diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-10-12 16:49:15 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-10-12 16:49:15 +0000 |
commit | afb07cf1534c335bc9cffd49f00ba171cea5702c (patch) | |
tree | e5cc650292f7dd67af9b77de4e3b61bd027ec840 /usr/local/www/vpn_openvpn_crl_edit.php | |
parent | 8d3a4a1e12e23b6d3333de75f403c712a99d3c64 (diff) | |
download | pfsense-afb07cf1534c335bc9cffd49f00ba171cea5702c.zip pfsense-afb07cf1534c335bc9cffd49f00ba171cea5702c.tar.gz |
Sync OpenVPN with http://www.protec-t.de/m0n0wall/downloads from Peter Allgeyer
Diffstat (limited to 'usr/local/www/vpn_openvpn_crl_edit.php')
-rwxr-xr-x | usr/local/www/vpn_openvpn_crl_edit.php | 241 |
1 files changed, 241 insertions, 0 deletions
diff --git a/usr/local/www/vpn_openvpn_crl_edit.php b/usr/local/www/vpn_openvpn_crl_edit.php new file mode 100755 index 0000000..7b5d463 --- /dev/null +++ b/usr/local/www/vpn_openvpn_crl_edit.php @@ -0,0 +1,241 @@ +#!/usr/local/bin/php +<?php +/* + vpn_openvpn_crl_edit.php + + Copyright (C) 2005 Peter Allgeyer (allgeyer@web.de). + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); +require_once("openvpn.inc"); + +if (!is_array($config['ovpn'])) + $config['ovpn'] = array(); +if (!is_array($config['ovpn']['server'])) + $config['ovpn']['server'] = array(); +if (!is_array($config['ovpn']['server']['crl'])) + $config['ovpn']['server']['crl'] = array(); + +$ovpncrl =& $config['ovpn']['server']['crl']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $ovpncrl[$id]) { + + $pconfig = $config['ovpn']['server']['crl'][$id]; + + if (isset($ovpncrl[$id]['enable'])) + $pconfig['enable'] = true; + +} else { + /* creating - set defaults */ + $pconfig = array(); + $pconfig['enable'] = true; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "crlname"); + $reqdfieldsn = explode(",", "Name"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['crlname'])) + $input_errors[] = "The name contains invalid characters."; + + /* Editing an existing entry? */ + if (!$input_errors && !(isset($id) && $ovpncrl[$id])) { + /* make sure there are no dupes */ + foreach ($ovpncrl as $crlent) { + if ($crlent['crlname'] == $_POST['crlname']) { + $input_errors[] = "Another entry with the same name already exists."; + break; + } + } + } + + /* check if a crl was given */ + if (is_uploaded_file($_FILES['filename']['tmp_name']) && !empty($_FILES['filename']['size'])) { + $content = file_get_contents($_FILES['filename']['tmp_name']); + } else if (!empty($_POST['crl_list'])) { + $content = $_POST['crl_list']; + } else { + $content = ""; + $input_errors[] = "A valid X.509 CRL is required."; + } + + /* check if crl is valid */ + if (!empty($content) && + (!strstr($content, "BEGIN X509 CRL") || + !strstr($content, "END X509 CRL"))) + $input_errors[] = "The X.509 CRL file content does not appear to be valid."; + + if (isset($id) && $ovpncrl[$id]) { + $crlent = $ovpncrl[$id]; + + /* Has the enable/disable state changed? */ + if (isset($crlent['enable']) && isset($_POST['disabled'])) { + /* status changed to disabled */ + ovpn_crl_dirty($ovpncrl['crlname']); + } else if (!isset($crlent['enable']) && !isset($_POST['disabled'])) { + /* status changed to enable */ + ovpn_crl_dirty($ovpncrl['crlname']); + } + } + + if (!$input_errors) { + + $crlent = array(); + + if (isset($id) && $ovpncrl[$id]) + $crlent = $ovpncrl[$id]; + + $crlent['crlname'] = $_POST['crlname']; + $crlent['descr'] = $_POST['descr']; + $crlent['enable'] = $_POST['disabled'] ? false : true; + + /* file upload? */ + if ($_POST['crlname'] && is_uploaded_file($_FILES['filename']['tmp_name'])) + $crlent['crl_list'] = base64_encode(file_get_contents($_FILES['filename']['tmp_name'])); + else if (!empty($_POST['crl_list'])) + $crlent['crl_list'] = base64_encode($_POST['crl_list']); + + if (isset($id) && $ovpncrl[$id]) + $ovpncrl[$id] = $crlent; + else + $ovpncrl[] = $crlent; + + write_config(); + ovpn_crl_dirty($ovpncrl['crlname']); + + header("Location: vpn_openvpn_crl.php"); + exit; + + } else { + + $pconfig = $_POST; + + $pconfig['enable'] = "true"; + if (isset($_POST['disabled'])) + unset($pconfig['enable']); + + $pconfig['crl_list'] = base64_encode($_POST['crl_list']); + } +} + +$pgtitle = "VPN: OpenVPN: Edit client-specific configuration"; +include("head.inc"); + +?> + +<?php include("fbegin.inc"); ?> +<script language="JavaScript"> +function enable_change(enable_over) { + var endis; + endis = !(!document.iform.disabled.checked || enable_over); + + document.iform.crlname.disabled = endis; + document.iform.descr.disabled = endis; + document.iform.crl_list.disabled = endis; + document.iform.filename.disabled = endis; + +} + +//--> +</script> + +<?php if ($input_errors) print_input_errors($input_errors);?> +<form action="vpn_openvpn_crl_edit.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration. + Backup your configuration before using OpenVPN, and restore it before upgrading.<br> <br> +</span></strong> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top" class="vncellreq">Disabled</td> + <td width="78%" class="vtable"> + <input name="disabled" type="checkbox" value="yes" onclick="enable_change(false)" <?php if (!isset($pconfig['enable'])) echo "checked"; ?>> + <strong>Disable this X.509 CRL list</strong><br> + <span class="vexpl">Set this option to on to disable this X.509 CRL file + without removing it from the list.</span></td> + </td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncellreq">Name</td> + <td width="78%" class="vtable"> + <input name="crlname" type="text" class="formfld" id="crlname" size="40" value="<?=htmlspecialchars($pconfig['crlname']);?>"> + <br><span class="vexpl">Enter a unique name here, to describe the X.509 CRL list.</span></td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncell">Description</td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> + <br><span class="vexpl">You may enter a description here for your reference (not parsed).</span></td> + </tr> + + <tr> + <td valign="top" class="vncellreq">X.509 CRL file content</td> + <td class="vtable"> + <textarea name="crl_list" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['crl_list']));?></textarea> + <br> + Paste the contents of a X.509 CRL file in PEM format here.</td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncell">X.509 CRL file</td> + <td class="vtable"> + <input name="filename" type="file" class="formfld" id="filename"><br> + Instead of pasting the contents of a X.509 CRL file above, + you can upload a X.509 CRL file in PEM format here. It will + overwrite the values entered in the "X.509 CRL file content" + field. + </td> + </tr> + + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)"> + <?php if (isset($id)): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> +</table> +</form> +<script language="JavaScript"> +<!-- +enable_change(false); +//--> +</script> +<?php include("fend.inc"); +?> |