Menu
▾
▴
astlinux-commits
|
From: <abe...@us...> - 2015-12-15 00:17:02
|
Revision: 7406
http://sourceforge.net/p/astlinux/code/7406
Author: abelbeck
Date: 2015-12-15 00:16:59 +0000 (Tue, 15 Dec 2015)
Log Message:
-----------
web interface, New SSL certificate creation, add new 'Signature Algorithm:' option, defaults to SHA-256. We previously hard-coded this to sha256, but some IP Phones with OpenVPN do not (yet) support SHA-256, this allows SHA-1 to be chosen
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php
branches/1.0/package/webinterface/altweb/admin/openvpn.php
branches/1.0/package/webinterface/altweb/admin/openvpnclient.php
branches/1.0/package/webinterface/altweb/admin/siptlscert.php
branches/1.0/package/webinterface/altweb/common/openssl-ipsecmobile.php
branches/1.0/package/webinterface/altweb/common/openssl-openvpn.php
branches/1.0/package/webinterface/altweb/common/openssl-sip-tls.php
Modified: branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -8,6 +8,7 @@
// ipsecmobile.php for AstLinux
// 11-23-2010
+// 12-14-2015, Added Signature Algorithm support
//
// System location of /mnt/kd/rc.conf.d directory
$IPSECMCONFDIR = '/mnt/kd/rc.conf.d';
@@ -30,15 +31,20 @@
// Function: ipsecmobile_openssl()
//
-function ipsecmobile_openssl($keysize, $dnsname) {
+function ipsecmobile_openssl($keysize, $algorithm, $dnsname) {
global $global_prefs;
// System location of gui.network.conf file
$NETCONFFILE = '/mnt/kd/rc.conf.d/gui.network.conf';
if ($keysize === '') {
- $keysize = '1024';
+ $keysize = '2048';
}
$opts['keysize'] = (int)$keysize;
+
+ if ($algorithm === '') {
+ $algorithm = 'sha256';
+ }
+ $opts['algorithm'] = $algorithm;
$opts['dnsname'] = $dnsname;
if (($countryName = getPREFdef($global_prefs, 'dn_country_name_cmdstr')) === '') {
@@ -75,8 +81,9 @@
return($ssl);
}
$key_size = getVARdef($db, 'IPSECM_CERT_KEYSIZE');
+$signature_algorithm = getVARdef($db, 'IPSECM_CERT_ALGORITHM');
$dns_name = getVARdef($db, 'IPSECM_CERT_DNSNAME');
-$openssl = ipsecmobile_openssl($key_size, $dns_name);
+$openssl = ipsecmobile_openssl($key_size, $signature_algorithm, $dns_name);
$nat_t_menu = array (
'off' => 'Disable',
@@ -136,6 +143,11 @@
'2048' => '2048 Bits'
);
+$signature_algorithm_menu = array (
+ 'sha1' => 'SHA-1',
+ 'sha256' => 'SHA-256'
+);
+
// Function: saveIPSECMsettings
//
function saveIPSECMsettings($conf_dir, $conf_file) {
@@ -210,6 +222,9 @@
$value = 'IPSECM_CERT_KEYSIZE="'.$_POST['key_size'].'"';
fwrite($fp, "### Private Key Size\n".$value."\n");
+ $value = 'IPSECM_CERT_ALGORITHM="'.$_POST['signature_algorithm'].'"';
+ fwrite($fp, "### Signature Algorithm\n".$value."\n");
+
$value = 'IPSECM_CERT_DNSNAME="'.str_replace(' ', '', tuq($_POST['dns_name'])).'"';
fwrite($fp, "### Server Cert DNS Name\n".$value."\n");
@@ -269,8 +284,9 @@
}
// Rebuild openssl.cnf template for new CA
$key_size = $_POST['key_size'];
+ $signature_algorithm = $_POST['signature_algorithm'];
$dns_name = str_replace(' ', '', tuq($_POST['dns_name']));
- if (($openssl = ipsecmobile_openssl($key_size, $dns_name)) !== FALSE) {
+ if (($openssl = ipsecmobile_openssl($key_size, $signature_algorithm, $dns_name)) !== FALSE) {
if (opensslCREATEselfCert($openssl)) {
if (opensslCREATEserverCert($openssl)) {
$result = 30;
@@ -593,7 +609,7 @@
putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
putHtml('Private Key Size:</td><td style="text-align: left;" colspan="4">');
if (($key_size = getVARdef($db, 'IPSECM_CERT_KEYSIZE')) === '') {
- $key_size = '1024';
+ $key_size = '2048';
}
putHtml('<select name="key_size">');
foreach ($key_size_menu as $key => $value) {
@@ -602,7 +618,21 @@
}
putHtml('</select>');
putHtml('</td></tr>');
+
putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
+ putHtml('Signature Algorithm:</td><td style="text-align: left;" colspan="4">');
+ if (($signature_algorithm = getVARdef($db, 'IPSECM_CERT_ALGORITHM')) === '') {
+ $signature_algorithm = 'sha256';
+ }
+ putHtml('<select name="signature_algorithm">');
+ foreach ($signature_algorithm_menu as $key => $value) {
+ $sel = ($signature_algorithm === $key) ? ' selected="selected"' : '';
+ putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
+ }
+ putHtml('</select>');
+ putHtml('</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
putHtml('Server Cert DNS Name:</td><td style="text-align: left;" colspan="4">');
$value = getVARdef($db, 'IPSECM_CERT_DNSNAME');
putHtml('<input type="text" size="24" maxlength="128" value="'.$value.'" name="dns_name" />');
Modified: branches/1.0/package/webinterface/altweb/admin/openvpn.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/openvpn.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/admin/openvpn.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -13,6 +13,7 @@
// 08-13-2010, Added QoS Passthrough, setting passtos
// 01-03-2013, Added private keysize support
// 02-13-2013, Added OpenVPN 2.3 IPv6 support
+// 12-14-2015, Added Signature Algorithm support
//
// System location of /mnt/kd/rc.conf.d directory
$OVPNCONFDIR = '/mnt/kd/rc.conf.d';
@@ -35,16 +36,21 @@
// Function: openvpn_openssl()
//
-function openvpn_openssl($keysize) {
+function openvpn_openssl($keysize, $algorithm) {
global $global_prefs;
// System location of gui.network.conf file
$NETCONFFILE = '/mnt/kd/rc.conf.d/gui.network.conf';
if ($keysize === '') {
- $keysize = '1024';
+ $keysize = '2048';
}
$opts['keysize'] = (int)$keysize;
+ if ($algorithm === '') {
+ $algorithm = 'sha256';
+ }
+ $opts['algorithm'] = $algorithm;
+
if (($countryName = getPREFdef($global_prefs, 'dn_country_name_cmdstr')) === '') {
$countryName = 'US';
}
@@ -79,7 +85,8 @@
return($ssl);
}
$key_size = getVARdef($db, 'OVPN_CERT_KEYSIZE');
-$openssl = openvpn_openssl($key_size);
+$signature_algorithm = getVARdef($db, 'OVPN_CERT_ALGORITHM');
+$openssl = openvpn_openssl($key_size, $signature_algorithm);
$cipher_menu = array (
'' => 'Use Default',
@@ -91,8 +98,8 @@
$auth_hmac_menu = array (
'' => 'Use Default',
- 'SHA1' => 'SHA1',
- 'SHA256' => 'SHA256'
+ 'SHA1' => 'SHA-1',
+ 'SHA256' => 'SHA-256'
);
$verbosity_menu = array (
@@ -119,6 +126,11 @@
'2048' => '2048 Bits'
);
+$signature_algorithm_menu = array (
+ 'sha1' => 'SHA-1',
+ 'sha256' => 'SHA-256'
+);
+
$topology_menu = array (
'' => 'Use Default',
'net30' => '[net30] older, OpenVPN 2.0 default',
@@ -204,6 +216,9 @@
$value = 'OVPN_CERT_KEYSIZE="'.$_POST['key_size'].'"';
fwrite($fp, "### Private Key Size\n".$value."\n");
+ $value = 'OVPN_CERT_ALGORITHM="'.$_POST['signature_algorithm'].'"';
+ fwrite($fp, "### Signature Algorithm\n".$value."\n");
+
if (opensslOPENVPNis_valid($openssl)) {
$value = 'OVPN_CA="'.$openssl['key_dir'].'/ca.crt"';
fwrite($fp, "### CA File\n".$value."\n");
@@ -397,7 +412,8 @@
}
// Rebuild openssl.cnf template for new CA
$key_size = $_POST['key_size'];
- if (($openssl = openvpn_openssl($key_size)) !== FALSE) {
+ $signature_algorithm = $_POST['signature_algorithm'];
+ if (($openssl = openvpn_openssl($key_size, $signature_algorithm)) !== FALSE) {
if (opensslCREATEselfCert($openssl)) {
if (opensslCREATEserverCert($openssl)) {
if (opensslCREATEdh_pem($openssl)) {
@@ -785,7 +801,7 @@
putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
putHtml('Private Key Size:</td><td style="text-align: left;" colspan="4">');
if (($key_size = getVARdef($db, 'OVPN_CERT_KEYSIZE')) === '') {
- $key_size = '1024';
+ $key_size = '2048';
}
putHtml('<select name="key_size">');
foreach ($key_size_menu as $key => $value) {
@@ -795,6 +811,19 @@
putHtml('</select>');
putHtml('</td></tr>');
+ putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
+ putHtml('Signature Algorithm:</td><td style="text-align: left;" colspan="4">');
+ if (($signature_algorithm = getVARdef($db, 'OVPN_CERT_ALGORITHM')) === '') {
+ $signature_algorithm = 'sha256';
+ }
+ putHtml('<select name="signature_algorithm">');
+ foreach ($signature_algorithm_menu as $key => $value) {
+ $sel = ($signature_algorithm === $key) ? ' selected="selected"' : '';
+ putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
+ }
+ putHtml('</select>');
+ putHtml('</td></tr>');
+
putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="3">');
putHtml('Create New Certificate and Key:</td><td class="dialogText" style="text-align: left;" colspan="3">');
$msg = '';
Modified: branches/1.0/package/webinterface/altweb/admin/openvpnclient.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/openvpnclient.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/admin/openvpnclient.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -47,8 +47,8 @@
$auth_hmac_menu = array (
'' => 'Use Default',
- 'SHA1' => 'SHA1',
- 'SHA256' => 'SHA256'
+ 'SHA1' => 'SHA-1',
+ 'SHA256' => 'SHA-256'
);
$nscerttype_menu = array (
Modified: branches/1.0/package/webinterface/altweb/admin/siptlscert.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/siptlscert.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/admin/siptlscert.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -8,6 +8,7 @@
// siptlscert.php for AstLinux
// 11-12-2012
+// 12-14-2015, Added Signature Algorithm support
//
// System location of /mnt/kd/rc.conf.d directory
$SIPTLSCERTCONFDIR = '/mnt/kd/rc.conf.d';
@@ -30,7 +31,7 @@
// Function: siptlscert_openssl()
//
-function siptlscert_openssl($keysize, $dnsname) {
+function siptlscert_openssl($keysize, $algorithm, $dnsname) {
global $global_prefs;
// System location of gui.network.conf file
$NETCONFFILE = '/mnt/kd/rc.conf.d/gui.network.conf';
@@ -39,6 +40,11 @@
$keysize = '2048';
}
$opts['keysize'] = (int)$keysize;
+
+ if ($algorithm === '') {
+ $algorithm = 'sha256';
+ }
+ $opts['algorithm'] = $algorithm;
$opts['dnsname'] = $dnsname;
if (($countryName = getPREFdef($global_prefs, 'dn_country_name_cmdstr')) === '') {
@@ -75,14 +81,20 @@
return($ssl);
}
$key_size = getVARdef($db, 'SIPTLSCERT_CERT_KEYSIZE');
+$signature_algorithm = getVARdef($db, 'SIPTLSCERT_CERT_ALGORITHM');
$dns_name = getVARdef($db, 'SIPTLSCERT_CERT_DNSNAME');
-$openssl = siptlscert_openssl($key_size, $dns_name);
+$openssl = siptlscert_openssl($key_size, $signature_algorithm, $dns_name);
$key_size_menu = array (
'1024' => '1024 Bits',
'2048' => '2048 Bits'
);
+$signature_algorithm_menu = array (
+ 'sha1' => 'SHA-1',
+ 'sha256' => 'SHA-256'
+);
+
// Function: saveSIPTLSCERTsettings
//
function saveSIPTLSCERTsettings($conf_dir, $conf_file) {
@@ -101,6 +113,9 @@
$value = 'SIPTLSCERT_CERT_KEYSIZE="'.$_POST['key_size'].'"';
fwrite($fp, "### Private Key Size\n".$value."\n");
+ $value = 'SIPTLSCERT_CERT_ALGORITHM="'.$_POST['signature_algorithm'].'"';
+ fwrite($fp, "### Signature Algorithm\n".$value."\n");
+
$value = 'SIPTLSCERT_CERT_DNSNAME="'.str_replace(' ', '', tuq($_POST['dns_name'])).'"';
fwrite($fp, "### Server Cert DNS Name\n".$value."\n");
@@ -131,8 +146,9 @@
}
// Rebuild openssl.cnf template for new CA
$key_size = $_POST['key_size'];
+ $signature_algorithm = $_POST['signature_algorithm'];
$dns_name = str_replace(' ', '', tuq($_POST['dns_name']));
- if (($openssl = siptlscert_openssl($key_size, $dns_name)) !== FALSE) {
+ if (($openssl = siptlscert_openssl($key_size, $signature_algorithm, $dns_name)) !== FALSE) {
if (opensslCREATEselfCert($openssl)) {
if (opensslCREATEserverCert($openssl)) {
$result = 30;
@@ -281,7 +297,21 @@
}
putHtml('</select>');
putHtml('</td></tr>');
+
putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
+ putHtml('Signature Algorithm:</td><td style="text-align: left;" colspan="4">');
+ if (($signature_algorithm = getVARdef($db, 'SIPTLSCERT_CERT_ALGORITHM')) === '') {
+ $signature_algorithm = 'sha256';
+ }
+ putHtml('<select name="signature_algorithm">');
+ foreach ($signature_algorithm_menu as $key => $value) {
+ $sel = ($signature_algorithm === $key) ? ' selected="selected"' : '';
+ putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
+ }
+ putHtml('</select>');
+ putHtml('</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
putHtml('Server Cert DNS Name:</td><td style="text-align: left;" colspan="4">');
if (($value = getVARdef($db, 'SIPTLSCERT_CERT_DNSNAME')) === '') {
$value = getPREFdef($global_prefs, 'dn_common_name_cmdstr');
Modified: branches/1.0/package/webinterface/altweb/common/openssl-ipsecmobile.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/openssl-ipsecmobile.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/common/openssl-ipsecmobile.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -40,27 +40,27 @@
);
$ssl['configArgs'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'encrypt_key' => FALSE
);
$ssl['sign_ca'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'v3_ca',
'encrypt_key' => FALSE
);
$ssl['sign_server'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'ipsecmobile_server',
'encrypt_key' => FALSE
);
$ssl['sign_client'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'usr_cert',
'encrypt_key' => FALSE
Modified: branches/1.0/package/webinterface/altweb/common/openssl-openvpn.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/openssl-openvpn.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/common/openssl-openvpn.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -42,27 +42,27 @@
);
$ssl['configArgs'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'encrypt_key' => FALSE
);
$ssl['sign_ca'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'v3_ca',
'encrypt_key' => FALSE
);
$ssl['sign_server'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'openvpn_server',
'encrypt_key' => FALSE
);
$ssl['sign_client'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'usr_cert',
'encrypt_key' => FALSE
Modified: branches/1.0/package/webinterface/altweb/common/openssl-sip-tls.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/openssl-sip-tls.php 2015-12-14 20:38:32 UTC (rev 7405)
+++ branches/1.0/package/webinterface/altweb/common/openssl-sip-tls.php 2015-12-15 00:16:59 UTC (rev 7406)
@@ -40,27 +40,27 @@
);
$ssl['configArgs'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'encrypt_key' => FALSE
);
$ssl['sign_ca'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'v3_ca',
'encrypt_key' => FALSE
);
$ssl['sign_server'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'sip_tls_server',
'encrypt_key' => FALSE
);
$ssl['sign_client'] = array(
'config' => $ssl['config'],
- 'digest_alg' => 'sha256',
+ 'digest_alg' => $opts['algorithm'],
'private_key_bits' => $opts['keysize'],
'x509_extensions' => 'usr_cert',
'encrypt_key' => FALSE
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-02-10 17:29:50
|
Revision: 7513
http://sourceforge.net/p/astlinux/code/7513
Author: abelbeck
Date: 2016-02-10 17:29:48 +0000 (Wed, 10 Feb 2016)
Log Message:
-----------
web interface, add Prefs tab options to enable staff user 'DNS Hosts' and 'XMPP Users' tabs
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/dnshosts.php
branches/1.0/package/webinterface/altweb/admin/prefs.php
branches/1.0/package/webinterface/altweb/admin/xmpp.php
branches/1.0/package/webinterface/altweb/common/functions.php
branches/1.0/package/webinterface/altweb/common/header.php
Modified: branches/1.0/package/webinterface/altweb/admin/dnshosts.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/dnshosts.php 2016-02-09 19:21:57 UTC (rev 7512)
+++ branches/1.0/package/webinterface/altweb/admin/dnshosts.php 2016-02-10 17:29:48 UTC (rev 7513)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2008-2013 Lonnie Abelbeck
+// Copyright (C) 2008-2016 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -10,6 +10,7 @@
// 01-05-2009
// 12-10-2010, Added IPv6 support
// 07-22-2013, Reorganize to force unique IP's
+// 02-10-2016, Added Staff support
//
// System location of /mnt/kd/rc.conf.d directory
$DNSHOSTSCONFDIR = '/mnt/kd/rc.conf.d';
@@ -122,7 +123,7 @@
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$result = 1;
- if (! $global_admin) {
+ if (! ($global_admin || $global_staff_enable_dnshosts)) {
$result = 999;
} elseif (isset($_POST['submit_save'])) {
$n = count($db['data']);
@@ -161,7 +162,7 @@
header('Location: '.$myself.'?result='.$result);
exit;
} else { // Start of HTTP GET
-$ACCESS_RIGHTS = 'admin';
+$ACCESS_RIGHTS = $global_staff_enable_dnshosts ? 'staff' : 'admin';
require_once '../common/header.php';
putHtml("<center>");
Modified: branches/1.0/package/webinterface/altweb/admin/prefs.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/prefs.php 2016-02-09 19:21:57 UTC (rev 7512)
+++ branches/1.0/package/webinterface/altweb/admin/prefs.php 2016-02-10 17:29:48 UTC (rev 7513)
@@ -493,6 +493,14 @@
$value = 'tab_network_show = no';
fwrite($fp, $value."\n");
}
+ if (! isset($_POST['dnshosts_disable_staff'])) {
+ $value = 'tab_dnshosts_disable_staff = no';
+ fwrite($fp, $value."\n");
+ }
+ if (! isset($_POST['xmpp_disable_staff'])) {
+ $value = 'tab_xmpp_disable_staff = no';
+ fwrite($fp, $value."\n");
+ }
if (! isset($_POST['tab_edit'])) {
$value = 'tab_edit_show = no';
fwrite($fp, $value."\n");
@@ -1204,7 +1212,14 @@
putHtml('<tr class="dtrow1"><td style="text-align: right;">');
$sel = (getPREFdef($global_prefs, 'tab_network_show') !== 'no') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="tab_network" name="tab_network"'.$sel.' /></td><td colspan="5">Show Network Tab</td></tr>');
+ putHtml('<tr class="dtrow1"><td> </td><td colspan="5">');
+ $sel = (getPREFdef($global_prefs, 'tab_dnshosts_disable_staff') !== 'no') ? ' checked="checked"' : '';
+ putHtml('<input type="checkbox" value="dnshosts_disable_staff" name="dnshosts_disable_staff"'.$sel.' /> Disable DNS Hosts Tab for "staff" user</td></tr>');
+ putHtml('<tr class="dtrow1"><td> </td><td colspan="5">');
+ $sel = (getPREFdef($global_prefs, 'tab_xmpp_disable_staff') !== 'no') ? ' checked="checked"' : '';
+ putHtml('<input type="checkbox" value="xmpp_disable_staff" name="xmpp_disable_staff"'.$sel.' /> Disable XMPP Users Tab for "staff" user</td></tr>');
+
putHtml('<tr class="dtrow1"><td style="text-align: right;">');
$sel = (getPREFdef($global_prefs, 'tab_edit_show') !== 'no') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="tab_edit" name="tab_edit"'.$sel.' /></td><td colspan="5">Show Edit Tab</td></tr>');
Modified: branches/1.0/package/webinterface/altweb/admin/xmpp.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/xmpp.php 2016-02-09 19:21:57 UTC (rev 7512)
+++ branches/1.0/package/webinterface/altweb/admin/xmpp.php 2016-02-10 17:29:48 UTC (rev 7513)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2013 Lonnie Abelbeck
+// Copyright (C) 2013-2016 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -8,6 +8,7 @@
// xmpp.php for AstLinux
// 11-01-2013
+// 02-10-2016, Added Staff support
//
// System location of /mnt/kd/rc.conf.d directory
$XMPPCONFDIR = '/mnt/kd/rc.conf.d';
@@ -77,8 +78,14 @@
// Function: saveXMPPsettings
//
function saveXMPPsettings($conf_dir, $conf_file) {
+ global $global_admin;
$result = 11;
+ // Don't save settings if 'staff' user.
+ if (! $global_admin) {
+ return($result);
+ }
+
if (! is_dir($conf_dir)) {
return(3);
}
@@ -235,7 +242,7 @@
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$result = 1;
- if (! $global_admin) {
+ if (! ($global_admin || $global_staff_enable_xmpp)) {
$result = 999;
} elseif (isset($_POST['submit_save'])) {
$ok = 0;
@@ -299,7 +306,7 @@
header('Location: '.$myself.'?result='.$result);
exit;
} else { // Start of HTTP GET
-$ACCESS_RIGHTS = 'admin';
+$ACCESS_RIGHTS = $global_staff_enable_xmpp ? 'staff' : 'admin';
require_once '../common/header.php';
putHtml('<center>');
@@ -314,7 +321,7 @@
} elseif ($result == 10) {
putHtml('<p style="color: green;">XMPP Server'.statusPROCESS('prosody').'.</p>');
} elseif ($result == 11) {
- putHtml('<p style="color: green;">Settings saved, click "Restart Server" to apply any changed settings.</p>');
+ putHtml('<p style="color: green;">Settings saved'.($global_admin ? ', click "Restart Server" to apply any changed settings.' : '.').'</p>');
} elseif ($result == 12) {
putHtml('<p style="color: red;">Missing Password, User not added or changed.</p>');
} elseif ($result == 13) {
@@ -363,6 +370,7 @@
putHtml('<table width="100%" class="stdtable">');
putHtml('<tr class="dtrow0"><td width="180"> </td><td> </td></tr>');
+if ($global_admin) {
if (! is_file('/mnt/kd/ssl/sip-tls/keys/server.crt') || ! is_file('/mnt/kd/ssl/sip-tls/keys/server.key')) {
putHtml('<tr class="dtrow0"><td class="dialogText" style="text-align: left;" colspan="2">');
putHtml('<strong>Missing SIP-TLS Server Certificate:</strong> <i>(Shared with XMPP)</i>');
@@ -535,6 +543,7 @@
}
putHtml('</select>');
putHtml('</td></tr>');
+} // if global_admin
if (is_file('/mnt/kd/prosody/prosody.cfg.lua')) {
putHtml('<tr class="dtrow0"><td class="dialogText" style="text-align: left;" colspan="2">');
Modified: branches/1.0/package/webinterface/altweb/common/functions.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/functions.php 2016-02-09 19:21:57 UTC (rev 7512)
+++ branches/1.0/package/webinterface/altweb/common/functions.php 2016-02-10 17:29:48 UTC (rev 7513)
@@ -995,4 +995,6 @@
$global_staff_disable_followme = ($global_user === 'staff' && (getPREFdef($global_prefs, 'tab_followme_disable_staff') === 'yes'));
$global_staff_enable_sqldata = ($global_user === 'staff' && (getPREFdef($global_prefs, 'tab_sqldata_disable_staff') === 'no'));
$global_staff_disable_staff = ($global_user === 'staff' && (getPREFdef($global_prefs, 'tab_staff_disable_staff') === 'yes'));
+$global_staff_enable_dnshosts = ($global_user === 'staff' && (getPREFdef($global_prefs, 'tab_dnshosts_disable_staff') === 'no'));
+$global_staff_enable_xmpp = ($global_user === 'staff' && (getPREFdef($global_prefs, 'tab_xmpp_disable_staff') === 'no'));
?>
Modified: branches/1.0/package/webinterface/altweb/common/header.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/header.php 2016-02-09 19:21:57 UTC (rev 7512)
+++ branches/1.0/package/webinterface/altweb/common/header.php 2016-02-10 17:29:48 UTC (rev 7513)
@@ -250,6 +250,12 @@
if ($global_staff && (getPREFdef($global_prefs, 'tab_netstat_show') === 'yes')) {
putHtml('<li><a href="/admin/netstat.php"><span>NetStat</span></a></li>');
}
+ if ($global_staff_enable_dnshosts) {
+ putHtml('<li><a href="/admin/dnshosts.php"><span>DNS Hosts</span></a></li>');
+ }
+ if ($global_staff_enable_xmpp) {
+ putHtml('<li><a href="/admin/xmpp.php"><span>XMPP Users</span></a></li>');
+ }
if (! is_null($custom_tabs = getCUSTOMtabs($global_prefs))) {
foreach ($custom_tabs as $tab) {
if ($tab['access'] === 'all' || ($global_staff && $tab['access'] === 'staff')
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-06-04 23:42:45
|
Revision: 7705
http://sourceforge.net/p/astlinux/code/7705
Author: abelbeck
Date: 2016-06-04 23:42:43 +0000 (Sat, 04 Jun 2016)
Log Message:
-----------
web interface, add avahi license and Basic Backup for /mnt/kd/avahi/
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/system.php
branches/1.0/package/webinterface/altweb/common/license-packages.txt
Modified: branches/1.0/package/webinterface/altweb/admin/system.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/system.php 2016-06-04 23:05:46 UTC (rev 7704)
+++ branches/1.0/package/webinterface/altweb/admin/system.php 2016-06-04 23:42:43 UTC (rev 7705)
@@ -197,7 +197,7 @@
$srcfile .= ' -e "s/^blocked-hosts$/&/p" -e "s/^dnsmasq.static$/&/p" -e "s/^hosts$/&/p" -e "s/^ethers$/&/p"';
$srcfile .= ' -e "s/^rc.local$/&/p" -e "s/^rc.local.stop$/&/p" -e "s/^rc.elocal$/&/p" -e "s/^rc.ledcontrol$/&/p"';
$srcfile .= ' -e "s/^wan-failover.script$/&/p" -e "s/^phoneprov-reload.script$/&/p"';
- $srcfile .= ' -e "s/^custom-agi$/&/p"';
+ $srcfile .= ' -e "s/^custom-agi$/&/p" -e "s/^avahi$/&/p"';
$srcfile .= ' -e "s/^crontabs$/&/p" -e "s/^snmp$/&/p" -e "s/^fop2$/&/p" -e "s/^kamailio$/&/p" -e "s/^monit$/&/p"';
$srcfile .= ' -e "s/^openvpn$/&/p" -e "s/^ipsec$/&/p" -e "s/^dahdi$/&/p" -e "s/^ssl$/&/p" -e "s/^ups$/&/p")';
$srcfile .= $firewall;
Modified: branches/1.0/package/webinterface/altweb/common/license-packages.txt
===================================================================
--- branches/1.0/package/webinterface/altweb/common/license-packages.txt 2016-06-04 23:05:46 UTC (rev 7704)
+++ branches/1.0/package/webinterface/altweb/common/license-packages.txt 2016-06-04 23:42:43 UTC (rev 7705)
@@ -29,7 +29,6 @@
libjpeg~Copyright (c) 1991-2014, Thomas G. Lane, Guido Vollbeding.
iptables~Copyright (c) 2000-2013 by the netfilter coreteam <cor...@ne...>
curl~Copyright (c) 1996-2016 Daniel Stenberg, <da...@ha...>.
-mDNS~Copyright (c) 2002-2004 Apple Computer, Inc. All rights reserved.
rp-pppoe~Copyright (c) 2001-2012 Roaring Penguin Software Inc.
zabbix~Copyright (c) 2000-2015 SIA Zabbix.
zlib~Copyright (c) 1995-2013 Jean-loup Gailly.
@@ -59,3 +58,4 @@
dhcp6c~Copyright (c) 1998-2008 WIDE Project.
htop~Copyright (c) 2004-2012 Hisham Muhammad.
unbound~Copyright (c) 2007-2016, NLnet Labs. All rights reserved.
+avahi~Copyright (c) 2004-2016 Lennart Poettering, Trent Lloyd, Avahi developers.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-06-07 17:48:35
|
Revision: 7709
http://sourceforge.net/p/astlinux/code/7709
Author: abelbeck
Date: 2016-06-07 17:48:33 +0000 (Tue, 07 Jun 2016)
Log Message:
-----------
web interface, Network and Edit tab, add support for Avahi mDNS/DNS-SD
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/edit.php
branches/1.0/package/webinterface/altweb/admin/network.php
branches/1.0/package/webinterface/altweb/common/functions.php
Modified: branches/1.0/package/webinterface/altweb/admin/edit.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/edit.php 2016-06-06 15:45:38 UTC (rev 7708)
+++ branches/1.0/package/webinterface/altweb/admin/edit.php 2016-06-07 17:48:33 UTC (rev 7709)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2008-2015 Lonnie Abelbeck
+// Copyright (C) 2008-2016 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -11,6 +11,7 @@
// 12-04-2008, Added Reload/Restart Menu
// 02-18-2013, Added OpenVPN Client Config editing
// 09-06-2013, Added Shortcut support
+// 06-07-2016, Added Avahi mDNS/DNS-SD support
//
$myself = $_SERVER['PHP_SELF'];
@@ -31,6 +32,7 @@
'fossil' => 'Restart Fossil Server',
'ldap' => 'Reload LDAP Client',
'slapd' => 'Restart LDAP Server',
+ 'avahi' => 'Restart mDNS/DNS-SD',
'monit' => 'Restart Monit Monitor',
'darkstat' => 'Restart NetStat Server',
'snmpd' => 'Restart SNMP Server',
@@ -256,6 +258,8 @@
$result = restartPROCESS($process, 46, $result, 'init');
} elseif ($process === 'fossil') {
$result = restartPROCESS($process, 47, $result, 'init');
+ } elseif ($process === 'avahi') {
+ $result = restartPROCESS($process, 48, $result, 'init');
} elseif ($process === 'cron') {
$result = updateCRON('root', 30, $result);
}
@@ -298,6 +302,8 @@
$dir === '/mnt/kd/snmp' ||
$dir === '/mnt/kd/fop2' ||
$dir === '/mnt/kd/kamailio' ||
+ $dir === '/mnt/kd/avahi' ||
+ $dir === '/mnt/kd/avahi/services' ||
$dir === '/mnt/kd/monit' ||
$dir === '/mnt/kd/monit/monit.d' ||
$dir === '/mnt/kd/ups' ||
@@ -392,6 +398,8 @@
putHtml('<p style="color: green;">Monit Monitoring'.statusPROCESS('monit').'.</p>');
} elseif ($result == 47) {
putHtml('<p style="color: green;">Fossil Server'.statusPROCESS('fossil').'.</p>');
+ } elseif ($result == 48) {
+ putHtml('<p style="color: green;">mDNS/DNS-SD (Avahi)'.statusPROCESS('avahi').'.</p>');
} elseif ($result == 99) {
putHtml('<p style="color: red;">Action Failed.</p>');
} elseif ($result == 999) {
@@ -556,6 +564,24 @@
}
putHtml('</optgroup>');
}
+ if (is_dir('/mnt/kd/avahi') && count($globfiles = glob('/mnt/kd/avahi/*')) > 0) {
+ putHtml('<optgroup label="———— Avahi mDNS/DNS-SD Configs ————">');
+ foreach ($globfiles as $globfile) {
+ if (is_file($globfile) && is_writable($globfile)) {
+ $sel = ($globfile === $openfile) ? ' selected="selected"' : '';
+ putHtml('<option value="'.$globfile.'"'.$sel.'>'.basename($globfile).' - Avahi Daemon Configuration</option>');
+ }
+ }
+ if (is_dir('/mnt/kd/avahi/services') && count($globfiles = glob('/mnt/kd/avahi/services/*.service')) > 0) {
+ foreach ($globfiles as $globfile) {
+ if (is_file($globfile) && is_writable($globfile)) {
+ $sel = ($globfile === $openfile) ? ' selected="selected"' : '';
+ putHtml('<option value="'.$globfile.'"'.$sel.'>services/'.basename($globfile).' - Avahi Service</option>');
+ }
+ }
+ }
+ putHtml('</optgroup>');
+ }
if (is_dir('/mnt/kd/ups') && count($globfiles = glob('/mnt/kd/ups/*.conf')) > 0) {
putHtml('<optgroup label="———— UPS Monitoring Configs ————">');
foreach ($globfiles as $globfile) {
Modified: branches/1.0/package/webinterface/altweb/admin/network.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/network.php 2016-06-06 15:45:38 UTC (rev 7708)
+++ branches/1.0/package/webinterface/altweb/admin/network.php 2016-06-07 17:48:33 UTC (rev 7709)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2008-2015 Lonnie Abelbeck
+// Copyright (C) 2008-2016 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -37,6 +37,7 @@
// 12-16-2014, Added Monit Monitoring support
// 08-21-2015, Added Fossil - Software Configuration Management
// 11-01-2015, Added DHCPv6 support
+// 06-07-2016, Added Avahi mDNS/DNS-SD support
//
// System location of rc.conf file
$CONFFILE = '/etc/rc.conf';
@@ -488,6 +489,9 @@
$value = 'UPNP_LISTEN="'.trim($x_value).'"';
fwrite($fp, "### UPnP Listen Interfaces\n".$value."\n");
+ $value = 'AVAHI_ENABLE="'.$_POST['avahi'].'"';
+ fwrite($fp, "### mDNS/DNS-SD\n".$value."\n");
+
$value = 'HTTPDIR="'.tuq($_POST['http_dir']).'"';
fwrite($fp, "### HTTP Server Directory\n".$value."\n");
@@ -954,6 +958,12 @@
$result = saveNETWORKsettings($NETCONFDIR, $NETCONFFILE);
header('Location: /admin/zabbix.php');
exit;
+ } elseif (isset($_POST['submit_avahi'])) {
+ $result = saveNETWORKsettings($NETCONFDIR, $NETCONFFILE);
+ if (is_writable($file = '/mnt/kd/avahi/avahi-daemon.conf')) {
+ header('Location: /admin/edit.php?file='.$file);
+ exit;
+ }
} elseif (isset($_POST['submit_edit_dnsmasq_conf'])) {
$result = saveNETWORKsettings($NETCONFDIR, $NETCONFFILE);
if (is_writable($file = '/mnt/kd/dnsmasq.conf')) {
@@ -1077,6 +1087,8 @@
$result = restartPROCESS($process, 46, $result, 'init');
} elseif ($process === 'fossil') {
$result = restartPROCESS($process, 47, $result, 'init');
+ } elseif ($process === 'avahi') {
+ $result = restartPROCESS($process, 48, $result, 'init');
}
} else {
$result = 2;
@@ -1167,6 +1179,8 @@
putHtml('<p style="color: green;">Monit Monitoring'.statusPROCESS('monit').'.</p>');
} elseif ($result == 47) {
putHtml('<p style="color: green;">Fossil Server'.statusPROCESS('fossil').'.</p>');
+ } elseif ($result == 48) {
+ putHtml('<p style="color: green;">mDNS/DNS-SD (Avahi)'.statusPROCESS('avahi').'.</p>');
} elseif ($result == 99) {
putHtml('<p style="color: red;">Action Failed.</p>');
} elseif ($result == 100) {
@@ -1248,6 +1262,8 @@
putHtml('<option value="ldap"'.$sel.'>Reload LDAP Client</option>');
$sel = ($reboot_restart === 'slapd') ? ' selected="selected"' : '';
putHtml('<option value="slapd"'.$sel.'>Restart LDAP Server</option>');
+ $sel = ($reboot_restart === 'avahi') ? ' selected="selected"' : '';
+ putHtml('<option value="avahi"'.$sel.'>Restart mDNS/DNS-SD</option>');
$sel = ($reboot_restart === 'monit') ? ' selected="selected"' : '';
putHtml('<option value="monit"'.$sel.'>Restart Monit Monitor</option>');
$sel = ($reboot_restart === 'darkstat') ? ' selected="selected"' : '';
@@ -1830,7 +1846,22 @@
$sel = isVARtype('UPNP_LISTEN', $db, $cur_db, 'DMZIF') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="upnp_DMZIF" name="upnp_DMZIF"'.$sel.' /> DMZ');
putHtml('</td></tr>');
-
+
+ if (is_file('/etc/init.d/avahi')) {
+ putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
+ putHtml('mDNS/DNS-SD Service Discovery:');
+ putHtml('<select name="avahi">');
+ putHtml('<option value="no">disabled</option>');
+ $sel = (getVARdef($db, 'AVAHI_ENABLE', $cur_db) === 'yes') ? ' selected="selected"' : '';
+ putHtml('<option value="yes"'.$sel.'>enabled</option>');
+ putHtml('</select>');
+ if (is_writable('/mnt/kd/avahi/avahi-daemon.conf')) {
+ putHtml('–');
+ putHtml('<input type="submit" value="Configure mDNS/DNS-SD" name="submit_avahi" class="button" />');
+ }
+ putHtml('</td></tr>');
+ }
+
putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
$value = getVARdef($db, 'HTTPDIR', $cur_db);
putHtml('HTTP Server Directory:<input type="text" size="45" maxlength="64" value="'.$value.'" name="http_dir" />');
Modified: branches/1.0/package/webinterface/altweb/common/functions.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/functions.php 2016-06-06 15:45:38 UTC (rev 7708)
+++ branches/1.0/package/webinterface/altweb/common/functions.php 2016-06-07 17:48:33 UTC (rev 7709)
@@ -116,6 +116,12 @@
} else {
$str = $stopped;
}
+ } elseif ($process === 'avahi') {
+ if (is_file($path.'avahi-daemon/pid')) {
+ $str = $running;
+ } else {
+ $str = $stopped;
+ }
} elseif ($process === 'ups') {
if (is_file($path.'upsmon.pid')) {
$str = $running;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-06-20 20:30:23
|
Revision: 7729
http://sourceforge.net/p/astlinux/code/7729
Author: abelbeck
Date: 2016-06-20 20:30:21 +0000 (Mon, 20 Jun 2016)
Log Message:
-----------
web interface, rename 'astlinux.org' to 'astlinux-project.org'
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php
branches/1.0/package/webinterface/altweb/admin/network.php
branches/1.0/package/webinterface/altweb/admin/openvpn.php
branches/1.0/package/webinterface/altweb/admin/siptlscert.php
branches/1.0/package/webinterface/altweb/common/functions.php
branches/1.0/package/webinterface/altweb/common/openssl-ipsecmobile.php
branches/1.0/package/webinterface/altweb/common/openssl-sip-tls.php
Modified: branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php 2016-06-19 22:41:59 UTC (rev 7728)
+++ branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php 2016-06-20 20:30:21 UTC (rev 7729)
@@ -75,7 +75,7 @@
}
}
if (($email = getPREFdef($global_prefs, 'dn_email_address_cmdstr')) === '') {
- $email = 'in...@as...';
+ $email = 'in...@as...';
}
$ssl = ipsecmobileSETUP($opts, $countryName, $stateName, $localityName, $orgName, $orgUnit, $commonName, $email);
return($ssl);
Modified: branches/1.0/package/webinterface/altweb/admin/network.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/network.php 2016-06-19 22:41:59 UTC (rev 7728)
+++ branches/1.0/package/webinterface/altweb/admin/network.php 2016-06-20 20:30:21 UTC (rev 7729)
@@ -539,7 +539,7 @@
$commonName = '*';
}
if (($email = getPREFdef($global_prefs, 'dn_email_address_cmdstr')) === '') {
- $email = 'in...@as...';
+ $email = 'in...@as...';
}
$fname = '/mnt/kd/ssl/webinterface.pem';
if (opensslCREATEhttpsCert($countryName, $stateName, $localityName, $orgName, $orgUnit, $commonName, $email, $fname)) {
Modified: branches/1.0/package/webinterface/altweb/admin/openvpn.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/openvpn.php 2016-06-19 22:41:59 UTC (rev 7728)
+++ branches/1.0/package/webinterface/altweb/admin/openvpn.php 2016-06-20 20:30:21 UTC (rev 7729)
@@ -79,7 +79,7 @@
}
}
if (($email = getPREFdef($global_prefs, 'dn_email_address_cmdstr')) === '') {
- $email = 'in...@as...';
+ $email = 'in...@as...';
}
$ssl = openvpnSETUP($opts, $countryName, $stateName, $localityName, $orgName, $orgUnit, $commonName, $email);
return($ssl);
Modified: branches/1.0/package/webinterface/altweb/admin/siptlscert.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/siptlscert.php 2016-06-19 22:41:59 UTC (rev 7728)
+++ branches/1.0/package/webinterface/altweb/admin/siptlscert.php 2016-06-20 20:30:21 UTC (rev 7729)
@@ -75,7 +75,7 @@
}
}
if (($email = getPREFdef($global_prefs, 'dn_email_address_cmdstr')) === '') {
- $email = 'in...@as...';
+ $email = 'in...@as...';
}
$ssl = sip_tls_SETUP($opts, $countryName, $stateName, $localityName, $orgName, $orgUnit, $commonName, $email);
return($ssl);
Modified: branches/1.0/package/webinterface/altweb/common/functions.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/functions.php 2016-06-19 22:41:59 UTC (rev 7728)
+++ branches/1.0/package/webinterface/altweb/common/functions.php 2016-06-20 20:30:21 UTC (rev 7729)
@@ -622,7 +622,7 @@
$ver3 = '';
}
- $str = 'https://mirror.astlinux.org/';
+ $str = 'https://mirror.astlinux-project.org/';
if ($ver3 === '1.4') {
$str .= 'firmware-1.x';
Modified: branches/1.0/package/webinterface/altweb/common/openssl-ipsecmobile.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/openssl-ipsecmobile.php 2016-06-19 22:41:59 UTC (rev 7728)
+++ branches/1.0/package/webinterface/altweb/common/openssl-ipsecmobile.php 2016-06-20 20:30:21 UTC (rev 7729)
@@ -30,7 +30,7 @@
'',
'[ ipsecmobile_server ]',
'basicConstraints=CA:FALSE',
- ($opts['dnsname'] !== '' ? 'subjectAltName=DNS:'.$opts['dnsname'] : '#subjectAltName=DNS:vpn.astlinux.org'),
+ ($opts['dnsname'] !== '' ? 'subjectAltName=DNS:'.$opts['dnsname'] : '#subjectAltName=DNS:vpn.astlinux-project.org'),
'nsCertType=server',
'nsComment="IPsec Mobile Server Certificate"',
'subjectKeyIdentifier=hash',
Modified: branches/1.0/package/webinterface/altweb/common/openssl-sip-tls.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/openssl-sip-tls.php 2016-06-19 22:41:59 UTC (rev 7728)
+++ branches/1.0/package/webinterface/altweb/common/openssl-sip-tls.php 2016-06-20 20:30:21 UTC (rev 7729)
@@ -30,7 +30,7 @@
'',
'[ sip_tls_server ]',
'basicConstraints=CA:FALSE',
- ($opts['dnsname'] !== '' ? 'subjectAltName=DNS:'.$opts['dnsname'] : '#subjectAltName=DNS:tls.astlinux.org'),
+ ($opts['dnsname'] !== '' ? 'subjectAltName=DNS:'.$opts['dnsname'] : '#subjectAltName=DNS:tls.astlinux-project.org'),
'nsCertType=server',
'nsComment="Asterisk SIP-TLS Server Certificate"',
'subjectKeyIdentifier=hash',
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-10 19:33:46
|
Revision: 7748
http://sourceforge.net/p/astlinux/code/7748
Author: abelbeck
Date: 2016-07-10 19:33:43 +0000 (Sun, 10 Jul 2016)
Log Message:
-----------
web interface, Firewall sub-tab, add 'Deny LAN to DMZ' option for specified LAN Interfaces
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/firewall.php
branches/1.0/package/webinterface/altweb/common/version.php
Modified: branches/1.0/package/webinterface/altweb/admin/firewall.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/firewall.php 2016-07-10 15:10:17 UTC (rev 7747)
+++ branches/1.0/package/webinterface/altweb/admin/firewall.php 2016-07-10 19:33:43 UTC (rev 7748)
@@ -21,6 +21,7 @@
// 01-27-2014, Added "Log Denied DMZ interface packets"
// 06-08-2014, Added support for multiple "Allow OpenVPN" LAN interfaces
// 06-12-2016, Added "Pass LAN->LAN" action
+// 07-10-2016, Added Deny LAN to DMZ for specified LAN Interfaces
//
// System location of /mnt/kd/rc.conf.d directory
$FIREWALLCONFDIR = '/mnt/kd/rc.conf.d';
@@ -85,23 +86,23 @@
'41' => '6to4'
);
-$allowlans_label = array (
+$lan_permutations_label = array (
+ 'INTIF' => '1st',
+ 'INT2IF' => '2nd',
+ 'INT3IF' => '3rd',
'INTIF INT2IF' => '1st and 2nd',
'INTIF INT3IF' => '1st and 3rd',
'INT2IF INT3IF' => '2nd and 3rd',
- 'INTIF INT2IF~INTIF INT3IF' => '1st and 2nd, 1st and 3rd',
- 'INTIF INT2IF~INT2IF INT3IF' => '1st and 2nd, 2nd and 3rd',
- 'INTIF INT3IF~INT2IF INT3IF' => '1st and 3rd, 2nd and 3rd',
'INTIF INT2IF INT3IF' => '1st and 2nd and 3rd'
);
-$vpn_allowlan_label = array (
- 'INTIF' => '1st',
- 'INT2IF' => '2nd',
- 'INT3IF' => '3rd',
+$allowlans_label = array (
'INTIF INT2IF' => '1st and 2nd',
'INTIF INT3IF' => '1st and 3rd',
'INT2IF INT3IF' => '2nd and 3rd',
+ 'INTIF INT2IF~INTIF INT3IF' => '1st and 2nd, 1st and 3rd',
+ 'INTIF INT2IF~INT2IF INT3IF' => '1st and 2nd, 2nd and 3rd',
+ 'INTIF INT3IF~INT2IF INT3IF' => '1st and 3rd, 2nd and 3rd',
'INTIF INT2IF INT3IF' => '1st and 2nd and 3rd'
);
@@ -294,6 +295,8 @@
fwrite($fp, $value."\n");
$value = 'DMZ_INET_DEFAULT_POLICY_DROP="'.$_POST['dmz_DP'].'"';
fwrite($fp, $value."\n");
+ $value = 'DMZ_DENYLAN="'.(isset($_POST['is_dmz_denylan']) ? $_POST['dmz_denylan'] : '').'"';
+ fwrite($fp, $value."\n");
$value = 'ALLOWLANS="'.(isset($_POST['is_allowlans']) ? $_POST['allowlans'] : '').'"';
fwrite($fp, $value."\n");
$value = 'OVPNC_ALLOWLAN="'.(isset($_POST['is_ovpnc_allowlan']) ? $_POST['ovpnc_allowlan'] : '').'"';
@@ -995,6 +998,18 @@
putHtml('</td></tr>');
putHtml('<tr class="dtrow1"><td width="75" style="text-align: right;">');
+ $dmz_denylan = getVARdef($vars, 'DMZ_DENYLAN');
+ $sel = ($dmz_denylan !== '') ? ' checked="checked"' : '';
+ putHtml('<input type="checkbox" value="is_dmz_denylan" name="is_dmz_denylan"'.$sel.' /></td><td>Deny LAN to DMZ for the');
+ putHtml('<select name="dmz_denylan">');
+ foreach ($lan_permutations_label as $key => $value) {
+ $sel = ($dmz_denylan === $key) ? ' selected="selected"' : '';
+ putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
+ }
+ putHtml('</select>');
+ putHtml('LAN Interface(s)</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td width="75" style="text-align: right;">');
$allowlans = getVARdef($vars, 'ALLOWLANS');
$sel = ($allowlans !== '') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="is_allowlans" name="is_allowlans"'.$sel.' /></td><td>Allow LAN to LAN for the');
@@ -1011,7 +1026,7 @@
$sel = ($ovpn_allowlan !== '') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="is_ovpnc_allowlan" name="is_ovpnc_allowlan"'.$sel.' /></td><td>Allow OpenVPN Client tunnel to the');
putHtml('<select name="ovpnc_allowlan">');
- foreach ($vpn_allowlan_label as $key => $value) {
+ foreach ($lan_permutations_label as $key => $value) {
$sel = ($ovpn_allowlan === $key) ? ' selected="selected"' : '';
putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
}
@@ -1023,7 +1038,7 @@
$sel = ($ovpn_allowlan !== '') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="is_ovpn_allowlan" name="is_ovpn_allowlan"'.$sel.' /></td><td>Allow OpenVPN Server tunnel to the');
putHtml('<select name="ovpn_allowlan">');
- foreach ($vpn_allowlan_label as $key => $value) {
+ foreach ($lan_permutations_label as $key => $value) {
$sel = ($ovpn_allowlan === $key) ? ' selected="selected"' : '';
putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
}
Modified: branches/1.0/package/webinterface/altweb/common/version.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/version.php 2016-07-10 15:10:17 UTC (rev 7747)
+++ branches/1.0/package/webinterface/altweb/common/version.php 2016-07-10 19:33:43 UTC (rev 7748)
@@ -1,6 +1,6 @@
<?php
// version.php for AstLinux Alternate Web Interface
-$GUI_VERSION = '1.8.37';
+$GUI_VERSION = '1.8.38';
?>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-10-14 22:04:58
|
Revision: 7890
http://sourceforge.net/p/astlinux/code/7890
Author: abelbeck
Date: 2016-10-14 22:04:56 +0000 (Fri, 14 Oct 2016)
Log Message:
-----------
webinterface, Status tab, check for known default 'admin' password and issue a warning if the default
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/prefs.php
branches/1.0/package/webinterface/altweb/common/functions.php
branches/1.0/package/webinterface/altweb/common/status.inc
Modified: branches/1.0/package/webinterface/altweb/admin/prefs.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/prefs.php 2016-10-14 21:06:29 UTC (rev 7889)
+++ branches/1.0/package/webinterface/altweb/admin/prefs.php 2016-10-14 22:04:56 UTC (rev 7890)
@@ -169,10 +169,6 @@
$value = 'status_exclude_extensions = yes';
fwrite($fp, $value."\n");
}
- if (isset($_POST['pass_warn'])) {
- $value = 'status_password_warning = no';
- fwrite($fp, $value."\n");
- }
if (isset($_POST['status_auth'])) {
$value = 'status_require_auth = yes';
fwrite($fp, $value."\n");
@@ -709,9 +705,6 @@
$sel = (getPREFdef($global_prefs, 'status_exclude_extensions') === 'yes') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="exclude_extensions" name="exclude_extensions"'.$sel.' /></td><td colspan="5">Exclude 4-digit Extensions in SIP/IAX2 Peer Status</td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: right;">');
- $sel = (getPREFdef($global_prefs, 'status_password_warning') === 'no') ? ' checked="checked"' : '';
- putHtml('<input type="checkbox" value="pass_warn" name="pass_warn"'.$sel.' /></td><td colspan="5">Disable "Password not set" Warning</td></tr>');
- putHtml('<tr class="dtrow1"><td style="text-align: right;">');
$sel = (getPREFdef($global_prefs, 'status_asterisk_manager') === 'no') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="disable_ami" name="disable_ami"'.$sel.' /></td><td colspan="5">Disable Asterisk Manager Interface for Asterisk Commands</td></tr>');
Modified: branches/1.0/package/webinterface/altweb/common/functions.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/functions.php 2016-10-14 21:06:29 UTC (rev 7889)
+++ branches/1.0/package/webinterface/altweb/common/functions.php 2016-10-14 22:04:56 UTC (rev 7890)
@@ -861,13 +861,6 @@
return($value);
}
-// Function: noASTLINUX
-//
-function noASTLINUX()
-{
- return(is_file('/etc/astlinux-no'));
-}
-
// Function: isDNSCRYPT
//
function isDNSCRYPT()
Modified: branches/1.0/package/webinterface/altweb/common/status.inc
===================================================================
--- branches/1.0/package/webinterface/altweb/common/status.inc 2016-10-14 21:06:29 UTC (rev 7889)
+++ branches/1.0/package/webinterface/altweb/common/status.inc 2016-10-14 22:04:56 UTC (rev 7890)
@@ -35,6 +35,7 @@
// 09-04-2014, Added Kamailio SIP Server Status
// 10-28-2014, Added S.M.A.R.T Monitoring Status
// 11-06-2014, Added Failover Status
+// 10-14-2016, Added Check for default admin password
//
// System location of OpenVPN Client logfile
$OVPNCLOGFILE = '/var/log/openvpnclient-status.log';
@@ -307,15 +308,25 @@
//
function noASTURWstorage() {
- if (noASTLINUX()) {
- $status = 0;
- } else {
- shell('mount 2>/dev/null | grep -q "/oldroot/mnt/asturw"', $status);
- }
+ shell('mount 2>/dev/null | grep -q "/oldroot/mnt/asturw"', $status);
return($status != 0);
}
+// Function: adminDEFAULTpassword
+//
+function adminDEFAULTpassword() {
+
+ $status = 0;
+
+ if (($HTPASSWD = getPASSWDlocation()) !== '') {
+ if (is_file($HTPASSWD)) {
+ shell("/usr/sbin/check-default-passwd admin '$HTPASSWD' >/dev/null 2>/dev/null", $status);
+ }
+ }
+ return($status == 0);
+}
+
// Function: noASTERISKsounds
//
function noASTERISKsounds($asterisk) {
@@ -488,18 +499,12 @@
}
} elseif (noASTURWstorage()) {
putHtml('<p style="color: red;">Notice: No Persistent File Storage, click <a href="/admin/setup.php" class="headerText">Installation Setup</a></p>');
+} elseif (adminDEFAULTpassword()) {
+ putHtml('<p style="color: red;">Notice: Management Password is a known default, click <a href="/admin/system.php" class="headerText">System</a>to change the "admin" password.</p>');
} elseif (noASTERISKsounds($daemon['asterisk'])) {
putHtml('<p style="color: red;">Notice: No Core Asterisk Sounds, click <a href="/admin/system.php" class="headerText">System</a>then via "Asterisk Sounds Packages", Upgrade/Install "core" and "moh" sounds.</p>');
} else {
- if (($HTPASSWD = getPASSWDlocation()) !== '') {
- if (is_file($HTPASSWD) || getPREFdef($global_prefs, 'status_password_warning') === 'no') {
- putHtml("<p> </p>");
- } else {
- putHtml('<p style="color: orange;">Warning: Management Password is not set, click <a href="/admin/system.php" class="headerText">System</a>to set the password.</p>');
- }
- } else {
- putHtml('<p style="color: orange;">Warning: Unable to locate base web directory.</p>');
- }
+ putHtml("<p> </p>");
}
putHtml("</center>");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-11-15 01:00:37
|
Revision: 7958
http://sourceforge.net/p/astlinux/code/7958
Author: abelbeck
Date: 2016-11-15 01:00:34 +0000 (Tue, 15 Nov 2016)
Log Message:
-----------
web interface, add IPsec strongSwan support
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/edit.php
branches/1.0/package/webinterface/altweb/admin/network.php
branches/1.0/package/webinterface/altweb/common/functions.php
branches/1.0/package/webinterface/altweb/common/license-packages.txt
branches/1.0/package/webinterface/altweb/common/status.inc
Modified: branches/1.0/package/webinterface/altweb/admin/edit.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/edit.php 2016-11-15 00:44:52 UTC (rev 7957)
+++ branches/1.0/package/webinterface/altweb/admin/edit.php 2016-11-15 01:00:34 UTC (rev 7958)
@@ -13,6 +13,7 @@
// 09-06-2013, Added Shortcut support
// 06-07-2016, Added Avahi mDNS/DNS-SD support
// 09-21-2016, Added Reload Firewall Blocklist
+// 11-14-2016, Added IPsec strongSwan support
//
$myself = $_SERVER['PHP_SELF'];
@@ -29,6 +30,7 @@
'openvpn' => 'Restart OpenVPN Server',
'openvpnclient' => 'Restart OpenVPN Client',
'racoon' => 'Restart IPsec VPN',
+ 'ipsec' => 'Restart IPsec strongSwan',
'pptpd' => 'Restart PPTP VPN Server',
'fossil' => 'Restart Fossil Server',
'ldap' => 'Reload LDAP Client',
@@ -262,6 +264,8 @@
$result = restartPROCESS($process, 47, $result, 'init');
} elseif ($process === 'avahi') {
$result = restartPROCESS($process, 48, $result, 'init');
+ } elseif ($process === 'ipsec') {
+ $result = restartPROCESS($process, 49, $result, 'init');
} elseif ($process === 'IPTABLES') {
$result = restartPROCESS('iptables', 66, $result, 'reload');
} elseif ($process === 'cron') {
@@ -301,6 +305,7 @@
$dir === '/mnt/kd/dahdi' ||
$dir === '/mnt/kd/openvpn' ||
$dir === '/mnt/kd/openvpn/ccd' ||
+ $dir === '/mnt/kd/ipsec/strongswan' ||
$dir === '/mnt/kd/rc.conf.d' ||
$dir === '/mnt/kd/crontabs' ||
$dir === '/mnt/kd/snmp' ||
@@ -405,6 +410,8 @@
putHtml('<p style="color: green;">Fossil Server'.statusPROCESS('fossil').'.</p>');
} elseif ($result == 48) {
putHtml('<p style="color: green;">mDNS/DNS-SD (Avahi)'.statusPROCESS('avahi').'.</p>');
+ } elseif ($result == 49) {
+ putHtml('<p style="color: green;">IPsec VPN (strongSwan)'.statusPROCESS('ipsec').'.</p>');
} elseif ($result == 66) {
putHtml('<p style="color: green;">Firewall Blocklist has been Reloaded.</p>');
} elseif ($result == 99) {
@@ -587,6 +594,16 @@
}
putHtml('</optgroup>');
}
+ if (is_dir('/mnt/kd/ipsec/strongswan') && count($globfiles = glob('/mnt/kd/ipsec/strongswan/*')) > 0) {
+ putHtml('<optgroup label="———— IPsec strongSwan Configs ————">');
+ foreach ($globfiles as $globfile) {
+ if (is_file($globfile) && is_writable($globfile)) {
+ $sel = ($globfile === $openfile) ? ' selected="selected"' : '';
+ putHtml('<option value="'.$globfile.'"'.$sel.'>'.basename($globfile).' - IPsec strongSwan Config</option>');
+ }
+ }
+ putHtml('</optgroup>');
+ }
if (is_dir('/mnt/kd/avahi') && count($globfiles = glob('/mnt/kd/avahi/*')) > 0) {
putHtml('<optgroup label="———— Avahi mDNS/DNS-SD Configs ————">');
foreach ($globfiles as $globfile) {
Modified: branches/1.0/package/webinterface/altweb/admin/network.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/network.php 2016-11-15 00:44:52 UTC (rev 7957)
+++ branches/1.0/package/webinterface/altweb/admin/network.php 2016-11-15 01:00:34 UTC (rev 7958)
@@ -39,6 +39,7 @@
// 11-01-2015, Added DHCPv6 support
// 06-07-2016, Added Avahi mDNS/DNS-SD support
// 07-15-2016, Added 4th LAN Interface
+// 11-14-2016, Added IPsec strongSwan support
//
// System location of rc.conf file
$CONFFILE = '/etc/rc.conf';
@@ -583,12 +584,15 @@
if (isset($_POST['openvpnclient'])) {
$x_value .= ' openvpnclient';
}
- if (isset($_POST['ipsec'])) {
+ if (isset($_POST['racoon'])) {
$x_value .= ' racoon';
}
if (isset($_POST['ipsecmobile'])) {
$x_value .= ' ipsecmobile';
}
+ if (isset($_POST['ipsec']) && ! isset($_POST['racoon']) && ! isset($_POST['ipsecmobile'])) {
+ $x_value .= ' ipsec';
+ }
if (isset($_POST['pptp'])) {
$x_value .= ' pptp';
}
@@ -1002,7 +1006,7 @@
header('Location: /admin/edit.php?file='.$file);
exit;
}
- } elseif (isset($_POST['submit_edit_ipsec'])) {
+ } elseif (isset($_POST['submit_edit_racoon'])) {
$result = saveNETWORKsettings($NETCONFDIR, $NETCONFFILE);
header('Location: /admin/ipsec.php');
exit;
@@ -1010,6 +1014,12 @@
$result = saveNETWORKsettings($NETCONFDIR, $NETCONFFILE);
header('Location: /admin/ipsecmobile.php');
exit;
+ } elseif (isset($_POST['submit_edit_ipsec'])) {
+ $result = saveNETWORKsettings($NETCONFDIR, $NETCONFFILE);
+ if (is_writable($file = '/mnt/kd/ipsec/strongswan/ipsec.conf')) {
+ header('Location: /admin/edit.php?file='.$file);
+ exit;
+ }
} elseif (isset($_POST['submit_edit_pptp'])) {
$result = saveNETWORKsettings($NETCONFDIR, $NETCONFFILE);
header('Location: /admin/pptp.php');
@@ -1115,6 +1125,8 @@
$result = restartPROCESS($process, 47, $result, 'init');
} elseif ($process === 'avahi') {
$result = restartPROCESS($process, 48, $result, 'init');
+ } elseif ($process === 'ipsec') {
+ $result = restartPROCESS($process, 49, $result, 'init');
}
} else {
$result = 2;
@@ -1207,6 +1219,8 @@
putHtml('<p style="color: green;">Fossil Server'.statusPROCESS('fossil').'.</p>');
} elseif ($result == 48) {
putHtml('<p style="color: green;">mDNS/DNS-SD (Avahi)'.statusPROCESS('avahi').'.</p>');
+ } elseif ($result == 49) {
+ putHtml('<p style="color: green;">IPsec VPN (strongSwan)'.statusPROCESS('ipsec').'.</p>');
} elseif ($result == 99) {
putHtml('<p style="color: red;">Action Failed.</p>');
} elseif ($result == 100) {
@@ -1280,6 +1294,8 @@
putHtml('<option value="openvpnclient"'.$sel.'>Restart OpenVPN Client</option>');
$sel = ($reboot_restart === 'racoon') ? ' selected="selected"' : '';
putHtml('<option value="racoon"'.$sel.'>Restart IPsec VPN</option>');
+ $sel = ($reboot_restart === 'ipsec') ? ' selected="selected"' : '';
+ putHtml('<option value="ipsec"'.$sel.'>Restart IPsec strongSwan</option>');
$sel = ($reboot_restart === 'pptpd') ? ' selected="selected"' : '';
putHtml('<option value="pptpd"'.$sel.'>Restart PPTP VPN Server</option>');
$sel = ($reboot_restart === 'fossil') ? ' selected="selected"' : '';
@@ -1999,10 +2015,10 @@
putHtml('<tr class="dtrow1"><td style="text-align: right;">');
$sel = isVARtype('VPN', $db, $cur_db, 'racoon') ? ' checked="checked"' : '';
- putHtml('<input type="checkbox" value="ipsec" name="ipsec"'.$sel.' />');
+ putHtml('<input type="checkbox" value="racoon" name="racoon"'.$sel.' />');
putHtml('</td><td style="text-align: left;" colspan="5">');
putHtml('IPsec Peers –');
- putHtml('<input type="submit" value="IPsec Configuration" name="submit_edit_ipsec" class="button" />');
+ putHtml('<input type="submit" value="IPsec Configuration" name="submit_edit_racoon" class="button" />');
putHtml('</td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: right;">');
@@ -2013,6 +2029,16 @@
putHtml('<input type="submit" value="IPsec Configuration" name="submit_edit_ipsecmobile" class="button" />');
putHtml('</td></tr>');
+ if (is_file('/etc/init.d/ipsec')) {
+ putHtml('<tr class="dtrow1"><td style="text-align: right;">');
+ $sel = isVARtype('VPN', $db, $cur_db, 'ipsec') ? ' checked="checked"' : '';
+ putHtml('<input type="checkbox" value="ipsec" name="ipsec"'.$sel.' />');
+ putHtml('</td><td style="text-align: left;" colspan="5">');
+ putHtml('IPsec strongSwan –');
+ putHtml('<input type="submit" value="IPsec Configuration" name="submit_edit_ipsec" class="button" />');
+ putHtml('</td></tr>');
+ }
+
putHtml('<tr class="dtrow1"><td style="text-align: right;">');
$sel = isVARtype('VPN', $db, $cur_db, 'pptp') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="pptp" name="pptp"'.$sel.' />');
Modified: branches/1.0/package/webinterface/altweb/common/functions.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/functions.php 2016-11-15 00:44:52 UTC (rev 7957)
+++ branches/1.0/package/webinterface/altweb/common/functions.php 2016-11-15 01:00:34 UTC (rev 7958)
@@ -74,12 +74,13 @@
$cmd .= ';service '.$process.' stop >/dev/null 2>/dev/null';
$cmd .= ';sleep '.$wait;
$cmd .= ';/usr/sbin/gen-rc-conf';
- if ($process === 'openvpn' || $process === 'openvpnclient' || $process === 'racoon' || $process === 'pptpd') {
+ if ($process === 'openvpn' || $process === 'openvpnclient' ||
+ $process === 'racoon' || $process === 'ipsec' || $process === 'pptpd') {
$cmd .= ';service iptables restart >/dev/null 2>/dev/null';
}
$cmd .= ';service '.$process.' '.$start.' >/dev/null 2>/dev/null';
}
-
+
if ($pathOK) {
putenv('PATH='.$path.':/sbin:/usr/sbin');
}
@@ -122,6 +123,12 @@
} else {
$str = $stopped;
}
+ } elseif ($process === 'ipsec') {
+ if (is_file($path.'charon.pid')) {
+ $str = $running;
+ } else {
+ $str = $stopped;
+ }
} elseif ($process === 'ups') {
if (is_file($path.'upsmon.pid')) {
$str = $running;
Modified: branches/1.0/package/webinterface/altweb/common/license-packages.txt
===================================================================
--- branches/1.0/package/webinterface/altweb/common/license-packages.txt 2016-11-15 00:44:52 UTC (rev 7957)
+++ branches/1.0/package/webinterface/altweb/common/license-packages.txt 2016-11-15 01:00:34 UTC (rev 7958)
@@ -63,3 +63,4 @@
avahi~Copyright (c) 2004-2016 Lennart Poettering, Trent Lloyd, Avahi developers.
Linux Kernel~Copyright (c) 1997-2016 The Linux Kernel Organization, Inc.; Linux is a Registered Trademark of Linus Torvalds.
whois~Copyright (c) 1999-2016 Marco d'Itri.
+strongSwan~Copyright (c) 2006-2016 Andreas Steffen, Tobias Brunner, et al.
Modified: branches/1.0/package/webinterface/altweb/common/status.inc
===================================================================
--- branches/1.0/package/webinterface/altweb/common/status.inc 2016-11-15 00:44:52 UTC (rev 7957)
+++ branches/1.0/package/webinterface/altweb/common/status.inc 2016-11-15 01:00:34 UTC (rev 7958)
@@ -78,6 +78,7 @@
$status['dnsmasq'] = 0;
$status['openvpn'] = 0;
$status['racoon'] = 0;
+ $status['charon'] = 0;
$status['pptpd'] = 0;
$status['upsmon'] = 0;
$status['syslogd'] = 0;
@@ -884,6 +885,21 @@
}
}
+if ($daemon['charon'] > 0) {
+ if (getPREFdef($global_prefs, 'status_ipsec_associations') !== 'no') {
+ putHtml("<h2>IPsec Associations (strongSwan):</h2>");
+ putHtml("<pre>");
+
+ $output = array();
+ @exec('/usr/sbin/ipsec status', $output);
+ foreach ($output as $line) {
+ putText(rtrim($line));
+ }
+ unset($output);
+ putHtml("</pre>");
+ }
+}
+
if ($daemon['pptpd'] > 0) {
if (getPREFdef($global_prefs, 'status_pptp_server') !== 'no') {
putHtml("<h2>PPTP VPN Server Status:</h2>");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-12-01 18:19:03
|
Revision: 8004
http://sourceforge.net/p/astlinux/code/8004
Author: abelbeck
Date: 2016-12-01 18:19:01 +0000 (Thu, 01 Dec 2016)
Log Message:
-----------
web interface, Status, Network, Edit, Prefs, System tabs, add support for 'chrony' instead of 'ntp' for network time
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/edit.php
branches/1.0/package/webinterface/altweb/admin/network.php
branches/1.0/package/webinterface/altweb/admin/prefs.php
branches/1.0/package/webinterface/altweb/admin/system.php
branches/1.0/package/webinterface/altweb/admin/view.php
branches/1.0/package/webinterface/altweb/common/functions.php
branches/1.0/package/webinterface/altweb/common/license-packages.txt
branches/1.0/package/webinterface/altweb/common/status.inc
Modified: branches/1.0/package/webinterface/altweb/admin/edit.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/edit.php 2016-12-01 16:09:41 UTC (rev 8003)
+++ branches/1.0/package/webinterface/altweb/admin/edit.php 2016-12-01 18:19:01 UTC (rev 8004)
@@ -61,7 +61,7 @@
'dnsmasq.conf' => 'DNSmasq Configuration',
'misdn-init.conf' => 'mISDN Configuration',
'msmtp-aliases.conf' => 'SMTP Local Aliases',
- 'ntpd.conf' => 'NTP Time Client/Server',
+ 'chrony.conf' => 'NTP Time Client/Server',
'sshd.conf' => 'SSH Server sshd_config',
'ldap.conf' => 'LDAP Client System Defaults',
'slapd.conf' => 'LDAP Server Configuration',
Modified: branches/1.0/package/webinterface/altweb/admin/network.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/network.php 2016-12-01 16:09:41 UTC (rev 8003)
+++ branches/1.0/package/webinterface/altweb/admin/network.php 2016-12-01 18:19:01 UTC (rev 8004)
@@ -927,7 +927,7 @@
}
} elseif (isset($_POST['submit_edit_ntp'])) {
$result = saveNETWORKsettings($NETCONFDIR, $NETCONFFILE);
- if (is_writable($file = '/mnt/kd/ntpd.conf')) {
+ if (is_writable($file = '/mnt/kd/chrony.conf')) {
header('Location: /admin/edit.php?file='.$file);
exit;
}
@@ -1698,7 +1698,7 @@
putHtml('</td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
putHtml('NTP Server:');
- if (! is_file('/mnt/kd/ntpd.conf')) {
+ if (! is_file('/mnt/kd/chrony.conf')) {
if (($t_value = getVARdef($db, 'NTPSERVS', $cur_db)) === '') {
$t_value = getVARdef($db, 'NTPSERV', $cur_db);
}
Modified: branches/1.0/package/webinterface/altweb/admin/prefs.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/prefs.php 2016-12-01 16:09:41 UTC (rev 8003)
+++ branches/1.0/package/webinterface/altweb/admin/prefs.php 2016-12-01 18:19:01 UTC (rev 8004)
@@ -588,7 +588,7 @@
putHtml('<tr class="dtrow1"><td style="text-align: right;">');
$sel = (getPREFdef($global_prefs, 'status_ntp_sessions') !== 'no') ? ' checked="checked"' : '';
- putHtml('<input type="checkbox" value="ntp_sessions" name="ntp_sessions"'.$sel.' /></td><td colspan="5">Show NTP Peer States</td></tr>');
+ putHtml('<input type="checkbox" value="ntp_sessions" name="ntp_sessions"'.$sel.' /></td><td colspan="5">Show NTP Time Sources</td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: right;">');
$sel = (getPREFdef($global_prefs, 'status_show_dhcp_leases') !== 'no') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="dhcp_leases" name="dhcp_leases"'.$sel.' /></td><td colspan="5">Show DHCP Leases</td></tr>');
Modified: branches/1.0/package/webinterface/altweb/admin/system.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/system.php 2016-12-01 16:09:41 UTC (rev 8003)
+++ branches/1.0/package/webinterface/altweb/admin/system.php 2016-12-01 18:19:01 UTC (rev 8004)
@@ -632,10 +632,8 @@
if (is_file($file = '/mnt/kd/crontabs/root')) {
putHtml('<option value="'.$file.'">Cron Jobs for root</option>');
}
- if (is_file($file = '/mnt/kd/ntpd.drift')) {
+ if (is_file($file = '/var/lib/ntp/chrony.drift')) {
putHtml('<option value="'.$file.'">NTP drift file</option>');
- } elseif (is_file($file = '/var/db/ntpd.drift')) {
- putHtml('<option value="'.$file.'">NTP drift file</option>');
}
if (is_file($file = '/etc/udev/rules.d/70-persistent-net.rules')) {
putHtml('<option value="'.$file.'">Net Interface Rules</option>');
Modified: branches/1.0/package/webinterface/altweb/admin/view.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/view.php 2016-12-01 16:09:41 UTC (rev 8003)
+++ branches/1.0/package/webinterface/altweb/admin/view.php 2016-12-01 18:19:01 UTC (rev 8004)
@@ -50,7 +50,7 @@
$dir === '/etc/dahdi' ||
$file === '/etc/ssh/sshd_config' ||
$file === '/stat/etc/rc.conf' ||
- $file === '/var/db/ntpd.drift' ||
+ $file === '/var/lib/ntp/chrony.drift' ||
$file === '/etc/udev/rules.d/70-persistent-net.rules' ||
($dir === '/etc' && (substr($file, -5) === '.conf'))) {
if (is_file($file)) {
Modified: branches/1.0/package/webinterface/altweb/common/functions.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/functions.php 2016-12-01 16:09:41 UTC (rev 8003)
+++ branches/1.0/package/webinterface/altweb/common/functions.php 2016-12-01 18:19:01 UTC (rev 8004)
@@ -123,6 +123,12 @@
} else {
$str = $stopped;
}
+ } elseif ($process === 'ntpd') {
+ if (is_file($path.'chronyd.pid')) {
+ $str = $running;
+ } else {
+ $str = $stopped;
+ }
} elseif ($process === 'ipsec') {
if (is_file($path.'charon.pid')) {
$str = $running;
@@ -181,7 +187,7 @@
function systemREBOOT($myself, $result, $setup = FALSE) {
global $global_prefs;
- $count_down_secs = 120;
+ $count_down_secs = 125;
if (($adjust = getPREFdef($global_prefs, 'system_reboot_timer_adjust')) !== '') {
$count_down_secs += (int)$adjust;
@@ -552,8 +558,8 @@
$value = trim($value, ' ');
}
if ($var === 'NTPSERV' || $var === 'NTPSERVS') {
- if (is_file('/mnt/kd/ntpd.conf')) {
- $value = '#NTP server is specified in /mnt/kd/ntpd.conf';
+ if (is_file('/mnt/kd/chrony.conf')) {
+ $value = '#NTP server is specified in /mnt/kd/chrony.conf';
}
}
if ($var === 'UPS_DRIVER' || $var === 'UPS_DRIVER_PORT') {
Modified: branches/1.0/package/webinterface/altweb/common/license-packages.txt
===================================================================
--- branches/1.0/package/webinterface/altweb/common/license-packages.txt 2016-12-01 16:09:41 UTC (rev 8003)
+++ branches/1.0/package/webinterface/altweb/common/license-packages.txt 2016-12-01 18:19:01 UTC (rev 8004)
@@ -20,7 +20,6 @@
OpenSSH~Copyright (c) 1995-2015 Tatu Ylonen, Espoo, Finland. All rights reserved.
OpenVPN~Copyright (c) 2002-2016 OpenVPN Technologies, Inc.
PHP~Copyright (c) 1999-2016 The PHP Group. All rights reserved.
-ntpd~Copyright (c) 1992-2016 David L. Mills.
vsftpd~Copyright (c) 2001-2015 Daniel Jacobowitz.
lighttpd~Copyright (c) 2004-2016 Jan Kneschke.
msmtp~Copyright (c) 2000-2016 Martin Lambers.
@@ -64,3 +63,4 @@
Linux Kernel~Copyright (c) 1997-2016 The Linux Kernel Organization, Inc.; Linux is a Registered Trademark of Linus Torvalds.
whois~Copyright (c) 1999-2016 Marco d'Itri.
strongSwan~Copyright (c) 2006-2016 Andreas Steffen, Tobias Brunner, et al.
+chrony~Copyright (c) 2009-2016 Miroslav Lichvar.
Modified: branches/1.0/package/webinterface/altweb/common/status.inc
===================================================================
--- branches/1.0/package/webinterface/altweb/common/status.inc 2016-12-01 16:09:41 UTC (rev 8003)
+++ branches/1.0/package/webinterface/altweb/common/status.inc 2016-12-01 18:19:01 UTC (rev 8004)
@@ -36,6 +36,7 @@
// 10-28-2014, Added S.M.A.R.T Monitoring Status
// 11-06-2014, Added Failover Status
// 10-14-2016, Added Check for default admin password
+// 12-01-2016, Added chronyc to replace ntpq
//
// System location of OpenVPN Client logfile
$OVPNCLOGFILE = '/var/log/openvpnclient-status.log';
@@ -73,7 +74,7 @@
function getDaemons() {
$status['asterisk'] = 0;
- $status['ntpd'] = 0;
+ $status['chronyd'] = 0;
$status['miniupnpd'] = 0;
$status['dnsmasq'] = 0;
$status['openvpn'] = 0;
@@ -705,24 +706,20 @@
}
}
-if ($daemon['ntpd'] > 0) {
+if ($daemon['chronyd'] > 0) {
if (getPREFdef($global_prefs, 'status_ntp_sessions') !== 'no') {
- putHtml("<h2>NTP Peer States:</h2>");
+ putHtml("<h2>NTP Time Sources:</h2>");
putHtml("<pre>");
- $tmpfile = tempnam("/tmp", "PHP_");
- shell('ntpq -pn 127.0.0.1 >'.$tmpfile, $status);
- if ($status == 0) {
- $ph = @fopen($tmpfile, "r");
- while (! feof($ph)) {
- if (($line = rtrim(fgets($ph, 1024))) !== '') {
- putText($line);
- }
- }
- fclose($ph);
- } else {
- putText('No NTP peers found');
+
+ $output = array();
+ @exec('/usr/bin/chronyc sources', $output);
+ if (strncmp(current($output), '210', 3) == 0) {
+ array_shift($output); // Skip first '210' line
}
- @unlink($tmpfile);
+ foreach ($output as $line) {
+ putText(rtrim($line));
+ }
+ unset($output);
putHtml("</pre>");
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2017-01-03 21:11:00
|
Revision: 8071
http://sourceforge.net/p/astlinux/code/8071
Author: abelbeck
Date: 2017-01-03 21:10:58 +0000 (Tue, 03 Jan 2017)
Log Message:
-----------
web interface, Update Copyright to 2017, label OpenVPN cipher as 'Legacy Cipher:'
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/openvpn.php
branches/1.0/package/webinterface/altweb/admin/openvpnclient.php
branches/1.0/package/webinterface/altweb/common/license-astlinux.txt
branches/1.0/package/webinterface/altweb/common/license-packages.txt
Modified: branches/1.0/package/webinterface/altweb/admin/openvpn.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/openvpn.php 2017-01-03 15:42:51 UTC (rev 8070)
+++ branches/1.0/package/webinterface/altweb/admin/openvpn.php 2017-01-03 21:10:58 UTC (rev 8071)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2008-2013 Lonnie Abelbeck
+// Copyright (C) 2008-2017 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -644,7 +644,7 @@
putHtml('<option value="yes"'.$sel.'>Yes</option>');
putHtml('</select>');
putHtml('</td><td style="text-align: right;" colspan="1">');
- putHtml('Cipher:');
+ putHtml('Legacy Cipher:');
putHtml('</td><td style="text-align: left;" colspan="2">');
$cipher = getVARdef($db, 'OVPN_CIPHER');
putHtml('<select name="cipher_menu">');
Modified: branches/1.0/package/webinterface/altweb/admin/openvpnclient.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/openvpnclient.php 2017-01-03 15:42:51 UTC (rev 8070)
+++ branches/1.0/package/webinterface/altweb/admin/openvpnclient.php 2017-01-03 21:10:58 UTC (rev 8071)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2008-2013 Lonnie Abelbeck
+// Copyright (C) 2008-2017 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -378,7 +378,7 @@
putHtml('<option value="yes"'.$sel.'>Yes</option>');
putHtml('</select>');
putHtml('</td><td style="text-align: right;" colspan="1">');
- putHtml('Cipher:');
+ putHtml('Legacy Cipher:');
putHtml('</td><td style="text-align: left;" colspan="2">');
$cipher = getVARdef($db, 'OVPNC_CIPHER');
putHtml('<select name="cipher_menu">');
Modified: branches/1.0/package/webinterface/altweb/common/license-astlinux.txt
===================================================================
--- branches/1.0/package/webinterface/altweb/common/license-astlinux.txt 2017-01-03 15:42:51 UTC (rev 8070)
+++ branches/1.0/package/webinterface/altweb/common/license-astlinux.txt 2017-01-03 21:10:58 UTC (rev 8071)
@@ -1,4 +1,4 @@
-AstLinux is Copyright (c) 2004-2016 by Kristian Kielhofner.
+AstLinux is Copyright (c) 2004-2017 by Kristian Kielhofner.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
Modified: branches/1.0/package/webinterface/altweb/common/license-packages.txt
===================================================================
--- branches/1.0/package/webinterface/altweb/common/license-packages.txt 2017-01-03 15:42:51 UTC (rev 8070)
+++ branches/1.0/package/webinterface/altweb/common/license-packages.txt 2017-01-03 21:10:58 UTC (rev 8071)
@@ -6,19 +6,19 @@
## 3) Lines beginning with a '#' are treated as comments
##
ex-vi~Copyright (c) 2001-2002 Caldera International Inc. All rights reserved.
-RUNNIX~Copyright (c) 2006-2016 Kristian Kielhofner, AstLinux Project.
+RUNNIX~Copyright (c) 2006-2017 Kristian Kielhofner, AstLinux Project.
libSRTP~Copyright (c) 2001-2016 Cisco Systems, Inc. All rights reserved.
iLBC CODEC~Copyright (c) 2011 The WebRTC project authors. All rights reserved.
-Web Interface~Copyright (c) 2008-2016 Lonnie Abelbeck.
+Web Interface~Copyright (c) 2008-2017 Lonnie Abelbeck.
shellinabox~Copyright (c) 2008-2015 Markus Gutschke, Luka Krajger.
-Asterisk~Copyright (c) 1999-2016 Digium, Inc.
+Asterisk~Copyright (c) 1999-2017 Digium, Inc.
DAHDI~Copyright (c) 2001-2015 Digium, Inc.
libPRI~Copyright (c) 2001-2015 Digium, Inc.
Arno's Firewall~Copyright (c) 2001-2016 Arno van Amersfoort.
dnsmasq~Copyright (c) 2000-2015 Simon Kelley.
OpenSSL~Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
OpenSSH~Copyright (c) 1995-2015 Tatu Ylonen, Espoo, Finland. All rights reserved.
-OpenVPN~Copyright (c) 2002-2016 OpenVPN Technologies, Inc.
+OpenVPN~Copyright (c) 2002-2017 OpenVPN Technologies, Inc.
PHP~Copyright (c) 1999-2016 The PHP Group. All rights reserved.
vsftpd~Copyright (c) 2001-2015 Daniel Jacobowitz.
lighttpd~Copyright (c) 2004-2016 Jan Kneschke.
@@ -46,12 +46,12 @@
darkstat~Copyright (c) 2001-2015 Emil Mikulic, et al.
NUT~Copyright (c) 1999-2016 Russell Kroll, Arnaud Quette, et al.
iftop~Copyright (c) 2002-2014 Paul Warren, Chris Lightfoot, et al.
-dnscrypt-proxy~Copyright (c) 2011-2016 Frank Denis.
+dnscrypt-proxy~Copyright (c) 2011-2017 Frank Denis.
libsodium~Copyright (c) 2013-2016 Frank Denis.
phoneprov-tools~Copyright (c) 2015-2016 Lonnie Abelbeck and Michael Keuter.
smartmontools~Copyright (c) 2002-2016 Bruce Allen, Christian Franke, et al.
Monit~Copyright (c) 2001-2016 Tildeslash. All rights reserved.
-sqlite~Copyright (c) 1995-2016 SQLite Consortium.
+sqlite~Copyright (c) 1995-2017 SQLite Consortium.
sqliteodbc~Copyright (c) 2001-2016 Christian Werner.
Fossil~Copyright (c) 2007-2016 D. Richard Hipp. All rights reserved.
BusyBox~Copyright (c) 1998-2011 Erik Andersen, Rob Landley, Denys Vlasenko, et al.
@@ -63,4 +63,4 @@
Linux Kernel~Copyright (c) 1997-2016 The Linux Kernel Organization, Inc.; Linux is a Registered Trademark of Linus Torvalds.
whois~Copyright (c) 1999-2016 Marco d'Itri.
strongSwan~Copyright (c) 2006-2016 Andreas Steffen, Tobias Brunner, et al.
-chrony~Copyright (c) 1997-2016 Richard P. Curnow, Miroslav Lichvar.
+chrony~Copyright (c) 1997-2017 Richard P. Curnow, Miroslav Lichvar.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2017-01-29 15:39:10
|
Revision: 8132
http://sourceforge.net/p/astlinux/code/8132
Author: abelbeck
Date: 2017-01-29 15:39:07 +0000 (Sun, 29 Jan 2017)
Log Message:
-----------
web interface, add support for DDGETIPV6 rc.conf variable, 'HE Free DNS' Dynamic DNS Service Type, and 'checkip.dns.he.net' DNS Get
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/network.php
branches/1.0/package/webinterface/altweb/common/license-astlinux.txt
branches/1.0/package/webinterface/altweb/common/license-packages.txt
branches/1.0/package/webinterface/altweb/common/version.php
Modified: branches/1.0/package/webinterface/altweb/admin/network.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/network.php 2017-01-29 00:14:33 UTC (rev 8131)
+++ branches/1.0/package/webinterface/altweb/admin/network.php 2017-01-29 15:39:07 UTC (rev 8132)
@@ -41,6 +41,7 @@
// 07-15-2016, Added 4th LAN Interface
// 11-14-2016, Added IPsec strongSwan support
// 01-22-2017, Removed Dynamic DNS 'getip.krisk.org', map to default
+// 01-29-2017, Added DDGETIPV6 support
//
// System location of rc.conf file
$CONFFILE = '/etc/rc.conf';
@@ -96,6 +97,7 @@
'DynDNS [static]' => 'st...@dy...',
'EasyDNS' => 'easydns',
'FreeDNS' => 'de...@fr...',
+ 'HE Free DNS' => 'he',
'NameCheap' => 'namecheap',
'No-IP' => 'de...@no...',
'nsupdate.info' => 'de...@ns...',
@@ -106,10 +108,18 @@
$select_dyndns_getip = array (
'User Defined >>>' => '',
'myip.dnsomatic.com' => 'myip.dnsomatic.com',
+ 'checkip.dns.he.net' => 'he',
'checkip.dyndns.org' => 'checkip.dyndns.org',
'External Interface' => 'interface'
);
+$select_dyndns_getipv6 = array (
+ 'User Defined >>>' => '',
+ 'checkip.dns.he.net' => 'he',
+ 'External Interface' => 'interface',
+ 'Disabled' => 'no'
+);
+
$select_ldap_deref = array (
'never' => 'never',
'searching' => 'searching',
@@ -636,6 +646,12 @@
$value = 'DDGETIP="'.tuq($_POST['other_dd_getip']).'"';
}
fwrite($fp, $value."\n");
+ if ($_POST['dd_getipv6'] !== '') {
+ $value = 'DDGETIPV6="'.$_POST['dd_getipv6'].'"';
+ } else {
+ $value = 'DDGETIPV6="'.tuq($_POST['other_dd_getipv6']).'"';
+ }
+ fwrite($fp, $value."\n");
$value = 'DDHOST="'.tuq($_POST['dd_host']).'"';
fwrite($fp, $value."\n");
$value = 'DDUSER="'.tuq($_POST['dd_user']).'"';
@@ -2131,8 +2147,27 @@
}
putHtml('</select>');
putHtml('<input type="text" size="36" maxlength="128" value="'.$t_value.'" name="other_dd_getip" /></td></tr>');
-
+
putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
+ putHtml('DNS Get IPv6 Address:');
+ $t_value = getVARdef($db, 'DDGETIPV6', $cur_db);
+ if ($t_value === '') {
+ $t_value = 'no';
+ }
+ putHtml('<select name="dd_getipv6">');
+ foreach ($select_dyndns_getipv6 as $key => $value) {
+ if (strcasecmp($t_value, $value) == 0) {
+ $sel = ' selected="selected"';
+ $t_value = '';
+ } else {
+ $sel = '';
+ }
+ putHtml('<option value="'.$value.'"'.$sel.'>'.$key.'</option>');
+ }
+ putHtml('</select>');
+ putHtml('<input type="text" size="36" maxlength="128" value="'.$t_value.'" name="other_dd_getipv6" /></td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
$value = getVARdef($db, 'DDHOST', $cur_db);
putHtml('DNS Hostname:<input type="text" size="36" maxlength="128" value="'.$value.'" name="dd_host" /></td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="3">');
Modified: branches/1.0/package/webinterface/altweb/common/license-astlinux.txt
===================================================================
--- branches/1.0/package/webinterface/altweb/common/license-astlinux.txt 2017-01-29 00:14:33 UTC (rev 8131)
+++ branches/1.0/package/webinterface/altweb/common/license-astlinux.txt 2017-01-29 15:39:07 UTC (rev 8132)
@@ -1,4 +1,4 @@
-AstLinux is Copyright (c) 2004-2017 by Kristian Kielhofner.
+AstLinux is Copyright (c) 2004-2017 by AstLinux Project, Kristian Kielhofner.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
Modified: branches/1.0/package/webinterface/altweb/common/license-packages.txt
===================================================================
--- branches/1.0/package/webinterface/altweb/common/license-packages.txt 2017-01-29 00:14:33 UTC (rev 8131)
+++ branches/1.0/package/webinterface/altweb/common/license-packages.txt 2017-01-29 15:39:07 UTC (rev 8132)
@@ -6,7 +6,7 @@
## 3) Lines beginning with a '#' are treated as comments
##
ex-vi~Copyright (c) 2001-2002 Caldera International Inc. All rights reserved.
-RUNNIX~Copyright (c) 2006-2017 Kristian Kielhofner, AstLinux Project.
+RUNNIX~Copyright (c) 2006-2017 AstLinux Project, Kristian Kielhofner.
libSRTP~Copyright (c) 2001-2016 Cisco Systems, Inc. All rights reserved.
iLBC CODEC~Copyright (c) 2011 The WebRTC project authors. All rights reserved.
Web Interface~Copyright (c) 2008-2017 Lonnie Abelbeck.
@@ -19,9 +19,9 @@
OpenSSL~Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
OpenSSH~Copyright (c) 1995-2015 Tatu Ylonen, Espoo, Finland. All rights reserved.
OpenVPN~Copyright (c) 2002-2017 OpenVPN Technologies, Inc.
-PHP~Copyright (c) 1999-2016 The PHP Group. All rights reserved.
+PHP~Copyright (c) 1999-2017 The PHP Group. All rights reserved.
vsftpd~Copyright (c) 2001-2015 Daniel Jacobowitz.
-lighttpd~Copyright (c) 2004-2016 Jan Kneschke.
+lighttpd~Copyright (c) 2004-2017 Jan Kneschke.
msmtp~Copyright (c) 2000-2016 Martin Lambers.
libxml2~Copyright (c) 1998-2016 Daniel Veillard. All Rights Reserved.
libtiff~Copyright (c) 1988-2015 Sam Leffler, Copyright (c) 1991-1997 Silicon Graphics, Inc.
@@ -31,16 +31,16 @@
curl~Copyright (c) 1996-2016 Daniel Stenberg.
rp-pppoe~Copyright (c) 2001-2012 Roaring Penguin Software Inc.
zabbix~Copyright (c) 2000-2016 SIA Zabbix.
-zlib~Copyright (c) 1995-2013 Jean-loup Gailly.
+zlib~Copyright (c) 1995-2017 Jean-loup Gailly.
SILK CODEC~Copyright (c) 2010-2016 Skype and/or Microsoft. All rights reserved. Licensed via Digium, Inc.
SpanDSP~Copyright (c) 2003-2015 Steve Underwood. All rights reserved.
-Prosody~Copyright (c) 2008-2016 Matthew Wild and Waqas Hussain.
+Prosody~Copyright (c) 2008-2017 Matthew Wild and Waqas Hussain.
Lua~Copyright (c) 1994-2012 Lua.org, PUC-Rio. All rights reserved.
perl~Copyright (c) 1987-2016 Larry Wall, et al.
perl-cross~Copyright (c) 2009-2016 Alex Suykov.
phpLiteAdmin~Copyright (c) 2011-2015 phpLiteAdmin (https://bitbucket.org/phpliteadmin/public)
-FOP2~Copyright (c) 2009-2016 House Internet S.R.L. (http://www.fop2.com)
-ddclient~Copyright (c) 1999-2015 Paul Burry, wimpunk, et al.
+FOP2~Copyright (c) 2009-2017 House Internet S.R.L. (http://www.fop2.com)
+ddclient-curl~Copyright (c) 1999-2017 David Kerr, Paul Burry, wimpunk, et al.
vCard converter~Copyright (c) 2006-2013 Thomas Bruederli.
OpenLDAP~Copyright (c) 1998-2016 The OpenLDAP Foundation. All rights reserved.
darkstat~Copyright (c) 2001-2015 Emil Mikulic, et al.
@@ -53,7 +53,7 @@
Monit~Copyright (c) 2001-2016 Tildeslash. All rights reserved.
sqlite~Copyright (c) 1995-2017 SQLite Consortium.
sqliteodbc~Copyright (c) 2001-2016 Christian Werner.
-Fossil~Copyright (c) 2007-2016 D. Richard Hipp. All rights reserved.
+Fossil~Copyright (c) 2007-2017 D. Richard Hipp. All rights reserved.
BusyBox~Copyright (c) 1998-2011 Erik Andersen, Rob Landley, Denys Vlasenko, et al.
dhcp6c~Copyright (c) 1998-2008 WIDE Project with 2016 Debian patches.
htop~Copyright (c) 2004-2012 Hisham Muhammad.
Modified: branches/1.0/package/webinterface/altweb/common/version.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/version.php 2017-01-29 00:14:33 UTC (rev 8131)
+++ branches/1.0/package/webinterface/altweb/common/version.php 2017-01-29 15:39:07 UTC (rev 8132)
@@ -1,6 +1,6 @@
<?php
// version.php for AstLinux Alternate Web Interface
-$GUI_VERSION = '1.8.39';
+$GUI_VERSION = '1.8.40';
?>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2017-07-13 20:34:45
|
Revision: 8437
http://sourceforge.net/p/astlinux/code/8437
Author: abelbeck
Date: 2017-07-13 20:34:42 +0000 (Thu, 13 Jul 2017)
Log Message:
-----------
Network tab, add "ACME (Let's Encrypt) Certificate" section with topic help info
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/network.php
branches/1.0/package/webinterface/altweb/admin/siptlscert.php
branches/1.0/package/webinterface/altweb/admin/slapd.php
branches/1.0/package/webinterface/altweb/admin/xmpp.php
branches/1.0/package/webinterface/altweb/common/topics.info
Modified: branches/1.0/package/webinterface/altweb/admin/network.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/network.php 2017-07-12 16:54:49 UTC (rev 8436)
+++ branches/1.0/package/webinterface/altweb/admin/network.php 2017-07-13 20:34:42 UTC (rev 8437)
@@ -44,6 +44,7 @@
// 01-29-2017, Added DDGETIPV6 support
// 02-16-2017, Added Restart FTP Server support
// 06-02-2017, Added selectable Prefix Delegation interfaces
+// 07-12-2017, Added ACME (Let's Encrypt) Certificate configuration
//
// System location of rc.conf file
$CONFFILE = '/etc/rc.conf';
@@ -474,7 +475,25 @@
$value = 'SMTP_PASS="'.string2RCconfig(trim($_POST['smtp_pass'])).'"';
fwrite($fp, "### SMTP Auth Password\n".$value."\n");
-
+
+ $x_value = '';
+ if (isset($_POST['acme_lighttpd'])) {
+ $x_value .= ' lighttpd';
+ }
+ if (isset($_POST['acme_asterisk'])) {
+ $x_value .= ' asterisk';
+ }
+ if (isset($_POST['acme_prosody'])) {
+ $x_value .= ' prosody';
+ }
+ if (isset($_POST['acme_slapd'])) {
+ $x_value .= ' slapd';
+ }
+ $value = 'ACME_SERVICE="'.trim($x_value).'"';
+ fwrite($fp, "### ACME Certificate\n".$value."\n");
+ $value = 'ACME_ACCOUNT_EMAIL="'.tuq($_POST['acme_account_email']).'"';
+ fwrite($fp, $value."\n");
+
$value = 'FTPD="'.$_POST['ftp'].'"';
fwrite($fp, "### FTP Server\n".$value."\n");
$value = 'FTPD_WRITE="'.$_POST['ftpd_write'].'"';
@@ -568,7 +587,7 @@
fwrite($fp, "### HTTPS access logging\n".$value."\n");
$value = 'HTTPSCERT="'.tuq($_POST['https_cert']).'"';
- if (isset($_POST['create_cert']) && is_opensslHERE()) {
+ if (isset($_POST['submit_self_signed_https']) && isset($_POST['confirm_self_signed_https'])) {
if (($countryName = getPREFdef($global_prefs, 'dn_country_name_cmdstr')) === '') {
$countryName = 'US';
}
@@ -598,6 +617,8 @@
}
}
fwrite($fp, "### HTTPS Certificate File\n".$value."\n");
+ $value = isset($_POST['acme_lighttpd']) ? 'HTTPSCHAIN="/mnt/kd/ssl/https_ca_chain.pem"' : 'HTTPSCHAIN=""';
+ fwrite($fp, $value."\n");
$value = 'PHONEPROV_ALLOW="'.tuq($_POST['phoneprov_allow']).'"';
fwrite($fp, "### /phoneprov/ Allowed IPs\n".$value."\n");
@@ -980,7 +1001,15 @@
$result = saveNETWORKsettings($NETCONFDIR, $NETCONFFILE);
header('Location: /admin/dnscrypt.php');
exit;
- } elseif (isset($_POST['submit_sip_tls'])) {
+ } elseif (isset($_POST['submit_self_signed_https'])) {
+ if (isset($_POST['confirm_self_signed_https'])) {
+ if (($result = saveNETWORKsettings($NETCONFDIR, $NETCONFFILE)) == 11) {
+ $result = 12;
+ }
+ } else {
+ $result = 2;
+ }
+ } elseif (isset($_POST['submit_self_signed_sip_tls'])) {
$result = saveNETWORKsettings($NETCONFDIR, $NETCONFFILE);
header('Location: /admin/siptlscert.php');
exit;
@@ -1212,6 +1241,8 @@
putHtml('<p style="color: green;">System is Rebooting... back in <span id="count_down"><script language="JavaScript" type="text/javascript">document.write(count_down_secs);</script></span> seconds.</p>');
} elseif ($result == 11) {
putHtml('<p style="color: green;">Settings saved, click "Reboot/Restart" to apply any changed settings, a "Reboot System" is required for Interface changes.</p>');
+ } elseif ($result == 12) {
+ putHtml('<p style="color: green;">Settings saved, a new Self-Signed HTTPS certificate is installed, a "Reboot System" is required to apply changes.</p>');
} elseif ($result == 21) {
putHtml('<p style="color: green;">PPPoE has Restarted.</p>');
} elseif ($result == 22) {
@@ -1881,8 +1912,40 @@
}
putHtml('<tr class="dtrow0"><td colspan="6"> </td></tr>');
-
+
putHtml('<tr class="dtrow0"><td class="dialogText" style="text-align: left;" colspan="6">');
+ putHtml('<strong>ACME (Let\'s Encrypt) Certificate:</strong>'.includeTOPICinfo('ACME-Certificate'));
+ putHtml('</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
+ putHtml('ACME Deploy Service:');
+ $sel = isVARtype('ACME_SERVICE', $db, $cur_db, 'lighttpd') ? ' checked="checked"' : '';
+ putHtml('<input type="checkbox" value="acme_lighttpd" name="acme_lighttpd"'.$sel.' /> HTTPS Server');
+ $sel = isVARtype('ACME_SERVICE', $db, $cur_db, 'asterisk') ? ' checked="checked"' : '';
+ putHtml('<input type="checkbox" value="acme_asterisk" name="acme_asterisk"'.$sel.' /> Asterisk SIP-TLS');
+ $sel = isVARtype('ACME_SERVICE', $db, $cur_db, 'prosody') ? ' checked="checked"' : '';
+ putHtml('<input type="checkbox" value="acme_prosody" name="acme_prosody"'.$sel.' /> XMPP Server');
+ $sel = isVARtype('ACME_SERVICE', $db, $cur_db, 'slapd') ? ' checked="checked"' : '';
+ putHtml('<input type="checkbox" value="acme_slapd" name="acme_slapd"'.$sel.' /> LDAP Server');
+ putHtml('</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
+ $value = getVARdef($db, 'ACME_ACCOUNT_EMAIL', $cur_db);
+ putHtml('ACME Account Email Address:<input type="text" size="36" maxlength="128" value="'.$value.'" name="acme_account_email" /></td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
+ putHtml('Non-ACME Self-Signed HTTPS Certificate:');
+ putHtml('<input type="submit" value="Self-Signed HTTPS Cert" name="submit_self_signed_https" class="button" />');
+ putHtml('–');
+ putHtml('<input type="checkbox" value="self_signed_https" name="confirm_self_signed_https" /> Confirm</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
+ putHtml('Non-ACME Self-Signed SIP-TLS Certificate:');
+ putHtml('<input type="submit" value="Self-Signed SIP-TLS Cert" name="submit_self_signed_sip_tls" class="button" /></td></tr>');
+
+ putHtml('<tr class="dtrow0"><td colspan="6"> </td></tr>');
+
+ putHtml('<tr class="dtrow0"><td class="dialogText" style="text-align: left;" colspan="6">');
putHtml('<strong>Network Services:</strong>');
putHtml('</td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
@@ -1902,10 +1965,6 @@
}
putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
- putHtml('Asterisk SIP-TLS Server Certificate:');
- putHtml('<input type="submit" value="SIP-TLS Certificate" name="submit_sip_tls" class="button" /></td></tr>');
-
- putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
putHtml('XMPP Server, Messaging and Presence:');
putHtml('<input type="submit" value="Configure XMPP" name="submit_xmpp" class="button" /></td></tr>');
@@ -2068,15 +2127,8 @@
putHtml('</td></tr>');
$value = getVARdef($db, 'HTTPSCERT', $cur_db);
- if (is_opensslHERE()) {
- putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="4">');
- putHtml('HTTPS Certificate File:<input type="text" size="36" maxlength="64" value="'.$value.'" name="https_cert" /></td>');
- putHtml('<td style="text-align: left;" colspan="2">');
- putHtml('<input type="checkbox" value="create_cert" name="create_cert" /> Create New HTTPS Certificate');
- } else {
- putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
- putHtml('HTTPS Certificate File:<input type="text" size="36" maxlength="64" value="'.$value.'" name="https_cert" />');
- }
+ putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
+ putHtml('HTTPS Certificate File:<input type="text" size="36" maxlength="64" value="'.$value.'" name="https_cert" />');
putHtml('</td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
Modified: branches/1.0/package/webinterface/altweb/admin/siptlscert.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/siptlscert.php 2017-07-12 16:54:49 UTC (rev 8436)
+++ branches/1.0/package/webinterface/altweb/admin/siptlscert.php 2017-07-13 20:34:42 UTC (rev 8437)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2008-2012 Lonnie Abelbeck
+// Copyright (C) 2008-2017 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -9,6 +9,7 @@
// siptlscert.php for AstLinux
// 11-12-2012
// 12-14-2015, Added Signature Algorithm support
+// 07-12-2017, Added ACME warning
//
// System location of /mnt/kd/rc.conf.d directory
$SIPTLSCERTCONFDIR = '/mnt/kd/rc.conf.d';
@@ -271,7 +272,7 @@
<form id="iform" method="post" action="<?php echo $myself;?>">
<table width="100%" class="stdtable">
<tr><td style="text-align: center;" colspan="2">
- <h2>Asterisk SIP-TLS Server Certificate:</h2>
+ <h2>Self-Signed SIP-TLS Server Certificate:</h2>
</td></tr><tr><td width="240" style="text-align: center;">
<input type="submit" class="formbtn" value="Save Settings" name="submit_save" />
</td><td class="dialogText" style="text-align: center;">
@@ -280,6 +281,14 @@
<table class="stdtable">
<tr class="dtrow0"><td width="140"> </td><td width="50"> </td><td width="100"> </td><td> </td><td width="100"> </td><td width="80"> </td></tr>
<?php
+if (is_dir('/mnt/kd/acme')) {
+ putHtml('<tr class="dtrow0"><td class="dialogText" style="text-align: left;" colspan="6">');
+ putHtml('<strong>ACME (Let\'s Encrypt) Certificate Exists!</strong>');
+ putHtml('</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="color: red; text-align: center;" colspan="6">');
+ putHtml('Warning: "Create New" may overwrite deployed ACME credentials.</td></tr>');
+}
if ($openssl !== FALSE) {
putHtml('<tr class="dtrow0"><td class="dialogText" style="text-align: left;" colspan="6">');
putHtml('<strong>Server Certificate and Key:</strong>');
Modified: branches/1.0/package/webinterface/altweb/admin/slapd.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/slapd.php 2017-07-12 16:54:49 UTC (rev 8436)
+++ branches/1.0/package/webinterface/altweb/admin/slapd.php 2017-07-13 20:34:42 UTC (rev 8437)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2013 Lonnie Abelbeck
+// Copyright (C) 2013-2017 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -120,7 +120,7 @@
} else {
$result = 2;
}
- } elseif (isset($_POST['submit_sip_tls'])) {
+ } elseif (isset($_POST['submit_self_signed_sip_tls'])) {
$result = saveSLAPDsettings($SLAPDCONFDIR, $SLAPDCONFFILE);
header('Location: /admin/siptlscert.php');
exit;
@@ -186,15 +186,19 @@
<table class="stdtable">
<tr class="dtrow0"><td width="60"> </td><td width="100"> </td><td width="50"> </td><td> </td><td> </td><td width="60"> </td></tr>
<?php
-if (! is_file('/mnt/kd/ssl/sip-tls/keys/server.crt') || ! is_file('/mnt/kd/ssl/sip-tls/keys/server.key')) {
+if ((! is_file('/mnt/kd/ssl/sip-tls/keys/server.crt') || ! is_file('/mnt/kd/ssl/sip-tls/keys/server.key')) &&
+ (! is_file('/mnt/kd/ldap/certs/server.crt') || ! is_file('/mnt/kd/ldap/certs/server.key'))) {
putHtml('<tr class="dtrow0"><td class="dialogText" style="text-align: left;" colspan="6">');
- putHtml('<strong>Missing SIP-TLS Server Certificate:</strong> <i>(Shared with LDAP Server)</i>');
+ putHtml('<strong>Missing Server Certificate!</strong>');
putHtml('</td></tr>');
+ putHtml('<tr class="dtrow1"><td style="text-align: center;" colspan="6">');
+ putHtml('How to Issue an ACME (Let\'s Encrypt) Certificate:'.includeTOPICinfo('ACME-Certificate'));
+ putHtml('</td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: right;" colspan="2">');
- putHtml('Create SIP-TLS<br />Server Certificate:');
+ putHtml('Non-ACME SIP-TLS<br />Server Certificate:');
putHtml('</td><td style="text-align: left;" colspan="4">');
- putHtml('<input type="submit" value="SIP-TLS Certificate" name="submit_sip_tls" class="button" />');
+ putHtml('<input type="submit" value="Self-Signed SIP-TLS Cert" name="submit_self_signed_sip_tls" class="button" />');
putHtml('</td></tr>');
}
Modified: branches/1.0/package/webinterface/altweb/admin/xmpp.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/xmpp.php 2017-07-12 16:54:49 UTC (rev 8436)
+++ branches/1.0/package/webinterface/altweb/admin/xmpp.php 2017-07-13 20:34:42 UTC (rev 8437)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2013-2016 Lonnie Abelbeck
+// Copyright (C) 2013-2017 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -294,7 +294,7 @@
if (reloadModule('groups') === TRUE) {
$result = 16;
}
- } elseif (isset($_POST['submit_sip_tls'])) {
+ } elseif (isset($_POST['submit_self_signed_sip_tls'])) {
$result = saveXMPPsettings($XMPPCONFDIR, $XMPPCONFFILE);
header('Location: /admin/siptlscert.php');
exit;
@@ -373,15 +373,19 @@
putHtml('<tr class="dtrow0"><td width="180"> </td><td> </td></tr>');
if ($global_admin) {
-if (! is_file('/mnt/kd/ssl/sip-tls/keys/server.crt') || ! is_file('/mnt/kd/ssl/sip-tls/keys/server.key')) {
+if ((! is_file('/mnt/kd/ssl/sip-tls/keys/server.crt') || ! is_file('/mnt/kd/ssl/sip-tls/keys/server.key')) &&
+ (! is_file('/mnt/kd/prosody/certs/server.crt') || ! is_file('/mnt/kd/prosody/certs/server.key'))) {
putHtml('<tr class="dtrow0"><td class="dialogText" style="text-align: left;" colspan="2">');
- putHtml('<strong>Missing SIP-TLS Server Certificate:</strong> <i>(Shared with XMPP)</i>');
+ putHtml('<strong>Missing Server Certificate!</strong>');
putHtml('</td></tr>');
+ putHtml('<tr class="dtrow1"><td style="text-align: center;" colspan="2">');
+ putHtml('How to Issue an ACME (Let\'s Encrypt) Certificate:'.includeTOPICinfo('ACME-Certificate'));
+ putHtml('</td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: right;">');
- putHtml('Create SIP-TLS<br />Server Certificate:');
+ putHtml('Non-ACME SIP-TLS<br />Server Certificate:');
putHtml('</td><td style="text-align: left;">');
- putHtml('<input type="submit" value="SIP-TLS Certificate" name="submit_sip_tls" class="button" />');
+ putHtml('<input type="submit" value="Self-Signed SIP-TLS Cert" name="submit_self_signed_sip_tls" class="button" />');
putHtml('</td></tr>');
}
putHtml('<tr class="dtrow0"><td class="dialogText" style="text-align: left;" colspan="2">');
Modified: branches/1.0/package/webinterface/altweb/common/topics.info
===================================================================
--- branches/1.0/package/webinterface/altweb/common/topics.info 2017-07-12 16:54:49 UTC (rev 8436)
+++ branches/1.0/package/webinterface/altweb/common/topics.info 2017-07-13 20:34:42 UTC (rev 8437)
@@ -448,3 +448,150 @@
Options:
hex_revision_num revert given FILE back to given REVISION
+[[ACME-Certificate]]
+
+---------------------------------
+ACME (Let's Encrypt) Certificates
+---------------------------------
+AstLinux uses the "acme-client" command as a front-end to the core acme.sh script provided by the https://github.com/Neilpang/acme.sh project.
+
+The acme-client command limits issued certificates to only use DNS challenge validation, as such you need a supported DNS provider, of which there are well over 20 as of this writing.
+
+The Command Line Interface (CLI) must be used to initially issue and deploy ACME certificates.
+
+
+------------------
+ACME Configuration
+------------------
+Use the web interface "Network tab -> ACME (Let's Encrypt) Certificate:" section to define which services will be deployed ACME certificates.
+
+The "ACME Account Email Address" registration email address is used for expiry notifications, while optional it seems like a good idea to specify.
+
+In order to apply web interface settings changes, use the CLI command:
+
+CLI> gen-rc-conf
+
+
+--------------------
+Issuing Certificates
+--------------------
+This example on host pbx4 uses the acme-client command, the core acme.sh version can be obtained by issuing:
+
+CLI> acme-client --version
+https://github.com/Neilpang/acme.sh
+v2.7.2
+
+Only DNS challenge validation is supported within AstLinux, as such you need a supported DNS provider, in this example we are using Cloudflare. We need to export the CF_Key and CF_Email variables, adjust to match your credentials ...
+
+CLI> export CF_Key="sdfdxxxxxxxosdfgje"
+CLI> export CF_Email="em...@ex..."
+
+Other DNS providers require different exported variables, see the acme.sh documentation for the details.
+
+Now for the fundamental CLI command, where we issue a new certificate for the single domain "pbx4.example.org" ...
+
+CLI> acme-client --issue --dns dns_cf -d pbx4.example.org
+[Sat Jul 1 10:08:04 CDT 2017] Registering account
+[Sat Jul 1 10:08:06 CDT 2017] Registered
+[Sat Jul 1 10:08:06 CDT 2017] Update success.
+[Sat Jul 1 10:08:06 CDT 2017] ACCOUNT_THUMBPRINT='...'
+[Sat Jul 1 10:08:06 CDT 2017] Creating domain key
+[Sat Jul 1 10:08:07 CDT 2017] The domain key is here: /mnt/kd/acme/pbx4.example.org/pbx4.example.org.key
+[Sat Jul 1 10:08:07 CDT 2017] Single domain='pbx4.example.org'
+[Sat Jul 1 10:08:07 CDT 2017] Getting domain auth token for each domain
+[Sat Jul 1 10:08:07 CDT 2017] Getting webroot for domain='pbx4.example.org'
+[Sat Jul 1 10:08:07 CDT 2017] Getting new-authz for domain='pbx4.example.org'
+[Sat Jul 1 10:08:07 CDT 2017] The new-authz request is ok.
+[Sat Jul 1 10:08:08 CDT 2017] Found domain api file: /stat/etc/acme/dnsapi/dns_cf.sh
+[Sat Jul 1 10:08:09 CDT 2017] Adding record
+[Sat Jul 1 10:08:09 CDT 2017] Added, OK
+[Sat Jul 1 10:08:09 CDT 2017] Sleep 120 seconds for the txt records to take effect
+
+[Sat Jul 1 10:10:11 CDT 2017] Verifying:pbx4.example.org
+[Sat Jul 1 10:10:14 CDT 2017] Success
+[Sat Jul 1 10:10:16 CDT 2017] Verify finished, start to sign.
+[Sat Jul 1 10:10:16 CDT 2017] Cert success.
+-----BEGIN CERTIFICATE-----
+... snip ...
+-----END CERTIFICATE-----
+[Sat Jul 1 10:10:16 CDT 2017] Your cert is in /mnt/kd/acme/pbx4.example.org/pbx4.example.org.cer
+[Sat Jul 1 10:10:16 CDT 2017] Your cert key is in /mnt/kd/acme/pbx4.example.org/pbx4.example.org.key
+[Sat Jul 1 10:10:17 CDT 2017] The intermediate CA cert is in /mnt/kd/acme/pbx4.example.org/ca.cer
+[Sat Jul 1 10:10:17 CDT 2017] And the full chain certs is there: /mnt/kd/acme/pbx4.example.org/fullchain.cer
+
+After the certificates are issued, they need to be deployed to the various services that can utilize them.
+In this example only "HTTPS Server" is checked after "ACME Deploy Service:" in the web interface.
+
+CLI> acme-client --deploy --deploy-hook astlinux -d pbx4.example.org
+Stopping lighttpd...
+Starting lighttpd...
+acme-client: New ACME certificates deployed for HTTPS and 'lighttpd' restarted
+[Sat Jul 1 10:14:10 CDT 2017] Success
+
+While not required, it is a good idea to unset the exported variables above that contain the DNS challenge validation credentials.
+
+CLI> unset CF_Key
+CLI> unset CF_Email
+
+NOTE: The DNS challenge validation credentials remain stored in the /mnt/kd/acme/account.conf file so auto-renewals can be performed via cron.
+
+
+--------------------------
+Auto-Renewing Certificates
+--------------------------
+Let's Encrypt certificates are only valid for 90 days, renewable after 60 days from the issue date. As such it is important to automate the process of renewing the certificate, this can be done by installing a cron entry using the command:
+
+CLI> acme-client --install-cronjob
+acme-client: Successfully added cron entry.
+
+
+----------------------------
+Multiple Domain Certificates
+----------------------------
+In the example above only one domain pbx4.example.org was specified. Let's Encrypt allows multiple domains to be specified with valid "Subject Alternative Name" entries in a single certificate. This assumes the DNS A and/or AAAA and/or SRV record of each domain points to the server with the issued certificate.
+
+As an additional example let's say both example.org and subdomain pbx4.example.org are valid DNS entries you want to include in the "Subject Alternative Name" of the issued certificate.
+
+Proceed as above, but simply include -d example.org when issuing the certificate, (specify the more general domain first) ...
+
+CLI> acme-client --issue --dns dns_cf -d example.org -d pbx4.example.org
+
+Likewise, when deploying the certificate, though you only need to specify the first -d example.org domain ...
+
+CLI> acme-client --deploy --deploy-hook astlinux -d example.org
+
+
+-----------------------
+Additional CLI Commands
+-----------------------
+Some additional commands that may be useful to know ...
+
+List the issued certificate(s):
+
+CLI> acme-client --list
+
+Revoke an issued certificate by domain:
+
+CLI> acme-client --revoke -d pbx4.example.org
+
+Remove a certificate by domain:
+
+CLI> acme-client --remove -d pbx4.example.org
+
+
+----------------
+Advanced Options
+----------------
+For advanced users there may be situations where it would be useful to add special options for every occurrence of the acme-client command. Increasing the log-level and defining a log file would be one such example.
+
+The /mnt/kd/acme/account.opts file does not exist by default, and needs to be manually created to enable this feature.
+
+Example /mnt/kd/acme/account.opts file with persistent options added by acme-client to the acme.sh script:
+-- /mnt/kd/acme/account.opts --
+## acme.sh options
+
+log-level 3
+log /var/log/acme-client.log
+--
+
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2017-07-16 13:24:31
|
Revision: 8445
http://sourceforge.net/p/astlinux/code/8445
Author: abelbeck
Date: 2017-07-16 13:24:29 +0000 (Sun, 16 Jul 2017)
Log Message:
-----------
web interface, Status tab, add optional 'ACME Certificates' section, show via Prefs tab
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/prefs.php
branches/1.0/package/webinterface/altweb/common/status.inc
Modified: branches/1.0/package/webinterface/altweb/admin/prefs.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/prefs.php 2017-07-15 16:51:17 UTC (rev 8444)
+++ branches/1.0/package/webinterface/altweb/admin/prefs.php 2017-07-16 13:24:29 UTC (rev 8445)
@@ -21,6 +21,7 @@
// 12-16-2014, Added Show Monit Tab
// 08-12-2015, Added Show Fossil Tab
// 02-16-2017, Added Disable CLI Tab for "staff" user
+// 07-16-2017, Added Show ACME Certificates
//
$myself = $_SERVER['PHP_SELF'];
@@ -57,6 +58,10 @@
$value = 'status_show_wan_failover = no';
fwrite($fp, $value."\n");
}
+ if (isset($_POST['acme_certificates'])) {
+ $value = 'status_show_acme_certificates = yes';
+ fwrite($fp, $value."\n");
+ }
if (! isset($_POST['ntp_sessions'])) {
$value = 'status_ntp_sessions = no';
fwrite($fp, $value."\n");
@@ -592,6 +597,10 @@
putHtml('<input type="checkbox" value="wan_failover" name="wan_failover"'.$sel.' /></td><td colspan="5">Show WAN Failover Status</td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: right;">');
+ $sel = (getPREFdef($global_prefs, 'status_show_acme_certificates') === 'yes') ? ' checked="checked"' : '';
+ putHtml('<input type="checkbox" value="acme_certificates" name="acme_certificates"'.$sel.' /></td><td colspan="5">Show ACME Certificates</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: right;">');
$sel = (getPREFdef($global_prefs, 'status_ntp_sessions') !== 'no') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="ntp_sessions" name="ntp_sessions"'.$sel.' /></td><td colspan="5">Show NTP Time Sources</td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: right;">');
Modified: branches/1.0/package/webinterface/altweb/common/status.inc
===================================================================
--- branches/1.0/package/webinterface/altweb/common/status.inc 2017-07-15 16:51:17 UTC (rev 8444)
+++ branches/1.0/package/webinterface/altweb/common/status.inc 2017-07-16 13:24:29 UTC (rev 8445)
@@ -38,6 +38,7 @@
// 10-14-2016, Added Check for default admin password
// 12-01-2016, Added chronyc to replace ntpq
// 05-15-2017, Added IPv6 Prefixes/Address
+// 07-16-2017, Added ACME Certificates
//
// System location of OpenVPN Client logfile
$OVPNCLOGFILE = '/var/log/openvpnclient-status.log';
@@ -767,6 +768,21 @@
}
}
+if (is_dir('/mnt/kd/acme')) {
+ if (getPREFdef($global_prefs, 'status_show_acme_certificates') === 'yes') {
+ putHtml("<h2>ACME Certificates:</h2>");
+ putHtml("<pre>");
+
+ $output = array();
+ @exec('/usr/sbin/acme-client --list', $output);
+ foreach ($output as $line) {
+ putText(rtrim($line));
+ }
+ unset($output);
+ putHtml("</pre>");
+ }
+}
+
if ($daemon['chronyd'] > 0) {
if (getPREFdef($global_prefs, 'status_ntp_sessions') !== 'no') {
putHtml("<h2>NTP Time Sources:</h2>");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2017-08-12 20:42:12
|
Revision: 8480
http://sourceforge.net/p/astlinux/code/8480
Author: abelbeck
Date: 2017-08-12 20:42:09 +0000 (Sat, 12 Aug 2017)
Log Message:
-----------
web interface, Network tab, add DuckDNS Dynamic DNS menu item
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/network.php
branches/1.0/package/webinterface/altweb/common/version.php
Modified: branches/1.0/package/webinterface/altweb/admin/network.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/network.php 2017-08-12 18:11:32 UTC (rev 8479)
+++ branches/1.0/package/webinterface/altweb/admin/network.php 2017-08-12 20:42:09 UTC (rev 8480)
@@ -95,6 +95,7 @@
'DNS-O-Matic' => 'de...@dn...',
'DNS Park' => 'dnspark',
'DtDNS' => 'dtdns',
+ 'DuckDNS' => 'duckdns',
'DynDNS' => 'dy...@dy...',
'DynDNS [custom]' => 'cu...@dy...',
'DynDNS [static]' => 'st...@dy...',
Modified: branches/1.0/package/webinterface/altweb/common/version.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/version.php 2017-08-12 18:11:32 UTC (rev 8479)
+++ branches/1.0/package/webinterface/altweb/common/version.php 2017-08-12 20:42:09 UTC (rev 8480)
@@ -1,6 +1,6 @@
<?php
// version.php for AstLinux Alternate Web Interface
-$GUI_VERSION = '1.8.41';
+$GUI_VERSION = '1.8.42';
?>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X