diff --git a/src/www/services_unbound_acls.php b/src/www/services_unbound_acls.php index 8034ddc14..d652d3885 100644 --- a/src/www/services_unbound_acls.php +++ b/src/www/services_unbound_acls.php @@ -1,30 +1,30 @@ - All rights reserved. + Copyright (C) 2014-2016 Deciso B.V. + Copyright (C) 2011 Warren Baker + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); @@ -34,346 +34,415 @@ require_once("pfsense-utils.inc"); require_once("services.inc"); require_once("interfaces.inc"); -function unbound_acl_id_used($id) { - global $config; - if (isset($config['unbound']['acls'])) - foreach($config['unbound']['acls'] as & $acls) - if ($id == $acls['aclid']) - return true; - - return false; +if (empty($config['unbound']['acls']) || !is_array($config['unbound']['acls'])) { + $config['unbound']['acls'] = array(); } - -function unbound_get_next_id() { - $aclid = 0; - while(unbound_acl_id_used($aclid)) - $aclid++; - return $aclid; -} - - - -$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/services_unbound_acls.php'); - -if (empty($config['unbound']['acls']) || !is_array($config['unbound']['acls'])) - $config['unbound']['acls'] = array(); - $a_acls = &$config['unbound']['acls']; -$id = $_GET['id']; -if (isset($_POST['aclid'])) - $id = $_POST['aclid']; -$act = $_GET['act']; -if (isset($_POST['act'])) - $act = $_POST['act']; +if ($_SERVER['REQUEST_METHOD'] === 'GET') { + if (isset($_GET['id']) && !empty($a_acls[$_GET['id']])) { + $id = $_GET['id']; + } + if (!empty($_GET['act'])) { + $act = $_GET['act']; + } else { + $act = null; + } + $pconfig = array(); + $pconfig['aclname'] = isset($id) && !empty($a_acls[$id]['aclname']) ? $a_acls[$id]['aclname'] : ""; + $pconfig['aclaction'] = isset($id) && !empty($a_acls[$id]['aclaction']) ? $a_acls[$id]['aclaction'] : ""; + $pconfig['description'] = isset($id) && !empty($a_acls[$id]['description']) ? $a_acls[$id]['description'] : ""; + $pconfig['row'] = isset($id) && !empty($a_acls[$id]['row']) ? $a_acls[$id]['row'] : array(); +} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { + $input_errors = array(); + $pconfig = $_POST; + if (isset($_POST['id']) && !empty($a_acls[$_POST['id']])) { + $id = $_POST['id']; + } + if (!empty($_POST['act'])) { + $act = $_POST['act']; + } else { + $act = null; + } -if ($act == "del") { - if (!$a_acls[$id]) { - header("Location: services_unbound_acls.php"); - exit; - } + if (!empty($pconfig['apply'])) { + services_unbound_configure(); + clear_subsystem_dirty('unbound'); + header("Location: services_unbound_acls.php"); + exit; + } elseif (!empty($act) && $act == "del") { + if (isset($id) && !empty($a_acls[$id])) { + unset($a_acls[$id]); + write_config(); + mark_subsystem_dirty('unbound'); + } + exit; + } else { + // transform networks into row items + $pconfig['row'] = array(); + foreach ($pconfig['acl_networks_acl_network'] as $acl_network_idx => $acl_network) { + if (!empty($acl_network)) { + $pconfig['row'][] = array('acl_network' => $acl_network, + 'mask' => $pconfig['acl_networks_mask'][$acl_network_idx], + 'description' => $pconfig['acl_networks_description'][$acl_network_idx] + ); + } + } - unset($a_acls[$id]); - write_config(); - mark_subsystem_dirty('unbound'); + // validate form data + foreach ($pconfig['row'] as $row) { + if (!is_ipaddr($row['acl_network'])) { + $input_errors[] = gettext("You must enter a valid network IP address for {$row['acl_network']}."); + } elseif (!is_subnet($row['acl_network']."/".$row['mask'])) { + $input_errors[] = gettext("You must enter a valid netmask for {$row['acl_network']}/{$row['mask']}."); + } + } + // save form data + if (count($input_errors) == 0) { + $acl_entry = array(); + $acl_entry['aclname'] = $pconfig['aclname']; + $acl_entry['aclaction'] = $pconfig['aclaction']; + $acl_entry['description'] = $pconfig['description']; + $acl_entry['row'] = $pconfig['row']; + + if (isset($id)) { + $a_acls[$id] = $acl_entry; + } else { + $a_acls[] = $acl_entry; + } + mark_subsystem_dirty("unbound"); + write_config(); + header("Location: services_unbound_acls.php"); + exit; + } + } } -if ($act == "new") { - $id = unbound_get_next_id(); -} +// +// if ($act == "del") { +// if (!$a_acls[$id]) { +// header("Location: services_unbound_acls.php"); +// exit; +// } +// +// unset($a_acls[$id]); +// write_config(); +// mark_subsystem_dirty('unbound'); +// } +// +// if ($act == "new") { +// $id = unbound_get_next_id(); +// } -$networkacl = array(); -if ($act == "edit") { - if (isset($id) && isset($a_acls[$id])) { - $pconfig = $a_acls[$id]; - $networkacl = $a_acls[$id]['row']; - } -} - -if ($_POST) { - $input_errors = array(); - - if ($_POST['apply']) { - $retval = services_unbound_configure(); - $savemsg = get_std_save_message(); - if ($retval == 0) - clear_subsystem_dirty('unbound'); - } else { - $pconfig = $_POST; - - // input validation - only allow 50 entries in a single ACL - for($x=0; $x<50; $x++) { - if (isset($pconfig["acl_network{$x}"])) { - $networkacl[$x] = array(); - $networkacl[$x]['acl_network'] = $pconfig["acl_network{$x}"]; - $networkacl[$x]['mask'] = $pconfig["mask{$x}"]; - $networkacl[$x]['description'] = $pconfig["description{$x}"]; - if (!is_ipaddr($networkacl[$x]['acl_network'])) - $input_errors[] = gettext("You must enter a valid network IP address for {$networkacl[$x]['acl_network']}."); - - if (is_ipaddr($networkacl[$x]['acl_network'])) { - if (!is_subnet($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask'])) - $input_errors[] = gettext("You must enter a valid IPv4 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}."); - } else if (function_exists("is_ipaddrv6")) { - if (!is_ipaddrv6($networkacl[$x]['acl_network'])) - $input_errors[] = gettext("You must enter a valid IPv6 address for {$networkacl[$x]['acl_network']}."); - else if (!is_subnetv6($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask'])) - $input_errors[] = gettext("You must enter a valid IPv6 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}."); - } else - $input_errors[] = gettext("You must enter a valid IPv4 address for {$networkacl[$x]['acl_network']}."); - } else if (isset($networkacl[$x])) - unset($networkacl[$x]); - } - - if (!isset($input_errors) || count($input_errors) == 0) { - if ($pconfig['Submit'] == gettext("Save")) { - $acl_entry = array(); - $acl_entry['aclid'] = $pconfig['aclid']; - $acl_entry['aclname'] = $pconfig['aclname']; - $acl_entry['aclaction'] = $pconfig['aclaction']; - $acl_entry['description'] = $pconfig['description']; - $acl_entry['aclid'] = $pconfig['aclid']; - $acl_entry['row'] = array(); - foreach ($networkacl as $acl) - $acl_entry['row'][] = $acl; - - if (isset($id) && $a_acls[$id]) - $a_acls[$id] = $acl_entry; - else - $a_acls[] = $acl_entry; - - - mark_subsystem_dirty("unbound"); - write_config(); - - header("Location: /services_unbound_acls.php"); - exit; - } - - } - } -} $service_hook = 'unbound'; - +legacy_html_escape_form_data($pconfig); include("head.inc"); ?> - - - - + - -
-
-
- - 0) - print_input_errors($input_errors); - - if (isset($savemsg)) - print_info_box($savemsg); - - if (is_subsystem_dirty("unbound")) - print_info_box_apply(gettext("The settings for the DNS Resolver have changed. You must apply the configuration to take affect.")); - ?> - - - -
- -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
- -
- -
- -
-
-
-
-
- -
- - - - - - - - - - - - - - - - -
- - - - - - - -
- - - - -
- -
- -
  -  
  - " /> - " onclick="window.location.href=''" /> -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
-

- -

-
- - - - - - - - ')" class="btn btn-default btn-xs"> -
- -
-
-
-
-
-
- - +
+
+
+ 0) print_input_errors($input_errors); + if (isset($savemsg)) print_info_box($savemsg); + if (is_subsystem_dirty("unbound")) print_info_box_apply(gettext("The configuration for the DNS Resolver, has been changed") . ".
" . gettext("You must apply the changes in order for them to take effect.")); + ?> +
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + +
+ + +
+ + +
+ + + + + + + + + + + null, 'mask' => 32, 'description' => null); + } else { + $acl_networks = $pconfig['row']; + } + foreach($acl_networks as $item_idx => $item):?> + + + + + + + + + + + + + +
+
+ 		+ + + + + +
+
+
+
+ + +
  +  
  + " /> + " onclick="window.location.href=''" /> +
+
+ +
+ + + + + + + + + + + + + + $ifdesc) { + $ifip = get_interface_ip($ubif); + if (!empty($ifip)) { + $subnet_bits = get_interface_subnet($ubif); + $subnet_ip = gen_subnet($ifip, $subnet_bits); + $automatic_allowed[] = "{$subnet_ip}/{$subnet_bits}"; + } + $ifip = get_interface_ipv6($ubif); + if (!empty($ifip)) { + $subnet_bits = get_interface_subnetv6($ubif); + $subnet_ip = gen_subnetv6($ifip, $subnet_bits); + $automatic_allowed[] = "{$subnet_ip}/{$subnet_bits}"; + } + } + foreach ($automatic_allowed as $network):?> + + + + + + + + +
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + +
+ +
+

+ +

+
+ + +
+
+
+
+