Project

General

Profile

Bug #14013 » firewall_aliases_import.php

Amin Sadeghi, 02/23/2023 06:10 AM

 
1
<?php
2
/*
3
 * firewall_aliases_import.php
4
 *
5
 * part of pfSense (https://www.pfsense.org)
6
 * Copyright (c) 2004-2013 BSD Perimeter
7
 * Copyright (c) 2013-2016 Electric Sheep Fencing
8
 * Copyright (c) 2014-2023 Rubicon Communications, LLC (Netgate)
9
 * All rights reserved.
10
 *
11
 * Licensed under the Apache License, Version 2.0 (the "License");
12
 * you may not use this file except in compliance with the License.
13
 * You may obtain a copy of the License at
14
 *
15
 * http://www.apache.org/licenses/LICENSE-2.0
16
 *
17
 * Unless required by applicable law or agreed to in writing, software
18
 * distributed under the License is distributed on an "AS IS" BASIS,
19
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20
 * See the License for the specific language governing permissions and
21
 * limitations under the License.
22
 */
23

    
24
##|+PRIV
25
##|*IDENT=page-firewall-alias-import
26
##|*NAME=Firewall: Alias: Import
27
##|*DESCR=Allow access to the 'Firewall: Alias: Import' page.
28
##|*MATCH=firewall_aliases_import.php*
29
##|-PRIV
30

    
31

    
32
// Keywords not allowed in names, see globals.inc for list.
33
global $pf_reserved_keywords;
34

    
35
require_once("guiconfig.inc");
36
require_once("util.inc");
37
require_once("filter.inc");
38
require_once("shaper.inc");
39

    
40
$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firewall_aliases.php');
41

    
42
$reserved_ifs = get_configured_interface_list(true);
43
$pf_reserved_keywords = array_merge($pf_reserved_keywords, $reserved_ifs, $reserved_table_names);
44

    
45
$tab = $_REQUEST['tab'];
46
if (empty($tab)) {
47
	$tab = 'ip';
48
}
49

    
50
$pgtitle = array(gettext("Firewall"), gettext("Aliases"), gettext("Bulk import"));
51
$pglinks = array("", "firewall_aliases.php?tab=" . $tab, "@self");
52

    
53
init_config_arr(array('aliases', 'alias'));
54
$a_aliases = &$config['aliases']['alias'];
55

    
56
if ($_POST) {
57
	$reqdfields = explode(" ", "name aliasimport");
58
	$reqdfieldsn = array(gettext("Name"), gettext("Aliases to import"));
59

    
60
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
61

    
62
	if (!is_validaliasname($_POST['name'])) {
63
		$input_errors[] = invalidaliasnamemsg($_POST['name']);
64
	}
65

    
66
	/* check for name duplicates */
67
	if (is_alias($_POST['name'])) {
68
		$input_errors[] = gettext("An alias with this name already exists.");
69
	}
70

    
71

    
72
	/* Check for reserved keyword names */
73
	foreach ($pf_reserved_keywords as $rk) {
74
		if ($rk == $_POST['name']) {
75
			$input_errors[] = sprintf(gettext("Cannot use a reserved keyword as an alias name: %s"), $rk);
76
		}
77
	}
78

    
79
	/* check for name interface description conflicts */
80
	foreach ($config['interfaces'] as $interface) {
81
		if ($interface['descr'] == $_POST['name']) {
82
			$input_errors[] = gettext("An interface description with this name already exists.");
83
			break;
84
		}
85
	}
86

    
87
	/* Is the description already used as an interface group name? */
88
	if (is_array($config['ifgroups']['ifgroupentry'])) {
89
		foreach ($config['ifgroups']['ifgroupentry'] as $ifgroupentry) {
90
			if ($ifgroupentry['ifname'] == $_POST['name']) {
91
				$input_errors[] = gettext("Sorry, an interface group with this name already exists.");
92
			}
93
		}
94
	}
95

    
96
	if ($_POST['aliasimport']) {
97
		$tocheck = explode("\n", $_POST['aliasimport']);
98
		$imported_ips = array();
99
		$imported_descs = array();
100
		$desc_len_err_found = false;
101
		$desc_fmt_err_found = false;
102
		if ($tab == "port") {
103
			$alias_type = $tab;
104
		} else {
105
			$alias_type = "host";
106
		}
107

    
108
		foreach ($tocheck as $impline) {
109
			$implinea = explode(" ", trim($impline), 2);
110
			$impip = alias_idn_to_ascii($implinea[0]);
111
			$impdesc = trim($implinea[1]);
112
			if (strlen($impdesc) < 200) {
113
				if ((strpos($impdesc, "||") === false) && (substr($impdesc, 0, 1) != "|") && (substr($impdesc, -1, 1) != "|")) {
114
					if ($tab == "port") {
115
						// Port alias
116
						if (!empty($impip)) {
117
							if (is_port_or_range($impip)) {
118
								$imported_ips[] = $impip;
119
								$imported_descs[] = $impdesc;
120
							} else {
121
								$input_errors[] = sprintf(gettext("%s is not a valid port or port range."), $impip);
122
							}
123
						}
124
					} else {
125
						// IP alias - host or network
126
						$iprange_type = is_iprange($impip);
127
						if ($iprange_type == 4) {
128
							list($startip, $endip) = explode('-', $impip);
129
							$rangesubnets = ip_range_to_subnet_array($startip, $endip);
130
							$imported_ips = array_merge($imported_ips, $rangesubnets);
131
							$rangedescs = array_fill(0, count($rangesubnets), $impdesc);
132
							$imported_descs = array_merge($imported_descs, $rangedescs);
133
						} else if ($iprange_type == 6) {
134
							$input_errors[] = sprintf(gettext('IPv6 address ranges are not supported (%s)'), $impip);
135
						} else {
136
							$is_subnet = is_subnet($impip);
137
							if (!is_ipaddr($impip) && !$is_subnet && !is_hostname($impip) && !empty($impip)) {
138
								$input_errors[] = sprintf(gettext("%s is not an IP address. Please correct the error to continue"), $impip);
139
							} elseif (!empty($impip)) {
140
								if ($is_subnet) {
141
									$alias_type = "network";
142
								}
143
								$imported_ips[] = $impip;
144
								$imported_descs[] = $impdesc;
145
							}
146
						}
147
					}
148
				} else {
149
					if (!$desc_fmt_err_found) {
150
						$input_errors[] = gettext("Descriptions may not start or end with vertical bar (|) or contain double vertical bar ||.");
151
						$desc_fmt_err_found = true;
152
					}
153
				}
154
			} else {
155
				if (!$desc_len_err_found) {
156
					/* Note: The 200 character limit is just a practical check to avoid accidents */
157
					/* if the user pastes a large number of IP addresses without line breaks.	 */
158
					$input_errors[] = gettext("Descriptions must be less than 200 characters long.");
159
					$desc_len_err_found = true;
160
				}
161
			}
162
		}
163
		unset($desc_len_err_found, $desc_fmt_err_found);
164
	}
165

    
166
	if (!$input_errors && is_array($imported_ips)) {
167
		$alias = array();
168
		$alias['address'] = implode(" ", $imported_ips);
169
		$alias['detail'] = implode("||", $imported_descs);
170
		$alias['name'] = $_POST['name'];
171
		$alias['type'] = $alias_type;
172
		$alias['descr'] = $_POST['descr'];
173
		unset($imported_ips, $imported_descs);
174
		$a_aliases[] = $alias;
175

    
176
		// Sort list
177
		$a_aliases = msort($a_aliases, "name");
178

    
179
		if (write_config(gettext("Imported a firewall alias."))) {
180
			mark_subsystem_dirty('aliases');
181
		}
182

    
183
		if (!empty($tab)) {
184
			header("Location: firewall_aliases.php?tab=" . htmlspecialchars ($tab));
185
		} else {
186
			header("Location: firewall_aliases.php");
187
		}
188

    
189
		exit;
190
	}
191
}
192

    
193
include("head.inc");
194

    
195
if ($input_errors) {
196
	print_input_errors($input_errors);
197
}
198

    
199
$form = new Form;
200
$form->addGlobal(new Form_Input(
201
	'tab',
202
	null,
203
	'hidden',
204
	$tab
205
));
206

    
207
if ($tab == "port") {
208
	$sectiontext = gettext('Port Alias Details');
209
	$helptext = gettext('Paste in the ports to import separated by a carriage return. ' .
210
		'The list may contain port numbers, port ranges, blank lines (ignored) and ' .
211
		'an optional description after each port. e.g.:') .
212
		'</span><ul><li>' .
213
		'22' .
214
		'</li><li>' .
215
		'1234:1250' .
216
		'</li><li>' .
217
		gettext('443 HTTPS port') .
218
		'</li><li>' .
219
		gettext('4000:4099 Description of a port range') .
220
		'</li></ul><span class="help-block">';
221
} else {
222
	$sectiontext = gettext('IP Alias Details');
223
	$helptext = gettext('Paste in the aliases to ' .
224
		'import separated by a carriage return. Common examples are lists of IPs, ' .
225
		'networks, blocklists, etc. The list may contain IP addresses, with or without ' .
226
		'CIDR prefix, IP ranges, blank lines (ignored) and an optional description after ' .
227
		'each IP. e.g.:') .
228
		'</span><ul><li>' .
229
		'172.16.1.2' .
230
		'</li><li>' .
231
		'172.16.0.0/24' .
232
		'</li><li>' .
233
		'10.11.12.100-10.11.12.200' .
234
		'</li><li>' .
235
		gettext('192.168.1.254 Home router') .
236
		'</li><li>' .
237
		gettext('10.20.0.0/16 Office network') .
238
		'</li><li>' .
239
		gettext('10.40.1.10-10.40.1.19 Managed switches') .
240
		'</li></ul><span class="help-block">';
241
}
242

    
243
$section = new Form_Section($sectiontext);
244

    
245
$section->addInput(new Form_Input(
246
	'name',
247
	'*Alias Name',
248
	'text',
249
	$_POST['name']
250
))->setPattern('[a-zA-Z0-9_]+')->setHelp('The name of the alias may only consist '.
251
	'of the characters "a-z, A-Z, 0-9 and _".');
252

    
253
$section->addInput(new Form_Input(
254
	'descr',
255
	'Description',
256
	'text',
257
	$_POST['descr']
258
))->setHelp('A description may be entered here for administrative reference (not parsed).');
259

    
260
$section->addInput(new Form_Textarea(
261
	'aliasimport',
262
	'*Aliases to import',
263
	$_POST["aliasimport"]
264
))->setHelp($helptext);
265

    
266
$form->add($section);
267
print $form;
268

    
269
include("foot.inc");
(2-2/2)