[3/3] vpnmain.cgi: Add coding to differentiate old and base64 encoded PSK's
Commit Message
- An additional key was defined for a PSK being base64 encoded. All existing PSK's that
are not base64 encoded will have that key empty. This enables base64 encoded PSK's and
non base64 encoded PSK'sd to be differentiated.
- If the PSK connection is disabled and then enabled with a non base64 encoded PSK the PSK
will be left as it is. If the edit page is selected and Save pressed, even if nothing
has been modified, then the PSK will be converted to a base64 encoded PSK.
- The old style and new style PSK was tested out on my vm system and worked without any
issue.
- Using an old non base64 encoded PSK the IPSec connection worked without any problems.
If the PSK was tehn converted to basse64 encoding by saving from the Edit page without
changing anything, then the client IPSec connection was successfully made without any
indication of a change. The conversion from non base64 to base64 encoded PSK occurred
seamlessly without any hiccup.
Fixes: Bug13029
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
html/cgi-bin/vpnmain.cgi | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
@@ -94,6 +94,7 @@ $cgiparams{'LOCAL_ID'} = '';
$cgiparams{'REMOTE_ID'} = '';
$cgiparams{'REMARK'} = '';
$cgiparams{'PSK'} = '';
+$cgiparams{'BASE_64'} = '';
$cgiparams{'CERT_NAME'} = '';
$cgiparams{'CERT_EMAIL'} = '';
$cgiparams{'CERT_OU'} = '';
@@ -481,8 +482,12 @@ sub writeipsecfiles {
if ($lconfighash{$key}[4] eq 'psk') {
$psk_line = ($lconfighash{$key}[7] ? $lconfighash{$key}[7] : $localside) . " " ;
$psk_line .= $lconfighash{$key}[9] ? $lconfighash{$key}[9] : $lconfighash{$key}[10]; #remoteid or remote address?
- my $decoded_psk = MIME::Base64::decode_base64($lconfighash{$key}[5]);
- $psk_line .= " : PSK '$decoded_psk'\n";
+ if ($lconfighash{$key}[40] eq 'YES') {
+ my $decoded_psk = MIME::Base64::decode_base64($lconfighash{$key}[5]);
+ $psk_line .= " : PSK '$decoded_psk'\n";
+ } else {
+ $psk_line .= " : PSK '$lconfighash{$key}[5]'\n";
+ }
# if the line contains %any, it is less specific than two IP or ID, so move it at end of file.
if ($psk_line =~ /%any/) {
$last_secrets .= $psk_line;
@@ -1703,6 +1708,7 @@ END
$cgiparams{'INTERFACE_ADDRESS'} = $confighash{$cgiparams{'KEY'}}[37];
$cgiparams{'INTERFACE_MTU'} = $confighash{$cgiparams{'KEY'}}[38];
$cgiparams{'DNS_SERVERS'} = $confighash{$cgiparams{'KEY'}}[39];
+ $cgiparams{'BASE_64'} = $confighash{$cgiparams{'KEY'}}[40];
if (!$cgiparams{'DPD_DELAY'}) {
$cgiparams{'DPD_DELAY'} = 30;
@@ -1884,6 +1890,7 @@ END
}
if ($cgiparams{'AUTH'} eq 'psk') {
+ $cgiparams{'BASE_64'} = 'YES';
if (! length($cgiparams{'PSK'}) ) {
$errormessage = $Lang::tr{'pre-shared key is too short'};
goto VPNCONF_ERROR;
@@ -2261,7 +2268,13 @@ END
$confighash{$key}[3] = $cgiparams{'TYPE'};
if ($cgiparams{'AUTH'} eq 'psk') {
$confighash{$key}[4] = 'psk';
- $confighash{$key}[5] = MIME::Base64::encode_base64($cgiparams{'PSK'}, "");
+ if ($cgiparams{'BASE_64'} eq 'YES') {
+ $confighash{$key}[5] = MIME::Base64::encode_base64($cgiparams{'PSK'}, "");
+ $confighash{$key}[40] = 'YES';
+ } else {
+ $confighash{$key}[5] = $cgiparams{'PSK'};
+ $confighash{$key}[40] = '';
+ }
} else {
$confighash{$key}[4] = 'cert';
}