Development
This commit is contained in:
parent
6cfb070b7f
commit
286930423f
7 changed files with 44 additions and 11 deletions
|
|
@ -38,9 +38,10 @@ VALIDATION_FLAGS = {
|
|||
'VALIDATION_DOMAIN_NAME': 1 << 9,
|
||||
'VALIDATION_TIME24H': 1 << 10,
|
||||
'VALIDATION_RANGE_INT': 1 << 11,
|
||||
'VALIDATION_ENDPOINT': 1 << 12,
|
||||
'VALIDATION_IPV4_CIDR': 1 << 13,
|
||||
'VALIDATION_UNRESTRICTED': 1 << 14,
|
||||
'VALIDATION_IPV4_CIDR': 1 << 12,
|
||||
'VALIDATION_IPV4_CIDRFLEX': 1 << 13,
|
||||
'VALIDATION_UNRESTRICTED': 1 << 14,
|
||||
'VALIDATION_IP_OR_DOMAIN_NAME': 1 << 15,
|
||||
}
|
||||
|
||||
def _restricted_vlan_subnets():
|
||||
|
|
@ -200,9 +201,10 @@ function _checkLine(s){
|
|||
if(validation&512){t=_acc(_checkDomain(s));if(t)return t;}
|
||||
if(validation&1024){t=_acc(function(){if(!s)return _par('');if(/[^0-9:]/.test(s))return _err('Digits and colon only');if(s.length<5)return _par('');return /^([01]\d|2[0-3]):[0-5]\d$/.test(s)?_ok():_err('Must be HH:MM in 24-hour format (e.g. 02:30)');}());if(t)return t;}
|
||||
if(validation&2048){t=_acc(function(){if(s===''||s===null||s===undefined)return _par('');if(/[^0-9]/.test(s))return _err('Digits only');var n=parseInt(s,10);var mn=(arg1!==''&&arg1!=null)?parseInt(arg1,10):0;var mx=(arg2!==''&&arg2!=null)?parseInt(arg2,10):null;if(n<mn||(mx!==null&&n>mx)){if(mn!=null&&mx!==null)return _err('Must be between '+mn+' and '+mx);return mn!=null?_err('Must be >= '+mn):_err('Must be <= '+mx);}return _ok();}());if(t)return t;}
|
||||
if(validation&4096){t=_acc(function(){if(!s)return _par('');if(/^[0-9.]+$/.test(s)){var rv=_ipv4(s);return rv==='ok'?_ok():(rv==='partial'||rv==='empty')?_par(''):_err('Invalid character');}if(s.indexOf(':')!==-1){var cc=(s.match(/:/g)||[]).length;if(cc>1){if(/:::/.test(s)||(s.match(/::/g)||[]).length>1)return _err('Invalid hostname or IP');if(/[^0-9a-fA-F:.]/.test(s))return _err('Invalid character');var col=s.replace(/[^:]/g,'').length;return(s.indexOf('::')!==-1||col===7)?_ok():_par('');}return _checkDomain(s.slice(0,s.lastIndexOf(':')));}return _checkDomain(s);}());if(t)return t;}
|
||||
if(validation&8192){t=_acc(function(){if(!s)return _par('');var slash=s.indexOf('/');if(slash===-1){var rv=_ipv4(s);return rv==='ok'?_ok():(rv==='partial'||rv==='empty')?_par(''):(rv==='badchar'?_err('Invalid character'):rv==='badrange'?_err('Octet out of range'):_err('Invalid format'));}var rv=_ipv4(s.slice(0,slash));if(rv!=='ok')return rv==='badchar'?_err('Invalid character'):rv==='badrange'?_err('Octet out of range'):_par('');var pfx=s.slice(slash+1);if(!pfx)return _par('');if(/[^0-9]/.test(pfx))return _err('Invalid character');var n=parseInt(pfx,10);if(n<0||n>32)return _err('Prefix must be 0-32');var ip=s.slice(0,slash).split('.').map(Number);var ipN=((ip[0]<<24)|(ip[1]<<16)|(ip[2]<<8)|ip[3])>>>0;var mB=n===0?0:((0xFFFFFFFF<<(32-n))>>>0);return((ipN&(~mB>>>0))!==0)?_err('Host bits must be zero'):_ok();}());if(t)return t;}
|
||||
if(validation&4096){t=_acc(function(){if(!s)return _par('');var slash=s.indexOf('/');if(slash===-1){var rv=_ipv4(s);return(rv==='ok'||rv==='partial'||rv==='empty')?_par(''):(rv==='badchar'?_err('Invalid character'):rv==='badrange'?_err('Octet out of range'):_err('Invalid format'));}var rv=_ipv4(s.slice(0,slash));if(rv!=='ok')return rv==='badchar'?_err('Invalid character'):rv==='badrange'?_err('Octet out of range'):_par('');var pfx=s.slice(slash+1);if(!pfx)return _par('');if(/[^0-9]/.test(pfx))return _err('Invalid character');var n=parseInt(pfx,10);if(n<0||n>32)return _err('Prefix must be 0-32');var ip=s.slice(0,slash).split('.').map(Number);var ipN=((ip[0]<<24)|(ip[1]<<16)|(ip[2]<<8)|ip[3])>>>0;var mB=n===0?0:((0xFFFFFFFF<<(32-n))>>>0);return((ipN&(~mB>>>0))!==0)?_err('Host bits must be zero'):_ok();}());if(t)return t;}
|
||||
if(validation&8192){t=_acc(function(){if(!s)return _par('');var slash=s.indexOf('/');if(slash===-1){var rv=_ipv4(s);if(rv==='ok'){var lo=parseInt(s.split('.')[3],10);return lo===0?_par(''):_ok();}return(rv==='partial'||rv==='empty')?_par(''):(rv==='badchar'?_err('Invalid character'):rv==='badrange'?_err('Octet out of range'):_err('Invalid format'));}var rv=_ipv4(s.slice(0,slash));if(rv!=='ok')return rv==='badchar'?_err('Invalid character'):rv==='badrange'?_err('Octet out of range'):_par('');var pfx=s.slice(slash+1);if(!pfx)return _par('');if(/[^0-9]/.test(pfx))return _err('Invalid character');var n=parseInt(pfx,10);if(n<0||n>32)return _err('Prefix must be 0-32');var ip=s.slice(0,slash).split('.').map(Number);var ipN=((ip[0]<<24)|(ip[1]<<16)|(ip[2]<<8)|ip[3])>>>0;var mB=n===0?0:((0xFFFFFFFF<<(32-n))>>>0);return((ipN&(~mB>>>0))!==0)?_err('Host bits must be zero'):_ok();}());if(t)return t;}
|
||||
if(validation&16384){t=_acc(function(){if(!s)return _par('');var rv=_ipv4(s);if(rv!=='ok')return _par('');if(!collisions||!collisions.length)return _ok();var ip=s.split('.').map(Number);var ipN=((ip[0]<<24)|(ip[1]<<16)|(ip[2]<<8)|ip[3])>>>0;for(var i=0;i<collisions.length;i++){var sp=String(collisions[i]).split('/');if(sp.length!==2)continue;var np=sp[0].split('.').map(Number);if(np.length!==4)continue;var netN=((np[0]<<24)|(np[1]<<16)|(np[2]<<8)|np[3])>>>0;var pfx=parseInt(sp[1],10);var mB=pfx===0?0:((0xFFFFFFFF<<(32-pfx))>>>0);if((ipN&mB)===(netN&mB))return _err('IP is on a restricted VLAN');}return _ok();}());if(t)return t;}
|
||||
if(validation&32768){t=_acc(function(){if(!s)return _par('');if(/^[0-9.]+$/.test(s)){var rv=_ipv4(s);return rv==='ok'?_ok():(rv==='partial'||rv==='empty')?_par(''):_err('Invalid character');}if(s.indexOf(':')!==-1){var cc=(s.match(/:/g)||[]).length;if(cc>1){if(/:::/.test(s)||(s.match(/::/g)||[]).length>1)return _err('Invalid hostname or IP');if(/[^0-9a-fA-F:.]/.test(s))return _err('Invalid character');var col=s.replace(/[^:]/g,'').length;return(s.indexOf('::')!==-1||col===7)?_ok():_par('');}return _checkDomain(s.slice(0,s.lastIndexOf(':')));}return _checkDomain(s);}());if(t)return t;}
|
||||
return anyPartial?_par(''):_err(firstMsg||'Invalid');
|
||||
}
|
||||
var lines=value.split('\n'),hasPartial=false,seen={},hasContent=false;
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
def is_pro():
|
||||
return False
|
||||
return True
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@
|
|||
"label": "Source",
|
||||
"name": "src_ip_or_subnet",
|
||||
"input_type": "text",
|
||||
"validate": "VALIDATION_IPV4_CIDR",
|
||||
"validate": "VALIDATION_IPV4_CIDRFLEX",
|
||||
"placeholder": "e.g. 192.168.20.100 or 192.168.20.0/24",
|
||||
"hint": "You may allow either a single device IP or an entire subnet to contact dest."
|
||||
},
|
||||
|
|
@ -112,7 +112,7 @@
|
|||
"label": "Destination",
|
||||
"name": "dst_ip_or_subnet",
|
||||
"input_type": "text",
|
||||
"validate": "VALIDATION_IPV4_CIDR",
|
||||
"validate": "VALIDATION_IPV4_CIDRFLEX",
|
||||
"placeholder": "e.g. 192.168.10.200 or 192.168.10.0/24",
|
||||
"hint": "You may allow either a single device IP or an entire subnet to be reached by source."
|
||||
}
|
||||
|
|
|
|||
|
|
@ -66,9 +66,17 @@ def auth_mode_save():
|
|||
flash('This authentication mode requires a Routlin Pro license.', 'error')
|
||||
return redirect(f'/{_PAGE}')
|
||||
|
||||
eap_protocol = request.form.get('eap_protocol', 'eap_peap')
|
||||
if eap_protocol not in ('eap_peap', 'eap_ttls', 'eap_md5'):
|
||||
eap_protocol = 'eap_peap'
|
||||
|
||||
cfg = load_config()
|
||||
before = copy.deepcopy(cfg.get('radius', {}).get('options', {}))
|
||||
after = {**before, 'auth_mode': auth_mode}
|
||||
if auth_mode == 'eap_password':
|
||||
after['eap_protocol'] = eap_protocol
|
||||
else:
|
||||
after.pop('eap_protocol', None)
|
||||
cfg.setdefault('radius', {})['options'] = after
|
||||
|
||||
changes = diff_fields(before, after)
|
||||
|
|
|
|||
|
|
@ -201,7 +201,7 @@
|
|||
},
|
||||
{
|
||||
"type": "card",
|
||||
"label": "Extensible Authentication Protocol (EAP)",
|
||||
"label": "Authentication Mode",
|
||||
"client_requirement": "client_is_administrator+",
|
||||
"items": [
|
||||
{
|
||||
|
|
@ -225,6 +225,23 @@
|
|||
"options": "%RADIUS_AUTH_MODE_OPTIONS%",
|
||||
"hint": "_"
|
||||
},
|
||||
{
|
||||
"type": "raw_html",
|
||||
"html": "<div id=\"eap-protocol-row\">"
|
||||
},
|
||||
{
|
||||
"type": "field",
|
||||
"label": "Username/Password Protocol",
|
||||
"name": "eap_protocol",
|
||||
"input_type": "select",
|
||||
"value": "%RADIUS_EAP_PROTOCOL%",
|
||||
"options": "%RADIUS_EAP_PROTOCOL_OPTIONS%",
|
||||
"hint": "_"
|
||||
},
|
||||
{
|
||||
"type": "raw_html",
|
||||
"html": "</div>"
|
||||
},
|
||||
{
|
||||
"type": "button_row",
|
||||
"items": [
|
||||
|
|
|
|||
|
|
@ -68,7 +68,13 @@ def collect_tokens(cfg):
|
|||
fr_opts = fr.get('options', {})
|
||||
fr_gen = fr.get('general', {})
|
||||
tokens['RADIUS_MAC_FORMAT'] = fr_opts.get('mac_format', 'aabbccddeeff')
|
||||
tokens['RADIUS_AUTH_MODE'] = fr_opts.get('auth_mode', 'mab')
|
||||
tokens['RADIUS_AUTH_MODE'] = fr_opts.get('auth_mode', 'mab')
|
||||
tokens['RADIUS_EAP_PROTOCOL'] = fr_opts.get('eap_protocol', 'eap_peap')
|
||||
tokens['RADIUS_EAP_PROTOCOL_OPTIONS'] = json.dumps([
|
||||
{'value': 'eap_peap', 'label': 'EAP-PEAP'},
|
||||
{'value': 'eap_ttls', 'label': 'EAP-TTLS'},
|
||||
{'value': 'eap_md5', 'label': 'EAP-MD5'},
|
||||
])
|
||||
pro_suffix = '' if PRO_LICENSE else ' (PRO REQUIRED)'
|
||||
pro_disabled = not PRO_LICENSE
|
||||
tokens['RADIUS_AUTH_MODE_OPTIONS'] = json.dumps([
|
||||
|
|
|
|||
|
|
@ -208,7 +208,7 @@
|
|||
"label": "Server Endpoint",
|
||||
"name": "vpn_server_endpoint",
|
||||
"input_type": "text",
|
||||
"validate": "VALIDATION_ENDPOINT",
|
||||
"validate": "VALIDATION_IP_OR_DOMAIN_NAME",
|
||||
"value": "%VPN_SERVER_ENDPOINT%",
|
||||
"placeholder": "e.g. vpn.example.com",
|
||||
"hint": "Publicly reachable hostname or IP of this server, embedded in client config files."
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue