firewall_aliases_import.php - pfSense - pfSense bugtracker

Bug #14013 » firewall_aliases_import.php

Amin Sadeghi, 02/23/2023 06:10 AM

    
      <?php

      /*

       * firewall_aliases_import.php

       *

       * part of pfSense (https://www.pfsense.org)

       * Copyright (c) 2004-2013 BSD Perimeter

       * Copyright (c) 2013-2016 Electric Sheep Fencing

       * Copyright (c) 2014-2023 Rubicon Communications, LLC (Netgate)

       * All rights reserved.

       *

       * Licensed under the Apache License, Version 2.0 (the "License");

       * you may not use this file except in compliance with the License.

       * You may obtain a copy of the License at

       *

       * http://www.apache.org/licenses/LICENSE-2.0

       *

       * Unless required by applicable law or agreed to in writing, software

       * distributed under the License is distributed on an "AS IS" BASIS,

       * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

       * See the License for the specific language governing permissions and

       * limitations under the License.

       */

      ##|+PRIV

      ##|*IDENT=page-firewall-alias-import

      ##|*NAME=Firewall: Alias: Import

      ##|*DESCR=Allow access to the 'Firewall: Alias: Import' page.

      ##|*MATCH=firewall_aliases_import.php*

      ##|-PRIV

      // Keywords not allowed in names, see globals.inc for list.

      global $pf_reserved_keywords;

      require_once("guiconfig.inc");

      require_once("util.inc");

      require_once("filter.inc");

      require_once("shaper.inc");

      $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firewall_aliases.php');

      $reserved_ifs = get_configured_interface_list(true);

      $pf_reserved_keywords = array_merge($pf_reserved_keywords, $reserved_ifs, $reserved_table_names);

      $tab = $_REQUEST['tab'];

      if (empty($tab)) {

      	$tab = 'ip';

      }

      $pgtitle = array(gettext("Firewall"), gettext("Aliases"), gettext("Bulk import"));

      $pglinks = array("", "firewall_aliases.php?tab=" . $tab, "@self");

      init_config_arr(array('aliases', 'alias'));

      $a_aliases = &$config['aliases']['alias'];

      if ($_POST) {

      	$reqdfields = explode(" ", "name aliasimport");

      	$reqdfieldsn = array(gettext("Name"), gettext("Aliases to import"));

      	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);

      	if (!is_validaliasname($_POST['name'])) {

      		$input_errors[] = invalidaliasnamemsg($_POST['name']);

      	}

      	/* check for name duplicates */

      	if (is_alias($_POST['name'])) {

      		$input_errors[] = gettext("An alias with this name already exists.");

      	}

      	/* Check for reserved keyword names */

      	foreach ($pf_reserved_keywords as $rk) {

      		if ($rk == $_POST['name']) {

      			$input_errors[] = sprintf(gettext("Cannot use a reserved keyword as an alias name: %s"), $rk);

      		}

      	}

      	/* check for name interface description conflicts */

      	foreach ($config['interfaces'] as $interface) {

      		if ($interface['descr'] == $_POST['name']) {

      			$input_errors[] = gettext("An interface description with this name already exists.");

      			break;

      		}

      	}

      	/* Is the description already used as an interface group name? */

      	if (is_array($config['ifgroups']['ifgroupentry'])) {

      		foreach ($config['ifgroups']['ifgroupentry'] as $ifgroupentry) {

      			if ($ifgroupentry['ifname'] == $_POST['name']) {

      				$input_errors[] = gettext("Sorry, an interface group with this name already exists.");

      			}

      		}

      	}

      	if ($_POST['aliasimport']) {

      		$tocheck = explode("\n", $_POST['aliasimport']);

      		$imported_ips = array();

      		$imported_descs = array();

      		$desc_len_err_found = false;

      		$desc_fmt_err_found = false;

      		if ($tab == "port") {

      			$alias_type = $tab;

      		} else {

      			$alias_type = "host";

      		}

      		foreach ($tocheck as $impline) {

      			$implinea = explode(" ", trim($impline), 2);

      			$impip = alias_idn_to_ascii($implinea[0]);

      			$impdesc = trim($implinea[1]);

      			if (strlen($impdesc) < 200) {

      				if ((strpos($impdesc, "||") === false) && (substr($impdesc, 0, 1) != "|") && (substr($impdesc, -1, 1) != "|")) {

      					if ($tab == "port") {

      						// Port alias

      						if (!empty($impip)) {

      							if (is_port_or_range($impip)) {

      								$imported_ips[] = $impip;

      								$imported_descs[] = $impdesc;

      							} else {

      								$input_errors[] = sprintf(gettext("%s is not a valid port or port range."), $impip);

      							}

      						}

      					} else {

      						// IP alias - host or network

      						$iprange_type = is_iprange($impip);

      						if ($iprange_type == 4) {

      							list($startip, $endip) = explode('-', $impip);

      							$rangesubnets = ip_range_to_subnet_array($startip, $endip);

      							$imported_ips = array_merge($imported_ips, $rangesubnets);

      							$rangedescs = array_fill(0, count($rangesubnets), $impdesc);

      							$imported_descs = array_merge($imported_descs, $rangedescs);

      						} else if ($iprange_type == 6) {

      							$input_errors[] = sprintf(gettext('IPv6 address ranges are not supported (%s)'), $impip);

      						} else {

      							$is_subnet = is_subnet($impip);

      							if (!is_ipaddr($impip) && !$is_subnet && !is_hostname($impip) && !empty($impip)) {

      								$input_errors[] = sprintf(gettext("%s is not an IP address. Please correct the error to continue"), $impip);

      							} elseif (!empty($impip)) {

      								if ($is_subnet) {

      									$alias_type = "network";

      								}

      								$imported_ips[] = $impip;

      								$imported_descs[] = $impdesc;

      							}

      						}

      					}

      				} else {

      					if (!$desc_fmt_err_found) {

      						$input_errors[] = gettext("Descriptions may not start or end with vertical bar (|) or contain double vertical bar ||.");

      						$desc_fmt_err_found = true;

      					}

      				}

      			} else {

      				if (!$desc_len_err_found) {

      					/* Note: The 200 character limit is just a practical check to avoid accidents */

      					/* if the user pastes a large number of IP addresses without line breaks.	 */

      					$input_errors[] = gettext("Descriptions must be less than 200 characters long.");

      					$desc_len_err_found = true;

      				}

      			}

      		}

      		unset($desc_len_err_found, $desc_fmt_err_found);

      	}

      	if (!$input_errors && is_array($imported_ips)) {

      		$alias = array();

      		$alias['address'] = implode(" ", $imported_ips);

      		$alias['detail'] = implode("||", $imported_descs);

      		$alias['name'] = $_POST['name'];

      		$alias['type'] = $alias_type;

      		$alias['descr'] = $_POST['descr'];

      		unset($imported_ips, $imported_descs);

      		$a_aliases[] = $alias;

      		// Sort list

      		$a_aliases = msort($a_aliases, "name");

      		if (write_config(gettext("Imported a firewall alias."))) {

      			mark_subsystem_dirty('aliases');

      		}

      		if (!empty($tab)) {

      			header("Location: firewall_aliases.php?tab=" . htmlspecialchars ($tab));

      		} else {

      			header("Location: firewall_aliases.php");

      		}

      		exit;

      	}

      }

      include("head.inc");

      if ($input_errors) {

      	print_input_errors($input_errors);

      }

      $form = new Form;

      $form->addGlobal(new Form_Input(

      	'tab',

      	null,

      	'hidden',

      	$tab

      ));

      if ($tab == "port") {

      	$sectiontext = gettext('Port Alias Details');

      	$helptext = gettext('Paste in the ports to import separated by a carriage return. ' .

      		'The list may contain port numbers, port ranges, blank lines (ignored) and ' .

      		'an optional description after each port. e.g.:') .

      		'</span><ul><li>' .

      		'22' .

      		'</li><li>' .

      		'1234:1250' .

      		'</li><li>' .

      		gettext('443 HTTPS port') .

      		'</li><li>' .

      		gettext('4000:4099 Description of a port range') .

      		'</li></ul><span class="help-block">';

      } else {

      	$sectiontext = gettext('IP Alias Details');

      	$helptext = gettext('Paste in the aliases to ' .

      		'import separated by a carriage return. Common examples are lists of IPs, ' .

      		'networks, blocklists, etc. The list may contain IP addresses, with or without ' .

      		'CIDR prefix, IP ranges, blank lines (ignored) and an optional description after ' .

      		'each IP. e.g.:') .

      		'</span><ul><li>' .

      		'172.16.1.2' .

      		'</li><li>' .

      		'172.16.0.0/24' .

      		'</li><li>' .

      		'10.11.12.100-10.11.12.200' .

      		'</li><li>' .

      		gettext('192.168.1.254 Home router') .

      		'</li><li>' .

      		gettext('10.20.0.0/16 Office network') .

      		'</li><li>' .

      		gettext('10.40.1.10-10.40.1.19 Managed switches') .

      		'</li></ul><span class="help-block">';

      }

      $section = new Form_Section($sectiontext);

      $section->addInput(new Form_Input(

      	'name',

      	'*Alias Name',

      	'text',

      	$_POST['name']

      ))->setPattern('[a-zA-Z0-9_]+')->setHelp('The name of the alias may only consist '.

      	'of the characters "a-z, A-Z, 0-9 and _".');

      $section->addInput(new Form_Input(

      	'descr',

      	'Description',

      	'text',

      	$_POST['descr']

      ))->setHelp('A description may be entered here for administrative reference (not parsed).');

      $section->addInput(new Form_Textarea(

      	'aliasimport',

      	'*Aliases to import',

      	$_POST["aliasimport"]

      ))->setHelp($helptext);

      $form->add($section);

      print $form;

      include("foot.inc");

« Previous
1
2
Next »

(2-2/2)

Project

General

Profile

pfSense

Bug #14013 » firewall_aliases_import.php