ipsec: merge GUI refactors from master

ad97f9d2 · Franco Fichtner · 717ad906 · ad97f9d2 · ad97f9d2 · ad97f9d2
Commit ad97f9d2 authored Aug 19, 2015 by Franco Fichtner
12 changed files
--- a/src/etc/inc/ipsec.inc
+++ b/src/etc/inc/ipsec.inc
@@ -55,15 +55,6 @@ $p2_ealgos = array(
 	'cast128' => array( 'name' => 'CAST128' ),
 	'des' => array( 'name' => 'DES' ));
-$p1_halgos = array(
-	'md5' => 'MD5',
-	'sha1' => 'SHA1',
-	'sha256' => 'SHA256',
-	'sha384' => 'SHA384',
-	'sha512' => 'SHA512',
-	'aesxcbc' => 'AES-XCBC'
-);
 $p2_halgos = array(
 	'hmac_md5' => 'MD5',
 	'hmac_sha1' => 'SHA1',
@@ -268,6 +259,7 @@ function ipsec_smp_dump_status() {
 	@fwrite($fd, $query);
 	$response = "";
+	$sread = "";
 	while (!strstr($sread, "</message>")) {
 		$sread = fgets($fd);
 		$response .= $sread;
@@ -301,14 +293,14 @@ function ipsec_dump_spd()
 			if ($line == "No SPD entries.")
 				break;
 			if ($line[0] != "\t") {
-				if (is_array($cursp))
+				if (isset($cursp))
 					$spd[] = $cursp;
 				$cursp = array();
 				$linea = explode(" ", $line);
 				$cursp['srcid'] = substr($linea[0], 0, strpos($linea[0], "["));
 				$cursp['dstid'] = substr($linea[1], 0, strpos($linea[1], "["));
 				$i = 0;
-			} else if (is_array($cursp)) {
+			} else if (isset($cursp)) {
 				$linea = explode(" ", trim($line));
 				switch($i)
 				{
@@ -328,7 +320,7 @@ function ipsec_dump_spd()
 			}
 			$i++;
 		}
-		if (is_array($cursp) && count($cursp))
+		if (isset($cursp) && count($cursp))
 			$spd[] = $cursp;
 		pclose($fd);
 	}
@@ -443,16 +435,21 @@ function ipsec_get_number_of_phase2($ikeid) {
 function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
+	$id_data = null;
 	if ($side == "local") {
 		$id_type = $ph1ent['myid_type'];
-		$id_data = $ph1ent['myid_data'];
+		if (isset($ph1ent['myid_data'])) {
+			$id_data = $ph1ent['myid_data'];
+		}
 		$addr = ipsec_get_phase1_src($ph1ent);
 		if (!$addr)
 			return array();
 	} elseif ($side == "peer") {
 		$id_type = $ph1ent['peerid_type'];
-		$id_data = $ph1ent['peerid_data'];
+		if (isset($ph1ent['peerid_data'])) {
+			$id_data = $ph1ent['peerid_data'];
+		}
 		if (isset($ph1ent['mobile']))
 			$addr = "%any";

--- a/src/www/diag_ipsec.php
+++ b/src/www/diag_ipsec.php
--- a/src/www/diag_ipsec_leases.php
+++ b/src/www/diag_ipsec_leases.php
@@ -36,7 +36,7 @@ $pgtitle = array(gettext("Status"),gettext("IPsec"),gettext("Leases"));
 $shortcut_section = "ipsec";
 include("head.inc");
-$mobile = ipsec_dump_mobile();
+$mobile = array(); // TODO: temporary disabled ( https://github.com/opnsense/core/issues/139 )  ipsec_dump_mobile();
 ?>
 <body>

--- a/src/www/diag_ipsec_sad.php
+++ b/src/www/diag_ipsec_sad.php
@@ -38,73 +38,58 @@ $shortcut_section = "ipsec";
 include("head.inc");
 $sad = ipsec_dump_sad();
+legacy_html_escape_form_data($sad);
 ?>
 <body>
 <?php include("fbegin.inc"); ?>
 	<section class="page-content-main">
 		<div class="container-fluid">
 			<div class="row">
+			  <section class="col-xs-12">
-				<?php if (isset($input_errors) && count($input_errors) > 0) print_input_errors($input_errors); ?>
-			    <section class="col-xs-12">
 				<? $active_tab = "/diag_ipsec_sad.php"; include('diag_ipsec_tabs.inc'); ?>
 					<div class="tab-content content-box col-xs-12">
 							<div class="table-responsive">
+								<table class="table table-striped">
-								<table class="table table-striped table-sort">
 									<?php if (count($sad)): ?>
 									<tr>
-										<td class="listhdrr nowrap"><?=gettext("Source");?></td>
+										<td><?=gettext("Source");?></td>
-										<td class="listhdrr nowrap"><?=gettext("Destination");?></td>
+										<td><?=gettext("Destination");?></td>
-										<td class="listhdrr nowrap"><?=gettext("Protocol");?></td>
+										<td><?=gettext("Protocol");?></td>
-										<td class="listhdrr nowrap"><?=gettext("SPI");?></td>
+										<td><?=gettext("SPI");?></td>
-										<td class="listhdrr nowrap"><?=gettext("Enc. alg.");?></td>
+										<td><?=gettext("Enc. alg.");?></td>
-										<td class="listhdr nowrap"><?=gettext("Auth. alg.");?></td>
+										<td><?=gettext("Auth. alg.");?></td>
-										<td class="listhdr nowrap"><?=gettext("Data");?></td>
+										<td><?=gettext("Data");?></td>
-										<td class="list nowrap"></td>
 									</tr>
 									<?php foreach ($sad as $sa): ?>
 									<tr>
-										<td class="listlr"><?=htmlspecialchars($sa['src']);?></td>
+										<td><?=$sa['src'];?></td>
-										<td class="listr"><?=htmlspecialchars($sa['dst']);?></td>
+										<td><?=$sa['dst'];?></td>
-										<td class="listr"><?=htmlspecialchars(strtoupper($sa['proto']));?></td>
+										<td><?=strtoupper($sa['proto']);?></td>
-										<td class="listr"><?=htmlspecialchars($sa['spi']);?></td>
+										<td><?=$sa['spi'];?></td>
-										<td class="listr"><?=htmlspecialchars($sa['ealgo']);?></td>
+										<td><?=$sa['ealgo'];?></td>
-										<td class="listr"><?=htmlspecialchars($sa['aalgo']);?></td>
+										<td><?=$sa['aalgo'];?></td>
-										<td class="listr"><?=htmlspecialchars($sa['data']);?></td>
+										<td><?=$sa['data'];?></td>
-										<td class="list nowrap">
-										</td>
 									</tr>
 									<?php endforeach; ?>
 									<?php else: ?>
 									<tr>
-										<td>
+										<td colspan="7">
 											<p><strong><?=gettext("No IPsec security associations.");?></strong></p>
 										</td>
 									</tr>
 									<?php endif; ?>
+									<tr>
+										<td colspan="7">
+											<span class="text-danger"><strong><?=gettext("Note:");?><br /></strong></span>
+											<?=gettext("You can configure your IPsec");?> <a href="vpn_ipsec.php"><?=gettext("here.");?></a>
+										</td>
+									</tr>
 								</table>
+							</div>
-                            <div class="container-fluid">
+            </div>
-							<p class="vexpl">
-							<span class="text-danger"><strong><?=gettext("Note:");?><br /></strong></span>
-							<?=gettext("You can configure your IPsec");?> <a href="vpn_ipsec.php"><?=gettext("here.");?></a>
-							</p>
-                            </div>
-				    </div>
 					</div>
-			    </section>
+			  </section>
 			</div>
 		</div>
 	</section>

--- a/src/www/diag_ipsec_spd.php
+++ b/src/www/diag_ipsec_spd.php
@@ -37,86 +37,67 @@ $shortcut_section = "ipsec";
 include("head.inc");
 $spd = ipsec_dump_spd();
+legacy_html_escape_form_data($spd);
 ?>
 <body>
 <?php include("fbegin.inc"); ?>
 	<section class="page-content-main">
 		<div class="container-fluid">
 			<div class="row">
+			  <section class="col-xs-12">
-				<?php if (isset($input_errors) && count($input_errors) > 0) print_input_errors($input_errors); ?>
+					<? $active_tab = "/diag_ipsec_spd.php"; include('diag_ipsec_tabs.inc'); ?>
-			    <section class="col-xs-12">
-				<? $active_tab = "/diag_ipsec_spd.php"; include('diag_ipsec_tabs.inc'); ?>
 					<div class="tab-content content-box col-xs-12">
+						<div class="table-responsive">
+							<table class="table table-striped">
-							<div class="table-responsive">
-								<table class="table table-striped table-sort __nomb">
 								<?php if (count($spd)): ?>
 								<tr>
-									<td class="listhdrr nowrap"><?= gettext("Source"); ?></td>
+									<td><?= gettext("Source"); ?></td>
-									<td class="listhdrr nowrap"><?= gettext("Destination"); ?></td>
+									<td><?= gettext("Destination"); ?></td>
-									<td class="listhdrr nowrap"><?= gettext("Direction"); ?></td>
+									<td><?= gettext("Direction"); ?></td>
-									<td class="listhdrr nowrap"><?= gettext("Protocol"); ?></td>
+									<td><?= gettext("Protocol"); ?></td>
-									<td class="listhdrr nowrap"><?= gettext("Tunnel endpoints"); ?></td>
+									<td><?= gettext("Tunnel endpoints"); ?></td>
-									<td class="list nowrap"></td>
 								</tr>
 								<?php foreach ($spd as $sp): ?>
 								<tr>
-									<td class="listlr" valign="top"><?=htmlspecialchars($sp['srcid']);?></td>
+									<td class="listlr" valign="top"><?=$sp['srcid'];?></td>
-									<td class="listr" valign="top"><?=htmlspecialchars($sp['dstid']);?></td>
+									<td class="listr" valign="top"><?=$sp['dstid'];?></td>
-									<td class="listr" valign="top"> <span class="glyphicon glyphicon-arrow-<?php if($sp['dir'] == "in" ) echo "right"; else echo "left";?>  aria-hidden="true"></span>
+									<td class="listr" valign="top">
-									</td>
+										<span class="glyphicon glyphicon-arrow-<?= $sp['dir'] == "in" ? "right" : "left";?>" aria-hidden="true"></span>
-									<td class="listr" valign="top"><?=htmlspecialchars(strtoupper($sp['proto']));?></td>
-									<td class="listr" valign="top"><?=htmlspecialchars($sp['src']);?> -> <?=htmlspecialchars($sp['dst']);?></td>
-									<td class="list nowrap">
-										<?php
-											$args = "srcid=".rawurlencode($sp['srcid']);
-											$args .= "&amp;dstid=".rawurlencode($sp['dstid']);
-											$args .= "&amp;dir=".rawurlencode($sp['dir']);
-										?>
 									</td>
+									<td class="listr" valign="top"><?=strtoupper($sp['proto']);?></td>
+									<td class="listr" valign="top"><?=$sp['src'];?> -> <?=$sp['dst'];?></td>
 								</tr>
 								<?php endforeach; ?>
-							</table>
-							<br />
-							<table class="tabcont" border="0" cellspacing="0" cellpadding="6" summary="policies">
 								<tr>
-									<td width="16">	<span class="glyphicon glyphicon-arrow-right" aria-hidden="true" alt="in"></span></td>
+									<td colspan="2">
-									<td><?= gettext("incoming (as seen by firewall)"); ?></td>
+										<span class="text-danger"><strong><?= gettext("Note:"); ?><br /></strong></span>
-								</tr>
+										<?= gettext("You can configure your IPsec"); ?> <a href="vpn_ipsec.php"><?= gettext("here."); ?></a>
-								<tr>
+									</td>
-									<td colspan="5" height="4"></td>
+									<td colspan="3">
-								</tr>
+										<span class="glyphicon glyphicon-arrow-right" aria-hidden="true" alt="in"></span>
-								<tr>
+										<?= gettext("incoming (as seen by firewall)"); ?> <br/>
-									<td><span class="glyphicon glyphicon-arrow-left" aria-hidden="true" alt="out"></span></td>
+										<span class="glyphicon glyphicon-arrow-left" aria-hidden="true" alt="out"></span>
-									<td><?= gettext("outgoing (as seen by firewall)"); ?></td>
+										<?= gettext("outgoing (as seen by firewall)"); ?>
+									</td>
 								</tr>
 								<?php else: ?>
 								<tr>
-									<td>
+									<td  colspan="5">
 										<p><strong><?= gettext("No IPsec security policies."); ?></strong></p>
 									</td>
 								</tr>
+								<tr>
+									<td colspan="5">
+										<span class="text-danger"><strong><?= gettext("Note:"); ?><br /></strong></span>
+										<?= gettext("You can configure your IPsec"); ?> <a href="vpn_ipsec.php"><?= gettext("here."); ?></a>
+									</td>
+								</tr>
 								<?php endif; ?>
 							</table>
-						</div>
-						 <div class="container-fluid">
-						<p class="vexpl">
-						<span class="text-danger"><strong><?= gettext("Note:"); ?><br /></strong></span>
-						<?= gettext("You can configure your IPsec"); ?> <a href="vpn_ipsec.php"><?= gettext("here."); ?></a>
-						</p>
-				    </div>
 					</div>
-			    </section>
+					</div>
+				</section>
 			</div>
 		</div>
 	</section>

--- a/src/www/vpn_ipsec.php
+++ b/src/www/vpn_ipsec.php
--- a/src/www/vpn_ipsec_keys.php
+++ b/src/www/vpn_ipsec_keys.php
--- a/src/www/vpn_ipsec_keys_edit.php
+++ b/src/www/vpn_ipsec_keys_edit.php
@@ -31,80 +31,82 @@ require_once("guiconfig.inc");
 require_once("vpn.inc");
 require_once("services.inc");
-if (!is_array($config['ipsec'])) {
+if (!isset($config['ipsec'])) {
        $config['ipsec'] = array();
 }
-if (!is_array($config['ipsec']['mobilekey'])) {
+if (!isset($config['ipsec']['mobilekey'])) {
    $config['ipsec']['mobilekey'] = array();
+} else {
+  ipsec_mobilekey_sort();
 }
-ipsec_mobilekey_sort();
-$a_secret = &$config['ipsec']['mobilekey'];
-if (is_numericint($_GET['id'])) {
+if ($_SERVER['REQUEST_METHOD'] === 'GET') {
-    $id = $_GET['id'];
+    $pconfig = array();
-}
+    if(isset($_GET['id']) && is_numericint($_GET['id']) && isset($config['ipsec']['mobilekey'][$_GET['id']])) {
-if (isset($_POST['id']) && is_numericint($_POST['id'])) {
+        // fetch record
-    $id = $_POST['id'];
+        $id = $_GET['id'];
-}
+        $pconfig['ident'] = $config['ipsec']['mobilekey'][$id]['ident'];
+        $pconfig['psk'] = $config['ipsec']['mobilekey'][$id]['pre-shared-key'];
-if (isset($id) && $a_secret[$id]) {
+    } else {
-    $pconfig['ident'] = $a_secret[$id]['ident'];
+        // init new
-    $pconfig['psk'] = $a_secret[$id]['pre-shared-key'];
+        $pconfig['ident'] = '';
-}
+        $pconfig['psk'] = '';
+    }
+} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $input_errors = array();
+    $pconfig = $_POST;
+    // fetch record number if valid
+    if (isset($_POST['id']) && is_numericint($_POST['id']) && isset($config['ipsec']['mobilekey'][$_POST['id']]) ) {
+        $id = $_POST['id'];
+    } else {
+        $id = null;
+    }
-if ($_POST) {
+    /* input validation */
    $userids = array();
    foreach ($config['system']['user'] as $uid => $user) {
        $userids[$user['name']] = $uid;
    }
+    if (isset($pconfig['ident']) && array_key_exists($pconfig['ident'], $userids)) {
+        $input_errors[] = gettext("A user with this name already exists. Add the key to the user instead.");
+    }
+    unset($userids);
-    unset($input_errors);
-    $pconfig = $_POST;
-    /* input validation */
    $reqdfields = explode(" ", "ident psk");
    $reqdfieldsn = array(gettext("Identifier"),gettext("Pre-Shared Key"));
    do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
-    if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident'])) {
+    if (empty($pconfig['ident']) || preg_match("/[^a-zA-Z0-9@\.\-]/", $pconfig['ident'])) {
        $input_errors[] = gettext("The identifier contains invalid characters.");
    }
-    if (array_key_exists($_POST['ident'], $userids)) {
+    /* make sure there are no dupes on new entries */
-        $input_errors[] = gettext("A user with this name already exists. Add the key to the user instead.");
+    $recidx = 0 ;
-    }
+    foreach ($config['ipsec']['mobilekey'] as $secretent) {
-    unset($userids);
+        if ($secretent['ident'] == $pconfig['ident'] && ($recidx != $id || $id === null)) {
+            $input_errors[] = gettext("Another entry with the same identifier already exists.");
-    if (!$input_errors && !(isset($id) && $a_secret[$id])) {
+            break;
-        /* make sure there are no dupes */
-        foreach ($a_secret as $secretent) {
-            if ($secretent['ident'] == $_POST['ident']) {
-                $input_errors[] = gettext("Another entry with the same identifier already exists.");
-                break;
-            }
        }
+        $recidx++;
    }
-    if (!$input_errors) {
+    if (count($input_errors) == 0) {
-        if (isset($id) && $a_secret[$id]) {
+        $secretent = array();
-            $secretent = $a_secret[$id];
+        $secretent['ident'] = $pconfig['ident'];
-        }
+        $secretent['pre-shared-key'] = $pconfig['psk'];
-        $secretent['ident'] = $_POST['ident'];
-        $secretent['pre-shared-key'] = $_POST['psk'];
-        $text = "";
-        if (isset($id) && $a_secret[$id]) {
+        if ($id !== null) {
-            $a_secret[$id] = $secretent;
+            // edit existing key
-            $text = gettext("Edited");
+            $config['ipsec']['mobilekey'][$id] = $secretent;
+            $config_write_text = gettext("Edited");
        } else {
-            $a_secret[] = $secretent;
+            $config_write_text = gettext("Added");
-            $text = gettext("Added");
+            $config['ipsec']['mobilekey'][] = $secretent;
        }
-        write_config("{$text} IPsec Pre-Shared Keys");
+        write_config("{$config_write_text} IPsec Pre-Shared Keys");
        mark_subsystem_dirty('ipsec');
        header("Location: vpn_ipsec_keys.php");
@@ -112,9 +114,12 @@ if ($_POST) {
    }
 }
 $pgtitle = gettext("VPN: IPsec: Edit Pre-Shared Key");
 $shortcut_section = "ipsec";
+legacy_html_escape_form_data($pconfig);
 include("head.inc");
 ?>
@@ -123,62 +128,58 @@ include("head.inc");
 <?php include("fbegin.inc"); ?>
 	<section class="page-content-main">
 		<div class="container-fluid">
 			<div class="row">
-				<?php if (isset($input_errors) && count($input_errors) > 0) {
+        <?php if (isset($input_errors) && count($input_errors) > 0) {
-                    print_input_errors($input_errors);
+                print_input_errors($input_errors);
-} ?>
+        }
+        ?>
-			    <section class="col-xs-12">
+        <section class="col-xs-12">
+          <div class="content-box">
-				<div class="content-box">
+            <form action="vpn_ipsec_keys_edit.php" method="post" name="iform" id="iform">
+              <div class="table-responsive">
-                        <form action="vpn_ipsec_keys_edit.php" method="post" name="iform" id="iform">
+                <table class="table table-striped">
+                  <tr>
-				<div class="table-responsive">
+                    <td><a id="help_for_ident" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Identifier"); ?></td>
-					<table class="table table-striped table-sort">
+					          <td>
-					                <tr>
+                      <input name="ident" type="text" class="formfld unknown" id="ident" size="30" value="<?=$pconfig['ident'];?>" />
-					                  <td valign="top" class="vncellreq"><?=gettext("Identifier"); ?></td>
+                      <div class="hidden" for="help_for_ident">
-					                  <td class="vtable">
+                        <?=gettext("This can be either an IP address, fully qualified domain name or an e-mail address"); ?>.
-					                  <input name="ident" type="text" class="formfld unknown" id="ident" size="30" value="<?=htmlspecialchars($pconfig['ident']);?>" />
+                      </div>
-					                    <br />
+                    </td>
-					<?=gettext("This can be either an IP address, fully qualified domain name or an e-mail address"); ?>.
+                  </tr>
-					                  </td>
+                  <tr>
-					                </tr>
+                    <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Pre-Shared Key"); ?></td>
-					                <tr>
+                    <td>
-					                  <td width="22%" valign="top" class="vncellreq"><?=gettext("Pre-Shared Key"); ?></td>
+                      <input name="psk" type="text" class="formfld unknown" id="psk" size="40" value="<?=$pconfig['psk'];?>" />
-					                  <td width="78%" class="vtable">
+                    </td>
-					                  <input name="psk" type="text" class="formfld unknown" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>" />
+					        </tr>
-					                  </td>
+					        <tr>
-					                </tr>
+                    <td>&nbsp;</td>
-					                <tr>
+                    <td>
-					                  <td width="22%" valign="top">&nbsp;</td>
+                      <input name="Submit" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
-					                  <td width="78%">
+<?php                 if (isset($id) && isset($config['ipsec']['mobilekey'][$id])) :
-					                    <input name="Submit" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
-					                    <?php if (isset($id) && $a_secret[$id]) :
 ?>
-					                    <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
+					            <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
-					                    <?php
+<?php
 endif; ?>
-					                  </td>
+					          </td>
-					                </tr>
+					        </tr>
-					              </table>
+                  <tr>
-				</div>
+                    <td>&nbsp;</td>
+                    <td>
-				<div class="col-xs-12">
+                      <span class="text-danger">
-								<span class="vexpl">
-								<span class="text-danger">
 									<strong><?=gettext("Note"); ?>:<br /></strong>
 								</span>
 								<?=gettext("PSK for any user can be set by using an identifier of any/ANY");?>
-								</span>
+                    </td>
-							</div>
+                  </tr>
-                        </form>
+					      </table>
-				</div>
+              </div>
-			    </section>
+            </form>
-			</div>
+          </div>
+        </section>
+      </div>
 		</div>
 	</section>

--- a/src/www/vpn_ipsec_mobile.php
+++ b/src/www/vpn_ipsec_mobile.php
--- a/src/www/vpn_ipsec_phase1.php
+++ b/src/www/vpn_ipsec_phase1.php
--- a/src/www/vpn_ipsec_phase2.php
+++ b/src/www/vpn_ipsec_phase2.php
--- a/src/www/vpn_ipsec_settings.php
+++ b/src/www/vpn_ipsec_settings.php