]>
Commit | Line | Data |
---|---|---|
ed38f89d MT |
1 | #!/usr/bin/perl |
2 | ||
3 | # | |
4 | # $Id: webaccess.cgi,v 2.0 2006/01/11 00:00:00 marco.s Exp $ | |
5 | # | |
6 | ||
7 | use CGI; | |
8 | ||
c980f4d2 | 9 | my $swroot = "/var/ipfire"; |
ed38f89d MT |
10 | my $apdir = "$swroot/proxy/advanced"; |
11 | my $group_def_file = "$apdir/cre/classrooms"; | |
12 | my $svhosts_file = "$apdir/cre/supervisors"; | |
13 | my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl"; | |
14 | my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl"; | |
15 | ||
16 | my $banner = "A D V A N C E D P R O X Y - W E B A C C E S S M A N A G E R"; | |
17 | my %cgiparams; | |
18 | my %mainsettings; | |
19 | my %proxysettings; | |
20 | ||
21 | my %acl=(); | |
22 | my @group_defs=(); | |
23 | my @groups=(); | |
24 | ||
25 | ### Initialize environment | |
26 | &readhash("${swroot}/main/settings", \%mainsettings); | |
27 | &readhash("${swroot}/proxy/advanced/settings", \%proxysettings); | |
28 | $language = $mainsettings{'LANGUAGE'}; | |
29 | ||
30 | ### Initialize language | |
31 | if ($language =~ /^(\w+)$/) {$language = $1;} | |
32 | # | |
33 | # Uncomment this to force a certain language: | |
34 | # $language='en'; | |
35 | # | |
36 | require "${swroot}/langs/en.pl"; | |
37 | require "${swroot}/langs/${language}.pl"; | |
38 | ||
39 | &getcgihash(\%cgiparams); | |
40 | ||
41 | &read_all_groups; | |
42 | &read_acl_groups; | |
43 | ||
44 | foreach (@groups) | |
45 | { | |
46 | if ($cgiparams{$_} eq $tr{'advproxy mode deny'}) { $acl{$_}='on'; } | |
47 | if ($cgiparams{$_} eq $tr{'advproxy mode allow'}) { $acl{$_}='off'; } | |
48 | } | |
49 | ||
50 | &read_all_groups; | |
51 | ||
52 | my $is_supervisor=0; | |
53 | ||
54 | if ((-e $svhosts_file) && (!-z $svhosts_file)) | |
55 | { | |
56 | open (FILE, $svhosts_file); | |
57 | while (<FILE>) | |
58 | { | |
59 | chomp; | |
60 | if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; } | |
61 | } | |
62 | close (FILE); | |
63 | ||
64 | } else { $is_supervisor=1; } | |
65 | ||
66 | if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor)) | |
67 | { | |
68 | if ( ($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) || | |
69 | ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))) | |
70 | { | |
71 | &write_acl; | |
72 | system("/usr/local/bin/restartsquid"); | |
73 | } | |
74 | } | |
75 | ||
76 | &read_acl_groups; | |
77 | ||
78 | #undef(%cgiparams); | |
79 | ||
80 | # ------------------------------------------------------------------- | |
81 | ||
82 | print <<END | |
83 | Pragma: no-cache | |
84 | Cache-control: no-cache | |
85 | Connection: close | |
86 | Content-type: text/html | |
87 | ||
88 | <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'> | |
89 | <html> | |
90 | <head> | |
91 | <meta http-equiv='Content-Type' content='text/html; charset=UTF-8'> | |
92 | <title>Advanced Proxy - Web Access Manager</title> | |
93 | <style type='text/css'> | |
94 | a:link { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; } | |
95 | a:visited { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; } | |
96 | a:hover { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; } | |
97 | a:active { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; } | |
98 | a:focus { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; } | |
99 | </style> | |
100 | </head> | |
101 | <body bgcolor='#FFFFFF'> | |
102 | ||
103 | <center> | |
104 | ||
105 | <form method='post' action='$ENV{'SCRIPT_NAME'}'> | |
106 | ||
107 | <table width='720' cellspacing='10' cellpadding='5' border='0'> | |
108 | ||
109 | <tr> | |
110 | <td bgcolor='#C0C0C0' height='20'></td> | |
111 | </tr> | |
112 | ||
113 | <tr> | |
114 | <td bgcolor='#F4F4F4' align='center'> | |
115 | <table width='100%' cellspacing='10' cellpadding='10' border='0'> | |
116 | ||
117 | <tr> | |
118 | <td nowrap bgcolor='#FFFFFF' align='center'> | |
119 | <font face='verdana,arial,helvetica' color='#000000' size='3'>$banner</font> | |
120 | </td> | |
121 | </tr> | |
122 | ||
123 | END | |
124 | ; | |
125 | if ($proxysettings{'CLASSROOM_EXT'} eq 'on') | |
126 | { | |
127 | if (@groups) | |
128 | { | |
129 | print <<END | |
130 | <tr> | |
131 | <td> | |
132 | <table width='70%' cellspacing='2' cellpadding='2' border='0' align='center'> | |
133 | <tr><td><input type='hidden' name='ACTION' value='submit'></td></tr> | |
134 | <tr> | |
135 | END | |
136 | ; | |
137 | if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))) | |
138 | { | |
139 | print <<END | |
140 | <td align='center'> | |
141 | <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy supervisor password'}:</font> | |
142 | </td> | |
143 | <td align='center'><input type='password' name='PASSWORD' size='15'></td> | |
144 | END | |
145 | ; | |
146 | } | |
147 | print <<END | |
148 | </tr> | |
149 | ||
150 | </table> | |
151 | ||
152 | <p> | |
153 | ||
154 | END | |
155 | ; | |
156 | foreach (@groups) { | |
157 | if ($is_supervisor) | |
158 | { | |
159 | print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center' rules='groups'>"; | |
160 | } else { | |
161 | print"<table width='50%' cellspacing='2' cellpadding='6' border='0' align='center' rules='groups'>"; | |
162 | } | |
163 | print "<tr>\n"; | |
164 | if ((defined($acl{$_})) && ($acl{$_} eq 'on')) | |
165 | { | |
166 | print " <td bgcolor='#D00000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; | |
167 | } else { print " <td bgcolor='#00A000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; } | |
168 | if ($is_supervisor) | |
169 | { | |
170 | if ((defined($acl{$_})) && ($acl{$_} eq 'on')) | |
171 | { | |
172 | print "</td><td width='120' align='center'>"; | |
173 | print "<input type='submit' name='$_' value=' $tr{'advproxy mode allow'} '>"; | |
174 | print "</td><td width='16' bgcolor='#D00000'> </td>\n"; | |
175 | } else { | |
176 | print "</td><td width='120' align='center'>"; | |
177 | print "<input type='submit' name='$_' value=' $tr{'advproxy mode deny'} '>"; | |
178 | print "</td><td width='16' bgcolor='#00A000'> </td>\n"; | |
179 | } | |
180 | } | |
181 | print "</tr>\n"; | |
182 | print "</table>\n"; | |
183 | print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center'>"; | |
184 | print "<tr><td></td></tr>\n"; | |
185 | print "</table>\n"; | |
186 | } | |
187 | ||
188 | print <<END | |
189 | </td> | |
190 | </tr> | |
191 | END | |
192 | ; | |
193 | } else { | |
194 | print " <tr>\n"; | |
195 | print " <td align='center'>\n"; | |
196 | print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy no cre groups'}</font>\n"; | |
197 | print " </td>\n"; | |
198 | print " </tr>\n"; | |
199 | } | |
200 | } else { | |
201 | print " <tr>\n"; | |
202 | print " <td align='center'>\n"; | |
203 | print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy cre disabled'}</font>\n"; | |
204 | print " </td>\n"; | |
205 | print " </tr>\n"; | |
206 | } | |
207 | ||
208 | print <<END | |
209 | ||
210 | </table> | |
211 | </td> | |
212 | </tr> | |
213 | ||
214 | ||
215 | <tr> | |
216 | <td bgcolor='#C0C0C0' align='right'> | |
217 | <font face='verdana,arial,helvetica' color='#FFFFFF' size='1'> | |
218 | <a href='http://www.advproxy.net' target='_blank'>Advanced Proxy</a> running on | |
219 | <a href='http://www.ipcop.org' target='_blank'>IPCop</a> | |
220 | </font> | |
221 | </td> | |
222 | </tr> | |
223 | ||
224 | </table> | |
225 | ||
226 | </form> | |
227 | ||
228 | </center> | |
229 | ||
230 | </body> | |
231 | ||
232 | </html> | |
233 | END | |
234 | ; | |
235 | ||
236 | # ------------------------------------------------------------------- | |
237 | ||
238 | sub readhash | |
239 | { | |
240 | my $filename = $_[0]; | |
241 | my $hash = $_[1]; | |
242 | my ($var, $val); | |
243 | ||
244 | if (-e $filename) | |
245 | { | |
246 | open(FILE, $filename) or die "Unable to read file $filename"; | |
247 | while (<FILE>) | |
248 | { | |
249 | chop; | |
250 | ($var, $val) = split /=/, $_, 2; | |
251 | if ($var) | |
252 | { | |
253 | $val =~ s/^\'//g; | |
254 | $val =~ s/\'$//g; | |
255 | ||
256 | # Untaint variables read from hash | |
257 | $var =~ /([A-Za-z0-9_-]*)/; $var = $1; | |
258 | $val =~ /([\w\W]*)/; $val = $1; | |
259 | $hash->{$var} = $val; | |
260 | } | |
261 | } | |
262 | close FILE; | |
263 | } | |
264 | } | |
265 | ||
266 | # ------------------------------------------------------------------- | |
267 | ||
268 | sub getcgihash | |
269 | { | |
270 | my ($hash, $params) = @_; | |
271 | my $cgi = CGI->new (); | |
272 | return if ($ENV{'REQUEST_METHOD'} ne 'POST'); | |
273 | if (!$params->{'wantfile'}) { | |
274 | $CGI::DISABLE_UPLOADS = 1; | |
275 | $CGI::POST_MAX = 512 * 1024; | |
276 | } else { | |
277 | $CGI::POST_MAX = 10 * 1024 * 1024; | |
278 | } | |
279 | ||
280 | $cgi->referer() =~ m/^https?\:\/\/([^\/]+)/; | |
281 | my $referer = $1; | |
282 | $cgi->url() =~ m/^https?\:\/\/([^\/]+)/; | |
283 | my $servername = $1; | |
284 | return if ($referer ne $servername); | |
285 | ||
286 | ### Modified for getting multi-vars, split by | | |
287 | %temp = $cgi->Vars(); | |
288 | foreach my $key (keys %temp) { | |
289 | $hash->{$key} = $temp{$key}; | |
290 | $hash->{$key} =~ s/\0/|/g; | |
291 | $hash->{$key} =~ s/^\s*(.*?)\s*$/$1/; | |
292 | } | |
293 | ||
294 | if (($params->{'wantfile'})&&($params->{'filevar'})) { | |
295 | $hash->{$params->{'filevar'}} = $cgi->upload | |
296 | ($params->{'filevar'}); | |
297 | } | |
298 | return; | |
299 | } | |
300 | ||
301 | # ------------------------------------------------------------------- | |
302 | ||
303 | sub read_acl_groups | |
304 | { | |
305 | undef(%acl); | |
306 | open (FILE,"$acl_src_noaccess_ips"); | |
307 | my @aclgroups = <FILE>; | |
308 | close (FILE); | |
309 | foreach (@aclgroups) | |
310 | { | |
311 | chomp; | |
312 | if (/^\#/) | |
313 | { | |
314 | s/^\# //; | |
315 | $acl{$_}='on'; | |
316 | } | |
317 | } | |
318 | } | |
319 | ||
320 | # ------------------------------------------------------------------- | |
321 | ||
322 | sub read_all_groups | |
323 | { | |
324 | my $grpstr; | |
325 | ||
326 | open (FILE,"$group_def_file"); | |
327 | @group_defs = <FILE>; | |
328 | close (FILE); | |
329 | ||
330 | undef(@groups); | |
331 | foreach (@group_defs) | |
332 | { | |
333 | chomp; | |
334 | if (/^\s*\[.*\]\s*$/) | |
335 | { | |
336 | $grpstr=$_; | |
337 | $grpstr =~ s/^\s*\[\s*//; | |
338 | $grpstr =~ s/\s*\]\s*$//; | |
339 | push(@groups,$grpstr); | |
340 | } | |
341 | } | |
342 | } | |
343 | ||
344 | # ------------------------------------------------------------------- | |
345 | ||
346 | sub write_acl | |
347 | { | |
348 | my $is_blocked=0; | |
349 | ||
350 | open (FILE_IPS,">$acl_src_noaccess_ips"); | |
351 | open (FILE_MAC,">$acl_src_noaccess_mac"); | |
352 | flock (FILE_IPS, 2); | |
353 | flock (FILE_MAC, 2); | |
354 | foreach (@group_defs) | |
355 | { | |
356 | if (/^\s*\[.*\]\s*$/) | |
357 | { | |
358 | s/^\s*\[\s*//; | |
359 | s/\s*\]\s*$//; | |
360 | if ((defined($acl{$_})) && ($acl{$_} eq 'on')) | |
361 | { | |
362 | print FILE_IPS "# $_\n"; | |
363 | print FILE_MAC "# $_\n"; | |
364 | $is_blocked=1; | |
365 | } else { $is_blocked=0; } | |
366 | } elsif (($is_blocked) && ($_)) | |
367 | { | |
368 | s/^\s+//g; s/\s+$//g; | |
369 | /^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n"; | |
370 | } | |
371 | } | |
372 | ||
373 | close (FILE_IPS); | |
374 | close (FILE_MAC); | |
375 | } | |
376 | ||
377 | # ------------------------------------------------------------------- |