mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-16 01:24:38 +00:00
VPN: OpenVPN: Client Export - use new trust model to link users by common_name. closes https://github.com/opnsense/core/issues/7696
It looks like we left some old code in the openvpn export, since our model parses the certificate data already, we should be able to reuse the same data for a more consistent approach. Common name is the only relevant linking pin between a user and the certificate, which also means there can only be one link. To avoid api breakage, keep the return format as it was, but make sure we only return one name when found. In the long run we might consider changing the ui to just mark the record with an icon so the user knows an entity exists.
This commit is contained in:
Ad Schellevis
parent
aadc34d6a0
commit
2ad84c1932
@ -36,6 +36,7 @@ use OPNsense\Trust\Store;
|
||||
use OPNsense\OpenVPN\OpenVPN;
|
||||
use OPNsense\OpenVPN\Export;
|
||||
use OPNsense\OpenVPN\ExportFactory;
|
||||
use OPNsense\Trust\Cert;
|
||||
|
||||
/**
|
||||
* Class ExportController handles client export functions
|
||||
@ -124,23 +125,6 @@ class ExportController extends ApiControllerBase
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* find CA record
|
||||
* @param string $caref
|
||||
* @return mixed
|
||||
*/
|
||||
private function getCA($caref)
|
||||
{
|
||||
if (isset(Config::getInstance()->object()->ca)) {
|
||||
foreach (Config::getInstance()->object()->ca as $cert) {
|
||||
if (isset($cert->refid) && (string)$caref == $cert->refid) {
|
||||
return $cert;
|
||||
}
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine configured settings for selected server
|
||||
* @param string $vpnid server handle
|
||||
@ -208,24 +192,21 @@ class ExportController extends ApiControllerBase
|
||||
];
|
||||
$server = (new OpenVPN())->getInstanceById($vpnid);
|
||||
if ($server !== null) {
|
||||
// collect certificates for this server's ca
|
||||
if (isset(Config::getInstance()->object()->cert)) {
|
||||
foreach (Config::getInstance()->object()->cert as $cert) {
|
||||
if (isset($cert->refid) && isset($cert->caref) && $server['caref'] == $cert->caref) {
|
||||
$result[(string)$cert->refid] = array(
|
||||
"description" => (string)$cert->descr,
|
||||
"users" => array()
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
// collect linked users
|
||||
$usernames = [];
|
||||
foreach (Config::getInstance()->object()->system->user as $user) {
|
||||
if (isset($user->cert)) {
|
||||
foreach ($user->cert as $cert) {
|
||||
if (!empty($result[(string)$cert])) {
|
||||
$result[(string)$cert]['users'][] = (string)$user->name;
|
||||
}
|
||||
$usernames[] = (string)$user->name;
|
||||
}
|
||||
foreach ((new Cert())->cert->iterateItems() as $cert) {
|
||||
if ($cert->caref == $server['caref']) {
|
||||
$result[(string)$cert->refid] = [
|
||||
"description" => (string)$cert->descr,
|
||||
"users" => []
|
||||
];
|
||||
if (
|
||||
in_array($cert->commonname, $usernames) &&
|
||||
in_array($cert->cert_type, ['usr_cert', 'combined_server_client'])
|
||||
) {
|
||||
$result[(string)$cert->refid]['users'][] = (string)$cert->commonname;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -196,7 +196,7 @@
|
||||
</tr>
|
||||
<tr>
|
||||
<th>{{ lang._('Certificate')}}</th>
|
||||
<th>{{ lang._('Linked user(s)')}}</th>
|
||||
<th>{{ lang._('Linked user')}}</th>
|
||||
<th></th>
|
||||
</tr>
|
||||
</thead>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user