From patchwork Fri Jun 15 16:35:13 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Erik Kapfer <erik.kapfer@ipfire.org>
X-Patchwork-Id: 1804
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (unknown [172.28.1.200])
	by web02.i.ipfire.org (Postfix) with ESMTP id B4F28607E0
	for <patchwork@web02.i.ipfire.org>;
	Fri, 15 Jun 2018 08:35:29 +0200 (CEST)
Received: from mail01.i.ipfire.org (localhost [127.0.0.1])
	by mail01.ipfire.org (Postfix) with ESMTP id C193B108B8A3;
	Fri, 15 Jun 2018 07:35:28 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801;
	t=1529044529;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	message-id:message-id:to:to:cc:mime-version:content-type:
	content-transfer-encoding:in-reply-to:references:list-id:
	list-unsubscribe:list-subscribe:list-post;
	bh=2nUhh9iKRDl3OjB4DFzyWINQug/O3efmjCDJrZx/X7c=;
	b=xH5ohjGQVFAy0XQv+ZWwGnF6zQfADxbBnCfP8QmB3npkwjLwLuWVvP+HVDPYqaSdhbsBKE
	0VPGE6l2RPhdI2ABIqksqlM4p6OFzCHfgUJwIODwdQwil2Yu+2ihLc7U2gvDMob02u6lDY
	tVwvK/Ob4oQWkZl2JFIw6czAUy2jGl0xfGw80m0n/MXcCnU6sKbwTABSVoLgEgv+EspCCR
	k4Un5rKKNjU5fGQEiBpmzaFHkQcEAXMNuP/0iVLWNWzkzGmoTaWxWVWJwU+kQ5E8kGLTHY
	6XPGavXxNY4xX1pIylAqOfq7F4FIzuD+LPO3ufR3JBORWgqdJ7Ux7uUup9Wb0w==
Received: from localhost.localdomain (i59F4A2E1.versanet.de [89.244.162.225])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
	(Client did not present a certificate)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 59CDE1091020;
	Fri, 15 Jun 2018 07:35:26 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801;
	t=1529044526;
	h=from:from:sender:reply-to:subject:subject:date:date:
	message-id:message-id:to:to:cc:cc:mime-version:content-type:
	content-transfer-encoding:in-reply-to:references;
	bh=2nUhh9iKRDl3OjB4DFzyWINQug/O3efmjCDJrZx/X7c=;
	b=olUF2NpSI6KgCg05PeexfjLVA0Sbq/mABNzJasDaFHi+bker12X5vqNxv9NQCotpfbfWn7
	7mne5/ZOpgYqeCnLuavDGQVitbRB8dRs2wgZn9jLBKy18cYjbnm5VSYQTlXwx7QkU3wdVg
	1ops2BRarzh1qsdiWOg2rUcXIdRHLw1xn+igsn4WWvFvZ0ds5erHk+nhABg/65etMvDUVR
	Zbv7MJStqZvuBSMjT+fPlcE8T1zlqS+rCpEt4IZ04vEvR2DL9LS9BmRIIlgn6wJPMIlX/Q
	WdzuEo8VXCDBSnXJ8WuheJKDqshbLpLCTFH9XLAeXMpz6sB4D3UqxmxhO8ApAw==
From: Erik Kapfer <erik.kapfer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] OpenVPN: Valid til days is required with OpenVPN-2.4.x
Date: Fri, 15 Jun 2018 08:35:13 +0200
Message-Id: <1529044513-19249-1-git-send-email-erik.kapfer@ipfire.org>
X-Mailer: git-send-email 2.7.4
Authentication-Results: mail01.ipfire.org;
	auth=pass smtp.auth=ummeegge smtp.mailfrom=erik.kapfer@ipfire.org
X-Spamd-Result: default: False [-2.10 / 11.00]; FROM_HAS_DN(0.00)[];
	RCVD_COUNT_ZERO(0.00)[0];
	ASN(0.00)[asn:8881, ipnet:89.244.160.0/20, country:DE];
	TO_MATCH_ENVRCPT_ALL(0.00)[]; MID_CONTAINS_FROM(1.00)[];
	DKIM_SIGNED(0.00)[]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[];
	RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[];
	MIME_GOOD(-0.10)[text/plain]; BAYES_HAM(-3.00)[100.00%];
	RCVD_TLS_ALL(0.00)[]
X-Spam-Status: No, score=-2.10
X-Rspamd-Server: mail01.i.ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
	<mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <https://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
	<mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Check has been integrated that the OpenSSL maximum of '999999' valid days can not be exceeded.
Check for needed entry in 'Valid til days' field has been integrated.
Asterisk for 'Valid til days' field has been set to mark it as required field.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index eac962e..99d39a9 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -3980,6 +3980,16 @@ if ($cgiparams{'TYPE'} eq 'net') {
       		goto VPNCONF_ERROR;
 	}
 
+	# Check for N2N that OpenSSL maximum of valid days will not be exceeded
+	if ($cgiparams{'TYPE'} eq 'net') {
+		if ($cgiparams{'DAYS_VALID'} >= '999999') {
+			$errormessage = $Lang::tr{'invalid input for valid till days'};
+			unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+			rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+			goto VPNCONF_ERROR;
+		}
+	}
+
 	if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
 	    $errormessage = $Lang::tr{'invalid input'};
 	    goto VPNCONF_ERROR;
@@ -4157,11 +4167,19 @@ if ($cgiparams{'TYPE'} eq 'net') {
 		$errormessage = $Lang::tr{'passwords do not match'};
 		goto VPNCONF_ERROR;
 	    }
-	    if ($cgiparams{'DAYS_VALID'} ne '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) {
+	    if ($cgiparams{'DAYS_VALID'} eq '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) {
 		$errormessage = $Lang::tr{'invalid input for valid till days'};
 		goto VPNCONF_ERROR;
 	    }
 
+	    # Check for RW that OpenSSL maximum of valid days will not be exceeded
+	    if ($cgiparams{'TYPE'} eq 'host') {
+		if ($cgiparams{'DAYS_VALID'} >= '999999') {
+			$errormessage = $Lang::tr{'invalid input for valid till days'};
+			goto VPNCONF_ERROR;
+		}
+	    }
+
 	    # Replace empty strings with a .
 	    (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
 	    (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
@@ -4813,7 +4831,7 @@ END
 if ($cgiparams{'TYPE'} eq 'host') {
 	print <<END;
 	</select></td></tr>
-		<td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):</td>
+		<td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):&nbsp;<img src='/blob.gif' alt='*' /</td>
 		<td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
 		<tr><td>&nbsp;</td>
 		<td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
@@ -4828,7 +4846,7 @@ END
 }else{
 	print <<END;
 	</select></td></tr>
-		<td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):</td>
+		<td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):&nbsp;<img src='/blob.gif' alt='*' /</td>
 		<td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
 		<tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
 		<tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>