From 1ffc0580ca40a0655dd7a406bb358a2fe5663c12 Mon Sep 17 00:00:00 2001
From: Florian Fainelli <florian@openwrt.org>
Date: Tue, 11 Jul 2006 09:52:20 +0000
Subject: [PATCH] Update OpenVPN webif module and fix management feature in
 Makefile. Closes #625

SVN-Revision: 4126
---
 openwrt/package/openvpn/Config.in        |  2 +-
 openwrt/package/openvpn/Makefile         |  1 -
 openwrt/package/openvpn/files/S50openvpn |  8 ++++++-
 openwrt/package/openvpn/files/openvpn.sh | 27 ++++++++++++++++++------
 4 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/openwrt/package/openvpn/Config.in b/openwrt/package/openvpn/Config.in
index ac36847c85..4641101a62 100644
--- a/openwrt/package/openvpn/Config.in
+++ b/openwrt/package/openvpn/Config.in
@@ -50,7 +50,7 @@ config BR2_PACKAGE_OPENVPN_LZO
 config BR2_PACKAGE_OPENVPN_PASSWORD_SAVE
 	bool "Enable password saving"
 	default y
-	depends BR2_PACKAGE_OPENPVN
+	depends BR2_PACKAGE_OPENVPN
 
 config BR2_PACKAGE_OPENVPN_MANAGEMENT
 	bool "Enable PKCS12 management features"
diff --git a/openwrt/package/openvpn/Makefile b/openwrt/package/openvpn/Makefile
index cbd29228fc..4c7495d632 100644
--- a/openwrt/package/openvpn/Makefile
+++ b/openwrt/package/openvpn/Makefile
@@ -78,7 +78,6 @@ $(PKG_BUILD_DIR)/.configured: $(PKG_BUILD_DIR)/.prepared
 		  --disable-pthread \
 		  --disable-debug \
 		  --disable-plugins \
-		  --disable-management \
 		  --disable-socks \
 		  $(DISABLE_LZO) \
 		  $(DISABLE_OPENSSL) \
diff --git a/openwrt/package/openvpn/files/S50openvpn b/openwrt/package/openvpn/files/S50openvpn
index 06e29ce5a1..41547a1303 100755
--- a/openwrt/package/openvpn/files/S50openvpn
+++ b/openwrt/package/openvpn/files/S50openvpn
@@ -21,8 +21,14 @@ case "$1" in
 		}
 		case "$(nvram get openvpn_cli_auth)" in
 			cert)
-				AUTH_OPTION="--pkcs12"
+				AUTH_OPTION="--ns-cert-type server --pkcs12"
 				AUTH_FILE="/etc/openvpn/certificate.p12"
+				PKCS12PASS="$(nvram get openvpn_cli_pkcs12pass)"
+				[ "$PKCS12PASS" ] && {
+					echo -n "$PKCS12PASS" > /etc/openvpn/pkcs12pass.tmp
+					chmod 600 /etc/openvpn/pkcs12pass.tmp
+					AUTH_OPTION="--askpass /etc/openvpn/pkcs12pass.tmp $AUTH_OPTION"
+				}
 			;;
 			psk)
 				AUTH_OPTION="--secret"
diff --git a/openwrt/package/openvpn/files/openvpn.sh b/openwrt/package/openvpn/files/openvpn.sh
index d3bcb71a54..f528af6b5c 100644
--- a/openwrt/package/openvpn/files/openvpn.sh
+++ b/openwrt/package/openvpn/files/openvpn.sh
@@ -6,6 +6,9 @@
 . /usr/lib/webif/webif.sh
 load_settings "openvpn"
 
+openvpn_cli_pkcs12pass=${openvpn_cli_pkcs12pass:-$(nvram get openvpn_cli_pkcs12pass)}
+openvpn_cli_pkcs12pass=${openvpn_cli_pkcs12pass:+"-@@-"}
+
 if empty "$FORM_submit"; then
 	[ -f /etc/openvpn/certificate.p12 ] ||
 		NOCERT=1
@@ -21,14 +24,21 @@ if empty "$FORM_submit"; then
 	FORM_openvpn_cli_psk=${openvpn_cli_psk:-$(nvram get openvpn_cli_psk)}
 else
 	[ -d /etc/openvpn ] || mkdir /etc/openvpn
-	[ -f "$FORM_openvpn_pkcs12file" ] && {
-		cp "$FORM_openvpn_pkcs12file" /etc/openvpn/certificate.p12 &&
+	[ -f "$FORM_openvpn_cli_pkcs12file" ] && {
+		cp "$FORM_openvpn_cli_pkcs12file" /etc/openvpn/certificate.p12 &&
 			UPLOAD_CERT=1
 	}
-	[ -f "$FORM_openvpn_pskfile" ] && {
-		cp "$FORM_openvpn_pskfile" /etc/openvpn/shared.key &&
+	[ -f "$FORM_openvpn_cli_pskfile" ] && {
+		cp "$FORM_openvpn_cli_pskfile" /etc/openvpn/shared.key &&
 			UPLOAD_PSK=1
 	}
+	[ "$FORM_openvpn_cli_pkcs12pass" != "-@@-" ] && {
+		[ "$FORM_openvpn_cli_pkcs12pass" != "$openvpn_cli_pkcs12pass" ] && {
+			save_setting openvpn openvpn_cli_pkcs12pass $FORM_openvpn_cli_pkcs12pass
+			openvpn_cli_pkcs12pass=${FORM_openvpn_cli_pkcs12pass:+"-@@-"}
+		}
+	}
+
 	save_setting openvpn openvpn_cli $FORM_openvpn_cli
 	save_setting openvpn openvpn_cli_server $FORM_openvpn_cli_server
 	save_setting openvpn openvpn_cli_proto $FORM_openvpn_cli_proto
@@ -57,6 +67,7 @@ function modechange()
 	v = isset('openvpn_cli_auth', 'cert');
 	set_visible('certificate_status', v);
 	set_visible('certificate', v);
+	set_visible('pkcs12pass', v);
 
 	hide('save');
 	show('save');
@@ -98,14 +109,16 @@ $(empty "$NOPSK" || echo 'string|<span style="color:red">@TR<<No Keyfile uploade
 $(empty "$UPLOAD_PSK" || echo 'string|<span style="color:green">@TR<<Upload Successful>><br/></span>')
 $(empty "$NOPSK" && echo 'string|@TR<<Found Installed Keyfile>>')
 field|@TR<<Upload Preshared Key>>|psk|hidden
-upload|openvpn_pskfile
+upload|openvpn_cli_pskfile
 
 field|@TR<<Certificate Status>>|certificate_status|hidden
 $(empty "$NOCERT" || echo 'string|<span style="color:red">@TR<<No Certificate uploaded yet!>></span>')
 $(empty "$UPLOAD_CERT" || echo 'string|<span style="color:green">@TR<<Upload Successful>><br/></span>')
 $(empty "$NOCERT" && echo 'string|@TR<<Found Installed Certificate.>>')
 field|@TR<<Upload PKCS12 Certificate>>|certificate|hidden
-upload|openvpn_pkcs12file
+upload|openvpn_cli_pkcs12file
+field|@TR<<PKCS12 Container Password>>|pkcs12pass|hidden
+password|openvpn_cli_pkcs12pass|$openvpn_cli_pkcs12pass
 end_form
 
 EOF
@@ -113,5 +126,5 @@ EOF
 footer
 ?>
 <!--
-##WEBIF:name:Network:10:OpenVPN
+##WEBIF:name:VPN:1:OpenVPN
 -->
-- 
2.30.2