]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/aliases.cgi
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ids.cgi: Format and show date of the current ruleset again
[ipfire-2.x.git] / html / cgi-bin / aliases.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007 Michael Tremer & Christian Schmidt #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21 #
22 # this cgi is base on IPCop CGI - aliases.cgi
23 #
24
25 # to fully troubleshot your code, uncomment diagnostics, Carp and cluck lines
26 #use diagnostics; # need to add the file /usr/lib/perl5/5.8.x/pods/perldiag.pod before to work
27 # next look at /var/log/httpd/error_log , http://www.perl.com/pub/a/2002/05/07/mod_perl.html may help
28 #use warnings;
29 use strict;
30 #use Carp ();
31 #local $SIG{__WARN__} = \&Carp::cluck;
32
33 require '/var/ipfire/general-functions.pl'; # replace /var/ipcop with /var/ipcop in case of manual install
34 require "${General::swroot}/lang.pl";
35 require "${General::swroot}/header.pl";
36 require "${General::swroot}/ids-functions.pl";
37
38 my $configfwdfw = "${General::swroot}/firewall/config";
39 my $configinput = "${General::swroot}/firewall/input";
40 my $configoutgoing = "${General::swroot}/firewall/outgoing";
41 my %input=();
42 my %forward=();
43 my %output=();
44
45 #workaround to suppress a warning when a variable is used only once
46 my @dummy = ( ${Header::colouryellow} );
47 @dummy = ( ${Header::table1colour} );
48 @dummy = ( ${Header::table2colour} );
49 undef (@dummy);
50
51 # Files used
52 my $setting = "${General::swroot}/ethernet/settings";
53 our $datafile = "${General::swroot}/ethernet/aliases";
54
55
56 our %settings=();
57 #Settings1
58
59 #Settings2 for editing the multi-line list
60 #Must not be saved !
61 $settings{'IP'} = '';
62 $settings{'ENABLED'} = 'off'; # Every check box must be set to off
63 $settings{'NAME'} = '';
64 my @nosaved=('IP','ENABLED','NAME'); # List here ALL setting2 fields. Mandatory
65
66 $settings{'ACTION'} = ''; # add/edit/remove
67 $settings{'KEY1'} = ''; # point record for ACTION
68
69 #Define each field that can be used to sort columns
70 my $sortstring='^IP|^NAME';
71 my $errormessage = '';
72 my $warnmessage = '';
73
74 &Header::showhttpheaders();
75
76 # Read needed Ipcop netsettings
77 my %netsettings=();
78 $netsettings{'SORT_ALIASES'} = 'NAME'; # default sort
79 &General::readhash($setting, \%netsettings);
80
81 #Get GUI values
82 &Header::getcgihash(\%settings);
83
84 # Load multiline data
85 our @current = ();
86 if (open(FILE, "$datafile")) {
87 @current = <FILE>;
88 close (FILE);
89 }
90
91 #
92 # Check Settings1 first because they are needed before working on @current
93 #
94 # Remove if no Setting1 needed
95 #
96 if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
97
98 #
99 #Validate static Settings1 here
100 #
101 unless ($errormessage) { # Everything is ok, save settings
102 #map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1'));# Must never be saved
103 #&General::writehash($setting, \%settings); # Save good settings
104 #$settings{'ACTION'} = $Lang::tr{'save'}; # Recreate 'ACTION'
105 #map ($settings{$_}= '',(@nosaved,'KEY1')); # and reinit var to empty
106
107 # Rebuild configuration file if needed
108 &BuildConfiguration;
109
110 # Handle suricata related actions.
111 &HandleSuricata();
112 }
113
114 ERROR: # Leave the faulty field untouched
115 } else {
116 #&General::readhash($setting, \%settings); # Get saved settings and reset to good if needed
117 }
118
119 ## Now manipulate the multi-line list with Settings2
120 # Basic actions are:
121 # toggle the check box
122 # add/update a new line
123 # begin editing a line
124 # remove a line
125
126
127 # Toggle enable/disable field. Field is in second position
128 if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
129 #move out new line
130 chomp(@current[$settings{'KEY1'}]);
131 my @temp = split(/\,/,@current[$settings{'KEY1'}]);
132 $temp[1] = $temp[1] eq 'on' ? 'off' : 'on'; # Toggle the field
133 $temp[2] = '' if ( $temp[2] eq '' );
134 @current[$settings{'KEY1'}] = join (',',@temp)."\n";
135 $settings{'KEY1'} = ''; # End edit mode
136
137 &General::log($Lang::tr{'ip alias changed'});
138
139 #Save current
140 open(FILE, ">$datafile") or die 'Unable to open aliases file.';
141 print FILE @current;
142 close(FILE);
143
144 # Rebuild configuration file
145 &BuildConfiguration;
146
147 # Handle Suricata related actions.
148 &HandleSuricata();
149 }
150
151 if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
152 # Validate inputs
153 if (! &General::validip($settings{'IP'})) {$errormessage = "invalid ip"};
154 $settings{'NAME'} = &Header::cleanhtml($settings{'NAME'});
155
156 # Make sure we haven't duplicated an alias or RED
157 my $spacer='';
158 if ($settings{'IP'} eq $netsettings{'RED_ADDRESS'}) {
159 $errormessage = $Lang::tr{'duplicate ip'} . ' (RED)';
160 $spacer=" & ";
161 }
162 #Check if we have an emtpy name
163 if (!$settings{'NAME'}){
164 $errormessage=$Lang::tr{'fwhost err name1'};
165 }elsif(! &General::validfqdn($settings{'NAME'}) && ! &General::validhostname($settings{'NAME'})){
166 $errormessage=$Lang::tr{'invalid hostname'};
167 }
168 my $idx=0;
169 foreach my $line (@current) {
170 chomp ($line);
171 my @temp = split (/\,/, $line);
172 if ( ($settings{'KEY1'} eq '')||(($settings{'KEY1'} ne '') && ($settings{'KEY1'} != $idx))) { # update
173 if ($temp[0] eq $settings{'IP'}) {
174 $errormessage .= $spacer.$Lang::tr{'duplicate ip'};
175 $spacer=" & ";
176 }
177 if ($temp[2] eq $settings{'NAME'} && $temp[2] ne '') {
178 $errormessage .= $spacer.$Lang::tr{'duplicate name'};
179 $spacer=" & ";
180 }
181 }
182 $idx++;
183 }
184 #Update firewallrules if aliasname is changed
185 if ($settings{'OLDNAME'} ne $settings {'NAME'}){
186 &General::readhasharray("$configfwdfw", \%forward);
187 &General::readhasharray("$configinput", \%input);
188 &General::readhasharray("$configoutgoing", \%output);
189 #Check FORWARD
190 foreach my $forwardkey (sort keys %forward){
191 if ($forward{$forwardkey}[29] eq $settings{'OLDNAME'}){
192 $forward{$forwardkey}[29] = $settings {'NAME'};
193 }
194 }
195 &General::writehasharray($configfwdfw, \%forward);
196 #Check INPUT
197 foreach my $inputkey (sort keys %input){
198 if ($input{$inputkey}[6] eq $settings{'OLDNAME'}){
199 $input{$inputkey}[6] = $settings {'NAME'};
200 }
201 }
202 &General::writehasharray($configinput, \%input);
203 #Check OUTPUT
204 foreach my $outputkey (sort keys %output){
205 if ($output{$outputkey}[4] eq $settings{'OLDNAME'}){
206 $output{$outputkey}[4] = $settings {'NAME'};
207 }
208 }
209 &General::writehasharray($configoutgoing, \%output);
210 &General::firewall_config_changed;
211 }
212 #If Alias IP has changed, set firewall_config_changed
213 if($settings{'OLDIP'} ne $settings{'IP'} && $settings{'OLDIP'}){
214 &General::firewall_config_changed;
215 }
216 unless ($errormessage) {
217 if ($settings{'KEY1'} eq '') { #add or edit ?
218 unshift (@current, "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'}\n");
219 &General::log($Lang::tr{'ip alias added'});
220 } else {
221 @current[$settings{'KEY1'}] = "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'}\n";
222 $settings{'KEY1'} = ''; # End edit mode
223 &General::log($Lang::tr{'ip alias changed'});
224 }
225
226 # Write changes to config file.
227 &SortDataFile; # sort newly added/modified entry
228
229 &BuildConfiguration; # then re-build conf which use new data
230
231 # Handle Suricata related actions.
232 &HandleSuricata();
233
234 ##
235 ## if entering data line is repetitive, choose here to not erase fields between each addition
236 ##
237 map ($settings{$_}='' ,@nosaved); # Clear fields
238 }
239 }
240
241 if ($settings{'ACTION'} eq $Lang::tr{'edit'}) {
242 #move out new line
243 my $line = @current[$settings{'KEY1'}]; # KEY1 is the index in current
244 chomp($line);
245 my @temp = split(/\,/, $line);
246
247 ##
248 ## move data fields to Setting2 for edition
249 ##
250 $settings{'IP'}=$temp[0]; # Prepare the screen for editing
251 $settings{'ENABLED'}=$temp[1];
252 $settings{'NAME'}=$temp[2];
253 }
254
255 if ($settings{'ACTION'} eq $Lang::tr{'remove'}) {
256 splice (@current,$settings{'KEY1'},1); # Delete line
257 open(FILE, ">$datafile") or die 'Unable to open aliases file.';
258 print FILE @current;
259 close(FILE);
260 $settings{'KEY1'} = ''; # End remove mode
261 &General::log($Lang::tr{'ip alias removed'});
262
263 &BuildConfiguration; # then re-build conf which use new data
264
265 # Handle Suricata related actions.
266 &HandleSuricata();
267 }
268
269
270
271 ## Check if sorting is asked
272 # If same column clicked, reverse the sort.
273 if ($ENV{'QUERY_STRING'} =~ /$sortstring/ ) {
274 my $newsort=$ENV{'QUERY_STRING'};
275 my $actual=$netsettings{'SORT_ALIASES'};
276 #Reverse actual sort ?
277 if ($actual =~ $newsort) {
278 my $Rev='';
279 if ($actual !~ 'Rev') {
280 $Rev='Rev';
281 }
282 $newsort.=$Rev;
283 }
284 $netsettings{'SORT_ALIASES'}=$newsort;
285 &General::writehash($setting, \%netsettings);
286 &SortDataFile;
287 $settings{'ACTION'} = 'SORT'; # Recreate 'ACTION'
288 }
289
290 # Default initial value
291 if ($settings{'ACTION'} eq '' ) { # First launch from GUI
292 $settings{'ENABLED'} ='on';
293 }
294
295 &Header::openpage($Lang::tr{'external aliases configuration'}, 1, '');
296 &Header::openbigbox('100%', 'left', '', $errormessage);
297 my %checked =(); # Checkbox manipulations
298
299 if ($errormessage) {
300 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
301 print "$errormessage&nbsp;";
302 &Header::closebox();
303 }
304 unless (( $netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ ) && ($netsettings{'RED_TYPE'} eq 'STATIC'))
305 {
306 &Header::openbox('100%', 'left', $Lang::tr{'capswarning'});
307 print <<END
308 <table style='width:100%;'>
309 <tr>
310 <td class='boldbase' style='color:${Header::colourred};'><b>$Lang::tr{'aliases not active'}</b></td>
311 </tr>
312 </table>
313 END
314 ;
315 &Header::closebox();
316 }
317
318 #
319 # Second check box is for editing the list
320 #
321 $checked{'ENABLED'}{'on'} = ($settings{'ENABLED'} eq 'on') ? "checked='checked'" : '' ;
322
323 my $buttontext = $Lang::tr{'add'};
324 if ($settings{'KEY1'} ne '') {
325 $buttontext = $Lang::tr{'update'};
326 &Header::openbox('100%', 'left', $Lang::tr{'edit an existing alias'});
327 } else {
328 &Header::openbox('100%', 'left', $Lang::tr{'add new alias'});
329 }
330
331 #Edited line number (KEY1) passed until cleared by 'save' or 'remove' or 'new sort order'
332 print <<END
333 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
334 <input type='hidden' name='KEY1' value='$settings{'KEY1'}' />
335 <input type='hidden' name='OLDNAME' value='$settings{'NAME'}' />
336 <input type='hidden' name='OLDIP' value='$settings{'IP'}' />
337 <table style='width:100%;'>
338 <tr>
339 <td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}:</td>
340 <td><input type='text' name='NAME' value='$settings{'NAME'}' size='32' /></td>
341 <td class='base' style='text-align:right; color:${Header::colourred};'>$Lang::tr{'alias ip'}:&nbsp;</td>
342 <td><input type='text' name='IP' value='$settings{'IP'}' size='16' /></td>
343 <td class='base' style='text-align:right;'>$Lang::tr{'enabled'}&nbsp;</td>
344 <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
345 </tr>
346 </table>
347 <br>
348 <hr />
349 <table style='width:100%;'>
350 <tr>
351 <td style='text-align:right;'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td>
352 </tr>
353 </table>
354 </form>
355 END
356 ;
357 &Header::closebox();
358
359 # Add visual indicators to column headings to show sort order - EO
360 my $sortarrow1 = '';
361 my $sortarrow2 = '';
362
363 if ($netsettings{'SORT_ALIASES'} eq 'NAMERev') {
364 $sortarrow1 = $Header::sortdn;
365 } elsif ($netsettings{'SORT_ALIASES'} eq 'NAME') {
366 $sortarrow1 = $Header::sortup;
367 } elsif ($netsettings{'SORT_ALIASES'} eq 'IPRev') {
368 $sortarrow2 = $Header::sortdn;
369 } else {
370 $sortarrow2 = $Header::sortup;
371 }
372
373 #
374 # Third box shows the list, in columns
375 #
376 # Columns headers may content a link. In this case it must be named in $sortstring
377 #
378 &Header::openbox('100%', 'left', $Lang::tr{'current aliases'});
379 print <<END
380 <table class='tbl' style='width:100%;'>
381 <tr>
382 <th style='width:55%; text-align:center;'><a href='$ENV{'SCRIPT_NAME'}?NAME'><b>$Lang::tr{'name'}</b></a> $sortarrow1</th>
383 <th style='width:45%; text-align:center;'><a href='$ENV{'SCRIPT_NAME'}?IP'><b>$Lang::tr{'alias ip'}</b></a> $sortarrow2</th>
384 <th colspan='3' class='boldbase' style='width:5%; text-align:center;'><b>$Lang::tr{'action'}</b></th>
385 </tr>
386 END
387 ;
388
389 #
390 # Print each line of @current list
391 #
392 # each data line is splitted into @temp.
393 #
394
395 my $key = 0;
396 my $col="";
397 foreach my $line (@current) {
398 chomp($line);
399 my @temp = split(/\,/,$line);
400
401 #Choose icon for checkbox
402 my $gif = '';
403 my $gdesc = '';
404 if ($temp[1] eq "on") {
405 $gif = 'on.gif';
406 $gdesc = $Lang::tr{'click to disable'};
407 } else {
408 $gif = 'off.gif';
409 $gdesc = $Lang::tr{'click to enable'};
410 }
411
412 #Colorize each line
413 if ($settings{'KEY1'} eq $key) {
414 $col="background-color:${Header::colouryellow};";
415 } elsif ($key % 2) {
416 $col="background-color:${Header::table2colour};";
417 } else {
418 $col="background-color:${Header::table1colour};";
419 }
420 print "<tr style='$col'>";
421
422 print <<END
423 <td style='text-align:center; $col'>$temp[2]</td>
424 <td style='text-align:center; $col'>$temp[0]</td>
425
426 <td style='text-align:center; $col'>
427 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
428 <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
429 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' />
430 <input type='hidden' name='KEY1' value='$key' />
431 </form>
432 </td>
433
434 <td style='text-align:center; $col'>
435 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
436 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
437 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
438 <input type='hidden' name='KEY1' value='$key' />
439 </form>
440 </td>
441
442 <td style='text-align:center; $col'>
443 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
444 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
445 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' />
446 <input type='hidden' name='KEY1' value='$key' />
447 </form>
448 </td>
449 </tr>
450 END
451 ;
452 $key++;
453 }
454 print "</table>";
455
456 # If table contains entries, print 'Key to action icons'
457 if ($key) {
458 print <<END
459 <table>
460 <tr>
461 <td class='boldbase'>&nbsp;<b>$Lang::tr{'legend'}:&nbsp;</b></td>
462 <td><img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
463 <td class='base'>$Lang::tr{'click to disable'}</td>
464 <td>&nbsp;&nbsp;</td>
465 <td><img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
466 <td class='base'>$Lang::tr{'click to enable'}</td>
467 <td>&nbsp;&nbsp;</td>
468 <td><img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
469 <td class='base'>$Lang::tr{'edit'}</td>
470 <td>&nbsp;&nbsp;</td>
471 <td><img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
472 <td class='base'>$Lang::tr{'remove'}</td>
473 </tr>
474 </table>
475 END
476 ;
477 }
478
479 &Header::closebox();
480 &Header::closebigbox();
481 &Header::closepage();
482
483 ## Ouf it's the end !
484
485
486
487 # Sort the "current" array according to choices
488 sub SortDataFile
489 {
490 our %entries = ();
491
492 # Sort pair of record received in $a $b special vars.
493 # When IP is specified use numeric sort else alpha.
494 # If sortname ends with 'Rev', do reverse sort.
495 #
496 sub fixedleasesort {
497 my $qs=''; # The sort field specified minus 'Rev'
498 if (rindex ($netsettings{'SORT_ALIASES'},'Rev') != -1) {
499 $qs=substr ($netsettings{'SORT_ALIASES'},0,length($netsettings{'SORT_ALIASES'})-3);
500 if ($qs eq 'IP') {
501 my @a = split(/\./,$entries{$a}->{$qs});
502 my @b = split(/\./,$entries{$b}->{$qs});
503 ($b[0]<=>$a[0]) ||
504 ($b[1]<=>$a[1]) ||
505 ($b[2]<=>$a[2]) ||
506 ($b[3]<=>$a[3]);
507 } else {
508 $entries{$b}->{$qs} cmp $entries{$a}->{$qs};
509 }
510 } else { #not reverse
511 $qs=$netsettings{'SORT_ALIASES'};
512 if ($qs eq 'IP') {
513 my @a = split(/\./,$entries{$a}->{$qs});
514 my @b = split(/\./,$entries{$b}->{$qs});
515 ($a[0]<=>$b[0]) ||
516 ($a[1]<=>$b[1]) ||
517 ($a[2]<=>$b[2]) ||
518 ($a[3]<=>$b[3]);
519 } else {
520 $entries{$a}->{$qs} cmp $entries{$b}->{$qs};
521 }
522 }
523 }
524
525 #Use an associative array (%entries)
526 my $key = 0;
527 foreach my $line (@current) {
528 chomp( $line); #remove newline because can be on field 5 or 6 (addition of REMARK)
529 my @temp = split (',',$line);
530
531 # Build a pair 'Field Name',value for each of the data dataline.
532 # Each SORTABLE field must have is pair.
533 # Other data fields (non sortable) can be grouped in one
534
535 # Exemple
536 # F1,F2,F3,F4,F5 only F1 F2 for sorting
537 # my @record = ('KEY',$key++,
538 # 'F1',$temp[0],
539 # 'F2',$temp[1],
540 # 'DATA',join(',',@temp[2..4]) ); #group remainning values, with separator (,)
541
542 # The KEY,key record permits doublons. If removed, then F1 becomes the key without doublon permitted.
543
544
545 my @record = ('KEY',$key++,'IP',$temp[0],'ENABLED',$temp[1],'NAME',$temp[2]);
546 my $record = {}; # create a reference to empty hash
547 %{$record} = @record; # populate that hash with @record
548 $entries{$record->{KEY}} = $record; # add this to a hash of hashes
549 }
550
551 open(FILE, ">$datafile") or die 'Unable to open aliases file.';
552
553 # Each field value is printed , with the newline ! Don't forget separator and order of them.
554 foreach my $entry (sort fixedleasesort keys %entries) {
555 print FILE "$entries{$entry}->{IP},$entries{$entry}->{ENABLED},$entries{$entry}->{NAME}\n";
556 }
557
558 close(FILE);
559 # Reload sorted @current
560 open (FILE, "$datafile");
561 @current = <FILE>;
562 close (FILE);
563 }
564
565 #
566 # Build the configuration file for application aliases
567 #
568 sub BuildConfiguration {
569 # Restart service associated with this
570 system '/usr/local/bin/setaliases';
571 }
572
573 #
574 ## Handle Suricata related actions.
575 #
576 sub HandleSuricata() {
577 # Check if suricata is running.
578 if(&IDS::ids_is_running()) {
579 # Re-generate file which contains the HOME_NET declaration.
580 &IDS::generate_home_net_file();
581
582 # Call suricatactrl to perform a restart of suricata.
583 &IDS::call_suricatactrl("restart");
584 }
585 }
IPFire 2.x development tree