--- /dev/null
+#!/usr/bin/perl\r
+#\r
+# SmoothWall CGIs\r
+#\r
+# This code is distributed under the terms of the GPL\r
+#\r
+# (c) The SmoothWall Team\r
+#\r
+# $Id: dmzholes.cgi,v 1.9.2.16 2005/10/18 17:05:27 franck78 Exp $\r
+#\r
+\r
+use strict;\r
+\r
+# enable only the following on debugging purpose\r
+#use warnings;\r
+#use CGI::Carp 'fatalsToBrowser';\r
+\r
+require 'CONFIG_ROOT/general-functions.pl';\r
+require "${General::swroot}/lang.pl";\r
+require "${General::swroot}/header.pl";\r
+\r
+#workaround to suppress a warning when a variable is used only once\r
+my @dummy = ( ${Header::table2colour}, ${Header::colouryellow} );\r
+undef (@dummy);\r
+\r
+my %cgiparams=();\r
+my %checked=();\r
+my %selected=();\r
+my %netsettings=();\r
+my $errormessage = '';\r
+my $filename = "${General::swroot}/dmzholes/config";\r
+\r
+&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);\r
+\r
+&Header::showhttpheaders();\r
+\r
+$cgiparams{'ENABLED'} = 'off';\r
+$cgiparams{'REMARK'} = '';\r
+$cgiparams{'ACTION'} = '';\r
+$cgiparams{'SRC_IP'} = '';\r
+$cgiparams{'DEST_IP'} ='';\r
+$cgiparams{'DEST_PORT'} = '';\r
+&Header::getcgihash(\%cgiparams);\r
+\r
+open(FILE, $filename) or die 'Unable to open config file.';\r
+my @current = <FILE>;\r
+close(FILE);\r
+\r
+if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})\r
+{\r
+ unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; }\r
+ unless(&General::validipormask($cgiparams{'SRC_IP'})) { $errormessage = $Lang::tr{'source ip bad'}; }\r
+ unless($errormessage){$errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst');}\r
+ unless(&General::validipormask($cgiparams{'DEST_IP'})) { $errormessage = $Lang::tr{'destination ip bad'}; }\r
+ unless ($errormessage) {\r
+ $errormessage = &validNet($cgiparams{'SRC_NET'},$cgiparams{'DEST_NET'}); }\r
+ # Darren Critchley - Remove commas from remarks\r
+ $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});\r
+\r
+ unless ($errormessage)\r
+ {\r
+ if($cgiparams{'EDITING'} eq 'no') {\r
+ open(FILE,">>$filename") or die 'Unable to open config file.';\r
+ flock FILE, 2;\r
+ print FILE "$cgiparams{'PROTOCOL'},"; # [0]\r
+ print FILE "$cgiparams{'SRC_IP'},"; # [1]\r
+ print FILE "$cgiparams{'DEST_IP'},"; # [2]\r
+ print FILE "$cgiparams{'DEST_PORT'},"; # [3]\r
+ print FILE "$cgiparams{'ENABLED'},"; # [4]\r
+ print FILE "$cgiparams{'SRC_NET'},"; # [5]\r
+ print FILE "$cgiparams{'DEST_NET'},"; # [6]\r
+ print FILE "$cgiparams{'REMARK'}\n"; # [7]\r
+ } else {\r
+ open(FILE,">$filename") or die 'Unable to open config file.';\r
+ flock FILE, 2;\r
+ my $id = 0;\r
+ foreach my $line (@current)\r
+ {\r
+ $id++;\r
+ if ($cgiparams{'EDITING'} eq $id) {\r
+ print FILE "$cgiparams{'PROTOCOL'},"; # [0]\r
+ print FILE "$cgiparams{'SRC_IP'},"; # [1]\r
+ print FILE "$cgiparams{'DEST_IP'},"; # [2]\r
+ print FILE "$cgiparams{'DEST_PORT'},"; # [3]\r
+ print FILE "$cgiparams{'ENABLED'},"; # [4]\r
+ print FILE "$cgiparams{'SRC_NET'},"; # [5]\r
+ print FILE "$cgiparams{'DEST_NET'},"; # [6]\r
+ print FILE "$cgiparams{'REMARK'}\n"; # [7]\r
+ } else { print FILE "$line"; }\r
+ }\r
+ }\r
+ close(FILE);\r
+ undef %cgiparams;\r
+ &General::log($Lang::tr{'dmz pinhole rule added'});\r
+ system('/usr/local/bin/setdmzholes');\r
+ }\r
+}\r
+if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})\r
+{\r
+ my $id = 0;\r
+ open(FILE, ">$filename") or die 'Unable to open config file.';\r
+ flock FILE, 2;\r
+ foreach my $line (@current)\r
+ {\r
+ $id++;\r
+ unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }\r
+ }\r
+ close(FILE);\r
+ system('/usr/local/bin/setdmzholes');\r
+ &General::log($Lang::tr{'dmz pinhole rule removed'});\r
+}\r
+if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})\r
+{\r
+ my $id = 0;\r
+ open(FILE, ">$filename") or die 'Unable to open config file.';\r
+ flock FILE, 2;\r
+ foreach my $line (@current)\r
+ {\r
+ $id++;\r
+ unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }\r
+ else\r
+ {\r
+ chomp($line);\r
+ my @temp = split(/\,/,$line);\r
+ print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$cgiparams{'ENABLE'},$temp[5],$temp[6],$temp[7]\n";\r
+ }\r
+ }\r
+ close(FILE);\r
+ system('/usr/local/bin/setdmzholes');\r
+}\r
+if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})\r
+{\r
+ my $id = 0;\r
+ foreach my $line (@current)\r
+ {\r
+ $id++;\r
+ if ($cgiparams{'ID'} eq $id)\r
+ {\r
+ chomp($line);\r
+ my @temp = split(/\,/,$line);\r
+ $cgiparams{'PROTOCOL'} = $temp[0];\r
+ $cgiparams{'SRC_IP'} = $temp[1];\r
+ $cgiparams{'DEST_IP'} = $temp[2];\r
+ $cgiparams{'DEST_PORT'} = $temp[3];\r
+ $cgiparams{'ENABLED'} = $temp[4];\r
+ $cgiparams{'SRC_NET'} = $temp[5];\r
+ $cgiparams{'DEST_NET'} = $temp[6];\r
+ $cgiparams{'REMARK'} = $temp[7];\r
+ }\r
+ }\r
+}\r
+\r
+if ($cgiparams{'ACTION'} eq '')\r
+{\r
+ $cgiparams{'PROTOCOL'} = 'tcp';\r
+ $cgiparams{'ENABLED'} = 'on';\r
+ $cgiparams{'SRC_NET'} = 'orange';\r
+ $cgiparams{'DEST_NET'} = 'blue';\r
+}\r
+\r
+$selected{'PROTOCOL'}{'udp'} = '';\r
+$selected{'PROTOCOL'}{'tcp'} = '';\r
+$selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'";\r
+\r
+$selected{'SRC_NET'}{'orange'} = '';\r
+$selected{'SRC_NET'}{'blue'} = '';\r
+$selected{'SRC_NET'}{$cgiparams{'SRC_NET'}} = "selected='selected'";\r
+\r
+$selected{'DEST_NET'}{'blue'} = '';\r
+$selected{'DEST_NET'}{'green'} = '';\r
+$selected{'DEST_NET'}{$cgiparams{'DEST_NET'}} = "selected='selected'";\r
+\r
+$checked{'ENABLED'}{'off'} = '';\r
+$checked{'ENABLED'}{'on'} = '';\r
+$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";\r
+\r
+&Header::openpage($Lang::tr{'dmz pinhole configuration'}, 1, '');\r
+\r
+&Header::openbigbox('100%', 'left', '', $errormessage);\r
+\r
+if ($errormessage) {\r
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});\r
+ print "<class name='base'>$errormessage\n";\r
+ print " </class>\n";\r
+ &Header::closebox();\r
+}\r
+\r
+print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";\r
+\r
+my $buttonText = $Lang::tr{'add'};\r
+if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {\r
+ &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'});\r
+ $buttonText = $Lang::tr{'update'};\r
+} else {\r
+ &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'});\r
+}\r
+print <<END\r
+<table width='100%'>\r
+<tr>\r
+<td>\r
+ <select name='PROTOCOL'>\r
+ <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>\r
+ <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option>\r
+ </select>\r
+</td>\r
+<td>\r
+ $Lang::tr{'source net'}:</td>\r
+<td>\r
+ <select name='SRC_NET'>\r
+END\r
+;\r
+ if (&haveOrangeNet()) {\r
+ print "<option value='orange' $selected{'SRC_NET'}{'orange'}>$Lang::tr{'orange'}</option>";\r
+ }\r
+ if (&haveBlueNet()) {\r
+ print "<option value='blue' $selected{'SRC_NET'}{'blue'}>$Lang::tr{'blue'}</option>";\r
+ }\r
+print <<END\r
+ </select>\r
+</td>\r
+<td class='base'>$Lang::tr{'source ip or net'}:</td>\r
+<td><input type='text' name='SRC_IP' value='$cgiparams{'SRC_IP'}' size='15' /></td>\r
+</tr>\r
+<tr>\r
+<td>\r
+ </td>\r
+<td>\r
+ $Lang::tr{'destination net'}:</td>\r
+<td>\r
+ <select name='DEST_NET'>\r
+END\r
+;\r
+ if (&haveOrangeNet() && &haveBlueNet()) {\r
+ print "<option value='blue' $selected{'DEST_NET'}{'blue'}>$Lang::tr{'blue'}</option>";\r
+ }\r
+\r
+print <<END\r
+ <option value='green' $selected{'DEST_NET'}{'green'}>$Lang::tr{'green'}</option>\r
+ </select>\r
+</td>\r
+<td class='base'>\r
+ $Lang::tr{'destination ip or net'}:</td>\r
+<td>\r
+ <input type='text' name='DEST_IP' value='$cgiparams{'DEST_IP'}' size='15' />\r
+</td>\r
+<td class='base'>\r
+ $Lang::tr{'destination port'}: \r
+ <input type='text' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' />\r
+</td>\r
+</tr>\r
+</table>\r
+<table width='100%'>\r
+ <tr>\r
+ <td colspan='3' width='50%' class='base'>\r
+ <font class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></font>\r
+ <input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' />\r
+ </td>\r
+ </tr>\r
+ <tr>\r
+ <td class='base' width='50%'>\r
+ <img src='/blob.gif' alt ='*' align='top' /> \r
+ <font class='base'>$Lang::tr{'this field may be blank'}</font>\r
+ </td>\r
+ <td class='base' width='25%' align='center'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\r
+ <td width='25%' align='center'>\r
+ <input type='hidden' name='ACTION' value='$Lang::tr{'add'}' />\r
+ <input type='submit' name='SUBMIT' value='$buttonText' />\r
+ </td>\r
+ </tr>\r
+</table>\r
+END\r
+;\r
+if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {\r
+ print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n";\r
+} else {\r
+ print "<input type='hidden' name='EDITING' value='no' />\n";\r
+}\r
+&Header::closebox();\r
+print "</form>\n";\r
+\r
+&Header::openbox('100%', 'left', $Lang::tr{'current rules'});\r
+print <<END\r
+<table width='100%'>\r
+<tr>\r
+<td width='7%' class='boldbase' align='center'><b>$Lang::tr{'proto'}</b></td>\r
+<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>\r
+<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'source'}</b></td>\r
+<td width='2%' class='boldbase' align='center'> </td>\r
+<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>\r
+<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'destination'}</b></td>\r
+<td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>\r
+<td width='1%' class='boldbase' align='center'> </td>\r
+<td width='4%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>\r
+END\r
+;\r
+\r
+# Achim Weber: if i add a new rule, this rule is not displayed?!?\r
+# we re-read always config.\r
+# If something has happeened re-read config\r
+#if($cgiparams{'ACTION'} ne '')\r
+#{\r
+ open(FILE, $filename) or die 'Unable to open config file.';\r
+ @current = <FILE>;\r
+ close(FILE);\r
+#}\r
+my $id = 0;\r
+foreach my $line (@current)\r
+{\r
+ my $protocol='';\r
+ my $gif='';\r
+ my $toggle='';\r
+ my $gdesc='';\r
+ $id++;\r
+ chomp($line);\r
+ my @temp = split(/\,/,$line);\r
+ if ($temp[0] eq 'udp') { $protocol = 'UDP'; } else { $protocol = 'TCP' }\r
+\r
+ my $srcnetcolor = ($temp[5] eq 'blue')? ${Header::colourblue} : ${Header::colourorange};\r
+ my $destnetcolor = ($temp[6] eq 'blue')? ${Header::colourblue} : ${Header::colourgreen};\r
+\r
+ if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {\r
+ print "<tr bgcolor='${Header::colouryellow}'>\n"; }\r
+ elsif ($id % 2) {\r
+ print "<tr bgcolor='${Header::table1colour}'>\n"; }\r
+ else {\r
+ print "<tr bgcolor='${Header::table2colour}'>\n"; }\r
+ if ($temp[4] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};}\r
+ else { $gif = 'off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; }\r
+\r
+ # Darren Critchley - Get Port Service Name if we can - code borrowed from firewalllog.dat\r
+ my $dstprt =$temp[3];\r
+ $_=$temp[3];\r
+ if (/^\d+$/) {\r
+ my $servi = uc(getservbyport($temp[3], lc($temp[0])));\r
+ if ($servi ne '' && $temp[3] < 1024) {\r
+ $dstprt = "$dstprt($servi)"; }\r
+ }\r
+ # Darren Critchley - If the line is too long, wrap the port numbers\r
+ my $dstaddr = "$temp[2] : $dstprt";\r
+ if (length($dstaddr) > 26) {\r
+ $dstaddr = "$temp[2] :<br /> $dstprt";\r
+ }\r
+print <<END\r
+<td align='center'>$protocol</td>\r
+<td bgcolor='$srcnetcolor'></td>\r
+<td align='center'>$temp[1]</td>\r
+<td align='center'><img src='/images/forward.gif' /></td>\r
+<td bgcolor='$destnetcolor'></td>\r
+<td align='center'>$dstaddr</td>\r
+<td align='center'>$temp[7]</td>\r
+\r
+<td align='center'>\r
+<form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>\r
+<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' />\r
+<input type='hidden' name='ID' value='$id' />\r
+<input type='hidden' name='ENABLE' value='$toggle' />\r
+<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />\r
+</form>\r
+</td>\r
+\r
+<td align='center'>\r
+<form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>\r
+<input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' />\r
+<input type='hidden' name='ID' value='$id' />\r
+<input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />\r
+</form>\r
+</td>\r
+\r
+<td align='center'>\r
+<form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>\r
+<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' />\r
+<input type='hidden' name='ID' value='$id' />\r
+<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />\r
+</form>\r
+</td>\r
+\r
+</tr>\r
+END\r
+ ;\r
+}\r
+print "</table>\n";\r
+\r
+# If the fixed lease file contains entries, print Key to action icons\r
+if ( ! -z "$filename") {\r
+print <<END\r
+<table>\r
+<tr>\r
+ <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>\r
+ <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>\r
+ <td class='base'>$Lang::tr{'click to disable'}</td>\r
+ <td> <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>\r
+ <td class='base'>$Lang::tr{'click to enable'}</td>\r
+ <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>\r
+ <td class='base'>$Lang::tr{'edit'}</td>\r
+ <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>\r
+ <td class='base'>$Lang::tr{'remove'}</td>\r
+</tr>\r
+</table>\r
+END\r
+;\r
+}\r
+\r
+&Header::closebox();\r
+\r
+&Header::closebigbox();\r
+\r
+&Header::closepage();\r
+\r
+sub validNet\r
+{\r
+ my $srcNet = $_[0];\r
+ my $destNet = $_[1];\r
+\r
+ if ($srcNet eq $destNet) {\r
+ return $Lang::tr{'dmzpinholes for same net not necessary'}; }\r
+ unless ($srcNet =~ /^(blue|orange)$/) {\r
+ return $Lang::tr{'select source net'}; }\r
+ unless ($destNet =~ /^(blue|green)$/) {\r
+ return $Lang::tr{'select dest net'}; }\r
+ \r
+ return '';\r
+}\r
+\r
+sub haveOrangeNet\r
+{\r
+ if ($netsettings{'CONFIG_TYPE'} == 1) {return 1;}\r
+ if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}\r
+ if ($netsettings{'CONFIG_TYPE'} == 5) {return 1;}\r
+ if ($netsettings{'CONFIG_TYPE'} == 7) {return 1;}\r
+ return 0;\r
+}\r
+\r
+sub haveBlueNet\r
+{\r
+ if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}\r
+ if ($netsettings{'CONFIG_TYPE'} == 5) {return 1;}\r
+ if ($netsettings{'CONFIG_TYPE'} == 6) {return 1;}\r
+ if ($netsettings{'CONFIG_TYPE'} == 7) {return 1;}\r
+ return 0;\r
+}\r