Project

General

Profile

Download (13.9 KB) Statistics
| Branch: | Tag: | Revision:

univnautes / usr / local / www / services_unbound_acls.php @ a1b66bec

1
<?php
2
/* $Id$ */
3
/*
4
	services_unbound_acls.php
5
	part of pfSense (https://www.pfsense.org/)
6

    
7
	Copyright (C) 2011 Warren Baker <warren@decoy.co.za>
8
	All rights reserved.
9

    
10
	Redistribution and use in source and binary forms, with or without
11
	modification, are permitted provided that the following conditions are met:
12

    
13
	1. Redistributions of source code must retain the above copyright notice,
14
	   this list of conditions and the following disclaimer.
15

    
16
	2. Redistributions in binary form must reproduce the above copyright
17
	   notice, this list of conditions and the following disclaimer in the
18
	   documentation and/or other materials provided with the distribution.
19

    
20
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29
	POSSIBILITY OF SUCH DAMAGE.
30
*/
31

    
32
require("guiconfig.inc");
33
require("unbound.inc");
34

    
35
$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/services_unbound_acls.php');
36

    
37
if (!is_array($config['unbound']['acls'])) {
38
	$config['unbound']['acls'] = array();
39
}
40

    
41
$a_acls = &$config['unbound']['acls'];
42

    
43
$id = $_GET['id'];
44
if (isset($_POST['aclid'])) {
45
	$id = $_POST['aclid'];
46
}
47

    
48
$act = $_GET['act'];
49
if (isset($_POST['act'])) {
50
	$act = $_POST['act'];
51
}
52

    
53
if ($act == "del") {
54
	if (!$a_acls[$id]) {
55
		pfSenseHeader("services_unbound_acls.php");
56
		exit;
57
	}
58

    
59
	unset($a_acls[$id]);
60
	write_config();
61
	mark_subsystem_dirty('unbound');
62
}
63

    
64
if ($act == "new") {
65
	$id = unbound_get_next_id();
66
}
67

    
68
if ($act == "edit") {
69
	if (isset($id) && $a_acls[$id]) {
70
		$pconfig = $a_acls[$id];
71
		$networkacl = $a_acls[$id]['row'];
72
	}
73
}
74

    
75
if ($_POST) {
76
	unset($input_errors);
77
	$pconfig = $_POST;
78

    
79
	if ($_POST['apply']) {
80
		$retval = services_unbound_configure();
81
		$savemsg = get_std_save_message($retval);
82
		if ($retval == 0)
83
			clear_subsystem_dirty('unbound');
84
	} else {
85

    
86
		// input validation - only allow 50 entries in a single ACL
87
		for($x=0; $x<50; $x++) {
88
			if (isset($pconfig["acl_network{$x}"])) {
89
				$networkacl[$x] = array();
90
				$networkacl[$x]['acl_network'] = $pconfig["acl_network{$x}"];
91
				$networkacl[$x]['mask'] = $pconfig["mask{$x}"];
92
				$networkacl[$x]['description'] = $pconfig["description{$x}"];
93
				if (!is_ipaddr($networkacl[$x]['acl_network'])) {
94
					$input_errors[] = gettext("You must enter a valid network IP address for {$networkacl[$x]['acl_network']}.");
95
				}
96

    
97
				if (is_ipaddr($networkacl[$x]['acl_network'])) {
98
					if (!is_subnet($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask'])) {
99
						$input_errors[] = gettext("You must enter a valid IPv4 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}.");
100
					}
101
				} else if (function_exists("is_ipaddrv6")) {
102
					if (!is_ipaddrv6($networkacl[$x]['acl_network'])) {
103
						$input_errors[] = gettext("You must enter a valid IPv6 address for {$networkacl[$x]['acl_network']}.");
104
					} else if (!is_subnetv6($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask'])) {
105
						$input_errors[] = gettext("You must enter a valid IPv6 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}.");
106
					}
107
				} else {
108
					$input_errors[] = gettext("You must enter a valid IPv4 address for {$networkacl[$x]['acl_network']}.");
109
				}
110
			} else if (isset($networkacl[$x])) {
111
				unset($networkacl[$x]);
112
			}
113
		}
114

    
115
		if (!$input_errors) {
116
			if ($pconfig['Submit'] == gettext("Save")) {
117
				$acl_entry = array();
118
				$acl_entry['aclid'] = $pconfig['aclid'];
119
				$acl_entry['aclname'] = $pconfig['aclname'];
120
				$acl_entry['aclaction'] = $pconfig['aclaction'];
121
				$acl_entry['description'] = $pconfig['description'];
122
				$acl_entry['aclid'] = $pconfig['aclid'];
123
				$acl_entry['row'] = array();
124
				foreach ($networkacl as $acl) {
125
					$acl_entry['row'][] = $acl;
126
				}
127

    
128
				if (isset($id) && $a_acls[$id]) {
129
					$a_acls[$id] = $acl_entry;
130
				} else {
131
					$a_acls[] = $acl_entry;
132
				}
133

    
134
				mark_subsystem_dirty("unbound");
135
				write_config();
136

    
137
				pfSenseHeader("/services_unbound_acls.php");
138
				exit;
139
			}
140

    
141
		}
142
	}
143
}
144

    
145
$closehead = false;
146
$pgtitle = "Services: DNS Resolver: Access Lists";
147
include("head.inc");
148

    
149
?>
150

    
151
<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
152
<script type="text/javascript" src="/javascript/row_helper.js"></script>
153

    
154
<script type="text/javascript">
155
//<![CDATA[
156
	rowname[0] = "acl_network";
157
	rowtype[0] = "textbox,ipv4v6";
158
	rowsize[0] = "30";
159

    
160
	rowname[1] = "mask";
161
	rowtype[1] = "select,ipv4v6";
162
	rowsize[1] = "1";
163

    
164
	rowname[2] = "description";
165
	rowtype[2] = "textbox";
166
	rowsize[2] = "40";
167
//]]>
168
</script>
169
</head>
170

    
171
<body>
172

    
173
<?php include("fbegin.inc"); ?>
174
<form action="services_unbound_acls.php" method="post" name="iform" id="iform">
175
<?php if ($input_errors) print_input_errors($input_errors); ?>
176
<?php if ($savemsg) print_info_box($savemsg); ?>
177
<?php if (is_subsystem_dirty('unbound')): ?><br/>
178
<?php print_info_box_np(gettext("The configuration of the DNS Resolver, has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));?><br />
179
<?php endif; ?>
180

    
181
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="services unbound acls">
182
	<tbody>
183
		<tr>
184
			<td class="tabnavtbl">
185
				<?php
186
					$tab_array = array();
187
					$tab_array[] = array(gettext("General Settings"), false, "/services_unbound.php");
188
					$tab_array[] = array(gettext("Advanced settings"), false, "services_unbound_advanced.php");
189
					$tab_array[] = array(gettext("Access Lists"), true, "/services_unbound_acls.php");
190
					display_top_tabs($tab_array, true);
191
				?>
192
			</td>
193
		</tr>
194
		<tr>
195
			<td id="mainarea">
196
				<div class="tabcont">
197
					<?php if($act=="new" || $act=="edit"): ?>
198
						<input name="aclid" type="hidden" value="<?=$id;?>" />
199
						<input name="act" type="hidden" value="<?=$act;?>" />
200

    
201
					<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
202
						<tr>
203
							<td colspan="2" valign="top" class="listtopic"><?=ucwords(sprintf(gettext("%s Access List"),$act));?></td>
204
						</tr>
205
						<tr>
206
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Access List name");?></td>
207
							<td width="78%" class="vtable">
208
								<input name="aclname" type="text" class="formfld" id="aclname" size="30" maxlength="30" value="<?=htmlspecialchars($pconfig['aclname']);?>" />
209
								<br />
210
								<span class="vexpl"><?=gettext("Provide an Access List name.");?></span>
211
							</td>
212
						</tr>
213
						<tr>
214
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td>
215
							<td width="78%" class="vtable">
216
								<select name="aclaction" class="formselect">
217
									<?php $types = explode(",", "Allow,Deny,Refuse,Allow Snoop"); foreach ($types as $type): ?>
218
									<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['aclaction'])) echo "selected=\"selected\""; ?>>
219
									<?=htmlspecialchars($type);?>
220
									</option>
221
									<?php endforeach; ?>
222
								</select>
223
								<br />
224
								<span class="vexpl">
225
									<?=gettext("Choose what to do with DNS requests that match the criteria specified below.");?> <br />
226
									<?=gettext("<b>Deny:</b> This action stops queries from hosts within the netblock defined below.");?> <br />
227
									<?=gettext("<b>Refuse:</b> This action also stops queries from hosts within the netblock defined below, but sends a DNS rcode REFUSED error message back to the client.");?> <br />
228
									<?=gettext("<b>Allow:</b> This action allows queries from hosts within the netblock defined below.");?> <br />
229
									<?=gettext("<b>Allow Snoop:</b> This action allows recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.");?> <br />
230
								</span>
231
							</td>
232
						</tr>
233
						<tr>
234
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Networks");?></td>
235
						<td width="78%" class="vtable">
236
							<table id="maintable" summary="networks">
237
								<tbody>
238
									<tr>
239
										<td><div id="onecolumn"><?=gettext("Network");?></div></td>
240
										<td><div id="twocolumn"><?=gettext("CIDR");?></div></td>
241
										<td><div id="threecolumn"><?=gettext("Description");?></div></td>
242
									</tr>
243
									<?php $counter = 0; ?>
244
									<?php
245
										if($networkacl)
246
											foreach($networkacl as $item):
247
									?>
248
											<?php
249
												$network = $item['acl_network'];
250
												$cidr = $item['mask'];
251
												$description = $item['description'];
252
											?>
253
									<tr>
254
										<td>
255
											<input name="acl_network<?=$counter;?>" type="text" class="formfld unknown ipv4v6" id="acl_network<?=$counter;?>" size="30" value="<?=htmlspecialchars($network);?>" />
256
										</td>
257
										<td>
258
											<select name="mask<?=$counter;?>" class="formselect ipv4v6" id="mask<?=$counter;?>">
259
											<?php
260
												for ($i = 128; $i > 0; $i--) {
261
													echo "<option value=\"$i\" ";
262
													if ($i == $cidr) echo "selected=\"selected\"";
263
													echo ">" . $i . "</option>";
264
												}
265
											?>
266
											</select>
267
										</td>
268
										<td>
269
											<input name="description<?=$counter;?>" type="text" class="formfld unknown" id="description<?=$counter;?>" size="40" value="<?=htmlspecialchars($description);?>" />
270
										</td>
271
										<td>
272
											<a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" alt="delete" /></a>
273
										</td>
274
									</tr>
275
									<?php $counter++; ?>
276
									<?php endforeach; ?>
277
								</tbody>
278
							</table>
279
							<a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#">
280
								<img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" />
281
							</a>
282
							<script type="text/javascript">
283
							//<![CDATA[
284
								field_counter_js = 3;
285
								rows = 1;
286
								totalrows = <?php echo $counter; ?>;
287
								loaded = <?php echo $counter; ?>;
288
							//]]>
289
							</script>
290

    
291
							</td>
292
						</tr>
293

    
294
						<tr>
295
							<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
296
							<td width="78%" class="vtable">
297
								<input name="description" type="text" class="formfld unknown" id="description" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['description']);?>" />
298
								<br />
299
								<span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span>
300
							</td>
301
						</tr>
302
						<tr>
303
							<td>&nbsp;</td>
304
						</tr>
305
						<tr>
306
							<td width="22%" valign="top">&nbsp;</td>
307
							<td width="78%">
308
								&nbsp;<br />&nbsp;
309
								<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
310
								<input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" />
311
							</td>
312
						</tr>
313
					</table>
314

    
315
				<?php else: ?>
316

    
317
				<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="results">
318
					<thead>
319
						<tr>
320
							<td width="25%" class="listhdrr"><?=gettext("Access List Name"); ?></td>
321
							<td width="25%" class="listhdrr"><?=gettext("Action"); ?></td>
322
							<td width="45%" class="listhdr"><?=gettext("Description"); ?></td>
323
							<td width="5%" class="list">&nbsp;</td>
324
						</tr>
325
					</thead>
326
					<tfoot>
327
						<tr>
328
							<td class="list" colspan="3">&nbsp;</td>
329
							<td class="list">
330
								<table border="0" cellspacing="0" cellpadding="1" summary="icons">
331
									<tr>
332
										<td width="17">&nbsp;</td>
333
										<td valign="middle"><a href="services_unbound_acls.php?act=new">
334
											<img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("Add new Access List"); ?>" border="0" alt="add" />
335
										</a></td>
336
									</tr>
337
								</table>
338
							</td>
339
						</tr>
340
						<tr>
341
							<td colspan="4">
342
								<p>
343
									<?=gettext("Access Lists to control access to the DNS Resolver can be defined here.");?>
344
								</p>
345
							</td>
346
						</tr>
347
					</tfoot>
348
					<tbody>
349
					<?php
350
						$i = 0;
351
						foreach($a_acls as $acl):
352
					?>
353
						<tr ondblclick="document.location='services_unbound_acls.php?act=edit&amp;id=<?=$i;?>'">
354
							<td class="listlr">
355
								<?=htmlspecialchars($acl['aclname']);?>
356
							</td>
357
							<td class="listr">
358
								<?=htmlspecialchars($acl['aclaction']);?>
359
							</td>
360
							<td class="listbg">
361
								<?=htmlspecialchars($acl['description']);?>
362
							</td>
363
							<td valign="middle" class="list nowrap">
364
								<table border="0" cellspacing="0" cellpadding="1" summary="icons">
365
									<tr>
366
										<td valign="middle"><a href="services_unbound_acls.php?act=edit&amp;id=<?=$i;?>">
367
											<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit access list"); ?>" width="17" height="17" border="0" alt="edit" />
368
										</a></td>
369
										<td valign="middle"><a href="services_unbound_acls.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this access list?"); ?>')">
370
											<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete access list"); ?>" width="17" height="17" border="0" alt="delete" />
371
										</a></td>
372
									</tr>
373
								</table>
374
							</td>
375
						</tr>
376
					<?php
377
						$i++;
378
						endforeach;
379
					?>
380
					<tr style="display:none"><td></td></tr>
381
					</tbody>
382
				</table>
383
			<?php endif; ?>
384
			</div>
385
			</td>
386
		</tr>
387
	</tbody>
388
</table>
389
</form>
390

    
391
<?php include("fend.inc"); ?>
392
</body>
393
</html>
(171-171/256)