3 # Create, update or delete a host group
5 require './itsecur-lib.pl';
7 sub check_ip_in_groups{
11 &can_edit_error("groups");
13 @groups = &list_groups();
15 $group = $groups[$in{'idx'}];
17 &lock_itsecur_files();
21 &error_setup($text{'group_err2'});
22 @rules = &list_rules();
24 &error($text{'group_einuse'})
25 if ($r->{'source'} =~ /\@\Q$group->{'name'}\E/ ||
26 $r->{'dest'} =~ /\@\Q$group->{'name'}\E/);
29 ($iface, @nets) = &get_nat();
30 @maps = grep { ref($_) } @nets;
31 @nets = grep { !ref($_) } @nets;
33 local ($net,$local_net);
34 foreach $net (@nets) {
36 $local_net =~ s/^\!//;
37 &error($text{'group_in_use_nat'})
38 if ($local_net eq $group->{'name'} );
42 &error($text{'group_in_use_nat'})
43 if (@$m->[1] eq $group->{'name'} );
47 foreach $g (@groups) {
48 next if ($g eq $group);
49 foreach $m (@{$g->{'members'}}) {
51 &error($text{'group_in_use_group'}." $g->{name}")
52 if ($m eq "\@$group->{'name'}" );
56 # Just delete this group
57 splice(@groups, $in{'idx'}, 1);
59 #TODO: Delete from other groups !!
63 &error_setup($text{'group_err'});
64 $in{'name'} =~ /^\S+$/ || &error($text{'group_ename'});
65 if ($in{'new'} || $in{'name'} ne $group->{'name'}) {
67 ($clash) = grep { lc($_->{'name'}) eq lc($in{'name'}) } @groups;
68 $clash && &error($text{'group_eclash'});
70 for($i=0; defined($in{"member_$i"}); $i++) {
71 next if (!$in{"member_$i"});
72 local $ht = &valid_host($in{"member_$i"});
73 $ht || &error(&text('group_emember', $in{"member_$i"}));
74 if ($ht == 2 && $in{'resolv'}) {
75 local $rs = &to_ipaddress($in{"member_$i"});
76 $in{"member_$i"} = $rs if ($rs);
78 if ($ht == 4 && $in{"neg_$i"}) {
79 &error(&text('group_eneg', $in{"member_$i"}));
81 push(@members, $in{"neg_$i"}.$in{"member_$i"});
83 for($i=0; defined($in{"group_$i"}); $i++) {
84 next if (!$in{"group_$i"});
85 $in{"group_$i"} eq $in{'name'} &&
86 &error($text{'group_eself'});
87 push(@members, "@".$in{"group_$i"});
89 @members || &error($text{'group_emembers'});
90 $oldname = $group->{'name'};
91 $group->{'name'} = $in{'name'};
92 $group->{'members'} = \@members;
95 push(@groups, $group);
97 #@sorted = sort { $a cmp $b } @groups;
98 #@sorted = sort @groups;
100 if (!$in{'new'} && $oldname ne $group->{'name'}) {
101 # Has been re-named .. update all rules!
102 @rules = &list_rules();
103 foreach $r (@rules) {
104 $r->{'source'} =~ s/\@\Q$oldname\E$/\@$group->{'name'}/;
105 $r->{'dest'} =~ s/\@\Q$oldname\E$/\@$group->{'name'}/;
109 # And update all other groups
110 foreach $g (@groups) {
111 next if ($g eq $group);
112 foreach $m (@{$g->{'members'}}) {
113 $m = "\@$group->{'name'}"
114 if ($m eq "\@$oldname");
118 ($iface, @nets) = &get_nat();
119 @maps = grep { ref($_) } @nets;
120 @nets = grep { !ref($_) } @nets;
123 foreach $net (@nets) {
124 if ($net eq "$oldname") {
125 $net = "$group->{'name'}";
126 } elsif ($net eq "!$oldname") {
127 $net = "!$group->{'name'}";
131 if (@$m->[1] eq "$oldname") {
132 @$m->[1] = "$group->{'name'}";
135 &save_nat($iface, @nets, @maps);
139 &save_groups(@groups);
140 $from = $in{'from'} || "groups";
141 &unlock_itsecur_files();
142 &remote_webmin_log($in{'delete'} ? "delete" : $in{'new'} ? "create" : "update",
143 "group", $group->{'name'}, $group);
144 &redirect("list_${from}.cgi");