#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.16.42-ipfire
-# Mon Mar 19 13:34:52 2007
+# Sat Mar 24 12:58:07 2007
#
CONFIG_X86_32=y
CONFIG_SEMAPHORE_SLEEPERS=y
CONFIG_OBSOLETE_MODPARM=y
CONFIG_MODVERSIONS=y
# CONFIG_MODULE_SRCVERSION_ALL is not set
-# CONFIG_KMOD is not set
+CONFIG_KMOD=y
#
# Block layer
CONFIG_ACPI_PROCESSOR=m
CONFIG_ACPI_THERMAL=m
# CONFIG_ACPI_ASUS is not set
-CONFIG_ACPI_IBM=m
+# CONFIG_ACPI_IBM is not set
# CONFIG_ACPI_TOSHIBA is not set
# CONFIG_ACPI_CUSTOM_DSDT is not set
CONFIG_ACPI_BLACKLIST_YEAR=0
# KLIPS options
#
CONFIG_KLIPS_ESP=y
-# CONFIG_KLIPS_AH is not set
+CONFIG_KLIPS_AH=y
CONFIG_KLIPS_AUTH_HMAC_MD5=y
CONFIG_KLIPS_AUTH_HMAC_SHA1=y
-# CONFIG_KLIPS_ENC_CRYPTOAPI is not set
+CONFIG_KLIPS_ENC_CRYPTOAPI=y
+CONFIG_KLIPS_ENC_1DES=y
CONFIG_KLIPS_ENC_3DES=y
CONFIG_KLIPS_ENC_AES=y
CONFIG_KLIPS_ENC_NULL=y
CONFIG_REISERFS_FS_XATTR=y
CONFIG_REISERFS_FS_POSIX_ACL=y
CONFIG_REISERFS_FS_SECURITY=y
-# CONFIG_JFS_FS is not set
+CONFIG_JFS_FS=m
+CONFIG_JFS_POSIX_ACL=y
+CONFIG_JFS_SECURITY=y
+# CONFIG_JFS_DEBUG is not set
+CONFIG_JFS_STATISTICS=y
CONFIG_FS_POSIX_ACL=y
CONFIG_XFS_FS=m
CONFIG_XFS_EXPORT=y
CONFIG_XFS_QUOTA=y
CONFIG_XFS_SECURITY=y
CONFIG_XFS_POSIX_ACL=y
-CONFIG_XFS_RT=y
+# CONFIG_XFS_RT is not set
# CONFIG_OCFS2_FS is not set
CONFIG_MINIX_FS=y
# CONFIG_ROMFS_FS is not set
CONFIG_DNOTIFY=y
# CONFIG_AUTOFS_FS is not set
# CONFIG_AUTOFS4_FS is not set
-CONFIG_FUSE_FS=m
+# CONFIG_FUSE_FS is not set
#
# CD-ROM/DVD Filesystems
# CONFIG_NLS_CODEPAGE_437 is not set
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
-# CONFIG_NLS_CODEPAGE_850 is not set
+CONFIG_NLS_CODEPAGE_850=y
# CONFIG_NLS_CODEPAGE_852 is not set
# CONFIG_NLS_CODEPAGE_855 is not set
# CONFIG_NLS_CODEPAGE_857 is not set
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
# CONFIG_NLS_ASCII is not set
-# CONFIG_NLS_ISO8859_1 is not set
+CONFIG_NLS_ISO8859_1=y
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
# CONFIG_NLS_ISO8859_15 is not set
# CONFIG_NLS_KOI8_R is not set
# CONFIG_NLS_KOI8_U is not set
-# CONFIG_NLS_UTF8 is not set
+CONFIG_NLS_UTF8=y
#
# Instrumentation Support
#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.16.42-ipfire
-# Fri Mar 16 12:03:27 2007
+# Sat Mar 24 12:58:22 2007
#
CONFIG_X86_32=y
CONFIG_SEMAPHORE_SLEEPERS=y
CONFIG_OBSOLETE_MODPARM=y
CONFIG_MODVERSIONS=y
# CONFIG_MODULE_SRCVERSION_ALL is not set
-# CONFIG_KMOD is not set
+CONFIG_KMOD=y
CONFIG_STOP_MACHINE=y
#
CONFIG_ACPI_PROCESSOR=m
CONFIG_ACPI_THERMAL=m
# CONFIG_ACPI_ASUS is not set
-CONFIG_ACPI_IBM=m
+# CONFIG_ACPI_IBM is not set
# CONFIG_ACPI_TOSHIBA is not set
# CONFIG_ACPI_CUSTOM_DSDT is not set
CONFIG_ACPI_BLACKLIST_YEAR=0
# KLIPS options
#
CONFIG_KLIPS_ESP=y
-# CONFIG_KLIPS_AH is not set
+CONFIG_KLIPS_AH=y
CONFIG_KLIPS_AUTH_HMAC_MD5=y
CONFIG_KLIPS_AUTH_HMAC_SHA1=y
-# CONFIG_KLIPS_ENC_CRYPTOAPI is not set
+CONFIG_KLIPS_ENC_CRYPTOAPI=y
+CONFIG_KLIPS_ENC_1DES=y
CONFIG_KLIPS_ENC_3DES=y
CONFIG_KLIPS_ENC_AES=y
CONFIG_KLIPS_ENC_NULL=y
CONFIG_REISERFS_FS_XATTR=y
CONFIG_REISERFS_FS_POSIX_ACL=y
CONFIG_REISERFS_FS_SECURITY=y
-# CONFIG_JFS_FS is not set
+CONFIG_JFS_FS=m
+CONFIG_JFS_POSIX_ACL=y
+CONFIG_JFS_SECURITY=y
+# CONFIG_JFS_DEBUG is not set
+CONFIG_JFS_STATISTICS=y
CONFIG_FS_POSIX_ACL=y
CONFIG_XFS_FS=m
CONFIG_XFS_EXPORT=y
CONFIG_XFS_QUOTA=y
CONFIG_XFS_SECURITY=y
CONFIG_XFS_POSIX_ACL=y
-CONFIG_XFS_RT=y
+# CONFIG_XFS_RT is not set
# CONFIG_OCFS2_FS is not set
CONFIG_MINIX_FS=y
# CONFIG_ROMFS_FS is not set
CONFIG_DNOTIFY=y
# CONFIG_AUTOFS_FS is not set
# CONFIG_AUTOFS4_FS is not set
-CONFIG_FUSE_FS=m
+# CONFIG_FUSE_FS is not set
#
# CD-ROM/DVD Filesystems
# CONFIG_NLS_CODEPAGE_437 is not set
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
-# CONFIG_NLS_CODEPAGE_850 is not set
+CONFIG_NLS_CODEPAGE_850=y
# CONFIG_NLS_CODEPAGE_852 is not set
# CONFIG_NLS_CODEPAGE_855 is not set
# CONFIG_NLS_CODEPAGE_857 is not set
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
# CONFIG_NLS_ASCII is not set
-# CONFIG_NLS_ISO8859_1 is not set
+CONFIG_NLS_ISO8859_1=y
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
# CONFIG_NLS_ISO8859_15 is not set
# CONFIG_NLS_KOI8_R is not set
# CONFIG_NLS_KOI8_U is not set
-# CONFIG_NLS_UTF8 is not set
+CONFIG_NLS_UTF8=y
#
# Instrumentation Support
* ipp2p-0.8.2
* ipp2p-0.8.2-iptables
* iproute2-2.6.16-060323
+* iptables-1.3.5
* iptables-1.3.7
* iptraf-3.0.0
* iptstate-2.1
#
# (c) The SmoothWall Team
#
-# $Id: status.cgi,v 1.6.2.7 2005/02/24 07:44:35 gespinasse Exp $
#
use strict;
# enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
# is also the name of the program
my %servicenames =
(
- $Lang::tr{'dhcp server'} => 'dhcpd',
- $Lang::tr{'web server'} => 'httpd',
- $Lang::tr{'cron server'} => 'fcron',
- $Lang::tr{'dns proxy server'} => 'dnsmasq',
- $Lang::tr{'logging server'} => 'syslogd',
- $Lang::tr{'kernel logging server'} => 'klogd',
- $Lang::tr{'ntp server'} => 'ntpd',
- $Lang::tr{'secure shell server'} => 'sshd',
- $Lang::tr{'vpn'} => 'pluto',
- $Lang::tr{'web proxy'} => 'squid',
- 'OpenVPN' => 'openvpn'
+ $Lang::tr{'dhcp server'} => 'dhcpd',
+ $Lang::tr{'web server'} => 'httpd',
+ $Lang::tr{'cron server'} => 'fcron',
+ $Lang::tr{'dns proxy server'} => 'dnsmasq',
+ $Lang::tr{'logging server'} => 'syslogd',
+ $Lang::tr{'kernel logging server'} => 'klogd',
+ $Lang::tr{'ntp server'} => 'ntpd',
+ $Lang::tr{'secure shell server'} => 'sshd',
+ $Lang::tr{'vpn'} => 'pluto',
+ $Lang::tr{'web proxy'} => 'squid',
+ 'OpenVPN' => 'openvpn'
);
my $iface = '';
if (open(FILE, "${General::swroot}/red/iface"))
{
- $iface = <FILE>;
- close FILE;
- chomp $iface;
+ $iface = <FILE>;
+ close FILE;
+ chomp $iface;
}
$servicenames{"$Lang::tr{'intrusion detection system'} (RED)"} = "snort_${iface}";
$servicenames{"$Lang::tr{'intrusion detection system'} (GREEN)"} = "snort_$netsettings{'GREEN_DEV'}";
if ($netsettings{'ORANGE_DEV'} ne '') {
- $servicenames{"$Lang::tr{'intrusion detection system'} (ORANGE)"} = "snort_$netsettings{'ORANGE_DEV'}";
+ $servicenames{"$Lang::tr{'intrusion detection system'} (ORANGE)"} = "snort_$netsettings{'ORANGE_DEV'}";
}
if ($netsettings{'BLUE_DEV'} ne '') {
- $servicenames{"$Lang::tr{'intrusion detection system'} (BLUE)"} = "snort_$netsettings{'BLUE_DEV'}";
+ $servicenames{"$Lang::tr{'intrusion detection system'} (BLUE)"} = "snort_$netsettings{'BLUE_DEV'}";
}
+my %dhcpsettings=();
+my %netsettings=();
+my %dhcpinfo=();
+my %pppsettings=();
+my $output='';
+
+&General::readhash("${General::swroot}/dhcp/settings", \%dhcpsettings);
+&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+&General::readhash("${General::swroot}/ppp/settings", \%pppsettings);
+
&Header::showhttpheaders();
&Header::getcgihash(\%cgiparams);
my $key = '';
foreach $key (sort keys %servicenames)
{
- if ($lines % 2) {
- print "<tr bgcolor='${Header::table1colour}'>\n"; }
- else {
- print "<tr bgcolor='${Header::table2colour}'>\n"; }
- print "<td align='left'>$key</td>\n";
- my $shortname = $servicenames{$key};
- my $status = &isrunning($shortname);
- print "$status\n";
- print "</tr>\n";
- $lines++;
+ if ($lines % 2) {
+ print "<tr bgcolor='${Header::table1colour}'>\n"; }
+ else {
+ print "<tr bgcolor='${Header::table2colour}'>\n"; }
+ print "<td align='left'>$key</td>\n";
+ my $shortname = $servicenames{$key};
+ my $status = &isrunning($shortname);
+ print "$status\n";
+ print "</tr>\n";
+ $lines++;
}
&Header::closebox();
-&Header::openbox('100%', 'left', $Lang::tr{'memory'});
+&Header::openbox('100%', 'center', $Lang::tr{'memory'});
print "<table><tr><td><table>";
my $ram=0;
my $size=0;
open(FREE,'/usr/bin/free |');
while(<FREE>)
{
- if ($_ =~ m/^\s+total\s+used\s+free\s+shared\s+buffers\s+cached$/ )
- {
+ if ($_ =~ m/^\s+total\s+used\s+free\s+shared\s+buffers\s+cached$/ )
+ {
print <<END
<tr>
<td> </td>
;
&Header::closebox();
-&Header::openbox('100%', 'left', $Lang::tr{'disk usage'});
-print "<table>\n";
+&Header::openbox('100%', 'center', $Lang::tr{'disk usage'});
+print "<table width=66%>\n";
open(DF,'/bin/df -B M -x rootfs|');
while(<DF>)
{
- if ($_ =~ m/^Filesystem/ )
- {
- print <<END
+ if ($_ =~ m/^Filesystem/ )
+ {
+ print <<END
<tr>
<td align='left' class='boldbase'><b>$Lang::tr{'device'}</b></td>
<td align='left' class='boldbase'><b>$Lang::tr{'mounted on'}</b></td>
</tr>
END
;
- }
- else
- {
- my ($device,$size,$used,$free,$percent,$mount) = split;
- print <<END
+ }
+ else
+ {
+ my ($device,$size,$used,$free,$percent,$mount) = split;
+ print <<END
<tr>
<td>$device</td>
<td>$mount</td>
<td>
END
;
- &percentbar($percent);
- print <<END
+ &percentbar($percent);
+ print <<END
</td>
<td align='right'>$percent</td>
</tr>
END
;
- }
+ }
+}
+close DF;
+print "<tr><td colspan='6'> \n<tr><td colspan='6'><h2>Inodes</h2>\n";
+
+open(DF,'/bin/df -i -x rootfs|');
+while(<DF>)
+{
+ if ($_ =~ m/^Filesystem/ )
+ {
+ print <<END
+<tr>
+<td align='left' class='boldbase'><b>$Lang::tr{'device'}</b></td>
+<td align='left' class='boldbase'><b>$Lang::tr{'mounted on'}</b></td>
+<td align='center' class='boldbase'><b>$Lang::tr{'size'}</b></td>
+<td align='center' class='boldbase'><b>$Lang::tr{'used'}</b></td>
+<td align='center' class='boldbase'><b>$Lang::tr{'free'}</b></td>
+<td align='left' class='boldbase' colspan='2'><b>$Lang::tr{'percentage'}</b></td>
+</tr>
+END
+;
+ }
+ else
+ {
+ my ($device,$size,$used,$free,$percent,$mount) = split;
+ print <<END
+<tr>
+<td>$device</td>
+<td>$mount</td>
+<td align='right'>$size</td>
+<td align='right'>$used</td>
+<td align='right'>$free</td>
+<td>
+END
+;
+ &percentbar($percent);
+ print <<END
+</td>
+<td align='right'>$percent</td>
+</tr>
+END
+;
+ }
}
close DF;
print "</table>\n";
&Header::closebox();
-&Header::openbox('100%', 'left', $Lang::tr{'uptime and users'});
-my $output = `/usr/bin/who`;
+&Header::openbox('100%', 'left', $Lang::tr{'interfaces'});
+$output = `/sbin/ifconfig`;
+$output = &Header::cleanhtml($output,"y");
+
+my @itfs = ('ORANGE','BLUE','GREEN');
+foreach my $itf (@itfs) {
+ my $ColorName='';
+ my $lc_itf=lc($itf);
+ my $dev = $netsettings{"${itf}_DEV"};
+ if ($dev){
+ $ColorName = "${lc_itf}"; #dereference variable name...
+ $output =~ s/$dev/<b><font color="$ColorName">$dev<\/font><\/b>/ ;
+ }
+}
+
+if (open(REDIFACE, "${General::swroot}/red/iface")) {
+ my $lc_itf='red';
+ my $reddev = <REDIFACE>;
+ close(REDIFACE);
+ chomp $reddev;
+ $output =~ s/$reddev/<b><font color='red'>${reddev}<\/font><\/b>/;
+}
+print "<pre>$output</pre>\n";
+&Header::closebox();
+
+
+if ( $netsettings{'CONFIG_TYPE'} =~ /^(2|3|6|7)$/ && $netsettings{'RED_TYPE'} eq "DHCP") {
+
+ print "<a name='reddhcp'/>\n";
+ &Header::openbox('100%', 'left', "RED $Lang::tr{'dhcp configuration'}");
+ if (-s "${General::swroot}/dhcpc/dhcpcd-$netsettings{'RED_DEV'}.info") {
+
+ &General::readhash("${General::swroot}/dhcpc/dhcpcd-$netsettings{'RED_DEV'}.info", \%dhcpinfo);
+
+ my $DNS1=`echo $dhcpinfo{'DNS'} | cut -f 1 -d ,`;
+ my $DNS2=`echo $dhcpinfo{'DNS'} | cut -f 2 -d ,`;
+
+ my $lsetme=0;
+ my $leasetime="";
+ if ($dhcpinfo{'LEASETIME'} ne "") {
+ $lsetme=$dhcpinfo{'LEASETIME'};
+ $lsetme=($lsetme/60);
+ if ($lsetme > 59) {
+ $lsetme=($lsetme/60); $leasetime=$lsetme." Hour";
+ } else {
+ $leasetime=$lsetme." Minute";
+ }
+ if ($lsetme > 1) {
+ $leasetime=$leasetime."s";
+ }
+ }
+ my $rentme=0;
+ my $rnwltime="";
+ if ($dhcpinfo{'RENEWALTIME'} ne "") {
+ $rentme=$dhcpinfo{'RENEWALTIME'};
+ $rentme=($rentme/60);
+ if ($rentme > 59){
+ $rentme=($rentme/60); $rnwltime=$rentme." Hour";
+ } else {
+ $rnwltime=$rentme." Minute";
+ }
+ if ($rentme > 1){
+ $rnwltime=$rnwltime."s";
+ }
+ }
+ my $maxtme=0;
+ my $maxtime="";
+ if ($dhcpinfo{'REBINDTIME'} ne "") {
+ $maxtme=$dhcpinfo{'REBINDTIME'};
+ $maxtme=($maxtme/60);
+ if ($maxtme > 59){
+ $maxtme=($maxtme/60); $maxtime=$maxtme." Hour";
+ } else {
+ $maxtime=$maxtme." Minute";
+ }
+ if ($maxtme > 1) {
+ $maxtime=$maxtime."s";
+ }
+ }
+
+ print "<table width='100%'>";
+ if ($dhcpinfo{'HOSTNAME'}) {
+ print "<tr><td width='30%'>$Lang::tr{'hostname'}</td><td>$dhcpinfo{'HOSTNAME'}.$dhcpinfo{'DOMAIN'}</td></tr>\n";
+ } else {
+ print "<tr><td width='30%'>$Lang::tr{'domain'}</td><td>$dhcpinfo{'DOMAIN'}</td></tr>\n";
+ }
+ print <<END
+ <tr><td>$Lang::tr{'gateway'}</td><td>$dhcpinfo{'GATEWAY'}</td></tr>
+ <tr><td>$Lang::tr{'primary dns'}</td><td>$DNS1</td></tr>
+ <tr><td>$Lang::tr{'secondary dns'}</td><td>$DNS2</td></tr>
+ <tr><td>$Lang::tr{'dhcp server'}</td><td>$dhcpinfo{'DHCPSIADDR'}</td></tr>
+ <tr><td>$Lang::tr{'def lease time'}</td><td>$leasetime</td></tr>
+ <tr><td>$Lang::tr{'default renewal time'}</td><td>$rnwltime</td></tr>
+ <tr><td>$Lang::tr{'max renewal time'}</td><td>$maxtime</td></tr>
+ </table>
+END
+ ;
+ }
+ else
+ {
+ print "$Lang::tr{'no dhcp lease'}";
+ }
+ &Header::closebox();
+}
+
+if ($dhcpsettings{'ENABLE_GREEN'} eq 'on' || $dhcpsettings{'ENABLE_BLUE'} eq 'on') {
+
+ print "<a name='leases'/>";
+ &Header::CheckSortOrder;
+ &Header::PrintActualLeases;
+}
+
+&Header::openbox('100%', 'left', $Lang::tr{'routing table entries'});
+$output = `/sbin/route -n`;
$output = &Header::cleanhtml($output,"y");
print "<pre>$output</pre>\n";
&Header::closebox();
-&Header::openbox('100%', 'left', $Lang::tr{'loaded modules'});
-$output = qx+/bin/lsmod+;
-($output = &Header::cleanhtml($output,"y")) =~ s/\[.*\]//g;
-print "<pre>\n$output\n</pre>\n";
+&Header::openbox('100%', 'left', $Lang::tr{'arp table entries'});
+$output = `/sbin/arp -n`;
+$output = &Header::cleanhtml($output,"y");
+print "<pre>$output</pre>\n";
&Header::closebox();
-&Header::openbox('100%', 'left', $Lang::tr{'kernel version'});
-print "<pre>\n";
-print `/bin/uname -a`;
-print "</pre>\n";
+&Header::openbox('100%', 'left', $Lang::tr{'loaded modules'});
+my $module = qx(/bin/lsmod | awk -F" " '{print \$1}');
+my $size = qx(/bin/lsmod | awk -F" " '{print \$2}');
+my $used = qx(/bin/lsmod | awk -F" " '{print \$3}');
+my @usedby = qx(/bin/lsmod | awk -F" " '{print \$4}');
+my @usedbyf;
+my $usedbyline;
+
+foreach $usedbyline(@usedby)
+{
+my $laenge = length($usedbyline);
+
+if ( $laenge > 30)
+ {
+ my $usedbylinef=substr($usedbyline,0,30);
+ $usedbyline="$usedbylinef ...\n";
+ push(@usedbyf,$usedbyline);
+ }
+else
+ {push(@usedbyf,$usedbyline);}
+}
+print <<END
+<table cellspacing=25><tr>
+<td><pre>$module</pre></td>
+<td><pre>$size</pre></td>
+<td><pre>$used</pre></td>
+<td><pre>@usedbyf</pre></td>
+</tr></table>
+END
+;
+
+print "";
&Header::closebox();
&Header::closebigbox();
sub isrunning
{
- my $cmd = $_[0];
- my $status = "<td bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td>";
- my $pid = '';
- my $testcmd = '';
- my $exename;
+ my $cmd = $_[0];
+ my $status = "<td bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td>";
+ my $pid = '';
+ my $testcmd = '';
+ my $exename;
- $cmd =~ /(^[a-z]+)/;
- $exename = $1;
+ $cmd =~ /(^[a-z]+)/;
+ $exename = $1;
- if (open(FILE, "/var/run/${cmd}.pid"))
- {
- $pid = <FILE>; chomp $pid;
- close FILE;
- if (open(FILE, "/proc/${pid}/status"))
- {
- while (<FILE>)
- {
- if (/^Name:\W+(.*)/) {
- $testcmd = $1; }
- }
- close FILE;
- if ($testcmd =~ /$exename/)
- {
- $status = "<td bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
- }
- }
- }
+ if (open(FILE, "/var/run/${cmd}.pid"))
+ {
+ $pid = <FILE>; chomp $pid;
+ close FILE;
+ if (open(FILE, "/proc/${pid}/status"))
+ {
+ while (<FILE>)
+ {
+ if (/^Name:\W+(.*)/) {
+ $testcmd = $1; }
+ }
+ close FILE;
+ if ($testcmd =~ /$exename/)
+ {
+ $status = "<td bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
+ }
+ }
+ }
- return $status;
+ return $status;
}
sub percentbar
my %servicenames =
(
- 'UPnP Daemon' => 'upnpd',
+ 'UPnP Daemon' => 'upnpd',
);
&Header::showhttpheaders();
$upnpsettings{'DESCRIPTION'} = 'gatedesc.xml';
$upnpsettings{'XML'} = '/etc/linuxigd';
$upnpsettings{'ENABLED'} = 'off';
-$upnpsettings{'GREEN'} = 'on';
-$upnpsettings{'BLUE'} = 'off';
+$upnpsettings{'GREENi'} = 'on';
+$upnpsettings{'BLUEi'} = 'off';
+$upnpsettings{'REDi'} = 'off';
+$upnpsettings{'ORANGEi'} = 'off';
+$upnpsettings{'GREENe'} = 'off';
+$upnpsettings{'BLUEe'} = 'off';
+$upnpsettings{'REDe'} = 'on';
+$upnpsettings{'ORANGEe'} = 'off';
### Values that have to be initialized
$upnpsettings{'ACTION'} = '';
{
&General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
- open (FILE, ">${General::swroot}/upnp/upnpd.conf") or die "Can't save the upnp config: $!";
- flock (FILE, 2);
-
+ open (FILE, ">${General::swroot}/upnp/upnpd.conf") or die "Can't save the upnp config: $!";
+ flock (FILE, 2);
+
print FILE <<END
# UPnP Config by Ipfire Project
}
elsif ($upnpsettings{'ACTION'} eq 'Start')
{
- $upnpsettings{'ENABLED'} = 'on';
- &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
- system('/usr/local/bin/upnpctrl start');
-}
+ $upnpsettings{'ENABLED'} = 'on';
+ &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
+ system('/usr/local/bin/upnpctrl upnpdstart $netsettings{'RED_DEV'} $netsettings{'GREEN_DEV'}');
+}
elsif ($upnpsettings{'ACTION'} eq 'Stop')
{
- $upnpsettings{'ENABLED'} = 'off';
- &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
- system('/usr/local/bin/upnpctrl stop');
-}
+ $upnpsettings{'ENABLED'} = 'off';
+ &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
+ system('/usr/local/bin/upnpctrl upnpstop');
+}
elsif ($upnpsettings{'ACTION'} eq $Lang::tr{'restart'})
{
- &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
- system('/usr/local/bin/upnpctrl restart');
+ &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
+ system('/usr/local/bin/upnpctrl upnpstop');
+ system('/usr/local/bin/upnpctrl upnpstart $netsettings{'RED_DEV'} $netsettings{'GREEN_DEV'}');
}
&General::readhash("${General::swroot}/upnp/settings", \%upnpsettings);
if ($errormessage) {
- &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
- print "<class name='base'>$errormessage\n";
- print " </class>\n";
- &Header::closebox();
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<class name='base'>$errormessage\n";
+ print " </class>\n";
+ &Header::closebox();
}
-$checked{'GREEN'}{'on'} = '';
-$checked{'GREEN'}{'off'} = '';
-$checked{'GREEN'}{"$upnpsettings{'GREEN'}"} = 'checked';
-$checked{'BLUE'}{'on'} = '';
-$checked{'BLUE'}{'off'} = '';
-$checked{'BLUE'}{"$upnpsettings{'BLUE'}"} = 'checked';
+$checked{'GREENi'}{'on'} = '';
+$checked{'GREENi'}{'off'} = '';
+$checked{'GREENi'}{"$upnpsettings{'GREENi'}"} = 'checked';
+$checked{'BLUEi'}{'on'} = '';
+$checked{'BLUEi'}{'off'} = '';
+$checked{'BLUEi'}{"$upnpsettings{'BLUEi'}"} = 'checked';
+$checked{'REDi'}{'on'} = '';
+$checked{'REDi'}{'off'} = '';
+$checked{'REDi'}{"$upnpsettings{'REDi'}"} = 'checked';
+$checked{'ORANGEi'}{'on'} = '';
+$checked{'ORANGEi'}{'off'} = '';
+$checked{'ORANGEi'}{"$upnpsettings{'ORANGEi'}"} = 'checked';
+$checked{'GREENe'}{'on'} = '';
+$checked{'GREENe'}{'off'} = '';
+$checked{'GREENe'}{"$upnpsettings{'GREENe'}"} = 'checked';
+$checked{'BLUEe'}{'on'} = '';
+$checked{'BLUEe'}{'off'} = '';
+$checked{'BLUEe'}{"$upnpsettings{'BLUEe'}"} = 'checked';
+$checked{'REDe'}{'on'} = '';
+$checked{'REDe'}{'off'} = '';
+$checked{'REDe'}{"$upnpsettings{'REDe'}"} = 'checked';
+$checked{'ORANGEe'}{'on'} = '';
+$checked{'ORANGEe'}{'off'} = '';
+$checked{'ORANGEe'}{"$upnpsettings{'ORANGEe'}"} = 'checked';
############################################################################################################################
############################################################################################################################
&Header::openbox('100%', 'center', 'UPnP');
print <<END
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <table width='400' cellspacing='0'>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <table width='95%' cellspacing='0'>
END
;
- if ( $message ne "" ) {
- print "<tr><td colspan='3' align='center'><font color='red'>$message</font>";
- }
-
- my $lines = 0;
- my $key = '';
- foreach $key (sort keys %servicenames)
- {
- if ($lines % 2) {
- print "<tr bgcolor='${Header::table1colour}'>\n"; }
- else {
- print "<tr bgcolor='${Header::table2colour}'>\n"; }
- print "<td align='left'>$key\n";
- my $shortname = $servicenames{$key};
- my $status = &isrunning($shortname);
- print "$status\n";
- $lines++;
- }
- print <<END
- <tr><td><b>Alle Dienste:</b></td><td colspan='2'>
- <input type='submit' name='ACTION' value='Start' />
- <input type='submit' name='ACTION' value='Stop' />
- <input type='submit' name='ACTION' value='$Lang::tr{'restart'}' />
- </table>
- </form>
- <hr />
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <table width='500'>
- <tr><td colspan='2' align='left'><b>$Lang::tr{'options'}</b>
- <tr><td align='left'>$Lang::tr{'interfaces'}
- <td align='left'> <td><input type='checkbox' name='GREEN' $checked{'GREEN'}{'on'} /> <font size='2' color='$Header::colourgreen'><b>$Lang::tr{'green'} - $netsettings{'GREEN_DEV'}</b></font>
-END
-;
- if (&Header::blue_used()){
+ if ( $message ne "" ) {
+ print "<tr><td colspan='3' align='center'><font color='red'>$message</font>";
+ }
+
+ my $lines = 0;
+ my $key = '';
+ foreach $key (sort keys %servicenames)
+ {
+ if ($lines % 2) {
+ print "<tr bgcolor='${Header::table1colour}'>\n"; }
+ else {
+ print "<tr bgcolor='${Header::table2colour}'>\n"; }
+ print "<td align='left'>$key\n";
+ my $shortname = $servicenames{$key};
+ my $status = &isrunning($shortname);
+ print "$status\n";
+ $lines++;
+ }
print <<END
- <tr><td align='left'> <td><input type='checkbox' name='BLUE' $checked{'BLUE'}{'on'} /> <font size='2' color='$Header::colourblue'><b>$Lang::tr{'wireless'} - $netsettings{'BLUE_DEV'}</b></font>
+ <tr><td><b>Alle Dienste:</b></td><td colspan='2'>
+ <input type='submit' name='ACTION' value='Start' />
+ <input type='submit' name='ACTION' value='Stop' />
+ <input type='submit' name='ACTION' value='$Lang::tr{'restart'}' />
+ </table>
END
;
- }
- print <<END
- </table>
-
+#print <<END
+# <br></br>
+# <hr />
+# <br></br>
+#
+# <table width='95%'>
+# <tr><td colspan='2' align='left' bgcolor='${Header::table1colour}'><b>External Interface</b></td></tr>
+# <tr><td align='left'> </td><td><input type='radio' name='External' value='$netsettings{'RED_DEV'}' $checked{'REDe'}{'on'}><font size='2' color='$Header::colourred'><b>RED - $netsettings{'RED_DEV'}</b></font><br></br>
+# <input type='radio' name='External' value='$netsettings{'GREEN_DEV'}' $checked{'GREENe'}{'on'}><font size='2' color='$Header::colourgreen'><b>$Lang::tr{'green'} - $netsettings{'GREEN_DEV'}</b></font><br></br>
+#END
+#;
+# if (&Header::blue_used()){
+# print <<END
+# <input type='radio' name='External' value='$netsettings{'BLUE_DEV'}' $checked{'BLUEe'}{'on'}><font size='2' color='$Header::colourblue'><b>$Lang::tr{'wireless'} - $netsettings{'BLUE_DEV'}</b></font><br></br>
+#END
+#;
+# }
+# if (&Header::orange_used()){
+# print <<END
+# <input type='radio' name='External' value='$netsettings{'ORANGE_DEV'}' $checked{'ORANGEe'}{'on'}><font size='2' color='$Header::colourorange'><b>$Lang::tr{'dmz'} - $netsettings{'ORANGE_DEV'}</b></font><br></br>
+#END
+#;
+# }
+# print <<END
+# </td></tr>
+# <tr><td colspan='2' align='left'><br></br></td></tr>
+# <tr><td colspan='2' align='left' bgcolor='${Header::table1colour}'><b>Internal Interface</b></td></tr>
+# <tr><td align='left'> </td><td><input type='radio' name='Internal' value='$netsettings{'RED_DEV'}' $checked{'REDi'}{'on'}><font size='2' color='$Header::colourred'><b>RED - $netsettings{'RED_DEV'}</b></font><br></br>
+# <input type='radio' name='Internal' value='$netsettings{'GREEN_DEV'}' $checked{'GREENi'}{'on'}><font size='2' color='$Header::colourgreen'><b>$Lang::tr{'green'} - $netsettings{'GREEN_DEV'}</b></font><br></br>
+#END
+#;
+# if (&Header::blue_used()){
+# print <<END
+# <input type='radio' name='Internal' value='$netsettings{'BLUE_DEV'}' $checked{'BLUEi'}{'on'}><font size='2' color='$Header::colourblue'><b>$Lang::tr{'wireless'} - $netsettings{'BLUE_DEV'}</b></font><br></br>
+#END
+#;
+# }
+# if (&Header::orange_used()){
+# print <<END
+# <input type='radio' name='Internal' value='$netsettings{'ORANGE_DEV'}' $checked{'ORANGEi'}{'on'}><font size='2' color='$Header::colourorange'><b>$Lang::tr{'dmz'} - $netsettings{'ORANGE_DEV'}</b></font><br></br>
+#END
+#;
+# }
+# print <<END
+# </td></tr></table>
+print <<END
+</form>
+<br></br>
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='95%' cellspacing='0'>
+<tr><td colspan='2' align='left' bgcolor='${Header::table1colour}'><b>$Lang::tr{'options'}</b></td></tr>
+<tr><td colspan='2' align='left'><br></br></td></tr>
<tr><td align='left'>Debug Mode:</td><td><input type='text' name='DEBUGMODE' value='$upnpsettings{'DEBUGMODE'}' size="30"></input></td></tr>
<tr><td align='left'>Forward Rules:</td><td><input type='text' name='FORWARDRULES' value='$upnpsettings{'FORWARDRULES'}' size="30"></input></td></tr>
<tr><td align='left'>Forward Chain:</td><td><input type='text' name='FORWARDCHAIN' value='$upnpsettings{'FORWARDCHAIN'}' size="30"></input></td></tr>
<tr><td align='left'>Up Strean:</td><td><input type='text' name='UPSTREAM' value='$upnpsettings{'UPSTREAM'}' size="30"></input></td></tr>
<tr><td align='left'>Description Document:</td><td><input type='text' name='DESCRIPTION' value='$upnpsettings{'DESCRIPTION'}' size="30"></input></td></tr>
<tr><td align='left'>XML Document:</td><td><input type='text' name='XML' value='$upnpsettings{'XML'}' size="30"></input></td></tr>
+<tr><td colspan='2' align='left'><br></br></td></tr>
<tr><td colspan='2' align='center'><input type='submit' name='ACTION' value=$Lang::tr{'save'} />
</table></form>
<br></br>
sub isrunning
{
- my $cmd = $_[0];
- my $status = "<td bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td>";
- my $pid = '';
- my $testcmd = '';
- my $exename;
-
- $cmd =~ /(^[a-z]+)/;
- $exename = $1;
-
- if (open(FILE, "/var/run/${cmd}.pid"))
- {
- $pid = <FILE>; chomp $pid;
- close FILE;
- if (open(FILE, "/proc/${pid}/status"))
- {
- while (<FILE>)
- {
- if (/^Name:\W+(.*)/) {
- $testcmd = $1; }
- }
- close FILE;
- if ($testcmd =~ /$exename/)
- {
- $status = "<td bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
- }
- }
- }
-
- return $status;
-}
+ my $cmd = $_[0];
+ my $status = "<td bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td>";
+ my $pid = '';
+ my $testcmd = '';
+ my $exename;
+
+ $cmd =~ /(^[a-z]+)/;
+ $exename = $1;
+
+ if (open(FILE, "/var/run/${cmd}.pid"))
+ {
+ $pid = <FILE>; chomp $pid;
+ close FILE;
+ if (open(FILE, "/proc/${pid}/status"))
+ {
+ while (<FILE>)
+ {
+ if (/^Name:\W+(.*)/) {
+ $testcmd = $1; }
+ }
+ close FILE;
+ if ($testcmd =~ /$exename/)
+ {
+ $status = "<td bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
+ }
+ }
+ }
+
+ return $status;
+}
\ No newline at end of file
#!/usr/bin/perl
-#
-# This file is part of the IPCop Firewall.
-#
-# IPCop is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# IPCop is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with IPCop; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# Copyright (C) 2003-05-25 Mark Wormgoor <mark@wormgoor.com>
-#
-# $Id: vpnmain.cgi,v 1.10.2.104 2006/11/30 12:43:10 franck78 Exp $
-#
use Net::DNS;
use File::Copy;
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
$cgiparams{'ENABLED'} = 'off';
-$cgiparams{'ENABLED_GREEN'} = 'off';
-$cgiparams{'ENABLED_ORANGE'} = 'off';
-$cgiparams{'ENABLED_BLUE'} = 'off';
$cgiparams{'EDIT_ADVANCED'} = 'off';
$cgiparams{'ACTION'} = '';
$cgiparams{'CA_NAME'} = '';
### Just return true is one interface is vpn enabled
###
sub vpnenabled {
- return ($vpnsettings{'ENABLED'} eq 'on' ||
- $vpnsettings{'ENABLED_GREEN'} eq 'on' ||
- $vpnsettings{'ENABLED_ORANGE'} eq 'on' ||
- $vpnsettings{'ENABLED_BLUE'} eq 'on');
+ return ($vpnsettings{'ENABLED'} eq 'on');
}
###
### old version: maintain serial number to one, without explication.
### the side is always defined as 'left'.
### configihash[14]: 'VHOST' is allowed
###
-###Type=Net : GUI can choose to be left or right. This serve nothing in the conf!
-### interface is fixed to RED only. No special reason for this also.
-###
sub writeipsecfiles {
my %lconfighash = ();
print CONF "version 2\n\n";
print CONF "config setup\n";
#create an ipsec Interface for each 'enabled' ones
+ #loop trought configuration and add physical interfaces to the list
my $interfaces = "\tinterfaces=\"";
- $interfaces .= "%defaultroute " if ($lvpnsettings{'ENABLED'} eq 'on');
- $interfaces .= "ipsec1=$netsettings{'GREEN_DEV'} " if ($lvpnsettings{'ENABLED_GREEN'} eq 'on');
- $interfaces .= "ipsec2=$netsettings{'BLUE_DEV'} " if ($lvpnsettings{'ENABLED_BLUE'} eq 'on');
- $interfaces .= "ipsec3=$netsettings{'ORANGE_DEV'} " if ($lvpnsettings{'ENABLED_ORANGE'} eq 'on');
+ foreach my $key (keys %lconfighash) {
+ next if ($lconfighash{$key}[0] ne 'on');
+ $interfaces .= "%defaultroute " if ($interfaces !~ /defaultroute/ && $lconfighash{$key}[26] eq 'RED');
+ $interfaces .= "ipsec1=$netsettings{'GREEN_DEV'} " if ($interfaces !~ /ipsec1/ && $lconfighash{$key}[26] eq 'GREEN');
+ $interfaces .= "ipsec2=$netsettings{'BLUE_DEV'} " if ($interfaces !~ /ipsec2/ && $lconfighash{$key}[26] eq 'BLUE');
+ $interfaces .= "ipsec3=$netsettings{'ORANGE_DEV'} " if ($interfaces !~ /ipsec3/ && $lconfighash{$key}[26] eq 'ORANGE');
+ }
print CONF $interfaces . "\"\n";
my $plutodebug = ''; # build debug list
# deprecated in ipsec.conf version 2
#print CONF "\tplutoload=%search\n";
#print CONF "\tplutostart=%search\n";
- print CONF "\tplutoload=%search\n";
- print CONF "\tplutostart=%search\n";
print CONF "\tuniqueids=yes\n";
print CONF "\tnat_traversal=yes\n";
print CONF "\toverridemtu=$lvpnsettings{'VPN_OVERRIDE_MTU'}\n" if ($lvpnsettings{'VPN_OVERRIDE_MTU'} ne '');
#remote peer is not set? => use '%any'
$lconfighash{$key}[10] = '%any' if ($lconfighash{$key}[10] eq '');
- my ($L,$R); #Local & Remote sides
-
- print CONF "conn $lconfighash{$key}[1]\n";
- #always choose LEFT localside for roadwarrior
- if ($lconfighash{$key}[3] eq 'host' || $lconfighash{$key}[6] eq 'left') {
- $L = 'left';
- $R = 'right';
- } else {
- $R = 'left';
- $L = 'right';
- }
- print CONF "\t${L}=";
+ my $localside;
if ($lconfighash{$key}[26] eq 'BLUE') {
- print CONF "$netsettings{'BLUE_ADDRESS'}\n";
- } elsif ($lconfighash{$key}[26] eq 'ORANGE') {
- print CONF "$netsettings{'ORANGE_ADDRESS'}\n";
+ $localside = $netsettings{'BLUE_ADDRESS'};
} elsif ($lconfighash{$key}[26] eq 'GREEN') {
- print CONF "$netsettings{'GREEN_ADDRESS'}\n";
- } elsif ($lconfighash{$key}[26] eq 'RED') {
- print CONF "$lvpnsettings{'VPN_IP'}\n";
- print CONF "\t${L}nexthop=%defaultroute\n" if ($lvpnsettings{'VPN_IP'} ne '%defaultroute');
+ $localside = $netsettings{'GREEN_ADDRESS'};
+ } elsif ($lconfighash{$key}[26] eq 'ORANGE') {
+ $localside = $netsettings{'ORANGE_ADDRESS'};
+ } else { # it is RED
+ $localside = $lvpnsettings{'VPN_IP'};
}
- print CONF "\t${L}subnet=$lconfighash{$key}[8]\n";
- print CONF "\t${R}=$lconfighash{$key}[10]\n";
+ print CONF "conn $lconfighash{$key}[1] #$lconfighash{$key}[26]\n";
+ print CONF "\tleft=$localside\n";
+ print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute');
+ print CONF "\tleftsubnet=$lconfighash{$key}[8]\n";
+
+ print CONF "\tright=$lconfighash{$key}[10]\n";
if ($lconfighash{$key}[3] eq 'net') {
- print CONF "\t${R}subnet=$lconfighash{$key}[11]\n";
- print CONF "\t${R}nexthop=%defaultroute\n";
- } elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed?
+ print CONF "\trightsubnet=$lconfighash{$key}[11]\n";
+ print CONF "\trightnexthop=%defaultroute\n";
+ } elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors?
print CONF "\trightsubnet=vhost:%no,%priv\n";
}
# Local Cert and Remote Cert (unless auth is DN dn-auth)
if ($lconfighash{$key}[4] eq 'cert') {
- print CONF "\t${L}cert=${General::swroot}/certs/hostcert.pem\n";
- print CONF "\t${R}cert=${General::swroot}/certs/$lconfighash{$key}[1]cert.pem\n" if ($lconfighash{$key}[2] ne '%auth-dn');
+ print CONF "\tleftcert=${General::swroot}/certs/hostcert.pem\n";
+ print CONF "\trightcert=${General::swroot}/certs/$lconfighash{$key}[1]cert.pem\n" if ($lconfighash{$key}[2] ne '%auth-dn');
}
# Local and Remote IDs
- print CONF "\t${L}id=\"$lconfighash{$key}[7]\"\n" if ($lconfighash{$key}[7]);
- print CONF "\t${R}id=\"$lconfighash{$key}[9]\"\n" if ($lconfighash{$key}[9]);
+ print CONF "\tleftid=\"$lconfighash{$key}[7]\"\n" if ($lconfighash{$key}[7]);
+ print CONF "\trightid=\"$lconfighash{$key}[9]\"\n" if ($lconfighash{$key}[9]);
# Algorithms
if ($lconfighash{$key}[18] && $lconfighash{$key}[19] && $lconfighash{$key}[20]) {
# Build Authentication details: LEFTid RIGHTid : PSK psk
my $psk_line;
if ($lconfighash{$key}[4] eq 'psk') {
- my $localside;
- if ($lconfighash{$key}[26] eq 'BLUE') {
- $localside = $netsettings{'BLUE_ADDRESS'};
- } elsif ($lconfighash{$key}[26] eq 'GREEN') {
- $localside = $netsettings{'GREEN_ADDRESS'};
- } elsif ($lconfighash{$key}[26] eq 'ORANGE') {
- $localside = $netsettings{'ORANGE_ADDRESS'};
- } else { # it is RED
- $localside = $lvpnsettings{'VPN_IP'};
- }
$psk_line = ($lconfighash{$key}[7] ? $lconfighash{$key}[7] : $localside) . " " ;
$psk_line .= $lconfighash{$key}[9] ? $lconfighash{$key}[9] : $lconfighash{$key}[10]; #remoteid or remote address?
$psk_line .= " : PSK '$lconfighash{$key}[5]'\n";
}
map ($vpnsettings{$_} = $cgiparams{$_},
- ('ENABLED','ENABLED_GREEN','ENABLED_ORANGE','ENABLED_BLUE','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
+ ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
$vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
# Create empty CRL cannot be done because we don't have
# the private key for this CAROOT
- # Ipcop can only import certificates
+ # IPFire can only import certificates
&General::log("ipsec", "p12 import completed!");
&cleanssldatabase();
<table width='100%' border='0' cellspacing='1' cellpadding='0'>
<tr><td width='40%' class='base'>$Lang::tr{'organization name'}:</td>
<td width='60%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td></tr>
- <tr><td class='base'>$Lang::tr{'ipcops hostname'}:</td>
+ <tr><td class='base'>$Lang::tr{'IPFires hostname'}:</td>
<td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td></tr>
<tr><td class='base'>$Lang::tr{'your e-mail'}: <img src='/blob.gif' alt='*' /></td>
<td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td></tr>
&writeipsecfiles();
system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled);
} else {
+ system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
$confighash{$cgiparams{'KEY'}}[0] = 'off';
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
- system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
}
sleep $sleepDelay;
} else {
$cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
$cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
$cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
- $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
+ #$cgiparams{'free'} = $confighash{$cgiparams{'KEY'}}[6];
$cgiparams{'LOCAL_ID'} = $confighash{$cgiparams{'KEY'}}[7];
$cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
$cgiparams{'REMOTE_ID'} = $confighash{$cgiparams{'KEY'}}[9];
goto VPNCONF_ERROR;
}
- if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
- $errormessage = $Lang::tr{'ipcop side is invalid'};
- goto VPNCONF_ERROR;
- }
-
# Check if there is no other entry with this name
if (! $cgiparams{'KEY'}) { #only for add
foreach my $key (keys %confighash) {
) {
$errormessage = $Lang::tr{'invalid local-remote id'} . '<br />' .
'DER_ASN1_DN: @c=FR/ou=Paris/ou=Home/cn=*<br />' .
- 'FQDN: @ipcop.org<br />' .
- 'USER_FQDN: franck@ipcop.org<br />' .
+ 'FQDN: @ipfire.org<br />' .
+ 'USER_FQDN: info@ipfire.org<br />' .
'IPV4_ADDR: @123.123.123.123';
goto VPNCONF_ERROR;
}
$confighash{$key}[4] = 'cert';
}
if ($cgiparams{'TYPE'} eq 'net') {
- $confighash{$key}[6] = $cgiparams{'SIDE'};
$confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
}
$confighash{$key}[7] = $cgiparams{'LOCAL_ID'};
$confighash{$key}[14] = $cgiparams{'VHOST'};
#free unused fields!
+ $confighash{$key}[6] = 'off';
$confighash{$key}[15] = 'off';
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
goto VPNCONF_END;
} else { # add new connection
$cgiparams{'ENABLED'} = 'on';
- $cgiparams{'SIDE'} = 'left';
if ( ! -f "${General::swroot}/private/cakey.pem" ) {
$cgiparams{'AUTH'} = 'psk';
} elsif ( ! -f "${General::swroot}/ca/cacert.pem") {
$checked{'ENABLED'}{'off'} = '';
$checked{'ENABLED'}{'on'} = '';
$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
- $checked{'ENABLED_GREEN'}{'off'} = '';
- $checked{'ENABLED_GREEN'}{'on'} = '';
- $checked{'ENABLED_GREEN'}{$cgiparams{'ENABLED_GREEN'}} = "checked='checked'";
- $checked{'ENABLED_ORANGE'}{'off'} = '';
- $checked{'ENABLED_ORANGE'}{'on'} = '';
- $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = "checked='checked'";
- $checked{'ENABLED_BLUE'}{'off'} = '';
- $checked{'ENABLED_BLUE'}{'on'} = '';
- $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = "checked='checked'";
$checked{'EDIT_ADVANCED'}{'off'} = '';
$checked{'EDIT_ADVANCED'}{'on'} = '';
$checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = "checked='checked'";
- $selected{'SIDE'}{'left'} = '';
- $selected{'SIDE'}{'right'} = '';
- $selected{'SIDE'}{$cgiparams{'SIDE'}} = "selected='selected'";
-
$checked{'AUTH'}{'psk'} = '';
$checked{'AUTH'}{'certreq'} = '';
$checked{'AUTH'}{'certgen'} = '';
print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' size='30' /></td>";
}
print "<td>$Lang::tr{'enabled'}</td><td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td></tr>";
+ print '</tr><td><br /></td><tr>';
+ my $disabled;
+ my $blob;
if ($cgiparams{'TYPE'} eq 'host') {
-
- print "<tr><td>$Lang::tr{'interface'}</td>";
- print "<td><select name='INTERFACE'>";
- print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
- print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>" if ($netsettings{'BLUE_DEV'} ne '');
- print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
-# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
- print "</select></td></tr>";
- print <<END
- <tr><td class='boldbase'>$Lang::tr{'local subnet'}</td>
- <td><input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' /></td>
- <td colspan='2'> </td>
- </tr><tr>
- <td class='boldbase'>$Lang::tr{'remote host/ip'}: <img src='/blob.gif' alt='*' /></td>
+ $disabled = "disabled='disabled'";
+ $blob = "<img src='/blob.gif' alt='*' />";
+ };
+
+ print "<tr><td>$Lang::tr{'host ip'}:</td>";
+ print "<td><select name='INTERFACE'>";
+ print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED ($vpnsettings{'VPN_IP'})</option>";
+ print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN ($netsettings{'GREEN_ADDRESS'})</option>";
+ print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE ($netsettings{'BLUE_ADDRESS'})</option>" if ($netsettings{'BLUE_DEV'} ne '');
+ print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE ($netsettings{'ORANGE_ADDRESS'})</option>" if ($netsettings{'ORANGE_DEV'} ne '');
+ print "</select></td>";
+ print <<END
+ <td class='boldbase'>$Lang::tr{'remote host/ip'}: $blob</td>
<td><input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size='30' /></td>
- <td colspan='2'> </td>
- </tr>
-END
- ;
- } else {
- print <<END
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ipcop side'}
- <input type='hidden' name='INTERFACE' value='RED' /></td>
- <td><select name='SIDE'><option value='left' $selected{'SIDE'}{'left'}>left</option>
- <option value='right' $selected{'SIDE'}{'right'}>right</option></select></td>
- <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
- <td><input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size ='30' /></td>
</tr><tr>
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
<td><input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' /></td>
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
- <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' /></td>
- </tr>
-END
- ;
- }
- print <<END
- <tr>
- <td>$Lang::tr{'dpd action'}:</td>
- <td><select name='DPD_ACTION'>
- <option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
- <option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option>
- <option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option>
- </select> <a href='http://www.openswan.com/docs/local/README.DPD'>?</a>
- </td>
- </tr><tr>
+ <td><input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' /></td>
+ </tr><tr>
+ <td class='boldbase'>$Lang::tr{'vpn local id'}: <img src='/blob.gif' alt='*' />
+ <br />($Lang::tr{'eg'} <tt>@xy.example.com</tt>)</td>
+ <td><input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' /></td>
+ <td class='boldbase'>$Lang::tr{'vpn remote id'}: <img src='/blob.gif' alt='*' /></td>
+ <td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td>
+ </tr><tr>
+ </tr><td><br /></td><tr>
+ <td>$Lang::tr{'dpd action'}:</td>
+ <td><select name='DPD_ACTION'>
+ <option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
+ <option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option>
+ <option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option>
+ </select> <a href='http://www.openswan.com/docs/local/README.DPD'>?</a>
+ </td>
+ </tr><tr>
<!--http://www.openswan.com/docs/local/README.DPD
http://bugs.xelerance.com/view.php?id=156
restart = clear + reinitiate connection
-->
- <td><b>$Lang::tr{'options'}</b></td>
- </tr><tr>
- <td class='boldbase'>$Lang::tr{'vpn local id'}: <img src='/blob.gif' alt='*' />
- <br />($Lang::tr{'eg'} <tt>@xy.example.com</tt>)</td>
- <td><input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' /></td>
- <td class='boldbase'>$Lang::tr{'vpn remote id'}: <img src='/blob.gif' alt='*' /></td>
- <td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td>
- </tr><tr>
- <td class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></td>
- <td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td>
- </tr>
+ <td class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></td>
+ <td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td>
+ </tr>
END
;
if (!$cgiparams{'KEY'}) {
$cgiparams{'VPN_DELAYED_START'} = 0 if (! defined ($cgiparams{'VPN_DELAYED_START'}));
$checked{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'} eq 'on' ? "checked='checked'" : '' ;
map ($checked{$_} = $cgiparams{$_} eq 'on' ? "checked='checked'" : '',
- ('ENABLED','ENABLED_GREEN','ENABLED_ORANGE','ENABLED_BLUE','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
+ ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
}
&Header::openbox('100%', 'left', $Lang::tr{'global settings'});
- my $checkbox="";
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<tr>
- <td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'local vpn hostname/ip'}:</td>
+ <td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'vpn red name'}:</td>
<td width='20%'><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' /></td>
<td width='20%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'} /></td>
- <td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'vpn on green'}:</td>
- <td width='20%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED_GREEN' $checked{'ENABLED_GREEN'} /></td>
</tr>
END
;
- if ($netsettings{'ORANGE_DEV'} ne '') {
- $checkbox=<<END
- <td class='base' nowrap='nowrap'>$Lang::tr{'vpn on orange'}:</td>
- <td class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'} /></td>
-END
- ;}
-
print <<END
<tr>
<td class='base' nowrap='nowrap'>$Lang::tr{'override mtu'}: <img src='/blob.gif' alt='*' /></td>
<td ><input type='text' name='VPN_OVERRIDE_MTU' value='$cgiparams{'VPN_OVERRIDE_MTU'}' /></td>
- <td></td>
- $checkbox
</tr>
END
;
- if ($netsettings{'BLUE_DEV'} ne '') {
- $checkbox=<<END
- <td class='base' nowrap='nowrap'>$Lang::tr{'vpn on blue'}:</td>
- <td class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED_BLUE' $checked{'ENABLED_BLUE'} /></td>
-END
- ;}
print <<END
<tr>
<td class='base' nowrap='nowrap'>$Lang::tr{'vpn delayed start'}: <img src='/blob.gif' alt='*' /><img src='/blob.gif' alt='*' /></td>
<td ><input type='text' name='VPN_DELAYED_START' value='$cgiparams{'VPN_DELAYED_START'}' /></td>
- <td></td>
- $checkbox
</tr>
</table>
<p>$Lang::tr{'vpn watch'}:<input type='checkbox' name='VPN_WATCH' $checked{'VPN_WATCH'} /></p>
;
print "</form>";
&Header::closebox();
- undef ($checkbox);
&Header::openbox('100%', 'left', $Lang::tr{'connection status and controlc'});
print <<END
print "<td align='left'> </td>";
}
print "<td align='center'>$confighash{$key}[25]</td>";
+ # get real state
my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
- if ($confighash{$key}[0] eq 'off') {
- $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
- } else {
- foreach my $line (@status) {
- if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) {
- $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
- }
+ foreach my $line (@status) {
+ if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) {
+ $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
}
}
+ # move to blueif really down
+ if ($confighash{$key}[0] eq 'off' && $active =~ /${Header::colourred}/ ) {
+ $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
+ }
print <<END
<td align='center'>$active</td>
<td align='center'>
END
;
}
-
+
+ my $rowcolor = 0;
if (keys %cahash > 0) {
- foreach my $key (keys %cahash) {
- if (($key + 1) % 2) {
- print "<tr bgcolor='${Header::table1colour}'>\n";
- } else {
- print "<tr bgcolor='${Header::table2colour}'>\n";
- }
+ foreach my $key (keys %cahash) {
+ if ($rowcolor++ % 2) {
+ print "<tr bgcolor='${Header::table1colour}'>\n";
+ } else {
+ print "<tr bgcolor='${Header::table2colour}'>\n";
+ }
print "<td class='base'>$cahash{$key}[0]</td>\n";
print "<td class='base'>$cahash{$key}[1]</td>\n";
print <<END
END
;
&Header::closebox();
-
- print "$Lang::tr{'this feature has been sponsored by'} : ";
- print "<a href='http://www.seminolegas.com/' target='_blank'>Seminole Canada Gas Company</a>.\n";
-
&Header::closebigbox();
&Header::closepage();
include Config
-VER = 1.3.7
+VER = 1.3.5
THISAPP = iptables-$(VER)
DL_FILE = $(THISAPP).tar.bz2
libnfnetlink-0.0.25.tar.bz2 = $(URL_IPFIRE)/libnfnetlink-0.0.25.tar.bz2
libnetfilter_queue-0.0.13.tar.bz2 = $(URL_IPFIRE)/libnetfilter_queue-0.0.13.tar.bz2
-$(DL_FILE)_MD5 = dd965bdacbb86ce2a6498829fddda6b7
+$(DL_FILE)_MD5 = 00fb916fa8040ca992a5ace56d905ea5
netfilter-layer7-v2.9.tar.gz_MD5 = ebf9043a5352ebe6dbd721989ef83dee
libnfnetlink-0.0.25.tar.bz2_MD5 = fc915a2e66d282e524af6ef939042d7d
libnetfilter_queue-0.0.13.tar.bz2_MD5 = 660cbfd3dc8c10bf9b1803cd2b688256
objects =$(DL_FILE) \
mISDN-CVS-2007-01-26.tar.bz2 \
squashfs3.2-r2.tar.gz \
- iptables-1.3.7.tar.bz2 \
+ iptables-1.3.5.tar.bz2 \
patch-o-matic-ng-20061210.tar.bz2 \
netfilter-layer7-v2.9.tar.gz \
patch-2.6.16-nath323-1.3.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
patch-o-matic-ng-20061210.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20061210.tar.bz2
-iptables-1.3.7.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.7.tar.bz2
+iptables-1.3.5.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.5.tar.bz2
netfilter-layer7-v2.9.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.9.tar.gz
patch-2.6.16-nath323-1.3.bz2 = $(URL_IPFIRE)/patch-2.6.16-nath323-1.3.bz2
squashfs3.2-r2.tar.gz = $(URL_IPFIRE)/squashfs3.2-r2.tar.gz
$(DL_FILE)_MD5 = 87e998bb87839b962702815dd5aecc73
patch-o-matic-ng-20061210.tar.bz2_MD5 = 76edac76301b45f89e467b41c8cf4393
-iptables-1.3.7.tar.bz2_MD5 = dd965bdacbb86ce2a6498829fddda6b7
+iptables-1.3.5.tar.bz2_MD5 = 00fb916fa8040ca992a5ace56d905ea5
netfilter-layer7-v2.9.tar.gz_MD5 = ebf9043a5352ebe6dbd721989ef83dee
patch-2.6.16-nath323-1.3.bz2_MD5 = f926409ff703a307baf54b57ab75d138
squashfs3.2-r2.tar.gz_MD5 = bf360b92eba9e6d5610196ce2e02fcd1
# Patch-o-matic
cd $(DIR_SRC) && rm -rf iptables-* patch-o-matic*
- cd $(DIR_SRC) && tar xfj $(DIR_DL)/iptables-1.3.7.tar.bz2
- cd $(DIR_SRC) && ln -sf iptables-1.3.7 iptables
+ cd $(DIR_SRC) && tar xfj $(DIR_DL)/iptables-1.3.5.tar.bz2
+ cd $(DIR_SRC) && ln -sf iptables-1.3.5 iptables
cd $(DIR_SRC) && tar xfj $(DIR_DL)/patch-o-matic-ng-20061210.tar.bz2
cd $(DIR_SRC)/patch-o-matic-ng* && \
./runme --batch --kernel-path=$(ROOT)/usr/src/$(THISAPP)/ \
ifeq "$(SMP)" ""
# Only do this once on the non-SMP pass
- cd $(DIR_SRC) && tar czf $(DIR_DL)/iptables-fixed.tar.gz iptables-1.3.7
+ cd $(DIR_SRC) && tar czf $(DIR_DL)/iptables-fixed.tar.gz iptables-1.3.5
endif
# Bootsplash
# Accept everything connected
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+ # trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
+ /sbin/iptables -N IPSECVIRTUAL
+ /sbin/iptables -N OPENSSLVIRTUAL
+ /sbin/iptables -A INPUT -j IPSECVIRTUAL
+ /sbin/iptables -A INPUT -j OPENSSLVIRTUAL
+ /sbin/iptables -A FORWARD -j IPSECVIRTUAL
+ /sbin/iptables -A FORWARD -j OPENSSLVIRTUAL
# localhost and ethernet.
/sbin/iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
# we end up with orange -> orange traffic passing through IPFire
[ "$ORANGE_DEV" != "" ] && /sbin/iptables -A FORWARD -i $ORANGE_DEV -o $ORANGE_DEV -m state --state NEW -j ACCEPT
- # accept all traffic from ipsec interfaces
- /sbin/iptables -A INPUT -i ipsec+ -j ACCEPT
- /sbin/iptables -A FORWARD -i ipsec+ -j ACCEPT
-
# allow DHCP on BLUE to be turned on/off
/sbin/iptables -N DHCPBLUEINPUT
/sbin/iptables -A INPUT -j DHCPBLUEINPUT
- # IPSec chains
- /sbin/iptables -N IPSECRED
- /sbin/iptables -A INPUT -j IPSECRED
- /sbin/iptables -N IPSECBLUE
- /sbin/iptables -A INPUT -j IPSECBLUE
+ # IPSec
+ /sbin/iptables -N IPSECPHYSICAL
+ /sbin/iptables -A INPUT -j IPSECPHYSICAL
+
+ # OPenSSL
+ /sbin/iptables -N OPENSSLPHYSICAL
+ /sbin/iptables -A INPUT -j OPENSSLPHYSICAL
# WIRELESS chains
/sbin/iptables -N WIRELESSINPUT
if (strlen(driver) > 1) {
fprintf(flog, "Fixing up ipfirerd.img\n");
mkdir("/harddisk/initrd", S_IRWXU|S_IRWXG|S_IRWXO);
- snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitrd -v --with=scsi_mod %s --with=sd_mod --with=sr_mod /boot/ipfirerd.img %s-ipfire", driver, KERNEL_VERSION);
+ snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitrd --with=scsi_mod %s --with=sd_mod --with=sr_mod /boot/ipfirerd.img %s-ipfire", driver, KERNEL_VERSION);
runcommandwithstatus(commandstring, ctr[TR_BUILDING_INITRD]);
- snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitrd -v --with=scsi_mod %s --with=sd_mod --with=sr_mod /boot/ipfirerd-smp.img %s-ipfire-smp", driver, KERNEL_VERSION);
+ snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitrd --with=scsi_mod %s --with=sd_mod --with=sr_mod /boot/ipfirerd-smp.img %s-ipfire-smp", driver, KERNEL_VERSION);
runcommandwithstatus(commandstring, ctr[TR_BUILDING_INITRD]);
mysystem("/sbin/chroot /harddisk /bin/mv /boot/grub/scsigrub.conf /boot/grub/grub.conf");
}
restartapplejuice setdate rebuildhosts \
restartsyslogd logwatch openvpnctrl timecheckctrl \
restartwireless getipstat qosctrl launch-ether-wake \
- redctrl extrahdctrl sambactrl
+ redctrl extrahdctrl sambactrl upnpctrl
install : all
install -m 755 $(PROGS) /usr/local/bin
extrahdctrl: extrahdctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ extrahdctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
+
+upnpctrl: upnpctrl.c setuid.o ../install+setup/libsmooth/varval.o
+ $(COMPILE) -I../install+setup/libsmooth/ upnpctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
sambactrl: sambactrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ sambactrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
* File originally from the Smoothwall project
* (c) 2001 Smoothwall Team
*
- * $Id: ipsecctrl.c,v 1.5.2.14 2005/05/15 12:58:28 rkerr Exp $
- *
*/
#include "libsmooth.h"
#include <signal.h>
#include "setuid.h"
+/*
+ This module is responsible for start stop of the vpn system.
+
+ 1) it allows AH & ESP to get in from interface where a vpn is mounted
+ The NAT traversal is used on the udp 4500 port.
+
+ 2) it starts the ipsec daemon
+ The RED interface is a problem because it can be up or down a startup.
+ Then, the state change and it must not affect other VPN mounted on
+ other interface.
+ Unfortunatly, openswan 1 cannot do that correctly. It cannot use an
+ interface without restarting everything.
+
+ IPCop should control vpn this way:
+
+ rc.netaddrsesup.up
+ call ipsecctrl once to start vpns on all interface
+ RED based vpn won't start because "auto=ignore" instead off "auto=start"
+
+ rc.updatered
+ call ipsectrl to turn on or off vpn based on RED
+
+ but now it is only:
+
+ rc.updatered
+ call ipsectrl S at every event on RED.
+ Consequence: BLUE vpn is not started until RED goes up.
+
+
+*/
+
+#define phystable "IPSECPHYSICAL"
+#define virtualtable "IPSECVIRTUAL"
+
void usage() {
fprintf (stderr, "Usage:\n");
fprintf (stderr, "\tipsecctrl S [connectionkey]\n");
fprintf (stderr, "\t\tR : Reload Certificates and Secrets\n");
}
-void loadalgmodules() {
+void load_modules() {
safe_system("/sbin/modprobe ipsec");
}
-void ipsecrules(char *chain, char *interface)
-{
+/*
+ ACCEPT the ipsec protocol ah, esp & udp (for nat traversal) on the specified interface
+*/
+void open_physical (char *interface, int nat_traversal_port) {
char str[STRING_SIZE];
- sprintf(str, "/sbin/iptables -A %s -p 47 -i %s -j ACCEPT", chain, interface);
+ // GRE ???
+ sprintf(str, "/sbin/iptables -A " phystable " -p 47 -i %s -j ACCEPT", interface);
safe_system(str);
- sprintf(str, "/sbin/iptables -A %s -p 50 -i %s -j ACCEPT", chain, interface);
+ // ESP
+ sprintf(str, "/sbin/iptables -A " phystable " -p 50 -i %s -j ACCEPT", interface);
safe_system(str);
- sprintf(str, "/sbin/iptables -A %s -p 51 -i %s -j ACCEPT", chain, interface);
+ // AH
+ sprintf(str, "/sbin/iptables -A " phystable " -p 51 -i %s -j ACCEPT", interface);
safe_system(str);
- sprintf(str, "/sbin/iptables -A %s -p udp -i %s --sport 500 --dport 500 -j ACCEPT", chain, interface);
+ // IKE
+ sprintf(str, "/sbin/iptables -A " phystable " -p udp -i %s --sport 500 --dport 500 -j ACCEPT", interface);
safe_system(str);
- sprintf(str, "/sbin/iptables -A %s -p udp -i %s --dport 4500 -j ACCEPT", chain, interface);
+
+ if (! nat_traversal_port)
+ return;
+
+ sprintf(str, "/sbin/iptables -A " phystable " -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
safe_system(str);
}
-void addaliasinterfaces(char *configtype, char *redtype, char *redif, char *enablered, char*enableblue)
+/*
+ Basic control for what can flow from/to ipsecX interfaces.
+
+ rc.firewall call this chain just before ACCEPTing everything
+ from green (-i DEV_GREEN -j ACCEPT).
+*/
+void open_virtual (void) {
+ // allow anything from any ipsec to go on all interface, including other ipsec
+ safe_system("/sbin/iptables -A " virtualtable " -i ipsec+ -j ACCEPT");
+ //todo: BOT extension?; allowing ipsec0<<==port-list-filter==>>GREEN ?
+}
+
+void ipsec_norules() {
+ /* clear input rules */
+ safe_system("/sbin/iptables -F " phystable);
+ safe_system("/sbin/iptables -F " virtualtable);
+
+ // unmap red alias ????
+}
+
+
+void add_alias_interfaces(char *configtype,
+ char *redtype,
+ char *redif,
+ int offset) //reserve room for ipsec0=red, ipsec1=green, ipsec2=orange,ipsec3=blue
{
FILE *file = NULL;
char s[STRING_SIZE];
- char *sptr;
- char *aliasip=NULL;
- char *enabled=NULL;
- char *comment=NULL;
- int count=0;
int alias=0;
- int add=0;
- if ( strcmp(enablered, "on") == 0 )
- add += 1;
- if ( strcmp(enableblue, "on") == 0 )
- add += 1;
-
/* Check for CONFIG_TYPE=2 or 3 i.e. RED ethernet present. If not,
* exit gracefully. This is not an error... */
if (!((strcmp(configtype, "2")==0) || (strcmp(configtype, "3")==0) || (strcmp(configtype, "6")==0) || (strcmp(configtype, "7")==0)))
fprintf(stderr, "Unable to open aliases configuration file\n");
return;
}
-
- while (fgets(s, STRING_SIZE, file) != NULL && (add+alias) < 16)
+ while (fgets(s, STRING_SIZE, file) != NULL && (offset+alias) < 16 )
{
if (s[strlen(s) - 1] == '\n')
s[strlen(s) - 1] = '\0';
- sptr = strtok(s, ",");
- count = 0;
- aliasip = NULL;
- enabled = NULL;
- comment = NULL;
+ int count = 0;
+ char *aliasip=NULL;
+ char *enabled=NULL;
+ char *comment=NULL;
+ char *sptr = strtok(s, ",");
while (sptr)
{
if (count == 0)
if (strcmp(enabled, "on") == 0)
{
memset(s, 0, STRING_SIZE);
- snprintf(s, STRING_SIZE-1, "/usr/sbin/ipsec tncfg --attach --virtual ipsec%d --physical %s:%d >/dev/null", alias+add, redif, alias);
+ snprintf(s, STRING_SIZE-1, "/usr/sbin/ipsec tncfg --attach --virtual ipsec%d --physical %s:%d >/dev/null", offset+alias, redif, alias);
safe_system(s);
alias++;
}
}
}
+/*
+ return values from the vpn config file or false if not 'on'
+*/
+int decode_line (char *s,
+ char **key,
+ char **name,
+ char **type,
+ char **interface
+ ) {
+ int count = 0;
+ *key = NULL;
+ *name = NULL;
+ *type = NULL;
+
+ if (s[strlen(s) - 1] == '\n')
+ s[strlen(s) - 1] = '\0';
+
+ char *result = strsep(&s, ",");
+ while (result) {
+ if (count == 0)
+ *key = result;
+ if ((count == 1) && strcmp(result, "on") != 0)
+ return 0; // a disabled line
+ if (count == 2)
+ *name = result;
+ if (count == 4)
+ *type = result;
+ if (count == 27)
+ *interface = result;
+ count++;
+ result = strsep(&s, ",");
+ }
+
+ // check other syntax
+ if (! *name)
+ return 0;
+
+ if (strspn(*name, LETTERS_NUMBERS) != strlen(*name)) {
+ fprintf(stderr, "Bad connection name: %s\n", *name);
+ return 0;
+ }
+
+ if (! (strcmp(*type, "host") == 0 || strcmp(*type, "net") == 0)) {
+ fprintf(stderr, "Bad connection type: %s\n", *type);
+ return 0;
+ }
+
+ if (! (strcmp(*interface, "RED") == 0 || strcmp(*interface, "GREEN") == 0 ||
+ strcmp(*interface, "ORANGE") == 0 || strcmp(*interface, "BLUE") == 0)) {
+ fprintf(stderr, "Bad interface name: %s\n", *interface);
+ return 0;
+ }
+ //it's a valid & active line
+ return 1;
+}
+
+/*
+ issue ipsec commmands to turn on connection 'name'
+*/
+void turn_connection_on (char *name, char *type) {
+ char command[STRING_SIZE];
+
+ safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
+ memset(command, 0, STRING_SIZE);
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/ipsec auto --replace %s >/dev/null", name);
+ safe_system(command);
+ if (strcmp(type, "net") == 0) {
+ memset(command, 0, STRING_SIZE);
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/ipsec auto --asynchronous --up %s >/dev/null", name);
+ safe_system(command);
+ }
+}
+/*
+ issue ipsec commmands to turn off connection 'name'
+*/
+void turn_connection_off (char *name) {
+ char command[STRING_SIZE];
+
+ memset(command, 0, STRING_SIZE);
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/ipsec auto --down %s >/dev/null", name);
+ safe_system(command);
+ memset(command, 0, STRING_SIZE);
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/ipsec auto --delete %s >/dev/null", name);
+ safe_system(command);
+ safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
+}
+
+
int main(int argc, char *argv[]) {
- int count;
- char s[STRING_SIZE];
+
char configtype[STRING_SIZE];
char redtype[STRING_SIZE] = "";
- char command[STRING_SIZE];
- char *result;
- char *key;
- char *enabled;
- char *name;
- char *type;
- char *running;
- FILE *file = NULL;
struct keyvalue *kv = NULL;
- char enablered[STRING_SIZE] = "off";
- char enableblue[STRING_SIZE] = "off";
- char redif[STRING_SIZE] = "";;
- char blueif[STRING_SIZE] = "";
- FILE *ifacefile = NULL;
- if (!(initsetuid()))
- exit(1);
-
if (argc < 2) {
usage();
exit(1);
}
+ if (!(initsetuid()))
+ exit(1);
/* FIXME: workaround for pclose() issue - still no real idea why
* this is happening */
signal(SIGCHLD, SIG_DFL);
- /* Init the keyvalue structure */
- kv=initkeyvalues();
+ /* handle operations that doesn't need start the ipsec system */
+ if (argc == 2) {
+ if (strcmp(argv[1], "D") == 0) {
+ safe_system("/usr/local/bin/vpn-watch --stop");
+ ipsec_norules();
+ /* Only shutdown pluto if it really is running */
+ int fd;
+ /* Get pluto pid */
+ if ((fd = open("/var/run/pluto.pid", O_RDONLY)) != -1) {
+ safe_system("/etc/rc.d/ipsec stop 2> /dev/null >/dev/null");
+ close(fd);
+ }
+ exit(0);
+ }
- /* Read in the current values */
+ if (strcmp(argv[1], "R") == 0) {
+ safe_system("/usr/sbin/ipsec auto --rereadall");
+ exit(0);
+ }
+ }
+
+ /* stop the watch script as soon as possible */
+ safe_system("/usr/local/bin/vpn-watch --stop");
+
+ /* clear iptables vpn rules */
+ ipsec_norules();
+
+ /* read vpn config */
+ kv=initkeyvalues();
if (!readkeyvalues(kv, CONFIG_ROOT "/vpn/settings"))
{
fprintf(stderr, "Cannot read vpn settings\n");
exit(1);
}
- findkey(kv, "ENABLED", enablered);
- findkey(kv, "ENABLED_BLUE", enableblue);
+ /* check is the vpn system is enabled */
+ {
+ char s[STRING_SIZE];
+ findkey(kv, "ENABLED", s);
+ freekeyvalues(kv);
+ if (strcmp (s, "on") != 0)
+ exit(0);
+ }
- freekeyvalues(kv);
+ /* read interface settings */
kv=initkeyvalues();
-
if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
{
fprintf(stderr, "Cannot read ethernet settings\n");
exit(1);
}
-
if (!findkey(kv, "CONFIG_TYPE", configtype))
{
fprintf(stderr, "Cannot read CONFIG_TYPE\n");
exit(1);
}
-
findkey(kv, "RED_TYPE", redtype);
- findkey(kv, "BLUE_DEV", blueif);
- freekeyvalues(kv);
- memset(redif, 0, STRING_SIZE);
-
- if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))
- {
- if (fgets(redif, STRING_SIZE, ifacefile))
- {
- if (redif[strlen(redif) - 1] == '\n')
- redif[strlen(redif) - 1] = '\0';
- }
- fclose (ifacefile);
- ifacefile = NULL;
- if (!VALID_DEVICE(redif))
- {
- memset(redif, 0, STRING_SIZE);
- }
- }
- safe_system("/sbin/iptables -F IPSECRED");
- if (!strcmp(enablered, "on") && strlen(redif)) {
- ipsecrules("IPSECRED", redif);
- }
+ /* Loop through the config file to find physical interface that will accept IPSEC */
+ int enable_red=0; // states 0: not used
+ int enable_green=0; // 1: error condition
+ int enable_orange=0; // 2: good
+ int enable_blue=0;
+ char if_red[STRING_SIZE] = "";
+ char if_green[STRING_SIZE] = "";
+ char if_orange[STRING_SIZE] = "";
+ char if_blue[STRING_SIZE] = "";
+ char s[STRING_SIZE];
+ FILE *file = NULL;
- safe_system("/sbin/iptables -F IPSECBLUE");
- if (!strcmp(enableblue, "on")) {
- if (VALID_DEVICE(blueif))
- ipsecrules("IPSECBLUE", blueif);
- else
- {
- fprintf(stderr, "IPSec enabled on blue but blue interface is invalid or not found\n");
- exit(1);
- }
+ if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
+ fprintf(stderr, "Couldn't open vpn settings file");
+ exit(1);
}
+ while (fgets(s, STRING_SIZE, file) != NULL) {
+ char *key;
+ char *name;
+ char *type;
+ char *interface;
+ if (!decode_line(s,&key,&name,&type,&interface))
+ continue;
+ /* search interface */
+ if (!enable_red && strcmp (interface, "RED") == 0) {
+ // when RED is up, find interface name in special file
+ FILE *ifacefile = NULL;
+ if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r"))) {
+ if (fgets(if_red, STRING_SIZE, ifacefile)) {
+ if (if_red[strlen(if_red) - 1] == '\n')
+ if_red[strlen(if_red) - 1] = '\0';
+ }
+ fclose (ifacefile);
- /* Only shutdown pluto if it really is running */
- if (argc == 2) {
- if (strcmp(argv[1], "D") == 0) {
- int fd;
- /* Get pluto pid */
- if ((fd = open("/var/run/pluto.pid", O_RDONLY)) != -1) {
- safe_system("/etc/rc.d/init.d/ipsec stop 2> /dev/null >/dev/null");
- close(fd);
+ if (VALID_DEVICE(if_red))
+ enable_red+=2; // present and running
}
}
- }
-
- if ((strcmp(enablered, "on") || !strlen(redif)) && strcmp(enableblue, "on"))
- exit(0);
- if (argc == 2) {
- if (strcmp(argv[1], "S") == 0) {
- loadalgmodules();
- safe_system("/usr/sbin/ipsec tncfg --clear >/dev/null");
- safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null");
- addaliasinterfaces(configtype, redtype, redif, enablered, enableblue);
- } else if (strcmp(argv[1], "R") == 0) {
- safe_system("/usr/sbin/ipsec auto --rereadall");
- } else {
- fprintf(stderr, "Bad arg\n");
- usage();
- exit(1);
+ if (!enable_green && strcmp (interface, "GREEN") == 0) {
+ enable_green = 1;
+ findkey(kv, "GREEN_DEV", if_green);
+ if (VALID_DEVICE(if_green))
+ enable_green++;
+ else
+ fprintf(stderr, "IPSec enabled on green but green interface is invalid or not found\n");
}
- } else if (strspn(argv[2], NUMBERS) == strlen(argv[2])) {
- if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
- fprintf(stderr, "Couldn't open vpn settings file");
- exit(1);
+
+ if (!enable_orange && strcmp (interface, "ORANGE") == 0) {
+ enable_orange = 1;
+ findkey(kv, "ORANGE_DEV", if_orange);
+ if (VALID_DEVICE(if_orange))
+ enable_orange++;
+ else
+ fprintf(stderr, "IPSec enabled on orange but orange interface is invalid or not found\n");
}
- while (fgets(s, STRING_SIZE, file) != NULL) {
- if (s[strlen(s) - 1] == '\n')
- s[strlen(s) - 1] = '\0';
- running = strdup (s);
- result = strsep(&running, ",");
- count = 0;
- key = NULL;
- name = NULL;
- enabled = NULL;
- type = NULL;
- while (result) {
- if (count == 0)
- key = result;
- if (count == 1)
- enabled = result;
- if (count == 2)
- name = result;
- if (count == 4)
- type = result;
- count++;
- result = strsep(&running, ",");
- }
- if (strcmp(key, argv[2]) != 0)
- continue;
-
- if (!(name && enabled))
- continue;
-
- if (strspn(name, LETTERS_NUMBERS) != strlen(name)) {
- fprintf(stderr, "Bad connection name: %s\n", name);
- goto EXIT;
- }
- if (! (strcmp(type, "host") == 0 || strcmp(type, "net") == 0)) {
- fprintf(stderr, "Bad connection type: %s\n", type);
- goto EXIT;
- }
-
- if (strcmp(argv[1], "S") == 0 && strcmp(enabled, "on") == 0) {
- safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
- memset(command, 0, STRING_SIZE);
- snprintf(command, STRING_SIZE - 1,
- "/usr/sbin/ipsec auto --replace %s >/dev/null", name);
- safe_system(command);
- if (strcmp(type, "net") == 0) {
- memset(command, 0, STRING_SIZE);
- snprintf(command, STRING_SIZE - 1,
- "/usr/sbin/ipsec auto --asynchronous --up %s >/dev/null", name);
- safe_system(command);
- }
- } else if (strcmp(argv[1], "D") == 0) {
- safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
- memset(command, 0, STRING_SIZE);
- snprintf(command, STRING_SIZE - 1,
- "/usr/sbin/ipsec auto --down %s >/dev/null", name);
- safe_system(command);
- memset(command, 0, STRING_SIZE);
- snprintf(command, STRING_SIZE - 1,
- "/usr/sbin/ipsec auto --delete %s >/dev/null", name);
- safe_system(command);
- }
+ if (!enable_blue && strcmp (interface, "BLUE") == 0) {
+ enable_blue++;
+ findkey(kv, "BLUE_DEV", if_blue);
+ if (VALID_DEVICE(if_blue))
+ enable_blue++;
+ else
+ fprintf(stderr, "IPSec enabled on blue but blue interface is invalid or not found\n");
+
}
- } else {
+ }
+ fclose(file);
+ freekeyvalues(kv);
+
+ // do nothing if something is in error condition
+ if ((enable_red==1) || (enable_green==1) || (enable_orange==1) || (enable_blue==1) )
+ exit(1);
+
+ // exit if nothing to do
+ if ( (enable_red+enable_green+enable_orange+enable_blue) == 0 )
+ exit(0);
+
+ // open needed ports
+ // todo: read a nat_t indicator to allow or not openning UDP/4500
+ if (enable_red==2)
+ open_physical(if_red, 4500);
+
+ if (enable_green==2)
+ open_physical(if_green, 4500);
+
+ if (enable_orange==2)
+ open_physical(if_orange, 4500);
+
+ if (enable_blue==2)
+ open_physical(if_blue, 4500);
+
+ // then open the ipsecX
+ open_virtual();
+
+ // start the system
+ if ((argc == 2) && strcmp(argv[1], "S") == 0) {
+ load_modules();
+ safe_system("/usr/sbin/ipsec tncfg --clear >/dev/null");
+ safe_system("/etc/rc.d/ipsec restart >/dev/null");
+ add_alias_interfaces(configtype, redtype, if_red, (enable_red+enable_green+enable_orange+enable_blue) >>1 );
+ safe_system("/usr/local/bin/vpn-watch --start");
+ exit(0);
+ }
+
+ // it is a selective start or stop
+ // second param is only a number 'key'
+ if ((argc == 2) || strspn(argv[2], NUMBERS) != strlen(argv[2])) {
+ ipsec_norules();
fprintf(stderr, "Bad arg\n");
usage();
exit(1);
}
-EXIT:
- if (file)
- fclose(file);
+ // search the vpn pointed by 'key'
+ if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
+ ipsec_norules();
+ fprintf(stderr, "Couldn't open vpn settings file");
+ exit(1);
+ }
+ while (fgets(s, STRING_SIZE, file) != NULL) {
+ char *key;
+ char *name;
+ char *type;
+ char *interface;
+ if (!decode_line(s,&key,&name,&type,&interface))
+ continue;
+
+ // start/stop a vpn if belonging to specified interface
+ if (strcmp(argv[1], interface) == 0 ) {
+ if (strcmp(argv[2], "0")==0)
+ turn_connection_off (name);
+ else
+ turn_connection_on (name, type);
+ continue;
+ }
+ // is it the 'key' requested ?
+ if (strcmp(argv[2], key) != 0)
+ continue;
+ // Start or Delete this Connection
+ if (strcmp(argv[1], "S") == 0)
+ turn_connection_on (name, type);
+ else
+ if (strcmp(argv[1], "D") == 0)
+ turn_connection_off (name);
+ else {
+ ipsec_norules();
+ fprintf(stderr, "Bad command\n");
+ exit(1);
+ }
+ }
+ fclose(file);
+ safe_system("/usr/local/bin/vpn-watch --start");
return 0;
}
{
snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -d %s", argv[2]);
safe_system(command);
- printf(command);
return 0;
}
{
snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -e %s", argv[2]);
safe_system(command);
- printf(command);
return 0;
}
{
snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -x %s", argv[2]);
safe_system(command);
- printf(command);
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/userdel %s", argv[2]);
safe_system(command);
- printf(command);
return 0;
}
return 0;
}
+ if (strcmp(argv[1], "smbsafeconfpdc")==0)
+ {
+ safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
+ return 0;
+ }
+
if (strcmp(argv[1], "smbglobalreset")==0)
{
safe_system("/bin/cat /var/ipfire/samba/default.global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
safe_system("/bin/cat /var/ipfire/samba/default.settings > /var/ipfire/samba/settings");
+ safe_system("/bin/cat /var/ipfire/samba/default.global > /var/ipfire/samba/global");
return 0;
}
return 0;
}
+ if (strcmp(argv[1], "smbstatus")==0)
+ {
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/smbstatus");
+ safe_system(command);
+ printf(command);
+ return 0;
+ }
+
if (strcmp(argv[1], "smbuseradd")==0)
{
- snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -d /opt/samba -g 2110 -p %s -s /bin/false %s", argv[3], argv[2]);
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambauser");
+ safe_system(command);
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -m -g %s -p %s -s %s %s", argv[4], argv[3], argv[5], argv[2]);
safe_system(command);
printf(command);
snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s", argv[3], argv[3], argv[2]);
return 0;
}
+ if (strcmp(argv[1], "smbpcadd")==0)
+ {
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambawks");
+ safe_system(command);
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba Workstation' -g %s -s %s %s", argv[3], argv[4], argv[2]);
+ safe_system(command);
+ printf(command);
+ snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -a -m %s", argv[2]);
+ safe_system(command);
+ printf(command);
+ return 0;
+ }
+
if (strcmp(argv[1], "smbchangepw")==0)
{
snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s", argv[3], argv[3], argv[2]);
--- /dev/null
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include "setuid.h"
+
+#define BUFFER_SIZE 1024
+
+char command[BUFFER_SIZE];
+
+int main(int argc, char *argv[])
+{
+
+ if (!(initsetuid()))
+ exit(1);
+
+ // Check what command is asked
+ if (argc==1)
+ {
+ fprintf (stderr, "Missing upnpctrl command!\n");
+ return 1;
+ }
+
+ if (strcmp(argv[1], "start")==0)
+ {
+ snprintf(command, BUFFER_SIZE-1, "route add -net 239.0.0.0 netmask 255.0.0.0 %s", argv[2]);
+ safe_system(command);
+ printf(command);
+ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/upnpd %s %s", argv[2], argv[3] );
+ safe_system(command);
+ printf(command);
+ return 0;
+ }
+
+ if (strcmp(argv[1], "stop")==0)
+ {
+ snprintf(command, BUFFER_SIZE-1, "killall upnpd");
+ safe_system(command);
+ printf(command);
+ snprintf(command, BUFFER_SIZE-1, "route del -net 239.0.0.0 netmask 255.0.0.0 %s", argv[2]);
+ safe_system(command);
+ printf(command);
+ return 0;
+ }
+}