config: sample file has had garbage for aliases and ipsec since forever :(

92dbe83e · Franco Fichtner · ba57a3be · 92dbe83e · 92dbe83e · 92dbe83e
Commit 92dbe83e authored Aug 26, 2015 by Franco Fichtner
19 changed files
--- a/src/etc/config.xml.sample
+++ b/src/etc/config.xml.sample
@@ -530,83 +530,6 @@
 		</rule>
 		-->
 	</filter>
-	<ipsec>
-		<!-- <enable/> -->
-		<!-- syntax:
-		<tunnel>
-			<disabled/>
-			<auto/>
-			<descr></descr>
-			<interface>lan|wan|opt[n]</interface>
-			<local-subnet>
-				<address>xxx.xxx.xxx.xxx(/xx)</address>
-				*or*
-				<network>lan|opt[n]</network>
-			</local-subnet>
-			<remote-subnet>xxx.xxx.xxx.xxx/xx</remote-subnet>
-			<remote-gateway></remote-gateway>
-			<p1>
-				<mode></mode>
-				<myident>
-					<myaddress/>
-					*or*
-					<address>xxx.xxx.xxx.xxx</address>
-					*or*
-					<fqdn>the.fq.dn</fqdn>
-				</myident>
-				<encryption-algorithm></encryption-algorithm>
-				<hash-algorithm></hash-algorithm>
-				<dhgroup></dhgroup>
-				<lifetime></lifetime>
-				<pre-shared-key></pre-shared-key>
-			</p1>
-			<p2>
-				<protocol></protocol>
-				<encryption-algorithm-option></encryption-algorithm-option>
-				<hash-algorithm-option></hash-algorithm-option>
-				<pfsgroup></pfsgroup>
-				<lifetime></lifetime>
-			</p2>
-		</tunnel>
-		<mobileclients>
-			<enable/>
-			<p1>
-				<mode></mode>
-				<myident>
-					<myaddress/>
-					*or*
-					<address>xxx.xxx.xxx.xxx</address>
-					*or*
-					<fqdn>the.fq.dn</fqdn>
-				</myident>
-				<encryption-algorithm></encryption-algorithm>
-				<hash-algorithm></hash-algorithm>
-				<dhgroup></dhgroup>
-				<lifetime></lifetime>
-			</p1>
-			<p2>
-				<protocol></protocol>
-				<encryption-algorithm-option></encryption-algorithm-option>
-				<hash-algorithm-option></hash-algorithm-option>
-				<pfsgroup></pfsgroup>
-				<lifetime></lifetime>
-			</p2>
-		</mobileclients>
-		<mobilekey>
-			<ident></ident>
-			<pre-shared-key></pre-shared-key>
-		</mobilekey>
-		-->
-	</ipsec>
-	<aliases>
-		<!--
-		<alias>
-			<name></name>
-			<address>xxx.xxx.xxx.xxx(/xx)</address>
-			<descr></descr>
-		</alias>
-		-->
-	</aliases>
 	<proxyarp>
 		<!--
 		<proxyarpnet>

--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -709,7 +709,7 @@ function filter_get_vpns_list() {

 	/* ipsec */
 	if (isset($config['ipsec']['enable'])) {
-		if (is_array($config['ipsec']['phase2'])) {
+		if (isset($config['ipsec']['phase2'])) {
 			foreach ($config['ipsec']['phase2'] as $ph2ent) {
 				if ((!$ph2ent['mobile']) && ($ph2ent['mode'] != 'transport')) {
 					if (!is_array($ph2ent['remoteid']))
@@ -1648,8 +1648,8 @@ function filter_nat_rules_generate() {
 	}

 	/* ipsec nat */
-	if (is_array($config['ipsec']) && isset($config['ipsec']['enable'])) {
-		if (is_array($config['ipsec']['phase2'])) {
+	if (isset($config['ipsec']) && is_array($config['ipsec']) && isset($config['ipsec']['enable'])) {
+		if (isset($config['ipsec']['phase2'])) {
 			foreach ($config['ipsec']['phase2'] as $ph2ent) {
 				if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid'])) {
 					if (!is_array($ph2ent['localid']))

--- a/src/etc/inc/ipsec.inc
+++ b/src/etc/inc/ipsec.inc
@@ -205,15 +205,19 @@ function ipsec_idinfo_to_text(& $idinfo) {
 /*
 * Return phase1 association for phase2
 */
-function ipsec_lookup_phase1(& $ph2ent,& $ph1ent) {
+function ipsec_lookup_phase1(&$ph2ent, &$ph1ent)
+{
 	global $config;

-	if (!is_array($config['ipsec']))
+	if (!isset($config['ipsec']) || !is_array($config['ipsec'])) {
 		return false;
-	if (!is_array($config['ipsec']['phase1']))
+	}
+	if (!is_array($config['ipsec']['phase1'])) {
 		return false;
-	if (empty($config['ipsec']['phase1']))
+	}
+	if (empty($config['ipsec']['phase1'])) {
 		return false;
+	}

 	foreach ($config['ipsec']['phase1'] as $ph1tmp) {
 	    if ($ph1tmp['ikeid'] == $ph2ent['ikeid']) {

--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -362,8 +362,9 @@ function system_hosts_generate()
 				$lhosts .= "{$host['ip']}	{$host['host']}.{$host['domain']} {$host['host']}\n";
 			else
 				$lhosts .= "{$host['ip']}	{$host['domain']}\n";
-			if (!is_array($host['aliases']) || !is_array($host['aliases']['item']))
+			if (!isset($host['aliases']) || !is_array($host['aliases']) || !is_array($host['aliases']['item'])) {
 				continue;
+			}
 			foreach ($host['aliases']['item'] as $alias) {
 				if ($alias['host'])
 					$lhosts .= "{$host['ip']}	{$alias['host']}.{$alias['domain']} {$alias['host']}\n";

--- a/src/etc/inc/upgrade_config.inc
+++ b/src/etc/inc/upgrade_config.inc
@@ -3328,15 +3328,18 @@ function upgrade_108_to_109() {
 	}
 }

-function upgrade_109_to_110() {
+function upgrade_109_to_110()
+{
 	global $config;

-	if (!is_array($config['ipsec']) || !is_array($config['ipsec']['phase2']))
+	if (!isset($config['ipsec']['phase2'])) {
 		return;
+	}

 	foreach ($config['ipsec']['phase2'] as &$rule) {
-		if (!empty($rule['uniqid']))
+		if (!empty($rule['uniqid'])) {
 			continue;
+		}

 		$rule['uniqid'] = uniqid();
 	}

--- a/src/etc/rc.filter_synchronize
+++ b/src/etc/rc.filter_synchronize
@@ -159,7 +159,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
 				unset ($config_copy['filter']['rule'][$x]);
 		}
 	}
-	if (is_array($config_copy['aliases']) && is_array($config_copy['aliases']['alias'])) {
+	if (isset($config_copy['aliases']) && is_array($config_copy['aliases']) && is_array($config_copy['aliases']['alias'])) {
 		$aliascnt = count($config_copy['aliases']['alias']);
 		for ($x = 0; $x < $aliascnt; $x++) {
 			$config_copy['aliases']['alias'][$x]['descr'] = remove_special_characters($config_copy['aliases']['alias'][$x]['descr']);
@@ -175,7 +175,7 @@ function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsens
 				unset ($config_copy['dnsmasq']['hosts'][$x]);
 		}
 	}
-	if (is_array($config_copy['ipsec']) && is_array($config_copy['ipsec']['tunnel'])) {
+	if (isset($config_copy['ipsec']) && is_array($config_copy['ipsec']) && is_array($config_copy['ipsec']['tunnel'])) {
 		$ipseccnt = count($config_copy['ipsec']['tunnel']);
 		for ($x = 0; $x < $ipseccnt; $x++) {
 			$config_copy['ipsec']['tunnel'][$x]['descr'] = remove_special_characters($config_copy['ipsec']['tunnel'][$x]['descr']);
@@ -285,8 +285,9 @@ if (is_array($config['hasync'])) {
 		$sections[] = 'nat';
 	}
 	if (isset($hasync['synchronizealiases'])) {
-		if (!is_array($config['aliases']))
+		if (!isset($config['aliases']) || !is_array($config['aliases'])) {
 			$config['aliases'] = array();
+		}
 		$sections[] = 'aliases';
 	}
 	if (isset($hasync['synchronizedhcpd']) && is_array($config['dhcpd']))
@@ -317,8 +318,9 @@ if (is_array($config['hasync'])) {
 		$sections[] = 'load_balancer';
 	}
 	if (isset($hasync['synchronizeipsec'])) {
-		if (!is_array($config['ipsec']))
+		if (!isset($config['ipsec']) || !is_array($config['ipsec'])) {
 			$config['ipsec'] = array();
+		}
 		$sections[] = 'ipsec';
 	}
 	if (isset($hasync['synchronizeopenvpn'])) {

--- a/src/www/diag_ipsec.php
+++ b/src/www/diag_ipsec.php
@@ -50,11 +50,11 @@ function ipsec_fixup_network($network) {
 	return $result;
 }

-if (!is_array($config['ipsec'])) {
+if (!isset($config['ipsec']) || !is_array($config['ipsec'])) {
    $config['ipsec'] = array();
 }

-if (!is_array($config['ipsec']['phase1'])) {
+if (!isset($config['ipsec']['phase1'])) {
    $config['ipsec']['phase1'] = array();
 }


--- a/src/www/diag_logs_filter.php
+++ b/src/www/diag_logs_filter.php
@@ -129,16 +129,22 @@ function easyrule_block_rule_create($int = 'wan', $ipproto = "inet") {
 	return true;
 }

-function easyrule_block_alias_getid($int = 'wan') {
+function easyrule_block_alias_getid($int = 'wan')
+{
 	global $config;
+
 	$blockaliasname = 'EasyRuleBlockHosts';
-	if (!is_array($config['aliases']))
+
+	if (!isset($config['aliases']) || !is_array($config['aliases'])) {
 		return false;
+	}

 	/* Hunt down an alias with the name we want, return its id */
-	foreach ($config['aliases']['alias'] as $aliasid => $alias)
-		if ($alias['name'] == $blockaliasname . strtoupper($int))
+	foreach ($config['aliases']['alias'] as $aliasid => $alias) {
+		if ($alias['name'] == $blockaliasname . strtoupper($int)) {
 			return $aliasid;
+		}
+	}

 	return false;
 }
@@ -152,10 +158,10 @@ function easyrule_block_alias_add($host, $int = 'wan') {
 		return false;

 	/* If there are no aliases, start an array */
-	if (!is_array($config['aliases'])) {
+	if (!isset($config['aliases']) || !is_array($config['aliases'])) {
 		$config['aliases'] = array();
 	}
-	if (!is_array($config['aliases']['alias'])) {
+	if (!isset($config['aliases']['alias'])) {
 		$config['aliases']['alias'] = array();
 	}
 	$a_aliases = &$config['aliases']['alias'];

--- a/src/www/firewall_aliases.php
+++ b/src/www/firewall_aliases.php
@@ -31,7 +31,7 @@
 require_once("guiconfig.inc");
 require_once("filter.inc");

-if (!isset($config['aliases'])) {
+if (!isset($config['aliases']) || !is_array($config['aliases'])) {
        $config['aliases'] = array();
 }
 if (!isset($config['aliases']['alias'])) {

--- a/src/www/firewall_aliases_edit.php
+++ b/src/www/firewall_aliases_edit.php
@@ -66,10 +66,10 @@ if (is_array($config['load_balancer']['lbpool']))
 $reserved_ifs = get_configured_interface_list(false, true);
 $reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names);

-if (!is_array($config['aliases'])) {
+if (!isset($config['aliases']) || !is_array($config['aliases'])) {
        $config['aliases'] = array();
 }
-if (!is_array($config['aliases']['alias'])) {
+if (!isset($config['aliases']['alias'])) {
 	$config['aliases']['alias'] = array();
 }
 $a_aliases = &$config['aliases']['alias'];

--- a/src/www/firewall_aliases_import.php
+++ b/src/www/firewall_aliases_import.php
@@ -44,10 +44,10 @@ if (is_array($config['load_balancer']['lbpool']))
 $reserved_ifs = get_configured_interface_list(false, true);
 $reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names);

-if (!is_array($config['aliases'])) {
+if (!isset($config['aliases']) || !is_array($config['aliases'])) {
        $config['aliases'] = array();
 }
-if (!is_array($config['aliases']['alias'])) {
+if (!isset($config['aliases']['alias'])) {
 	$config['aliases']['alias'] = array();
 }
 $a_aliases = &$config['aliases']['alias'];

--- a/src/www/firewall_nat_out_edit.php
+++ b/src/www/firewall_nat_out_edit.php
@@ -41,10 +41,10 @@ if (!is_array($config['nat']['outbound']['rule'])) {

 $a_out = &$config['nat']['outbound']['rule'];

-if (!is_array($config['aliases'])) {
+if (isset($config['aliases']) || !is_array($config['aliases'])) {
 	$config['aliases'] = array();
 }
-if (!is_array($config['aliases']['alias'])) {
+if (!isset($config['aliases']['alias'])) {
 	$config['aliases']['alias'] = array();
 }
 $a_aliases = &$config['aliases']['alias'];

--- a/src/www/vpn_ipsec.php
+++ b/src/www/vpn_ipsec.php
@@ -33,7 +33,7 @@ require_once("services.inc");
 require_once("pfsense-utils.inc");
 require_once("interfaces.inc");

-if (!isset($config['ipsec'])) {
+if (!isset($config['ipsec']) || !is_array($config['ipsec'])) {
    $config['ipsec'] = array();
 }
 if (!isset($config['ipsec']['phase1'])) {

--- a/src/www/vpn_ipsec_keys.php
+++ b/src/www/vpn_ipsec_keys.php
@@ -33,7 +33,7 @@ require_once("services.inc");
 require_once("pfsense-utils.inc");
 require_once("interfaces.inc");

-if (!is_array($config['ipsec'])) {
+if (!isset($config['ipsec']) || !is_array($config['ipsec'])) {
        $config['ipsec'] = array();
 }


--- a/src/www/vpn_ipsec_keys_edit.php
+++ b/src/www/vpn_ipsec_keys_edit.php
 <?php
+
 /*
 	Copyright (C) 2014-2015 Deciso B.V.
 	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
@@ -31,14 +32,14 @@ require_once("guiconfig.inc");
 require_once("vpn.inc");
 require_once("services.inc");

-if (!isset($config['ipsec'])) {
+if (!isset($config['ipsec']) || !is_array($config['ipsec'])) {
        $config['ipsec'] = array();
 }

 if (!isset($config['ipsec']['mobilekey'])) {
    $config['ipsec']['mobilekey'] = array();
 } else {
-  ipsec_mobilekey_sort();
+    ipsec_mobilekey_sort();
 }

 if ($_SERVER['REQUEST_METHOD'] === 'GET') {

--- a/src/www/vpn_ipsec_mobile.php
+++ b/src/www/vpn_ipsec_mobile.php
@@ -34,7 +34,7 @@ require_once("vpn.inc");
 require_once("services.inc");
 require_once("pfsense-utils.inc");

-if (!isset($config['ipsec'])) {
+if (!isset($config['ipsec']) || !is_array($config['ipsec'])) {
    $config['ipsec'] = array();
 }


--- a/src/www/vpn_ipsec_phase1.php
+++ b/src/www/vpn_ipsec_phase1.php
@@ -59,7 +59,7 @@ function ipsec_ikeid_next() {
 }


-if (!isset($config['ipsec'])) {
+if (!isset($config['ipsec']) || !is_array($config['ipsec'])) {
    $config['ipsec'] = array();
 }


--- a/src/www/vpn_ipsec_phase2.php
+++ b/src/www/vpn_ipsec_phase2.php
@@ -133,20 +133,18 @@ function getIndexByUniqueId($uniqid) {
 	return $p2index;
 }

-
-if (!is_array($config['ipsec'])) {
-		$config['ipsec'] = array();
+if (!isset($config['ipsec']) || !is_array($config['ipsec'])) {
+    $config['ipsec'] = array();
 }

-if (!is_array($config['ipsec']['client'])) {
+if (!isset($config['ipsec']['client'])) {
    $config['ipsec']['client'] = array();
 }

-if (!is_array($config['ipsec']['phase2'])) {
+if (!isset($config['ipsec']['phase2'])) {
    $config['ipsec']['phase2'] = array();
 }

-
 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
 	// lookup p2index
 	if (!empty($_GET['dup'])) {

--- a/src/www/vpn_ipsec_settings.php
+++ b/src/www/vpn_ipsec_settings.php
 <?php
+
 /*
 	Copyright (C) 2014-2015 Deciso B.V.
 	Copyright (C) 2014 Electric Sheep Fencing, LLC
@@ -33,7 +34,7 @@ require_once("services.inc");
 require_once("pfsense-utils.inc");
 require_once("interfaces.inc");

-if (!isset($config['ipsec'])) {
+if (!isset($config['ipsec']) || !is_array($config['ipsec'])) {
        $config['ipsec'] = array();
 }

@@ -65,7 +66,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    } elseif (isset($config['ipsec']['preferoldsa'])) {
        unset($config['ipsec']['preferoldsa']);
    }
-    if (is_array($config['ipsec'])) {
+    if (isset($config['ipsec']) && is_array($config['ipsec'])) {
        foreach ($ipsec_loglevels as $lkey => $ldescr) {
            if (empty($_POST["ipsec_{$lkey}"])) {
                if (isset($config['ipsec']["ipsec_{$lkey}"])) {