Viewing file:  save.cgi (4.8 KB) -rwxr-xr-x
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
#!/usr/bin/perl
# save.cgi
# Save, create or delete an ipsec connection
require './ipsec-lib.pl';
&ReadParse();
if ($in{'export'}) {
# Just redirect to export form
&redirect("export_form.cgi?idx=$in{'idx'}");
exit;
}
@conf = &get_config();
if ($in{'new'}) {
$conn = { 'name' => 'conn',
'values' => { } };
$conn->{'value'} = '%default' if ($in{'new'} == 2);
}
else {
$conn = $conf[$in{'idx'}];
}
&error_setup($text{'save_err'});
$file = $conn->{'file'} || $config{'file'};
&lock_file($file);
if ($in{'delete'}) {
# Just remove this connection
&delete_conn($conn);
}
else {
# Validate and store general inputs
if ($conn->{'value'} ne '%default') {
$in{'name'} =~ /^\S+$/ || &error($text{'save_ename'});
$conn->{'value'} = $in{'name'};
}
if ($in{'auto'}) {
$conn->{'values'}->{'auto'} = $in{'auto'};
}
else {
delete($conn->{'values'}->{'auto'});
}
if ($in{'comp'}) {
$conn->{'values'}->{'compress'} = $in{'comp'};
}
else {
delete($conn->{'values'}->{'compress'});
}
if ($in{'pfs'}) {
$conn->{'values'}->{'pfs'} = $in{'pfs'};
}
else {
delete($conn->{'values'}->{'pfs'});
}
if ($in{'type'}) {
$conn->{'values'}->{'type'} = $in{'type'};
}
else {
delete($conn->{'values'}->{'type'});
}
if ($in{'authby'}) {
$conn->{'values'}->{'authby'} = $in{'authby'};
}
else {
delete($conn->{'values'}->{'authby'});
}
if ($in{'keying_def'}) {
delete($conn->{'values'}->{'keyingtries'});
}
else {
$in{'keying'} =~ /^\d+$/ || &error($text{'save_ekeying'});
$conn->{'values'}->{'keyingtries'} = $in{'keying'};
}
if ($in{'auth'}) {
$conn->{'values'}->{'auth'} = $in{'auth'};
}
else {
delete($conn->{'values'}->{'auth'});
}
if ($in{'esp'}) {
$conn->{'values'}->{'esp'} = $in{'esp'}.$in{'esp_only'};
}
else {
delete($conn->{'values'}->{'esp'});
}
if ($in{'keylife_def'}) {
delete($conn->{'values'}->{'keylife'});
}
else {
$in{'keylife'} =~ /^[0-9\.]+$/ ||
&error($text{'save_ekeylife'});
$conn->{'values'}->{'keylife'} =
$in{'keylife'}.$in{'keylife_units'};
}
if ($in{'ikelifetime_def'}) {
delete($conn->{'values'}->{'ikelifetime'});
}
else {
$in{'ikelifetime'} =~ /^[0-9\.]+$/ ||
&error($text{'save_eikelifetime'});
$conn->{'values'}->{'ikelifetime'} =
$in{'ikelifetime'}.$in{'ikelifetime_units'};
}
# Validate and store left/right inputs
foreach $d ('left', 'right') {
# left/right
if ($in{"${d}_mode"} == -1) {
delete($conn->{'values'}->{$d});
}
elsif ($in{"${d}_mode"} == 0) {
$conn->{'values'}->{$d} = '%defaultroute';
}
elsif ($in{"${d}_mode"} == 1) {
$conn->{'values'}->{$d} = '%any';
}
elsif ($in{"${d}_mode"} == 2) {
$conn->{'values'}->{$d} = '%opportunistic';
}
else {
&to_ipaddress($in{$d}) || &error($text{"save_e${d}"});
$conn->{'values'}->{$d} = $in{$d};
}
# leftid/rightid
if ($in{"${d}_id_mode"} == 0) {
delete($conn->{'values'}->{"${d}id"});
}
elsif ($in{"${d}_id_mode"} == 1) {
&check_ipaddress($in{"${d}_id"}) ||
&error($text{"save_e${d}id1"});
$conn->{'values'}->{"${d}id"} = $in{"${d}_id"};
}
else {
$in{"${d}_id"} =~ /^[a-z0-9\.\-]+$/i ||
&error($text{"save_e${d}id2"});
$conn->{'values'}->{"${d}id"} = "@".$in{"${d}_id"};
}
# leftsubnet/rightsubnet
if ($in{"${d}_subnet_def"}) {
delete($conn->{'values'}->{"${d}subnet"});
}
else {
$in{"${d}_subnet"} =~ /^(\S+)\/(\d+)$/ &&
&check_ipaddress("$1") && $2 <= 32 ||
&error($text{"save_e${d}subnet"});
$conn->{'values'}->{"${d}subnet"} = $in{"${d}_subnet"};
}
# leftrsasigkey/rightrsasigkey
if ($in{"${d}_key_mode"} == 0) {
delete($conn->{'values'}->{"${d}rsasigkey"});
}
elsif ($in{"${d}_key_mode"} == 1) {
$conn->{'values'}->{"${d}rsasigkey"} = '%dns';
}
else {
$in{"${d}_key"} =~ s/\s//g;
$in{"${d}_key"} || &error($text{"save_e${d}key"});
$conn->{'values'}->{"${d}rsasigkey"} = $in{"${d}_key"};
}
# leftnexthop/rightnexthop
if ($in{"${d}_hop_mode"} == 0) {
delete($conn->{'values'}->{"${d}nexthop"});
}
elsif ($in{"${d}_hop_mode"} == 1) {
$conn->{'values'}->{"${d}nexthop"} = '%direct';
}
elsif ($in{"${d}_hop_mode"} == 3) {
$conn->{'values'}->{"${d}nexthop"} = '%defaultroute';
}
else {
&check_ipaddress($in{"${d}_hop"}) ||
&error($text{"save_e${d}hop"});
$conn->{'values'}->{"${d}nexthop"} = $in{"${d}_hop"};
}
# leftcert/rightcert
if ($in{"${d}_cert_def"}) {
delete($conn->{'values'}->{"${d}cert"});
}
else {
$in{"${d}_cert"} =~ /^(\S+)$/ ||
&error($text{"save_e${d}cert"});
$conn->{'values'}->{"${d}cert"} = $in{"${d}_cert"};
}
}
# Update or add
if ($in{'new'}) {
&create_conn($conn);
}
else {
&modify_conn($conn);
}
}
&unlock_file($file);
&webmin_log($in{'new'} ? "create" : $in{'delete'} ? "delete" : "modify",
"conn", $conn->{'value'}, $conn->{'values'});
&redirect("");
|