From 6c64ffbd49cd99f0b4649703aa68b6e4e4b390b2 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 29 Jun 2017 10:29:56 +0200
Subject: [PATCH] [acme-mailcow] Auto-detect container ids for restart; Restart
 containers after restore

---
 data/web/admin.php                      |  2 +-
 data/web/inc/functions.fail2ban.inc.php | 93 +++++++++++++++++++++++++
 data/web/inc/functions.inc.php          | 90 ------------------------
 data/web/inc/prerequisites.inc.php      |  1 +
 data/web/json_api.php                   |  2 +-
 data/web/lang/lang.de.php               |  2 +
 data/web/lang/lang.en.php               |  2 +
 7 files changed, 100 insertions(+), 92 deletions(-)
 create mode 100644 data/web/inc/functions.fail2ban.inc.php

diff --git a/data/web/admin.php b/data/web/admin.php
index 787129f08..8c01b340e 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -274,7 +274,7 @@ $tfa_data = get_tfa();
       <div class="panel-heading">Fail2Ban parameters</div>
       <div class="panel-body">
       <?php
-      $f2b_data = get_f2b_parameters();
+      $f2b_data = fail2ban('get');
       ?>
         <form class="form" data-id="f2b" role="form" method="post">
           <div class="form-group">
diff --git a/data/web/inc/functions.fail2ban.inc.php b/data/web/inc/functions.fail2ban.inc.php
new file mode 100644
index 000000000..c9644d5fd
--- /dev/null
+++ b/data/web/inc/functions.fail2ban.inc.php
@@ -0,0 +1,93 @@
+<?php
+function fail2ban($_action, $_data = null) {
+  global $redis;
+  global $lang;
+  switch ($_action) {
+    case 'get':
+      $data = array();
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        return false;
+      }
+      try {
+        $data['ban_time'] = $redis->Get('F2B_BAN_TIME');
+        $data['max_attempts'] = $redis->Get('F2B_MAX_ATTEMPTS');
+        $data['retry_window'] = $redis->Get('F2B_RETRY_WINDOW');
+        $wl = $redis->hGetAll('F2B_WHITELIST');
+        if (is_array($wl)) {
+          foreach ($wl as $key => $value) {
+            $tmp_data[] = $key;
+          }
+          $data['whitelist'] = implode(PHP_EOL, $tmp_data);
+        }
+        else {
+          $data['whitelist'] = "";
+        }
+      }
+      catch (RedisException $e) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => 'Redis: '.$e
+        );
+        return false;
+      }
+      return $data;
+    break;
+    case 'edit':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => sprintf($lang['danger']['access_denied'])
+        );
+        return false;
+      }
+      $is_now = fail2ban('get');
+      if (!empty($is_now)) {
+        $ban_time = intval((isset($_data['ban_time'])) ? $_data['ban_time'] : $is_now['ban_time']);
+        $max_attempts = intval((isset($_data['max_attempts'])) ? $_data['max_attempts'] : $is_now['active_int']);
+        $retry_window = intval((isset($_data['retry_window'])) ? $_data['retry_window'] : $is_now['retry_window']);
+      }
+      else {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => sprintf($lang['danger']['access_denied'])
+        );
+        return false;
+      }
+      $wl = $_data['whitelist'];
+      $ban_time = ($ban_time < 60) ? 60 : $ban_time;
+      $max_attempts = ($max_attempts < 1) ? 1 : $max_attempts;
+      $retry_window = ($retry_window < 1) ? 1 : $retry_window;
+      try {
+        $redis->Set('F2B_BAN_TIME', $ban_time);
+        $redis->Set('F2B_MAX_ATTEMPTS', $max_attempts);
+        $redis->Set('F2B_RETRY_WINDOW', $retry_window);
+        $redis->Del('F2B_WHITELIST');
+        if(!empty($wl)) {
+          $wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl));
+          if (is_array($wl_array)) {
+            foreach ($wl_array as $wl_item) {
+              $cidr = explode('/', $wl_item);
+              if (filter_var($cidr[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) && (!isset($cidr[1]) || ($cidr[1] >= 0 && $cidr[1] <= 32))) {
+                $redis->hSet('F2B_WHITELIST', $wl_item, 1);
+              }
+              elseif (filter_var($cidr[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && (!isset($cidr[1]) || ($cidr[1] >= 0 && $cidr[1] <= 128))) {
+                $redis->hSet('F2B_WHITELIST', $wl_item, 1);
+              }
+            }
+          }
+        }
+      }
+      catch (RedisException $e) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => 'Redis: '.$e
+        );
+        return false;
+      }
+      $_SESSION['return'] = array(
+        'type' => 'success',
+        'msg' => sprintf($lang['success']['f2b_modified'])
+      );
+    break;
+  }
+}
\ No newline at end of file
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 68a095316..948214e9f 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1435,94 +1435,4 @@ function get_logs($container, $lines = 100) {
   }
   return false;
 }
-function get_f2b_parameters() {
-	global $lang;
-	global $redis;
-  $data = array();
-	if ($_SESSION['mailcow_cc_role'] != "admin") {
-		return false;
-	}
-  try {
-    $data['ban_time'] = $redis->Get('F2B_BAN_TIME');
-    $data['max_attempts'] = $redis->Get('F2B_MAX_ATTEMPTS');
-    $data['retry_window'] = $redis->Get('F2B_RETRY_WINDOW');
-    $wl = $redis->hGetAll('F2B_WHITELIST');
-    if (is_array($wl)) {
-      foreach ($wl as $key => $value) {
-        $tmp_data[] = $key;
-      }
-      $data['whitelist'] = implode(PHP_EOL, $tmp_data);
-    }
-    else {
-      $data['whitelist'] = "";
-    }
-  }
-  catch (RedisException $e) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => 'Redis: '.$e
-    );
-    return false;
-  }
-  return $data;
-}
-function edit_f2b_parameters($postarray) {
-	global $lang;
-	global $redis;
-	if ($_SESSION['mailcow_cc_role'] != "admin") {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => sprintf($lang['danger']['access_denied'])
-    );
-    return false;
-  }
-  $is_now = get_f2b_parameters();
-  if (!empty($is_now)) {
-    $ban_time = intval((isset($postarray['ban_time'])) ? $postarray['ban_time'] : $is_now['ban_time']);
-    $max_attempts = intval((isset($postarray['max_attempts'])) ? $postarray['max_attempts'] : $is_now['active_int']);
-    $retry_window = intval((isset($postarray['retry_window'])) ? $postarray['retry_window'] : $is_now['retry_window']);
-  }
-  else {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => sprintf($lang['danger']['access_denied'])
-    );
-    return false;
-  }
-  $wl = $postarray['whitelist'];
-  $ban_time = ($ban_time < 60) ? 60 : $ban_time;
-  $max_attempts = ($max_attempts < 1) ? 1 : $max_attempts;
-  $retry_window = ($retry_window < 1) ? 1 : $retry_window;
-  try {
-    $redis->Set('F2B_BAN_TIME', $ban_time);
-    $redis->Set('F2B_MAX_ATTEMPTS', $max_attempts);
-    $redis->Set('F2B_RETRY_WINDOW', $retry_window);
-    $redis->Del('F2B_WHITELIST');
-    if(!empty($wl)) {
-      $wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl));
-      if (is_array($wl_array)) {
-        foreach ($wl_array as $wl_item) {
-          $cidr = explode('/', $wl_item);
-          if (filter_var($cidr[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) && (!isset($cidr[1]) || ($cidr[1] >= 0 && $cidr[1] <= 32))) {
-            $redis->hSet('F2B_WHITELIST', $wl_item, 1);
-          }
-          elseif (filter_var($cidr[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && (!isset($cidr[1]) || ($cidr[1] >= 0 && $cidr[1] <= 128))) {
-            $redis->hSet('F2B_WHITELIST', $wl_item, 1);
-          }
-        }
-      }
-    }
-  }
-  catch (RedisException $e) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => 'Redis: '.$e
-    );
-    return false;
-  }
-  $_SESSION['return'] = array(
-    'type' => 'success',
-    'msg' => 'Saved changes to Fail2ban configuration'
-  );
-}
 ?>
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index a1dd4d585..b8abb8044 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -64,6 +64,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.mailbox.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.policy.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.dkim.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.fwdhost.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.fail2ban.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/init_db.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.inc.php';
 init_db_schema();
diff --git a/data/web/json_api.php b/data/web/json_api.php
index d891f88d6..0ed105560 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1925,7 +1925,7 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
             // No items
             if (isset($_POST['attr'])) {
               $attr = (array)json_decode($_POST['attr'], true);
-              if (edit_f2b_parameters($attr) === false) {
+              if (fail2ban('edit', $attr) === false) {
                 if (isset($_SESSION['return'])) {
                   echo json_encode($_SESSION['return']);
                 }
diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php
index a9009fcc0..ea8fe9da3 100644
--- a/data/web/lang/lang.de.php
+++ b/data/web/lang/lang.de.php
@@ -49,6 +49,7 @@ $lang['success']['aliasd_modified'] = 'Änderungen an Alias-Domain %s wurden ges
 $lang['success']['mailbox_modified'] = 'Änderungen an Mailbox %s wurden gespeichert';
 $lang['success']['resource_modified'] = "Änderungen an Ressource %s wurden gespeichert";
 $lang['success']['object_modified'] = "Änderungen an Objekt %s wurden gespeichert";
+$lang['success']['f2b_modified'] = "Änderungen an Fail2ban Parametern wurden gespeichert";
 $lang['success']['msg_size_saved'] = 'Limit wurde gesetzt';
 $lang['danger']['aliasd_not_found'] = 'Alias-Domain nicht gefunden';
 $lang['danger']['targetd_not_found'] = 'Ziel-Domain nicht gefunden';
@@ -417,6 +418,7 @@ $lang['tfa']['enter_qr_code'] = "Falls Sie den angezeigten QR-Code nicht scannen
 $lang['tfa']['confirm_totp_token'] = "Bitte bestätigen Sie die Änderung durch Eingabe eines generierten Tokens";
 
 $lang['admin']['search_domain_da'] = 'Domains durchsuchen';
+$lang['admin']['f2b_parameters'] = 'Fail2ban Parameter';
 $lang['admin']['restrictions'] = 'Postfix Restriktionen';
 $lang['admin']['rr'] = 'Postfix Empfänger Restriktionen';
 $lang['admin']['sr'] = 'Postfix Sender Restriktionen';
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index c49a535ff..d6d4256a5 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -51,6 +51,7 @@ $lang['success']['aliasd_modified'] = "Changes to alias domain have been saved";
 $lang['success']['mailbox_modified'] = "Changes to mailbox %s have been saved";
 $lang['success']['resource_modified'] = "Changes to mailbox %s have been saved";
 $lang['success']['object_modified'] = "Changes to object %s have been saved";
+$lang['success']['f2b_modified'] = "Changes to Fail2ban parameters have been saved";
 $lang['success']['msg_size_saved'] = "Message size limit has been set";
 $lang['danger']['aliasd_not_found'] = "Alias domain not found";
 $lang['danger']['targetd_not_found'] = "Target domain not found";
@@ -421,6 +422,7 @@ $lang['tfa']['scan_qr_code'] = "Please scan the following code with your authent
 $lang['tfa']['enter_qr_code'] = "Your TOTP code if your device cannot scan QR codes";
 $lang['tfa']['confirm_totp_token'] = "Please confirm your changes by entering the generated token";
 
+$lang['admin']['f2b_parameters'] = 'Fail2ban parameters';
 $lang['admin']['search_domain_da'] = 'Search domains';
 $lang['admin']['restrictions'] = 'Postfix Restrictions';
 $lang['admin']['rr'] = 'Postfix Recipient Restrictions';