mirror of
https://github.com/webmin/webmin.git
synced 2025-07-23 00:30:33 +00:00
205 lines
4.8 KiB
Perl
Executable File
205 lines
4.8 KiB
Perl
Executable File
#!/usr/local/bin/perl
|
|
# save.cgi
|
|
# Save, create or delete an ipsec connection
|
|
|
|
require './ipsec-lib.pl';
|
|
&ReadParse();
|
|
if ($in{'export'}) {
|
|
# Just redirect to export form
|
|
&redirect("export_form.cgi?idx=$in{'idx'}");
|
|
exit;
|
|
}
|
|
@conf = &get_config();
|
|
if ($in{'new'}) {
|
|
$conn = { 'name' => 'conn',
|
|
'values' => { } };
|
|
$conn->{'value'} = '%default' if ($in{'new'} == 2);
|
|
}
|
|
else {
|
|
$conn = $conf[$in{'idx'}];
|
|
}
|
|
&error_setup($text{'save_err'});
|
|
|
|
$file = $conn->{'file'} || $config{'file'};
|
|
&lock_file($file);
|
|
if ($in{'delete'}) {
|
|
# Just remove this connection
|
|
&delete_conn($conn);
|
|
}
|
|
else {
|
|
# Validate and store general inputs
|
|
if ($conn->{'value'} ne '%default') {
|
|
$in{'name'} =~ /^\S+$/ || &error($text{'save_ename'});
|
|
$conn->{'value'} = $in{'name'};
|
|
}
|
|
if ($in{'auto'}) {
|
|
$conn->{'values'}->{'auto'} = $in{'auto'};
|
|
}
|
|
else {
|
|
delete($conn->{'values'}->{'auto'});
|
|
}
|
|
if ($in{'comp'}) {
|
|
$conn->{'values'}->{'compress'} = $in{'comp'};
|
|
}
|
|
else {
|
|
delete($conn->{'values'}->{'compress'});
|
|
}
|
|
if ($in{'pfs'}) {
|
|
$conn->{'values'}->{'pfs'} = $in{'pfs'};
|
|
}
|
|
else {
|
|
delete($conn->{'values'}->{'pfs'});
|
|
}
|
|
if ($in{'type'}) {
|
|
$conn->{'values'}->{'type'} = $in{'type'};
|
|
}
|
|
else {
|
|
delete($conn->{'values'}->{'type'});
|
|
}
|
|
if ($in{'authby'}) {
|
|
$conn->{'values'}->{'authby'} = $in{'authby'};
|
|
}
|
|
else {
|
|
delete($conn->{'values'}->{'authby'});
|
|
}
|
|
if ($in{'keying_def'}) {
|
|
delete($conn->{'values'}->{'keyingtries'});
|
|
}
|
|
else {
|
|
$in{'keying'} =~ /^\d+$/ || &error($text{'save_ekeying'});
|
|
$conn->{'values'}->{'keyingtries'} = $in{'keying'};
|
|
}
|
|
if ($in{'auth'}) {
|
|
$conn->{'values'}->{'auth'} = $in{'auth'};
|
|
}
|
|
else {
|
|
delete($conn->{'values'}->{'auth'});
|
|
}
|
|
|
|
if ($in{'esp'}) {
|
|
$conn->{'values'}->{'esp'} = $in{'esp'}.$in{'esp_only'};
|
|
}
|
|
else {
|
|
delete($conn->{'values'}->{'esp'});
|
|
}
|
|
|
|
if ($in{'keylife_def'}) {
|
|
delete($conn->{'values'}->{'keylife'});
|
|
}
|
|
else {
|
|
$in{'keylife'} =~ /^[0-9\.]+$/ ||
|
|
&error($text{'save_ekeylife'});
|
|
$conn->{'values'}->{'keylife'} =
|
|
$in{'keylife'}.$in{'keylife_units'};
|
|
}
|
|
|
|
if ($in{'ikelifetime_def'}) {
|
|
delete($conn->{'values'}->{'ikelifetime'});
|
|
}
|
|
else {
|
|
$in{'ikelifetime'} =~ /^[0-9\.]+$/ ||
|
|
&error($text{'save_eikelifetime'});
|
|
$conn->{'values'}->{'ikelifetime'} =
|
|
$in{'ikelifetime'}.$in{'ikelifetime_units'};
|
|
}
|
|
|
|
# Validate and store left/right inputs
|
|
foreach $d ('left', 'right') {
|
|
# left/right
|
|
if ($in{"${d}_mode"} == -1) {
|
|
delete($conn->{'values'}->{$d});
|
|
}
|
|
elsif ($in{"${d}_mode"} == 0) {
|
|
$conn->{'values'}->{$d} = '%defaultroute';
|
|
}
|
|
elsif ($in{"${d}_mode"} == 1) {
|
|
$conn->{'values'}->{$d} = '%any';
|
|
}
|
|
elsif ($in{"${d}_mode"} == 2) {
|
|
$conn->{'values'}->{$d} = '%opportunistic';
|
|
}
|
|
else {
|
|
&to_ipaddress($in{$d}) || &error($text{"save_e${d}"});
|
|
$conn->{'values'}->{$d} = $in{$d};
|
|
}
|
|
|
|
# leftid/rightid
|
|
if ($in{"${d}_id_mode"} == 0) {
|
|
delete($conn->{'values'}->{"${d}id"});
|
|
}
|
|
elsif ($in{"${d}_id_mode"} == 1) {
|
|
&check_ipaddress($in{"${d}_id"}) ||
|
|
&error($text{"save_e${d}id1"});
|
|
$conn->{'values'}->{"${d}id"} = $in{"${d}_id"};
|
|
}
|
|
else {
|
|
$in{"${d}_id"} =~ /^[a-z0-9\.\-]+$/i ||
|
|
&error($text{"save_e${d}id2"});
|
|
$conn->{'values'}->{"${d}id"} = "@".$in{"${d}_id"};
|
|
}
|
|
|
|
# leftsubnet/rightsubnet
|
|
if ($in{"${d}_subnet_def"}) {
|
|
delete($conn->{'values'}->{"${d}subnet"});
|
|
}
|
|
else {
|
|
$in{"${d}_subnet"} =~ /^(\S+)\/(\d+)$/ &&
|
|
&check_ipaddress("$1") && $2 <= 32 ||
|
|
&error($text{"save_e${d}subnet"});
|
|
$conn->{'values'}->{"${d}subnet"} = $in{"${d}_subnet"};
|
|
}
|
|
|
|
# leftrsasigkey/rightrsasigkey
|
|
if ($in{"${d}_key_mode"} == 0) {
|
|
delete($conn->{'values'}->{"${d}rsasigkey"});
|
|
}
|
|
elsif ($in{"${d}_key_mode"} == 1) {
|
|
$conn->{'values'}->{"${d}rsasigkey"} = '%dns';
|
|
}
|
|
else {
|
|
$in{"${d}_key"} =~ s/\s//g;
|
|
$in{"${d}_key"} || &error($text{"save_e${d}key"});
|
|
$conn->{'values'}->{"${d}rsasigkey"} = $in{"${d}_key"};
|
|
}
|
|
|
|
# leftnexthop/rightnexthop
|
|
if ($in{"${d}_hop_mode"} == 0) {
|
|
delete($conn->{'values'}->{"${d}nexthop"});
|
|
}
|
|
elsif ($in{"${d}_hop_mode"} == 1) {
|
|
$conn->{'values'}->{"${d}nexthop"} = '%direct';
|
|
}
|
|
elsif ($in{"${d}_hop_mode"} == 3) {
|
|
$conn->{'values'}->{"${d}nexthop"} = '%defaultroute';
|
|
}
|
|
else {
|
|
&check_ipaddress($in{"${d}_hop"}) ||
|
|
&error($text{"save_e${d}hop"});
|
|
$conn->{'values'}->{"${d}nexthop"} = $in{"${d}_hop"};
|
|
}
|
|
|
|
# leftcert/rightcert
|
|
if ($in{"${d}_cert_def"}) {
|
|
delete($conn->{'values'}->{"${d}cert"});
|
|
}
|
|
else {
|
|
$in{"${d}_cert"} =~ /^(\S+)$/ ||
|
|
&error($text{"save_e${d}cert"});
|
|
$conn->{'values'}->{"${d}cert"} = $in{"${d}_cert"};
|
|
}
|
|
}
|
|
|
|
# Update or add
|
|
if ($in{'new'}) {
|
|
&create_conn($conn);
|
|
}
|
|
else {
|
|
&modify_conn($conn);
|
|
}
|
|
}
|
|
&unlock_file($file);
|
|
&webmin_log($in{'new'} ? "create" : $in{'delete'} ? "delete" : "modify",
|
|
"conn", $conn->{'value'}, $conn->{'values'});
|
|
&redirect("");
|
|
|