]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/webaccess.cgi
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
[ipfire-2.x.git] / html / cgi-bin / webaccess.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007 Michael Tremer & Christian Schmidt #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23
24 #usable only the following on debugging purpose
25 #use warnings;
26 #use CGI::Carp 'fatalsToBrowser';
27 use CGI;
28
29 require '/var/ipfire/general-functions.pl';
30 require "${General::swroot}/lang.pl";
31 require "${General::swroot}/header.pl";
32
33
34 my $swroot = "/var/ipfire";
35 my $apdir = "$swroot/proxy/advanced";
36 my $group_def_file = "$apdir/cre/classrooms";
37 my $svhosts_file = "$apdir/cre/supervisors";
38 my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl";
39 my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl";
40
41 my $banner = "A D V A N C E D &nbsp; P R O X Y &nbsp; - &nbsp; W E B &nbsp; A C C E S S &nbsp; M A N A G E R";
42 my %cgiparams;
43 my %proxysettings;
44 my %temp;
45
46 my %acl=();
47 my @group_defs=();
48 my @groups=();
49
50 ### Initialize environment
51 &readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
52
53 ### Initialize language
54 require "${swroot}/lang.pl";
55
56 &getcgihash(\%cgiparams);
57
58 &read_all_groups;
59 &read_acl_groups;
60
61 foreach (@groups)
62 {
63 if ($cgiparams{$_} eq $Lang::tr{'advproxy mode deny'}) { $acl{$_}='on'; }
64 if ($cgiparams{$_} eq $Lang::tr{'advproxy mode allow'}) { $acl{$_}='off'; }
65 }
66
67 &read_all_groups;
68
69 my $is_supervisor=0;
70
71 if ((-e $svhosts_file) && (!-z $svhosts_file))
72 {
73 open (FILE, $svhosts_file);
74 while (<FILE>)
75 {
76 chomp;
77 if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; }
78 }
79 close (FILE);
80
81 } else { $is_supervisor=1; }
82
83 if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor))
84 {
85 if ( ($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) ||
86 ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))
87 {
88 &write_acl;
89 system("/usr/local/bin/squidctrl restart >/dev/null 2>&1");
90 }
91 }
92
93 &read_acl_groups;
94
95 #undef(%cgiparams);
96
97 # -------------------------------------------------------------------
98
99 print <<END
100 Pragma: no-cache
101 Cache-control: no-cache
102 Connection: close
103 Content-type: text/html
104
105 <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>
106 <html>
107 <head>
108 <meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
109 <title>Advanced Proxy - Web Access Manager</title>
110 <style type='text/css'>
111 a:link { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
112 a:visited { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
113 a:hover { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
114 a:active { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
115 a:focus { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
116 </style>
117 </head>
118 <body bgcolor='#FFFFFF'>
119
120 <center>
121
122 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
123
124 <table width='720' cellspacing='10' cellpadding='5' border='0'>
125
126 <tr>
127 <td bgcolor='#C0C0C0' height='20'></td>
128 </tr>
129
130 <tr>
131 <td bgcolor='#F4F4F4' align='center'>
132 <table width='100%' cellspacing='10' cellpadding='10' border='0'>
133
134 <tr>
135 <td nowrap bgcolor='#FFFFFF' align='center'>
136 <font face='verdana,arial,helvetica' color='#000000' size='3'>$banner</font>
137 </td>
138 </tr>
139
140 END
141 ;
142 if ($proxysettings{'CLASSROOM_EXT'} eq 'on')
143 {
144 if (@groups)
145 {
146 print <<END
147 <tr>
148 <td>
149 <table width='70%' cellspacing='2' cellpadding='2' border='0' align='center'>
150 <tr><td><input type='hidden' name='ACTION' value='submit'></td></tr>
151 <tr>
152 END
153 ;
154 if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))))
155 {
156 print <<END
157 <td align='center'>
158 <font face='verdana,arial,helvetica' color='#000000' size='2'>$Lang::tr{'advproxy supervisor password'}:</font>
159 </td>
160 <td align='center'><input type='password' name='PASSWORD' size='15'></td>
161 END
162 ;
163 }
164 print <<END
165 </tr>
166
167 </table>
168
169 <p>
170
171 END
172 ;
173 foreach (@groups) {
174 if ($is_supervisor)
175 {
176 print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center' rules='groups'>";
177 } else {
178 print"<table width='50%' cellspacing='2' cellpadding='6' border='0' align='center' rules='groups'>";
179 }
180 print "<tr>\n";
181 if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
182 {
183 print " <td bgcolor='#D00000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>";
184 } else { print " <td bgcolor='#00A000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; }
185 if ($is_supervisor)
186 {
187 if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
188 {
189 print "</td><td width='120' align='center'>";
190 print "<input type='submit' name='$_' value=' $Lang::tr{'advproxy mode allow'} '>";
191 print "</td><td width='16' bgcolor='#D00000'>&nbsp;</td>\n";
192 } else {
193 print "</td><td width='120' align='center'>";
194 print "<input type='submit' name='$_' value=' $Lang::tr{'advproxy mode deny'} '>";
195 print "</td><td width='16' bgcolor='#00A000'>&nbsp;</td>\n";
196 }
197 }
198 print "</tr>\n";
199 print "</table>\n";
200 print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center'>";
201 print "<tr><td></td></tr>\n";
202 print "</table>\n";
203 }
204
205 print <<END
206 </td>
207 </tr>
208 END
209 ;
210 } else {
211 print " <tr>\n";
212 print " <td align='center'>\n";
213 print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$Lang::tr{'advproxy no cre groups'}</font>\n";
214 print " </td>\n";
215 print " </tr>\n";
216 }
217 } else {
218 print " <tr>\n";
219 print " <td align='center'>\n";
220 print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$Lang::tr{'advproxy cre disabled'}</font>\n";
221 print " </td>\n";
222 print " </tr>\n";
223 }
224
225 print <<END
226
227 </table>
228 </td>
229 </tr>
230
231
232 <tr>
233 <td bgcolor='#C0C0C0' align='right'>
234 <font face='verdana,arial,helvetica' color='#FFFFFF' size='1'>
235 <a href='http://www.advproxy.net' target='_blank'>Advanced Proxy</a> running on
236 <a href='http://www.ipfire.org' target='_blank'>IPFire</a>
237 </font>
238 </td>
239 </tr>
240
241 </table>
242
243 </form>
244
245 </center>
246
247 </body>
248
249 </html>
250 END
251 ;
252
253 # -------------------------------------------------------------------
254
255 sub readhash
256 {
257 my $filename = $_[0];
258 my $hash = $_[1];
259 my ($var, $val);
260
261 if (-e $filename)
262 {
263 open(FILE, $filename) or die "Unable to read file $filename";
264 while (<FILE>)
265 {
266 chop;
267 ($var, $val) = split /=/, $_, 2;
268 if ($var)
269 {
270 $val =~ s/^\'//g;
271 $val =~ s/\'$//g;
272
273 # Untaint variables read from hash
274 $var =~ /([A-Za-z0-9_-]*)/; $var = $1;
275 $val =~ /([\w\W]*)/; $val = $1;
276 $hash->{$var} = $val;
277 }
278 }
279 close FILE;
280 }
281 }
282
283 # -------------------------------------------------------------------
284
285 sub getcgihash
286 {
287 my ($hash, $params) = @_;
288 my $cgi = CGI->new ();
289 return if ($ENV{'REQUEST_METHOD'} ne 'POST');
290 if (!$params->{'wantfile'}) {
291 $CGI::DISABLE_UPLOADS = 1;
292 $CGI::POST_MAX = 512 * 1024;
293 } else {
294 $CGI::POST_MAX = 10 * 1024 * 1024;
295 }
296
297 $cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
298 my $referer = $1;
299 $cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
300 my $servername = $1;
301 return if ($referer ne $servername);
302
303 ### Modified for getting multi-vars, split by |
304 %temp = $cgi->Vars();
305 foreach my $key (keys %temp) {
306 $hash->{$key} = $temp{$key};
307 $hash->{$key} =~ s/\0/|/g;
308 $hash->{$key} =~ s/^\s*(.*?)\s*$/$1/;
309 }
310
311 if (($params->{'wantfile'})&&($params->{'filevar'})) {
312 $hash->{$params->{'filevar'}} = $cgi->upload
313 ($params->{'filevar'});
314 }
315 return;
316 }
317
318 # -------------------------------------------------------------------
319
320 sub read_acl_groups
321 {
322 undef(%acl);
323 open (FILE,"$acl_src_noaccess_ips");
324 my @aclgroups = <FILE>;
325 close (FILE);
326 foreach (@aclgroups)
327 {
328 chomp;
329 if (/^\#/)
330 {
331 s/^\# //;
332 $acl{$_}='on';
333 }
334 }
335 }
336
337 # -------------------------------------------------------------------
338
339 sub read_all_groups
340 {
341 my $grpstr;
342
343 open (FILE,"$group_def_file");
344 @group_defs = <FILE>;
345 close (FILE);
346
347 undef(@groups);
348 foreach (@group_defs)
349 {
350 chomp;
351 if (/^\s*\[.*\]\s*$/)
352 {
353 $grpstr=$_;
354 $grpstr =~ s/^\s*\[\s*//;
355 $grpstr =~ s/\s*\]\s*$//;
356 push(@groups,$grpstr);
357 }
358 }
359 }
360
361 # -------------------------------------------------------------------
362
363 sub write_acl
364 {
365 my $is_blocked=0;
366
367 open (FILE_IPS,">$acl_src_noaccess_ips");
368 open (FILE_MAC,">$acl_src_noaccess_mac");
369 flock (FILE_IPS, 2);
370 flock (FILE_MAC, 2);
371 foreach (@group_defs)
372 {
373 if (/^\s*\[.*\]\s*$/)
374 {
375 s/^\s*\[\s*//;
376 s/\s*\]\s*$//;
377 if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
378 {
379 print FILE_IPS "# $_\n";
380 print FILE_MAC "# $_\n";
381 $is_blocked=1;
382 } else { $is_blocked=0; }
383 } elsif (($is_blocked) && ($_))
384 {
385 s/^\s+//g; s/\s+$//g;
386 /^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n";
387 }
388 }
389
390 close (FILE_IPS);
391 close (FILE_MAC);
392 }
393
394 # -------------------------------------------------------------------
IPFire 2.x development tree