From 5b998d49bf356c4f1c5548f67378eb637ade18ec Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Thu, 17 Nov 2011 13:30:45 -0500
Subject: Fix up various export scenarios that were not functioning properly.

---
 .../openvpn-client-export.inc                      | 23 +++++++++++++++++-----
 .../openvpn-client-export/vpn_openvpn_export.php   |  4 ++--
 2 files changed, 20 insertions(+), 7 deletions(-)

(limited to 'config')

diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index cd436929..a69826ba 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -132,7 +132,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
 	}
 
 	// lookup user certificate info
-	if ($settings['mode'] != "server_user") {
+	if ($settings['mode'] == "server_tls_user") {
 		if ($settings['authmode'] == "Local Database") {
 			$cert = $user['cert'][$crtid];
 		} else {
@@ -143,6 +143,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
 		// If $cert is not an array, it's a certref not a cert.
 		if (!is_array($cert))
 			$cert = lookup_cert($cert);
+	} elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) {
+		$cert = $config['cert'][$crtid];
+		if (!$cert)
+			return false;
 	} else
 		$nokeys = true;
 
@@ -315,7 +319,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
 	}
 
 	// lookup user certificate info
-	if ($settings['mode'] != "server_user") {
+	if ($settings['mode'] == "server_tls_user") {
 		if ($settings['authmode'] == "Local Database") {
 			$cert = $user['cert'][$crtid];
 		} else {
@@ -326,6 +330,10 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
 		// If $cert is not an array, it's a certref not a cert.
 		if (!is_array($cert))
 			$cert = lookup_cert($cert);
+	} elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) {
+		$cert = $config['cert'][$crtid];
+		if (!$cert)
+			return false;
 	} else
 		$nokeys = true;
 
@@ -350,7 +358,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $uset
 		$pwdfle .= "{$proxy['password']}\r\n";
 		file_put_contents("{$confdir}/{$proxy['passwdfile']}", $pwdfle);
 	}
-	$conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, false, "", false, $doslines=true, $advancedoptions);
+	$conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoken, $nokeys, $proxy, false, "", false, true, $advancedoptions);
 	if (!$conf) {
 		$input_errors[] = "Could not create a config to export.";
 		return false;
@@ -442,7 +450,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
 	}
 
 	// lookup user certificate info
-	if ($settings['mode'] != "server_user") {
+	if ($settings['mode'] == "server_tls_user") {
 		if ($settings['authmode'] == "Local Database") {
 			$cert = $user['cert'][$crtid];
 		} else {
@@ -453,7 +461,12 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
 		// If $cert is not an array, it's a certref not a cert.
 		if (!is_array($cert))
 			$cert = lookup_cert($cert);
-	}
+	} elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) {
+		$cert = $config['cert'][$crtid];
+		if (!$cert)
+			return false;
+	} else
+		$nokeys = true;
 
 	// create template directory
 	mkdir($tempdir, 0700, true);
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index 98d4fafc..5a41b85d 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -59,7 +59,7 @@ foreach($a_server as $sindex => $server) {
 	$ras_certs = array();
 	if (stripos($server['mode'], "server") === false)
 		continue;
-	if ($server['authmode'] == "Local Database" && ($server['mode'] != "server_user")) {
+	if (($server['mode'] == "server_tls_user") && ($server['authmode'] == "Local Database")) {
 		foreach($a_user as $uindex => $user) {
 			if (!is_array($user['cert']))
 				continue;
@@ -78,7 +78,7 @@ foreach($a_server as $sindex => $server) {
 				$ras_user[] = $ras_userent;
 			}
 		}
-	} elseif ((!empty($server['authmode']) && ($server['mode'] != "server_user")) || ($server['mode'] == "server_tls")) {
+	} elseif (($server['mode'] == "server_tls") || (($server['mode'] == "server_tls_user") && ($server['authmode'] != "Local Database"))) {
 		foreach($a_cert as $cindex => $cert) {
 			if ($cert['caref'] != $server['caref'])
 				continue;
-- 
cgit v1.2.3