diff options
| -rw-r--r-- | etc/inc/ipsec.inc | 10 | ||||
| -rw-r--r-- | usr/local/www/vpn_ipsec_keys.php | 132 | ||||
| -rw-r--r-- | usr/local/www/vpn_ipsec_keys_edit.php | 143 |
3 files changed, 285 insertions, 0 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index d80f1c2..0dd0fe0 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -453,4 +453,14 @@ function ipsec_dump_sad() return $sad; } +function ipsec_mobilekey_sort() { + global $config; + + function mobilekeycmp($a, $b) { + return strcmp($a['ident'][0], $b['ident'][0]); + } + + usort($config['ipsec']['mobilekey'], "mobilekeycmp"); +} + ?> diff --git a/usr/local/www/vpn_ipsec_keys.php b/usr/local/www/vpn_ipsec_keys.php new file mode 100644 index 0000000..2436430 --- /dev/null +++ b/usr/local/www/vpn_ipsec_keys.php @@ -0,0 +1,132 @@ +<?php +/* + vpn_ipsec_keys.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +##|+PRIV +##|*IDENT=page-vpn-ipsec-listkeys +##|*NAME=VPN: IPsec: Pre-Shared Keys List +##|*DESCR=Allow access to the 'VPN: IPsec: Pre-Shared Keys List' page. +##|*MATCH=vpn_ipsec_keys.php* +##|-PRIV + +require("functions.inc"); +require("guiconfig.inc"); +require_once("ipsec.inc"); +require_once("vpn.inc"); + +if (!is_array($config['ipsec']['mobilekey'])) { + $config['ipsec']['mobilekey'] = array(); +} +ipsec_mobilekey_sort(); +$a_secret = &$config['ipsec']['mobilekey']; + +if ($_GET['act'] == "del") { + if ($a_secret[$_GET['id']]) { + unset($a_secret[$_GET['id']]); + write_config("Deleted IPsec Pre-Shared Key"); + mark_subsystem_dirty('ipsec'); + header("Location: vpn_ipsec_keys.php"); + exit; + } +} + +$pgtitle = "VPN: IPsec: Keys"; +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<form action="vpn_ipsec.php" method="post"> +<?php +if ($savemsg) + print_info_box($savemsg); +if (is_subsystem_dirty('ipsec')) + print_info_box_np("The IPsec tunnel configuration has been changed.<br>You must apply the changes in order for them to take effect."); + +?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php + $tab_array = array(); + $tab_array[0] = array("Tunnels", false, "vpn_ipsec.php"); + $tab_array[1] = array("Mobile clients", false, "vpn_ipsec_mobile.php"); + $tab_array[2] = array("Pre-shared keys", true, "vpn_ipsec_keys.php"); + $tab_array[3] = array("CAs", false, "vpn_ipsec_ca.php"); + display_top_tabs($tab_array); +?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr">Identifier</td> + <td class="listhdr">Pre-shared key</td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="20" heigth="17"></td> + <td><a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add key" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + <?php $i = 0; foreach ($a_secret as $secretent): ?> + <tr> + <td class="listlr"> + <?=htmlspecialchars($secretent['ident']);?> + </td> + <td class="listr"> + <?=htmlspecialchars($secretent['pre-shared-key']);?> + </td> + <td class="list" nowrap> <a href="vpn_ipsec_keys_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit key" width="17" height="17" border="0"></a> + <a href="vpn_ipsec_keys.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this pre-shared key?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete key" width="17" height="17" border="0"></a></td> + </tr> + <?php $i++; endforeach; ?> + <tr> + <td class="list" colspan="2"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="20" heigth="17"></td> + <td><a href="vpn_ipsec_keys_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add key" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php new file mode 100644 index 0000000..512b718 --- /dev/null +++ b/usr/local/www/vpn_ipsec_keys_edit.php @@ -0,0 +1,143 @@ +<?php +/* + vpn_ipsec_keys_edit.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +##|+PRIV +##|*IDENT=page-vpn-ipsec-editkeys +##|*NAME=VPN: IPsec: Edit Pre-Shared Keys +##|*DESCR=Allow access to the 'VPN: IPsec: Edit Pre-Shared Keys' page. +##|*MATCH=vpn_ipsec_keys_edit.php* +##|-PRIV + +require("functions.inc"); +require("guiconfig.inc"); +require_once("ipsec.inc"); +require_once("vpn.inc"); + +if (!is_array($config['ipsec']['mobilekey'])) { + $config['ipsec']['mobilekey'] = array(); +} +ipsec_mobilekey_sort(); +$a_secret = &$config['ipsec']['mobilekey']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_secret[$id]) { + $pconfig['ident'] = $a_secret[$id]['ident']; + $pconfig['psk'] = $a_secret[$id]['pre-shared-key']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "ident psk"); + $reqdfieldsn = explode(",", "Identifier,Pre-shared key"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident'])) + $input_errors[] = "The identifier contains invalid characters."; + + if (!$input_errors && !(isset($id) && $a_secret[$id])) { + /* make sure there are no dupes */ + foreach ($a_secret as $secretent) { + if ($secretent['ident'] == $_POST['ident']) { + $input_errors[] = "Another entry with the same identifier already exists."; + break; + } + } + } + + if (!$input_errors) { + + if (isset($id) && $a_secret[$id]) + $secretent = $a_secret[$id]; + + $secretent['ident'] = $_POST['ident']; + $secretent['pre-shared-key'] = $_POST['psk']; + $text = ""; + + if (isset($id) && $a_secret[$id]) { + $a_secret[$id] = $secretent; + $text = "Edited"; + } else { + $a_secret[] = $secretent; + $text = "Added"; + } + + write_config("{$text} IPsec Pre-Shared Keys"); + mark_subsystem_dirty('ipsec'); + + header("Location: vpn_ipsec_keys.php"); + exit; + } +} + +$pgtitle = "VPN: IPsec: Edit pre-shared key"; +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php if ($input_errors) print_input_errors($input_errors); ?> + <form action="vpn_ipsec_keys_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td valign="top" class="vncellreq">Identifier</td> + <td class="vtable"> + <?=$mandfldhtml;?><input name="ident" type="text" class="formfld" id="ident" size="30" value="<?=$pconfig['ident'];?>"> + <br> +This can be either an IP address, fully qualified domain name or an e-mail address. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Pre-shared key</td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="psk" type="text" class="formfld" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>"> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <?php if (isset($id) && $a_secret[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> + </table> +</form> +<?php include("fend.inc"); ?> |
