diff options
author | jim-p <jimp@pfsense.org> | 2010-10-11 13:34:20 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2010-10-11 13:34:20 -0400 |
commit | 996422349cb5f0d95be1d555cd413b75b322804f (patch) | |
tree | 05f77c352ff7a73026ba503758c5e00300121df0 | |
parent | d60f510a2c4ddc298e024b5b0d1a969f710c4249 (diff) | |
download | pfsense-996422349cb5f0d95be1d555cd413b75b322804f.zip pfsense-996422349cb5f0d95be1d555cd413b75b322804f.tar.gz |
Correct and cleanup this input validation logic for IPsec Phase 1 PSK/Cert config. In some cases the test was not being evaluated as expected.
-rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 7ac7383..7f7439d 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -138,13 +138,22 @@ if ($_POST) { /* input validation */ $method = $pconfig['authentication_method']; + // Only require PSK here for normal PSK tunnels (not mobile) or xauth. - if ((($method == "pre_shared_key") && (!$pconfig['mobile']))||($method == "xauth_psk_server")) { - $reqdfields = explode(" ", "pskey"); - $reqdfieldsn = array(gettext("Pre-Shared Key")); - } else { - $reqdfields = explode(" ", "caref certref"); - $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate")); + switch ($method) { + case "pre_shared_key": + if ($pconfig['mobile']) + break; + case "xauth_psk_server": + $reqdfields = explode(" ", "pskey"); + $reqdfieldsn = array(gettext("Pre-Shared Key")); + break; + case "hybrid_rsa_server": + case "xauth_rsa_server": + case "rsasig": + $reqdfields = explode(" ", "caref certref"); + $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate")); + break; } if (!$pconfig['mobile']) { $reqdfields[] = "remotegw"; |