function removeAuthorizationsUserInterface($id_user, $ip_source)
{
$r = $this->_DB->genQuery('DELETE FROM portknock_user_current_rule ' . 'WHERE ip_source = ? AND id_portknock_auth IN (' . 'SELECT id FROM portknock_user_auth WHERE id_user = ?)', array($ip_source, $id_user));
if (!$r) {
$this->errMsg = $this->_DB->errMsg;
return FALSE;
}
// Ejecutar iptables para revocar las reglas del usuario
require_once "modules/sec_rules/libs/paloSantoRules.class.php";
$pr = new paloSantoRules($this->_DB);
if (!$pr->activateRules()) {
$this->errMsg = $pr->errMsg;
return FALSE;
}
return TRUE;
}
function addRemovePortsUser($smarty, $module_name, $local_templates_dir, $pDB, $arrConf)
{
// Listar los usuarios y preparar el combo de usuarios disponibles
$pACL = new paloACL($arrConf['elastix_dsn']['acl']);
$id_user = getParameter('id_user');
$userlist = $pACL->getUsers();
$cbo_users = array();
foreach ($userlist as $userinfo) {
$cbo_users[$userinfo[0]] = $userinfo[1] . ' - ' . $userinfo[2];
}
// Verificar si el usuario existe
if (!is_null($id_user)) {
if (!isset($cbo_users[$id_user])) {
Header("Location: ?menu={$module_name}");
return NULL;
}
} else {
$id_user = $userlist[0][0];
}
$ps = new paloSantoPortService($pDB);
$pk = new paloSantoPortKnockUsers($pDB);
// Construir lista de puertos autorizados
$userauth = $pk->listAuthorizationsForUser($id_user);
$portauths = array();
if (is_array($userauth)) {
foreach ($userauth as $auth) {
$portauths[$auth['id_port']] = $auth['id'];
}
}
$portlist = $ps->ObtainPuertos($ps->ObtainNumPuertos('', ''), 0, '', '');
$listaIdPuertos = array();
foreach ($portlist as $portinfo) {
$listaIdPuertos[] = $portinfo['id'];
}
if (isset($_POST['apply']) && is_array($_POST['auth_port'])) {
// Se requiere aplicar lista de cambios
$listaNuevosPuertos = array_keys($_POST['auth_port']);
$bReglasBorradas = FALSE;
// Borrar la autorización de todos los puertos que ya no aparecen
$bExito = TRUE;
foreach ($portauths as $id_port => $id_auth) {
if (!in_array($id_port, $listaNuevosPuertos)) {
if (!$pk->deleteAuthorization($id_auth)) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", $pk->errMsg);
$bExito = FALSE;
break;
} else {
unset($portauths[$id_port]);
$bReglasBorradas = TRUE;
}
}
}
if (!$bExito) {
break;
}
// Ingresar la autorización de los puertos nuevos
foreach ($listaNuevosPuertos as $id_port) {
if (in_array($id_port, $listaIdPuertos) && !isset($portauths[$id_port])) {
$id_nueva_auth = $pk->insertAuthorization($id_user, $id_port);
if (is_null($id_nueva_auth)) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", $pk->errMsg);
$bExito = FALSE;
break;
} else {
$portauths[$id_port] = $id_nueva_auth;
}
}
}
if ($bExito) {
if ($bReglasBorradas) {
// Ejecutar iptables para revocar las reglas del usuario
require_once "modules/sec_rules/libs/paloSantoRules.class.php";
$pr = new paloSantoRules($pDB);
$pr->activateRules();
}
Header("Location: ?menu={$module_name}");
return NULL;
}
}
$data = array();
if (is_array($portlist)) {
foreach ($portlist as $portinfo) {
$id_port = $portinfo['id'];
$protocol_details = '';
switch ($portinfo['protocol']) {
case 'TCP':
case 'UDP':
$protocol_details = (stripos($portinfo['details'], ':') === false ? _tr('Port') : _tr('Ports')) . ' ' . $portinfo['details'];
break;
case 'ICMP':
$arr = explode(':', $portinfo['details']);
if (isset($arr[1])) {
$protocol_details = _tr('Type') . ": " . $arr[0] . " " . _tr('Code') . ": " . $arr[1];
}
break;
default:
$protocol_details = _tr('Protocol Number') . ': ' . $portinfo['details'];
break;
}
$data[] = array("<input type=\"checkbox\" name=\"auth_port[{$id_port}]\" " . (isset($portauths[$id_port]) ? 'checked="checked"' : '') . ' />', htmlentities($portinfo['name'], ENT_COMPAT, 'UTF-8'), htmlentities($portinfo['protocol'], ENT_COMPAT, 'UTF-8'), $protocol_details);
}
}
$oGrid = new paloSantoGrid($smarty);
$oGrid->setTitle(_tr('Add/remove ports for user'));
$oGrid->setColumns(array('', _tr('Port'), _tr('Protocol'), _tr('Details')));
$oGrid->addSubmitAction('apply', _tr('Apply changes'), "modules/{$module_name}/images/Check.png");
$oGrid->addComboAction('id_user', _tr('User'), $cbo_users, $id_user, 'refresh', 'submit();');
// Construcción de la vista de puertos autorizados
$oGrid->pagingShow(false);
$url = array("menu" => $module_name);
$oGrid->setURL($url);
$oGrid->setData($data);
return $oGrid->fetchGrid();
}
function desactivateFirewall($smarty, $module_name, $local_templates_dir, $pDB, $arrConf)
{
$pRules = new paloSantoRules($pDB);
if ($pRules->flushRules() && $pRules->setFirstTime()) {
$smarty->assign("mb_title", "MESSAGE");
$smarty->assign("mb_message", _tr("The firewall has been desactivated"));
} else {
$smarty->assign("mb_title", "ERROR");
$smarty->assign("mb_message", _tr("The firewall could not be desactivated"));
}
return reportRules($smarty, $module_name, $local_templates_dir, $pDB, $arrConf);
}
