From 7ec500251e61075bff07c8d40274cca92ba321af Mon Sep 17 00:00:00 2001 From: Ted Trask Date: Tue, 29 Dec 2009 14:59:46 +0000 Subject: Moved certificates to subdirectory and enabled multiple instances. --- openvpn-controller.lua | 5 +++++ openvpn-model.lua | 33 ++++++++++++++++++++------------- 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/openvpn-controller.lua b/openvpn-controller.lua index a2926d6..3155701 100644 --- a/openvpn-controller.lua +++ b/openvpn-controller.lua @@ -2,6 +2,11 @@ module (..., package.seeall) require("controllerfunctions") +mvc = {} +mvc.on_load = function(self, parent) + self.model.set_processname(string.match(self.conf.prefix, "[^/]+")) +end + default_action = "status" status = function(self) diff --git a/openvpn-model.lua b/openvpn-model.lua index b4befce..59be82c 100644 --- a/openvpn-model.lua +++ b/openvpn-model.lua @@ -12,9 +12,16 @@ local processname = "openvpn" local packagename = "openvpn" local configfile = "/etc/openvpn/openvpn.conf" local baseurl = "/etc/openvpn/" +local certurl = "/etc/openvpn/openvpn_certs/" local path = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin " +function set_processname(p) + processname = p + configfile = "/etc/openvpn/"..processname..".conf" + certurl = "/etc/openvpn/"..processname.."_certs/" +end + -- ################################################################################ -- LOCAL FUNCTIONS @@ -194,8 +201,8 @@ end function list_certs() local list = {} - for file in fs.find(".*%.pem", baseurl) do - list[#list+1] = posix.basename(file) + for file in fs.find(".*%.pem", certurl) do + list[#list+1] = file end return cfe({ type="list", value=list, label="OpenVPN Certificates" }) end @@ -205,7 +212,7 @@ function delete_cert(certname) local retval = cfe({ label="Delete Certificate result", errtxt="Invalid cert name" }) for i,cert in ipairs(list.value) do if cert == certname then - os.remove(baseurl..certname) + os.remove(certname) retval.value = "Certificate deleted" retval.errtxt = nil break @@ -269,20 +276,20 @@ function upload_cert(newcert) if newcert.value.name.value == "" then newcert.value.name.errtxt = "Cannot be blank" success = false - elseif posix.stat(baseurl..newcert.value.name.value.."-cert.pem") or posix.stat(baseurl..newcert.value.name.value.."-key.pem") or posix.stat(baseurl..newcert.value.name.value.."-ca.pem") then + elseif posix.stat(certurl..newcert.value.name.value.."-cert.pem") or posix.stat(certurl..newcert.value.name.value.."-key.pem") or posix.stat(certurl..newcert.value.name.value.."-ca.pem") then newcert.value.name.errtxt = "Certificate of this name already exists" success = false end if success then - if not posix.stat(baseurl) then - posix.mkdir(baseurl) + if not posix.stat(certurl) then + posix.mkdir(certurl) end -- copy the keys - fs.move_file(newcert.value.cert.value.."cert.pem", baseurl..newcert.value.name.value.."-cert.pem") - fs.move_file(newcert.value.cert.value.."key.pem", baseurl..newcert.value.name.value.."-key.pem") - fs.move_file(newcert.value.cert.value.."ca.pem", baseurl..newcert.value.name.value.."-ca.pem") - posix.chmod(baseurl..newcert.value.name.value.."-key.pem", "rw-------") + fs.move_file(newcert.value.cert.value.."cert.pem", certurl..newcert.value.name.value.."-cert.pem") + fs.move_file(newcert.value.cert.value.."key.pem", certurl..newcert.value.name.value.."-key.pem") + fs.move_file(newcert.value.cert.value.."ca.pem", certurl..newcert.value.name.value.."-ca.pem") + posix.chmod(certurl..newcert.value.name.value.."-key.pem", "rw-------") else newcert.errtxt = "Failed to upload certificate" end @@ -300,9 +307,9 @@ end view_cert = function(certname) local cmdresult = "Invalid cert name" if not string.find(certname, "/") then - certname = baseurl..certname + certname = certurl..certname end - if validator.is_valid_filename(certname, baseurl) then + if validator.is_valid_filename(certname, certurl) or validator.is_valid_filename(certname, baseurl) then local cmd = path .. "openssl x509 -in "..format.escapespecialcharacters(certname).." -noout -text" local f = io.popen(cmd) cmdresult = f:read("*a") @@ -313,7 +320,7 @@ view_cert = function(certname) end generate_dh_params = function() - local cmd = path .. "openssl dhparam -out /etc/openvpn/dh1024.pem 1024 2>&1" + local cmd = path .. "openssl dhparam -out "..certurl.."dh1024.pem 1024 2>&1" f = io.popen(cmd) local cmdresult = f:read("*a") f:close() -- cgit v1.2.3