function bindIP($ips, $object_id)
{
    $added_ips = array();
    foreach ($ips as $ip_port) {
        try {
            $ip_port_array = explode(':', $ip_port);
            if (count($ip_port_array) > 2) {
                showError("invaild ip: \${$ip_port}");
                continue;
            }
            $ip_bin = ip4_parse($ip_port_array[0]);
            $port = isset($ip_port_array[1]) ? $ip_port_array[1] : -1;
            if (getConfigVar('IPV4_JAYWALK') != 'yes' and NULL === getIPAddressNetworkId($ip_bin)) {
                showFuncMessage(__FUNCTION__, 'ERR1', array(ip_format($ip_bin)));
                continue;
            }
            bindIPToObject($ip_bin, $object_id, '', 'regular');
            $added_ips[ip_format($ip_bin)] = $port;
        } catch (InvalidArgException $e) {
            showError($e->getMessage());
            continue;
        }
    }
    return $added_ips;
}
Exemple #2
0
function renderNATv4ForObject($object_id)
{
    function printNewItemTR($alloclist)
    {
        printOpFormIntro('addNATv4Rule');
        echo "<tr align='center'><td>";
        printImageHREF('add', 'Add new NAT rule', TRUE);
        echo '</td><td>';
        printSelect(array('TCP' => 'TCP', 'UDP' => 'UDP', 'ALL' => 'ALL'), array('name' => 'proto'));
        echo "<select name='localip' tabindex=1>";
        foreach ($alloclist as $ip_bin => $alloc) {
            $ip = $alloc['addrinfo']['ip'];
            $name = (!isset($alloc['addrinfo']['name']) or !strlen($alloc['addrinfo']['name'])) ? '' : ' (' . niftyString($alloc['addrinfo']['name']) . ')';
            $osif = (!isset($alloc['osif']) or !strlen($alloc['osif'])) ? '' : $alloc['osif'] . ': ';
            echo "<option value='{$ip}'>{$osif}{$ip}{$name}</option>";
        }
        echo "</select>:<input type='text' name='localport' size='4' tabindex=2></td>";
        echo "<td><input type='text' name='remoteip' id='remoteip' size='10' tabindex=3>";
        echo "<a href='javascript:;' onclick='window.open(\"" . makeHrefForHelper('inet4list');
        echo "\", \"findobjectip\", \"height=700, width=400, location=no, menubar=no, resizable=yes, scrollbars=no, status=no, titlebar=no, toolbar=no\");'>";
        printImageHREF('find', 'Find object');
        echo "</a>";
        echo ":<input type='text' name='remoteport' size='4' tabindex=4></td><td></td>";
        echo "<td colspan=1><input type='text' name='description' size='20' tabindex=5></td><td>";
        printImageHREF('add', 'Add new NAT rule', TRUE, 6);
        echo "</td></tr></form>";
    }
    $focus = spotEntity('object', $object_id);
    amplifyCell($focus);
    echo "<center><h2>locally performed NAT</h2></center>";
    echo "<table class='widetable' cellpadding=5 cellspacing=0 border=0 align='center'>\n";
    echo "<tr><th></th><th>Match endpoint</th><th>Translate to</th><th>Target object</th><th>Comment</th><th>&nbsp;</th></tr>\n";
    if (getConfigVar('ADDNEW_AT_TOP') == 'yes') {
        printNewItemTR($focus['ipv4']);
    }
    foreach ($focus['nat4']['out'] as $pf) {
        $class = 'trerror';
        $osif = '';
        $localip_bin = ip4_parse($pf['localip']);
        if (isset($focus['ipv4'][$localip_bin])) {
            $class = $focus['ipv4'][$localip_bin]['addrinfo']['class'];
            $osif = $focus['ipv4'][$localip_bin]['osif'] . ': ';
        }
        echo "<tr class='{$class}'>";
        echo "<td>" . getOpLink(array('op' => 'delNATv4Rule', 'localip' => $pf['localip'], 'localport' => $pf['localport'], 'remoteip' => $pf['remoteip'], 'remoteport' => $pf['remoteport'], 'proto' => $pf['proto']), '', 'delete', 'Delete NAT rule') . "</td>";
        echo "<td>{$pf['proto']}/{$osif}" . getRenderedIPPortPair($pf['localip'], $pf['localport']);
        if (strlen($pf['local_addr_name'])) {
            echo ' (' . $pf['local_addr_name'] . ')';
        }
        echo "</td>";
        echo "<td>" . getRenderedIPPortPair($pf['remoteip'], $pf['remoteport']) . "</td>";
        $address = getIPAddress(ip4_parse($pf['remoteip']));
        echo "<td class='description'>";
        if (count($address['allocs'])) {
            foreach ($address['allocs'] as $bond) {
                echo mkA("{$bond['object_name']}({$bond['name']})", 'object', $bond['object_id']) . ' ';
            }
        } elseif (strlen($pf['remote_addr_name'])) {
            echo '(' . $pf['remote_addr_name'] . ')';
        }
        printOpFormIntro('updNATv4Rule', array('localip' => $pf['localip'], 'localport' => $pf['localport'], 'remoteip' => $pf['remoteip'], 'remoteport' => $pf['remoteport'], 'proto' => $pf['proto']));
        echo "</td><td class='description'>";
        echo "<input type='text' name='description' value='{$pf['description']}'></td><td>";
        printImageHREF('save', 'Save changes', TRUE);
        echo "</td></form></tr>";
    }
    if (getConfigVar('ADDNEW_AT_TOP') != 'yes') {
        printNewItemTR($focus['ipv4']);
    }
    echo "</table><br><br>";
    if (!count($focus['nat4'])) {
        return;
    }
    echo "<center><h2>arriving NAT connections</h2></center>";
    echo "<table class='widetable' cellpadding=5 cellspacing=0 border=0 align='center'>\n";
    echo "<tr><th></th><th>Source</th><th>Source objects</th><th>Target</th><th>Description</th></tr>\n";
    foreach ($focus['nat4']['in'] as $pf) {
        echo "<tr><td>" . getOpLink(array('op' => 'delNATv4Rule', 'localip' => $pf['localip'], 'localport' => $pf['localport'], 'remoteip' => $pf['remoteip'], 'remoteport' => $pf['remoteport'], 'proto' => $pf['proto']), '', 'delete', 'Delete NAT rule') . "</td>";
        echo "<td>{$pf['proto']}/" . getRenderedIPPortPair($pf['localip'], $pf['localport']) . "</td>";
        echo '<td class="description">' . mkA($pf['object_name'], 'object', $pf['object_id']);
        echo "</td><td>" . getRenderedIPPortPair($pf['remoteip'], $pf['remoteport']) . "</td>";
        echo "<td class='description'>{$pf['description']}</td></tr>";
    }
    echo "</table><br><br>";
}
Exemple #3
0
function createIPv4Prefix($range = '', $name = '', $is_connected = FALSE, $taglist = array(), $vlan_ck = NULL)
{
    // $range is in x.x.x.x/x format, split into ip/mask vars
    $rangeArray = explode('/', $range);
    if (count($rangeArray) != 2) {
        throw new InvalidRequestArgException('range', $range, 'Invalid IPv4 prefix');
    }
    $ip = $rangeArray[0];
    $mask = $rangeArray[1];
    $forbidden_ranges = array(constructIPRange("", 8), constructIPRange("ð", 4));
    $net = constructIPRange(ip4_parse($ip), $mask);
    foreach ($forbidden_ranges as $invalid_net) {
        if (IPNetContainsOrEqual($invalid_net, $net)) {
            throw new InvalidArgException('range', $range, 'Reserved IPv4 network');
        }
    }
    usePreparedInsertBlade('IPv4Network', array('ip' => ip4_bin2db($net['ip_bin']), 'mask' => $mask, 'name' => $name));
    $network_id = lastInsertID();
    if ($is_connected and $mask < 31) {
        updateV4Address($net['ip_bin'], 'network', 'yes');
        updateV4Address(ip_last($net), 'broadcast', 'yes');
    }
    produceTagsForNewRecord('ipv4net', $taglist, $network_id);
    if ($vlan_ck != NULL) {
        $ctx = getContext();
        fixContext(spotEntity('ipv4net', $network_id));
        if (permitted('ipv4net', '8021q', 'bind')) {
            commitSupplementVLANIPv4($vlan_ck, $network_id);
        }
        restoreContext($ctx);
    }
    return $network_id;
}
Exemple #4
0
function searchEntitiesByText($terms)
{
    $summary = array();
    if (preg_match(RE_IP4_ADDR, $terms)) {
        if ($net_id = getIPv4AddressNetworkId(ip4_parse($terms))) {
            $summary['ipv4addressbydq'][$terms] = array('net_id' => $net_id, 'ip' => $terms);
        }
    } elseif (FALSE !== ($ip_bin = ip6_checkparse($terms))) {
        if ($net_id = getIPv6AddressNetworkId($ip_bin)) {
            $summary['ipv6addressbydq'][$net_id] = array('net_id' => $net_id, 'ip' => $ip_bin);
        }
    } elseif (preg_match(RE_IP4_NET, $terms)) {
        list($base, $len) = explode('/', $terms);
        if (NULL !== ($net_id = getIPv4AddressNetworkId(ip4_parse($base), $len + 1))) {
            $summary['ipv4network'][$net_id] = spotEntity('ipv4net', $net_id);
        }
    } elseif (preg_match('@(.*)/(\\d+)$@', $terms, $matches) && FALSE !== ($ip_bin = ip6_checkparse($matches[1]))) {
        if (NULL !== ($net_id = getIPv6AddressNetworkId($ip_bin, $matches[2] + 1))) {
            $summary['ipv6network'][$net_id] = spotEntity('ipv6net', $net_id);
        }
    } else {
        // search by FQDN has special treatment - if single object found, do not search by other fields
        $object_id_by_fqdn = NULL;
        $domains = preg_split('/\\s*,\\s*/', strtolower(getConfigVar('SEARCH_DOMAINS')));
        if (!empty($domains) and $object_id = searchByMgmtHostname($terms)) {
            // get FQDN
            $attrs = getAttrValues($object_id);
            $fqdn = '';
            if (isset($attrs[3]['value'])) {
                $fqdn = strtolower(trim($attrs[3]['value']));
            }
            foreach ($domains as $domain) {
                if ('.' . $domain === substr($fqdn, -strlen($domain) - 1)) {
                    $object_id_by_fqdn = $object_id;
                    break;
                }
            }
        }
        if ($object_id_by_fqdn) {
            $summary['object'][$object_id_by_fqdn] = array('id' => $object_id_by_fqdn, 'method' => 'fqdn');
        } else {
            $summary['object'] = getObjectSearchResults($terms);
            $summary['ipv4addressbydescr'] = getIPv4AddressSearchResult($terms);
            $summary['ipv6addressbydescr'] = getIPv6AddressSearchResult($terms);
            $summary['ipv4network'] = getIPv4PrefixSearchResult($terms);
            $summary['ipv6network'] = getIPv6PrefixSearchResult($terms);
            $summary['ipv4rspool'] = getIPv4RSPoolSearchResult($terms);
            $summary['ipv4vs'] = getIPv4VServiceSearchResult($terms);
            $summary['user'] = getAccountSearchResult($terms);
            $summary['file'] = getFileSearchResult($terms);
            $summary['rack'] = getRackSearchResult($terms);
            $summary['vlan'] = getVLANSearchResult($terms);
        }
    }
    # Filter search results in a way in some realms to omit records, which the
    # user would not be able to browse anyway.
    if (isset($summary['object'])) {
        foreach ($summary['object'] as $key => $record) {
            if (!isolatedPermission('object', 'default', spotEntity('object', $record['id']))) {
                unset($summary['object'][$key]);
            }
        }
    }
    if (isset($summary['ipv4network'])) {
        foreach ($summary['ipv4network'] as $key => $netinfo) {
            if (!isolatedPermission('ipv4net', 'default', $netinfo)) {
                unset($summary['ipv4network'][$key]);
            }
        }
    }
    if (isset($summary['ipv6network'])) {
        foreach ($summary['ipv6network'] as $key => $netinfo) {
            if (!isolatedPermission('ipv6net', 'default', $netinfo)) {
                unset($summary['ipv6network'][$key]);
            }
        }
    }
    if (isset($summary['file'])) {
        foreach ($summary['file'] as $key => $fileinfo) {
            if (!isolatedPermission('file', 'default', $fileinfo)) {
                unset($summary['file'][$key]);
            }
        }
    }
    // clear empty search result realms
    foreach ($summary as $key => $data) {
        if (!count($data)) {
            unset($summary[$key]);
        }
    }
    return $summary;
}