$_POST['srcendport'] = 0; } if (!$_POST['dstbeginport']) { $_POST['dstbeginport'] = 0; $_POST['dstendport'] = 0; } if ($_POST['srcbeginport'] && !alias_expand($_POST['srcbeginport']) && !is_port($_POST['srcbeginport'])) { $input_errors[] = "The start source port must be an alias or integer between 1 and 65535."; } if ($_POST['srcendport'] && !alias_expand($_POST['srcendport']) && !is_port($_POST['srcendport'])) { $input_errors[] = "The end source port must be an alias or integer between 1 and 65535."; } if ($_POST['dstbeginport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstbeginport'])) { $input_errors[] = "The start destination port must be an alias or integer between 1 and 65535."; } if ($_POST['dstendport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstendport'])) { $input_errors[] = "The end destination port must be an alias or integer between 1 and 65535."; } if (!is_specialnet($_POST['srctype'])) { if ($_POST['src'] && !is_ipaddroranyalias($_POST['src'])) { $input_errors[] = "A valid source IP address or alias must be specified."; } if ($_POST['srcmask'] && !is_numericint($_POST['srcmask'])) { $input_errors[] = "A valid source bit count must be specified."; } } if (!is_specialnet($_POST['dsttype'])) { if ($_POST['dst'] && !is_ipaddroranyalias($_POST['dst'])) { $input_errors[] = "A valid destination IP address or alias must be specified."; } if ($_POST['dstmask'] && !is_numericint($_POST['dstmask'])) {
} if ($_POST['max_procs']) { if (!is_numericint($_POST['max_procs']) || $_POST['max_procs'] < 1 || $_POST['max_procs'] > 500) { $input_errors[] = gettext("Max Processes must be a number 1 or greater"); } } if ($_POST['althostnames']) { $althosts = explode(" ", $_POST['althostnames']); foreach ($althosts as $ah) { if (!is_hostname($ah)) { $input_errors[] = sprintf(gettext("Alternate hostname %s is not a valid hostname."), htmlspecialchars($ah)); } } } if ($_POST['sshport']) { if (!is_port($_POST['sshport'])) { $input_errors[] = gettext("You must specify a valid port number"); } } if ($_POST['sshdkeyonly'] == "yes") { $config['system']['ssh']['sshdkeyonly'] = "enabled"; } else { if (isset($config['system']['ssh']['sshdkeyonly'])) { unset($config['system']['ssh']['sshdkeyonly']); } } ob_flush(); flush(); if (!$input_errors) { if (update_if_changed("webgui protocol", $config['system']['webgui']['protocol'], $_POST['webguiproto'])) { $restart_webgui = true;
if (!is_domain($_POST['auth_server_addr']) && !is_ipaddr($_POST['auth_server_addr'])) { $input_errors[] = gettext("802.1X Authentication Server must be an IP or hostname."); } } if (!empty($_POST['auth_server_addr2'])) { if (!is_domain($_POST['auth_server_addr2']) && !is_ipaddr($_POST['auth_server_addr2'])) { $input_errors[] = gettext("Secondary 802.1X Authentication Server must be an IP or hostname."); } } if (!empty($_POST['auth_server_port'])) { if (!is_port($_POST['auth_server_port'])) { $input_errors[] = gettext("802.1X Authentication Server Port must be a valid port number (1-65535)."); } } if (!empty($_POST['auth_server_port2'])) { if (!is_port($_POST['auth_server_port2'])) { $input_errors[] = gettext("Secondary 802.1X Authentication Server Port must be a valid port number (1-65535)."); } } if (isset($_POST['channel']) && !is_numericint($_POST['channel'])) { if (!is_numericint($_POST['channel'])) { $input_errors[] = gettext("Invalid channel specified."); } else { if ($_POST['channel'] > 255 || $_POST['channel'] < 0) { $input_errors[] = gettext("Channel must be between 0-255."); } } } if (!empty($_POST['distance']) && !is_numericint($_POST['distance'])) { $input_errors[] = gettext("Distance must be an integer."); }
/* item is a normal alias type */ $wrongaliases = ""; $desc_fmt_err_found = false; for ($x = 0; $x < 4999; $x++) { if ($_POST["address{$x}"] != "") { $_POST["address{$x}"] = trim($_POST["address{$x}"]); if (is_alias($_POST["address{$x}"])) { if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) { // But alias type network can include alias type urltable. Feature#1603. if (!($_POST['type'] == 'network' && preg_match("/urltable/i", alias_get_type($_POST["address{$x}"])))) { $wrongaliases .= " " . $_POST["address{$x}"]; } } } else { if ($_POST['type'] == "port") { if (!is_port($_POST["address{$x}"]) && !is_portrange($_POST["address{$x}"])) { $input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias."); } } else { if ($_POST['type'] == "host" || $_POST['type'] == "network") { if (is_subnet($_POST["address{$x}"]) || !is_ipaddr($_POST["address{$x}"]) && !is_hostname($_POST["address{$x}"]) && !is_iprange($_POST["address{$x}"])) { $input_errors[] = sprintf(gettext('%1$s is not a valid %2$s alias.'), $_POST["address{$x}"], $_POST['type']); } } } } if (is_iprange($_POST["address{$x}"])) { list($startip, $endip) = explode('-', $_POST["address{$x}"]); $rangesubnets = ip_range_to_subnet_array($startip, $endip); $address = array_merge($address, $rangesubnets); } else {
} } } } // Validate the input data expanded above. foreach ($input_addresses as $idx => $input_address) { if (is_alias($input_address)) { if (!alias_same_type($input_address, $_POST['type'])) { // But alias type network can include alias type urltable. Feature#1603. if (!($_POST['type'] == 'network' && preg_match("/urltable/i", alias_get_type($input_address)))) { $wrongaliases .= " " . $input_address; } } } else { if ($_POST['type'] == "port") { if (!is_port($input_address) && !is_portrange($input_address)) { $input_errors[] = $input_address . " " . gettext("is not a valid port or alias."); } } else { if ($_POST['type'] == "host" || $_POST['type'] == "network") { if (is_subnet($input_address) || !is_ipaddr($input_address) && !is_hostname($input_address)) { $input_errors[] = sprintf(gettext('%1$s is not a valid %2$s address, FQDN or alias.'), $input_address, $_POST['type']); } } } } $tmpaddress = $input_address; if ($_POST['type'] != "host" && is_ipaddr($input_address) && $input_address_subnet[$idx] != "") { if (!is_subnet($input_address . "/" . $input_address_subnet[$idx])) { $input_errors[] = sprintf(gettext('%s/%s is not a valid subnet.'), $input_address, $input_address_subnet[$idx]); } else {
if ($newpost != $temp) { $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."), $temp); } } /* input validation */ $reqdfields = explode(" ", "interface protocol source source_subnet destination destination_subnet"); $reqdfieldsn = array(gettext("Interface"), gettext("Protocol"), gettext("Source"), gettext("Source bit count"), gettext("Destination"), gettext("Destination bit count")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); $protocol_uses_ports = in_array($_POST['protocol'], explode(" ", "any tcp udp tcp/udp")); if ($protocol_uses_ports && $_POST['sourceport'] != "" && !is_portoralias($_POST['sourceport'])) { $input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); } if ($protocol_uses_ports and $_POST['dstport'] != "" and !is_portoralias($_POST['dstport'])) { $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); } if ($protocol_uses_ports and $_POST['natport'] != "" and !is_port($_POST['natport']) and !isset($_POST['nonat'])) { $input_errors[] = gettext("You must supply a valid port for the nat port entry."); } if ($_POST['source_type'] != "any") { if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] != "any") { $input_errors[] = gettext("A valid source must be specified."); } } if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if ($_POST['destination_type'] != "any") { if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) { $input_errors[] = gettext("A valid destination must be specified."); } }
} if ($host != "") { $host_string = str_replace(array(" ", "|", ","), array("", "#|", "#+"), $host); if (strpos($host_string, '#') === false) { $hosts = array($host); } else { $hosts = explode('#', $host_string); } foreach ($hosts as $h) { if (!is_subnet(strip_host_logic($h)) && !is_ipaddr(strip_host_logic($h))) { $input_errors[] = sprintf(gettext("A valid IP address or CIDR block must be specified. [%s]"), $h); } } } if ($port != "") { if (!is_port(strip_not($port))) { $input_errors[] = gettext("Invalid value specified for port."); } } if ($snaplen == "") { $snaplen = 0; } else { if (!is_numeric($snaplen) || $snaplen < 0) { $input_errors[] = gettext("Invalid value specified for packet length."); } } if ($count == "") { $count = 0; } else { if (!is_numeric($count) || $count < 0) { $input_errors[] = gettext("Invalid value specified for packet count.");
} if ($pconfig['fam'] !== "" && $pconfig['fam'] !== "ip" && $pconfig['fam'] !== "ip6") { $input_errors[] = gettext("Invalid address family."); } $protos = array('icmp', 'icmp6', 'tcp', 'udp', 'arp', 'carp', 'esp', '!icmp', '!icmp6', '!tcp', '!udp', '!arp', '!carp', '!esp'); if ($pconfig['proto'] !== "" && !in_array(ltrim(trim($pconfig['proto']), '!'), $protos)) { $input_errors[] = gettext("Invalid protocol."); } if (!empty($pconfig['host'])) { foreach (explode(' ', $pconfig['host']) as $token) { if (!in_array(trim($token), array('and', 'or', 'not')) && !is_ipaddr($token) && !is_subnet($token)) { $input_errors[] = sprintf(gettext("A valid IP address or CIDR block must be specified. [%s]"), $token); } } } if (!empty($pconfig['port']) && !is_port(ltrim(trim($pconfig['port']), 'not'))) { $input_errors[] = gettext("Invalid value specified for port."); } if (!empty($pconfig['snaplen']) && (!is_numeric($pconfig['snaplen']) || $snaplen < 0)) { $input_errors[] = gettext("Invalid value specified for packet length."); } if (!empty($pconfig['count']) && (!is_numeric($pconfig['count']) || $count < 0)) { $input_errors[] = gettext("Invalid value specified for packet count."); } if (count($input_errors) == 0) { start_capture($pconfig); } } elseif (!empty($pconfig['stop'])) { stop_capture(); } elseif (!empty($pconfig['remove'])) { if (file_exists('/root/packetcapture.cap')) {
$pconfig['showtext'] = null; $pconfig['sourceip'] = null; } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { $pconfig = $_POST; $input_errors = array(); /* input validation */ $reqdfields = explode(" ", "host port"); $reqdfieldsn = array(gettext("Host"), gettext("Port")); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); if (!is_ipaddr($pconfig['host']) && !is_hostname($pconfig['host'])) { $input_errors[] = gettext("Please enter a valid IP or hostname."); } if (!is_port($pconfig['port'])) { $input_errors[] = gettext("Please enter a valid port number."); } if ($pconfig['srcport'] != "" && (!is_numeric($pconfig['srcport']) || !is_port($pconfig['srcport']))) { $input_errors[] = gettext("Please enter a valid source port number, or leave the field blank."); } if (is_ipaddrv4($pconfig['host']) && $pconfig['ipprotocol'] == "ipv6") { $input_errors[] = gettext("You cannot connect to an IPv4 address using IPv6."); } if (is_ipaddrv6($pconfig['host']) && $pconfig['ipprotocol'] == "ipv4") { $input_errors[] = gettext("You cannot connect to an IPv6 address using IPv4."); } if (count($input_errors) == 0) { $nc_args = "-w 10"; if (empty($pconfig['showtext'])) { $nc_args .= " -z "; } if (!empty($pconfig['srcport'])) { $nc_args .= " -p " . escapeshellarg($pconfig['srcport']) . " ";
} } else { /* item is a normal alias type */ $wrongaliases = ""; for ($x = 0; $x < 4999; $x++) { if ($_POST["address{$x}"] != "") { if (is_alias($_POST["address{$x}"])) { if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) { // But alias type network can include alias type urltable. Feature#1603. if (!($_POST['type'] == 'network' && alias_get_type($_POST["address{$x}"]) == 'urltable')) { $wrongaliases .= " " . $_POST["address{$x}"]; } } } else { if ($_POST['type'] == "port") { if (!is_port($_POST["address{$x}"])) { $input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias."); } } else { if ($_POST['type'] == "host" || $_POST['type'] == "network") { if (!is_ipaddr($_POST["address{$x}"]) && !is_hostname($_POST["address{$x}"]) && !is_iprange($_POST["address{$x}"])) { $input_errors[] = sprintf(gettext('%1$s is not a valid %2$s alias.'), $_POST["address{$x}"], $_POST['type']); } } } } if (is_iprange($_POST["address{$x}"])) { list($startip, $endip) = explode('-', $_POST["address{$x}"]); $rangesubnets = ip_range_to_subnet_array($startip, $endip); $address = array_merge($address, $rangesubnets); } else {
} } } /* DSPAM Daemon Settings (Client) */ if ($_POST['enabledsclient'] == "yes") { if (!$_POST['dsclhost'] != "") { $error_bucket[] = array("error" => "You must specify a valid server name value for the DSPAM client host.", "field" => "dsclhost"); } else { foreach (explode(' ', $_POST['dsclhost']) as $ts) { if (!is_domain($ts)) { $error_bucket[] = array("error" => "A DSPAM client host name may only contain the characters a-z, 0-9, '-' and '.'.", "field" => "dsclhost"); break; } } } if (!is_port($_POST['dsclport'])) { $error_bucket[] = array("error" => "You must specify a valid port value for the DSPAM client host.", "field" => "dsclport"); } if (!$_POST['dsclident'] != "") { $error_bucket[] = array("error" => "You must specify a valid value as identification string for the DSPAM client.", "field" => "dsclident"); } } if (is_array($error_bucket)) { foreach ($error_bucket as $elem) { $input_errors[] =& $elem["error"]; } } /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { input_errors2Ajax($input_errors); exit;
function get_remote_log() { global $config, $g, $postfix_dir; $curr_time = time(); $log_time = date('YmdHis', $curr_time); if (is_array($config['installedpackages']['postfixsync'])) { $synctimeout = $config['installedpackages']['postfixsync']['config'][0]['synctimeout'] ?: '250'; foreach ($config['installedpackages']['postfixsync']['config'][0]['row'] as $sh) { // Get remote data for enabled fetch hosts if ($sh['enabless'] && $sh['sync_type'] == 'fetch') { $sync_to_ip = $sh['ipaddress']; $port = $sh['syncport']; $username = $sh['username'] ?: 'admin'; $password = $sh['password']; $protocol = $sh['syncprotocol']; $file = '/var/db/postfix/' . $server . '.sql'; $error = ''; $valid = TRUE; if ($password == "") { $error = "Password parameter is empty. "; $valid = FALSE; } if ($protocol == "") { $error = "Protocol parameter is empty. "; $valid = FALSE; } if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { $error .= "Misconfigured Replication Target IP Address or Hostname. "; $valid = FALSE; } if (!is_port($port)) { $error .= "Misconfigured Replication Target Port. "; $valid = FALSE; } if ($valid) { // Take care of IPv6 literal address if (is_ipaddrv6($sync_to_ip)) { $sync_to_ip = "[{$sync_to_ip}]"; } $url = "{$protocol}://{$sync_to_ip}"; print "{$sync_to_ip} {$url}, {$port}\n"; $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/www/postfix.php');\n"; $execcmd .= '$toreturn = get_sql(' . $log_time . ');'; /* Assemble XMLRPC payload. */ $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); log_error("[postfix] Fetching sql data from {$sync_to_ip}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); //$cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); $a = $resp->value(); $errors = 0; //var_dump($sql); foreach ($a as $b) { foreach ($b as $c) { foreach ($c as $d) { foreach ($d as $e) { $update = unserialize($e['string']); print $update['day'] . "\n"; if ($update['day'] != "") { create_db($update['day'] . ".db"); if ($debug) { print $update['day'] . " writing from remote system to db..."; } $dbhandle = sqlite_open($postfix_dir . '/' . $update['day'] . ".db", 0666, $error); //file_put_contents("/tmp/" . $key . '-' . $update['day'] . ".sql", gzuncompress(base64_decode($update['sql'])), LOCK_EX); $ok = sqlite_exec($dbhandle, gzuncompress(base64_decode($update['sql'])), $error); if (!$ok) { $errors++; die("Cannot execute query. {$error}\n" . $update['sql'] . "\n"); } elseif ($debug) { print "ok\n"; } sqlite_close($dbhandle); } } } } } if ($errors == 0) { $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/www/postfix.php');\n"; $execcmd .= 'flush_sql(' . $log_time . ');'; /* Assemble XMLRPC payload. */ $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); log_error("[postfix] Flushing sql buffer file from {$sync_to_ip}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); //$cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); } } else { log_error("[postfix] Fetch sql database from '{$sync_to_ip}' aborted due to the following error(s): {$error}"); } } } log_error("[postfix] Fetch sql database completed."); } }
} if ($_POST['type'] == "network") { if (!is_ipaddr($_POST['address'])) { $input_errors[] = "Geçerli bir adres tanımlanmaldır."; } if (!is_numeric($_POST['address_subnet'])) { $input_errors[] = "Geçerli bir subnet bit count tanımlanmalıdır."; } } if ($_POST['type'] == "url") { if (stristr($_POST['address'], "http") == false) { $input_errors[] = "Bu kaynak için geçerli bir URL sağlamanız gerekir."; } } if ($_POST['type'] == "port") { if (!is_port($_POST['address']) && !is_portrange($_POST['address'])) { $input_errors[] = "Lütfen port aralığı içinde geçerlibir port tanımlayınız."; } } /* check for name conflicts */ foreach ($a_aliases as $alias) { if (isset($id) && $a_aliases[$id] && $a_aliases[$id] === $alias) { continue; } if ($alias['name'] == $_POST['name']) { $input_errors[] = "Bu takma isimle bir tanımlama mevcuttur."; break; } } /* check for name interface description conflicts */ foreach ($config['interfaces'] as $interface) {
$reqdfields = explode(" ", "interface proto localip"); $reqdfieldsn = explode(",", "Interface,Protocol,NAT IP"); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if ($_POST['localip'] && !is_ipaddroralias($_POST['localip'])) { $input_errors[] = "\"{$_POST['localip']}\" geçerli bir NAT IP adresi vey ahost alias değildir."; } /* only validate the ports if the protocol is TCP, UDP or TCP/UDP */ if (strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { if ($_POST['beginport'] && !is_ipaddroralias($_POST['beginport']) && !is_port($_POST['beginport'])) { $input_errors[] = "Başlangıç portu 1 ile 65535 arasında bir tamsayı olmalıdır."; } if ($_POST['endport'] && !is_ipaddroralias($_POST['endport']) && !is_port($_POST['endport'])) { $input_errors[] = "Bitiş portu 1 ile 65535 arasında bir değer olmalıdır."; } if ($_POST['localbeginport'] && !is_ipaddroralias($_POST['localbeginport']) && !is_port($_POST['localbeginport'])) { $input_errors[] = "Yerel port tamsayı ve 1 ile 65535 arasında bir değer olmalıdır."; } if ($_POST['beginport'] > $_POST['endport']) { /* swap */ $tmp = $_POST['endport']; $_POST['endport'] = $_POST['beginport']; $_POST['beginport'] = $tmp; } if (!$input_errors) { if ($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport'] > 65535) { $input_errors[] = "Hedef port 1 ile 65535 arasında bir değer olmalıdır."; } } } /* check for overlaps */
/* input validation */ if (!empty($pconfig['webguiport'])) { if (!is_port($pconfig['webguiport'])) { $input_errors[] = gettext("You must specify a valid webConfigurator port number"); } } if (!empty($pconfig['althostnames'])) { $althosts = explode(" ", $pconfig['althostnames']); foreach ($althosts as $ah) { if (!is_hostname($ah)) { $input_errors[] = sprintf(gettext("Alternate hostname %s is not a valid hostname."), htmlspecialchars($ah)); } } } if (!empty($pconfig['sshport'])) { if (!is_port($pconfig['sshport'])) { $input_errors[] = gettext("You must specify a valid port number"); } } if (count($input_errors) == 0) { // flag web ui for restart if ($config['system']['webgui']['protocol'] != $pconfig['webguiproto'] || $config['system']['webgui']['port'] != $pconfig['webguiport'] || $config['system']['webgui']['ssl-certref'] != $pconfig['ssl-certref'] || ($pconfig['disablehttpredirect'] == "yes") != !empty($config['system']['webgui']['disablehttpredirect'])) { $restart_webgui = true; } else { $restart_webgui = false; } $config['system']['webgui']['protocol'] = $pconfig['webguiproto']; $config['system']['webgui']['port'] = $pconfig['webguiport']; $config['system']['webgui']['ssl-certref'] = $pconfig['ssl-certref']; if ($pconfig['disablehttpredirect'] == "yes") { $config['system']['webgui']['disablehttpredirect'] = true;
define('NC_TIMEOUT', 10); $do_testport = false; $retval = 1; if ($_POST || $_REQUEST['host']) { unset($input_errors); /* input validation */ $reqdfields = explode(" ", "host port"); $reqdfieldsn = array(gettext("Host"), gettext("Port")); do_input_validation($_REQUEST, $reqdfields, $reqdfieldsn, $input_errors); if (!is_ipaddr($_REQUEST['host']) && !is_hostname($_REQUEST['host'])) { $input_errors[] = gettext("Please enter a valid IP or hostname."); } if (!is_port($_REQUEST['port'])) { $input_errors[] = gettext("Please enter a valid port number."); } if ($_REQUEST['srcport'] != "" && (!is_numeric($_REQUEST['srcport']) || !is_port($_REQUEST['srcport']))) { $input_errors[] = gettext("Please enter a valid source port number, or leave the field blank."); } if (is_ipaddrv4($_REQUEST['host']) && $_REQUEST['ipprotocol'] == "ipv6") { $input_errors[] = gettext("You cannot connect to an IPv4 address using IPv6."); } if (is_ipaddrv6($_REQUEST['host']) && $_REQUEST['ipprotocol'] == "ipv4") { $input_errors[] = gettext("You cannot connect to an IPv6 address using IPv4."); } if (!$input_errors) { $do_testport = true; $timeout = NC_TIMEOUT; } /* Save these request vars even if there were input errors. Then the fields are refilled for the user to correct. */ $host = $_REQUEST['host']; $sourceip = $_REQUEST['sourceip'];
if ($_POST) { unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "ipaddr name port"); $reqdfieldsn = explode(",", "IP Address, Name, Port"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); for ($i = 0; isset($config['load_balancer']['virtual_server'][$i]); $i++) { if ($_POST['name'] == $config['load_balancer']['virtual_server'][$i]['name'] && $i != $id) { $input_errors[] = "Bu sanal sunucu zaten kullanımda. Sanal sunucun adı tekil olmak zorundadır."; } } if (strstr($_POST['name'], '/')) { $input_errors[] = "Sanal sunucu adı / karakterini içeremez."; } if (!is_port($_POST['port'])) { $input_errors[] = "Port numarası 1 ile 65535 arasında olmalıdır."; } if (!is_ipaddr($_POST['ipaddr'])) { $input_errors[] = "{$_POST['ipaddr']} geçersiz bir IP adresi girildi."; } if (!isset($_POST['sitedown']) || $_POST['sitedown'] == "") { $input_errors[] = "Bir Pool Down Sunucusunun tanımlanması gereklidir."; } if ($_POST['sitedown'] != "" && !is_ipaddr($_POST['sitedown'])) { $input_errors[] = "{$_POST['sitedown']} geçerli bir IP adresi değildir."; } if (!$input_errors) { $vsent = array(); if (isset($id) && $a_vs[$id]) { $vsent = $a_vs[$id];
} if (isset($pconfig['after']) && isset($a_out[$pconfig['after']])) { $after = $pconfig['after']; } /* input validation */ $reqdfields = explode(" ", "interface protocol source source_subnet destination destination_subnet"); $reqdfieldsn = array(gettext("Interface"), gettext("Protocol"), gettext("Source"), gettext("Source bit count"), gettext("Destination"), gettext("Destination bit count")); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); if (in_array($pconfig['protocol'], explode(" ", "any tcp udp tcp/udp"))) { if (!empty($pconfig['sourceport']) && !is_portoralias($pconfig['sourceport'])) { $input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); } if (!empty($pconfig['dstport']) && !is_portoralias($pconfig['dstport'])) { $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); } if (!empty($pconfig['natport']) && !is_port($pconfig['natport']) && empty($pconfig['nonat'])) { $input_errors[] = gettext("You must supply a valid port for the NAT port entry."); } } if (!(in_array($pconfig['source'], array("any", "(self)")) || is_ipaddroralias($pconfig['source']))) { $input_errors[] = gettext("A valid source must be specified."); } if (!empty($pconfig['source_subnet']) && !is_numericint($pconfig['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if (!(in_array($pconfig['destination'], array("any", "(self)")) || is_ipaddroralias($pconfig['destination']))) { $input_errors[] = gettext("A valid destination must be specified."); } if (!empty($pconfig['destination_subnet']) && !is_numericint($pconfig['destination_subnet'])) { $input_errors[] = gettext("A valid destination bit count must be specified."); }
$pconfig = $_POST; ob_flush(); flush(); if (!empty($_POST['crypto_hardware']) && !array_key_exists($_POST['crypto_hardware'], $crypto_modules)) { $input_errors[] = gettext("Please select a valid Cryptographic Accelerator."); } if (!empty($_POST['thermal_hardware']) && !array_key_exists($_POST['thermal_hardware'], $thermal_hardware_modules)) { $input_errors[] = gettext("Please select a valid Thermal Hardware Sensor."); } if (!empty($_POST['use_mfs_tmp_size']) && (!is_numeric($_POST['use_mfs_tmp_size']) || $_POST['use_mfs_tmp_size'] < 40)) { $input_errors[] = gettext("/tmp Size must be numeric and should not be less than 40MiB."); } if (!empty($_POST['use_mfs_var_size']) && (!is_numeric($_POST['use_mfs_var_size']) || $_POST['use_mfs_var_size'] < 60)) { $input_errors[] = gettext("/var Size must be numeric and should not be less than 60MiB."); } if (!empty($_POST['proxyport']) && !is_port($_POST['proxyport'])) { $input_errors[] = gettext("Proxy port must be a valid port number, 1-65535."); } if (!empty($_POST['proxyurl']) && !is_fqdn($_POST['proxyurl']) && !is_ipaddr($_POST['proxyurl'])) { $input_errors[] = gettext("Proxy URL must be a valid IP address or FQDN."); } if (!empty($_POST['proxyuser']) && preg_match("/[^a-zA-Z0-9\\.\\-_@]/", $_POST['proxyuser'])) { $input_errors[] = gettext("The proxy username contains invalid characters."); } if ($_POST['proxypass'] != $_POST['proxypass_confirm']) { $input_errors[] = gettext("Proxy password and confirmation must match."); } if (!$input_errors) { if ($_POST['harddiskstandby'] != "") { $config['system']['harddiskstandby'] = $_POST['harddiskstandby']; system_set_harddisk_standby();
$desc_fmt_err_found = false; if ($tab == "port") { $alias_type = $tab; } else { $alias_type = "host"; } foreach ($tocheck as $impline) { $implinea = explode(" ", trim($impline), 2); $impip = $implinea[0]; $impdesc = trim($implinea[1]); if (strlen($impdesc) < 200) { if (strpos($impdesc, "||") === false && substr($impdesc, 0, 1) != "|" && substr($impdesc, -1, 1) != "|") { if ($tab == "port") { // Port alias if (!empty($impip)) { if (is_port($impip) || is_portrange($impip)) { $imported_ips[] = $impip; $imported_descs[] = $impdesc; } else { $input_errors[] = sprintf(gettext("%s is not a valid port or port range."), $impip); } } } else { // IP alias - host or network $iprange_type = is_iprange($impip); if ($iprange_type == 4) { list($startip, $endip) = explode('-', $impip); $rangesubnets = ip_range_to_subnet_array($startip, $endip); $imported_ips = array_merge($imported_ips, $rangesubnets); $rangedescs = array_fill(0, count($rangesubnets), $impdesc); $imported_descs = array_merge($imported_descs, $rangedescs);
function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0, $ipproto = "inet") { /* Check for valid int, srchost, dsthost, dstport, and proto */ $protocols_with_ports = array('tcp', 'udp'); $src = trim($src, "[]"); $dst = trim($dst, "[]"); if (!empty($int) && !empty($proto) && !empty($src) && !empty($dst)) { $int = easyrule_find_rule_interface($int); if ($int === false) { return gettext("Invalid interface for pass rule:") . ' ' . htmlspecialchars($int); } if (getprotobyname($proto) == -1) { return gettext("Invalid protocol for pass rule:") . ' ' . htmlspecialchars($proto); } if (!is_ipaddr($src) && !is_subnet($src) && !is_ipaddroralias($src) && !is_specialnet($src)) { return gettext("Tried to pass invalid source IP:") . ' ' . htmlspecialchars($src); } if (!is_ipaddr($dst) && !is_subnet($dst) && !is_ipaddroralias($dst) && !is_specialnet($dst)) { return gettext("Tried to pass invalid destination IP:") . ' ' . htmlspecialchars($dst); } if (in_array($proto, $protocols_with_ports)) { if (empty($dstport)) { return gettext("Missing destination port:") . ' ' . htmlspecialchars($dstport); } if (!is_port($dstport) && $dstport != "any") { return gettext("Tried to pass invalid destination port:") . ' ' . htmlspecialchars($dstport); } } else { $dstport = 0; } /* Should have valid input... */ if (easyrule_pass_rule_add($int, $proto, $src, $dst, $dstport, $ipproto)) { return gettext("Successfully added pass rule!"); } else { return gettext("Failed to add pass rule."); } } else { return gettext("Missing parameters for pass rule."); } return gettext("Unknown pass error."); }
require "guiconfig.inc"; define('NC_TIMEOUT', 10); if ($_POST || $_REQUEST['host']) { unset($input_errors); unset($do_testport); /* input validation */ $reqdfields = explode(" ", "host port"); $reqdfieldsn = array(gettext("Host"), gettext("Port")); do_input_validation($_REQUEST, $reqdfields, $reqdfieldsn, $input_errors); if (!is_ipaddr($_REQUEST['host']) && !is_hostname($_REQUEST['host'])) { $input_errors[] = gettext("Please enter a valid IP or hostname."); } if (!is_port($_REQUEST['port'])) { $input_errors[] = gettext("Please enter a valid port number."); } if (!is_numeric($_REQUEST['srcport']) || !is_port($_REQUEST['srcport'])) { $input_errors[] = gettext("Please enter a valid source port number, or leave the field blank."); } if (is_ipaddrv4($_REQUEST['host']) && $_REQUEST['ipprotocol'] == "ipv6") { $input_errors[] = gettext("You cannot connect to an IPv4 address using IPv6."); } if (is_ipaddrv6($_REQUEST['host']) && $_REQUEST['ipprotocol'] == "ipv4") { $input_errors[] = gettext("You cannot connect to an IPv6 address using IPv4."); } if (!$input_errors) { $do_testport = true; $host = $_REQUEST['host']; $sourceip = $_REQUEST['sourceip']; $port = $_REQUEST['port']; $srcport = $_REQUEST['srcport']; $showtext = isset($_REQUEST['showtext']);
$input_errors[] = gettext("You cannot use spaces or slashes in the 'name' field."); } if (strlen($_POST['name']) > 16) { $input_errors[] = gettext("The 'name' field must be 16 characters or less."); } if (in_array($_POST['name'], $reserved_table_names)) { $input_errors[] = sprintf(gettext("The name '%s' is a reserved word and cannot be used."), $_POST['name']); } if (is_alias($_POST['name'])) { $input_errors[] = sprintf(gettext("Sorry, an alias is already named %s."), $_POST['name']); } if (!is_portoralias($_POST['port'])) { $input_errors[] = gettext("The port must be an integer between 1 and 65535, or a port alias."); } // May as well use is_port as we want a positive integer and such. if (!empty($_POST['retry']) && !is_port($_POST['retry'])) { $input_errors[] = gettext("The retry value must be an integer between 1 and 65535."); } if (is_array($_POST['servers'])) { foreach ($pconfig['servers'] as $svrent) { if (!is_ipaddr($svrent) && !is_subnetv4($svrent)) { $input_errors[] = sprintf(gettext("%s is not a valid IP address or IPv4 subnet (in \"enabled\" list)."), $svrent); } else { if (is_subnetv4($svrent) && subnet_size($svrent) > 64) { $input_errors[] = sprintf(gettext("%s is a subnet containing more than 64 IP addresses (in \"enabled\" list)."), $svrent); } } } } if (is_array($_POST['serversdisabled'])) { foreach ($pconfig['serversdisabled'] as $svrent) {
$port = trim(filter_expand_alias($v['bounce_to_port'])); if (!empty($net) && !empty($port) && snort_is_single_addr_alias($v['bounce_to_net']) && (is_port($port) || is_portrange($port))) { $port = preg_replace('/\\s+/', ',', $port); // Change port range delimiter to comma for ftp_telnet client preprocessor if (is_portrange($port)) { $port = str_replace(":", ",", $port); } $buffer .= "\tbounce yes \\\n"; $buffer .= "\tbounce_to { {$net},{$port} }\n"; } else { // One or both of the BOUNCE_TO alias values is not right, // so figure out which and log an appropriate error. if (empty($net) || !snort_is_single_addr_alias($v['bounce_to_net'])) { log_error("[snort] ERROR: illegal value for bounce_to Address Alias [{$v['bounce_to_net']}] for FTP client engine [{$v['name']}] ... omitting 'bounce_to' option for this client engine."); } if (empty($port) || !(is_port($port) || is_portrange($port))) { log_error("[snort] ERROR: illegal value for bounce_to Port Alias [{$v['bounce_to_port']}] for FTP client engine [{$v['name']}] ... omitting 'bounce_to' option for this client engine."); } $buffer .= "\tbounce yes\n"; } } else { $buffer .= "\tbounce yes\n"; } } else { $buffer .= "\tbounce no\n"; } // Add this FTP client engine to the master string $ftp_client_engine .= "{$buffer}\n"; } // Trim final trailing newline rtrim($ftp_client_engine);
function String_Begins_With($needle, $haystack) { return substr($haystack, 0, strlen($needle)) == $needle; } if (String_Begins_With(_msdcs, $_POST['domain'])) { $subdomainstr = substr($_POST['domain'], 7); if ($subdomainstr && !is_domain($subdomainstr)) { $input_errors[] = gettext("A valid domain must be specified after _msdcs."); } } elseif ($_POST['domain'] && !is_domain($_POST['domain'])) { $input_errors[] = gettext("A valid domain must be specified."); } if ($_POST['ip']) { if (strpos($_POST['ip'], '@') !== false) { $ip_details = explode("@", $_POST['ip']); if (!is_ipaddr($ip_details[0]) || !is_port($ip_details[1])) { $input_errors[] = gettext("A valid IP address and port must be specified, for example 192.168.100.10@5353."); } } else { if (!is_ipaddr($_POST['ip'])) { $input_errors[] = gettext("A valid IP address must be specified, for example 192.168.100.10."); } } } if (!$input_errors) { $doment = array(); $doment['domain'] = $_POST['domain']; $doment['ip'] = $_POST['ip']; $doment['descr'] = $_POST['descr']; if (isset($id) && $a_domainOverrides[$id]) { $a_domainOverrides[$id] = $doment;
if ($_POST['sourceport']) { $_POST['sourceport'] = trim($_POST['sourceport']); } if ($_POST['dstport']) { $_POST['dstport'] = trim($_POST['dstport']); } if ($_POST['natport']) { $_POST['natport'] = trim($_POST['natport']); } if ($protocol_uses_ports && $_POST['sourceport'] != "" && !is_portoralias($_POST['sourceport'])) { $input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); } if ($protocol_uses_ports && $_POST['dstport'] != "" && !is_portoralias($_POST['dstport'])) { $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); } if ($protocol_uses_ports && $_POST['natport'] != "" && !is_port($_POST['natport']) && !isset($_POST['nonat'])) { $input_errors[] = gettext("You must supply a valid port for the NAT port entry."); } if ($_POST['source_type'] != "any" && $_POST['source_type'] != "(self)") { if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] != "any") { $input_errors[] = gettext("A valid source must be specified."); } } if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if ($_POST['destination_type'] != "any") { if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) { $input_errors[] = gettext("A valid destination must be specified."); } }
} // Validate the BOUNCE-TO Alias entries for correct format of their defined values. BOUNCE-TO ADDRESS must be // a valid single IP, and BOUNCE-TO PORT must be either a single port value or a port range value. Provide // detailed error messages for the user that explain any problems. if ($_POST['ftp_client_bounce_to_net'] && $_POST['ftp_client_bounce_to_port']) { if (!snort_is_single_addr_alias($_POST['ftp_client_bounce_to_net'])) { $net = trim(filter_expand_alias($_POST['ftp_client_bounce_to_net'])); $net = preg_replace('/\\s+/', ',', $net); $msg = gettext("The FTP Protocol BOUNCE-TO ADDRESS parameter must be a single IP network or address, "); $msg .= gettext("so the supplied Alias must be defined as a single address or network in CIDR form. "); $msg .= gettext("The Alias [ {$_POST['ftp_client_bounce_to_net']} ] is currently defined as [ {$net} ]."); $input_errors[] = $msg; } $port = trim(filter_expand_alias($_POST['ftp_client_bounce_to_port'])); $port = preg_replace('/\\s+/', ',', $port); if (!is_port($port) && !is_portrange($port)) { $msg = gettext("The FTP Protocol BOUNCE-TO PORT parameter must be a single port or port-range, "); $msg .= gettext("so the supplied Alias must be defined as a single port or port-range value. "); $msg .= gettext("The Alias [ {$_POST['ftp_client_bounce_to_port']} ] is currently defined as [ {$port} ]."); $input_errors[] = $msg; } } $engine['bounce_to_net'] = $_POST['ftp_client_bounce_to_net']; $engine['bounce_to_port'] = $_POST['ftp_client_bounce_to_port']; $engine['telnet_cmds'] = $_POST['ftp_telnet_cmds'] ? 'yes' : 'no'; $engine['ignore_telnet_erase_cmds'] = $_POST['ftp_ignore_telnet_erase_cmds'] ? 'yes' : 'no'; $engine['bounce'] = $_POST['ftp_client_bounce_detect'] ? 'yes' : 'no'; $engine['max_resp_len'] = $_POST['ftp_max_resp_len']; /* Can only have one "all" Bind_To address */ if ($engine['bind_to'] == "all" && $engine['name'] != "default") { $input_errors[] = gettext("Only one default FTP Engine can be bound to all addresses.");
if ($_POST['radiusip4'] && !is_ipaddr($_POST['radiusip4'])) { $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip4']); } if ($_POST['radiusport'] && !is_port($_POST['radiusport'])) { $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport']); } if ($_POST['radiusport2'] && !is_port($_POST['radiusport2'])) { $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport2']); } if ($_POST['radiusport3'] && !is_port($_POST['radiusport3'])) { $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport3']); } if ($_POST['radiusport4'] && !is_port($_POST['radiusport4'])) { $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport4']); } if ($_POST['radiusacctport'] && !is_port($_POST['radiusacctport'])) { $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusacctport']); } if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || $_POST['maxproc'] < 4 || $_POST['maxproc'] > 100)) { $input_errors[] = gettext("The maximum number of concurrent connections per client IP address may not be larger than the global maximum."); } if (trim($_POST['radiusnasid']) !== "" && !preg_match("/^[!-~]{3,253}\$/i", trim($_POST['radiusnasid']))) { $input_errors[] = gettext("The NAS-Identifier must be 3-253 characters long and should only contain ASCII characters."); } if (!$input_errors) { $newcp =& $a_cp[$cpzone]; //$newcp['zoneid'] = $a_cp[$cpzone]['zoneid']; if (empty($newcp['zoneid'])) { $newcp['zoneid'] = 2; foreach ($a_cp as $keycpzone => $cp) { if ($cp['zoneid'] == $newcp['zoneid'] && $keycpzone != $cpzone) {
} } if (empty($pconfig['active_interface'])) { $input_errors[] = gettext("One or more Network Interfaces must be selected for binding."); } else { if (!isset($config['system']['dnslocalhost']) && (!in_array("lo0", $pconfig['active_interface']) && !in_array("all", $pconfig['active_interface']))) { $input_errors[] = gettext("This system is configured to use the DNS Resolver as its DNS server, so Localhost or All must be selected in Network Interfaces."); } } if (empty($pconfig['outgoing_interface'])) { $input_errors[] = gettext("One or more Outgoing Network Interfaces must be selected."); } if (empty($pconfig['system_domain_local_zone_type'])) { $input_errors[] = gettext("A System Domain Local-Zone Type must be selected."); } if ($pconfig['port'] && !is_port($pconfig['port'])) { $input_errors[] = gettext("You must specify a valid port number."); } if (is_array($pconfig['active_interface']) && !empty($pconfig['active_interface'])) { $display_active_interface = $pconfig['active_interface']; $pconfig['active_interface'] = implode(",", $pconfig['active_interface']); } $display_custom_options = $pconfig['custom_options']; $pconfig['custom_options'] = base64_encode(str_replace("\r\n", "\n", $pconfig['custom_options'])); if (is_array($pconfig['outgoing_interface']) && !empty($pconfig['outgoing_interface'])) { $display_outgoing_interface = $pconfig['outgoing_interface']; $pconfig['outgoing_interface'] = implode(",", $pconfig['outgoing_interface']); } if (isset($pconfig['system_domain_local_zone_type']) && !empty($pconfig['system_domain_local_zone_type'])) { $display_system_domain_local_zone_type = $pconfig['system_domain_local_zone_type']; $pconfig['system_domain_local_zone_type'] = $pconfig['system_domain_local_zone_type'];
} if ($_POST['enable'] && !is_numericint($_POST['timeout'])) { $error_bucket[] = array("error" => gettext("The maximum idle time be a number."), "field" => "timeout"); } if ($_POST['enable'] && $_POST['pasv_address']) { if (!is_ipaddr($_POST['pasv_address'])) { $error_bucket[] = array("error" => gettext("The pasv address must be a public IP address."), "field" => "pasv_address"); } } if ($_POST['enable'] && $_POST['pasv_max_port']) { if (!is_port($_POST['pasv_max_port'])) { $error_bucket[] = array("error" => gettext("The pasv_max_port port must be a valid port number."), "field" => "pasv_max_port"); } } if ($_POST['enable'] && $_POST['pasv_min_port']) { if (!is_port($_POST['pasv_min_port'])) { $error_bucket[] = array("error" => gettext("The pasv_min_port port must be a valid port number."), "field" => "pasv_min_port"); } } if ($_POST['passiveip'] && !is_ipaddr($_POST['passiveip'])) { $error_bucket[] = array("error" => gettext("A valid IP address must be specified."), "field" => "passiveip"); } if (!$_POST['anonymous'] && !$_POST['localuser']) { $input_errors[] = _SRVFTP_MSGVALIDAUTH; $error_bucket[] = array("error" => gettext("You must select at minium anonymous or/and local user authentication."), "field" => "localuser"); } if (is_array($error_bucket)) { foreach ($error_bucket as $elem) { $input_errors[] =& $elem["error"]; } }