diff options
| author | Warren Baker <warren@decoy.co.za> | 2011-09-29 21:06:07 +0200 |
|---|---|---|
| committer | Warren Baker <warren@decoy.co.za> | 2011-09-29 21:06:07 +0200 |
| commit | d7f430d3f66fa0461737b2cf2485649084c469e2 (patch) | |
| tree | c802cf6febe4b7d87aa6822c9cfe2cfca0738092 /config | |
| parent | aa5e95e3d1829d86f8f851b4d77488dc59a23a19 (diff) | |
| download | pfsense-packages-d7f430d3f66fa0461737b2cf2485649084c469e2.tar.gz pfsense-packages-d7f430d3f66fa0461737b2cf2485649084c469e2.tar.bz2 pfsense-packages-d7f430d3f66fa0461737b2cf2485649084c469e2.zip | |
Add support for IPv6 ACLs and mixing of both IPv6 and v4 ACLs
Diffstat (limited to 'config')
| -rw-r--r-- | config/unbound/unbound_acls.php | 805 | ||||
| -rw-r--r-- | config/unbound/unbound_acls_edit.php | 277 |
2 files changed, 158 insertions, 924 deletions
diff --git a/config/unbound/unbound_acls.php b/config/unbound/unbound_acls.php index d1b501d6..b60de2dd 100644 --- a/config/unbound/unbound_acls.php +++ b/config/unbound/unbound_acls.php @@ -30,91 +30,46 @@ */ require("guiconfig.inc"); +require("unbound.inc"); if(!is_process_running("unbound")) { Header("Location: /pkg_edit.php?xml=unbound.xml&id=0"); exit; } -if (!is_array($config['installedpackages']['unboundacls'][0]['config'])) - $config['installedpackages']['unboundacls'][0]['config'] = array(); +if (!is_array($config['installedpackages']['unboundacls']['config'])) + $config['installedpackages']['unboundacls']['config'] = array(); -$a_acls = &$config['installedpackages']['unboundacls'][0]['config']; +$a_acls = &$config['installedpackages']['unboundacls']['config']; $id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; +if (isset($_POST['aclid'])) + $id = $_POST['aclid']; $act = $_GET['act']; if (isset($_POST['act'])) $act = $_POST['act']; -if ($_GET['act'] == "del") { - - if (!$a_client[$id]) { - pfSenseHeader("vpn_openvpn_client.php"); +if ($act == "del") { + if (!$a_acls[$id]) { + pfSenseHeader("unbound_acls.php"); exit; } - openvpn_delete('client', $a_client[$id]); - unset($a_client[$id]); + unset($a_acls[$id]); write_config(); - $savemsg = gettext("Client successfully deleted")."<br/>"; + unbound_reconfigure(); + $savemsg = gettext("Access List successfully deleted")."<br/>"; } -if($_GET['act']=="new"){ - $pconfig['autokey_enable'] = "yes"; - $pconfig['tlsauth_enable'] = "yes"; - $pconfig['autotls_enable'] = "yes"; - $pconfig['interface'] = "wan"; - $pconfig['server_port'] = 1194; +if ($act == "new") { + $id = unbound_get_next_id(); } -if($_GET['act']=="edit"){ - - if (isset($id) && $a_client[$id]) { - - $pconfig['disable'] = isset($a_client[$id]['disable']); - $pconfig['mode'] = $a_client[$id]['mode']; - $pconfig['protocol'] = $a_client[$id]['protocol']; - $pconfig['interface'] = $a_client[$id]['interface']; - if (!empty($a_client[$id]['ipaddr'])) { - $pconfig['interface'] = $pconfig['interface'] . '|' . $a_client[$id]['ipaddr']; - } - $pconfig['local_port'] = $a_client[$id]['local_port']; - $pconfig['server_addr'] = $a_client[$id]['server_addr']; - $pconfig['server_port'] = $a_client[$id]['server_port']; - $pconfig['resolve_retry'] = $a_client[$id]['resolve_retry']; - $pconfig['proxy_addr'] = $a_client[$id]['proxy_addr']; - $pconfig['proxy_port'] = $a_client[$id]['proxy_port']; - $pconfig['proxy_user'] = $a_client[$id]['proxy_user']; - $pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd']; - $pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype']; - $pconfig['description'] = $a_client[$id]['description']; - $pconfig['custom_options'] = $a_client[$id]['custom_options']; - $pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type']; - $pconfig['dev_mode'] = $a_client[$id]['dev_mode']; - - if ($pconfig['mode'] != "p2p_shared_key") { - $pconfig['caref'] = $a_client[$id]['caref']; - $pconfig['certref'] = $a_client[$id]['certref']; - if ($a_client[$id]['tls']) { - $pconfig['tlsauth_enable'] = "yes"; - $pconfig['tls'] = base64_decode($a_client[$id]['tls']); - } - } else - $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']); - $pconfig['crypto'] = $a_client[$id]['crypto']; - $pconfig['engine'] = $a_client[$id]['engine']; - - $pconfig['tunnel_network'] = $a_client[$id]['tunnel_network']; - $pconfig['remote_network'] = $a_client[$id]['remote_network']; - $pconfig['compression'] = $a_client[$id]['compression']; - $pconfig['passtos'] = $a_client[$id]['passtos']; - - // just in case the modes switch - $pconfig['autokey_enable'] = "yes"; - $pconfig['autotls_enable'] = "yes"; +if ($act == "edit") { + if (isset($id) && $a_acls[$id]) { + $pconfig = $a_acls[$id]; + $networkacl = $a_acls[$id]['row']; } } @@ -123,134 +78,46 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - if (isset($id) && $a_client[$id]) - $vpnid = $a_client[$id]['vpnid']; - else - $vpnid = 0; - - if ($pconfig['mode'] != "p2p_shared_key") - $tls_mode = true; - else - $tls_mode = false; - - /* input validation */ - if ($pconfig['local_port']) { - - if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) - $input_errors[] = $result; - - $portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']); - if (($portused != $vpnid) && ($portused != 0)) - $input_errors[] = gettext("The specified 'Local port' is in use. Please select another value"); - } - - if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address')) - $input_errors[] = $result; - - if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port')) - $input_errors[] = $result; - - if ($pconfig['proxy_addr']) { - - if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address')) - $input_errors[] = $result; - - if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port')) - $input_errors[] = $result; - - if ($pconfig['proxy_authtype'] != "none") { - if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd'])) - $input_errors[] = gettext("User name and password are required for proxy with authentication."); + /* input validation - only allow 50 entries in a single ACL*/ + for($x=0; $x<50; $x++) { + if(isset($pconfig["acl_network{$x}"])) { + $networkacl[$x] = array(); + $networkacl[$x]['acl_network'] = $pconfig["acl_network{$x}"]; + $networkacl[$x]['mask'] = $pconfig["mask{$x}"]; + $networkacl[$x]['description'] = $pconfig["description{$x}"]; + if (!is_ipaddr($networkacl[$x]['acl_network'])) + $input_errors[] = gettext("You must enter a valid network IP address for {$networkacl[$x]['acl_network']}."); + + if (is_ipaddrv4($networkacl[$x]['acl_network'])) { + if (!is_subnet($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask'])) + $input_errors[] = gettext("You must enter a valid IPv4 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}."); + } else if (function_exists("is_ipaddrv6")) { + if (!is_ipaddrv6($networkacl[$x]['acl_network'])) + $input_errors[] = gettext("You must enter a valid IPv6 address for {$networkacl[$x]['acl_network']}."); + else if (!is_subnetv6($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask'])) + $input_errors[] = gettext("You must enter a valid IPv6 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}."); + } else + $input_errors[] = gettext("You must enter a valid IPv4 address for {$networkacl[$x]['acl_network']}."); } } - - if($pconfig['tunnel_network']) - if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network')) - $input_errors[] = $result; - - if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network')) - $input_errors[] = $result; - - if ($pconfig['autokey_enable']) - $pconfig['shared_key'] = openvpn_create_key(); - - if (!$tls_mode && !$pconfig['autokey_enable']) - if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") || - !strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----")) - $input_errors[] = gettext("The field 'Shared Key' does not appear to be valid"); - - if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) - if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") || - !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) - $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid"); - - /* If we are not in shared key mode, then we need the CA/Cert. */ - if ($pconfig['mode'] != "p2p_shared_key") { - $reqdfields = explode(" ", "caref certref"); - $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate")); - } elseif (!$pconfig['autokey_enable']) { - /* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */ - $reqdfields = array('shared_key'); - $reqdfieldsn = array(gettext('Shared key')); - } - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if (!$input_errors) { - $client = array(); - - if ($vpnid) - $client['vpnid'] = $vpnid; - else - $client['vpnid'] = openvpn_vpnid_next(); - - if ($_POST['disable'] == "yes") - $client['disable'] = true; - $client['protocol'] = $pconfig['protocol']; - $client['dev_mode'] = $pconfig['dev_mode']; - list($client['interface'], $client['ipaddr']) = explode ("|",$pconfig['interface']); - $client['local_port'] = $pconfig['local_port']; - $client['server_addr'] = $pconfig['server_addr']; - $client['server_port'] = $pconfig['server_port']; - $client['resolve_retry'] = $pconfig['resolve_retry']; - $client['proxy_addr'] = $pconfig['proxy_addr']; - $client['proxy_port'] = $pconfig['proxy_port']; - $client['proxy_authtype'] = $pconfig['proxy_authtype']; - $client['proxy_user'] = $pconfig['proxy_user']; - $client['proxy_passwd'] = $pconfig['proxy_passwd']; - $client['description'] = $pconfig['description']; - $client['mode'] = $pconfig['mode']; - $client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']); - - if ($tls_mode) { - $client['caref'] = $pconfig['caref']; - $client['certref'] = $pconfig['certref']; - if ($pconfig['tlsauth_enable']) { - if ($pconfig['autotls_enable']) - $pconfig['tls'] = openvpn_create_key(); - $client['tls'] = base64_encode($pconfig['tls']); - } - } else { - $client['shared_key'] = base64_encode($pconfig['shared_key']); - } - $client['crypto'] = $pconfig['crypto']; - $client['engine'] = $pconfig['engine']; - - $client['tunnel_network'] = $pconfig['tunnel_network']; - $client['remote_network'] = $pconfig['remote_network']; - $client['compression'] = $pconfig['compression']; - $client['passtos'] = $pconfig['passtos']; - - if (isset($id) && $a_client[$id]) - $a_client[$id] = $client; - else - $a_client[] = $client; - - openvpn_resync('client', $client); - write_config(); - - header("Location: vpn_openvpn_client.php"); + if(!$a_acls[$id]) + $a_acls[$id]['aclid'] = $id; + + if (isset($id) && $a_acls[$id]) { + $a_acls[$id]['aclid'] = $pconfig['aclid']; + $a_acls[$id]['aclname'] = $pconfig['aclname']; + $a_acls[$id]['aclaction'] = $pconfig['aclaction']; + $a_acls[$id]['description'] = $pconfig['description']; + $a_acls[$id]['row'] = array(); + foreach ($networkacl as $acl) + $a_acls[$id]['row'][] = $acl; + write_config(); + unbound_reconfigure(); + } + header("Location: unbound_acls.php"); exit; } } @@ -260,7 +127,31 @@ $pgtitle = "Services: Unbound DNS Forwarder: Access Lists"; include("head.inc"); ?> + +<script type="text/javascript" src="/javascript/row_helper.js"> +</script> + +<script type="text/javascript"> + function mask_field(fieldname, fieldsize, n) { + return '<select name="' + fieldname + n + '" class="formselect" id="' + fieldname + n + '"><?php + for ($i = 128; $i >= 0; $i--) { + echo "<option value=\"$i\">$i</option>"; + } + ?></select>'; + } + + rowtype[0] = "textbox"; + rowname[0] = "acl_network"; + rowsize[0] = "30"; + rowname[1] = "mask"; + rowtype[1] = mask_field; + rowtype[2] = "textbox"; + rowname[2] = "description"; + rowsize[2] = "40"; +</script> + <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + <?php include("fbegin.inc"); ?> <?php if (!$savemsg) @@ -268,6 +159,7 @@ if (!$savemsg) if ($input_errors) print_input_errors($input_errors); + if ($savemsg) print_info_box($savemsg); ?> @@ -291,476 +183,119 @@ if ($savemsg) <?php if($act=="new" || $act=="edit"): ?> - <form action="unbound_acls.php" method="post" name="iform" id="iform" onsubmit="presubmit()"> + <form action="unbound_acls.php" method="post" name="iform" id="iform"> + <input name="aclid" type="hidden" value="<?=$id;?>"> + <input name="act" type="hidden" value="<?=$act;?>"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <?php set_checked($pconfig['disable'],$chk); ?> - <input name="disable" type="checkbox" value="yes" <?=$chk;?>/> - </td> - <td> - - <span class="vexpl"> - <strong><?=gettext("Disable this Access List"); ?></strong><br> - </span> - </td> - </tr> - </table> - <?=gettext("Set this option to disable this access list without removing it from the list"); ?>. - </td> + <td colspan="2" valign="top" class="listtopic"><?=sprintf(gettext("%s ACL"),$act);?></td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td> + <td width="22%" valign="top" class="vncellreq"><?=gettext("ACL name");?></td> <td width="78%" class="vtable"> - <select name='mode' id='mode' class="formselect" onchange='mode_change()'> - <?php - foreach ($openvpn_client_modes as $name => $desc): - $selected = ""; - if ($pconfig['mode'] == $name) - $selected = "selected"; - ?> - <option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option> - <?php endforeach; ?> - </select> + <input name="aclname" type="text" class="formfld" id="aclname" size="30" maxlength="30" value="<?=htmlspecialchars($pconfig['aclname']);?>"> + <br /> + <span class="vexpl"><?=gettext("Provide an ACL name.");?></span> </td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td> - <td width="78%" class="vtable"> - <select name='protocol' class="formselect"> - <?php - foreach ($openvpn_prots as $prot): - $selected = ""; - if ($pconfig['protocol'] == $prot) - $selected = "selected"; - ?> - <option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option> - <?php endforeach; ?> - </select> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td> - <td width="78%" class="vtable"> - <select name='dev_mode' class="formselect"> - <?php - foreach ($openvpn_dev_mode as $mode): - $selected = ""; - if ($pconfig['dev_mode'] == $mode) - $selected = "selected"; - ?> - <option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option> - <?php endforeach; ?> - </select> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td> <td width="78%" class="vtable"> - <select name="interface" class="formselect"> - <?php - $interfaces = get_configured_interface_with_descr(); - $carplist = get_configured_carp_interface_list(); - foreach ($carplist as $cif => $carpip) - $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; - $aliaslist = get_configured_ip_aliases_list(); - foreach ($aliaslist as $aliasip => $aliasif) - $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; - $interfaces['any'] = "any"; - foreach ($interfaces as $iface => $ifacename): - $selected = ""; - if ($iface == $pconfig['interface']) - $selected = "selected"; - ?> - <option value="<?=$iface;?>" <?=$selected;?>> - <?=htmlspecialchars($ifacename);?> - </option> + <select name="aclaction" class="formselect"> + <?php $types = explode(",", "Deny,Refuse,Allow,Allow Snoop"); foreach ($types as $type): ?> + <option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['aclaction'])) echo "selected"; ?>> + <?=htmlspecialchars($type);?> + </option> <?php endforeach; ?> - </select> <br> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Local port");?></td> - <td width="78%" class="vtable"> - <input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>"/> + </select> <br/> - <?=gettext("Set this option if you would like to bind to a specific port. Leave this blank or enter 0 for a random dynamic port."); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Server host or address");?></td> - <td width="78%" class="vtable"> - <input name="server_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['server_addr']);?>"/> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Server port");?></td> - <td width="78%" class="vtable"> - <input name="server_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['server_port']);?>"/> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Proxy host or address");?></td> - <td width="78%" class="vtable"> - <input name="proxy_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['proxy_addr']);?>"/> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Proxy port");?></td> - <td width="78%" class="vtable"> - <input name="proxy_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['proxy_port']);?>"/> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Proxy authentication extra options");?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0"> - <tr> - <td align="right" width="25%"> - <span class="vexpl"> - <?=gettext("Authentication method"); ?> : - </span> - </td> - <td> - <select name="proxy_authtype" id="proxy_authtype" class="formfld select" onChange="useproxy_changed()"> - <option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected"; ?>><?=gettext("none"); ?></option> - <option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected"; ?>><?=gettext("basic"); ?></option> - <option value="ntlm" <?php if ($pconfig['proxy_authtype'] == "ntlm") echo "selected"; ?>><?=gettext("ntlm"); ?></option> - </select> - </td> - </tr> - </table> - <br /> - <table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none"> - <tr> - <td align="right" width="25%"> - <span class="vexpl"> - <?=gettext("Username"); ?> : - </span> - </td> - <td> - <input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" /> - </td> - </tr> - <tr> - <td align="right" width="25%"> - <span class="vexpl"> - <?=gettext("Password"); ?> : - </span> - </td> - <td> - <input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" /> - </td> - </tr> - </table> + <span class="vexpl"> + <?=gettext("Choose what to do with DNS requests that match the criteria specified below.");?> <br/> + <?=gettext("<b>Deny:</b> This actions stops queries from hosts within the netblock defined below.");?> <br/> + <?=gettext("<b>Refuse:</b> This actions also stops queries from hosts within the netblock defined below, but sends back DNS rcode REFUSED error message back tot eh client.");?> <br/> + <?=gettext("<b>Allow:</b> This actions allows queries from hosts within the netblock defined below.");?> <br/> + <?=gettext("<b>Allow Snoop:</b> This actions allows recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.");?> <br/> + </span> </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Server host name resolution"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Networks");?></td> + <td width="78%" class="vtable"> + <table id="maintable"> + <tbody> <tr> - <td> - <?php set_checked($pconfig['resolve_retry'],$chk); ?> - <input name="resolve_retry" type="checkbox" value="yes" <?=$chk;?>> - </td> - <td> - <span class="vexpl"> - <?=gettext("Infinitely resolve server"); ?> - </span> - </td> + <td><div id="onecolumn"><?=gettext("Network");?></div></td> + <td><div id="twocolumn"><?=gettext("CIDR");?></div></td> + <td><div id="threecolumn"><?=gettext("Description");?></div></td> </tr> - </table> - <?=gettext("Continuously attempt to resolve the server host " . - "name. Useful when communicating with a server " . - "that is not permanently connected to the Internet"); ?>. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> - <td width="78%" class="vtable"> - <input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>"> - <br> - <?=gettext("You may enter a description here for your reference (not parsed)"); ?>. - </td> - </tr> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td> - </tr> - <tr id="tls"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0"> - <tr> - <td> - <?php set_checked($pconfig['tlsauth_enable'],$chk); ?> - <input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onClick="tlsauth_change()"> - </td> - <td> - <span class="vexpl"> - <?=gettext("Enable authentication of TLS packets"); ?>. - </span> - </td> - </tr> - </table> - <?php if (!$pconfig['tls']): ?> - <table border="0" cellpadding="2" cellspacing="0" id='tlsauth_opts'> - <tr> - <td> - <?php set_checked($pconfig['autotls_enable'],$chk); ?> - <input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autotls_change()"> - </td> - <td> - <span class="vexpl"> - <?=gettext("Automatically generate a shared TLS authentication key"); ?>. - </span> - </td> - </tr> - </table> - <?php endif; ?> - <table border="0" cellpadding="2" cellspacing="0" id='autotls_opts'> + <?php $counter = 0; ?> + <?php + if($networkacl) + foreach($networkacl as $item): + ?> + <?php + $network = $item['acl_network']; + $cidr = $item['mask']; + $description = $item['description']; + ?> <tr> <td> - <textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea> - <br/> - <?=gettext("Paste your shared key here"); ?>. + <input autocomplete="off" name="acl_network<?=$counter;?>" type="text" class="formfld unknown" id="acl_network<?=$counter;?>" size="40" value="<?=htmlspecialchars($network);?>" /> </td> - </tr> - </table> - </td> - </tr> - <tr id="tls_ca"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td> - <td width="78%" class="vtable"> - <?php if (count($a_ca)): ?> - <select name='caref' class="formselect"> - <?php - foreach ($a_ca as $ca): - $selected = ""; - if ($pconfig['caref'] == $ca['refid']) - $selected = "selected"; - ?> - <option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> - <?php endforeach; ?> - </select> - <?php else: ?> - <b>No Certificate Authorities defined.</b> <br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>. - <?php endif; ?> - </td> - </tr> - <tr id="tls_cert"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td> - <td width="78%" class="vtable"> - <?php if (count($a_cert)): ?> - <select name='certref' class="formselect"> - <?php - foreach ($a_cert as $cert): - $selected = ""; - $caname = ""; - $inuse = ""; - $revoked = ""; - $ca = lookup_ca($cert['caref']); - if ($ca) - $caname = " (CA: {$ca['descr']})"; - if ($pconfig['certref'] == $cert['refid']) - $selected = "selected"; - if (cert_in_use($cert['refid'])) - $inuse = " *In Use"; - if (is_cert_revoked($cert)) - $revoked = " *Revoked"; - ?> - <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> - <?php endforeach; ?> - </select> - <?php else: ?> - <b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>. - <?php endif; ?> - </td> - </tr> - <tr id="psk"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td> - <td width="78%" class="vtable"> - <?php if (!$pconfig['shared_key']): ?> - <table border="0" cellpadding="2" cellspacing="0"> - <tr> <td> - <?php set_checked($pconfig['autokey_enable'],$chk); ?> - <input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autokey_change()"> + <select name="mask<?=$counter;?>" class="formselect" id="mask<?=$counter;?>"> + <?php + for ($i = 128; $i > 0; $i--) { + echo "<option value=\"$i\" "; + if ($i == $cidr) echo "selected"; + echo ">" . $i . "</option>"; + } + ?> + </select> </td> <td> - <span class="vexpl"> - <?=gettext("Automatically generate a shared key"); ?>. - </span> + <input autocomplete="off" name="description<?=$counter;?>" type="text" class="listbg" id="description<?=$counter;?>" size="40" value="<?=htmlspecialchars($description);?>" /> </td> - </tr> - </table> - <?php endif; ?> - <table border="0" cellpadding="2" cellspacing="0" id='autokey_opts'> - <tr> <td> - <textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea> - <br/> - <?=gettext("Paste your shared key here"); ?>. + <a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" /></a> </td> </tr> - </table> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td> - <td width="78%" class="vtable"> - <select name="crypto" class="formselect"> - <?php - $cipherlist = openvpn_get_cipherlist(); - foreach ($cipherlist as $name => $desc): - $selected = ''; - if ($name == $pconfig['crypto']) - $selected = ' selected'; - ?> - <option value="<?=$name;?>"<?=$selected?>> - <?=htmlspecialchars($desc);?> - </option> - <?php endforeach; ?> - </select> - </td> - </tr> - <tr id="engine"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td> - <td width="78%" class="vtable"> - <select name="engine" class="formselect"> - <?php - $engines = openvpn_get_engines(); - foreach ($engines as $name => $desc): - $selected = ''; - if ($name == $pconfig['engine']) - $selected = ' selected'; - ?> - <option value="<?=$name;?>"<?=$selected?>> - <?=htmlspecialchars($desc);?> - </option> + <?php $counter++; ?> <?php endforeach; ?> - </select> - </td> - </tr> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Tunnel Network"); ?></td> - <td width="78%" class="vtable"> - <input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>"> - <br> - <?=gettext("This is the virtual network used for private " . - "communications between this client and the " . - "server expressed using CIDR (eg. 10.0.8.0/24). " . - "The first network address is assumed to be the " . - "server address and the second network address " . - "will be assigned to the client virtual " . - "interface"); ?>. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Remote Network"); ?></td> - <td width="78%" class="vtable"> - <input name="remote_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_network']);?>"> - <br> - <?=gettext("This is a network that will be routed through " . - "the tunnel, so that a site-to-site VPN can be " . - "established without manually changing the " . - "routing tables. Expressed as a CIDR range. If " . - "this is a site-to-site VPN, enter here the " . - "remote LAN here. You may leave this blank to " . - "only communicate with other clients"); ?>. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Limit outgoing bandwidth");?></td> - <td width="78%" class="vtable"> - <input name="use_shaper" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['use_shaper']);?>"/> - <br/> - <?=gettext("Maximum outgoing bandwidth for this tunnel. " . - "Leave empty for no limit. The input value has " . - "to be something between 100 bytes/sec and 100 " . - "Mbytes/sec (entered as bytes per second)"); ?>. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0"> - <tr> - <td> - <?php set_checked($pconfig['compression'],$chk); ?> - <input name="compression" type="checkbox" value="yes" <?=$chk;?>> - </td> - <td> - <span class="vexpl"> - <?=gettext("Compress tunnel packets using the LZO algorithm"); ?>. - </span> - </td> - </tr> - </table> + </tbody> + <tfoot> + </tfoot> + </table> + <a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#"> + <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" /> + </a> + <script type="text/javascript"> + field_counter_js = 3; + rows = 1; + totalrows = <?php echo $counter; ?>; + loaded = <?php echo $counter; ?>; + </script> + </td> </tr> + <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0"> - <tr> - <td> - <?php set_checked($pconfig['passtos'],$chk); ?> - <input name="passtos" type="checkbox" value="yes" <?=$chk;?>> - </td> - <td> - <span class="vexpl"> - <?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>. - </span> - </td> - </tr> - </table> + <input name="description" type="text" class="formfld unknown" id="description" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['description']);?>"> + <br /> + <span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span> </td> </tr> <tr> - <td colspan="2" class="list" height="12"></td> + <td> </td> </tr> <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td> - <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0"> - <tr> - <td> - <textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br/> - <?=gettext("Enter any additional options you would like to add to the OpenVPN client configuration here, separated by a semicolon"); ?><br/> - <?=gettext("EXAMPLE: route 10.0.0.0 255.255.255.0;"); ?> - </td> - </tr> - </table> - </td> - </tr> - <tr> <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> - <input name="act" type="hidden" value="<?=$act;?>"> - <?php if (isset($id) && $a_client[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> + <td width="78%"> + <br> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> </td> </tr> </table> @@ -781,23 +316,16 @@ if ($savemsg) <?php $i = 0; foreach($a_acls as $acl): - $disabled = "NO"; - if (isset($client['disable'])) - $disabled = "YES"; - $server = "{$client['server_addr']}:{$client['server_port']}"; ?> <tr ondblclick="document.location='unbound_acls.php?act=edit&id=<?=$i;?>'"> <td class="listlr"> - <?=$disabled;?> + <?=$acl['aclname'];?> </td> <td class="listr"> - <?=htmlspecialchars($client['protocol']);?> - </td> - <td class="listr"> - <?=htmlspecialchars($server);?> + <?=htmlspecialchars($acl['aclaction']);?> </td> <td class="listbg"> - <?=htmlspecialchars($client['description']);?> + <?=htmlspecialchars($acl['description']);?> </td> <td valign="middle" nowrap class="list"> <a href="unbound_acls.php?act=edit&id=<?=$i;?>"> @@ -818,7 +346,7 @@ if ($savemsg) <tr> <td class="list" colspan="4"></td> <td class="list"> - <a href="unbound_acls.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add client"); ?>" width="17" height="17" border="0"> + <a href="unbound_acls.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("Add new ACL"); ?>" width="17" height="17" border="0"> </a> </td> </tr> @@ -837,24 +365,7 @@ if ($savemsg) </td> </tr> </table> -<script language="JavaScript"> -<!-- -mode_change(); -autokey_change(); -//--> -</script> </body> <?php include("fend.inc"); ?> -<?php - -/* local utility functions */ - -function set_checked($var,& $chk) { - if($var) - $chk = 'checked'; - else - $chk = ''; -} - ?>
\ No newline at end of file diff --git a/config/unbound/unbound_acls_edit.php b/config/unbound/unbound_acls_edit.php deleted file mode 100644 index db1f9bdb..00000000 --- a/config/unbound/unbound_acls_edit.php +++ /dev/null @@ -1,277 +0,0 @@ -<?php -/* $Id$ */ -/* - unbound_acls_edit.php - part of pfSense (http://www.pfsense.com) - Copyright (C) 2011 Warren Baker (warren@decoy.co.za) - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); - -if (!is_array($config['installedpackages']['unboundacls']['config'])) { - $config['installedpackages']['unboundacls']['config'] = array(); -} - -$a_acl = &$config['installedpackages']['unboundacls']['config']; - -$id = $_GET['id']; -if (is_numeric($_POST['id'])) - $id = $_POST['id']; - -if (isset($id) && $a_acl[$id]) { - - if (!isset($a_acl[$id]['aclaction'])) - $pconfig['aclaction'] = "allow"; - else - $pconfig['aclaction'] = $a_acl[$id]['aclaction']; - - $pconfig['descr'] = $a_acl[$id]['descr']; - -} else { - /* defaults */ - $pconfig['aclaction'] = "allow"; -} - -if ($_POST) { - - print_r($_POST); - exit; - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "src"); - $reqdfieldsn = explode(",", "Source"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if ($pconfig['ipprotocol'] == "inet") { - if(!is_ipaddr($pconfig['inetsrc'])) - $input_errors[] = gettext("You must enter a valid IPv4 IP address."); - } else { - if(!is_ipaddrv6($pconfig['inet6src'])) - $input_errors[] = gettext("You must enter a valid IPv6 IP address."); - } - - - if (!$input_errors) { - $aclent = array(); - $aclent['aclaction'] = $_POST['aclaction']; - - if ($pconfig['ipprotocol'] == "inet") { - $aclent['acl_network'] = $_POST['inetsrc']."/".$_POST['inetsrcmask']; - - } else { - $aclent['acl_network'] = $_POST['inet6src']."/".$_POST['inet6srcmask']; - - } - strncpy($aclent['descr'], $_POST['descr'], 52); - - - if ($_POST['disabled']) - $aclent['disabled'] = true; - else - unset($aclent['disabled']); - - - - if (isset($id) && $a_acl[$id]) - $a_acl[$id] = $aclent; - else { - if (is_numeric($after)) - array_splice($a_acl, $after+1, 0, array($aclent)); - else - $a_acl[] = $aclent; - } - - write_config(); - - header("Location: unbound_acls.php"); - exit; - } -} - -$pgtitle = array(gettext("Services"),gettext("Unbound ACLs"),gettext("Edit")); -$statusurl = "unbound_status.php"; -$logurl = "diag_pkglogs.php?pkg=Unbound"; - -$page_filename = "unbound_acls_edit.php"; -include("head.inc"); - -?> -<script type="text/javascript" language="javascript" src="/javascript/row_helper_dynamic.js"> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="Effect.Appear('inet', { duration : 0.5 });"> -<script language="JavaScript"> -function doFade( optionValue ) -{ - switch( optionValue ) - { - case "inet" : - Effect.Appear('IPV4',{ duration: 0.5 }); - Effect.Fade('IPV6', { duration: 0.1 }); - break; - - case "inet6" : - Effect.Appear('IPV6',{ duration: 0.5 }); - Effect.Fade('IPV4', { duration: 0.1 }); - break; - - } -} -</script> - -<?php include("fbegin.inc"); ?> -<?php if ($input_errors) print_input_errors($input_errors); ?> - -<form action="unbound_acls_edit.php" method="post" name="iform" id="iform"> -<input type='hidden' name="aclid" value="<?=(isset($pconfig['aclid']) && $pconfig['aclid']>0)?htmlspecialchars($pconfig['aclid']):''?>"> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit ACL");?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td> - <td width="78%" class="vtable"> - <select name="aclaction" class="formselect"> - <?php $types = explode(",", "Deny,Refuse,Allow,Allow Snoop"); foreach ($types as $type): ?> - <option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>> - <?=htmlspecialchars($type);?> - </option> - <?php endforeach; ?> - </select> - <br/> - <span class="vexpl"> - <?=gettext("Choose what to do with DNS requests that match the criteria specified below.");?> <br/> - <?=gettext("<b>Deny:</b> This actions stops queries from hosts within the netblock defined below.");?> <br/> - <?=gettext("<b>Refuse:</b> This actions also stops queries from hosts within the netblock defined below, but sends back DNS rcode REFUSED error message back tot eh client.");?> <br/> - <?=gettext("<b>Allow:</b> This actions allows queries from hosts within the netblock defined below.");?> <br/> - <?=gettext("<b>Allow Snoop:</b> This actions allows recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.");?> <br/> - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled");?></td> - <td width="78%" class="vtable"> - <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>> - <strong><?=gettext("Disable this ACL");?></strong><br /> - <span class="vexpl"><?=gettext("Set this option to disable this ACL without removing it from the list.");?></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td> - <td width="78%" class="vtable"> - <select name="ipprotocol" class="formselect" onchange="doFade( this.value )"> - <?php $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6'); - foreach ($ipproto as $proto => $name): ?> - <option value="<?=$proto;?>" - <?php if ($proto == $pconfig['ipprotocol']): ?> - selected="selected" - <?php endif; ?> - ><?=$name;?></option> - <?php endforeach; ?> - </select> - <strong><?=gettext("Select the Internet Protocol version this rule applies to");?></strong><br/> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Networks");?></td> - <td width="78%" class="vtable"> - <script type="text/javascript" language='javascript'> - <!-- - rowname[0] = "acl_network"; - rowtype[0] = "input"; - rowname[1] = "mask"; - rowtype[1] = "select"; - --> - </script> - - <table border="0" cellspacing="0" cellpadding="0" id="IPV4"> - <tr> - <td> <?=gettext("Network");?></td> - <td> <?=gettext("CIDR");?></td> - </tr> - <tr> - <td><input name="src" type="text" id="src" size="20" value="<?php echo htmlspecialchars($pconfig['src']);?>"> / </td> - <td> - <select name="srcmask" class="formselect" id="srcmask"> -<?php for ($i = 31; $i > 0; $i--): ?> - <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option> -<?php endfor; ?> - </select> - </td> - </tr> - </table> - - <table border="0" cellspacing="0" cellpadding="0" id="IPV6"> - <tr> - <td><?=gettext("Type:");?> </td> - <td> - <select name="inet6srctype" class="formselect" onChange="typeselinet6_change()"> - <option value="network"><?=gettext("Network");?></option> - </select> - </td> - </tr> - <tr> - <td><?=gettext("Network:");?> </td> - <td> - <input autocomplete='off' name="inet6src" type="text" id="inet6src" size="20" value="<?php echo htmlspecialchars($pconfig['inet6src']);?>"> / - <select name="inet6srcmask" class="formselect" id="inet6srcmask"> - <?php for ($i = 128; $i > 0; $i--): ?> - <option value="<?=$i;?>" <?php if ($i == $pconfig['inet6srcmask']) echo "selected"; ?>><?=$i;?></option> - <?php endfor; ?> - </select> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br /> - <span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span> - </td> - </tr> - <tr> - <td> </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <br> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> -<?php if (isset($id) && $a_filter[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> -<?php endif; ?> - <input name="after" type="hidden" value="<?=htmlspecialchars($after);?>"> - </td> - </tr> - </table> -</form> -<?php include("fend.inc"); ?> -</body> -</html> |