diff mbox series

[02/16] IPsec: Add prototype to export Apple Configuration profiles

Message ID 20200528175850.12638-3-michael.tremer@ipfire.org
State Accepted
Headers
Series [01/16] IPsec: Use sane defaults for certificate lifetimes |

Commit Message

Michael Tremer May 28, 2020, 5:58 p.m. UTC 
  Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/common/web-user-interface |   1 +
 doc/language_issues.de                     |   1 +
 doc/language_issues.en                     |   1 +
 doc/language_issues.es                     |   1 +
 doc/language_issues.fr                     |   1 +
 doc/language_issues.it                     |   1 +
 doc/language_issues.nl                     |   1 +
 doc/language_issues.pl                     |   1 +
 doc/language_issues.ru                     |   1 +
 doc/language_issues.tr                     |   1 +
 doc/language_missings                      |   8 ++
 html/cgi-bin/vpnmain.cgi                   | 135 ++++++++++++++++++++-
 html/html/images/apple.png                 | Bin 0 -> 346 bytes
 langs/en/cgi-bin/en.pl                     |   1 +
 14 files changed, 153 insertions(+), 1 deletion(-)
 create mode 100644 html/html/images/apple.png
diff mbox series

Patch

diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface
index 9aaa05631..7d67c346c 100644
--- a/config/rootfiles/common/web-user-interface
+++ b/config/rootfiles/common/web-user-interface
@@ -117,6 +117,7 @@  srv/web/ipfire/html/images/add.gif
 srv/web/ipfire/html/images/addblue.gif
 srv/web/ipfire/html/images/addgreen.gif
 srv/web/ipfire/html/images/address-book-new.png
+srv/web/ipfire/html/images/apple.png
 srv/web/ipfire/html/images/application-certificate.png
 srv/web/ipfire/html/images/application-x-executable.png
 srv/web/ipfire/html/images/applications-accessories.png
diff --git a/doc/language_issues.de b/doc/language_issues.de
index 2dc986d0a..d53bfa601 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -767,6 +767,7 @@  WARNING: translation string unused: zoneconf val ppp assignment error
 WARNING: translation string unused: zoneconf val vlan amount assignment error
 WARNING: translation string unused: zoneconf val vlan tag assignment error
 WARNING: translation string unused: zoneconf val zoneslave amount error
+WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
 WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date!
 WARNING: untranslated string: fwhost cust geoipgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 88fa6ed79..dc40a08bb 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -656,6 +656,7 @@  WARNING: untranslated string: downlink = Downlink
 WARNING: untranslated string: downlink speed = Downlink speed (kbit/sec)
 WARNING: untranslated string: downlink std class = downlink standard class
 WARNING: untranslated string: download = download
+WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
 WARNING: untranslated string: download ca certificate = Download CA certificate
 WARNING: untranslated string: download certificate = Download file
 WARNING: untranslated string: download host certificate = Download host certificate
diff --git a/doc/language_issues.es b/doc/language_issues.es
index ef78d6680..933e99eca 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -849,6 +849,7 @@  WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been
 WARNING: untranslated string: dnssec not supported = DNSSEC Not supported
 WARNING: untranslated string: dnssec validating = DNSSEC Validating
 WARNING: untranslated string: downlink = Downlink
+WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
 WARNING: untranslated string: download tls-auth key = Download tls-auth key
 WARNING: untranslated string: dpd delay = Delay
 WARNING: untranslated string: dpd timeout = Timeout
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index fd10b171e..fd9f8296c 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -807,6 +807,7 @@  WARNING: translation string unused: zoneconf val ppp assignment error
 WARNING: translation string unused: zoneconf val vlan amount assignment error
 WARNING: translation string unused: zoneconf val vlan tag assignment error
 WARNING: translation string unused: zoneconf val zoneslave amount error
+WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
 WARNING: untranslated string: fwhost cust geoipgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
 WARNING: untranslated string: guardian block a host = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 16ff776b5..e77b1ef3f 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -862,6 +862,7 @@  WARNING: untranslated string: dns use protocol for dns queries = Protocol for DN
 WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
 WARNING: untranslated string: dnsforward forward_servers = Nameservers
 WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
+WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
 WARNING: untranslated string: duration = Duration
 WARNING: untranslated string: eight hours = 8 Hours
 WARNING: untranslated string: email config = Configuration
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 328a8e1f2..ca6dec27e 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -865,6 +865,7 @@  WARNING: untranslated string: dnssec aware = DNSSEC Aware
 WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
 WARNING: untranslated string: dnssec not supported = DNSSEC Not supported
 WARNING: untranslated string: dnssec validating = DNSSEC Validating
+WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
 WARNING: untranslated string: download tls-auth key = Download tls-auth key
 WARNING: untranslated string: drop outgoing = Log dropped outgoing packets
 WARNING: untranslated string: duration = Duration
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index ef78d6680..933e99eca 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -849,6 +849,7 @@  WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been
 WARNING: untranslated string: dnssec not supported = DNSSEC Not supported
 WARNING: untranslated string: dnssec validating = DNSSEC Validating
 WARNING: untranslated string: downlink = Downlink
+WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
 WARNING: untranslated string: download tls-auth key = Download tls-auth key
 WARNING: untranslated string: dpd delay = Delay
 WARNING: untranslated string: dpd timeout = Timeout
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 0a579d406..1fed38304 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -853,6 +853,7 @@  WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been
 WARNING: untranslated string: dnssec not supported = DNSSEC Not supported
 WARNING: untranslated string: dnssec validating = DNSSEC Validating
 WARNING: untranslated string: downlink = Downlink
+WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
 WARNING: untranslated string: download tls-auth key = Download tls-auth key
 WARNING: untranslated string: dpd delay = Delay
 WARNING: untranslated string: dpd timeout = Timeout
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index d04c99305..c716af76d 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -838,6 +838,7 @@  WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigne
 WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries
 WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
 WARNING: untranslated string: dnsforward forward_servers = Nameservers
+WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
 WARNING: untranslated string: duration = Duration
 WARNING: untranslated string: email tls explicit = explicit (STARTTLS)
 WARNING: untranslated string: email tls implicit = implicit (TLS)
diff --git a/doc/language_missings b/doc/language_missings
index bfc3ba41f..cff74f9b0 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -32,6 +32,7 @@ 
 < dh name is invalid
 < dns could not add server
 < done
+< download apple profile
 < error the to date has to be later than the from date
 < g.dtm
 < g.lite
@@ -248,6 +249,7 @@ 
 < dns use isp assigned nameservers
 < dns use protocol for dns queries
 < downlink
+< download apple profile
 < download dh parameter
 < download tls-auth key
 < dpd delay
@@ -918,6 +920,7 @@ 
 < ansi t1.483
 < bewan adsl pci st
 < bewan adsl usb
+< download apple profile
 < g.dtm
 < g.lite
 < upload fcdsl.o
@@ -1031,6 +1034,7 @@ 
 < dns tls hostname
 < dns use isp assigned nameservers
 < dns use protocol for dns queries
+< download apple profile
 < duration
 < eight hours
 < email config
@@ -1397,6 +1401,7 @@ 
 < dns tls hostname
 < dns use isp assigned nameservers
 < dns use protocol for dns queries
+< download apple profile
 < download dh parameter
 < download tls-auth key
 < drop outgoing
@@ -1878,6 +1883,7 @@ 
 < dns use isp assigned nameservers
 < dns use protocol for dns queries
 < downlink
+< download apple profile
 < download dh parameter
 < download tls-auth key
 < dpd delay
@@ -2729,6 +2735,7 @@ 
 < dns use isp assigned nameservers
 < dns use protocol for dns queries
 < downlink
+< download apple profile
 < download dh parameter
 < download tls-auth key
 < dpd delay
@@ -3422,6 +3429,7 @@ 
 < dns tls hostname
 < dns use isp assigned nameservers
 < dns use protocol for dns queries
+< download apple profile
 < duration
 < email tls explicit
 < email tls implicit
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 2d0f57f98..9c0d72c88 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -19,6 +19,7 @@ 
 #                                                                             #
 ###############################################################################
 
+use MIME::Base64;
 use Net::DNS;
 use File::Copy;
 use File::Temp qw/ tempfile tempdir /;
@@ -1178,6 +1179,122 @@  END
 	print `/bin/cat ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
 	exit (0);
 
+# Export Apple profile to browser
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download apple profile'}) {
+	&General::readhasharray("${General::swroot}/vpn/config", \%confighash);
+	my $key = $cgiparams{'KEY'};
+
+	my $uuid1 = "AAAABBBB";
+	my $uuid2 = "CCCCDDDD";
+
+	my $cert = "";
+	my $cert_uuid = "123456789";
+
+	# Read and encode certificate
+	if ($confighash{$key}[4] eq "cert") {
+		my $cert_path = "${General::swroot}/certs/$confighash{$key}[1].p12";
+
+		# Read certificate and encode it into Base64
+		open(CERT, "<${cert_path}");
+		local($/) = undef; # slurp
+		$cert = MIME::Base64::encode_base64(<CERT>);
+		close(CERT);
+	}
+
+	print "Content-Type: application/octet-stream\n";
+	print "Content-Disposition: attachment; filename=" . $confighash{$key}[1] . ".mobileconfig\n";
+	print "\n"; # end headers
+
+	print "<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n";
+	print "<plist version=\"1.0\">\n";
+	print "	<dict>\n";
+        print "		<key>PayloadDisplayName</key>\n";
+	print "		<string>$confighash{$key}[1]</string>\n";
+	print "		<key>PayloadIdentifier</key>\n";
+	print "		<string>$confighash{$key}[1]</string>\n";
+	print "		<key>PayloadUUID</key>\n";
+	print "		<string>${uuid1}</string>\n";
+	print "		<key>PayloadType</key>\n";
+	print "		<string>Configuration</string>\n";
+	print "		<key>PayloadVersion</key>\n";
+	print "		<integer>1</integer>\n";
+	print "		<key>PayloadContent</key>\n";
+	print "		<array>\n";
+	print "			<dict>\n";
+	print "				<key>PayloadIdentifier</key>\n";
+	print "				<string>org.example.vpn1.conf1</string>\n";
+	print "				<key>PayloadUUID</key>\n";
+	print "				<string>${uuid2}</string>\n";
+	print "				<key>PayloadType</key>\n";
+	print "				<string>com.apple.vpn.managed</string>\n";
+	print "				<key>PayloadVersion</key>\n";
+	print "				<integer>1</integer>\n";
+	print "				<key>UserDefinedName</key>\n";
+	print "				<string>$confighash{$key}[1]</string>\n";
+	print "				<key>VPNType</key>\n";
+	print "				<string>IKEv2</string>\n";
+	print "				<key>IKEv2</key>\n";
+	print "				<dict>\n";
+	print "					<key>RemoteAddress</key>\n";
+	print "					<string>18.206.152.26</string>\n";
+
+	# Left ID
+	if ($confighash{$key}[9]) {
+		print "				<key>LocalIdentifier</key>\n";
+		print "				<string>$confighash{$key}[9]</string>\n";
+	}
+
+	# Right ID
+	if ($confighash{$key}[7]) {
+		print "				<key>RemoteIdentifier</key>\n";
+		print "				<string>$confighash{$key}[7]</string>\n";
+	}
+
+	if ($confighash{$key}[4] eq "cert") {
+		print "				<key>AuthenticationMethod</key>\n";
+		print "				<string>Certificate</string>\n";
+
+		print "				<key>PayloadCertificateUUID</key>\n";
+		print "				<string>${cert_uuid}</string>\n";
+	} else {
+		print "				<key>AuthenticationMethod</key>\n";
+		print "				<string>SharedSecret</string>\n";
+		print "				<key>SharedSecret</key>\n";
+		print "				<string>$confighash{$key}[5]</string>\n";
+	}
+
+	print "					<key>ExtendedAuthEnabled</key>\n";
+	print "					<integer>0</integer>\n";
+	print "				</dict>\n";
+	print "			</dict>\n";
+
+	if ($confighash{$key}[4] eq "cert") {
+		print "			<dict>\n";
+		print "				<key>PayloadIdentifier</key>\n";
+		print "				<string>org.example.vpn1.client</string>\n";
+		print "				<key>PayloadUUID</key>\n";
+		print "				<string>${cert_uuid}</string>\n";
+		print "				<key>PayloadType</key>\n";
+		print "				<string>com.apple.security.pkcs12</string>\n";
+		print "				<key>PayloadVersion</key>\n";
+		print "				<integer>1</integer>\n";
+		print "				<key>PayloadContent</key>\n";
+		print "				<data>\n";
+
+		foreach (split /\n/,${cert}) {
+			print "					$_\n";
+		}
+
+		print "				</data>\n";
+		print "			</dict>\n";
+	}
+
+	print "		</array>\n";
+	print "	</dict>\n";
+	print "</plist>\n";
+
+	# Done
+	exit(0);
 ###
 ### Display certificate
 ###
@@ -2982,7 +3099,7 @@  END
 	<th width='23%' class='boldbase' align='center'><b>$Lang::tr{'common name'}</b></th>
 	<th width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
 	<th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
-	<th class='boldbase' align='center' colspan='6'><b>$Lang::tr{'action'}</b></th>
+	<th class='boldbase' align='center' colspan='7'><b>$Lang::tr{'action'}</b></th>
 	</tr>
 END
 ;
@@ -3082,6 +3199,22 @@  END
 	} else {
 		print "<td width='2%' $col>&nbsp;</td>";
 	}
+
+	# Apple Profile
+	if ($confighash{$key}[3] eq 'host') {
+		print <<END;
+		<td align='center' $col>
+			<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+			<input type='image' name='$Lang::tr{'download apple profile'}' src='/images/apple.png' alt='$Lang::tr{'download apple profile'}' title='$Lang::tr{'download apple profile'}' />
+			<input type='hidden' name='ACTION' value='$Lang::tr{'download apple profile'}' />
+			<input type='hidden' name='KEY' value='$key' />
+			</form>
+		</td>
+END
+	} else {
+		print "<td width='2%' $col>&nbsp;</td>";
+	}
+
 	print <<END
 	<td align='center' $col>
 		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
diff --git a/html/html/images/apple.png b/html/html/images/apple.png
new file mode 100644
index 0000000000000000000000000000000000000000..6571a749b693911b9c616b29a6b749b409935853
GIT binary patch
literal 346
zcmeAS@N?(olHy`uVBq!ia0vp^A|TAc1|)ksWqE-VOR<w@2nP_<aHMnq`J4qFk;M!Q
z+`=Ht$S`Y;1W@pgr;B5VMeo|n3%y+&1&)90SAU^usKGW{;e_aamc?fi3^}5X<b2Qn
zkkiz0@`3z=`3c6HQMzor<s4k$A@_{mSXXqsyZ!ZNb7ShvpXbh;)A_&Vr2UaKiE{qA
zlgkTRg{pHCFRV{c*4ffp`k{?K=eSIA{*IQ^Jqe38G4DxQx~gPKkT1WvQ*~<SP0PMk
z$Da50g>5e-as->B0w#;z=wb9XPEh5Wee3MXypEOc8~ondH1Ay2V|w?oEt`%}g2C)Z
zCR5BO#0eMt*&6iL??zAj*4dmoA2oFT_P=^$DO_>o$~Ql@9ECz-J>djav!H~Q|CLSb
nF$uD(ZyYzx+c=dgd#Qd-dzV1X{ntx?;lSYO>gTe~DWM4fVRMKG

literal 0
HcmV?d00001

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index ff08bce0c..aaf1d4978 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -906,6 +906,7 @@ 
 'downlink speed' => 'Downlink speed (kbit/sec)',
 'downlink std class' => 'downlink standard class',
 'download' => 'download',
+'download apple profile' => 'Download Apple Configuration Profile',
 'download ca certificate' => 'Download CA certificate',
 'download certificate' => 'Download file',
 'download dh parameter' => 'Download Diffie-Hellman parameters',