From 178ef826f7402abf73070319a99dbd281ef9421c Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Mon, 26 Aug 2024 19:56:10 +0200
Subject: [PATCH] ipsec: fix off-by-section in ipsec migration

PR: https://forum.opnsense.org/index.php?topic=42407.0
---
 plist                                         |  1 +
 .../mvc/app/models/OPNsense/IPsec/IPsec.xml   |  2 +-
 .../OPNsense/IPsec/Migrations/M1_0_2.php      |  6 +--
 .../OPNsense/IPsec/Migrations/M1_0_3.php      | 54 +++++++++++++++++++
 4 files changed, 57 insertions(+), 6 deletions(-)
 create mode 100644 src/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_3.php

diff --git a/plist b/plist
index ec13e0832..6d96947c7 100644
--- a/plist
+++ b/plist
@@ -721,6 +721,7 @@
 /usr/local/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_0.php
 /usr/local/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_1.php
 /usr/local/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_2.php
+/usr/local/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_3.php
 /usr/local/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.php
 /usr/local/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.xml
 /usr/local/opnsense/mvc/app/models/OPNsense/Interfaces/ACL/ACL.xml
diff --git a/src/opnsense/mvc/app/models/OPNsense/IPsec/IPsec.xml b/src/opnsense/mvc/app/models/OPNsense/IPsec/IPsec.xml
index 2c051bb67..727f70cb5 100644
--- a/src/opnsense/mvc/app/models/OPNsense/IPsec/IPsec.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/IPsec/IPsec.xml
@@ -1,6 +1,6 @@
 <model>
     <mount>//OPNsense/IPsec</mount>
-    <version>1.0.2</version>
+    <version>1.0.3</version>
     <description>OPNsense IPsec</description>
     <items>
         <general>
diff --git a/src/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_2.php b/src/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_2.php
index 868dbc167..984e8f0a8 100644
--- a/src/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_2.php
+++ b/src/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_2.php
@@ -35,7 +35,7 @@ use OPNsense\IPsec\IPsec;
 class M1_0_2 extends BaseModelMigration
 {
     /**
-     * Migrate pre-shared-keys from both IPsec legacy and user administration
+     * Migrate pre-shared-keys from advanced settings legacy page stored under "ipsec" section
      */
     public function run($model)
     {
@@ -68,10 +68,6 @@ class M1_0_2 extends BaseModelMigration
             $model->general->passthrough_networks = (string)$cnf->ipsec->passthrough_networks;
             unset($cnf->ipsec->passthrough_networks);
         }
-        if (isset($cnf->ipsec->disablevpnrules) && !empty((string)$cnf->ipsec->disablevpnrules)) {
-            $model->general->disablevpnrules = "1";
-            unset($cnf->ipsec->disablevpnrules);
-        }
         if (isset($cnf->ipsec->preferred_oldsa) && !empty((string)$cnf->ipsec->preferred_oldsa)) {
             $model->general->preferred_oldsa = "1";
             unset($cnf->ipsec->preferred_oldsa);
diff --git a/src/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_3.php b/src/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_3.php
new file mode 100644
index 000000000..e386e0c40
--- /dev/null
+++ b/src/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_3.php
@@ -0,0 +1,54 @@
+<?php
+
+/*
+ * Copyright (C) 2024 Deciso B.V.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OPNsense\IPsec\Migrations;
+
+use OPNsense\Base\BaseModelMigration;
+use OPNsense\Core\Config;
+use OPNsense\IPsec\IPsec;
+
+class M1_0_3 extends BaseModelMigration
+{
+    /**
+     * Migrate the previously missing advanced setting that was stored under "system" section
+     */
+    public function run($model)
+    {
+        if (!$model instanceof IPsec) {
+            return;
+        }
+        $cnf = Config::getInstance()->object();
+        if (!isset($cnf->system)) {
+            return;
+        }
+        if (isset($cnf->system->disablevpnrules) && !empty((string)$cnf->system->disablevpnrules)) {
+            $model->general->disablevpnrules = '1';
+            unset($cnf->system->disablevpnrules);
+        }
+    }
+}