From patchwork Wed May 17 09:56:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6863 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4QLpRk2B24z3wlm for ; Wed, 17 May 2023 09:57:06 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4QLpRf1Z1sz1bx; Wed, 17 May 2023 09:57:02 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4QLpRd5Vkcz30Jc; Wed, 17 May 2023 09:57:01 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4QLpRc54fNz2xJQ for ; Wed, 17 May 2023 09:57:00 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4QLpRZ4HHxzXT; Wed, 17 May 2023 09:56:58 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1684317419; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=8N1dljGKIvr8OR1vf8cR8ljLbfOsnFdsWp8XRy5BIGE=; b=k+AY+XdWedc1UNsr7R/CIf49eqAYTaS+RSwUOxgisCFehXjmSUy9Q5+qgjkdwOuCbZYB2e 4q76lsgqSN1hIABA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1684317419; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=8N1dljGKIvr8OR1vf8cR8ljLbfOsnFdsWp8XRy5BIGE=; b=WNQbP5V7T9zT9zAyAsoXPjByOFh8q45T81kTxwpCeObB3HpTgcuoEUAzTP2YDCR+IMm2on S1EHvtzJza9cy9lJOLQfQpkWibK0UIHc7n5QXBLyzPOFHmavWsZ+DF8q4IUvJiWoNhQAuc sZuSfiXvkOV98CDZNNAIKRWSD6H0+gDHOaiDLi2BJWD+yhwSNBDtLQTOQXWF4i+QTHtiIj ky+dLNACI6OsjXZqpkYu2w6l9up534FTBvUjWdbFXwgJRte2tqgnPLnuZT75C0YnHCfnfe LYBjqI6rIsjPU4450c1OQypVwWAjQRa488dUkq3LxHsWp4ZqNSTsBV70fAC4AQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 1/5] ovpnmain.cgi: Fix for bug#11048 - insecure download icon shown for connections with a password Date: Wed, 17 May 2023 11:56:48 +0200 Message-Id: <20230517095652.8248-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - The insecure package download icon is shown if entry 41 in /var/ipfire/ovpn/ovpnconfig is set to no-pass. The code block on ovpnmain.cgi that deals with this checks if the connection is a host and if the first password entry is a null. Then it adds no-pass to ovpnconfig. - The same block of code is also used for when he connection is edited. However at this stage the password entry is back to null because the password value is only kept until the connection has been saved. Therefore doing an edit results in the password value being taken as null even for connections with a password. - This fix enters no-pass if the connection type is host and the password is null, pass if the connection type is host and the password has characters. If the connection type is net then no-pass is used as net2net connections dop not have encrypted certificates. - The code has been changed to show a different icon for unencrypted and encrypted certificates. - Separate patches are provided for the language file change, the provision of a new icon and the code for the update.sh script for the Core Update to update all existing connections, if any exist, to have either pass or no-pass in index 41. - This patch set was a joint collaboration between Erik Kapfer and Adolf Belka - Patch set, including the code for the Core Update 175 update.sh script has been tested on a vm testbed Fixes: Bug#11048 Tested-by: Adolf Belka Tested-by: Erik Kapfer Suggested-by: Adolf Belka Suggested-by: Erik Kapfer Signed-off-by: Adolf Belka --- html/cgi-bin/ovpnmain.cgi | 72 +++++++++++++++++++++++---------------- 1 file changed, 42 insertions(+), 30 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 51d6e8431..50ad21e79 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4327,8 +4327,14 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[39] = $cgiparams{'DAUTH'}; $confighash{$key}[40] = $cgiparams{'DCIPHER'}; - if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) { - $confighash{$key}[41] = "no-pass"; + if ($confighash{$key}[41] eq "") { + if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) { + $confighash{$key}[41] = "no-pass"; + } elsif (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} ne "")) { + $confighash{$key}[41] = "pass"; + } elsif ($cgiparams{'TYPE'} eq 'net') { + $confighash{$key}[41] = "no-pass"; + } } $confighash{$key}[42] = 'HOTP/T30/6'; @@ -5470,20 +5476,24 @@ END } - print <$active + if ($confighash{$key}[41] eq "pass") { + print <$active -
- - - -
+
+ + + + +
END - ; - if ($confighash{$key}[41] eq "no-pass") { + ; } elsif ($confighash{$key}[41] eq "no-pass") { print < + $active + +
@@ -5491,7 +5501,7 @@ END
END - } else { + ; } else { print " "; } @@ -5567,30 +5577,32 @@ END # If the config file contains entries, print Key to action icons if ( $id ) { print < - + + - - + + + + + + + + + + + + + + + - - - - - - - - - - - - -
  $Lang::tr{'legend'}:  $Lang::tr{$Lang::tr{'click to disable'}    ?RELOAD$Lang::tr{'dl client arch insecure'}    ?RELOAD$Lang::tr{'dl client arch'}     $Lang::tr{ $Lang::tr{'show certificate'}    $Lang::tr{$Lang::tr{'show otp qrcode'}
      ?FLOPPY$Lang::tr{'download certificate'}  ?OFF$Lang::tr{'click to enable'}  $Lang::tr{$Lang::tr{'click to disable'}     $Lang::tr{ $Lang::tr{'edit'}     $Lang::tr{ $Lang::tr{'remove'}
    ?OFF$Lang::tr{'click to enable'}    ?FLOPPY$Lang::tr{'download certificate'}    ?RELOAD$Lang::tr{'dl client arch'}    $Lang::tr{$Lang::tr{'show otp qrcode'}

+ +
END ; } From patchwork Wed May 17 09:56:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6866 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4QLpRn1zVkz3wmT for ; Wed, 17 May 2023 09:57:09 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4QLpRf5YjfzXT; Wed, 17 May 2023 09:57:02 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4QLpRf0HHzz2xKp; Wed, 17 May 2023 09:57:02 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4QLpRc5z3Bz300f for ; Wed, 17 May 2023 09:57:00 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4QLpRc3ZdDz1V1; Wed, 17 May 2023 09:57:00 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1684317420; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B3xPJm5XY/kP4m/Wrm+v1usd8v7wWDiGPyrWV1uPjPM=; b=O+CEattd9sJ5Q0jU+lfbaU4ncnfzl5WyliqQFCI5ynVc5A3bjly1V8AVqyEApeMHlEVjHS /ZCL1EKhzoqsjXAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1684317420; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B3xPJm5XY/kP4m/Wrm+v1usd8v7wWDiGPyrWV1uPjPM=; b=YHwViBaMl/Nu6c2c/WGR7lfD7lqwGoc1pZRe6wbP6PMnHPxWNik26H9Sz8up89nMkFsrTj x94etWkG2YEk90z3pdBExt2L1dVMSvI7H+7Mad/AZgRs0yUrlR39DPNaDzjtSPQXzJjKEn Cek+R9+I8ZXPqAuuvECrXeE0usYKNW4+A0Zr2h/gEC9/4OcATET8dprofasnwe3R0Fe90j bNELCHBWBOPGyrdfNObwbEv5F79qG8YrmirMQpPJ2fSaBRD7KbmeZCmD8H48L8tvD0hmt5 XQPkE8TkXBYUEqxMT2EMD1DW9eje0L5sZ3z6d5LRETLw9msVmcHj3nMVp071/A== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 2/5] de.pl: Change language text for secure icon wording Date: Wed, 17 May 2023 11:56:49 +0200 Message-Id: <20230517095652.8248-2-adolf.belka@ipfire.org> In-Reply-To: <20230517095652.8248-1-adolf.belka@ipfire.org> References: <20230517095652.8248-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Adolf Belka --- langs/de/cgi-bin/de.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 33730f0c3..b9665e62d 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -817,7 +817,7 @@ 'display hostname in window title' => 'Hostname im Fenstertitel anzeigen', 'display traffic at home' => 'Berechneten Traffic auf der Startseite anzeigen', 'display webinterface effects' => 'Überblendeffekte einschalten', -'dl client arch' => 'Client Paket herunterladen (zip)', +'dl client arch' => 'Verschlüsseltes Client Paket herunterladen (zip)', 'dl client arch insecure' => 'Ungesichertes Client-Paket herunterladen (zip)', 'dmz' => 'DMZ', 'dmz pinhole configuration' => 'Einstellungen des DMZ-Schlupfloches', From patchwork Wed May 17 09:56:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6864 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4QLpRm4Lmvz3wlm for ; Wed, 17 May 2023 09:57:08 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4QLpRf5gC2z9Vp; Wed, 17 May 2023 09:57:02 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4QLpRf2lQlz30Km; Wed, 17 May 2023 09:57:02 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4QLpRd18zQz300f for ; Wed, 17 May 2023 09:57:01 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4QLpRc5rwTzXT; Wed, 17 May 2023 09:57:00 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1684317420; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=u/GpfnEaQA81hRl3cjdAPpro9oBCU+Xc4U8Q6bsl/Bk=; b=JfFdGFlv85KQzB071B/xMrLdODO6xDrTVuVkOmlfGTaOgEUhZkmK6iGIiqebCU/fuSXVnZ KUO9gdccEoLZhzDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1684317420; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=u/GpfnEaQA81hRl3cjdAPpro9oBCU+Xc4U8Q6bsl/Bk=; b=oOCv+lqRdjgWlOVQrBHYhPMqCYlzu3eLcIwBaugYOS3Ggr/MuXnpFz+aeFqcnW1GsYowVI 8mrKs3jfvLqalPVY6JlAU6D9dWdYxwXYeQN1mEWYRO4/ZEvZ0wObNwlk3r8xtIaMUIVgZI Uzq1Nd5KTNoKZjcaEEYalXjH4DVDCAsZyWD8r3CIJ54ZX9u6Wi8G2efG9R98/EnvdHhu+J C2DW7Bvqzuph3xUddDxaKDXkNTDVBJxfySvosKIpwnZqBWCxMrylleTBV9eUVaNoU4c5LN 9/NcKczY3Oxkmx5Lh23inyapN59SVQIcQUZ9XwD710Q/DTqFeAEiSSfqxkdnKg== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 3/5] en.pl: Update to language wording for secure connection icon Date: Wed, 17 May 2023 11:56:50 +0200 Message-Id: <20230517095652.8248-3-adolf.belka@ipfire.org> In-Reply-To: <20230517095652.8248-1-adolf.belka@ipfire.org> References: <20230517095652.8248-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Adolf Belka --- langs/en/cgi-bin/en.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 729516538..7b1670494 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -859,7 +859,7 @@ 'display hostname in window title' => 'Display hostname in window title', 'display traffic at home' => 'Display calculated traffic on startpage', 'display webinterface effects' => 'Activate effects', -'dl client arch' => 'Download Client Package (zip)', +'dl client arch' => 'Download Encrypted Client Package (zip)', 'dl client arch insecure' => 'Download insecure Client Package (zip)', 'dmz' => 'DMZ', 'dmz pinhole configuration' => 'DMZ pinhole configuration', From patchwork Wed May 17 09:56:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6865 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4QLpRm6zjFz3wlp for ; Wed, 17 May 2023 09:57:08 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4QLpRg2s43z9Vy; Wed, 17 May 2023 09:57:03 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4QLpRf4M0lz30Jw; Wed, 17 May 2023 09:57:02 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4QLpRd6T60z30Km for ; Wed, 17 May 2023 09:57:01 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4QLpRd17yzz1V1; Wed, 17 May 2023 09:57:01 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1684317421; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OS+65lkdYXEy174Fbi7FhLGwwDxSRKbW2rmwZil0XxA=; b=JuoOwaRqlpUyWNJfAUstkszibYGk1DQFyYuKtbqOTlVr/njQ4U1A0Gqc/7SVsc7aVjGBGn SYNMDysjOE0SU6Dg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1684317421; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OS+65lkdYXEy174Fbi7FhLGwwDxSRKbW2rmwZil0XxA=; b=nB2M6mlSzPOAKAH9SXL3PLg+smJCyTjDwaQIyPobRxq/GXTJZEk6vAMrFsKva6Il9ygkjZ WMwL/ZEAZZkWyxjAWa93vU6ud6G21uUiq7ejEmlVlop166x+1+aYGgKSJokRnTvaFtN3TD OyIdsmhCN/oFw46itlcl4irYA1IWSPmmmS4VunZOOXwXTVFeSxF7zypNaubj4WZTMpd7TU 9ZMuJE4w94sXbG661CzE1e7twn6RWx2fnba+0fjMU8Av5/MzbYkIQpG27AMhOkvNEAlguX Coox0YXGNABesxf95v3QDCWO5UwaUSum/H+9xbQPTzcgLoy0s9Icoigi713lgA== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 4/5] web-user-interface: Addition of new icon for secure connection certificate download Date: Wed, 17 May 2023 11:56:51 +0200 Message-Id: <20230517095652.8248-4-adolf.belka@ipfire.org> In-Reply-To: <20230517095652.8248-1-adolf.belka@ipfire.org> References: <20230517095652.8248-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - This uses a padlock icon from https://commons.wikimedia.org/wiki/File:Encrypted.png - The license for this image is the following:- This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See version 2.1 and version 3 of the GNU Lesser General Public License for more details. - Based on the above license I believe it can be used by IPFire covered by the GNU General Public License that is used for it. - The icon image was made by taking the existing openvpn.png file and superimposing the padlock icon on top of it at a 12x12 pixel format and naming it openvpn_encrypted.png Signed-off-by: Adolf Belka --- config/rootfiles/common/web-user-interface | 1 + html/html/images/openvpn_encrypted.png | Bin 0 -> 7004 bytes 2 files changed, 1 insertion(+) create mode 100644 html/html/images/openvpn_encrypted.png diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index 33f0d30a7..9aec3bdbc 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -233,6 +233,7 @@ srv/web/ipfire/html/images/off.gif srv/web/ipfire/html/images/on.gif srv/web/ipfire/html/images/openvpn.gif srv/web/ipfire/html/images/openvpn.png +srv/web/ipfire/html/images/openvpn_encrypted.png srv/web/ipfire/html/images/package-x-generic.png srv/web/ipfire/html/images/printer-error.png srv/web/ipfire/html/images/printer.png diff --git a/html/html/images/openvpn_encrypted.png b/html/html/images/openvpn_encrypted.png new file mode 100644 index 0000000000000000000000000000000000000000..873c6c46113df0b973022c9c0f3a01cba19c0fbd GIT binary patch literal 7004 zcmeHKc{J4h_aFOO_9gXbnigAQHq4kzw!tXMmaH)=BQwLyFry?{LbM1GQiyih+AL9) z$W{_XNGVHsEM-gb`%q6$&+qp==XaiSe!u^kIiKym?|r@Reck)M=lzbe+hw&%QcV&B z0(ig!z#n_^qUwNZjFklfBAuwQ*3fQ*S?oHReWBRZeQLs6EL8bvrK$yBizpU`1%ZnMj!y61AJ!0SJ4j!8q` zxPd^DSh~5not-a>%i{R50>IYh=6{6(1dw^|4A04_OF5>kl6N4x1+J)NK3=&BT#3HY zjwhzA@zxYtjnXUHkRvE(ffrUXjev+I9EB7?jzx!iKTtmfzEJC}Xm1~aDt6|+dsms7 z+P~iC(Ejt4vpApeL!D)yQx%K%D!49^;d)u&>)*WFaWdgpK6ybvdIBWW4Dv2Uq6E!w zHQ|Kq>denJi3)QN@o+S+RtJPWUJ*IWomjF?PkEpc+b$gUBBG^{5_i|G_R7l$>7qlH zwH<6T1EO9!jDH{&3E>6-^*RVP&f?UhrL zpl{qEoib{8%suk$tVsHExv4nHS0;AwJTNL)_vrxzXq=yO&> zQ{NmFmWVITmtwjg_G;S&{H`NTsa+5p?AjilBP$@!F)0;Ve2P9Cijl3V5Pu$5cW-Iy zaDT}|>YL3;8FPlM&`k-g@>3P+KgW#rA~pKQ4-tQ~VT8+%#ei#k@s zGrYho@(IpYF+CzIrmsfaCgMsV^7^WbYUvjuGm$l~Qvx6rYORq{17iV79y04Adj_N? zg60g21dU^Sl$Fv4$}FI?F8G;Y|RD_17p z8_P8JGV8ZIncMFTS5>nVBS%iwfRTMD-WYW}O503oKz?AufKnpCNuygnGS1_TC`oA&GbtIEJa=M~ zdAr8FL=wTQJ-D6N9@36$*Fm1WZX3MCDoJE;Y;enz#T0qUUE)|&QPfFccTy$(IKI60 zRIQYC#l7bvxJBd}OQOAjy_#mK=36J}Ju#!^w)to5s&Z!>eJE54 zlv+dOQ1(;W8csZsO*d$XIkQ72_uPfv?8;QfGn~Y?4UDAyiEB@1BzZx`x3(q1&ahId zpiBFX6uizpl~d@LZ9b3)*=B3#;HnbJ?1-yu*43d(m9sYWLHmDi2F8oh;7%_(~&nSL& zv1>5tN(%idJ#s_{wFc!?B3PnZ(%&-O;`(0y{hh51%2~=EpjhZWH#HabRvDMRTRAQw zE{vkl+h2Sc&IrFXQBRLIyjeN(-X9_;6d~S1cKSjl7?JRCW zq^cC;7ld{hbQz+z-MPga>XqZcW=XSQGHXu0Q-7|0689XZfXl%7R9vs<lEu}9%!ciEVY=&W=whP@P0gy9NiJy(W&R*=FzQ{B@K)2N-8*=m9#yLc*;H* zQQXa({_{C1)Hsa1CHWq*#L+})(PmmAC^{oL*Y$*}zALMwreybf!q5c!3wxS#=iRQs zkoSkmMQ}#!VNuJzjEwkA$L1_*+&|vwU|KNVF~|C8MU3&=yX!u_*}pk|bIRuRJ6!X+ z?jsiRM>C?wBzhK_t~agzSpD(!*xiz6^r1xd$W+Btk*7d;x6ZIqozhL-qd)Jv(Oq53 zV+yVA`doZmb(M4TecvAkjh!_1^cMu)p!Z%XW%b;@xA<|$QT)edYJ3WZ&C$W?x!0u&S~jd7t6u(;5LAD%h%YL>Ta?%eS9M$F5p$WEDsZcRqrnB76~D?eiyFm0yEs2M zqSba~ZJV>v+QV6spH%a7wx9)$H`q9Rl8+W+Le{Ri3p{A`f9LFrXAQG z^Xb4g*u~ZcOJ*^2i4+!zs>^2t0Q+MQ$jF!?a#iAjaDzjrdpqfI;OF!F+~4lY`~sAS<|7;C)#PgMe35 zxchMs7h5~9Ig3pN>*?z0!l4#?dN2~QT@q}>rqHksc*`FUz!whU%jE`OVK5$#r^`d> zve-T_grT7!432~$kx)Pb$_Zg|iF_!NvvC>XI|iQ0A+zZLTsn&hUdAMnSV3GI1OkkM z|MHI!U~Bsmp2_*a0>B51PYi$|bm1@t1NN&0hiefGfc$XiKU#2{fYSubfy!Y8vB^}6 zU@DWl@mB~6`KNtA5Ziwx910mm^`|lbRSqyK;vZ95S=-wEv{#2chbEU! z`?_KEmaQ!o&mspcyJwBZL6+yoQdnd<1-tSJN01E+ zFl00o2`3ps^=JqR6hkHfH=;fjV*p1O67`9{Kv^?6Tq2W9U4{a{b?E>O(Ey1?Q_#SM zfwBx?NTxtZBpMNFK+;2_Cpct5?fV6ab2X(lbO;_4T1hA_flC zBf<5dL^u)+r5IqSR1(bqi9w@RpeSUlC5z1<0_mhPh(1(U0Mln>V3}~Nshu?rg4Bio zEwS?_a%q484q`)R2J!zMaH2D)j$Gn0n+OAp9twdlKRDakUxF2KGcv(G=!qaWCJP!rB5Ow{u?@nMdR{_Y^tdbz$3sFP@XGXfi+hWrS(r= zc)rx-EC7T-fztS!Fufmy!F~h`TkaWuMQjB7ADkGiDE!i70K4xppm_nk5cabf{@`r6 z?fgIfe&pi+aRvbT_ay&{-`{lort4oZ@UN7ASJ!X4{uKlNO8Iwn{h!e#`S)>($^>>n zJm9cY0ym2X4qBq5omP0z((?a8<)tJ*A`w7v<$yp^3d@%OC_PgZ5Q=fFZ7sxxMC8O3 zA@Zx{*MLBR`>gS%PM9V}(r$tiQL*lD|7;ej8{@2rPbYY5YqWU%GT zZsgf!kKmz*2Z7LTbCSBv}QlN?q*>FXVr*|lkGDKE*fbL}DDO7!fFT{g^z3rB|-2YFRN z0;MnSHm^UNVB8*`8}AJr?N!Lk^^9um^&CpOwMIhxMiA&C&2D35L+7*DEUnrWy6?DI z)wp@vNs*n&`&3Lus*hx;TaH4)9zpxUcEP^{st0`(MS4VjGf(X-@w!2=?UW`=uV@NC6sJO(jS>N-0 z!;$yZN06pbkJmmaJZX3-%Y_4dnX>LMGQ=(Td7)D;2&!@C{*kJD=jI_oOI=)d|L~W} zyVsiVd(>b~@gCNNdTV|3Q+pv1NRNZ?dM#YTbDi>g+y~(Yj-0n9HOfzUq?6^5H&s>r z-UekSb>^2n-sm?WNysqMRB0f7l6qCXc-q5s^0JT2!$4D~fw`d9D)!p);&VI538vx# zc_Okp;w25={y0-Xmdo2j5GWSis!Fy?kxRI(N-kVojZBkHK69nbZ`9}lR=Q_XtgLvv zzFNPG@I+{|j(~83MPW!RKeO^#19qombsYp=|5|6y(TlPQljj?2it4-l+Lg;IB{x7! zgbgZlg X-Patchwork-Id: 6867 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4QLpRp56Brz3wlm for ; Wed, 17 May 2023 09:57:10 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4QLpRj59PBz9W4; Wed, 17 May 2023 09:57:05 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4QLpRj3Z5kz30JR; Wed, 17 May 2023 09:57:05 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4QLpRf1zL5z30Jw for ; Wed, 17 May 2023 09:57:02 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4QLpRd6f05zXT; Wed, 17 May 2023 09:57:01 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1684317422; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WAsFRJiwKzCcuzunGyM8fTGEw8y3XmA6x6NDcgQzlPo=; b=zY5+NJAzJpT/J6zGepHnuzJ9SSjTRLjf23ghfLhd+BXVV9AX1j1b9JgWwrvlV78rWjpc9Y Zhb8t5dbhehxiCAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1684317422; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WAsFRJiwKzCcuzunGyM8fTGEw8y3XmA6x6NDcgQzlPo=; b=aEppEwkTEyWzw+9u5mtsOgLcKytWhJkZ1eOqGpxTedNjWXqHDJbsfnTEwvKvEp7d8g7xLN Yuf2FxfhG1kgNfxL3wvjWKlq88/4mtvaiHHeX3lSLaO4BaYDTB7qL1/lP3Q2uil3jvY52i IYdreHYz67UV3PLhMd67YX97cSb3dCtRwIA+p4PPcCmh15AGLPQ2XGhXIe3kq8D3hsryez oDd1fnmug22USdzggXOT4mdQxrPvUwlidYVSNW1vO+oEZ5sNtFoL/M377zodwZYQtl+SeQ 7jOmpUXtgitAzYgMweuekBpOQhfIISjhEbGiy6xuOO8sBfBVZdLPWHMKm1TNfQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 5/5] update.sh: Adds code to update an existing ovpnconfig with pass or no-pass Date: Wed, 17 May 2023 11:56:52 +0200 Message-Id: <20230517095652.8248-5-adolf.belka@ipfire.org> In-Reply-To: <20230517095652.8248-1-adolf.belka@ipfire.org> References: <20230517095652.8248-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - The code checks first if ovpnconfig exists and is not empty. - Then it makes all net2net connections no-pass since they do not use encryption - Then it cycles through all .p12 files and checks with openssl if a password exists or not. If a password is present then pass is added to index 41 and if not then no-pass is added to index 41 - This code should be left in update.sh for future Core Updates in case people don't update with Core Update 175 but leave it till later. This code works fine on code that already has pass or no-pass entered into index 41 in ovpnconfig Fixes: Bug#11048 Suggested-by: Erik Kapfer Suggested-by: Adolf Belka Tested-by: Erik Kapfer Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/rootfiles/core/175/update.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/config/rootfiles/core/175/update.sh b/config/rootfiles/core/175/update.sh index 03ce4a93d..8ed34f39e 100644 --- a/config/rootfiles/core/175/update.sh +++ b/config/rootfiles/core/175/update.sh @@ -175,6 +175,30 @@ if [ -e /boot/pakfire-kernel-update ]; then /boot/pakfire-kernel-update ${KVER} fi +## Modify ovpnconfig according to bug 11048 for pass, no-pass modification in ovpnconfig index +# Check if ovpnconfig exists and is not empty +if [ -s /var/ipfire/ovpn/ovpnconfig ]; then + # Make all N2N connections 'no-pass' since they do not use encryption + awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + + # Evaluate roadwarrior connection names for *.p12 files + for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do + # Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index + if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'Encrypted') ]]; then + awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + fi + # Sort all encrypted roadwarriors out and set 'pass' in [43] index + if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'error') ]]; then + awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + fi + done +fi + +# Replace existing ovpnconfig with updated index +mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig +# Set correct ownership +chown nobody:nobody /var/ipfire/ovpn/ovpnconfig + # This update needs a reboot... touch /var/run/need_reboot