[1/3] vpnmain.cgi: Fix for bug13029 - add base64 encoding to IPSec cgi page
Commit Message
- This adds the base64 encoded PSK into the config file and when the ipsec.secrets file
is created the PSK is base64 decoded to write it to the file. The ipsec.secrets file
surrounds the PSK with single quotation marks so that character is not allowed to be
used in the PSK but anything else can be.
- Tested out on my vm system and shown to be working. New PSK with various characters
characters including commas was base64 encoded before putting into the config file
and therefore was accepted by the code. If a single quotation mark was used in the
PSK then the error message about invalid characters was shown.
Fixes: Bug13029
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
html/cgi-bin/vpnmain.cgi | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
mode change 100644 => 100755 html/cgi-bin/vpnmain.cgi
old mode 100644
new mode 100755
@@ -481,7 +481,8 @@ sub writeipsecfiles {
if ($lconfighash{$key}[4] eq 'psk') {
$psk_line = ($lconfighash{$key}[7] ? $lconfighash{$key}[7] : $localside) . " " ;
$psk_line .= $lconfighash{$key}[9] ? $lconfighash{$key}[9] : $lconfighash{$key}[10]; #remoteid or remote address?
- $psk_line .= " : PSK '$lconfighash{$key}[5]'\n";
+ my $decoded_psk = MIME::Base64::decode_base64($lconfighash{$key}[5]);
+ $psk_line .= " : PSK '$decoded_psk'\n";
# if the line contains %any, it is less specific than two IP or ID, so move it at end of file.
if ($psk_line =~ /%any/) {
$last_secrets .= $psk_line;
@@ -2260,7 +2261,7 @@ END
$confighash{$key}[3] = $cgiparams{'TYPE'};
if ($cgiparams{'AUTH'} eq 'psk') {
$confighash{$key}[4] = 'psk';
- $confighash{$key}[5] = $cgiparams{'PSK'};
+ $confighash{$key}[5] = MIME::Base64::encode_base64($cgiparams{'PSK'}, "");
} else {
$confighash{$key}[4] = 'cert';
}