]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/aliases.cgi
2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007 Michael Tremer & Christian Schmidt #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 # this cgi is base on IPCop CGI - aliases.cgi
25 # to fully troubleshot your code, uncomment diagnostics, Carp and cluck lines
26 #use diagnostics; # need to add the file /usr/lib/perl5/5.8.x/pods/perldiag.pod before to work
27 # next look at /var/log/httpd/error_log , http://www.perl.com/pub/a/2002/05/07/mod_perl.html may help
31 #local $SIG{__WARN__} = \&Carp::cluck;
33 require '/var/ipfire/general-functions.pl'; # replace /var/ipcop with /var/ipcop in case of manual install
34 require "${General::swroot}/lang.pl";
35 require "${General::swroot}/header.pl";
36 require "${General::swroot}/ids-functions.pl";
37 require "${General::swroot}/network-functions.pl";
39 my $configfwdfw = "${General::swroot}/firewall/config";
40 my $configinput = "${General::swroot}/firewall/input";
41 my $configoutgoing = "${General::swroot}/firewall/outgoing";
46 #workaround to suppress a warning when a variable is used only once
47 my @dummy = ( ${Header
::colouryellow
} );
48 @dummy = ( ${Header
::table1colour
} );
49 @dummy = ( ${Header
::table2colour
} );
53 my $setting = "${General::swroot}/ethernet/settings";
54 our $datafile = "${General::swroot}/ethernet/aliases";
56 # Fetch the name of the main RED interface
57 my $RED_INTERFACE = &General
::get_red_interface
();
59 # Fetch all RED interfaces
60 my @RED_INTERFACES = &Network
::get_red_interfaces
();
65 #Settings2 for editing the multi-line list
68 $settings{'ENABLED'} = 'off'; # Every check box must be set to off
69 $settings{'NAME'} = '';
70 $settings{'INTERFACE'} = '';
71 my @nosaved=('IP','ENABLED','NAME','INTERFACE'); # List here ALL setting2 fields. Mandatory
73 $settings{'ACTION'} = ''; # add/edit/remove
74 $settings{'KEY1'} = ''; # point record for ACTION
76 #Define each field that can be used to sort columns
77 my $sortstring='^IP|^NAME';
78 my $errormessage = '';
81 &Header
::showhttpheaders
();
83 # Read needed Ipcop netsettings
85 $netsettings{'SORT_ALIASES'} = 'NAME'; # default sort
86 &General
::readhash
($setting, \
%netsettings);
89 &Header
::getcgihash
(\
%settings);
93 if (open(FILE
, "$datafile")) {
99 # Check Settings1 first because they are needed before working on @current
101 # Remove if no Setting1 needed
103 if ($settings{'ACTION'} eq $Lang::tr
{'save'}) {
106 #Validate static Settings1 here
108 unless ($errormessage) { # Everything is ok, save settings
109 #map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1'));# Must never be saved
110 #&General::writehash($setting, \%settings); # Save good settings
111 #$settings{'ACTION'} = $Lang::tr{'save'}; # Recreate 'ACTION'
112 #map ($settings{$_}= '',(@nosaved,'KEY1')); # and reinit var to empty
114 # Rebuild configuration file if needed
117 # Handle suricata related actions.
121 ERROR
: # Leave the faulty field untouched
123 #&General::readhash($setting, \%settings); # Get saved settings and reset to good if needed
126 ## Now manipulate the multi-line list with Settings2
128 # toggle the check box
129 # add/update a new line
130 # begin editing a line
134 # Toggle enable/disable field. Field is in second position
135 if ($settings{'ACTION'} eq $Lang::tr
{'toggle enable disable'}) {
137 chomp(@current[$settings{'KEY1'}]);
138 my @temp = split(/\,/,@current[$settings{'KEY1'}]);
139 $temp[1] = $temp[1] eq 'on' ?
'off' : 'on'; # Toggle the field
140 $temp[2] = '' if ( $temp[2] eq '' );
141 @current[$settings{'KEY1'}] = join (',',@temp)."\n";
142 $settings{'KEY1'} = ''; # End edit mode
144 &General
::log($Lang::tr
{'ip alias changed'});
147 open(FILE
, ">$datafile") or die 'Unable to open aliases file.';
151 # Rebuild configuration file
154 # Handle Suricata related actions.
158 if ($settings{'ACTION'} eq $Lang::tr
{'add'}) {
160 if (! &General
::validip
($settings{'IP'})) {$errormessage = "invalid ip"};
161 $settings{'NAME'} = &Header
::cleanhtml
($settings{'NAME'});
163 # Make sure we haven't duplicated an alias or RED
165 if ($settings{'IP'} eq $netsettings{'RED_ADDRESS'}) {
166 $errormessage = $Lang::tr
{'duplicate ip'} . ' (RED)';
169 #Check if we have an emtpy name
170 if (!$settings{'NAME'}){
171 $errormessage=$Lang::tr
{'fwhost err name1'};
172 }elsif(! &General
::validfqdn
($settings{'NAME'}) && ! &General
::validhostname
($settings{'NAME'})){
173 $errormessage=$Lang::tr
{'invalid hostname'};
176 foreach my $line (@current) {
178 my @temp = split (/\,/, $line);
179 if ( ($settings{'KEY1'} eq '')||(($settings{'KEY1'} ne '') && ($settings{'KEY1'} != $idx))) { # update
180 if ($temp[0] eq $settings{'IP'}) {
181 $errormessage .= $spacer.$Lang::tr
{'duplicate ip'};
184 if ($temp[2] eq $settings{'NAME'} && $temp[2] ne '') {
185 $errormessage .= $spacer.$Lang::tr
{'duplicate name'};
191 #Update firewallrules if aliasname is changed
192 if ($settings{'OLDNAME'} ne $settings {'NAME'}){
193 &General
::readhasharray
("$configfwdfw", \
%forward);
194 &General
::readhasharray
("$configinput", \
%input);
195 &General
::readhasharray
("$configoutgoing", \
%output);
197 foreach my $forwardkey (sort keys %forward){
198 if ($forward{$forwardkey}[29] eq $settings{'OLDNAME'}){
199 $forward{$forwardkey}[29] = $settings {'NAME'};
202 &General
::writehasharray
($configfwdfw, \
%forward);
204 foreach my $inputkey (sort keys %input){
205 if ($input{$inputkey}[6] eq $settings{'OLDNAME'}){
206 $input{$inputkey}[6] = $settings {'NAME'};
209 &General
::writehasharray
($configinput, \
%input);
211 foreach my $outputkey (sort keys %output){
212 if ($output{$outputkey}[4] eq $settings{'OLDNAME'}){
213 $output{$outputkey}[4] = $settings {'NAME'};
216 &General
::writehasharray
($configoutgoing, \
%output);
217 &General
::firewall_config_changed
;
219 #If Alias IP has changed, set firewall_config_changed
220 if($settings{'OLDIP'} ne $settings{'IP'} && $settings{'OLDIP'}){
221 &General
::firewall_config_changed
;
223 unless ($errormessage) {
224 if ($settings{'KEY1'} eq '') { #add or edit ?
225 unshift (@current, "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'},$settings{'INTERFACE'}\n");
226 &General
::log($Lang::tr
{'ip alias added'});
228 @current[$settings{'KEY1'}] = "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'},$settings{'INTERFACE'}\n";
229 $settings{'KEY1'} = ''; # End edit mode
230 &General
::log($Lang::tr
{'ip alias changed'});
233 # Write changes to config file.
234 &SortDataFile
; # sort newly added/modified entry
236 &BuildConfiguration
; # then re-build conf which use new data
238 # Handle Suricata related actions.
242 ## if entering data line is repetitive, choose here to not erase fields between each addition
244 map ($settings{$_}='' ,@nosaved); # Clear fields
248 if ($settings{'ACTION'} eq $Lang::tr
{'edit'}) {
250 my $line = @current[$settings{'KEY1'}]; # KEY1 is the index in current
252 my @temp = split(/\,/, $line);
255 ## move data fields to Setting2 for edition
257 $settings{'IP'}=$temp[0]; # Prepare the screen for editing
258 $settings{'ENABLED'}=$temp[1];
259 $settings{'NAME'}=$temp[2];
260 $settings{'INTERFACE'}=$temp[3];
263 if ($settings{'ACTION'} eq $Lang::tr
{'remove'}) {
264 splice (@current,$settings{'KEY1'},1); # Delete line
265 open(FILE
, ">$datafile") or die 'Unable to open aliases file.';
268 $settings{'KEY1'} = ''; # End remove mode
269 &General
::log($Lang::tr
{'ip alias removed'});
271 &BuildConfiguration
; # then re-build conf which use new data
273 # Handle Suricata related actions.
279 ## Check if sorting is asked
280 # If same column clicked, reverse the sort.
281 if ($ENV{'QUERY_STRING'} =~ /$sortstring/ ) {
282 my $newsort=$ENV{'QUERY_STRING'};
283 my $actual=$netsettings{'SORT_ALIASES'};
284 #Reverse actual sort ?
285 if ($actual =~ $newsort) {
287 if ($actual !~ 'Rev') {
292 $netsettings{'SORT_ALIASES'}=$newsort;
293 &General
::writehash
($setting, \
%netsettings);
295 $settings{'ACTION'} = 'SORT'; # Recreate 'ACTION'
298 # Default initial value
299 if ($settings{'ACTION'} eq '' ) { # First launch from GUI
300 $settings{'ENABLED'} ='on';
303 &Header
::openpage
($Lang::tr
{'external aliases configuration'}, 1, '');
304 &Header
::openbigbox
('100%', 'left', '', $errormessage);
305 my %checked =(); # Checkbox manipulations
309 &Header
::openbox
('100%', 'left', $Lang::tr
{'error messages'});
310 print "$errormessage ";
313 unless (( $netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ ) && ($netsettings{'RED_TYPE'} eq 'STATIC'))
315 &Header
::openbox
('100%', 'left', $Lang::tr
{'capswarning'});
317 <table style='width:100%;'>
319 <td class='boldbase' style='color:${Header::colourred};'><b>$Lang::tr{'aliases not active'}</b></td>
328 # Second check box is for editing the list
330 $checked{'ENABLED'}{'on'} = ($settings{'ENABLED'} eq 'on') ?
"checked='checked'" : '' ;
332 $selected{'INTERFACE'} = ();
333 foreach my $intf (@RED_INTERFACES) {
334 $selected{'INTERFACE'}{$intf} = ($settings{'INTERFACE'} eq $intf) ?
"selected" : "";
337 my $buttontext = $Lang::tr
{'add'};
338 if ($settings{'KEY1'} ne '') {
339 $buttontext = $Lang::tr
{'update'};
340 &Header
::openbox
('100%', 'left', $Lang::tr
{'edit an existing alias'});
342 &Header
::openbox
('100%', 'left', $Lang::tr
{'add new alias'});
345 #Edited line number (KEY1) passed until cleared by 'save' or 'remove' or 'new sort order'
347 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
348 <input type='hidden' name='KEY1' value='$settings{'KEY1'}' />
349 <input type='hidden' name='OLDNAME' value='$settings{'NAME'}' />
350 <input type='hidden' name='OLDIP' value='$settings{'IP'}' />
351 <table style='width:100%;'>
353 <td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}:</td>
354 <td><input type='text' name='NAME' value='$settings{'NAME'}' size='32' /></td>
355 <td class='base' style='text-align:right; color:${Header::colourred};'>$Lang::tr{'alias ip'}: </td>
356 <td><input type='text' name='IP' value='$settings{'IP'}' size='16' /></td>
359 if (scalar @RED_INTERFACES >= 2) {
361 <td class='base' style='color:${Header::colourred};'>$Lang::tr{'interface'}:</td>
363 <select name="INTERFACE">
364 <option value="">$Lang::tr{'aliases default interface'}</option>
367 # Print an option for each RED interface
368 foreach my $intf (@RED_INTERFACES) {
369 # Skip the default one
370 next if ($RED_INTERFACE eq $intf);
373 <option value="$intf" $selected{'INTERFACE'}{$intf}>$intf</option>
384 <td class='base' style='text-align:right;'>$Lang::tr{'enabled'} </td>
385 <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
390 <table style='width:100%;'>
392 <td style='text-align:right;'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td>
400 # Add visual indicators to column headings to show sort order - EO
404 if ($netsettings{'SORT_ALIASES'} eq 'NAMERev') {
405 $sortarrow1 = $Header::sortdn
;
406 } elsif ($netsettings{'SORT_ALIASES'} eq 'NAME') {
407 $sortarrow1 = $Header::sortup
;
408 } elsif ($netsettings{'SORT_ALIASES'} eq 'IPRev') {
409 $sortarrow2 = $Header::sortdn
;
411 $sortarrow2 = $Header::sortup
;
415 # Third box shows the list, in columns
417 # Columns headers may content a link. In this case it must be named in $sortstring
419 &Header
::openbox
('100%', 'left', $Lang::tr
{'current aliases'});
421 <table class='tbl' style='width:100%;'>
423 <th style='width:55%; text-align:center;'><a href='$ENV{'SCRIPT_NAME'}?NAME'><b>$Lang::tr{'name'}</b></a> $sortarrow1</th>
424 <th style='width:45%; text-align:center;'><a href='$ENV{'SCRIPT_NAME'}?IP'><b>$Lang::tr{'alias ip'}</b></a> $sortarrow2</th>
425 <th colspan='3' class='boldbase' style='width:5%; text-align:center;'><b>$Lang::tr{'action'}</b></th>
431 # Print each line of @current list
433 # each data line is splitted into @temp.
438 foreach my $line (@current) {
440 my @temp = split(/\,/,$line);
442 #Choose icon for checkbox
445 if ($temp[1] eq "on") {
447 $gdesc = $Lang::tr
{'click to disable'};
450 $gdesc = $Lang::tr
{'click to enable'};
454 if ($settings{'KEY1'} eq $key) {
455 $col="background-color:${Header::colouryellow};";
457 $col="background-color:${Header::table2colour};";
459 $col="background-color:${Header::table1colour};";
461 print "<tr style='$col'>";
463 my $address = $temp[0];
465 if ($temp[3] ne "") {
466 $address .= " @ $temp[3]";
470 <td style='text-align:center; $col'>$temp[2]</td>
471 <td style='text-align:center; $col'>$address</td>
473 <td style='text-align:center; $col'>
474 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
475 <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
476 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' />
477 <input type='hidden' name='KEY1' value='$key' />
481 <td style='text-align:center; $col'>
482 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
483 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
484 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
485 <input type='hidden' name='KEY1' value='$key' />
489 <td style='text-align:center; $col'>
490 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
491 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
492 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' />
493 <input type='hidden' name='KEY1' value='$key' />
503 # If table contains entries, print 'Key to action icons'
508 <td class='boldbase'> <b>$Lang::tr{'legend'}: </b></td>
509 <td><img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
510 <td class='base'>$Lang::tr{'click to disable'}</td>
511 <td> </td>
512 <td><img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
513 <td class='base'>$Lang::tr{'click to enable'}</td>
514 <td> </td>
515 <td><img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
516 <td class='base'>$Lang::tr{'edit'}</td>
517 <td> </td>
518 <td><img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
519 <td class='base'>$Lang::tr{'remove'}</td>
527 &Header
::closebigbox
();
528 &Header
::closepage
();
530 ## Ouf it's the end !
534 # Sort the "current" array according to choices
539 # Sort pair of record received in $a $b special vars.
540 # When IP is specified use numeric sort else alpha.
541 # If sortname ends with 'Rev', do reverse sort.
544 my $qs=''; # The sort field specified minus 'Rev'
545 if (rindex ($netsettings{'SORT_ALIASES'},'Rev') != -1) {
546 $qs=substr ($netsettings{'SORT_ALIASES'},0,length($netsettings{'SORT_ALIASES'})-3);
548 my @a = split(/\./,$entries{$a}->{$qs});
549 my @b = split(/\./,$entries{$b}->{$qs});
555 $entries{$b}->{$qs} cmp $entries{$a}->{$qs};
557 } else { #not reverse
558 $qs=$netsettings{'SORT_ALIASES'};
560 my @a = split(/\./,$entries{$a}->{$qs});
561 my @b = split(/\./,$entries{$b}->{$qs});
567 $entries{$a}->{$qs} cmp $entries{$b}->{$qs};
572 #Use an associative array (%entries)
574 foreach my $line (@current) {
575 chomp( $line); #remove newline because can be on field 5 or 6 (addition of REMARK)
576 my @temp = split (',',$line);
578 # Build a pair 'Field Name',value for each of the data dataline.
579 # Each SORTABLE field must have is pair.
580 # Other data fields (non sortable) can be grouped in one
583 # F1,F2,F3,F4,F5 only F1 F2 for sorting
584 # my @record = ('KEY',$key++,
587 # 'DATA',join(',',@temp[2..4]) ); #group remainning values, with separator (,)
589 # The KEY,key record permits doublons. If removed, then F1 becomes the key without doublon permitted.
592 my @record = ('KEY',$key++,'IP',$temp[0],'ENABLED',$temp[1],'NAME',$temp[2],'INTERFACE',$temp[3]);
593 my $record = {}; # create a reference to empty hash
594 %{$record} = @record; # populate that hash with @record
595 $entries{$record->{KEY
}} = $record; # add this to a hash of hashes
598 open(FILE
, ">$datafile") or die 'Unable to open aliases file.';
600 # Each field value is printed , with the newline ! Don't forget separator and order of them.
601 foreach my $entry (sort fixedleasesort
keys %entries) {
602 print FILE
"$entries{$entry}->{IP},$entries{$entry}->{ENABLED},$entries{$entry}->{NAME},$entries{$entry}->{INTERFACE}\n";
606 # Reload sorted @current
607 open (FILE
, "$datafile");
613 # Build the configuration file for application aliases
615 sub BuildConfiguration
{
616 # Restart service associated with this
617 &General
::system('/usr/local/bin/setaliases');
621 ## Handle Suricata related actions.
623 sub HandleSuricata
() {
624 # Check if suricata is running.
625 if(&IDS
::ids_is_running
()) {
626 # Re-generate file which contains the HOME_NET declaration.
627 &IDS
::generate_home_net_file
();
629 # Call suricatactrl to perform a restart of suricata.
630 &IDS
::call_suricatactrl
("restart");