1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
/* |
4
|
|
|
* ****************************************************************************** |
5
|
|
|
* Copyright 2011-2017 DANTE Ltd. and GÉANT on behalf of the GN3, GN3+, GN4-1 |
6
|
|
|
* and GN4-2 consortia |
7
|
|
|
* |
8
|
|
|
* License: see the web/copyright.php file in the file structure |
9
|
|
|
* ****************************************************************************** |
10
|
|
|
*/ |
11
|
|
|
|
12
|
|
|
/** |
13
|
|
|
* This file creates MS Windows 8 installers |
14
|
|
|
* It supports EAP-TLS, TTLS, PEAP and EAP-pwd |
15
|
|
|
* @author Tomasz Wolniewicz <[email protected]> |
16
|
|
|
* |
17
|
|
|
* @package ModuleWriting |
18
|
|
|
*/ |
19
|
|
|
|
20
|
|
|
namespace devices\ms; |
21
|
|
|
use \Exception; |
22
|
|
|
|
23
|
|
|
/** |
24
|
|
|
* |
25
|
|
|
* @author Tomasz Wolniewicz <[email protected]> |
26
|
|
|
* @package ModuleWriting |
27
|
|
|
*/ |
28
|
|
|
class Device_W8 extends WindowsCommon { |
29
|
|
|
|
30
|
|
|
final public function __construct() { |
31
|
|
|
parent::__construct(); |
32
|
|
|
$this->setSupportedEapMethods([\core\common\EAP::EAPTYPE_TLS, \core\common\EAP::EAPTYPE_PEAP_MSCHAP2, \core\common\EAP::EAPTYPE_TTLS_PAP, \core\common\EAP::EAPTYPE_TTLS_MSCHAP2, \core\common\EAP::EAPTYPE_PWD, \core\common\EAP::EAPTYPE_SILVERBULLET]); |
33
|
|
|
$this->specialities['anon_id'][serialize(\core\common\EAP::EAPTYPE_PEAP_MSCHAP2)] = _("Anonymous identities do not use the realm as specified in the profile - it is derived from the suffix of the user's username input instead."); |
34
|
|
|
$this->useGeantLink = 0; |
35
|
|
|
} |
36
|
|
|
|
37
|
|
|
public function writeInstaller() { |
38
|
|
|
$dom = textdomain(NULL); |
39
|
|
|
textdomain("devices"); |
40
|
|
|
// create certificate files and save their names in $caFiles arrary |
41
|
|
|
$caFiles = $this->saveCertificateFiles('der'); |
42
|
|
|
$allSSID = $this->attributes['internal:SSID']; |
43
|
|
|
$delSSIDs = $this->attributes['internal:remove_SSID']; |
44
|
|
|
$this->prepareInstallerLang(); |
45
|
|
|
$setWired = isset($this->attributes['media:wired'][0]) && $this->attributes['media:wired'][0] == 'on' ? 1 : 0; |
46
|
|
|
// create a list of profiles to be deleted after installation |
47
|
|
|
$delProfiles = []; |
48
|
|
|
foreach ($delSSIDs as $ssid => $cipher) { |
49
|
|
|
if ($cipher == 'DEL') { |
50
|
|
|
$delProfiles[] = $ssid; |
51
|
|
|
} |
52
|
|
|
if ($cipher == 'TKIP') { |
53
|
|
|
$delProfiles[] = $ssid . ' (TKIP)'; |
54
|
|
|
} |
55
|
|
|
} |
56
|
|
|
|
57
|
|
|
|
58
|
|
|
if ($this->selectedEap == \core\common\EAP::EAPTYPE_TLS || $this->selectedEap == \core\common\EAP::EAPTYPE_PEAP_MSCHAP2 || $this->selectedEap == \core\common\EAP::EAPTYPE_TTLS_PAP || $this->selectedEap == \core\common\EAP::EAPTYPE_TTLS_MSCHAP2 || $this->selectedEap == \core\common\EAP::EAPTYPE_PWD || $this->selectedEap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
59
|
|
|
$windowsProfile = []; |
60
|
|
|
$eapConfig = $this->prepareEapConfig($this->attributes); |
61
|
|
|
$iterator = 0; |
62
|
|
|
foreach ($allSSID as $ssid => $cipher) { |
63
|
|
|
if ($cipher == 'TKIP') { |
64
|
|
|
$windowsProfile[$iterator] = $this->writeWLANprofile($ssid . ' (TKIP)', $ssid, 'WPA', 'TKIP', $eapConfig, $iterator); |
|
|
|
|
65
|
|
|
$iterator++; |
66
|
|
|
} |
67
|
|
|
$windowsProfile[$iterator] = $this->writeWLANprofile($ssid, $ssid, 'WPA2', 'AES', $eapConfig, $iterator); |
|
|
|
|
68
|
|
|
$iterator++; |
69
|
|
|
} |
70
|
|
|
if ($setWired) { |
71
|
|
|
$this->writeLANprofile($eapConfig); |
72
|
|
|
} |
73
|
|
|
} else { |
74
|
|
|
print(" this EAP type is not handled yet.\n"); |
75
|
|
|
return; |
76
|
|
|
} |
77
|
|
|
$this->loggerInstance->debug(4, "windowsProfile"); |
78
|
|
|
$this->loggerInstance->debug(4, print_r($windowsProfile, true)); |
79
|
|
|
|
80
|
|
|
$this->writeProfilesNSH($windowsProfile, $caFiles, $setWired); |
81
|
|
|
$this->writeAdditionalDeletes($delProfiles); |
82
|
|
|
if (isset($additionalDeletes) && count($additionalDeletes)) { |
|
|
|
|
83
|
|
|
$this->writeAdditionalDeletes($additionalDeletes); |
84
|
|
|
} |
85
|
|
|
if ($this->selectedEap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
86
|
|
|
$this->writeClientP12File(); |
87
|
|
|
} |
88
|
|
|
$this->copyFiles($this->selectedEap); |
89
|
|
|
$fedLogo = $this->attributes['fed:logo_file'] ?? NULL; |
90
|
|
|
$idpLogo = $this->attributes['internal:logo_file'] ?? NULL; |
91
|
|
|
$this->combineLogo($idpLogo, $fedLogo); |
92
|
|
|
$this->writeMainNSH($this->selectedEap, $this->attributes); |
93
|
|
|
$this->compileNSIS(); |
94
|
|
|
$installerPath = $this->signInstaller(); |
95
|
|
|
|
96
|
|
|
textdomain($dom); |
97
|
|
|
return($installerPath); |
98
|
|
|
} |
99
|
|
|
|
100
|
|
|
private function prepareEapConfig($attr) { |
101
|
|
|
$eap = $this->selectedEap; |
102
|
|
|
$w8Ext = ''; |
103
|
|
|
if ($eap != \core\common\EAP::EAPTYPE_TLS && $eap != \core\common\EAP::EAPTYPE_PEAP_MSCHAP2 && $eap != \core\common\EAP::EAPTYPE_PWD && $eap != \core\common\EAP::EAPTYPE_TTLS_PAP && $eap != \core\common\EAP::EAPTYPE_TTLS_MSCHAP2 && $eap != \core\common\EAP::EAPTYPE_SILVERBULLET) { |
104
|
|
|
$this->loggerInstance->debug(2, "this method only allows TLS, PEAP, TTLS-PAP, TTLS-MSCHAPv2 or EAP-pwd"); |
105
|
|
|
error("this method only allows TLS, PEAP, TTLS-PAP, TTLS-MSCHAPv2 or EAP-pwd"); |
106
|
|
|
return; |
107
|
|
|
} |
108
|
|
|
$useAnon = $attr['internal:use_anon_outer'] [0]; |
109
|
|
View Code Duplication |
if ($useAnon) { |
|
|
|
|
110
|
|
|
$outerUser = $attr['internal:anon_local_value'][0]; |
111
|
|
|
$outerId = $outerUser . '@' . $attr['internal:realm'][0]; |
112
|
|
|
} |
113
|
|
|
// $servers = preg_quote(implode(';',$attr['eap:server_name'])); |
|
|
|
|
114
|
|
|
$servers = implode(';', $attr['eap:server_name']); |
115
|
|
|
|
116
|
|
|
$caArray = $attr['internal:CAs'][0]; |
117
|
|
|
|
118
|
|
|
|
119
|
|
|
$profileFileCont = '<EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
120
|
|
|
<EapMethod> |
121
|
|
|
'; |
122
|
|
|
|
123
|
|
|
$profileFileCont .= '<Type xmlns="http://www.microsoft.com/provisioning/EapCommon">' . |
124
|
|
|
$this->selectedEap["OUTER"] . '</Type> |
125
|
|
|
<VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId> |
126
|
|
|
<VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType> |
127
|
|
|
'; |
128
|
|
|
if ($eap == \core\common\EAP::EAPTYPE_TLS || $eap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
129
|
|
|
$profileFileCont .= '<AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId> |
130
|
|
|
</EapMethod> |
131
|
|
|
'; |
132
|
|
|
$profileFileCont .= ' |
133
|
|
|
|
134
|
|
|
<Config xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1" |
135
|
|
|
xmlns:eapTls="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"> |
136
|
|
|
<baseEap:Eap> |
137
|
|
|
<baseEap:Type>13</baseEap:Type> |
138
|
|
|
<eapTls:EapType> |
139
|
|
|
<eapTls:CredentialsSource> |
140
|
|
|
<eapTls:CertificateStore /> |
141
|
|
|
</eapTls:CredentialsSource> |
142
|
|
|
<eapTls:ServerValidation> |
143
|
|
|
<eapTls:DisableUserPromptForServerValidation>true</eapTls:DisableUserPromptForServerValidation> |
144
|
|
|
<eapTls:ServerNames>' . $servers . '</eapTls:ServerNames>'; |
145
|
|
View Code Duplication |
if ($caArray) { |
|
|
|
|
146
|
|
|
foreach ($caArray as $certAuthority) { |
147
|
|
|
if ($certAuthority['root']) { |
148
|
|
|
$profileFileCont .= "<eapTls:TrustedRootCA>" . $certAuthority['sha1'] . "</eapTls:TrustedRootCA>\n"; |
149
|
|
|
} |
150
|
|
|
} |
151
|
|
|
} |
152
|
|
|
$profileFileCont .= '</eapTls:ServerValidation> |
153
|
|
|
'; |
154
|
|
View Code Duplication |
if (isset($attr['eap-specific:tls_use_other_id']) && $attr['eap-specific:tls_use_other_id'][0] == 'on') { |
|
|
|
|
155
|
|
|
$profileFileCont .= '<eapTls:DifferentUsername>true</eapTls:DifferentUsername>'; |
156
|
|
|
$this->tlsOtherUsername = 1; |
157
|
|
|
} else { |
158
|
|
|
$profileFileCont .= '<eapTls:DifferentUsername>false</eapTls:DifferentUsername>'; |
159
|
|
|
} |
160
|
|
|
$profileFileCont .= ' |
161
|
|
|
</eapTls:EapType> |
162
|
|
|
</baseEap:Eap> |
163
|
|
|
</Config> |
164
|
|
|
'; |
165
|
|
View Code Duplication |
} elseif ($eap == \core\common\EAP::EAPTYPE_PEAP_MSCHAP2) { |
|
|
|
|
166
|
|
|
if (isset($attr['eap:enable_nea']) && $attr['eap:enable_nea'][0] == 'on') { |
167
|
|
|
$nea = 'true'; |
168
|
|
|
} else { |
169
|
|
|
$nea = 'false'; |
170
|
|
|
} |
171
|
|
|
$profileFileCont .= '<AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId> |
172
|
|
|
</EapMethod> |
173
|
|
|
'; |
174
|
|
|
$w8Ext = '<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
175
|
|
|
<Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> |
176
|
|
|
<Type>25</Type> |
177
|
|
|
<EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"> |
178
|
|
|
<ServerValidation> |
179
|
|
|
<DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation> |
180
|
|
|
<ServerNames>' . $servers . '</ServerNames>'; |
181
|
|
|
if ($caArray) { |
182
|
|
|
foreach ($caArray as $certAuthority) { |
183
|
|
|
if ($certAuthority['root']) { |
184
|
|
|
$w8Ext .= "<TrustedRootCA>" . $certAuthority['sha1'] . "</TrustedRootCA>\n"; |
185
|
|
|
} |
186
|
|
|
} |
187
|
|
|
} |
188
|
|
|
$w8Ext .= '</ServerValidation> |
189
|
|
|
<FastReconnect>true</FastReconnect> |
190
|
|
|
<InnerEapOptional>false</InnerEapOptional> |
191
|
|
|
<Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> |
192
|
|
|
<Type>26</Type> |
193
|
|
|
<EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"> |
194
|
|
|
<UseWinLogonCredentials>false</UseWinLogonCredentials> |
195
|
|
|
</EapType> |
196
|
|
|
</Eap> |
197
|
|
|
<EnableQuarantineChecks>' . $nea . '</EnableQuarantineChecks> |
198
|
|
|
<RequireCryptoBinding>false</RequireCryptoBinding> |
199
|
|
|
'; |
200
|
|
|
if ($useAnon == 1) { |
201
|
|
|
$w8Ext .= '<PeapExtensions> |
202
|
|
|
<IdentityPrivacy xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2"> |
203
|
|
|
<EnableIdentityPrivacy>true</EnableIdentityPrivacy> |
204
|
|
|
'; |
205
|
|
|
if (isset($outerUser) && $outerUser) { |
206
|
|
|
$w8Ext .= '<AnonymousUserName>' . $outerUser . '</AnonymousUserName> |
207
|
|
|
'; |
208
|
|
|
} else { |
209
|
|
|
$w8Ext .= '<AnonymousUserName/> |
210
|
|
|
'; |
211
|
|
|
} |
212
|
|
|
$w8Ext .= '</IdentityPrivacy> |
213
|
|
|
</PeapExtensions> |
214
|
|
|
'; |
215
|
|
|
} |
216
|
|
|
$w8Ext .= '</EapType> |
217
|
|
|
</Eap> |
218
|
|
|
</Config> |
219
|
|
|
'; |
220
|
|
|
} elseif ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP || $eap == \core\common\EAP::EAPTYPE_TTLS_MSCHAP2) { |
221
|
|
|
$profileFileCont .= '<AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId> |
222
|
|
|
</EapMethod> |
223
|
|
|
'; |
224
|
|
|
$w8Ext = '<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
225
|
|
|
<EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1"> |
226
|
|
|
<ServerValidation> |
227
|
|
|
<ServerNames>' . $servers . '</ServerNames> '; |
228
|
|
|
if ($caArray) { |
229
|
|
|
foreach ($caArray as $certAuthority) { |
230
|
|
|
if ($certAuthority['root']) { |
231
|
|
|
$w8Ext .= "<TrustedRootCAHash>" . chunk_split($certAuthority['sha1'], 2, ' ') . "</TrustedRootCAHash>\n"; |
232
|
|
|
} |
233
|
|
|
} |
234
|
|
|
} |
235
|
|
|
$w8Ext .= '<DisablePrompt>true</DisablePrompt> |
236
|
|
|
</ServerValidation> |
237
|
|
|
<Phase2Authentication> |
238
|
|
|
'; |
239
|
|
|
if ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP) { |
240
|
|
|
$w8Ext .= '<PAPAuthentication /> '; |
241
|
|
|
} |
242
|
|
|
if ($eap == \core\common\EAP::EAPTYPE_TTLS_MSCHAP2) { |
243
|
|
|
$w8Ext .= '<MSCHAPv2Authentication> |
244
|
|
|
<UseWinlogonCredentials>false</UseWinlogonCredentials> |
245
|
|
|
</MSCHAPv2Authentication> |
246
|
|
|
'; |
247
|
|
|
} |
248
|
|
|
$w8Ext .= '</Phase2Authentication> |
249
|
|
|
<Phase1Identity> |
250
|
|
|
'; |
251
|
|
|
if ($useAnon == 1) { |
252
|
|
|
$w8Ext .= '<IdentityPrivacy>true</IdentityPrivacy> |
253
|
|
|
'; |
254
|
|
|
if (isset($outerId) && $outerId) { |
255
|
|
|
$w8Ext .= '<AnonymousIdentity>' . $outerId . '</AnonymousIdentity> |
256
|
|
|
'; |
257
|
|
|
} else { |
258
|
|
|
$w8Ext .= '<AnonymousIdentity/> |
259
|
|
|
'; |
260
|
|
|
} |
261
|
|
|
} else { |
262
|
|
|
$w8Ext .= '<IdentityPrivacy>false</IdentityPrivacy> |
263
|
|
|
'; |
264
|
|
|
} |
265
|
|
|
$w8Ext .= '</Phase1Identity> |
266
|
|
|
</EapTtls> |
267
|
|
|
</Config> |
268
|
|
|
'; |
269
|
|
|
} elseif ($eap == \core\common\EAP::EAPTYPE_PWD) { |
270
|
|
|
$profileFileCont .= '<AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId> |
271
|
|
|
</EapMethod> |
272
|
|
|
'; |
273
|
|
|
$profileFileCont .= '<ConfigBlob></ConfigBlob>'; |
274
|
|
|
} |
275
|
|
|
|
276
|
|
|
$profileFileContEnd = '</EapHostConfig></EAPConfig>'; |
277
|
|
|
$returnArray = []; |
278
|
|
|
$returnArray['w8'] = $profileFileCont . $w8Ext . $profileFileContEnd; |
279
|
|
|
return $returnArray; |
280
|
|
|
} |
281
|
|
|
|
282
|
|
|
/** |
283
|
|
|
* produce PEAP, TLS and TTLS configuration files for Windows 8 |
284
|
|
|
* |
285
|
|
|
* @param string $wlanProfileName |
286
|
|
|
* @param string $ssid |
287
|
|
|
* @param string $auth can be one of "WPA", "WPA2" |
288
|
|
|
* @param string $encryption can be one of: "TKIP", "AES" |
289
|
|
|
* @param array $eapConfig XML configuration block with EAP config data |
290
|
|
|
* @param int $profileNumber counter, which profile number is this |
291
|
|
|
* @return string |
292
|
|
|
*/ |
293
|
|
View Code Duplication |
private function writeWLANprofile($wlanProfileName, $ssid, $auth, $encryption, $eapConfig, $profileNumber) { |
|
|
|
|
294
|
|
|
$profileFileCont = '<?xml version="1.0"?> |
295
|
|
|
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"> |
296
|
|
|
<name>' . $wlanProfileName . '</name> |
297
|
|
|
<SSIDConfig> |
298
|
|
|
<SSID> |
299
|
|
|
<name>' . $ssid . '</name> |
300
|
|
|
</SSID> |
301
|
|
|
<nonBroadcast>true</nonBroadcast> |
302
|
|
|
</SSIDConfig> |
303
|
|
|
<connectionType>ESS</connectionType> |
304
|
|
|
<connectionMode>auto</connectionMode> |
305
|
|
|
<autoSwitch>false</autoSwitch> |
306
|
|
|
<MSM> |
307
|
|
|
<security> |
308
|
|
|
<authEncryption> |
309
|
|
|
<authentication>' . $auth . '</authentication> |
310
|
|
|
<encryption>' . $encryption . '</encryption> |
311
|
|
|
<useOneX>true</useOneX> |
312
|
|
|
</authEncryption> |
313
|
|
|
'; |
314
|
|
|
if ($auth == 'WPA2') { |
315
|
|
|
$profileFileCont .= '<PMKCacheMode>enabled</PMKCacheMode> |
316
|
|
|
<PMKCacheTTL>720</PMKCacheTTL> |
317
|
|
|
<PMKCacheSize>128</PMKCacheSize> |
318
|
|
|
<preAuthMode>disabled</preAuthMode> |
319
|
|
|
'; |
320
|
|
|
} |
321
|
|
|
$profileFileCont .= '<OneX xmlns="http://www.microsoft.com/networking/OneX/v1"> |
322
|
|
|
<cacheUserData>true</cacheUserData> |
323
|
|
|
<authMode>user</authMode> |
324
|
|
|
'; |
325
|
|
|
|
326
|
|
|
$closing = ' |
327
|
|
|
</OneX> |
328
|
|
|
</security> |
329
|
|
|
</MSM> |
330
|
|
|
</WLANProfile> |
331
|
|
|
'; |
332
|
|
|
|
333
|
|
|
if (!is_dir('w8')) { |
334
|
|
|
mkdir('w8'); |
335
|
|
|
} |
336
|
|
|
$xmlFname = "w8/wlan_prof-$profileNumber.xml"; |
337
|
|
|
$xmlF = fopen($xmlFname, 'w'); |
338
|
|
|
fwrite($xmlF, $profileFileCont . $eapConfig['w8'] . $closing); |
339
|
|
|
fclose($xmlF); |
340
|
|
|
$this->loggerInstance->debug(2, "Installer has been written into directory $this->FPATH\n"); |
341
|
|
|
$this->loggerInstance->debug(4, "WWWWLAN_Profile:$wlanProfileName:$encryption\n"); |
342
|
|
|
return("\"$wlanProfileName\" \"$encryption\""); |
343
|
|
|
} |
344
|
|
|
|
345
|
|
View Code Duplication |
private function writeLANprofile($eapConfig) { |
|
|
|
|
346
|
|
|
$profileFileCont = '<?xml version="1.0"?> |
347
|
|
|
<LANProfile xmlns="http://www.microsoft.com/networking/LAN/profile/v1"> |
348
|
|
|
<MSM> |
349
|
|
|
<security> |
350
|
|
|
<OneXEnforced>false</OneXEnforced> |
351
|
|
|
<OneXEnabled>true</OneXEnabled> |
352
|
|
|
<OneX xmlns="http://www.microsoft.com/networking/OneX/v1"> |
353
|
|
|
<cacheUserData>true</cacheUserData> |
354
|
|
|
<authMode>user</authMode> |
355
|
|
|
'; |
356
|
|
|
$closing = ' |
357
|
|
|
</OneX> |
358
|
|
|
</security> |
359
|
|
|
</MSM> |
360
|
|
|
</LANProfile> |
361
|
|
|
'; |
362
|
|
|
|
363
|
|
|
if (!is_dir('w8')) { |
364
|
|
|
mkdir('w8'); |
365
|
|
|
} |
366
|
|
|
$xmlFname = "w8/lan_prof.xml"; |
367
|
|
|
$xmlF = fopen($xmlFname, 'w'); |
368
|
|
|
fwrite($xmlF, $profileFileCont . $eapConfig['w8'] . $closing); |
369
|
|
|
fclose($xmlF); |
370
|
|
|
$this->loggerInstance->debug(2, "Installer has been written into directory $this->FPATH\n"); |
371
|
|
|
} |
372
|
|
|
|
373
|
|
|
private function writeMainNSH($eap, $attr) { |
374
|
|
|
$this->loggerInstance->debug(4, "writeMainNSH"); |
375
|
|
|
$this->loggerInstance->debug(4, $attr); |
376
|
|
|
$fcontents = "!define W8\n"; |
377
|
|
|
if (CONFIG_CONFASSISTANT['NSIS_VERSION'] >= 3) { |
378
|
|
|
$fcontents .= "Unicode true\n"; |
379
|
|
|
} |
380
|
|
|
|
381
|
|
|
$eapOptions = [ |
382
|
|
|
\core\common\EAP::PEAP => ['str' => 'PEAP', 'exec' => 'user'], |
383
|
|
|
\core\common\EAP::TLS => ['str' => 'TLS', 'exec' => 'user'], |
384
|
|
|
\core\common\EAP::TTLS => ['str' => 'TTLS', 'exec' => 'user'], |
385
|
|
|
\core\common\EAP::PWD => ['str' => 'PWD', 'exec' => 'user'], |
386
|
|
|
]; |
387
|
|
|
|
388
|
|
|
// Uncomment the line below if you want this module to run under XP (only displaying a warning) |
389
|
|
|
// $fcontents .= "!define ALLOW_XP\n"; |
390
|
|
|
// Uncomment the line below if you want this module to produce debugging messages on the client |
391
|
|
|
// $fcontents .= "!define DEBUG_CAT\n"; |
392
|
|
|
if ($this->tlsOtherUsername == 1) { |
393
|
|
|
$fcontents .= "!define PFX_USERNAME\n"; |
394
|
|
|
} |
395
|
|
|
$execLevel = $eapOptions[$eap["OUTER"]]['exec']; |
396
|
|
|
$eapStr = $eapOptions[$eap["OUTER"]]['str']; |
397
|
|
|
if ($eap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
398
|
|
|
$fcontents .= "!define SILVERBULLET\n"; |
399
|
|
|
} |
400
|
|
|
$fcontents .= '!define ' . $eapStr; |
401
|
|
|
$fcontents .= "\n" . '!define EXECLEVEL "' . $execLevel . '"'; |
402
|
|
|
|
403
|
|
View Code Duplication |
if ($attr['internal:profile_count'][0] > 1) { |
|
|
|
|
404
|
|
|
$fcontents .= "\n" . '!define USER_GROUP "' . $this->translateString(str_replace('"', '$\\"', $attr['profile:name'][0]), $this->codePage) . '"'; |
405
|
|
|
} |
406
|
|
|
$fcontents .= ' |
407
|
|
|
Caption "' . $this->translateString(sprintf(WindowsCommon::sprint_nsi(_("%s installer for %s")), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], $attr['general:instname'][0]), $this->codePage) . '" |
408
|
|
|
!define APPLICATION "' . $this->translateString(sprintf(WindowsCommon::sprint_nsi(_("%s installer for %s")), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], $attr['general:instname'][0]), $this->codePage) . '" |
409
|
|
|
!define VERSION "' . \core\CAT::VERSION_MAJOR . '.' . \core\CAT::VERSION_MINOR . '" |
410
|
|
|
!define INSTALLER_NAME "installer.exe" |
411
|
|
|
!define LANG "' . $this->lang . '" |
412
|
|
|
!define LOCALE "' . preg_replace('/\..*$/', '', CONFIG['LANGUAGES'][$this->languageInstance->getLang()]['locale']) . '" |
413
|
|
|
'; |
414
|
|
|
$fcontents .= $this->msInfoFile($attr); |
415
|
|
|
|
416
|
|
|
$fcontents .= ';-------------------------------- |
417
|
|
|
!define ORGANISATION "' . $this->translateString($attr['general:instname'][0], $this->codePage) . '" |
418
|
|
|
!define SUPPORT "' . ((isset($attr['support:email'][0]) && $attr['support:email'][0] ) ? $attr['support:email'][0] : $this->translateString($this->support_email_substitute, $this->codePage)) . '" |
419
|
|
|
!define URL "' . ((isset($attr['support:url'][0]) && $attr['support:url'][0] ) ? $attr['support:url'][0] : $this->translateString($this->support_url_substitute, $this->codePage)) . '" |
420
|
|
|
|
421
|
|
|
!ifdef TLS |
422
|
|
|
'; |
423
|
|
|
//TODO this must be changed with a new option |
424
|
|
|
if ($eap != \core\common\EAP::EAPTYPE_SILVERBULLET) { |
425
|
|
|
$fcontents .= '!define TLS_CERT_STRING "certyfikaty.umk.pl" |
426
|
|
|
'; |
427
|
|
|
} |
428
|
|
|
$fcontents .= '!define TLS_FILE_NAME "cert*.p12" |
429
|
|
|
!endif |
430
|
|
|
'; |
431
|
|
|
|
432
|
|
View Code Duplication |
if (isset($this->attributes['media:wired'][0]) && $attr['media:wired'][0] == 'on') { |
|
|
|
|
433
|
|
|
$fcontents .= '!define WIRED |
434
|
|
|
'; |
435
|
|
|
} |
436
|
|
|
|
437
|
|
|
$fileHandle = fopen('main.nsh', 'w'); |
438
|
|
|
fwrite($fileHandle, $fcontents); |
439
|
|
|
fclose($fileHandle); |
440
|
|
|
} |
441
|
|
|
|
442
|
|
View Code Duplication |
private function writeProfilesNSH($wlanProfiles, $caArray, $wired = 0) { |
|
|
|
|
443
|
|
|
$this->loggerInstance->debug(4, "writeProfilesNSH"); |
444
|
|
|
$this->loggerInstance->debug(4, $wlanProfiles); |
445
|
|
|
$fcontentsProfile = ''; |
446
|
|
|
foreach ($wlanProfiles as $wlanProfile) { |
447
|
|
|
$fcontentsProfile .= "!insertmacro define_wlan_profile $wlanProfile\n"; |
448
|
|
|
} |
449
|
|
|
|
450
|
|
|
$fileHandleProfiles = fopen('profiles.nsh', 'w'); |
451
|
|
|
fwrite($fileHandleProfiles, $fcontentsProfile); |
452
|
|
|
fclose($fileHandleProfiles); |
453
|
|
|
|
454
|
|
|
$fcontentsCerts = ''; |
455
|
|
|
$fileHandleCerts = fopen('certs.nsh', 'w'); |
456
|
|
|
if ($caArray) { |
457
|
|
|
foreach ($caArray as $certAuthority) { |
458
|
|
|
$store = $certAuthority['root'] ? "root" : "ca"; |
459
|
|
|
$fcontentsCerts .= '!insertmacro install_ca_cert "' . $certAuthority['file'] . '" "' . $certAuthority['sha1'] . '" "' . $store . "\"\n"; |
460
|
|
|
} |
461
|
|
|
fwrite($fileHandleCerts, $fcontentsCerts); |
462
|
|
|
} |
463
|
|
|
fclose($fileHandleCerts); |
464
|
|
|
} |
465
|
|
|
|
466
|
|
|
//private function write |
467
|
|
|
|
468
|
|
|
private function copyFiles($eap) { |
469
|
|
|
$this->loggerInstance->debug(4, "copyFiles start\n"); |
470
|
|
|
$this->copyBasicFiles(); |
471
|
|
View Code Duplication |
switch ($eap["OUTER"]) { |
|
|
|
|
472
|
|
|
case \core\common\EAP::PWD: |
473
|
|
|
$this->copyPwdFiles(); |
474
|
|
|
break; |
475
|
|
|
default: |
476
|
|
|
if (!$this->translateFile('eap_w8.inc', 'cat.NSI', $this->codePage)) { |
477
|
|
|
throw new Exception("Translating needed file eap_w8.inc failed!"); |
478
|
|
|
} |
479
|
|
|
} |
480
|
|
|
$this->loggerInstance->debug(4, "copyFiles end\n"); |
481
|
|
|
return TRUE; |
482
|
|
|
} |
483
|
|
|
|
484
|
|
|
private $tlsOtherUsername = 0; |
485
|
|
|
|
486
|
|
|
} |
487
|
|
|
|
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check:
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.