$ovpndir}/client-export"; - if (!is_dir($workdir)) + if (!is_dir($workdir)) { mkdir($workdir, 0777, true); - + } exec("/usr/bin/tar zxf {$tarpath} -C {$ovpndir}"); conf_mount_ro(); } @@ -80,21 +81,22 @@ function openvpn_client_export_prefix($srvid, $usrid = null, $crtid = null) { // lookup server settings $settings = $config['openvpn']['openvpn-server'][$srvid]; - if (empty($settings)) + if (empty($settings)) { return false; - if ($settings['disable']) + } + if ($settings['disable']) { return false; - + } $host = empty($config['system']['hostname']) ? "openvpn" : $config['system']['hostname']; $prot = ($settings['protocol'] == 'UDP' ? 'udp' : $settings['protocol']); $port = $settings['local_port']; $filename_addition = ""; - if ($usrid && is_numeric($usrid)) + if ($usrid && is_numeric($usrid)) { $filename_addition = "-".$config['system']['user'][$usrid]['name']; - elseif ($crtid && is_numeric($crtid) && function_exists("cert_get_cn")) + } elseif ($crtid && is_numeric($crtid) && function_exists("cert_get_cn")) { $filename_addition = "-" . str_replace(' ', '_', cert_get_cn($config['cert'][$crtid]['crt'])); - + } return "{$host}-{$prot}-{$port}{$filename_addition}"; } @@ -106,13 +108,15 @@ function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $cap if ($capath) { $ecapath = escapeshellarg($capath); exec("/usr/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -certfile {$ecapath} -out {$eoutpath} -passout pass:{$eoutpass}"); - } else + } else { exec("/usr/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -out {$eoutpath} -passout pass:{$eoutpass}"); + } unlink($crtpath); unlink($keypath); - if ($capath) + if ($capath) { unlink($capath); + } } function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { @@ -131,8 +135,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { // lookup server certificate info $server_cert = lookup_cert($settings['certref']); - if (!$server_cert) - { + if (!$server_cert) { $input_errors[] = "Could not locate server certificate."; } else { $server_ca = lookup_ca($server_cert['caref']); @@ -159,24 +162,26 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { } else { $cert = $config['cert'][$crtid]; } - if (!$cert) - { + if (!$cert) { $input_errors[] = "Could not find client certificate."; } else { // If $cert is not an array, it's a certref not a cert. - if (!is_array($cert)) + if (!is_array($cert)) { $cert = lookup_cert($cert); + } } } elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) { $cert = $config['cert'][$crtid]; - if (!$cert) + if (!$cert) { $input_errors[] = "Could not find client certificate."; - } else + } + } else { $nokeys = true; + } - if ($input_errors) + if ($input_errors) { return false; - + } return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys); } @@ -202,9 +207,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys // add basic settings $devmode = empty($settings['dev_mode']) ? "tun" : $settings['dev_mode']; - if (($expformat != "inlinedroid") && ($expformat != "inlineios")) + if (($expformat != "inlinedroid") && ($expformat != "inlineios")) { $conf .= "dev {$devmode}{$nl}"; - if(!empty($settings['tunnel_networkv6']) && ($expformat != "inlinedroid") && ($expformat != "inlineios")) { + } + if (!empty($settings['tunnel_networkv6']) && ($expformat != "inlinedroid") && ($expformat != "inlineios")) { $conf .= "tun-ipv6{$nl}"; } $conf .= "persist-tun{$nl}"; @@ -216,14 +222,16 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys $conf .= "auth {$digest}{$nl}"; $conf .= "tls-client{$nl}"; $conf .= "client{$nl}"; - if (($expformat != "inlinedroid") && ($expformat != "inlineios")) + if (($expformat != "inlinedroid") && ($expformat != "inlineios")) { $conf .= "resolv-retry infinite{$nl}"; + } $conf .= "$remotes{$nl}"; /* Use a random local port, otherwise two clients will conflict if they run at the same time. May not be supported on older clients (Released before May 2010) */ - if (($randomlocalport != 0) && (substr($expformat, 0, 7) != "yealink") && ($expformat != "snom")) + if (($randomlocalport != 0) && (substr($expformat, 0, 7) != "yealink") && ($expformat != "snom")) { $conf .= "lport 0{$nl}"; + } /* This line can cause problems with auth-only setups and also with Yealink/Snom phones since they are stuck on an older OpenVPN version that does not support this feature. */ @@ -246,19 +254,20 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys if (!empty($proxy)) { if ($proxy['proxy_type'] == "http") { - if (strtoupper(substr($settings['protocol'], 0, 3)) == "UDP") { $input_errors[] = "This server uses UDP protocol and cannot communicate with HTTP proxy."; return; } $conf .= "http-proxy {$proxy['ip']} {$proxy['port']} "; } - if ($proxy['proxy_type'] == "socks") + if ($proxy['proxy_type'] == "socks") { $conf .= "socks-proxy {$proxy['ip']} {$proxy['port']} "; + } if ($proxy['proxy_authtype'] != "none") { - if (!isset($proxy['passwdfile'])) + if (!isset($proxy['passwdfile'])) { $proxy['passwdfile'] = openvpn_client_export_prefix($srvid, $usrid, $crtid) . "-proxy"; - $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}"; + $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}"; + } } $conf .= "{$nl}"; } @@ -274,7 +283,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys // add key settings $prefix = openvpn_client_export_prefix($srvid, $usrid, $crtid); $cafile = "{$prefix}-ca.crt"; - if($nokeys == false) { + if ($nokeys == false) { if ($expformat == "yealink_t28") { $conf .= "ca /yealink/config/openvpn/keys/ca.crt{$nl}"; $conf .= "cert /yealink/config/openvpn/keys/client1.crt{$nl}"; @@ -297,22 +306,24 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys } elseif (substr($expformat, 0, 6) != "inline") { $conf .= "pkcs12 {$prefix}.p12{$nl}"; } - } else if ($settings['mode'] == "server_user") { - if (substr($expformat, 0, 6) != "inline") + } elseif ($settings['mode'] == "server_user") { + if (substr($expformat, 0, 6) != "inline") { $conf .= "ca {$cafile}{$nl}"; + } } if ($settings['tls'] && !$skiptls) { - if ($expformat == "yealink_t28") + if ($expformat == "yealink_t28") { $conf .= "tls-auth /yealink/config/openvpn/keys/ta.key 1{$nl}"; - elseif ($expformat == "yealink_t38g") + } elseif ($expformat == "yealink_t38g") { $conf .= "tls-auth /phone/config/openvpn/keys/ta.key 1{$nl}"; - elseif ($expformat == "yealink_t38g2") + } elseif ($expformat == "yealink_t38g2") { $conf .= "tls-auth /config/openvpn/keys/ta.key 1{$nl}"; - elseif ($expformat == "snom") + } elseif ($expformat == "snom") { $conf .= "tls-auth /openvpn/ta.key 1{$nl}"; - elseif (substr($expformat, 0, 6) != "inline") + } elseif (substr($expformat, 0, 6) != "inline") { $conf .= "tls-auth {$prefix}-tls.key 1{$nl}"; + } } // Prevent MITM attacks by verifying the server certificate. @@ -323,24 +334,26 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys if (function_exists("cert_get_purpose")) { if (is_array($server_cert) && ($server_cert['crt'])) { $purpose = cert_get_purpose($server_cert['crt'], true); - if ($purpose['server'] == 'Yes') + if ($purpose['server'] == 'Yes') { $conf .= "ns-cert-type server{$nl}"; + } } } // add optional settings if (!empty($settings['compression'])) { - if ($pfs_version > 2.1) + if ($pfs_version > 2.1) { $conf .= "comp-lzo {$settings['compression']}{$nl}"; - else + } else { $conf .= "comp-lzo{$nl}"; + } } - if ($settings['passtos']) + if ($settings['passtos']) { $conf .= "passtos{$nl}"; + } - if ($openvpnmanager) - { + if ($openvpnmanager) { if (!empty($settings['client_mgmt_port'])) { $client_mgmt_port = $settings['client_mgmt_port']; } else { @@ -393,10 +406,11 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys // convert to pkcs12 format $p12file = "{$tempdir}/{$prefix}.p12"; - if ($usetoken) + if ($usetoken) { openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); - else + } else { openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); + } } $command = "cd " . escapeshellarg("{$tempdir}/..") . " && /usr/local/bin/zip -r " @@ -432,7 +446,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys case "yealink_t38g2": // create template directory $tempdir = "{$g['tmp_path']}/{$prefix}"; - $keydir = "{$tempdir}/keys"; + $keydir = "{$tempdir}/keys"; mkdir($tempdir, 0700, true); mkdir($keydir, 0700, true); @@ -511,8 +525,9 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri $ovpndir = "/usr/local/share/openvpn"; $workdir = "{$ovpndir}/client-export"; - if (!file_exists($workdir . "/template/{$client_install_exe}")) + if (!file_exists($workdir . "/template/{$client_install_exe}")) { openvpn_client_export_install(); + } $validconfig = openvpn_client_export_validate_config($srvid, $usrid, $crtid); if ($validconfig) { @@ -527,15 +542,17 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri // create config directory $confdir = "{$tempdir}/config"; - if (!is_dir($conf_dir)) + if (!is_dir($conf_dir)) { mkdir($confdir, 0700, true); + } // copy the template directory exec("cp -r {$workdir}/template/* {$tempdir}"); // and put the required installer exe in place exec("/bin/cp {$tempdir}/{$client_install_exe} {$tempdir}/openvpn-install.exe"); - if (stristr($openvpn_version, "x64")) + if (stristr($openvpn_version, "x64")) { rename("{$tempdir}/openvpn-postinstall64.exe", "{$tempdir}/openvpn-postinstall.exe"); + } // write configuration file $prefix = openvpn_client_export_prefix($srvid, $usrid, $crtid); @@ -546,7 +563,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri $pwdfle .= "{$proxy['password']}\r\n"; file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $openvpnmanager, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $nokeys, $proxy, "", "baseconf", false, true, $openvpnmanager, $advancedoptions); if (!$conf) { $input_errors[] = "Could not create a config to export."; return false; @@ -569,37 +586,40 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri file_put_contents($keyfile, base64_decode($cert['prv'])); // convert to pkcs12 format $p12file = "{$tempdir}/config/{$prefix}.p12"; - if ($usetoken) + if ($usetoken) { openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile); - else + } else { openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); + } } // 7zip the configuration data chdir($tempdir); - $files = "config "; - if ($openvpnmanager) + $files = "config "; + if ($openvpnmanager) { $files .= "openvpnmanager "; + } $files .= "openvpn-install.exe "; $files .= "openvpn-postinstall.exe "; - if ($usetoken) + if ($usetoken) { $procchain = ';!@Install@!UTF-8! RunProgram="openvpn-postinstall.exe /Import" ;!@InstallEnd@!' ; - else + } else { $procchain = ';!@Install@!UTF-8! RunProgram="openvpn-postinstall.exe" ;!@InstallEnd@!' ; + } file_put_contents("{$tempdir}/7zipConfig",$procchain); - if(file_exists("/usr/pbi/p7zip-{$uname_p}/bin/7z")) + if (file_exists("/usr/pbi/p7zip-{$uname_p}/bin/7z")) { exec("/usr/pbi/p7zip-{$uname_p}/bin/7z -y a archive.7z {$files}"); - else + } else { exec("/usr/local/libexec/p7zip/7z -y a archive.7z {$files}"); - + } // create the final installer $outfile = "{$tempdir}-install.exe"; chdir($g['tmp_path']); @@ -616,8 +636,9 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead $uname_p = trim(exec("uname -p")); $ovpndir = "/usr/local/share/openvpn/"; - if (!file_exists($workdir . "/template/openvpn-install.exe")) + if (!file_exists($workdir . "/template/openvpn-install.exe")) { openvpn_client_export_install(); + } $uniq = uniqid(); $tempdir = $g['tmp_path'] . "/openvpn-export-" . $uniq; @@ -653,8 +674,9 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead // We need to nuke the ca line from the above config if it exists. $conf = explode("\n", $conf); for ($i=0; $i < count($conf); $i++) { - if ((substr($conf[$i], 0, 3) == "ca ") || (substr($conf[$i], 0, 7) == "pkcs12 ")) + if ((substr($conf[$i], 0, 3) == "ca ") || (substr($conf[$i], 0, 7) == "pkcs12 ")) { unset($conf[$i]); + } } $conf = implode("\n", $conf); @@ -716,11 +738,11 @@ EOF; } // Zip Viscosity file - if(file_exists("/usr/pbi/zip-{$uname_p}/bin/zip")) + if (file_exists("/usr/pbi/zip-{$uname_p}/bin/zip")) { exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r {$zipfile} Viscosity.visc"); - else + } else { exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$zipfile} Viscosity.visc"); - + } // Remove temporary directory exec("rm -rf {$tempdir}"); @@ -748,30 +770,34 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco if (!empty($settings['ipaddr']) && is_ipaddr($settings['ipaddr'])) { $server_host = $settings['ipaddr']; } else { - if (!$interface) + if (!$interface) { $interface = "wan"; - if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) + } + if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) { $server_host = get_interface_ipv6($interface); - else + } else { $server_host = get_interface_ip($interface); + } } - } else if ($useaddr == "serverhostname" || empty($useaddr)) { + } elseif ($useaddr == "serverhostname" || empty($useaddr)) { $server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}."; $server_host .= "{$config['system']['domain']}"; - } else + } else { $server_host = $useaddr; + } $server_port = $settings['local_port']; $proto = strtolower($settings['protocol']); - if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") + if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") { $proto .= "-client"; + } $cipher = $settings['crypto']; $digest = !empty($settings['digest']) ? $settings['digest'] : "SHA1"; // add basic settings - $conf = "dev tun\n"; + $conf = "dev tun\n"; if(! empty($settings['tunnel_networkv6'])) { $conf .= "tun-ipv6\n"; } @@ -807,14 +833,16 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco } $conf .= "http-proxy {$proxy['ip']} {$proxy['port']} "; } - if ($proxy['proxy_type'] == "socks") + if ($proxy['proxy_type'] == "socks") { $conf .= "socks-proxy {$proxy['ip']} {$proxy['port']} "; + } if ($proxy['proxy_authtype'] != "none") { - if (!isset($proxy['passwdfile'])) + if (!isset($proxy['passwdfile'])) { $proxy['passwdfile'] = openvpn_client_export_prefix($srvid) . "-proxy"; - $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}"; + $conf .= " {$proxy['passwdfile']} {$proxy['proxy_authtype']}"; + } + $conf .= "\n"; } - $conf .= "\n"; } // add key settings @@ -846,8 +874,9 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco // Remove temporary directory exec("rm -rf {$tempdir}"); return "{$prefix}-config.zip"; - } else + } else { return $conf; + } } function openvpn_client_export_build_remote_lines($settings, $useaddr, $interface, $expformat, $nl) { @@ -858,25 +887,30 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac if (!empty($settings['ipaddr']) && is_ipaddr($settings['ipaddr'])) { $server_host = $settings['ipaddr']; } else { - if (!$interface || ($interface == "any")) + if (!$interface || ($interface == "any")) { $interface = "wan"; - if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) + } + if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) { $server_host = get_interface_ipv6($interface); - else + } else { $server_host = get_interface_ip($interface); + } } } else if ($useaddr == "serverhostname" || empty($useaddr)) { $server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}."; $server_host .= "{$config['system']['domain']}"; - } else + } else { $server_host = $useaddr; + } $proto = strtolower($settings['protocol']); - if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") + if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") { $proto .= "-client"; + } - if (($expformat == "inlineios") && ($proto == "tcp-client")) + if (($expformat == "inlineios") && ($proto == "tcp-client")) { $proto = "tcp"; + } if (($useaddr == "servermagic") || ($useaddr == "servermagichost")) { $destinations = openvpn_client_export_find_port_forwards($server_host, $settings['local_port'], $proto, true, ($useaddr == "servermagichost")); @@ -892,19 +926,18 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac function openvpn_client_export_find_port_forwards($targetip, $targetport, $targetproto, $skipprivate, $findhostname=false) { global $config, $FilterIflist; - if (empty($FilterIflist)) + if (empty($FilterIflist)) { filter_generate_optcfg_array(); + } $destinations = array(); - if (!is_array($config['nat']) || !is_array($config['nat']['rule'])) + if (!is_array($config['nat']) || !is_array($config['nat']['rule'])) { return $destinations; + } foreach ($config['nat']['rule'] as $natent) { $dest = array(); - if (!isset($natent['disabled']) - && ($natent['target'] == $targetip) - && ($natent['local-port'] == $targetport) - && ($natent['protocol'] == $targetproto)) { + if (!isset($natent['disabled']) && ($natent['target'] == $targetip) && ($natent['local-port'] == $targetport) && ($natent['protocol'] == $targetproto)) { $dest['proto'] = $natent['protocol']; // Could be multiple ports... But we can only use one. @@ -914,32 +947,36 @@ function openvpn_client_export_find_port_forwards($targetip, $targetport, $targe // Could be network or address ... $natif = (!$natent['interface']) ? "wan" : $natent['interface']; - if (!isset($FilterIflist[$natif])) + if (!isset($FilterIflist[$natif])) { continue; // Skip if there is no interface + } $dstaddr = trim(filter_generate_address($natent, 'destination', true)); - if(!$dstaddr) + if(!$dstaddr) { $dstaddr = $FilterIflist[$natif]['ip']; + } $dstaddr_port = explode(" ", $dstaddr); - if(empty($dstaddr_port[0]) || strtolower(trim($dstaddr_port[0])) == "port") + if (empty($dstaddr_port[0]) || strtolower(trim($dstaddr_port[0])) == "port") { continue; // Skip port forward if no destination address found + } - - if (!is_ipaddr($dstaddr_port[0])) + if (!is_ipaddr($dstaddr_port[0])) { continue; // We can only work with single IPs, not subnets! + } - - if ($skipprivate && is_private_ip($dstaddr_port[0])) + if ($skipprivate && is_private_ip($dstaddr_port[0])) { continue; // Skipping a private IP destination! + } $dest['host'] = $dstaddr_port[0]; if ($findhostname) { $hostname = openvpn_client_export_find_hostname($natif); - if (!empty($hostname)) + if (!empty($hostname)) { $dest['host'] = $hostname; + } } $destinations[] = $dest; @@ -954,14 +991,16 @@ function openvpn_client_export_find_hostname($interface) { $hostname = ""; if (is_array($config['dyndnses']['dyndns'])) { foreach ($config['dyndnses']['dyndns'] as $ddns) { - if (($ddns['interface'] == $interface) && isset($ddns['enable']) && !empty($ddns['host']) && !is_numeric($ddns['host']) && is_hostname($ddns['host'])) + if (($ddns['interface'] == $interface) && isset($ddns['enable']) && !empty($ddns['host']) && !is_numeric($ddns['host']) && is_hostname($ddns['host'])) { return $ddns['host']; + } } } if (is_array($config['dnsupdates']['dnsupdate'])) { foreach ($config['dnsupdates']['dnsupdate'] as $ddns) { - if (($ddns['interface'] == $interface) && isset($ddns['enable']) && !empty($ddns['host']) && !is_numeric($ddns['host']) && is_hostname($ddns['host'])) + if (($ddns['interface'] == $interface) && isset($ddns['enable']) && !empty($ddns['host']) && !is_numeric($ddns['host']) && is_hostname($ddns['host'])) { return $ddns['host']; + } } } -- cgit v1.2.3 From 88ecb8f4456103a89dbef2ed9db35edf9ddda474 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Fri, 31 Jul 2015 18:37:07 +0200 Subject: openvpnexport.inc - add standard copyright header --- config/openvpn-client-export/openvpnexport.inc | 27 ++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'config') diff --git a/config/openvpn-client-export/openvpnexport.inc b/config/openvpn-client-export/openvpnexport.inc index 93046364..6088dbbb 100644 --- a/config/openvpn-client-export/openvpnexport.inc +++ b/config/openvpn-client-export/openvpnexport.inc @@ -1,4 +1,31 @@ Date: Fri, 31 Jul 2015 19:02:13 +0200 Subject: vpn_openvpn_export.php - developer style guide fixes --- .../openvpn-client-export/vpn_openvpn_export.php | 34 +++++++++++++++------- 1 file changed, 23 insertions(+), 11 deletions(-) (limited to 'config') diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 8703d2da..f391aead 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -1,9 +1,11 @@ -- cgit v1.2.3 From 67ac70d1cae637c7dd9b5781f2c0acd09a5f61dd Mon Sep 17 00:00:00 2001 From: doktornotor Date: Fri, 31 Jul 2015 19:13:49 +0200 Subject: vpn_openvpn_export_shared.php - developer style guide fixes --- .../vpn_openvpn_export_shared.php | 54 ++++++++++++++-------- 1 file changed, 35 insertions(+), 19 deletions(-) (limited to 'config') diff --git a/config/openvpn-client-export/vpn_openvpn_export_shared.php b/config/openvpn-client-export/vpn_openvpn_export_shared.php index 26efc1ed..e961c1d1 100644 --- a/config/openvpn-client-export/vpn_openvpn_export_shared.php +++ b/config/openvpn-client-export/vpn_openvpn_export_shared.php @@ -1,9 +1,10 @@ $server) { - if (isset($server['disable'])) + if (isset($server['disable'])) { continue; + } $ras_user = array(); - if ($server['mode'] != "p2p_shared_key") + if ($server['mode'] != "p2p_shared_key") { continue; - + } $ras_serverent = array(); $prot = $server['protocol']; $port = $server['local_port']; - if ($server['description']) + if ($server['description']) { $name = "{$server['description']} {$prot}:{$port}"; - else + } + else { $name = "Shared Key Server {$prot}:{$port}"; + } $ras_serverent['index'] = $sindex; $ras_serverent['name'] = $name; $ras_serverent['mode'] = $server['mode']; @@ -63,12 +68,14 @@ foreach($a_server as $sindex => $server) { } $id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id'])) { $id = $_POST['id']; +} $act = $_GET['act']; -if (isset($_POST['act'])) +if (isset($_POST['act'])) { $act = $_POST['act']; +} $error = false; @@ -82,8 +89,9 @@ if(($act == "skconf") || ($act == "skzipconf")) { if (empty($_GET['useaddr'])) { $error = true; $input_errors[] = "You need to specify an IP or hostname."; - } else + } else { $useaddr = $_GET['useaddr']; + } $proxy = ""; if (!empty($_GET['proxy_addr']) || !empty($_GET['proxy_port'])) { @@ -91,32 +99,37 @@ if(($act == "skconf") || ($act == "skzipconf")) { if (empty($_GET['proxy_addr'])) { $error = true; $input_errors[] = "You need to specify an address for the proxy port."; - } else + } else { $proxy['ip'] = $_GET['proxy_addr']; + } if (empty($_GET['proxy_port'])) { $error = true; $input_errors[] = "You need to specify a port for the proxy ip."; - } else + } else { $proxy['port'] = $_GET['proxy_port']; + } $proxy['proxy_type'] = $_GET['proxy_type']; $proxy['proxy_authtype'] = $_GET['proxy_authtype']; if ($_GET['proxy_authtype'] != "none") { if (empty($_GET['proxy_user'])) { $error = true; $input_errors[] = "You need to specify a username with the proxy config."; - } else + } else { $proxy['user'] = $_GET['proxy_user']; + } if (!empty($_GET['proxy_user']) && empty($_GET['proxy_password'])) { $error = true; $input_errors[] = "You need to specify a password with the proxy user."; - } else + } else { $proxy['password'] = $_GET['proxy_password']; + } } } $exp_name = openvpn_client_export_prefix($srvid); - if ($act == "skzipconf") + if ($act == "skzipconf") { $zipconf = true; + } $exp_data = openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipconf); if (!$exp_data) { $input_errors[] = "Failed to export config files!"; @@ -136,10 +149,11 @@ if(($act == "skconf") || ($act == "skzipconf")) { header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: $exp_size"); - if ($zipconf) + if ($zipconf) { readfile("{$g['tmp_path']}/{$exp_data}"); - else + } else { echo $exp_data; + } @unlink("{$g['tmp_path']}/{$exp_data}"); exit; @@ -276,10 +290,12 @@ function useproxy_changed(obj) { //]]>
-- cgit v1.2.3 From 5575cb093b3f728d530a36ac31c07699c07eccb6 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Mon, 3 Aug 2015 16:17:47 +0200 Subject: openvpnexport.inc - fix pfSense website link --- config/openvpn-client-export/openvpnexport.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/openvpn-client-export/openvpnexport.inc b/config/openvpn-client-export/openvpnexport.inc index 6088dbbb..95c391a0 100644 --- a/config/openvpn-client-export/openvpnexport.inc +++ b/config/openvpn-client-export/openvpnexport.inc @@ -1,7 +1,7 @@ Date: Mon, 3 Aug 2015 16:22:14 +0200 Subject: openvpn-client-export.inc - fix pfSense website link --- config/openvpn-client-export/openvpn-client-export.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index de0ef7e7..979c5f1b 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -1,7 +1,7 @@ Copyright (C) 2008 Shrew Soft Inc Copyright (C) 2010 Ermal Luci -- cgit v1.2.3 From ab28807b3047a1c8da8ef2b71d717e3d63058290 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Mon, 3 Aug 2015 16:26:39 +0200 Subject: openvpn-client-export.xml - fix pfSense website link --- config/openvpn-client-export/openvpn-client-export.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index 45adb592..a9630730 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -8,7 +8,7 @@ /* ====================================================================================== */ /* openvpn-client-export.xml - part of pfSense (http://www.pfSense.com) + part of pfSense (http://www.pfSense.org/) Copyright (C) 2011-2015 Jim Pingle Copyright (C) 2009-2010 Ermal Luçi Copyright (C) 2009 Scott Ullrich -- cgit v1.2.3 From 894aa90c9bddd81a4539b6c82821eba2dd110144 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Mon, 3 Aug 2015 16:27:19 +0200 Subject: vpn_openvpn_export_shared.php - fix pfSense website link --- config/openvpn-client-export/vpn_openvpn_export_shared.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/openvpn-client-export/vpn_openvpn_export_shared.php b/config/openvpn-client-export/vpn_openvpn_export_shared.php index e961c1d1..630bb253 100644 --- a/config/openvpn-client-export/vpn_openvpn_export_shared.php +++ b/config/openvpn-client-export/vpn_openvpn_export_shared.php @@ -1,7 +1,7 @@ Date: Mon, 3 Aug 2015 16:27:56 +0200 Subject: vpn_openvpn_export.php - fix pfSense website link --- config/openvpn-client-export/vpn_openvpn_export.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index f391aead..a445e986 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -1,7 +1,7 @@