[people/pmueller/ipfire-2.x.git] / html / cgi-bin / webaccess.cgi

#!/usr/bin/perl
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

use CGI;

my $swroot = "/var/ipfire";
my $apdir  = "$swroot/proxy/advanced";
my $group_def_file = "$apdir/cre/classrooms";
my $svhosts_file = "$apdir/cre/supervisors";
my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl";
my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl";

my $banner = "A D V A N C E D &nbsp; P R O X Y &nbsp; - &nbsp; W E B &nbsp; A C C E S S &nbsp; M A N A G E R";
my %cgiparams;
my %mainsettings;
my %proxysettings;

my %acl=();
my @group_defs=();
my @groups=();

### Initialize environment
&readhash("${swroot}/main/settings", \%mainsettings);
&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
$language = $mainsettings{'LANGUAGE'};

### Initialize language
if ($language =~ /^(\w+)$/) {$language = $1;}
 #
 # Uncomment this to force a certain language:
 # $language='en';
 #
require "${swroot}/langs/en.pl";
require "${swroot}/langs/${language}.pl";

&getcgihash(\%cgiparams);

&read_all_groups;
&read_acl_groups;

foreach (@groups)
{
	if ($cgiparams{$_} eq $tr{'advproxy mode deny'})  { $acl{$_}='on'; }
	if ($cgiparams{$_} eq $tr{'advproxy mode allow'}) { $acl{$_}='off'; }
}

&read_all_groups;

my $is_supervisor=0;

if ((-e $svhosts_file) && (!-z $svhosts_file))
{
	open (FILE, $svhosts_file);
	while (<FILE>)
	{
		chomp;
		if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; }
	}
	close (FILE);

} else { $is_supervisor=1; }

if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor))
{
	if (	($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) || 
		((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))
	{
		&write_acl;
		system("/usr/local/bin/squidctrl restart >/dev/null 2>&1");
	}
}

&read_acl_groups;

#undef(%cgiparams);

# -------------------------------------------------------------------

print <<END
Pragma: no-cache
Cache-control: no-cache
Connection: close
Content-type: text/html

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>
<html>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<title>Advanced Proxy - Web Access Manager</title>
<style type='text/css'>
	a:link    { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
	a:visited { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
	a:hover   { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
	a:active  { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
	a:focus   { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
</style>
</head>
<body bgcolor='#FFFFFF'>

<center>

<form method='post' action='$ENV{'SCRIPT_NAME'}'>

<table width='720' cellspacing='10' cellpadding='5' border='0'>

<tr>
   <td bgcolor='#C0C0C0' height='20'></td>
</tr>

<tr>
   <td bgcolor='#F4F4F4' align='center'>
      <table width='100%' cellspacing='10' cellpadding='10' border='0'>

         <tr>
            <td nowrap bgcolor='#FFFFFF' align='center'>
                <font face='verdana,arial,helvetica' color='#000000' size='3'>$banner</font>
            </td>
         </tr>

END
;
if ($proxysettings{'CLASSROOM_EXT'} eq 'on')
{
if (@groups)
{
print <<END
         <tr>
            <td>
               <table width='70%' cellspacing='2' cellpadding='2' border='0' align='center'>
	<tr><td><input type='hidden' name='ACTION' value='submit'></td></tr>
               <tr>
END
;
if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))))
{
print <<END
                  <td align='center'>
                     <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy supervisor password'}:</font>
                  </td>
                  <td align='center'><input type='password' name='PASSWORD' size='15'></td>
END
;
}
print <<END
               </tr>

               </table>

               <p>

END
;
	foreach (@groups) {
		if ($is_supervisor)
		{
			print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center' rules='groups'>";
		} else {
			print"<table width='50%' cellspacing='2' cellpadding='6' border='0' align='center' rules='groups'>";
		}
		print "<tr>\n";
		if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
		{
			print " <td bgcolor='#D00000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>";
		} else { print " <td bgcolor='#00A000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; }
		if ($is_supervisor)
		{
			if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
			{
			print "</td><td width='120' align='center'>";
				print "<input type='submit' name='$_' value=' $tr{'advproxy mode allow'} '>";
			print "</td><td width='16' bgcolor='#D00000'>&nbsp;</td>\n";
			} else {
			print "</td><td width='120' align='center'>";
				print "<input type='submit' name='$_' value=' $tr{'advproxy mode deny'} '>";
			print "</td><td width='16' bgcolor='#00A000'>&nbsp;</td>\n";
			}
		}
		print "</tr>\n";
		print "</table>\n";
		print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center'>";
		print "<tr><td></td></tr>\n";
		print "</table>\n";
	}

print <<END
            </td>
         </tr>
END
;
} else {
            print "      <tr>\n";
            print "         <td align='center'>\n";
            print "            <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy no cre groups'}</font>\n";
            print "         </td>\n";
            print "      </tr>\n";
}
} else {
            print "      <tr>\n";
            print "         <td align='center'>\n";
            print "            <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy cre disabled'}</font>\n";
            print "         </td>\n";
            print "      </tr>\n";
}

print <<END

      </table>
   </td>
</tr>


<tr>
   <td bgcolor='#C0C0C0' align='right'>
      <font face='verdana,arial,helvetica' color='#FFFFFF' size='1'>
      <a href='http://www.advproxy.net' target='_blank'>Advanced Proxy</a> running on
      <a href='http://www.ipfire.org' target='_blank'>IPFire</a>
      </font>
   </td>
</tr>

</table>

</form>

</center>

</body>

</html>
END
;

# -------------------------------------------------------------------

sub readhash
{
	my $filename = $_[0];
	my $hash = $_[1];
	my ($var, $val);

	if (-e $filename)
	{
		open(FILE, $filename) or die "Unable to read file $filename";
		while (<FILE>)
		{
			chop;
			($var, $val) = split /=/, $_, 2;
			if ($var)
			{
				$val =~ s/^\'//g;
				$val =~ s/\'$//g;
	
				# Untaint variables read from hash
				$var =~ /([A-Za-z0-9_-]*)/;        $var = $1;
				$val =~ /([\w\W]*)/; $val = $1;
				$hash->{$var} = $val;
			}
		}
		close FILE;
	}
}

# -------------------------------------------------------------------

sub getcgihash
{
	my ($hash, $params) = @_;
	my $cgi = CGI->new ();
	return if ($ENV{'REQUEST_METHOD'} ne 'POST');
	if (!$params->{'wantfile'}) {
		$CGI::DISABLE_UPLOADS = 1;
		$CGI::POST_MAX        = 512 * 1024;
	} else {
		$CGI::POST_MAX = 10 * 1024 * 1024;
	}

	$cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
	my $referer = $1;
	$cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
	my $servername = $1;
	return if ($referer ne $servername);

	### Modified for getting multi-vars, split by |
	%temp = $cgi->Vars();
	foreach my $key (keys %temp) {
		$hash->{$key} = $temp{$key};
		$hash->{$key} =~ s/\0/|/g;
		$hash->{$key} =~ s/^\s*(.*?)\s*$/$1/;
	}

	if (($params->{'wantfile'})&&($params->{'filevar'})) {
		$hash->{$params->{'filevar'}} = $cgi->upload
					($params->{'filevar'});
	}
	return;
}

# -------------------------------------------------------------------

sub read_acl_groups
{
	undef(%acl);
	open (FILE,"$acl_src_noaccess_ips");
	my @aclgroups = <FILE>;
	close (FILE);
	foreach (@aclgroups)
	{
		chomp;
		if (/^\#/)
		{
			s/^\# //;
			$acl{$_}='on';
		}
	}
}

# -------------------------------------------------------------------

sub read_all_groups
{
	my $grpstr;

	open (FILE,"$group_def_file");
	@group_defs = <FILE>;
	close (FILE);

	undef(@groups);
	foreach (@group_defs)
	{
		chomp;
		if (/^\s*\[.*\]\s*$/)
		{
			$grpstr=$_;
			$grpstr =~ s/^\s*\[\s*//;
			$grpstr =~ s/\s*\]\s*$//;
			push(@groups,$grpstr);
		}
	}
}

# -------------------------------------------------------------------

sub write_acl
{
	my $is_blocked=0;

	open (FILE_IPS,">$acl_src_noaccess_ips");
	open (FILE_MAC,">$acl_src_noaccess_mac");
	flock (FILE_IPS, 2);
	flock (FILE_MAC, 2);
	foreach (@group_defs)
	{
		if (/^\s*\[.*\]\s*$/)
		{
			s/^\s*\[\s*//;
			s/\s*\]\s*$//;
			if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
			{
				print FILE_IPS "# $_\n";
				print FILE_MAC "# $_\n";
				$is_blocked=1;
			} else { $is_blocked=0; }
		} elsif (($is_blocked) && ($_))
		{
			s/^\s+//g; s/\s+$//g;
			/^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n";
		}
	}

	close (FILE_IPS);
	close (FILE_MAC);
}

# -------------------------------------------------------------------
Commit	Line	Data
ed38f89d	1	#!/usr/bin/perl
70df8302 MT	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
ed38f89d MT	21
	22	use CGI;
	23
c980f4d2	24	my $swroot = "/var/ipfire";
ed38f89d MT	25	my $apdir = "$swroot/proxy/advanced";
	26	my $group_def_file = "$apdir/cre/classrooms";
	27	my $svhosts_file = "$apdir/cre/supervisors";
	28	my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl";
	29	my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl";
	30
	31	my $banner = "A D V A N C E D   P R O X Y   -   W E B   A C C E S S   M A N A G E R";
	32	my %cgiparams;
	33	my %mainsettings;
	34	my %proxysettings;
	35
	36	my %acl=();
	37	my @group_defs=();
	38	my @groups=();
	39
	40	### Initialize environment
	41	&readhash("${swroot}/main/settings", \%mainsettings);
	42	&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
	43	$language = $mainsettings{'LANGUAGE'};
	44
	45	### Initialize language
	46	if ($language =~ /^(\w+)$/) {$language = $1;}
	47	#
	48	# Uncomment this to force a certain language:
	49	# $language='en';
	50	#
	51	require "${swroot}/langs/en.pl";
	52	require "${swroot}/langs/${language}.pl";
	53
	54	&getcgihash(\%cgiparams);
	55
	56	&read_all_groups;
	57	&read_acl_groups;
	58
	59	foreach (@groups)
	60	{
	61	if ($cgiparams{$_} eq $tr{'advproxy mode deny'}) { $acl{$_}='on'; }
	62	if ($cgiparams{$_} eq $tr{'advproxy mode allow'}) { $acl{$_}='off'; }
	63	}
	64
	65	&read_all_groups;
	66
	67	my $is_supervisor=0;
	68
	69	if ((-e $svhosts_file) && (!-z $svhosts_file))
	70	{
	71	open (FILE, $svhosts_file);
	72	while (<FILE>)
	73	{
	74	chomp;
	75	if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; }
	76	}
	77	close (FILE);
	78
	79	} else { $is_supervisor=1; }
	80
	81	if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor))
	82	{
	83	if ( ($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) \|\|
	84	((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))
	85	{
	86	&write_acl;
c3df33af	87	system("/usr/local/bin/squidctrl restart >/dev/null 2>&1");
ed38f89d MT	88	}
	89	}
	90
	91	&read_acl_groups;
	92
	93	#undef(%cgiparams);
	94
	95	# -------------------------------------------------------------------
	96
	97	print <<END
	98	Pragma: no-cache
	99	Cache-control: no-cache
	100	Connection: close
	101	Content-type: text/html
	102
	103	<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>
	104	<html>
	105	<head>
	106	<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
	107	<title>Advanced Proxy - Web Access Manager</title>
	108	<style type='text/css'>
	109	a:link { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
	110	a:visited { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
	111	a:hover { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
	112	a:active { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
	113	a:focus { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
	114	</style>
	115	</head>
	116	<body bgcolor='#FFFFFF'>
	117
	118	<center>
	119
	120	<form method='post' action='$ENV{'SCRIPT_NAME'}'>
	121
	122	<table width='720' cellspacing='10' cellpadding='5' border='0'>
	123
	124	<tr>
	125	<td bgcolor='#C0C0C0' height='20'></td>
	126	</tr>
	127
	128	<tr>
	129	<td bgcolor='#F4F4F4' align='center'>
	130	<table width='100%' cellspacing='10' cellpadding='10' border='0'>
	131
	132	<tr>
	133	<td nowrap bgcolor='#FFFFFF' align='center'>
	134	<font face='verdana,arial,helvetica' color='#000000' size='3'>$banner</font>
	135	</td>
	136	</tr>
	137
	138	END
	139	;
	140	if ($proxysettings{'CLASSROOM_EXT'} eq 'on')
	141	{
	142	if (@groups)
	143	{
	144	print <<END
	145	<tr>
	146	<td>
	147	<table width='70%' cellspacing='2' cellpadding='2' border='0' align='center'>
	148	<tr><td><input type='hidden' name='ACTION' value='submit'></td></tr>
	149	<tr>
	150	END
	151	;
152	if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))))
153	{
154	print <<END
155	<td align='center'>
156	<font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy supervisor password'}:</font>
157	</td>
158	<td align='center'><input type='password' name='PASSWORD' size='15'></td>
159	END
160	;
161	}
162	print <<END
163	</tr>
164
165	</table>
166
167	<p>
168
169	END
170	;
171	foreach (@groups) {
172	if ($is_supervisor)
173	{
174	print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center' rules='groups'>";
175	} else {
176	print"<table width='50%' cellspacing='2' cellpadding='6' border='0' align='center' rules='groups'>";
177	}
178	print "<tr>\n";
179	if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
180	{
181	print " <td bgcolor='#D00000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>";
182	} else { print " <td bgcolor='#00A000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; }
183	if ($is_supervisor)
184	{
185	if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
186	{
187	print "</td><td width='120' align='center'>";
188	print "<input type='submit' name='$_' value=' $tr{'advproxy mode allow'} '>";
189	print "</td><td width='16' bgcolor='#D00000'> </td>\n";
190	} else {
191	print "</td><td width='120' align='center'>";
192	print "<input type='submit' name='$_' value=' $tr{'advproxy mode deny'} '>";
193	print "</td><td width='16' bgcolor='#00A000'> </td>\n";
194	}
195	}
196	print "</tr>\n";
197	print "</table>\n";
198	print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center'>";
199	print "<tr><td></td></tr>\n";
200	print "</table>\n";
201	}
202
203	print <<END
204	</td>
205	</tr>
206	END
207	;
208	} else {
209	print " <tr>\n";
210	print " <td align='center'>\n";
211	print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy no cre groups'}</font>\n";
212	print " </td>\n";
213	print " </tr>\n";
214	}
215	} else {
216	print " <tr>\n";
217	print " <td align='center'>\n";
218	print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy cre disabled'}</font>\n";
219	print " </td>\n";
220	print " </tr>\n";
221	}
222
223	print <<END
224
225	</table>
226	</td>
227	</tr>
228
229
230	<tr>
231	<td bgcolor='#C0C0C0' align='right'>
232	<font face='verdana,arial,helvetica' color='#FFFFFF' size='1'>
233	<a href='http://www.advproxy.net' target='_blank'>Advanced Proxy</a> running on
b3b232f1	234	<a href='http://www.ipfire.org' target='_blank'>IPFire</a>
ed38f89d MT	235	</font>
	236	</td>
	237	</tr>
	238
	239	</table>
	240
	241	</form>
	242
	243	</center>
	244
	245	</body>
	246
	247	</html>
	248	END
	249	;
	250
	251	# -------------------------------------------------------------------
	252
	253	sub readhash
	254	{
	255	my $filename = $_[0];
	256	my $hash = $_[1];
	257	my ($var, $val);
	258
	259	if (-e $filename)
	260	{
	261	open(FILE, $filename) or die "Unable to read file $filename";
	262	while (<FILE>)
	263	{
	264	chop;
	265	($var, $val) = split /=/, $_, 2;
	266	if ($var)
	267	{
	268	$val =~ s/^\'//g;
	269	$val =~ s/\'$//g;
	270
	271	# Untaint variables read from hash
	272	$var =~ /([A-Za-z0-9_-]*)/; $var = $1;
	273	$val =~ /([\w\W]*)/; $val = $1;
	274	$hash->{$var} = $val;
	275	}
	276	}
	277	close FILE;
	278	}
	279	}
	280
	281	# -------------------------------------------------------------------
	282
	283	sub getcgihash
	284	{
	285	my ($hash, $params) = @_;
	286	my $cgi = CGI->new ();
	287	return if ($ENV{'REQUEST_METHOD'} ne 'POST');
	288	if (!$params->{'wantfile'}) {
	289	$CGI::DISABLE_UPLOADS = 1;
	290	$CGI::POST_MAX = 512 * 1024;
	291	} else {
	292	$CGI::POST_MAX = 10 * 1024 * 1024;
	293	}
	294
	295	$cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
	296	my $referer = $1;
	297	$cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
	298	my $servername = $1;
299	return if ($referer ne $servername);
300
301	### Modified for getting multi-vars, split by \|
302	%temp = $cgi->Vars();
303	foreach my $key (keys %temp) {
304	$hash->{$key} = $temp{$key};
305	$hash->{$key} =~ s/\0/\|/g;
306	$hash->{$key} =~ s/^\s(.?)\s*$/$1/;
307	}
308
309	if (($params->{'wantfile'})&&($params->{'filevar'})) {
310	$hash->{$params->{'filevar'}} = $cgi->upload
311	($params->{'filevar'});
312	}
313	return;
314	}
315
316	# -------------------------------------------------------------------
317
318	sub read_acl_groups
319	{
320	undef(%acl);
321	open (FILE,"$acl_src_noaccess_ips");
322	my @aclgroups = <FILE>;
323	close (FILE);
324	foreach (@aclgroups)
325	{
326	chomp;
327	if (/^\#/)
328	{
329	s/^\# //;
330	$acl{$_}='on';
331	}
332	}
333	}
334
335	# -------------------------------------------------------------------
336
337	sub read_all_groups
338	{
339	my $grpstr;
340
341	open (FILE,"$group_def_file");
342	@group_defs = <FILE>;
343	close (FILE);
344
345	undef(@groups);
346	foreach (@group_defs)
347	{
348	chomp;
349	if (/^\s\[.\]\s*$/)
350	{
351	$grpstr=$_;
352	$grpstr =~ s/^\s\[\s//;
353	$grpstr =~ s/\s\]\s$//;
354	push(@groups,$grpstr);
355	}
356	}
357	}
358
359	# -------------------------------------------------------------------
360
361	sub write_acl
362	{
363	my $is_blocked=0;
364
365	open (FILE_IPS,">$acl_src_noaccess_ips");
366	open (FILE_MAC,">$acl_src_noaccess_mac");
367	flock (FILE_IPS, 2);
368	flock (FILE_MAC, 2);
369	foreach (@group_defs)
370	{
371	if (/^\s\[.\]\s*$/)
372	{
373	s/^\s\[\s//;
374	s/\s\]\s$//;
375	if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
376	{
377	print FILE_IPS "# $_\n";
378	print FILE_MAC "# $_\n";
379	$is_blocked=1;
380	} else { $is_blocked=0; }
381	} elsif (($is_blocked) && ($_))
382	{
383	s/^\s+//g; s/\s+$//g;
384	/^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n";
385	}
386	}
387
388	close (FILE_IPS);
389	close (FILE_MAC);
390	}
391
392	# -------------------------------------------------------------------