]>
Commit | Line | Data |
---|---|---|
ac1cfefa MT |
1 | #!/usr/bin/perl |
2 | # | |
3 | # SmoothWall CGIs | |
4 | # | |
5 | # This code is distributed under the terms of the GPL | |
6 | # | |
7 | # (c) The SmoothWall Team | |
8 | # Copyright (c) 2002/04/13 Steve Bootes - Add destination IP support | |
9 | # | |
10 | # $Id: xtaccess.cgi,v 1.6.2.15 2005/03/05 08:44:32 eoberlander Exp $ | |
11 | # | |
12 | ||
13 | use strict; | |
14 | ||
15 | # enable only the following on debugging purpose | |
16 | #use warnings; | |
17 | #use CGI::Carp 'fatalsToBrowser'; | |
18 | ||
986e08d9 | 19 | require '/var/ipfire/general-functions.pl'; |
ac1cfefa MT |
20 | require "${General::swroot}/lang.pl"; |
21 | require "${General::swroot}/header.pl"; | |
22 | ||
23 | #workaround to suppress a warning when a variable is used only once | |
24 | my @dummy = ( ${Header::colouryellow} ); | |
25 | undef (@dummy); | |
26 | ||
27 | my %cgiparams=(); | |
28 | my %checked=(); | |
29 | my %selected=(); | |
30 | my $errormessage = ''; | |
31 | my $filename = "${General::swroot}/xtaccess/config"; | |
32 | my $aliasfile = "${General::swroot}/ethernet/aliases"; | |
33 | my $changed = 'no'; | |
34 | ||
35 | &Header::showhttpheaders(); | |
36 | ||
37 | $cgiparams{'ENABLED'} = 'off'; | |
38 | $cgiparams{'ACTION'} = ''; | |
39 | $cgiparams{'SRC'} = ''; | |
40 | $cgiparams{'DEST_PORT'} = ''; | |
41 | $cgiparams{'REMARK'} =''; | |
42 | &Header::getcgihash(\%cgiparams); | |
43 | open(FILE, $filename) or die 'Unable to open config file.'; | |
44 | my @current = <FILE>; | |
45 | close(FILE); | |
46 | ||
47 | if ($cgiparams{'ACTION'} eq $Lang::tr{'add'}) | |
48 | { | |
49 | unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; } | |
50 | unless(&General::validipormask($cgiparams{'SRC'})) | |
51 | { | |
52 | if ($cgiparams{'SRC'} ne '') { | |
53 | $errormessage = $Lang::tr{'source ip bad'}; } | |
54 | else { | |
55 | $cgiparams{'SRC'} = '0.0.0.0/0'; } | |
56 | } | |
57 | unless($errormessage){ $errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst'); } | |
58 | if ( ! $errormessage) | |
59 | { | |
60 | $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); | |
61 | ||
62 | if($cgiparams{'EDITING'} eq 'no') { | |
63 | open(FILE,">>$filename") or die 'Unable to open config file.'; | |
64 | flock FILE, 2; | |
65 | print FILE "$cgiparams{'PROTOCOL'},$cgiparams{'SRC'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'DEST'},$cgiparams{'REMARK'}\n"; | |
66 | } else { | |
67 | open(FILE, ">$filename") or die 'Unable to open config file.'; | |
68 | flock FILE, 2; | |
69 | my $id = 0; | |
70 | foreach my $line (@current) | |
71 | { | |
72 | $id++; | |
73 | if ($cgiparams{'EDITING'} eq $id) { | |
74 | print FILE "$cgiparams{'PROTOCOL'},$cgiparams{'SRC'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'DEST'},$cgiparams{'REMARK'}\n"; | |
75 | } else { print FILE "$line"; } | |
76 | } | |
77 | } | |
78 | close(FILE); | |
79 | undef %cgiparams; | |
80 | $changed = 'yes'; | |
81 | &General::log($Lang::tr{'external access rule added'}); | |
82 | system('/usr/local/bin/setxtaccess'); | |
83 | } else { | |
84 | # stay on edit mode if an error occur | |
85 | if ($cgiparams{'EDITING'} ne 'no') | |
86 | { | |
87 | $cgiparams{'ACTION'} = $Lang::tr{'edit'}; | |
88 | $cgiparams{'ID'} = $cgiparams{'EDITING'}; | |
89 | } | |
90 | } | |
91 | } | |
92 | if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) | |
93 | { | |
94 | my $id = 0; | |
95 | open(FILE, ">$filename") or die 'Unable to open config file.'; | |
96 | flock FILE, 2; | |
97 | foreach my $line (@current) | |
98 | { | |
99 | $id++; | |
100 | unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } | |
101 | } | |
102 | close(FILE); | |
103 | system('/usr/local/bin/setxtaccess'); | |
104 | &General::log($Lang::tr{'external access rule removed'}); | |
105 | } | |
106 | if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) | |
107 | { | |
108 | open(FILE, ">$filename") or die 'Unable to open config file.'; | |
109 | flock FILE, 2; | |
110 | my $id = 0; | |
111 | foreach my $line (@current) | |
112 | { | |
113 | $id++; | |
114 | unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } | |
115 | else | |
116 | { | |
117 | chomp($line); | |
118 | my @temp = split(/\,/,$line); | |
119 | print FILE "$temp[0],$temp[1],$temp[2],$cgiparams{'ENABLE'},$temp[4],$temp[5]\n"; | |
120 | } | |
121 | } | |
122 | close(FILE); | |
123 | system('/usr/local/bin/setxtaccess'); | |
124 | } | |
125 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) | |
126 | { | |
127 | my $id = 0; | |
128 | foreach my $line (@current) | |
129 | { | |
130 | $id++; | |
131 | if ($cgiparams{'ID'} eq $id) | |
132 | { | |
133 | chomp($line); | |
134 | my @temp = split(/\,/,$line); | |
135 | $cgiparams{'PROTOCOL'} = $temp[0]; | |
136 | $cgiparams{'SRC'} = $temp[1]; | |
137 | $cgiparams{'DEST_PORT'} = $temp[2]; | |
138 | $cgiparams{'ENABLED'} = $temp[3]; | |
139 | $cgiparams{'DEST'} = $temp[4]; | |
140 | $cgiparams{'REMARK'} = $temp[5]; | |
141 | } | |
142 | } | |
143 | } | |
144 | ||
145 | if ($cgiparams{'ACTION'} eq '') | |
146 | { | |
147 | $cgiparams{'PROTOCOL'} = 'tcp'; | |
148 | $cgiparams{'DEST'} = '0.0.0.0'; | |
149 | $cgiparams{'ENABLED'} = 'on'; | |
150 | } | |
151 | ||
152 | $selected{'PROTOCOL'}{'udp'} = ''; | |
153 | $selected{'PROTOCOL'}{'tcp'} = ''; | |
154 | $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'"; | |
155 | ||
156 | $selected{'DEST'}{$cgiparams{'DEST'}} = "selected='selected'"; | |
157 | ||
158 | $checked{'ENABLED'}{'off'} = ''; | |
159 | $checked{'ENABLED'}{'on'} = ''; | |
160 | $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'"; | |
161 | ||
162 | &Header::openpage($Lang::tr{'external access configuration'}, 1, ''); | |
163 | ||
164 | &Header::openbigbox('100%', 'left', '', $errormessage); | |
165 | ||
166 | if ($errormessage) { | |
167 | &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); | |
168 | print "<class name='base'>$errormessage\n"; | |
169 | print " </class>\n"; | |
170 | &Header::closebox(); | |
171 | } | |
172 | ||
173 | print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n"; | |
174 | ||
175 | my $buttontext = $Lang::tr{'add'}; | |
176 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { | |
177 | &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'}); | |
178 | $buttontext = $Lang::tr{'update'}; | |
179 | } else { | |
180 | &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'}); | |
181 | } | |
182 | print <<END | |
183 | <table width='100%'> | |
184 | <tr> | |
185 | <td width='10%'> | |
186 | <select name='PROTOCOL'> | |
187 | <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option> | |
188 | <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option> | |
189 | </select> | |
190 | </td> | |
191 | <td class='base'><font color='${Header::colourred}'>$Lang::tr{'source network'}</font></td> | |
192 | <td><input type='text' name='SRC' value='$cgiparams{'SRC'}' size='32' /></td> | |
193 | <td class='base'><font color='${Header::colourred}'>$Lang::tr{'destination port'}:</font></td> | |
194 | <td><input type='text' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td> | |
195 | </tr> | |
196 | </table> | |
197 | <table width='100%'> | |
198 | <tr> | |
199 | <td width='10%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> | |
200 | <td class='base'><font color='${Header::colourred}'>$Lang::tr{'destination ip'}: </font> | |
201 | <select name='DEST'> | |
202 | <option value='0.0.0.0' $selected{'DEST'}{'0.0.0.0'}>DEFAULT IP</option> | |
203 | END | |
204 | ; | |
205 | ||
206 | open(ALIASES, "$aliasfile") or die 'Unable to open aliases file.'; | |
207 | while (<ALIASES>) | |
208 | { | |
209 | chomp($_); | |
210 | my @temp = split(/\,/,$_); | |
211 | if ($temp[1] eq 'on') { | |
212 | print "<option value='$temp[0]' $selected{'DEST'}{$temp[0]}>$temp[0]"; | |
213 | if (defined $temp[2] and ($temp[2] ne '')) { print " ($temp[2])"; } | |
214 | print "</option>\n"; | |
215 | } | |
216 | } | |
217 | close(ALIASES); | |
218 | print <<END | |
219 | </select> | |
220 | </td> | |
221 | </tr> | |
222 | </table> | |
223 | <table width='100%'> | |
224 | <tr> | |
225 | <td width ='10%' class='base'> | |
226 | <font class='boldbase'>$Lang::tr{'remark'}:</font> <img src='/blob.gif' alt='*' /> | |
227 | </td> | |
228 | <td width='65%'> | |
229 | <input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /> | |
230 | </td> | |
231 | <td width='25%' align='center'> | |
232 | <input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /> | |
233 | <input type='submit' name='SUBMIT' value='$buttontext' /> | |
234 | </td> | |
235 | </tr> | |
236 | </table> | |
237 | <table width='100%'> | |
238 | <tr> | |
239 | <td class='base' width='30%'><img src='/blob.gif' alt ='*' align='top' /> <font class='base'>$Lang::tr{'this field may be blank'}</font> | |
240 | </td> | |
241 | </tr> | |
242 | </table> | |
243 | END | |
244 | ; | |
245 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { | |
246 | print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n"; | |
247 | } else { | |
248 | print "<input type='hidden' name='EDITING' value='no' />\n"; | |
249 | } | |
250 | ||
251 | &Header::closebox(); | |
252 | print "</form>\n"; | |
253 | ||
254 | &Header::openbox('100%', 'left', $Lang::tr{'current rules'}); | |
255 | print <<END | |
256 | <table width='100%'> | |
257 | <tr> | |
258 | <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'proto'}</b></td> | |
259 | <td width='20%' class='boldbase' align='center'><b>$Lang::tr{'source ip'}</b></td> | |
260 | <td width='20%' class='boldbase' align='center'><b>$Lang::tr{'destination ip'}</b></td> | |
261 | <td width='15%' class='boldbase' align='center'><b>$Lang::tr{'destination port'}</b></td> | |
262 | <td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td> | |
263 | <td width='5%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td> | |
264 | </tr> | |
265 | END | |
266 | ; | |
267 | ||
268 | # If something has happened re-read config | |
269 | if($cgiparams{'ACTION'} ne '' or $changed ne 'no') | |
270 | { | |
271 | open(FILE, $filename) or die 'Unable to open config file.'; | |
272 | @current = <FILE>; | |
273 | close(FILE); | |
274 | } | |
275 | my $id = 0; | |
276 | foreach my $line (@current) | |
277 | { | |
278 | $id++; | |
279 | chomp($line); | |
280 | my @temp = split(/\,/,$line); | |
281 | my $protocol = ''; | |
282 | my $gif = ''; | |
283 | my $gdesc = ''; | |
284 | my $toggle = ''; | |
285 | if ($temp[0] eq 'udp') { | |
286 | $protocol = 'UDP'; } | |
287 | else { | |
288 | $protocol = 'TCP' } | |
289 | if($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) { | |
290 | print "<tr bgcolor='${Header::colouryellow}'>\n"; } | |
291 | elsif ($id % 2) { | |
292 | print "<tr bgcolor='${Header::table1colour}'>\n"; } | |
293 | else { | |
294 | print "<tr bgcolor='${Header::table2colour}'>\n"; } | |
295 | if ($temp[3] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};} | |
296 | else { $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; } | |
297 | if ($temp[1] eq '0.0.0.0/0') { | |
298 | $temp[1] = $Lang::tr{'caps all'}; } | |
299 | # catch for 'old-style' rules file - assume default ip if | |
300 | # none exists | |
301 | if (!&General::validip($temp[4]) || $temp[4] eq '0.0.0.0') { | |
302 | $temp[4] = 'DEFAULT IP'; } | |
303 | $temp[5] = '' unless defined $temp[5]; | |
304 | print <<END | |
305 | <td align='center'>$protocol</td> | |
306 | <td align='center'>$temp[1]</td> | |
307 | <td align='center'>$temp[4]</td> | |
308 | <td align='center'>$temp[2]</td> | |
309 | <td align='left'> $temp[5]</td> | |
310 | <td align='center'> | |
311 | <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'> | |
312 | <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' /> | |
313 | <input type='hidden' name='ID' value='$id' /> | |
314 | <input type='hidden' name='ENABLE' value='$toggle' /> | |
315 | <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' /> | |
316 | </form> | |
317 | </td> | |
318 | <td align='center'> | |
319 | <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'> | |
320 | <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' /> | |
321 | <input type='hidden' name='ID' value='$id' /> | |
322 | <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' /> | |
323 | </form> | |
324 | </td> | |
325 | <td align='center'> | |
326 | <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'> | |
327 | <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' /> | |
328 | <input type='hidden' name='ID' value='$id' /> | |
329 | <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' /> | |
330 | </form> | |
331 | </td> | |
332 | ||
333 | </tr> | |
334 | END | |
335 | ; | |
336 | } | |
337 | print "</table>\n"; | |
338 | ||
339 | # If the xt access file contains entries, print Key to action icons | |
340 | if ( ! -z "$filename") { | |
341 | print <<END | |
342 | <table> | |
343 | <tr> | |
344 | <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td> | |
345 | <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td> | |
346 | <td class='base'>$Lang::tr{'click to disable'}</td> | |
347 | <td> <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td> | |
348 | <td class='base'>$Lang::tr{'click to enable'}</td> | |
349 | <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td> | |
350 | <td class='base'>$Lang::tr{'edit'}</td> | |
351 | <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td> | |
352 | <td class='base'>$Lang::tr{'remove'}</td> | |
353 | </tr> | |
354 | </table> | |
355 | END | |
356 | ; | |
357 | } | |
358 | ||
359 | &Header::closebox(); | |
360 | ||
361 | &Header::closebigbox(); | |
362 | ||
363 | &Header::closepage(); |