From aeefcc9caa329cfd1ca8b8cdafdc845aab7507b2 Mon Sep 17 00:00:00 2001
From: Alexander Marx <amarx@ipfire.org>
Date: Sat, 11 Jan 2014 05:30:46 +0100
Subject: [PATCH] Firewall: modified firewall-groups so that they can be empty
 even if used in rules

Now one can create a group, use it in a rule and then delete every entry
from the group. (The firewallrule then will be displayed yellow and
disabled).
---
 html/cgi-bin/firewall.cgi  |  24 ++++++--
 html/cgi-bin/fwhosts.cgi   | 111 ++++++++++++++++++++++---------------
 html/cgi-bin/p2p-block.cgi |   0
 html/cgi-bin/shutdown.cgi  |   0
 html/cgi-bin/tor.cgi       |   0
 5 files changed, 87 insertions(+), 48 deletions(-)
 mode change 100755 => 100644 html/cgi-bin/firewall.cgi
 mode change 100755 => 100644 html/cgi-bin/p2p-block.cgi
 mode change 100755 => 100644 html/cgi-bin/shutdown.cgi
 mode change 100755 => 100644 html/cgi-bin/tor.cgi

diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
old mode 100755
new mode 100644
index ceaab566b..7ffe59c6f
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -1050,7 +1050,7 @@ END
 	if (! -z $configgrp || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
 		print"<tr><td valign='top'><input type='radio' name='$grp' id='cust_grp_$srctgt' value='cust_grp_$srctgt' $checked{$grp}{'cust_grp_'.$srctgt}></td><td >$Lang::tr{'fwhost cust grp'}</td><td align='right'><select name='cust_grp_$srctgt' style='width:200px;'>";
 		foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } keys %customgrp) {
-			if($helper ne $customgrp{$key}[0]){
+			if($helper ne $customgrp{$key}[0] && $customgrp{$key}[2] ne 'none'){
 				print"<option ";
 				print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $customgrp{$key}[0]);
 				print ">$customgrp{$key}[0]</option>";
@@ -1824,7 +1824,7 @@ END
 		&General::readhasharray("$configsrvgrp", \%customservicegrp);
 		my $helper;
 		foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
-			if ($helper ne $customservicegrp{$key}[0]){
+			if ($helper ne $customservicegrp{$key}[0] && $customservicegrp{$key}[2] ne 'none'){
 				print"<option ";
 				print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservicegrp{$key}[0]);
 				print">$customservicegrp{$key}[0]</option>";
@@ -1847,7 +1847,7 @@ END
 		print <<END;
 			<br>
 			<center>
-				<table width="80%" border="0">
+				<table width="80%" class='tbl'>
 					<tr>
 						<td width="33%" align="center" bgcolor="$color{'color17'}">
 							&nbsp;<br>&nbsp;
@@ -1884,7 +1884,6 @@ END
 
 			<br>
 END
-
 		#---Activate/logging/remark-------------------------------------
 		&Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
 		print<<END;
@@ -2298,6 +2297,8 @@ sub viewtablenew
 	&General::readhasharray("$config", $hash);
 	&General::readhasharray("$configccdnet", \%ccdnet);
 	&General::readhasharray("$configccdhost", \%ccdhost);
+	&General::readhasharray("$configgrp", \%customgrp);
+	&General::readhasharray("$configsrvgrp", \%customservicegrp);
 
 	&Header::openbox('100%', 'left', $title);
 	print "<table width='100%' cellspacing='0' class='tbl'>";
@@ -2401,6 +2402,21 @@ END
 					}
 				}
 			}
+			#check if networkgroups or servicegroups are empty
+			foreach my $netgroup (sort keys %customgrp){
+				if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $customgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){
+					$coloryellow='on';
+					&disable_rule($key);
+					$$hash{$key}[2]='';
+				}
+			}
+			foreach my $srvgroup (sort keys %customservicegrp){
+				if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservicegrp{$srvgroup}[2] eq 'none'){
+					$coloryellow='on';
+					&disable_rule($key);
+					$$hash{$key}[2]='';
+				}
+			}
 			$$hash{'ACTIVE'}=$$hash{$key}[2];
 			$count++;
 			if($coloryellow eq 'on'){
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index 16c91bdc0..baecde31a 100644
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -780,7 +780,7 @@ if ($fwhostsettings{'ACTION'} eq 'saveservicegrp')
 		}
 		#on update, we have to delete the dummy entry
 		foreach my $key (keys %customservicegrp){
-			if ($customservicegrp{$key}[2] eq 'none'){
+			if ($customservicegrp{$key}[2] eq 'none' && $customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'}){
 				delete $customservicegrp{$key};
 				last;
 			}
@@ -893,33 +893,22 @@ if ($fwhostsettings{'ACTION'} eq 'deletegrphost')
 	&General::readhasharray("$configgrp", \%customgrp);
 	foreach my $key (keys %customgrp){
 		if($customgrp{$key}[0].",".$customgrp{$key}[1].",".$customgrp{$key}[2].",".$customgrp{$key}[3] eq $fwhostsettings{'delhost'}){
-			#decrease count from source host/net
-			if ($customgrp{$key}[3] eq 'Custom Network'){
-				&General::readhasharray("$confignet", \%customnetwork);
-				foreach my $key1 (keys %customnetwork){
-						if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){
-						$customnetwork{$key1}[4] = $customnetwork{$key1}[4]-1;
-						last;
-					}
-				}
-				&General::writehasharray("$confignet", \%customnetwork);
-			}
-			if ($customgrp{$key}[3] eq 'Custom Host'){
-				&General::readhasharray("$confighost", \%customhost);
-				foreach my $key1 (keys %customhost){
-					if ($customhost{$key1}[0] eq $customgrp{$key}[2]){
-						$customhost{$key1}[4] = $customhost{$key1}[4]-1;
-						last;
-					}
-				}
-				&General::writehasharray("$confighost", \%customhost);
-			}
 			$grpname=$customgrp{$key}[0];
 			$grpremark=$customgrp{$key}[1];
-			delete $customgrp{$key};
+			#check if we delete the last entry, then generate dummy
+			if ($fwhostsettings{'last'} eq 'on'){
+				$customgrp{$key}[1] = '';
+				$customgrp{$key}[2] = 'none';
+				$customgrp{$key}[3] = '';
+				$fwhostsettings{'last'}='';
+				last;
+			}else{
+				delete $customgrp{$key};
+			}
 		}
 	}
 	&General::writehasharray("$configgrp", \%customgrp);
+	&General::firewall_config_changed();
 	if ($fwhostsettings{'grpcnt'} > 0){
 		&General::firewall_config_changed();
 	}
@@ -982,23 +971,20 @@ if ($fwhostsettings{'ACTION'} eq 'delgrpservice')
 	my $grpname;
 	my $grpremark;
 	&General::readhasharray("$configsrvgrp", \%customservicegrp);
-	&General::readhasharray("$configsrv", \%customservice);
 	foreach my $key (keys %customservicegrp){
 		if($customservicegrp{$key}[0].",".$customservicegrp{$key}[1].",".$customservicegrp{$key}[2] eq $fwhostsettings{'delsrvfromgrp'})
 		{
-			#decrease count from source service
-			foreach my $key1 (sort keys %customservice){
-				if($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
-					$customservice{$key1}[4]--;
-					last;
-				}
-			}
 			$grpname=$customservicegrp{$key}[0];
 			$grpremark=$customservicegrp{$key}[1];
-			delete $customservicegrp{$key};
+			if($fwhostsettings{'last'} eq 'on'){
+				$customservicegrp{$key}[2] = 'none';
+				$fwhostsettings{'last'} = '';
+				last;
+			}else{
+				delete $customservicegrp{$key};
+			}
 		}
 	}
-	&General::writehasharray("$configsrv", \%customservice);
 	&General::writehasharray("$configsrvgrp", \%customservicegrp);
 	&General::firewall_config_changed();
 	if ($fwhostsettings{'updatesrvgrp'} eq 'on'){
@@ -1007,7 +993,6 @@ if ($fwhostsettings{'ACTION'} eq 'delgrpservice')
 	}
 	&addservicegrp;
 	&viewtableservicegrp;
-	
 }
 if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newnet'})
 {
@@ -1497,11 +1482,11 @@ END
 			}elsif ($count % 2)
 			{ 
 				$col="bgcolor='$color{'color20'}'";
-				print" <tr>";# bgcolor='$color{'color20'}'>";
+				print" <tr>";
 			}else
 			{
 				$col="bgcolor='$color{'color22'}'";
-				print" <tr>";# bgcolor='$color{'color22'}'>";
+				print" <tr>";
 			}
 			my $colnet="$customnetwork{$key}[1]/".&General::subtocidr($customnetwork{$key}[2]);
 			my $netcount=&getnetcount($customnetwork{$key}[0]);
@@ -1655,10 +1640,19 @@ sub viewtablegrp
 	my $remark;
 	my $number;
 	my $delflag;
+	my @counter;
+	my %hash;
 	if (!keys %customgrp) 
 	{
 		print "<center><b>$Lang::tr{'fwhost err emptytable'}</b>";
 	}else{
+		#get all groups in a hash
+		foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort { ncmp($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){
+			push (@counter,$customgrp{$key}[0]);
+		}
+		foreach my $key1 (@counter) {
+			$hash{$key1}++ ;
+		}
 		foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort { ncmp($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){
 			$count++;
 			if ($helper ne $customgrp{$key}[0]){
@@ -1676,7 +1670,7 @@ sub viewtablegrp
 				if ($customgrp{$key}[2] eq "none"){$customgrp{$key}[2]=$Lang::tr{'fwhost err emptytable'};}
 				$grpname=$customgrp{$key}[0];
 				$remark="$customgrp{$key}[1]";
-				if($count gt 1){ print"</table>";}
+				if($count gt 1){ print"</table>";$count=1;}
 				print "<br><b><u>$grpname</u></b>&nbsp; &nbsp;";
 				print " <b>$Lang::tr{'remark'}:</b>&nbsp $remark &nbsp " if ($remark ne '');
 				my $netgrpcount=&getnetcount($grpname);
@@ -1694,10 +1688,10 @@ sub viewtablegrp
 				$col="bgcolor='${Header::colouryellow}'";
 			}elsif ($count %2 == 0){
 				print"<tr>";
-				$col="bgcolor='$color{'color22'}'";
+				$col="bgcolor='$color{'color20'}'";
 			}else{
 				print"<tr>";
-				$col="bgcolor='$color{'color20'}'";
+				$col="bgcolor='$color{'color22'}'";
 			}
 			my $ip=&getipforgroup($customgrp{$key}[2],$customgrp{$key}[3]);	
 			if ($ip eq ''){
@@ -1717,8 +1711,14 @@ sub viewtablegrp
 				$ip="$colip/".&General::subtocidr($colsub) if ($colsub);
 				print"<td align='center' $col ".&getcolor($colip).">".&Header::colorize($ip)."</td><td align='center' $col>$customgrp{$key}[3]</td><td width='1%' $col><form method='post'>";
 			}
-			if ($delflag > 1 && $ip ne ''){
+			if ($delflag > 0 && $ip ne ''){
 				print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
+				#check if this group has only one entry
+				foreach my $key2 (keys %hash) {
+					if ($hash{$key2}<2 && $key2 eq $customgrp{$key}[0]){
+						print "<input type='hidden' name='last' value='on'>"  ;
+					}
+				}
 			}
 			print"<input type='hidden' name='ACTION' value='deletegrphost'><input type='hidden' name='grpcnt' value='$customgrp{$key}[4]'><input type='hidden' name='update' value='$fwhostsettings{'update'}'><input type='hidden' name='delhost' value='$grpname,$remark,$customgrp{$key}[2],$customgrp{$key}[3]'></form></td></tr>";
 			
@@ -1793,11 +1793,15 @@ sub viewtableservicegrp
 	my $grpname;
 	my $remark;
 	my $helper;
+	my $helper1;
 	my $port;
 	my $protocol;
 	my $delflag;
 	my $grpcount=0;
 	my $col='';
+	my $lastentry=0;
+	my @counter;
+	my %hash;
 	if (! -z $configsrvgrp){
 		&Header::openbox('100%', 'left', $Lang::tr{'fwhost cust srvgrp'});
 		&General::readhasharray("$configsrvgrp", \%customservicegrp);
@@ -1806,6 +1810,12 @@ sub viewtableservicegrp
 		&General::readhasharray("$fwconfiginp", \%fwinp);
 		&General::readhasharray("$fwconfigout", \%fwout);
 		my $number= keys %customservicegrp;
+		foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } sort { ncmp($customservicegrp{$a}[2],$customservicegrp{$b}[2]) }keys %customservicegrp){
+			push (@counter,$customservicegrp{$key}[0]);
+		}
+		foreach my $key1 (@counter) {
+			$hash{$key1}++ ;
+		}
 		foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } sort { ncmp($customservicegrp{$a}[2],$customservicegrp{$b}[2]) }keys %customservicegrp){
 			$count++;
 			if ($helper ne $customservicegrp{$key}[0]){
@@ -1823,12 +1833,12 @@ sub viewtableservicegrp
 				}
 				$grpname=$customservicegrp{$key}[0];
 				if ($customservicegrp{$key}[2] eq "none"){
-					$customservicegrp{$key}[2]=$Lang::tr{'fwhost empty'};
+					$customservicegrp{$key}[2]=$Lang::tr{'fwhost err emptytable'};
 					$port='';
 					$protocol='';
 				}
 				$remark="$customservicegrp{$key}[1]";
-				if($count >=2){print"</table>";}
+				if($count >0){print"</table>";$count=1;}
 				print "<br><b><u>$grpname</u></b>&nbsp; &nbsp; ";
 				print "<b>$Lang::tr{'remark'}:</b>&nbsp; $remark " if ($remark ne '');
 				print "&nbsp; <b>$Lang::tr{'used'}:</b> $grpcount x";
@@ -1849,6 +1859,11 @@ sub viewtableservicegrp
 				print"<tr>";
 				$col="bgcolor='$color{'color22'}'";
 			}
+			#make lines yellow if it is a dummy entry
+			if ($customservicegrp{$key}[2] eq $Lang::tr{'fwhost err emptytable'}){
+				print"<tr>";
+				$col="bgcolor='${Header::colouryellow}'";
+			}
 			#Set fields if we use protocols in servicegroups
 			if ($customservicegrp{$key}[2] ne 'TCP' || $customservicegrp{$key}[2] ne 'UDP' || $customservicegrp{$key}[2] ne 'ICMP'){
 				$port='-';
@@ -1868,8 +1883,16 @@ sub viewtableservicegrp
 				}
 			}
 			print"<td align='center' $col>$port</td><td align='center' $col>$protocol</td><td width='1%' $col><form method='post'>";
-			if ($delflag gt '1'){
-				print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
+			if ($delflag gt '0'){
+				if ($customservicegrp{$key}[2] ne $Lang::tr{'fwhost err emptytable'}){
+					print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
+				}
+				#check if this group has only one entry
+				foreach my $key2 (keys %hash) {
+					if ($hash{$key2}<2 && $key2 eq $customservicegrp{$key}[0]){
+						print "<input type='hidden' name='last' value='on'>"  ;
+					}
+				}
 			}
 			print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'>";
 			if($protocol eq 'TCP' || $protocol eq 'UDP' || $protocol eq 'ICMP'){
diff --git a/html/cgi-bin/p2p-block.cgi b/html/cgi-bin/p2p-block.cgi
old mode 100755
new mode 100644
diff --git a/html/cgi-bin/shutdown.cgi b/html/cgi-bin/shutdown.cgi
old mode 100755
new mode 100644
diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi
old mode 100755
new mode 100644
-- 
2.39.2