These configuration option are required to make the client authenticate
itself against the server.
The server may then accept those credentials without any further ado or
ask for a OTP.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Although Perl modules tend to take a long time to load, it is better to
do this at the beginning so that loading the script will show any
errors.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Add two-factor authentication (2FA) to OpenVPN host connections with
one-time passwords.
The 2FA can be enabled or disabled per host connection and requires the
client to download it's configuration again after 2FA has beend enabled
for it.
Additionally the client needs to configure an TOTP application, like
"Google Authenticator" which then provides the second factor.
To faciliate this every connection with enabled 2FA
gets an "show qrcode" button after the "show file" button in the
host connection list to show the 2FA secret and an 2FA configuration QRCode.
When 2FA is enabled, the client needs to provide the second factor plus
the private key password (if set) to successfully authorize.
This only supports time based one-time passwords, TOTP with 30s
window and 6 digits, for now but we may update this in the future.
Signed-off-by: Timo Eissler <timo.eissler@ipfire.org>
This allows to correctly assign an URL to a file without relying
on unique base names.
A custom read function is required because General::readhash()
doesn't allow paths as hash keys. Modifying the existing functions
could affect other CGIs and was therefore dismissed.
Fixes: #12806
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Refreshing the Pakfire page may cause a command to be
executed multiple times and induce odd errors.
This patch implements a HTTP 303 redirect after form processing,
which causes the browser to discard the POST form data.
Navigating backward or reloading the page now does not trigger
multiple executions anymore.
Fixes: #12781
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Acked-by: Peter Müller <peter.muelle@ipfire.org>
The main page cannot be used while an installation is running.
Therefore it makes more sense to generate the log output first.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Acked-by: Peter Müller <peter.muelle@ipfire.org>
Move most of the command execution away from the HTML output.
This makes it easier to modify or extend individual commands.
Also load Pakfire settings earlier to ensure that they are
available during command execution.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Acked-by: Peter Müller <peter.muelle@ipfire.org>
Otherwise the same provider could not be added again at a later
time if the stored etag is still valid.
In this case the server will not offer the rules and the provider
could not be added.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This fixes an HTML error that is briefly visible
on the "magic packet sent" page.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This attribute is recommended by W3C, because it is used by
screen readers to provide the correct pronunciation.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This patch adds default values and removes a missing translation
to fix "uninitialized value" and "odd number of elements" warnings.
Removes function calls from functions.pl that have already been
handled by the header before it is loaded by eval().
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
ids-functions.
This will print some nice status messages while the page is locked and
the IDS rules get regenerated/altered.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to regenerate the entire ruleset similar to the
one from ids-functions, but is enhanced to print additional status
messages.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Prevents "use of uninitialized value" warnings when the
CGI is called with broken undefined GET parameters.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
