} else {
if ($config['openvpn']['openvpn-server'][$srvid]['mode'] != "server_user" && ($usrid === false || $crtid === false)) {
pfSenseHeader("vpn_openvpn_export.php");
exit;
}
}
if ($config['openvpn']['openvpn-server'][$srvid]['mode'] == "server_user") {
$nokeys = true;
} else {
$nokeys = false;
}
$useaddr = '';
if (isset($_GET['useaddr']) && !empty($_GET['useaddr'])) {
$useaddr = trim($_GET['useaddr']);
}
if (!(is_ipaddr($useaddr) || is_hostname($useaddr) || in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname")))) {
$input_errors[] = "You need to specify an IP or hostname.";
}
$advancedoptions = $_GET['advancedoptions'];
$openvpnmanager = $_GET['openvpnmanager'];
$verifyservercn = $_GET['verifyservercn'];
$randomlocalport = $_GET['randomlocalport'];
$usetoken = $_GET['usetoken'];
if ($usetoken && substr($act, 0, 10) == "confinline") {
$input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration.";
}
if ($usetoken && ($act == "conf_yealink_t28" || $act == "conf_yealink_t38g" || $act == "conf_yealink_t38g2" || $act == "conf_snom")) {
$input_errors[] = "You cannot use Microsoft Certificate Storage with a Yealink or SNOM configuration.";
}
$password = "";
if ($_GET['password']) {
$pconfig = $_POST;
/* input validation */
if ($_POST['webguiport']) {
if (!is_port($_POST['webguiport'])) {
$input_errors[] = gettext("You must specify a valid webConfigurator port number");
}
}
if ($_POST['max_procs']) {
if (!is_numericint($_POST['max_procs']) || $_POST['max_procs'] < 1 || $_POST['max_procs'] > 500) {
$input_errors[] = gettext("Max Processes must be a number 1 or greater");
}
}
if ($_POST['althostnames']) {
$althosts = explode(" ", $_POST['althostnames']);
foreach ($althosts as $ah) {
if (!is_hostname($ah)) {
$input_errors[] = sprintf(gettext("Alternate hostname %s is not a valid hostname."), htmlspecialchars($ah));
}
}
}
if ($_POST['sshport']) {
if (!is_port($_POST['sshport'])) {
$input_errors[] = gettext("You must specify a valid port number");
}
}
if ($_POST['sshdkeyonly'] == "yes") {
$config['system']['ssh']['sshdkeyonly'] = "enabled";
} else {
if (isset($config['system']['ssh']['sshdkeyonly'])) {
unset($config['system']['ssh']['sshdkeyonly']);
}
if ($_POST['pppoe_resethour'] != "" && !is_numericint($_POST['pppoe_resethour']) && $_POST['pppoe_resethour'] >= 0 && $_POST['pppoe_resethour'] <= 23) {
$input_errors[] = gettext("A valid PPPoE reset hour must be specified (0-23).");
}
if ($_POST['pppoe_resetminute'] != "" && !is_numericint($_POST['pppoe_resetminute']) && $_POST['pppoe_resetminute'] >= 0 && $_POST['pppoe_resetminute'] <= 59) {
$input_errors[] = gettext("A valid PPPoE reset minute must be specified (0-59).");
}
if ($_POST['pppoe_resetdate'] != "" && !is_numeric(str_replace("/", "", $_POST['pppoe_resetdate']))) {
$input_errors[] = gettext("A valid PPPoE reset date must be specified (mm/dd/yyyy).");
}
if ($_POST['pptp_local0'] && !is_ipaddrv4($_POST['pptp_local0'])) {
$input_errors[] = gettext("A valid PPTP local IP address must be specified.");
}
if ($_POST['pptp_subnet0'] && !is_numeric($_POST['pptp_subnet0'])) {
$input_errors[] = gettext("A valid PPTP subnet bit count must be specified.");
}
if ($_POST['pptp_remote0'] && !is_ipaddrv4($_POST['pptp_remote0']) && !is_hostname($_POST['gateway'][$iface])) {
$input_errors[] = gettext("A valid PPTP remote IP address must be specified.");
}
if ($_POST['pptp_idletimeout'] != "" && !is_numericint($_POST['pptp_idletimeout'])) {
$input_errors[] = gettext("The idle timeout value must be an integer.");
}
if ($_POST['spoofmac'] && !is_macaddr($_POST['spoofmac'])) {
$input_errors[] = gettext("A valid MAC address must be specified.");
}
if ($_POST['mtu']) {
if (!is_numericint($_POST['mtu'])) {
$input_errors[] = "MTU must be an integer.";
}
if (substr($wancfg['if'], 0, 3) == 'gif') {
$min_mtu = 1280;
$max_mtu = 8192;
$reqdfieldsn = array(gettext("Existing Certificate Choice"));
}
$altnames = array();
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if (isset($pconfig['altname_value']) && $pconfig['certmethod'] != "import" && $pconfig['certmethod'] != "existing") {
/* subjectAltNames */
foreach ($pconfig['altname_type'] as $altname_seq => $altname_type) {
if (!empty($pconfig['altname_value'][$altname_seq])) {
$altnames[] = array("type" => $altname_type, "value" => $pconfig['altname_value'][$altname_seq]);
}
}
/* Input validation for subjectAltNames */
foreach ($altnames as $altname) {
switch ($altname['type']) {
case "DNS":
if (!is_hostname($altname['value'])) {
$input_errors[] = gettext("DNS subjectAltName values must be valid hostnames or FQDNs");
}
break;
case "IP":
if (!is_ipaddr($altname['value'])) {
$input_errors[] = gettext("IP subjectAltName values must be valid IP Addresses");
}
break;
case "email":
if (empty($altname['value'])) {
$input_errors[] = gettext("You must provide an e-mail address for this type of subjectAltName");
}
if (preg_match("/[\\!\\#\$\\%\\^\\(\\)\\~\\?\\>\\<\\&\\/\\\\,\"\\']/", $altname['value'])) {
$input_errors[] = gettext("The e-mail provided in a subjectAltName contains invalid characters.");
}
if ($numberoption['type'] == 'unsigned integer 16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 65535)) {
$input_errors[] = gettext("Unsigned 16-bit integer type must be a number in the range 0 to 65535.");
} else {
if ($numberoption['type'] == 'unsigned integer 32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 4294967295)) {
$input_errors[] = gettext("Unsigned 32-bit integer type must be a number in the range 0 to 4294967295.");
} else {
if ($numberoption['type'] == 'signed integer 8' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -128 || $numberoption['value'] > 127)) {
$input_errors[] = gettext("Signed 8-bit integer type must be a number in the range -128 to 127.");
} else {
if ($numberoption['type'] == 'signed integer 16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -32768 || $numberoption['value'] > 32767)) {
$input_errors[] = gettext("Signed 16-bit integer type must be a number in the range -32768 to 32767.");
} else {
if ($numberoption['type'] == 'signed integer 32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -2147483648 || $numberoption['value'] > 2147483647)) {
$input_errors[] = gettext("Signed 32-bit integer type must be a number in the range -2147483648 to 2147483647.");
} else {
if ($numberoption['type'] == 'ip-address' && !is_ipaddrv4($numberoption['value']) && !is_hostname($numberoption['value'])) {
$input_errors[] = gettext("IP address or host type must be an IP address or host name.");
}
}
}
}
}
}
}
}
}
}
}
}
if (!$input_errors) {
/* make sure the range lies within the current subnet */
$_POST["address{$x}"] = trim($_POST["address{$x}"]);
if (is_alias($_POST["address{$x}"])) {
if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) {
// But alias type network can include alias type urltable. Feature#1603.
if (!($_POST['type'] == 'network' && preg_match("/urltable/i", alias_get_type($_POST["address{$x}"])))) {
$wrongaliases .= " " . $_POST["address{$x}"];
}
}
} else {
if ($_POST['type'] == "port") {
if (!is_port($_POST["address{$x}"]) && !is_portrange($_POST["address{$x}"])) {
$input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias.");
}
} else {
if ($_POST['type'] == "host" || $_POST['type'] == "network") {
if (is_subnet($_POST["address{$x}"]) || !is_ipaddr($_POST["address{$x}"]) && !is_hostname($_POST["address{$x}"]) && !is_iprange($_POST["address{$x}"])) {
$input_errors[] = sprintf(gettext('%1$s is not a valid %2$s alias.'), $_POST["address{$x}"], $_POST['type']);
}
}
}
}
if (is_iprange($_POST["address{$x}"])) {
list($startip, $endip) = explode('-', $_POST["address{$x}"]);
$rangesubnets = ip_range_to_subnet_array($startip, $endip);
$address = array_merge($address, $rangesubnets);
} else {
$tmpaddress = $_POST["address{$x}"];
if ($_POST['type'] != "host" && is_ipaddr($_POST["address{$x}"]) && $_POST["address_subnet{$x}"] != "") {
if (!is_subnet($_POST["address{$x}"] . "/" . $_POST["address_subnet{$x}"])) {
$input_errors[] = sprintf(gettext('%s/%s is not a valid subnet.'), $_POST["address{$x}"], $_POST["address_subnet{$x}"]);
} else {
$input_errors[] = gettext("A valid PPPoE reset month must be specified (1-12) in the Custom PPPoE Periodic reset fields.");
}
if ($date_nums[1] < 1 || $date_nums[1] > 31) {
$input_errors[] = gettext("A valid PPPoE reset day of month must be specified (1-31) in the Custom PPPoE Periodic reset fields. No checks are done on valid # of days per month");
}
if ($date_nums[2] < date("Y")) {
$input_errors[] = gettext("A valid PPPoE reset year must be specified. Don't select a year in the past!");
}
}
$port_data = array();
if (is_array($_POST['interfaces'])) {
foreach ($_POST['interfaces'] as $iface) {
if ($_POST['localip'][$iface] && !is_ipaddr($_POST['localip'][$iface])) {
$input_errors[] = sprintf(gettext("A valid local IP address must be specified for %s."), $iface);
}
if ($_POST['gateway'][$iface] && !is_ipaddr($_POST['gateway'][$iface]) && !is_hostname($_POST['gateway'][$iface])) {
$input_errors[] = sprintf(gettext("A valid gateway IP address OR hostname must be specified for %s."), $iface);
}
if ($_POST['bandwidth'][$iface] && !is_numericint($_POST['bandwidth'][$iface])) {
$input_errors[] = sprintf(gettext("The bandwidth value for %s must be an integer."), $iface);
}
if ($_POST['mtu'][$iface] && $_POST['mtu'][$iface] < 576) {
$input_errors[] = sprintf(gettext("The MTU for %s must be greater than 576 bytes."), $iface);
}
if ($_POST['mru'][$iface] && $_POST['mru'][$iface] < 576) {
$input_errors[] = sprintf(gettext("The MRU for %s must be greater than 576 bytes."), $iface);
}
}
// Loop through fields associated with an individual link/port and make an array of the data
$port_fields = array("localip", "gateway", "subnet", "bandwidth", "mtu", "mru", "mrru");
foreach ($_POST['interfaces'] as $iface) {
} elseif (!substr_compare('aliasdescription', $key, 0, 16)) {
$entry = substr($key, 16);
$field = 'description';
}
if (ctype_digit($entry)) {
$aliases[$entry][$field] = $value;
}
}
$pconfig['aliases']['item'] = $aliases;
/* validate aliases */
foreach ($aliases as $idx => $alias) {
$aliasreqdfields = array('aliasdomain' . $idx);
$aliasreqdfieldsn = array(gettext("Alias Domain"));
var_dump(array('fields' => $aliasreqdfields, 'names' => $aliasreqdfieldsn, 'alias' => $alias));
do_input_validation($_POST, $aliasreqdfields, $aliasreqdfieldsn, $input_errors);
if ($alias['host'] && !is_hostname($alias['host'])) {
$input_errors[] = gettext("Hostnames in alias list can only contain the characters A-Z, 0-9 and '-'.");
}
if ($alias['domain'] && !is_domain($alias['domain'])) {
$input_errors[] = gettext("A valid domain must be specified in alias list.");
}
}
/* check for overlaps */
foreach ($a_hosts as $hostent) {
if (isset($id) && $a_hosts[$id] && $a_hosts[$id] === $hostent) {
continue;
}
if ($hostent['host'] == $_POST['host'] && $hostent['domain'] == $_POST['domain'] && (is_ipaddrv4($hostent['ip']) && is_ipaddrv4($_POST['ip']) || is_ipaddrv6($hostent['ip']) && is_ipaddrv6($_POST['ip']))) {
$input_errors[] = gettext("This host/domain already exists.");
break;
}
##|*NAME=Diagnostics: Test Port
##|*DESCR=Allow access to the 'Diagnostics: Test Port' page.
##|*MATCH=diag_testport.php*
##|-PRIV
$allowautocomplete = true;
$pgtitle = array(gettext("Diagnostics"), gettext("Test Port"));
require "guiconfig.inc";
define('NC_TIMEOUT', 10);
if ($_POST || $_REQUEST['host']) {
unset($input_errors);
unset($do_testport);
/* input validation */
$reqdfields = explode(" ", "host port");
$reqdfieldsn = array(gettext("Host"), gettext("Port"));
do_input_validation($_REQUEST, $reqdfields, $reqdfieldsn, $input_errors);
if (!is_ipaddr($_REQUEST['host']) && !is_hostname($_REQUEST['host'])) {
$input_errors[] = gettext("Please enter a valid IP or hostname.");
}
if (!is_port($_REQUEST['port'])) {
$input_errors[] = gettext("Please enter a valid port number.");
}
if (!is_numeric($_REQUEST['srcport']) || !is_port($_REQUEST['srcport'])) {
$input_errors[] = gettext("Please enter a valid source port number, or leave the field blank.");
}
if (is_ipaddrv4($_REQUEST['host']) && $_REQUEST['ipprotocol'] == "ipv6") {
$input_errors[] = gettext("You cannot connect to an IPv4 address using IPv6.");
}
if (is_ipaddrv6($_REQUEST['host']) && $_REQUEST['ipprotocol'] == "ipv4") {
$input_errors[] = gettext("You cannot connect to an IPv6 address using IPv4.");
}
if (!$input_errors) {
if (!empty($pconfig['pppoe-reset-type'])) {
if (!empty($pconfig['pppoe_resethour']) && (!is_numericint($pconfig['pppoe_resethour']) || $pconfig['pppoe_resethour'] < 0 || $pconfig['pppoe_resethour'] > 23)) {
$input_errors[] = gettext("A valid PPPoE reset hour must be specified (0-23).");
}
if (!empty($pconfig['pppoe_resetminute']) && (!is_numericint($pconfig['pppoe_resetminute']) || $pconfig['pppoe_resetminute'] < 0 || $pconfig['pppoe_resetminute'] > 59)) {
$input_errors[] = gettext("A valid PPPoE reset minute must be specified (0-59).");
}
if (!empty($pconfig['pppoe_resetdate']) && !is_numeric(str_replace("/", "", $pconfig['pppoe_resetdate']))) {
$input_errors[] = gettext("A valid PPPoE reset date must be specified (mm/dd/yyyy).");
}
}
foreach ($pconfig['ports'] as $iface_idx => $iface) {
if (!empty($pconfig['localip'][$iface_idx]) && !is_ipaddr($pconfig['localip'][$iface_idx])) {
$input_errors[] = sprintf(gettext("A valid local IP address must be specified for %s."), $iface);
}
if (!empty($pconfig['gateway'][$iface_idx]) && !is_ipaddr($pconfig['gateway'][$iface_idx]) && !is_hostname($pconfig['gateway'][$iface_idx])) {
$input_errors[] = sprintf(gettext("A valid gateway IP address OR hostname must be specified for %s."), $iface);
}
if (!empty($pconfig['bandwidth'][$iface_idx]) && !is_numericint($pconfig['bandwidth'][$iface_idx])) {
$input_errors[] = sprintf(gettext("The bandwidth value for %s must be an integer."), $iface);
}
if (!empty($pconfig['mtu'][$iface_idx]) && $pconfig['mtu'][$iface_idx] < 576) {
$input_errors[] = sprintf(gettext("The MTU for %s must be greater than 576 bytes."), $iface);
}
if (!empty($pconfig['mru'][$iface_idx]) && $pconfig['mru'][$iface_idx] < 576) {
$input_errors[] = sprintf(gettext("The MRU for %s must be greater than 576 bytes."), $iface);
}
}
if (count($input_errors) == 0) {
$ppp = array();
$ppp['ptpid'] = $pconfig['ptpid'];
redirectHeader("vpn_openvpn_export.php");
exit;
}
if ($config['openvpn']['openvpn-server'][$srvid]['mode'] == "server_user") {
$nokeys = true;
} else {
$nokeys = false;
}
$useaddr = '';
if (isset($_GET['useaddr']) && !empty($_GET['useaddr'])) {
$useaddr = trim($_GET['useaddr']);
}
if (!(is_ipaddr($useaddr) || is_hostname($useaddr) ||
in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname")))) {
$input_errors[] = "You need to specify an IP or hostname.";
}
$advancedoptions = $_GET['advancedoptions'];
$openvpnmanager = $_GET['openvpnmanager'];
$verifyservercn = $_GET['verifyservercn'];
$randomlocalport = $_GET['randomlocalport'];
$usetoken = $_GET['usetoken'];
if ($usetoken && (substr($act, 0, 10) == "confinline")) {
$input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration.";
}
if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_yealink_t38g2") || ($act == "conf_snom"))) {
$input_errors[] = "You cannot use Microsoft Certificate Storage with a Yealink or SNOM configuration.";
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
// set form defaults
$pconfig = array();
$pconfig['ipprotocol'] = 'ipv4';
$pconfig['host'] = null;
$pconfig['port'] = null;
$pconfig['showtext'] = null;
$pconfig['sourceip'] = null;
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST;
$input_errors = array();
/* input validation */
$reqdfields = explode(" ", "host port");
$reqdfieldsn = array(gettext("Host"), gettext("Port"));
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if (!is_ipaddr($pconfig['host']) && !is_hostname($pconfig['host'])) {
$input_errors[] = gettext("Please enter a valid IP or hostname.");
}
if (!is_port($pconfig['port'])) {
$input_errors[] = gettext("Please enter a valid port number.");
}
if ($pconfig['srcport'] != "" && (!is_numeric($pconfig['srcport']) || !is_port($pconfig['srcport']))) {
$input_errors[] = gettext("Please enter a valid source port number, or leave the field blank.");
}
if (is_ipaddrv4($pconfig['host']) && $pconfig['ipprotocol'] == "ipv6") {
$input_errors[] = gettext("You cannot connect to an IPv4 address using IPv6.");
}
if (is_ipaddrv6($pconfig['host']) && $pconfig['ipprotocol'] == "ipv4") {
$input_errors[] = gettext("You cannot connect to an IPv6 address using IPv4.");
}
if (count($input_errors) == 0) {
} else {
}
} else {
}
}
}
$subnet = $config['interfaces']['lan']['ipaddr'] . "/" . $config['interfaces']['lan']['subnet'];
if (is_ipaddr($_POST['ipadress'])) {
if (false == ($cnif = ip_in_subnet($_POST['ipadress'], $subnet))) {
$input_errors[] = "Value \"IP address\" is not belongs to the subnet LAN";
goto out;
} else {
}
}
} elseif (empty($_POST['macaddr']) && empty($_POST['ipadress']) && !empty($_POST['hostname'])) {
if (FALSE == is_hostname($_POST['hostname'])) {
$input_errors[] = "Wrong Host name.";
goto out;
} else {
$pconfig['leasetime'] = "60";
$nas4frehosts =& $config['system']['hosts'];
if (false !== ($cnin = array_search_ex($_POST['hostname'], $nas4frehosts, "name"))) {
$warning_mess = "Host defined on <a href=system_hosts.php>/etc/hosts</a>";
} else {
if ($_POST['hostname'] == $config['system']['hostname']) {
$input_errors[] = "You can not define main host as DHCP client";
goto out;
} else {
$warning_mess = "Host NOT defined on <a href=system_hosts.php>/etc/hosts</a>, please define it";
}
}
if ($_POST["address{$x}"] != "") {
if (is_alias($_POST["address{$x}"])) {
if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) {
// But alias type network can include alias type urltable. Feature#1603.
if (!($_POST['type'] == 'network' && alias_get_type($_POST["address{$x}"]) == 'urltable')) {
$wrongaliases .= " " . $_POST["address{$x}"];
}
}
} else {
if ($_POST['type'] == "port") {
if (!is_port($_POST["address{$x}"])) {
$input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias.");
}
} else {
if ($_POST['type'] == "host" || $_POST['type'] == "network") {
if (!is_ipaddr($_POST["address{$x}"]) && !is_hostname($_POST["address{$x}"]) && !is_iprange($_POST["address{$x}"])) {
$input_errors[] = sprintf(gettext('%1$s is not a valid %2$s alias.'), $_POST["address{$x}"], $_POST['type']);
}
}
}
}
if (is_iprange($_POST["address{$x}"])) {
list($startip, $endip) = explode('-', $_POST["address{$x}"]);
$rangesubnets = ip_range_to_subnet_array($startip, $endip);
$address = array_merge($address, $rangesubnets);
} else {
$tmpaddress = $_POST["address{$x}"];
if (is_ipaddr($_POST["address{$x}"]) && $_POST["address_subnet{$x}"] != "") {
$tmpaddress .= "/" . $_POST["address_subnet{$x}"];
}
$address[] = $tmpaddress;
} elseif (!substr_compare('altname_value', $key, 0, 13)) {
$entry = substr($key, 13);
$field = 'value';
}
if (ctype_digit($entry)) {
$entry++;
// Pre-bootstrap code is one-indexed, but the bootstrap code is 0-indexed
$altnames[$entry][$field] = $value;
}
}
$pconfig['altnames']['item'] = $altnames;
/* Input validation for subjectAltNames */
foreach ($altnames as $idx => $altname) {
switch ($altname['type']) {
case "DNS":
if (!is_hostname($altname['value'], true)) {
array_push($input_errors, "DNS subjectAltName values must be valid hostnames, FQDNs or wildcard domains.");
}
break;
case "IP":
if (!is_ipaddr($altname['value'])) {
array_push($input_errors, "IP subjectAltName values must be valid IP Addresses");
}
break;
case "email":
if (empty($altname['value'])) {
array_push($input_errors, "You must provide an e-mail address for this type of subjectAltName");
}
if (preg_match("/[\\!\\#\$\\%\\^\\(\\)\\~\\?\\>\\<\\&\\/\\\\,\"\\']/", $altname['value'])) {
array_push($input_errors, "The e-mail provided in a subjectAltName contains invalid characters.");
}
} elseif (!substr_compare('aliasdescription', $key, 0, 16)) {
$entry = substr($key, 16);
$field = 'description';
}
if (ctype_digit($entry)) {
$aliases[$entry][$field] = $value;
}
}
$pconfig['aliases']['item'] = $aliases;
/* validate aliases */
foreach ($aliases as $idx => $alias) {
$aliasreqdfields = array('aliasdomain' . $idx);
$aliasreqdfieldsn = array(gettext("Alias Domain"));
do_input_validation($_POST, $aliasreqdfields, $aliasreqdfieldsn, $input_errors);
if ($alias['host']) {
if (!is_hostname($alias['host'])) {
$input_errors[] = gettext("Hostnames in an alias list can only contain the characters A-Z, 0-9 and '-'. They may not start or end with '-'.");
} else {
if (!is_unqualified_hostname($alias['host'])) {
$input_errors[] = gettext("A valid alias hostname is specified, but the domain name part should be omitted");
}
}
}
if ($alias['domain'] && !is_domain($alias['domain'])) {
$input_errors[] = gettext("A valid domain must be specified in alias list.");
}
}
/* check for overlaps */
foreach ($a_hosts as $hostent) {
if (isset($id) && $a_hosts[$id] && $a_hosts[$id] === $hostent) {
continue;
function is_valid_syslog_server($target)
{
return is_ipaddr($target) || is_ipaddrwithport($target) || is_hostname($target) || is_hostnamewithport($target);
}
if (preg_match('/[ \\/]/', $_POST['name'])) {
$input_errors[] = gettext("You cannot use spaces or slashes in the 'name' field.");
}
if (strlen($_POST['name']) > 16) {
$input_errors[] = gettext("The 'name' field must be 16 characters or less.");
}
switch ($_POST['type']) {
case 'icmp':
break;
case 'tcp':
break;
case 'http':
case 'https':
if (is_array($pconfig['options'])) {
if (isset($pconfig['options']['host']) && $pconfig['options']['host'] != "") {
if (!is_hostname($pconfig['options']['host'])) {
$input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'.");
}
}
if (isset($pconfig['options']['code']) && $pconfig['options']['code'] != "") {
// Check code
if (!is_rfc2616_code($pconfig['options']['code'])) {
$input_errors[] = gettext("HTTP(s) codes must be from RFC2616.");
}
}
if (!isset($pconfig['options']['path']) || $pconfig['options']['path'] == "") {
$input_errors[] = gettext("The path to monitor must be set.");
}
}
break;
case 'send':
foreach ($input_addresses as $idx => $input_address) {
if (is_alias($input_address)) {
if (!alias_same_type($input_address, $_POST['type'])) {
// But alias type network can include alias type urltable. Feature#1603.
if (!($_POST['type'] == 'network' && preg_match("/urltable/i", alias_get_type($input_address)))) {
$wrongaliases .= " " . $input_address;
}
}
} else {
if ($_POST['type'] == "port") {
if (!is_port($input_address) && !is_portrange($input_address)) {
$input_errors[] = $input_address . " " . gettext("is not a valid port or alias.");
}
} else {
if ($_POST['type'] == "host" || $_POST['type'] == "network") {
if (is_subnet($input_address) || !is_ipaddr($input_address) && !is_hostname($input_address)) {
$input_errors[] = sprintf(gettext('%1$s is not a valid %2$s address, FQDN or alias.'), $input_address, $_POST['type']);
}
}
}
}
$tmpaddress = $input_address;
if ($_POST['type'] != "host" && is_ipaddr($input_address) && $input_address_subnet[$idx] != "") {
if (!is_subnet($input_address . "/" . $input_address_subnet[$idx])) {
$input_errors[] = sprintf(gettext('%s/%s is not a valid subnet.'), $input_address, $input_address_subnet[$idx]);
} else {
$tmpaddress .= "/" . $input_address_subnet[$idx];
}
}
$address[] = $tmpaddress;
}
$input_errors[] = gettext("A valid PPPoE reset hour must be specified (0-23).");
}
if (!empty($pconfig['pppoe_resetminute']) && (!is_numericint($pconfig['pppoe_resetminute']) || $pconfig['pppoe_resetminute'] < 0 || $pconfig['pppoe_resetminute'] > 59)) {
$input_errors[] = gettext("A valid PPPoE reset minute must be specified (0-59).");
}
if (!empty($pconfig['pppoe_resetdate']) && !is_numeric(str_replace("/", "", $pconfig['pppoe_resetdate']))) {
$input_errors[] = gettext("A valid PPPoE reset date must be specified (mm/dd/yyyy).");
}
}
if (!empty($pconfig['localip']) && !is_ipaddrv4($pconfig['localip'])) {
$input_errors[] = gettext("A valid PPTP local IP address must be specified.");
}
if (!empty($pconfig['pptp_subnet']) && !is_numeric($pconfig['pptp_subnet'])) {
$input_errors[] = gettext("A valid PPTP subnet bit count must be specified.");
}
if (!empty($pconfig['pptp_remote']) && !is_ipaddrv4($pconfig['pptp_remote']) && !is_hostname($pconfig['gateway'][$iface])) {
$input_errors[] = gettext("A valid PPTP remote IP address must be specified.");
}
if (!empty($pconfig['pptp_idletimeout']) && !is_numericint($pconfig['pptp_idletimeout'])) {
$input_errors[] = gettext("The idle timeout value must be an integer.");
}
if (!empty($pconfig['spoofmac']) && !is_macaddr($pconfig['spoofmac'])) {
$input_errors[] = gettext("A valid MAC address must be specified.");
}
if (!empty($pconfig['mtu'])) {
if ($pconfig['mtu'] < 576 || $pconfig['mtu'] > 9000) {
$input_errors[] = gettext("The MTU must be greater than 576 bytes and less than 9000.");
}
if (stristr($a_interfaces[$if]['if'], "_vlan")) {
$realhwif_array = get_parent_interface($a_interfaces[$if]['if']);
// Need code to handle MLPPP if we ever use $realhwif for MLPPP handling
}
$type = "unknown";
$resolved = array();
$ipaddr = "";
if (!$input_errors) {
if (is_ipaddr($host)) {
$type = "ip";
$resolvedptr = gethostbyaddr($host);
$ipaddr = $host;
if ($host != $resolvedptr) {
$tmpresolved = array();
$tmpresolved['type'] = "PTR";
$tmpresolved['data'] = $resolvedptr;
$resolved[] = $tmpresolved;
}
} elseif (is_hostname($host)) {
$type = "hostname";
$ipaddr = gethostbyname($host);
$resolved = resolve_host_addresses($host);
}
}
}
if ($_POST['host'] && $_POST['dialog_output']) {
$host = isset($resolvedptr) ? $resolvedptr : $host;
display_host_results($ipaddr, $host, $dns_speeds);
exit;
}
function display_host_results($address, $hostname, $dns_speeds)
{
$map_lengths = function ($element) {
return strlen($element[0]);
$input_errors[] = "This pool name has already been used. Pool names must be unique.";
}
}
$pconfig['a_acl'] = $htmllist_acls->haproxy_htmllist_get_values();
$pconfig['a_actionitems'] = $htmllist_actions->haproxy_htmllist_get_values();
$a_servers = $serverslist->haproxy_htmllist_get_values();
foreach ($a_servers as $server) {
$server_name = $server['name'];
$server_address = $server['address'];
$server_port = $server['port'];
$server_weight = $server['weight'];
if (preg_match("/[^a-zA-Z0-9\\.\\-_]/", $server_name)) {
$input_errors[] = "The field 'Name' contains invalid characters.";
}
if (!isset($server['forwardto']) || $server['forwardto'] == "") {
if (!is_ipaddr($server_address) && !is_hostname($server_address) && !haproxy_is_frontendname($server_address)) {
$input_errors[] = "The field 'Address' for server {$server_name} is not a valid ip address or hostname." . $server_address;
}
} else {
if ($server_address && $server_address != "" || $server_port && !is_numeric($server_port)) {
$input_errors[] = "'Address' and 'port' should be empty when a 'Forwardto' frontend is chosen other than 'Address+Port'.";
}
}
if (!preg_match("/.{2,}/", $server_name)) {
$input_errors[] = "The field 'Name' is required (and must be at least 2 characters).";
}
if ($server_weight && !is_numeric($server_weight)) {
$input_errors[] = "The field 'Weight' value is not a number.";
}
if ($server_port && !is_numeric($server_port)) {
$input_errors[] = "The field 'Port' value is not a number.";
$id = $_POST['id'];
}
if (isset($id) && $a_hosts[$id]) {
$pconfig['host'] = $a_hosts[$id]['host'];
$pconfig['domain'] = $a_hosts[$id]['domain'];
$pconfig['ip'] = $a_hosts[$id]['ip'];
$pconfig['descr'] = $a_hosts[$id]['descr'];
}
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
/* input validation */
$reqdfields = explode(" ", "domain ip");
$reqdfieldsn = array(gettext("Domain"), gettext("IP address"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
if ($_POST['host'] && !is_hostname($_POST['host'])) {
$input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'.");
}
if ($_POST['domain'] && !is_domain($_POST['domain'])) {
$input_errors[] = gettext("A valid domain must be specified.");
}
if ($_POST['ip'] && !is_ipaddr($_POST['ip'])) {
$input_errors[] = gettext("A valid IP address must be specified.");
}
/* check for overlaps */
foreach ($a_hosts as $hostent) {
if (isset($id) && $a_hosts[$id] && $a_hosts[$id] === $hostent) {
continue;
}
if ($hostent['host'] == $_POST['host'] && $hostent['domain'] == $_POST['domain'] && (is_ipaddrv4($hostent['ip']) && is_ipaddrv4($_POST['ip']) || is_ipaddrv6($hostent['ip']) && is_ipaddrv6($_POST['ip']))) {
$input_errors[] = gettext("This host/domain already exists.");
$impip = $implinea[0];
$impdesc = trim($implinea[1]);
if (strlen($impdesc) < 200) {
if (strpos($impdesc, "||") === false && substr($impdesc, 0, 1) != "|" && substr($impdesc, -1, 1) != "|") {
$iprange_type = is_iprange($impip);
if ($iprange_type == 4) {
list($startip, $endip) = explode('-', $impip);
$rangesubnets = ip_range_to_subnet_array($startip, $endip);
$imported_ips = array_merge($imported_ips, $rangesubnets);
$rangedescs = array_fill(0, count($rangesubnets), $impdesc);
$imported_descs = array_merge($imported_descs, $rangedescs);
} else {
if ($iprange_type == 6) {
$input_errors[] = sprintf(gettext('IPv6 address ranges are not supported (%s)'), $impip);
} else {
if (!is_ipaddr($impip) && !is_subnet($impip) && !is_hostname($impip) && !empty($impip)) {
$input_errors[] = sprintf(gettext("%s is not an IP address. Please correct the error to continue"), $impip);
} elseif (!empty($impip)) {
$imported_ips[] = $impip;
$imported_descs[] = $impdesc;
}
}
}
} else {
if (!$desc_fmt_err_found) {
$input_errors[] = gettext("Descriptions may not start or end with vertical bar (|) or contain double vertical bar ||.");
$desc_fmt_err_found = true;
}
}
} else {
if (!$desc_len_err_found) {
$pgtitle = array('SERVİSLER', ' 5651 SAYILI YASAYA GÖRE KAYIT TUTMA SERVİSİ');
if (!is_array($config['digitalsign'])) {
$config['digitalsign'] = array();
}
$pconfig['enable'] = isset($config['digitalsign']['enable']);
$pconfig['sign_type'] = $config['digitalsign']['sign_type'];
$pconfig['sign_time'] = $config['digitalsign']['sign_time'];
$pconfig['sign_hour'] = $config['digitalsign']['sign_hour'];
$pconfig['smbhostname'] = base64_decode($config['digitalsign']['smbhostname']);
$pconfig['smbusername'] = base64_decode($config['digitalsign']['smbusername']);
$pconfig['smbpassword'] = base64_decode($config['digitalsign']['smbpassword']);
$pconfig['smbfolder'] = base64_decode($config['digitalsign']['smbfolder']);
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
if (!empty($_POST['smbhostname']) && !is_hostname($_POST['smbhostname'])) {
$input_errors[] = 'Geçerli bir sunucu adı girmelisiniz.';
}
if (!empty($_POST['sign_hour']) && !check_hour($_POST['sign_hour'])) {
$input_errors[] = 'Geçerli bir saat girmelisiniz. HH:MM formatında bir saat girin.';
}
if ($_POST['sign_type'] == 'remote') {
$reqdfields = split(" ", "smbhostname smbusername smbpassword smbfolder");
$reqdfieldsn = array("Sunucu Adı", "Kullanıcı Adı", "Parola", "Klasör Adı");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
}
if (strlen($_POST['smbusername']) > 128) {
$input_errors[] = 'Kullanıcı adı 128 karakteri geçmemelidir.';
}
if (strlen($_POST['smbpassword']) > 128) {
$input_errors[] = 'Parola 128 karakteri geçmemelidir.';
$pconfig['mirror'] = $config['system']['firmware']['mirror'];
}
if (isset($config['system']['firmware']['flavour'])) {
$pconfig['flavour'] = $config['system']['firmware']['flavour'];
}
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['timezone']) && $pconfig['timezone'] != $_POST['timezone']) {
filter_pflog_start();
}
$input_errors = array();
$pconfig = $_POST;
/* input validation */
$reqdfields = explode(" ", "hostname domain");
$reqdfieldsn = array(gettext("Hostname"), gettext("Domain"));
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if (!empty($pconfig['hostname']) && !is_hostname($pconfig['hostname'])) {
$input_errors[] = gettext("The hostname may only contain the characters a-z, 0-9 and '-'.");
}
if (!empty($pconfig['domain']) && !is_domain($pconfig['domain'])) {
$input_errors[] = gettext("The domain may only contain the characters a-z, 0-9, '-' and '.'.");
}
$ignore_posted_dnsgw = array();
for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) {
$dnsname = "dns{$dnscounter}";
$dnsgwname = "dns{$dnscounter}gw";
if (!empty($pconfig[$dnsname]) && !is_ipaddr($pconfig[$dnsname])) {
$input_errors[] = gettext("A valid IP address must be specified for DNS server {$dnscounter}.");
} elseif (!empty($pconfig[$dnsgwname]) && $pconfig[$dnsgwname] != "none") {
// A real gateway has been selected.
if (is_ipaddr($pconfig[$dnsname])) {
if (is_ipaddrv4($pconfig[$dnsname]) && validate_address_family($pconfig[$dnsname], $pconfig[$dnsgwname]) === false) {
<pre>
<?php
$useicmp = isset($_REQUEST['useicmp']) ? "-I" : "";
$n = isset($resolve) ? "" : "-n";
$command = "/usr/sbin/traceroute";
if ($ipproto == "ipv6") {
$command .= "6";
$ifaddr = is_ipaddr($sourceip) ? $sourceip : get_interface_ipv6($sourceip);
} else {
$ifaddr = is_ipaddr($sourceip) ? $sourceip : get_interface_ip($sourceip);
}
if ($ifaddr && (is_ipaddr($host) || is_hostname($host)))
$srcip = "-s " . escapeshellarg($ifaddr);
$cmd = "{$command} {$n} {$srcip} -w 2 {$useicmp} -m " . escapeshellarg($ttl) . " " . escapeshellarg($host);
//echo "Traceroute command: {$cmd}\n";
system($cmd);
?>
</pre>
</div>
</div>
</section>
<? endif; ?>
</div>
</div>
$pconfig = $_POST;
/* input validation */
if ($_POST['webguiport']) {
if (!is_port($_POST['webguiport'])) {
$input_errors[] = gettext("A valid webConfigurator port number must be specified");
}
}
if ($_POST['max_procs']) {
if (!is_numericint($_POST['max_procs']) || $_POST['max_procs'] < 1 || $_POST['max_procs'] > 500) {
$input_errors[] = gettext("Max Processes must be a number 1 or greater");
}
}
if ($_POST['althostnames']) {
$althosts = explode(" ", $_POST['althostnames']);
foreach ($althosts as $ah) {
if (!is_ipaddr($ah) && !is_hostname($ah)) {
$input_errors[] = sprintf(gettext("Alternate hostname %s is not a valid hostname."), htmlspecialchars($ah));
}
}
}
if ($_POST['sshport']) {
if (!is_port($_POST['sshport'])) {
$input_errors[] = gettext("A valid port number must be specified");
}
}
if ($_POST['sshdkeyonly'] == "yes") {
$config['system']['ssh']['sshdkeyonly'] = "enabled";
} else {
if (isset($config['system']['ssh']['sshdkeyonly'])) {
unset($config['system']['ssh']['sshdkeyonly']);
}
/* input validation */
$reqdfields = array();
$reqdfieldsn = array();
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
/* either MAC or Client-ID must be specified */
if (empty($_POST['mac']) && empty($_POST['cid'])) {
$input_errors[] = gettext("Either MAC address or Client identifier must be specified");
}
/* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */
$_POST['mac'] = strtolower(str_replace("-", ":", $_POST['mac']));
if ($_POST['hostname']) {
preg_match("/\\-\$/", $_POST['hostname'], $matches);
if ($matches) {
$input_errors[] = gettext("The hostname cannot end with a hyphen according to RFC952");
}
if (!is_hostname($_POST['hostname'])) {
$input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'.");
} else {
if (!is_unqualified_hostname($_POST['hostname'])) {
$input_errors[] = gettext("A valid hostname is specified, but the domain name part should be omitted");
}
}
}
if ($_POST['ipaddr'] && !is_ipaddr($_POST['ipaddr'])) {
$input_errors[] = gettext("A valid IP address must be specified.");
}
if ($_POST['mac'] && !is_macaddr($_POST['mac'])) {
$input_errors[] = gettext("A valid MAC address must be specified.");
}
if ($static_arp_enabled && !$_POST['ipaddr']) {
$input_errors[] = gettext("Static ARP is enabled. You must specify an IP address.");
function get_remote_log()
{
global $config, $g, $postfix_dir;
$curr_time = time();
$log_time = date('YmdHis', $curr_time);
if (is_array($config['installedpackages']['postfixsync'])) {
$synctimeout = $config['installedpackages']['postfixsync']['config'][0]['synctimeout'] ?: '250';
foreach ($config['installedpackages']['postfixsync']['config'][0]['row'] as $sh) {
// Get remote data for enabled fetch hosts
if ($sh['enabless'] && $sh['sync_type'] == 'fetch') {
$sync_to_ip = $sh['ipaddress'];
$port = $sh['syncport'];
$username = $sh['username'] ?: 'admin';
$password = $sh['password'];
$protocol = $sh['syncprotocol'];
$file = '/var/db/postfix/' . $server . '.sql';
$error = '';
$valid = TRUE;
if ($password == "") {
$error = "Password parameter is empty. ";
$valid = FALSE;
}
if ($protocol == "") {
$error = "Protocol parameter is empty. ";
$valid = FALSE;
}
if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) {
$error .= "Misconfigured Replication Target IP Address or Hostname. ";
$valid = FALSE;
}
if (!is_port($port)) {
$error .= "Misconfigured Replication Target Port. ";
$valid = FALSE;
}
if ($valid) {
// Take care of IPv6 literal address
if (is_ipaddrv6($sync_to_ip)) {
$sync_to_ip = "[{$sync_to_ip}]";
}
$url = "{$protocol}://{$sync_to_ip}";
print "{$sync_to_ip} {$url}, {$port}\n";
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/www/postfix.php');\n";
$execcmd .= '$toreturn = get_sql(' . $log_time . ');';
/* Assemble XMLRPC payload. */
$params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd));
log_error("[postfix] Fetching sql data from {$sync_to_ip}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
//$cli->setDebug(1);
$resp = $cli->send($msg, $synctimeout);
$a = $resp->value();
$errors = 0;
//var_dump($sql);
foreach ($a as $b) {
foreach ($b as $c) {
foreach ($c as $d) {
foreach ($d as $e) {
$update = unserialize($e['string']);
print $update['day'] . "\n";
if ($update['day'] != "") {
create_db($update['day'] . ".db");
if ($debug) {
print $update['day'] . " writing from remote system to db...";
}
$dbhandle = sqlite_open($postfix_dir . '/' . $update['day'] . ".db", 0666, $error);
//file_put_contents("/tmp/" . $key . '-' . $update['day'] . ".sql", gzuncompress(base64_decode($update['sql'])), LOCK_EX);
$ok = sqlite_exec($dbhandle, gzuncompress(base64_decode($update['sql'])), $error);
if (!$ok) {
$errors++;
die("Cannot execute query. {$error}\n" . $update['sql'] . "\n");
} elseif ($debug) {
print "ok\n";
}
sqlite_close($dbhandle);
}
}
}
}
}
if ($errors == 0) {
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/www/postfix.php');\n";
$execcmd .= 'flush_sql(' . $log_time . ');';
/* Assemble XMLRPC payload. */
$params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd));
log_error("[postfix] Flushing sql buffer file from {$sync_to_ip}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
//$cli->setDebug(1);
$resp = $cli->send($msg, $synctimeout);
}
} else {
log_error("[postfix] Fetch sql database from '{$sync_to_ip}' aborted due to the following error(s): {$error}");
}
}
}
log_error("[postfix] Fetch sql database completed.");
}
}
