require "${General::swroot}/network-functions.pl";
+# This function executes a shell command without forking a shell or do any other
+# Perl-voodoo before it. It deprecates the "system" command and is the only way
+# to call shell commands.
+sub safe_system($) {
+ my @command = @_;
+
+ system { ${command[0]} } @command;
+
+ # Return exit code
+ return $? >> 8;
+}
+
+# Calls a process in the background and returns nothing
+sub system_background($) {
+ my $pid = fork();
+
+ unless ($pid) {
+ my $rc = &system(@_);
+ exit($rc);
+ }
+
+ return 0;
+}
+
+# Returns the output of a shell command
+sub system_output($) {
+ my @command = @_;
+ my $pid;
+ my @output = ();
+
+ unless ($pid = open(OUTPUT, "-|")) {
+ open(STDERR, ">&STDOUT");
+ exec { ${command[0]} } @command;
+ die "Could not execute @command: $!";
+ }
+
+ waitpid($pid, 0);
+
+ while (<OUTPUT>) {
+ push(@output, $_);
+ }
+ close(OUTPUT);
+
+ return @output;
+}
+
+# Calls a shell command and throws away the output
+sub system($) {
+ my @command = @_;
+
+ open(SAVEOUT, ">&STDOUT");
+ open(SAVEERR, ">&STDERR");
+
+ open(STDOUT, ">/dev/null");
+ open(STDERR, ">&STDOUT");
+
+ select(STDERR); $|=1;
+ select(STDOUT); $|=1;
+
+ my $rc = &safe_system(@command);
+
+ close(STDOUT);
+ close(STDERR);
+
+ # Restore
+ open(STDOUT, ">&SAVEOUT");
+ open(STDERR, ">&SAVEERR");
+
+ return $rc;
+}
+
# Function to remove duplicates from an array
sub uniq { my %seen; grep !$seen{$_}++, @_ }
#
sub checkdiskspace () {
# Call diskfree to gather the free disk space of /var.
- my @df = `/bin/df -B M /var`;
+ my @df = &General::system_output("/bin/df", "-B", "M", "/var");
# Loop through the output.
foreach my $line (@df) {
# Call the suricatactrl binary and pass the "cron" command
# with the requrested interval.
- system("$suricatactrl $option $interval &>/dev/null");
+ &General::system("$suricatactrl", "$option", "$interval");
# Return "1" - True.
return 1;
} else {
# Call the suricatactrl binary and pass the requrested
# option to it.
- system("$suricatactrl $option &>/dev/null");
+ &General::system("$suricatactrl", "$option");
# Return "1" - True.
return 1;
my $intf = shift;
if (!$wireless_status{$intf}) {
- $wireless_status{$intf} = `iwconfig $intf`;
+ $wireless_status{$intf} = &General::system_output("iwconfig", "$intf");
}
return $wireless_status{$intf};
#
sub BuildConfiguration {
# Restart service associated with this
- system '/usr/local/bin/setaliases';
+ &General::system('/usr/local/bin/setaliases');
}
#
############################################################################################################################
################################################ Workaround for Directories ################################################
-system("/usr/local/bin/backupctrl makedirs >/dev/null 2>&1 ") unless ( -e '/var/ipfire/backup/addons/backup') ;
+&General::system("/usr/local/bin/backupctrl", "makedirs") unless ( -e '/var/ipfire/backup/addons/backup') ;
############################################################################################################################
############################################## System calls ohne Http Header ###############################################
print UPLOADFILE;
}
close UPLOADFILE;
- system("/usr/local/bin/backupctrl restore >/dev/null 2>&1");
+ &General::system("/usr/local/bin/backupctrl", "restore");
}
elsif ( $cgiparams{'ACTION'} eq "restoreaddon" )
{
print UPLOADFILE;
}
close UPLOADFILE;
- system("/usr/local/bin/backupctrl restoreaddon ".$temp[$#temp]." >/dev/null 2>&1");
+ &General::system("/usr/local/bin/backupctrl", "restoreaddon", $temp[$#temp]);
}
&Header::showhttpheaders();
if ( $cgiparams{'ACTION'} eq "backup" )
{
if ( $cgiparams{'BACKUPLOGS'} eq "include" ) {
- system("/usr/local/bin/backupctrl include >/dev/null 2>&1");
+ &General::system("/usr/local/bin/backupctrl", "include");
} elsif ( $cgiparams{'BACKUPLOGS'} eq "exclude" ) {
- system("/usr/local/bin/backupctrl exclude >/dev/null 2>&1");
+ &General::system("/usr/local/bin/backupctrl", "exclude");
} elsif ( $cgiparams{'BACKUPLOGS'} eq "iso" ) {
- system("/usr/local/bin/backupctrl iso >/dev/null 2>&1");
+ &General::system("/usr/local/bin/backupctrl", "iso");
}
}
if ( $cgiparams{'ACTION'} eq "addonbackup" )
# Check if the addon exists
exit(1) unless (-e "/var/ipfire/backup/addons/includes/$cgiparams{'ADDON'}");
- system("/usr/local/bin/backupctrl addonbackup $cgiparams{'ADDON'} >/dev/null 2>&1");
+ &General::system("/usr/local/bin/backupctrl", "addonbackup", "$cgiparams{'ADDON'}");
}
elsif ( $cgiparams{'ACTION'} eq "delete" )
{
my $file = &sanitise_file($cgiparams{'FILE'});
exit(1) unless defined($file);
- system("/usr/local/bin/backupctrl $file >/dev/null 2>&1");
+ &General::system("/usr/local/bin/backupctrl", "$file");
}
############################################################################################################################
my $clients="${General::swroot}/captive/clients";
my %clientshash=();
my $settingsfile="${General::swroot}/captive/settings";
-unless (-e $settingsfile) { system("touch $settingsfile"); }
+unless (-e $settingsfile) { &General::system("touch $settingsfile"); }
&Header::getcgihash(\%cgiparams);
}
}
+# Call safe system_output function to get all available routes.
+my @all_routes = &General::system_output("/sbin/route", "-n");
+
# Add Green Firewall Interface
push(@network, $netsettings{'GREEN_ADDRESS'});
push(@masklen, "255.255.255.255" );
push(@colour, ${Header::colourgreen} );
# Add Green Routes to Array
-my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`;
+my @routes = grep (/$netsettings{'GREEN_DEV'}/, @all_routes);
foreach my $route (@routes) {
chomp($route);
my @temp = split(/[\t ]+/, $route);
push(@colour, ${Header::colourblue} );
# Add Blue Routes to Array
- @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`;
+ @routes = grep(/$netsettings{'BLUE_DEV'}/, @all_routes);
foreach my $route (@routes) {
chomp($route);
my @temp = split(/[\t ]+/, $route);
push(@masklen, $netsettings{'ORANGE_NETMASK'} );
push(@colour, ${Header::colourorange} );
# Add Orange Routes to Array
- @routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`;
+ @routes = grep(/$netsettings{'ORANGE_DEV'}/, @all_routes);
foreach my $route (@routes) {
chomp($route);
my @temp = split(/[\t ]+/, $route);
# Handle forced updates.
#
if ($settings{'ACTION'} eq $Lang::tr{'instant update'}) {
- system(@ddnsprog) == 0 or die "@ddnsprog failed: $?\n";
+ &General::system(@ddnsprog) == 0 or die "@ddnsprog failed: $?\n";
}
#
our @current2 = <FILE>;
close(FILE);
+# Open and read-in file which contains the list of allowed advanced options.
+open(FILE, $filename3) or die "Could not open $filename3. $!\n";
+
+# Grab file content.
+my @advoptions_list = <FILE>;
+
+# Close file handle.
+close(FILE);
+
# Check Settings1 first because they are needed by &buildconf
if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) {
foreach my $itf (@ITFs) {
map ($dhcpsettings{"ADVOPT_SCOPE_$_"} = 'off', @ITFs); # force global
} elsif (ValidNewOption ($dhcpsettings{'ADVOPT_NAME'} . ' ' . $dhcpsettings{'ADVOPT_DATA'})) {
#was a new option
- } elsif (! `grep "\$option $dhcpsettings{'ADVOPT_NAME'} " $filename3`) {
+ } elsif (! grep(/option $dhcpsettings{'ADVOPT_NAME'}/, @advoptions_list)) {
$errormessage=$Lang::tr{'dhcp advopt unknown'}.': '.$dhcpsettings{'ADVOPT_NAME'};
}
}
#search if the 'option' is in the list and print the syntax model
-my $opt = `grep "\$option $dhcpsettings{'ADVOPT_NAME'} " $filename3`;
+my $opt;
+
+# Check if a advanced option name is set.
+if ($dhcpsettings{'ADVOPT_NAME'}) {
+ # Check if the name is part of the list and grab syntax.
+ my @opt = grep(/option $dhcpsettings{'ADVOPT_NAME'}/, @advoptions_list);
+
+ # Assign array element to variable.
+ $opt = @opt[0];
+
+ # Remove newlines.
+ chomp($opt);
+}
+
if ($opt ne '') {
$opt =~ s/option $dhcpsettings{'ADVOPT_NAME'}/Syntax:/; # "option xyz abc" => "syntax: abc"
$opt =~ s/;//;
print FILE "}\n\n";
}
- system ('/usr/bin/touch', "${General::swroot}/dhcp/enable_${lc_itf}");
+ &General::system('/usr/bin/touch', "${General::swroot}/dhcp/enable_${lc_itf}");
&General::log("DHCP on ${itf}: " . $Lang::tr{'dhcp server enabled'})
} else {
unlink "${General::swroot}/dhcp/enable_${lc_itf}";
}
print FILE "include \"${General::swroot}/dhcp/dhcpd.conf.local\";\n";
close FILE;
- if ( $dhcpsettings{"ENABLE_GREEN"} eq 'on' || $dhcpsettings{"ENABLE_BLUE"} eq 'on' ) {system '/usr/local/bin/dhcpctrl enable >/dev/null 2>&1';}
- else {system '/usr/local/bin/dhcpctrl disable >/dev/null 2>&1';}
- system '/usr/local/bin/dhcpctrl restart >/dev/null 2>&1 &';
+ if ( $dhcpsettings{"ENABLE_GREEN"} eq 'on' || $dhcpsettings{"ENABLE_BLUE"} eq 'on' ) {&General::system('/usr/local/bin/dhcpctrl', 'enable');}
+ else {&General::system('/usr/local/bin/dhcpctrl', 'disable');}
+ &General::system_background('/usr/local/bin/dhcpctrl', 'restart');
}
#
my $servers_file = "${General::swroot}/dns/servers";
# Create files if the does not exist.
-unless (-f $settings_file) { system("touch $settings_file") };
-unless (-f $servers_file) { system("touch $servers_file") };
+unless (-f $settings_file) { &General::system("touch", "$settings_file") };
+unless (-f $servers_file) { &General::system("touch", "$servers_file") };
# File which stores the ISP assigned DNS servers.
my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
&IDS::call_suricatactrl("restart");
}
# Restart unbound
- system('/usr/local/bin/unboundctrl reload >/dev/null');
+ &General::system('/usr/local/bin/unboundctrl', 'reload');
}
# Check if the system is online (RED is connected).
}
}
# Restart unbound
- system('/usr/local/bin/unboundctrl reload >/dev/null');
+ &General::system('/usr/local/bin/unboundctrl', 'reload');
}
###
}
close(FILE);
# Restart unbound.
- system('/usr/local/bin/unboundctrl reload >/dev/null');
+ &General::system('/usr/local/bin/unboundctrl', 'reload');
}
###
}
close(FILE);
# Restart unbound.
- system('/usr/local/bin/unboundctrl reload >/dev/null');
+ &General::system('/usr/local/bin/unboundctrl', 'reload');
}
###
my @dummy = ( ${Header::colourgreen}, ${Header::colourred} );
undef (@dummy);
-system("/usr/local/bin/extrahdctrl scanhd ide >/dev/null");
-system("/usr/local/bin/extrahdctrl scanhd partitions >/dev/null");
+&General::system("/usr/local/bin/extrahdctrl", "scanhd", "ide");
+&General::system("/usr/local/bin/extrahdctrl", "scanhd", "partitions");
&Header::showhttpheaders();
UUID=$extrahdsettings{'UUID'};$extrahdsettings{'FS'};$extrahdsettings{'PATH'};
END
;
- system("/usr/local/bin/extrahdctrl mount $extrahdsettings{'PATH'}");
+ &General::system("/usr/local/bin/extrahdctrl", "mount", "$extrahdsettings{'PATH'}");
}
}
elsif ($extrahdsettings{'ACTION'} eq $Lang::tr{'delete'})
{
- if ( `/usr/local/bin/extrahdctrl umount $extrahdsettings{'PATH'}` ) {
+ if ( &General::system("/usr/local/bin/extrahdctrl", "umount", "$extrahdsettings{'PATH'}")) {
open( FILE, "< $devicefile" ) or die "Unable to read $devicefile";
@tmp = <FILE>;
close FILE;
{
@deviceline = split( /\;/, $deviceentry );
my $color="$Header::colourred";
- if ( ! `/bin/mountpoint $deviceline[2] | grep " not "` ) {
+
+ # Use safe system_output to get mountpoint details.
+ my @mountpoint = &General::system_output("/bin/mountpoint", "$deviceline[2]");
+
+ if ( ! grep(/not/, @mountpoint)) {
$color=$Header::colourgreen;
}
print <<END
if ("$fireinfosettings{'ACTION'}" eq "trigger") {
if ($fireinfosettings{'ENABLE_FIREINFO'} eq 'off') {
&General::log($Lang::tr{'fireinfo is enabled'});
- system ('/usr/bin/touch', $configfile);
+
+ # Write empty configfile.
+ open(FILE, ">$configfile");
+ close(FILE);
+
$fireinfosettings{'ENABLE_FIREINFO'} = 'on';
} else {
&General::log($Lang::tr{'fireinfo is disabled'});
unlink "$configfile";
$fireinfosettings{'ENABLE_FIREINFO'} = 'off';
}
- system("/usr/local/bin/fireinfoctrl &");
+ &General::system_background("/usr/local/bin/fireinfoctrl");
}
&Header::openpage('Fireinfo', 1, '');
&Header::closebox();
}
-my $ipfire_version = `cat /etc/system-release`;
+# Get IPFire version string.
+open(FILE, "/etc/system-release");
+my $ipfire_version = <FILE>;
+close(FILE);
+
my $pakfire_version = &Pakfire::make_version();
-my $kernel_version = `uname -a`;
+my $kernel_version = &General::system_output("uname", "-a");
&Header::openbox('100%', 'left', $Lang::tr{'fireinfo system version'});
print <<END;
&Header::closebox();
# Read pregenerated profile data
-my $profile = `cat /var/ipfire/fireinfo/profile`;
+open(FILE, "/var/ipfire/fireinfo/profile");
+my @profile = <FILE>;
+close(FILE);
print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
# Read profile ID from file
-my $profile_id = `cat /var/ipfire/fireinfo/public_id`;
+open(FILE, "/var/ipfire/fireinfo/public_id");
+my $profile_id = <FILE>;
+close(FILE);
chomp($profile_id);
&Header::openbox('100%', 'left', $Lang::tr{'fireinfo settings'});
</tr>
<tr>
<td colspan='2'>
- <textarea rows="25" cols="75" readonly="readonly">$profile</textarea>
+ <textarea rows="25" cols="75" readonly="readonly">@profile</textarea>
</td>
</tr>
</table>
require "${General::swroot}/location-functions.pl";
require "/usr/lib/firewall/firewall-lib.pl";
-unless (-d "${General::swroot}/firewall") { system("mkdir ${General::swroot}/firewall"); }
-unless (-e "${General::swroot}/firewall/settings") { system("touch ${General::swroot}/firewall/settings"); }
-unless (-e "${General::swroot}/firewall/config") { system("touch ${General::swroot}/firewall/config"); }
-unless (-e "${General::swroot}/firewall/input") { system("touch ${General::swroot}/firewall/input"); }
-unless (-e "${General::swroot}/firewall/outgoing") { system("touch ${General::swroot}/firewall/outgoing"); }
+unless (-d "${General::swroot}/firewall") { &General::system("mkdir", "${General::swroot}/firewall"); }
+unless (-e "${General::swroot}/firewall/settings") { &General::system("touch", "${General::swroot}/firewall/settings"); }
+unless (-e "${General::swroot}/firewall/config") { &General::system("touch", "${General::swroot}/firewall/config"); }
+unless (-e "${General::swroot}/firewall/input") { &General::system("touch", "${General::swroot}/firewall/input"); }
+unless (-e "${General::swroot}/firewall/outgoing") { &General::system("touch", "${General::swroot}/firewall/outgoing"); }
my %fwdfwsettings=();
my %selected=() ;
my $configovpn = "${General::swroot}/ovpn/settings";
my $configipsecrw = "${General::swroot}/vpn/settings";
-unless (-e $confignet) { system("touch $confignet"); }
-unless (-e $confighost) { system("touch $confighost"); }
-unless (-e $configgrp) { system("touch $configgrp"); }
-unless (-e $configsrv) { system("touch $configsrv"); }
-unless (-e $configsrvgrp) { system("touch $configsrvgrp"); }
-unless (-e $configlocationgrp) { system("touch $configlocationgrp"); }
+unless (-e $confignet) { &General::system("touch", "$confignet"); }
+unless (-e $confighost) { &General::system("touch", "$confighost"); }
+unless (-e $configgrp) { &General::system("touch", "$configgrp"); }
+unless (-e $configsrv) { &General::system("touch", "$configsrv"); }
+unless (-e $configsrvgrp) { &General::system("touch", "$configsrvgrp"); }
+unless (-e $configlocationgrp) { &General::system("touch $configlocationgrp"); }
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
;
if ( -e "/usr/share/doc/licenses/GPLv3" ) {
print '<textarea rows=\'25\' cols=\'75\' readonly=\'readonly\'>';
- print `cat /usr/share/doc/licenses/GPLv3`;
+
+ # Open and read-in GPL file content.
+ open(FILE, "/usr/share/doc/licenses/GPLv3");
+
+ # Grab license.
+ my @license = <FILE>;
+
+ # Close filehandle.
+ close(FILE);
+
+ # Print license to textarea.
+ print "@license";
+
print '</textarea>';
}
else {
my $ignoredfile = "${General::swroot}/guardian/ignored";
# Create empty settings and ignoredfile if they do not exist yet.
-unless (-e "$settingsfile") { system("touch $settingsfile"); }
-unless (-e "$ignoredfile") { system("touch $ignoredfile"); }
+unless (-e "$settingsfile") { &General::system("touch", "$settingsfile"); }
+unless (-e "$ignoredfile") { &General::system("touch", "$ignoredfile"); }
our %settings = ();
our %ignored = ();
my $configfile = "${General::swroot}/guardian/guardian.conf";
# Create the configfile if none exists yet.
- unless (-e "$configfile") { system("touch $configfile"); }
+ unless (-e "$configfile") { &General::system("touch", "$configfile"); }
# Open configfile for writing.
open(FILE, ">$configfile");
&Guardian::Socket::Client("reload");
} else {
# Launch guardian.
- system("/usr/local/bin/addonctrl guardian start &>/dev/null");
+ &General::system("/usr/local/bin/addonctrl", "guardian", "start");
}
} else {
# Stop the daemon.
- system("/usr/local/bin/addonctrl guardian stop &>/dev/null");
+ &General::system("/usr/local/bin/addonctrl", "guardian", "stop");
}
}
&General::readhasharray($ignoredfile, \%ignored);
# Create the guardian.ignore file if not exist yet.
- unless (-e "$ignorefile") { system("touch $ignorefile"); }
+ unless (-e "$ignorefile") { &General::system("touch", "$ignorefile"); }
# Open ignorefile for writing.
open(FILE, ">$ignorefile");
# Set flag if index page is to refresh whilst ppp is up.
# Default is NO refresh.
if ($cgiparams{'REFRESHINDEX'} ne 'off') {
- system ('/usr/bin/touch', "${General::swroot}/main/refreshindex");
+ &General::system('/usr/bin/touch', "${General::swroot}/main/refreshindex");
} else {
unlink "${General::swroot}/main/refreshindex";
}
# Beep on ip-up or ip-down. Default is ON.
if ($cgiparams{'PPPUPDOWNBEEP'} ne 'on') {
$cgiparams{'PPPUPDOWNBEEP'} = 'off';
- system ('/usr/bin/touch', "${General::swroot}/red/nobeeps");
+ &General::system('/usr/bin/touch', "${General::swroot}/red/nobeeps");
} else {
unlink "${General::swroot}/red/nobeeps";
}
my %sensorsettings = ();
my @sensorsgraphs = ();
-my @sensorsdir = `ls -dA $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/`;
-foreach (@sensorsdir){
- chomp($_);chop($_);
- foreach (`ls $_/*`){
- chomp($_);
- push(@sensorsgraphs,$_);
+
+# Main directory where rrdlog puts the sensor data.
+my $sensorsdir = "$mainsettings{'RRDLOG'}/collectd/localhost";
+
+# Open sensors directory.
+opendir(SENSORS, "$sensorsdir") or die "Could not opendir $sensorsdir: $!\n";
+
+# Read-in all sensors.
+my @sensor_dirs = readdir(SENSORS);
+
+# Close directory handle.
+closedir(SENSORS);
+
+# Loop through the grabbed sensors.
+foreach my $sensor_dir (@sensor_dirs) {
+ # Skip everything which does not start with "sensors-".
+ next unless $sensor_dir =~ /^sensors-/;
+
+ # Check if the omitet element is a directory.
+ next unless (-d "$sensorsdir/$sensor_dir");
+
+ # Open sensor directory and lookup for sensors.
+ opendir(SENSOR_DIR, "$sensorsdir/$sensor_dir") or die "Could not opendir $sensorsdir/$sensor_dir: $!\n";
+
+ # Grab single sensors from the directory.
+ my @sensors = readdir(SENSOR_DIR);
+
+ # Close directory handle.
+ closedir(SENSOR_DIR);
+
+ # Loop through the omited sensors.
+ foreach my $sensor (@sensors) {
+ # Skip everything which is not a regular file.
+ next unless (-f "$sensorsdir/$sensor_dir/$sensor");
+
+ # Add sensor to the array of sensorsgrapghs.
+ push(@sensorsgraphs, "$sensorsdir/$sensor_dir/$sensor");
+ }
+}
+
+# Look for ACPI Thermal Zone sensors.
+my @thermal_zone_sensors = grep(/thermal-thermal_zone/, @sensor_dirs);
+
+# If a thermal zone sensor has been found add it to the sensorsgraphs array.
+if (@thermal_zone_sensors) {
+ # Loop through the array of thermal zone sensors.
+ foreach my $thermal_zone_sensor (@thermal_zone_sensors) {
+ # Add the sensor to the array.
+ push(@sensorsgraphs, "$sensorsdir/$thermal_zone_sensor");
}
}
&General::writehash("${General::swroot}/sensors/settings", \%sensorsettings);
}
- my @disks = `ls -1 /sys/block | grep -E '^sd|^nvme' | sort | uniq`;
+ # This should be save, because no user given content will be processed.
+ #my @disks = `ls -1 /sys/block | grep -E '^sd|^nvme' | sort | uniq`;
+ my @disks = &get_disks();
foreach (@disks){
my $disk = $_;
&Header::closebox();
}
- if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/thermal-thermal_zone* 2>/dev/null` ) {
+ if ( grep(/thermal-thermal_zone/, @sensorsgraphs) ) {
&Header::openbox('100%', 'center', "ACPI Thermal-Zone Temp $Lang::tr{'graph'}");
&Graphs::makegraphbox("hardwaregraphs.cgi","thermaltemp","day");
&Header::closebox();
}
- if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/temperature-* 2>/dev/null` ) {
+ if ( grep(/temperature-/, @sensorsgraphs) ) {
&Header::openbox('100%', 'center', "hwtemp $Lang::tr{'graph'}");
&Graphs::makegraphbox("hardwaregraphs.cgi","hwtemp","day");
Header::closebox();
}
- if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/fanspeed-* 2>/dev/null` ) {
+ if ( grep(/fanspeed-/, @sensorsgraphs) ) {
&Header::openbox('100%', 'center', "hwfan $Lang::tr{'graph'}");
&Graphs::makegraphbox("hardwaregraphs.cgi","hwfan","day");
&Header::closebox();
}
- if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/voltage-* 2>/dev/null` ) {
+ if ( grep(/voltage-/, @sensorsgraphs) ) {
&Header::openbox('100%', 'center', "hwvolt $Lang::tr{'graph'}");
&Graphs::makegraphbox("hardwaregraphs.cgi","hwvolt","day");
&Header::closebox();
}
- if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-* 2>/dev/null` ) {
+ if ( @sensorsgraphs ) {
sensorsbox();
}
&Header::closebigbox();
;
&Header::closebox();
}
+
+sub get_disks () {
+ my @disks;
+
+ # Open virtal sys FS and grab block devices.
+ opendir(SYS, "/sys/block") or die "Could not opendir /sys/block/: $!\n";
+
+ # Grab all available block devices.
+ my @blockdevs = readdir(SYS);
+
+ # Close directory handle.
+ closedir(SYS);
+
+ # Loop through the array of blockdevs.
+ foreach my $dev (@blockdevs) {
+ # Skip all devices which does not start with "sd" or "nvme".
+ next unless (( $dev =~ /^sd/) || ($dev =~ /^nvme/));
+
+ # Add the device to the array of disks.
+ push(@disks, $dev);
+ }
+
+ # Remove duplicates.
+ my @disks = &uniq(@disks);
+
+ # Sort the array.
+ my @disks = sort(@disks);
+
+ # Return the array.
+ return @disks;
+}
+
+# Tiny code snipped to get a uniq() like function.
+sub uniq {
+ my %seen;
+ return grep { !$seen{$_}++ } @_;
+}
# Build the configuration file
#
sub BuildConfiguration {
- system '/usr/local/bin/rebuildhosts';
- system '/usr/local/bin/unboundctrl reload &>/dev/null';
+ &General::system('/usr/local/bin/rebuildhosts');
+ &General::system('/usr/local/bin/unboundctrl', 'reload');
}
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'dial'}) {
- system('/usr/local/bin/redctrl start > /dev/null') == 0
+ &General::system('/usr/local/bin/redctrl', 'start') == 0
or &General::log("Dial failed: $?"); sleep 1;
}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'hangup'}) {
- system('/usr/local/bin/redctrl stop > /dev/null') == 0
+ &General::system('/usr/local/bin/redctrl', 'stop') == 0
or &General::log("Hangup failed: $?"); sleep 1;
}
}
}
if ($macsettings{'ACTION'} eq $Lang::tr{'reconnect'}) {
- system("/usr/local/bin/redctrl restart >/dev/null 2>&1 &");
+ &General::system_background("/usr/local/bin/redctrl", "restart");
&Header::openbox('100%', 'left', $Lang::tr{'mac address recon'} );
print "<font class='base'>$Lang::tr{'mac address done'}</font>\n";
&Header::closebox();
}
if ($macsettings{'ACTION'} eq $Lang::tr{'reboot'}) {
&General::log($Lang::tr{'rebooting ipfire'});
- system("/usr/local/bin/ipfirereboot boot");
+ &General::system("/usr/local/bin/ipfirereboot", "boot");
&Header::openbox('100%', 'left', $Lang::tr{'rebooting ipfire'} );
print " <img src='/images/indicator.gif' /><br /><br />";
print "<meta http-equiv='refresh' content='120;'>";
&Header::openbox('100%', 'left',"MD Raid State");
print '<textarea rows="25" cols="80" readonly="readonly">';
-print `cat "/proc/mdstat"`;
+
+# Grab mdstat status.
+open(MDSTAT, "/proc/mdstat");
+my @mdstat = <MDSTAT>;
+close(MDSTAT);
+print "@mdstat";
+
print '</textarea>';
&Header::closebox();
&Graphs::makegraphbox("memory.cgi","memory","day");
&Header::closebox();
- if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/swap 2>/dev/null` ) {
+ if (-f $mainsettings{'RRDLOG'}/collectd/localhost/swap) {
&Header::openbox('100%', 'center', "Swap $Lang::tr{'graph'}");
&Graphs::makegraphbox("memory.cgi","swap","day");
&Header::closebox();
if ($modemsettings{'ACTION'} eq $Lang::tr{'restore defaults'})
{
- system('/bin/cp', "${General::swroot}/modem/defaults", "${General::swroot}/modem/settings", '-f');
+ &General::system("cp", "-f", "${General::swroot}/modem/defaults", "${General::swroot}/modem/settings");
}
&General::readhash("${General::swroot}/modem/settings", \%modemsettings);
$mpd->updatedb();
refreshpage();
}elsif ( $mpfiresettings{'ACTION'} eq "playweb" ){
- $message=system("/usr/local/bin/mpfirectrl","playweb","\"$mpfiresettings{'FILE'}\"","2>/dev/null");
+ $message= &General::system_output("/usr/local/bin/mpfirectrl","playweb","\"$mpfiresettings{'FILE'}\"");
}elsif ( $mpfiresettings{'ACTION'} eq "playlist" ){
$mpd->play();
}elsif ( $mpfiresettings{'ACTION'} eq "emptyplaylist" ){
&General::readhash("${General::swroot}/dhcpc/dhcpcd-$netsettings{'RED_DEV'}.info", \%dhcpinfo);
- my $DNS1=`echo $dhcpinfo{'domain_name_servers'} | cut -f 1 -d " "`;
- my $DNS2=`echo $dhcpinfo{'domain_name_servers'} | cut -f 2 -d " "`;
+ my ($DNS1, $DNS2) = split(/ /, $dhcpinfo{'domain_name_servers'});
my $lsetme=0;
my $leasetime="";
if ($settings{'defpol'} ne '1'){
$errormessage .= $Lang::tr{'new optionsfw later'};
&General::writehash($filename, \%settings); # Save good settings
- system("/usr/local/bin/firewallctrl");
+ &General::system("/usr/local/bin/firewallctrl");
}else{
if ($settings{'POLICY'} ne ''){
$fwdfwsettings{'POLICY'} = $settings{'POLICY'};
$fwdfwsettings{'POLICY1'} = "$MODE1";
&General::writehash("${General::swroot}/firewall/settings", \%fwdfwsettings);
&General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings);
- system("/usr/local/bin/firewallctrl");
+ &General::system("/usr/local/bin/firewallctrl");
}
&General::readhash($filename, \%settings); # Load good settings
}
close FILE;
}
if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
- system ("touch ${General::swroot}/ovpn/certs/index.txt");
+ &General::system("touch", "${General::swroot}/ovpn/certs/index.txt");
}
if (! -s ">${General::swroot}/ovpn/certs/index.txt.attr") {
- system ("touch ${General::swroot}/ovpn/certs/index.txt.attr");
+ &General::system("touch", "${General::swroot}/ovpn/certs/index.txt.attr");
}
unlink ("${General::swroot}/ovpn/certs/index.txt.old");
unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old");
{
# Warning if DH parameter is 1024 bit
if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
- my $dhparameter = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}`;
- my @dhbit = ($dhparameter =~ /(\d+)/);
- if ($1 < 2048) {
- $cryptoerror = "$Lang::tr{'ovpn error dh'}";
- goto CRYPTO_ERROR;
+ my @dhparameter = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
+
+ foreach my $line (@dhparameter) {
+ my @dhbit = ($line =~ /(\d+)/);
+ if ($1 < 2048) {
+ $cryptoerror = "$Lang::tr{'ovpn error dh'}";
+ goto CRYPTO_ERROR;
+ }
}
}
# Warning if md5 is in usage
if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
- my $signature = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- if ($signature =~ /md5WithRSAEncryption/) {
+ my @signature = &General::system_output("/usr/bin/openssl", "x509", "-noout", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ if (grep(/md5WithRSAEncryption/, @signature) ) {
$cryptoerror = "$Lang::tr{'ovpn error md5'}";
goto CRYPTO_ERROR;
}
# Warning if certificate is not compliant to RFC3280 TLS rules
if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
- my $extendkeyusage = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- if ($extendkeyusage !~ /TLS Web Server Authentication/) {
+ my @extendkeyusage = &General::system_output("/usr/bin/openssl", "x509", "-noout", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ if ( ! grep(/TLS Web Server Authentication/, @extendkeyusage)) {
$cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";
goto CRYPTO_WARNING;
}
close(COLLECTDVPN);
# Reload collectd afterwards
- system("/usr/local/bin/collectdctrl restart &>/dev/null");
+ &General::system("/usr/local/bin/collectdctrl", "restart");
}
#hier die refresh page
#start openvpn server
if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
&emptyserverlog();
- system('/usr/local/bin/openvpnctrl', '-s');
+ &General::system("/usr/local/bin/openvpnctrl", "-s");
}
#stop openvpn server
if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
- system('/usr/local/bin/openvpnctrl', '-k');
+ &General::system("/usr/local/bin/openvpnctrl", "-k");
&emptyserverlog();
}
# #restart openvpn server
# Check host certificate if X509 is RFC3280 compliant.
# If not, old --ns-cert-type directive will be used.
# If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
- my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- if ($hostcert !~ /TLS Web Server Authentication/) {
+ my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ if ( ! grep(/TLS Web Server Authentication/, @hostcert)) {
print CLIENTCONF "ns-cert-type server\n";
} else {
print CLIENTCONF "remote-cert-tls server\n";
# Create ta.key for tls-auth if not presant
if ($cgiparams{'TLSAUTH'} eq 'on') {
if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
- system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+ # This system call is safe, because all arguements are passed as an array.
+ system("/usr/sbin/openvpn", "--genkey", "--secret", "${General::swroot}/ovpn/certs/ta.key");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
goto SETTINGS_ERROR;
$vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
#wrtie enable
- if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
- if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");}
- if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");}
+ if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {
+ &General::system("touch", "${General::swroot}/ovpn/enable_blue");
+ } else {
+ unlink(${General::swroot}/ovpn/enable_blue);
+ }
+
+ if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {
+ &General::system("touch", "${General::swroot}/ovpn/enable_orange");
+ } else {
+ unlink("${General::swroot}/ovpn/enable_orange");
+ }
+
+ if ( $vpnsettings{'ENABLED'} eq 'on' ) {
+ &General::system("touch", "${General::swroot}/ovpn/enable");
+ } else {
+ unlink("${General::swroot}/ovpn/enable");
+ }
+
#new settings for daemon
&General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
&writeserverconf();#hier ok
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
# Kill all N2N connections
- system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null");
+ &General::system("/usr/local/bin/openvpnctrl", "-kn2n");
foreach my $key (keys %confighash) {
my $name = $confighash{$cgiparams{'$key'}}[1];
delete $confighash{$cgiparams{'$key'}};
}
- system ("/usr/local/bin/openvpnctrl -drrd $name &>/dev/null");
+ &General::system("/usr/local/bin/openvpnctrl", "-drrd", "$name");
}
while ($file = glob("${General::swroot}/ovpn/ca/*")) {
unlink $file;
close FILE;
}
while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
- system ("rm -rf $file");
+ unlink($file);
}
# Remove everything from the collectd configuration
unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
}
# Create Diffie Hellmann Parameter
- system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
+ # The system call is safe, because all arguments are passed as an array.
+ system("/usr/bin/openssl", "dhparam", "-out", "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
$errormessage = $!;
goto UPLOADCA_ERROR;
}
- my $temp = `/usr/bin/openssl dhparam -text -in $filename`;
- if ($temp !~ /DH Parameters: \((2048|3072|4096) bit\)/) {
+ my @temp = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "$filename");
+ if ( ! grep(/DH Parameters: \((2048|3072|4096) bit\)/, @temp)) {
$errormessage = $Lang::tr{'not a valid dh key'};
unlink ($filename);
goto UPLOADCA_ERROR;
$errormessage = $!;
goto UPLOADCA_ERROR;
}
- my $temp = `/usr/bin/openssl x509 -text -in $filename`;
- if ($temp !~ /CA:TRUE/i) {
+ my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename");
+ if ( ! grep(/CA:TRUE/i, @temp )) {
$errormessage = $Lang::tr{'not a valid ca certificate'};
unlink ($filename);
goto UPLOADCA_ERROR;
}
}
- my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`;
- $casubject =~ /Subject: (.*)[\n]/;
- $casubject = $1;
- $casubject =~ s+/Email+, E+;
- $casubject =~ s/ ST=/ S=/;
+ @casubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
+ my $casubject;
+
+ foreach my $line (@casubject) {
+ if ($line =~ /Subject: (.*)[\n]/) {
+ $casubject = $1;
+ $casubject =~ s+/Email+, E+;
+ $casubject =~ s/ ST=/ S=/;
+
+ last;
+ }
+ }
+
$casubject = &Header::cleanhtml($casubject);
my $key = &General::findhasharraykey (\%cahash);
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', $errormessage);
&Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
- my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+ my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
print "Content-Type: application/octet-stream\r\n";
print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
- print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
+
+ my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
+ print "@tmp";
+
exit(0);
} else {
$errormessage = $Lang::tr{'invalid key'};
if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
foreach my $key (keys %confighash) {
- my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
- if ($test =~ /: OK/) {
+ my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
+ if (grep(/: OK/, @test)) {
# Delete connection
# if ($vpnsettings{'ENABLED'} eq 'on' ||
# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
my $assignedcerts = 0;
if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
foreach my $key (keys %confighash) {
- my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
- if ($test =~ /: OK/) {
+ my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
+ if (grep(/: OK/, @test)) {
$assignedcerts++;
}
}
###
}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
$cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
- my $output;
+ my @output;
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
&Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
- $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
+ @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
} else {
&Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
- $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+ @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
}
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
print "Content-Type: application/octet-stream\r\n";
print "Content-Disposition: filename=cacert.pem\r\n\r\n";
- print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`;
+
+ my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
+ print "@tmp";
+
exit(0);
}
if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
print "Content-Type: application/octet-stream\r\n";
print "Content-Disposition: filename=servercert.pem\r\n\r\n";
- print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
+
+ my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ print "@tmp";
+
exit(0);
}
if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
print "Content-Type: application/octet-stream\r\n";
print "Content-Disposition: filename=ta.key\r\n\r\n";
- print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
+
+ open(FILE, "${General::swroot}/ovpn/certs/ta.key");
+ my @tmp = <FILE>;
+ close(FILE);
+
+ print "@tmp";
+
exit(0);
}
}
# Sign the host certificate request
+ # This system call is safe, because all argeuments are passed as an array.
system('/usr/bin/openssl', 'ca', '-days', '999999',
'-batch', '-notext',
'-in', "${General::swroot}/ovpn/certs/serverreq.pem",
}
# Create an empty CRL
+ # System call is safe, because all arguments are passed as array.
system('/usr/bin/openssl', 'ca', '-gencrl',
'-out', "${General::swroot}/ovpn/crls/cacrl.pem",
'-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
# &cleanssldatabase();
}
# Create ta.key for tls-auth
+ # This system call is safe, because all arguments are passed as an array.
system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
goto ROOTCERT_ERROR;
}
# Create Diffie Hellmann Parameter
+ # The system call is safe, because all arguments are passed as an array.
system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
}
ROOTCERT_SUCCESS:
- system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem");
+ &General::system("chmod", "600", "${General::swroot}/ovpn/certs/serverkey.pem");
# if ($vpnsettings{'ENABLED'} eq 'on' ||
# $vpnsettings{'ENABLE_BLUE'} eq 'on') {
# system('/usr/local/bin/ipsecctrl', 'S');
&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-# my $n2nactive = '';
- my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
+ my $n2nactive = '';
+ my @ps = &General::system_output("/bin/ps", "ax");
+
+ if(grep(/$confighash{$cgiparams{'KEY'}}[1]/, @ps)) {
+ $n2nactive = "1";
+ }
if ($confighash{$cgiparams{'KEY'}}) {
if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
- system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+ &General::system("/usr/local/bin/openvpnctrl", "-sn2n", "$confighash{$cgiparams{'KEY'}}[1]");
&writecollectdconf();
}
} else {
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
if ($n2nactive ne '') {
- system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+ &General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
&writecollectdconf();
}
# Check host certificate if X509 is RFC3280 compliant.
# If not, old --ns-cert-type directive will be used.
# If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
- my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- if ($hostcert !~ /TLS Web Server Authentication/) {
+ my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ if (! grep(/TLS Web Server Authentication/, @hostcert)) {
print CLIENTCONF "ns-cert-type server\n";
} else {
print CLIENTCONF "remote-cert-tls server\n";
$zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
# Extract the certificate
+ # This system call is safe, because all arguments are passed as an array.
system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
'-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:');
if ($?) {
print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n";
# Extract the key
+ # This system call is safe, because all arguments are passed as an array.
system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
'-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:');
if ($?) {
# Check host certificate if X509 is RFC3280 compliant.
# If not, old --ns-cert-type directive will be used.
# If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
- my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- if ($hostcert !~ /TLS Web Server Authentication/) {
+ my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ if (! grep(/TLS Web Server Authentication/, @hostcert)) {
print CLIENTCONF "ns-cert-type server\r\n";
} else {
print CLIENTCONF "remote-cert-tls server\r\n";
if ($confighash{$cgiparams{'KEY'}}) {
# Revoke certificate if certificate was deleted and rewrite the CRL
- my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
- my $tempA = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+ &General::system("/usr/bin/openssl", "ca", "-revoke", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf)";
+ &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
###
# m.a.d net2net
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
# Stop the N2N connection before it is removed
- system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+ &General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
# CCD end
# Update collectd configuration and delete all RRD files of the removed connection
&writecollectdconf();
- system ('/usr/local/bin/openvpnctrl', '-drrd', $confighash{$cgiparams{'KEY'}}[1]);
+ &General::system("/usr/local/bin/openvpnctrl", "-drrd", "$confighash{$cgiparams{'KEY'}}[1]");
delete $confighash{$cgiparams{'KEY'}};
- my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+ &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
} else {
print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
print "Content-Type: application/octet-stream\r\n\r\n";
- print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
+
+ open(FILE, "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+ my @tmp = <FILE>;
+ close(FILE);
+
+ print "@tmp";
exit (0);
###
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
- my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+ my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
- my $output = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+ my @output = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}:");
- my $output = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+
+ open(FILE, "${General::swroot}/ovpn/certs/ta.key");
+ my @output = <FILE>;
+ close(FILE);
+
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
- my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+ my @output = &General::system_output("/usr/bin/openssl", "crl", "-text", "-noout", "-in", "${General::swroot}/ovpn/crls/cacrl.pem");
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n";
print "Content-Type: application/octet-stream\r\n\r\n";
- print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
+
+ open(FILE, "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+ my @tmp = <FILE>;
+ close(FILE);
+
+ print "@tmp";
exit (0);
}
# Sign the certificate request and move it
# Sign the host certificate request
+ # The system call is safe, because all arguments are passed as an array.
system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
'-batch', '-notext',
'-in', $filename,
&deletebackupcert();
}
- my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
- $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
- $temp = $1;
- $temp =~ s+/Email+, E+;
- $temp =~ s/ ST=/ S=/;
+ my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
+ my $temp;
+
+ foreach my $line (@temp) {
+ if ($line =~ /Subject:.*CN\s?=\s?(.*)[\n]/) {
+ $temp = $1;
+ $temp =~ s+/Email+, E+;
+ $temp =~ s/ ST=/ S=/;
+
+ last;
+ }
+ }
+
$cgiparams{'CERT_NAME'} = $temp;
$cgiparams{'CERT_NAME'} =~ s/,//g;
$cgiparams{'CERT_NAME'} =~ s/\'//g;
# Verify the certificate has a valid CA and move it
my $validca = 0;
- my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`;
- if ($test =~ /: OK/) {
+ my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/cacert.pem", "$filename");
+ if (grep(/: OK/, @test)) {
$validca = 1;
} else {
foreach my $key (keys %cahash) {
- $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`;
- if ($test =~ /: OK/) {
+ @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem", "$filename");
+ if (grep(/: OK/, @test)) {
$validca = 1;
}
}
}
}
- my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
- $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
- $temp = $1;
- $temp =~ s+/Email+, E+;
- $temp =~ s/ ST=/ S=/;
+ my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
+ my $temp;
+
+ foreach my $line (@temp) {
+ if ($line =~ /Subject:.*CN\s?=\s?(.*)[\n]/) {
+ $temp = $1;
+ $temp =~ s+/Email+, E+;
+ $temp =~ s/ ST=/ S=/;
+
+ last;
+ }
+ }
+
$cgiparams{'CERT_NAME'} = $temp;
$cgiparams{'CERT_NAME'} =~ s/,//g;
$cgiparams{'CERT_NAME'} =~ s/\'//g;
}
# Sign the host certificate request
+ # The system call is safe, because all arguments are passed as an array.
system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
'-batch', '-notext',
'-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
}
# Create the pkcs12 file
+ # The system call is safe, because all arguments are passed as an array.
system('/usr/bin/openssl', 'pkcs12', '-export',
'-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
'-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
if ($cgiparams{'TYPE'} eq 'net') {
- if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
- system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+ if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
+ &General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- my $key = $cgiparams{'KEY'};
- if (! $key) {
- $key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
- }
- $confighash{$key}[0] = 'on';
- &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+ my $key = $cgiparams{'KEY'};
+ if (! $key) {
+ $key = &General::findhasharraykey (\%confighash);
+ foreach my $i (0 .. 31) {
+ $confighash{$key}[$i] = "";
+ }
+ }
+
+ $confighash{$key}[0] = 'on';
+ &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
- }
- }
+ &General::system("/usr/local/bin/openvpnctrl", "-sn2n", "$confighash{$cgiparams{'KEY'}}[1]");
+ }
+ }
###
# m.a.d n2n end
&General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- my @status = `/bin/cat /var/run/ovpnserver.log`;
+ open(FILE, "/var/run/ovpnserver.log");
+ my @status = <FILE>;
+ close(FILE);
if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
#} else {
#print "<td align='left'> </td>";
#}
- my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
- $cavalid =~ /Not After : (.*)[\n]/;
- $cavalid = $1;
+ my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
+ my $cavalid;
+
+ foreach my $line (@cavalid) {
+ if ($line =~ /Not After : (.*)[\n]/) {
+ $cavalid = $1;
+
+ last;
+ }
+ }
+
print "<td align='center' $col>$confighash{$key}[25]</td>";
$col1="bgcolor='${Header::colourred}'";
my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
my $col4="bgcolor='$color{'color20'}'";
if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
- my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
- $casubject =~ /Subject: (.*)[\n]/;
- $casubject = $1;
- $casubject =~ s+/Email+, E+;
- $casubject =~ s/ ST=/ S=/;
+ my @casubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
+ my $casubject;
+
+ foreach my $line (@casubject) {
+ if ($line =~ /Subject: (.*)[\n]/) {
+ $casubject = $1;
+ $casubject =~ s+/Email+, E+;
+ $casubject =~ s/ ST=/ S=/;
+
+ last;
+ }
+ }
+
print <<END;
<tr>
<td class='base' $col1>$Lang::tr{'root certificate'}</td>
}
if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
- my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- $hostsubject =~ /Subject: (.*)[\n]/;
- $hostsubject = $1;
- $hostsubject =~ s+/Email+, E+;
- $hostsubject =~ s/ ST=/ S=/;
+ my @hostsubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ my $hostsubject;
+
+ foreach my $line (@hostsubject) {
+ if ($line =~ /Subject: (.*)[\n]/) {
+ $hostsubject = $1;
+ $hostsubject =~ s+/Email+, E+;
+ $hostsubject =~ s/ ST=/ S=/;
+
+ last;
+ }
+ }
print <<END;
<tr>
# Adding DH parameter to chart
if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
- my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
- $dhsubject =~ / (.*)[\n]/;
- $dhsubject = $1;
+ my @dhsubject = &System_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
+ my $dhsubject;
+ foreach my $line (@dhsubject) {
+ if ($line =~ / (.*)[\n]/) {
+ $dhsubject = $1;
+
+ last;
+ }
+ }
print <<END;
<tr>
# Adding ta.key to chart
if (-f "${General::swroot}/ovpn/certs/ta.key") {
- my $tasubject = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
- $tasubject =~ /# (.*)[\n]/;
- $tasubject = $1;
+ open(FILE, "${General::swroot}/ovpn/certs/ta.key");
+ my @tasubject = <FILE>;
+ close(FILE);
+
+ my $tasubject;
+ foreach my $line (@tasubject) {
+ if($line =~ /# (.*)[\n]/) {
+ $tasubject = $1;
+
+ last;
+ }
+ }
+
print <<END;
<tr>
if (($cgiparams{'ACTION'} eq 'install') && (! -e $Pakfire::lockfile)) {
$cgiparams{'INSPAKS'} =~ s/\|/\ /g;
if ("$cgiparams{'FORCE'}" eq "on") {
- my $command = "/usr/local/bin/pakfire install --non-interactive --no-colors $cgiparams{'INSPAKS'} &>/dev/null &";
- system("$command");
- system("/bin/sleep 1");
+ &General::system_background("/usr/local/bin/pakfire", "install", "--non-interactive", "--no-colors", $cgiparams{'INSPAKS'});
} else {
&Header::openbox("100%", "center", $Lang::tr{'request'});
- my @output = `/usr/local/bin/pakfire resolvedeps --no-colors $cgiparams{'INSPAKS'}`;
+ my @output = &General::system_output("/usr/local/bin/pakfire", "resolvedeps", "--no-colors", $cgiparams{'INSPAKS'});
print <<END;
<table><tr><td colspan='2'>$Lang::tr{'pakfire install package'}.$cgiparams{'INSPAKS'}.$Lang::tr{'pakfire possible dependency'}
<pre>
$cgiparams{'DELPAKS'} =~ s/\|/\ /g;
if ("$cgiparams{'FORCE'}" eq "on") {
- my $command = "/usr/local/bin/pakfire remove --non-interactive --no-colors $cgiparams{'DELPAKS'} &>/dev/null &";
- system("$command");
- system("/bin/sleep 1");
+ &General::system_background("/usr/local/bin/pakfire", "remove", "--non-interactive", "--no-colors", $cgiparams{'DELPAKS'});
} else {
&Header::openbox("100%", "center", $Lang::tr{'request'});
- my @output = `/usr/local/bin/pakfire resolvedeps --no-colors $cgiparams{'DELPAKS'}`;
+ my @output = &General::system_output("/usr/local/bin/pakfire", "resolvedeps", "--no-colors", $cgiparams{'DELPAKS'});
print <<END;
<table><tr><td colspan='2'>$Lang::tr{'pakfire uninstall package'}.$cgiparams{'DELPAKS'}.$Lang::tr{'pakfire possible dependency'}
<pre>
}
} elsif (($cgiparams{'ACTION'} eq 'update') && (! -e $Pakfire::lockfile)) {
-
- system("/usr/local/bin/pakfire update --force --no-colors &>/dev/null &");
- system("/bin/sleep 1");
+ &General::system_background("/usr/local/bin/pakfire", "update", "--force", "--no-colors");
} elsif (($cgiparams{'ACTION'} eq 'upgrade') && (!-e $Pakfire::lockfile)) {
- my $command = "/usr/local/bin/pakfire upgrade -y --no-colors &>/dev/null &";
- system("$command");
- system("/bin/sleep 1");
+ &General::system_background("/usr/local/bin/pakfire", "upgrade", "-y", "--no-colors");
} elsif ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
$pakfiresettings{"TREE"} = $cgiparams{"TREE"};
&General::writehash("${General::swroot}/pakfire/settings", \%pakfiresettings);
# Update lists
- system("/usr/local/bin/pakfire update --force --no-colors &>/dev/null &");
+ &General::system_background("/usr/local/bin/pakfire", "update", "--force", "--no-colors");
}
}
my @profilenames=();
my $errormessage = '';
my $maxprofiles = 5;
+
+# This call is safe, because no user input will be processed.
my $kernel=`/bin/uname -r | /usr/bin/tr -d '\012'`;
my %color = ();
$errormessage = $Lang::tr{'invalid input'};
goto ERROR; }
- if( $pppsettings{'RECONNECTION'} eq 'dialondemand' && `/bin/cat ${General::swroot}/ddns/config` =~ /,on$/m ) {
+ # Read-in ddns config file, to check if at least one provider is enabled.
+ open(FILE, "${General::swroot}/ddns/config)";
+ my @ddns_config = <FILE>
+ close(FILE);
+
+ if( $pppsettings{'RECONNECTION'} eq 'dialondemand' && grep(/on/, @ddns_config) ) {
$errormessage = $Lang::tr{'dod not compatible with ddns'};
goto ERROR; }
END
;
-my $atmdev=`cat /proc/net/atm/devices 2>/dev/null | grep 0`;
+# Read-in atm devices from proc.
+open(PROC, "/proc/net/atm/devices");
+my @patm_devices = <PROC>;
+close(PROC);
+
+my $atmdev = grep(/0/, @atm_devices);
chomp ($atmdev);
if ($atmdev ne '') {
print <<END
unlink("${General::swroot}/ppp/settings");
link("${General::swroot}/ppp/settings-$pppsettings{'PROFILE'}",
"${General::swroot}/ppp/settings");
- system ("/usr/bin/touch", "${General::swroot}/ppp/updatesettings");
+
+ # Write updatesettings file.
+ open(FILE, ">/${General::swroot}/ppp/updatesettings");
+ close(FILE);
}
sub writesecrets
require "${General::swroot}/ids-functions.pl";
-my @squidversion = `/usr/sbin/squid -v`;
+my @squidversion = &General::system_output("/usr/sbin/squid", "-v");
my $http_port='81';
my $https_port='444';
unless (-d "$identdir") { mkdir("$identdir"); }
unless (-d "$credir") { mkdir("$credir"); }
-unless (-e $cre_groups) { system("touch $cre_groups"); }
-unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
-
-unless (-e $userdb) { system("touch $userdb"); }
-unless (-e $stdgrp) { system("touch $stdgrp"); }
-unless (-e $extgrp) { system("touch $extgrp"); }
-unless (-e $disgrp) { system("touch $disgrp"); }
-
-unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
-unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
-unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
-unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
-unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
-unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
-unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
-unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
-unless (-e $acl_dst_noauth_dom) { system("touch $acl_dst_noauth_dom"); }
-unless (-e $acl_dst_noauth_net) { system("touch $acl_dst_noauth_net"); }
-unless (-e $acl_dst_noauth_url) { system("touch $acl_dst_noauth_url"); }
-unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
-unless (-e $acl_dst_nocache_dom) { system("touch $acl_dst_nocache_dom"); }
-unless (-e $acl_dst_nocache_net) { system("touch $acl_dst_nocache_net"); }
-unless (-e $acl_dst_nocache_url) { system("touch $acl_dst_nocache_url"); }
-unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
-unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); }
-unless (-e $acl_ports_ssl) { system("touch $acl_ports_ssl"); }
-unless (-e $acl_include) { system("touch $acl_include"); }
-
-unless (-e $mimetypes) { system("touch $mimetypes"); }
+unless (-e $cre_groups) { &General::system("touch", "$cre_groups"); }
+unless (-e $cre_svhosts) { &General::system("touch $cre_svhosts"); }
+
+unless (-e $userdb) { &General::system("touch", "$userdb"); }
+unless (-e $stdgrp) { &General::system("touch", "$stdgrp"); }
+unless (-e $extgrp) { &General::system("touch", "$extgrp"); }
+unless (-e $disgrp) { &General::system("touch", "$disgrp"); }
+
+unless (-e $acl_src_subnets) { &General::system("touch", "$acl_src_subnets"); }
+unless (-e $acl_src_banned_ip) { &General::system("touch", "$acl_src_banned_ip"); }
+unless (-e $acl_src_banned_mac) { &General::system("touch", "$acl_src_banned_mac"); }
+unless (-e $acl_src_unrestricted_ip) { &General::system("touch", "$acl_src_unrestricted_ip"); }
+unless (-e $acl_src_unrestricted_mac) { &General::system("touch", "$acl_src_unrestricted_mac"); }
+unless (-e $acl_src_noaccess_ip) { &General::system("touch", "$acl_src_noaccess_ip"); }
+unless (-e $acl_src_noaccess_mac) { &General::system("touch", "$acl_src_noaccess_mac"); }
+unless (-e $acl_dst_noauth) { &General::system("touch", "$acl_dst_noauth"); }
+unless (-e $acl_dst_noauth_dom) { &General::system("touch", "$acl_dst_noauth_dom"); }
+unless (-e $acl_dst_noauth_net) { &General::system("touch", "$acl_dst_noauth_net"); }
+unless (-e $acl_dst_noauth_url) { &General::system("touch", "$acl_dst_noauth_url"); }
+unless (-e $acl_dst_nocache) { &General::system("touch", "$acl_dst_nocache"); }
+unless (-e $acl_dst_nocache_dom) { &General::system("touch", "$acl_dst_nocache_dom"); }
+unless (-e $acl_dst_nocache_net) { &General::system("touch", "$acl_dst_nocache_net"); }
+unless (-e $acl_dst_nocache_url) { &General::system("touch", "$acl_dst_nocache_url"); }
+unless (-e $acl_dst_throttle) { &General::system("touch", "$acl_dst_throttle"); }
+unless (-e $acl_ports_safe) { &General::system("touch", "$acl_ports_safe"); }
+unless (-e $acl_ports_ssl) { &General::system("touch", "$acl_ports_ssl"); }
+unless (-e $acl_include) { &General::system("touch", "$acl_include"); }
+
+unless (-e $mimetypes) { &General::system("touch", "$mimetypes"); }
my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
$errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
goto ERROR;
}
- my @free = `/usr/bin/free`;
+ my @free = &General::system_output("/usr/bin/free");
$free[1] =~ m/(\d+)/;
$cachemem = int $1 / 2048;
if ($proxysettings{'CACHE_MEM'} > $cachemem) {
if ($proxysettings{'CACHEMGR'} eq 'on'){&writecachemgr;}
- system ('/usr/local/bin/squidctrl', 'disable');
+ &General::system ('/usr/local/bin/squidctrl', 'disable');
unlink "${General::swroot}/proxy/enable";
unlink "${General::swroot}/proxy/transparent";
unlink "${General::swroot}/proxy/enable_blue";
unlink "${General::swroot}/proxy/transparent_blue";
if ($proxysettings{'ENABLE'} eq 'on') {
- system ('/usr/bin/touch', "${General::swroot}/proxy/enable");
- system ('/usr/local/bin/squidctrl', 'enable'); }
+ &General::system('/usr/bin/touch', "${General::swroot}/proxy/enable");
+ &General::system('/usr/local/bin/squidctrl', 'enable'); }
if ($proxysettings{'TRANSPARENT'} eq 'on' && $proxysettings{'ENABLE'} eq 'on') {
- system ('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
+ &General::system('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
- system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
- system ('/usr/local/bin/squidctrl', 'enable'); }
+ &General::system('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
+ &General::system('/usr/local/bin/squidctrl', 'enable'); }
if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on' && $proxysettings{'ENABLE_BLUE'} eq 'on') {
- system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
+ &General::system('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
- if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
- if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); }
+ if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { &General::system('/usr/local/bin/squidctrl', 'restart'); }
+ if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { &General::system('/usr/local/bin/squidctrl', 'reconfigure'); }
# Check if the suricata_proxy_ports_changed flag has been set.
if ($suricata_proxy_ports_changed) {
if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
{
- system('/usr/local/bin/squidctrl flush >/dev/null 2>&1');
+ &General::system('/usr/local/bin/squidctrl', 'flush');
}
if (!$errormessage)
&General::readhash("${General::swroot}/qos/settings", \%qossettings);
&Header::getcgihash(\%qossettings);
-$qossettings{'RED_DEV'} = `cat /var/ipfire/red/iface`;
+$qossettings{'RED_DEV'} = &General::get_red_interface();
my %color = ();
my %mainsettings = ();
open( FILE, "< $level7file" ) or die "Unable to read $level7file";
@l7rules = <FILE>;
close FILE;
- system("rm $level7file");
+ &General::system("rm", "$level7file");
foreach $l7ruleentry (sort @l7rules)
{
@l7ruleline = split( /\;/, $l7ruleentry );
close FILE;
}
}
- open( FILE, "< $level7file" ) or system("touch $level7file");close FILE;
+ open( FILE, "< $level7file" ) or &General::system("touch", "$level7file");close FILE;
} elsif ($qossettings{'DOLEVEL7'} eq $Lang::tr{'edit'})
{
open( FILE, "< $level7file" ) or die "Unable to read $level7file";
@l7rules = <FILE>;
close FILE;
- system("rm $level7file");
+ &General::system("rm", "$level7file");
foreach $l7ruleentry (sort @l7rules)
{
@l7ruleline = split( /\;/, $l7ruleentry );
}
}
&level7rule;
- open( FILE, "< $level7file" ) or system("touch $level7file");close FILE;
+ open( FILE, "< $level7file" ) or &General::system("touch", "$level7file");close FILE;
}
############################################################################################################################
open( FILE, "< $portfile" ) or die "Unable to read $portfile";
@portrules = <FILE>;
close FILE;
- system("rm $portfile");
+ &General::system("rm", "$portfile");
foreach $portruleentry (sort @portrules)
{
@portruleline = split( /\;/, $portruleentry );
}
}
&portrule;
- open( FILE, "< $portfile" ) or system("touch $portfile");close FILE;
+ open( FILE, "< $portfile" ) or &General::system("touch", "$portfile");close FILE;
}
############################################################################################################################
{
$qossettings{'ENABLED'} = 'on';
&General::writehash("${General::swroot}/qos/settings", \%qossettings);
- system("/usr/local/bin/qosctrl generate >/dev/null 2>&1");
- system("/usr/local/bin/qosctrl start >/dev/null 2>&1");
- system("logger -t ipfire 'QoS started'");
+ &General::system("/usr/local/bin/qosctrl", "generate");
+ &General::system("/usr/local/bin/qosctrl", "start");
+ &General::system("logger", "-t", "ipfire", "QoS started");
}
elsif ($qossettings{'ACTION'} eq $Lang::tr{'stop'})
{
$qossettings{'ENABLED'} = 'off';
&General::writehash("${General::swroot}/qos/settings", \%qossettings);
- system("/usr/local/bin/qosctrl stop >/dev/null 2>&1");
- system("/usr/local/bin/qosctrl generate >/dev/null 2>&1");
- system("logger -t ipfire 'QoS stopped'");
+ &General::system("/usr/local/bin/qosctrl", "stop");
+ &General::system("/usr/local/bin/qosctrl", "generate");
+ &General::system("logger", "-t", "ipfire", "QoS stopped");
}
elsif ($qossettings{'ACTION'} eq $Lang::tr{'restart'})
{
if ($qossettings{'ENABLED'} eq 'on'){
- system("/usr/local/bin/qosctrl stop >/dev/null 2>&1");
- system("/usr/local/bin/qosctrl generate >/dev/null 2>&1");
- system("/usr/local/bin/qosctrl start >/dev/null 2>&1");
- system("logger -t ipfire 'QoS restarted'");
+ &General::system("/usr/local/bin/qosctrl", "stop");
+ &General::system("/usr/local/bin/qosctrl", "generate");
+ &General::system("/usr/local/bin/qosctrl", "start");
+ &General::system("logger", "-t", "ipfire", "QoS restarted");
}
}
elsif ($qossettings{'ACTION'} eq $Lang::tr{'save'})
$qossettings{'ACK'} ="101";
$qossettings{'ENABLED'} = 'on';
&General::writehash("${General::swroot}/qos/settings", \%qossettings);
- system("/usr/local/bin/qosctrl generate >/dev/null 2>&1");
- system("/usr/local/bin/qosctrl start >/dev/null 2>&1");
- system("logger -t ipfire 'QoS started'");
+ &General::system("/usr/local/bin/qosctrl", "generate");
+ &General::system("/usr/local/bin/qosctrl", "start");
+ &General::system("logger", "-t", "ipfire", "QoS started");
} else {
$message = $Lang::tr{'qos enter bandwidths'};
}
&Header::openbox('100%', 'left', 'QoS Status');
if ($qossettings{'ENABLED'} eq 'on'){
my $output = "";
- $output = `/usr/local/bin/qosctrl status`;
- $output = &Header::cleanhtml($output,"y");
+ my @output = &General::system_output("/usr/local/bin/qosctrl", "status");
+ $output = &Header::cleanhtml(@output[0],"y");
print "<pre>$output</pre>\n";
} else { print "$Lang::tr{'QoS not enabled'}"; }
&Header::closebox();
{
$errormessage = $Lang::tr{'ssh no auth'};
}
- system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
+ &General::system('/usr/bin/touch', "${General::swroot}/remote/enablessh");
}
else
{
if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} || $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ){
if ($remotesettings{'ENABLE_SSH'} eq 'off')
{
- system ('/usr/bin/touch', "${General::swroot}/remote/enablessh");
- system('/usr/local/bin/sshctrl');
+ &General::system('/usr/bin/touch', "${General::swroot}/remote/enablessh");
+ &General::system('/usr/local/bin/sshctrl');
}
if ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart15'} ) { $counter = 900;}
elsif ( $remotesettings{'ACTION'} eq $Lang::tr{'ssh tempstart30'} ) { $counter = 1800;}
if ( -e $key )
{
- my @temp = split(/ /,`/usr/bin/ssh-keygen -l -f $key`);
+ # Use safe system_output function to call ssh-keygen and get the output from the tool.
+ my @ssh_keygen = &General::system_output("/usr/bin/ssh-keygen", "-l", "-f", "$key");
+
+ my @temp = split(/ /, $ssh_keygen[0]);
my $keysize = &Header::cleanhtml($temp[0],"y");
my $fingerprint = &Header::cleanhtml($temp[1],"y");
print "<tr><td><code>$key</code></td><td align='center'>$name</td><td><code>$fingerprint</code></td><td align='center'>$keysize</td></tr>\n";
sub printactivelogins()
{
# print active SSH logins (grep outpout of "who -s")
- my $command = "who -s";
- my @output = `$command`;
+ my @output = &General::system_output("who", "-s");
chomp(@output);
my $id = 0;
# Build the configuration file
#
sub BuildConfiguration {
- system '/usr/local/bin/rebuildroutes';
+ &General::system('/usr/local/bin/rebuildroutes');
}
############################################################################################################################
############################################# Samba Rootskript aufrufe fr SU-Actions #######################################
-if ($sambasettings{'ACTION'} eq 'smbuserdisable'){system("/usr/local/bin/sambactrl smbuserdisable $sambasettings{'NAME'}");}
-if ($sambasettings{'ACTION'} eq 'smbuserenable'){system("/usr/local/bin/sambactrl smbuserenable $sambasettings{'NAME'}");}
-if ($sambasettings{'ACTION'} eq 'smbuseradd'){system("/usr/local/bin/sambactrl smbuseradd $sambasettings{'USERNAME'} $sambasettings{'PASSWORD'}");}
-if ($sambasettings{'ACTION'} eq 'smbchangepw'){system("/usr/local/bin/sambactrl smbchangepw $sambasettings{'USERNAME'} $sambasettings{'PASSWORD'}");}
-if ($sambasettings{'ACTION'} eq 'smbrestart'){system("/usr/local/bin/sambactrl smbrestart");}
-if ($sambasettings{'ACTION'} eq 'smbstart'){system("/usr/local/bin/sambactrl smbstart");}
-if ($sambasettings{'ACTION'} eq 'smbstop'){system("/usr/local/bin/sambactrl smbstop");}
-if ($sambasettings{'ACTION'} eq 'smbreload'){system("/usr/local/bin/sambactrl smbreload");}
+if ($sambasettings{'ACTION'} eq 'smbuserdisable'){&General::system("/usr/local/bin/sambactrl", "smbuserdisable", "$sambasettings{'NAME'}");}
+if ($sambasettings{'ACTION'} eq 'smbuserenable'){&General::system("/usr/local/bin/sambactrl", "smbuserenable", "$sambasettings{'NAME'}");}
+if ($sambasettings{'ACTION'} eq 'smbuseradd'){&General::system("/usr/local/bin/sambactrl", "smbuseradd", "$sambasettings{'USERNAME'}", "$sambasettings{'PASSWORD'}");}
+if ($sambasettings{'ACTION'} eq 'smbchangepw'){&General::system("/usr/local/bin/sambactrl", "smbchangepw", "$sambasettings{'USERNAME'}", "$sambasettings{'PASSWORD'}");}
+if ($sambasettings{'ACTION'} eq 'smbrestart'){&General::system("/usr/local/bin/sambactrl", "smbrestart");}
+if ($sambasettings{'ACTION'} eq 'smbstart'){&General::system("/usr/local/bin/sambactrl", "smbstart");}
+if ($sambasettings{'ACTION'} eq 'smbstop'){&General::system("/usr/local/bin/sambactrl", "smbstop");}
+if ($sambasettings{'ACTION'} eq 'smbreload'){&General::system("/usr/local/bin/sambactrl", "smbreload");}
if ($sambasettings{'ACTION'} eq 'join') {
$message .= &joindomain($sambasettings{'USERNAME'}, $sambasettings{'PASSWORD'});
}
############################################################################################################################
########################################### Samba Benutzer oder PC l�chen #################################################
-if ($sambasettings{'ACTION'} eq 'userdelete'){system("/usr/local/bin/sambactrl smbuserdelete $sambasettings{'NAME'}");}
+if ($sambasettings{'ACTION'} eq 'userdelete'){&General::system("/usr/local/bin/sambactrl", "smbuserdelete", "$sambasettings{'NAME'}");}
############################################################################################################################
##################################### Umsetzen der Werte von Checkboxen und Dropdowns ######################################
# Write configuration to file
&writeconfiguration();
- system("/usr/local/bin/sambactrl smbreload");
+ &General::system("/usr/local/bin/sambactrl", "smbreload");
}
&General::readhash("${General::swroot}/samba/settings", \%sambasettings);
</tr>
END
- system('/usr/local/bin/sambactrl readsmbpasswd');
+ &General::system("/usr/local/bin/sambactrl", "readsmbpasswd");
open(FILE, "<${General::swroot}/samba/private/smbpasswd") or die "Can't read user file: $!";
my @users = <FILE>;
close(FILE);
- system('/usr/local/bin/sambactrl locksmbpasswd');
+ &General::system("/usr/local/bin/sambactrl", "locksmbpasswd");
my $lines = 0;
foreach $userentry (sort @users) {
close FILE;
-system("/usr/local/bin/sambactrl smbsafeconf");
-system("/usr/local/bin/sambactrl smbreload");
+&General::system("/usr/local/bin/sambactrl", "smbsafeconf");
+&General::system("/usr/local/bin/sambactrl", "smbreload");
}
sub isrunning
END
close FILE;
- system("/usr/local/bin/sambactrl smbsafeconf");
+ &General::system("/usr/local/bin/sambactrl", "smbsafeconf");
}
sub joindomain {
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2005-2010 IPFire Team #
+# Copyright (C) 2005-2021 IPFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
my $paramstr=$ENV{QUERY_STRING};
my @param=split(/!/, $paramstr);
if ($param[1] ne ''){
- system("/usr/local/bin/addonctrl @param[0] @param[1] > /dev/null 2>&1");
+ &General::system("/usr/local/bin/addonctrl", "$param[0]", "$param[1]");
}
print <<END
# Generate list of installed addon pak's
opendir (DIR, "/opt/pakfire/db/installed") || die "Cannot opendir /opt/pakfire/db/installed/: $!";
my @pak = sort readdir DIR;
+ closedir(DIR);
+
foreach (@pak){
chomp($_);
next unless (m/^meta-/);
print "<tr>";
$col="bgcolor='$color{'color20'}'";
}
+
print "<td align='left' $col width='31%'>$_</td> ";
my $status = isautorun($_,$col);
print "$status ";
&Header::closepage();
}
-sub isautorun{
- my $cmd = $_[0];
- my $col = $_[1];
+sub isautorun (@) {
+ my ($cmd, $col) = @_;
+
+ # Init directory.
+ my $initdir = "/etc/rc.d/rc3.d/";
+
my $status = "<td align='center' $col></td>";
- my $init = `find /etc/rc.d/rc3.d/S??${cmd} 2>/dev/null`;
- chomp ($init);
- if ($init ne ''){
+
+ # Check if autorun for the given cmd is enabled.
+ if ( &find_init("$cmd", "$initdir") ) {
+ # Adjust status.
$status = "<td align='center' $col><a href='services.cgi?$_!disable'><img alt='$Lang::tr{'deactivate'}' title='$Lang::tr{'deactivate'}' src='/images/on.gif' border='0' width='16' height='16' /></a></td>";
- }
- $init = `find /etc/rc.d/rc3.d/off/S??${cmd} 2>/dev/null`;
- chomp ($init);
- if ($init ne ''){
+ } else {
+ # Adjust status.
$status = "<td align='center' $col><a href='services.cgi?$_!enable'><img alt='$Lang::tr{'activate'}' title='$Lang::tr{'activate'}' src='/images/off.gif' border='0' width='16' height='16' /></a></td>";
}
+ # Return the status.
return $status;
}
-sub isrunning{
- my $cmd = $_[0];
- my $col = $_[1];
+sub find_init (@) {
+ my ($cmd, $dir) = @_;
+
+ # Open given init directory.
+ opendir (INITDIR, "$dir") || die "Cannot opendir $dir: $!";
+
+ # Read-in init files from directory.
+ my @inits = readdir(INITDIR);
+
+ # Close directory handle.
+ closedir(INITDIR);
+
+ # Loop through the directory.
+ foreach my $init (@inits) {
+ # Check if the current processed file belongs to the given command.
+ if ($init =~ /S\d+\d+$cmd\z/) {
+ # Found, return "1" - True.
+ return "1";
+ }
+ }
+
+ # Nothing found, return nothing.
+ return;
+}
+
+sub isrunning (@) {
+ my ($cmd, $col) = @_;
my $status = "<td align='center' bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td><td colspan='2' $col></td>";
my $pid = '';
my $testcmd = '';
return $status;
}
-sub isrunningaddon{
- my $cmd = $_[0];
- my $col = $_[1];
+sub isrunningaddon (@) {
+ my ($cmd, $col) = @_;
+
my $status = "<td align='center' bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td><td colspan='2' $col></td>";
my $pid = '';
my $testcmd = '';
my $exename;
my @memory;
- my $testcmd = `/usr/local/bin/addonctrl $_ status 2>/dev/null`;
+ my @testcmd = &General::system_output("/usr/local/bin/addonctrl", "$cmd", "status");
+ my $testcmd = @testcmd[0];
if ( $testcmd =~ /is\ running/ && $testcmd !~ /is\ not\ running/){
$status = "<td align='center' bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
if ($cgiparams{'ACTION'} eq $Lang::tr{'shutdown'}) {
$death = 1;
&General::log($Lang::tr{'shutting down ipfire'});
- system '/usr/local/bin/ipfirereboot down';
+ &General::system('/usr/local/bin/ipfirereboot', 'down');
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reboot'}) {
$rebirth = 1;
&General::log($Lang::tr{'rebooting ipfire'});
- system '/usr/local/bin/ipfirereboot boot';
+ &General::system('/usr/local/bin/ipfirereboot', 'boot');
}
if ($death == 0 && $rebirth == 0) {
}
}
-my $interface = `cat /var/ipfire/red/iface 2>/dev/null`;
-my @data_now = `ip -s link show $interface 2>/dev/null`;
+my $interface = &General::get_red_interface();
+my @data_now = &General::system_output("ip", "-s", "link", "show", "$interface");
my $lastline;
my $rxb_now = 0;
###############################################################################
use strict;
+use POSIX qw(strftime);
# enable only the following on debugging purpose
#use warnings;
if ($timesettings{'ENABLENTP'} eq 'on' && $timesettings{'VALID'} eq 'yes')
{
- system ('/usr/bin/touch', "${General::swroot}/time/enable");
- system ('/usr/local/bin/timectrl enable >/dev/null 2>&1');
+ &General::system('/usr/bin/touch', "${General::swroot}/time/enable");
+ &General::system('/usr/local/bin/timectrl', 'enable');
&General::log($Lang::tr{'ntp syncro enabled'});
unlink "/var/lock/time/counter";
if ($timesettings{'UPDATE_METHOD'} eq 'periodically')
}
if ($timesettings{'ENABLECLNTP'} eq 'on') # DPC added to 1.3.1
{
- system ('/usr/bin/touch', "${General::swroot}/time/allowclients"); # DPC added to 1.3.1
+ &General::system('/usr/bin/touch', "${General::swroot}/time/allowclients"); # DPC added to 1.3.1
&General::log($Lang::tr{'ntpd restarted'}); # DPC added to 1.3.1
} else {
unlink "${General::swroot}/time/allowclients";
unlink "${General::swroot}/time/enable";
unlink "/var/lock/time/settimenow";
unlink "${General::swroot}/time/allowclients"; # DPC added to 1.3.1
- system ('/usr/local/bin/timectrl disable >/dev/null 2>&1');
+ &General::system('/usr/local/bin/timectrl', 'disable');
&General::log($Lang::tr{'ntp syncro disabled'})
}
if (! $errormessage) {
- system ('/usr/local/bin/timectrl restart >/dev/null 2>&1'); # DPC added to 1.3.1
+ &General::system('/usr/local/bin/timectrl', 'restart'); # DPC added to 1.3.1
}
}
$timesettings{'ACTION'} = &Header::cleanhtml ($timesettings{'ACTION'});
if ($timesettings{'ACTION'} eq $Lang::tr{'set time now'} && $timesettings{'ENABLENTP'} eq 'on')
{
- system ('/usr/bin/touch', "/var/lock/time/settimenow");
+ &General::system('/usr/bin/touch', "/var/lock/time/settimenow");
}
&General::readhash("${General::swroot}/time/settings", \%timesettings);
}
unless ($errormessage) {
- $timesettings{'SETMONTH'} = `date +'%m %e %Y %H %M'|cut -c 1-2`;
- $timesettings{'SETDAY'} = `date +'%m %e %Y %H %M'|cut -c 4-5`;
- $timesettings{'SETYEAR'} = `date +'%m %e %Y %H %M'|cut -c 7-10`;
- $timesettings{'SETHOUR'} = `date +'%m %e %Y %H %M'|cut -c 12-13`;
- $timesettings{'SETMINUTES'} = `date +'%m %e %Y %H %M'|cut -c 15-16`;
+ # Get date and time.
+ my $date = strftime("%m %e %Y %H %M", localtime);
+
+ # Split date string into single values.
+ my ($month, $day, $year, $hour, $minute) = split(/ /, $date);
+
+ # Assign values to the hash.
+ $timesettings{'SETMONTH'} = $month;
+ $timesettings{'SETDAY'} = $day;
+ $timesettings{'SETYEAR'} = $year;
+ $timesettings{'SETHOUR'} = $hour;
+ $timesettings{'SETMINUTES'} = $minute;
$_=$timesettings{'SETDAY'};
$timesettings{'SETDAY'}=~ tr/ /0/;
}
# Restart the service.
if (($settings{'TOR_ENABLED'} eq 'on') || ($settings{'TOR_RELAY_ENABLED'} eq 'on')) {
- system("/usr/local/bin/torctrl restart &>/dev/null");
+ &General::system("/usr/local/bin/torctrl", "restart");
} else {
- system("/usr/local/bin/torctrl stop &>/dev/null");
+ &General::system("/usr/local/bin/torctrl", "stop");
}
# Update pid and memory
daemonstats();
print"No data for $device !<br>";
} else {
# Summary
- system("/usr/bin/vnstati -c 1 -s -i $device -o /srv/web/ipfire/html/graphs/vnstat-s-$device.png");
+ &General::system("/usr/bin/vnstati", "-c", "1", "-s", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-s-$device.png");
# 5-minute graphs
- system("/usr/bin/vnstati -c 1 -5 -i $device -o /srv/web/ipfire/html/graphs/vnstat-5-$device.png");
+ &General::system("/usr/bin/vnstati", "-c", "1", "-5", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-5-$device.png");
# Hour graph
- system("/usr/bin/vnstati -c 1 -h -i $device -o /srv/web/ipfire/html/graphs/vnstat-h-$device.png");
+ &General::system("/usr/bin/vnstati", "-c", "1", "-h", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-h-$device.png");
# Day graph
- system("/usr/bin/vnstati -c 1 -d -i $device -o /srv/web/ipfire/html/graphs/vnstat-d-$device.png");
+ &General::system("/usr/bin/vnstati", "-c", "1", "-d", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-d-$device.png");
# Month graph
- system("/usr/bin/vnstati -c 1 -m -i $device -o /srv/web/ipfire/html/graphs/vnstat-m-$device.png");
+ &General::system("/usr/bin/vnstati", "-c", "1", "-m", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-m-$device.png");
# Top10 graph
- system("/usr/bin/vnstati -c 1 -t -i $device -o /srv/web/ipfire/html/graphs/vnstat-t-$device.png");
+ &General::system("/usr/bin/vnstati", "-c", "1", "-t", "-i", "$device", "-o", "/srv/web/ipfire/html/graphs/vnstat-t-$device.png");
# Generate HTML-Table with the graphs
print <<END
if (($xlratorsettings{'REMOVE_NOSOURCE'} eq 'on') && ($status == $sfNoSource))
{
- if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+ if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
}
if (($xlratorsettings{'REMOVE_OUTDATED'} eq 'on') && ($status == $sfOutdated))
{
- if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+ if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
}
if ($xlratorsettings{'REMOVE_OBSOLETE'} eq 'on')
{
if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'week') && ($lastaccess < (time - 604800)))
{
- if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+ if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
}
if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'month1') && ($lastaccess < (time - 2505600)))
{
- if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+ if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
}
if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'month3') && ($lastaccess < (time - 7516800)))
{
- if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+ if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
}
if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'month6') && ($lastaccess < (time - 15033600)))
{
- if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+ if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
}
if (($xlratorsettings{'NOT_ACCESSED_LAST'} eq 'year') && ($lastaccess < (time - 31536000)))
{
- if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+ if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
}
}
}
&savesettings;
- system('/usr/local/bin/squidctrl restart >/dev/null 2>&1');
+ &General::system('/usr/local/bin/squidctrl', 'restart');
}
if ($xlratorsettings{'ACTION'} eq $Lang::tr{'updxlrtr remove file'})
unless ($updatefile =~ /^download\//)
{
($vendorid,$uuid,$updatefile) = split('/',$updatefile);
- if (-e "$repository/$vendorid/$uuid/$updatefile") { system("rm -r $repository/$vendorid/$uuid"); }
+ if (-e "$repository/$vendorid/$uuid/$updatefile") { &General::system("rm", "-r", "$repository/$vendorid/$uuid"); }
}
}
&General::readhash("$repository/download/$vendorid/$updatefile.info", \%dlinfo);
$id = &getPID("\\s${General::swroot}/updatexlrator/bin/download\\s.*\\s".quotemeta($dlinfo{'SRCURL'})."\\s\\d\\s\\d\$");
- if ($id) { system("/bin/kill -9 $id"); }
+ if ($id) { &General::system("/bin/kill", "-9", "$id"); }
$id = &getPID("\\s/usr/bin/wget\\s.*\\s".quotemeta($dlinfo{'SRCURL'})."\$");
- if ($id) { system("/bin/kill -9 $id"); }
+ if ($id) { &General::system("/bin/kill", "-9", "$id"); }
- system("rm $repository/download/$vendorid/$updatefile.info");
+ &General::system("rm", "$repository/download/$vendorid/$updatefile.info");
}
if (-e "$repository/download/$vendorid/$updatefile")
{
- system("rm $repository/download/$vendorid/$updatefile");
+ &General::system("rm", "$repository/download/$vendorid/$updatefile");
}
}
if (($xlratorsettings{'ENABLE_AUTOCHECK'} eq 'on') && ($xlratorsettings{'AUTOCHECK_SCHEDULE'} eq 'daily'))
{
- system('/usr/local/bin/updxlratorctrl cron daily >/dev/null 2>&1');
+ &General::system('/usr/local/bin/updxlratorctrl', 'cron', 'daily');
}
if (($xlratorsettings{'ENABLE_AUTOCHECK'} eq 'on') && ($xlratorsettings{'AUTOCHECK_SCHEDULE'} eq 'weekly'))
{
- system('/usr/local/bin/updxlratorctrl cron weekly >/dev/null 2>&1');
+ &General::system('/usr/local/bin/updxlratorctrl', 'cron', 'weekly');
}
if (($xlratorsettings{'ENABLE_AUTOCHECK'} eq 'on') && ($xlratorsettings{'AUTOCHECK_SCHEDULE'} eq 'monthly'))
{
- system('/usr/local/bin/updxlratorctrl cron monthly >/dev/null 2>&1');
+ &General::system('/usr/local/bin/updxlratorctrl', 'cron', 'monthly');
}
# don't save those variable to the settings file,
my $gdesc='';
if (! -d $dbdir) { mkdir("$dbdir"); }
-if (! -e $tcfile) { system("touch $tcfile"); }
-if (! -e $uqfile) { system("touch $uqfile"); }
-if (! -e $sourceurlfile) { system("touch $sourceurlfile"); }
+if (! -e $tcfile) { &General::system("touch", "$tcfile"); }
+if (! -e $uqfile) { &General::system("touch", "$uqfile"); }
+if (! -e $sourceurlfile) { &General::system("touch", "$sourceurlfile"); }
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
if (!(-d "${General::swroot}/urlfilter/update")) { mkdir("${General::swroot}/urlfilter/update"); }
- my $exitcode = system("/bin/tar --no-same-owner -xzf ${General::swroot}/urlfilter/blacklists.tar.gz -C ${General::swroot}/urlfilter/update");
+ my $exitcode = &General::system("/bin/tar", "--no-same-owner", "-xzf", "${General::swroot}/urlfilter/blacklists.tar.gz", "-C", "${General::swroot}/urlfilter/update");
if ($exitcode > 0)
{
if (-d "${General::swroot}/urlfilter/update/BL")
{
- system("mv ${General::swroot}/urlfilter/update/BL ${General::swroot}/urlfilter/update/blacklists");
+ &General::system("mv", "${General::swroot}/urlfilter/update/BL", "${General::swroot}/urlfilter/update/blacklists");
}
if (-d "${General::swroot}/urlfilter/update/category")
{
- system("mv ${General::swroot}/urlfilter/update/category ${General::swroot}/urlfilter/update/blacklists");
+ &General::system("mv", "${General::swroot}/urlfilter/update/category", "${General::swroot}/urlfilter/update/blacklists");
}
if (!(-d "${General::swroot}/urlfilter/update/blacklists"))
{
$errormessage = $Lang::tr{'urlfilter invalid content'};
} else {
+ # XXX Uses globbing
system("cp -r ${General::swroot}/urlfilter/update/blacklists/* $dbdir");
&readblockcategories;
&writeconfigfile;
$updatemessage = $Lang::tr{'urlfilter upload success'};
- system("${General::swroot}/urlfilter/bin/prebuild.pl &");
- system("logger -t installpackage[urlfilter] \"URL filter blacklist - Blacklist update from local source completed\"");
+ &General::system_background("${General::swroot}/urlfilter/bin/prebuild.pl");
+ &General::system("logger", "-t", "installpackage[urlfilter]", "URL filter blacklist - Blacklist update from local source completed");
}
}
- if (-d "${General::swroot}/urlfilter/update") { system("rm -rf ${General::swroot}/urlfilter/update"); }
+ if (-d "${General::swroot}/urlfilter/update") { &General::system("rm", "-rf", "${General::swroot}/urlfilter/update"); }
if (-e "${General::swroot}/urlfilter/blacklists.tar.gz") { unlink("${General::swroot}/urlfilter/blacklists.tar.gz"); }
if ($errormessage) { goto ERROR; }
}
if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter backup'})
{
$blistbackup = ($filtersettings{'ENABLE_FULLBACKUP'} eq 'on') ? "blacklists" : "blacklists/custom";
- if (system("/bin/tar -C ${General::swroot}/urlfilter -czf ${General::swroot}/urlfilter/backup.tar.gz settings timeconst userquota autoupdate $blistbackup"))
+ if (&General::system("/bin/tar", "-C", "${General::swroot}/urlfilter", "-czf", "${General::swroot}/urlfilter/backup.tar.gz", "settings", "timeconst", "userquota", "autoupdate", "$blistbackup"))
{
$errormessage = $Lang::tr{'urlfilter backup error'};
goto ERROR;
$errormessage = $!;
}
- my $exitcode = system("/bin/tar --no-same-owner --preserve-permissions -xzf ${General::swroot}/urlfilter/backup.tar.gz -C ${General::swroot}/urlfilter/restore");
+ my $exitcode = &General::system("/bin/tar", "--no-same-owner", "--preserve-permissions", "-xzf", "${General::swroot}/urlfilter/backup.tar.gz", "-C", "${General::swroot}/urlfilter/restore");
if ($exitcode > 0)
{
$errormessage = $Lang::tr{'urlfilter tar error'};
{
$errormessage = $Lang::tr{'urlfilter invalid restore file'};
} else {
+ # XXX uses globbing
system("cp -rp ${General::swroot}/urlfilter/restore/* ${General::swroot}/urlfilter/");
&readblockcategories;
&readcustomlists;
}
if (-e "${General::swroot}/urlfilter/backup.tar.gz") { unlink("${General::swroot}/urlfilter/backup.tar.gz"); }
- if (-d "${General::swroot}/urlfilter/restore") { system("rm -rf ${General::swroot}/urlfilter/restore"); }
+ if (-d "${General::swroot}/urlfilter/restore") { &General::system("rm", "-rf", "${General::swroot}/urlfilter/restore"); }
if ($errormessage) { goto ERROR; }
}
$filtersettings{'VALID'} = 'yes';
&savesettings;
- system('/usr/local/bin/squidctrl restart >/dev/null 2>&1');
+ &General::system('/usr/local/bin/squidctrl', 'restart');
}
}
$errormessage = $Lang::tr{'urlfilter web proxy service required'};
}
- if (!$errormessage) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
+ if (!$errormessage) { &General::system('/usr/local/bin/squidctrl', 'restart'); }
$tcsettings{'TCMODE'}='on';
}
$errormessage = $Lang::tr{'urlfilter web proxy service required'};
}
- if (!$errormessage) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
+ if (!$errormessage) { &General::system('/usr/local/bin/squidctrl', 'restart'); }
$uqsettings{'UQMODE'}='on';
}
$errormessage = $!;
} else {
- my $exitcode = system("/bin/tar --no-same-owner --preserve-permissions -xzf $editdir/blacklist.tar.gz -C $editdir");
+ my $exitcode = &General::system("/bin/tar", "--no-same-owner", "--preserve-permissions", "-xzf", "$editdir/blacklist.tar.gz", "-C", "$editdir");
if ($exitcode > 0)
{
$errormessage = $Lang::tr{'urlfilter tar error'};
}
}
- if (-d $editdir) { system("rm -rf $editdir"); }
+ if (-d $editdir) { &General::system("rm", "-rf", "$editdir"); }
}
}
print FILE "$besettings{'BE_EXPRESSIONS'}\n";
close FILE;
- if (system("/bin/tar -C $editdir -czf $editdir/$besettings{'BE_NAME'}.tar.gz blacklists"))
+ if (&General::system("/bin/tar", "-C", "$editdir", "-czf", "$editdir/$besettings{'BE_NAME'}.tar.gz", "blacklists"))
{
$errormessage = $Lang::tr{'urlfilter export error'};
}
while (<FILE>) { print; }
close (FILE);
- if (-d $editdir) { system("rm -rf $editdir"); }
+ if (-d $editdir) { &General::system("rm", "-rf", "$editdir"); }
exit;
}
} else {
print FILE "}\n";
close FILE;
+ # XXX uses globbing
system("rm -f $dbdir/$besettings{'BE_NAME'}/*.db");
- system("/usr/bin/squidGuard -c $editdir/install.conf -C all");
+ &General::system("/usr/bin/squidGuard", "-c", "$editdir/install.conf", "-C", "all");
+ # XXX uses globbing
system("chmod a+w $dbdir/$besettings{'BE_NAME'}/*.db");
&readblockcategories;
&writeconfigfile;
- system('/usr/local/bin/squidctrl restart >/dev/null 2>&1') unless ($besettings{'NORESTART'} eq 'on');
+ &General::system('/usr/local/bin/squidctrl', 'restart') unless ($besettings{'NORESTART'} eq 'on');
- if (-d $editdir) { system("rm -rf $editdir"); }
+ if (-d $editdir) { &General::system("rm", "-rf", "$editdir"); }
} else {
$errormessage = $Lang::tr{'urlfilter category data error'};
}
if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'daily'))
{
- system('/usr/local/bin/urlfilterctrl cron daily >/dev/null 2>&1');
+ &General::system('/usr/local/bin/urlfilterctrl', 'cron', 'daily');
}
if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'weekly'))
{
- system('/usr/local/bin/urlfilterctrl cron weekly >/dev/null 2>&1');
+ &General::system('/usr/local/bin/urlfilterctrl', 'cron', 'weekly');
}
if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'monthly'))
{
- system('/usr/local/bin/urlfilterctrl cron monthly >/dev/null 2>&1');
+ &General::system('/usr/local/bin/urlfilterctrl', 'cron', 'monthly');
}
}
}
{
$errormessage = $Lang::tr{'urlfilter custom url required'};
} else {
- system("${General::swroot}/urlfilter/bin/autoupdate.pl $filtersettings{'CUSTOM_UPDATE_URL'} &");
+ &General::system_background("${General::swroot}/urlfilter/bin/autoupdate.pl", "$filtersettings{'CUSTOM_UPDATE_URL'}");
}
} else {
- system("${General::swroot}/urlfilter/bin/autoupdate.pl $filtersettings{'UPDATE_SOURCE'} &");
+ &General::system_background("${General::swroot}/urlfilter/bin/autoupdate.pl", "$filtersettings{'UPDATE_SOURCE'}");
}
}
delete $filtersettings{'BACKGROUND'};
delete $filtersettings{'UPDATEFILE'};
- system("chown -R nobody.nobody $dbdir");
- system('/usr/bin/squidGuard -C custom/allowed/domains >/dev/null 2>&1');
- system('/usr/bin/squidGuard -C custom/allowed/urls >/dev/null 2>&1');
- system('/usr/bin/squidGuard -C custom/blocked/domains >/dev/null 2>&1');
- system('/usr/bin/squidGuard -C custom/blocked/urls >/dev/null 2>&1 ');
+ &General::system("chown", "-R", "nobody.nobody", "$dbdir");
+ &General::system('/usr/bin/squidGuard', '-C', 'custom/allowed/domains');
+ &General::system('/usr/bin/squidGuard', '-C', 'custom/allowed/urls');
+ &General::system('/usr/bin/squidGuard', '-C', 'custom/blocked/domains');
+ &General::system('/usr/bin/squidGuard', '-C', 'custom/blocked/urls');
&setpermissions ($dbdir);
&General::writehash("${General::swroot}/urlfilter/settings", \%filtersettings);
foreach $category (<$bldir/*>)
{
if (-d $category){
- system("chmod 755 $category &> /dev/null");
+ &General::system("chmod", "755", "$category");
foreach $blacklist (<$category/*>)
{
- if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); }
- if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); }
+ if (-f $blacklist) { &General::system("chmod", "644", "$blacklist"); }
+ if (-d $blacklist) { &General::system("chmod", "755", "$blacklist"); }
}
+ # XXX uses globbing
system("chmod 666 $category/*.db &> /dev/null");
&setpermissions ($category);
}
close FILE;
}
if (! -s ">${General::swroot}/certs/index.txt") {
- system ("touch ${General::swroot}/certs/index.txt");
+ open(FILE, ">${General::swroot}/certs/index.txt");
+ close(FILE);
}
if (! -s ">${General::swroot}/certs/index.txt.attr") {
- system ("touch ${General::swroot}/certs/index.txt.attr");
+ open(FILE, ">${General::swroot}/certs/index.txt.attr");
+ close(FILE);
}
unlink ("${General::swroot}/certs/index.txt.old");
unlink ("${General::swroot}/certs/index.txt.attr.old");
###
sub callssl ($) {
my $opt = shift;
- my $retssl = `/usr/bin/openssl $opt 2>&1`; #redirect stderr
+
+ # Split the given argument string into single pieces and assign them to an array.
+ my @opts = split(/ /, $opt);
+
+ my @retssl = &General::system_output("/usr/bin/openssl", @opts); #redirect stderr
my $ret = '';
- foreach my $line (split (/\n/, $retssl)) {
+ foreach my $line (split (/\n/, @retssl)) {
&General::log("ipsec", "$line") if (0); # 1 for verbose logging
$ret .= '<br>'.$line if ( $line =~ /error|unknown/ );
}
###
sub getCNfromcert ($) {
#&General::log("ipsec", "Extracting name from $_[0]...");
- my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
- $temp =~ /Subject:.*CN = (.*)[\n]/;
- $temp = $1;
- $temp =~ s+/Email+, E+;
- $temp =~ s/ ST = / S = /;
- $temp =~ s/,//g;
- $temp =~ s/\'//g;
+ my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
+ my $temp;
+
+ foreach my $line (@temp) {
+ if ($line =~ /Subject:.*CN = (.*)[\n]/) {
+ $temp = $1;
+ $temp =~ s+/Email+, E+;
+ $temp =~ s/ ST = / S = /;
+ $temp =~ s/,//g;
+ $temp =~ s/\'//g;
+
+ last;
+ }
+ }
+
return $temp;
}
###
###
sub getsubjectfromcert ($) {
#&General::log("ipsec", "Extracting subject from $_[0]...");
- my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
- $temp =~ /Subject: (.*)[\n]/;
- $temp = $1;
- $temp =~ s+/Email+, E+;
- $temp =~ s/ ST = / S = /;
+ my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
+ my $temp;
+
+ foreach my $line (@temp) {
+ if($line =~ /Subject: (.*)[\n]/) {
+ $temp = $1;
+ $temp =~ s+/Email+, E+;
+ $temp =~ s/ ST = / S = /;
+
+ last;
+ }
+ }
+
return $temp;
}
###
&General::writehash("${General::swroot}/vpn/settings", \%vpnsettings);
&writeipsecfiles();
if (&vpnenabled) {
- system('/usr/local/bin/ipsecctrl', 'S');
+ &General::system('/usr/local/bin/ipsecctrl', 'S');
} else {
- system('/usr/local/bin/ipsecctrl', 'D');
+ &General::system('/usr/local/bin/ipsecctrl', 'D');
}
sleep $sleepDelay;
SAVE_ERROR:
}
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
- system('/usr/local/bin/ipsecctrl', 'R');
+ &General::system('/usr/local/bin/ipsecctrl', 'R');
sleep $sleepDelay;
###
$errormessage = $!;
goto UPLOADCA_ERROR;
}
- my $temp = `/usr/bin/openssl x509 -text -in $filename`;
- if ($temp !~ /CA:TRUE/i) {
+ my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename");
+ if (! grep(/CA:TRUE/, @temp)) {
$errormessage = $Lang::tr{'not a valid ca certificate'};
unlink ($filename);
goto UPLOADCA_ERROR;
$cahash{$key}[1] = &Header::cleanhtml(getsubjectfromcert ("${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem"));
&General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash);
- system('/usr/local/bin/ipsecctrl', 'R');
+ &General::system('/usr/local/bin/ipsecctrl', 'R');
sleep $sleepDelay;
UPLOADCA_ERROR:
&Header::openpage($Lang::tr{'ipsec'}, 1, '');
&Header::openbigbox('100%', 'left', '', '');
&Header::openbox('100%', 'left', "$Lang::tr{'ca certificate'}:");
- my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+ my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
print "Content-Type: application/force-download\n";
print "Content-Type: application/octet-stream\r\n";
print "Content-Disposition: attachment; filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
- print `/usr/bin/openssl x509 -in ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
+
+ my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
+ print "@cert";
exit(0);
} else {
$errormessage = $Lang::tr{'invalid key'};
if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
foreach my $key (keys %confighash) {
- my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/certs/$confighash{$key}[1]cert.pem`;
- if ($test =~ /: OK/) {
+ my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/certs/$confighash{$key}[1]cert.pem");
+ if (grep(/: OK/, @test)) {
# Delete connection
unlink ("${General::swroot}/certs/$confighash{$key}[1]cert.pem");
unlink ("${General::swroot}/certs/$confighash{$key}[1].p12");
delete $confighash{$key};
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
- system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled);
+ &General::system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled);
}
}
unlink ("${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
delete $cahash{$cgiparams{'KEY'}};
&General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash);
- system('/usr/local/bin/ipsecctrl', 'R');
+ &General::system('/usr/local/bin/ipsecctrl', 'R');
sleep $sleepDelay;
} else {
$errormessage = $Lang::tr{'invalid key'};
my $assignedcerts = 0;
if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
foreach my $key (keys %confighash) {
- my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/certs/$confighash{$key}[1]cert.pem`;
- if ($test =~ /: OK/) {
+ my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/certs/$confighash{$key}[1]cert.pem");
+ if (grep(/: OK/, @test)) {
$assignedcerts++;
}
}
unlink ("${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
delete $cahash{$cgiparams{'KEY'}};
&General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash);
- system('/usr/local/bin/ipsecctrl', 'R');
+ &General::system('/usr/local/bin/ipsecctrl', 'R');
sleep $sleepDelay;
}
} else {
###
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
$cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
- my $output;
+ my @output;
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'ipsec'}, 1, '');
&Header::openbigbox('100%', 'left', '', '');
if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
&Header::openbox('100%', 'left', "$Lang::tr{'root certificate'}:");
- $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ca/cacert.pem`;
+ @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ca/cacert.pem");
} else {
&Header::openbox('100%', 'left', "$Lang::tr{'host certificate'}:");
- $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/certs/hostcert.pem`;
+ @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/hostcert.pem");
}
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
if ( -f "${General::swroot}/ca/cacert.pem" ) {
print "Content-Type: application/force-download\n";
print "Content-Disposition: attachment; filename=cacert.pem\r\n\r\n";
- print `/usr/bin/openssl x509 -in ${General::swroot}/ca/cacert.pem`;
+
+ my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ca/cacert.pem");
+ print "@cert";
exit(0);
}
###
if ( -f "${General::swroot}/certs/hostcert.pem" ) {
print "Content-Type: application/force-download\n";
print "Content-Disposition: attachment; filename=hostcert.pem\r\n\r\n";
- print `/usr/bin/openssl x509 -in ${General::swroot}/certs/hostcert.pem`;
+
+ my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/certs/hostcert.pem");
+ print "@cert";
exit(0);
}
###
ROOTCERT_SUCCESS:
if (&vpnenabled) {
- system('/usr/local/bin/ipsecctrl', 'S');
+ &General::system('/usr/local/bin/ipsecctrl', 'S');
sleep $sleepDelay;
}
ROOTCERT_SKIP:
print "Content-Type: application/force-download\n";
print "Content-Disposition: attachment; filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
print "Content-Type: application/octet-stream\r\n\r\n";
- print `/bin/cat ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
+
+ open(FILE, "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+ my @p12 = <FILE>;
+ close(FILE);
+ print "@file";
+
exit (0);
# Export Apple profile to browser
&Header::openpage($Lang::tr{'ipsec'}, 1, '');
&Header::openbigbox('100%', 'left', '', '');
&Header::openbox('100%', 'left', "$Lang::tr{'cert'}:");
- my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+ my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
if ( -f "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
print "Content-Type: application/force-download\n";
print "Content-Disposition: attachment; filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\n\n";
- print `/bin/cat ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
+
+ open(FILE, "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+ my @pem = <FILE>;
+ close(FILE);
+ print "@pem";
+
exit (0);
}
$confighash{$cgiparams{'KEY'}}[0] = 'on';
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
- system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled);
+ &General::system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled);
} else {
$confighash{$cgiparams{'KEY'}}[0] = 'off';
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
- system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
+ &General::system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
}
sleep $sleepDelay;
} else {
if ($confighash{$cgiparams{'KEY'}}) {
if (&vpnenabled) {
- system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
+ &General::system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
sleep $sleepDelay;
}
} else {
delete $confighash{$cgiparams{'KEY'}};
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
- system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
+ &General::system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
} else {
$errormessage = $Lang::tr{'invalid key'};
}
unshift (@names,$cahash{$x}[0]);
}
if ($casubject) { # a new one!
- my $temp = `/usr/bin/openssl x509 -text -in /tmp/newcacert`;
- if ($temp !~ /CA:TRUE/i) {
+ my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "/tmp/newcacert");
+ if (! grep(/CA:TRUE/, @temp)) {
$errormessage = $Lang::tr{'not a valid ca certificate'};
} else {
#compute a name for it
$cahash{$key}[0] = $cgiparams{'CA_NAME'};
$cahash{$key}[1] = $casubject;
&General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash);
- system('/usr/local/bin/ipsecctrl', 'R');
+ &General::system('/usr/local/bin/ipsecctrl', 'R');
}
}
}
# Verify the certificate has a valid CA and move it
&General::log("ipsec", "Validating imported cert against our known CA...");
my $validca = 1; #assume ok
- my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/cacert.pem $filename`;
- if ($test !~ /: OK/) {
+ my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/cacert.pem", "$filename");
+ if (! grep(/: OK/, @test)) {
my $validca = 0;
foreach my $key (keys %cahash) {
- $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$key}[0]cert.pem $filename`;
- if ($test =~ /: OK/) {
+ @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ca/$cahash{$key}[0]cert.pem", "$filename");
+ if (grep(/: OK/, @test)) {
$validca = 1;
last;
}
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
if (&vpnenabled) {
- system('/usr/local/bin/ipsecctrl', 'S', $key);
+ &General::system('/usr/local/bin/ipsecctrl', 'S', $key);
sleep $sleepDelay;
}
if ($cgiparams{'EDIT_ADVANCED'} eq 'on') {
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
if (&vpnenabled) {
- system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
+ &General::system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
sleep $sleepDelay;
}
goto ADVANCED_END;
&General::readhasharray("${General::swroot}/vpn/config", \%confighash);
$cgiparams{'CA_NAME'} = '';
- my @status = `/usr/local/bin/ipsecctrl I 2>/dev/null`;
+ my @status = &General::system_output("/usr/local/bin/ipsecctrl", "I");
$checked{'ENABLED'} = $cgiparams{'ENABLED'} eq 'on' ? "checked='checked'" : '';
undef %cgiparams;
- system("/usr/sbin/etherwake -i $iface $mac");
+ &General::system("/usr/sbin/etherwake", "-i", "$iface", "$mac");
# make a box with info, 'refresh' to normal screen after 5 seconds
if ( $refresh eq 'yes' )
((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))
{
&write_acl;
- system("/usr/local/bin/squidctrl restart >/dev/null 2>&1");
+ &General::system("/usr/local/bin/squidctrl", "restart");
}
}
close(FILE);
undef %cgiparams;
&General::log($Lang::tr{'wireless config added'});
- system('/usr/local/bin/wirelessctrl');
+ &General::system('/usr/local/bin/wirelessctrl');
}
ADDEXIT:
}
}
}
&General::log($Lang::tr{'wireless config changed'});
- system('/usr/local/bin/wirelessctrl');
+ &General::system('/usr/local/bin/wirelessctrl');
}
if ($cgiparams{'ACTION'} eq 'remove' || $cgiparams{'ACTION'} eq 'toggle')
}
close(FILE);
&General::log($Lang::tr{'wireless config changed'});
- system('/usr/local/bin/wirelessctrl');
+ &General::system('/usr/local/bin/wirelessctrl');
}
close (HOSTFILE);
my $connstate = &Header::connectionstatus();
-my @arp = `/sbin/arp -n`;
+my @arp = &General::system_output("/sbin/arp", "-n");
shift @arp;
foreach my $line (@current)
}
sub BuildConfiguration() {
- system("/usr/local/bin/wirelessclient restart");
+ &General::system("/usr/local/bin/wirelessclient", "restart");
}
sub NextID() {
&General::writehash("/var/ipfire/wlanap/settings", \%wlanapsettings);
&WriteConfig_hostapd();
- system("/usr/local/bin/wlanapctrl restart >/dev/null 2>&1");
+ &General::system("/usr/local/bin/wlanapctrl", "restart");
pid();
}
}elsif ( $wlanapsettings{'ACTION'} eq "$Lang::tr{'wlanap interface'}" ){
&General::writehash("/var/ipfire/wlanap/settings", \%wlanapsettings);
}elsif ( ($wlanapsettings{'ACTION'} eq "$Lang::tr{'start'}") && ($memory == 0) ){
- system("/usr/local/bin/wlanapctrl start >/dev/null 2>&1");
+ &General::system("/usr/local/bin/wlanapctrl", "start");
pid();
}elsif ( $wlanapsettings{'ACTION'} eq "$Lang::tr{'stop'}" ){
- system("/usr/local/bin/wlanapctrl stop >/dev/null 2>&1");
+ &General::system("/usr/local/bin/wlanapctrl", "stop");
$memory=0;
}