From ca0a39af5b74c9b6382ed40411b64f1fa7d7d8b9 Mon Sep 17 00:00:00 2001 From: lilinzhe Date: Sat, 18 Jan 2020 09:29:35 +0800 Subject: [PATCH] Alias Management: delete - network_address_aliases_delete Signed-off-by: lilinzhe --- README.md | 46 ++++++++++- .../files/etc/inc/fauxapi/fauxapi_actions.inc | 25 ++++++ .../fauxapi_pfsense_interface_alias.inc | 25 +++++- .../fauxapi_pfsense_interface_alias.priv.inc | 77 +++++++++++++++++++ 4 files changed, 170 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 72b4fe9..e3c34f6 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ tasks feasible. - [network_address_aliases_get](#user-content-network_address_aliases_get) - Returns address aliaes used by rules. - [network_address_aliases_create](#user-content-network_address_aliases_create) - Creates An network aliaes for rules - [network_address_aliases_update](#user-content-network_address_aliases_update) - Update a address aliaes. Returns newest result + - [network_address_aliases_delete](#user-content-network_address_aliases_delete) - delete a address aliaes. Returns newest result - [filter_rules_get](#user-content-filter_rules_get) - Returns firewall filters. @@ -984,14 +985,14 @@ curl \ --insecure \ --header "fauxapi-auth: " \ --data '{"name": "wsdfan", "type": "network", "cidr_addresses": [{"address":"12.23.45.3/32", "details":"a"}], "descr":"Test"}' - "https:///fauxapi/v1/?action=network_address_aliases_create" + "https:///fauxapi/v1/?action=network_address_aliases_update" ``` *Example Response* ```javascript { "callid": "5e22393a9aa5a", - "action": "network_address_aliases_create", + "action": "network_address_aliases_update", "message": "ok", "data": { "aliases": { @@ -1016,6 +1017,47 @@ curl \ } ``` --- +### network_address_aliases_delete + - deletes a address aliaes. Returns newest result + - HTTP: **POST** + - Params: none + - Request body: json + - **name** : name of aliases. identiy which aliase to delete + - Response: json : the items after created + +*Example Request* +```bash +curl \ + -X GET \ + --silent \ + --insecure \ + --header "fauxapi-auth: " \ + --data '{"name": "wsdfan"}' + "https:///fauxapi/v1/?action=network_address_aliases_delete" +``` + +*Example Response* +```javascript +{ + "callid": "5e22393a9aa5a", + "action": "network_address_aliases_delete", + "message": "ok", + "data": { + "aliases": { + "alias": [ + { + "name": "EasyRuleBlockHostsWAN", + "type": "network", + "address": "1.2.3.4/32 5.6.7.8/32", + "descr": "Hosts blocked from Firewall Log view", + "detail": "Entry added Fri, 27 Dec 2019 00:53:01 -0800||\u5df2\u6dfb\u52a0\u6761\u76ee Thu, 16 Jan 2020 03:42:37 -0800" + } + ] + } + } +} +``` +--- ### filter_rules_get - Returns firewall filters. - HTTP: **GET** diff --git a/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_actions.inc b/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_actions.inc index 90102b7..d9c60e0 100644 --- a/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_actions.inc +++ b/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_actions.inc @@ -504,6 +504,31 @@ class fauxApiActions { ); return TRUE; } + + /** + * network_address_aliases_update() + * + * @return boolean + */ + public function network_address_aliases_delete() { + fauxApiLogger::debug(__METHOD__); + + $name = $this->action_input_data["name"]; + + $alias = $this->PfsenseInterface->network_address_aliases_delete($name); + + if (empty($alias)) { + $this->response->http_code = 500; + $this->response->message = 'unable to get address aliases'; + return FALSE; + } + $this->response->http_code = 200; + $this->response->message = 'ok'; + $this->response->data = array( + 'aliases' => $alias, + ); + return TRUE; + } /** * alias_update_urltables() diff --git a/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface_alias.inc b/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface_alias.inc index d79c9b8..9aafd31 100644 --- a/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface_alias.inc +++ b/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface_alias.inc @@ -127,9 +127,32 @@ trait network_address_aliases fauxApiLogger::debug(__METHOD__, array( 'name' => $name )); - $pconfig=NULL; + $idx = -1; for ($id = 0; $id < count($config["aliases"]["alias"]); $id+=1) { + if ($config["aliases"]["alias"][$id]['name'] == $name) { + $idx=$id; + break; + } + } + if ($idx == -1) { + //not find + $error_message = "not find name"; + $error_data = array('name' => $name); + fauxApiLogger::error($error_message, $error_data); + throw new \Exception($error_message); + } + $usederrmsg = fauxApiInterfaceAliasTools::is_alias_used($name); + if ($usederrmsg) { + $error_message = $usederrmsg; + $error_data = array('name'=>$name); + fauxApiLogger::error($error_message, $error_data); + throw new \Exception($error_message); + } + \array_splice($config["aliases"]["alias"], $idx, 1); + if (!fauxApiInterfaceAliasTools::write_config_aliases()) { + return NULL; } + return $config["aliases"]; } } diff --git a/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface_alias.priv.inc b/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface_alias.priv.inc index 3769d2d..9016599 100644 --- a/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface_alias.priv.inc +++ b/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface_alias.priv.inc @@ -142,6 +142,83 @@ class fauxApiInterfaceAliasTools } } + public static function find_alias_reference($section, $field, $origname, &$is_alias_referenced, &$referenced_by) { + global $config; + if (!$origname || $is_alias_referenced) { + return; + } + + $sectionref = &$config; + foreach ($section as $sectionname) { + if (is_array($sectionref) && isset($sectionref[$sectionname])) { + $sectionref = &$sectionref[$sectionname]; + } else { + return; + } + } + + if (is_array($sectionref)) { + foreach ($sectionref as $itemkey => $item) { + $fieldfound = true; + $fieldref = &$sectionref[$itemkey]; + foreach ($field as $fieldname) { + if (is_array($fieldref) && isset($fieldref[$fieldname])) { + $fieldref = &$fieldref[$fieldname]; + } else { + $fieldfound = false; + break; + } + } + if ($fieldfound && $fieldref == $origname) { + $is_alias_referenced = true; + if (is_array($item)) { + $referenced_by = $item['descr']; + } + break; + } + } + } + } + + public static function is_alias_used($alias_name){ + $is_alias_referenced = false; + $referenced_by = false; + + // Firewall rules + fauxApiInterfaceAliasTools::find_alias_reference(array('filter', 'rule'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('filter', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('filter', 'rule'), array('source', 'port'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('filter', 'rule'), array('destination', 'port'), $alias_name, $is_alias_referenced, $referenced_by); + // NAT Rules + fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'rule'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'rule'), array('source', 'port'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'rule'), array('destination', 'port'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'rule'), array('target'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'rule'), array('local-port'), $alias_name, $is_alias_referenced, $referenced_by); + // NAT 1:1 Rules + //fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'onetoone'), array('external'), $alias_name, $is_alias_referenced, $referenced_by); + //fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'onetoone'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'onetoone'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + // NAT Outbound Rules + fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'outbound', 'rule'), array('source', 'network'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'outbound', 'rule'), array('sourceport'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'outbound', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'outbound', 'rule'), array('dstport'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('nat', 'outbound', 'rule'), array('target'), $alias_name, $is_alias_referenced, $referenced_by); + // Alias in an alias + fauxApiInterfaceAliasTools::find_alias_reference(array('aliases', 'alias'), array('address'), $alias_name, $is_alias_referenced, $referenced_by); + // Load Balancer + fauxApiInterfaceAliasTools::find_alias_reference(array('load_balancer', 'lbpool'), array('port'), $alias_name, $is_alias_referenced, $referenced_by); + fauxApiInterfaceAliasTools::find_alias_reference(array('load_balancer', 'virtual_server'), array('port'), $alias_name, $is_alias_referenced, $referenced_by); + // Static routes + fauxApiInterfaceAliasTools::find_alias_reference(array('staticroutes', 'route'), array('network'), $alias_name, $is_alias_referenced, $referenced_by); + if ($is_alias_referenced) { + return $referenced_by; + } + return NULL; + } + }