if (isset($a_vip[$id]['uniqid'])) { $ignore_uniqid = $a_vip[$id]['uniqid']; } } else { $ignore_if = $_POST['interface']; $ignore_mode = $_POST['mode']; } if (!isset($ignore_uniqid)) { $ignore_uniqid = $_POST['uniqid']; } if ($ignore_mode == 'carp') { $ignore_if = "_vip{$ignore_uniqid}"; } else { $ignore_if .= "_virtualip{$id}"; } if (is_ipaddr_configured($_POST['subnet'], $ignore_if)) { $input_errors[] = gettext("This IP address is being used by another interface or VIP."); } unset($ignore_if, $ignore_mode); } } $natiflist = get_configured_interface_with_descr(); foreach ($natiflist as $natif => $natdescr) { if ($_POST['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) { $input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP."); } } /* ipalias and carp should not use network or broadcast address */ if ($_POST['mode'] == "ipalias" || $_POST['mode'] == "carp") { if (is_ipaddrv4($_POST['subnet']) && $_POST['subnet_bits'] != "32") { $network_addr = gen_subnet($_POST['subnet'], $_POST['subnet_bits']);
if ($_POST['rollbits'] && (!is_numeric($_POST['rollbits']) || $_POST['rollbits'] < 1 || $_POST['rollbits'] > 31)) { $input_errors[] = gettext("# of Bits to store Roll Id needs to be between 1..31."); } if ($_POST['ticketbits'] && (!is_numeric($_POST['ticketbits']) || $_POST['ticketbits'] < 1 || $_POST['ticketbits'] > 16)) { $input_errors[] = gettext("# of Bits to store Ticket Id needs to be between 1..16."); } if ($_POST['checksumbits'] && (!is_numeric($_POST['checksumbits']) || $_POST['checksumbits'] < 1 || $_POST['checksumbits'] > 31)) { $input_errors[] = gettext("# of Bits to store checksum needs to be between 1..31."); } if ($_POST['publickey'] && !strstr($_POST['publickey'], "BEGIN PUBLIC KEY")) { $input_errors[] = gettext("This doesn't look like an RSA Public key."); } if ($_POST['privatekey'] && !strstr($_POST['privatekey'], "BEGIN RSA PRIVATE KEY")) { $input_errors[] = gettext("This doesn't look like an RSA Private key."); } if ($_POST['vouchersyncdbip'] && is_ipaddr_configured($_POST['vouchersyncdbip'])) { $input_errors[] = gettext("You cannot sync the voucher database to this host (itself)."); } } if (!$input_errors) { if (empty($config['voucher'][$cpzone])) { $newvoucher = array(); } else { $newvoucher = $config['voucher'][$cpzone]; } if ($_POST['enable'] == "yes") { $newvoucher['enable'] = true; } else { unset($newvoucher['enable']); } if (empty($_POST['vouchersyncusername'])) {
if ($_POST) { unset($input_errors); $pconfig = $_POST; /* input validation */ if ($_POST['mode'] == "server") { $reqdfields = explode(" ", "localip remoteip"); $reqdfieldsn = array(gettext("Server address"), gettext("Remote start address")); if ($_POST['radiusenable']) { $reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret")); $reqdfieldsn = array_merge($reqdfieldsn, array(gettext("RADIUS server address"), gettext("RADIUS shared secret"))); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['localip'] && !is_ipaddr($_POST['localip'])) { $input_errors[] = gettext("A valid server address must be specified."); } if (is_ipaddr_configured($_POST['localip'])) { $input_errors[] = gettext("'Server address' parameter should NOT be set to any IP address currently in use on this firewall."); } if ($_POST['l2tp_subnet'] && !is_ipaddr($_POST['remoteip'])) { $input_errors[] = gettext("A valid remote start address must be specified."); } if ($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver'])) { $input_errors[] = gettext("A valid RADIUS server address must be specified."); } if ($_POST['secret'] != $_POST['secret_confirm']) { $input_errors[] = gettext("Secret and confirmation must match"); } if ($_POST['radiussecret'] != $_POST['radiussecret_confirm']) { $input_errors[] = gettext("Secret and confirmation must match"); } if (!is_numericint($_POST['n_l2tp_units']) || $_POST['n_l2tp_units'] > 255) {
} foreach ($staticroutes as $route_subnet) { list($network, $subnet) = explode("/", $route_subnet); if ($pconfig['subnet'] == $subnet && $network == gen_subnet($pconfig['ipaddr'], $pconfig['subnet'])) { $input_errors[] = gettext("This IPv4 address conflicts with a Static Route."); break; } unset($network, $subnet); } } } if (!empty($pconfig['ipaddrv6'])) { if (!is_ipaddrv6($pconfig['ipaddrv6'])) { $input_errors[] = gettext("A valid IPv6 address must be specified."); } else { if (is_ipaddr_configured($pconfig['ipaddrv6'], $if, true)) { $input_errors[] = gettext("This IPv6 address is being used by another interface or VIP."); } foreach ($staticroutes as $route_subnet) { list($network, $subnet) = explode("/", $route_subnet); if ($pconfig['subnetv6'] == $subnet && $network == gen_subnetv6($pconfig['ipaddrv6'], $pconfig['subnetv6'])) { $input_errors[] = gettext("This IPv6 address conflicts with a Static Route."); break; } unset($network, $subnet); } } } if (!empty($pconfig['subnet']) && !is_numeric($pconfig['subnet'])) { $input_errors[] = gettext("A valid subnet bit count must be specified."); }
} foreach ($staticroutes as $route_subnet) { list($network, $subnet) = explode("/", $route_subnet); if ($_POST['subnet'] == $subnet && $network == gen_subnet($_POST['ipaddr'], $_POST['subnet'])) { $input_errors[] = gettext("This IPv4 address conflicts with a Static Route."); break; } unset($network, $subnet); } } } if ($_POST['ipaddrv6']) { if (!is_ipaddrv6($_POST['ipaddrv6'])) { $input_errors[] = gettext("A valid IPv6 address must be specified."); } else { if (is_ipaddr_configured($_POST['ipaddrv6'], $if, true)) { $input_errors[] = gettext("This IPv6 address is being used by another interface or VIP."); } foreach ($staticroutes as $route_subnet) { list($network, $subnet) = explode("/", $route_subnet); if ($_POST['subnetv6'] == $subnet && $network == gen_subnetv6($_POST['ipaddrv6'], $_POST['subnetv6'])) { $input_errors[] = gettext("This IPv6 address conflicts with a Static Route."); break; } unset($network, $subnet); } } } if ($_POST['subnet'] && !is_numeric($_POST['subnet'])) { $input_errors[] = gettext("A valid subnet bit count must be specified."); }
$id = $pconfig['id']; } // perform form validations $reqdfields = array("mode"); $reqdfieldsn = array(gettext("Type")); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); if (isset($pconfig['subnet'])) { $pconfig['subnet'] = trim($pconfig['subnet']); if (!is_ipaddr($pconfig['subnet'])) { $input_errors[] = gettext("A valid IP address must be specified."); } else { $ignore_if = isset($id) ? $a_vip[$id]['interface'] : $pconfig['interface']; if ($pconfig['mode'] == 'carp') { $ignore_if .= "_vip{$pconfig['vhid']}"; } if (is_ipaddr_configured($pconfig['subnet'], $ignore_if)) { $input_errors[] = gettext("This IP address is being used by another interface or VIP."); } } } $natiflist = get_configured_interface_with_descr(); foreach ($natiflist as $natif => $natdescr) { if ($pconfig['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) { $input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP."); } } /* ipalias and carp should not use network or broadcast address */ if ($pconfig['mode'] == "ipalias" || $pconfig['mode'] == "carp") { if (is_ipaddrv4($pconfig['subnet']) && $pconfig['subnet_bits'] != "32") { $network_addr = gen_subnet($pconfig['subnet'], $pconfig['subnet_bits']); $broadcast_addr = gen_subnet_max($pconfig['subnet'], $pconfig['subnet_bits']);