From 4ecb723ca408cacd947fe41eaa89a15e2cf75048 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Fri, 15 Dec 2017 07:21:07 +0000 Subject: [PATCH] openvpn: style fixes et al --- src/etc/inc/plugins.inc.d/openvpn.inc | 142 ++++++++++-------- .../inc/plugins.inc.d/openvpn/auth-user.php | 11 +- src/etc/inc/plugins.inc.d/openvpn/wizard.inc | 130 +++++++++------- 3 files changed, 160 insertions(+), 123 deletions(-) diff --git a/src/etc/inc/plugins.inc.d/openvpn.inc b/src/etc/inc/plugins.inc.d/openvpn.inc index 2d383ffcc..5de535b4a 100644 --- a/src/etc/inc/plugins.inc.d/openvpn.inc +++ b/src/etc/inc/plugins.inc.d/openvpn.inc @@ -191,13 +191,14 @@ function openvpn_vpnid_used($vpnid) function openvpn_vpnid_next() { $vpnid = 1; - while(openvpn_vpnid_used($vpnid)) { + while (openvpn_vpnid_used($vpnid)) { $vpnid++; } return $vpnid; } -function openvpn_port_used($prot, $interface, $port, $curvpnid = 0) { +function openvpn_port_used($prot, $interface, $port, $curvpnid = 0) +{ global $config; if (isset($config['openvpn']['openvpn-server'])) { @@ -239,10 +240,10 @@ function openvpn_port_used($prot, $interface, $port, $curvpnid = 0) { function openvpn_port_next($prot, $interface = "wan") { $port = 1194; - while(openvpn_port_used($prot, $interface, $port)) { + while (openvpn_port_used($prot, $interface, $port)) { $port++; } - while(openvpn_port_used($prot, "any", $port)) { + while (openvpn_port_used($prot, "any", $port)) { $port++; } @@ -364,7 +365,8 @@ function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = 'ipv } if ($error) { - return sprintf(gettext("The field '%s' must contain only valid %s CIDR range(s) separated by commas."), $name, $ipproto); + return sprintf(gettext("The field '%s' must contain only valid %s CIDR range(s) " . + "separated by commas."), $name, $ipproto); } else { return false; } @@ -557,7 +559,7 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) } $conf .= "dev-type {$settings['dev_mode']}\n"; - switch($settings['dev_mode']) { + switch ($settings['dev_mode']) { case "tun": if (!$settings['no_tun_ipv6']) { $conf .= "tun-ipv6\n"; @@ -581,7 +583,7 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) $conf .= "up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup\n"; $conf .= "down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown\n"; - switch($settings['mode']) { + switch ($settings['mode']) { case 'server_user': case 'server_tls_user': $conf .= "client-connect /usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh\n"; @@ -606,7 +608,7 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) $mask = gen_subnet_mask($cidr); // configure tls modes - switch($settings['mode']) { + switch ($settings['mode']) { case 'p2p_tls': case 'server_tls': case 'server_user': @@ -616,7 +618,7 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) } // configure p2p/server modes - switch($settings['mode']) { + switch ($settings['mode']) { case 'p2p_tls': // If the CIDR is less than a /30, OpenVPN will complain if you try to // use the server directive. It works for a single client without it. @@ -624,44 +626,47 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) if (!empty($ip) && !empty($mask) && ($cidr < 30)) { $conf .= "server {$ip} {$mask}\n"; $conf .= "client-config-dir /var/etc/openvpn-csc/".$vpnid."\n"; - if(is_ipaddr($ipv6)) { + if (is_ipaddr($ipv6)) { $conf .= "server-ipv6 {$ipv6}/{$prefix}\n"; } } - case 'p2p_shared_key': - if (!empty($ip) && !empty($mask)) { - list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask); - if ($settings['dev_mode'] == 'tun') { - $conf .= "ifconfig {$ip1} {$ip2}\n"; - } else { - $conf .= "ifconfig {$ip1} {$mask}\n"; - } - } - if (!empty($ipv6) && !empty($prefix)) { - list($ipv6_1, $ipv6_2) = openvpn_get_interface_ipv6($ipv6, $prefix); - if ($settings['dev_mode'] == 'tun') { - $conf .= "ifconfig-ipv6 {$ipv6_1} {$ipv6_2}\n"; - } else { - $conf .= "ifconfig-ipv6 {$ipv6_1} {$prefix}\n"; - } - } - break; + case 'p2p_shared_key': + if (!empty($ip) && !empty($mask)) { + list($ip1, $ip2) = openvpn_get_interface_ip($ip, $mask); + if ($settings['dev_mode'] == 'tun') { + $conf .= "ifconfig {$ip1} {$ip2}\n"; + } else { + $conf .= "ifconfig {$ip1} {$mask}\n"; + } + } + if (!empty($ipv6) && !empty($prefix)) { + list($ipv6_1, $ipv6_2) = openvpn_get_interface_ipv6($ipv6, $prefix); + if ($settings['dev_mode'] == 'tun') { + $conf .= "ifconfig-ipv6 {$ipv6_1} {$ipv6_2}\n"; + } else { + $conf .= "ifconfig-ipv6 {$ipv6_1} {$prefix}\n"; + } + } + break; case 'server_tls': case 'server_user': case 'server_tls_user': if (!empty($ip) && !empty($mask)) { $conf .= "server {$ip} {$mask}\n"; - if(is_ipaddr($ipv6)) { + if (is_ipaddr($ipv6)) { $conf .= "server-ipv6 {$ipv6}/{$prefix}\n"; } $conf .= "client-config-dir /var/etc/openvpn-csc/".$vpnid."\n"; } else { if ($settings['serverbridge_dhcp']) { - if ((!empty($settings['serverbridge_interface'])) && (strcmp($settings['serverbridge_interface'], "none"))) { + if (!empty($settings['serverbridge_interface']) && + strcmp($settings['serverbridge_interface'], "none")) { $biface_ip=get_interface_ip($settings['serverbridge_interface']); $biface_sm=gen_subnet_mask(get_interface_subnet($settings['serverbridge_interface'])); - if (is_ipaddrv4($biface_ip) && is_ipaddrv4($settings['serverbridge_dhcp_start']) && is_ipaddrv4($settings['serverbridge_dhcp_end'])) { - $conf .= "server-bridge {$biface_ip} {$biface_sm} {$settings['serverbridge_dhcp_start']} {$settings['serverbridge_dhcp_end']}\n"; + if (is_ipaddrv4($biface_ip) && is_ipaddrv4($settings['serverbridge_dhcp_start']) && + is_ipaddrv4($settings['serverbridge_dhcp_end'])) { + $conf .= "server-bridge {$biface_ip} {$biface_sm} " . + "{$settings['serverbridge_dhcp_start']} {$settings['serverbridge_dhcp_end']}\n"; $conf .= "client-config-dir /var/etc/openvpn-csc/".$vpnid."\n"; } else { $conf .= "mode server\n"; @@ -675,7 +680,7 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) } // configure user auth modes - switch($settings['mode']) { + switch ($settings['mode']) { case 'server_user': $conf .= "client-cert-not-required\n"; case 'server_tls_user': @@ -688,7 +693,8 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) if ($settings['strictusercn']) { $strictusercn = "true"; } - $conf .= "auth-user-pass-verify \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify user '{$settings['authmode']}' '{$strictusercn}' '{$mode_id}'\" via-env\n"; + $conf .= "auth-user-pass-verify \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify " . + "user '{$settings['authmode']}' '{$strictusercn}' '{$mode_id}'\" via-env\n"; } break; } @@ -702,7 +708,8 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) $cert = lookup_cert($settings['certref']); /* XXX: Seems not used at all! */ $servercn = urlencode(cert_get_cn($cert['crt'])); - $conf .= "tls-verify \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls '{$servercn}' {$settings['cert_depth']}\"\n"; + $conf .= "tls-verify \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify " . + "tls '{$servercn}' {$settings['cert_depth']}\"\n"; } } @@ -710,9 +717,7 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) $conf .= "lport {$settings['local_port']}\n"; // The management port to listen on - // Use unix socket to overcome the problem on any type of server $conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n"; - //$conf .= "management 127.0.0.1 {$settings['local_port']}\n"; if ($settings['maxclients']) { $conf .= "max-clients {$settings['maxclients']}\n"; @@ -726,7 +731,7 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) $conf .= openvpn_gen_routes($settings['local_networkv6'], "ipv6", true); } - switch($settings['mode']) { + switch ($settings['mode']) { case 'server_tls': case 'server_user': case 'server_tls_user': @@ -745,7 +750,7 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) // client specific settings if ($mode == 'client') { // configure p2p mode - switch($settings['mode']) { + switch ($settings['mode']) { case 'p2p_tls': $conf .= "tls-client\n"; case 'shared_key': @@ -828,7 +833,7 @@ function openvpn_reconfigure($mode, $settings, $device_only = false) } // Write the settings for the keys - switch($settings['mode']) { + switch ($settings['mode']) { case 'p2p_shared_key': openvpn_add_keyfile($settings['shared_key'], $conf, $mode_id, "secret"); break; @@ -933,7 +938,8 @@ function openvpn_restart($mode, $settings) } /* Do not start a client if we are a CARP backup on this vip! */ - if (($mode == "client") && (strstr($settings['interface'], "_vip") && get_carp_interface_status($settings['interface']) == "BACKUP")) { + if (($mode == "client") && (strstr($settings['interface'], "_vip") && + get_carp_interface_status($settings['interface']) == "BACKUP")) { return; } @@ -941,7 +947,8 @@ function openvpn_restart($mode, $settings) $a_groups = return_gateway_groups_array(); if (is_array($a_groups[$settings['interface']])) { /* the interface is a gateway group. If a vip is defined and its a CARP backup then do not start */ - if (($a_groups[$settings['interface']][0]['vip'] <> "") && (get_carp_interface_status($a_groups[$settings['interface']][0]['vip']) == "BACKUP")) { + if (($a_groups[$settings['interface']][0]['vip'] <> "") && + get_carp_interface_status($a_groups[$settings['interface']][0]['vip']) == "BACKUP") { return; } } @@ -1075,7 +1082,7 @@ function openvpn_configure_csc() } foreach (openvpn_get_remote_access_servers() as $server) { if (count($ovpn_servers) == 0|| in_array($server['vpnid'], $ovpn_servers)) { - $vpnid = filter_var ($server['vpnid'], FILTER_SANITIZE_NUMBER_INT); + $vpnid = filter_var($server['vpnid'], FILTER_SANITIZE_NUMBER_INT); if (!isset($generated_cscs[$server['vpnid']])) { $generated_cscs[$vpnid] = array(); } @@ -1093,7 +1100,7 @@ function openvpn_configure_csc() // cleanup old / unassigned configs foreach (openvpn_get_remote_access_servers() as $server) { - $vpnid = filter_var ($server['vpnid'], FILTER_SANITIZE_NUMBER_INT); + $vpnid = filter_var($server['vpnid'], FILTER_SANITIZE_NUMBER_INT); foreach (glob("/var/etc/openvpn-csc/".$vpnid."/*") as $filename) { if (empty($generated_cscs[$vpnid]) || !in_array($filename, $generated_cscs[$vpnid])) { @unlink($filename); @@ -1133,7 +1140,7 @@ function openvpn_configure_interface($interface) global $config; if (substr($interface, 0, 5) == 'ovpns') { - if (isset($config['openvpn']['openvpn-server'])) { + if (isset($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as $server) { if ($interface == "ovpns{$server['vpnid']}") { log_error("OpenVPN: Resync server {$server['description']}"); @@ -1377,7 +1384,7 @@ function openvpn_get_client_status($client, $socket) } /* Get the client state */ - if (strstr($line,"CONNECTED")) { + if (strstr($line, "CONNECTED")) { $client['status']="up"; $list = explode(",", $line); @@ -1385,16 +1392,16 @@ function openvpn_get_client_status($client, $socket) $client['virtual_addr'] = $list[3]; $client['remote_host'] = $list[4]; } - if (strstr($line,"CONNECTING")) { + if (strstr($line, "CONNECTING")) { $client['status']="connecting"; } - if (strstr($line,"ASSIGN_IP")) { + if (strstr($line, "ASSIGN_IP")) { $client['status']="waiting"; $list = explode(",", $line); $client['connect_time'] = date('Y-m-d H:i:s', $list[0]); $client['virtual_addr'] = $list[3]; } - if (strstr($line,"RECONNECTING")) { + if (strstr($line, "RECONNECTING")) { $client['status']="reconnecting"; $list = explode(",", $line); $client['connect_time'] = date('Y-m-d H:i:s', $list[0]); @@ -1419,12 +1426,12 @@ function openvpn_get_client_status($client, $socket) break; } - if (strstr($line,"TCP/UDP read bytes")) { + if (strstr($line, "TCP/UDP read bytes")) { $list = explode(",", $line); $client['bytes_recv'] = $list[1]; } - if (strstr($line,"TCP/UDP write bytes")) { + if (strstr($line, "TCP/UDP write bytes")) { $list = explode(",", $line); $client['bytes_sent'] = $list[1]; } @@ -1452,7 +1459,7 @@ function openvpn_create_dirs() @mkdir('/var/etc/openvpn-csc', 0750); @mkdir('/var/etc/openvpn', 0750); foreach (openvpn_get_remote_access_servers() as $server) { - $vpnid = filter_var ($server['vpnid'], FILTER_SANITIZE_NUMBER_INT); + $vpnid = filter_var($server['vpnid'], FILTER_SANITIZE_NUMBER_INT); $csc_path = '/var/etc/openvpn-csc/'.$vpnid; if (is_file($csc_path)) { // if the vpnid exists as file, remove it first @@ -1490,7 +1497,7 @@ function openvpn_clear_route($mode, $settings) $mask = gen_subnet_mask($cidr); $clear_route = false; - switch($settings['mode']) { + switch ($settings['mode']) { case 'shared_key': $clear_route = true; break; @@ -1580,9 +1587,10 @@ function openvpn_configure_gwgroup($gwgroupname = '') } if (isset($config['openvpn']['openvpn-server'])) { - foreach ($config['openvpn']['openvpn-server'] as & $settings) { + foreach ($config['openvpn']['openvpn-server'] as &$settings) { if ($gwgroupname == $settings['interface']) { - log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . "."); + log_error("Resyncing OpenVPN server for gateway group " . + $gwgroupname . " server " . $settings["description"] . "."); openvpn_reconfigure('server', $settings); openvpn_restart('server', $settings); } @@ -1590,16 +1598,20 @@ function openvpn_configure_gwgroup($gwgroupname = '') } if (isset($config['openvpn']['openvpn-client'])) { - foreach ($config['openvpn']['openvpn-client'] as & $settings) { + foreach ($config['openvpn']['openvpn-client'] as &$settings) { if ($gwgroupname == $settings['interface']) { - log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . "."); + log_error("Resyncing OpenVPN client for gateway group " . + $gwgroupname . " client " . $settings["description"] . "."); openvpn_reconfigure('client', $settings); openvpn_restart('client', $settings); } } } - // Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these. + /* + * Note: no need to resysnc Client Specific (csc) here as + * changes to the OpenVPN real interface do not effect these. + */ } function openvpn_refresh_crls() @@ -1614,7 +1626,7 @@ function openvpn_refresh_crls() continue; } // Write the settings for the keys - switch($settings['mode']) { + switch ($settings['mode']) { case 'p2p_tls': case 'server_tls': case 'server_tls_user': @@ -1649,8 +1661,9 @@ function openvpn_resync_if_needed($mode, $ovpn_settings, $interface) $new_device = get_failover_interface($ovpn_settings['interface']); if (isset($config['interfaces'][$interface])) { $this_device = $config['interfaces'][$interface]['if']; - if (($current_device == $new_device) && ($current_device != $this_device)) + if (($current_device == $new_device) && ($current_device != $this_device)) { $resync_needed = false; + } } } } @@ -1671,7 +1684,8 @@ function openvpn_carp_stop($carp_iface) if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) { foreach ($config['openvpn']['openvpn-client'] as $settings) { if ($settings['interface'] == $carp_iface) { - log_error("Stopping OpenVPN client instance on {$friendly_descr} because of transition to CARP backup."); + log_error("Stopping OpenVPN client instance on {$friendly_descr} " . + 'because of transition to CARP backup.'); openvpn_restart('client', $settings); } } @@ -1687,7 +1701,8 @@ function openvpn_carp_start($carp_iface) if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) { foreach ($config['openvpn']['openvpn-client'] as $settings) { if ($settings['interface'] == $carp_iface) { - log_error("Starting OpenVPN client instance on {$friendly_descr} because of transition to CARP master."); + log_error("Starting OpenVPN client instance on {$friendly_descr} " . + 'because of transition to CARP master.'); openvpn_restart('client', $settings); } } @@ -1695,7 +1710,8 @@ function openvpn_carp_start($carp_iface) if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as $settings) { if ($settings['interface'] == $carp_iface) { - log_error("Starting OpenVPN instance on {$friendly_descr} because of transition to CARP master."); + log_error("Starting OpenVPN server instance on {$friendly_descr} " . + 'because of transition to CARP master.'); openvpn_restart('server', $settings); } } diff --git a/src/etc/inc/plugins.inc.d/openvpn/auth-user.php b/src/etc/inc/plugins.inc.d/openvpn/auth-user.php index 90d803e35..d8af079af 100644 --- a/src/etc/inc/plugins.inc.d/openvpn/auth-user.php +++ b/src/etc/inc/plugins.inc.d/openvpn/auth-user.php @@ -67,13 +67,15 @@ if (file_exists("/var/etc/openvpn/{$modeid}.ca")) { $authenticated = false; if (($strictusercn === true) && ($common_name != $username)) { - syslog(LOG_WARNING, "Username does not match certificate common name ({$username} != {$common_name}), access denied.\n"); + syslog(LOG_WARNING, 'Username does not match certificate common name ' . + "({$username} != {$common_name}), access denied.\n"); closelog(); exit(1); } if (!is_array($authmodes)) { - syslog(LOG_WARNING, "No authentication server has been selected to authenticate against. Denying authentication for user {$username}"); + syslog(LOG_WARNING, 'No authentication server has been selected to authenticate against. ' . + "Denying authentication for user {$username}"); closelog(); exit(1); } @@ -86,7 +88,7 @@ if (isset($config['openvpn']['openvpn-server'])) { $a_server = $server; break; } - } + } } if ($a_server == null) { @@ -96,7 +98,8 @@ if ($a_server == null) { } if (!empty($a_server['local_group']) && !in_array($a_server['local_group'], getUserGroups($username))) { - syslog(LOG_WARNING, "OpenVPN '$modeid' requires the local group {$a_server['local_group']}. Denying authentication for user {$username}"); + syslog(LOG_WARNING, "OpenVPN '$modeid' requires the local group {$a_server['local_group']}. " . + "Denying authentication for user {$username}"); closelog(); exit(1); } diff --git a/src/etc/inc/plugins.inc.d/openvpn/wizard.inc b/src/etc/inc/plugins.inc.d/openvpn/wizard.inc index 485fcb7fc..2293645e0 100644 --- a/src/etc/inc/plugins.inc.d/openvpn/wizard.inc +++ b/src/etc/inc/plugins.inc.d/openvpn/wizard.inc @@ -90,8 +90,9 @@ function step2_submitphpaction() } } -function step3_submitphpaction() { - global $stepid, $savemsg, $config; +function step3_submitphpaction() +{ + global $stepid, $input_errors, $config; /* Default LDAP port is 389 for TCP and 636 for SSL */ if (empty($_POST['port'])) { @@ -101,20 +102,22 @@ function step3_submitphpaction() { $config['ovpnserver']['step2']['port'] = 636; } } elseif (!is_port($_POST['port'])) { + $input_errors[] = gettext('Please enter a valid port number.'); $stepid--; - $savemsg = "Please enter a valid port number."; + return; } if (empty($_POST['name']) || empty($_POST['ip']) ||empty($_POST['transport']) || empty($_POST['scope']) || empty($_POST['basedn']) || empty($_POST['authscope']) || empty($_POST['nameattr'])) { + $input_errors[] = gettext('Please enter all information for authentication server.'); $stepid--; - $savemsg = "Please enter all information for authentication server."; } elseif (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) { + $input_errors[] = gettext('Please choose a different name because an authentication ' . + 'server with this name already exists.'); $stepid--; - $savemsg = "Please choose a different name because an authentication server with this name already exists."; } elseif (!is_fqdn($_POST['ip']) && !is_ipaddr($_POST['ip'])) { + $input_errors[] = gettext('Please enter a valid IP address or hostname for the authentication server.'); $stepid--; - $savemsg = "Please enter a valid IP address or hostname for the authentication server."; } else { $config['ovpnserver']['step2']['uselist'] = "on"; $_POST['uselist'] = "on"; @@ -122,7 +125,8 @@ function step3_submitphpaction() { } } -function step4_stepbeforeformdisplay() { +function step4_stepbeforeformdisplay() +{ global $pkg, $stepid; $fields =& $pkg['step'][3]['fields']['field']; @@ -157,25 +161,27 @@ function step4_submitphpaction() function step5_submitphpaction() { - global $stepid, $savemsg, $config; + global $stepid, $input_errors, $config; /* Default RADIUS Auth port = 1812 */ if (empty($_POST['port'])) { $config['ovpnserver']['step2']['port'] = 1812; } elseif (!is_port($_POST['port'])) { + $input_errors[] = gettext('Please enter a valid port number.'); $stepid--; - $savemsg = "Please enter a valid port number."; + return; } if (empty($_POST['name']) || empty($_POST['ip']) || empty($_POST['secret'])) { + $input_errors[] = gettext('Please enter all information for authentication server.'); $stepid--; - $savemsg = "Please enter all information for authentication server."; } elseif (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) { + $input_errors[] = gettext('Please choose a different name because an authentication ' . + 'server with this name already exists.'); $stepid--; - $savemsg = "Please choose a different name because an authentication server with this name already exists."; } elseif (!is_fqdn($_POST['ip']) && !is_ipaddr($_POST['ip'])) { + $input_errors[] = gettext('Please enter a valid IP address or hostname for the authentication server.'); $stepid--; - $savemsg = "Please enter a valid IP address or hostname for the authentication server."; } else { $config['ovpnserver']['step2']['uselist'] = "on"; $_POST['uselist'] = "on"; @@ -205,13 +211,14 @@ function step6_submitphpaction() } } -function step7_submitphpaction() { - global $input_errors, $stepid, $savemsg, $_POST, $config; +function step7_submitphpaction() +{ + global $input_errors, $stepid, $_POST, $config; $canames = array(); $cacns = array(); if (is_array($config['ca'])) { - foreach($config['ca'] as $ca) { + foreach ($config['ca'] as $ca) { $canames[] = $ca['descr']; $cainfo = cert_get_subject_hash($ca['crt']); $cacns[] = $cainfo["CN"]; @@ -221,18 +228,19 @@ function step7_submitphpaction() { if (empty($_POST['descr']) || empty($_POST['keylength']) || empty($_POST['lifetime']) || empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) || empty($_POST['organization']) || empty($_POST['email'])) { + $input_errors[] = gettext('Please enter all information for the new Certificate Authority.'); $stepid--; - $savemsg = "Please enter all information for the new Certificate Authority."; } elseif (has_special_chars($_POST['country']) || has_special_chars($_POST['state']) || has_special_chars($_POST['city']) || has_special_chars($_POST['organization'])) { + $input_errors[] = gettext('Please do not use special characters in Certificate field names.'); $stepid--; - $input_errors[] = gettext("Please do not use special characters in Certificate field names."); } elseif (in_array($_POST['descr'], $canames) || in_array($_POST['descr'], $cacns)) { + $input_errors[] = gettext('Please enter a different name for the Certicicate Authority. ' . + 'A Certificate Authority with that name already exists.'); $stepid--; - $savemsg = "Please enter a different name for the Certicicate Authority. A Certificate Authority with that name already exists."; } elseif (strlen($_POST['country']) != 2) { + $input_errors[] = gettext('Please enter only a two-letter ISO country code'); $stepid--; - $savemsg = "Please enter only a two-letter ISO country code"; } else { $config['ovpnserver']['step6']['uselist'] = "on"; $_POST['uselist'] = "on"; @@ -243,25 +251,28 @@ function step8_stepbeforeformdisplay() { global $stepid, $config; - if (count($config['cert']) < 1 || (count($config['cert']) == 1 && stristr($config['cert'][0]['descr'], "webconf"))) { + if (count($config['cert']) < 1 || (count($config['cert']) == 1 && + stristr($config['cert'][0]['descr'], "webconf"))) { $stepid++; } } -function step8_submitphpaction() { - global $stepid, $config, $_POST; +function step8_submitphpaction() +{ + global $stepid, $config, $_POST; - if (isset($_POST['next'])) { - $_POST['uselist'] = ""; - unset($config['ovpnserver']['step9']['uselist']); - $stepid++; - } else { - $config['ovpnserver']['step6']['uselist'] = "on"; - $_POST['uselist'] = "on"; - } + if (isset($_POST['next'])) { + $_POST['uselist'] = ""; + unset($config['ovpnserver']['step9']['uselist']); + $stepid++; + } else { + $config['ovpnserver']['step6']['uselist'] = "on"; + $_POST['uselist'] = "on"; + } } -function step9_stepbeforeformdisplay() { +function step9_stepbeforeformdisplay() +{ global $config, $pkg, $stepid; $pconfig = $config['ovpnserver']; @@ -306,12 +317,12 @@ function step9_stepbeforeformdisplay() { function step9_submitphpaction() { - global $input_errors, $stepid, $savemsg, $_POST, $config; + global $input_errors, $stepid, $_POST, $config; $certnames = array(); $certcns = array(); if (is_array($config['cert'])) { - foreach($config['cert'] as $cert) { + foreach ($config['cert'] as $cert) { $certnames[] = $cert['descr']; $certinfo = cert_get_subject_hash($cert['crt']); $certcns[] = $certinfo["CN"]; @@ -321,18 +332,18 @@ function step9_submitphpaction() if (empty($_POST['descr']) || empty($_POST['keylength']) || empty($_POST['lifetime']) || empty($_POST['country']) || empty($_POST['state']) || empty($_POST['city']) || empty($_POST['organization']) || empty($_POST['email'])) { + $input_errors[] = gettext('Please enter all information for the new certificate.'); $stepid--; - $savemsg = "Please enter all information for the new certificate."; } elseif (has_special_chars($_POST['country']) || has_special_chars($_POST['state']) || has_special_chars($_POST['city']) || has_special_chars($_POST['organization'])) { + $input_errors[] = gettext('Please do not use special characters in Certificate field names.'); $stepid--; - $input_errors[] = gettext("Please do not use special characters in Certificate field names."); } elseif (in_array($_POST['descr'], $certnames) || in_array($_POST['descr'], $certcns)) { + $input_errors[] = gettext('Please enter a different name for the Certicicate. ' . + 'A Certificate with that name/common name already exists.'); $stepid--; - $savemsg = "Please enter a different name for the Certicicate. A Certificate with that name/common name already exists."; } elseif (strlen($_POST['country']) != 2) { - $stepid--; - $savemsg = "Please enter only a two-letter ISO country code"; + $input_errors[] = gettext('Please enter only a two-letter ISO country code'); } else { $config['ovpnserver']['step9']['uselist'] = "on"; $_POST['uselist'] = "on"; @@ -382,21 +393,21 @@ function step10_stepbeforeformdisplay() } } elseif ($field['name'] == "nbttype") { $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array(); - foreach ($netbios_nodetypes as $type => $name) { - $opt = array(); - $opt['name'] = $name; - $opt['value'] = $type; - $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt; - } - } elseif ($field['name'] == "localport") { - $pkg['step'][$stepid]['fields']['field'][$idx]['value'] = openvpn_port_next('UDP'); - } + foreach ($netbios_nodetypes as $type => $name) { + $opt = array(); + $opt['name'] = $name; + $opt['value'] = $type; + $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt; + } + } elseif ($field['name'] == "localport") { + $pkg['step'][$stepid]['fields']['field'][$idx]['value'] = openvpn_port_next('UDP'); + } } } function step10_submitphpaction() { - global $savemsg, $stepid; + global $input_errors, $stepid; /* Default OpenVPN port to next available port if left empty. */ if (empty($_POST['localport'])) { @@ -425,7 +436,7 @@ function step10_submitphpaction() if (!strstr($_POST['tlssharedkey'], "-----BEGIN OpenVPN Static key V1-----") || !strstr($_POST['tlssharedkey'], "-----END OpenVPN Static key V1-----")) { $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid."); - } + } } if (!empty($_POST['dnsserver1']) && !is_ipaddr(trim($_POST['dnsserver1']))) { @@ -464,7 +475,6 @@ function step10_submitphpaction() } if (count($input_errors) > 0) { - $savemsg = $input_errors[0]; $stepid = $stepid - 1; } } @@ -566,7 +576,15 @@ function step12_submitphpaction() 'commonName' => $pconfig['step9']['certname'] ); - cert_create($cert, $ca['refid'], $pconfig['step9']['keylength'], $pconfig['step9']['lifetime'], $dn, 'sha256', 'server_cert'); + cert_create( + $cert, + $ca['refid'], + $pconfig['step9']['keylength'], + $pconfig['step9']['lifetime'], + $dn, + 'sha256', + 'server_cert' + ); $a_cert = &config_read_array('cert'); $a_cert[] = $cert; @@ -685,13 +703,13 @@ function step12_submitphpaction() if (isset($pconfig['step11']['ovpnrule'])) { $rule = array(); - $rule['descr'] = sprintf(gettext("OpenVPN %s wizard"),$server['description']); + $rule['descr'] = sprintf(gettext("OpenVPN %s wizard"), $server['description']); /* Ensure the rule descr is not too long for pf to handle */ if (strlen($rule['descr']) > 52) { $rule['descr'] = substr($rule['descr'], 0, 52); } $rule['direction'] = "in"; - $rule['source']['any'] = TRUE; + $rule['source']['any'] = true; $rule['destination']['network'] = $server['interface'] . "ip"; $rule['destination']['port'] = $server['local_port']; $rule['interface'] = $server['interface']; @@ -703,13 +721,13 @@ function step12_submitphpaction() } if (isset($pconfig['step11']['ovpnallow'])) { $rule = array(); - $rule['descr'] = sprintf(gettext("OpenVPN %s wizard"),$server['description']); + $rule['descr'] = sprintf(gettext("OpenVPN %s wizard"), $server['description']); /* Ensure the rule descr is not too long for pf to handle */ if (strlen($rule['descr']) > 52) { $rule['descr'] = substr($rule['descr'], 0, 52); } - $rule['source']['any'] = TRUE; - $rule['destination']['any'] = TRUE; + $rule['source']['any'] = true; + $rule['destination']['any'] = true; $rule['interface'] = "openvpn"; //$rule['protocol'] = $server['protocol']; $rule['type'] = "pass";