itsecur-firewall/save_group.cgi

   1 #!/usr/bin/perl
   2 # save_group.cgi
   3 # Create, update or delete a host group
   4
   5 require './itsecur-lib.pl';
   6
   7 sub check_ip_in_groups{
   8   my $my_group;
   9 }
  10
  11 &can_edit_error("groups");
  12 &ReadParse();
  13 @groups = &list_groups();
  14 if (!$in{'new'}) {
  15         $group = $groups[$in{'idx'}];
  16         }
  17 &lock_itsecur_files();
  18
  19 if ($in{'delete'}) {
  20         # Check if in use
  21         &error_setup($text{'group_err2'});
  22         @rules = &list_rules();
  23         foreach $r (@rules) {
  24                 &error($text{'group_einuse'})
  25                         if ($r->{'source'} =~ /\@\Q$group->{'name'}\E/ ||
  26                             $r->{'dest'} =~ /\@\Q$group->{'name'}\E/);
  27                 }
  28         local @maps;
  29    ($iface, @nets) = &get_nat();
  30         @maps = grep { ref($_) } @nets;
  31         @nets = grep { !ref($_) } @nets;
  32
  33         local ($net,$local_net);
  34         foreach $net (@nets) {
  35                 $local_net = $net;
  36                 $local_net =~ s/^\!//;
  37                 &error($text{'group_in_use_nat'})
  38                         if ($local_net eq $group->{'name'} );
  39                 }
  40         local ($m);
  41         foreach $m (@maps) {
  42                 &error($text{'group_in_use_nat'})
  43                         if (@$m->[1] eq $group->{'name'} );
  44                 }
  45
  46         local $g;
  47         foreach $g (@groups) {
  48                 next if ($g eq $group);
  49                 foreach $m (@{$g->{'members'}}) {
  50
  51                         &error($text{'group_in_use_group'}." $g->{name}")
  52                                         if ($m eq "\@$group->{'name'}" );
  53                 }
  54         }
  55
  56         # Just delete this group
  57         splice(@groups, $in{'idx'}, 1);
  58         #&automatic_backup();
  59         #TODO: Delete from other groups !!
  60         }
  61 else {
  62         # Validate inputs
  63         &error_setup($text{'group_err'});
  64         $in{'name'} =~ /^\S+$/ || &error($text{'group_ename'});
  65         if ($in{'new'} || $in{'name'} ne $group->{'name'}) {
  66                 # Check for clash
  67                 ($clash) = grep { lc($_->{'name'}) eq lc($in{'name'}) } @groups;
  68                 $clash && &error($text{'group_eclash'});
  69                 }
  70         for($i=0; defined($in{"member_$i"}); $i++) {
  71                 next if (!$in{"member_$i"});
  72                 local $ht = &valid_host($in{"member_$i"});
  73                 $ht || &error(&text('group_emember', $in{"member_$i"}));
  74                 if ($ht == 2 && $in{'resolv'}) {
  75                         local $rs = &to_ipaddress($in{"member_$i"});
  76                         $in{"member_$i"} = $rs if ($rs);
  77                         }
  78                 if ($ht == 4 && $in{"neg_$i"}) {
  79                         &error(&text('group_eneg', $in{"member_$i"}));
  80                         }
  81                 push(@members, $in{"neg_$i"}.$in{"member_$i"});
  82                 }
  83         for($i=0; defined($in{"group_$i"}); $i++) {
  84                 next if (!$in{"group_$i"});
  85                 $in{"group_$i"} eq $in{'name'} &&
  86                         &error($text{'group_eself'});
  87                 push(@members, "@".$in{"group_$i"});
  88                 }
  89         @members || &error($text{'group_emembers'});
  90         $oldname = $group->{'name'};
  91         $group->{'name'} = $in{'name'};
  92         $group->{'members'} = \@members;
  93
  94         if ($in{'new'}) {
  95                 push(@groups, $group);
  96                 }
  97         #@sorted = sort { $a cmp $b } @groups;
  98         #@sorted = sort @groups;
  99         #@groups = @sorted;
 100         if (!$in{'new'} && $oldname ne $group->{'name'}) {
 101                 # Has been re-named .. update all rules!
 102                 @rules = &list_rules();
 103                 foreach $r (@rules) {
 104                         $r->{'source'} =~ s/\@\Q$oldname\E$/\@$group->{'name'}/;
 105                         $r->{'dest'} =~ s/\@\Q$oldname\E$/\@$group->{'name'}/;
 106                         }
 107                 &save_rules(@rules);
 108
 109                 # And update all other groups
 110                 foreach $g (@groups) {
 111                         next if ($g eq $group);
 112                         foreach $m (@{$g->{'members'}}) {
 113                                 $m = "\@$group->{'name'}"
 114                                         if ($m eq "\@$oldname");
 115                                 }
 116                         }
 117                 local @maps;
 118                 ($iface, @nets) = &get_nat();
 119                 @maps = grep { ref($_) } @nets;
 120                 @nets = grep { !ref($_) } @nets;
 121                 local ($m,$net);
 122
 123                 foreach $net (@nets) {
 124                         if ($net eq "$oldname") {
 125                                 $net = "$group->{'name'}";
 126                                 } elsif ($net eq "!$oldname") {
 127                            $net = "!$group->{'name'}";
 128                                 }
 129                         }
 130                 foreach $m (@maps) {
 131                         if (@$m->[1] eq "$oldname") {
 132                                 @$m->[1] = "$group->{'name'}";
 133                                 }
 134                         }
 135                 &save_nat($iface, @nets, @maps);
 136                 }
 137         }
 138
 139 &save_groups(@groups);
 140 $from = $in{'from'} || "groups";
 141 &unlock_itsecur_files();
 142 &remote_webmin_log($in{'delete'} ? "delete" : $in{'new'} ? "create" : "update",
 143             "group", $group->{'name'}, $group);
 144 &redirect("list_${from}.cgi");
 145