diff options
author | Phil Davis <phil.davis@world.inf.org> | 2014-02-17 04:00:43 -0800 |
---|---|---|
committer | Phil Davis <phil.davis@world.inf.org> | 2014-02-17 04:00:43 -0800 |
commit | cd5d624172c6d0f959b4f763d90696bb155e33ff (patch) | |
tree | babe7e2d156ec6b4e1e6ba3fa12103dfaa4eef9c /usr | |
parent | 5833def1a5ccd4b625ff07349c4060a33772d897 (diff) | |
download | pfsense-cd5d624172c6d0f959b4f763d90696bb155e33ff.zip pfsense-cd5d624172c6d0f959b4f763d90696bb155e33ff.tar.gz |
Enhanced validation of general DNS servers and gateways
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/system.php | 73 |
1 files changed, 61 insertions, 12 deletions
diff --git a/usr/local/www/system.php b/usr/local/www/system.php index d27637c..7707526 100755 --- a/usr/local/www/system.php +++ b/usr/local/www/system.php @@ -115,18 +115,27 @@ if ($_POST) { $input_errors[] = gettext("The domain may only contain the characters a-z, 0-9, '-' and '.'."); } + $ignore_posted_dnsgw = array(); + for ($dnscounter=1; $dnscounter<5; $dnscounter++){ $dnsname="dns{$dnscounter}"; $dnsgwname="dns{$dnscounter}gw"; if (($_POST[$dnsname] && !is_ipaddr($_POST[$dnsname]))) { - $input_errors[] = gettext("A valid IP address must be specified for the DNS server $dnscounter."); - } - if(($_POST[$dnsgwname] <> "") && (is_ipaddr($_POST[$dnsname]))) { - if (($_POST[$dnsgwname] <> "none") && (is_ipaddrv4($_POST[$dnsname])) && (validate_address_family($_POST[$dnsname], $_POST[$dnsgwname]) === false )) { - $input_errors[] = gettext("You can not specify a IPv6 gateway '{$_POST[$dnsgwname]}'for a IPv4 DNS server '{$_POST[$dnsname]}'"); - } - if (($_POST[$dnsgwname] <> "none") && (is_ipaddrv6($_POST[$dnsname])) && (validate_address_family($_POST[$dnsname], $_POST[$dnsgwname]) === false )) { - $input_errors[] = gettext("You can not specify a IPv4 gateway '{$_POST[$dnsgwname]}'for a IPv6 DNS server '{$_POST[$dnsname]}'"); + $input_errors[] = gettext("A valid IP address must be specified for DNS server $dnscounter."); + } else { + if(($_POST[$dnsgwname] <> "") && ($_POST[$dnsgwname] <> "none")) { + // A real gateway has been selected. + if (is_ipaddr($_POST[$dnsname])) { + if ((is_ipaddrv4($_POST[$dnsname])) && (validate_address_family($_POST[$dnsname], $_POST[$dnsgwname]) === false )) { + $input_errors[] = gettext("You can not specify IPv6 gateway '{$_POST[$dnsgwname]}' for IPv4 DNS server '{$_POST[$dnsname]}'"); + } + if ((is_ipaddrv6($_POST[$dnsname])) && (validate_address_family($_POST[$dnsname], $_POST[$dnsgwname]) === false )) { + $input_errors[] = gettext("You can not specify IPv4 gateway '{$_POST[$dnsgwname]}' for IPv6 DNS server '{$_POST[$dnsname]}'"); + } + } else { + // The user selected a gateway but did not provide a DNS address. Be nice and set the gateway back to "none". + $ignore_posted_dnsgw[$dnsgwname] = true; + } } } } @@ -155,6 +164,9 @@ if ($_POST) { if (($t < 0) || (($t > 0) && ($t < 6)) || ($t > 1440)) { $input_errors[] = gettext("The time update interval must be either 0 (disabled) or between 6 and 1440."); } + # it's easy to have a little too much whitespace in the field, clean it up for the user before processing. + $_POST['timeservers'] = preg_replace('/[[:blank:]]+/', ' ', $_POST['timeservers']); + $_POST['timeservers'] = trim($_POST['timeservers']); foreach (explode(' ', $_POST['timeservers']) as $ts) { if (!is_domain($ts)) { $input_errors[] = gettext("A NTP Time Server name may only contain the characters a-z, 0-9, '-' and '.'."); @@ -180,6 +192,7 @@ if ($_POST) { } /* XXX - billm: these still need updating after figuring out how to check if they actually changed */ + $olddnsservers = $config['system']['dnsserver']; unset($config['system']['dnsserver']); if ($_POST['dns1']) $config['system']['dnsserver'][] = $_POST['dns1']; @@ -201,13 +214,47 @@ if ($_POST) { unset($config['system']['dnslocalhost']); /* which interface should the dns servers resolve through? */ + $outdnscounter = 0; for ($dnscounter=1; $dnscounter<5; $dnscounter++) { $dnsname="dns{$dnscounter}"; $dnsgwname="dns{$dnscounter}gw"; - if($_POST[$dnsgwname]) { - $config['system'][$dnsgwname] = $pconfig[$dnsgwname]; - } else { - unset($config['system'][$dnsgwname]); + $olddnsgwname = $config['system'][$dnsgwname]; + + if ($ignore_posted_dnsgw[$dnsgwname]) + $thisdnsgwname = "none"; + else + $thisdnsgwname = $pconfig[$dnsgwname]; + + // "Blank" out the settings for this index, then we set them below using the "outdnscounter" index. + $config['system'][$dnsgwname] = "none"; + $pconfig[$dnsgwname] = "none"; + $pconfig[$dnsname] = ""; + + if ($_POST[$dnsname]) { + // Only the non-blank DNS servers were put into the config above. + // So we similarly only add the corresponding gateways sequentially to the config (and to pconfig), as we find non-blank DNS servers. + // This keeps the DNS server IP and corresponding gateway "lined up" when the user blanks out a DNS server IP in the middle of the list. + $outdnscounter++; + $outdnsname="dns{$outdnscounter}"; + $outdnsgwname="dns{$outdnscounter}gw"; + $pconfig[$outdnsname] = $_POST[$dnsname]; + if($_POST[$dnsgwname]) { + $config['system'][$outdnsgwname] = $thisdnsgwname; + $pconfig[$outdnsgwname] = $thisdnsgwname; + } else { + // Note: when no DNS GW name is chosen, the entry is set to "none", so actually this case never happens. + unset($config['system'][$outdnsgwname]); + $pconfig[$outdnsgwname] = ""; + } + } + if (($olddnsgwname != "") && ($olddnsgwname != "none") && (($olddnsgwname != $thisdnsgwname) || ($olddnsservers[$dnscounter-1] != $_POST[$dnsname]))) { + // A previous DNS GW name was specified. It has now gone or changed, or the DNS server address has changed. + // Remove the route. Later calls will add the correct new route if needed. + if (is_ipaddrv4($olddnsservers[$dnscounter-1])) + mwexec("/sbin/route delete " . escapeshellarg($olddnsservers[$dnscounter-1])); + else + if (is_ipaddrv6($olddnsservers[$dnscounter-1])) + mwexec("/sbin/route delete -inet6 " . escapeshellarg($olddnsservers[$dnscounter-1])); } } @@ -230,6 +277,8 @@ if ($_POST) { $savemsg = get_std_save_message($retval); } + + unset($ignore_posted_dnsgw); } $pgtitle = array(gettext("System"),gettext("General Setup")); |