]>
Commit | Line | Data |
---|---|---|
ed38f89d | 1 | #!/usr/bin/perl |
70df8302 MT |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2007 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
ed38f89d MT |
21 | |
22 | use CGI; | |
23 | ||
c980f4d2 | 24 | my $swroot = "/var/ipfire"; |
ed38f89d MT |
25 | my $apdir = "$swroot/proxy/advanced"; |
26 | my $group_def_file = "$apdir/cre/classrooms"; | |
27 | my $svhosts_file = "$apdir/cre/supervisors"; | |
28 | my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl"; | |
29 | my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl"; | |
30 | ||
31 | my $banner = "A D V A N C E D P R O X Y - W E B A C C E S S M A N A G E R"; | |
32 | my %cgiparams; | |
33 | my %mainsettings; | |
34 | my %proxysettings; | |
35 | ||
36 | my %acl=(); | |
37 | my @group_defs=(); | |
38 | my @groups=(); | |
39 | ||
40 | ### Initialize environment | |
41 | &readhash("${swroot}/main/settings", \%mainsettings); | |
42 | &readhash("${swroot}/proxy/advanced/settings", \%proxysettings); | |
43 | $language = $mainsettings{'LANGUAGE'}; | |
44 | ||
45 | ### Initialize language | |
46 | if ($language =~ /^(\w+)$/) {$language = $1;} | |
47 | # | |
48 | # Uncomment this to force a certain language: | |
49 | # $language='en'; | |
50 | # | |
51 | require "${swroot}/langs/en.pl"; | |
52 | require "${swroot}/langs/${language}.pl"; | |
53 | ||
54 | &getcgihash(\%cgiparams); | |
55 | ||
56 | &read_all_groups; | |
57 | &read_acl_groups; | |
58 | ||
59 | foreach (@groups) | |
60 | { | |
61 | if ($cgiparams{$_} eq $tr{'advproxy mode deny'}) { $acl{$_}='on'; } | |
62 | if ($cgiparams{$_} eq $tr{'advproxy mode allow'}) { $acl{$_}='off'; } | |
63 | } | |
64 | ||
65 | &read_all_groups; | |
66 | ||
67 | my $is_supervisor=0; | |
68 | ||
69 | if ((-e $svhosts_file) && (!-z $svhosts_file)) | |
70 | { | |
71 | open (FILE, $svhosts_file); | |
72 | while (<FILE>) | |
73 | { | |
74 | chomp; | |
75 | if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; } | |
76 | } | |
77 | close (FILE); | |
78 | ||
79 | } else { $is_supervisor=1; } | |
80 | ||
81 | if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor)) | |
82 | { | |
83 | if ( ($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) || | |
84 | ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))) | |
85 | { | |
86 | &write_acl; | |
c3df33af | 87 | system("/usr/local/bin/squidctrl restart >/dev/null 2>&1"); |
ed38f89d MT |
88 | } |
89 | } | |
90 | ||
91 | &read_acl_groups; | |
92 | ||
93 | #undef(%cgiparams); | |
94 | ||
95 | # ------------------------------------------------------------------- | |
96 | ||
97 | print <<END | |
98 | Pragma: no-cache | |
99 | Cache-control: no-cache | |
100 | Connection: close | |
101 | Content-type: text/html | |
102 | ||
103 | <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'> | |
104 | <html> | |
105 | <head> | |
106 | <meta http-equiv='Content-Type' content='text/html; charset=UTF-8'> | |
107 | <title>Advanced Proxy - Web Access Manager</title> | |
108 | <style type='text/css'> | |
109 | a:link { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; } | |
110 | a:visited { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; } | |
111 | a:hover { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; } | |
112 | a:active { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; } | |
113 | a:focus { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; } | |
114 | </style> | |
115 | </head> | |
116 | <body bgcolor='#FFFFFF'> | |
117 | ||
118 | <center> | |
119 | ||
120 | <form method='post' action='$ENV{'SCRIPT_NAME'}'> | |
121 | ||
122 | <table width='720' cellspacing='10' cellpadding='5' border='0'> | |
123 | ||
124 | <tr> | |
125 | <td bgcolor='#C0C0C0' height='20'></td> | |
126 | </tr> | |
127 | ||
128 | <tr> | |
129 | <td bgcolor='#F4F4F4' align='center'> | |
130 | <table width='100%' cellspacing='10' cellpadding='10' border='0'> | |
131 | ||
132 | <tr> | |
133 | <td nowrap bgcolor='#FFFFFF' align='center'> | |
134 | <font face='verdana,arial,helvetica' color='#000000' size='3'>$banner</font> | |
135 | </td> | |
136 | </tr> | |
137 | ||
138 | END | |
139 | ; | |
140 | if ($proxysettings{'CLASSROOM_EXT'} eq 'on') | |
141 | { | |
142 | if (@groups) | |
143 | { | |
144 | print <<END | |
145 | <tr> | |
146 | <td> | |
147 | <table width='70%' cellspacing='2' cellpadding='2' border='0' align='center'> | |
148 | <tr><td><input type='hidden' name='ACTION' value='submit'></td></tr> | |
149 | <tr> | |
150 | END | |
151 | ; | |
152 | if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))) | |
153 | { | |
154 | print <<END | |
155 | <td align='center'> | |
156 | <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy supervisor password'}:</font> | |
157 | </td> | |
158 | <td align='center'><input type='password' name='PASSWORD' size='15'></td> | |
159 | END | |
160 | ; | |
161 | } | |
162 | print <<END | |
163 | </tr> | |
164 | ||
165 | </table> | |
166 | ||
167 | <p> | |
168 | ||
169 | END | |
170 | ; | |
171 | foreach (@groups) { | |
172 | if ($is_supervisor) | |
173 | { | |
174 | print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center' rules='groups'>"; | |
175 | } else { | |
176 | print"<table width='50%' cellspacing='2' cellpadding='6' border='0' align='center' rules='groups'>"; | |
177 | } | |
178 | print "<tr>\n"; | |
179 | if ((defined($acl{$_})) && ($acl{$_} eq 'on')) | |
180 | { | |
181 | print " <td bgcolor='#D00000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; | |
182 | } else { print " <td bgcolor='#00A000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; } | |
183 | if ($is_supervisor) | |
184 | { | |
185 | if ((defined($acl{$_})) && ($acl{$_} eq 'on')) | |
186 | { | |
187 | print "</td><td width='120' align='center'>"; | |
188 | print "<input type='submit' name='$_' value=' $tr{'advproxy mode allow'} '>"; | |
189 | print "</td><td width='16' bgcolor='#D00000'> </td>\n"; | |
190 | } else { | |
191 | print "</td><td width='120' align='center'>"; | |
192 | print "<input type='submit' name='$_' value=' $tr{'advproxy mode deny'} '>"; | |
193 | print "</td><td width='16' bgcolor='#00A000'> </td>\n"; | |
194 | } | |
195 | } | |
196 | print "</tr>\n"; | |
197 | print "</table>\n"; | |
198 | print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center'>"; | |
199 | print "<tr><td></td></tr>\n"; | |
200 | print "</table>\n"; | |
201 | } | |
202 | ||
203 | print <<END | |
204 | </td> | |
205 | </tr> | |
206 | END | |
207 | ; | |
208 | } else { | |
209 | print " <tr>\n"; | |
210 | print " <td align='center'>\n"; | |
211 | print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy no cre groups'}</font>\n"; | |
212 | print " </td>\n"; | |
213 | print " </tr>\n"; | |
214 | } | |
215 | } else { | |
216 | print " <tr>\n"; | |
217 | print " <td align='center'>\n"; | |
218 | print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy cre disabled'}</font>\n"; | |
219 | print " </td>\n"; | |
220 | print " </tr>\n"; | |
221 | } | |
222 | ||
223 | print <<END | |
224 | ||
225 | </table> | |
226 | </td> | |
227 | </tr> | |
228 | ||
229 | ||
230 | <tr> | |
231 | <td bgcolor='#C0C0C0' align='right'> | |
232 | <font face='verdana,arial,helvetica' color='#FFFFFF' size='1'> | |
233 | <a href='http://www.advproxy.net' target='_blank'>Advanced Proxy</a> running on | |
234 | <a href='http://www.ipcop.org' target='_blank'>IPCop</a> | |
235 | </font> | |
236 | </td> | |
237 | </tr> | |
238 | ||
239 | </table> | |
240 | ||
241 | </form> | |
242 | ||
243 | </center> | |
244 | ||
245 | </body> | |
246 | ||
247 | </html> | |
248 | END | |
249 | ; | |
250 | ||
251 | # ------------------------------------------------------------------- | |
252 | ||
253 | sub readhash | |
254 | { | |
255 | my $filename = $_[0]; | |
256 | my $hash = $_[1]; | |
257 | my ($var, $val); | |
258 | ||
259 | if (-e $filename) | |
260 | { | |
261 | open(FILE, $filename) or die "Unable to read file $filename"; | |
262 | while (<FILE>) | |
263 | { | |
264 | chop; | |
265 | ($var, $val) = split /=/, $_, 2; | |
266 | if ($var) | |
267 | { | |
268 | $val =~ s/^\'//g; | |
269 | $val =~ s/\'$//g; | |
270 | ||
271 | # Untaint variables read from hash | |
272 | $var =~ /([A-Za-z0-9_-]*)/; $var = $1; | |
273 | $val =~ /([\w\W]*)/; $val = $1; | |
274 | $hash->{$var} = $val; | |
275 | } | |
276 | } | |
277 | close FILE; | |
278 | } | |
279 | } | |
280 | ||
281 | # ------------------------------------------------------------------- | |
282 | ||
283 | sub getcgihash | |
284 | { | |
285 | my ($hash, $params) = @_; | |
286 | my $cgi = CGI->new (); | |
287 | return if ($ENV{'REQUEST_METHOD'} ne 'POST'); | |
288 | if (!$params->{'wantfile'}) { | |
289 | $CGI::DISABLE_UPLOADS = 1; | |
290 | $CGI::POST_MAX = 512 * 1024; | |
291 | } else { | |
292 | $CGI::POST_MAX = 10 * 1024 * 1024; | |
293 | } | |
294 | ||
295 | $cgi->referer() =~ m/^https?\:\/\/([^\/]+)/; | |
296 | my $referer = $1; | |
297 | $cgi->url() =~ m/^https?\:\/\/([^\/]+)/; | |
298 | my $servername = $1; | |
299 | return if ($referer ne $servername); | |
300 | ||
301 | ### Modified for getting multi-vars, split by | | |
302 | %temp = $cgi->Vars(); | |
303 | foreach my $key (keys %temp) { | |
304 | $hash->{$key} = $temp{$key}; | |
305 | $hash->{$key} =~ s/\0/|/g; | |
306 | $hash->{$key} =~ s/^\s*(.*?)\s*$/$1/; | |
307 | } | |
308 | ||
309 | if (($params->{'wantfile'})&&($params->{'filevar'})) { | |
310 | $hash->{$params->{'filevar'}} = $cgi->upload | |
311 | ($params->{'filevar'}); | |
312 | } | |
313 | return; | |
314 | } | |
315 | ||
316 | # ------------------------------------------------------------------- | |
317 | ||
318 | sub read_acl_groups | |
319 | { | |
320 | undef(%acl); | |
321 | open (FILE,"$acl_src_noaccess_ips"); | |
322 | my @aclgroups = <FILE>; | |
323 | close (FILE); | |
324 | foreach (@aclgroups) | |
325 | { | |
326 | chomp; | |
327 | if (/^\#/) | |
328 | { | |
329 | s/^\# //; | |
330 | $acl{$_}='on'; | |
331 | } | |
332 | } | |
333 | } | |
334 | ||
335 | # ------------------------------------------------------------------- | |
336 | ||
337 | sub read_all_groups | |
338 | { | |
339 | my $grpstr; | |
340 | ||
341 | open (FILE,"$group_def_file"); | |
342 | @group_defs = <FILE>; | |
343 | close (FILE); | |
344 | ||
345 | undef(@groups); | |
346 | foreach (@group_defs) | |
347 | { | |
348 | chomp; | |
349 | if (/^\s*\[.*\]\s*$/) | |
350 | { | |
351 | $grpstr=$_; | |
352 | $grpstr =~ s/^\s*\[\s*//; | |
353 | $grpstr =~ s/\s*\]\s*$//; | |
354 | push(@groups,$grpstr); | |
355 | } | |
356 | } | |
357 | } | |
358 | ||
359 | # ------------------------------------------------------------------- | |
360 | ||
361 | sub write_acl | |
362 | { | |
363 | my $is_blocked=0; | |
364 | ||
365 | open (FILE_IPS,">$acl_src_noaccess_ips"); | |
366 | open (FILE_MAC,">$acl_src_noaccess_mac"); | |
367 | flock (FILE_IPS, 2); | |
368 | flock (FILE_MAC, 2); | |
369 | foreach (@group_defs) | |
370 | { | |
371 | if (/^\s*\[.*\]\s*$/) | |
372 | { | |
373 | s/^\s*\[\s*//; | |
374 | s/\s*\]\s*$//; | |
375 | if ((defined($acl{$_})) && ($acl{$_} eq 'on')) | |
376 | { | |
377 | print FILE_IPS "# $_\n"; | |
378 | print FILE_MAC "# $_\n"; | |
379 | $is_blocked=1; | |
380 | } else { $is_blocked=0; } | |
381 | } elsif (($is_blocked) && ($_)) | |
382 | { | |
383 | s/^\s+//g; s/\s+$//g; | |
384 | /^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n"; | |
385 | } | |
386 | } | |
387 | ||
388 | close (FILE_IPS); | |
389 | close (FILE_MAC); | |
390 | } | |
391 | ||
392 | # ------------------------------------------------------------------- |