/**
* Validation routine for DNS server.
*
* @param string $server DNS server
*
* @return string error message if DNS server is invalid
*/
public function validate_dns_server($server)
{
clearos_profile(__METHOD__, __LINE__);
if (empty($server)) {
return;
}
if (!Network_Utils::is_valid_ip($server)) {
return lang('pptpd_dns_server_invalid');
}
}
/**
* Adds (or updates) a time-based ACL.
*
* @param string $name ACL name
* @param string $type ACL type (allow or deny)
* @param string $time time definition
* @param boolean $time_logic TRUE if within time definition, FALSE if NOT within
* @param array $addgroup group to apply ACL
* @param array $addips array containing IP addresses or network notation to apply ACL
* @param array $addmacs array containing MAC addresses to apply ACL
* @param boolean $update TRUE if we are updating an existing entry
*
* @return void
* @throws Engine_Exception, Validation_Exception
*/
public function set_time_acl($name, $type, $time, $time_logic, $addgroup, $addips, $addmacs, $update = FALSE)
{
clearos_profile(__METHOD__, __LINE__);
Validation_Exception::is_valid($this->validate_name($name));
$ips = '';
$macs = '';
// Check for existing
if (!$update) {
$acls = $this->get_acl_list();
foreach ($acls as $acl) {
if ($name == $acl['name']) {
throw new Validation_Exception(lang('web_proxy_access_control_list_exists'));
}
}
}
if ($type != 'allow' && $type != 'deny') {
throw new Validation_Exception(lang('base_parameter_invalid'));
}
$timelist = $this->get_time_definition_list();
$timevalid = FALSE;
foreach ($timelist as $timename) {
if ($time == $timename['name']) {
$timevalid = TRUE;
break;
}
}
if (!$timevalid) {
throw new Validation_Exception(lang('web_proxy_time_definition_invalid'));
}
$network = new Network();
foreach ($addips as $ip) {
if (empty($ip)) {
continue;
}
$ip = trim($ip);
if (preg_match("/^(.*)-(.*)\$/i", trim($ip), $match)) {
if (!Network_Utils::is_valid_ip(trim($match[1]))) {
throw new Validation_Exception(lang('network_ip_invalid'));
}
if (!Network_Utils::is_valid_ip(trim($match[2]))) {
throw new Validation_Exception(lang('network_ip_invalid'));
}
} else {
if (!Network_Utils::is_valid_ip(trim($ip))) {
throw new Validation_Exception(lang('network_ip_invalid'));
}
}
$ips .= ' ' . trim($ip);
}
foreach ($addmacs as $mac) {
if (empty($mac)) {
continue;
}
$mac = trim($mac);
if (!Network_Utils::is_valid_mac($mac)) {
throw new Validation_Exception(lang('network_mac_address_invalid'));
}
$macs .= ' ' . $mac;
}
// Implant into acl section
//-------------------------
$file = new File(self::FILE_ACLS_CONFIG, TRUE);
$file->delete_lines("/acl cleargroup-{$name}\\s+.*/");
if (strlen($addgroup) > 0) {
// Group based
$replacement = "acl cleargroup-{$name} external system_group " . $addgroup . "\n";
$match = $file->replace_lines("/acl cleargroup-{$name}\\s+.*/", $replacement);
if (!$match) {
$file->add_lines($replacement);
}
} else {
if (strlen($ips) > 0) {
// IP based
$replacement = "acl cleargroup-{$name} src " . trim($ips) . "\n";
$match = $file->replace_lines("/acl cleargroup-{$name}\\s+.*/", $replacement);
if (!$match) {
$file->add_lines($replacement);
}
} else {
if (strlen($macs) > 0) {
// IP based
$replacement = "acl cleargroup-{$name} arp " . trim($macs) . "\n";
$match = $file->replace_lines("/acl cleargroup-{$name}\\s+.*/", $replacement);
if (!$match) {
$file->add_lines($replacement);
}
} else {
throw new Engine_Exception(lang('base_ooops'));
}
}
}
$file = new File(self::FILE_HTTP_ACCESS_CONFIG);
$replacement = "http_access {$type} cleargroup-{$name} " . ($time_logic ? "" : "!") . "cleartime-{$time}\n";
$match = $file->replace_lines("/http_access (allow|deny) cleargroup-{$name} .*\$/", $replacement);
if (!$match) {
$file->add_lines("http_access {$type} cleargroup-{$name} " . ($time_logic ? "" : "!") . "cleartime-{$time}\n");
}
}
