/usr/local/www/vpn_ipsec_mobile.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_ipsec_mobile.php @ 1d449e7c

-b237745
+<?php
 /*
 	vpn_ipsec_mobile.php
-bb8a0b
+            Sjon Hortensius
-a529
+	Copyright (C) 2008 Shrew Soft Inc
-            ce77a9c4
+	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
-b237745
+	All rights reserved.
-bb8a0b
+            Sjon Hortensius
-b237745
+	Redistribution and use in source and binary forms, with or without
 	modification, are permitted provided that the following conditions are met:
-bb8a0b
+            Sjon Hortensius
-b237745
+. Redistributions of source code must retain the above copyright notice,
 	   this list of conditions and the following disclaimer.
-bb8a0b
+            Sjon Hortensius
-b237745
+. Redistributions in binary form must reproduce the above copyright
 	   notice, this list of conditions and the following disclaimer in the
 	   documentation and/or other materials provided with the distribution.
-bb8a0b
+            Sjon Hortensius
-b237745
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
 	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
 	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
 	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
 */
-b07c15a
+##|+PRIV
 ##|*IDENT=page-vpn-ipsec-mobile
 ##|*NAME=VPN: IPsec: Mobile page
 ##|*DESCR=Allow access to the 'VPN: IPsec: Mobile' page.
 ##|*MATCH=vpn_ipsec_mobile.php*
 ##|-PRIV
-f84b741
+require("functions.inc");
-b237745
+require("guiconfig.inc");
-e6de8
+require_once("ipsec.inc");
 require_once("vpn.inc");
-            caaaf9ce
+require_once("filter.inc");
-b237745
+            Scott Ullrich
-a529
+if (!is_array($config['ipsec']['phase1']))
 	$config['ipsec']['phase1'] = array();
 $a_phase1 = &$config['ipsec']['phase1'];
 if (!is_array($config['ipsec']['client']))
 	$config['ipsec']['client'] = array();
 $a_client = &$config['ipsec']['client'];
 if (count($a_client)) {
 	$pconfig['enable'] = $a_client['enable'];
 	$pconfig['user_source'] = $a_client['user_source'];
 	$pconfig['group_source'] = $a_client['group_source'];
 	$pconfig['pool_address'] = $a_client['pool_address'];
 	$pconfig['pool_netbits'] = $a_client['pool_netbits'];
 	$pconfig['net_list'] = $a_client['net_list'];
-a1dd
+	$pconfig['save_passwd'] = $a_client['save_passwd'];
-a529
+	$pconfig['dns_domain'] = $a_client['dns_domain'];
-            d7402222
+	$pconfig['dns_split'] = $a_client['dns_split'];
-a529
+	$pconfig['dns_server1'] = $a_client['dns_server1'];
 	$pconfig['dns_server2'] = $a_client['dns_server2'];
 	$pconfig['dns_server3'] = $a_client['dns_server3'];
 	$pconfig['dns_server4'] = $a_client['dns_server4'];
 	$pconfig['wins_server1'] = $a_client['wins_server1'];
 	$pconfig['wins_server2'] = $a_client['wins_server2'];
 	$pconfig['pfs_group'] = $a_client['pfs_group'];
 	$pconfig['login_banner'] = $a_client['login_banner'];
 	if (isset($pconfig['enable']))
 		$pconfig['enable'] = true;
 	if ($pconfig['pool_address']&&$pconfig['pool_netbits'])
 		$pconfig['pool_enable'] = true;
 	else
 		$pconfig['pool_netbits'] = 24;
 	if (isset($pconfig['net_list']))
 		$pconfig['net_list_enable'] = true;
-a1dd
+	if (isset($pconfig['save_passwd']))
 		$pconfig['save_passwd_enable'] = true;
-a529
+	if ($pconfig['dns_domain'])
 		$pconfig['dns_domain_enable'] = true;
-            d7402222
+	if ($pconfig['dns_split'])
 		$pconfig['dns_split_enable'] = true;
-a529
+	if ($pconfig['dns_server1']||$pconfig['dns_server2']||$pconfig['dns_server3']||$pconfig['dns_server4'])
 		$pconfig['dns_server_enable'] = true;
 	if ($pconfig['wins_server1']||$pconfig['wins_server2'])
 		$pconfig['wins_server_enable'] = true;
 	if (isset($pconfig['pfs_group']))
 		$pconfig['pfs_group_enable'] = true;
 	if ($pconfig['login_banner'])
 		$pconfig['login_banner_enable'] = true;
-b237745
+            Scott Ullrich
-a529
+            Matthew Grooms
 if ($_POST['create']) {
 	header("Location: vpn_ipsec_phase1.php?mobile=true");
+}
 if ($_POST['apply']) {
 	$retval = 0;
-fce04
+	/* NOTE: #4353 Always restart ipsec when mobile clients settings change */
 	$retval = vpn_ipsec_configure(true);
-a529
+	$savemsg = get_std_save_message($retval);
-            d17c7b79
+	if ($retval >= 0)
-            a368a026
+		if (is_subsystem_dirty('ipsec'))
 			clear_subsystem_dirty('ipsec');
-b237745
+            Scott Ullrich
-            df7bc7cb
+if ($_POST['save']) {
-a529
+            Matthew Grooms
-b237745
+	unset($input_errors);
 	$pconfig = $_POST;
-a529
+	/* input consolidation */
-            df7bc7cb
+            Sander van Leeuwen
-a529
+            Matthew Grooms
 	/* input validation */
 	$reqdfields = explode(" ", "user_source group_source");
-            bfbd2610
+	$reqdfieldsn =  array(gettext("User Authentication Source"),gettext("Group Authentication Source"));
-a529
+            Matthew Grooms
-            df7bc7cb
+	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
-a529
+            Matthew Grooms
 	if ($pconfig['pool_enable'])
 		if (!is_ipaddr($pconfig['pool_address']))
-            bfbd2610
+			$input_errors[] = gettext("A valid IP address for 'Virtual Address Pool Network' must be specified.");
-a529
+            Matthew Grooms
 	if ($pconfig['dns_domain_enable'])
 		if (!is_domain($pconfig['dns_domain']))
-            bfbd2610
+			$input_errors[] = gettext("A valid value for 'DNS Default Domain' must be specified.");
-a529
+            Matthew Grooms
-            d7402222
+	if ($pconfig['dns_split_enable']) {
 		if (!empty($pconfig['dns_split'])) {
-            27781065
+			/* Replace multiple spaces by single */
 			$pconfig['dns_split'] = preg_replace('/\s+/', ' ', trim($pconfig['dns_split']));
-f3d4db0
+			$domain_array=explode(' ', $pconfig['dns_split']);
-            d7402222
+			foreach ($domain_array as $curdomain) {
 				if (!is_domain($curdomain)) {
 					$input_errors[] = gettext("A valid split DNS domain list must be specified.");
 					break;
+				}
+			}
+		}
+	}
-a529
+	if ($pconfig['dns_server_enable']) {
 		if (!$pconfig['dns_server1'] && !$pconfig['dns_server2'] &&
 			!$pconfig['dns_server3'] && !$pconfig['dns_server4'] )
-            bfbd2610
+			$input_errors[] = gettext("At least one DNS server must be specified to enable the DNS Server option.");
-a529
+		if ($pconfig['dns_server1'] && !is_ipaddr($pconfig['dns_server1']))
-            bfbd2610
+			$input_errors[] = gettext("A valid IP address for 'DNS Server #1' must be specified.");
-a529
+		if ($pconfig['dns_server2'] && !is_ipaddr($pconfig['dns_server2']))
-            bfbd2610
+			$input_errors[] = gettext("A valid IP address for 'DNS Server #2' must be specified.");
-a529
+		if ($pconfig['dns_server3'] && !is_ipaddr($pconfig['dns_server3']))
-            bfbd2610
+			$input_errors[] = gettext("A valid IP address for 'DNS Server #3' must be specified.");
-a529
+		if ($pconfig['dns_server4'] && !is_ipaddr($pconfig['dns_server4']))
-            bfbd2610
+			$input_errors[] = gettext("A valid IP address for 'DNS Server #4' must be specified.");
-b237745
+            Scott Ullrich
-a529
+            Matthew Grooms
 	if ($pconfig['wins_server_enable']) {
 		if (!$pconfig['wins_server1'] && !$pconfig['wins_server2'])
-            bfbd2610
+			$input_errors[] = gettext("At least one WINS server must be specified to enable the DNS Server option.");
-a529
+		if ($pconfig['wins_server1'] && !is_ipaddr($pconfig['wins_server1']))
-            bfbd2610
+			$input_errors[] = gettext("A valid IP address for 'WINS Server #1' must be specified.");
-a529
+		if ($pconfig['wins_server2'] && !is_ipaddr($pconfig['wins_server2']))
-            bfbd2610
+			$input_errors[] = gettext("A valid IP address for 'WINS Server #2' must be specified.");
-b237745
+            Scott Ullrich
-a529
+            Matthew Grooms
 	if ($pconfig['login_banner_enable'])
 		if (!strlen($pconfig['login_banner']))
-            bfbd2610
+			$input_errors[] = gettext("A valid value for 'Login Banner' must be specified.");
-b237745
+            Scott Ullrich
 	if (!$input_errors) {
-a529
+		$client = array();
-            df7bc7cb
+            Sander van Leeuwen
-a529
+		if ($pconfig['enable'])
 			$client['enable'] = true;
-c9f9fa
+		if (!empty($pconfig['user_source']))
 			$client['user_source'] = implode(",", $pconfig['user_source']);
-a529
+		$client['group_source'] = $pconfig['group_source'];
 		if ($pconfig['pool_enable']) {
 			$client['pool_address'] = $pconfig['pool_address'];
 			$client['pool_netbits'] = $pconfig['pool_netbits'];
-b237745
+            Scott Ullrich
-a529
+            Matthew Grooms
 		if ($pconfig['net_list_enable'])
 			$client['net_list'] = true;
-a1dd
+		if ($pconfig['save_passwd_enable'])
 			$client['save_passwd'] = true;
-a529
+		if ($pconfig['dns_domain_enable'])
 			$client['dns_domain'] = $pconfig['dns_domain'];
-            d7402222
+		if ($pconfig['dns_split_enable'])
 			$client['dns_split'] = $pconfig['dns_split'];
-a529
+		if ($pconfig['dns_server_enable']) {
 			$client['dns_server1'] = $pconfig['dns_server1'];
 			$client['dns_server2'] = $pconfig['dns_server2'];
 			$client['dns_server3'] = $pconfig['dns_server3'];
 			$client['dns_server4'] = $pconfig['dns_server4'];
+		}
 		if ($pconfig['wins_server_enable']) {
 			$client['wins_server1'] = $pconfig['wins_server1'];
 			$client['wins_server2'] = $pconfig['wins_server2'];
+		}
 		if ($pconfig['pfs_group_enable'])
 			$client['pfs_group'] = $pconfig['pfs_group'];
 		if ($pconfig['login_banner_enable'])
 			$client['login_banner'] = $pconfig['login_banner'];
 		$a_client = $client;
-            df7bc7cb
+            Sander van Leeuwen
-b237745
+		write_config();
-            a368a026
+		mark_subsystem_dirty('ipsec');
-            df7bc7cb
+            Sander van Leeuwen
-b237745
+		header("Location: vpn_ipsec_mobile.php");
 		exit;
+	}
+}
-f27c0
+            Scott Ullrich
-            bfbd2610
+$pgtitle = array(gettext("VPN"),gettext("IPsec"),gettext("Mobile"));
-            b32dd0a6
+$shortcut_section = "ipsec";
-deedfde
+            jim-p
-df96eff
+include("head.inc");
 ?>
-a529
+            Matthew Grooms
-            df7bc7cb
+	<script type="text/javascript">
 		//<![CDATA[
-a529
+            Matthew Grooms
-            df7bc7cb
+		function pool_change() {
-a529
+            Matthew Grooms
-            df7bc7cb
+			if (document.iform.pool_enable.checked) {
 				document.iform.pool_address.disabled = 0;
 				document.iform.pool_netbits.disabled = 0;
 			} else {
 				document.iform.pool_address.disabled = 1;
 				document.iform.pool_netbits.disabled = 1;
+			}
+		}
-a529
+            Matthew Grooms
-            df7bc7cb
+		function dns_domain_change() {
-a529
+            Matthew Grooms
-            df7bc7cb
+			if (document.iform.dns_domain_enable.checked)
 				document.iform.dns_domain.disabled = 0;
 			else
 				document.iform.dns_domain.disabled = 1;
+		}
-            d7402222
+            jim-p
-            df7bc7cb
+		function dns_split_change() {
-            d7402222
+            jim-p
-            df7bc7cb
+			if (document.iform.dns_split_enable.checked)
 				document.iform.dns_split.disabled = 0;
 			else
 				document.iform.dns_split.disabled = 1;
+		}
-a529
+            Matthew Grooms
-            df7bc7cb
+		function dns_server_change() {
 			if (document.iform.dns_server_enable.checked) {
 				document.iform.dns_server1.disabled = 0;
 				document.iform.dns_server2.disabled = 0;
 				document.iform.dns_server3.disabled = 0;
 				document.iform.dns_server4.disabled = 0;
 			} else {
 				document.iform.dns_server1.disabled = 1;
 				document.iform.dns_server2.disabled = 1;
 				document.iform.dns_server3.disabled = 1;
 				document.iform.dns_server4.disabled = 1;
+			}
+		}
-a529
+            Matthew Grooms
-            df7bc7cb
+		function wins_server_change() {
-a529
+            Matthew Grooms
-            df7bc7cb
+			if (document.iform.wins_server_enable.checked) {
 				document.iform.wins_server1.disabled = 0;
 				document.iform.wins_server2.disabled = 0;
 			} else {
 				document.iform.wins_server1.disabled = 1;
 				document.iform.wins_server2.disabled = 1;
+			}
+		}
-a529
+            Matthew Grooms
-            df7bc7cb
+		function pfs_group_change() {
-a529
+            Matthew Grooms
-            df7bc7cb
+			if (document.iform.pfs_group_enable.checked)
 				document.iform.pfs_group.disabled = 0;
 			else
 				document.iform.pfs_group.disabled = 1;
+		}
-a529
+            Matthew Grooms
-            df7bc7cb
+		function login_banner_change() {
-a529
+            Matthew Grooms
-            df7bc7cb
+			if (document.iform.login_banner_enable.checked)
 				document.iform.login_banner.disabled = 0;
 			else
 				document.iform.login_banner.disabled = 1;
+		}
-a529
+            Matthew Grooms
-            df7bc7cb
+		//]]>
 	</script>
-e0b480
+            Sander van Leeuwen
-d040b
+<?php
-            df7bc7cb
+if ($savemsg)
 	print_info_box($savemsg);
 if (isset($config['ipsec']['enable']) && is_subsystem_dirty('ipsec'))
 	print_info_box_np(gettext("The IPsec tunnel configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));
 foreach ($a_phase1 as $ph1ent)
 	if (isset($ph1ent['mobile']))
 		$ph1found = true;
 if ($pconfig['enable'] && !$ph1found)
 	print_info_box_np(gettext("Support for IPsec Mobile clients is enabled but a Phase1 definition was not found") . ".<br />" . gettext("Please click Create to define one."),gettext("create"),gettext("Create Phase1"));
 if ($input_errors)
 	print_input_errors($input_errors);
-a529
+            Matthew Grooms
-            df7bc7cb
+$tab_array = array();
 $tab_array[0] = array(gettext("Tunnels"), false, "vpn_ipsec.php");
 $tab_array[1] = array(gettext("Mobile clients"), true, "vpn_ipsec_mobile.php");
 $tab_array[2] = array(gettext("Pre-Shared Key"), false, "vpn_ipsec_keys.php");
 $tab_array[3] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php");
-cbea6
+display_top_tabs($tab_array);
-            df7bc7cb
+            Sander van Leeuwen
 require('classes/Form.class.php');
 $form = new Form;
 $section = new Form_Section('Enable IPsec Mobile Client Support');
 $section->addInput(new Form_Checkbox(
 	'enable',
 	'IKE Extensions',
 	'Enable IPsec Mobile Client Support',
 	$pconfig['enable']
 ));
 $form->add($section);
 $section = new Form_Section('Extended Authentication (Xauth)');
 $authServers = array();
 foreach (auth_get_authserver_list() as $authServer)
 	$authServers[$authServer['name']] = $authServer['name']; // Value == name
 $section->addInput(new Form_Select(
 	'user_source',
 	'User Authentication',
 	explode(",", $pconfig['user_source']),
 	$authServers,
 	true
 ))->setHelp('Source');
 $section->addInput(new Form_Select(
 	'group_source',
 	'Group Authentication',
 	$pconfig['group_source'],
 	array(
 		'none' => 'none',
 		'system' => 'system',
+	)
 ))->setHelp('Source');
 $form->add($section);
 $section = new Form_Section('Client Configuration (mode-cfg)');
 $section->addInput(new Form_Checkbox(
 	'pool_enable',
 	'Virtual Address Pool',
 	'Provide a virtual IP address to clients',
 	$pconfig['pool_enable']
-            1192840b
+))->toggles('.toggle-pool_enable');
-            df7bc7cb
+            Sander van Leeuwen
 // TODO: Refactor this manual setup
 $group = new Form_Group('');
 $group->addClass('toggle-pool_enable collapse');
 if (!empty($pconfig['pool_enable']))
 	$group->addClass('in');
 $group->add(new Form_Input(
 	'pool_address',
 	'Network',
 	'text',
 	htmlspecialchars($pconfig['pool_address'])
 ))->setWidth(4)->setHelp('Network configuration for Virtual Address Pool');
 $netBits = array();
 for ($i = 32; $i >= 0; $i--)
 	$netBits[$i] = $i;
 $group->add(new Form_Select(
 	'pool_netbits',
 	'',
 	$pconfig['pool_netbits'],
 	$netBits
 ))->setWidth(2);
 $section->add($group);
 $section->addInput(new Form_Checkbox(
 	'net_list_enable',
 	'Network List',
 	'Provide a list of accessible networks to clients',
 	$pconfig['net_list_enable']
 ));
 $section->addInput(new Form_Checkbox(
 	'save_passwd_enable',
 	'Save Xauth Password',
 	'Allow clients to save Xauth passwords (Cisco VPN client only).',
 	$pconfig['save_passwd_enable']
 ))->setHelp('NOTE: With iPhone clients, this does not work when deployed via the iPhone configuration utility, only by manual entry.');
 $section->addInput(new Form_Checkbox(
 	'dns_domain_enable',
 	'DNS Default Domain',
 	'Provide a default domain name to clients',
 	$pconfig['dns_domain_enable']
-            1192840b
+))->toggles('.toggle-dns_domain');
-            df7bc7cb
+            Sander van Leeuwen
 $group = new Form_Group('');
 $group->addClass('toggle-dns_domain collapse');
 if (!empty($pconfig['dns_domain_enable']))
 	$group->addClass('in');
 $group->add(new Form_Input(
 	'dns_domain',
 	'',
 	'text',
 	htmlspecialchars($pconfig['dns_domain'])
 ))->setHelp('Specify domain as DNS Default Domain');
 $section->add($group);
 $section->addInput(new Form_Checkbox(
 	'dns_split_enable',
 	'Split DNS',
-bb8a0b
+	'Provide a list of split DNS domain names to clients. Enter a space separated list.',
-            df7bc7cb
+	$pconfig['dns_split_enable']
-            1192840b
+))->toggles('.toggle-dns_split');
-            df7bc7cb
+            Sander van Leeuwen
 $group = new Form_Group('');
 $group->addClass('toggle-dns_split collapse');
 if (!empty($pconfig['dns_split_enable']))
 	$group->addClass('in');
 $group->add(new Form_Input(
 	'dns_split',
 	'',
 	'text',
 	htmlspecialchars($pconfig['dns_split'])
 ))->setHelp('NOTE: If left blank, and a default domain is set, it will be used for this value.');
 $section->add($group);
 $section->addInput(new Form_Checkbox(
 	'dns_server_enable',
 	'DNS Servers',
 	'Provide a DNS server list to clients',
 	$pconfig['dns_server_enable']
-            1192840b
+))->toggles('.toggle-dns_server_enable');
-            df7bc7cb
+            Sander van Leeuwen
 for ($i = 1; $i <= 4; $i++)
+{
 	$group = new Form_Group('Server #' . $i);
 	$group->addClass('toggle-dns_server_enable collapse');
 	if (!empty($pconfig['dns_server_enable']))
 		$group->addClass('in');
 	$group->add(new Form_Input(
 		'dns_server' . $i,
 		'Server #' . $i,
 		'text',
 		htmlspecialchars($pconfig['dns_server' . $i])
 	));
 	$section->add($group);
+}
-a529
+            Matthew Grooms
-            df7bc7cb
+$section->addInput(new Form_Checkbox(
 	'wins_server_enable',
 	'WINS Servers',
 	'Provide a WINS server list to clients',
 	$pconfig['wins_server_enable']
-            1192840b
+))->toggles('.toggle-wins_server_enable');
-            df7bc7cb
+            Sander van Leeuwen
 for ($i = 1; $i <= 2; $i++)
+{
 	$group = new Form_Group('Server #' . $i);
 	$group->addClass('toggle-wins_server_enable collapse');
 	if (!empty($pconfig['wins_server_enable']))
 		$group->addClass('in');
 	$group->add(new Form_Input(
 		'wins_server' . $i,
 		'Server #' . $i,
 		'text',
 		htmlspecialchars($pconfig['wins_server' . $i]),
 		array('size' => 20)
 	));
 	$section->add($group);
-a529
+            Matthew Grooms
-            df7bc7cb
+$section->addInput(new Form_Checkbox(
 	'pfs_group_enable',
 	'Phase2 PFS Group',
 	'Provide the Phase2 PFS group to clients ( overrides all mobile phase2 settings )',
 	$pconfig['pfs_group_enable']
-            1192840b
+))->toggles('.toggle-pfs_group');
-            df7bc7cb
+            Sander van Leeuwen
 $group = new Form_Group('Group');
 $group->addClass('toggle-pfs_group collapse');
 if (!empty($pconfig['pfs_group_enable']))
 	$group->addClass('in');
 $group->add(new Form_Select(
 	'pfs_group',
 	'Group',
 	$pconfig['pfs_group'],
 	$p2_pfskeygroups
 ))->setWidth(2);
 $section->add($group);
 $section->addInput(new Form_Checkbox(
 	'login_banner_enable',
 	'Login Banner',
 	'Provide a login banner to clients',
 	$pconfig['login_banner_enable']
-            1192840b
+))->toggles('.toggle-login_banner');
-            df7bc7cb
+            Sander van Leeuwen
 $group = new Form_Group('');
 $group->addClass('toggle-login_banner collapse');
 if (!empty($pconfig['login_banner_enable']))
 	$group->addClass('in');
 // TODO: should be a textarea
 $group->add(new Form_Input(
 	'login_banner',
 	'',
 	'text',
 	htmlspecialchars($pconfig['login_banner'])
 ));
 $section->add($group);
 $form->add($section);
 print $form;
 include("foot.inc");

Project

General

Profile

pfSense