File Manager

X7ROOT File Manager

Current Path: /usr/libexec/webmin/ipsec

📁 ..
📄 CHANGELOG(239 B)
📄 backup_config.pl(694 B)
📄 bootup.cgi(381 B)
📄 config(241 B)
📄 config-AlmaLinux-7.0-ALL(235 B)
📄 config-Amazon-Linux-2-ALL(235 B)
📄 config-CentOS-Linux-7.0-ALL(235 B)
📄 config-CentOS-Stream-Linux-8.0-ALL(235 B)
📄 config-Oracle-Linux-8.0-ALL(235 B)
📄 config-Redhat-Enterprise-Linux-7.0-ALL(235 B)
📄 config-Rocky-Linux-7.0-ALL(235 B)
📄 config-Scientific-Linux-7.0-ALL(235 B)
📄 config-coherent-linux(256 B)
📄 config-debian-linux(235 B)
📄 config-mandrake-linux(250 B)
📄 config-openmamba-linux(250 B)
📄 config-redhat-linux(256 B)
📄 config-suse-linux-8.2-ALL(235 B)
📄 config-syno-linux(241 B)
📄 config-trustix-linux(235 B)
📄 config.info(342 B)
📄 config.info.ca(381 B)
📄 config.info.de(386 B)
📄 config.info.es(401 B)
📄 config.info.fr(371 B)
📄 config.info.nl(388 B)
📄 config.info.no(357 B)
📄 edit.cgi(8.25 KB)
📄 edit_config.cgi(3.6 KB)
📄 edit_policy.cgi(1.3 KB)
📄 edit_secret.cgi(2.1 KB)
📄 export.cgi(934 B)
📄 export_form.cgi(776 B)
📁 help
📁 images
📄 import.cgi(1.61 KB)
📄 import_form.cgi(776 B)
📄 index.cgi(5.21 KB)
📄 install_check.pl(450 B)
📄 ipsec-lib.pl(10.33 KB)
📁 lang
📄 list_secrets.cgi(1.08 KB)
📄 log_parser.pl(820 B)
📄 module.info(184 B)
📄 module.info.af(0 B)
📄 module.info.af.auto(130 B)
📄 module.info.ar(0 B)
📄 module.info.ar.auto(179 B)
📄 module.info.be(0 B)
📄 module.info.be.auto(160 B)
📄 module.info.bg(0 B)
📄 module.info.bg.auto(169 B)
📄 module.info.ca(122 B)
📄 module.info.ca.auto(14 B)
📄 module.info.cs(29 B)
📄 module.info.cs.auto(79 B)
📄 module.info.da(0 B)
📄 module.info.da.auto(133 B)
📄 module.info.de(115 B)
📄 module.info.de.auto(14 B)
📄 module.info.el(0 B)
📄 module.info.el.auto(221 B)
📄 module.info.es(36 B)
📄 module.info.es.auto(91 B)
📄 module.info.eu(0 B)
📄 module.info.eu.auto(136 B)
📄 module.info.fa(0 B)
📄 module.info.fa.auto(181 B)
📄 module.info.fi(0 B)
📄 module.info.fi.auto(122 B)
📄 module.info.fr(0 B)
📄 module.info.fr.auto(134 B)
📄 module.info.he(0 B)
📄 module.info.he.auto(129 B)
📄 module.info.hr(0 B)
📄 module.info.hr.auto(131 B)
📄 module.info.hu(0 B)
📄 module.info.hu.auto(148 B)
📄 module.info.it(0 B)
📄 module.info.it.auto(133 B)
📄 module.info.ja(0 B)
📄 module.info.ja.auto(164 B)
📄 module.info.ko(0 B)
📄 module.info.ko.auto(149 B)
📄 module.info.lt(0 B)
📄 module.info.lt.auto(146 B)
📄 module.info.lv(0 B)
📄 module.info.lv.auto(121 B)
📄 module.info.ms(122 B)
📄 module.info.ms.auto(14 B)
📄 module.info.mt(0 B)
📄 module.info.mt.auto(127 B)
📄 module.info.nl(31 B)
📄 module.info.nl.auto(88 B)
📄 module.info.no(32 B)
📄 module.info.no.auto(100 B)
📄 module.info.pl(0 B)
📄 module.info.pl.auto(123 B)
📄 module.info.pt(0 B)
📄 module.info.pt.auto(133 B)
📄 module.info.pt_BR(0 B)
📄 module.info.pt_BR.auto(142 B)
📄 module.info.ro(0 B)
📄 module.info.ro.auto(133 B)
📄 module.info.ru(0 B)
📄 module.info.ru.auto(180 B)
📄 module.info.sk(0 B)
📄 module.info.sk.auto(112 B)
📄 module.info.sl(0 B)
📄 module.info.sl.auto(126 B)
📄 module.info.sv(0 B)
📄 module.info.sv.auto(124 B)
📄 module.info.th(0 B)
📄 module.info.th.auto(225 B)
📄 module.info.tr(0 B)
📄 module.info.tr.auto(134 B)
📄 module.info.uk(0 B)
📄 module.info.uk.auto(178 B)
📄 module.info.ur(0 B)
📄 module.info.ur.auto(220 B)
📄 module.info.vi(0 B)
📄 module.info.vi.auto(131 B)
📄 module.info.zh(0 B)
📄 module.info.zh.auto(114 B)
📄 module.info.zh_TW(0 B)
📄 module.info.zh_TW.auto(123 B)
📄 newkey.cgi(388 B)
📄 restart.cgi(210 B)
📄 save.cgi(4.8 KB)
📄 save_config.cgi(1.8 KB)
📄 save_policy.cgi(717 B)
📄 save_secret.cgi(1.53 KB)
📄 showkey.cgi(861 B)
📄 start.cgi(281 B)
📄 stop.cgi(243 B)
📄 up.cgi(783 B)

Editing: ipsec-lib.pl

# ipsec-lib.pl
# Common functions for managing the freeswan config file
# XXX check for new errors in log after applying
# XXX option to download connection as .conf file, and upload an existing
#     .conf file for addition

BEGIN { push(@INC, ".."); };
use WebminCore;
&init_config();

# get_config([file])
# Returns an array of configured connections
sub get_config
{
local $file = $_[0] || $config{'file'};
local (@rv, $sect);
local $lnum = 0;
local $fh = "CONF".$get_config_fh++;
open($fh, "<".$file);
while(<$fh>) {
	s/\r|\n//g;
	s/#.*$//;
	if (/^\s*([^= ]+)\s*=\s*"([^"]*)"/ ||
	    /^\s*([^= ]+)\s*=\s*'([^"]*)'/ ||
	    /^\s*([^= ]+)\s*=\s*(\S+)/) {
		# Directive within a section
		if ($sect) {
			if ($sect->{'values'}->{lc($1)}) {
				$sect->{'values'}->{lc($1)} .= "\0".$2;
				}
			else {
				$sect->{'values'}->{lc($1)} = $2;
				}
			$sect->{'eline'} = $lnum;
			}
		}
	elsif (/^\s*include\s+(\S+)/) {
		# Including possibly multiple files
		local $inc = $1;
		if ($inc !~ /^\//) {
			$file =~ /^(.*)\//;
			$inc = "$1/$inc";
			}
		local $g;
		foreach $g (glob($inc)) {
			local @inc = &get_config($g);
			map { $_->{'index'} += scalar(@rv) } @inc;
			push(@rv, @inc);
			}
		}
	elsif (/^\s*(\S+)\s+(\S+)/) {
		# Start of a section
		$sect = { 'name' => $1,
			  'value' => $2,
			  'line' => $lnum,
			  'eline' => $lnum,
			  'file' => $file,
			  'index' => scalar(@rv),
			  'values' => { } };
		push(@rv, $sect);
		}
	$lnum++;
	}
close($fh);
return @rv;
}

# create_conn(&conn)
# Add a new connection to the config file
sub create_conn
{
local $lref = &read_file_lines($_[0]->{'file'} || $config{'file'});
push(@$lref, "", &conn_lines($_[0]));
&flush_file_lines();
}

# modify_conn(&conn)
sub modify_conn
{
local $lref = &read_file_lines($_[0]->{'file'});
splice(@$lref, $_[0]->{'line'}, $_[0]->{'eline'} - $_[0]->{'line'} + 1,
       &conn_lines($_[0]));
&flush_file_lines();
}

# delete_conn(&conn)
sub delete_conn
{
local $lref = &read_file_lines($_[0]->{'file'});
splice(@$lref, $_[0]->{'line'}, $_[0]->{'eline'} - $_[0]->{'line'} + 1);
&flush_file_lines();
}

# swap_conns(&conn1, &conn2)
# Swaps two connections in the config file
sub swap_conns
{
local ($first, $second) = @_;
if ($first->{'line'} > $second->{'line'}) {
	($first, $second) = ($second, $first);
	}
local $lref1 = &read_file_lines($first->{'file'});
local $lref2 = &read_file_lines($second->{'file'});
splice(@$lref2, $second->{'line'}, $second->{'eline'} - $second->{'line'} + 1,
       @$lref1[$first->{'line'} .. $first->{'eline'}]);
splice(@$lref2, $first->{'line'}, $first->{'eline'} - $first->{'line'} + 1,
       @$lref1[$second->{'line'} .. $second->{'eline'}]);
&flush_file_lines();
}

# conn_lines(&conn)
sub conn_lines
{
local @rv;
push(@rv, $_[0]->{'name'}." ".$_[0]->{'value'});
foreach $o (sort { $a cmp $b } keys %{$_[0]->{'values'}}) {
	local $v = $_[0]->{'values'}->{$o};
	local $vv;
	foreach $vv (split(/\0/, $v)) {
		if ($vv =~ /\s|=/) {
			push(@rv, "\t".$o."=\"".$vv."\"");
			}
		else {
			push(@rv, "\t".$o."=".$vv);
			}
		}
	}
return @rv;
}

# is_ipsec_running()
sub is_ipsec_running
{
local $out = `$config{'ipsec'} auto --status 2>&1`;
return $? || $out =~ /not running/i ? 0 : 1;
}

# get_public_key()
# Returns this system's public key
sub get_public_key
{
local $out = `$config{'ipsec'} showhostkey --file '$config{'secrets'}' --left 2>&1`;
if ($out =~ /leftrsasigkey=(\S+)/) {
	return $1;
	}
return undef;
}

# get_public_key_dns()
# Returns the flags, protocol, algorithm and key data for the public key,
# suitable for creating a DNS KEY record
sub get_public_key_dns
{
local $out = `$config{'ipsec'} showhostkey --file '$config{'secrets'}' 2>&1`;
if ($out =~ /KEY\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)/) {
	return ($1, $2, $3, $4);
	}
else {
	# Try with new --key argument
	$out = `$config{'ipsec'} showhostkey --key --file '$config{'secrets'}' 2>&1`;
	if ($out =~ /KEY\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)/) {
		return ($1, $2, $3, $4);
		}
	}
return ();
}

# list_policies()
# Returns a list of all policy files
sub list_policies
{
local ($f, @rv);
opendir(DIR, $config{'policies_dir'});
while($f = readdir(DIR)) {
	push(@rv, $f) if ($f !~ /^\./ && $f !~ /\.rpmsave$/);
	}
closedir(DIR);
return @rv;
}

# read_policy(name)
sub read_policy
{
local @rv;
open(FILE, "<$config{'policies_dir'}/$_[0]");
while(<FILE>) {
	push(@rv, "$1/$2") if (/^\s*([0-9\.]+)\/(\d+)/);
	}
close(FILE);
return @rv;
}

# write_policy(name, &nets)
sub write_policy
{
local $lref = &read_file_lines("$config{'policies_dir'}/$_[0]");
local $l = 0;
foreach $p (@{$_[1]}) {
	while($l < @$lref && $lref->[$l] !~ /^\s*([0-9\.]+)\/(\d+)/) {
		$l++;
		}
	if ($l < @$lref) {
		# Found line to replace
		$lref->[$l] = $p;
		}
	else {
		# Add at end
		push(@$lref, $p);
		}
	$l++;
	}
while($l < @$lref) {
	if ($lref->[$l] =~ /^\s*([0-9\.]+)\/(\d+)/) {
		splice(@$lref, $l, 1);
		}
	else { $l++; }
	}
&flush_file_lines();
}

# wrap_lines(text, width)
# Given a multi-line string, return an array of lines wrapped to
# the given width
sub wrap_lines
{
local $rest = $_[0];
local @rv;
while(length($rest) > $_[1]) {
	push(@rv, substr($rest, 0, $_[1]));
	$rest = substr($rest, $_[1]);
	}
push(@rv, $rest) if ($rest ne '');
return @rv;
}

# before_start()
# Work out which log file IPsec messages go to, and record the size
sub before_start
{
@ipsec_logfiles = ( $config{'logfile'} );
if (&foreign_check("syslog")) {
	# Find all syslog logfiles
	&foreign_require("syslog", "syslog-lib.pl");
	local $conf = &syslog::get_config();
	foreach $c (@$conf) {
		push(@ipsec_logfiles, $c->{'file'}) if ($c->{'file'} &&
							-f $c->{'file'});
		}
	}
@ipsec_logfiles = &unique(@ipsec_logfiles);
@ipsec_logfile_sizes = map { local @st = stat($_); $st[7] } @ipsec_logfiles;
}

# after_start()
# Check any new IPsec-related messages in the log for errors
sub after_start
{
# Give the server a chance to start
sleep(5);

# Look for new error messages
local $i;
for($i=0; $i<@ipsec_logfiles; $i++) {
	open(LOG, "<".$ipsec_logfiles[$i]) || next;
	seek(LOG, $ipsec_logfile_sizes[$i], 0);
	while(<LOG>) {
		s/\r|\n//g;
		if (/ipsec/i && /error/i) {
			s/^(\S+)\s+(\d+)\s+(\d+:\d+:\d+)\s+(\S+)\s+//;
			push(@errs, $_);
			}
		}
	close(LOG);
	}

# Fail if there were any
if (@errs) {
	&error(&text('start_elog', "<p><tt>".join("<br>", @errs)."</tt><br>"));
	}
}

# get_ipsec_version(&out)
sub get_ipsec_version
{
local $out = `$config{'ipsec'} --version 2>&1`;
${$_[0]} = $out;
return $out =~ /(FreeS\/WAN|Openswan|StrongSWAN|Libreswan)\s+([^ \n\(]+)/i ? ($2,$1) : (undef);
}

# got_secret()
# Returns 1 if a valid secret key file exists, 0 if not
sub got_secret
{
local $gotkey;
open(SEC, "<".$config{'secrets'}) || return 0;
while(<SEC>) {
	s/\r|\n//g;
	s/#.*$//;
	if (/Modulus:\s*(\S+)/) {
		$gotkey = 1;
		}
	}
close(SEC);
return $gotkey;
}

# expand_conf(&config)
sub expand_conf
{
my $conf = shift;
for my $n (0..scalar(@$conf)-1) {
	$conn = @$conf[$n];
	foreach my $key (keys(%{$conn->{'values'}})) {
		$expanded{$conn->{'value'}}->{$key} = $conn->{'values'}->{$key};
		}
	}
# now go through and expand alsos
foreach my $k (keys(%expanded)) {
	$conn = \%{$expanded{$k}};
	# XXX - only supporing a single level of redirection
	#     - this should be moved into a function that could be called
	#       recursively
	if ($$conn{'also'}) {
		foreach my $also (split(/\000/, $$conn{'also'})) {
			foreach my $i (keys(%{$expanded{$also}})) {
				$$conn{$i} = $expanded{$also}{$i};
				}
			}
		# there is only one also key
		next;
		}
	}
return %expanded;
}

# restart_ipsec()
# Apply the current configuration, and return an error message on failure or
# undef on success
sub restart_ipsec
{
local $cmd = $config{'restart_cmd'} ||
       "($config{'stop_cmd'} && $config{'start_cmd'})";
&before_start();
local $out = &backquote_logged("$cmd 2>&1");
if ($?) {
	return "<pre>$out</pre>";
	}
&after_start();
return undef;
}

# list_secrets()
# Returns a list of IPsec secret keys
sub list_secrets
{
if (!scalar(@list_secrets_cache)) {
	local (@lines);
	local $lnum = 0;
	open(SEC, "<".$config{'secrets'});
	while(<SEC>) {
		s/\r|\n//g;
		s/^\s*#.*$//;
		if (/^(\S.*)$/) {
			push(@lines, { 'value' => $1,
				       'line' => $lnum,
				       'eline' => $lnum });
			}
		elsif (/^\s+(.*)/ && @lines) {
			$lines[$#rv]->{'value'} .= "\n".$1;
			$lines[$#rv]->{'eline'} = $lnum;
			}
		$lnum++;
		}
	close(SEC);

# Turn joined lines into secrets
	local $l;
	foreach $l (@lines) {
		$l->{'value'} =~ /^([^:]*)\s*:\s+(\S+)\s+((.|\n)*)$/ || next;
		local $sec = { 'type' => $2,
			       'name' => $1,
			       'value' => $3,
			       'line' => $l->{'line'},
			       'eline' => $l->{'eline'},
			       'idx' => scalar(@list_secrets_cache),
			      };
		$sec->{'name'} =~ s/\n/ /g;
		$sec->{'name'} =~ s/\s+$//;
		push(@list_secrets_cache, $sec);
		}
	}
return @list_secrets_cache;
}

# delete_secret(&sec)
# Removes one secret from the file
sub delete_secret
{
local $lref = &read_file_lines($config{'secrets'});
local $lines = $_[0]->{'eline'} - $_[0]->{'line'} + 1;
splice(@$lref, $_[0]->{'line'}, $lines);
&flush_file_lines();
local $s;
splice(@list_secrets_cache, $_[0]->{'idx'}, 1);
foreach $s (@list_secrets_cache) {
	if ($s->{'line'} > $_[0]->{'line'}) {
		$s->{'line'} -= $lines;
		$s->{'eline'} -= $lines;
		}
	if ($s->{'idx'} > $_[0]->{'idx'}) {
		$s->{'idx'}--;
		}
	}
}

# create_secret(&sec)
# Add one secret to the file
sub create_secret
{
&list_secrets();	# force cache init
local $lref = &read_file_lines($config{'secrets'});
$_[0]->{'line'} = scalar(@$lref);
local @lines = &secret_lines($_[0]);
push(@$lref, @lines);
&flush_file_lines();
$_[0]->{'eline'} = scalar(@$lref)-1;
$_[0]->{'idx'} = scalar(@list_secrets_cache);
push(@list_secrets_cache, $_[0]);
}

# modify_secret(&sec)
# Update one secret in the file
sub modify_secret
{
local $lref = &read_file_lines($config{'secrets'});
local @newlines = &secret_lines($_[0]);
local $oldlines = $_[0]->{'eline'} - $_[0]->{'line'} + 1;
splice(@$lref, $_[0]->{'line'}, $oldlines, @newlines);
&flush_file_lines();
local $s;
foreach $s (@list_secrets_cache) {
	if ($s ne $_[0] && $s->{'line'} > $_[0]->{'line'}) {
		$s->{'line'} += @newlines - $oldlines;
		$s->{'eline'} += @newlines - $oldlines;
		}
	}
$_[0]->{'eline'} += @newlines - $oldlines;
}

sub secret_lines
{
local $str = $_[0]->{'name'} ? $_[0]->{'name'}." : " : ": ";
$str .= uc($_[0]->{'type'});
$str .= " ".$_[0]->{'value'};
return split(/\n/, $str);
}

@rsa_attribs = ( "Modulus", "PublicExponent", "PrivateExponent",
		 "Prime1", "Prime2", "Exponent1", "Exponent2", "Coefficient" );

X7ROOT File Manager

Editing: ipsec-lib.pl

Upload File

Create Folder