$pconfig['tunnel-remote-addr'] = $a_gifs[$id]['tunnel-remote-addr'];
    $pconfig['link1'] = isset($a_gifs[$id]['link1']);
    $pconfig['link0'] = isset($a_gifs[$id]['link0']);
    $pconfig['descr'] = $a_gifs[$id]['descr'];
}
if ($_POST) {
    unset($input_errors);
    $pconfig = $_POST;
    /* input validation */
    $reqdfields = explode(" ", "if remote-addr tunnel-local-addr tunnel-remote-addr tunnel-remote-net");
    $reqdfieldsn = array(gettext("Parent interface"), gettext("gif remote address"), gettext("gif tunnel local address"), gettext("gif tunnel remote address"), gettext("gif tunnel remote netmask"));
    do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
    if (!is_ipaddr($_POST['tunnel-local-addr']) || !is_ipaddr($_POST['tunnel-remote-addr']) || !is_ipaddr($_POST['remote-addr'])) {
        $input_errors[] = gettext("The tunnel local and tunnel remote fields must have valid IP addresses.");
    }
    if (!is_numericint($_POST['tunnel-remote-net'])) {
        $input_errors[] = gettext("The gif tunnel subnet must be an integer.");
    }
    if (is_ipaddrv4($_POST['tunnel-local-addr'])) {
        if (!is_ipaddrv4($_POST['tunnel-remote-addr'])) {
            $input_errors[] = gettext("The gif tunnel remote address must be IPv4 where tunnel local address is IPv4.");
        }
        if ($_POST['tunnel-remote-net'] > 32 || $_POST['tunnel-remote-net'] < 1) {
            $input_errors[] = gettext("The gif tunnel subnet must be an integer between 1 and 32.");
        }
    }
    if (is_ipaddrv6($_POST['tunnel-local-addr'])) {
        if (!is_ipaddrv6($_POST['tunnel-remote-addr'])) {
            $input_errors[] = gettext("The gif tunnel remote address must be IPv6 where tunnel local address is IPv6.");
        }
        if ($_POST['tunnel-remote-net'] > 128 || $_POST['tunnel-remote-net'] < 1) {
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
require_once "guiconfig.inc";
require_once "/usr/local/pkg/snort/snort.inc";
global $g;
$snortdir = SNORTDIR;
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
    $id = $_POST['id'];
} elseif (isset($_GET['id']) && is_numericint($_GET['id'])) {
    $id = htmlspecialchars($_GET['id']);
}
if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) {
    $eng_id = $_POST['eng_id'];
} elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) {
    $eng_id = htmlspecialchars($_GET['eng_id']);
}
if (is_null($id)) {
    // Clear and close out any session variable we created
    session_start();
    unset($_SESSION['ftp_client_import']);
    session_write_close();
    header("Location: /snort/snort_interfaces.php");
    exit;
}
if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
    $config['installedpackages']['snortglobal']['rule'] = array();
}
if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['ftp_client_engine']['item'])) {
    $config['installedpackages']['snortglobal']['rule'][$id]['ftp_client_engine']['item'] = array();
    $config['dhcpd'][$if]['staticmap'] = array();
}
if (!is_array($config['dhcpd'][$if]['pool'])) {
    $config['dhcpd'][$if]['pool'] = array();
}
$a_pools =& $config['dhcpd'][$if]['pool'];
$static_arp_enabled = isset($config['dhcpd'][$if]['staticarp']);
$netboot_enabled = isset($config['dhcpd'][$if]['netboot']);
$a_maps =& $config['dhcpd'][$if]['staticmap'];
$ifcfgip = get_interface_ip($if);
$ifcfgsn = get_interface_subnet($if);
$ifcfgdescr = convert_friendly_interface_to_friendly_descr($if);
if (is_numericint($_GET['id'])) {
    $id = $_GET['id'];
}
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
    $id = $_POST['id'];
}
if (isset($id) && $a_maps[$id]) {
    $pconfig['mac'] = $a_maps[$id]['mac'];
    $pconfig['cid'] = $a_maps[$id]['cid'];
    $pconfig['hostname'] = $a_maps[$id]['hostname'];
    $pconfig['ipaddr'] = $a_maps[$id]['ipaddr'];
    $pconfig['filename'] = $a_maps[$id]['filename'];
    $pconfig['rootpath'] = $a_maps[$id]['rootpath'];
    $pconfig['descr'] = $a_maps[$id]['descr'];
    $pconfig['arp_table_static_entry'] = isset($a_maps[$id]['arp_table_static_entry']);
    $pconfig['deftime'] = $a_maps[$id]['defaultleasetime'];
    $pconfig['maxtime'] = $a_maps[$id]['maxleasetime'];
    $pconfig['gateway'] = $a_maps[$id]['gateway'];
    $pconfig['domain'] = $a_maps[$id]['domain'];
     $input_errors[] = gettext("Timeout needs to be an integer.");
 }
 if ($_POST['fwdelay'] && !is_numericint($_POST['fwdelay'])) {
     $input_errors[] = gettext("Forward Delay needs to be an integer between 4 and 30.");
 }
 if ($_POST['hellotime'] && !is_numericint($_POST['hellotime'])) {
     $input_errors[] = gettext("Hello time for STP needs to be an integer between 1 and 2.");
 }
 if ($_POST['priority'] && !is_numericint($_POST['priority'])) {
     $input_errors[] = gettext("Priority for STP needs to be an integer between 0 and 61440.");
 }
 if ($_POST['holdcnt'] && !is_numericint($_POST['holdcnt'])) {
     $input_errors[] = gettext("Transmit Hold Count for STP needs to be an integer between 1 and 10.");
 }
 foreach ($ifacelist as $ifn => $ifdescr) {
     if ($_POST[$ifn] != "" && !is_numericint($_POST[$ifn])) {
         $input_errors[] = sprintf(gettext("%s interface priority for STP needs to be an integer between 0 and 240."), $ifdescr);
     }
 }
 $i = 0;
 foreach ($ifacelist as $ifn => $ifdescr) {
     if ($_POST["{$ifn}{$i}"] != "" && !is_numeric($_POST["{$ifn}{$i}"])) {
         $input_errors[] = sprintf(gettext("%s interface path cost for STP needs to be an integer between 1 and 200000000."), $ifdescr);
     }
     $i++;
 }
 if (!is_array($_POST['members']) || count($_POST['members']) < 1) {
     $input_errors[] = gettext("At least one member interface must be selected for a bridge.");
 }
 if (is_array($_POST['static'])) {
     foreach ($_POST['static'] as $ifstatic) {
     if ($_POST['raminrtradvinterval'] < "3") {
         $input_errors[] = gettext("Minimum advertisement interval must be no less than 3.");
     }
     if ($_POST['ramaxrtradvinterval'] && $_POST['raminrtradvinterval'] > 0.75 * $_POST['ramaxrtradvinterval']) {
         $input_errors[] = gettext("Minimum advertisement interval must be no greater than 0.75 * Maximum advertisement interval");
     }
 }
 if ($_POST['ramaxrtradvinterval']) {
     if (!is_numericint($_POST['ramaxrtradvinterval'])) {
         $input_errors[] = gettext("Maximum advertisement interval must be an integer.");
     }
     if ($_POST['ramaxrtradvinterval'] < "4" || $_POST['ramaxrtradvinterval'] > "1800") {
         $input_errors[] = gettext("Maximum advertisement interval must be no less than 4 and no greater than 1800.");
     }
 }
 if ($_POST['raadvdefaultlifetime'] && !is_numericint($_POST['raadvdefaultlifetime'])) {
     $input_errors[] = gettext("Router lifetime must be an integer between 1 and 9000.");
 }
 if (!$input_errors) {
     if (!is_array($config['dhcpdv6'][$if])) {
         $config['dhcpdv6'][$if] = array();
     }
     $config['dhcpdv6'][$if]['ramode'] = $_POST['ramode'];
     $config['dhcpdv6'][$if]['rapriority'] = $_POST['rapriority'];
     $config['dhcpdv6'][$if]['rainterface'] = $_POST['rainterface'];
     $config['dhcpdv6'][$if]['ravalidlifetime'] = $_POST['ravalidlifetime'];
     $config['dhcpdv6'][$if]['rapreferredlifetime'] = $_POST['rapreferredlifetime'];
     $config['dhcpdv6'][$if]['raminrtradvinterval'] = $_POST['raminrtradvinterval'];
     $config['dhcpdv6'][$if]['ramaxrtradvinterval'] = $_POST['ramaxrtradvinterval'];
     $config['dhcpdv6'][$if]['raadvdefaultlifetime'] = $_POST['raadvdefaultlifetime'];
     $config['dhcpdv6'][$if]['radomainsearchlist'] = $_POST['radomainsearchlist'];
 if ($_POST['udpmultipletimeout'] && !is_numericint($_POST['udpmultipletimeout'])) {
     $input_errors[] = gettext("The UDP multiple timeout value must be an integer.");
 }
 if ($_POST['icmpfirsttimeout'] && !is_numericint($_POST['icmpfirsttimeout'])) {
     $input_errors[] = gettext("The ICMP first timeout value must be an integer.");
 }
 if ($_POST['icmperrortimeout'] && !is_numericint($_POST['icmperrortimeout'])) {
     $input_errors[] = gettext("The ICMP error timeout value must be an integer.");
 }
 if ($_POST['otherfirsttimeout'] && !is_numericint($_POST['otherfirsttimeout'])) {
     $input_errors[] = gettext("The Other first timeout value must be an integer.");
 }
 if ($_POST['othersingletimeout'] && !is_numericint($_POST['othersingletimeout'])) {
     $input_errors[] = gettext("The Other single timeout value must be an integer.");
 }
 if ($_POST['othermultipletimeout'] && !is_numericint($_POST['othermultipletimeout'])) {
     $input_errors[] = gettext("The Other multiple timeout value must be an integer.");
 }
 ob_flush();
 flush();
 if (!$input_errors) {
     if ($_POST['disablefilter'] == "yes") {
         $config['system']['disablefilter'] = "enabled";
     } else {
         unset($config['system']['disablefilter']);
     }
     if ($_POST['disablevpnrules'] == "yes") {
         $config['system']['disablevpnrules'] = true;
     } else {
         unset($config['system']['disablevpnrules']);
     }
 if ($_POST['pppoe_resetminute'] != "" && !is_numericint($_POST['pppoe_resetminute']) && $_POST['pppoe_resetminute'] >= 0 && $_POST['pppoe_resetminute'] <= 59) {
     $input_errors[] = gettext("PPPoE yeniden başlatma dakikası (0-59) arasında olmalıdır.");
 }
 if ($_POST['pppoe_resetdate'] != "" && !is_numeric(str_replace("/", "", $_POST['pppoe_resetdate']))) {
     $input_errors[] = gettext("PPPoE yeniden başlatma tarih değeri (mm/dd/yyyy) bu şekilde tanımlanmalıdır.");
 }
 if ($_POST['pptp_local'] && !is_ipaddr($_POST['pptp_local'])) {
     $input_errors[] = "Geçerli bir PPTP yerel IP adresi tanımlanmalıdır.";
 }
 if ($_POST['pptp_subnet'] && !is_numeric($_POST['pptp_subnet'])) {
     $input_errors[] = "Geçerli bir PPTP subnet bit count tanımlanmalıdır.";
 }
 if ($_POST['pptp_remote'] && !is_ipaddr($_POST['pptp_remote'])) {
     $input_errors[] = "PPTP uzak IP için geçerli bir IP adresi tanımlanmaldır.";
 }
 if ($_POST['pptp_idletimeout'] != "" && !is_numericint($_POST['pptp_idletimeout'])) {
     $input_errors[] = "idle timeout bir tamsayı olmak zorundadır.";
 }
 if ($_POST['spoofmac'] && !is_macaddr($_POST['spoofmac'])) {
     $input_errors[] = "Geçerli bir MAC adresi tanımlanmalıdır.";
 }
 if ($_POST['mtu'] && ($_POST['mtu'] < 576 || $_POST['mtu'] > 1500)) {
     $input_errors[] = "MTU değeri 576 ile 1500 byte arasında olmalıdır.";
 }
 /* Wireless interface? */
 if (isset($wancfg['wireless'])) {
     $wi_input_errors = wireless_config_post();
     if ($wi_input_errors) {
         $input_errors = array_merge($input_errors, $wi_input_errors);
     }
 }
                unset($a_vip[$_GET['id']]);
                interface_proxyarp_configure($viface);
            } else {
                interface_vip_bring_down($a_vip[$_GET['id']]);
                unset($a_vip[$_GET['id']]);
            }
            if (count($config['virtualip']['vip']) == 0) {
                unset($config['virtualip']['vip']);
            }
            write_config();
            header("Location: firewall_virtual_ip.php");
            exit;
        }
    }
} else {
    if ($_GET['changes'] == "mods" && is_numericint($_GET['id'])) {
        $id = $_GET['id'];
    }
}
$pgtitle = array(gettext("Firewall"), gettext("Virtual IP Addresses"));
include "head.inc";
$main_buttons = array(array('href' => 'firewall_virtual_ip_edit.php', 'label' => 'Add'));
?>
<body>
<?php 
include "fbegin.inc";
?>

	<section class="page-content-main">
		<div class="container-fluid">
			<div class="row">
 $reqdfieldsn = array(gettext("Server address"), gettext("Remote start address"));
 if ($_POST['radiusenable']) {
     $reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret"));
     $reqdfieldsn = array_merge($reqdfieldsn, array(gettext("RADIUS server address"), gettext("RADIUS shared secret")));
 }
 do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
 if ($_POST['localip'] && !is_ipaddr($_POST['localip'])) {
     $input_errors[] = gettext("A valid server address must be specified.");
 }
 if ($_POST['remoteip'] && !is_ipaddr($_POST['remoteip'])) {
     $input_errors[] = gettext("A valid remote start address must be specified.");
 }
 if ($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver'])) {
     $input_errors[] = gettext("A valid RADIUS server address must be specified.");
 }
 if (!is_numericint($_POST['n_pppoe_units']) || $_POST['n_pppoe_units'] > 255) {
     $input_errors[] = gettext("Number of PPPoE users must be between 1 and 255");
 }
 if (!is_numeric($_POST['pppoe_subnet']) || $_POST['pppoe_subnet'] < 0 || $_POST['pppoe_subnet'] > 32) {
     $input_errors[] = gettext("Subnet mask must be an interger between 0 and 32");
 }
 $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['pppoe_subnet']);
 $subnet_start = ip2ulong($_POST['remoteip']);
 $subnet_end = ip2ulong($_POST['remoteip']) + $_POST['pppoe_subnet'] - 1;
 if (ip2ulong($_POST['localip']) >= $subnet_start && ip2ulong($_POST['localip']) <= $subnet_end) {
     $input_errors[] = gettext("The specified server address lies in the remote subnet.");
 }
 if ($_POST['localip'] == get_interface_ip($_POST['interface'])) {
     $input_errors[] = gettext("The specified server address is equal to an interface ip address.");
 }
 for ($x = 0; $x < 4999; $x++) {
 if (!empty($_POST['adaptiveend']) && !is_numericint($_POST['adaptiveend'])) {
     $input_errors[] = gettext("The Firewall Adaptive End value must be an integer.");
 }
 if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) {
     $input_errors[] = gettext("The Firewall Maximum States value must be an integer.");
 }
 if ($_POST['aliasesresolveinterval'] && !is_numericint($_POST['aliasesresolveinterval'])) {
     $input_errors[] = gettext("The Aliases Hostname Resolve Interval value must be an integer.");
 }
 if ($_POST['maximumtableentries'] && !is_numericint($_POST['maximumtableentries'])) {
     $input_errors[] = gettext("The Firewall Maximum Table Entries value must be an integer.");
 }
 if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) {
     $input_errors[] = gettext("The TCP idle timeout must be an integer.");
 }
 if ($_POST['reflectiontimeout'] && !is_numericint($_POST['reflectiontimeout'])) {
     $input_errors[] = gettext("The Reflection timeout must be an integer.");
 }
 ob_flush();
 flush();
 if (!$input_errors) {
     if ($_POST['disablefilter'] == "yes") {
         $config['system']['disablefilter'] = "enabled";
     } else {
         unset($config['system']['disablefilter']);
     }
     if ($_POST['disablevpnrules'] == "yes") {
         $config['system']['disablevpnrules'] = true;
     } else {
         unset($config['system']['disablevpnrules']);
     }
 *
 */
##|+PRIV
##|*IDENT=page-system-usermanager
##|*NAME=System: User Manager
##|*DESCR=Allow access to the 'System: User Manager' page.
##|*MATCH=system_usermanager.php*
##|-PRIV
require "certs.inc";
require "guiconfig.inc";
// start admin user code
$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users"));
if (isset($_POST['userid']) && is_numericint($_POST['userid'])) {
    $id = $_POST['userid'];
}
if (isset($_GET['userid']) && is_numericint($_GET['userid'])) {
    $id = $_GET['userid'];
}
if (!isset($config['system']['user']) || !is_array($config['system']['user'])) {
    $config['system']['user'] = array();
}
$a_user =& $config['system']['user'];
$act = $_GET['act'];
if (isset($_SERVER['HTTP_REFERER'])) {
    $referer = $_SERVER['HTTP_REFERER'];
} else {
    $referer = '/system_usermanager.php';
}
if (isset($id) && $a_user[$id]) {
    $pconfig['usernamefld'] = $a_user[$id]['name'];
    $pconfig['descr'] = $a_user[$id]['descr'];
 if ($_POST['destination_subnet'] && !is_numericint($_POST['destination_subnet'])) {
     $input_errors[] = gettext("A valid destination bit count must be specified.");
 }
 if ($_POST['destination_type'] == "any") {
     if ($_POST['destination_not']) {
         $input_errors[] = gettext("Negating destination address of \"any\" is invalid.");
     }
 }
 if ($_POST['target'] && !is_ipaddr($_POST['target']) && !is_subnet($_POST['target']) && !is_alias($_POST['target']) && !isset($_POST['nonat']) && !($_POST['target'] == "other-subnet")) {
     $input_errors[] = gettext("A valid target IP address must be specified.");
 }
 if ($_POST['target'] == "other-subnet") {
     if (!is_ipaddr($_POST['targetip'])) {
         $input_errors[] = gettext("A valid target IP must be specified when using the 'Other Subnet' type.");
     }
     if (!is_numericint($_POST['targetip_subnet'])) {
         $input_errors[] = gettext("A valid target bit count must be specified when using the 'Other Subnet' type.");
     }
 }
 /* Verify Pool Options */
 $poolopts = "";
 if ($_POST['poolopts']) {
     if (is_subnet($_POST['target']) || $_POST['target'] == "other-subnet") {
         $poolopts = $_POST['poolopts'];
     } elseif (is_alias($_POST['target'])) {
         if (substr($_POST['poolopts'], 0, 11) == "round-robin") {
             $poolopts = $_POST['poolopts'];
         } else {
             $input_errors[] = gettext("Only Round Robin pool options may be chosen when selecting an alias.");
         }
     }
 if ($_POST['localip'] && !is_ipaddr($_POST['localip'])) {
     $input_errors[] = gettext("A valid server address must be specified.");
 }
 if ($_POST['remoteip'] && !is_ipaddr($_POST['remoteip'])) {
     $input_errors[] = gettext("A valid remote start address must be specified.");
 }
 if ($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver'])) {
     $input_errors[] = gettext("A valid RADIUS server address must be specified.");
 }
 if (!is_numericint($_POST['n_pppoe_units']) || $_POST['n_pppoe_units'] > 255) {
     $input_errors[] = gettext("Number of PPPoE users must be between 1 and 255");
 }
 if (!is_numericint($_POST['n_pppoe_maxlogin']) || $_POST['n_pppoe_maxlogin'] > 255) {
     $input_errors[] = gettext("User Max Logins must be between 1 and 255");
 }
 if (!is_numericint($_POST['pppoe_subnet']) || $_POST['pppoe_subnet'] > 32) {
     $input_errors[] = gettext("Subnet mask must be an interger between 0 and 32");
 }
 $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['pppoe_subnet']);
 if (is_inrange_v4($_POST['localip'], $_POST['remoteip'], ip_after($_POST['remoteip'], $_POST['pppoe_subnet'] - 1))) {
     $input_errors[] = gettext("The specified server address lies in the remote subnet.");
 }
 if ($_POST['localip'] == get_interface_ip($_POST['interface'])) {
     $input_errors[] = gettext("The specified server address is equal to an interface ip address.");
 }
 for ($x = 0; $x < 4999; $x++) {
     if ($_POST["username{$x}"]) {
         if (empty($_POST["password{$x}"])) {
             $input_errors[] = sprintf(gettext("No password specified for username %s"), $_POST["username{$x}"]);
         }
         if ($_POST["ip{$x}"] != "" && !is_ipaddr($_POST["ip{$x}"])) {
if (is_numericint($_GET['id'])) {
    $id = $_GET['id'];
}
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
    $id = $_POST['id'];
}
if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
    $id = $_GET['dup'];
}
if (isset($id) && $a_routes[$id]) {
    list($pconfig['network'], $pconfig['network_subnet']) = explode('/', $a_routes[$id]['network']);
    $pconfig['gateway'] = $a_routes[$id]['gateway'];
    $pconfig['descr'] = $a_routes[$id]['descr'];
    $pconfig['disabled'] = isset($a_routes[$id]['disabled']);
}
if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
    unset($id);
}
if ($_POST) {
    global $aliastable;
    unset($input_errors);
    $pconfig = $_POST;
    /* input validation */
    $reqdfields = explode(" ", "network network_subnet gateway");
    $reqdfieldsn = explode(",", gettext("Destination network") . "," . gettext("Destination network bit count") . "," . gettext("Gateway"));
    do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
    if ($_POST['network'] && !is_ipaddr($_POST['network']) && !is_alias($_POST['network'])) {
        $input_errors[] = gettext("A valid IPv4 or IPv6 destination network must be specified.");
    }
    if ($_POST['network_subnet'] && !is_numeric($_POST['network_subnet'])) {
        $input_errors[] = gettext("A valid destination network bit count must be specified.");
Exemple #15
0
 if (is_ipaddr_configured($_POST['localip'])) {
     $input_errors[] = gettext("'Server address' parameter should NOT be set to any IP address currently in use on this firewall.");
 }
 if ($_POST['l2tp_subnet'] && !is_ipaddr($_POST['remoteip'])) {
     $input_errors[] = gettext("A valid remote start address must be specified.");
 }
 if ($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver'])) {
     $input_errors[] = gettext("A valid RADIUS server address must be specified.");
 }
 if ($_POST['secret'] != $_POST['secret_confirm']) {
     $input_errors[] = gettext("Secret and confirmation must match");
 }
 if ($_POST['radiussecret'] != $_POST['radiussecret_confirm']) {
     $input_errors[] = gettext("Secret and confirmation must match");
 }
 if (!is_numericint($_POST['n_l2tp_units']) || $_POST['n_l2tp_units'] > 255) {
     $input_errors[] = gettext("Number of L2TP users must be between 1 and 255");
 }
 /* if this is an AJAX caller then handle via JSON */
 if (isAjax() && is_array($input_errors)) {
     input_errors2Ajax($input_errors);
     exit;
 }
 if (!$input_errors) {
     $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['l2tp_subnet']);
     $subnet_start = ip2ulong($_POST['remoteip']);
     $subnet_end = ip2ulong($_POST['remoteip']) + $_POST['n_l2tp_units'] - 1;
     if (ip2ulong($_POST['localip']) >= $subnet_start && ip2ulong($_POST['localip']) <= $subnet_end) {
         $input_errors[] = gettext("The specified server address lies in the remote subnet.");
     }
     if ($_POST['localip'] == get_interface_ip("lan")) {
     header("Location: /suricata/suricata_barnyard.php");
     exit;
 }
 // Check that at least one output plugin is enabled
 if ($_POST['barnyard_mysql_enable'] != 'on' && $_POST['barnyard_syslog_enable'] != 'on' && $_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on") {
     $input_errors[] = gettext("You must enable at least one output option when using Barnyard2.");
 }
 // Validate Sensor Name contains no spaces
 if ($_POST['barnyard_enable'] == 'on') {
     if (!empty($_POST['barnyard_sensor_name']) && strpos($_POST['barnyard_sensor_name'], " ") !== FALSE) {
         $input_errors[] = gettext("The value for 'Sensor Name' cannot contain spaces.");
     }
 }
 // Validate Sensor ID is a valid integer
 if ($_POST['barnyard_enable'] == 'on') {
     if (!is_numericint($_POST['barnyard_sensor_id']) || $_POST['barnyard_sensor_id'] < 0) {
         $input_errors[] = gettext("The value for 'Sensor ID' must be a valid positive integer.");
     }
 }
 if (empty($_POST['barnyard_xff_header']) && $_POST['barnyard_xff_logging'] == "on") {
     $input_errors[] = gettext("The value for the X-Forwarded-For Header cannot be blank when X-Forwarded-For logging is enabled.");
 }
 // Validate inputs if MySQL database loggging enabled
 if ($_POST['barnyard_mysql_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
     if (empty($_POST['barnyard_dbhost'])) {
         $input_errors[] = gettext("Please provide a valid hostname or IP address for the MySQL database host.");
     }
     if (empty($_POST['barnyard_dbname'])) {
         $input_errors[] = gettext("You must provide a DB instance name when logging to a MySQL database.");
     }
     if (empty($_POST['barnyard_dbuser'])) {
         $input_errors[] = gettext("A valid PPPoE reset day of month must be specified (1-31) in the Custom PPPoE Periodic reset fields. No checks are done on valid # of days per month");
     }
     if ($date_nums[2] < date("Y")) {
         $input_errors[] = gettext("A valid PPPoE reset year must be specified. Don't select a year in the past!");
     }
 }
 $port_data = array();
 if (is_array($_POST['interfaces'])) {
     foreach ($_POST['interfaces'] as $iface) {
         if ($_POST['localip'][$iface] && !is_ipaddr($_POST['localip'][$iface])) {
             $input_errors[] = sprintf(gettext("A valid local IP address must be specified for %s."), $iface);
         }
         if ($_POST['gateway'][$iface] && !is_ipaddr($_POST['gateway'][$iface]) && !is_hostname($_POST['gateway'][$iface])) {
             $input_errors[] = sprintf(gettext("A valid gateway IP address OR hostname must be specified for %s."), $iface);
         }
         if ($_POST['bandwidth'][$iface] && !is_numericint($_POST['bandwidth'][$iface])) {
             $input_errors[] = sprintf(gettext("The bandwidth value for %s must be an integer."), $iface);
         }
         if ($_POST['mtu'][$iface] && $_POST['mtu'][$iface] < 576) {
             $input_errors[] = sprintf(gettext("The MTU for %s must be greater than 576 bytes."), $iface);
         }
         if ($_POST['mru'][$iface] && $_POST['mru'][$iface] < 576) {
             $input_errors[] = sprintf(gettext("The MRU for %s must be greater than 576 bytes."), $iface);
         }
     }
     // Loop through fields associated with an individual link/port and make an array of the data
     $port_fields = array("localip", "gateway", "subnet", "bandwidth", "mtu", "mru", "mrru");
     foreach ($_POST['interfaces'] as $iface) {
         foreach ($port_fields as $field_label) {
             if (isset($_POST[$field_label . $iface]) && strlen($_POST[$field_label . $iface]) > 0) {
                 $port_data[$field_label][] = $_POST[$field_label . $iface];
function is_posnumericint($arg)
{
    // Integer > 0? (Note that to be safe we do not allow any leading zero - "01", "007")
    return is_numericint($arg) && $arg[0] != '0';
}
            $a_config["shown"]["item"][] = $ifname;
        }
    }
    write_config(gettext("Updated traffic graph settings via dashboard."));
    header("Location: /");
    exit(0);
}
$shown = array();
foreach ($a_config["shown"]["item"] as $if) {
    $shown[$if] = true;
}
if ($first_time) {
    $keys = array_keys($ifdescrs);
    $shown[$keys[0]] = true;
}
if (isset($a_config["refreshinterval"]) && is_numericint($a_config["refreshinterval"])) {
    $refreshinterval = $a_config["refreshinterval"];
} else {
    $refreshinterval = 10;
}
if (isset($a_config["scale_type"])) {
    $scale_type = $a_config["scale_type"];
} else {
    $scale_type = "up";
}
$graphcounter = 0;
foreach ($ifdescrs as $ifname => $ifdescr) {
    $ifinfo = get_interface_info($ifname);
    if ($shown[$ifname]) {
        $mingraphbutton = "inline";
        $showgraphbutton = "none";
$pconfig['compression'] = isset($config['ipsec']['compression']);
$pconfig['enableinterfacesuse'] = isset($config['ipsec']['enableinterfacesuse']);
$pconfig['acceptunencryptedmainmode'] = isset($config['ipsec']['acceptunencryptedmainmode']);
$pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']);
$pconfig['maxmss'] = $config['system']['maxmss'];
$pconfig['uniqueids'] = $config['ipsec']['uniqueids'];
if ($_POST) {
    unset($input_errors);
    $pconfig = $_POST;
    foreach ($ipsec_log_cats as $cat => $desc) {
        if (!in_array(intval($pconfig[$cat]), array_keys($ipsec_log_sevs), true)) {
            $input_errors[] = "A valid value must be specified for {$desc} debug.";
        }
    }
    if (isset($pconfig['maxmss'])) {
        if (!is_numericint($pconfig['maxmss']) && $pconfig['maxmss'] != '') {
            $input_errors[] = "An integer must be specified for Maximum MSS.";
        }
        if ($pconfig['maxmss'] != '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535) {
            $input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS";
        }
    }
    if (!$input_errors) {
        /* log levels aren't set initially and use default. They all
         * get set when we save, even if it's to the default level.
         */
        foreach (array_keys($ipsec_log_cats) as $cat) {
            if (!isset($pconfig[$cat])) {
                continue;
            }
            if ($pconfig[$cat] != $config['ipsec']['logging'][$cat]) {
    }
    $pconfig['descr'] = $a_rfc2136[$id]['descr'];
}
if ($_POST) {
    unset($input_errors);
    $pconfig = $_POST;
    /* input validation */
    $reqdfields = array();
    $reqdfieldsn = array();
    $reqdfields = array_merge($reqdfields, explode(" ", "host ttl keyname keydata"));
    $reqdfieldsn = array_merge($reqdfieldsn, array(gettext("Hostname"), gettext("TTL"), gettext("Key name"), gettext("Key")));
    do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
    if ($_POST['host'] && !is_domain($_POST['host'])) {
        $input_errors[] = gettext("The DNS update host name contains invalid characters.");
    }
    if ($_POST['ttl'] && !is_numericint($_POST['ttl'])) {
        $input_errors[] = gettext("The DNS update TTL must be an integer.");
    }
    if ($_POST['keyname'] && !is_domain($_POST['keyname'])) {
        $input_errors[] = gettext("The DNS update key name contains invalid characters.");
    }
    if (!$input_errors) {
        $rfc2136 = array();
        $rfc2136['enable'] = $_POST['enable'] ? true : false;
        $rfc2136['host'] = $_POST['host'];
        $rfc2136['ttl'] = $_POST['ttl'];
        $rfc2136['keyname'] = $_POST['keyname'];
        $rfc2136['keytype'] = $_POST['keytype'];
        $rfc2136['keydata'] = $_POST['keydata'];
        $rfc2136['server'] = $_POST['server'];
        $rfc2136['usetcp'] = $_POST['usetcp'] ? true : false;
 }
 /* For src, user can enter only ip's or networks */
 if (!is_specialnet($_POST['srctype'])) {
     if ($_POST['src'] && !is_ipaddr($_POST['src'])) {
         $input_errors[] = sprintf(gettext("%s is not a valid internal IP address."), $_POST['src']);
     }
     if ($_POST['srcmask'] && !is_numericint($_POST['srcmask'])) {
         $input_errors[] = gettext("A valid internal bit count must be specified.");
     }
 }
 /* For dst, user can enter ip's, networks or aliases */
 if (!is_specialnet($_POST['dsttype'])) {
     if ($_POST['dst'] && !is_ipaddroralias($_POST['dst'])) {
         $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']);
     }
     if ($_POST['dstmask'] && !is_numericint($_POST['dstmask'])) {
         $input_errors[] = gettext("A valid destination bit count must be specified.");
     }
 }
 /* check for overlaps with other 1:1 */
 foreach ($a_1to1 as $natent) {
     if (isset($id) && $a_1to1[$id] && $a_1to1[$id] === $natent) {
         continue;
     }
     if (check_subnets_overlap($_POST['internal'], $_POST['subnet'], $natent['internal'], $natent['subnet'])) {
         //$input_errors[] = "Another 1:1 rule overlaps with the specified internal subnet.";
         //break;
     }
 }
 if (!$input_errors) {
     $natent = array();
Exemple #23
0
                if (isset($config['ipsec']["ipsec_{$lkey}"])) {
                    unset($config['ipsec']["ipsec_{$lkey}"]);
                }
            } else {
                $config['ipsec']["ipsec_{$lkey}"] = $_POST["ipsec_{$lkey}"];
            }
        }
    }
    if (isset($pconfig['failoverforcereload']) && $pconfig['failoverforcereload'] == "yes") {
        $config['ipsec']['failoverforcereload'] = true;
    } elseif (isset($config['ipsec']['failoverforcereload'])) {
        unset($config['ipsec']['failoverforcereload']);
    }
    if (isset($pconfig['maxmss_enable']) && $pconfig['maxmss_enable'] == "yes") {
        $config['system']['maxmss_enable'] = true;
        if (!empty($pconfig['maxmss']) && is_numericint($pconfig['maxmss'])) {
            $config['system']['maxmss'] = $pconfig['maxmss'];
        }
    } else {
        if (isset($config['system']['maxmss_enable'])) {
            unset($config['system']['maxmss_enable']);
        }
        if (isset($config['system']['maxmss'])) {
            unset($config['system']['maxmss']);
        }
    }
    write_config();
    $savemsg = get_std_save_message();
    filter_configure();
    vpn_ipsec_configure();
}
Exemple #24
0
    $id = $_POST['id'];
}
if (isset($id) && $a_vlans[$id]) {
    $pconfig['if'] = $a_vlans[$id]['if'];
    $pconfig['vlanif'] = $a_vlans[$id]['vlanif'];
    $pconfig['tag'] = $a_vlans[$id]['tag'];
    $pconfig['descr'] = $a_vlans[$id]['descr'];
}
if ($_POST) {
    unset($input_errors);
    $pconfig = $_POST;
    /* input validation */
    $reqdfields = explode(" ", "if tag");
    $reqdfieldsn = array(gettext("Parent interface"), gettext("VLAN tag"));
    do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
    if ($_POST['tag'] && (!is_numericint($_POST['tag']) || $_POST['tag'] < '1' || $_POST['tag'] > '4094')) {
        $input_errors[] = gettext("The VLAN tag must be an integer between 1 and 4094.");
    }
    foreach ($a_vlans as $vlan) {
        if (isset($id) && $a_vlans[$id] && $a_vlans[$id] === $vlan) {
            continue;
        }
        if ($vlan['if'] == $_POST['if'] && $vlan['tag'] == $_POST['tag']) {
            $input_errors[] = sprintf(gettext("A VLAN with the tag %s is already defined on this interface."), $vlan['tag']);
            break;
        }
    }
    if (is_array($config['qinqs']['qinqentry'])) {
        foreach ($config['qinqs']['qinqentry'] as $qinq) {
            if ($qinq['tag'] == $_POST['tag'] && $qinq['if'] == $_POST['if']) {
                $input_errors[] = gettext("A QinQ VLAN exists with this tag please remove it to use this tag with.");
 if ($_POST['disableconsolemenu'] == "yes") {
     $config['system']['disableconsolemenu'] = true;
 } else {
     unset($config['system']['disableconsolemenu']);
 }
 if ($_POST['noantilockout'] == "yes") {
     $config['system']['webgui']['noantilockout'] = true;
 } else {
     unset($config['system']['webgui']['noantilockout']);
 }
 if ($_POST['enableserial'] == "yes" || $g['enableserial_force']) {
     $config['system']['enableserial'] = true;
 } else {
     unset($config['system']['enableserial']);
 }
 if (is_numericint($_POST['serialspeed'])) {
     $config['system']['serialspeed'] = $_POST['serialspeed'];
 } else {
     unset($config['system']['serialspeed']);
 }
 if ($_POST['primaryconsole']) {
     $config['system']['primaryconsole'] = $_POST['primaryconsole'];
 } else {
     unset($config['system']['primaryconsole']);
 }
 if ($_POST['nodnsrebindcheck'] == "yes") {
     $config['system']['webgui']['nodnsrebindcheck'] = true;
 } else {
     unset($config['system']['webgui']['nodnsrebindcheck']);
 }
 if ($_POST['nohttpreferercheck'] == "yes") {
##|+PRIV
##|*IDENT=page-system-groupmanager
##|*NAME=System: Group manager
##|*DESCR=Allow access to the 'System: Group manager' page.
##|*MATCH=system_groupmanager.php*
##|-PRIV
require "guiconfig.inc";
if (!is_array($config['system']['group'])) {
    $config['system']['group'] = array();
}
$a_group =& $config['system']['group'];
unset($id);
if (isset($_POST['groupid']) && is_numericint($_POST['groupid'])) {
    $id = $_POST['groupid'];
}
if (isset($_GET['groupid']) && is_numericint($_GET['groupid'])) {
    $id = $_GET['groupid'];
}
$act = isset($_GET['act']) ? $_GET['act'] : '';
if ($act == "delgroup") {
    if (!isset($id) || !isset($_GET['groupname']) || !isset($a_group[$id]) || $_GET['groupname'] != $a_group[$id]['name']) {
        pfSenseHeader("system_groupmanager.php");
        exit;
    }
    conf_mount_rw();
    local_group_del($a_group[$id]);
    conf_mount_ro();
    $groupdeleted = $a_group[$id]['name'];
    unset($a_group[$id]);
    write_config();
    $savemsg = sprintf(gettext("Group %s successfully deleted."), $groupdeleted);
Exemple #27
0
 if (!empty($_POST['adv_dhcp6_id_assoc_statement_prefix'])) {
     $wancfg['adv_dhcp6_id_assoc_statement_prefix'] = $_POST['adv_dhcp6_id_assoc_statement_prefix'];
 }
 if (is_numericint($_POST['adv_dhcp6_id_assoc_statement_prefix_id'])) {
     $wancfg['adv_dhcp6_id_assoc_statement_prefix_id'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_id'];
 }
 if (!empty($_POST['adv_dhcp6_id_assoc_statement_prefix_pltime'])) {
     $wancfg['adv_dhcp6_id_assoc_statement_prefix_pltime'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_pltime'];
 }
 if (!empty($_POST['adv_dhcp6_id_assoc_statement_prefix_vltime'])) {
     $wancfg['adv_dhcp6_id_assoc_statement_prefix_vltime'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_vltime'];
 }
 if (is_numericint($_POST['adv_dhcp6_prefix_interface_statement_sla_id'])) {
     $wancfg['adv_dhcp6_prefix_interface_statement_sla_id'] = $_POST['adv_dhcp6_prefix_interface_statement_sla_id'];
 }
 if (is_numericint($_POST['adv_dhcp6_prefix_interface_statement_sla_len'])) {
     $wancfg['adv_dhcp6_prefix_interface_statement_sla_len'] = $_POST['adv_dhcp6_prefix_interface_statement_sla_len'];
 }
 if (!empty($_POST['adv_dhcp6_authentication_statement_authname'])) {
     $wancfg['adv_dhcp6_authentication_statement_authname'] = $_POST['adv_dhcp6_authentication_statement_authname'];
 }
 if (!empty($_POST['adv_dhcp6_authentication_statement_protocol'])) {
     $wancfg['adv_dhcp6_authentication_statement_protocol'] = $_POST['adv_dhcp6_authentication_statement_protocol'];
 }
 if (!empty($_POST['adv_dhcp6_authentication_statement_algorithm'])) {
     $wancfg['adv_dhcp6_authentication_statement_algorithm'] = $_POST['adv_dhcp6_authentication_statement_algorithm'];
 }
 if (!empty($_POST['adv_dhcp6_authentication_statement_rdm'])) {
     $wancfg['adv_dhcp6_authentication_statement_rdm'] = $_POST['adv_dhcp6_authentication_statement_rdm'];
 }
 if (!empty($_POST['adv_dhcp6_key_info_statement_keyname'])) {
    $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']];
    $if_real = get_real_interface($snortcfg['interface']);
    $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
    if (!snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2')) {
        log_error("Toggle (barnyard starting) for {$if_friendly}({$snortcfg['descr']})...");
        sync_snort_package_config();
        snort_barnyard_start($snortcfg, $if_real);
    } else {
        log_error("Toggle (barnyard stopping) for {$if_friendly}({$snortcfg['descr']})...");
        snort_barnyard_stop($snortcfg, $if_real);
    }
    sleep(3);
    // So the GUI reports correctly
}
/* start/stop snort */
if ($_POST['toggle'] && is_numericint($_POST['id'])) {
    $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']];
    $if_real = get_real_interface($snortcfg['interface']);
    $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
    if (snort_is_running($snortcfg['uuid'], $if_real)) {
        log_error("Toggle (snort stopping) for {$if_friendly}({$snortcfg['descr']})...");
        snort_stop($snortcfg, $if_real);
    } else {
        log_error("Toggle (snort starting) for {$if_friendly}({$snortcfg['descr']})...");
        /* set flag to rebuild interface rules before starting Snort */
        $rebuild_rules = true;
        sync_snort_package_config();
        $rebuild_rules = false;
        snort_start($snortcfg, $if_real);
    }
    sleep(3);
function is_posnumericint($arg)
{
    // Note that to be safe we do not allow any leading zero - "01", "007"
    return is_numericint($arg) && $arg[0] != '0' && $arg > 0;
}
 if (isset($_POST['incoming_num_tcp']) && !in_array($_POST['incoming_num_tcp'], array('0', '10', '20', '30', '40', '50'), true)) {
     $input_errors[] = "A valid value must be specified for Incoming TCP Buffers.";
 }
 if (isset($_POST['edns_buffer_size']) && !in_array($_POST['edns_buffer_size'], array('512', '1480', '4096'), true)) {
     $input_errors[] = "A valid value must be specified for EDNS Buffer Size.";
 }
 if (isset($_POST['num_queries_per_thread']) && !in_array($_POST['num_queries_per_thread'], array('512', '1024', '2048'), true)) {
     $input_errors[] = "A valid value must be specified for Number of queries per thread.";
 }
 if (isset($_POST['jostle_timeout']) && !in_array($_POST['jostle_timeout'], array('100', '200', '500', '1000'), true)) {
     $input_errors[] = "A valid value must be specified for Jostle Timeout.";
 }
 if (isset($_POST['cache_max_ttl']) && (!is_numericint($_POST['cache_max_ttl']) || $_POST['cache_max_ttl'] < 0)) {
     $input_errors[] = "'Maximum TTL for RRsets and messages' must be a positive integer.";
 }
 if (isset($_POST['cache_min_ttl']) && (!is_numericint($_POST['cache_min_ttl']) || $_POST['cache_min_ttl'] < 0)) {
     $input_errors[] = "'Minimum TTL for RRsets and messages' must be a positive integer.";
 }
 if (isset($_POST['infra_host_ttl']) && !in_array($_POST['infra_host_ttl'], array('60', '120', '300', '600', '900'), true)) {
     $input_errors[] = "A valid value must be specified for TTL for Host cache entries.";
 }
 if (isset($_POST['infra_cache_numhosts']) && !in_array($_POST['infra_cache_numhosts'], array('1000', '5000', '10000', '20000', '50000'), true)) {
     $input_errors[] = "A valid value must be specified for Number of Hosts to cache.";
 }
 if (isset($_POST['unwanted_reply_threshold']) && !in_array($_POST['unwanted_reply_threshold'], array('disabled', '5000000', '10000000', '20000000', '40000000', '50000000'), true)) {
     $input_errors[] = "A valid value must be specified for Unwanted Reply Threshold.";
 }
 if (isset($_POST['log_verbosity']) && !in_array($_POST['log_verbosity'], array('0', '1', '2', '3', '4', '5'), true)) {
     $input_errors[] = "A valid value must be specified for Log level verbosity.";
 }
 if (isset($_POST['dnssecstripped']) && !isset($config['unbound']['dnssec'])) {