From e1b0c27d101a403f8ba2baecce6349b4258ebdab Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Thu, 3 Sep 2015 19:12:14 +0000 Subject: [PATCH] (legacy) whitespace / style fixes vpn_ipsec_phase2.php --- src/www/vpn_ipsec_phase2.php | 1410 +++++++++++++++++----------------- 1 file changed, 706 insertions(+), 704 deletions(-) diff --git a/src/www/vpn_ipsec_phase2.php b/src/www/vpn_ipsec_phase2.php index 5a74467d8..d58b60482 100644 --- a/src/www/vpn_ipsec_phase2.php +++ b/src/www/vpn_ipsec_phase2.php @@ -1,30 +1,30 @@ . - All rights reserved. + Copyright (C) 2014 Deciso B.V. + Copyright (C) 2008 Shrew Soft Inc + Copyright (C) 2003-2005 Manuel Kasper . + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); @@ -120,17 +120,17 @@ function idinfo_to_pconfig($prefix, $idinfo, & $pconfig) * search phase 2 entries for record with uniqid */ function getIndexByUniqueId($uniqid) { - global $config; - $p2index = null; - if ($uniqid != null) { - foreach ($config['ipsec']['phase2'] as $idx => $ph2) { - if ($ph2['uniqid'] == $uniqid) { - $p2index = $idx; - break; - } - } - } - return $p2index; + global $config; + $p2index = null; + if ($uniqid != null) { + foreach ($config['ipsec']['phase2'] as $idx => $ph2) { + if ($ph2['uniqid'] == $uniqid) { + $p2index = $idx; + break; + } + } + } + return $p2index; } if (!isset($config['ipsec']) || !is_array($config['ipsec'])) { @@ -146,281 +146,283 @@ if (!isset($config['ipsec']['phase2'])) { } if ($_SERVER['REQUEST_METHOD'] === 'GET') { - // lookup p2index - if (!empty($_GET['dup'])) { - $p2index = getIndexByUniqueId($_GET['dup']); - } else if (!empty($_GET['p2index'])) { - $p2index = getIndexByUniqueId($_GET['p2index']); - } else { - $p2index = null; - } - // initialize form data - $pconfig = array(); + // lookup p2index + if (!empty($_GET['dup'])) { + $p2index = getIndexByUniqueId($_GET['dup']); + } else if (!empty($_GET['p2index'])) { + $p2index = getIndexByUniqueId($_GET['p2index']); + } else { + $p2index = null; + } + // initialize form data + $pconfig = array(); - $phase2_fields = "ikeid,mode,descr,uniqid,proto,hash-algorithm-option - ,pfsgroup,pfsgroup,lifetime,pinghost"; - if ($p2index !== null) { - // 1-on-1 copy - foreach (explode(",", $phase2_fields) as $fieldname) { - $fieldname = trim($fieldname); - if(isset($config['ipsec']['phase2'][$p2index][$fieldname])) { - $pconfig[$fieldname] = $config['ipsec']['phase2'][$p2index][$fieldname]; - } elseif (!isset($pconfig[$fieldname])) { - // initialize element - $pconfig[$fieldname] = null; - } - } - // fields with some kind of logic - $pconfig['disabled'] = isset($config['ipsec']['phase2'][$p2index]['disabled']); + $phase2_fields = "ikeid,mode,descr,uniqid,proto,hash-algorithm-option + ,pfsgroup,pfsgroup,lifetime,pinghost"; + if ($p2index !== null) { + // 1-on-1 copy + foreach (explode(",", $phase2_fields) as $fieldname) { + $fieldname = trim($fieldname); + if(isset($config['ipsec']['phase2'][$p2index][$fieldname])) { + $pconfig[$fieldname] = $config['ipsec']['phase2'][$p2index][$fieldname]; + } elseif (!isset($pconfig[$fieldname])) { + // initialize element + $pconfig[$fieldname] = null; + } + } + // fields with some kind of logic + $pconfig['disabled'] = isset($config['ipsec']['phase2'][$p2index]['disabled']); - if (!empty($config['ipsec']['phase2'][$p2index]['natlocalid'])) { - idinfo_to_pconfig("natlocal", $config['ipsec']['phase2'][$p2index]['natlocalid'], $pconfig); - } - idinfo_to_pconfig("local", $config['ipsec']['phase2'][$p2index]['localid'], $pconfig); - idinfo_to_pconfig("remote", $config['ipsec']['phase2'][$p2index]['remoteid'], $pconfig); - ealgos_to_pconfig($config['ipsec']['phase2'][$p2index]['encryption-algorithm-option'], $pconfig); - if (isset($config['ipsec']['phase2'][$p2index]['mobile'])) { - $pconfig['mobile'] = true; - } + if (!empty($config['ipsec']['phase2'][$p2index]['natlocalid'])) { + idinfo_to_pconfig("natlocal", $config['ipsec']['phase2'][$p2index]['natlocalid'], $pconfig); + } + idinfo_to_pconfig("local", $config['ipsec']['phase2'][$p2index]['localid'], $pconfig); + idinfo_to_pconfig("remote", $config['ipsec']['phase2'][$p2index]['remoteid'], $pconfig); + ealgos_to_pconfig($config['ipsec']['phase2'][$p2index]['encryption-algorithm-option'], $pconfig); + if (isset($config['ipsec']['phase2'][$p2index]['mobile'])) { + $pconfig['mobile'] = true; + } - if (!empty($_GET['dup'])) { - $pconfig['uniqid'] = uniqid(); - } - } else { - if (isset($_GET['ikeid'])) { - $pconfig['ikeid'] = $_GET['ikeid']; - } - /* defaults */ - $pconfig['localid_type'] = "lan"; - $pconfig['remoteid_type'] = "network"; - $pconfig['protocol'] = "esp"; - $pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes"); - $pconfig['hash-algorithm-option'] = explode(",", "hmac_sha1,hmac_md5"); - $pconfig['pfsgroup'] = "0"; - $pconfig['lifetime'] = "3600"; - $pconfig['uniqid'] = uniqid(); + if (!empty($_GET['dup'])) { + $pconfig['uniqid'] = uniqid(); + } + } else { + if (isset($_GET['ikeid'])) { + $pconfig['ikeid'] = $_GET['ikeid']; + } + /* defaults */ + $pconfig['localid_type'] = "lan"; + $pconfig['remoteid_type'] = "network"; + $pconfig['protocol'] = "esp"; + $pconfig['ealgos'] = explode(",", "3des,blowfish,cast128,aes"); + $pconfig['hash-algorithm-option'] = explode(",", "hmac_sha1,hmac_md5"); + $pconfig['pfsgroup'] = "0"; + $pconfig['lifetime'] = "3600"; + $pconfig['uniqid'] = uniqid(); - /* mobile client */ - if (isset($_GET['mobile'])) { - $pconfig['mobile']=true; - } - // init empty - foreach (explode(",", $phase2_fields) as $fieldname) { - $fieldname = trim($fieldname); - if (!isset($pconfig[$fieldname])) { - $pconfig[$fieldname] = null; - } - } - } + /* mobile client */ + if (isset($_GET['mobile'])) { + $pconfig['mobile']=true; + } + // init empty + foreach (explode(",", $phase2_fields) as $fieldname) { + $fieldname = trim($fieldname); + if (!isset($pconfig[$fieldname])) { + $pconfig[$fieldname] = null; + } + } + } } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { - if (!empty($_POST['uniqid'])) { - $p2index = getIndexByUniqueId($_POST['uniqid']); - } else { - $p2index = null; - } - $input_errors = array(); - $pconfig = $_POST; + if (!empty($_POST['uniqid'])) { + $p2index = getIndexByUniqueId($_POST['uniqid']); + } else { + $p2index = null; + } + $input_errors = array(); + $pconfig = $_POST; - /* input validation */ - if (!isset($_POST['ikeid'])) { - $input_errors[] = gettext("A valid ikeid must be specified."); - } - $reqdfields = explode(" ", "localid_type uniqid"); - $reqdfieldsn = array(gettext("Local network type"), gettext("Unique Identifier")); - if (!isset($pconfig['mobile'])) { - $reqdfields[] = "remoteid_type"; - $reqdfieldsn[] = gettext("Remote network type"); - } + /* input validation */ + if (!isset($_POST['ikeid'])) { + $input_errors[] = gettext("A valid ikeid must be specified."); + } + $reqdfields = explode(" ", "localid_type uniqid"); + $reqdfieldsn = array(gettext("Local network type"), gettext("Unique Identifier")); + if (!isset($pconfig['mobile'])) { + $reqdfields[] = "remoteid_type"; + $reqdfieldsn[] = gettext("Remote network type"); + } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - if (($pconfig['mode'] == "tunnel") || ($pconfig['mode'] == "tunnel6")) { - switch ($pconfig['localid_type']) { - case "network": - if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) || !is_numeric($pconfig['localid_netbits'])) { - $input_errors[] = gettext("A valid local network bit count must be specified."); - } - case "address": - if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address'])) { - $input_errors[] = gettext("A valid local network IP address must be specified."); - } elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel")) - $input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6"); - elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6")) - $input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4"); - break; - } - /* Check if the localid_type is an interface, to confirm if it has a valid subnet. */ - if (isset($config['interfaces'][$pconfig['localid_type']])) { - // Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201. - $address = get_interface_ip($pconfig['localid_type']); - $netbits = get_interface_subnet($pconfig['localid_type']); + if (($pconfig['mode'] == "tunnel") || ($pconfig['mode'] == "tunnel6")) { + switch ($pconfig['localid_type']) { + case "network": + if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) || !is_numeric($pconfig['localid_netbits'])) { + $input_errors[] = gettext("A valid local network bit count must be specified."); + } + case "address": + if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address'])) { + $input_errors[] = gettext("A valid local network IP address must be specified."); + } elseif (is_ipaddrv4($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel")) + $input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6"); + elseif (is_ipaddrv6($pconfig['localid_address']) && ($pconfig['mode'] != "tunnel6")) + $input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4"); + break; + } + /* Check if the localid_type is an interface, to confirm if it has a valid subnet. */ + if (isset($config['interfaces'][$pconfig['localid_type']])) { + // Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201. + $address = get_interface_ip($pconfig['localid_type']); + $netbits = get_interface_subnet($pconfig['localid_type']); - if (empty($address) || empty($netbits)) { - $input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet."); - } - } + if (empty($address) || empty($netbits)) { + $input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet."); + } + } - if (!empty($pconfig['natlocalid_address'])) { - switch ($pconfig['natlocalid_type']) { - case "network": - if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) || !is_numeric($pconfig['natlocalid_netbits'])) { - $input_errors[] = gettext("A valid NAT local network bit count must be specified."); - } - if ($pconfig['localid_type'] == "address") { - $input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source."); - } - case "address": - if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address'])) { - $input_errors[] = gettext("A valid NAT local network IP address must be specified."); - } elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel")) - $input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6"); - elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6")) - $input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4"); - break; - } - } + if (!empty($pconfig['natlocalid_address'])) { + switch ($pconfig['natlocalid_type']) { + case "network": + if (($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits']) || !is_numeric($pconfig['natlocalid_netbits'])) { + $input_errors[] = gettext("A valid NAT local network bit count must be specified."); + } + if ($pconfig['localid_type'] == "address") { + $input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source."); + } + case "address": + if (!empty($pconfig['natlocalid_address']) && !is_ipaddr($pconfig['natlocalid_address'])) { + $input_errors[] = gettext("A valid NAT local network IP address must be specified."); + } elseif (is_ipaddrv4($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel")) + $input_errors[] = gettext("A valid NAT local network IPv4 address must be specified or you need to change Mode to IPv6"); + elseif (is_ipaddrv6($pconfig['natlocalid_address']) && ($pconfig['mode'] != "tunnel6")) + $input_errors[] = gettext("A valid NAT local network IPv6 address must be specified or you need to change Mode to IPv4"); + break; + } + } - switch ($pconfig['remoteid_type']) { - case "network": - if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) || !is_numeric($pconfig['remoteid_netbits'])) { - $input_errors[] = gettext("A valid remote network bit count must be specified."); - } - case "address": - if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address'])) { - $input_errors[] = gettext("A valid remote network IP address must be specified."); - } elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel")) - $input_errors[] = gettext("A valid remote network IPv4 address must be specified or you need to change Mode to IPv6"); - elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6")) - $input_errors[] = gettext("A valid remote network IPv6 address must be specified or you need to change Mode to IPv4"); - break; - } - } - /* Validate enabled phase2's are not duplicates */ - if (isset($pconfig['mobile'])) { - /* User is adding phase 2 for mobile phase1 */ - foreach ($config['ipsec']['phase2'] as $key => $name) { - if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) { - /* check duplicate localids only for mobile clents */ - $localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']); - $entered = array(); - $entered['type'] = $pconfig['localid_type']; - if (isset($pconfig['localid_address'])) { - $entered['address'] = $pconfig['localid_address']; - } - if (isset($pconfig['localid_netbits'])) { - $entered['netbits'] = $pconfig['localid_netbits']; - } - $entered_localid_data = ipsec_idinfo_to_cidr($entered, false, $pconfig['mode']); - if ($localid_data == $entered_localid_data) { - /* adding new p2 entry */ - $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); - break; - } - } - } - } else { - /* User is adding phase 2 for site-to-site phase1 */ - foreach ($config['ipsec']['phase2'] as $key => $name) { - if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid'] && $pconfig['uniqid'] != $name['uniqid']) { - /* check duplicate subnets only for given phase1 */ - $localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']); - $remoteid_data = ipsec_idinfo_to_cidr($name['remoteid'], false, $name['mode']); - $entered_local = array(); - $entered_local['type'] = $pconfig['localid_type']; - if (isset($pconfig['localid_address'])) { - $entered_local['address'] = $pconfig['localid_address']; - } - if (isset($pconfig['localid_netbits'])) { - $entered_local['netbits'] = $pconfig['localid_netbits']; - } - $entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']); - $entered_remote = array(); - $entered_remote['type'] = $pconfig['remoteid_type']; - if (isset($pconfig['remoteid_address'])) { - $entered_remote['address'] = $pconfig['remoteid_address']; - } - if (isset($pconfig['remoteid_netbits'])) { - $entered_remote['netbits'] = $pconfig['remoteid_netbits']; - } - $entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']); - if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) { - /* adding new p2 entry */ - $input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1."); - break; - } - } - } - } + switch ($pconfig['remoteid_type']) { + case "network": + if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) || !is_numeric($pconfig['remoteid_netbits'])) { + $input_errors[] = gettext("A valid remote network bit count must be specified."); + } + break; + case "address": + if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address'])) { + $input_errors[] = gettext("A valid remote network IP address must be specified."); + } elseif (is_ipaddrv4($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel")) { + $input_errors[] = gettext("A valid remote network IPv4 address must be specified or you need to change Mode to IPv6"); + } elseif (is_ipaddrv6($pconfig['remoteid_address']) && ($pconfig['mode'] != "tunnel6")) { + $input_errors[] = gettext("A valid remote network IPv6 address must be specified or you need to change Mode to IPv4"); + } + break; + } + } + /* Validate enabled phase2's are not duplicates */ + if (isset($pconfig['mobile'])) { + /* User is adding phase 2 for mobile phase1 */ + foreach ($config['ipsec']['phase2'] as $key => $name) { + if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) { + /* check duplicate localids only for mobile clents */ + $localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']); + $entered = array(); + $entered['type'] = $pconfig['localid_type']; + if (isset($pconfig['localid_address'])) { + $entered['address'] = $pconfig['localid_address']; + } + if (isset($pconfig['localid_netbits'])) { + $entered['netbits'] = $pconfig['localid_netbits']; + } + $entered_localid_data = ipsec_idinfo_to_cidr($entered, false, $pconfig['mode']); + if ($localid_data == $entered_localid_data) { + /* adding new p2 entry */ + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + } + } + } + } else { + /* User is adding phase 2 for site-to-site phase1 */ + foreach ($config['ipsec']['phase2'] as $key => $name) { + if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid'] && $pconfig['uniqid'] != $name['uniqid']) { + /* check duplicate subnets only for given phase1 */ + $localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']); + $remoteid_data = ipsec_idinfo_to_cidr($name['remoteid'], false, $name['mode']); + $entered_local = array(); + $entered_local['type'] = $pconfig['localid_type']; + if (isset($pconfig['localid_address'])) { + $entered_local['address'] = $pconfig['localid_address']; + } + if (isset($pconfig['localid_netbits'])) { + $entered_local['netbits'] = $pconfig['localid_netbits']; + } + $entered_localid_data = ipsec_idinfo_to_cidr($entered_local, false, $pconfig['mode']); + $entered_remote = array(); + $entered_remote['type'] = $pconfig['remoteid_type']; + if (isset($pconfig['remoteid_address'])) { + $entered_remote['address'] = $pconfig['remoteid_address']; + } + if (isset($pconfig['remoteid_netbits'])) { + $entered_remote['netbits'] = $pconfig['remoteid_netbits']; + } + $entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']); + if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) { + /* adding new p2 entry */ + $input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1."); + break; + } + } + } + } - /* For ESP protocol, handle encryption algorithms */ - if ($pconfig['protocol'] == "esp") { - $ealgos = pconfig_to_ealgos($pconfig); + /* For ESP protocol, handle encryption algorithms */ + if ($pconfig['protocol'] == "esp") { + $ealgos = pconfig_to_ealgos($pconfig); - if (!count($ealgos)) { - $input_errors[] = gettext("At least one encryption algorithm must be selected."); - } else { - if (empty($pconfig['hash-algorithm-option'])) { - foreach ($ealgos as $ealgo) { - if (!strpos($ealgo['name'], "gcm")) { - $input_errors[] = gettext("At least one hashing algorithm needs to be selected."); - break; - } - } - } - } - } - if ((!empty($_POST['lifetime']) && !is_numeric($_POST['lifetime']))) { - $input_errors[] = gettext("The P2 lifetime must be an integer."); - } + if (!count($ealgos)) { + $input_errors[] = gettext("At least one encryption algorithm must be selected."); + } else { + if (empty($pconfig['hash-algorithm-option'])) { + foreach ($ealgos as $ealgo) { + if (!strpos($ealgo['name'], "gcm")) { + $input_errors[] = gettext("At least one hashing algorithm needs to be selected."); + break; + } + } + } + } + } + if ((!empty($_POST['lifetime']) && !is_numeric($_POST['lifetime']))) { + $input_errors[] = gettext("The P2 lifetime must be an integer."); + } - if (count($input_errors) == 0) { - $ph2ent = array(); - $copy_fields = "ikeid,uniqid,mode,pfsgroup,lifetime,pinghost,descr - ,protocol"; + if (count($input_errors) == 0) { + $ph2ent = array(); + $copy_fields = "ikeid,uniqid,mode,pfsgroup,lifetime,pinghost,descr + ,protocol"; - // 1-on-1 copy - foreach (explode(",",$copy_fields) as $fieldname) { - $fieldname = trim($fieldname); - if(!empty($pconfig[$fieldname])) { - $ph2ent[$fieldname] = $pconfig[$fieldname]; - } - } + // 1-on-1 copy + foreach (explode(",",$copy_fields) as $fieldname) { + $fieldname = trim($fieldname); + if(!empty($pconfig[$fieldname])) { + $ph2ent[$fieldname] = $pconfig[$fieldname]; + } + } - // fields with some logic in them - $ph2ent['disabled'] = $pconfig['disabled'] ? true : false; - if (($ph2ent['mode'] == "tunnel") || ($ph2ent['mode'] == "tunnel6")) { - if (!empty($pconfig['natlocalid_address'])) { - $ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal", $pconfig); - } - $ph2ent['localid'] = pconfig_to_idinfo("local", $pconfig); - $ph2ent['remoteid'] = pconfig_to_idinfo("remote", $pconfig); - } + // fields with some logic in them + $ph2ent['disabled'] = $pconfig['disabled'] ? true : false; + if (($ph2ent['mode'] == "tunnel") || ($ph2ent['mode'] == "tunnel6")) { + if (!empty($pconfig['natlocalid_address'])) { + $ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal", $pconfig); + } + $ph2ent['localid'] = pconfig_to_idinfo("local", $pconfig); + $ph2ent['remoteid'] = pconfig_to_idinfo("remote", $pconfig); + } - $ph2ent['encryption-algorithm-option'] = pconfig_to_ealgos($pconfig);; - if (!empty($pconfig['hash-algorithm-option'])) { - $ph2ent['hash-algorithm-option'] = $pconfig['hash-algorithm-option']; - } else { - unset($ph2ent['hash-algorithm-option']); - } + $ph2ent['encryption-algorithm-option'] = pconfig_to_ealgos($pconfig);; + if (!empty($pconfig['hash-algorithm-option'])) { + $ph2ent['hash-algorithm-option'] = $pconfig['hash-algorithm-option']; + } else { + unset($ph2ent['hash-algorithm-option']); + } - if (isset($pconfig['mobile'])) { - $ph2ent['mobile'] = true; - } + if (isset($pconfig['mobile'])) { + $ph2ent['mobile'] = true; + } - // save to config - if ($p2index !== null) { - $config['ipsec']['phase2'][$p2index] = $ph2ent; - } else { - $config['ipsec']['phase2'][] = $ph2ent; - } + // save to config + if ($p2index !== null) { + $config['ipsec']['phase2'][$p2index] = $ph2ent; + } else { + $config['ipsec']['phase2'][] = $ph2ent; + } - write_config(); - mark_subsystem_dirty('ipsec'); + write_config(); + mark_subsystem_dirty('ipsec'); - header("Location: vpn_ipsec.php"); - exit; - } + header("Location: vpn_ipsec.php"); + exit; + } } @@ -441,174 +443,174 @@ include("head.inc");