#!/usr/bin/perl # # SmoothWall CGIs # # This code is distributed under the terms of the GPL # # (c) The SmoothWall Team # Copyright (c) 2002/04/13 Steve Bootes - Add destination IP support # # $Id: xtaccess.cgi,v 1.6.2.15 2005/03/05 08:44:32 eoberlander Exp $ # use strict; # enable only the following on debugging purpose #use warnings; #use CGI::Carp 'fatalsToBrowser'; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; #workaround to suppress a warning when a variable is used only once my @dummy = ( ${Header::colouryellow} ); undef (@dummy); my %cgiparams=(); my %checked=(); my %selected=(); my $errormessage = ''; my $filename = "${General::swroot}/xtaccess/config"; my $aliasfile = "${General::swroot}/ethernet/aliases"; my $changed = 'no'; my %color = (); my %mainsettings = (); &General::readhash("${General::swroot}/main/settings", \%mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); &Header::showhttpheaders(); $cgiparams{'ENABLED'} = 'off'; $cgiparams{'ACTION'} = ''; $cgiparams{'SRC'} = ''; $cgiparams{'DEST_PORT'} = ''; $cgiparams{'REMARK'} =''; &Header::getcgihash(\%cgiparams); open(FILE, $filename) or die 'Unable to open config file.'; my @current = ; close(FILE); if ($cgiparams{'ACTION'} eq $Lang::tr{'add'}) { unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; } unless(&General::validipormask($cgiparams{'SRC'})) { if ($cgiparams{'SRC'} ne '') { $errormessage = $Lang::tr{'source ip bad'}; } else { $cgiparams{'SRC'} = '0.0.0.0/0'; } } unless($errormessage){ $errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst'); } if ( ! $errormessage) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); if($cgiparams{'EDITING'} eq 'no') { open(FILE,">>$filename") or die 'Unable to open config file.'; flock FILE, 2; print FILE "$cgiparams{'PROTOCOL'},$cgiparams{'SRC'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'DEST'},$cgiparams{'REMARK'}\n"; } else { open(FILE, ">$filename") or die 'Unable to open config file.'; flock FILE, 2; my $id = 0; foreach my $line (@current) { $id++; if ($cgiparams{'EDITING'} eq $id) { print FILE "$cgiparams{'PROTOCOL'},$cgiparams{'SRC'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'DEST'},$cgiparams{'REMARK'}\n"; } else { print FILE "$line"; } } } close(FILE); undef %cgiparams; $changed = 'yes'; &General::log($Lang::tr{'external access rule added'}); system('/usr/local/bin/setxtaccess'); } else { # stay on edit mode if an error occur if ($cgiparams{'EDITING'} ne 'no') { $cgiparams{'ACTION'} = $Lang::tr{'edit'}; $cgiparams{'ID'} = $cgiparams{'EDITING'}; } } } if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { my $id = 0; open(FILE, ">$filename") or die 'Unable to open config file.'; flock FILE, 2; foreach my $line (@current) { $id++; unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } } close(FILE); system('/usr/local/bin/setxtaccess'); &General::log($Lang::tr{'external access rule removed'}); } if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { open(FILE, ">$filename") or die 'Unable to open config file.'; flock FILE, 2; my $id = 0; foreach my $line (@current) { $id++; unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } else { chomp($line); my @temp = split(/\,/,$line); print FILE "$temp[0],$temp[1],$temp[2],$cgiparams{'ENABLE'},$temp[4],$temp[5]\n"; } } close(FILE); system('/usr/local/bin/setxtaccess'); } if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { my $id = 0; foreach my $line (@current) { $id++; if ($cgiparams{'ID'} eq $id) { chomp($line); my @temp = split(/\,/,$line); $cgiparams{'PROTOCOL'} = $temp[0]; $cgiparams{'SRC'} = $temp[1]; $cgiparams{'DEST_PORT'} = $temp[2]; $cgiparams{'ENABLED'} = $temp[3]; $cgiparams{'DEST'} = $temp[4]; $cgiparams{'REMARK'} = $temp[5]; } } } if ($cgiparams{'ACTION'} eq '') { $cgiparams{'PROTOCOL'} = 'tcp'; $cgiparams{'DEST'} = '0.0.0.0'; $cgiparams{'ENABLED'} = 'on'; } $selected{'PROTOCOL'}{'udp'} = ''; $selected{'PROTOCOL'}{'tcp'} = ''; $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'"; $selected{'DEST'}{$cgiparams{'DEST'}} = "selected='selected'"; $checked{'ENABLED'}{'off'} = ''; $checked{'ENABLED'}{'on'} = ''; $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'"; &Header::openpage($Lang::tr{'external access configuration'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); if ($errormessage) { &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); print "$errormessage\n"; print " \n"; &Header::closebox(); } print "

\n"; my $buttontext = $Lang::tr{'add'}; if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'}); $buttontext = $Lang::tr{'update'}; } else { &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'}); } print < $Lang::tr{'source network'} $Lang::tr{'destination port'}:

$Lang::tr{'enabled'}

$Lang::tr{'destination ip'}:

$Lang::tr{'remark'}:

$Lang::tr{'this field may be blank'}

END ; if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { print "\n"; } else { print "\n"; } &Header::closebox(); print "\n"; &Header::openbox('100%', 'left', $Lang::tr{'current rules'}); print < $Lang::tr{'proto'} $Lang::tr{'source ip'} $Lang::tr{'destination ip'} $Lang::tr{'destination port'} $Lang::tr{'remark'} $Lang::tr{'action'} END ; # If something has happened re-read config if($cgiparams{'ACTION'} ne '' or $changed ne 'no') { open(FILE, $filename) or die 'Unable to open config file.'; @current = ; close(FILE); } my $id = 0; foreach my $line (@current) { $id++; chomp($line); my @temp = split(/\,/,$line); my $protocol = ''; my $gif = ''; my $gdesc = ''; my $toggle = ''; if ($temp[0] eq 'udp') { $protocol = 'UDP'; } else { $protocol = 'TCP' } if($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) { print "\n"; } elsif ($id % 2) { print "\n"; } else { print "\n"; } if ($temp[3] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};} else { $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; } if ($temp[1] eq '0.0.0.0/0') { $temp[1] = $Lang::tr{'caps all'}; } # catch for 'old-style' rules file - assume default ip if # none exists if (!&General::validip($temp[4]) || $temp[4] eq '0.0.0.0') { $temp[4] = 'DEFAULT IP'; } $temp[5] = '' unless defined $temp[5]; print <$protocol $temp[1] $temp[4] $temp[2] $temp[5] END ; } print "\n"; # If the xt access file contains entries, print Key to action icons if ( ! -z "$filename") { print < $Lang::tr{'legend'}:

$Lang::tr{'click to disable'}

$Lang::tr{'click to enable'}

$Lang::tr{'edit'}

$Lang::tr{'remove'} END ; } &Header::closebox(); &Header::closebigbox(); &Header::closepage();