diff options
Diffstat (limited to 'src/usr/local/www/services_unbound_acls.php')
-rw-r--r-- | src/usr/local/www/services_unbound_acls.php | 611 |
1 files changed, 347 insertions, 264 deletions
diff --git a/src/usr/local/www/services_unbound_acls.php b/src/usr/local/www/services_unbound_acls.php index 3a51b3e..478ccee 100644 --- a/src/usr/local/www/services_unbound_acls.php +++ b/src/usr/local/www/services_unbound_acls.php @@ -33,12 +33,6 @@ require("guiconfig.inc"); require("unbound.inc"); -if (isset($_POST['referer'])) { - $referer = $_POST['referer']; -} else { - $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/services_unbound_acls.php'); -} - if (!is_array($config['unbound']['acls'])) { $config['unbound']['acls'] = array(); } @@ -46,6 +40,7 @@ if (!is_array($config['unbound']['acls'])) { $a_acls = &$config['unbound']['acls']; $id = $_GET['id']; + if (isset($_POST['aclid'])) { $id = $_POST['aclid']; } @@ -56,6 +51,7 @@ if (!empty($id) && !is_numeric($id)) { } $act = $_GET['act']; + if (isset($_POST['act'])) { $act = $_POST['act']; } @@ -82,17 +78,33 @@ if ($act == "edit") { } } +if(!is_array($networkacl)) + $networkacl = array(); + +// Add a row to the networks table +if($act == 'new') + $networkacl = array('0' => array('acl_network' => '', 'mask' => '', 'description' => '')); + if ($_POST) { unset($input_errors); $pconfig = $_POST; + $deleting = false; + + // Delete a row from the networks table + for($idx = 0; $idx<50; $idx++) { + if($pconfig['dlt' . $idx] == 'Delete') { + unset($networkacl[$idx]); + $deleting = true; + break; + } + } if ($_POST['apply']) { $retval = services_unbound_configure(); $savemsg = get_std_save_message($retval); - if ($retval == 0) { + if ($retval == 0) clear_subsystem_dirty('unbound'); - } - } else { + } else if(!$deleting) { // input validation - only allow 50 entries in a single ACL for ($x = 0; $x < 50; $x++) { @@ -124,7 +136,7 @@ if ($_POST) { } if (!$input_errors) { - if ($pconfig['Submit'] == gettext("Save")) { + if (strtolower($pconfig['save']) == gettext("save")) { $acl_entry = array(); $acl_entry['aclid'] = $pconfig['aclid']; $acl_entry['aclname'] = $pconfig['aclname']; @@ -132,6 +144,7 @@ if ($_POST) { $acl_entry['description'] = $pconfig['description']; $acl_entry['aclid'] = $pconfig['aclid']; $acl_entry['row'] = array(); + foreach ($networkacl as $acl) { $acl_entry['row'][] = $acl; } @@ -152,270 +165,340 @@ if ($_POST) { } } +$actionHelp = + '<strong><font color="green">Deny:</font></strong> Stops queries from hosts within the netblock defined below.' . '<br />' . + '<strong><font color="green">Refuse:</font></strong> Stops queries from hosts within the netblock defined below, but sends a DNS rcode REFUSED error message back to the client.' . '<br />' . + '<strong><font color="green">Allow:</font></strong> Allow queries from hosts within the netblock defined below.' . '<br />' . + '<strong><font color="green">Allow Snoop:</font></strong> Allow recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.'; + + $closehead = false; $pgtitle = "Services: DNS Resolver: Access Lists"; $shortcut_section = "resolver"; include("head.inc"); -?> - -<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script> -<script type="text/javascript" src="/javascript/row_helper.js"></script> - -<script type="text/javascript"> -//<![CDATA[ - rowname[0] = "acl_network"; - rowtype[0] = "textbox,ipv4v6"; - rowsize[0] = "30"; +if ($input_errors) + print_input_errors($input_errors); + +if ($savemsg) + print_info_box($savemsg, 'success'); + +if (is_subsystem_dirty('unbound')) + print_info_box_np(gettext("The configuration of the DNS Resolver, has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect.")); + +$tab_array = array(); +$tab_array[] = array(gettext("General Settings"), false, "/services_unbound.php"); +$tab_array[] = array(gettext("Advanced settings"), false, "services_unbound_advanced.php"); +$tab_array[] = array(gettext("Access Lists"), true, "/services_unbound_acls.php"); +display_top_tabs($tab_array, true); + +require_once('classes/Form.class.php'); + +if($act=="new" || $act=="edit") { + + $form = new Form(); + + $section = new Form_Section('New Access List'); + + $section->addInput(new Form_Input( + 'aclid', + null, + 'hidden', + $id + )); + + $section->addInput(new Form_Input( + 'act', + null, + 'hidden', + $act + )); + + $section->addInput(new Form_Input( + 'aclname', + 'Access LIst name', + 'text', + $pconfig['aclname'] + ))->setHelp('Provide an Access List name.'); + + $section->addInput(new Form_Select( + 'aclaction', + 'Action', + strtolower($pconfig['aclaction']), + array('allow' => 'Allow','deny' => 'Deny','refuse' => 'Refuse','allow snoop' => 'Allow Snoop') + ))->setHelp($actionHelp); + + $section->addInput(new Form_Input( + 'description', + 'Description', + 'text', + $pconfig['description'] + ))->setHelp('You may enter a description here for your reference.'); + + $numrows = count($networkacl) - 1; + $counter = 0; + + foreach($networkacl as $item) { + $network = $item['acl_network']; + $cidr = $item['mask']; + $description = $item['description']; + + $group = new Form_Group($counter == 0 ? 'Networks':''); + + $group->add(new Form_IpAddress( + 'acl_network'.$counter, + null, + $network + ))->addMask('mask' . $counter, $cidr)->setWidth(4)->setHelp(($counter == $numrows) ? 'Network/mask':null); + + $group->add(new Form_Input( + 'description' . $counter, + null, + 'text', + $description + ))->setHelp(($counter == $numrows) ? 'Description':null); + + $group->add(new Form_Button( + 'deleterow' . $counter, + 'Delete' + ))->removeClass('btn-primary')->addClass('btn-warning'); + + $group->addClass('repeatable'); + $section->add($group); + + $counter++; + } - rowname[1] = "mask"; - rowtype[1] = "select,ipv4v6"; - rowsize[1] = "1"; + $section->addInput(new Form_Button( + 'addrow', + 'Add network' + ))->removeClass('btn-primary')->addClass('btn-success'); - rowname[2] = "description"; - rowtype[2] = "textbox"; - rowsize[2] = "40"; -//]]> -</script> -</head> - -<body> - -<?php include("fbegin.inc"); ?> -<form action="services_unbound_acls.php" method="post" name="iform" id="iform"> -<?php if ($input_errors) print_input_errors($input_errors); ?> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (is_subsystem_dirty('unbound')): ?><br/> -<?php print_info_box_np(gettext("The configuration of the DNS Resolver, has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));?><br /> -<?php endif; ?> - -<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="services unbound acls"> - <tbody> - <tr> - <td class="tabnavtbl"> - <?php - $tab_array = array(); - $tab_array[] = array(gettext("General Settings"), false, "/services_unbound.php"); - $tab_array[] = array(gettext("Advanced settings"), false, "services_unbound_advanced.php"); - $tab_array[] = array(gettext("Access Lists"), true, "/services_unbound_acls.php"); - display_top_tabs($tab_array, true); - ?> - </td> - </tr> - <tr> - <td id="mainarea"> - <div class="tabcont"> + $form->add($section); + print($form); +} +else // NOT 'edit' or 'add' +{ +?> +<div class="panel panel-default"> + <div class="panel-heading"><h2 class="panel-title"><?=gettext('Access Lists to control access to the DNS Resolver')?></h2></div> + <div class="panel-body"> + <div class="table-responsive"> + <table class="table table-striped table-hover table-condensed"> + <thead> + <tr> + <th><?=gettext("Access List Name"); ?></th> + <th><?=gettext("Action"); ?></th> + <th><?=gettext("Description"); ?></th> + <th> </th> + </tr> + </thead> + <tbody> <?php - if ($act == "new" || $act == "edit"): + $i = 0; + foreach($a_acls as $acl): ?> - <input name="aclid" type="hidden" value="<?=$id;?>" /> - <input name="act" type="hidden" value="<?=$act;?>" /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=ucwords(sprintf(gettext("%s Access List"), $act));?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Access List name");?></td> - <td width="78%" class="vtable"> - <input name="aclname" type="text" class="formfld" id="aclname" size="30" maxlength="30" value="<?=htmlspecialchars($pconfig['aclname']);?>" /> - <br /> - <span class="vexpl"><?=gettext("Provide an Access List name.");?></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td> - <td width="78%" class="vtable"> - <select name="aclaction" class="formselect"> - <?php - $types = explode(",", "Allow,Deny,Refuse,Allow Snoop"); - foreach ($types as $type): - ?> - <option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['aclaction'])) echo "selected=\"selected\""; ?>> - <?=htmlspecialchars($type);?> - </option> - <?php - endforeach; - ?> - </select> - <br /> - <span class="vexpl"> - <?=gettext("Choose what to do with DNS requests that match the criteria specified below.");?> <br /> - <?=gettext("<b>Deny:</b> This action stops queries from hosts within the netblock defined below.");?> <br /> - <?=gettext("<b>Refuse:</b> This action also stops queries from hosts within the netblock defined below, but sends a DNS rcode REFUSED error message back to the client.");?> <br /> - <?=gettext("<b>Allow:</b> This action allows queries from hosts within the netblock defined below.");?> <br /> - <?=gettext("<b>Allow Snoop:</b> This action allows recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.");?> <br /> - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Networks");?></td> - <td width="78%" class="vtable"> - <table id="maintable" summary="networks"> - <tbody> - <tr> - <td><div id="onecolumn"><?=gettext("Network");?></div></td> - <td><div id="twocolumn"><?=gettext("CIDR");?></div></td> - <td><div id="threecolumn"><?=gettext("Description");?></div></td> - </tr> - <?php - $counter = 0; - if ($networkacl) { - foreach ($networkacl as $item): - $network = $item['acl_network']; - $cidr = $item['mask']; - $description = $item['description']; - ?> - <tr> - <td> - <input name="acl_network<?=$counter;?>" type="text" class="formfld unknown ipv4v6" id="acl_network<?=$counter;?>" size="30" value="<?=htmlspecialchars($network);?>" /> - </td> - <td> - <select name="mask<?=$counter;?>" class="formselect ipv4v6" id="mask<?=$counter;?>"> - <?php - for ($i = 128; $i > 0; $i--) { - echo "<option value=\"$i\" "; - if ($i == $cidr) echo "selected=\"selected\""; - echo ">" . $i . "</option>"; - } - ?> - </select> - </td> - <td> - <input name="description<?=$counter;?>" type="text" class="formfld unknown" id="description<?=$counter;?>" size="40" value="<?=htmlspecialchars($description);?>" /> - </td> - <td> - <a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" alt="delete" /></a> - </td> - </tr> - <?php - $counter++; - endforeach; - } - ?> - </tbody> - </table> - <a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#"> - <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" /> - </a> - <script type="text/javascript"> - //<![CDATA[ - field_counter_js = 3; - rows = 1; - totalrows = <?php echo $counter; ?>; - loaded = <?php echo $counter; ?>; - //]]> - </script> - - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> - <td width="78%" class="vtable"> - <input name="description" type="text" class="formfld unknown" id="description" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['description']);?>" /> - <br /> - <span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span> - </td> - </tr> - <tr> - <td> </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <br /> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> - <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> - <input name="referer" type="hidden" value="<?=$referer;?>" /> - </td> - </tr> - </table> + <tr ondblclick="document.location='services_unbound_acls.php?act=edit&id=<?=$i?>'"> + <td> + <?=htmlspecialchars($acl['aclname'])?> + </td> + <td> + <?=htmlspecialchars($acl['aclaction'])?> + </td> + <td> + <?=htmlspecialchars($acl['description'])?> + </td> + <td> + <a href="services_unbound_acls.php?act=edit&id=<?=$i?>" class="btn btn-xs btn-info" >Edit</a> + <a href="services_unbound_acls.php?act=del&id=<?=$i?>" class="btn btn-xs btn-danger">Delete</a> + </td> + </tr> <?php - else: + $i++; + endforeach; ?> - <table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="results"> - <thead> - <tr> - <td width="25%" class="listhdrr"><?=gettext("Access List Name"); ?></td> - <td width="25%" class="listhdrr"><?=gettext("Action"); ?></td> - <td width="45%" class="listhdr"><?=gettext("Description"); ?></td> - <td width="5%" class="list"> </td> - </tr> - </thead> - <tfoot> - <tr> - <td class="list" colspan="3"> </td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="icons"> - <tr> - <td width="17"> </td> - <td valign="middle"> - <a href="services_unbound_acls.php?act=new"> - <img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("Add new Access List"); ?>" border="0" alt="add" /> - </a> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td colspan="4"> - <p> - <?=gettext("Access Lists to control access to the DNS Resolver can be defined here.");?> - </p> - </td> - </tr> - </tfoot> - <tbody> - <?php - $i = 0; - foreach ($a_acls as $acl): - ?> - <tr ondblclick="document.location='services_unbound_acls.php?act=edit&id=<?=$i;?>'"> - <td class="listlr"> - <?=htmlspecialchars($acl['aclname']);?> - </td> - <td class="listr"> - <?=htmlspecialchars($acl['aclaction']);?> - </td> - <td class="listbg"> - <?=htmlspecialchars($acl['description']);?> - </td> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary="icons"> - <tr> - <td valign="middle"> - <a href="services_unbound_acls.php?act=edit&id=<?=$i;?>"> - <img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit access list"); ?>" width="17" height="17" border="0" alt="edit" /> - </a> - </td> - <td valign="middle"> - <a href="services_unbound_acls.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this access list?"); ?>')"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete access list"); ?>" width="17" height="17" border="0" alt="delete" /> - </a> - </td> - </tr> - </table> - </td> - </tr> - <?php - $i++; - endforeach; - ?> - <tr style="display:none"><td></td></tr> - </tbody> - </table> + </tbody> + </table> + </div> + <nav class="action-buttons"> + <a href="services_unbound_acls.php?act=new" class="btn btn-sm btn-success">Add</a> + </nav> + </div> +</div> <?php - endif; +} + ?> - </div> - </td> - </tr> - </tbody> -</table> -</form> - -<?php include("fend.inc"); ?> -</body> -</html> +<script> +//<![CDATA[ +// Most of this needs to live in a common include file. It will be moved before production release. +events.push(function(){ + + function setMasks() { + // Find all ipaddress masks and make dynamic based on address family of input + $('span.pfIpMask + select').each(function (idx, select){ + var input = $(select).prevAll('input[type=text]'); + + input.on('change', function(e){ + var isV6 = (input.val().indexOf(':') != -1), min = 0, max = 128; + if (!isV6) + max = 32; + + if (input.val() == "") + return; + + while (select.options.length > max) + select.remove(0); + + if (select.options.length < max) + { + for (var i=select.options.length; i<=max; i++) + select.options.add(new Option(i, i), 0); + } + }); + + // Fire immediately + input.change(); + }); + } + + // Complicated function to move all help text associated with this input id to the same id + // on the row above. That way if you delete the last row, you don't lose the help + function moveHelpText(id) { + $('#' + id).parent('div').parent('div').find('input').each(function() { // For each <span></span> + var fromId = this.id; + var toId = decrStringInt(fromId); + var helpSpan; + + if(!$(this).hasClass('pfIpMask') && !$(this).hasClass('btn')) { + + helpSpan = $('#' + fromId).parent('div').parent('div').find('span:last').clone(); + if($(helpSpan).hasClass('help-block')) { + if($('#' + decrStringInt(fromId)).parent('div').hasClass('input-group')) + $('#' + decrStringInt(fromId)).parent('div').after(helpSpan); + else + $('#' + decrStringInt(fromId)).after(helpSpan); + } + } + }); + } + + // Increment the number at the end of the string + function bumpStringInt( str ) { + var data = str.match(/(\D*)(\d+)(\D*)/), newStr = ""; + + if( data ) + newStr = data[ 1 ] + ( Number( data[ 2 ] ) + 1 ) + data[ 3 ]; + + return newStr || str; + } + + // Decrement the number at the end of the string + function decrStringInt( str ) { + var data = str.match(/(\D*)(\d+)(\D*)/), newStr = ""; + + if( data ) + newStr = data[ 1 ] + ( Number( data[ 2 ] ) - 1 ) + data[ 3 ]; + + return newStr || str; + } + + // Called after a delete so that there are no gaps in the numbering. Most of the time the config system doesn't care about + // gaps, but I do :) + function renumber() { + var idx = 0; + + $('.repeatable').each(function() { + + $(this).find('input').each(function() { + $(this).prop("id", this.id.replace(/\d+$/, "") + idx); + $(this).prop("name", this.name.replace(/\d+$/, "") + idx); + }); + + $(this).find('select').each(function() { + $(this).prop("id", this.id.replace(/\d+$/, "") + idx); + $(this).prop("name", this.name.replace(/\d+$/, "") + idx); + }); + + $(this).find('label').attr('for', $(this).find('label').attr('for').replace(/\d+$/, "") + idx); + + idx++; + }); + } + + + function delete_row(row) { + $('#' + row).parent('div').parent('div').remove(); + renumber(); + } + + function add_row() { + // Find the lst repeatable group + var lastRepeatableGroup = $('.repeatable:last'); + + // Clone it + var newGroup = lastRepeatableGroup.clone(true); + + // Increment the suffix number for each input elemnt in the new group + $(newGroup).find('input').each(function() { + $(this).prop("id", bumpStringInt(this.id)); + $(this).prop("name", bumpStringInt(this.name)); + if(!$(this).is('[id^=delete]')) + $(this).val(''); + }); + + // Do the same for selectors + $(newGroup).find('select').each(function() { + $(this).prop("id", bumpStringInt(this.id)); + $(this).prop("name", bumpStringInt(this.name)); + // If this selector lists mask bits, we need it to be reset to all 128 options + // and no items selected, so that automatic v4/v6 selection still works + if($(this).is('[id^=mask]')) { + $(this).empty(); + for(idx=128; idx>0; idx--) { + $(this).append($('<option>', { + value: idx, + text: idx + })); + } + } + }); + + // And for "for" tags + $(newGroup).find('label').attr('for', bumpStringInt($(newGroup).find('label').attr('for'))); + $(newGroup).find('label').text(""); // Clear the label. We only want it on the very first row + + // Insert the updated/cloned row + $(lastRepeatableGroup).after(newGroup); + + // Delete any help text from the group we have cloned + $(lastRepeatableGroup).find('.help-block').each(function() { + $(this).remove(); + }); + + setMasks(); + } + + // These are action buttons, not submit buttons + $('[id^=addrow]').prop('type','button'); + $('[id^=delete]').prop('type','button'); + + // on click . . + $('[id^=addrow]').click(function() { + add_row(); + }); + + $('[id^=delete]').click(function(event) { + if($('.repeatable').length > 1) { + moveHelpText(event.target.id); + delete_row(event.target.id); + } + else + alert('<?php echo gettext("You may not delet the last one!")?>'); + }); +}); +//]]> +</script> + +<?php +include("foot.inc");
\ No newline at end of file |