]>
Commit | Line | Data |
---|---|---|
ed38f89d | 1 | #!/usr/bin/perl |
70df8302 MT |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2007 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
ed38f89d | 21 | |
bcb30674 EK |
22 | use strict; |
23 | ||
24 | #usable only the following on debugging purpose | |
25 | #use warnings; | |
26 | #use CGI::Carp 'fatalsToBrowser'; | |
ed38f89d MT |
27 | use CGI; |
28 | ||
bcb30674 EK |
29 | require '/var/ipfire/general-functions.pl'; |
30 | require "${General::swroot}/lang.pl"; | |
31 | require "${General::swroot}/header.pl"; | |
32 | ||
33 | ||
c980f4d2 | 34 | my $swroot = "/var/ipfire"; |
ed38f89d MT |
35 | my $apdir = "$swroot/proxy/advanced"; |
36 | my $group_def_file = "$apdir/cre/classrooms"; | |
37 | my $svhosts_file = "$apdir/cre/supervisors"; | |
38 | my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl"; | |
39 | my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl"; | |
40 | ||
41 | my $banner = "A D V A N C E D P R O X Y - W E B A C C E S S M A N A G E R"; | |
42 | my %cgiparams; | |
ed38f89d | 43 | my %proxysettings; |
bcb30674 | 44 | my %temp; |
ed38f89d MT |
45 | |
46 | my %acl=(); | |
47 | my @group_defs=(); | |
48 | my @groups=(); | |
49 | ||
50 | ### Initialize environment | |
ed38f89d | 51 | &readhash("${swroot}/proxy/advanced/settings", \%proxysettings); |
ed38f89d MT |
52 | |
53 | ### Initialize language | |
1f15cc09 | 54 | require "${swroot}/lang.pl"; |
ed38f89d MT |
55 | |
56 | &getcgihash(\%cgiparams); | |
57 | ||
58 | &read_all_groups; | |
59 | &read_acl_groups; | |
60 | ||
61 | foreach (@groups) | |
62 | { | |
bcb30674 EK |
63 | if ($cgiparams{$_} eq $Lang::tr{'advproxy mode deny'}) { $acl{$_}='on'; } |
64 | if ($cgiparams{$_} eq $Lang::tr{'advproxy mode allow'}) { $acl{$_}='off'; } | |
ed38f89d MT |
65 | } |
66 | ||
67 | &read_all_groups; | |
68 | ||
69 | my $is_supervisor=0; | |
70 | ||
71 | if ((-e $svhosts_file) && (!-z $svhosts_file)) | |
72 | { | |
73 | open (FILE, $svhosts_file); | |
74 | while (<FILE>) | |
75 | { | |
76 | chomp; | |
77 | if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; } | |
78 | } | |
79 | close (FILE); | |
80 | ||
81 | } else { $is_supervisor=1; } | |
82 | ||
83 | if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor)) | |
84 | { | |
85 | if ( ($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) || | |
86 | ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))) | |
87 | { | |
88 | &write_acl; | |
c3df33af | 89 | system("/usr/local/bin/squidctrl restart >/dev/null 2>&1"); |
ed38f89d MT |
90 | } |
91 | } | |
92 | ||
93 | &read_acl_groups; | |
94 | ||
95 | #undef(%cgiparams); | |
96 | ||
97 | # ------------------------------------------------------------------- | |
98 | ||
99 | print <<END | |
100 | Pragma: no-cache | |
101 | Cache-control: no-cache | |
102 | Connection: close | |
103 | Content-type: text/html | |
104 | ||
105 | <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'> | |
106 | <html> | |
107 | <head> | |
108 | <meta http-equiv='Content-Type' content='text/html; charset=UTF-8'> | |
109 | <title>Advanced Proxy - Web Access Manager</title> | |
110 | <style type='text/css'> | |
111 | a:link { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; } | |
112 | a:visited { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; } | |
113 | a:hover { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; } | |
114 | a:active { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; } | |
115 | a:focus { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; } | |
116 | </style> | |
117 | </head> | |
118 | <body bgcolor='#FFFFFF'> | |
119 | ||
120 | <center> | |
121 | ||
122 | <form method='post' action='$ENV{'SCRIPT_NAME'}'> | |
123 | ||
124 | <table width='720' cellspacing='10' cellpadding='5' border='0'> | |
125 | ||
126 | <tr> | |
127 | <td bgcolor='#C0C0C0' height='20'></td> | |
128 | </tr> | |
129 | ||
130 | <tr> | |
131 | <td bgcolor='#F4F4F4' align='center'> | |
132 | <table width='100%' cellspacing='10' cellpadding='10' border='0'> | |
133 | ||
134 | <tr> | |
135 | <td nowrap bgcolor='#FFFFFF' align='center'> | |
136 | <font face='verdana,arial,helvetica' color='#000000' size='3'>$banner</font> | |
137 | </td> | |
138 | </tr> | |
139 | ||
140 | END | |
141 | ; | |
142 | if ($proxysettings{'CLASSROOM_EXT'} eq 'on') | |
143 | { | |
144 | if (@groups) | |
145 | { | |
146 | print <<END | |
147 | <tr> | |
148 | <td> | |
149 | <table width='70%' cellspacing='2' cellpadding='2' border='0' align='center'> | |
150 | <tr><td><input type='hidden' name='ACTION' value='submit'></td></tr> | |
151 | <tr> | |
152 | END | |
153 | ; | |
154 | if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))) | |
155 | { | |
156 | print <<END | |
157 | <td align='center'> | |
bcb30674 | 158 | <font face='verdana,arial,helvetica' color='#000000' size='2'>$Lang::tr{'advproxy supervisor password'}:</font> |
ed38f89d MT |
159 | </td> |
160 | <td align='center'><input type='password' name='PASSWORD' size='15'></td> | |
161 | END | |
162 | ; | |
163 | } | |
164 | print <<END | |
165 | </tr> | |
166 | ||
167 | </table> | |
168 | ||
169 | <p> | |
170 | ||
171 | END | |
172 | ; | |
173 | foreach (@groups) { | |
174 | if ($is_supervisor) | |
175 | { | |
176 | print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center' rules='groups'>"; | |
177 | } else { | |
178 | print"<table width='50%' cellspacing='2' cellpadding='6' border='0' align='center' rules='groups'>"; | |
179 | } | |
180 | print "<tr>\n"; | |
181 | if ((defined($acl{$_})) && ($acl{$_} eq 'on')) | |
182 | { | |
183 | print " <td bgcolor='#D00000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; | |
184 | } else { print " <td bgcolor='#00A000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; } | |
185 | if ($is_supervisor) | |
186 | { | |
187 | if ((defined($acl{$_})) && ($acl{$_} eq 'on')) | |
188 | { | |
189 | print "</td><td width='120' align='center'>"; | |
bcb30674 | 190 | print "<input type='submit' name='$_' value=' $Lang::tr{'advproxy mode allow'} '>"; |
ed38f89d MT |
191 | print "</td><td width='16' bgcolor='#D00000'> </td>\n"; |
192 | } else { | |
193 | print "</td><td width='120' align='center'>"; | |
bcb30674 | 194 | print "<input type='submit' name='$_' value=' $Lang::tr{'advproxy mode deny'} '>"; |
ed38f89d MT |
195 | print "</td><td width='16' bgcolor='#00A000'> </td>\n"; |
196 | } | |
197 | } | |
198 | print "</tr>\n"; | |
199 | print "</table>\n"; | |
200 | print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center'>"; | |
201 | print "<tr><td></td></tr>\n"; | |
202 | print "</table>\n"; | |
203 | } | |
204 | ||
205 | print <<END | |
206 | </td> | |
207 | </tr> | |
208 | END | |
209 | ; | |
210 | } else { | |
211 | print " <tr>\n"; | |
212 | print " <td align='center'>\n"; | |
bcb30674 | 213 | print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$Lang::tr{'advproxy no cre groups'}</font>\n"; |
ed38f89d MT |
214 | print " </td>\n"; |
215 | print " </tr>\n"; | |
216 | } | |
217 | } else { | |
218 | print " <tr>\n"; | |
219 | print " <td align='center'>\n"; | |
bcb30674 | 220 | print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$Lang::tr{'advproxy cre disabled'}</font>\n"; |
ed38f89d MT |
221 | print " </td>\n"; |
222 | print " </tr>\n"; | |
223 | } | |
224 | ||
225 | print <<END | |
226 | ||
227 | </table> | |
228 | </td> | |
229 | </tr> | |
230 | ||
231 | ||
232 | <tr> | |
233 | <td bgcolor='#C0C0C0' align='right'> | |
234 | <font face='verdana,arial,helvetica' color='#FFFFFF' size='1'> | |
235 | <a href='http://www.advproxy.net' target='_blank'>Advanced Proxy</a> running on | |
b3b232f1 | 236 | <a href='http://www.ipfire.org' target='_blank'>IPFire</a> |
ed38f89d MT |
237 | </font> |
238 | </td> | |
239 | </tr> | |
240 | ||
241 | </table> | |
242 | ||
243 | </form> | |
244 | ||
245 | </center> | |
246 | ||
247 | </body> | |
248 | ||
249 | </html> | |
250 | END | |
251 | ; | |
252 | ||
253 | # ------------------------------------------------------------------- | |
254 | ||
255 | sub readhash | |
256 | { | |
257 | my $filename = $_[0]; | |
258 | my $hash = $_[1]; | |
259 | my ($var, $val); | |
260 | ||
261 | if (-e $filename) | |
262 | { | |
263 | open(FILE, $filename) or die "Unable to read file $filename"; | |
264 | while (<FILE>) | |
265 | { | |
266 | chop; | |
267 | ($var, $val) = split /=/, $_, 2; | |
268 | if ($var) | |
269 | { | |
270 | $val =~ s/^\'//g; | |
271 | $val =~ s/\'$//g; | |
272 | ||
273 | # Untaint variables read from hash | |
274 | $var =~ /([A-Za-z0-9_-]*)/; $var = $1; | |
275 | $val =~ /([\w\W]*)/; $val = $1; | |
276 | $hash->{$var} = $val; | |
277 | } | |
278 | } | |
279 | close FILE; | |
280 | } | |
281 | } | |
282 | ||
283 | # ------------------------------------------------------------------- | |
284 | ||
285 | sub getcgihash | |
286 | { | |
287 | my ($hash, $params) = @_; | |
288 | my $cgi = CGI->new (); | |
289 | return if ($ENV{'REQUEST_METHOD'} ne 'POST'); | |
290 | if (!$params->{'wantfile'}) { | |
291 | $CGI::DISABLE_UPLOADS = 1; | |
292 | $CGI::POST_MAX = 512 * 1024; | |
293 | } else { | |
294 | $CGI::POST_MAX = 10 * 1024 * 1024; | |
295 | } | |
296 | ||
297 | $cgi->referer() =~ m/^https?\:\/\/([^\/]+)/; | |
298 | my $referer = $1; | |
299 | $cgi->url() =~ m/^https?\:\/\/([^\/]+)/; | |
300 | my $servername = $1; | |
301 | return if ($referer ne $servername); | |
302 | ||
303 | ### Modified for getting multi-vars, split by | | |
304 | %temp = $cgi->Vars(); | |
305 | foreach my $key (keys %temp) { | |
306 | $hash->{$key} = $temp{$key}; | |
307 | $hash->{$key} =~ s/\0/|/g; | |
308 | $hash->{$key} =~ s/^\s*(.*?)\s*$/$1/; | |
309 | } | |
310 | ||
311 | if (($params->{'wantfile'})&&($params->{'filevar'})) { | |
312 | $hash->{$params->{'filevar'}} = $cgi->upload | |
313 | ($params->{'filevar'}); | |
314 | } | |
315 | return; | |
316 | } | |
317 | ||
318 | # ------------------------------------------------------------------- | |
319 | ||
320 | sub read_acl_groups | |
321 | { | |
322 | undef(%acl); | |
323 | open (FILE,"$acl_src_noaccess_ips"); | |
324 | my @aclgroups = <FILE>; | |
325 | close (FILE); | |
326 | foreach (@aclgroups) | |
327 | { | |
328 | chomp; | |
329 | if (/^\#/) | |
330 | { | |
331 | s/^\# //; | |
332 | $acl{$_}='on'; | |
333 | } | |
334 | } | |
335 | } | |
336 | ||
337 | # ------------------------------------------------------------------- | |
338 | ||
339 | sub read_all_groups | |
340 | { | |
341 | my $grpstr; | |
342 | ||
343 | open (FILE,"$group_def_file"); | |
344 | @group_defs = <FILE>; | |
345 | close (FILE); | |
346 | ||
347 | undef(@groups); | |
348 | foreach (@group_defs) | |
349 | { | |
350 | chomp; | |
351 | if (/^\s*\[.*\]\s*$/) | |
352 | { | |
353 | $grpstr=$_; | |
354 | $grpstr =~ s/^\s*\[\s*//; | |
355 | $grpstr =~ s/\s*\]\s*$//; | |
356 | push(@groups,$grpstr); | |
357 | } | |
358 | } | |
359 | } | |
360 | ||
361 | # ------------------------------------------------------------------- | |
362 | ||
363 | sub write_acl | |
364 | { | |
365 | my $is_blocked=0; | |
366 | ||
367 | open (FILE_IPS,">$acl_src_noaccess_ips"); | |
368 | open (FILE_MAC,">$acl_src_noaccess_mac"); | |
369 | flock (FILE_IPS, 2); | |
370 | flock (FILE_MAC, 2); | |
371 | foreach (@group_defs) | |
372 | { | |
373 | if (/^\s*\[.*\]\s*$/) | |
374 | { | |
375 | s/^\s*\[\s*//; | |
376 | s/\s*\]\s*$//; | |
377 | if ((defined($acl{$_})) && ($acl{$_} eq 'on')) | |
378 | { | |
379 | print FILE_IPS "# $_\n"; | |
380 | print FILE_MAC "# $_\n"; | |
381 | $is_blocked=1; | |
382 | } else { $is_blocked=0; } | |
383 | } elsif (($is_blocked) && ($_)) | |
384 | { | |
385 | s/^\s+//g; s/\s+$//g; | |
386 | /^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n"; | |
387 | } | |
388 | } | |
389 | ||
390 | close (FILE_IPS); | |
391 | close (FILE_MAC); | |
392 | } | |
393 | ||
394 | # ------------------------------------------------------------------- |