diff options
author | robiscool <robrob2626@yahoo.com> | 2012-07-03 00:38:07 -0700 |
---|---|---|
committer | robiscool <robrob2626@yahoo.com> | 2012-07-03 00:38:07 -0700 |
commit | f80fcb63882ab695496141dcc92131c20486dfab (patch) | |
tree | 348c8e2e1438a20ee6720aaf226b497230f04ad9 /config/snort-dev | |
parent | da8fcdbc50c6e0b4def6a7eee0320190492f3d03 (diff) | |
download | pfsense-packages-f80fcb63882ab695496141dcc92131c20486dfab.tar.gz pfsense-packages-f80fcb63882ab695496141dcc92131c20486dfab.tar.bz2 pfsense-packages-f80fcb63882ab695496141dcc92131c20486dfab.zip |
snort-dev, add ipv6 support to whitelist build func, remove use of old javascript, php closure adds for namespace
Diffstat (limited to 'config/snort-dev')
-rw-r--r-- | config/snort-dev/snort.inc | 423 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces_edit.php | 6 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces_whitelist_edit.php | 286 |
3 files changed, 463 insertions, 252 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 32519cf1..7a9b234c 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -100,141 +100,275 @@ function find_suppress_key($find_slist_number) { } } -/* func builds custom whitelests */ -function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) { - global $config, $g, $snort_pfsense_basever; - - /* build an interface array list */ - if (function_exists('get_configured_interface_list')) - $int_array = get_configured_interface_list(); - else { - $int_array = array('lan'); - for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) - if(isset($config['interfaces']['opt' . $j]['enable'])) - if(isset($config['interfaces']['opt' . $j]['gateway'])) - $int_array[] = "opt{$j}"; - } - - $home_net = ""; +function snort_find_interface_ipv6($interface, $flush = false) +{ + global $interface_ipv6_arr_cache; + global $interface_snv6_arr_cache; + global $config; + + $interface = trim($interface); + $interface = get_real_interface($interface); + + if (!does_interface_exist($interface)) + return; - /* iterate through interface list and write out whitelist items - * and also compile a home_net list for snort. - */ - foreach ($int_array as $int) { - /* calculate interface subnet information */ - if (function_exists('get_interface_ip')) { - $subnet = get_interface_ip($int); - if (is_ipaddr($subnet)) { - $sn = get_interface_subnet($int); - $home_net .= "{$subnet}/{$sn} "; - } - } else { - $ifcfg = $config['interfaces'][$int]; - switch ($ifcfg['ipaddr']) { - case "pppoe": - case "pptp": - case "l2tp": - if (function_exists('get_interface_ip')) - $subnet = get_interface_ip($int); - else - $subnet = find_interface_ip("ng0"); - - if (is_ipaddr($subnet)) - $home_net .= "{$subnet} "; - break; - case "dhcp": - $subnet = find_interface_ip(snort_get_real_interface($int)); - if (is_ipaddr($subnet)) - $home_net .= "{$subnet} "; - break; - default: - if (is_ipaddr($ifcfg['ipaddr'])) { - $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); - if ($ifcfg['subnet']) - $home_net .= "{$subnet}/{$ifcfg['subnet']} "; + /* Setup IP cache */ + if (!isset($interface_ipv6_arr_cache[$interface]) or $flush) { + $ifinfo = pfSense_get_interface_addresses($interface); + // FIXME: Add IPv6 support to the pfSense module + exec("/sbin/ifconfig {$interface} inet6", $output); + foreach($output as $line) { + if(preg_match("/inet6/", $line)) { + $parts = explode(" ", $line); + if(preg_match("/fe80::/", $parts[1])) { + $ifinfo['ipaddrv6'] = $parts[1]; + if($parts[2] == "-->") { + $parts[5] = "126"; + $ifinfo['subnetbitsv6'] = $parts[5]; + } else { + $ifinfo['subnetbitsv6'] = $parts[3]; + } } - break; } } + $interface_ipv6_arr_cache[$interface] = $ifinfo['ipaddrv6']; + $interface_snv6_arr_cache[$interface] = $ifinfo['subnetbitsv6']; } - if ($snort_pfsense_basever == 'yes' && $wanip == 'yes') { - /* add all WAN ips to the whitelist */ - $wan_if = get_real_wan_interface(); - $ip = find_interface_ip($wan_if); - if (is_ipaddr($ip)) - $home_net .= "{$ip} "; - } + return $interface_ipv6_arr_cache[$interface]; +} - if ($wangw == 'yes') { - /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ - $gw = get_interface_gateway('wan'); - if($gw) - $home_net .= "{$gw} "; +function snort_get_interface_ipv6($interface = "wan") +{ + global $config; + $realif = get_failover_interface($interface); + switch($config['interfaces'][$interface]['ipaddrv6']) { + case "6rd": + case "6to4": + $realif = "stf0"; + break; } - - if($wandns == 'yes') { - /* Add DNS server for WAN interface to whitelist */ - $dns_servers = get_dns_servers(); - foreach ($dns_servers as $dns) { - if($dns) - $home_net .= "{$dns} "; - } + if (!$realif) { + if (preg_match("/^carp/i", $interface)) + $realif = $interface; + else if (preg_match("/^[a-z0-9]+_vip/i", $interface)) + $realif = $interface; + else + return null; } - if($vips == 'yes') { - /* iterate all vips and add to whitelist */ - if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { - foreach($config['virtualip']['vip'] as $vip) - if($vip['subnet']) - $home_net .= "{$vip['subnet']} "; - } - } + $curip = snort_find_interface_ipv6($realif); + + if (strstr($curip, '%', TRUE)) { + $curip = strstr($curip, '%', TRUE); + }else if (is_ipaddrv6($curip)){ + $curip = $curip; + } + + if ($curip && is_ipaddrv6($curip) && ($curip != "::")) + return $curip; + else + return null; +} - /* Add loopback to whitelist (ftphelper) */ - $home_net .= "127.0.0.1 "; +/* func builds custom whitelests */ +function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) { + global $config, $g, $snort_pfsense_basever; - /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */ - if ($vpns == 'yes') { - if ($snort_pfsense_basever == 'yes') // chk what pfsense version were on - $vpns_list = get_vpns_list(); - else if ($snort_pfsense_basever == 'no') // chk what pfsense version were on - $vpns_list = filter_get_vpns_list(); + // build an interface array list + $int_array = get_configured_interface_list(); - if (!empty($vpns_list)) - $home_net .= "{$vpns_list} "; - } + /* calculate ipv4 interface subnet information */ + $home_net = ''; + $snort_calc_iface_subnet_list = function($int) use(&$home_net) { + + $subnet = get_interface_ip($int); + $sn = get_interface_subnet($int); + $subnet_v6 = snort_get_interface_ipv6($int); + $sn_v6 = get_interface_subnetv6($int); + + if (is_ipaddr($subnet) && !empty($subnet)) { + $home_net .= "{$subnet}/{$sn},"; + } - /* never ever compair numbers to words */ - if ($userwips > -1) { - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); + if (is_ipaddr($subnet_v6) && !empty($subnet_v6)) { + $home_net .= "{$subnet_v6}/{$sn_v6},"; + } + + }; + + /* Add Gateway on WAN interface to whitelist (For RRD graphs) */ + $snort_calc_gateway_list = function($int) use (&$home_net) { - $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address']; + $gw = get_interface_gateway($int); + $sn = get_interface_subnet($int); + $gw_v6 = get_interface_gateway_v6($int); + $sn_v6 = get_interface_subnetv6($int); + + + if(!empty($gw) && is_ipaddr($gw)) { + $home_net .= "{$gw}/{$sn},"; + } + + if(!empty($gw_v6) && is_ipaddr($gw_v6)) { + $home_net .= "{$gw_v6}/{$sn_v6},"; + } + + }; + + // iterate through interface list and write out whitelist items and also compile a home_net list for snort. + foreach ($int_array as $int) { + + if (!empty($int)) { + $snort_calc_iface_subnet_list($int); + + if ($wangw == 'yes') + $snort_calc_gateway_list($int); + + } + } - $home_net = trim($home_net); - - /* this foe whitelistfile, convert spaces to carriage returns */ - if ($build_netlist == 'whitelist') { - $whitelist_home_net = str_replace(" ", "\n", $home_net); - $whitelist_home_net = str_replace(" ", "\n", $home_net); - return $whitelist_home_net; + /* + * Add DNS server for WAN interface to whitelist + * + * NOTE: does this get ipv6 ips + */ + $snort_dns_list = function() use(&$home_net) { + + $dns_servers = get_dns_servers(); + foreach ($dns_servers as $dns) { + if(!empty($dns) && is_ipaddr($dns)) { + $home_net .= "{$dns},"; + } + } + + }; + + if($wandns == 'yes') { + $snort_dns_list(); + } + + /* + * iterate all vips and add to whitelist + * NOTE: does this get ipv6 ips + * + */ + $snort_vips_list = function() use(&$home_net, &$config) { + + if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { + foreach($config['virtualip']['vip'] as $vip) + if(!empty($vip['subnet'])) + $home_net .= "{$vip['subnet']},"; + } + + }; + + if($vips == 'yes') { + $snort_vips_list(); } - /* this is for snort.conf */ - $validator = explode(" ", $home_net); - $valresult = array(); - foreach ($validator as $vald) { - if (empty($vald)) - continue; - $valresult[] = $vald; + /* + * grab a list of vpns and whitelist if user desires added by nestorfish 954 + * + * NOTE: does this get ipv6 ips + */ + $snort_vpns_list = function() use(&$home_net, &$config) { + $vpns_list = filter_get_vpns_list(); + + if (!empty($vpns_list)) + $home_net .= "{$vpns_list},"; + }; + + if ($vpns == 'yes') { + $snort_vpns_list(); + } + + $snort_userwips_list = function() use(&$home_net, &$userwips, &$config) { + + if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); + + $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address'] . ','; + + }; + + if ($userwips > -1) { + $snort_userwips_list(); } - $home_net = implode(",", $valresult); - $home_net = "[{$home_net}]"; + // add loopback iface + $home_net .= '127.0.0.1,'; + $home_net .= '::1,'; + + /* + * makes sure there is no duplicates + * splits $home_net to (ipv6 ip), (ipv6 cidr), (ipv4 ip), (ipv4 cidr) + */ + $snort_clean_home_net = function() use(&$home_net) { + + $home_net = trim($home_net); + $home_net = explode(',', $home_net); + $net_ipv4_cidr = array(); + $net_ipv4 = array(); + $net_ipv6_cidr = array(); + $net_ipv6 = array(); + + // split into 4 arrays + foreach ($home_net as $net_ip) { + + if (preg_match("/\./", $net_ip)) { + if (preg_match("/\//", $net_ip)) { + if (!in_array($net_ip, $net_ipv4_cidr)) + array_push($net_ipv4_cidr, $net_ip); + }else{ + if (!in_array($net_ip, $net_ipv4)) + array_push($net_ipv4, $net_ip); + } + } + + if (preg_match("/:/", $net_ip)) { + if (preg_match("/\//", $net_ip)) { + if (!in_array($net_ip, $net_ipv6_cidr)) + array_push($net_ipv6_cidr, $net_ip); + }else{ + if (!in_array($net_ip, $net_ipv6)) + array_push($net_ipv6, $net_ip); + } + } + } // end foreach + + // TODO: make sure that ips are not in cidr + + $home_net = ''; + foreach ($net_ipv4_cidr as $net_ipv4_cidr_ip) { + if (!empty($net_ipv4_cidr_ip)) + $home_net .= $net_ipv4_cidr_ip . ','; + } + foreach ($net_ipv4 as $net_ipv4_ip) { + if (!empty($net_ipv4_ip)) + $home_net .= $net_ipv4_ip . ','; + } + foreach ($net_ipv6_cidr as $net_ipv6_cidr_ip) { + if (!empty($net_ipv6_cidr_ip)) + $home_net .= $net_ipv6_cidr_ip . ','; + } + foreach ($net_ipv6 as $net_ipv6_ip) { + if (!empty($net_ipv6_ip)) + $home_net .= $net_ipv6_ip . ','; + } + + // remove , if its the last char + if($home_net[strlen($home_net)-1] === ',') { + $home_net = substr_replace($home_net, '', -1); + } + + }; + $snort_clean_home_net(); + return $home_net; -} + +} // end func builds custom whitelests /* checks to see if snort is running yes/no and stop/start */ @@ -460,17 +594,14 @@ function post_delete_logs() $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd); snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]); } - } else + } else { exec("/bin/rm $snort_log_dir/{$snort_uuid}_{$if_real}/snort.tcpdump*"); - - /* create barnyard2 configuration file */ - //if ($value['barnyard_enable'] == 'on') - //create_barnyard2_conf($id, $if_real, $snort_uuid); - - if ($value['perform_stat'] == 'on') - @file_put_contents("$snort_log_dirt/{$snort_uuid}_{$if_real}/snort.stats", ""); + + if ($value['perform_stat'] == 'on') + @file_put_contents("$snort_log_dirt/{$snort_uuid}_{$if_real}/snort.stats", ""); + } } - } + } // end foreach } function snort_postinstall() @@ -832,23 +963,26 @@ function sync_snort_package_config() if ($if_real != '' && $snort_uuid != '') { - /* only build whitelist when needed */ - if ($value['blockoffenders7'] == 'on') + // only build whitelist when needed + if ($value['blockoffenders7'] === 'on') { create_snort_whitelist($id, $if_real); + } - /* only build threshold when needed */ - if ($value['suppresslistname'] != 'default') + // only build threshold when needed + if ($value['suppresslistname'] !== 'default'){ create_snort_suppress($id, $if_real); + } - /* create snort configuration file */ + // create snort configuration file create_snort_conf($id, $if_real, $snort_uuid); - /* if rules exist cp rules to each iface */ + // if rules exist cp rules to each iface create_rules_iface($id, $if_real, $snort_uuid); - /* create barnyard2 configuration file */ - if ($value['barnyard_enable'] == 'on') + // create barnyard2 configuration file + if ($value['barnyard_enable'] == 'on') { create_barnyard2_conf($id, $if_real, $snort_uuid); + } } } @@ -931,12 +1065,16 @@ function create_snort_whitelist($id, $if_real) { } else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'])) { $whitelist_key_w = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname']); - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) { return; + } $whitelist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]; - $w_data = build_base_whitelist($whitelist['snortlisttype'], $whitelist['wanips'], $whitelist['wangateips'], - $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w); + $w_data = build_base_whitelist($whitelist['snortlisttype'], $whitelist['wanips'], $whitelist['wangateips'], $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w); + + // this foe whitelistfile, convert spaces to carriage returns + $w_data = str_replace(',', "\n", $w_data); + $w_data = str_replace(',,', "\n", $w_data); /* open snort's whitelist for writing */ @file_put_contents("/usr/local/etc/snort/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data); @@ -1961,19 +2099,13 @@ EOD; else $def_max_queued_segs_type = ' max_queued_segs ' . $snortcfg['max_queued_segs'] . ','; - $snort_preprocessor_decoder_rules = ""; - if (file_exists("/usr/local/etc/snort/preproc_rules/preprocessor.rules")) - $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n"; - if (file_exists("/usr/local/etc/snort/preproc_rules/decoder.rules")) - $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n"; - /* build snort configuration file */ $snort_conf_text = <<<EOD ############################################################################## # # # snort configuration file generated by the pfSense package manager system # -# see /usr/local/pkg/snort.inc # # +# see /usr/local/pkg/snort.inc # # for snort ver. 2.9.2.3 # # more information Snort can be found at http://www.snort.org/ # # # @@ -1985,9 +2117,8 @@ EOD; # ######################### -# TODO: bug, auto gen is adding extra 127.0.0.1 -ipvar HOME_NET {$home_net} -ipvar EXTERNAL_NET {$external_net} +ipvar HOME_NET [{$home_net}] +ipvar EXTERNAL_NET [{$external_net}] ################### # @@ -2454,8 +2585,6 @@ $spoink_type include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config -{$snort_preprocessor_decoder_rules} - $threshold_file_name # Snort user pass through configuration @@ -2467,7 +2596,9 @@ $threshold_file_name # ################### - {$selected_rules_sections} + +{$selected_rules_sections} + EOD; diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index cdf23825..aee7bee1 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -30,7 +30,7 @@ POSSIBILITY OF SUCH DAMAGE. */ -require_once("/usr/local/www/guiconfig.inc"); +require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); @@ -38,6 +38,7 @@ global $g; if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); + $a_nat = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; @@ -375,11 +376,10 @@ function enable_change(enable_change) { } //--> </script> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<form method="post" enctype="multipart/form-data" name="iform" id="iform"> <?php /* Display Alert message */ if ($input_errors) { diff --git a/config/snort-dev/snort_interfaces_whitelist_edit.php b/config/snort-dev/snort_interfaces_whitelist_edit.php index fe3c54a5..14c016db 100644 --- a/config/snort-dev/snort_interfaces_whitelist_edit.php +++ b/config/snort-dev/snort_interfaces_whitelist_edit.php @@ -67,17 +67,22 @@ if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid' $d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty'; /* returns true if $name is a valid name for a whitelist file name or ip */ -function is_validwhitelistname($name) { +function is_validwhitelistname($name, $type) { if (!is_string($name)) - return false; + return false; - if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) - return true; + if ($type === 'name' && !preg_match("/[^a-zA-Z0-9\_]/", $name)) + return true; + + if ($type === 'ip' && !preg_match("/[^a-zA-Z0-9\:\,\.\/]/", $name)) + return true; + + if ($type === 'detail' && !preg_match("/[^a-zA-Z0-9\:\,\.\+\s]/", $name)) + return true; return false; } - if (isset($id) && $a_whitelist[$id]) { /* old settings */ @@ -85,6 +90,7 @@ if (isset($id) && $a_whitelist[$id]) { $pconfig['name'] = $a_whitelist[$id]['name']; $pconfig['uuid'] = $a_whitelist[$id]['uuid']; $pconfig['detail'] = $a_whitelist[$id]['detail']; + $pconfig['addressuuid'] = $a_whitelist[$id]['addressuuid']; $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype']; $pconfig['address'] = $a_whitelist[$id]['address']; $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']); @@ -104,24 +110,23 @@ if ($_POST['submit']) { unset($input_errors); $pconfig = $_POST; - /* input validation */ - $reqdfields = explode(" ", "name"); - $reqdfieldsn = explode(",", "Name"); + //input validation + $reqdfields = explode(" ", "name"); // post name required + $reqdfieldsn = explode(",", "Name"); // error msg name do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if(strtolower($_POST['name']) == "defaultwhitelist") $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; - $x = is_validwhitelistname($_POST['name']); - if (!isset($x)) { - $input_errors[] = "Reserved word used for whitelist file name."; - } else { - if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; - } + + if (is_validwhitelistname($_POST['name'], 'name') == false) + $input_errors[] = "Whitelist name may only consist of the characters a-z, A-Z and 0-9. Note: No Spaces."; + + if (is_validwhitelistname($_POST['descr'], 'detail') == false) + $input_errors[] = "Whitelist description name may only consist of the characters [a-z, A-Z 0-9 + , :]. Note: No Spaces."; - /* check for name conflicts */ + // check for name conflicts foreach ($a_whitelist as $w_list) { if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list)) continue; @@ -132,50 +137,64 @@ if ($_POST['submit']) { } } - $isfirst = 0; - $address = ""; - $final_address_details .= ""; - /* add another entry code */ - for($x=0; $x<499; $x++) { - if (!empty($_POST["address{$x}"])) { - if ($is_first > 0) - $address .= " "; - $address .= $_POST["address{$x}"]; - if ($_POST["address_subnet{$x}"] <> "") - $address .= "" . $_POST["address_subnet{$x}"]; - - /* Compress in details to a single key, data separated by pipes. - Pulling details here lets us only pull in details for valid - address entries, saving us from having to track which ones to - process later. */ - $final_address_detail = mb_convert_encoding($_POST["detail{$x}"],'HTML-ENTITIES','auto'); - if ($final_address_detail <> "") - $final_address_details .= $final_address_detail; - else { - $final_address_details .= "Entry added" . " "; - $final_address_details .= date('r'); + // build string lists + if (!empty($pconfig[addresses])) { + $countArray = count($pconfig[addresses]); + $i = 0; + + foreach ($pconfig[addresses] as $address) { + + $i++; + + if (is_validwhitelistname($address[address], 'ip') == false) { + $input_errors[] = "List of IPs may only consist of the characters [. : 0-9]. Note: No Spaces."; } - $final_address_details .= "||"; - $is_first++; - } + + if (is_validwhitelistname($address[detail], 'detail') == false) { + $input_errors[] = "List of IP descriptions may only consist of the characters [a-z, A-Z 0-9 + , :]."; + } + + if (!empty($address[address]) && !empty($address[uuid])) { + + $final_address_ip .= $address[address]; + + $final_address_uuid .= $address[uuid]; + + if (empty($address[detail])) { + $final_address_details .= "Entry added " . date('r'); + }else{ + $final_address_details .= $address[detail]; + } + + if($i < $countArray){ + $final_address_ip .= ','; + $final_address_details .= '||'; + $final_address_uuid .= '||'; + } + } + } } - + + $w_list = array(); + // post user input + $w_list['name'] = $_POST['name']; + $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $w_list['uuid'] = $whitelist_uuid; + $w_list['snortlisttype'] = $_POST['snortlisttype']; + $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; + $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; + $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; + $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; + $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; + + $w_list['addressuuid'] = $final_address_uuid; + $w_list['address'] = $final_address_ip; + $w_list['detail'] = $final_address_details; + + if (empty($final_address_ip) && $w_list['wanips'] === 'no' && $w_list['wangateips'] === 'no' && $w_list['wandnsips'] === 'no' && $w_list['vips'] === 'no' && $w_list['vpnips'] === 'no') + $input_errors[] = "You must add a \"auto generated ip\" or a \"custom ip\"! "; + if (!$input_errors) { - $w_list = array(); - /* post user input */ - $w_list['name'] = $_POST['name']; - $w_list['uuid'] = $whitelist_uuid; - $w_list['snortlisttype'] = $_POST['snortlisttype']; - $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; - $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; - $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; - $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; - $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; - - $w_list['address'] = $address; - $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $w_list['detail'] = $final_address_details; - if (isset($id) && $a_whitelist[$id]) $a_whitelist[$id] = $w_list; else @@ -183,15 +202,25 @@ if ($_POST['submit']) { write_config(); - /* create whitelist and homenet file then sync files */ + // create whitelist and homenet file then sync files sync_snort_package_config(); header("Location: /snort/snort_interfaces_whitelist.php"); exit; } else { + + $pconfig['wanips'] = $a_whitelist[$id]['wanips']; + $pconfig['wangateips'] = $a_whitelist[$id]['wangateips']; + $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips']; + $pconfig['vips'] = $a_whitelist[$id]['vips']; + $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; + $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $pconfig['address'] = $address; + $pconfig['address'] = $final_address_ip; $pconfig['detail'] = $final_address_details; + $pconfig['addressuuid'] = $final_address_uuid; + + $input_errors[] = 'Press Cancel to reset.'; } } @@ -207,36 +236,36 @@ include_once("head.inc"); include("fbegin.inc"); echo $snort_general_css; ?> -<script type="text/javascript" src="/javascript/row_helper.js"></script> - <input type='hidden' name='address_type' value='textbox' /> - <script type="text/javascript"> - - rowname[0] = "address"; - rowtype[0] = "textbox"; - rowsize[0] = "20"; - rowname[1] = "detail"; - rowtype[1] = "textbox"; - rowsize[1] = "30"; -</script> - -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php if ($input_errors) print_input_errors($input_errors); ?> -<div id="inputerrors"></div> - -<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform"> <?php /* Display Alert message */ if ($input_errors) print_input_errors($input_errors); // TODO: add checks if ($savemsg) - print_info_box2($savemsg); + print_info_box($savemsg); ?> +<div id="inputerrors"></div> + +<form action="snort_interfaces_whitelist_edit.php?id=<?=$id?>" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php"); + display_top_tabs($tab_array); +?> + </td> +</tr> <tr> <td class="tabcont"> @@ -358,32 +387,33 @@ echo $snort_general_css; <?php /* cleanup code */ $counter = 0; - $address = $pconfig['address']; - if ($address <> ""): - $item = explode(" ", $address); - $item3 = explode("||", $pconfig['detail']); - foreach($item as $ww): - $address = $item[$counter]; - $item4 = $item3[$counter]; + if (!empty($pconfig['address'])): + + $addressArray = explode(',', $pconfig['address']); + $detailArray = explode('||', $pconfig['detail']); + $RowUUIDArray = explode('||', $pconfig['addressuuid']); + + foreach($addressArray as $address): + if (!empty($address)): + $detail = $detailArray[$counter]; + $rowaddressuuid= $RowUUIDArray[$counter]; ?> - <tr> - <td><input name="address<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="30" value="<?=htmlspecialchars($address);?>" /></td> - <td><input name="detail<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="50" value="<?=$item4;?>" /></td> - <td> - <?php echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />"; ?> - </td> - </tr> + <tr id="<?=$rowaddressuuid?>"> + <td><input autocomplete="off" name="addresses[<?=$rowaddressuuid;?>][address]" class="formfld unknown" size="30" value="<?=$address;?>" type="text"></td> + <td><input autocomplete="off" name="addresses[<?=$rowaddressuuid;?>][detail]" class="formfld unknown" size="50" value="<?=$detail;?>" type="text"></td> + <td><img id="<?=$rowaddressuuid;?>" class="icon_x removeRow" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" alt="" title="remove entry" border="0"></td> + <td><input name="addresses[<?=$rowaddressuuid;?>][uuid]" value="<?=$rowaddressuuid;?>" type="hidden"></td> + </tr> + <?php $counter++; - - endforeach; endif; + endif; + endforeach; + endif; ?> </tbody> </table> - <a onclick="javascript:addRowTo('maintable'); return false;" - href="#"><img border="0" - src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" - title="add another entry" /> </a></td> + <img id="addNewRow" class="icon_x" border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" /></td> </tr> <tr> <td width="22%" valign="top"> </td> @@ -400,12 +430,62 @@ echo $snort_general_css; </form> <script type="text/javascript"> - /* row and col adjust when you add extra entries */ + + +/*! Needs to be watched not my code <- IMPORTANT +* JavaScript UUID Generator, v0.0.1 +* +* Copyright (c) 2009 Massimo Lombardo. +* Dual licensed under the MIT and the GNU GPL licenses. +*/ + +function genUUID() { + var uuid = (function () { + var i, + c = "89ab", + u = []; + for (i = 0; i < 36; i += 1) { + u[i] = (Math.random() * 16 | 0).toString(16); + } + u[8] = u[13] = u[18] = u[23] = ""; + u[14] = "4"; + u[19] = c.charAt(Math.random() * 4 | 0); + return u.join(""); + })(); + return { + toString: function () { + return uuid; + }, + valueOf: function () { + return uuid; + } + } +}; + + + jQuery(".icon_x").live('mouseover', function() { + jQuery(this).css('cursor', 'pointer'); + }); + - field_counter_js = 3; - rows = 1; - totalrows = <?php echo $counter; ?>; - loaded = <?php echo $counter; ?>; + jQuery('#addNewRow').live("click", function(){ + + var addRowCount = genUUID(); + + jQuery('#maintable > tbody').append( + "\n" + '<tr id="' + addRowCount + '">' + "\n" + + '<td><input autocomplete="off" name="addresses[' + addRowCount + '][address]" class="formfld unknown" size="30" value="" type="text"></td>' + "\n" + + '<td><input autocomplete="off" name="addresses[' + addRowCount + '][detail]" class="formfld unknown" size="50" value="" type="text"></td>' + "\n" + + '<td><img id="' + addRowCount + '" class="icon_x removeRow" border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" alt="" title="remove entry" /></td>' + "\n" + + '<td><input name="addresses[' + addRowCount + '][uuid]" type="hidden" value="' + addRowCount + '" /></td>' + "\n" + + '</tr>' + "\n" + ); + }); + + + jQuery(".removeRow").live('click', function(){ + jQuery("#" + this.id).remove(); + }); </script> |