Project

General

Profile

Download (38 KB) Statistics
| Branch: | Tag: | Revision:

univnautes / usr / local / www / firewall_aliases_edit.php @ a1b66bec

1
<?php
2
/* $Id$ */
3
/*
4
	firewall_aliases_edit.php
5
	Copyright (C) 2004 Scott Ullrich
6
	Copyright (C) 2009 Ermal Luçi
7
	Copyright (C) 2010 Jim Pingle
8
	All rights reserved.
9

    
10
	originally part of m0n0wall (http://m0n0.ch/wall)
11
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
12
	All rights reserved.
13

    
14
	Redistribution and use in source and binary forms, with or without
15
	modification, are permitted provided that the following conditions are met:
16

    
17
	1. Redistributions of source code must retain the above copyright notice,
18
	   this list of conditions and the following disclaimer.
19

    
20
	2. Redistributions in binary form must reproduce the above copyright
21
	   notice, this list of conditions and the following disclaimer in the
22
	   documentation and/or other materials provided with the distribution.
23

    
24
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
25
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
26
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
27
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
28
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33
	POSSIBILITY OF SUCH DAMAGE.
34
*/
35
/*
36
	pfSense_BUILDER_BINARIES:	/bin/rm	/bin/mkdir	/usr/bin/fetch
37
	pfSense_MODULE:	aliases
38
*/
39

    
40
##|+PRIV
41
##|*IDENT=page-firewall-alias-edit
42
##|*NAME=Firewall: Alias: Edit page
43
##|*DESCR=Allow access to the 'Firewall: Alias: Edit' page.
44
##|*MATCH=firewall_aliases_edit.php*
45
##|-PRIV
46

    
47
require("guiconfig.inc");
48
require_once("functions.inc");
49
require_once("filter.inc");
50
require_once("shaper.inc");
51

    
52
$pgtitle = array(gettext("Firewall"),gettext("Aliases"),gettext("Edit"));
53

    
54
$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firewall_aliases.php');
55

    
56
// Keywords not allowed in names
57
$reserved_keywords = array("all", "pass", "block", "out", "queue", "max", "min", "pptp", "pppoe", "L2TP", "OpenVPN", "IPsec");
58

    
59
// Add all Load balance names to reserved_keywords
60
if (is_array($config['load_balancer']['lbpool']))
61
	foreach ($config['load_balancer']['lbpool'] as $lbpool)
62
		$reserved_keywords[] = $lbpool['name'];
63

    
64
$reserved_ifs = get_configured_interface_list(false, true);
65
$reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names);
66
$max_alias_addresses = 5000;
67

    
68
if (!is_array($config['aliases']['alias']))
69
	$config['aliases']['alias'] = array();
70
$a_aliases = &$config['aliases']['alias'];
71

    
72
$tab = $_REQUEST['tab'];
73

    
74
if($_POST)
75
	$origname = $_POST['origname'];
76

    
77
// Debugging
78
if($debug)
79
	unlink_if_exists("{$g['tmp_path']}/alias_rename_log.txt");
80

    
81
function alias_same_type($name, $type) {
82
	global $config;
83

    
84
	foreach ($config['aliases']['alias'] as $alias) {
85
		if ($name == $alias['name']) {
86
			if (in_array($type, array("host", "network")) &&
87
				in_array($alias['type'], array("host", "network")))
88
				return true;
89
			if ($type  == $alias['type'])
90
				return true;
91
			else
92
				return false;
93
		}
94
	}
95
	return true;
96
}
97

    
98
if (is_numericint($_GET['id']))
99
	$id = $_GET['id'];
100
if (isset($_POST['id']) && is_numericint($_POST['id']))
101
	$id = $_POST['id'];
102

    
103
if (isset($id) && $a_aliases[$id]) {
104
	$original_alias_name = $a_aliases[$id]['name'];
105
	$pconfig['name'] = $a_aliases[$id]['name'];
106
	$pconfig['detail'] = $a_aliases[$id]['detail'];
107
	$pconfig['address'] = $a_aliases[$id]['address'];
108
	$pconfig['type'] = $a_aliases[$id]['type'];
109
	$pconfig['descr'] = html_entity_decode($a_aliases[$id]['descr']);
110

    
111
	if(preg_match("/urltable/i", $a_aliases[$id]['type'])) {
112
		$pconfig['address'] = $a_aliases[$id]['url'];
113
		$pconfig['updatefreq'] = $a_aliases[$id]['updatefreq'];
114
	}
115
	if($a_aliases[$id]['aliasurl'] <> "") {
116
		if(is_array($a_aliases[$id]['aliasurl']))
117
			$pconfig['address'] = implode(" ", $a_aliases[$id]['aliasurl']);
118
		else
119
			$pconfig['address'] = $a_aliases[$id]['aliasurl'];
120
	}
121
}
122

    
123
if ($_POST) {
124
	unset($input_errors);
125
	$vertical_bar_err_text = gettext("Vertical bars (|) at start or end, or double in the middle of descriptions not allowed. Descriptions have been cleaned. Check and save again.");
126

    
127
	/* input validation */
128

    
129
	$reqdfields = explode(" ", "name");
130
	$reqdfieldsn = array(gettext("Name"));
131

    
132
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
133

    
134
	$x = is_validaliasname($_POST['name']);
135
	if (!isset($x)) {
136
		$input_errors[] = gettext("Reserved word used for alias name.");
137
	} else if ($_POST['type'] == "port" && (getservbyname($_POST['name'], "tcp") || getservbyname($_POST['name'], "udp"))) {
138
		$input_errors[] = gettext("Reserved word used for alias name.");
139
	} else {
140
		if (is_validaliasname($_POST['name']) == false)
141
			$input_errors[] = gettext("The alias name must be less than 32 characters long, may not consist of only numbers, and may only contain the following characters") . " a-z, A-Z, 0-9, _.";
142
	}
143
	/* check for name conflicts */
144
	if (empty($a_aliases[$id])) {
145
		foreach ($a_aliases as $alias) {
146
			if ($alias['name'] == $_POST['name']) {
147
				$input_errors[] = gettext("An alias with this name already exists.");
148
				break;
149
			}
150
		}
151
	}
152

    
153
	/* Check for reserved keyword names */
154
	foreach($reserved_keywords as $rk)
155
		if($rk == $_POST['name'])
156
			$input_errors[] = sprintf(gettext("Cannot use a reserved keyword as alias name %s"), $rk);
157

    
158
	/* check for name interface description conflicts */
159
	foreach($config['interfaces'] as $interface) {
160
		if($interface['descr'] == $_POST['name']) {
161
			$input_errors[] = gettext("An interface description with this name already exists.");
162
			break;
163
		}
164
	}
165

    
166
	$alias = array();
167
	$address = array();
168
	$final_address_details = array();
169
	$alias['name'] = $_POST['name'];
170

    
171
	if (preg_match("/urltable/i", $_POST['type'])) {
172
		$address = "";
173
		$isfirst = 0;
174

    
175
		/* item is a url table type */
176
		if ($_POST['address0']) {
177
			/* fetch down and add in */
178
			$_POST['address0'] = trim($_POST['address0']);
179
			$isfirst = 0;
180
			$address[] = $_POST['address0'];
181
			$alias['url'] = $_POST['address0'];
182
			$alias['updatefreq'] = $_POST['address_subnet0'] ? $_POST['address_subnet0'] : 7;
183
			if (!is_URL($alias['url']) || empty($alias['url'])) {
184
				$input_errors[] = gettext("You must provide a valid URL.");
185
			} elseif (! process_alias_urltable($alias['name'], $alias['url'], 0, true)) {
186
				$input_errors[] = gettext("Unable to fetch usable data.");
187
			}
188
			if ($_POST["detail0"] <> "") {
189
				if ((strpos($_POST["detail0"], "||") === false) && (substr($_POST["detail0"], 0, 1) != "|") && (substr($_POST["detail0"], -1, 1) != "|")) {
190
					$final_address_details[] = $_POST["detail0"];
191
				} else {
192
					/* Remove leading and trailing vertical bars and replace multiple vertical bars with single, */
193
					/* and put in the output array so the text is at least redisplayed for the user. */
194
					$final_address_details[] = preg_replace('/\|\|+/', '|', trim($_POST["detail0"], "|"));
195
					$input_errors[] = $vertical_bar_err_text;
196
				}
197
			} else
198
				$final_address_details[] = sprintf(gettext("Entry added %s"), date('r'));
199
		}
200
	} else if ($_POST['type'] == "url" || $_POST['type'] == "url_ports") {
201
		$isfirst = 0;
202
		$address_count = 2;
203
		$desc_fmt_err_found = false;
204

    
205
		/* item is a url type */
206
		for($x=0; $x<$max_alias_addresses-1; $x++) {
207
			$_POST['address' . $x] = trim($_POST['address' . $x]);
208
			if($_POST['address' . $x]) {
209
				/* fetch down and add in */
210
				$isfirst = 0;
211
				$temp_filename = tempnam("{$g['tmp_path']}/", "alias_import");
212
				unlink_if_exists($temp_filename);
213
				$verify_ssl = isset($config['system']['checkaliasesurlcert']);
214
				mkdir($temp_filename);
215
				download_file($_POST['address' . $x], $temp_filename . "/aliases", $verify_ssl);
216

    
217
				/* if the item is tar gzipped then extract */
218
				if(stristr($_POST['address' . $x], ".tgz"))
219
					process_alias_tgz($temp_filename);
220
				else if(stristr($_POST['address' . $x], ".zip"))
221
					process_alias_unzip($temp_filename);
222

    
223
				if (!isset($alias['aliasurl']))
224
					$alias['aliasurl'] = array();
225

    
226
				$alias['aliasurl'][] = $_POST['address' . $x];
227
				if ($_POST["detail{$x}"] <> "") {
228
					if ((strpos($_POST["detail{$x}"], "||") === false) && (substr($_POST["detail{$x}"], 0, 1) != "|") && (substr($_POST["detail{$x}"], -1, 1) != "|")) {
229
						$final_address_details[] = $_POST["detail{$x}"];
230
					} else {
231
						/* Remove leading and trailing vertical bars and replace multiple vertical bars with single, */
232
						/* and put in the output array so the text is at least redisplayed for the user. */
233
						$final_address_details[] = preg_replace('/\|\|+/', '|', trim($_POST["detail{$x}"], "|"));
234
						if (!$desc_fmt_err_found) {
235
							$input_errors[] = $vertical_bar_err_text;
236
							$desc_fmt_err_found = true;
237
						}
238
					}
239
				} else
240
					$final_address_details[] = sprintf(gettext("Entry added %s"), date('r'));
241

    
242
				if(file_exists("{$temp_filename}/aliases")) {
243
					$file_contents = file_get_contents("{$temp_filename}/aliases");
244
					$file_contents = str_replace("#", "\n#", $file_contents);
245
					$file_contents_split = explode("\n", $file_contents);
246
					foreach($file_contents_split as $fc) {
247
						// Stop at 3000 items, aliases larger than that tend to break both pf and the WebGUI.
248
						if ($address_count >= 3000)
249
							break;
250
						$tmp = trim($fc);
251
						if(stristr($fc, "#")) {
252
							$tmp_split = explode("#", $tmp);
253
							$tmp = trim($tmp_split[0]);
254
						}
255
						$tmp = trim($tmp);
256
						if ($_POST['type'] == "url")
257
							$is_valid = (is_ipaddr($tmp) || is_subnet($tmp));
258
						else
259
							$is_valid = (is_port($tmp) || is_portrange($tmp));
260

    
261
						if (!empty($tmp) && $is_valid) {
262
							$address[] = $tmp;
263
							$isfirst = 1;
264
							$address_count++;
265
						}
266
					}
267
					if($isfirst == 0) {
268
						/* nothing was found */
269
						$input_errors[] = sprintf(gettext("You must provide a valid URL. Could not fetch usable data from '%s'."), $_POST['address' . $x]);
270
					}
271
					mwexec("/bin/rm -rf " . escapeshellarg($temp_filename));
272
				} else {
273
					$input_errors[] = sprintf(gettext("URL '%s' is not valid."), $_POST['address' . $x]);
274
				}
275
			}
276
		}
277
		unset($desc_fmt_err_found);
278
		if ($_POST['type'] == "url_ports")
279
			$address = group_ports($address);
280
	} else {
281
		/* item is a normal alias type */
282
		$wrongaliases = "";
283
		$desc_fmt_err_found = false;
284
		$alias_address_count = 0;
285

    
286
		// First trim and expand the input data. 
287
		// Users can paste strings like "10.1.2.0/24 10.3.0.0/16 9.10.11.0/24" into an address box.
288
		// They can also put an IP range.
289
		// This loop expands out that stuff so it can easily be validated.
290
		for($x=0; $x<($max_alias_addresses-1); $x++) {
291
			if($_POST["address{$x}"] <> "") {
292
				if ($_POST["detail{$x}"] <> "") {
293
					if ((strpos($_POST["detail{$x}"], "||") === false) && (substr($_POST["detail{$x}"], 0, 1) != "|") && (substr($_POST["detail{$x}"], -1, 1) != "|")) {
294
						$detail_text = $_POST["detail{$x}"];
295
					} else {
296
						/* Remove leading and trailing vertical bars and replace multiple vertical bars with single, */
297
						/* and put in the output array so the text is at least redisplayed for the user. */
298
						$detail_text = preg_replace('/\|\|+/', '|', trim($_POST["detail{$x}"], "|"));
299
						if (!$desc_fmt_err_found) {
300
							$input_errors[] = $vertical_bar_err_text;
301
							$desc_fmt_err_found = true;
302
						}
303
					}
304
				} else {
305
					$detail_text = sprintf(gettext("Entry added %s"), date('r'));
306
				}
307
				$address_items = explode(" ", trim($_POST["address{$x}"]));
308
				foreach ($address_items as $address_item) {
309
					$iprange_type = is_iprange($address_item);
310
					if ($iprange_type == 4) {
311
						list($startip, $endip) = explode('-', $address_item);
312
						if ($_POST['type'] == "network") {
313
							// For network type aliases, expand an IPv4 range into an array of subnets.
314
							$rangesubnets = ip_range_to_subnet_array($startip, $endip);
315
							foreach ($rangesubnets as $rangesubnet) {
316
								if ($alias_address_count > $max_alias_addresses) {
317
									break;
318
								}
319
								list($address_part, $subnet_part) = explode("/", $rangesubnet);
320
								$input_addresses[] = $address_part;
321
								$input_address_subnet[] = $subnet_part;
322
								$final_address_details[] = $detail_text;
323
								$alias_address_count++;
324
							}
325
						} else {
326
							// For host type aliases, expand an IPv4 range into a list of individual IPv4 addresses.
327
							$rangeaddresses = ip_range_to_address_array($startip, $endip, $max_alias_addresses - $alias_address_count);
328
							if (is_array($rangeaddresses)) {
329
								foreach ($rangeaddresses as $rangeaddress) {
330
									$input_addresses[] = $rangeaddress;
331
									$input_address_subnet[] = "";
332
									$final_address_details[] = $detail_text;
333
									$alias_address_count++;
334
								}
335
							} else {
336
								$input_errors[] = sprintf(gettext('Range is too large to expand into individual host IP addresses (%s)'), $address_item);
337
								$input_errors[] = sprintf(gettext('The maximum number of entries in an alias is %s'), $max_alias_addresses);
338
								// Put the user-entered data in the output anyway, so it will be re-displayed for correction.
339
								$input_addresses[] = $address_item;
340
								$input_address_subnet[] = "";
341
								$final_address_details[] = $detail_text;
342
							}
343
						}
344
					} else if ($iprange_type == 6) {
345
						$input_errors[] = sprintf(gettext('IPv6 address ranges are not supported (%s)'), $address_item);
346
						// Put the user-entered data in the output anyway, so it will be re-displayed for correction.
347
						$input_addresses[] = $address_item;
348
						$input_address_subnet[] = "";
349
						$final_address_details[] = $detail_text;
350
					} else {
351
						$subnet_type = is_subnet($address_item);
352
						if (($_POST['type'] == "host") && $subnet_type) {
353
							if ($subnet_type == 4) {
354
								// For host type aliases, if the user enters an IPv4 subnet, expand it into a list of individual IPv4 addresses.
355
								if (subnet_size($address_item) <= ($max_alias_addresses - $alias_address_count)) {
356
									$rangeaddresses = subnetv4_expand($address_item);
357
									foreach ($rangeaddresses as $rangeaddress) {
358
										$input_addresses[] = $rangeaddress;
359
										$input_address_subnet[] = "";
360
										$final_address_details[] = $detail_text;
361
										$alias_address_count++;
362
									}
363
								} else {
364
									$input_errors[] = sprintf(gettext('Subnet is too large to expand into individual host IP addresses (%s)'), $address_item);
365
									$input_errors[] = sprintf(gettext('The maximum number of entries in an alias is %s'), $max_alias_addresses);
366
									// Put the user-entered data in the output anyway, so it will be re-displayed for correction.
367
									$input_addresses[] = $address_item;
368
									$input_address_subnet[] = "";
369
									$final_address_details[] = $detail_text;
370
								}
371
							} else {
372
								$input_errors[] = sprintf(gettext('IPv6 subnets are not supported in host aliases (%s)'), $address_item);
373
								// Put the user-entered data in the output anyway, so it will be re-displayed for correction.
374
								$input_addresses[] = $address_item;
375
								$input_address_subnet[] = "";
376
								$final_address_details[] = $detail_text;
377
							}
378
						} else {
379
							list($address_part, $subnet_part) = explode("/", $address_item);
380
							if (!empty($subnet_part)) {
381
								if (is_subnet($address_item)) {
382
									$input_addresses[] = $address_part;
383
									$input_address_subnet[] = $subnet_part;
384
								} else {
385
									// The user typed something like "1.2.3.444/24" or "1.2.3.0/36" or similar rubbish.
386
									// Feed it through without splitting it apart, then it will be caught by the validation loop below.
387
									$input_addresses[] = $address_item;
388
									$input_address_subnet[] = "";
389
								}
390
							} else {
391
								$input_addresses[] = $address_part;
392
								$input_address_subnet[] = $_POST["address_subnet{$x}"];
393
							}
394
							$final_address_details[] = $detail_text;
395
							$alias_address_count++;
396
						}
397
					}
398
					if ($alias_address_count > $max_alias_addresses) {
399
						$input_errors[] = sprintf(gettext('The maximum number of entries in an alias has been exceeded (%s)'), $max_alias_addresses);
400
						break;
401
					}
402
				}
403
			}
404
		}
405

    
406
		// Validate the input data expanded above.
407
		foreach($input_addresses as $idx => $input_address) {
408
			if (is_alias($input_address)) {
409
				if (!alias_same_type($input_address, $_POST['type']))
410
					// But alias type network can include alias type urltable. Feature#1603.
411
					if (!($_POST['type'] == 'network' &&
412
						  preg_match("/urltable/i", alias_get_type($input_address))))
413
						$wrongaliases .= " " . $input_address;
414
			} else if ($_POST['type'] == "port") {
415
				if (!is_port($input_address) && !is_portrange($input_address))
416
					$input_errors[] = $input_address . " " . gettext("is not a valid port or alias.");
417
			} else if ($_POST['type'] == "host" || $_POST['type'] == "network") {
418
				if (is_subnet($input_address) || 
419
					(!is_ipaddr($input_address) && !is_hostname($input_address)))
420
					$input_errors[] = sprintf(gettext('%1$s is not a valid %2$s address, FQDN or alias.'), $input_address, $_POST['type']);
421
			}
422
			$tmpaddress = $input_address;
423
			if ($_POST['type'] != "host" && is_ipaddr($input_address) && $input_address_subnet[$idx] <> "") {
424
				if (!is_subnet($input_address . "/" . $input_address_subnet[$idx]))
425
					$input_errors[] = sprintf(gettext('%s/%s is not a valid subnet.'), $input_address, $input_address_subnet[$idx]);
426
				else
427
					$tmpaddress .= "/" . $input_address_subnet[$idx];
428
			}
429
			$address[] = $tmpaddress;
430
		}
431
		unset($desc_fmt_err_found);
432
		if ($wrongaliases <> "")
433
			$input_errors[] = sprintf(gettext('The alias(es): %s cannot be nested because they are not of the same type.'), $wrongaliases);
434
	}
435

    
436
	unset($vertical_bar_err_text);
437

    
438
	// Allow extending of the firewall edit page and include custom input validation
439
	pfSense_handle_custom_code("/usr/local/pkg/firewall_aliases_edit/input_validation");
440

    
441
	if (!$input_errors) {
442
		$alias['address'] = is_array($address) ? implode(" ", $address) : $address;
443
		$alias['descr'] = $_POST['descr'];
444
		$alias['type'] = $_POST['type'];
445
		$alias['detail'] = implode("||", $final_address_details);
446

    
447
		/*   Check to see if alias name needs to be
448
		 *   renamed on referenced rules and such
449
		 */
450
		if ($_POST['name'] <> $_POST['origname']) {
451
			// Firewall rules
452
			update_alias_names_upon_change(array('filter', 'rule'), array('source', 'address'), $_POST['name'], $origname);
453
			update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'address'), $_POST['name'], $origname);
454
			update_alias_names_upon_change(array('filter', 'rule'), array('source', 'port'), $_POST['name'], $origname);
455
			update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'port'), $_POST['name'], $origname);
456
			// NAT Rules
457
			update_alias_names_upon_change(array('nat', 'rule'), array('source', 'address'), $_POST['name'], $origname);
458
			update_alias_names_upon_change(array('nat', 'rule'), array('source', 'port'), $_POST['name'], $origname);
459
			update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'address'), $_POST['name'], $origname);
460
			update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'port'), $_POST['name'], $origname);
461
			update_alias_names_upon_change(array('nat', 'rule'), array('target'), $_POST['name'], $origname);
462
			update_alias_names_upon_change(array('nat', 'rule'), array('local-port'), $_POST['name'], $origname);
463
			// NAT 1:1 Rules
464
			//update_alias_names_upon_change(array('nat', 'onetoone'), array('external'), $_POST['name'], $origname);
465
			//update_alias_names_upon_change(array('nat', 'onetoone'), array('source', 'address'), $_POST['name'], $origname);
466
			update_alias_names_upon_change(array('nat', 'onetoone'), array('destination', 'address'), $_POST['name'], $origname);
467
			// NAT Outbound Rules
468
			update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('source', 'network'), $_POST['name'], $origname);
469
			update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('sourceport'), $_POST['name'], $origname);
470
			update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('destination', 'address'), $_POST['name'], $origname);
471
			update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('dstport'), $_POST['name'], $origname);
472
			update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('target'), $_POST['name'], $origname);
473
			// Alias in an alias
474
			update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $_POST['name'], $origname);
475
		}
476

    
477
		pfSense_handle_custom_code("/usr/local/pkg/firewall_aliases_edit/pre_write_config");
478

    
479
		if (isset($id) && $a_aliases[$id]) {
480
			if ($a_aliases[$id]['name'] <> $alias['name']) {
481
				foreach ($a_aliases as $aliasid => $aliasd) {
482
					if ($aliasd['address'] <> "") {
483
						$tmpdirty = false;
484
						$tmpaddr = explode(" ", $aliasd['address']);
485
						foreach ($tmpaddr as $tmpidx => $tmpalias) {
486
							if ($tmpalias == $a_aliases[$id]['name']) {
487
								$tmpaddr[$tmpidx] = $alias['name'];
488
								$tmpdirty = true;
489
							}
490
						}
491
						if ($tmpdirty == true)
492
							$a_aliases[$aliasid]['address'] = implode(" ", $tmpaddr);
493
					}
494
				}
495
			}
496
			$a_aliases[$id] = $alias;
497
		} else
498
			$a_aliases[] = $alias;
499

    
500
		// Sort list
501
		$a_aliases = msort($a_aliases, "name");
502

    
503
		if (write_config())
504
			mark_subsystem_dirty('aliases');
505

    
506
		if(!empty($tab))
507
			header("Location: firewall_aliases.php?tab=" . htmlspecialchars ($tab));
508
		else
509
			header("Location: firewall_aliases.php");
510
		exit;
511
	}
512
	//we received input errors, copy data to prevent retype
513
	else
514
	{
515
		$pconfig['name'] = $_POST['name'];
516
		$pconfig['descr'] = $_POST['descr'];
517
		if (($_POST['type'] == 'url') || ($_POST['type'] == 'url_ports'))
518
			$pconfig['address'] = implode(" ", $alias['aliasurl']);
519
		else
520
			$pconfig['address'] = implode(" ", $address);
521
		$pconfig['type'] = $_POST['type'];
522
		$pconfig['detail'] = implode("||", $final_address_details);
523
	}
524
}
525

    
526
include("head.inc");
527

    
528
$jscriptstr = <<<EOD
529

    
530
<script type="text/javascript">
531
//<![CDATA[
532
var objAlias = new Array(4999);
533
function typesel_change() {
534
	var field_disabled = 0;
535
	var field_value = "";
536
	var set_value = false;
537
	switch (document.iform.type.selectedIndex) {
538
		case 0:	/* host */
539
			field_disabled = 1;
540
			field_value = "";
541
			set_value = true;
542
			break;
543
		case 1:	/* network */
544
			field_disabled = 0;
545
			break;
546
		case 2:	/* port */
547
			field_disabled = 1;
548
			field_value = "128";
549
			set_value = true;
550
			break;
551
		case 3:	/* url */
552
			field_disabled = 1;
553
			break;
554
		case 4:	/* url_ports */
555
			field_disabled = 1;
556
			break;
557
		case 5:	/* urltable */
558
			field_disabled = 0;
559
			break;
560
		case 6:	/* urltable_ports */
561
			field_disabled = 0;
562
			break;
563
	}
564

    
565
	jQuery("select[id^='address_subnet']").prop("disabled", field_disabled);
566
	if (set_value == true)
567
		jQuery("select[id^='address_subnet']").prop("value", field_value);
568
}
569

    
570
function add_alias_control() {
571
	var name = "address" + (totalrows - 1);
572
	obj = document.getElementById(name);
573
	obj.setAttribute('class', 'formfldalias');
574
	obj.setAttribute('autocomplete', 'off');
575
	objAlias[totalrows - 1] = new AutoSuggestControl(obj, new StateSuggestions(addressarray));
576
}
577
EOD;
578

    
579
$network_str = gettext("Network or FQDN");
580
$networks_str = gettext("Network(s)");
581
$cidr_str = gettext("CIDR");
582
$description_str = gettext("Description");
583
$hosts_str = gettext("Host(s)");
584
$ip_str = gettext("IP or FQDN");
585
$ports_str = gettext("Port(s)");
586
$port_str = gettext("Port");
587
$url_str = gettext("URL (IPs)");
588
$url_ports_str = gettext("URL (Ports)");
589
$urltable_str = gettext("URL Table (IPs)");
590
$urltable_ports_str = gettext("URL Table (Ports)");
591
$update_freq_str = gettext("Update Freq. (days)");
592

    
593
$networks_help = gettext("Networks are specified in CIDR format.  Select the CIDR mask that pertains to each entry. /32 specifies a single IPv4 host, /128 specifies a single IPv6 host, /24 specifies 255.255.255.0, /64 specifies a normal IPv6 network, etc. Hostnames (FQDNs) may also be specified, using a /32 mask for IPv4 or /128 for IPv6. You may also enter an IP range such as 192.168.1.1-192.168.1.254 and a list of CIDR networks will be derived to fill the range.");
594
$hosts_help = gettext("Enter as many hosts as you would like.  Hosts must be specified by their IP address or fully qualified domain name (FQDN). FQDN hostnames are periodically re-resolved and updated. If multiple IPs are returned by a DNS query, all are used. You may also enter an IP range such as 192.168.1.1-192.168.1.10 or a small subnet such as 192.168.1.16/28 and a list of individual IP addresses will be generated.");
595
$ports_help = gettext("Enter as many ports as you wish.  Port ranges can be expressed by separating with a colon.");
596
$url_help = sprintf(gettext("Enter as many URLs as you wish. After saving %s will download the URL and import the items into the alias. Use only with small sets of IP addresses (less than 3000)."), $g['product_name']);
597
$url_ports_help = sprintf(gettext("Enter as many URLs as you wish. After saving %s will download the URL and import the items into the alias. Use only with small sets of Ports (less than 3000)."), $g['product_name']);
598
$urltable_help = sprintf(gettext("Enter a single URL containing a large number of IPs and/or Subnets. After saving %s will download the URL and create a table file containing these addresses. This will work with large numbers of addresses (30,000+) or small numbers."), $g['product_name']);
599
$urltable_ports_help = sprintf(gettext("Enter a single URL containing a list of Port numbers and/or Port ranges. After saving %s will download the URL."), $g['product_name']);
600

    
601
$openvpn_str = gettext("Username");
602
$openvpn_user_str = gettext("OpenVPN Users");
603
$openvpn_help = gettext("Enter as many usernames as you wish.");
604
$openvpn_freq = "";
605

    
606
$jscriptstr .= <<<EOD
607

    
608
function update_box_type() {
609
	var indexNum = document.forms[0].type.selectedIndex;
610
	var selected = document.forms[0].type.options[indexNum].text;
611
	if(selected == '{$networks_str}') {
612
		document.getElementById ("addressnetworkport").firstChild.data = "{$networks_str}";
613
		document.getElementById ("onecolumn").firstChild.data = "{$network_str}";
614
		document.getElementById ("twocolumn").firstChild.data = "{$cidr_str}";
615
		document.getElementById ("threecolumn").firstChild.data = "{$description_str}";
616
		document.getElementById ("threecolumn").style.display = 'block';
617
		document.getElementById ("itemhelp").firstChild.data = "{$networks_help}";
618
		document.getElementById ("addrowbutton").style.display = 'block';
619
	} else if(selected == '{$hosts_str}') {
620
		document.getElementById ("addressnetworkport").firstChild.data = "{$hosts_str}";
621
		document.getElementById ("onecolumn").firstChild.data = "{$ip_str}";
622
		document.getElementById ("twocolumn").firstChild.data = "";
623
		document.getElementById ("threecolumn").firstChild.data = "{$description_str}";
624
		document.getElementById ("threecolumn").style.display = 'block';
625
		document.getElementById ("itemhelp").firstChild.data = "{$hosts_help}";
626
		document.getElementById ("addrowbutton").style.display = 'block';
627
	} else if(selected == '{$ports_str}') {
628
		document.getElementById ("addressnetworkport").firstChild.data = "{$ports_str}";
629
		document.getElementById ("onecolumn").firstChild.data = "{$port_str}";
630
		document.getElementById ("twocolumn").firstChild.data = "";
631
		document.getElementById ("threecolumn").firstChild.data = "{$description_str}";
632
		document.getElementById ("threecolumn").style.display = 'block';
633
		document.getElementById ("itemhelp").firstChild.data = "{$ports_help}";
634
		document.getElementById ("addrowbutton").style.display = 'block';
635
	} else if(selected == '{$url_str}') {
636
		document.getElementById ("addressnetworkport").firstChild.data = "{$url_str}";
637
		document.getElementById ("onecolumn").firstChild.data = "{$url_str}";
638
		document.getElementById ("twocolumn").firstChild.data = "";
639
		document.getElementById ("threecolumn").firstChild.data = "{$description_str}";
640
		document.getElementById ("threecolumn").style.display = 'block';
641
		document.getElementById ("itemhelp").firstChild.data = "{$url_help}";
642
		document.getElementById ("addrowbutton").style.display = 'block';
643
	} else if(selected == '{$url_ports_str}') {
644
		document.getElementById ("addressnetworkport").firstChild.data = "{$url_ports_str}";
645
		document.getElementById ("onecolumn").firstChild.data = "{$url_ports_str}";
646
		document.getElementById ("twocolumn").firstChild.data = "";
647
		document.getElementById ("threecolumn").firstChild.data = "{$description_str}";
648
		document.getElementById ("threecolumn").style.display = 'block';
649
		document.getElementById ("itemhelp").firstChild.data = "{$url_ports_help}";
650
		document.getElementById ("addrowbutton").style.display = 'block';
651
	} else if(selected == '{$openvpn_user_str}') {
652
		document.getElementById ("addressnetworkport").firstChild.data = "{$openvpn_user_str}";
653
		document.getElementById ("onecolumn").firstChild.data = "{$openvpn_str}";
654
		document.getElementById ("twocolumn").firstChild.data = "{$openvpn_freq}";
655
		document.getElementById ("threecolumn").firstChild.data = "{$description_str}";
656
		document.getElementById ("threecolumn").style.display = 'block';
657
		document.getElementById ("itemhelp").firstChild.data = "{$openvpn_help}";
658
		document.getElementById ("addrowbutton").style.display = 'block';
659
	} else if(selected == '{$urltable_str}') {
660
		if ((typeof(totalrows) == "undefined") || (totalrows < 1)) {
661
			addRowTo('maintable', 'formfldalias');
662
			typesel_change();
663
			add_alias_control(this);
664
		}
665
		document.getElementById ("addressnetworkport").firstChild.data = "{$url_str}";
666
		document.getElementById ("onecolumn").firstChild.data = "{$url_str}";
667
		document.getElementById ("twocolumn").firstChild.data = "{$update_freq_str}";
668
		document.getElementById ("threecolumn").firstChild.data = "";
669
		document.getElementById ("threecolumn").style.display = 'none';
670
		document.getElementById ("itemhelp").firstChild.data = "{$urltable_help}";
671
		document.getElementById ("addrowbutton").style.display = 'none';
672
	} else if(selected == '{$urltable_ports_str}') {
673
		if ((typeof(totalrows) == "undefined") || (totalrows < 1)) {
674
			addRowTo('maintable', 'formfldalias');
675
			typesel_change();
676
			add_alias_control(this);
677
		}
678
		document.getElementById ("addressnetworkport").firstChild.data = "{$url_str}";
679
		document.getElementById ("onecolumn").firstChild.data = "{$url_str}";
680
		document.getElementById ("twocolumn").firstChild.data = "{$update_freq_str}";
681
		document.getElementById ("threecolumn").firstChild.data = "";
682
		document.getElementById ("threecolumn").style.display = 'none';
683
		document.getElementById ("itemhelp").firstChild.data = "{$urltable_ports_help}";
684
		document.getElementById ("addrowbutton").style.display = 'none';
685
	}
686
}
687
//]]>
688
</script>
689

    
690
EOD;
691

    
692
?>
693

    
694
<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
695
<?php
696
	include("fbegin.inc");
697
	echo $jscriptstr;
698
?>
699

    
700
<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
701
<script type="text/javascript" src="/javascript/row_helper.js"></script>
702
<script type="text/javascript" src="/javascript/autosuggest.js"></script>
703
<script type="text/javascript" src="/javascript/suggestions.js"></script>
704

    
705
<input type='hidden' name='address_type' value='textbox' />
706
<input type='hidden' name='address_subnet_type' value='select' />
707

    
708
<script type="text/javascript">
709
//<![CDATA[
710
	rowname[0] = "address";
711
	rowtype[0] = "textbox,ipv4v6";
712
	rowsize[0] = "30";
713

    
714
	rowname[1] = "address_subnet";
715
	rowtype[1] = "select,ipv4v6";
716
	rowsize[1] = "1";
717

    
718
	rowname[2] = "detail";
719
	rowtype[2] = "textbox";
720
	rowsize[2] = "50";
721
//]]>
722
</script>
723

    
724
<?php pfSense_handle_custom_code("/usr/local/pkg/firewall_aliases_edit/pre_input_errors"); ?>
725
<?php if ($input_errors) print_input_errors($input_errors); ?>
726
<div id="inputerrors"></div>
727

    
728
<form action="firewall_aliases_edit.php" method="post" name="iform" id="iform">
729
<?php
730
if (empty($tab)) {
731
	if (preg_match("/url/i", $pconfig['type']))
732
		$tab = 'url';
733
	else if ($pconfig['type'] == 'host')
734
		$tab = 'ip';
735
	else
736
		$tab = $pconfig['type'];
737
}
738
?>
739
<input name="tab" type="hidden" id="tab" value="<?=htmlspecialchars($tab);?>" />
740
<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall aliases edit">
741
	<tr>
742
		<td colspan="2" valign="top" class="listtopic"><?=gettext("Alias Edit"); ?></td>
743
	</tr>
744
	<tr>
745
		<td valign="top" class="vncellreq"><?=gettext("Name"); ?></td>
746
		<td class="vtable">
747
			<input name="origname" type="hidden" id="origname" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" />
748
			<input name="name" type="text" id="name" class="formfld unknown" size="40" maxlength="31" value="<?=htmlspecialchars($pconfig['name']);?>" />
749
			<?php if (isset($id) && $a_aliases[$id]): ?>
750
				<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
751
			<?php endif; ?>
752
			<br />
753
			<span class="vexpl">
754
				<?=gettext("The name of the alias may only consist of the characters \"a-z, A-Z, 0-9 and _\"."); ?>
755
			</span>
756
		</td>
757
	</tr>
758
	<?php pfSense_handle_custom_code("/usr/local/pkg/firewall_aliases_edit/after_first_tr"); ?>
759
	<tr>
760
		<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
761
		<td width="78%" class="vtable">
762
			<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
763
			<br />
764
			<span class="vexpl">
765
				<?=gettext("You may enter a description here for your reference (not parsed)."); ?>
766
			</span>
767
		</td>
768
	</tr>
769
	<tr>
770
		<td valign="top" class="vncellreq"><?=gettext("Type"); ?></td>
771
		<td class="vtable">
772
			<select name="type" class="formselect" id="type" onchange="update_box_type(); typesel_change();">
773
				<option value="host" <?php if ($pconfig['type'] == "host") echo "selected=\"selected\""; ?>><?=gettext("Host(s)"); ?></option>
774
				<option value="network" <?php if ($pconfig['type'] == "network") echo "selected=\"selected\""; ?>><?=gettext("Network(s)"); ?></option>
775
				<option value="port" <?php if (($pconfig['type'] == "port") || (empty($pconfig['type']) && ($tab == "port"))) echo "selected=\"selected\""; ?>><?=gettext("Port(s)"); ?></option>
776
				<!--<option value="openvpn" <?php if ($pconfig['type'] == "openvpn") echo "selected=\"selected\""; ?>><?=gettext("OpenVPN Users"); ?></option> -->
777
				<option value="url" <?php if (($pconfig['type'] == "url") || (empty($pconfig['type']) && ($tab == "url"))) echo "selected=\"selected\""; ?>><?=gettext("URL (IPs)");?></option>
778
				<option value="url_ports" <?php if ($pconfig['type'] == "url_ports") echo "selected=\"selected\""; ?>><?=gettext("URL (Ports)");?></option>
779
				<option value="urltable" <?php if ($pconfig['type'] == "urltable") echo "selected=\"selected\""; ?>><?=gettext("URL Table (IPs)"); ?></option>
780
				<option value="urltable_ports" <?php if ($pconfig['type'] == "urltable_ports") echo "selected=\"selected\""; ?>><?=gettext("URL Table (Ports)"); ?></option>
781
			</select>
782
		</td>
783
	</tr>
784
	<tr>
785
		<td width="22%" valign="top" class="vncellreq"><div id="addressnetworkport"><?=gettext("Host(s)"); ?></div></td>
786
		<td width="78%" class="vtable">
787
			<table id="maintable" summary="maintable">
788
				<tbody>
789
					<tr>
790
						<td colspan="4">
791
							<div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp"><?=gettext("Item information"); ?></div>
792
						</td>
793
					</tr>
794
					<tr>
795
						<td><div id="onecolumn"><?=gettext("Network"); ?></div></td>
796
						<td><div id="twocolumn">CIDR</div></td>
797
						<td><div id="threecolumn"><?=gettext("Description"); ?></div></td>
798
					</tr>
799

    
800
					<?php
801
					$counter = 0;
802
					if ($pconfig['address'] <> ""):
803
						$addresses = explode(" ", $pconfig['address']);
804
						$details = explode("||", $pconfig['detail']);
805
						while ($counter < count($addresses)):
806
							if (($pconfig['type'] != "host") && is_subnet($addresses[$counter])) {
807
								list($address, $address_subnet) = explode("/", $addresses[$counter]);
808
							} else {
809
								$address = $addresses[$counter];
810
								$address_subnet = "";
811
							}
812
					?>
813
					<tr>
814
						<td>
815
							<input autocomplete="off" name="address<?php echo $counter; ?>" type="text" class="formfldalias ipv4v6" id="address<?php echo $counter; ?>" size="30" value="<?=htmlspecialchars($address);?>" />
816
						</td>
817
						<td>
818
							<select name="address_subnet<?php echo $counter; ?>" class="formselect ipv4v6" id="address_subnet<?php echo $counter; ?>">
819
								<option></option>
820
								<?php for ($i = 128; $i >= 1; $i--): ?>
821
									<option value="<?=$i;?>" <?php if (($i == $address_subnet) || ($i == $pconfig['updatefreq'])) echo "selected=\"selected\""; ?>><?=$i;?></option>
822
								<?php endfor; ?>
823
							</select>
824
						</td>
825
						<td>
826
							<input name="detail<?php echo $counter; ?>" type="text" class="formfld unknown" id="detail<?php echo $counter; ?>" size="50" value="<?=htmlspecialchars($details[$counter]);?>" />
827
						</td>
828
						<td>
829
							<a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="" title="<?=gettext("remove this entry"); ?>" /></a>
830
						</td>
831
					</tr>
832
					<?php
833
						$counter++;
834

    
835
						endwhile;
836
					endif;
837
					?>
838
				</tbody>
839
			</table>
840
			<div id="addrowbutton">
841
				<a onclick="javascript:addRowTo('maintable', 'formfldalias'); typesel_change(); add_alias_control(this); return false;" href="#">
842
					<img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry"); ?>" />
843
				</a>
844
			</div>
845
		</td>
846
	</tr>
847
	<tr>
848
		<td width="22%" valign="top">&nbsp;</td>
849
		<td width="78%">
850
			<input id="submit" name="submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
851
			<input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" />
852
		</td>
853
	</tr>
854
</table>
855
</form>
856

    
857
<script type="text/javascript">
858
//<![CDATA[
859
	field_counter_js = 3;
860
	rows = 1;
861
	totalrows = <?php echo $counter; ?>;
862
	loaded = <?php echo $counter; ?>;
863
	typesel_change();
864
	update_box_type();
865

    
866
	var addressarray = <?= json_encode(array_exclude($pconfig['name'], get_alias_list($pconfig['type']))) ?>;
867

    
868
	function createAutoSuggest() {
869
		<?php
870
		for ($jv = 0; $jv < $counter; $jv++)
871
			echo "objAlias[{$jv}] = new AutoSuggestControl(document.getElementById(\"address{$jv}\"), new StateSuggestions(addressarray));\n";
872
		?>
873
	}
874

    
875
	setTimeout("createAutoSuggest();", 500);
876
//]]>
877
</script>
878

    
879
<?php include("fend.inc"); ?>
880
</body>
881
</html>
(61-61/256)