#!/usr/bin/perl # # $Id: webaccess.cgi,v 2.0 2006/01/11 00:00:00 marco.s Exp $ # use CGI; my $swroot = "/var/ipfire"; my $apdir = "$swroot/proxy/advanced"; my $group_def_file = "$apdir/cre/classrooms"; my $svhosts_file = "$apdir/cre/supervisors"; my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl"; my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl"; my $banner = "A D V A N C E D   P R O X Y   -   W E B   A C C E S S   M A N A G E R"; my %cgiparams; my %mainsettings; my %proxysettings; my %acl=(); my @group_defs=(); my @groups=(); ### Initialize environment &readhash("${swroot}/main/settings", \%mainsettings); &readhash("${swroot}/proxy/advanced/settings", \%proxysettings); $language = $mainsettings{'LANGUAGE'}; ### Initialize language if ($language =~ /^(\w+)$/) {$language = $1;} # # Uncomment this to force a certain language: # $language='en'; # require "${swroot}/langs/en.pl"; require "${swroot}/langs/${language}.pl"; &getcgihash(\%cgiparams); &read_all_groups; &read_acl_groups; foreach (@groups) { if ($cgiparams{$_} eq $tr{'advproxy mode deny'}) { $acl{$_}='on'; } if ($cgiparams{$_} eq $tr{'advproxy mode allow'}) { $acl{$_}='off'; } } &read_all_groups; my $is_supervisor=0; if ((-e $svhosts_file) && (!-z $svhosts_file)) { open (FILE, $svhosts_file); while () { chomp; if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; } } close (FILE); } else { $is_supervisor=1; } if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor)) { if ( ($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) || ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))) { &write_acl; system("/usr/local/bin/squidctrl restart >/dev/null 2>&1"); } } &read_acl_groups; #undef(%cgiparams); # ------------------------------------------------------------------- print < Advanced Proxy - Web Access Manager
END ; if ($proxysettings{'CLASSROOM_EXT'} eq 'on') { if (@groups) { print < END ; } else { print " \n"; print " \n"; print " \n"; } } else { print " \n"; print " \n"; print " \n"; } print <
$banner
END ; if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))) { print < $tr{'advproxy supervisor password'}: END ; } print <

END ; foreach (@groups) { if ($is_supervisor) { print""; } else { print"
"; } print "\n"; if ((defined($acl{$_})) && ($acl{$_} eq 'on')) { print " \n"; } else { print "\n"; } } print "\n"; print "
$_"; } else { print " $_"; } if ($is_supervisor) { if ((defined($acl{$_})) && ($acl{$_} eq 'on')) { print ""; print ""; print " "; print ""; print " 
\n"; print""; print "\n"; print "
\n"; } print <

\n"; print " $tr{'advproxy no cre groups'}\n"; print "
\n"; print " $tr{'advproxy cre disabled'}\n"; print "
Advanced Proxy running on IPCop
END ; # ------------------------------------------------------------------- sub readhash { my $filename = $_[0]; my $hash = $_[1]; my ($var, $val); if (-e $filename) { open(FILE, $filename) or die "Unable to read file $filename"; while () { chop; ($var, $val) = split /=/, $_, 2; if ($var) { $val =~ s/^\'//g; $val =~ s/\'$//g; # Untaint variables read from hash $var =~ /([A-Za-z0-9_-]*)/; $var = $1; $val =~ /([\w\W]*)/; $val = $1; $hash->{$var} = $val; } } close FILE; } } # ------------------------------------------------------------------- sub getcgihash { my ($hash, $params) = @_; my $cgi = CGI->new (); return if ($ENV{'REQUEST_METHOD'} ne 'POST'); if (!$params->{'wantfile'}) { $CGI::DISABLE_UPLOADS = 1; $CGI::POST_MAX = 512 * 1024; } else { $CGI::POST_MAX = 10 * 1024 * 1024; } $cgi->referer() =~ m/^https?\:\/\/([^\/]+)/; my $referer = $1; $cgi->url() =~ m/^https?\:\/\/([^\/]+)/; my $servername = $1; return if ($referer ne $servername); ### Modified for getting multi-vars, split by | %temp = $cgi->Vars(); foreach my $key (keys %temp) { $hash->{$key} = $temp{$key}; $hash->{$key} =~ s/\0/|/g; $hash->{$key} =~ s/^\s*(.*?)\s*$/$1/; } if (($params->{'wantfile'})&&($params->{'filevar'})) { $hash->{$params->{'filevar'}} = $cgi->upload ($params->{'filevar'}); } return; } # ------------------------------------------------------------------- sub read_acl_groups { undef(%acl); open (FILE,"$acl_src_noaccess_ips"); my @aclgroups = ; close (FILE); foreach (@aclgroups) { chomp; if (/^\#/) { s/^\# //; $acl{$_}='on'; } } } # ------------------------------------------------------------------- sub read_all_groups { my $grpstr; open (FILE,"$group_def_file"); @group_defs = ; close (FILE); undef(@groups); foreach (@group_defs) { chomp; if (/^\s*\[.*\]\s*$/) { $grpstr=$_; $grpstr =~ s/^\s*\[\s*//; $grpstr =~ s/\s*\]\s*$//; push(@groups,$grpstr); } } } # ------------------------------------------------------------------- sub write_acl { my $is_blocked=0; open (FILE_IPS,">$acl_src_noaccess_ips"); open (FILE_MAC,">$acl_src_noaccess_mac"); flock (FILE_IPS, 2); flock (FILE_MAC, 2); foreach (@group_defs) { if (/^\s*\[.*\]\s*$/) { s/^\s*\[\s*//; s/\s*\]\s*$//; if ((defined($acl{$_})) && ($acl{$_} eq 'on')) { print FILE_IPS "# $_\n"; print FILE_MAC "# $_\n"; $is_blocked=1; } else { $is_blocked=0; } } elsif (($is_blocked) && ($_)) { s/^\s+//g; s/\s+$//g; /^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n"; } } close (FILE_IPS); close (FILE_MAC); } # -------------------------------------------------------------------