]>
Commit | Line | Data |
---|---|---|
ed38f89d | 1 | #!/usr/bin/perl |
70df8302 MT |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2007 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
ed38f89d MT |
21 | |
22 | use CGI; | |
23 | ||
c980f4d2 | 24 | my $swroot = "/var/ipfire"; |
ed38f89d MT |
25 | my $apdir = "$swroot/proxy/advanced"; |
26 | my $group_def_file = "$apdir/cre/classrooms"; | |
27 | my $svhosts_file = "$apdir/cre/supervisors"; | |
28 | my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl"; | |
29 | my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl"; | |
30 | ||
31 | my $banner = "A D V A N C E D P R O X Y - W E B A C C E S S M A N A G E R"; | |
32 | my %cgiparams; | |
ed38f89d MT |
33 | my %proxysettings; |
34 | ||
35 | my %acl=(); | |
36 | my @group_defs=(); | |
37 | my @groups=(); | |
38 | ||
39 | ### Initialize environment | |
ed38f89d | 40 | &readhash("${swroot}/proxy/advanced/settings", \%proxysettings); |
ed38f89d MT |
41 | |
42 | ### Initialize language | |
1f15cc09 | 43 | require "${swroot}/lang.pl"; |
ed38f89d MT |
44 | |
45 | &getcgihash(\%cgiparams); | |
46 | ||
47 | &read_all_groups; | |
48 | &read_acl_groups; | |
49 | ||
50 | foreach (@groups) | |
51 | { | |
52 | if ($cgiparams{$_} eq $tr{'advproxy mode deny'}) { $acl{$_}='on'; } | |
53 | if ($cgiparams{$_} eq $tr{'advproxy mode allow'}) { $acl{$_}='off'; } | |
54 | } | |
55 | ||
56 | &read_all_groups; | |
57 | ||
58 | my $is_supervisor=0; | |
59 | ||
60 | if ((-e $svhosts_file) && (!-z $svhosts_file)) | |
61 | { | |
62 | open (FILE, $svhosts_file); | |
63 | while (<FILE>) | |
64 | { | |
65 | chomp; | |
66 | if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; } | |
67 | } | |
68 | close (FILE); | |
69 | ||
70 | } else { $is_supervisor=1; } | |
71 | ||
72 | if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor)) | |
73 | { | |
74 | if ( ($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) || | |
75 | ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))) | |
76 | { | |
77 | &write_acl; | |
c3df33af | 78 | system("/usr/local/bin/squidctrl restart >/dev/null 2>&1"); |
ed38f89d MT |
79 | } |
80 | } | |
81 | ||
82 | &read_acl_groups; | |
83 | ||
84 | #undef(%cgiparams); | |
85 | ||
86 | # ------------------------------------------------------------------- | |
87 | ||
88 | print <<END | |
89 | Pragma: no-cache | |
90 | Cache-control: no-cache | |
91 | Connection: close | |
92 | Content-type: text/html | |
93 | ||
94 | <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'> | |
95 | <html> | |
96 | <head> | |
97 | <meta http-equiv='Content-Type' content='text/html; charset=UTF-8'> | |
98 | <title>Advanced Proxy - Web Access Manager</title> | |
99 | <style type='text/css'> | |
100 | a:link { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; } | |
101 | a:visited { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; } | |
102 | a:hover { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; } | |
103 | a:active { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; } | |
104 | a:focus { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; } | |
105 | </style> | |
106 | </head> | |
107 | <body bgcolor='#FFFFFF'> | |
108 | ||
109 | <center> | |
110 | ||
111 | <form method='post' action='$ENV{'SCRIPT_NAME'}'> | |
112 | ||
113 | <table width='720' cellspacing='10' cellpadding='5' border='0'> | |
114 | ||
115 | <tr> | |
116 | <td bgcolor='#C0C0C0' height='20'></td> | |
117 | </tr> | |
118 | ||
119 | <tr> | |
120 | <td bgcolor='#F4F4F4' align='center'> | |
121 | <table width='100%' cellspacing='10' cellpadding='10' border='0'> | |
122 | ||
123 | <tr> | |
124 | <td nowrap bgcolor='#FFFFFF' align='center'> | |
125 | <font face='verdana,arial,helvetica' color='#000000' size='3'>$banner</font> | |
126 | </td> | |
127 | </tr> | |
128 | ||
129 | END | |
130 | ; | |
131 | if ($proxysettings{'CLASSROOM_EXT'} eq 'on') | |
132 | { | |
133 | if (@groups) | |
134 | { | |
135 | print <<END | |
136 | <tr> | |
137 | <td> | |
138 | <table width='70%' cellspacing='2' cellpadding='2' border='0' align='center'> | |
139 | <tr><td><input type='hidden' name='ACTION' value='submit'></td></tr> | |
140 | <tr> | |
141 | END | |
142 | ; | |
143 | if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))) | |
144 | { | |
145 | print <<END | |
146 | <td align='center'> | |
147 | <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy supervisor password'}:</font> | |
148 | </td> | |
149 | <td align='center'><input type='password' name='PASSWORD' size='15'></td> | |
150 | END | |
151 | ; | |
152 | } | |
153 | print <<END | |
154 | </tr> | |
155 | ||
156 | </table> | |
157 | ||
158 | <p> | |
159 | ||
160 | END | |
161 | ; | |
162 | foreach (@groups) { | |
163 | if ($is_supervisor) | |
164 | { | |
165 | print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center' rules='groups'>"; | |
166 | } else { | |
167 | print"<table width='50%' cellspacing='2' cellpadding='6' border='0' align='center' rules='groups'>"; | |
168 | } | |
169 | print "<tr>\n"; | |
170 | if ((defined($acl{$_})) && ($acl{$_} eq 'on')) | |
171 | { | |
172 | print " <td bgcolor='#D00000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; | |
173 | } else { print " <td bgcolor='#00A000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; } | |
174 | if ($is_supervisor) | |
175 | { | |
176 | if ((defined($acl{$_})) && ($acl{$_} eq 'on')) | |
177 | { | |
178 | print "</td><td width='120' align='center'>"; | |
179 | print "<input type='submit' name='$_' value=' $tr{'advproxy mode allow'} '>"; | |
180 | print "</td><td width='16' bgcolor='#D00000'> </td>\n"; | |
181 | } else { | |
182 | print "</td><td width='120' align='center'>"; | |
183 | print "<input type='submit' name='$_' value=' $tr{'advproxy mode deny'} '>"; | |
184 | print "</td><td width='16' bgcolor='#00A000'> </td>\n"; | |
185 | } | |
186 | } | |
187 | print "</tr>\n"; | |
188 | print "</table>\n"; | |
189 | print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center'>"; | |
190 | print "<tr><td></td></tr>\n"; | |
191 | print "</table>\n"; | |
192 | } | |
193 | ||
194 | print <<END | |
195 | </td> | |
196 | </tr> | |
197 | END | |
198 | ; | |
199 | } else { | |
200 | print " <tr>\n"; | |
201 | print " <td align='center'>\n"; | |
202 | print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy no cre groups'}</font>\n"; | |
203 | print " </td>\n"; | |
204 | print " </tr>\n"; | |
205 | } | |
206 | } else { | |
207 | print " <tr>\n"; | |
208 | print " <td align='center'>\n"; | |
209 | print " <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy cre disabled'}</font>\n"; | |
210 | print " </td>\n"; | |
211 | print " </tr>\n"; | |
212 | } | |
213 | ||
214 | print <<END | |
215 | ||
216 | </table> | |
217 | </td> | |
218 | </tr> | |
219 | ||
220 | ||
221 | <tr> | |
222 | <td bgcolor='#C0C0C0' align='right'> | |
223 | <font face='verdana,arial,helvetica' color='#FFFFFF' size='1'> | |
224 | <a href='http://www.advproxy.net' target='_blank'>Advanced Proxy</a> running on | |
b3b232f1 | 225 | <a href='http://www.ipfire.org' target='_blank'>IPFire</a> |
ed38f89d MT |
226 | </font> |
227 | </td> | |
228 | </tr> | |
229 | ||
230 | </table> | |
231 | ||
232 | </form> | |
233 | ||
234 | </center> | |
235 | ||
236 | </body> | |
237 | ||
238 | </html> | |
239 | END | |
240 | ; | |
241 | ||
242 | # ------------------------------------------------------------------- | |
243 | ||
244 | sub readhash | |
245 | { | |
246 | my $filename = $_[0]; | |
247 | my $hash = $_[1]; | |
248 | my ($var, $val); | |
249 | ||
250 | if (-e $filename) | |
251 | { | |
252 | open(FILE, $filename) or die "Unable to read file $filename"; | |
253 | while (<FILE>) | |
254 | { | |
255 | chop; | |
256 | ($var, $val) = split /=/, $_, 2; | |
257 | if ($var) | |
258 | { | |
259 | $val =~ s/^\'//g; | |
260 | $val =~ s/\'$//g; | |
261 | ||
262 | # Untaint variables read from hash | |
263 | $var =~ /([A-Za-z0-9_-]*)/; $var = $1; | |
264 | $val =~ /([\w\W]*)/; $val = $1; | |
265 | $hash->{$var} = $val; | |
266 | } | |
267 | } | |
268 | close FILE; | |
269 | } | |
270 | } | |
271 | ||
272 | # ------------------------------------------------------------------- | |
273 | ||
274 | sub getcgihash | |
275 | { | |
276 | my ($hash, $params) = @_; | |
277 | my $cgi = CGI->new (); | |
278 | return if ($ENV{'REQUEST_METHOD'} ne 'POST'); | |
279 | if (!$params->{'wantfile'}) { | |
280 | $CGI::DISABLE_UPLOADS = 1; | |
281 | $CGI::POST_MAX = 512 * 1024; | |
282 | } else { | |
283 | $CGI::POST_MAX = 10 * 1024 * 1024; | |
284 | } | |
285 | ||
286 | $cgi->referer() =~ m/^https?\:\/\/([^\/]+)/; | |
287 | my $referer = $1; | |
288 | $cgi->url() =~ m/^https?\:\/\/([^\/]+)/; | |
289 | my $servername = $1; | |
290 | return if ($referer ne $servername); | |
291 | ||
292 | ### Modified for getting multi-vars, split by | | |
293 | %temp = $cgi->Vars(); | |
294 | foreach my $key (keys %temp) { | |
295 | $hash->{$key} = $temp{$key}; | |
296 | $hash->{$key} =~ s/\0/|/g; | |
297 | $hash->{$key} =~ s/^\s*(.*?)\s*$/$1/; | |
298 | } | |
299 | ||
300 | if (($params->{'wantfile'})&&($params->{'filevar'})) { | |
301 | $hash->{$params->{'filevar'}} = $cgi->upload | |
302 | ($params->{'filevar'}); | |
303 | } | |
304 | return; | |
305 | } | |
306 | ||
307 | # ------------------------------------------------------------------- | |
308 | ||
309 | sub read_acl_groups | |
310 | { | |
311 | undef(%acl); | |
312 | open (FILE,"$acl_src_noaccess_ips"); | |
313 | my @aclgroups = <FILE>; | |
314 | close (FILE); | |
315 | foreach (@aclgroups) | |
316 | { | |
317 | chomp; | |
318 | if (/^\#/) | |
319 | { | |
320 | s/^\# //; | |
321 | $acl{$_}='on'; | |
322 | } | |
323 | } | |
324 | } | |
325 | ||
326 | # ------------------------------------------------------------------- | |
327 | ||
328 | sub read_all_groups | |
329 | { | |
330 | my $grpstr; | |
331 | ||
332 | open (FILE,"$group_def_file"); | |
333 | @group_defs = <FILE>; | |
334 | close (FILE); | |
335 | ||
336 | undef(@groups); | |
337 | foreach (@group_defs) | |
338 | { | |
339 | chomp; | |
340 | if (/^\s*\[.*\]\s*$/) | |
341 | { | |
342 | $grpstr=$_; | |
343 | $grpstr =~ s/^\s*\[\s*//; | |
344 | $grpstr =~ s/\s*\]\s*$//; | |
345 | push(@groups,$grpstr); | |
346 | } | |
347 | } | |
348 | } | |
349 | ||
350 | # ------------------------------------------------------------------- | |
351 | ||
352 | sub write_acl | |
353 | { | |
354 | my $is_blocked=0; | |
355 | ||
356 | open (FILE_IPS,">$acl_src_noaccess_ips"); | |
357 | open (FILE_MAC,">$acl_src_noaccess_mac"); | |
358 | flock (FILE_IPS, 2); | |
359 | flock (FILE_MAC, 2); | |
360 | foreach (@group_defs) | |
361 | { | |
362 | if (/^\s*\[.*\]\s*$/) | |
363 | { | |
364 | s/^\s*\[\s*//; | |
365 | s/\s*\]\s*$//; | |
366 | if ((defined($acl{$_})) && ($acl{$_} eq 'on')) | |
367 | { | |
368 | print FILE_IPS "# $_\n"; | |
369 | print FILE_MAC "# $_\n"; | |
370 | $is_blocked=1; | |
371 | } else { $is_blocked=0; } | |
372 | } elsif (($is_blocked) && ($_)) | |
373 | { | |
374 | s/^\s+//g; s/\s+$//g; | |
375 | /^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n"; | |
376 | } | |
377 | } | |
378 | ||
379 | close (FILE_IPS); | |
380 | close (FILE_MAC); | |
381 | } | |
382 | ||
383 | # ------------------------------------------------------------------- |