11<?php
2-
3- // IMPORTS--------------------------------------------------------------------------------------------------------------
4- require_once ("config.inc " );
5- require_once ("auth.inc " );
6- require_once ("functions.inc " );
7- require_once ("api.inc " );
8-
9- // HEADERS--------------------------------------------------------------------------------------------------------------
10- api_runtime_allowed (); // Check that our configuration allows this API call to run first
11- header ('Content-Type: application/json ' );
12- header ("Referer: no-referrer " );
13- session_start (); // Start our session. This is only used for tracking user name
14-
15- // VARIABLES------------------------------------------------------------------------------------------------------------
16- global $ g$ config$ argv$ userindex$ api_resp$ client_id$ client_params
17- $ read_only_actionfalse ; // Set whether this action requires read only access
18- $ req_privsarray ("page-all " , "page-firewall-aliases-edit " ); // Array of privileges allowing this action
19- $ http_method$ _SERVER 'REQUEST_METHOD ' ]; // Save our HTTP method
20- $ allowed_alias_typesarray ("host " , "network " , "port " ); // Array of allowed alias types
21- $ detailarray ();
22-
23- // RUN TIME-------------------------------------------------------------------------------------------------------------
24- // Check that client is authenticated and authorized
25- if (api_authorized ($ req_privs$ read_only_action
26- // Check that our HTTP method is POST (CREATE)
27- if ($ http_method'POST ' ) {
28- if (isset ($ client_params'name ' ])) {
29- $ name$ client_params'name ' ];
30- $ namesanitize_str ($ name
31- } else {
32- $ api_resparray ("status " => "bad request " , "code " => 400 , "return " => 60 );
33- $ api_resp"message " ] = "alias name required " ;
34- http_response_code (400 );
35- echo json_encode ($ api_respPHP_EOL ;
36- die ();
37- }
38- if (isset ($ client_params'address ' ])) {
39- $ address$ client_params'address ' ];
40- // Convert string to array
41- if (!is_array ($ address
42- $ addressarray ($ address
43- }
44- } else {
45- $ api_resparray ("status " => "bad request " , "code " => 400 , "return " => 61 );
46- $ api_resp"message " ] = "alias address required " ;
47- http_response_code (400 );
48- echo json_encode ($ api_respPHP_EOL ;
49- die ();
50- }
51- if (isset ($ client_params'detail ' ])) {
52- $ detail$ client_params'detail ' ];
53- // Convert string to array
54- if (!is_array ($ detail
55- $ detailarray ($ detail
56- }
57- }
58-
59- // Add debug data if requested
60- if (array_key_exists ("debug " , $ client_params
61- echo "NAME: " . PHP_EOL ;
62- echo var_dump ($ namePHP_EOL ;
63- echo "ALIAS VALUES: " .PHP_EOL ;
64- echo var_dump ($ addressPHP_EOL ;
65- echo "ALIAS VALUE DESCRIPTIONS: " . PHP_EOL ;
66- echo var_dump ($ detailPHP_EOL ;
67- }
68-
69- // Check that our input is valid
70- $ err_code10 ; // Default our error code to 10 as this applies to most checks
71- if (!is_string ($ name
72- $ type_err"alias name must be type string " ;
73- } elseif (!is_array ($ address
74- $ type_err"alias address must be type array " ;
75- } elseif (isset ($ detailand !is_array ($ detail
76- $ type_err"alias detail must be type array " ;
77- }
78- // Loop through our existing firewall entries and check for our requested alias
79- $ c_count0 ;
80- foreach ($ config"aliases " ]["alias " ] as $ ce
81- if ($ name$ ce"name " ]) {
82- $ a_index$ c_count
83- $ type$ ce"type " ];
84- $ curr_addrexplode (" " , $ ce"address " ]);
85- $ curr_detailexplode ("|| " , $ ce"detail " ]);
86- break ;
87- }
88- $ c_count// Increase our counter
89- }
90- // If we could not find an alias, return error
91- if (!isset ($ type
92- $ type_err"alias does not exist " ;
93- $ err_code67 ;
94- }
95- if (!isset ($ type_err
96- // Loop through our arrays and ensure the values are valid
97- $ a_count0 ; // Define a loop counter
98- foreach ($ addressas $ ae
99- // Conditions for alias type 'port'
100- if ($ type"port " ) {
101- // Check that our value is numeric
102- if (is_numeric ($ ae
103- if (1 <= intval ($ aeand intval ($ ae65535 ) {
104- $ address$ a_countstrval ($ ae
105- } else {
106- $ type_err"port out of range " ;
107- $ err_code8 ;
108- break ;
109- }
110- } else {
111- $ type_err"alias address contents must be numeric string " ;
112- break ;
113- }
114- }
115- // Conditionals for alias type 'network'
116- if ($ type"network " ) {
117- // Check that values are strings
118- if (is_string ($ ae
119- // Check that string is a network CIDR
120- if (strpos ($ ae"/ " )) {
121- $ net_ipexplode ("/ " , $ ae0 ]; // Save our network IP
122- $ bit_maskexplode ("/ " , $ ae1 ]; // Save our subnet bit mask
123- // Check if our IP is IPv4
124- if (is_ipaddrv4 ($ net_ip
125- $ max_bits32 ; // Assign our maximum IPv4 bitmask
126- } elseif (is_ipaddrv6 ($ net_ip
127- $ max_bits128 ; // Assign our maximum IPv4 bitmask
128- } else {
129- $ type_err"invalid ipv4 or ipv6 network address " ;
130- $ err_code7 ;
131- break ;
132- }
133- // Check if our bitmask is numeric and in range
134- if (is_numeric ($ bit_mask
135- if (1 <= intval ($ bit_maskand intval ($ bit_mask$ max_bits
136- continue ;
137- } else {
138- $ type_err"subnet out of range " ;
139- $ err_code9 ;
140- break ;
141- }
142- } else {
143- $ type_err"alias address contents must be valid cidr " ;
144- $ err_code63 ;
145- break ;
146- }
147- } else {
148- $ type_err"alias address contents must be valid cidr " ;
149- $ err_code63 ;
150- break ;
151- }
152- } else {
153- $ type_err"alias address contents must be type string " ;
154- break ;
155- }
156- }
157- // Conditions for alias type 'host'
158- if ($ type"host " ) {
159- // Check that values are strings
160- if (is_string ($ ae
161- $ address$ a_countsanitize_str ($ ae
162- } else {
163- $ type_err"alias address contents must be type string " ;
164- break ;
165- }
166- }
167- // Increase our counter
168- $ a_count
169- }
170- // Check each of our alias details
171- foreach ($ detailas $ de
172- if (!is_string ($ de
173- $ type_err"alias detail contents must be type string " ;
174- break ;
175- }
176- }
177- }
178- // Return bad request if error
179- if (isset ($ type_err
180- $ api_resparray ("status " => "bad request " , "code " => 400 , "return " => $ err_code
181- $ api_resp"message " ] = $ type_err
182- http_response_code (400 );
183- echo json_encode ($ api_respPHP_EOL ;
184- die ();
185- }
186- // Add our alias
187- $ _SESSION "Username " ] = $ client_id// Save our CLIENT ID to session data for logging
188- $ change_note" Added firewall alias address via API " ; // Add a change note
189- $ new_addrarray_merge ($ curr_addr$ address
190- $ new_detailarray_merge ($ curr_detail$ detail
191- $ config"aliases " ]["alias " ][$ a_index"address " ] = implode (" " , $ new_addr
192- $ config"aliases " ]["alias " ][$ a_index"detail " ] = implode ("|| " , $ new_detail
193- write_config (sprintf (gettext ($ change_note// Apply our configuration change
194- send_event ("filter reload " ); // Ensure our firewall filter is reloaded
195- // Loop through each alias and see if our alias was added successfully
196- $ api_resparray ("status " => "ok " , "code " => 200 , "return " => 0 );
197- $ api_resp"message " ] = "alias address added " ;
198- $ api_resp"data " ] = $ config"aliases " ]["alias " ][$ a_index
199- http_response_code (200 );
200- echo json_encode ($ api_respPHP_EOL ;
201- die ();
202- } else {
203- $ api_resparray ("status " => "bad request " , "code " => 400 , "return " => 2 , "message " => "invalid http method " );
204- http_response_code (400 );
205- echo json_encode ($ api_respPHP_EOL ;
206- die ();
207- }
208- } else {
209- http_response_code (401 );
210- echo json_encode ($ api_respPHP_EOL ;
211- die ();
212- }
213-
2+ # Copyright 2020 - Jared Hendrickson
3+ # IMPORTS
4+ require_once ("apicalls.inc " );
5+
6+ # RUN API CALL
7+ $ respapi_firewall_aliases_add_address ();
8+ http_response_code ($ resp"code " ]);
9+ echo $ resp
10+ exit ();
0 commit comments