|
@@ -1,15 +1,15 @@
|
|
|
<?php
|
|
|
|
|
|
function moulinette_get($var) {
|
|
|
- return htmlspecialchars(exec("sudo yunohost app setting vpnclient ".escapeshellarg($var)));
|
|
|
+ return htmlspecialchars(exec('sudo yunohost app setting vpnclient '.escapeshellarg($var)));
|
|
|
}
|
|
|
|
|
|
function moulinette_set($var, $value) {
|
|
|
- return exec("sudo yunohost app setting vpnclient ".escapeshellarg($var)." -v ".escapeshellarg($value));
|
|
|
+ return exec('sudo yunohost app setting vpnclient '.escapeshellarg($var).' -v '.escapeshellarg($value));
|
|
|
}
|
|
|
|
|
|
function stop_service() {
|
|
|
- exec('sudo service ynh-vpnclient stop');
|
|
|
+ exec('sudo service ynh-vpnclient litestop');
|
|
|
}
|
|
|
|
|
|
function start_service() {
|
|
@@ -18,6 +18,18 @@ function start_service() {
|
|
|
return $retcode;
|
|
|
}
|
|
|
|
|
|
+function ipv6_expanded($ip) {
|
|
|
+ exec('ipv6_expanded '.escapeshellarg($ip), $output);
|
|
|
+
|
|
|
+ return $output[0];
|
|
|
+}
|
|
|
+
|
|
|
+function ipv6_compressed($ip) {
|
|
|
+ exec('ipv6_compressed '.escapeshellarg($ip), $output);
|
|
|
+
|
|
|
+ return $output[0];
|
|
|
+}
|
|
|
+
|
|
|
dispatch('/', function() {
|
|
|
$ip6_net = moulinette_get('ip6_net');
|
|
|
$ip6_net = ($ip6_net == 'none') ? '' : $ip6_net;
|
|
@@ -28,12 +40,72 @@ dispatch('/', function() {
|
|
|
set('login_user', moulinette_get('login_user'));
|
|
|
set('login_passphrase', moulinette_get('login_passphrase'));
|
|
|
set('ip6_net', $ip6_net);
|
|
|
+ set('crt_client_exists', file_exists('/etc/openvpn/keys/user.crt'));
|
|
|
+ set('crt_client_key_exists', file_exists('/etc/openvpn/keys/user.key'));
|
|
|
+ set('crt_server_ca_exists', file_exists('/etc/openvpn/keys/ca-server.crt'));
|
|
|
|
|
|
return render('settings.html.php');
|
|
|
});
|
|
|
|
|
|
dispatch_put('/settings', function() {
|
|
|
+ $crt_client_exists = file_exists('/etc/openvpn/keys/user.crt');
|
|
|
+ $crt_client_key_exists = file_exists('/etc/openvpn/keys/user.key');
|
|
|
+ $crt_server_ca_exists = file_exists('/etc/openvpn/keys/ca-server.crt');
|
|
|
+
|
|
|
$ip6_net = empty($_POST['ip6_net']) ? 'none' : $_POST['ip6_net'];
|
|
|
+ $ip6_addr = 'none';
|
|
|
+
|
|
|
+ if(empty($_POST['server_name']) || empty($_POST['server_port']) || empty($_POST['server_proto'])) {
|
|
|
+ flash('error', T_('The Server Address, the Server Port and the Protocol cannot be empty.'));
|
|
|
+ goto redirect;
|
|
|
+ }
|
|
|
+
|
|
|
+ if(!preg_match('/^\d+$/', $_POST['server_port'])) {
|
|
|
+ flash('error', T_('The Server Port must be only composed of digits.'));
|
|
|
+ goto redirect;
|
|
|
+ }
|
|
|
+
|
|
|
+ if($_POST['server_proto'] != 'udp' && $_POST['server_proto'] != 'tcp') {
|
|
|
+ flash('error', T_('The Protocol must be "udp" or "tcp".'));
|
|
|
+ goto redirect;
|
|
|
+ }
|
|
|
+
|
|
|
+ if(($_FILES['crt_client']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1))
|
|
|
+ || ($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK && $_FILES['crt_client']['error'] != UPLOAD_ERR_OK && (!$crt_client_exists || $_POST['crt_client_delete'] == 1))) {
|
|
|
+
|
|
|
+ flash('error', T_('A Client Certificate is needed when you suggest a Key (or vice versa).'));
|
|
|
+ goto redirect;
|
|
|
+ }
|
|
|
+
|
|
|
+ if(empty($_POST['login_user']) xor empty($_POST['login_passphrase'])) {
|
|
|
+ flash('error', T_('A Password is needed when you suggest a Username (or vice versa).'));
|
|
|
+ goto redirect;
|
|
|
+ }
|
|
|
+
|
|
|
+ if($_FILES['crt_server_ca']['error'] != UPLOAD_ERR_OK && !$crt_server_ca_exists) {
|
|
|
+ flash('error', T_('You need a Server CA.'));
|
|
|
+ goto redirect;
|
|
|
+ }
|
|
|
+
|
|
|
+ if(($_FILES['crt_client_key']['error'] != UPLOAD_ERR_OK && (!$crt_client_key_exists || $_POST['crt_client_key_delete'] == 1)) && empty($_POST['login_user'])) {
|
|
|
+ flash('error', T_('You need either a Client Certificate, either a Username (or both).'));
|
|
|
+ goto redirect;
|
|
|
+ }
|
|
|
+
|
|
|
+ if($ip6_net != 'none') {
|
|
|
+ $ip6_net = ipv6_expanded($ip6_net);
|
|
|
+
|
|
|
+ if(empty($ip6_net)) {
|
|
|
+ flash('error', T_('The IPv6 Delegated Prefix format looks bad.'));
|
|
|
+ goto redirect;
|
|
|
+ }
|
|
|
+
|
|
|
+ $ip6_blocs = explode(':', $ip6_net);
|
|
|
+ $ip6_addr = "${ip6_blocs[0]}:${ip6_blocs[1]}:${ip6_blocs[2]}:${ip6_blocs[3]}:${ip6_blocs[4]}:${ip6_blocs[5]}:${ip6_blocs[6]}:1";
|
|
|
+
|
|
|
+ $ip6_net = ipv6_compressed($ip6_net);
|
|
|
+ $ip6_addr = ipv6_compressed($ip6_addr);
|
|
|
+ }
|
|
|
|
|
|
stop_service();
|
|
|
|
|
@@ -43,27 +115,30 @@ dispatch_put('/settings', function() {
|
|
|
moulinette_set('login_user', $_POST['login_user']);
|
|
|
moulinette_set('login_passphrase', $_POST['login_passphrase']);
|
|
|
moulinette_set('ip6_net', $ip6_net);
|
|
|
-
|
|
|
- # TODO: format ip6_net
|
|
|
- if($ip6_net == 'none') {
|
|
|
- moulinette_set('ip6_addr', 'none');
|
|
|
- } else {
|
|
|
- $ip6_addr = "${ip6_net}1";
|
|
|
- moulinette_set('ip6_addr', $ip6_addr);
|
|
|
- }
|
|
|
+ moulinette_set('ip6_addr', $ip6_addr);
|
|
|
|
|
|
if($_FILES['crt_client']['error'] == UPLOAD_ERR_OK) {
|
|
|
move_uploaded_file($_FILES['crt_client']['tmp_name'], '/etc/openvpn/keys/user.crt');
|
|
|
+ } elseif($_POST['crt_client_delete'] == 1) {
|
|
|
+ unlink('/etc/openvpn/keys/user.crt');
|
|
|
}
|
|
|
|
|
|
if($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK) {
|
|
|
move_uploaded_file($_FILES['crt_client_key']['tmp_name'], '/etc/openvpn/keys/user.key');
|
|
|
+ } elseif($_POST['crt_client_key_delete'] == 1) {
|
|
|
+ unlink('/etc/openvpn/keys/user.key');
|
|
|
}
|
|
|
|
|
|
if($_FILES['crt_server_ca']['error'] == UPLOAD_ERR_OK) {
|
|
|
move_uploaded_file($_FILES['crt_server_ca']['tmp_name'], '/etc/openvpn/keys/ca-server.crt');
|
|
|
}
|
|
|
|
|
|
+ if(!empty($_POST['login_user'])) {
|
|
|
+ file_put_contents('/etc/openvpn/keys/credentials', "${_POST['login_user']}\n${_POST['login_passphrase']}");
|
|
|
+ } else {
|
|
|
+ file_put_contents('/etc/openvpn/keys/credentials', '');
|
|
|
+ }
|
|
|
+
|
|
|
$retcode = start_service();
|
|
|
|
|
|
if($retcode == 0) {
|
|
@@ -72,6 +147,7 @@ dispatch_put('/settings', function() {
|
|
|
flash('error', T_('Configuration updated but service reload failed'));
|
|
|
}
|
|
|
|
|
|
+ redirect:
|
|
|
redirect_to('/');
|
|
|
});
|
|
|
|