diff options
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/crash_reporter.php | 24 | ||||
-rw-r--r-- | usr/local/www/csrf/csrf-magic.js | 17 | ||||
-rw-r--r-- | usr/local/www/csrf/csrf-magic.php | 36 | ||||
-rw-r--r-- | usr/local/www/diag_dns.php | 18 | ||||
-rwxr-xr-x | usr/local/www/diag_dump_states.php | 28 | ||||
-rw-r--r-- | usr/local/www/diag_ipsec.php | 4 | ||||
-rw-r--r-- | usr/local/www/guiconfig.inc | 2 | ||||
-rw-r--r-- | usr/local/www/interfaces_bridge_edit.php | 4 | ||||
-rw-r--r-- | usr/local/www/interfaces_groups_edit.php | 2 | ||||
-rw-r--r-- | usr/local/www/pkg_edit.php | 9 | ||||
-rw-r--r-- | usr/local/www/services_captiveportal_hostname.php | 4 | ||||
-rw-r--r-- | usr/local/www/services_captiveportal_ip.php | 6 | ||||
-rw-r--r-- | usr/local/www/status_openvpn.php | 3 | ||||
-rw-r--r-- | usr/local/www/status_queues.php | 1 | ||||
-rwxr-xr-x | usr/local/www/status_services.php | 12 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_client.php | 176 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 2 |
17 files changed, 204 insertions, 144 deletions
diff --git a/usr/local/www/crash_reporter.php b/usr/local/www/crash_reporter.php index e7834c6..c0a20a4 100644 --- a/usr/local/www/crash_reporter.php +++ b/usr/local/www/crash_reporter.php @@ -65,17 +65,13 @@ function upload_crash_report($files) { } function output_crash_reporter_html($crash_reports) { - echo "<strong>" . gettext("Unfortunately we have detected a programming bug.") . "</strong></p>"; - echo gettext("Would you like to submit the programming debug logs to the pfSense developers for inspection?") . "</p>"; - echo "<p>"; - echo "<i>" . gettext("Please double check the contents to ensure you are comfortable sending this information before clicking Yes.") . "</i><br />"; - echo "<p>"; - echo gettext("Contents of crash reports") . ":<br />"; - echo "<textarea readonly rows='40' cols='65' name='crashreports'>{$crash_reports}</textarea>"; - echo "<p/>"; - echo "<input name=\"Submit\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("Yes") . "\">" . gettext(" - Submit this to the developers for inspection"); - echo "<p/><input name=\"Submit\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("No") . "\">" . gettext(" - Just delete the crash report and take me back to the Dashboard"); - echo "<p/>"; + echo "<p><strong>" . gettext("Unfortunately we have detected a programming bug.") . "</strong></p>"; + echo "<p>" . gettext("Would you like to submit the programming debug logs to the pfSense developers for inspection?") . "</p>"; + echo "<p><i>" . gettext("Please double check the contents to ensure you are comfortable sending this information before clicking Yes.") . "</i></p>"; + echo "<p>" . gettext("Contents of crash reports") . ":<br />"; + echo "<textarea readonly=\"readonly\" rows=\"40\" cols=\"65\" name=\"crashreports\">{$crash_reports}</textarea></p>"; + echo "<p><input name=\"Submit\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("Yes") . "\" />" . gettext(" - Submit this to the developers for inspection") . "</p>"; + echo "<p><input name=\"Submit\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("No") . "\" />" . gettext(" - Just delete the crash report and take me back to the Dashboard") . "</p>"; echo "</form>"; } @@ -108,7 +104,7 @@ exec("/usr/bin/grep -vi warning /tmp/PHP_errors.log", $php_errors); copy("/tmp/PHP_errors.log", "/var/crash/PHP_errors.log"); exec("/usr/bin/gzip /var/crash/*"); $files_to_upload = glob("/var/crash/*"); - echo "<p/>"; + echo "<br/>"; echo gettext("Uploading..."); ob_flush(); flush(); @@ -117,9 +113,9 @@ exec("/usr/bin/grep -vi warning /tmp/PHP_errors.log", $php_errors); array_map('unlink', glob("/var/crash/*")); // Erase the contents of the PHP error log fclose(fopen("/tmp/PHP_errors.log", 'w')); - echo "<p/>"; + echo "<br/>"; print_r($resp); - echo "<p/><a href='/'>" . gettext("Continue") . "</a>" . gettext(" and delete crash report files from local disk."); + echo "<p><a href=\"/\">" . gettext("Continue") . "</a>" . gettext(" and delete crash report files from local disk.") . "</p>"; } else { echo "Could not find any crash files."; } diff --git a/usr/local/www/csrf/csrf-magic.js b/usr/local/www/csrf/csrf-magic.js index d776b6a..d358b0f 100644 --- a/usr/local/www/csrf/csrf-magic.js +++ b/usr/local/www/csrf/csrf-magic.js @@ -142,25 +142,30 @@ if (window.XMLHttpRequest && window.XMLHttpRequest.prototype && '\v' != 'v') { } return jQuery.csrf_ajax( s ); } - } else if (window.Prototype) { + } + if (window.Prototype) { // This works for script.aculo.us too Ajax.csrf_getTransport = Ajax.getTransport; Ajax.getTransport = function() { return new CsrfMagic(Ajax.csrf_getTransport()); } - } else if (window.MooTools) { + } + if (window.MooTools) { Browser.csrf_Request = Browser.Request; Browser.Request = function () { return new CsrfMagic(Browser.csrf_Request()); } - } else if (window.YAHOO) { + } + if (window.YAHOO) { + // old YUI API YAHOO.util.Connect.csrf_createXhrObject = YAHOO.util.Connect.createXhrObject; YAHOO.util.Connect.createXhrObject = function (transaction) { obj = YAHOO.util.Connect.csrf_createXhrObject(transaction); obj.conn = new CsrfMagic(obj.conn); return obj; } - } else if (window.Ext) { + } + if (window.Ext) { // Ext can use other js libraries as loaders, so it has to come last // Ext's implementation is pretty identical to Yahoo's, but we duplicate // it for comprehensiveness's sake. @@ -170,7 +175,9 @@ if (window.XMLHttpRequest && window.XMLHttpRequest.prototype && '\v' != 'v') { obj.conn = new CsrfMagic(obj.conn); return obj; } - } else if (window.dojo) { + } + if (window.dojo) { + // NOTE: this doesn't work with latest dojo dojo.csrf__xhrObj = dojo._xhrObj; dojo._xhrObj = function () { return new CsrfMagic(dojo.csrf__xhrObj()); diff --git a/usr/local/www/csrf/csrf-magic.php b/usr/local/www/csrf/csrf-magic.php index fc02dea..58f4eba 100644 --- a/usr/local/www/csrf/csrf-magic.php +++ b/usr/local/www/csrf/csrf-magic.php @@ -53,6 +53,8 @@ $GLOBALS['csrf']['rewrite-js'] = false; * will become invalid. */ $GLOBALS['csrf']['secret'] = ''; +// nota bene: library code should use csrf_get_secret() and not access +// this global directly /** * Set this to false to disable csrf-magic's output handler, and therefore, @@ -129,7 +131,7 @@ $GLOBALS['csrf']['xhtml'] = true; // FUNCTIONS: // Don't edit this! -$GLOBALS['csrf']['version'] = '1.0.1'; +$GLOBALS['csrf']['version'] = '1.0.4'; /** * Rewrites <form> on the fly to add CSRF tokens to them. This can also @@ -240,12 +242,40 @@ function csrf_get_tokens() { return 'invalid'; } +function csrf_flattenpost($data) { + $ret = array(); + foreach($data as $n => $v) { + $ret = array_merge($ret, csrf_flattenpost2(1, $n, $v)); + } + return $ret; +} +function csrf_flattenpost2($level, $key, $data) { + if(!is_array($data)) return array($key => $data); + $ret = array(); + foreach($data as $n => $v) { + $nk = $level >= 1 ? $key."[$n]" : "[$n]"; + $ret = array_merge($ret, csrf_flattenpost2($level+1, $nk, $v)); + } + return $ret; +} + /** * @param $tokens is safe for HTML consumption */ function csrf_callback($tokens) { + // (yes, $tokens is safe to echo without escaping) header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); - echo "<html><head><title>CSRF check failed</title></head><body>CSRF check failed. Either your session has expired, this page has been inactive too long, or you need to enable cookies.<br />Debug: ".$tokens."</body></html> + $data = ''; + foreach (csrf_flattenpost($_POST) as $key => $value) { + if ($key == $GLOBALS['csrf']['input-name']) continue; + $data .= '<input type="hidden" name="'.htmlspecialchars($key).'" value="'.htmlspecialchars($value).'" />'; + } + echo "<html><head><title>CSRF check failed</title></head> + <body> + <p>CSRF check failed. Your form session may have expired, or you may not have + cookies enabled.</p> + <form method='post' action=''>$data<input type='submit' value='Try again' /></form> + <p>Debug: $tokens</p></body></html> "; } @@ -362,7 +392,7 @@ function csrf_generate_secret($len = 32) { */ function csrf_hash($value, $time = null) { if (!$time) $time = time(); - return sha1($GLOBALS['csrf']['secret'] . $value . $time) . ',' . $time; + return sha1(csrf_get_secret() . $value . $time) . ',' . $time; } // Load user configuration diff --git a/usr/local/www/diag_dns.php b/usr/local/www/diag_dns.php index e00a6fc..fcdd330 100644 --- a/usr/local/www/diag_dns.php +++ b/usr/local/www/diag_dns.php @@ -186,11 +186,11 @@ include("head.inc"); ?> <?=$mandfldhtml;?> <table summary="results"> <tr><td valign="top"> - <input name="host" type="text" class="formfld" id="host" size="20" value="<?=htmlspecialchars($host);?>" /> + <input name="host" type="text" class="formfld" id="host" size="20" value="<?=htmlspecialchars($host);?>" /> = </td> <td> <?php if ($resolved && $type) { ?> - = <font size="+1"> + <font size="+1"> <?php $found = 0; if(is_array($resolved)) { @@ -224,13 +224,13 @@ include("head.inc"); ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Resolution time per server");?></td> <td width="78%" class="vtable"> - <table width="170" border="1" cellpadding="2" style="border-width: 1px 1px 1px 1px; border-collapse: collapse;" summary="resolution time"> + <table width="170" border="0" cellpadding="6" cellspacing="0" summary="resolution time"> <tr> - <td> - <b><?=gettext("Server");?></b> + <td class="listhdrr"> + <?=gettext("Server");?> </td> - <td> - <b><?=gettext("Query time");?></b> + <td class="listhdrr"> + <?=gettext("Query time");?> </td> </tr> <?php @@ -238,10 +238,10 @@ include("head.inc"); ?> foreach($dns_speeds as $qt): ?> <tr> - <td> + <td class="listlr"> <?=$qt['dns_server']?> </td> - <td> + <td class="listr"> <?=$qt['query_time']?> </td> </tr> diff --git a/usr/local/www/diag_dump_states.php b/usr/local/www/diag_dump_states.php index b6771aa..0119afa 100755 --- a/usr/local/www/diag_dump_states.php +++ b/usr/local/www/diag_dump_states.php @@ -40,6 +40,7 @@ ##|-PRIV require_once("guiconfig.inc"); +require_once("interfaces.inc"); /* handle AJAX operations */ if($_GET['action']) { @@ -50,7 +51,7 @@ if($_GET['action']) { } else { echo gettext("invalid input"); } - exit; + return; } } @@ -59,9 +60,14 @@ if ($_GET['filter'] && ($_GET['killfilter'] == "Kill")) { $tokill = escapeshellarg($_GET['filter'] . "/32"); } elseif (is_subnet($_GET['filter'])) { $tokill = escapeshellarg($_GET['filter']); + } else { + // Invalid filter + $tokill = ""; + } + if (!empty($tokill)) { + $retval = mwexec("/sbin/pfctl -k {$tokill} -k 0/0"); + $retval = mwexec("/sbin/pfctl -k 0.0.0.0/0 -k {$tokill}"); } - $retval = mwexec("/sbin/pfctl -k {$tokill} -k 0/0"); - $retval = mwexec("/sbin/pfctl -k 0.0.0.0/0 -k {$tokill}"); } $pgtitle = array(gettext("Diagnostics"),gettext("Show States")); @@ -98,7 +104,7 @@ include("head.inc"); return; } - jQuery('tr[name="r:' + values[1] + ":" + values[2] + '"]').each( + jQuery('tr[id="r:' + values[1] + ":" + values[2] + '"]').each( function(index,row) { jQuery(row).fadeOut(1000); } ); } @@ -155,7 +161,8 @@ include("head.inc"); <table class="tabcont sortable" width="100%" border="0" cellspacing="0" cellpadding="0" summary="results"> <thead> <tr> - <th class="listhdrr" width="10%"><?=gettext("Proto");?></th> + <th class="listhdrr" width="5%"><?=gettext("Int");?></th> + <th class="listhdrr" width="5%"><?=gettext("Proto");?></th> <th class="listhdrr" width="65"><?=gettext("Source -> Router -> Destination");?></th> <th class="listhdr" width="24%"><?=gettext("State");?></th> <th class="list sort_ignore" width="1%"></th> @@ -165,18 +172,22 @@ include("head.inc"); <?php $row = 0; /* get our states */ -$grepline = ($_GET['filter']) ? "| grep " . escapeshellarg(htmlspecialchars($_GET['filter'])) : ""; +$grepline = ($_GET['filter']) ? "| /usr/bin/egrep " . escapeshellarg(htmlspecialchars($_GET['filter'])) : ""; $fd = popen("/sbin/pfctl -s state {$grepline}", "r" ); while ($line = chop(fgets($fd))) { if($row >= 10000) break; $line_split = preg_split("/\s+/", $line); - $type = array_shift($line_split); + + $iface = array_shift($line_split); $proto = array_shift($line_split); $state = array_pop($line_split); $info = implode(" ", $line_split); + // We may want to make this optional, with a large state table, this could get to be expensive. + $iface = convert_real_interface_to_friendly_descr($iface); + /* break up info and extract $srcip and $dstip */ $ends = preg_split("/\<?-\>?/", $info); $parts = explode(":", $ends[0]); @@ -186,7 +197,8 @@ while ($line = chop(fgets($fd))) { ?> <tr valign="top" id="r:<?= $srcip ?>:<?= $dstip ?>"> - <td class="listlr"><?= $proto ?></td> + <td class="listlr"><?= $iface ?></td> + <td class="listr"><?= $proto ?></td> <td class="listr"><?= $info ?></td> <td class="listr"><?= $state ?></td> <td class="list"> diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php index 02291e8..ad6c463 100644 --- a/usr/local/www/diag_ipsec.php +++ b/usr/local/www/diag_ipsec.php @@ -116,7 +116,7 @@ $status = ipsec_smp_dump_status(); ?> <tr> <td class="listlr"> - <?php echo htmlspecialchars($ikesa['peerconfig']);?> + <?php echo htmlspecialchars(ipsec_get_descr_by_peerconfig($ikesa['peerconfig']));?> </td> <td class="listr"> <?php if (!is_array($ikesa['local'])) @@ -220,7 +220,7 @@ $status = ipsec_smp_dump_status(); echo htmlspecialchars($childsa['remote']['spi']); ?> </td> - <td class="listlr nowrap"> + <td class="listr nowrap"> <?php if (is_array($childsa['remote']) && is_array($childsa['remote']['networks']) && is_array($childsa['remote']['networks']['network'])) { foreach ($childsa['remote']['networks']['network'] as $rnets) { echo htmlspecialchars($rnets) . "<br />"; diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index ab3bf0a..30cb1ac 100644 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -260,7 +260,7 @@ function do_input_validation($postdata, $reqdfields, $reqdfieldsn, &$input_error for ($i = 0; $i < count($reqdfields); $i++) { if ($_POST[$reqdfields[$i]] == "" && $_REQUEST[$reqdfields[$i]] == "") { - $input_errors[] = sprintf(gettext("The field %s is required."), $reqfieldsn[$i]); + $input_errors[] = sprintf(gettext("The field %s is required."), $reqdfieldsn[$i]); } } } diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index 0a4502c..942e792 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -271,12 +271,14 @@ function show_source_port_range() { <td width="78%" class="vtable"> <select name="members[]" multiple="multiple" class="formselect" size="3"> <?php + $members_array = explode(',', $pconfig['members']); foreach ($ifacelist as $ifn => $ifinfo) { echo "<option value=\"{$ifn}\""; - if (stristr($pconfig['members'], $ifn)) + if (in_array($ifn, $members_array)) echo " selected=\"selected\""; echo ">{$ifinfo}</option>"; } + unset($members_array); ?> </select> <br /> diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php index 6fd5ac9..08ebdb9 100644 --- a/usr/local/www/interfaces_groups_edit.php +++ b/usr/local/www/interfaces_groups_edit.php @@ -251,7 +251,7 @@ function removeRow(el) { <tr> <td valign="top" class="vncellreq"><?=gettext("Group Name");?></td> <td class="vtable"> - <input class="formfld unknown" name="ifname" id="ifname" value="<?=htmlspecialchars($pconfig['ifname']);?>" /> + <input class="formfld unknown" name="ifname" id="ifname" maxlength="15" value="<?=htmlspecialchars($pconfig['ifname']);?>" /> <br /> <?=gettext("No numbers or spaces are allowed. Only characters in a-zA-Z");?> </td> diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 8db3eae..d9544ed 100644 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -258,10 +258,15 @@ else $title = gettext("Package Editor"); $pgtitle = $title; -include("head.inc"); -if ($pkg['custom_php_after_head_command']) +if ($pkg['custom_php_after_head_command']) { + $closehead = false; + include("head.inc"); eval($pkg['custom_php_after_head_command']); + echo "</head>\n"; +} +else + include("head.inc"); ?> diff --git a/usr/local/www/services_captiveportal_hostname.php b/usr/local/www/services_captiveportal_hostname.php index 742fe34..960cb43 100644 --- a/usr/local/www/services_captiveportal_hostname.php +++ b/usr/local/www/services_captiveportal_hostname.php @@ -79,8 +79,8 @@ if ($_GET['act'] == "del" && !empty($cpzone)) { pfSense_pipe_action("pipe delete {$ipfw['dnpipe']}"); pfSense_pipe_action("pipe delete " . ($ipfw['dnpipe']+1)); } - pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 3, $ip); - pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 4, $ip); + pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_XDEL, 3, $ip); + pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_XDEL, 4, $ip); } } diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index cf4d764..e87895c 100644 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -70,8 +70,8 @@ if ($_GET['act'] == "del") { $mask = (!empty($ipent['sn'])) ? $ipent['sn'] : 32; $ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $ipent['ip'], $mask); - pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 3, $ipent['ip'], $mask); - pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 4, $ipent['ip'], $mask); + pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_XDEL, 3, $ipent['ip'], $mask); + pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_XDEL, 4, $ipent['ip'], $mask); if (is_array($ipfw)) { captiveportal_free_dn_ruleno($ipfw['dnpipe']); @@ -178,4 +178,4 @@ include("head.inc"); </form> <?php include("fend.inc"); ?> </body> -</html>
\ No newline at end of file +</html> diff --git a/usr/local/www/status_openvpn.php b/usr/local/www/status_openvpn.php index 4d1f46f..bcc4b9f 100644 --- a/usr/local/www/status_openvpn.php +++ b/usr/local/www/status_openvpn.php @@ -384,7 +384,6 @@ include("head.inc"); ?> </td> </tr> </table> -</form> <?php } @@ -397,7 +396,7 @@ if ((empty($clients)) && (empty($servers)) && (empty($sk_servers))) { echo gettext("No OpenVPN instance defined"); } ?> - +</form> <?php include("fend.inc"); ?> <script type="text/javascript"> diff --git a/usr/local/www/status_queues.php b/usr/local/www/status_queues.php index 00c5d95..04252ee 100644 --- a/usr/local/www/status_queues.php +++ b/usr/local/www/status_queues.php @@ -130,6 +130,7 @@ include("head.inc"); if(!is_array($config['shaper']['queue']) || count($config['shaper']['queue']) < 1) { echo gettext("Traffic shaping is not configured."); include("fend.inc"); + echo "</body></html>"; exit;} ?> <?php if (!$error): ?> diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php index 48f9db4..c08f773 100755 --- a/usr/local/www/status_services.php +++ b/usr/local/www/status_services.php @@ -41,16 +41,20 @@ require_once("guiconfig.inc"); require_once("service-utils.inc"); require_once("shortcuts.inc"); -if (!empty($_GET['service'])) { +$service_name = ''; +if (isset($_GET['service'])) + $service_name = htmlspecialchars($_GET['service']); + +if (!empty($service_name)) { switch ($_GET['mode']) { case "restartservice": - $savemsg = service_control_restart($_GET['service'], $_GET); + $savemsg = service_control_restart($service_name, $_GET); break; case "startservice": - $savemsg = service_control_start($_GET['service'], $_GET); + $savemsg = service_control_start($service_name, $_GET); break; case "stopservice": - $savemsg = service_control_stop($_GET['service'], $_GET); + $savemsg = service_control_stop($service_name, $_GET); break; } sleep(5); diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 560b3f5..d5b479e 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -1,20 +1,20 @@ -<?php +<?php /* vpn_openvpn_client.php Copyright (C) 2008 Shrew Soft Inc. - All rights reserved. + All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -105,7 +105,7 @@ if($_GET['act']=="edit"){ if (isset($id) && $a_client[$id]) { foreach($simplefields as $stat) $pconfig[$stat] = $a_client[$id][$stat]; - + $pconfig['disable'] = isset($a_client[$id]['disable']); $pconfig['mode'] = $a_client[$id]['mode']; $pconfig['protocol'] = $a_client[$id]['protocol']; @@ -126,7 +126,7 @@ if($_GET['act']=="edit"){ $pconfig['custom_options'] = $a_client[$id]['custom_options']; $pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type']; $pconfig['dev_mode'] = $a_client[$id]['dev_mode']; - + if ($pconfig['mode'] != "p2p_shared_key") { $pconfig['caref'] = $a_client[$id]['caref']; $pconfig['certref'] = $a_client[$id]['certref']; @@ -229,8 +229,8 @@ if ($_POST) { if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) || ($pconfig['use_shaper'] <= 0))) $input_errors[] = gettext("The bandwidth limit must be a positive numeric value."); - if ($pconfig['autokey_enable']) - $pconfig['shared_key'] = openvpn_create_key(); + if ($pconfig['autokey_enable']) + $pconfig['shared_key'] = openvpn_create_key(); if (!$tls_mode && !$pconfig['autokey_enable']) if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") || @@ -244,8 +244,8 @@ if ($_POST) { /* If we are not in shared key mode, then we need the CA/Cert. */ if ($pconfig['mode'] != "p2p_shared_key") { - $reqdfields = explode(" ", "caref certref"); - $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate")); + $reqdfields = explode(" ", "caref"); + $reqdfieldsn = array(gettext("Certificate Authority")); } elseif (!$pconfig['autokey_enable']) { /* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */ $reqdfields = array('shared_key'); @@ -253,14 +253,18 @@ if ($_POST) { } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - + + if (($pconfig['mode'] != "p2p_shared_key") && empty($pconfig['certref']) && empty($pconfig['auth_user']) && empty($pconfig['auth_pass'])) { + $input_errors[] = gettext("If no Client Certificate is selected, a username and password must be entered."); + } + if (!$input_errors) { $client = array(); - + foreach($simplefields as $stat) update_if_changed($stat, $client[$stat], $_POST[$stat]); - + if ($vpnid) $client['vpnid'] = $vpnid; else @@ -284,17 +288,17 @@ if ($_POST) { $client['mode'] = $pconfig['mode']; $client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']); - if ($tls_mode) { - $client['caref'] = $pconfig['caref']; - $client['certref'] = $pconfig['certref']; - if ($pconfig['tlsauth_enable']) { - if ($pconfig['autotls_enable']) - $pconfig['tls'] = openvpn_create_key(); - $client['tls'] = base64_encode($pconfig['tls']); - } - } else { - $client['shared_key'] = base64_encode($pconfig['shared_key']); - } + if ($tls_mode) { + $client['caref'] = $pconfig['caref']; + $client['certref'] = $pconfig['certref']; + if ($pconfig['tlsauth_enable']) { + if ($pconfig['autotls_enable']) + $pconfig['tls'] = openvpn_create_key(); + $client['tls'] = base64_encode($pconfig['tls']); + } + } else { + $client['shared_key'] = base64_encode($pconfig['shared_key']); + } $client['crypto'] = $pconfig['crypto']; $client['digest'] = $pconfig['digest']; $client['engine'] = $pconfig['engine']; @@ -314,7 +318,7 @@ if ($_POST) { openvpn_resync('client', $client); write_config(); - + header("Location: vpn_openvpn_client.php"); exit; } @@ -358,10 +362,10 @@ function autokey_change() { function useproxy_changed() { if (jQuery('#proxy_authtype').val() != 'none') { - jQuery('#proxy_authtype_opts').show(); - } else { - jQuery('#proxy_authtype_opts').hide(); - } + jQuery('#proxy_authtype_opts').show(); + } else { + jQuery('#proxy_authtype_opts').hide(); + } } function tlsauth_change() { @@ -402,9 +406,9 @@ if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn client"> - <tr> + <tr> <td class="tabnavtbl"> - <?php + <?php $tab_array = array(); $tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php"); $tab_array[] = array(gettext("Client"), true, "vpn_openvpn_client.php"); @@ -414,7 +418,7 @@ if ($savemsg) display_top_tabs($tab_array); ?> </td> - </tr> + </tr> <tr> <td class="tabcont"> @@ -475,21 +479,21 @@ if ($savemsg) </select> </td> </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td> - <td width="78%" class="vtable"> - <select name='dev_mode' class="formselect"> - <?php - foreach ($openvpn_dev_mode as $mode): - $selected = ""; - if ($pconfig['dev_mode'] == $mode) - $selected = "selected=\"selected\""; - ?> - <option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option> - <?php endforeach; ?> - </select> - </td> - </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td> + <td width="78%" class="vtable"> + <select name='dev_mode' class="formselect"> + <?php + foreach ($openvpn_dev_mode as $mode): + $selected = ""; + if ($pconfig['dev_mode'] == $mode) + $selected = "selected=\"selected\""; + ?> + <option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option> + <?php endforeach; ?> + </select> + </td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> <td width="78%" class="vtable"> @@ -563,12 +567,12 @@ if ($savemsg) <td width="78%" class="vtable"> <table border="0" cellpadding="2" cellspacing="0" summary="proxy authentication"> <tr> - <td align="right" width="25%"> - <span class="vexpl"> - <?=gettext("Authentication method"); ?> : - </span> - </td> - <td> + <td align="right" width="25%"> + <span class="vexpl"> + <?=gettext("Authentication method"); ?> : + </span> + </td> + <td> <select name="proxy_authtype" id="proxy_authtype" class="formfld select" onchange="useproxy_changed()"> <option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected=\"selected\""; ?>><?=gettext("none"); ?></option> <option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected=\"selected\""; ?>><?=gettext("basic"); ?></option> @@ -579,27 +583,27 @@ if ($savemsg) </table> <br /> <table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none" summary="proxy authentication options"> - <tr> - <td align="right" width="25%"> - <span class="vexpl"> - <?=gettext("Username"); ?> : - </span> - </td> - <td> - <input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" /> - </td> - </tr> - <tr> - <td align="right" width="25%"> - <span class="vexpl"> - <?=gettext("Password"); ?> : - </span> - </td> - <td> - <input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" /> - </td> - </tr> - </table> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + <?=gettext("Username"); ?> : + </span> + </td> + <td> + <input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" /> + </td> + </tr> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + <?=gettext("Password"); ?> : + </span> + </td> + <td> + <input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" /> + </td> + </tr> + </table> </td> </tr> <tr> @@ -623,9 +627,9 @@ if ($savemsg) "that is not permanently connected to the Internet"); ?>. </td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>" /> <br /> <?=gettext("You may enter a description here for your reference (not parsed)"); ?>. @@ -733,7 +737,6 @@ if ($savemsg) <tr id="tls_cert"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td> <td width="78%" class="vtable"> - <?php if (count($a_cert)): ?> <select name='certref' class="formselect"> <?php foreach ($a_cert as $cert): @@ -753,9 +756,10 @@ if ($savemsg) ?> <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> <?php endforeach; ?> + <option value="" <?PHP if (empty($pconfig['certref'])) echo "selected=\"selected\""; ?>>None (Username and Password required)</option> </select> - <?php else: ?> - <b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a>. + <?php if (!count($a_cert)): ?> + <b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a> if one is required for this connection. <?php endif; ?> </td> </tr> @@ -979,8 +983,8 @@ if ($savemsg) <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="icons"> <tr> <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input name="act" type="hidden" value="<?=$act;?>" /> <?php if (isset($id) && $a_client[$id]): ?> <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> @@ -1080,10 +1084,10 @@ useproxy_changed(); /* local utility functions */ function set_checked($var,& $chk) { - if($var) - $chk = "checked=\"checked\""; - else - $chk = ""; + if($var) + $chk = "checked=\"checked\""; + else + $chk = ""; } ?> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 60d7732..e840911 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -1340,7 +1340,7 @@ if ($savemsg) <?php endforeach; ?> </select> <br /> - <?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently."); ?>. + <?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently."); ?> </td> </tr> <tr> |