From 437450b3f49826b727f00194bf2de5f68d149dc3 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Wed, 5 Aug 2015 09:53:22 +0000 Subject: [PATCH] (legacy/openvpn) remove global $openvpn_prots, client page will follow in another commit --- src/etc/inc/openvpn.inc | 3 - src/www/vpn_openvpn_client.php | 761 ++++++++++++++++----------------- 2 files changed, 361 insertions(+), 403 deletions(-) diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index 3f7e62ff5..79f5bac6f 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -29,9 +29,6 @@ POSSIBILITY OF SUCH DAMAGE. */ -global $openvpn_prots; -$openvpn_prots = array("UDP", "UDP6", "TCP", "TCP6"); - global $openvpn_dev_mode; $openvpn_dev_mode = array("tun", "tap"); diff --git a/src/www/vpn_openvpn_client.php b/src/www/vpn_openvpn_client.php index bfea89639..7acf47b6e 100644 --- a/src/www/vpn_openvpn_client.php +++ b/src/www/vpn_openvpn_client.php @@ -32,19 +32,10 @@ require_once("openvpn.inc"); require_once("services.inc"); require_once("interfaces.inc"); -function openvpn_validate_host($value, $name) { - $value = trim($value); - if (empty($value) || (!is_domain($value) && !is_ipaddr($value))) - return sprintf(gettext("The field '%s' must contain a valid IP address or domain name."), $name); - return false; -} +error_reporting(E_ALL); -$openvpn_client_modes = array( - 'p2p_tls' => gettext("Peer to Peer ( SSL/TLS )"), - 'p2p_shared_key' => gettext("Peer to Peer ( Shared Key )") ); - $pgtitle = array(gettext("OpenVPN"), gettext("Client")); $shortcut_section = "openvpn"; @@ -73,320 +64,286 @@ if (!isset($config['crl']) || !is_array($config['crl'])) { $a_crl =& $config['crl']; -if (isset($_GET['id']) && is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} -if (isset($_POST['act'])) { - $act = $_POST['act']; -} elseif (isset($_GET['act'])) { - $act = $_GET['act']; -} else { - $act = null; -} -if (isset($id) && $a_client[$id]) { - $vpnid = $a_client[$id]['vpnid']; -} else { - $vpnid = 0; -} -if (isset($_GET['act']) && $_GET['act'] == "del") { - if (!isset($a_client[$id])) { - redirectHeader("vpn_openvpn_client.php"); - exit; - } - if (!empty($a_client[$id])) { - openvpn_delete('client', $a_client[$id]); - } - unset($a_client[$id]); - write_config(); - $savemsg = gettext("Client successfully deleted")."
"; -} -if (isset($_GET['act']) && $_GET['act']=="new") { - $pconfig['autokey_enable'] = "yes"; - $pconfig['tlsauth_enable'] = "yes"; - $pconfig['autotls_enable'] = "yes"; - $pconfig['interface'] = "wan"; - $pconfig['server_port'] = 1194; - $pconfig['verbosity_level'] = 1; // Default verbosity is 1 - // OpenVPN Defaults to SHA1 - $pconfig['digest'] = "SHA1"; -} +$vpnid = 0; +$act = null; +if ($_SERVER['REQUEST_METHOD'] === 'GET') { + if (isset($_GET['id']) && is_numericint($_GET['id'])) { + $id = $_GET['id']; + } + if (isset($_GET['act'])) { + $act = $_GET['act']; + } -global $simplefields; -$simplefields = array('auth_user','auth_pass'); + $pconfig = array(); + // set defaults + $pconfig['autokey_enable'] = "yes"; // just in case the modes switch + $pconfig['autotls_enable'] = "yes"; // just in case the modes switch + $pconfig['tlsauth_enable'] = "yes"; + $pconfig['digest'] = "SHA1"; + $pconfig['verbosity_level'] = 1; // Default verbosity is 1 -if (isset($_GET['act']) && $_GET['act']=="edit") { - if (isset($id) && $a_client[$id]) { - foreach ($simplefields as $stat) { - $pconfig[$stat] = $a_client[$id][$stat]; - } + // edit existing. + if ($act=="edit" && isset($id) && $a_client[$id] ) { + // 1 on 1 copy of config attributes + $copy_fields = "auth_user,auth_pass,disable,mode,protocol,interface + ,local_port,server_addr,server_port,resolve_retry + ,proxy_addr,proxy_port,proxy_user,proxy_passwd,proxy_authtype,description + ,custom_options,ns_cert_type,dev_mode,caref,certref,crypto,digest,engine + ,tunnel_network,tunnel_networkv6,remote_network,remote_networkv6,use_shaper + ,compression,passtos,no_tun_ipv6,route_no_pull,route_no_exec,verbosity_level"; - $pconfig['disable'] = isset($a_client[$id]['disable']); - $pconfig['mode'] = $a_client[$id]['mode']; - $pconfig['protocol'] = $a_client[$id]['protocol']; - $pconfig['interface'] = $a_client[$id]['interface']; - if (!empty($a_client[$id]['ipaddr'])) { + foreach (explode(",",$copy_fields) as $fieldname) { + $fieldname = trim($fieldname); + if(isset($a_client[$id][$fieldname])) { + $pconfig[$fieldname] = $a_client[$id][$fieldname]; + } elseif (!isset($pconfig[$fieldname])) { + // initialize element + $pconfig[$fieldname] = null; + } + } + + // load / convert + if (!empty($a_client[$id]['ipaddr'])) { $pconfig['interface'] = $pconfig['interface'] . '|' . $a_client[$id]['ipaddr']; } - $pconfig['local_port'] = $a_client[$id]['local_port']; - $pconfig['server_addr'] = $a_client[$id]['server_addr']; - $pconfig['server_port'] = $a_client[$id]['server_port']; - $pconfig['resolve_retry'] = $a_client[$id]['resolve_retry']; - $pconfig['proxy_addr'] = $a_client[$id]['proxy_addr']; - $pconfig['proxy_port'] = $a_client[$id]['proxy_port']; - $pconfig['proxy_user'] = $a_client[$id]['proxy_user']; - $pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd']; - $pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype']; - $pconfig['description'] = $a_client[$id]['description']; - $pconfig['custom_options'] = $a_client[$id]['custom_options']; - $pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type']; - $pconfig['dev_mode'] = $a_client[$id]['dev_mode']; - if ($pconfig['mode'] != "p2p_shared_key") { - $pconfig['caref'] = $a_client[$id]['caref']; - $pconfig['certref'] = $a_client[$id]['certref']; - if ($a_client[$id]['tls']) { - $pconfig['tlsauth_enable'] = "yes"; - $pconfig['tls'] = base64_decode($a_client[$id]['tls']); - } - } else { - $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']); - } - $pconfig['crypto'] = $a_client[$id]['crypto']; - // OpenVPN Defaults to SHA1 if unset - $pconfig['digest'] = !empty($a_client[$id]['digest']) ? $a_client[$id]['digest'] : "SHA1"; - $pconfig['engine'] = $a_client[$id]['engine']; + if (isset($a_client[$id]['tls'])) { + $pconfig['tls'] = base64_decode($a_client[$id]['tls']); + } else { + $pconfig['tls'] = null; + } - $pconfig['tunnel_network'] = $a_client[$id]['tunnel_network']; - $pconfig['tunnel_networkv6'] = $a_client[$id]['tunnel_networkv6']; - $pconfig['remote_network'] = $a_client[$id]['remote_network']; - $pconfig['remote_networkv6'] = $a_client[$id]['remote_networkv6']; - $pconfig['use_shaper'] = $a_client[$id]['use_shaper']; - $pconfig['compression'] = $a_client[$id]['compression']; - $pconfig['passtos'] = $a_client[$id]['passtos']; + if (isset($a_client[$id]['shared_key'])) { + $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']); + } else { + $pconfig['shared_key'] = null ; + } - // just in case the modes switch - $pconfig['autokey_enable'] = "yes"; - $pconfig['autotls_enable'] = "yes"; + if (isset($id) && $a_client[$id]) { + $vpnid = $a_client[$id]['vpnid']; + } + } elseif ($act=="new") { + // create new + $pconfig['interface'] = "wan"; + $pconfig['server_port'] = 1194; + $init_fields = "auth_user,auth_pass,disable,mode,protocol,interface + ,local_port,server_addr,server_port,resolve_retry + ,proxy_addr,proxy_port,proxy_user,proxy_passwd,proxy_authtype,description + ,custom_options,ns_cert_type,dev_mode,caref,certref,crypto,digest,engine + ,tunnel_network,tunnel_networkv6,remote_network,remote_networkv6,use_shaper + ,compression,passtos,no_tun_ipv6,route_no_pull,route_no_exec,verbosity_level"; - $pconfig['no_tun_ipv6'] = $a_client[$id]['no_tun_ipv6']; - $pconfig['route_no_pull'] = $a_client[$id]['route_no_pull']; - $pconfig['route_no_exec'] = $a_client[$id]['route_no_exec']; - if (isset($a_client[$id]['verbosity_level'])) { - $pconfig['verbosity_level'] = $a_client[$id]['verbosity_level']; - } else { - $pconfig['verbosity_level'] = 1; // Default verbosity is 1 - } - } + foreach (explode(",",$init_fields) as $fieldname) { + $fieldname = trim($fieldname); + if (!isset($pconfig[$fieldname])) { + $pconfig[$fieldname] = null; + } + } + } +} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { + if (isset($_POST['id']) && is_numericint($_POST['id'])) { + $id = $_POST['id']; + } + if (isset($_POST['act'])) { + $act = $_POST['act']; + } + + if ($act == "del") { + if (!isset($id) || !isset($a_client[$id])) { + redirectHeader("vpn_openvpn_client.php"); + exit; + } + if (!empty($a_client[$id])) { + openvpn_delete('client', $a_client[$id]); + } + unset($a_client[$id]); + write_config(); + $savemsg = gettext("Client successfully deleted")."
"; + } else { + $pconfig = $_POST; + $input_errors = array(); + + if (isset($id) && $a_client[$id]) { + $vpnid = $a_client[$id]['vpnid']; + } + if (isset($pconfig['mode']) && $pconfig['mode'] != "p2p_shared_key") { + $tls_mode = true; + } else { + $tls_mode = false; + } + + // generate new key + if (!empty($pconfig['autokey_enable'])) { + $pconfig['shared_key'] = openvpn_create_key(); + } + + /* input validation */ + if (strpos($pconfig['interface'],'|') !== false) { + list($iv_iface, $iv_ip) = explode("|", $pconfig['interface']); + } else { + $iv_iface = $pconfig['interface']; + $iv_ip = null; + } + + if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) { + $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address."); + } elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) { + $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address."); + } elseif ((stristr($pconfig['protocol'], "6") === false) && !get_interface_ip($iv_iface) && ($pconfig['interface'] != "any")) { + $input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address."); + } elseif ((stristr($pconfig['protocol'], "6") !== false) && !get_interface_ipv6($iv_iface) && ($pconfig['interface'] != "any")) { + $input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address."); + } + if (!empty($pconfig['local_port'])) { + if (empty($pconfig['local_port']) || !is_numeric($pconfig['local_port']) || $pconfig['local_port'] < 0 || ($pconfig['local_port'] > 65535)) { + $input_errors[] = "The field Local port must contain a valid port, ranging from 0 to 65535."; + } + $portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid); + if (($portused != $vpnid) && ($portused != 0)) { + $input_errors[] = gettext("The specified 'Local port' is in use. Please select another value"); + } + } + if (empty($pconfig['server_addr']) || (!is_domain($pconfig['server_addr']) && !is_ipaddr($pconfig['server_addr']))) { + $input_errors[] = gettext("The field Server host or address must contain a valid IP address or domain name.") ; + } + + if (empty($pconfig['server_port']) || !is_numeric($pconfig['server_port']) || $pconfig['server_port'] < 0 || ($pconfig['server_port'] > 65535)) { + $input_errors[] = "The field Server port must contain a valid port, ranging from 0 to 65535."; + } + + if (!empty($pconfig['proxy_addr'])) { + if (empty($pconfig['proxy_addr']) || (!is_domain($pconfig['proxy_addr']) && !is_ipaddr($pconfig['proxy_addr']))) { + $input_errors[] = gettext("The field Proxy host or address must contain a valid IP address or domain name.") ; + } + if (empty($pconfig['proxy_port']) || !is_numeric($pconfig['proxy_port']) || $pconfig['proxy_port'] < 0 || ($pconfig['proxy_port'] > 65535)) { + $input_errors[] = "The field Proxy port must contain a valid port, ranging from 0 to 65535."; + } + if (isset($pconfig['proxy_authtype']) && $pconfig['proxy_authtype'] != "none") { + if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd'])) { + $input_errors[] = gettext("User name and password are required for proxy with authentication."); + } + } + } + if (!empty($pconfig['tunnel_network'])) { + if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) { + $input_errors[] = $result; + } + } + if (!empty($pconfig['tunnel_networkv6'])) { + if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) { + $input_errors[] = $result; + } + } + if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) { + $input_errors[] = $result; + } + if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) { + $input_errors[] = $result; + } + if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) || ($pconfig['use_shaper'] <= 0))) { + $input_errors[] = gettext("The bandwidth limit must be a positive numeric value."); + } + if (!$tls_mode && empty($pconfig['autokey_enable'])) { + if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") || + !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) { + $input_errors[] = gettext("The field 'Shared Key' does not appear to be valid"); + } + } + if ($tls_mode && !empty($pconfig['tlsauth_enable']) && empty($pconfig['autotls_enable'])) { + if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") || + !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) { + $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid"); + } + } + + /* If we are not in shared key mode, then we need the CA/Cert. */ + if (isset($pconfig['mode']) && $pconfig['mode'] != "p2p_shared_key") { + $reqdfields = explode(" ", "caref"); + $reqdfieldsn = array(gettext("Certificate Authority")); + } elseif (empty($pconfig['autokey_enable'])) { + /* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */ + $reqdfields = array('shared_key'); + $reqdfieldsn = array(gettext('Shared key')); + } + + do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); + + if (($pconfig['mode'] != "p2p_shared_key") && empty($pconfig['certref']) && empty($pconfig['auth_user']) && empty($pconfig['auth_pass'])) { + $input_errors[] = gettext("If no Client Certificate is selected, a username and password must be entered."); + } + + if (count($input_errors) == 0) { + // save data + $client = array(); + // 1 on 1 copy of config attributes + $copy_fields = "auth_user,auth_pass,protocol,dev_mode,local_port + ,server_addr,server_port,resolve_retry,proxy_addr,proxy_port + ,proxy_authtype,proxy_user,proxy_passwd,description,mode,crypto,digest + ,engine,tunnel_network,tunnel_networkv6,remote_network,remote_networkv6 + ,use_shaper,compression,passtos,no_tun_ipv6,route_no_pull,route_no_exec + ,verbosity_level,interface"; + + foreach (explode(",",$copy_fields) as $fieldname) { + $fieldname = trim($fieldname); + if(isset($pconfig[$fieldname])) { + $client[$fieldname] = $pconfig[$fieldname]; + } + } + + // attributes containing some kind of logic + if ($vpnid) { + $client['vpnid'] = $vpnid; + } else { + $client['vpnid'] = openvpn_vpnid_next(); + } + if ($_POST['disable'] == "yes") { + $client['disable'] = true; + } + + if (strpos($pconfig['interface'], "|") !== false) { + list($client['interface'], $client['ipaddr']) = explode("|", $pconfig['interface']); + } + $client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']); + + if ($tls_mode) { + $client['caref'] = $pconfig['caref']; + $client['certref'] = $pconfig['certref']; + if ($pconfig['tlsauth_enable']) { + if ($pconfig['autotls_enable']) { + $pconfig['tls'] = openvpn_create_key(); + } + $client['tls'] = base64_encode($pconfig['tls']); + } + } else { + $client['shared_key'] = base64_encode($pconfig['shared_key']); + } + + if (isset($id) && isset($a_client[$id])) { + $a_client[$id] = $client; + } else { + $a_client[] = $client; + } + + openvpn_resync('client', $client); + write_config(); + + header("Location: vpn_openvpn_client.php"); + exit; + } + } } -if ($_POST) { - $input_errors = array(); - $pconfig = $_POST; - - if (isset($id) && $a_client[$id]) { - $vpnid = $a_client[$id]['vpnid']; - } else { - $vpnid = 0; - } - - list($iv_iface, $iv_ip) = explode("|", $pconfig['interface']); - if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) { - $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address."); - } elseif (is_ipaddrv6($iv_ip) && (stristr($pconfig['protocol'], "6") === false)) { - $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address."); - } elseif ((stristr($pconfig['protocol'], "6") === false) && !get_interface_ip($iv_iface) && ($pconfig['interface'] != "any")) { - $input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address."); - } elseif ((stristr($pconfig['protocol'], "6") !== false) && !get_interface_ipv6($iv_iface) && ($pconfig['interface'] != "any")) { - $input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address."); - } - - if ($pconfig['mode'] != "p2p_shared_key") { - $tls_mode = true; - } else { - $tls_mode = false; - } - - /* input validation */ - if ($pconfig['local_port']) { - if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) { - $input_errors[] = $result; - } - - $portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid); - if (($portused != $vpnid) && ($portused != 0)) { - $input_errors[] = gettext("The specified 'Local port' is in use. Please select another value"); - } - } - - if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address')) { - $input_errors[] = $result; - } - - if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port')) { - $input_errors[] = $result; - } - - if ($pconfig['proxy_addr']) { - if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address')) { - $input_errors[] = $result; - } - - if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port')) { - $input_errors[] = $result; - } - - if ($pconfig['proxy_authtype'] != "none") { - if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd'])) { - $input_errors[] = gettext("User name and password are required for proxy with authentication."); - } - } - } - - if ($pconfig['tunnel_network']) { - if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) { - $input_errors[] = $result; - } - } - - if ($pconfig['tunnel_networkv6']) { - if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) { - $input_errors[] = $result; - } - } - - if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'IPv4 Remote Network', true, "ipv4")) { - $input_errors[] = $result; - } - - if ($result = openvpn_validate_cidr($pconfig['remote_networkv6'], 'IPv6 Remote Network', true, "ipv6")) { - $input_errors[] = $result; - } - - if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) || ($pconfig['use_shaper'] <= 0))) { - $input_errors[] = gettext("The bandwidth limit must be a positive numeric value."); - } - - if ($pconfig['autokey_enable']) { - $pconfig['shared_key'] = openvpn_create_key(); - } - - if (!$tls_mode && !$pconfig['autokey_enable']) { - if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") || - !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) { - $input_errors[] = gettext("The field 'Shared Key' does not appear to be valid"); - } - } - - if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) { - if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") || - !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) { - $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid"); - } - } - - /* If we are not in shared key mode, then we need the CA/Cert. */ - if ($pconfig['mode'] != "p2p_shared_key") { - $reqdfields = explode(" ", "caref"); - $reqdfieldsn = array(gettext("Certificate Authority")); - } elseif (!$pconfig['autokey_enable']) { - /* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */ - $reqdfields = array('shared_key'); - $reqdfieldsn = array(gettext('Shared key')); - } - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - if (($pconfig['mode'] != "p2p_shared_key") && empty($pconfig['certref']) && empty($pconfig['auth_user']) && empty($pconfig['auth_pass'])) { - $input_errors[] = gettext("If no Client Certificate is selected, a username and password must be entered."); - } - - if (!$input_errors) { - $client = array(); - - foreach ($simplefields as $stat) { - update_if_changed($stat, $client[$stat], $_POST[$stat]); - } - - if ($vpnid) { - $client['vpnid'] = $vpnid; - } else { - $client['vpnid'] = openvpn_vpnid_next(); - } - - if ($_POST['disable'] == "yes") { - $client['disable'] = true; - } - $client['protocol'] = $pconfig['protocol']; - $client['dev_mode'] = $pconfig['dev_mode']; - list($client['interface'], $client['ipaddr']) = explode("|", $pconfig['interface']); - $client['local_port'] = $pconfig['local_port']; - $client['server_addr'] = $pconfig['server_addr']; - $client['server_port'] = $pconfig['server_port']; - $client['resolve_retry'] = $pconfig['resolve_retry']; - $client['proxy_addr'] = $pconfig['proxy_addr']; - $client['proxy_port'] = $pconfig['proxy_port']; - $client['proxy_authtype'] = $pconfig['proxy_authtype']; - $client['proxy_user'] = $pconfig['proxy_user']; - $client['proxy_passwd'] = $pconfig['proxy_passwd']; - $client['description'] = $pconfig['description']; - $client['mode'] = $pconfig['mode']; - $client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']); - - if ($tls_mode) { - $client['caref'] = $pconfig['caref']; - $client['certref'] = $pconfig['certref']; - if ($pconfig['tlsauth_enable']) { - if ($pconfig['autotls_enable']) { - $pconfig['tls'] = openvpn_create_key(); - } - $client['tls'] = base64_encode($pconfig['tls']); - } - } else { - $client['shared_key'] = base64_encode($pconfig['shared_key']); - } - $client['crypto'] = $pconfig['crypto']; - $client['digest'] = $pconfig['digest']; - $client['engine'] = $pconfig['engine']; - - $client['tunnel_network'] = $pconfig['tunnel_network']; - $client['tunnel_networkv6'] = $pconfig['tunnel_networkv6']; - $client['remote_network'] = $pconfig['remote_network']; - $client['remote_networkv6'] = $pconfig['remote_networkv6']; - $client['use_shaper'] = $pconfig['use_shaper']; - $client['compression'] = $pconfig['compression']; - $client['passtos'] = $pconfig['passtos']; - - $client['no_tun_ipv6'] = $pconfig['no_tun_ipv6']; - $client['route_no_pull'] = $pconfig['route_no_pull']; - $client['route_no_exec'] = $pconfig['route_no_exec']; - $client['verbosity_level'] = $pconfig['verbosity_level']; - - if (isset($id) && $a_client[$id]) { - $a_client[$id] = $client; - } else { - $a_client[] = $client; - } - - openvpn_resync('client', $client); - write_config(); - - header("Location: vpn_openvpn_client.php"); - exit; - } -} +// escape form output before processing +legacy_html_escape_form_data($pconfig); include("head.inc"); $main_buttons = array( array('href'=>'vpn_openvpn_client.php?act=new', 'label'=>gettext("add client")), - ); ?> @@ -395,6 +352,38 @@ $main_buttons = array(