diff options
author | Evgeny Yurchenko <ey@tm-k.com> | 2011-06-01 18:28:15 -0400 |
---|---|---|
committer | Evgeny Yurchenko <ey@tm-k.com> | 2011-06-01 18:28:15 -0400 |
commit | 3da5c50d5c2285b439a56ab4fcd6f9dbe94f5c4e (patch) | |
tree | cfca16c8621f63482800c5693f3a66faa2a5d7fc /usr | |
parent | 538b6eb353ce568627513e681483329ecb0d1ec8 (diff) | |
download | pfsense-3da5c50d5c2285b439a56ab4fcd6f9dbe94f5c4e.zip pfsense-3da5c50d5c2285b439a56ab4fcd6f9dbe94f5c4e.tar.gz |
Bug #1560.IPsec GUI needs to reject duplicate subnets in phase 2s for a given phase 1 (improvement of previous patch)
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 73 |
1 files changed, 24 insertions, 49 deletions
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index c0ddf0e..6985b2b 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -140,33 +140,21 @@ if ($_POST) { break; } } - /* Validate enabled phase2's are not duplicates */ if (isset($pconfig['mobile'])){ /* User is adding phase 2 for mobile phase1 */ foreach($a_phase2 as $name){ if (isset($name['mobile'])){ /* check duplicate localids only for mobile clents */ - if ($name['localid']['type'] == $pconfig['localid_type']){ - /* Types match, check further */ - switch($pconfig['localid_type']){ - case "none": - case "lan": - case "wan": - $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); - break; - case "address": - if ($name['localid']['address'] == $pconfig['localid_address']) - $input_errors[] = gettext("Phase2 with this Local Address is already defined for mobile clients."); - break; - case "network": - if ($name['localid']['address'] == $pconfig['localid_address'] && - $name['localid']['netbits'] == $pconfig['localid_netbits']) - $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); - break; - } - if (count($input_errors) > 0) - break; /* there is an error, stop checking other phase2 definitions */ + $localid_data = ipsec_idinfo_to_cidr($name['localid']); + $entered = array(); + $entered['type'] = $pconfig['localid_type']; + if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address']; + if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits']; + $entered_localid_data = ipsec_idinfo_to_cidr($entered); + if ($localid_data == $entered_localid_data){ + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; } } } @@ -176,34 +164,21 @@ if ($_POST) { foreach($a_phase2 as $name){ if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){ /* check duplicate subnets only for given phase1 */ - if ($name['localid']['type'] == $pconfig['localid_type'] && - $name['remoteid']['type'] == $pconfig['remoteid_type']){ - /* Types match, check further */ - $configured_remote_string = $name['remoteid']['address'] . $name['remoteid']['netbits']; - $eneterd_remote_string = $pconfig['remoteid_address'] . $pconfig['remoteid_netbits']; - switch($pconfig['localid_type']){ - case "none": - case "lan": - case "wan": - if ($configured_remote_string == $eneterd_remote_string) - $input_error = 1; - break; - case "address": - if ($name['localid']['address'] == $pconfig['localid_address'] && - $configured_remote_string == $eneterd_remote_string) - $input_error = 1; - break; - case "network": - if ($name['localid']['address'] == $pconfig['localid_address'] && - $name['localid']['netbits'] == $pconfig['localid_netbits'] && - $configured_remote_string == $eneterd_remote_string) - $input_error = 1; - break; - } - if ($input_error){ - $input_errors[] = gettext("Phase2 with this Local/Remote Networks combination is already defined for this Phase1."); - break; /* there is an error, stop checking other phase2 definitions */ - } + $localid_data = ipsec_idinfo_to_cidr($name['localid']); + $remoteid_data = ipsec_idinfo_to_cidr($name['remoteid']); + $entered_local = array(); + $entered_local['type'] = $pconfig['localid_type']; + if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address']; + if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits']; + $entered_localid_data = ipsec_idinfo_to_cidr($entered_local); + $entered_remote = array(); + $entered_remote['type'] = $pconfig['remoteid_type']; + if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address']; + if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits']; + $entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote); + if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) { + $input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1."); + break; } } } |