. * All rights reserved. * * modified for the pfsense snort package * Copyright (C) 2009-2010 Robert Zelaya. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g; $snortdir = SNORTDIR; $id = $_GET['id']; $eng_id = $_GET['eng_id']; if (isset($_POST['id'])) $id = $_POST['id']; if (isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; if (is_null($id)) { // Clear and close out any session variable we created session_start(); unset($_SESSION['ftp_client_import']); session_write_close(); header("Location: /snort/snort_interfaces.php"); exit; } if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['ftp_client_engine']['item'])) $config['installedpackages']['snortglobal']['rule'][$id]['ftp_client_engine']['item'] = array(); $a_nat = &$config['installedpackages']['snortglobal']['rule'][$id]['ftp_client_engine']['item']; $pconfig = array(); if (empty($a_nat[$eng_id])) { $def = array( "name" => "engine_{$eng_id}", "bind_to" => "", "max_resp_len" => 256, "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" ); // See if this is initial entry and set to "default" if true if ($eng_id < 1) { $def['name'] = "default"; $def['bind_to'] = "all"; } $pconfig = $def; } else $pconfig = $a_nat[$eng_id]; if ($_POST['Cancel']) { // Clear and close out any session variable we created session_start(); unset($_SESSION['ftp_client_import']); session_write_close(); header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts"); exit; } // Check for returned "selected alias" if action is import if ($_GET['act'] == "import") { session_start(); if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "bounce_to_net" || $_GET['varname'] == "bounce_to_port") && !empty($_GET['varvalue'])) { $pconfig[$_GET['varname']] = $_GET['varvalue']; if(!isset($_SESSION['ftp_client_import'])) $_SESSION['ftp_client_import'] = array(); $_SESSION['ftp_client_import'][$_GET['varname']] = $_GET['varvalue']; if (isset($_SESSION['ftp_client_import']['bind_to'])) $pconfig['bind_to'] = $_SESSION['ftp_client_import']['bind_to']; if (isset($_SESSION['ftp_client_import']['bounce_to_net'])) $pconfig['bounce_to_net'] = $_SESSION['ftp_client_import']['bounce_to_net']; if (isset($_SESSION['ftp_client_import']['bounce_to_port'])) $pconfig['bounce_to_port'] = $_SESSION['ftp_client_import']['bounce_to_port']; } // If "varvalue" is empty, user likely hit CANCEL in Select Dialog, // so restore any saved values. elseif (empty($_GET['varvalue'])) { if (isset($_SESSION['ftp_client_import']['bind_to'])) $pconfig['bind_to'] = $_SESSION['ftp_client_import']['bind_to']; if (isset($_SESSION['ftp_client_import']['bounce_to_net'])) $pconfig['bounce_to_net'] = $_SESSION['ftp_client_import']['bounce_to_net']; if (isset($_SESSION['ftp_client_import']['bounce_to_port'])) $pconfig['bounce_to_port'] = $_SESSION['ftp_client_import']['bounce_to_port']; } else { unset($_SESSION['ftp_client_import']); session_write_close(); } } if ($_POST['Submit']) { // Clear and close out any session variable we created session_start(); unset($_SESSION['ftp_client_import']); session_write_close(); /* Grab all the POST values and save in new temp array */ $engine = array(); if ($_POST['ftp_name']) { $engine['name'] = trim($_POST['ftp_name']); } else { $engine['name'] = "default"; } if ($_POST['ftp_bind_to']) { if (is_alias($_POST['ftp_bind_to'])) $engine['bind_to'] = $_POST['ftp_bind_to']; elseif (strtolower(trim($_POST['ftp_bind_to'])) == "all") $engine['bind_to'] = "all"; else $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value."); } else { $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'."); } // Validate BOUNCE-TO Alias entries to be sure if one is set, then both are set; since // if you define a BOUNCE-TO address, you must also define the BOUNCE-TO port. if ($_POST['ftp_client_bounce_to_net'] && !is_alias($_POST['ftp_client_bounce_to_net'])) $input_errors[] = gettext("Only aliases are allowed for the FTP Protocol BOUNCE-TO ADDRESS option."); if ($_POST['ftp_client_bounce_to_port'] && !is_alias($_POST['ftp_client_bounce_to_port'])) $input_errors[] = gettext("Only aliases are allowed for the FTP Protocol BOUNCE-TO PORT option."); if ($_POST['ftp_client_bounce_to_net'] && empty($_POST['ftp_client_bounce_to_port'])) $input_errors[] = gettext("FTP Protocol BOUNCE-TO PORT cannot be empty when BOUNCE-TO ADDRESS is set."); if ($_POST['ftp_client_bounce_to_port'] && empty($_POST['ftp_client_bounce_to_net'])) $input_errors[] = gettext("FTP Protocol BOUNCE-TO ADDRESS cannot be empty when BOUNCE-TO PORT is set."); // Validate the BOUNCE-TO Alias entries for correct format of their defined values. BOUNCE-TO ADDRESS must be // a valid single IP, and BOUNCE-TO PORT must be either a single port value or a port range value. Provide // detailed error messages for the user that explain any problems. if ($_POST['ftp_client_bounce_to_net'] && $_POST['ftp_client_bounce_to_port']) { if (!snort_is_single_addr_alias($_POST['ftp_client_bounce_to_net'])){ $net = trim(filter_expand_alias($_POST['ftp_client_bounce_to_net'])); $net = preg_replace('/\s+/', ',', $net); $msg = gettext("The FTP Protocol BOUNCE-TO ADDRESS parameter must be a single IP network or address, "); $msg .= gettext("so the supplied Alias must be defined as a single address or network in CIDR form. "); $msg .= gettext("The Alias [ {$_POST['ftp_client_bounce_to_net']} ] is currently defined as [ {$net} ]."); $input_errors[] = $msg; } $port = trim(filter_expand_alias($_POST['ftp_client_bounce_to_port'])); $port = preg_replace('/\s+/', ',', $port); if (!is_port($port) && !is_portrange($port)) { $msg = gettext("The FTP Protocol BOUNCE-TO PORT parameter must be a single port or port-range, "); $msg .= gettext("so the supplied Alias must be defined as a single port or port-range value. "); $msg .= gettext("The Alias [ {$_POST['ftp_client_bounce_to_port']} ] is currently defined as [ {$port} ]."); $input_errors[] = $msg; } } $engine['bounce_to_net'] = $_POST['ftp_client_bounce_to_net']; $engine['bounce_to_port'] = $_POST['ftp_client_bounce_to_port']; $engine['telnet_cmds'] = $_POST['ftp_telnet_cmds'] ? 'yes' : 'no'; $engine['ignore_telnet_erase_cmds'] = $_POST['ftp_ignore_telnet_erase_cmds'] ? 'yes' : 'no'; $engine['bounce'] = $_POST['ftp_client_bounce_detect'] ? 'yes' : 'no'; $engine['max_resp_len'] = $_POST['ftp_max_resp_len']; /* Can only have one "all" Bind_To address */ if ($engine['bind_to'] == "all" && $engine['name'] <> "default") { $input_errors[] = gettext("Only one default FTP Engine can be bound to all addresses."); $pconfig = $engine; } /* if no errors, write new entry to conf */ if (!$input_errors) { if (isset($eng_id) && $a_nat[$eng_id]) { $a_nat[$eng_id] = $engine; } else $a_nat[] = $engine; /* Reorder the engine array to ensure the */ /* 'bind_to=all' entry is at the bottom */ /* if it contains more than one entry. */ if (count($a_nat) > 1) { $i = -1; foreach ($a_nat as $f => $v) { if ($v['bind_to'] == "all") { $i = $f; break; } } /* Only relocate the entry if we */ /* found it, and it's not already */ /* at the end. */ if ($i > -1 && ($i < (count($a_nat) - 1))) { $tmp = $a_nat[$i]; unset($a_nat[$i]); $a_nat[] = $tmp; } } /* Now write the new engine array to conf */ write_config(); header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts"); exit; } } $if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Client Engine"); include_once("head.inc"); ?>