]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | #!/usr/bin/perl\r |
2 | #\r | |
3 | # SmoothWall CGIs\r | |
4 | #\r | |
5 | # This code is distributed under the terms of the GPL\r | |
6 | #\r | |
7 | # (c) The SmoothWall Team\r | |
8 | #\r | |
9 | # $Id: dmzholes.cgi,v 1.9.2.16 2005/10/18 17:05:27 franck78 Exp $\r | |
10 | #\r | |
11 | \r | |
12 | use strict;\r | |
13 | \r | |
14 | # enable only the following on debugging purpose\r | |
15 | #use warnings;\r | |
16 | #use CGI::Carp 'fatalsToBrowser';\r | |
17 | \r | |
18 | require 'CONFIG_ROOT/general-functions.pl';\r | |
19 | require "${General::swroot}/lang.pl";\r | |
20 | require "${General::swroot}/header.pl";\r | |
21 | \r | |
22 | #workaround to suppress a warning when a variable is used only once\r | |
23 | my @dummy = ( ${Header::table2colour}, ${Header::colouryellow} );\r | |
24 | undef (@dummy);\r | |
25 | \r | |
26 | my %cgiparams=();\r | |
27 | my %checked=();\r | |
28 | my %selected=();\r | |
29 | my %netsettings=();\r | |
30 | my $errormessage = '';\r | |
31 | my $filename = "${General::swroot}/dmzholes/config";\r | |
32 | \r | |
33 | &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);\r | |
34 | \r | |
35 | &Header::showhttpheaders();\r | |
36 | \r | |
37 | $cgiparams{'ENABLED'} = 'off';\r | |
38 | $cgiparams{'REMARK'} = '';\r | |
39 | $cgiparams{'ACTION'} = '';\r | |
40 | $cgiparams{'SRC_IP'} = '';\r | |
41 | $cgiparams{'DEST_IP'} ='';\r | |
42 | $cgiparams{'DEST_PORT'} = '';\r | |
43 | &Header::getcgihash(\%cgiparams);\r | |
44 | \r | |
45 | open(FILE, $filename) or die 'Unable to open config file.';\r | |
46 | my @current = <FILE>;\r | |
47 | close(FILE);\r | |
48 | \r | |
49 | if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})\r | |
50 | {\r | |
51 | unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; }\r | |
52 | unless(&General::validipormask($cgiparams{'SRC_IP'})) { $errormessage = $Lang::tr{'source ip bad'}; }\r | |
53 | unless($errormessage){$errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst');}\r | |
54 | unless(&General::validipormask($cgiparams{'DEST_IP'})) { $errormessage = $Lang::tr{'destination ip bad'}; }\r | |
55 | unless ($errormessage) {\r | |
56 | $errormessage = &validNet($cgiparams{'SRC_NET'},$cgiparams{'DEST_NET'}); }\r | |
57 | # Darren Critchley - Remove commas from remarks\r | |
58 | $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});\r | |
59 | \r | |
60 | unless ($errormessage)\r | |
61 | {\r | |
62 | if($cgiparams{'EDITING'} eq 'no') {\r | |
63 | open(FILE,">>$filename") or die 'Unable to open config file.';\r | |
64 | flock FILE, 2;\r | |
65 | print FILE "$cgiparams{'PROTOCOL'},"; # [0]\r | |
66 | print FILE "$cgiparams{'SRC_IP'},"; # [1]\r | |
67 | print FILE "$cgiparams{'DEST_IP'},"; # [2]\r | |
68 | print FILE "$cgiparams{'DEST_PORT'},"; # [3]\r | |
69 | print FILE "$cgiparams{'ENABLED'},"; # [4]\r | |
70 | print FILE "$cgiparams{'SRC_NET'},"; # [5]\r | |
71 | print FILE "$cgiparams{'DEST_NET'},"; # [6]\r | |
72 | print FILE "$cgiparams{'REMARK'}\n"; # [7]\r | |
73 | } else {\r | |
74 | open(FILE,">$filename") or die 'Unable to open config file.';\r | |
75 | flock FILE, 2;\r | |
76 | my $id = 0;\r | |
77 | foreach my $line (@current)\r | |
78 | {\r | |
79 | $id++;\r | |
80 | if ($cgiparams{'EDITING'} eq $id) {\r | |
81 | print FILE "$cgiparams{'PROTOCOL'},"; # [0]\r | |
82 | print FILE "$cgiparams{'SRC_IP'},"; # [1]\r | |
83 | print FILE "$cgiparams{'DEST_IP'},"; # [2]\r | |
84 | print FILE "$cgiparams{'DEST_PORT'},"; # [3]\r | |
85 | print FILE "$cgiparams{'ENABLED'},"; # [4]\r | |
86 | print FILE "$cgiparams{'SRC_NET'},"; # [5]\r | |
87 | print FILE "$cgiparams{'DEST_NET'},"; # [6]\r | |
88 | print FILE "$cgiparams{'REMARK'}\n"; # [7]\r | |
89 | } else { print FILE "$line"; }\r | |
90 | }\r | |
91 | }\r | |
92 | close(FILE);\r | |
93 | undef %cgiparams;\r | |
94 | &General::log($Lang::tr{'dmz pinhole rule added'});\r | |
95 | system('/usr/local/bin/setdmzholes');\r | |
96 | }\r | |
97 | }\r | |
98 | if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})\r | |
99 | {\r | |
100 | my $id = 0;\r | |
101 | open(FILE, ">$filename") or die 'Unable to open config file.';\r | |
102 | flock FILE, 2;\r | |
103 | foreach my $line (@current)\r | |
104 | {\r | |
105 | $id++;\r | |
106 | unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }\r | |
107 | }\r | |
108 | close(FILE);\r | |
109 | system('/usr/local/bin/setdmzholes');\r | |
110 | &General::log($Lang::tr{'dmz pinhole rule removed'});\r | |
111 | }\r | |
112 | if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})\r | |
113 | {\r | |
114 | my $id = 0;\r | |
115 | open(FILE, ">$filename") or die 'Unable to open config file.';\r | |
116 | flock FILE, 2;\r | |
117 | foreach my $line (@current)\r | |
118 | {\r | |
119 | $id++;\r | |
120 | unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }\r | |
121 | else\r | |
122 | {\r | |
123 | chomp($line);\r | |
124 | my @temp = split(/\,/,$line);\r | |
125 | print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$cgiparams{'ENABLE'},$temp[5],$temp[6],$temp[7]\n";\r | |
126 | }\r | |
127 | }\r | |
128 | close(FILE);\r | |
129 | system('/usr/local/bin/setdmzholes');\r | |
130 | }\r | |
131 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})\r | |
132 | {\r | |
133 | my $id = 0;\r | |
134 | foreach my $line (@current)\r | |
135 | {\r | |
136 | $id++;\r | |
137 | if ($cgiparams{'ID'} eq $id)\r | |
138 | {\r | |
139 | chomp($line);\r | |
140 | my @temp = split(/\,/,$line);\r | |
141 | $cgiparams{'PROTOCOL'} = $temp[0];\r | |
142 | $cgiparams{'SRC_IP'} = $temp[1];\r | |
143 | $cgiparams{'DEST_IP'} = $temp[2];\r | |
144 | $cgiparams{'DEST_PORT'} = $temp[3];\r | |
145 | $cgiparams{'ENABLED'} = $temp[4];\r | |
146 | $cgiparams{'SRC_NET'} = $temp[5];\r | |
147 | $cgiparams{'DEST_NET'} = $temp[6];\r | |
148 | $cgiparams{'REMARK'} = $temp[7];\r | |
149 | }\r | |
150 | }\r | |
151 | }\r | |
152 | \r | |
153 | if ($cgiparams{'ACTION'} eq '')\r | |
154 | {\r | |
155 | $cgiparams{'PROTOCOL'} = 'tcp';\r | |
156 | $cgiparams{'ENABLED'} = 'on';\r | |
157 | $cgiparams{'SRC_NET'} = 'orange';\r | |
158 | $cgiparams{'DEST_NET'} = 'blue';\r | |
159 | }\r | |
160 | \r | |
161 | $selected{'PROTOCOL'}{'udp'} = '';\r | |
162 | $selected{'PROTOCOL'}{'tcp'} = '';\r | |
163 | $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'";\r | |
164 | \r | |
165 | $selected{'SRC_NET'}{'orange'} = '';\r | |
166 | $selected{'SRC_NET'}{'blue'} = '';\r | |
167 | $selected{'SRC_NET'}{$cgiparams{'SRC_NET'}} = "selected='selected'";\r | |
168 | \r | |
169 | $selected{'DEST_NET'}{'blue'} = '';\r | |
170 | $selected{'DEST_NET'}{'green'} = '';\r | |
171 | $selected{'DEST_NET'}{$cgiparams{'DEST_NET'}} = "selected='selected'";\r | |
172 | \r | |
173 | $checked{'ENABLED'}{'off'} = '';\r | |
174 | $checked{'ENABLED'}{'on'} = '';\r | |
175 | $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";\r | |
176 | \r | |
177 | &Header::openpage($Lang::tr{'dmz pinhole configuration'}, 1, '');\r | |
178 | \r | |
179 | &Header::openbigbox('100%', 'left', '', $errormessage);\r | |
180 | \r | |
181 | if ($errormessage) {\r | |
182 | &Header::openbox('100%', 'left', $Lang::tr{'error messages'});\r | |
183 | print "<class name='base'>$errormessage\n";\r | |
184 | print " </class>\n";\r | |
185 | &Header::closebox();\r | |
186 | }\r | |
187 | \r | |
188 | print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";\r | |
189 | \r | |
190 | my $buttonText = $Lang::tr{'add'};\r | |
191 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {\r | |
192 | &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'});\r | |
193 | $buttonText = $Lang::tr{'update'};\r | |
194 | } else {\r | |
195 | &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'});\r | |
196 | }\r | |
197 | print <<END\r | |
198 | <table width='100%'>\r | |
199 | <tr>\r | |
200 | <td>\r | |
201 | <select name='PROTOCOL'>\r | |
202 | <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>\r | |
203 | <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option>\r | |
204 | </select>\r | |
205 | </td>\r | |
206 | <td>\r | |
207 | $Lang::tr{'source net'}:</td>\r | |
208 | <td>\r | |
209 | <select name='SRC_NET'>\r | |
210 | END\r | |
211 | ;\r | |
212 | if (&haveOrangeNet()) {\r | |
213 | print "<option value='orange' $selected{'SRC_NET'}{'orange'}>$Lang::tr{'orange'}</option>";\r | |
214 | }\r | |
215 | if (&haveBlueNet()) {\r | |
216 | print "<option value='blue' $selected{'SRC_NET'}{'blue'}>$Lang::tr{'blue'}</option>";\r | |
217 | }\r | |
218 | print <<END\r | |
219 | </select>\r | |
220 | </td>\r | |
221 | <td class='base'>$Lang::tr{'source ip or net'}:</td>\r | |
222 | <td><input type='text' name='SRC_IP' value='$cgiparams{'SRC_IP'}' size='15' /></td>\r | |
223 | </tr>\r | |
224 | <tr>\r | |
225 | <td>\r | |
226 | </td>\r | |
227 | <td>\r | |
228 | $Lang::tr{'destination net'}:</td>\r | |
229 | <td>\r | |
230 | <select name='DEST_NET'>\r | |
231 | END\r | |
232 | ;\r | |
233 | if (&haveOrangeNet() && &haveBlueNet()) {\r | |
234 | print "<option value='blue' $selected{'DEST_NET'}{'blue'}>$Lang::tr{'blue'}</option>";\r | |
235 | }\r | |
236 | \r | |
237 | print <<END\r | |
238 | <option value='green' $selected{'DEST_NET'}{'green'}>$Lang::tr{'green'}</option>\r | |
239 | </select>\r | |
240 | </td>\r | |
241 | <td class='base'>\r | |
242 | $Lang::tr{'destination ip or net'}:</td>\r | |
243 | <td>\r | |
244 | <input type='text' name='DEST_IP' value='$cgiparams{'DEST_IP'}' size='15' />\r | |
245 | </td>\r | |
246 | <td class='base'>\r | |
247 | $Lang::tr{'destination port'}: \r | |
248 | <input type='text' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' />\r | |
249 | </td>\r | |
250 | </tr>\r | |
251 | </table>\r | |
252 | <table width='100%'>\r | |
253 | <tr>\r | |
254 | <td colspan='3' width='50%' class='base'>\r | |
255 | <font class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></font>\r | |
256 | <input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' />\r | |
257 | </td>\r | |
258 | </tr>\r | |
259 | <tr>\r | |
260 | <td class='base' width='50%'>\r | |
261 | <img src='/blob.gif' alt ='*' align='top' /> \r | |
262 | <font class='base'>$Lang::tr{'this field may be blank'}</font>\r | |
263 | </td>\r | |
264 | <td class='base' width='25%' align='center'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\r | |
265 | <td width='25%' align='center'>\r | |
266 | <input type='hidden' name='ACTION' value='$Lang::tr{'add'}' />\r | |
267 | <input type='submit' name='SUBMIT' value='$buttonText' />\r | |
268 | </td>\r | |
269 | </tr>\r | |
270 | </table>\r | |
271 | END\r | |
272 | ;\r | |
273 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {\r | |
274 | print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n";\r | |
275 | } else {\r | |
276 | print "<input type='hidden' name='EDITING' value='no' />\n";\r | |
277 | }\r | |
278 | &Header::closebox();\r | |
279 | print "</form>\n";\r | |
280 | \r | |
281 | &Header::openbox('100%', 'left', $Lang::tr{'current rules'});\r | |
282 | print <<END\r | |
283 | <table width='100%'>\r | |
284 | <tr>\r | |
285 | <td width='7%' class='boldbase' align='center'><b>$Lang::tr{'proto'}</b></td>\r | |
286 | <td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>\r | |
287 | <td width='25%' class='boldbase' align='center'><b>$Lang::tr{'source'}</b></td>\r | |
288 | <td width='2%' class='boldbase' align='center'> </td>\r | |
289 | <td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>\r | |
290 | <td width='25%' class='boldbase' align='center'><b>$Lang::tr{'destination'}</b></td>\r | |
291 | <td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>\r | |
292 | <td width='1%' class='boldbase' align='center'> </td>\r | |
293 | <td width='4%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>\r | |
294 | END\r | |
295 | ;\r | |
296 | \r | |
297 | # Achim Weber: if i add a new rule, this rule is not displayed?!?\r | |
298 | # we re-read always config.\r | |
299 | # If something has happeened re-read config\r | |
300 | #if($cgiparams{'ACTION'} ne '')\r | |
301 | #{\r | |
302 | open(FILE, $filename) or die 'Unable to open config file.';\r | |
303 | @current = <FILE>;\r | |
304 | close(FILE);\r | |
305 | #}\r | |
306 | my $id = 0;\r | |
307 | foreach my $line (@current)\r | |
308 | {\r | |
309 | my $protocol='';\r | |
310 | my $gif='';\r | |
311 | my $toggle='';\r | |
312 | my $gdesc='';\r | |
313 | $id++;\r | |
314 | chomp($line);\r | |
315 | my @temp = split(/\,/,$line);\r | |
316 | if ($temp[0] eq 'udp') { $protocol = 'UDP'; } else { $protocol = 'TCP' }\r | |
317 | \r | |
318 | my $srcnetcolor = ($temp[5] eq 'blue')? ${Header::colourblue} : ${Header::colourorange};\r | |
319 | my $destnetcolor = ($temp[6] eq 'blue')? ${Header::colourblue} : ${Header::colourgreen};\r | |
320 | \r | |
321 | if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {\r | |
322 | print "<tr bgcolor='${Header::colouryellow}'>\n"; }\r | |
323 | elsif ($id % 2) {\r | |
324 | print "<tr bgcolor='${Header::table1colour}'>\n"; }\r | |
325 | else {\r | |
326 | print "<tr bgcolor='${Header::table2colour}'>\n"; }\r | |
327 | if ($temp[4] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};}\r | |
328 | else { $gif = 'off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; }\r | |
329 | \r | |
330 | # Darren Critchley - Get Port Service Name if we can - code borrowed from firewalllog.dat\r | |
331 | my $dstprt =$temp[3];\r | |
332 | $_=$temp[3];\r | |
333 | if (/^\d+$/) {\r | |
334 | my $servi = uc(getservbyport($temp[3], lc($temp[0])));\r | |
335 | if ($servi ne '' && $temp[3] < 1024) {\r | |
336 | $dstprt = "$dstprt($servi)"; }\r | |
337 | }\r | |
338 | # Darren Critchley - If the line is too long, wrap the port numbers\r | |
339 | my $dstaddr = "$temp[2] : $dstprt";\r | |
340 | if (length($dstaddr) > 26) {\r | |
341 | $dstaddr = "$temp[2] :<br /> $dstprt";\r | |
342 | }\r | |
343 | print <<END\r | |
344 | <td align='center'>$protocol</td>\r | |
345 | <td bgcolor='$srcnetcolor'></td>\r | |
346 | <td align='center'>$temp[1]</td>\r | |
347 | <td align='center'><img src='/images/forward.gif' /></td>\r | |
348 | <td bgcolor='$destnetcolor'></td>\r | |
349 | <td align='center'>$dstaddr</td>\r | |
350 | <td align='center'>$temp[7]</td>\r | |
351 | \r | |
352 | <td align='center'>\r | |
353 | <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>\r | |
354 | <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' />\r | |
355 | <input type='hidden' name='ID' value='$id' />\r | |
356 | <input type='hidden' name='ENABLE' value='$toggle' />\r | |
357 | <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />\r | |
358 | </form>\r | |
359 | </td>\r | |
360 | \r | |
361 | <td align='center'>\r | |
362 | <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>\r | |
363 | <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' />\r | |
364 | <input type='hidden' name='ID' value='$id' />\r | |
365 | <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />\r | |
366 | </form>\r | |
367 | </td>\r | |
368 | \r | |
369 | <td align='center'>\r | |
370 | <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>\r | |
371 | <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' />\r | |
372 | <input type='hidden' name='ID' value='$id' />\r | |
373 | <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />\r | |
374 | </form>\r | |
375 | </td>\r | |
376 | \r | |
377 | </tr>\r | |
378 | END\r | |
379 | ;\r | |
380 | }\r | |
381 | print "</table>\n";\r | |
382 | \r | |
383 | # If the fixed lease file contains entries, print Key to action icons\r | |
384 | if ( ! -z "$filename") {\r | |
385 | print <<END\r | |
386 | <table>\r | |
387 | <tr>\r | |
388 | <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>\r | |
389 | <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>\r | |
390 | <td class='base'>$Lang::tr{'click to disable'}</td>\r | |
391 | <td> <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>\r | |
392 | <td class='base'>$Lang::tr{'click to enable'}</td>\r | |
393 | <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>\r | |
394 | <td class='base'>$Lang::tr{'edit'}</td>\r | |
395 | <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>\r | |
396 | <td class='base'>$Lang::tr{'remove'}</td>\r | |
397 | </tr>\r | |
398 | </table>\r | |
399 | END\r | |
400 | ;\r | |
401 | }\r | |
402 | \r | |
403 | &Header::closebox();\r | |
404 | \r | |
405 | &Header::closebigbox();\r | |
406 | \r | |
407 | &Header::closepage();\r | |
408 | \r | |
409 | sub validNet\r | |
410 | {\r | |
411 | my $srcNet = $_[0];\r | |
412 | my $destNet = $_[1];\r | |
413 | \r | |
414 | if ($srcNet eq $destNet) {\r | |
415 | return $Lang::tr{'dmzpinholes for same net not necessary'}; }\r | |
416 | unless ($srcNet =~ /^(blue|orange)$/) {\r | |
417 | return $Lang::tr{'select source net'}; }\r | |
418 | unless ($destNet =~ /^(blue|green)$/) {\r | |
419 | return $Lang::tr{'select dest net'}; }\r | |
420 | \r | |
421 | return '';\r | |
422 | }\r | |
423 | \r | |
424 | sub haveOrangeNet\r | |
425 | {\r | |
426 | if ($netsettings{'CONFIG_TYPE'} == 1) {return 1;}\r | |
427 | if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}\r | |
428 | if ($netsettings{'CONFIG_TYPE'} == 5) {return 1;}\r | |
429 | if ($netsettings{'CONFIG_TYPE'} == 7) {return 1;}\r | |
430 | return 0;\r | |
431 | }\r | |
432 | \r | |
433 | sub haveBlueNet\r | |
434 | {\r | |
435 | if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}\r | |
436 | if ($netsettings{'CONFIG_TYPE'} == 5) {return 1;}\r | |
437 | if ($netsettings{'CONFIG_TYPE'} == 6) {return 1;}\r | |
438 | if ($netsettings{'CONFIG_TYPE'} == 7) {return 1;}\r | |
439 | return 0;\r | |
440 | }\r |