vpnmain.cgi: Add coding to differentiate old and base64 encoded PSK's

- An additional key was defined for a PSK being base64 encoded. All existing PSK's that
   are not base64 encoded will have that key empty. This enables base64 encoded PSK's and
   non base64 encoded PSK'sd to be differentiated.
- If the PSK connection is disabled and then enabled with a non base64 encoded PSK the PSK
   will be left as it is. If the edit page is selected and Save pressed, even if nothing
   has been modified, then the PSK will be converted to a base64 encoded PSK.
- The old style and new style PSK was tested out on my vm system and worked without any
   issue.
- Using an old non base64 encoded PSK the IPSec connection worked without any problems.
   If the PSK was tehn converted to basse64 encoding by saving from the Edit page without
   changing anything, then the client IPSec connection was successfully made without any
   indication of a change. The conversion from non base64 to base64 encoded PSK occurred
   seamlessly without any hiccup.

Fixes: Bug13029
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 01b6238eb19d3c37762be8a6786bc1b3c4abefe1..3541aaa29393091258456cf787fefe3ec5ca3cb4 100755 (executable)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -94,6 +94,7 @@ $cgiparams{'LOCAL_ID'} = '';
 $cgiparams{'REMOTE_ID'} = '';
 $cgiparams{'REMARK'} = '';
 $cgiparams{'PSK'} = '';
+$cgiparams{'BASE_64'} = '';
 $cgiparams{'CERT_NAME'} = '';
 $cgiparams{'CERT_EMAIL'} = '';
 $cgiparams{'CERT_OU'} = '';
@@ -481,8 +482,12 @@ sub writeipsecfiles {
                if ($lconfighash{$key}[4] eq 'psk') {
                        $psk_line = ($lconfighash{$key}[7] ? $lconfighash{$key}[7] : $localside) . " " ;
                        $psk_line .= $lconfighash{$key}[9] ? $lconfighash{$key}[9] : $lconfighash{$key}[10]; #remoteid or remote address?
-                       my $decoded_psk = MIME::Base64::decode_base64($lconfighash{$key}[5]);
-                       $psk_line .= " : PSK '$decoded_psk'\n";
+                       if ($lconfighash{$key}[40] eq 'YES') {
+                               my $decoded_psk = MIME::Base64::decode_base64($lconfighash{$key}[5]);
+                               $psk_line .= " : PSK '$decoded_psk'\n";
+                       } else {
+                               $psk_line .= " : PSK '$lconfighash{$key}[5]'\n";
+                       }
                        # if the line contains %any, it is less specific than two IP or ID, so move it at end of file.
                        if ($psk_line =~ /%any/) {
                                $last_secrets .= $psk_line;
@@ -1703,6 +1708,7 @@ END
                $cgiparams{'INTERFACE_ADDRESS'}         = $confighash{$cgiparams{'KEY'}}[37];
                $cgiparams{'INTERFACE_MTU'}             = $confighash{$cgiparams{'KEY'}}[38];
                $cgiparams{'DNS_SERVERS'}               = $confighash{$cgiparams{'KEY'}}[39];
+               $cgiparams{'BASE_64'}                   = $confighash{$cgiparams{'KEY'}}[40];
 
                if (!$cgiparams{'DPD_DELAY'}) {
                        $cgiparams{'DPD_DELAY'} = 30;
@@ -1884,6 +1890,7 @@ END
                }
 
                if ($cgiparams{'AUTH'} eq 'psk') {
+                       $cgiparams{'BASE_64'} = 'YES';
                        if (! length($cgiparams{'PSK'}) ) {
                                $errormessage = $Lang::tr{'pre-shared key is too short'};
                                goto VPNCONF_ERROR;
@@ -2261,7 +2268,13 @@ END
        $confighash{$key}[3] = $cgiparams{'TYPE'};
        if ($cgiparams{'AUTH'} eq 'psk') {
                $confighash{$key}[4] = 'psk';
-               $confighash{$key}[5] = MIME::Base64::encode_base64($cgiparams{'PSK'}, "");
+               if ($cgiparams{'BASE_64'} eq 'YES') {
+                       $confighash{$key}[5] = MIME::Base64::encode_base64($cgiparams{'PSK'}, "");
+                       $confighash{$key}[40] = 'YES';
+               } else {
+                       $confighash{$key}[5] = $cgiparams{'PSK'};
+                       $confighash{$key}[40] = '';
+               }
        } else {
                $confighash{$key}[4] = 'cert';
        }