mirror of
https://github.com/webmin/webmin.git
synced 2026-05-06 15:20:29 +01:00
172 lines
5.0 KiB
Perl
Executable File
172 lines
5.0 KiB
Perl
Executable File
#!/usr/bin/perl
|
|
# setup.cgi
|
|
# Create a Webmin-managed nftables profile table
|
|
|
|
require './nftables-lib.pl'; ## no critic
|
|
use strict;
|
|
use warnings;
|
|
our (%in, %text);
|
|
ReadParse();
|
|
error_setup($text{'setup_err'});
|
|
assert_acl('setup');
|
|
if ($in{'action'} eq 'create') {
|
|
my $profile = $in{'profile'} || 'virtualmin';
|
|
my $table_name = $in{'table_name'} || default_profile_table_name();
|
|
$table_name =~ /^\w[\w-]*$/ || error($text{'create_ename'});
|
|
|
|
my @tables = get_nftables_save();
|
|
foreach my $t (@tables) {
|
|
if ($t->{'family'} eq 'inet' && $t->{'name'} eq $table_name) {
|
|
error(text('setup_edup', nft_table_spec($t)));
|
|
}
|
|
}
|
|
my ($active, $active_err) = get_active_nftables_save();
|
|
if (!$active_err) {
|
|
foreach my $t (@$active) {
|
|
if ($t->{'family'} eq 'inet' &&
|
|
$t->{'name'} eq $table_name &&
|
|
table_is_externally_managed($t))
|
|
{
|
|
error(text('create_eexternal', nft_table_spec($t)));
|
|
}
|
|
}
|
|
}
|
|
|
|
my @allow = grep { $_ ne '' } split(/\0/, $in{'allow'} || '');
|
|
my $table = create_profile_ruleset($table_name, $profile, \@allow);
|
|
assert_table_acl($table);
|
|
push(@tables, $table);
|
|
|
|
my $error = save_configuration(@tables);
|
|
if ($error) {
|
|
error(text('setup_failed', $error));
|
|
}
|
|
$error = apply_restore();
|
|
if ($error) {
|
|
error(text('setup_failed', $error));
|
|
}
|
|
webmin_log("setup", "create", $profile,
|
|
{'family' => 'inet', 'table' => $table_name});
|
|
redirect("index.cgi?table_family=inet&table_name=".urlize($table_name));
|
|
return;
|
|
}
|
|
|
|
ui_print_header(undef, $text{'index_profile_setup'}, "");
|
|
|
|
print ui_form_start("setup.cgi");
|
|
print ui_hidden("action", "create");
|
|
|
|
my @profiles = setup_profiles();
|
|
my $profile = $in{'profile'} || 'virtualmin';
|
|
my %profile_map = map { $_->{'id'} => $_ } @profiles;
|
|
$profile = 'virtualmin' if (!$profile_map{$profile});
|
|
my %checked = map { $_ => 1 } @{$profile_map{$profile}->{'services'} || [ ]};
|
|
my @profile_opts = map { [$_->{'id'}, $_->{'name'}] } @profiles;
|
|
|
|
print ui_table_start($text{'setup_header'}, "width=100%", 2);
|
|
print ui_table_row($text{'setup_table_name'},
|
|
ui_textbox("table_name", $in{'table_name'} || profile_table_name($profile), 24)
|
|
);
|
|
print ui_table_row(
|
|
$text{'setup_profile'},
|
|
ui_select("profile", $profile, \@profile_opts, 1, 0, 0, 0).
|
|
ui_tag(
|
|
'div',
|
|
ui_note($profile_map{$profile}->{'desc'}, 0),
|
|
{
|
|
'id' => 'nftables_profile_note',
|
|
'style' => 'margin-top: 0.35em; margin-left: 0.15em;'
|
|
}
|
|
)
|
|
);
|
|
print ui_table_end();
|
|
|
|
my @services = setup_services();
|
|
my @links = (select_all_link("allow", 0), select_invert_link("allow", 0));
|
|
print ui_hr();
|
|
print ui_links_row(\@links);
|
|
my @tds = ("width=5");
|
|
print ui_columns_start(
|
|
[
|
|
"", $text{'setup_service_col'},
|
|
$text{'setup_type_col'}, $text{'setup_port_col'},
|
|
$text{'setup_proto_col'}
|
|
],
|
|
100, 0,
|
|
\@tds,
|
|
$text{'setup_services'}
|
|
);
|
|
|
|
foreach my $svc (sort { lc($a->{'label'}) cmp lc($b->{'label'}) } @services) {
|
|
print ui_checked_columns_row(
|
|
[$svc->{'label'}, $svc->{'type'}, $svc->{'port'}, $svc->{'proto'},],
|
|
\@tds, "allow", $svc->{'id'}, $checked{$svc->{'id'}});
|
|
}
|
|
print ui_columns_end();
|
|
print profile_javascript(@profiles);
|
|
|
|
print ui_form_end([[undef, $text{'setup_create'}]]);
|
|
ui_print_footer("index.cgi", $text{'index_return'});
|
|
|
|
# profile_javascript(@profiles)
|
|
# Returns JavaScript for profile-driven table names, notes and service checks
|
|
sub profile_javascript
|
|
{
|
|
my (@profiles) = @_;
|
|
my %profile_services = map { $_->{'id'} => $_->{'services'} } @profiles;
|
|
my %profile_tables =
|
|
map { $_->{'id'} => profile_table_name($_->{'id'}) } @profiles;
|
|
my %profile_notes = map { $_->{'id'} => ui_note($_->{'desc'}, 0) } @profiles;
|
|
my $json = convert_to_json(\%profile_services);
|
|
my $table_json = convert_to_json(\%profile_tables);
|
|
my $note_json = convert_to_json(\%profile_notes);
|
|
return <<EOF;
|
|
<script type='text/javascript'>
|
|
(function() {
|
|
var profileServices = $json;
|
|
var profileTables = $table_json;
|
|
var profileNotes = $note_json;
|
|
var tableInput = document.querySelector('input[name="table_name"]');
|
|
var profileSelect = document.querySelector('select[name="profile"]');
|
|
var profileNote = document.getElementById('nftables_profile_note');
|
|
var tableNameTouched = false;
|
|
if (tableInput) {
|
|
tableInput.addEventListener('input', function() {
|
|
tableNameTouched = true;
|
|
});
|
|
}
|
|
function applyProfileServices(profile) {
|
|
var selected = {};
|
|
(profileServices[profile] || []).forEach(function(id) {
|
|
selected[id] = true;
|
|
});
|
|
document.querySelectorAll('input[name="allow"]').forEach(function(input) {
|
|
var checked = !!selected[input.value];
|
|
if (input.checked != checked) {
|
|
input.click();
|
|
}
|
|
});
|
|
}
|
|
function applyProfileTable(profile) {
|
|
if (!tableInput || tableNameTouched || !profileTables[profile]) {
|
|
return;
|
|
}
|
|
tableInput.value = profileTables[profile];
|
|
}
|
|
function applyProfileNote(profile) {
|
|
if (profileNote && profileNotes[profile]) {
|
|
profileNote.innerHTML = profileNotes[profile];
|
|
}
|
|
}
|
|
if (profileSelect) {
|
|
profileSelect.addEventListener('change', function() {
|
|
applyProfileServices(this.value);
|
|
applyProfileTable(this.value);
|
|
applyProfileNote(this.value);
|
|
});
|
|
}
|
|
})();
|
|
</script>
|
|
EOF
|
|
}
|