/** * Validation routine for DNS server. * * @param string $server DNS server * * @return string error message if DNS server is invalid */ public function validate_dns_server($server) { clearos_profile(__METHOD__, __LINE__); if (empty($server)) { return; } if (!Network_Utils::is_valid_ip($server)) { return lang('pptpd_dns_server_invalid'); } }
/** * Adds (or updates) a time-based ACL. * * @param string $name ACL name * @param string $type ACL type (allow or deny) * @param string $time time definition * @param boolean $time_logic TRUE if within time definition, FALSE if NOT within * @param array $addgroup group to apply ACL * @param array $addips array containing IP addresses or network notation to apply ACL * @param array $addmacs array containing MAC addresses to apply ACL * @param boolean $update TRUE if we are updating an existing entry * * @return void * @throws Engine_Exception, Validation_Exception */ public function set_time_acl($name, $type, $time, $time_logic, $addgroup, $addips, $addmacs, $update = FALSE) { clearos_profile(__METHOD__, __LINE__); Validation_Exception::is_valid($this->validate_name($name)); $ips = ''; $macs = ''; // Check for existing if (!$update) { $acls = $this->get_acl_list(); foreach ($acls as $acl) { if ($name == $acl['name']) { throw new Validation_Exception(lang('web_proxy_access_control_list_exists')); } } } if ($type != 'allow' && $type != 'deny') { throw new Validation_Exception(lang('base_parameter_invalid')); } $timelist = $this->get_time_definition_list(); $timevalid = FALSE; foreach ($timelist as $timename) { if ($time == $timename['name']) { $timevalid = TRUE; break; } } if (!$timevalid) { throw new Validation_Exception(lang('web_proxy_time_definition_invalid')); } $network = new Network(); foreach ($addips as $ip) { if (empty($ip)) { continue; } $ip = trim($ip); if (preg_match("/^(.*)-(.*)\$/i", trim($ip), $match)) { if (!Network_Utils::is_valid_ip(trim($match[1]))) { throw new Validation_Exception(lang('network_ip_invalid')); } if (!Network_Utils::is_valid_ip(trim($match[2]))) { throw new Validation_Exception(lang('network_ip_invalid')); } } else { if (!Network_Utils::is_valid_ip(trim($ip))) { throw new Validation_Exception(lang('network_ip_invalid')); } } $ips .= ' ' . trim($ip); } foreach ($addmacs as $mac) { if (empty($mac)) { continue; } $mac = trim($mac); if (!Network_Utils::is_valid_mac($mac)) { throw new Validation_Exception(lang('network_mac_address_invalid')); } $macs .= ' ' . $mac; } // Implant into acl section //------------------------- $file = new File(self::FILE_ACLS_CONFIG, TRUE); $file->delete_lines("/acl cleargroup-{$name}\\s+.*/"); if (strlen($addgroup) > 0) { // Group based $replacement = "acl cleargroup-{$name} external system_group " . $addgroup . "\n"; $match = $file->replace_lines("/acl cleargroup-{$name}\\s+.*/", $replacement); if (!$match) { $file->add_lines($replacement); } } else { if (strlen($ips) > 0) { // IP based $replacement = "acl cleargroup-{$name} src " . trim($ips) . "\n"; $match = $file->replace_lines("/acl cleargroup-{$name}\\s+.*/", $replacement); if (!$match) { $file->add_lines($replacement); } } else { if (strlen($macs) > 0) { // IP based $replacement = "acl cleargroup-{$name} arp " . trim($macs) . "\n"; $match = $file->replace_lines("/acl cleargroup-{$name}\\s+.*/", $replacement); if (!$match) { $file->add_lines($replacement); } } else { throw new Engine_Exception(lang('base_ooops')); } } } $file = new File(self::FILE_HTTP_ACCESS_CONFIG); $replacement = "http_access {$type} cleargroup-{$name} " . ($time_logic ? "" : "!") . "cleartime-{$time}\n"; $match = $file->replace_lines("/http_access (allow|deny) cleargroup-{$name} .*\$/", $replacement); if (!$match) { $file->add_lines("http_access {$type} cleargroup-{$name} " . ($time_logic ? "" : "!") . "cleartime-{$time}\n"); } }