$_POST['srcendport'] = 0;
}
if (!$_POST['dstbeginport']) {
$_POST['dstbeginport'] = 0;
$_POST['dstendport'] = 0;
}
if ($_POST['srcbeginport'] && !alias_expand($_POST['srcbeginport']) && !is_port($_POST['srcbeginport'])) {
$input_errors[] = "The start source port must be an alias or integer between 1 and 65535.";
}
if ($_POST['srcendport'] && !alias_expand($_POST['srcendport']) && !is_port($_POST['srcendport'])) {
$input_errors[] = "The end source port must be an alias or integer between 1 and 65535.";
}
if ($_POST['dstbeginport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstbeginport'])) {
$input_errors[] = "The start destination port must be an alias or integer between 1 and 65535.";
}
if ($_POST['dstendport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstendport'])) {
$input_errors[] = "The end destination port must be an alias or integer between 1 and 65535.";
}
if (!is_specialnet($_POST['srctype'])) {
if ($_POST['src'] && !is_ipaddroranyalias($_POST['src'])) {
$input_errors[] = "A valid source IP address or alias must be specified.";
}
if ($_POST['srcmask'] && !is_numericint($_POST['srcmask'])) {
$input_errors[] = "A valid source bit count must be specified.";
}
}
if (!is_specialnet($_POST['dsttype'])) {
if ($_POST['dst'] && !is_ipaddroranyalias($_POST['dst'])) {
$input_errors[] = "A valid destination IP address or alias must be specified.";
}
if ($_POST['dstmask'] && !is_numericint($_POST['dstmask'])) {
}
if ($_POST['max_procs']) {
if (!is_numericint($_POST['max_procs']) || $_POST['max_procs'] < 1 || $_POST['max_procs'] > 500) {
$input_errors[] = gettext("Max Processes must be a number 1 or greater");
}
}
if ($_POST['althostnames']) {
$althosts = explode(" ", $_POST['althostnames']);
foreach ($althosts as $ah) {
if (!is_hostname($ah)) {
$input_errors[] = sprintf(gettext("Alternate hostname %s is not a valid hostname."), htmlspecialchars($ah));
}
}
}
if ($_POST['sshport']) {
if (!is_port($_POST['sshport'])) {
$input_errors[] = gettext("You must specify a valid port number");
}
}
if ($_POST['sshdkeyonly'] == "yes") {
$config['system']['ssh']['sshdkeyonly'] = "enabled";
} else {
if (isset($config['system']['ssh']['sshdkeyonly'])) {
unset($config['system']['ssh']['sshdkeyonly']);
}
}
ob_flush();
flush();
if (!$input_errors) {
if (update_if_changed("webgui protocol", $config['system']['webgui']['protocol'], $_POST['webguiproto'])) {
$restart_webgui = true;
if (!is_domain($_POST['auth_server_addr']) && !is_ipaddr($_POST['auth_server_addr'])) {
$input_errors[] = gettext("802.1X Authentication Server must be an IP or hostname.");
}
}
if (!empty($_POST['auth_server_addr2'])) {
if (!is_domain($_POST['auth_server_addr2']) && !is_ipaddr($_POST['auth_server_addr2'])) {
$input_errors[] = gettext("Secondary 802.1X Authentication Server must be an IP or hostname.");
}
}
if (!empty($_POST['auth_server_port'])) {
if (!is_port($_POST['auth_server_port'])) {
$input_errors[] = gettext("802.1X Authentication Server Port must be a valid port number (1-65535).");
}
}
if (!empty($_POST['auth_server_port2'])) {
if (!is_port($_POST['auth_server_port2'])) {
$input_errors[] = gettext("Secondary 802.1X Authentication Server Port must be a valid port number (1-65535).");
}
}
if (isset($_POST['channel']) && !is_numericint($_POST['channel'])) {
if (!is_numericint($_POST['channel'])) {
$input_errors[] = gettext("Invalid channel specified.");
} else {
if ($_POST['channel'] > 255 || $_POST['channel'] < 0) {
$input_errors[] = gettext("Channel must be between 0-255.");
}
}
}
if (!empty($_POST['distance']) && !is_numericint($_POST['distance'])) {
$input_errors[] = gettext("Distance must be an integer.");
}
/* item is a normal alias type */
$wrongaliases = "";
$desc_fmt_err_found = false;
for ($x = 0; $x < 4999; $x++) {
if ($_POST["address{$x}"] != "") {
$_POST["address{$x}"] = trim($_POST["address{$x}"]);
if (is_alias($_POST["address{$x}"])) {
if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) {
// But alias type network can include alias type urltable. Feature#1603.
if (!($_POST['type'] == 'network' && preg_match("/urltable/i", alias_get_type($_POST["address{$x}"])))) {
$wrongaliases .= " " . $_POST["address{$x}"];
}
}
} else {
if ($_POST['type'] == "port") {
if (!is_port($_POST["address{$x}"]) && !is_portrange($_POST["address{$x}"])) {
$input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias.");
}
} else {
if ($_POST['type'] == "host" || $_POST['type'] == "network") {
if (is_subnet($_POST["address{$x}"]) || !is_ipaddr($_POST["address{$x}"]) && !is_hostname($_POST["address{$x}"]) && !is_iprange($_POST["address{$x}"])) {
$input_errors[] = sprintf(gettext('%1$s is not a valid %2$s alias.'), $_POST["address{$x}"], $_POST['type']);
}
}
}
}
if (is_iprange($_POST["address{$x}"])) {
list($startip, $endip) = explode('-', $_POST["address{$x}"]);
$rangesubnets = ip_range_to_subnet_array($startip, $endip);
$address = array_merge($address, $rangesubnets);
} else {
}
}
}
}
// Validate the input data expanded above.
foreach ($input_addresses as $idx => $input_address) {
if (is_alias($input_address)) {
if (!alias_same_type($input_address, $_POST['type'])) {
// But alias type network can include alias type urltable. Feature#1603.
if (!($_POST['type'] == 'network' && preg_match("/urltable/i", alias_get_type($input_address)))) {
$wrongaliases .= " " . $input_address;
}
}
} else {
if ($_POST['type'] == "port") {
if (!is_port($input_address) && !is_portrange($input_address)) {
$input_errors[] = $input_address . " " . gettext("is not a valid port or alias.");
}
} else {
if ($_POST['type'] == "host" || $_POST['type'] == "network") {
if (is_subnet($input_address) || !is_ipaddr($input_address) && !is_hostname($input_address)) {
$input_errors[] = sprintf(gettext('%1$s is not a valid %2$s address, FQDN or alias.'), $input_address, $_POST['type']);
}
}
}
}
$tmpaddress = $input_address;
if ($_POST['type'] != "host" && is_ipaddr($input_address) && $input_address_subnet[$idx] != "") {
if (!is_subnet($input_address . "/" . $input_address_subnet[$idx])) {
$input_errors[] = sprintf(gettext('%s/%s is not a valid subnet.'), $input_address, $input_address_subnet[$idx]);
} else {
if ($newpost != $temp) {
$input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."), $temp);
}
}
/* input validation */
$reqdfields = explode(" ", "interface protocol source source_subnet destination destination_subnet");
$reqdfieldsn = array(gettext("Interface"), gettext("Protocol"), gettext("Source"), gettext("Source bit count"), gettext("Destination"), gettext("Destination bit count"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
$protocol_uses_ports = in_array($_POST['protocol'], explode(" ", "any tcp udp tcp/udp"));
if ($protocol_uses_ports && $_POST['sourceport'] != "" && !is_portoralias($_POST['sourceport'])) {
$input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry.");
}
if ($protocol_uses_ports and $_POST['dstport'] != "" and !is_portoralias($_POST['dstport'])) {
$input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry.");
}
if ($protocol_uses_ports and $_POST['natport'] != "" and !is_port($_POST['natport']) and !isset($_POST['nonat'])) {
$input_errors[] = gettext("You must supply a valid port for the nat port entry.");
}
if ($_POST['source_type'] != "any") {
if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] != "any") {
$input_errors[] = gettext("A valid source must be specified.");
}
}
if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) {
$input_errors[] = gettext("A valid source bit count must be specified.");
}
if ($_POST['destination_type'] != "any") {
if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) {
$input_errors[] = gettext("A valid destination must be specified.");
}
}
}
if ($host != "") {
$host_string = str_replace(array(" ", "|", ","), array("", "#|", "#+"), $host);
if (strpos($host_string, '#') === false) {
$hosts = array($host);
} else {
$hosts = explode('#', $host_string);
}
foreach ($hosts as $h) {
if (!is_subnet(strip_host_logic($h)) && !is_ipaddr(strip_host_logic($h))) {
$input_errors[] = sprintf(gettext("A valid IP address or CIDR block must be specified. [%s]"), $h);
}
}
}
if ($port != "") {
if (!is_port(strip_not($port))) {
$input_errors[] = gettext("Invalid value specified for port.");
}
}
if ($snaplen == "") {
$snaplen = 0;
} else {
if (!is_numeric($snaplen) || $snaplen < 0) {
$input_errors[] = gettext("Invalid value specified for packet length.");
}
}
if ($count == "") {
$count = 0;
} else {
if (!is_numeric($count) || $count < 0) {
$input_errors[] = gettext("Invalid value specified for packet count.");
}
if ($pconfig['fam'] !== "" && $pconfig['fam'] !== "ip" && $pconfig['fam'] !== "ip6") {
$input_errors[] = gettext("Invalid address family.");
}
$protos = array('icmp', 'icmp6', 'tcp', 'udp', 'arp', 'carp', 'esp', '!icmp', '!icmp6', '!tcp', '!udp', '!arp', '!carp', '!esp');
if ($pconfig['proto'] !== "" && !in_array(ltrim(trim($pconfig['proto']), '!'), $protos)) {
$input_errors[] = gettext("Invalid protocol.");
}
if (!empty($pconfig['host'])) {
foreach (explode(' ', $pconfig['host']) as $token) {
if (!in_array(trim($token), array('and', 'or', 'not')) && !is_ipaddr($token) && !is_subnet($token)) {
$input_errors[] = sprintf(gettext("A valid IP address or CIDR block must be specified. [%s]"), $token);
}
}
}
if (!empty($pconfig['port']) && !is_port(ltrim(trim($pconfig['port']), 'not'))) {
$input_errors[] = gettext("Invalid value specified for port.");
}
if (!empty($pconfig['snaplen']) && (!is_numeric($pconfig['snaplen']) || $snaplen < 0)) {
$input_errors[] = gettext("Invalid value specified for packet length.");
}
if (!empty($pconfig['count']) && (!is_numeric($pconfig['count']) || $count < 0)) {
$input_errors[] = gettext("Invalid value specified for packet count.");
}
if (count($input_errors) == 0) {
start_capture($pconfig);
}
} elseif (!empty($pconfig['stop'])) {
stop_capture();
} elseif (!empty($pconfig['remove'])) {
if (file_exists('/root/packetcapture.cap')) {
$pconfig['showtext'] = null;
$pconfig['sourceip'] = null;
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST;
$input_errors = array();
/* input validation */
$reqdfields = explode(" ", "host port");
$reqdfieldsn = array(gettext("Host"), gettext("Port"));
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if (!is_ipaddr($pconfig['host']) && !is_hostname($pconfig['host'])) {
$input_errors[] = gettext("Please enter a valid IP or hostname.");
}
if (!is_port($pconfig['port'])) {
$input_errors[] = gettext("Please enter a valid port number.");
}
if ($pconfig['srcport'] != "" && (!is_numeric($pconfig['srcport']) || !is_port($pconfig['srcport']))) {
$input_errors[] = gettext("Please enter a valid source port number, or leave the field blank.");
}
if (is_ipaddrv4($pconfig['host']) && $pconfig['ipprotocol'] == "ipv6") {
$input_errors[] = gettext("You cannot connect to an IPv4 address using IPv6.");
}
if (is_ipaddrv6($pconfig['host']) && $pconfig['ipprotocol'] == "ipv4") {
$input_errors[] = gettext("You cannot connect to an IPv6 address using IPv4.");
}
if (count($input_errors) == 0) {
$nc_args = "-w 10";
if (empty($pconfig['showtext'])) {
$nc_args .= " -z ";
}
if (!empty($pconfig['srcport'])) {
$nc_args .= " -p " . escapeshellarg($pconfig['srcport']) . " ";
}
} else {
/* item is a normal alias type */
$wrongaliases = "";
for ($x = 0; $x < 4999; $x++) {
if ($_POST["address{$x}"] != "") {
if (is_alias($_POST["address{$x}"])) {
if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) {
// But alias type network can include alias type urltable. Feature#1603.
if (!($_POST['type'] == 'network' && alias_get_type($_POST["address{$x}"]) == 'urltable')) {
$wrongaliases .= " " . $_POST["address{$x}"];
}
}
} else {
if ($_POST['type'] == "port") {
if (!is_port($_POST["address{$x}"])) {
$input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias.");
}
} else {
if ($_POST['type'] == "host" || $_POST['type'] == "network") {
if (!is_ipaddr($_POST["address{$x}"]) && !is_hostname($_POST["address{$x}"]) && !is_iprange($_POST["address{$x}"])) {
$input_errors[] = sprintf(gettext('%1$s is not a valid %2$s alias.'), $_POST["address{$x}"], $_POST['type']);
}
}
}
}
if (is_iprange($_POST["address{$x}"])) {
list($startip, $endip) = explode('-', $_POST["address{$x}"]);
$rangesubnets = ip_range_to_subnet_array($startip, $endip);
$address = array_merge($address, $rangesubnets);
} else {
}
}
}
/* DSPAM Daemon Settings (Client) */
if ($_POST['enabledsclient'] == "yes") {
if (!$_POST['dsclhost'] != "") {
$error_bucket[] = array("error" => "You must specify a valid server name value for the DSPAM client host.", "field" => "dsclhost");
} else {
foreach (explode(' ', $_POST['dsclhost']) as $ts) {
if (!is_domain($ts)) {
$error_bucket[] = array("error" => "A DSPAM client host name may only contain the characters a-z, 0-9, '-' and '.'.", "field" => "dsclhost");
break;
}
}
}
if (!is_port($_POST['dsclport'])) {
$error_bucket[] = array("error" => "You must specify a valid port value for the DSPAM client host.", "field" => "dsclport");
}
if (!$_POST['dsclident'] != "") {
$error_bucket[] = array("error" => "You must specify a valid value as identification string for the DSPAM client.", "field" => "dsclident");
}
}
if (is_array($error_bucket)) {
foreach ($error_bucket as $elem) {
$input_errors[] =& $elem["error"];
}
}
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
input_errors2Ajax($input_errors);
exit;
function get_remote_log()
{
global $config, $g, $postfix_dir;
$curr_time = time();
$log_time = date('YmdHis', $curr_time);
if (is_array($config['installedpackages']['postfixsync'])) {
$synctimeout = $config['installedpackages']['postfixsync']['config'][0]['synctimeout'] ?: '250';
foreach ($config['installedpackages']['postfixsync']['config'][0]['row'] as $sh) {
// Get remote data for enabled fetch hosts
if ($sh['enabless'] && $sh['sync_type'] == 'fetch') {
$sync_to_ip = $sh['ipaddress'];
$port = $sh['syncport'];
$username = $sh['username'] ?: 'admin';
$password = $sh['password'];
$protocol = $sh['syncprotocol'];
$file = '/var/db/postfix/' . $server . '.sql';
$error = '';
$valid = TRUE;
if ($password == "") {
$error = "Password parameter is empty. ";
$valid = FALSE;
}
if ($protocol == "") {
$error = "Protocol parameter is empty. ";
$valid = FALSE;
}
if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) {
$error .= "Misconfigured Replication Target IP Address or Hostname. ";
$valid = FALSE;
}
if (!is_port($port)) {
$error .= "Misconfigured Replication Target Port. ";
$valid = FALSE;
}
if ($valid) {
// Take care of IPv6 literal address
if (is_ipaddrv6($sync_to_ip)) {
$sync_to_ip = "[{$sync_to_ip}]";
}
$url = "{$protocol}://{$sync_to_ip}";
print "{$sync_to_ip} {$url}, {$port}\n";
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/www/postfix.php');\n";
$execcmd .= '$toreturn = get_sql(' . $log_time . ');';
/* Assemble XMLRPC payload. */
$params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd));
log_error("[postfix] Fetching sql data from {$sync_to_ip}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
//$cli->setDebug(1);
$resp = $cli->send($msg, $synctimeout);
$a = $resp->value();
$errors = 0;
//var_dump($sql);
foreach ($a as $b) {
foreach ($b as $c) {
foreach ($c as $d) {
foreach ($d as $e) {
$update = unserialize($e['string']);
print $update['day'] . "\n";
if ($update['day'] != "") {
create_db($update['day'] . ".db");
if ($debug) {
print $update['day'] . " writing from remote system to db...";
}
$dbhandle = sqlite_open($postfix_dir . '/' . $update['day'] . ".db", 0666, $error);
//file_put_contents("/tmp/" . $key . '-' . $update['day'] . ".sql", gzuncompress(base64_decode($update['sql'])), LOCK_EX);
$ok = sqlite_exec($dbhandle, gzuncompress(base64_decode($update['sql'])), $error);
if (!$ok) {
$errors++;
die("Cannot execute query. {$error}\n" . $update['sql'] . "\n");
} elseif ($debug) {
print "ok\n";
}
sqlite_close($dbhandle);
}
}
}
}
}
if ($errors == 0) {
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/www/postfix.php');\n";
$execcmd .= 'flush_sql(' . $log_time . ');';
/* Assemble XMLRPC payload. */
$params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd));
log_error("[postfix] Flushing sql buffer file from {$sync_to_ip}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
//$cli->setDebug(1);
$resp = $cli->send($msg, $synctimeout);
}
} else {
log_error("[postfix] Fetch sql database from '{$sync_to_ip}' aborted due to the following error(s): {$error}");
}
}
}
log_error("[postfix] Fetch sql database completed.");
}
}
}
if ($_POST['type'] == "network") {
if (!is_ipaddr($_POST['address'])) {
$input_errors[] = "Geçerli bir adres tanımlanmaldır.";
}
if (!is_numeric($_POST['address_subnet'])) {
$input_errors[] = "Geçerli bir subnet bit count tanımlanmalıdır.";
}
}
if ($_POST['type'] == "url") {
if (stristr($_POST['address'], "http") == false) {
$input_errors[] = "Bu kaynak için geçerli bir URL sağlamanız gerekir.";
}
}
if ($_POST['type'] == "port") {
if (!is_port($_POST['address']) && !is_portrange($_POST['address'])) {
$input_errors[] = "Lütfen port aralığı içinde geçerlibir port tanımlayınız.";
}
}
/* check for name conflicts */
foreach ($a_aliases as $alias) {
if (isset($id) && $a_aliases[$id] && $a_aliases[$id] === $alias) {
continue;
}
if ($alias['name'] == $_POST['name']) {
$input_errors[] = "Bu takma isimle bir tanımlama mevcuttur.";
break;
}
}
/* check for name interface description conflicts */
foreach ($config['interfaces'] as $interface) {
$reqdfields = explode(" ", "interface proto localip");
$reqdfieldsn = explode(",", "Interface,Protocol,NAT IP");
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
if ($_POST['localip'] && !is_ipaddroralias($_POST['localip'])) {
$input_errors[] = "\"{$_POST['localip']}\" geçerli bir NAT IP adresi vey ahost alias değildir.";
}
/* only validate the ports if the protocol is TCP, UDP or TCP/UDP */
if (strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
if ($_POST['beginport'] && !is_ipaddroralias($_POST['beginport']) && !is_port($_POST['beginport'])) {
$input_errors[] = "Başlangıç portu 1 ile 65535 arasında bir tamsayı olmalıdır.";
}
if ($_POST['endport'] && !is_ipaddroralias($_POST['endport']) && !is_port($_POST['endport'])) {
$input_errors[] = "Bitiş portu 1 ile 65535 arasında bir değer olmalıdır.";
}
if ($_POST['localbeginport'] && !is_ipaddroralias($_POST['localbeginport']) && !is_port($_POST['localbeginport'])) {
$input_errors[] = "Yerel port tamsayı ve 1 ile 65535 arasında bir değer olmalıdır.";
}
if ($_POST['beginport'] > $_POST['endport']) {
/* swap */
$tmp = $_POST['endport'];
$_POST['endport'] = $_POST['beginport'];
$_POST['beginport'] = $tmp;
}
if (!$input_errors) {
if ($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport'] > 65535) {
$input_errors[] = "Hedef port 1 ile 65535 arasında bir değer olmalıdır.";
}
}
}
/* check for overlaps */
/* input validation */
if (!empty($pconfig['webguiport'])) {
if (!is_port($pconfig['webguiport'])) {
$input_errors[] = gettext("You must specify a valid webConfigurator port number");
}
}
if (!empty($pconfig['althostnames'])) {
$althosts = explode(" ", $pconfig['althostnames']);
foreach ($althosts as $ah) {
if (!is_hostname($ah)) {
$input_errors[] = sprintf(gettext("Alternate hostname %s is not a valid hostname."), htmlspecialchars($ah));
}
}
}
if (!empty($pconfig['sshport'])) {
if (!is_port($pconfig['sshport'])) {
$input_errors[] = gettext("You must specify a valid port number");
}
}
if (count($input_errors) == 0) {
// flag web ui for restart
if ($config['system']['webgui']['protocol'] != $pconfig['webguiproto'] || $config['system']['webgui']['port'] != $pconfig['webguiport'] || $config['system']['webgui']['ssl-certref'] != $pconfig['ssl-certref'] || ($pconfig['disablehttpredirect'] == "yes") != !empty($config['system']['webgui']['disablehttpredirect'])) {
$restart_webgui = true;
} else {
$restart_webgui = false;
}
$config['system']['webgui']['protocol'] = $pconfig['webguiproto'];
$config['system']['webgui']['port'] = $pconfig['webguiport'];
$config['system']['webgui']['ssl-certref'] = $pconfig['ssl-certref'];
if ($pconfig['disablehttpredirect'] == "yes") {
$config['system']['webgui']['disablehttpredirect'] = true;
define('NC_TIMEOUT', 10);
$do_testport = false;
$retval = 1;
if ($_POST || $_REQUEST['host']) {
unset($input_errors);
/* input validation */
$reqdfields = explode(" ", "host port");
$reqdfieldsn = array(gettext("Host"), gettext("Port"));
do_input_validation($_REQUEST, $reqdfields, $reqdfieldsn, $input_errors);
if (!is_ipaddr($_REQUEST['host']) && !is_hostname($_REQUEST['host'])) {
$input_errors[] = gettext("Please enter a valid IP or hostname.");
}
if (!is_port($_REQUEST['port'])) {
$input_errors[] = gettext("Please enter a valid port number.");
}
if ($_REQUEST['srcport'] != "" && (!is_numeric($_REQUEST['srcport']) || !is_port($_REQUEST['srcport']))) {
$input_errors[] = gettext("Please enter a valid source port number, or leave the field blank.");
}
if (is_ipaddrv4($_REQUEST['host']) && $_REQUEST['ipprotocol'] == "ipv6") {
$input_errors[] = gettext("You cannot connect to an IPv4 address using IPv6.");
}
if (is_ipaddrv6($_REQUEST['host']) && $_REQUEST['ipprotocol'] == "ipv4") {
$input_errors[] = gettext("You cannot connect to an IPv6 address using IPv4.");
}
if (!$input_errors) {
$do_testport = true;
$timeout = NC_TIMEOUT;
}
/* Save these request vars even if there were input errors. Then the fields are refilled for the user to correct. */
$host = $_REQUEST['host'];
$sourceip = $_REQUEST['sourceip'];
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
/* input validation */
$reqdfields = explode(" ", "ipaddr name port");
$reqdfieldsn = explode(",", "IP Address, Name, Port");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
for ($i = 0; isset($config['load_balancer']['virtual_server'][$i]); $i++) {
if ($_POST['name'] == $config['load_balancer']['virtual_server'][$i]['name'] && $i != $id) {
$input_errors[] = "Bu sanal sunucu zaten kullanımda. Sanal sunucun adı tekil olmak zorundadır.";
}
}
if (strstr($_POST['name'], '/')) {
$input_errors[] = "Sanal sunucu adı / karakterini içeremez.";
}
if (!is_port($_POST['port'])) {
$input_errors[] = "Port numarası 1 ile 65535 arasında olmalıdır.";
}
if (!is_ipaddr($_POST['ipaddr'])) {
$input_errors[] = "{$_POST['ipaddr']} geçersiz bir IP adresi girildi.";
}
if (!isset($_POST['sitedown']) || $_POST['sitedown'] == "") {
$input_errors[] = "Bir Pool Down Sunucusunun tanımlanması gereklidir.";
}
if ($_POST['sitedown'] != "" && !is_ipaddr($_POST['sitedown'])) {
$input_errors[] = "{$_POST['sitedown']} geçerli bir IP adresi değildir.";
}
if (!$input_errors) {
$vsent = array();
if (isset($id) && $a_vs[$id]) {
$vsent = $a_vs[$id];
}
if (isset($pconfig['after']) && isset($a_out[$pconfig['after']])) {
$after = $pconfig['after'];
}
/* input validation */
$reqdfields = explode(" ", "interface protocol source source_subnet destination destination_subnet");
$reqdfieldsn = array(gettext("Interface"), gettext("Protocol"), gettext("Source"), gettext("Source bit count"), gettext("Destination"), gettext("Destination bit count"));
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if (in_array($pconfig['protocol'], explode(" ", "any tcp udp tcp/udp"))) {
if (!empty($pconfig['sourceport']) && !is_portoralias($pconfig['sourceport'])) {
$input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry.");
}
if (!empty($pconfig['dstport']) && !is_portoralias($pconfig['dstport'])) {
$input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry.");
}
if (!empty($pconfig['natport']) && !is_port($pconfig['natport']) && empty($pconfig['nonat'])) {
$input_errors[] = gettext("You must supply a valid port for the NAT port entry.");
}
}
if (!(in_array($pconfig['source'], array("any", "(self)")) || is_ipaddroralias($pconfig['source']))) {
$input_errors[] = gettext("A valid source must be specified.");
}
if (!empty($pconfig['source_subnet']) && !is_numericint($pconfig['source_subnet'])) {
$input_errors[] = gettext("A valid source bit count must be specified.");
}
if (!(in_array($pconfig['destination'], array("any", "(self)")) || is_ipaddroralias($pconfig['destination']))) {
$input_errors[] = gettext("A valid destination must be specified.");
}
if (!empty($pconfig['destination_subnet']) && !is_numericint($pconfig['destination_subnet'])) {
$input_errors[] = gettext("A valid destination bit count must be specified.");
}
$pconfig = $_POST;
ob_flush();
flush();
if (!empty($_POST['crypto_hardware']) && !array_key_exists($_POST['crypto_hardware'], $crypto_modules)) {
$input_errors[] = gettext("Please select a valid Cryptographic Accelerator.");
}
if (!empty($_POST['thermal_hardware']) && !array_key_exists($_POST['thermal_hardware'], $thermal_hardware_modules)) {
$input_errors[] = gettext("Please select a valid Thermal Hardware Sensor.");
}
if (!empty($_POST['use_mfs_tmp_size']) && (!is_numeric($_POST['use_mfs_tmp_size']) || $_POST['use_mfs_tmp_size'] < 40)) {
$input_errors[] = gettext("/tmp Size must be numeric and should not be less than 40MiB.");
}
if (!empty($_POST['use_mfs_var_size']) && (!is_numeric($_POST['use_mfs_var_size']) || $_POST['use_mfs_var_size'] < 60)) {
$input_errors[] = gettext("/var Size must be numeric and should not be less than 60MiB.");
}
if (!empty($_POST['proxyport']) && !is_port($_POST['proxyport'])) {
$input_errors[] = gettext("Proxy port must be a valid port number, 1-65535.");
}
if (!empty($_POST['proxyurl']) && !is_fqdn($_POST['proxyurl']) && !is_ipaddr($_POST['proxyurl'])) {
$input_errors[] = gettext("Proxy URL must be a valid IP address or FQDN.");
}
if (!empty($_POST['proxyuser']) && preg_match("/[^a-zA-Z0-9\\.\\-_@]/", $_POST['proxyuser'])) {
$input_errors[] = gettext("The proxy username contains invalid characters.");
}
if ($_POST['proxypass'] != $_POST['proxypass_confirm']) {
$input_errors[] = gettext("Proxy password and confirmation must match.");
}
if (!$input_errors) {
if ($_POST['harddiskstandby'] != "") {
$config['system']['harddiskstandby'] = $_POST['harddiskstandby'];
system_set_harddisk_standby();
$desc_fmt_err_found = false;
if ($tab == "port") {
$alias_type = $tab;
} else {
$alias_type = "host";
}
foreach ($tocheck as $impline) {
$implinea = explode(" ", trim($impline), 2);
$impip = $implinea[0];
$impdesc = trim($implinea[1]);
if (strlen($impdesc) < 200) {
if (strpos($impdesc, "||") === false && substr($impdesc, 0, 1) != "|" && substr($impdesc, -1, 1) != "|") {
if ($tab == "port") {
// Port alias
if (!empty($impip)) {
if (is_port($impip) || is_portrange($impip)) {
$imported_ips[] = $impip;
$imported_descs[] = $impdesc;
} else {
$input_errors[] = sprintf(gettext("%s is not a valid port or port range."), $impip);
}
}
} else {
// IP alias - host or network
$iprange_type = is_iprange($impip);
if ($iprange_type == 4) {
list($startip, $endip) = explode('-', $impip);
$rangesubnets = ip_range_to_subnet_array($startip, $endip);
$imported_ips = array_merge($imported_ips, $rangesubnets);
$rangedescs = array_fill(0, count($rangesubnets), $impdesc);
$imported_descs = array_merge($imported_descs, $rangedescs);
function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0, $ipproto = "inet")
{
/* Check for valid int, srchost, dsthost, dstport, and proto */
$protocols_with_ports = array('tcp', 'udp');
$src = trim($src, "[]");
$dst = trim($dst, "[]");
if (!empty($int) && !empty($proto) && !empty($src) && !empty($dst)) {
$int = easyrule_find_rule_interface($int);
if ($int === false) {
return gettext("Invalid interface for pass rule:") . ' ' . htmlspecialchars($int);
}
if (getprotobyname($proto) == -1) {
return gettext("Invalid protocol for pass rule:") . ' ' . htmlspecialchars($proto);
}
if (!is_ipaddr($src) && !is_subnet($src) && !is_ipaddroralias($src) && !is_specialnet($src)) {
return gettext("Tried to pass invalid source IP:") . ' ' . htmlspecialchars($src);
}
if (!is_ipaddr($dst) && !is_subnet($dst) && !is_ipaddroralias($dst) && !is_specialnet($dst)) {
return gettext("Tried to pass invalid destination IP:") . ' ' . htmlspecialchars($dst);
}
if (in_array($proto, $protocols_with_ports)) {
if (empty($dstport)) {
return gettext("Missing destination port:") . ' ' . htmlspecialchars($dstport);
}
if (!is_port($dstport) && $dstport != "any") {
return gettext("Tried to pass invalid destination port:") . ' ' . htmlspecialchars($dstport);
}
} else {
$dstport = 0;
}
/* Should have valid input... */
if (easyrule_pass_rule_add($int, $proto, $src, $dst, $dstport, $ipproto)) {
return gettext("Successfully added pass rule!");
} else {
return gettext("Failed to add pass rule.");
}
} else {
return gettext("Missing parameters for pass rule.");
}
return gettext("Unknown pass error.");
}
require "guiconfig.inc";
define('NC_TIMEOUT', 10);
if ($_POST || $_REQUEST['host']) {
unset($input_errors);
unset($do_testport);
/* input validation */
$reqdfields = explode(" ", "host port");
$reqdfieldsn = array(gettext("Host"), gettext("Port"));
do_input_validation($_REQUEST, $reqdfields, $reqdfieldsn, $input_errors);
if (!is_ipaddr($_REQUEST['host']) && !is_hostname($_REQUEST['host'])) {
$input_errors[] = gettext("Please enter a valid IP or hostname.");
}
if (!is_port($_REQUEST['port'])) {
$input_errors[] = gettext("Please enter a valid port number.");
}
if (!is_numeric($_REQUEST['srcport']) || !is_port($_REQUEST['srcport'])) {
$input_errors[] = gettext("Please enter a valid source port number, or leave the field blank.");
}
if (is_ipaddrv4($_REQUEST['host']) && $_REQUEST['ipprotocol'] == "ipv6") {
$input_errors[] = gettext("You cannot connect to an IPv4 address using IPv6.");
}
if (is_ipaddrv6($_REQUEST['host']) && $_REQUEST['ipprotocol'] == "ipv4") {
$input_errors[] = gettext("You cannot connect to an IPv6 address using IPv4.");
}
if (!$input_errors) {
$do_testport = true;
$host = $_REQUEST['host'];
$sourceip = $_REQUEST['sourceip'];
$port = $_REQUEST['port'];
$srcport = $_REQUEST['srcport'];
$showtext = isset($_REQUEST['showtext']);
$input_errors[] = gettext("You cannot use spaces or slashes in the 'name' field.");
}
if (strlen($_POST['name']) > 16) {
$input_errors[] = gettext("The 'name' field must be 16 characters or less.");
}
if (in_array($_POST['name'], $reserved_table_names)) {
$input_errors[] = sprintf(gettext("The name '%s' is a reserved word and cannot be used."), $_POST['name']);
}
if (is_alias($_POST['name'])) {
$input_errors[] = sprintf(gettext("Sorry, an alias is already named %s."), $_POST['name']);
}
if (!is_portoralias($_POST['port'])) {
$input_errors[] = gettext("The port must be an integer between 1 and 65535, or a port alias.");
}
// May as well use is_port as we want a positive integer and such.
if (!empty($_POST['retry']) && !is_port($_POST['retry'])) {
$input_errors[] = gettext("The retry value must be an integer between 1 and 65535.");
}
if (is_array($_POST['servers'])) {
foreach ($pconfig['servers'] as $svrent) {
if (!is_ipaddr($svrent) && !is_subnetv4($svrent)) {
$input_errors[] = sprintf(gettext("%s is not a valid IP address or IPv4 subnet (in \"enabled\" list)."), $svrent);
} else {
if (is_subnetv4($svrent) && subnet_size($svrent) > 64) {
$input_errors[] = sprintf(gettext("%s is a subnet containing more than 64 IP addresses (in \"enabled\" list)."), $svrent);
}
}
}
}
if (is_array($_POST['serversdisabled'])) {
foreach ($pconfig['serversdisabled'] as $svrent) {
$port = trim(filter_expand_alias($v['bounce_to_port']));
if (!empty($net) && !empty($port) && snort_is_single_addr_alias($v['bounce_to_net']) && (is_port($port) || is_portrange($port))) {
$port = preg_replace('/\\s+/', ',', $port);
// Change port range delimiter to comma for ftp_telnet client preprocessor
if (is_portrange($port)) {
$port = str_replace(":", ",", $port);
}
$buffer .= "\tbounce yes \\\n";
$buffer .= "\tbounce_to { {$net},{$port} }\n";
} else {
// One or both of the BOUNCE_TO alias values is not right,
// so figure out which and log an appropriate error.
if (empty($net) || !snort_is_single_addr_alias($v['bounce_to_net'])) {
log_error("[snort] ERROR: illegal value for bounce_to Address Alias [{$v['bounce_to_net']}] for FTP client engine [{$v['name']}] ... omitting 'bounce_to' option for this client engine.");
}
if (empty($port) || !(is_port($port) || is_portrange($port))) {
log_error("[snort] ERROR: illegal value for bounce_to Port Alias [{$v['bounce_to_port']}] for FTP client engine [{$v['name']}] ... omitting 'bounce_to' option for this client engine.");
}
$buffer .= "\tbounce yes\n";
}
} else {
$buffer .= "\tbounce yes\n";
}
} else {
$buffer .= "\tbounce no\n";
}
// Add this FTP client engine to the master string
$ftp_client_engine .= "{$buffer}\n";
}
// Trim final trailing newline
rtrim($ftp_client_engine);
function String_Begins_With($needle, $haystack)
{
return substr($haystack, 0, strlen($needle)) == $needle;
}
if (String_Begins_With(_msdcs, $_POST['domain'])) {
$subdomainstr = substr($_POST['domain'], 7);
if ($subdomainstr && !is_domain($subdomainstr)) {
$input_errors[] = gettext("A valid domain must be specified after _msdcs.");
}
} elseif ($_POST['domain'] && !is_domain($_POST['domain'])) {
$input_errors[] = gettext("A valid domain must be specified.");
}
if ($_POST['ip']) {
if (strpos($_POST['ip'], '@') !== false) {
$ip_details = explode("@", $_POST['ip']);
if (!is_ipaddr($ip_details[0]) || !is_port($ip_details[1])) {
$input_errors[] = gettext("A valid IP address and port must be specified, for example 192.168.100.10@5353.");
}
} else {
if (!is_ipaddr($_POST['ip'])) {
$input_errors[] = gettext("A valid IP address must be specified, for example 192.168.100.10.");
}
}
}
if (!$input_errors) {
$doment = array();
$doment['domain'] = $_POST['domain'];
$doment['ip'] = $_POST['ip'];
$doment['descr'] = $_POST['descr'];
if (isset($id) && $a_domainOverrides[$id]) {
$a_domainOverrides[$id] = $doment;
if ($_POST['sourceport']) {
$_POST['sourceport'] = trim($_POST['sourceport']);
}
if ($_POST['dstport']) {
$_POST['dstport'] = trim($_POST['dstport']);
}
if ($_POST['natport']) {
$_POST['natport'] = trim($_POST['natport']);
}
if ($protocol_uses_ports && $_POST['sourceport'] != "" && !is_portoralias($_POST['sourceport'])) {
$input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry.");
}
if ($protocol_uses_ports && $_POST['dstport'] != "" && !is_portoralias($_POST['dstport'])) {
$input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry.");
}
if ($protocol_uses_ports && $_POST['natport'] != "" && !is_port($_POST['natport']) && !isset($_POST['nonat'])) {
$input_errors[] = gettext("You must supply a valid port for the NAT port entry.");
}
if ($_POST['source_type'] != "any" && $_POST['source_type'] != "(self)") {
if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] != "any") {
$input_errors[] = gettext("A valid source must be specified.");
}
}
if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) {
$input_errors[] = gettext("A valid source bit count must be specified.");
}
if ($_POST['destination_type'] != "any") {
if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) {
$input_errors[] = gettext("A valid destination must be specified.");
}
}
}
// Validate the BOUNCE-TO Alias entries for correct format of their defined values. BOUNCE-TO ADDRESS must be
// a valid single IP, and BOUNCE-TO PORT must be either a single port value or a port range value. Provide
// detailed error messages for the user that explain any problems.
if ($_POST['ftp_client_bounce_to_net'] && $_POST['ftp_client_bounce_to_port']) {
if (!snort_is_single_addr_alias($_POST['ftp_client_bounce_to_net'])) {
$net = trim(filter_expand_alias($_POST['ftp_client_bounce_to_net']));
$net = preg_replace('/\\s+/', ',', $net);
$msg = gettext("The FTP Protocol BOUNCE-TO ADDRESS parameter must be a single IP network or address, ");
$msg .= gettext("so the supplied Alias must be defined as a single address or network in CIDR form. ");
$msg .= gettext("The Alias [ {$_POST['ftp_client_bounce_to_net']} ] is currently defined as [ {$net} ].");
$input_errors[] = $msg;
}
$port = trim(filter_expand_alias($_POST['ftp_client_bounce_to_port']));
$port = preg_replace('/\\s+/', ',', $port);
if (!is_port($port) && !is_portrange($port)) {
$msg = gettext("The FTP Protocol BOUNCE-TO PORT parameter must be a single port or port-range, ");
$msg .= gettext("so the supplied Alias must be defined as a single port or port-range value. ");
$msg .= gettext("The Alias [ {$_POST['ftp_client_bounce_to_port']} ] is currently defined as [ {$port} ].");
$input_errors[] = $msg;
}
}
$engine['bounce_to_net'] = $_POST['ftp_client_bounce_to_net'];
$engine['bounce_to_port'] = $_POST['ftp_client_bounce_to_port'];
$engine['telnet_cmds'] = $_POST['ftp_telnet_cmds'] ? 'yes' : 'no';
$engine['ignore_telnet_erase_cmds'] = $_POST['ftp_ignore_telnet_erase_cmds'] ? 'yes' : 'no';
$engine['bounce'] = $_POST['ftp_client_bounce_detect'] ? 'yes' : 'no';
$engine['max_resp_len'] = $_POST['ftp_max_resp_len'];
/* Can only have one "all" Bind_To address */
if ($engine['bind_to'] == "all" && $engine['name'] != "default") {
$input_errors[] = gettext("Only one default FTP Engine can be bound to all addresses.");
if ($_POST['radiusip4'] && !is_ipaddr($_POST['radiusip4'])) {
$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip4']);
}
if ($_POST['radiusport'] && !is_port($_POST['radiusport'])) {
$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport']);
}
if ($_POST['radiusport2'] && !is_port($_POST['radiusport2'])) {
$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport2']);
}
if ($_POST['radiusport3'] && !is_port($_POST['radiusport3'])) {
$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport3']);
}
if ($_POST['radiusport4'] && !is_port($_POST['radiusport4'])) {
$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport4']);
}
if ($_POST['radiusacctport'] && !is_port($_POST['radiusacctport'])) {
$input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusacctport']);
}
if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || $_POST['maxproc'] < 4 || $_POST['maxproc'] > 100)) {
$input_errors[] = gettext("The maximum number of concurrent connections per client IP address may not be larger than the global maximum.");
}
if (trim($_POST['radiusnasid']) !== "" && !preg_match("/^[!-~]{3,253}\$/i", trim($_POST['radiusnasid']))) {
$input_errors[] = gettext("The NAS-Identifier must be 3-253 characters long and should only contain ASCII characters.");
}
if (!$input_errors) {
$newcp =& $a_cp[$cpzone];
//$newcp['zoneid'] = $a_cp[$cpzone]['zoneid'];
if (empty($newcp['zoneid'])) {
$newcp['zoneid'] = 2;
foreach ($a_cp as $keycpzone => $cp) {
if ($cp['zoneid'] == $newcp['zoneid'] && $keycpzone != $cpzone) {
}
}
if (empty($pconfig['active_interface'])) {
$input_errors[] = gettext("One or more Network Interfaces must be selected for binding.");
} else {
if (!isset($config['system']['dnslocalhost']) && (!in_array("lo0", $pconfig['active_interface']) && !in_array("all", $pconfig['active_interface']))) {
$input_errors[] = gettext("This system is configured to use the DNS Resolver as its DNS server, so Localhost or All must be selected in Network Interfaces.");
}
}
if (empty($pconfig['outgoing_interface'])) {
$input_errors[] = gettext("One or more Outgoing Network Interfaces must be selected.");
}
if (empty($pconfig['system_domain_local_zone_type'])) {
$input_errors[] = gettext("A System Domain Local-Zone Type must be selected.");
}
if ($pconfig['port'] && !is_port($pconfig['port'])) {
$input_errors[] = gettext("You must specify a valid port number.");
}
if (is_array($pconfig['active_interface']) && !empty($pconfig['active_interface'])) {
$display_active_interface = $pconfig['active_interface'];
$pconfig['active_interface'] = implode(",", $pconfig['active_interface']);
}
$display_custom_options = $pconfig['custom_options'];
$pconfig['custom_options'] = base64_encode(str_replace("\r\n", "\n", $pconfig['custom_options']));
if (is_array($pconfig['outgoing_interface']) && !empty($pconfig['outgoing_interface'])) {
$display_outgoing_interface = $pconfig['outgoing_interface'];
$pconfig['outgoing_interface'] = implode(",", $pconfig['outgoing_interface']);
}
if (isset($pconfig['system_domain_local_zone_type']) && !empty($pconfig['system_domain_local_zone_type'])) {
$display_system_domain_local_zone_type = $pconfig['system_domain_local_zone_type'];
$pconfig['system_domain_local_zone_type'] = $pconfig['system_domain_local_zone_type'];
}
if ($_POST['enable'] && !is_numericint($_POST['timeout'])) {
$error_bucket[] = array("error" => gettext("The maximum idle time be a number."), "field" => "timeout");
}
if ($_POST['enable'] && $_POST['pasv_address']) {
if (!is_ipaddr($_POST['pasv_address'])) {
$error_bucket[] = array("error" => gettext("The pasv address must be a public IP address."), "field" => "pasv_address");
}
}
if ($_POST['enable'] && $_POST['pasv_max_port']) {
if (!is_port($_POST['pasv_max_port'])) {
$error_bucket[] = array("error" => gettext("The pasv_max_port port must be a valid port number."), "field" => "pasv_max_port");
}
}
if ($_POST['enable'] && $_POST['pasv_min_port']) {
if (!is_port($_POST['pasv_min_port'])) {
$error_bucket[] = array("error" => gettext("The pasv_min_port port must be a valid port number."), "field" => "pasv_min_port");
}
}
if ($_POST['passiveip'] && !is_ipaddr($_POST['passiveip'])) {
$error_bucket[] = array("error" => gettext("A valid IP address must be specified."), "field" => "passiveip");
}
if (!$_POST['anonymous'] && !$_POST['localuser']) {
$input_errors[] = _SRVFTP_MSGVALIDAUTH;
$error_bucket[] = array("error" => gettext("You must select at minium anonymous or/and local user authentication."), "field" => "localuser");
}
if (is_array($error_bucket)) {
foreach ($error_bucket as $elem) {
$input_errors[] =& $elem["error"];
}
}
