From e8a4ccbfca3f54ddee4bcd337471cfa140c2373e Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Wed, 16 Oct 2013 19:38:17 -0400
Subject: Backout custom handler for Alias expansion and revert to native
 function.

---
 config/snort/snort.inc | 89 ++++----------------------------------------------
 1 file changed, 6 insertions(+), 83 deletions(-)

(limited to 'config/snort')

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 81cb276c..98b80d66 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -80,83 +80,6 @@ $rebuild_rules = false;
 if (!is_array($config['installedpackages']['snortglobal']))
 	$config['installedpackages']['snortglobal'] = array();
 
-function snort_get_alias_value($alias) {
-	/***************************************************/
-	/* This function returns the value of the passed   */
-	/* Alias, or an empty string if the value cannot   */
-	/* be determined.                                  */
-	/*                                                 */
-	/* On Entry: $alias ==> Alias to be evaluated      */
-	/*  Returns: Alias value as a string or an empty   */
-	/*           string                                */
-	/***************************************************/
-
-	global $config;
-
-	$entries = array();
-	$tmp = "";
-
-	// If no Aliases are defined in the configuration,
-	// return an empty string.
-	if (empty($config['aliases']))
-		return $tmp;
-
-	// See if we were passed a valid Alias and return
-	// an empty string if not.
-	if (!is_alias($alias))
-		return $tmp;
-
-	// We have a valid Alias, so find its value or 
-	// values and return as a string.
-	return snort_unpack_alias($alias);
-}
-
-function snort_unpack_alias($alias) {
-
-	/**************************************************/
-	/* This function unpacks an Alias to determine    */
-	/* the actual values it represents.  Any nested   */
-	/* Aliases encountered are also unpacked via      */
-	/* recursive calls to this function.              */
-	/*                                                */
-	/* Fully-qualified-domain-name (FQDN) aliases     */
-	/* are detected and resolved via DNS.             */
-	/**************************************************/
-
-	global $config;
-	$value = "";
-
-	// Find the matching Alias entry in config
-	foreach ($config['aliases']['alias'] as $aliased) {
-		if($aliased['name'] == $alias) {
-			$addr = array();
-			$addr = explode(" ", trim($aliased['address']));
-			foreach ($addr as $a) {
-				if (!is_alias($a) && !empty($a)) {
-					if (is_ipaddr($a) || is_subnet($a) || is_port($a))
-						// If address, subnet or port, we found the final value
-						$value .= $a . " ";
-					elseif (is_hostname($a)) {
-						// Found a FQDN value for this Alias, so resolve it
-						$entries = gethostbynamel($a);
-						if ($entries !== FALSE)
-							$value .= trim(implode(" ", $entries)) . " ";
-						else
-							log_error(gettext("[Snort] Failed to resolve FQDN '{$a}' in Alias '{$alias}'..."));
-					}
-					else
-						continue;
-				}
-				elseif (is_alias($a))
-					// Found a nested Alias, so recursively resolve it
-					$value .= snort_unpack_alias($a) . " ";
-			}
-			return trim($value);
-		}
-	}
-	return $value;
-}
-
 function snort_is_single_addr_alias($alias) {
 	/***************************************************/
 	/* This function evaluates the passed Alias to     */
@@ -171,7 +94,7 @@ function snort_is_single_addr_alias($alias) {
 	/***************************************************/
 
 	/* If spaces in expanded Alias, it's not a single entity */
-	if (strpos(snort_get_alias_value($alias), " ") !== false)
+	if (strpos(trim(filter_expand_alias($alias)), " ") !== false)
 		return false;
 	else
 		return true;
@@ -396,7 +319,7 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
 		$vips = $list['vips'];
 		$vpns = $list['vpnips'];
 		if (!empty($list['address']) && is_alias($list['address'])) {
-			$home_net = explode(" ", trim(snort_get_alias_value($list['address'])));
+			$home_net = explode(" ", trim(filter_expand_alias($list['address'])));
 		}
 	}
 
@@ -2738,7 +2661,7 @@ function snort_generate_conf($snortcfg) {
 	$portvardef = "";
 	foreach ($snort_ports as $alias => $avalue) {
 		if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"]))
-			$snort_ports[$alias] = snort_get_alias_value($snortcfg["def_{$alias}"]);
+			$snort_ports[$alias] = trim(filter_expand_alias($snortcfg["def_{$alias}"]));
 		$snort_ports[$alias] = preg_replace('/\s+/', ',', trim($snort_ports[$alias]));
 		$portvardef .= "portvar " . strtoupper($alias) . " [" . $snort_ports[$alias] . "]\n";
 	}
@@ -2931,7 +2854,7 @@ EOD;
 		$sf_pscan_sense_level = $snortcfg['pscan_sense_level'];
 	$sf_pscan_ignore_scanners = "\$HOME_NET";
 	if (!empty($snortcfg['pscan_ignore_scanners']) && is_alias($snortcfg['pscan_ignore_scanners'])) {
-		$sf_pscan_ignore_scanners = snort_get_alias_value($snortcfg['pscan_ignore_scanners']);
+		$sf_pscan_ignore_scanners = trim(filter_expand_alias($snortcfg['pscan_ignore_scanners']));
 		$sf_pscan_ignore_scanners = preg_replace('/\s+/', ',', trim($sf_pscan_ignore_scanners));
 	}
 	
@@ -3095,8 +3018,8 @@ EOD;
 	$vardef = "";
 	foreach ($snort_servers as $alias => $avalue) {
 		if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"])) {
-			$avalue = snort_get_alias_value($snortcfg["def_{$alias}"]);
-			$avalue = str_replace(" ", ",", trim($avalue));
+			$avalue = trim(filter_expand_alias($snortcfg["def_{$alias}"]));
+			$avalue = preg_replace('/\s+/', ',', trim($avalue));
 		}
 		$vardef .= "var " . strtoupper($alias) . " [{$avalue}]\n";
 	}
-- 
cgit v1.2.3