From: ms Date: Sat, 16 Feb 2008 09:22:09 +0000 (+0000) Subject: Removed a lot of the old files... X-Git-Tag: v3.0-alpha1~1100 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1f969d756a2e03d2132fee99b705aa3f687b093;p=ipfire-3.x.git Removed a lot of the old files... git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@1212 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 --- diff --git a/config/cfgroot/advoptions-list b/config/cfgroot/advoptions-list deleted file mode 100644 index 8a1e75ebb..000000000 --- a/config/cfgroot/advoptions-list +++ /dev/null @@ -1,56 +0,0 @@ -option all-subnets-local flag; -option arp-cache-timeout uint32; -option bootfile-name string; -option boot-size uint16; -option broadcast-address ip-address; -option cookie-servers ip-address [, ip-address... ]; -option default-ip-ttl uint8; -option default-tcp-ttl uint8; -option dhcp-client-identifier data-string; -option finger-server ip-address [, ip-address... ]; -option font-servers ip-address [, ip-address... ]; -option host-name string; -option ieee802-3-encapsulation flag; -option ien116-name-servers ip-address [, ip-address... ]; -option impress-servers ip-address [, ip-address... ]; -option interface-mtu uint16; -option ip-forwarding flag; -option irc-server ip-address [, ip-address... ]; -option log-servers ip-address [, ip-address... ]; -option lpr-servers ip-address [, ip-address... ]; -option mask-supplier flag; -option max-dgram-reassembly uint16; -option merit-dump string; -option mobile-ip-home-agent ip-address [, ip-address... ]; -option netbios-dd-server ip-address [, ip-address... ]; -option netbios-node-type uint8; -option netbios-scope string; -option nis-domain string; -option nisplus-domain string; -option nisplus-servers ip-address [, ip-address... ]; -option nis-servers ip-address [, ip-address... ]; -option nntp-server ip-address [, ip-address... ]; -option non-local-source-routing flag; -option ntp-servers ip-address [, ip-address... ]; -option path-mtu-aging-timeout uint32; -option path-mtu-plateau-table uint16 [, uint16... ]; -option perform-mask-discovery flag; -option policy-filter ip-address ip-address [, ip-address ip-address... ]; -option pop-server ip-address [, ip-address... ]; -option resource-location-servers ip-address [, ip-address... ]; -option root-path string; -option router-discovery flag; -option router-solicitation-address ip-address; -option smtp-server ip-address [, ip-address... ]; -option static-routes ip-address ip-address [, ip-address ip-address... ]; -option streettalk-directory-assistance-server ip-address [, ip-address... ]; -option streettalk-server ip-address [, ip-address... ]; -option swap-server ip-address; -option tcp-keepalive-garbage flag; -option tcp-keepalive-interval uint32; -option tftp-server-name string; -option time-offset int32; -option time-servers ip-address [, ip-address... ]; -option trailer-encapsulation flag; -option www-server ip-address [, ip-address... ]; -option x-display-manager ip-address [, ip-address... ]; diff --git a/config/cfgroot/connscheduler-lib.pl b/config/cfgroot/connscheduler-lib.pl deleted file mode 100644 index f9e4e5466..000000000 --- a/config/cfgroot/connscheduler-lib.pl +++ /dev/null @@ -1,77 +0,0 @@ -#!/usr/bin/perl -# -# Library file for Connection Scheduler AddOn -# -# This code is distributed under the terms of the GPL -# - -package CONNSCHED; - -$CONNSCHED::maxprofiles = 5; - -@CONNSCHED::weekdays = ( 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat', 'Sun' ); -@CONNSCHED::weekdays_pr = ( 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'sunday' ); - -%CONNSCHED::config; -$CONNSCHED::configfile = "/var/ipfire/connscheduler/connscheduler.conf"; -&ReadConfig; - - -1; - -# -# load the configuration file -# -sub ReadConfig -{ - # datafileformat: - # active,action,profilenr,time,daystype,days,weekdays,,comment - - @CONNSCHED::config = (); - - my @tmpfile = (); - if ( open(FILE, "$configfile") ) - { - @tmpfile = ; - close (FILE); - } - - foreach $line ( @tmpfile ) - { - chomp($line); # remove newline - my @temp = split(/\,/,$line,9); - if ( ($temp[0] ne 'on') && ($temp[0] ne 'off') ) { next; } - - my $weekdays_pr = ''; - for (my $i = 0; $i < 7; $i++) - { - if ( index($temp[6], $CONNSCHED::weekdays[$i]) != -1 ) - { - $weekdays_pr .= "$Lang::tr{$CONNSCHED::weekdays_pr[$i]} "; - } - } - - push @CONNSCHED::config, { ACTIVE => $temp[0], ACTION => $temp[1], PROFILENR => $temp[2], TIME => $temp[3], - DAYSTYPE => $temp[4], DAYS => $temp[5], WEEKDAYS => $temp[6], WEEKDAYS_PR => $weekdays_pr, COMMENT => $temp[8] }; - } -} - -# -# write the configuration file -# -sub WriteConfig -{ - open(FILE, ">$configfile") or die 'hosts datafile error'; - - for my $i ( 0 .. $#CONNSCHED::config ) - { - if ( ($CONNSCHED::config[$i]{'ACTIVE'} ne 'on') && ($CONNSCHED::config[$i]{'ACTIVE'} ne 'off') ) { next; } - - print FILE "$CONNSCHED::config[$i]{'ACTIVE'},$CONNSCHED::config[$i]{'ACTION'},$CONNSCHED::config[$i]{'PROFILENR'},"; - print FILE "$CONNSCHED::config[$i]{'TIME'},$CONNSCHED::config[$i]{'DAYSTYPE'},"; - print FILE "$CONNSCHED::config[$i]{'DAYS'},$CONNSCHED::config[$i]{'WEEKDAYS'},,$CONNSCHED::config[$i]{'COMMENT'}\n"; - } - close FILE; - - &ReadConfig(); -} diff --git a/config/cfgroot/connscheduler.conf b/config/cfgroot/connscheduler.conf deleted file mode 100644 index 9bcf1955d..000000000 --- a/config/cfgroot/connscheduler.conf +++ /dev/null @@ -1 +0,0 @@ -on,reconnect,,05:00,weekdays,,Mon Tue Wed Thu Fri Sat Sun ,,MorningReconnect diff --git a/config/cfgroot/countries.pl b/config/cfgroot/countries.pl deleted file mode 100644 index 8e32316ff..000000000 --- a/config/cfgroot/countries.pl +++ /dev/null @@ -1,250 +0,0 @@ -package Countries; - -%countries = ( -'Afghanistan' => 'AF', -'Albania' => 'AL', -'Algeria' => 'DZ', -'American Samoa' => 'AS', -'Andorra' => 'AD', -'Angola' => 'AO', -'Anguilla' => 'AI', -'Antarctica' => 'AQ', -'Antigua and Barbuda' => 'AG', -'Argentina' => 'AR', -'Armenia' => 'AM', -'Aruba' => 'AW', -'Australia' => 'AU', -'Austria' => 'AT', -'Azerbaijan' => 'AZ', -'Bahamas' => 'BS', -'Bahrain' => 'BH', -'Bangladesh' => 'BD', -'Barbados' => 'BB', -'Belarus' => 'BY', -'Belgium' => 'BE', -'Belize' => 'BZ', -'Benin' => 'BJ', -'Bermuda' => 'BM', -'Bhutan' => 'BT', -'Bolivia' => 'BO', -'Bosnia and Herzegovina' => 'BA', -'Botswana' => 'BW', -'Bouvet Island' => 'BV', -'Brazil' => 'BR', -'British Indian Ocean Territory' => 'IO', -'Brunei Darussalam' => 'BN', -'Bulgaria' => 'BG', -'Burkina Faso' => 'BF', -'Burundi' => 'BI', -'Cambodia' => 'KH', -'Cameroon' => 'CM', -'Canada' => 'CA', -'Cape Verde' => 'CV', -'Cayman Islands' => 'KY', -'Central African Republic' => 'CF', -'Chad' => 'TD', -'Chile' => 'CL', -'China' => 'CN', -'Christmas Island' => 'CX', -'Cocos (Keeling) Islands' => 'CC', -'Colombia' => 'CO', -'Comoros' => 'KM', -'Congo' => 'CG', -'Cook Islands' => 'CK', -'Costa Rica' => 'CR', -'Cote D\'Ivoire (Ivory Coast)' => 'CI', -'Croatia (Hrvatska)' => 'HR', -'Cuba' => 'CU', -'Cyprus' => 'CY', -'Czech Republic' => 'CZ', -'Czechoslovakia (former)' => 'CS', -'Denmark' => 'DK', -'Djibouti' => 'DJ', -'Dominica' => 'DM', -'Dominican Republic' => 'DO', -'East Timor' => 'TP', -'Ecuador' => 'EC', -'Egypt' => 'EG', -'El Salvador' => 'SV', -'Equatorial Guinea' => 'GQ', -'Eritrea' => 'ER', -'Estonia' => 'EE', -'Ethiopia' => 'ET', -'Falkland Islands (Malvinas)' => 'FK', -'Faroe Islands' => 'FO', -'Fiji' => 'FJ', -'Finland' => 'FI', -'France' => 'FR', -'France, Metropolitan' => 'FX', -'French Guiana' => 'GF', -'French Polynesia' => 'PF', -'French Southern Territories' => 'TF', -'Gabon' => 'GA', -'Gambia' => 'GM', -'Georgia' => 'GE', -'Germany' => 'DE', -'Ghana' => 'GH', -'Gibraltar' => 'GI', -'Great Britain (UK)' => 'GB', -'Greece' => 'GR', -'Greenland' => 'GL', -'Grenada' => 'GD', -'Guadeloupe' => 'GP', -'Guam' => 'GU', -'Guatemala' => 'GT', -'Guinea' => 'GN', -'Guinea-Bissau' => 'GW', -'Guyana' => 'GY', -'Haiti' => 'HT', -'Heard and McDonald Islands' => 'HM', -'Honduras' => 'HN', -'Hong Kong' => 'HK', -'Hungary' => 'HU', -'Iceland' => 'IS', -'India' => 'IN', -'Indonesia' => 'ID', -'Iran' => 'IR', -'Iraq' => 'IQ', -'Ireland' => 'IE', -'Israel' => 'IL', -'Italy' => 'IT', -'Jamaica' => 'JM', -'Japan' => 'JP', -'Jordan' => 'JO', -'Kazakhstan' => 'KZ', -'Kenya' => 'KE', -'Kiribati' => 'KI', -'Korea (North)' => 'KP', -'Korea (South)' => 'KR', -'Kuwait' => 'KW', -'Kyrgyzstan' => 'KG', -'Laos' => 'LA', -'Latvia' => 'LV', -'Lebanon' => 'LB', -'Lesotho' => 'LS', -'Liberia' => 'LR', -'Libya' => 'LY', -'Liechtenstein' => 'LI', -'Lithuania' => 'LT', -'Luxembourg' => 'LU', -'Macau' => 'MO', -'Macedonia' => 'MK', -'Madagascar' => 'MG', -'Malawi' => 'MW', -'Malaysia' => 'MY', -'Maldives' => 'MV', -'Mali' => 'ML', -'Malta' => 'MT', -'Marshall Islands' => 'MH', -'Martinique' => 'MQ', -'Mauritania' => 'MR', -'Mauritius' => 'MU', -'Mayotte' => 'YT', -'Mexico' => 'MX', -'Micronesia' => 'FM', -'Moldova' => 'MD', -'Monaco' => 'MC', -'Mongolia' => 'MN', -'Montserrat' => 'MS', -'Morocco' => 'MA', -'Mozambique' => 'MZ', -'Myanmar' => 'MM', -'Namibia' => 'NA', -'Nauru' => 'NR', -'Nepal' => 'NP', -'Netherlands Antilles' => 'AN', -'Netherlands' => 'NL', -'Neutral Zone' => 'NT', -'New Caledonia' => 'NC', -'New Zealand (Aotearoa)' => 'NZ', -'Nicaragua' => 'NI', -'Niger' => 'NE', -'Nigeria' => 'NG', -'Niue' => 'NU', -'Norfolk Island' => 'NF', -'Northern Mariana Islands' => 'MP', -'Norway' => 'NO', -'Oman' => 'OM', -'Pakistan' => 'PK', -'Palau' => 'PW', -'Panama' => 'PA', -'Papua New Guinea' => 'PG', -'Paraguay' => 'PY', -'Peru' => 'PE', -'Philippines' => 'PH', -'Pitcairn' => 'PN', -'Poland' => 'PL', -'Portugal' => 'PT', -'Puerto Rico' => 'PR', -'Qatar' => 'QA', -'Reunion' => 'RE', -'Romania' => 'RO', -'Russian Federation' => 'RU', -'Rwanda' => 'RW', -'S. Georgia and S. Sandwich Isls.' => 'GS', -'Saint Kitts and Nevis' => 'KN', -'Saint Lucia' => 'LC', -'Saint Vincent and the Grenadines' => 'VC', -'Samoa' => 'WS', -'San Marino' => 'SM', -'Sao Tome and Principe' => 'ST', -'Saudi Arabia' => 'SA', -'Senegal' => 'SN', -'Seychelles' => 'SC', -'Sierra Leone' => 'SL', -'Singapore' => 'SG', -'Slovak Republic' => 'SK', -'Slovenia' => 'SI', -'Solomon Islands' => 'Sb', -'Somalia' => 'SO', -'South Africa' => 'ZA', -'Spain' => 'ES', -'Sri Lanka' => 'LK', -'St. Helena' => 'SH', -'St. Pierre and Miquelon' => 'PM', -'Sudan' => 'SD', -'Suriname' => 'SR', -'Svalbard and Jan Mayen Islands' => 'SJ', -'Swaziland' => 'SZ', -'Sweden' => 'SE', -'Switzerland' => 'CH', -'Syria' => 'SY', -'Taiwan' => 'TW', -'Tajikistan' => 'TJ', -'Tanzania' => 'TZ', -'Thailand' => 'TH', -'Togo' => 'TG', -'Tokelau' => 'TK', -'Tonga' => 'TO', -'Trinidad and Tobago' => 'TT', -'Tunisia' => 'TN', -'Turkey' => 'TR', -'Turkmenistan' => 'TM', -'Turks and Caicos Islands' => 'TC', -'Tuvalu' => 'TV', -'US Minor Outlying Islands' => 'UM', -'USSR (former)' => 'SU', -'Uganda' => 'UG', -'Ukraine' => 'UA', -'United Arab Emirates' => 'AE', -'United Kingdom' => 'UK', -'United States' => 'US', -'Uruguay' => 'UY', -'Uzbekistan' => 'UZ', -'Vanuatu' => 'VU', -'Vatican City State (Holy See)' => 'VA', -'Venezuela' => 'VE', -'Viet Nam' => 'VN', -'Virgin Islands (British)' => 'VG', -'Virgin Islands (U.S.)' => 'VI', -'Wallis and Futuna Islands' => 'WF', -'Western Sahara' => 'EH', -'Yemen' => 'YE', -'Yugoslavia' => 'YU', -'Zaire' => 'ZR', -'Zambia' => 'ZM', -'Zimbabwe' => 'ZW', -); - -1; - diff --git a/config/cfgroot/defaultservices b/config/cfgroot/defaultservices deleted file mode 100644 index 7c20beb8f..000000000 --- a/config/cfgroot/defaultservices +++ /dev/null @@ -1,249 +0,0 @@ -acap,674,tcpudp -afbackup,2988,tcpudp -afpovertcp,548,tcpudp -afs3-bos,7007,tcpudp -afs3-callback,7001,tcpudp -afs3-errors,7006,tcpudp -afs3-fileserver,7000,tcpudp -afs3-kaserver,7004,tcpudp -afs3-prserver,7002,tcpudp -afs3-rmtsys,7009,tcpudp -afs3-update,7008,tcpudp -afs3-vlserver,7003,tcpudp -afs3-volser,7005,tcpudp -amanda,10080,tcpudp -amandaidx,10082,tcp -amidxtape,10083,tcp -asp,27374,tcpudp -at-echo,204,tcpudp -at-nbp,202,tcpudp -at-rtmp,201,tcpudp -at-zis,206,tcpudp -auth,113,tcpudp -bgp,179,tcpudp -biff,512,udp -binkp,24554,tcpudp -bootpc,68,tcpudp -bootps,67,tcpudp -canna,5680,tcp -cfengine,5308,tcpudp -cfinger,2003,tcp -chargen,19,tcpudp -cmip-agent,164,tcpudp -cmip-man,163,tcpudp -codaauth2,370,tcpudp -codasrv,2432,tcpudp -codasrv-se,2433,tcpudp -conference,531,tcp -corbaloc,2809,tcp -courier,530,tcp -csnet-ns,105,tcpudp -cvspserver,2401,tcpudp -cvsup,5999,tcpudp -datametrics,1645,tcpudp -daytime,13,tcpudp -dhcpv6-client,546,tcpudp -dhcpv6-server,547,tcpudp -discard,9,tcpudp -domain,53,tcpudp -echo,4,ddp -echo,7,tcpudp -efs,520,tcp -eklogin,2105,tcp -exec,512,tcp -fax,4557,tcp -fido,60179,tcpudp -finger,79,tcpudp -fsp,21,udp -ftp,21,tcpudp -ftp-data,20,tcpudp -gdomap,538,tcpudp -gdp-port,1997,tcpudp -gii,616,tcp -gopher,70,tcpudp -gss-http,488,tcpudp -h323callsigalt,11720,tcpudp -h323gatedisc,1718,tcpudp -h323gatestat,1719,tcpudp -h323hostcall,1720,tcpudp -h323hostcallsc,1300,tcpudp -ha-cluster,694,tcpudp -hello,1789,tcpudp -hmmp-ind,612,tcpudp -hostmon,5355,tcpudp -hostname,101,tcpudp -hsrp,1985,tcpudp -http,80,tcpudp -http-alt,8008,tcpudp -https,443,tcpudp -hylafax,4559,tcp -ica,1494,tcpudp -icpv2,3130,tcpudp -iiop,535,tcpudp -imap,143,tcpudp -imap3,220,tcpudp -imaps,993,tcpudp -ingreslock,1524,tcpudp -ipx,213,tcpudp -irc,194,tcpudp -ircd,6667,tcpudp -ircs,994,tcpudp -isakmp,500,tcpudp -isdnlog,20011,tcpudp -iso-tsap,102,tcp -jetdirect,9100,tcp -kamanda,10081,tcpudp -kerberos,88,tcpudp -kerberos-adm,749,tcp -kerberos-iv,750,udptcp -kerberos_master,751,udptcp -kermit,1649,tcpudp -klogin,543,tcp -knetd,2053,tcp -kpasswd,464,tcpudp -kpop,1109,tcp -krb524,4444,tcpudp -krb5_prop,754,tcp -krbupdate,760,tcp -kshell,544,tcp -l2tp,1701,tcpudp -ldap,389,tcpudp -ldaps,636,tcpudp -licensedaemon,1986,tcpudp -link,245,tcpucp -linuxconf,98,tcp -login,513,tcp -mailq,174,tcpudp -mandelspawn,9359,udp -microsoft-ds,445,tcpudp -mobileip-agent,434,tcpudp -mobilip-mn,435,tcpudp -ms-sql-m,1434,tcpudp -ms-sql-s,1433,tcpudp -msp,18,tcpudp -mtp,1911,tcpudp -mysql,3306,tcpudp -nameserver,42,tcpudp -nbp,2,ddp -netbios-dgm,138,tcpudp -netbios-ns,137,tcpudp -netbios-ssn,139,tcpudp -netnews,532,tcp -netrjs-1,71,tcpudp -netrjs-2,72,tcpudp -netrjs-3,73,tcpudp -netrjs-4,74,tcpudp -netstat,15,tcp -netwall,533,udp -nextstep,178,tcpudp -nfs,2049,tcpudp -nicname,43,tcpudp -ninstall,2150,tcpudp -nntp,119,tcpudp -nntps,563,tcpudp -noclog,5354,tcpudp -npmp-gui,611,tcpudp -npmp-local,610,tcpudp -ntalk,518,udp -ntp,123,tcpudp -omirr,808,tcpudp -passwd_server,752,udp -pgpkeyserver,11371,tcpudp -phonebook,767,tcpudp -photuris,468,tcpudp -pim-rp-disc,496,tcpudp -pop2,109,tcpudp -pop3,110,tcpudp -pop3s,995,tcpudp -poppassd,106,tcpudp -postgres,5432,tcpudp -printer,515,tcpudp -prospero,191,tcpudp -prospero-np,1525,tcpudp -prsvp,3455,tcpudp -qmtp,209,tcpudp -qotd,17,tcpudp -quake,26000,tcpudp -radius,1812,tcpudp -radius-acct,1813,tcpudp -re-mail-ck,50,tcpudp -remotefs,556,tcp -rfe,5002,tcpudp -ripng,521,tcpudp -rje,5,tcpudp -rlp,39,tcpudp -rmtcfg,1236,tcp -rndc,953,tcpudp -router,520,udp -rpc2portmap,369,tcpudp -rsvp_tunnel,363,tcpudp -rsync,873,tcpudp -rtelnet,107,tcpudp -rtmp,1,ddp -rtsp,554,tcpudp -rwhois,4321,tcpudp -sa-msg-port,1646,tcpudp -saft,487,tcpudp -sd,9876,tcpudp -sftp,115,tcpudp -sgi-dgl,5232,tcpudp -shell,514,tcp -skkserv,1178,tcp -smtp,25,tcpudp -smtps,465,tcp -smux,199,tcpudp -snmp,161,tcpudp -snmptrap,162,udp -snpp,444,tcpudp -socks,1080,tcpudp -squid,3128,tcp -ssh,22,tcpudp -submission,587,tcpudp -sunrpc,111,tcpudp -supdup,95,tcpudp -supfiledbg,1127,tcp -supfilesrv,871,tcp -support,1529,tcp -svrloc,427,tcpudp -swat,901,tcp -syslog,514,udp -systat,11,tcpudp -tacacs,49,tcpudp -talk,517,udp -tcpmux,1,tcpudp -telnet,23,tcpudp -telnets,992,tcpudp -tempo,526,tcp -tfido,60177,tcpudp -tftp,69,tcpudp -tftp-mcast,1758,tcpudp -time,37,tcpudp -timed,525,tcpudp -tircproxy,7666,tcp -tproxy,8081,tcpudp -traceroute,33434,tcpudp -trnsprntproxy,3346,tcpudp -ulistproc,372,tcpudp -utime,519,tcpudp -uucp,540,tcp -uucp-path,117,tcpudp -vboxd,20012,tcpudp -venus,2430,tcpudp -venus-se,2431,tcpudp -webcache,8080,tcpudp -webster,765,tcpudp -who,513,udp -whoami,565,tcpudp -whois++,63,tcpudp -wins,1512,tcpudp -wnn6-ds,26208,tcpudp -x11,6000,tcp -x11-ssh-offset,6010,tcp -xdmcp,177,tcpudp -xfs,7100,tcp -xtel,1313,tcp -z39.50,210,tcpudp -zephyr-clt,2103,tcpudp -zephyr-hm,2104,tcpudp -zephyr-srv,2102,tcpudp -zip,6,ddp diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl deleted file mode 100644 index a5862e8d0..000000000 --- a/config/cfgroot/general-functions.pl +++ /dev/null @@ -1,649 +0,0 @@ -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The SmoothWall Team -# Copyright (C) 2002 Alex Hudson - getcgihash() rewrite -# Copyright (C) 2002 Bob Grant - validmac() -# Copyright (c) 2002/04/13 Steve Bootes - add alias section, helper functions -# Copyright (c) 2002/08/23 Mark Wormgoor validfqdn() -# Copyright (c) 2003/09/11 Darren Critchley srtarray() -# -# $Id: general-functions.pl,v 1.1.2.26 2006/01/04 16:33:55 franck78 Exp $ -# - -package General; - -use strict; -use Socket; -use IO::Socket; -use Net::SSLeay; - -$|=1; # line buffering - -$General::version = 'VERSION'; -$General::swroot = 'CONFIG_ROOT'; -$General::noipprefix = 'noipg-'; -$General::adminmanualurl = 'http://wiki.ipfire.org'; - -# -# log ("message") use default 'ipcop' tag -# log ("tag","message") use your tag -# -sub log -{ - my $tag='ipfire'; - $tag = shift if (@_>1); - my $logmessage = $_[0]; - $logmessage =~ /([\w\W]*)/; - $logmessage = $1; - system('logger', '-t', $tag, $logmessage); -} - -sub readhash -{ - my $filename = $_[0]; - my $hash = $_[1]; - my ($var, $val); - - - # Some ipcop code expects that readhash 'complete' the hash if new entries - # are presents. Not clear it !!! - #%$hash = (); - - open(FILE, $filename) or die "Unable to read file $filename"; - - while () - { - chop; - ($var, $val) = split /=/, $_, 2; - if ($var) - { - $val =~ s/^\'//g; - $val =~ s/\'$//g; - - # Untaint variables read from hash - # trim space from begin and end - $var =~ s/^\s+//; - $var =~ s/\s+$//; - $var =~ /([A-Za-z0-9_-]*)/; - $var = $1; - $val =~ /([\w\W]*)/; - $val = $1; - $hash->{$var} = $val; - } - } - close FILE; -} - - -sub writehash -{ - my $filename = $_[0]; - my $hash = $_[1]; - my ($var, $val); - - # write cgi vars to the file. - open(FILE, ">${filename}") or die "Unable to write file $filename"; - flock FILE, 2; - foreach $var (keys %$hash) - { - if ( $var eq "__CGI__"){next;} - $val = $hash->{$var}; - # Darren Critchley Jan 17, 2003 added the following because when submitting with a graphic, the x and y - # location of the mouse are submitted as well, this was being written to the settings file causing - # some serious grief! This skips the variable.x and variable.y - if (!($var =~ /(.x|.y)$/)) { - if ($val =~ / /) { - $val = "\'$val\'"; } - if (!($var =~ /^ACTION/)) { - print FILE "${var}=${val}\n"; } - } - } - close FILE; -} - - -sub age -{ - my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, - $atime, $mtime, $ctime, $blksize, $blocks) = stat $_[0]; - my $now = time; - - my $totalsecs = $now - $mtime; - my $days = int($totalsecs / 86400); - my $totalhours = int($totalsecs / 3600); - my $hours = $totalhours % 24; - my $totalmins = int($totalsecs / 60); - my $mins = $totalmins % 60; - my $secs = $totalsecs % 60; - - return "${days}d ${hours}h ${mins}m ${secs}s"; -} - -sub validip -{ - my $ip = $_[0]; - - if (!($ip =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/)) { - return 0; } - else - { - my @octets = ($1, $2, $3, $4); - foreach $_ (@octets) - { - if (/^0./) { - return 0; } - if ($_ < 0 || $_ > 255) { - return 0; } - } - return 1; - } -} - -sub validmask -{ - my $mask = $_[0]; - - # secord part an ip? - if (&validip($mask)) { - return 1; } - # second part a number? - if (/^0/) { - return 0; } - if (!($mask =~ /^\d+$/)) { - return 0; } - if ($mask >= 0 && $mask <= 32) { - return 1; } - return 0; -} - -sub validipormask -{ - my $ipormask = $_[0]; - - # see if it is a IP only. - if (&validip($ipormask)) { - return 1; } - # split it into number and mask. - if (!($ipormask =~ /^(.*?)\/(.*?)$/)) { - return 0; } - my $ip = $1; - my $mask = $2; - # first part not a ip? - if (!(&validip($ip))) { - return 0; } - return &validmask($mask); -} - -sub validipandmask -{ - my $ipandmask = $_[0]; - - # split it into number and mask. - if (!($ipandmask =~ /^(.*?)\/(.*?)$/)) { - return 0; } - my $ip = $1; - my $mask = $2; - # first part not a ip? - if (!(&validip($ip))) { - return 0; } - return &validmask($mask); -} - -sub validport -{ - $_ = $_[0]; - - if (!/^\d+$/) { - return 0; } - if (/^0./) { - return 0; } - if ($_ >= 1 && $_ <= 65535) { - return 1; } - return 0; -} - -sub validproxyport -{ - $_ = $_[0]; - - if (!/^\d+$/) { - return 0; } - if (/^0./) { - return 0; } - if ($_ == 53 || $_ == 222 || $_ == 444 || $_ == 81 ) { - return 0; } - elsif ($_ >= 1 && $_ <= 65535) { - return 1; } - return 0; -} - -sub validmac -{ - my $checkmac = $_[0]; - my $ot = '[0-9a-f]{2}'; # 2 Hex digits (one octet) - if ($checkmac !~ /^$ot:$ot:$ot:$ot:$ot:$ot$/i) - { - return 0; - } - return 1; -} - -sub validhostname -{ - # Checks a hostname against RFC1035 - my $hostname = $_[0]; - - # Each part should be at least two characters in length - # but no more than 63 characters - if (length ($hostname) < 1 || length ($hostname) > 63) { - return 0;} - # Only valid characters are a-z, A-Z, 0-9 and - - if ($hostname !~ /^[a-zA-Z0-9-]*$/) { - return 0;} - # First character can only be a letter or a digit - if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) { - return 0;} - # Last character can only be a letter or a digit - if (substr ($hostname, -1, 1) !~ /^[a-zA-Z0-9]*$/) { - return 0;} - return 1; -} - -sub validdomainname -{ - my $part; - - # Checks a domain name against RFC1035 - my $domainname = $_[0]; - my @parts = split (/\./, $domainname); # Split hostname at the '.' - - foreach $part (@parts) { - # Each part should be at least two characters in length - # but no more than 63 characters - if (length ($part) < 2 || length ($part) > 63) { - return 0;} - # Only valid characters are a-z, A-Z, 0-9 and - - if ($part !~ /^[a-zA-Z0-9-]*$/) { - return 0;} - # First character can only be a letter or a digit - if (substr ($part, 0, 1) !~ /^[a-zA-Z0-9]*$/) { - return 0;} - # Last character can only be a letter or a digit - if (substr ($part, -1, 1) !~ /^[a-zA-Z0-9]*$/) { - return 0;} - } - return 1; -} - -sub validfqdn -{ - my $part; - - # Checks a fully qualified domain name against RFC1035 - my $fqdn = $_[0]; - my @parts = split (/\./, $fqdn); # Split hostname at the '.' - if (scalar(@parts) < 2) { # At least two parts should - return 0;} # exist in a FQDN - # (i.e. hostname.domain) - foreach $part (@parts) { - # Each part should be at least one character in length - # but no more than 63 characters - if (length ($part) < 1 || length ($part) > 63) { - return 0;} - # Only valid characters are a-z, A-Z, 0-9 and - - if ($part !~ /^[a-zA-Z0-9-]*$/) { - return 0;} - # First character can only be a letter or a digit - if (substr ($part, 0, 1) !~ /^[a-zA-Z0-9]*$/) { - return 0;} - # Last character can only be a letter or a digit - if (substr ($part, -1, 1) !~ /^[a-zA-Z0-9]*$/) { - return 0;} - } - return 1; -} - -sub validportrange # used to check a port range -{ - my $port = $_[0]; # port values - $port =~ tr/-/:/; # replace all - with colons just in case someone used - - my $srcdst = $_[1]; # is it a source or destination port - - if (!($port =~ /^(\d+)\:(\d+)$/)) { - - if (!(&validport($port))) { - if ($srcdst eq 'src'){ - return $Lang::tr{'source port numbers'}; - } else { - return $Lang::tr{'destination port numbers'}; - } - } - } - else - { - my @ports = ($1, $2); - if ($1 >= $2){ - if ($srcdst eq 'src'){ - return $Lang::tr{'bad source range'}; - } else { - return $Lang::tr{'bad destination range'}; - } - } - foreach $_ (@ports) - { - if (!(&validport($_))) { - if ($srcdst eq 'src'){ - return $Lang::tr{'source port numbers'}; - } else { - return $Lang::tr{'destination port numbers'}; - } - } - } - return; - } -} - -# Test if IP is within a subnet -# Call: IpInSubnet (Addr, Subnet, Subnet Mask) -# Subnet can be an IP of the subnet: 10.0.0.0 or 10.0.0.1 -# Everything in dottted notation -# Return: TRUE/FALSE -sub IpInSubnet -{ - my $ip = unpack('N', &Socket::inet_aton(shift)); - my $start = unpack('N', &Socket::inet_aton(shift)); - my $mask = unpack('N', &Socket::inet_aton(shift)); - $start &= $mask; # base of subnet... - my $end = $start + ~$mask; - return (($ip >= $start) && ($ip <= $end)); -} - -# -# Return the following IP (IP+1) in dotted notation. -# Call: NextIP ('1.1.1.1'); -# Return: '1.1.1.2' -# -sub NextIP -{ - return &Socket::inet_ntoa( pack("N", 1 + unpack('N', &Socket::inet_aton(shift)) - ) - ); -} - -sub validemail { - my $mail = shift; - return 0 if ( $mail !~ /^[0-9a-zA-Z\.\-\_]+\@[0-9a-zA-Z\.\-]+$/ ); - return 0 if ( $mail =~ /^[^0-9a-zA-Z]|[^0-9a-zA-Z]$/); - return 0 if ( $mail !~ /([0-9a-zA-Z]{1})\@./ ); - return 0 if ( $mail !~ /.\@([0-9a-zA-Z]{1})/ ); - return 0 if ( $mail =~ /.\.\-.|.\-\..|.\.\..|.\-\-./g ); - return 0 if ( $mail =~ /.\.\_.|.\-\_.|.\_\..|.\_\-.|.\_\_./g ); - return 0 if ( $mail !~ /\.([a-zA-Z]{2,4})$/ ); - return 1; -} - -# -# Currently only vpnmain use this three procs (readhasharray, writehasharray, findhasharray) -# The 'key' used is numeric but is perfectly unneeded! This will to be removed so don't use -# this code. Vpnmain will be splitted in parts: x509/pki, connection ipsec, connection other,... . -# -sub readhasharray { - my ($filename, $hash) = @_; - %$hash = (); - - open(FILE, $filename) or die "Unable to read file $filename"; - - while () { - my ($key, $rest, @temp); - chomp; - ($key, $rest) = split (/,/, $_, 2); - if ($key =~ /^[0-9]+$/) { - @temp = split (/,/, $rest); - $hash->{$key} = \@temp; - } - } - close FILE; - return; -} - -sub writehasharray { - my ($filename, $hash) = @_; - my ($key, @temp, $i); - - open(FILE, ">$filename") or die "Unable to write to file $filename"; - - foreach $key (keys %$hash) { - if ($key =~ /^[0-9]+$/) { - print FILE "$key"; - foreach $i (0 .. $#{$hash->{$key}}) { - print FILE ",$hash->{$key}[$i]"; - } - print FILE "\n"; - } - } - close FILE; - return; -} - -sub findhasharraykey { - foreach my $i (1 .. 1000000) { - if ( ! exists $_[0]{$i}) { - return $i; - } - } -} - -sub srtarray -# Darren Critchley - darrenc@telus.net - (c) 2003 -# &srtarray(SortOrder, AlphaNumeric, SortDirection, ArrayToBeSorted) -# This subroutine will take the following parameters: -# ColumnNumber = the column which you want to sort on, starts at 1 -# AlphaNumberic = a or n (lowercase) defines whether the sort should be alpha or numberic -# SortDirection = asc or dsc (lowercase) Ascending or Descending sort -# ArrayToBeSorted = the array that wants sorting -# -# Returns an array that is sorted to your specs -# -# If SortOrder is greater than the elements in array, then it defaults to the first element -# -{ - my ($colno, $alpnum, $srtdir, @tobesorted) = @_; - my @tmparray; - my @srtedarray; - my $line; - my $newline; - my $ctr; - my $ttlitems = scalar @tobesorted; # want to know the number of rows in the passed array - if ($ttlitems < 1){ # if no items, don't waste our time lets leave - return (@tobesorted); - } - my @tmp = split(/\,/,$tobesorted[0]); - $ttlitems = scalar @tmp; # this should be the number of elements in each row of the passed in array - - # Darren Critchley - validate parameters - if ($colno > $ttlitems){$colno = '1';} - $colno--; # remove one from colno to deal with arrays starting at 0 - if($colno < 0){$colno = '0';} - if ($alpnum ne '') { $alpnum = lc($alpnum); } else { $alpnum = 'a'; } - if ($srtdir ne '') { $srtdir = lc($srtdir); } else { $srtdir = 'src'; } - - foreach $line (@tobesorted) - { - chomp($line); - if ($line ne '') { - my @temp = split(/\,/,$line); - # Darren Critchley - juggle the fields so that the one we want to sort on is first - my $tmpholder = $temp[0]; - $temp[0] = $temp[$colno]; - $temp[$colno] = $tmpholder; - $newline = ""; - for ($ctr=0; $ctr < $ttlitems ; $ctr++) { - $newline=$newline . $temp[$ctr] . ","; - } - chop($newline); - push(@tmparray,$newline); - } - } - if ($alpnum eq 'n') { - @tmparray = sort {$a <=> $b} @tmparray; - } else { - @tmparray = (sort @tmparray); - } - foreach $line (@tmparray) - { - chomp($line); - if ($line ne '') { - my @temp = split(/\,/,$line); - my $tmpholder = $temp[0]; - $temp[0] = $temp[$colno]; - $temp[$colno] = $tmpholder; - $newline = ""; - for ($ctr=0; $ctr < $ttlitems ; $ctr++){ - $newline=$newline . $temp[$ctr] . ","; - } - chop($newline); - push(@srtedarray,$newline); - } - } - - if ($srtdir eq 'dsc') { - @tmparray = reverse(@srtedarray); - return (@tmparray); - } else { - return (@srtedarray); - } -} - -sub FetchPublicIp { - my %proxysettings; - &General::readhash("${General::swroot}/proxy/settings", \%proxysettings); - if ($_=$proxysettings{'UPSTREAM_PROXY'}) { - my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); - Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} ); - } - my ($out, $response) = Net::SSLeay::get_http( 'checkip.dyndns.org', - 80, - "/", - Net::SSLeay::make_headers('User-Agent' => 'IPFire' ) - ); - if ($response =~ m%HTTP/1\.. 200 OK%) { - $out =~ /Current IP Address: (\d+.\d+.\d+.\d+)/; - return $1; - } - return ''; -} - -# -# Check if hostname.domain provided have IP provided -# use gethostbyname to verify that -# Params: -# IP -# hostname -# domain -# Output -# 1 IP matches host.domain -# 0 not in sync -# -sub DyndnsServiceSync ($;$;$) { - - my ($ip,$hostName,$domain) = @_; - my @addresses; - - #fix me no ip GROUP, what is the name ? - $hostName =~ s/$General::noipprefix//; - if ($hostName) { #may be empty - $hostName = "$hostName.$domain"; - @addresses = gethostbyname($hostName); - } - - if ($addresses[0] eq '') { # nothing returned ? - $hostName = $domain; # try resolving with domain only - @addresses = gethostbyname($hostName); - } - - if ($addresses[0] ne '') { # got something ? - #&General::log("name:$addresses[0], alias:$addresses[1]"); - # Build clear text list of IP - @addresses = map ( &Socket::inet_ntoa($_), @addresses[4..$#addresses]); - if (grep (/$ip/, @addresses)) { - return 1; - } - } - return 0; -} -# -# This sub returns the red IP used to compare in DyndnsServiceSync -# -sub GetDyndnsRedIP { - my %settings; - &General::readhash("${General::swroot}/ddns/settings", \%settings); - - open(IP, "${General::swroot}/red/local-ipaddress") or return 'unavailable'; - my $ip = ; - close(IP); - chomp $ip; - - if (&General::IpInSubnet ($ip,'10.0.0.0','255.0.0.0') || - &General::IpInSubnet ($ip,'172.16.0.0.','255.240.0.0') || - &General::IpInSubnet ($ip,'192.168.0.0','255.255.0.0')) - { - if ($settings{'BEHINDROUTER'} eq 'FETCH_IP') { - my $RealIP = &General::FetchPublicIp; - $ip = (&General::validip ($RealIP) ? $RealIP : 'unavailable'); - } - } - return $ip; -} - -# Translate ICMP code to text -# ref: http://www.iana.org/assignments/icmp-parameters -sub GetIcmpDescription ($) { - my $index = shift; - my @icmp_description = ( - 'Echo Reply', #0 - 'Unassigned', - 'Unassigned', - 'Destination Unreachable', - 'Source Quench', - 'Redirect', - 'Alternate Host Address', - 'Unassigned', - 'Echo', - 'Router Advertisement', - 'Router Solicitation', #10 - 'Time Exceeded', - 'Parameter Problem', - 'Timestamp', - 'Timestamp Reply', - 'Information Request', - 'Information Reply', - 'Address Mask Request', - 'Address Mask Reply', - 'Reserved (for Security)', - 'Reserved (for Robustness Experiment)', #20 - 'Reserved', - 'Reserved', - 'Reserved', - 'Reserved', - 'Reserved', - 'Reserved', - 'Reserved', - 'Reserved', - 'Reserved', - 'Traceroute', #30 - 'Datagram Conversion Error', - 'Mobile Host Redirect', - 'IPv6 Where-Are-You', - 'IPv6 I-Am-Here', - 'Mobile Registration Request', - 'Mobile Registration Reply', - 'Domain Name Request', - 'Domain Name Reply', - 'SKIP', - 'Photur', #40 - 'Experimental'); - if ($index>41) {return 'unknown'} else {return @icmp_description[$index]}; -} -1; diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl deleted file mode 100644 index c4dabe2b4..000000000 --- a/config/cfgroot/graphs.pl +++ /dev/null @@ -1,590 +0,0 @@ -#!/usr/bin/perl -# Generate Graphs exported from Makegraphs to minimize system load an only generate the Graphs when displayed -# This is part of the IPFire Firewall - - -package Graphs; - -use strict; -use RRDs; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my $ERROR; -my $rrdlog = "/var/log/rrd"; -my $graphs = "/srv/web/ipfire/html/graphs"; -$ENV{PATH}="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -my %mbmon_settings = (); -&General::readhash("${General::swroot}/mbmon/settings", \%mbmon_settings); - -my %mbmon_values = (); -if ( -e "/var/log/mbmon-values" ){ -&General::readhash("/var/log/mbmon-values", \%mbmon_values); -} - -my $key; -my $value; -my @args = (); -my $count = 0; - -use Encode 'from_to'; - -my %tr=(); -if ((${Lang::language} eq 'el') || - (${Lang::language} eq 'fa') || - (${Lang::language} eq 'ru') || - (${Lang::language} eq 'th') || - (${Lang::language} eq 'vi') || - (${Lang::language} eq 'zh') || - (${Lang::language} eq 'zt')) { - eval `/bin/cat "${General::swroot}/langs/en.pl"`; -} else { - %tr=%Lang::tr; # use translated version for other languages -} - - -sub updatecpugraph { - my $period = $_[0]; - - RRDs::graph ("$graphs/cpu-$period.png", - "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org", - "--alt-y-grid", "-w 600", "-h 100", "-l 0", "-u 100", "-r", - "--color", "SHADEA".$color{"color19"}, - "--color", "SHADEB".$color{"color19"}, - "--color", "BACK".$color{"color21"}, - "-t $Lang::tr{'cpu usage per'} $Lang::tr{$period}", - "DEF:iowait=$rrdlog/cpu.rrd:iowait:AVERAGE", - "DEF:user=$rrdlog/cpu.rrd:user:AVERAGE", - "DEF:system=$rrdlog/cpu.rrd:system:AVERAGE", - "DEF:idle=$rrdlog/cpu.rrd:idle:AVERAGE", - "DEF:irq=$rrdlog/cpu.rrd:irq:AVERAGE", - "CDEF:total=user,system,idle,iowait,irq,+,+,+,+", - "CDEF:userpct=100,user,total,/,*", - "CDEF:systempct=100,system,total,/,*", - "CDEF:idlepct=100,idle,total,/,*", - "CDEF:iowaitpct=100,iowait,total,/,*", - "CDEF:irqpct=100,irq,total,/,*", - "COMMENT:$Lang::tr{'caption'}\\t\\t\\t ", - "COMMENT:$Lang::tr{'maximal'}", - "COMMENT:$Lang::tr{'average'}", - "COMMENT:$Lang::tr{'minimal'}", - "COMMENT:$Lang::tr{'current'}\\j", - "AREA:iowaitpct".$color{"color14"}.":$Lang::tr{'iowait'}", - "GPRINT:iowaitpct:MAX:%3.2lf%%", - "GPRINT:iowaitpct:AVERAGE:%3.2lf%%", - "GPRINT:iowaitpct:MIN:%3.2lf%%", - "GPRINT:iowaitpct:LAST:%3.2lf%%\\j", - "STACK:irqpct".$color{"color23"}.":$Lang::tr{'cpu irq usage'}", - "GPRINT:irqpct:MAX:%3.2lf%%", - "GPRINT:irqpct:AVERAGE:%3.2lf%%", - "GPRINT:irqpct:MIN:%3.2lf%%", - "GPRINT:irqpct:LAST:%3.2lf%%\\j", - "STACK:userpct".$color{"color11"}.":$Lang::tr{'user cpu usage'}", - "GPRINT:userpct:MAX:%3.2lf%%", - "GPRINT:userpct:AVERAGE:%3.2lf%%", - "GPRINT:userpct:MIN:%3.2lf%%", - "GPRINT:userpct:LAST:%3.2lf%%\\j", - "STACK:systempct".$color{"color13"}.":$Lang::tr{'system cpu usage'}", - "GPRINT:systempct:MAX:%3.2lf%%", - "GPRINT:systempct:AVERAGE:%3.2lf%%", - "GPRINT:systempct:MIN:%3.2lf%%", - "GPRINT:systempct:LAST:%3.2lf%%\\j", - "STACK:idlepct".$color{"color12"}.":$Lang::tr{'idle cpu usage'}", - "GPRINT:idlepct:MAX:%3.2lf%%", - "GPRINT:idlepct:AVERAGE:%3.2lf%%", - "GPRINT:idlepct:MIN:%3.2lf%%", - "GPRINT:idlepct:LAST:%3.2lf%%\\j"); - $ERROR = RRDs::error; - print "Error in RRD::graph for cpu: $ERROR\n" if $ERROR; -} - -sub updateloadgraph { - my $period = $_[0]; - - RRDs::graph ("$graphs/load-$period.png", - "--start", "-1$period", "-aPNG", - "-w 600", "-h 100", "-i", "-z", "-W www.ipfire.org", "-l 0", "-r", "--alt-y-grid", - "-t Load Average", - "--color", "SHADEA".$color{"color19"}, - "--color", "SHADEB".$color{"color19"}, - "--color", "BACK".$color{"color21"}, - "DEF:load1=$rrdlog/load.rrd:load1:AVERAGE", - "DEF:load5=$rrdlog/load.rrd:load5:AVERAGE", - "DEF:load15=$rrdlog/load.rrd:load15:AVERAGE", - "AREA:load1".$color{"color13"}.":1 Minute, letzter:", - "GPRINT:load1:LAST:%5.2lf", - "AREA:load5".$color{"color18"}.":5 Minuten, letzter:", - "GPRINT:load5:LAST:%5.2lf", - "AREA:load15".$color{"color14"}.":15 Minuten, letzter:", - "GPRINT:load15:LAST:%5.2lf\\j", - "LINE1:load5".$color{"color13"}, - "LINE1:load1".$color{"color18"}); - $ERROR = RRDs::error; - print "Error in RRD::graph for load: $ERROR\n" if $ERROR; -} - -sub updatememgraph { - my $period = $_[0]; - - RRDs::graph ("$graphs/memory-$period.png", - "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org", - "--alt-y-grid", "-w 600", "-h 100", "-l 0", "-u 100", "-r", - "--color", "SHADEA".$color{"color19"}, - "--color", "SHADEB".$color{"color19"}, - "--color", "BACK".$color{"color21"}, - "-t $Lang::tr{'memory usage per'} $Lang::tr{$period}", - "DEF:used=$rrdlog/mem.rrd:memused:AVERAGE", - "DEF:free=$rrdlog/mem.rrd:memfree:AVERAGE", - "DEF:shared=$rrdlog/mem.rrd:memshared:AVERAGE", - "DEF:buffer=$rrdlog/mem.rrd:membuffers:AVERAGE", - "DEF:cache=$rrdlog/mem.rrd:memcache:AVERAGE", - "CDEF:total=used,free,+", - "CDEF:used2=used,buffer,cache,shared,+,+,-", - "CDEF:usedpct=100,used2,total,/,*", - "CDEF:sharedpct=100,shared,total,/,*", - "CDEF:bufferpct=100,buffer,total,/,*", - "CDEF:cachepct=100,cache,total,/,*", - "CDEF:freepct=100,free,total,/,*", - "COMMENT:$Lang::tr{'caption'}\\t\\t\\t", - "COMMENT:$Lang::tr{'maximal'}", - "COMMENT:$Lang::tr{'average'}", - "COMMENT:$Lang::tr{'minimal'}", - "COMMENT:$Lang::tr{'current'}\\j", - "AREA:usedpct".$color{"color11"}.":$Lang::tr{'used memory'}", - "GPRINT:usedpct:MAX:%3.2lf%%", - "GPRINT:usedpct:AVERAGE:%3.2lf%%", - "GPRINT:usedpct:MIN:%3.2lf%%", - "GPRINT:usedpct:LAST:%3.2lf%%\\j", - "STACK:sharedpct".$color{"color13"}.":$Lang::tr{'shared memory'}", - "GPRINT:sharedpct:MAX:%3.2lf%%", - "GPRINT:sharedpct:AVERAGE:%3.2lf%%", - "GPRINT:sharedpct:MIN:%3.2lf%%", - "GPRINT:sharedpct:LAST:%3.2lf%%\\j", - "STACK:bufferpct".$color{"color23"}.":$Lang::tr{'buffered memory'}", - "GPRINT:bufferpct:MAX:%3.2lf%%", - "GPRINT:bufferpct:AVERAGE:%3.2lf%%", - "GPRINT:bufferpct:MIN:%3.2lf%%", - "GPRINT:bufferpct:LAST:%3.2lf%%\\j", - "STACK:cachepct".$color{"color14"}.":$Lang::tr{'cached memory'}", - "GPRINT:cachepct:MAX:%3.2lf%%", - "GPRINT:cachepct:AVERAGE:%3.2lf%%", - "GPRINT:cachepct:MIN:%3.2lf%%", - "GPRINT:cachepct:LAST:%3.2lf%%\\j", - "STACK:freepct".$color{"color12"}.":$Lang::tr{'free memory'}", - "GPRINT:freepct:MAX:%3.2lf%%", - "GPRINT:freepct:AVERAGE:%3.2lf%%", - "GPRINT:freepct:MIN:%3.2lf%%", - "GPRINT:freepct:LAST:%3.2lf%%\\j"); - $ERROR = RRDs::error; - print "Error in RRD::graph for mem: $ERROR\n" if $ERROR; - - RRDs::graph ("$graphs/swap-$period.png", - "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org", - "--alt-y-grid", "-w 600", "-h 100", "-l 0", "-u 100", "-r", - "--color", "SHADEA".$color{"color19"}, - "--color", "SHADEB".$color{"color19"}, - "--color", "BACK".$color{"color21"}, - "-t $Lang::tr{'swap usage per'} $Lang::tr{$period}", - "DEF:used=$rrdlog/mem.rrd:swapused:AVERAGE", - "DEF:free=$rrdlog/mem.rrd:swapfree:AVERAGE", - "CDEF:total=used,free,+", - "CDEF:usedpct=100,used,total,/,*", - "CDEF:freepct=100,free,total,/,*", - "COMMENT:$Lang::tr{'caption'}\\t\\t", - "COMMENT:$Lang::tr{'maximal'}", - "COMMENT:$Lang::tr{'average'}", - "COMMENT:$Lang::tr{'minimal'}", - "COMMENT:$Lang::tr{'current'}\\j", - "AREA:usedpct".$color{"color11"}.":$Lang::tr{'used swap'}", - "GPRINT:usedpct:MAX:%3.2lf%%", - "GPRINT:usedpct:AVERAGE:%3.2lf%%", - "GPRINT:usedpct:MIN:%3.2lf%%", - "GPRINT:usedpct:LAST:%3.2lf%%\\j", - "STACK:freepct".$color{"color12"}.":$Lang::tr{'free swap'}", - "GPRINT:freepct:MAX:%3.2lf%%", - "GPRINT:freepct:AVERAGE:%3.2lf%%", - "GPRINT:freepct:MIN:%3.2lf%%", - "GPRINT:freepct:LAST:%3.2lf%%\\j"); - $ERROR = RRDs::error; - print "Error in RRD::graph for swap: $ERROR\n" if $ERROR; -} - -sub updatediskgraph { - my $period = $_[0]; - my $disk = $_[1]; - - RRDs::graph ("$graphs/disk-$disk-$period.png", - "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org", - "--alt-y-grid", "-w 600", "-h 100", "-l 0", "-r", - "--color", "SHADEA".$color{"color19"}, - "--color", "SHADEB".$color{"color19"}, - "--color", "BACK".$color{"color21"}, - "-t $Lang::tr{'disk access per'} $Lang::tr{$period} $disk", - "DEF:read=$rrdlog/disk-$disk.rrd:readsect:AVERAGE", - "DEF:write=$rrdlog/disk-$disk.rrd:writesect:AVERAGE", - "DEF:standby=$rrdlog/hddshutdown-$disk.rrd:standby:AVERAGE", - "CDEF:st=standby,INF,*", - "AREA:st".$color{"color20"}.":standby\\j", - "AREA:read".$color{"color11"}.":$Lang::tr{'sectors read from disk per second'}", - "STACK:write".$color{"color12"}.":$Lang::tr{'sectors written to disk per second'}\\j", - "COMMENT: \\j", - "COMMENT:$Lang::tr{'maximal'}", - "COMMENT:$Lang::tr{'average'}", - "COMMENT:$Lang::tr{'current'}\\j", - "GPRINT:read:MAX:$Lang::tr{'read sectors'}\\:%8.0lf", - "GPRINT:read:AVERAGE:$Lang::tr{'read sectors'}\\:%8.0lf", - "GPRINT:read:LAST:$Lang::tr{'read sectors'}\\:%8.0lf\\j", - "GPRINT:write:MAX:$Lang::tr{'written sectors'}\\:%8.0lf", - "GPRINT:write:AVERAGE:$Lang::tr{'written sectors'}\\:%8.0lf", - "GPRINT:write:LAST:$Lang::tr{'written sectors'}\\:%8.0lf\\j"); - $ERROR = RRDs::error; - print "Error in RRD::graph for disk: $ERROR\n" if $ERROR; -} - -sub updateifgraph { - my $interface = $_[0]; - my $period = $_[1]; - - RRDs::graph ("$graphs/$interface-$period.png", - "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org", - "--alt-y-grid", "-w 600", "-h 100", - "--color", "SHADEA".$color{"color19"}, - "--color", "SHADEB".$color{"color19"}, - "--color", "BACK".$color{"color21"}, - "-t $Lang::tr{'traffic on'} $interface ($Lang::tr{'graph per'} $Lang::tr{$period})", - "-v$Lang::tr{'bytes per second'}", - "DEF:incoming=$rrdlog/$interface.rrd:incoming:AVERAGE", - "DEF:outgoing=$rrdlog/$interface.rrd:outgoing:AVERAGE", - "AREA:incoming".$color{"color11"}.":$Lang::tr{'incoming traffic in bytes per second'}", - "AREA:outgoing".$color{"color12"}.":$Lang::tr{'outgoing traffic in bytes per second'}\\j", - "COMMENT: \\j", - "COMMENT:$Lang::tr{'maximal'}", - "COMMENT:$Lang::tr{'average'}", - "COMMENT:$Lang::tr{'minimal'}", - "COMMENT:$Lang::tr{'current'}\\j", - "GPRINT:incoming:MAX:$Lang::tr{'in'}\\:%8.3lf %sBps", - "GPRINT:incoming:AVERAGE:$Lang::tr{'in'}\\:%8.3lf %sBps", - "GPRINT:incoming:MIN:$Lang::tr{'in'}\\:%8.3lf %sBps", - "GPRINT:incoming:LAST:$Lang::tr{'in'}\\:%8.3lf %sBps\\j", - "GPRINT:outgoing:MAX:$Lang::tr{'out'}\\:%8.3lf %sBps", - "GPRINT:outgoing:AVERAGE:$Lang::tr{'out'}\\:%8.3lf %sBps", - "GPRINT:outgoing:MIN:$Lang::tr{'out'}\\:%8.3lf %sBps", - "GPRINT:outgoing:LAST:$Lang::tr{'out'}\\:%8.3lf %sBps\\j"); - $ERROR = RRDs::error; - print "Error in RRD::graph for $interface: $ERROR\n" if $ERROR; -} - -sub updatefwhitsgraph { - my $period = $_[0]; - - RRDs::graph ("$graphs/firewallhits-$period-area.png", - "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org", - "--alt-y-grid", "-w 600", "-h 100", - "--color", "SHADEA".$color{"color19"}, - "--color", "SHADEB".$color{"color19"}, - "--color", "BACK".$color{"color21"}, - "-t $Lang::tr{'firewall hits per'} $Lang::tr{$period}", - "DEF:amount=$rrdlog/firewallhits.rrd:amount:AVERAGE", - "DEF:portamount=$rrdlog/firewallhits.rrd:portamount:AVERAGE", - "COMMENT:$Lang::tr{'caption'}\\t\\t\\t", - "COMMENT:$Lang::tr{'maximal'}", - "COMMENT:$Lang::tr{'average'}", - "COMMENT:$Lang::tr{'minimal'}", - "COMMENT:$Lang::tr{'current'}\\j", - "AREA:amount".$color{"color24"}.":$Lang::tr{'firewallhits'}/5 min", - "GPRINT:amount:MAX:%2.2lf %S", - "GPRINT:amount:AVERAGE:%2.2lf %S", - "GPRINT:amount:MIN:%2.2lf %S", - "GPRINT:amount:LAST:%2.2lf %S\\j", - "STACK:portamount".$color{"color25"}.":$Lang::tr{'portscans'}/5 min", - "GPRINT:portamount:MAX:%2.2lf %S", - "GPRINT:portamount:MIN:%2.2lf %S", - "GPRINT:portamount:AVERAGE:%2.2lf %S", - "GPRINT:portamount:LAST:%2.2lf %S\\j"); - $ERROR = RRDs::error; - print "Error in RRD::graph for Firewallhits: $ERROR\n" if $ERROR; -} - -sub updatelqgraph { - my $period = $_[0]; - RRDs::graph ("$graphs/lq-$period.png", - "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org", - "--alt-y-grid", "-w 600", "-h 100", "-l 0", "-r", - "-t $Lang::tr{'linkq'} ($Lang::tr{'graph per'} $Lang::tr{$period})", - "--lazy", - "--color", "SHADEA".$color{"color19"}, - "--color", "SHADEB".$color{"color19"}, - "--color", "BACK".$color{"color21"}, - "-v ms / pkts (% x10)", - "DEF:roundtrip=$rrdlog/lq.rrd:roundtrip:AVERAGE", - "DEF:loss=$rrdlog/lq.rrd:loss:AVERAGE", - "CDEF:roundavg=roundtrip,PREV(roundtrip),+,2,/", - "CDEF:loss10=loss,10,*", - "CDEF:r0=roundtrip,30,MIN", - "CDEF:r1=roundtrip,70,MIN", - "CDEF:r2=roundtrip,150,MIN", - "CDEF:r3=roundtrip,300,MIN", - "AREA:roundtrip".$color{"color25"}.":>300 ms", - "AREA:r3".$color{"color18"}.":150-300 ms", - "AREA:r2".$color{"color14"}.":70-150 ms", - "AREA:r1".$color{"color17"}.":30-70 ms", - "AREA:r0".$color{"color12"}.":<30 ms", - "AREA:loss10".$color{"color13"}.":Packet loss (x10)\\j", - "COMMENT: \\j", - "COMMENT:$Lang::tr{'maximal'}", - "COMMENT:$Lang::tr{'average'}", - "COMMENT:$Lang::tr{'minimal'}", - "COMMENT:$Lang::tr{'current'}\\j", - "LINE1:roundtrip#707070:", - "GPRINT:roundtrip:MAX:Time\\:%3.2lf ms", - "GPRINT:roundtrip:AVERAGE:Time\\:%3.2lf ms", - "GPRINT:roundtrip:MIN:Time\\:%3.2lf ms", - "GPRINT:roundtrip:LAST:Time\\:%3.2lf ms\\j", - "GPRINT:loss:MAX:Loss\\:%3.2lf%%", - "GPRINT:loss:AVERAGE:Loss\\:%3.2lf%%", - "GPRINT:loss:MIN:Loss\\:%3.2lf%%", - "GPRINT:loss:LAST:Loss\\:%3.2lf%%\\j" - ); - $ERROR = RRDs::error; - print "Error in RRD::graph for Link Quality: $ERROR\n" if $ERROR; -} - -sub updatehddgraph { - - my $disk = $_[0]; - my $period = $_[1]; - - RRDs::graph ("$graphs/hddtemp-$disk-$period.png", - "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org", - "--alt-y-grid", "-w 600", "-h 100", - "--color", "SHADEA".$color{"color19"}, - "--color", "SHADEB".$color{"color19"}, - "--color", "BACK".$color{"color21"}, - "-t $Lang::tr{'harddisk temperature'} ($Lang::tr{'graph per'} $Lang::tr{$period})", - "DEF:temperature=$rrdlog/hddtemp-$disk.rrd:temperature:AVERAGE", - "DEF:standby=$rrdlog/hddshutdown-$disk.rrd:standby:AVERAGE", - "CDEF:st=standby,INF,*", - "AREA:st".$color{"color20"}.":standby", - "LINE2:temperature".$color{"color11"}.":$Lang::tr{'hdd temperature in'} C\\j", - "COMMENT:$Lang::tr{'maximal'}", - "COMMENT:$Lang::tr{'average'}", - "COMMENT:$Lang::tr{'minimal'}", - "COMMENT:$Lang::tr{'current'}\\j", - "GPRINT:temperature:MAX:%3.0lf Grad C", - "GPRINT:temperature:AVERAGE:%3.0lf Grad C", - "GPRINT:temperature:MIN:%3.0lf Grad C", - "GPRINT:temperature:LAST:%3.0lf Grad C\\j", - ); - $ERROR = RRDs::error; - print "Error in RRD::graph for hdd-$disk: $ERROR\n" if $ERROR; -} - -sub updatetempgraph -{ - my $type = "temp"; - my $period = $_[0]; - my $count = "11"; - - @args = ("$graphs/mbmon-$type-$period.png", - "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org", - "--alt-y-grid", "-w 600", "-h 100", "--alt-autoscale", - "--color", "SHADEA".$color{"color19"}, - "--color", "SHADEB".$color{"color19"}, - "--color", "BACK".$color{"color21"}, - "-t $Lang::tr{'mbmon temp'} ($Lang::tr{'graph per'} $Lang::tr{$period})", - "COMMENT:$Lang::tr{'caption'}\\t\\t", - "COMMENT:$Lang::tr{'maximal'}", - "COMMENT:$Lang::tr{'average'}", - "COMMENT:$Lang::tr{'minimal'}", - "COMMENT:$Lang::tr{'current'}\\j",); - - foreach $key ( sort(keys %mbmon_values) ) - { - if ( (index($key, $type) != -1) && ($mbmon_settings{'LINE-'.$key} eq 'on') ) - { - if ( !defined($mbmon_settings{'LABEL-'.$key}) || ($mbmon_settings{'LABEL-'.$key} eq '') ) - { - $mbmon_settings{'LABEL-'.$key} = $key; - } - push (@args, "DEF:$key=$rrdlog/mbmon.rrd:$key:AVERAGE"); - push (@args, "LINE2:".$key.$color{"color$count"}.":$mbmon_settings{'LABEL-'.$key} Grad C"); - push (@args, "GPRINT:$key:MAX:%3.1lf"); - push (@args, "GPRINT:$key:AVERAGE:%3.1lf"); - push (@args, "GPRINT:$key:MIN:%3.1lf"); - push (@args, "GPRINT:$key:LAST:%3.1lf\\j"); - $count++; - } - } - - RRDs::graph ( @args ); - $ERROR = RRDs::error; - print("Error in RRD::graph for temp: $ERROR\n")if $ERROR; -} - -sub updatefangraph -{ - my $type = "fan"; - my $period = $_[0]; - my $count = "11"; - - @args = ("$graphs/mbmon-$type-$period.png", "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org", - "--alt-y-grid", "-w 600", "-h 100", "--alt-autoscale", - "--color", "SHADEA".$color{"color19"}, - "--color", "SHADEB".$color{"color19"}, - "--color", "BACK".$color{"color21"}, - "-t $Lang::tr{'mbmon fan'} ($Lang::tr{'graph per'} $Lang::tr{$period})", - "COMMENT:$Lang::tr{'caption'}\\t\\t", - "COMMENT:$Lang::tr{'maximal'}", - "COMMENT:$Lang::tr{'average'}", - "COMMENT:$Lang::tr{'minimal'}", - "COMMENT:$Lang::tr{'current'}\\j",); - - foreach $key ( sort(keys %mbmon_values) ) - { - if ( (index($key, $type) != -1) && ($mbmon_settings{'LINE-'.$key} eq 'on') ) - { - if ( !defined($mbmon_settings{'LABEL-'.$key}) || ($mbmon_settings{'LABEL-'.$key} eq '') ) - { - $mbmon_settings{'LABEL-'.$key} = $key; - } - - push(@args, "DEF:$key=$rrdlog/mbmon.rrd:$key:AVERAGE"); - push(@args, "LINE2:".$key.$color{"color$count"}.":$mbmon_settings{'LABEL-'.$key} rpm"); - push(@args, "GPRINT:$key:MAX:%5.0lf"); - push(@args, "GPRINT:$key:AVERAGE:%5.0lf"); - push(@args, "GPRINT:$key:MIN:%5.0lf"); - push(@args, "GPRINT:$key:LAST:%5.0lf\\j"); - $count++; - } - } - RRDs::graph ( @args ); - $ERROR = RRDs::error; - print("Error in RRD::graph for temp: $ERROR\n")if $ERROR; -} - -sub updatevoltgraph -{ - my $type = "volt"; - my $period = $_[0]; - my $count = "11"; - - @args = ("$graphs/mbmon-$type-$period.png", "--start", "-1$period", "-aPNG", "-i", "-z", "-W www.ipfire.org", - "--alt-y-grid", "-w 600", "-h 100", "--alt-autoscale", - "--color", "SHADEA".$color{"color19"}, - "--color", "SHADEB".$color{"color19"}, - "--color", "BACK".$color{"color21"}, - "-t $Lang::tr{'mbmon volt'} ($Lang::tr{'graph per'} $Lang::tr{$period})", - "COMMENT:$Lang::tr{'caption'}\\t", - "COMMENT:$Lang::tr{'maximal'}", - "COMMENT:$Lang::tr{'average'}", - "COMMENT:$Lang::tr{'minimal'}", - "COMMENT:$Lang::tr{'current'}\\j",); - - foreach $key ( sort(keys %mbmon_values) ) - { - my $v = substr($key,0,1); - if ( ($v eq 'v') && ($mbmon_settings{'LINE-'.$key} eq 'on') ) - { - if ( !defined($mbmon_settings{'LABEL-'.$key}) || ($mbmon_settings{'LABEL-'.$key} eq '') ) - { - $mbmon_settings{'LABEL-'.$key} = $key; - } - - push(@args, "DEF:$key=$rrdlog/mbmon.rrd:$key:AVERAGE"); - push(@args, "LINE2:".$key.$color{"color$count"}.":$mbmon_settings{'LABEL-'.$key} Volt"); - push(@args, "GPRINT:$key:MAX:%3.2lf"); - push(@args, "GPRINT:$key:AVERAGE:%3.2lf"); - push(@args, "GPRINT:$key:MIN:%3.2lf"); - push(@args, "GPRINT:$key:LAST:%3.2lf\\j"); - $count++; - } - } - - RRDs::graph ( @args ); - $ERROR = RRDs::error; - print("Error in RRD::graph for temp: $ERROR\n")if $ERROR; -} - -sub overviewgraph { - - my $period = $_[0]; - my $periodstring; - my $description; - my %qossettings = (); - &General::readhash("${General::swroot}/qos/settings", \%qossettings); - my $classentry = ""; - my @classes = (); - my @classline = (); - my $classfile = "/var/ipfire/qos/classes"; - - $qossettings{'DEV'} = $_[1]; - if ( $qossettings{'DEV'} eq $qossettings{'RED_DEV'} ) { - $qossettings{'CLASSPRFX'} = '1'; - } else { - $qossettings{'CLASSPRFX'} = '2'; - } - - if ( $period ne '3240' ){ $periodstring = "-1$period";}else{ $periodstring = "-".$period;} - if ( $period ne '3240' ){ $description = "-t $Lang::tr{'Utilization on'} ($qossettings{'DEV'}) ($Lang::tr{'graph per'} $Lang::tr{$period})";}else{ $description = "-t $Lang::tr{'Utilization on'} ($qossettings{'DEV'})";} - - my $ERROR=""; - my $count="1"; - my $color="#000000"; - my @command=("/srv/web/ipfire/html/graphs/qos-graph-$qossettings{'DEV'}-$period.png", - "--start", $periodstring, "-aPNG", "-i", "-z", "-W www.ipfire.org", - "--alt-y-grid", "-w 600", "-h 150", "-r", - "--color", "SHADEA".$color{"color19"}, - "--color", "SHADEB".$color{"color19"}, - "--color", "BACK".$color{"color21"}, - "COMMENT:$Lang::tr{'caption'}\\t\\t\\t\\t ", - "COMMENT:$Lang::tr{'maximal'}", - "COMMENT:$Lang::tr{'average'}", - "COMMENT:$Lang::tr{'minimal'}", - "COMMENT:$Lang::tr{'current'}\\j", - $description - ); - open( FILE, "< $classfile" ) or die "Unable to read $classfile"; - @classes = ; - close FILE; - foreach $classentry (sort @classes) - { - @classline = split( /\;/, $classentry ); - if ( $classline[0] eq $qossettings{'DEV'} ) - { - $color=random_hex_color(6); - push(@command, "DEF:$classline[1]=/var/log/rrd/class_$qossettings{'CLASSPRFX'}-$classline[1]_$qossettings{'DEV'}.rrd:bytes:AVERAGE"); - - if ($count eq "1") { - push(@command, "AREA:$classline[1]$color:Klasse $classline[1] -".sprintf("%15s",$classline[8])); - } else { - push(@command, "STACK:$classline[1]$color:Klasse $classline[1] -".sprintf("%15s",$classline[8])); - - } - push(@command, "GPRINT:$classline[1]:MAX:%5.2lf"); - push(@command, "GPRINT:$classline[1]:AVERAGE:%5.2lf"); - push(@command, "GPRINT:$classline[1]:MIN:%5.2lf"); - push(@command, "GPRINT:$classline[1]:LAST:%5.2lf\\j"); - $count++; - } - } - RRDs::graph (@command); - $ERROR = RRDs::error; - print "$ERROR"; -} - -sub random_hex_color { - my $size = shift; - $size = 6 if $size !~ /^3|6$/; - my @hex = ( 0 .. 9, 'a' .. 'f' ); - my @color; - push @color, @hex[rand(@hex)] for 1 .. $size; - return join('', '#', @color); -} diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl deleted file mode 100644 index e30981778..000000000 --- a/config/cfgroot/header.pl +++ /dev/null @@ -1,496 +0,0 @@ -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The SmoothWall Team -# Copyright (C) 2002 Alex Hudson - getcgihash() rewrite -# Copyright (C) 2002 Bob Grant - validmac() -# Copyright (c) 2002/04/13 Steve Bootes - add alias section, helper functions -# Copyright (c) 2002/08/23 Mark Wormgoor validfqdn() -# Copyright (c) 2003/09/11 Darren Critchley srtarray() -# -package Header; - -use CGI(); -use Socket; -use Time::Local; - -$|=1; # line buffering - -$Header::revision = 'final'; -$Header::swroot = '/var/ipfire'; -$Header::graphdir='/srv/web/ipfire/html/graphs'; -$Header::pagecolour = '#ffffff'; -#$Header::tablecolour = '#a0a0a0'; -$Header::tablecolour = '#FFFFFF'; -$Header::bigboxcolour = '#F6F4F4'; -$Header::boxcolour = '#EAE9EE'; -$Header::bordercolour = '#000000'; -$Header::table1colour = '#E0E0E0'; -$Header::table2colour = '#F0F0F0'; -$Header::colourred = '#993333'; -$Header::colourorange = '#FF9933'; -$Header::colouryellow = '#FFFF00'; -$Header::colourgreen = '#339933'; -$Header::colourblue = '#333399'; -$Header::colourovpn = '#339999'; -$Header::colourfw = '#000000'; -$Header::colourvpn = '#990099'; -$Header::colourerr = '#FF0000'; -$Header::viewsize = 150; -$Header::errormessage = ''; -my %menuhash = (); -my $menu = \%menuhash; -%settings = (); -%ethsettings = (); -@URI = (); - -### Make sure this is an SSL request -if ($ENV{'SERVER_ADDR'} && $ENV{'HTTPS'} ne 'on') { - print "Status: 302 Moved\r\n"; - print "Location: https://$ENV{'SERVER_ADDR'}:444/$ENV{'PATH_INFO'}\r\n\r\n"; - exit 0; -} - -### Initialize environment -&General::readhash("${swroot}/main/settings", \%settings); -&General::readhash("${swroot}/ethernet/settings", \%ethsettings); -$language = $settings{'LANGUAGE'}; -$hostname = $settings{'HOSTNAME'}; -$hostnameintitle = 0; - -### Initialize language -if ($language =~ /^(\w+)$/) {$language = $1;} - -### Read English Files -if ( -d "/var/ipfire/langs/en/" ) { - opendir(DIR, "/var/ipfire/langs/en/"); - @names = readdir(DIR) or die "Cannot Read Directory: $!\n"; - foreach $name(@names) { - next if ($name eq "."); - next if ($name eq ".."); - next if (!($name =~ /\.pl$/)); - require "${swroot}/langs/en/${name}"; - }; -}; - - -### Enable Language Files -if ( -d "/var/ipfire/langs/${language}/" ) { - opendir(DIR, "/var/ipfire/langs/${language}/"); - @names = readdir(DIR) or die "Cannot Read Directory: $!\n"; - foreach $name(@names) { - next if ($name eq "."); - next if ($name eq ".."); - next if (!($name =~ /\.pl$/)); - require "${swroot}/langs/${language}/${name}"; - }; -}; - -### Read IPFire Buildversion -$FIREBUILD = "File not found: firebuild\n"; -if (open(MYFile, "<${swroot}/firebuild")) { - $FIREBUILD = ; - chomp($FIREBUILD); - $FIREBUILD = "(Build: $FIREBUILD)"; - close(MYFile); -}; - -require "${swroot}/langs/en.pl"; -require "${swroot}/langs/${language}.pl"; -eval `/bin/cat /srv/web/ipfire/html/themes/$settings{'THEME'}/include/functions.pl`; - -sub orange_used () { - if ($ethsettings{'CONFIG_TYPE'} =~ /^[24]$/) { - return 1; - } - return 0; -} - -sub blue_used () { - if ($ethsettings{'CONFIG_TYPE'} =~ /^[34]$/) { - return 1; - } - return 0; -} - -sub is_modem { - if ($ethsettings{'CONFIG_TYPE'} =~ /^[0]$/) { - return 1; - } - return 0; -} - -### Initialize menu -sub genmenu { - - my %subsystemhash = (); - my $subsystem = \%subsystemhash; - - my %substatushash = (); - my $substatus = \%substatushash; - - my %subnetworkhash = (); - my $subnetwork = \%subnetworkhash; - - my %subserviceshash = (); - my $subservices = \%subserviceshash; - - my %subfirewallhash = (); - my $subfirewall = \%subfirewallhash; - - my %subipfirehash = (); - my $subipfire = \%subipfirehash; - - my %sublogshash = (); - my $sublogs = \%sublogshash; - - eval `/bin/cat /var/ipfire/menu.d/*.menu`; - eval `/bin/cat /var/ipfire/menu.d/*.main`; - - if (! blue_used() && ! orange_used()) { - $menu->{'05.firewall'}{'subMenu'}->{'40.dmz'}{'enabled'} = 0; - } - if (! blue_used()) { - $menu->{'05.firewall'}{'subMenu'}->{'30.wireless'}{'enabled'} = 0; - } - if ( $ethsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ && $ethsettings{'RED_TYPE'} eq 'STATIC' ) { - $menu->{'03.network'}{'subMenu'}->{'70.aliases'}{'enabled'} = 1; - } -} - -sub showhttpheaders -{ - print "Pragma: no-cache\n"; - print "Cache-control: no-cache\n"; - print "Connection: close\n"; - print "Content-type: text/html\n\n"; -} - -sub is_menu_visible($) { - my $link = shift; - $link =~ s#\?.*$##; - return (-e $ENV{'DOCUMENT_ROOT'}."/../$link"); -} - - -sub getlink($) { - my $root = shift; - if (! $root->{'enabled'}) { - return ''; - } - if ($root->{'uri'} !~ /^$/) { - my $vars = ''; - if ($root->{'vars'} !~ /^$/) { - $vars = '?'. $root->{'vars'}; - } - if (! is_menu_visible($root->{'uri'})) { - return ''; - } - return $root->{'uri'}.$vars; - } - my $submenus = $root->{'subMenu'}; - if (! $submenus) { - return ''; - } - foreach my $item (sort keys %$submenus) { - my $link = getlink($submenus->{$item}); - if ($link ne '') { - return $link; - } - } - return ''; -} - - -sub compare_url($) { - my $conf = shift; - - my $uri = $conf->{'uri'}; - my $vars = $conf->{'vars'}; - my $novars = $conf->{'novars'}; - - if ($uri eq '') { - return 0; - } - if ($uri ne $URI[0]) { - return 0; - } - if ($novars) { - if ($URI[1] !~ /^$/) { - return 0; - } - } - if (! $vars) { - return 1; - } - return ($URI[1] eq $vars); -} - - -sub gettitle($) { - my $root = shift; - - if (! $root) { - return ''; - } - foreach my $item (sort keys %$root) { - my $val = $root->{$item}; - if (compare_url($val)) { - $val->{'selected'} = 1; - if ($val->{'title'} !~ /^$/) { - return $val->{'title'}; - } - return 'EMPTY TITLE'; - } - - my $title = gettitle($val->{'subMenu'}); - if ($title ne '') { - $val->{'selected'} = 1; - return $title; - } - } - return ''; -} - -sub getcgihash { - my ($hash, $params) = @_; - my $cgi = CGI->new (); - $hash->{'__CGI__'} = $cgi; - return if ($ENV{'REQUEST_METHOD'} ne 'POST'); - if (!$params->{'wantfile'}) { - $CGI::DISABLE_UPLOADS = 1; - $CGI::POST_MAX = 512 * 1024; - } else { - $CGI::POST_MAX = 10 * 1024 * 1024; - } - - $cgi->referer() =~ m/^https?\:\/\/([^\/]+)/; - my $referer = $1; - $cgi->url() =~ m/^https?\:\/\/([^\/]+)/; - my $servername = $1; - return if ($referer ne $servername); - - ### Modified for getting multi-vars, split by | - %temp = $cgi->Vars(); - foreach my $key (keys %temp) { - $hash->{$key} = $temp{$key}; - $hash->{$key} =~ s/\0/|/g; - $hash->{$key} =~ s/^\s*(.*?)\s*$/$1/; - } - - if (($params->{'wantfile'})&&($params->{'filevar'})) { - $hash->{$params->{'filevar'}} = $cgi->upload - ($params->{'filevar'}); - } - return; -} - - -# Test if IP is within a subnet -# Call: IpInSubnet (Addr, Subnet, Subnet Mask) -# Subnet can be an IP of the subnet: 10.0.0.0 or 10.0.0.1 -# Everything in dottted notation -# Return: TRUE/FALSE -sub IpInSubnet -{ - $ip = unpack('N', inet_aton(shift)); - $start = unpack('N', inet_aton(shift)); - $mask = unpack('N', inet_aton(shift)); - $start &= $mask; # base of subnet... - $end = $start + ~$mask; - return (($ip >= $start) && ($ip <= $end)); -} - -sub cleanhtml -{ - my $outstring =$_[0]; - $outstring =~ tr/,/ / if not defined $_[1] or $_[1] ne 'y'; - $outstring =~ s/&/&/g; - $outstring =~ s/\'/'/g; - $outstring =~ s/\"/"/g; #" This is just a workaround for the syntax highlighter - $outstring =~ s//>/g; - return $outstring; -} - -sub connectionstatus -{ - my %pppsettings = (); - my %netsettings = (); - my $iface=''; - - $pppsettings{'PROFILENAME'} = 'None'; - &General::readhash("${General::swroot}/ppp/settings", \%pppsettings); - &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - - my $profileused=''; - unless ( $netsettings{'RED_TYPE'} =~ /^(DHCP|STATIC)$/ ) { - $profileused="- $pppsettings{'PROFILENAME'}"; - } - - my ($timestr, $connstate); - - my $connstate = "$Lang::tr{'idle'} $profileused"; - - if (-e "${General::swroot}/red/active") { - $timestr = &General::age("${General::swroot}/red/active"); - $connstate = "$Lang::tr{'connected'} - ($timestr) $profileused"; - } else { - if ((open(KEEPCONNECTED, " - -$tr{'ip address'} -$tr{'mac address'} -$tr{'hostname'} -$tr{'lease expires'} (local time d/m/y) -Add to fix leases - -END - ; - - open(LEASES,"/var/state/dhcp/dhcpd.leases") or die "Can't open dhcpd.leases"; - while ($line = ) { - next if( $line =~ /^\s*#/ ); - chomp($line); - @temp = split (' ', $line); - - if ($line =~ /^\s*lease/) { - $ip = $temp[1]; - #All field are not necessarily read. Clear everything - $endtime = 0; - $ether = ""; - $hostname = ""; - } - - if ($line =~ /^\s*ends/) { - $line =~ /(\d+)\/(\d+)\/(\d+) (\d+):(\d+):(\d+)/; - $endtime = timegm($6, $5, $4, $3, $2 - 1, $1 - 1900); - } - - if ($line =~ /^\s*hardware ethernet/) { - $ether = $temp[2]; - $ether =~ s/;//g; - } - - if ($line =~ /^\s*client-hostname/) { - $hostname = "$temp[1] $temp[2] $temp[3]"; - $hostname =~ s/;//g; - $hostname =~ s/\"//g; - } - - if ($line eq "}") { - @record = ('IPADDR',$ip,'ENDTIME',$endtime,'ETHER',$ether,'HOSTNAME',$hostname); - $record = {}; # create a reference to empty hash - %{$record} = @record; # populate that hash with @record - $entries{$record->{'IPADDR'}} = $record; # add this to a hash of hashes - } - } - close(LEASES); - - my $id = 0; - foreach my $key (sort leasesort keys %entries) { - print "
\n"; - my $hostname = &cleanhtml($entries{$key}->{HOSTNAME},"y"); - - if ($id % 2) { - print ""; - } - else { - print ""; - } - - print <$entries{$key}->{IPADDR} -$entries{$key}->{ETHER} - $hostname - -END - ; - - ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $dst) = localtime ($entries{$key}->{ENDTIME}); - $enddate = sprintf ("%02d/%02d/%d %02d:%02d:%02d",$mday,$mon+1,$year+1900,$hour,$min,$sec); - - if ($entries{$key}->{ENDTIME} < time() ){ - print "$enddate"; - } else { - print "$enddate"; - } - print < - -END - ; - $id++; - } - - print ""; - &closebox(); -} - - -# This sub is used during display of actives leases -sub leasesort { - if (rindex ($dhcpsettings{'SORT_LEASELIST'},'Rev') != -1) - { - $qs=substr ($dhcpsettings{'SORT_LEASELIST'},0,length($dhcpsettings{'SORT_LEASELIST'})-3); - if ($qs eq 'IPADDR') { - @a = split(/\./,$entries{$a}->{$qs}); - @b = split(/\./,$entries{$b}->{$qs}); - ($b[0]<=>$a[0]) || - ($b[1]<=>$a[1]) || - ($b[2]<=>$a[2]) || - ($b[3]<=>$a[3]); - }else { - $entries{$b}->{$qs} cmp $entries{$a}->{$qs}; - } - } - else #not reverse - { - $qs=$dhcpsettings{'SORT_LEASELIST'}; - if ($qs eq 'IPADDR') { - @a = split(/\./,$entries{$a}->{$qs}); - @b = split(/\./,$entries{$b}->{$qs}); - ($a[0]<=>$b[0]) || - ($a[1]<=>$b[1]) || - ($a[2]<=>$b[2]) || - ($a[3]<=>$b[3]); - }else { - $entries{$a}->{$qs} cmp $entries{$b}->{$qs}; - } - } -} diff --git a/config/cfgroot/icmptypes b/config/cfgroot/icmptypes deleted file mode 100644 index 935324fd6..000000000 --- a/config/cfgroot/icmptypes +++ /dev/null @@ -1,61 +0,0 @@ -# ICMP Data File -# -# This file is part of the IPCop Firewall. -# -# IPCop is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# IPCop is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with IPCop; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -# (c) The IPCop Team -# -# $Id: icmptypes,v 1.2 2003/12/11 11:15:33 riddles Exp $ -# -# Valid ICMP types obtained through the following command -# iptables -p icmp -h -# -echo-reply (pong) -destination-unreachable -network-unreachable -host-unreachable -protocol-unreachable -port-unreachable -fragmentation-needed -source-route-failed -network-unknown -host-unknown -network-prohibited -host-prohibited -TOS-network-unreachable -TOS-host-unreachable -communication-prohibited -host-precedence-violation -precedence-cutoff -source-quench -redirect -network-redirect -host-redirect -TOS-network-redirect -TOS-host-redirect -echo-request (ping) -router-advertisement -router-solicitation -time-exceeded (ttl-exceeded) -ttl-zero-during-transit -ttl-zero-during-reassembly -parameter-problem -ip-header-bad -required-option-missing -timestamp-request -timestamp-reply -address-mask-request -address-mask-reply diff --git a/config/cfgroot/lang.pl b/config/cfgroot/lang.pl deleted file mode 100644 index 707b28d11..000000000 --- a/config/cfgroot/lang.pl +++ /dev/null @@ -1,160 +0,0 @@ -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The SmoothWall Team -# Copyright (c) 2002/08/23 Mark Wormgoor Split from header.pl -# -# $Id: lang.pl,v 1.1.2.11 2005/09/10 16:22:50 eoberlander Exp $ -# - -package Lang; -require 'CONFIG_ROOT/general-functions.pl'; -use strict; - -### A cache file to avoid long recalculation -$Lang::CacheLang = '/var/ipfire/langs/cache-lang.pl'; - -# When you want to add your own language strings/entries to the ipcop language file, -# you should create a file with ..pl into CONFIG_ROOT/addon-lang dir -# is free choosable but should be significant. An Example might be "myAddnName" -# is a mnemonic of the used language like en, de, it, nl etc. -# You can find a detailed list of possible mnemonic's in the file CONFIG_ROOT/langs/list -# A file could be named "VirtualHttpd.en.pl" for example. -# -# The file content has to start with (of course without the leading #): -# --------- CODE --------- -#%tr = (%tr, -# 'key1' => 'value', # add all your entries key/values here -# 'key2' => 'value' # and end with (of course without the leading #): -#); -# --------- CODE END--------- -# -# After you have copied all your files to CONFIG_ROOT/add-lang you have to run the -# script compilation: -# perl -e "require '/CONFIG_ROOT/lang.pl'; &Lang::BuildCacheLang" - - -### Initialize language -%Lang::tr = (); -my %settings = (); -&General::readhash("${General::swroot}/main/settings", \%settings); -reload($settings{'LANGUAGE'}); - -# language variable used by makegraphs script -our $language; -$language = $settings{'LANGUAGE'}; - -# -# Load requested language file from cachefile. If cachefile doesn't exist, build on the fly. -# (it is a developper options) -# -sub reload { - - my ($LG) = @_; - %Lang::tr = (); # start with a clean array - - # Use CacheLang if present & not empty. - if (-s "$Lang::CacheLang.$LG" ) { - ##fix: need to put a lock_shared on it in case rebuild is active ? - do "$Lang::CacheLang.$LG"; - #&General::log ("cachelang file used [$LG]"); - return; - } - - #&General::log("Building on the fly cachelang file for [$LG]"); - do "${General::swroot}/langs/en.pl"; - do "${General::swroot}/langs/$LG.pl" if ($LG ne 'en'); - - my $AddonDir = ${General::swroot}.'/addon-lang'; - - opendir (DIR, $AddonDir); - my @files = readdir (DIR); - closedir (DIR); - - # default is to load english first - foreach my $file ( grep (/.*\.en.pl$/,@files)) { - do "$AddonDir/$file"; - } - - # read again, overwriting 'en' with choosed lang - if ($LG ne 'en') { - foreach my $file (grep (/.*\.$LG\.pl$/,@files) ) { - do "$AddonDir/$file"; - } - } -} - -# -# Assume this procedure is called with enough privileges. -# Merge ipcop langage file + all other extension found in addon-lang -# to build a 'cachefile' for selected language -# -sub BuildUniqueCacheLang { - - my ($LG) = @_; - - # Make CacheLang empty so that it won't be used by Lang::reload - open (FILE, ">$Lang::CacheLang.$LG") or return 1; - flock (FILE, 2) or return 1; - close (FILE); - - # Load languages files - &Lang::reload ($LG); - - # Write the unique %tr=('key'=>'value') array - open (FILE, ">$Lang::CacheLang.$LG") or return 1; - flock (FILE, 2) or return 1; - print FILE '%tr=('; - foreach my $k ( keys %Lang::tr ){ - $Lang::tr{$k} =~ s/\'/\\\'/g; # quote ' => \' - print FILE "'$k' => '$Lang::tr{$k}',"; # key => value, - } - print FILE ');'; - close (FILE); - - # Make nobody:nobody file's owner - # Will work when called by root/rc.sysinit - chown (0,0,"$Lang::CacheLang.$LG"); - chmod (0004,"$Lang::CacheLang.$LG"); - return 0; -} - -# -# Switch Ipcop Language for each lang then call build cachelang -# -sub BuildCacheLang { - - my $AddonDir = ${General::swroot}.'/addon-lang'; - - # Correct permission in case addon-installer did not do it - opendir (DIR, $AddonDir); - my @files = readdir (DIR); - foreach my $file (@files) { - next if (($file eq '..') || ($file eq '.')); - chown (0,0,"$AddonDir/$file"); - chmod (0004,"$AddonDir/$file"); - } - closedir (DIR); - - my $selected = '';; - my $missed = ''; - my $error = 0; - - open (LANGS, "${General::swroot}/langs/list"); - while () { - ($selected) = split (':'); - if (BuildUniqueCacheLang ($selected) == 1) { - $missed = $selected; # will try latter. Can only be the current cachelang file locked - }; - } - close (LANGS); - - if ($missed) { # collision with current cache lang being used ? - $error = &BuildUniqueCacheLang ($missed); - } - - &General::log ("WARNING: cannot build cachelang file for [$missed].") if ($error); - return $error; -} -1; diff --git a/config/cfgroot/logging-settings b/config/cfgroot/logging-settings deleted file mode 100644 index e5ca09e6b..000000000 --- a/config/cfgroot/logging-settings +++ /dev/null @@ -1,5 +0,0 @@ -LOGVIEW_REVERSE=off -REMOTELOG_ADDR= -ENABLE_REMOTELOG=off -LOGWATCH_LEVEL=Low -LOGWATCH_KEEP=56 diff --git a/config/cfgroot/mbmon-settings b/config/cfgroot/mbmon-settings deleted file mode 100644 index c36c2ee04..000000000 --- a/config/cfgroot/mbmon-settings +++ /dev/null @@ -1,4 +0,0 @@ -GRAPH_HDD=1 -GRAPH_TEMP=1 -GRAPH_FAN=1 -GRAPH_VOLT=1 diff --git a/config/cfgroot/modem-defaults b/config/cfgroot/modem-defaults deleted file mode 100644 index aa91b09f5..000000000 --- a/config/cfgroot/modem-defaults +++ /dev/null @@ -1,8 +0,0 @@ -VALID=yes -PULSE_DIAL=ATDP -HANGUP=ATH0 -INIT=+++ATZ -SPEAKER_OFF=ATM0 -TIMEOUT=45 -SPEAKER_ON=ATM1 -TONE_DIAL=ATDT diff --git a/config/cfgroot/modem-settings b/config/cfgroot/modem-settings deleted file mode 100644 index aa91b09f5..000000000 --- a/config/cfgroot/modem-settings +++ /dev/null @@ -1,8 +0,0 @@ -VALID=yes -PULSE_DIAL=ATDP -HANGUP=ATH0 -INIT=+++ATZ -SPEAKER_OFF=ATM0 -TIMEOUT=45 -SPEAKER_ON=ATM1 -TONE_DIAL=ATDT diff --git a/config/cfgroot/net-traffic-admin.pl b/config/cfgroot/net-traffic-admin.pl deleted file mode 100644 index 9638ad9f4..000000000 --- a/config/cfgroot/net-traffic-admin.pl +++ /dev/null @@ -1,257 +0,0 @@ -#!/usr/bin/perl -# -# This file is a library file for the Net-Traffic Addon. -# -# Copyright (C) 2006 Achim Weber -# -# $Id: net-traffic-admin.pl,v 1.13 2006/12/10 13:46:00 dotzball Exp $ -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -package NETTRAFF; - -use strict; -use LWP::UserAgent; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -$|=1; # line buffering - -my $updateUrl = "http://blockouttraffic.de/version/Net-Traffic.latest"; -my $latestVersionFile = "${General::swroot}/net-traffic/latestVersion"; - -%NETTRAFF::settings; - - -$NETTRAFF::settingsfile = "${General::swroot}/net-traffic/settings"; -$NETTRAFF::versionfile = "${General::swroot}/net-traffic/version"; -$NETTRAFF::logfile = "/var/log/net-traffic.log"; -$NETTRAFF::colorOk = '#00FF00'; -$NETTRAFF::colorWarn = '#FFFF00'; -$NETTRAFF::colorMax = '#FF0000'; - - -#~ $NETTRAFF::settingsCGI = '/cgi-bin/fwrulesadm.cgi'; -#~ $NETTRAFF::configCGI = '/cgi-bin/fwrules.cgi'; -#~ $NETTRAFF::advConfCGI = '/cgi-bin/fwadvconf.cgi'; - - -@NETTRAFF::longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); - -@NETTRAFF::months = ( 0,1,2,3,4,5,6,7,8,9,10,11 ); - -@NETTRAFF::years=("2001","2002","2003","2004","2005","2006","2007","2008","2009"); - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( $General::version ); -undef (@dummy); - - -# Init Settings -$NETTRAFF::settings{'MONTHLY_VOLUME_ON'} = 'off'; -$NETTRAFF::settings{'MONTHLY_VOLUME'} = '1'; -$NETTRAFF::settings{'STARTDAY'} = '1'; -$NETTRAFF::settings{'WARN_ON'} = 'off'; -$NETTRAFF::settings{'WARN'} = '80'; -$NETTRAFF::settings{'CALC_INTERVAL'} = '60'; -$NETTRAFF::settings{'SHOW_AT_HOME'} = 'on'; -$NETTRAFF::settings{'SEND_EMAIL_ON'} = 'off'; -$NETTRAFF::settings{'EMAIL_TO'} = ''; -$NETTRAFF::settings{'EMAIL_FROM'} = ''; -$NETTRAFF::settings{'EMAIL_USR'} = ''; -$NETTRAFF::settings{'EMAIL_PW'} = ''; -$NETTRAFF::settings{'EMAIL_SERVER'} = ''; -$NETTRAFF::settings{'VERSION_CHECK_ON'} = 'off'; - -&NETTRAFF::readSettings(); - - -sub readSettings -{ - &General::readhash($NETTRAFF::settingsfile, \%NETTRAFF::settings); -} - - -sub showNetTrafficVersion -{ - my %versionSettings = (); - - &General::readhash($NETTRAFF::versionfile, \%versionSettings); - - print < - Net-Traffic $versionSettings{'VERSION_INSTALLED'} - - -END - print "Build $versionSettings{'BUILD_INSTALLED'}"; - - if ($versionSettings{'IS_TESTVERSION'} == 1) { - print " - Testversion $versionSettings{'TESTVERSION'}"; - } - print "

\n"; - - # check for new version - &checkForNewVersion(); -} - -sub traffPercentbar -{ - my $percent = $_[0]; - my $fg = '#a0a0a0'; - my $bg = '#e2e2e2'; - - if ($percent =~ m/^(\d+)%$/ ) - { - print < - -END - - if ($percent eq "100%" || $1 > 100) - { - $fg = $NETTRAFF::colorMax; - print "" - } - elsif ($percent eq "0%") - { - print "" - } - else - { - if($NETTRAFF::settings{'WARN_ON'} eq 'on' - && $1 >= $NETTRAFF::settings{'WARN'}) - { - $fg = $NETTRAFF::colorWarn; - } - - print "" - } - print < - - - -END - - } -} - - -sub checkForNewVersion -{ - if ($NETTRAFF::settings{'VERSION_CHECK_ON'} ne 'on') - { - return; - } - - # download latest version - &downloadLatestVersionInfo(); - - if(-e $latestVersionFile) - { - my %versionSettings = (); - &General::readhash($NETTRAFF::versionfile, \%versionSettings); - - my %latestVersion = (); - &General::readhash($latestVersionFile, \%latestVersion); - - if( $versionSettings{'VERSION_INSTALLED'} lt $latestVersion{'VERSION_AVAILABLE'} - || ( $versionSettings{'VERSION_INSTALLED'} le $latestVersion{'VERSION_AVAILABLE'} - && $versionSettings{'BUILD_INSTALLED'} lt $latestVersion{'BUILD_AVAILABLE'} ) ) - { - &Header::openbox('100%', 'left', $Lang::tr{'info'}); - print < - - - $Lang::tr{'net traffic newversion'} - - $latestVersion{'URL_UPDATE'} - - - - - - v$latestVersion{'VERSION_AVAILABLE'} - Build $latestVersion{'BUILD_AVAILABLE'} - -END - - &Header::closebox(); - } - } -} - -sub downloadLatestVersionInfo -{ - # only check if we are online - if (! -e '/var/ipfire/red/active') - { - return; - } - - # download latest version file if it is not existing or outdated (i.e. 5 days old) - if((! -e $latestVersionFile) || (int(-M $latestVersionFile) > 5)) - { - my %versionSettings = (); - &General::readhash($NETTRAFF::versionfile, \%versionSettings); - - my $ua = LWP::UserAgent->new; - $ua->timeout(120); - $ua->agent("Mozilla/4.0 (compatible; IPFire $General::version; $versionSettings{'VERSION_INSTALLED'})"); - my $content = $ua->get($updateUrl); - - if ( $content->is_success ) - { -#~ open(FILE, ">$latestVersionFile") or die "Could not write file: $latestVersionFile"; -#~ flock (FILE, 2); -#~ print FILE "$content->content\n"; -#~ close(FILE); - - my %latestVersion = (); - - # latest versions, format is: MOD_VERSION="1.3.0" - $content->content =~ /MOD_VERSION="(.+?)"/; - $latestVersion{'VERSION_AVAILABLE'} = $1; - - # latest build, format is: MOD_BUILD="0" - $content->content =~ /MOD_BUILD="(.+?)"/; - $latestVersion{'BUILD_AVAILABLE'} = $1; - - # URL format is: MOD_URL="http://blockouttraffic.de/nt_index.php" - $content->content =~ /MOD_URL="(.+?)"/; - $latestVersion{'URL_UPDATE'} = $1; - - &General::writehash($latestVersionFile, \%latestVersion); - } - } -} - - -sub getFormatedDate -{ - my $time = shift; - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($time); - - return sprintf("%04d-%02d-%02d, %02d:%02d", 1900+$year, $mon+1, $mday, $hour, $min);; - -} -# always return 1; -1; -# EOF diff --git a/config/cfgroot/net-traffic-lib.pl b/config/cfgroot/net-traffic-lib.pl deleted file mode 100644 index 37afdbf84..000000000 --- a/config/cfgroot/net-traffic-lib.pl +++ /dev/null @@ -1,518 +0,0 @@ -#!/usr/bin/perl -# -# $Id: net-traffic-lib.pl,v 1.10 2007/01/09 19:00:35 dotzball Exp $ -# -# Summarize all IP accounting files from start to end time -# -# Copyright (C) 1997 - 2000 Moritz Both -# 2001 - 2002 Al Zaharov -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -# -# The author can be reached via email: moritz@daneben.de, or by -# snail mail: Moritz Both, Im Moore 26, 30167 Hannover, -# Germany. Phone: +49-511-1610129 -# -# -# 22 June 2004 By Achim Weber dotzball@users.sourceforge.net -# - changed to use it with Net-Traffic Addon -# - renamed to avoid issues when calling this file or original ipacsum -# - this file is net-traffic-lib.pl for IPCop 1.4.0 -# - -package Traffic; - -use 5.000; -use Getopt::Long; -use POSIX qw(strftime); -use Time::Local; -use Socket; -use IO::Handle; -#use warnings; -#use strict; - -$|=1; # line buffering - -my @moff = (0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 ); - -# =()<$datdelim="@@";>()= -my $datdelim="#-#-#-#-#"; -# =()<$prefix="@@";>()= -my $prefix="/usr"; -# =()<$exec_prefix="@@";>()= -my $exec_prefix="${prefix}"; -# =()<$INSTALLPATH="@@";>()= -my $INSTALLPATH="${exec_prefix}/sbin"; -my $datdir="/var/log/ip-acct"; - -my $me=$0; -$me =~ s|^.*/([^/]+)$|$1|; -my $now = time; -my $fetchipac="$INSTALLPATH/fetchipac"; -my $rule_regex = ".*"; # match rules with this regex only -my $machine_name; -my $fetchipac_options; -my ($newest_timestamp_before_starttime, $oldest_timestamp_after_endtime); -my (%rule_firstfile, %rule_lastfile); -my $count; -my @timestamps; -my $rulenumber; -my ($starttime, $endtime); - -## Net-Traffic variables ## -my %allDays; -my $allDaysBytes; -my $tzoffset = 0; -my $displayMode = "daily"; -my ($curMonth, $curYear); -${Traffic::blue_in} = 'incoming BLUE'; -${Traffic::green_in} = 'incoming GREEN'; -${Traffic::orange_in} = 'incoming ORANGE'; -${Traffic::red_in} = 'incoming RED'; -${Traffic::blue_out} = 'outgoing BLUE'; -${Traffic::green_out} = 'outgoing GREEN'; -${Traffic::orange_out} = 'outgoing ORANGE'; -${Traffic::red_out} = 'outgoing RED'; - - -sub calcTraffic{ - $allDaysBytes = shift; - $starttime = shift; - $endtime = shift; - $displayMode = shift; - - # init - %allDays = (); - $starttime =~ /^(\d\d\d\d)(\d\d)/; - $curYear = $1; - $curMonth = $2; - - # calculate time zone offset in seconds - use difference of output of date - # command and time function, round it - $tzoffset = time-timegm(localtime()); - $machine_name = undef; - - if($displayMode ne "exactTimeframe") - { - $starttime = makeunixtime($starttime); - if($displayMode ne 'exactEnd') { - $endtime = makeunixtime($endtime); - } - } - $endtime -= 1; - - # options that we need to pass to fetchipac if we call it. - $fetchipac_options = "--directory=$datdir"; - - $endtime = $now if ($endtime > $now); - $starttime = 0 if ($starttime < 0); -#~ $mystarttime = &makemydailytime($starttime); -#~ $myendtime = &makemydailytime($endtime); - %rule_firstfile = ( ); - %rule_lastfile = ( ); - @timestamps = (); - - # find out which timestamps we need to read. - # remember newest timestamp before starttime so we know when data for - # the first file starts - # also remember oldest timestamp after end time - $newest_timestamp_before_starttime = ""; - $oldest_timestamp_after_endtime = ""; - open(DATA, "$fetchipac $fetchipac_options --timestamps=$starttime,$endtime ". - "--machine-output-format|") || die "$me: cant run $fetchipac\n"; - # the first thing is the timestamp count - $count=; - if ($count == 0) { - return (); - } - while() - { - if (/^(.)\s(\d+)$/) { - my $ts = $2; - if ($1 eq "-") { - $newest_timestamp_before_starttime=$ts; - } - elsif ($1 eq "+") { - $oldest_timestamp_after_endtime=$ts; - } - elsif ($1 eq "*") { - push(@timestamps, $ts); - } - else { - die "$me: illegal output from $fetchipac: \"$_\"\n"; - } - } - else { - die "$me: illegal output from $fetchipac: \"$_\"\n"; - } - } - close DATA; - - push(@timestamps, $oldest_timestamp_after_endtime) - if ($oldest_timestamp_after_endtime); - unshift(@timestamps, $newest_timestamp_before_starttime) - if ($newest_timestamp_before_starttime); - - $rulenumber = 0; - - # read all data we need and put the data into memory. - &read_data; - - my @days_sorted = sort keys %allDays; - return @days_sorted; -} -########################## -# END OF MAIN PROGRAM -########################## - -# read all data (@timestmaps contains the timestamps, must be sorted!) -# and put the data into our global memory data -# structures. special care must be taken with data of the first and -# the last timestamps we read, since we only want data which is from our -# time frame. Furthermore, data from before and after this time frame -# must be preserved in special data structures because we might replace -# them (option --replace) and have to write extra data for these times -# then. -sub read_data { - my $run_s; - my $s; - my $i; - my $in_time = 0; - my $after_time = 0; - - my $curDay = $starttime; - - # feed the timestamp list to fetchipac on its stdin. - socketpair(CHILD, PARENT, AF_UNIX, SOCK_STREAM, PF_UNSPEC) - or die "socketpair: $!"; - CHILD->autoflush(1); - PARENT->autoflush(1); - my $pid = open(CHILD, "-|"); - die "$me: can't fork: $!\n" unless defined $pid; - if ($pid == 0) { - # child - close CHILD; - open(FETCHIPAC, "|$fetchipac $fetchipac_options --record " - ."--machine-output-format") - or die "$me: cant exec fetchipac\n"; - -#this is much more efficient than the original code (Manfred Weihs) -# and it adds more troubles than solves (Al Zakharov) - if ($timestamps[0] == $newest_timestamp_before_starttime) { - print(FETCHIPAC $timestamps[1],"-",$timestamps[$count],"\n"); - } else { - print(FETCHIPAC $timestamps[0],"-",$timestamps[$count-1],"\n"); - } - close(FETCHIPAC); - close(PARENT); - exit; - } - close PARENT; - - my $laststamp = undef; - $laststamp = $newest_timestamp_before_starttime - if ($newest_timestamp_before_starttime); - $i = 0; - $i++ if ($laststamp); - while () { - # first line of fetchipac output: "ADD" - /^ADD\s*$/i or die "$me: bad line from fetchipac: $_\n"; - # second line of fetchipac output: timestamp no_of_records - $_ = || last; - /^(\d+)\s(\d+)$/ or die "$me: bad line from fetchipac: $_\n"; - my $timestamp = int $1; - my $number_of_records = int $2; - my $do_collect = 1; - - if ($displayMode =~ /^daily/) { - # increment Day aslong current timestamp is not in current Day - while ( ($timestamp-$curDay) > 86399) { - $curDay += 86400; - } - } - else - { - my @dummy = localtime($timestamp); - # increment Month aslong current timestamp is not in current Month - while ($curMonth < ($dummy[4]+1) || $curYear<($dummy[5]+1900)) { - $curMonth++; - if ($curMonth > 12) { - $curMonth = 1; - $curYear++; - } - my $newMonth = $curYear; - $newMonth .= $curMonth < 10 ? "0".$curMonth."01" : $curMonth."01"; - $newMonth .= "01"; - $curDay = &makeunixtime($newMonth); - } - } - - if ($timestamp < $starttime) { - # this record is too old, we dont need the data. - # However, the timestamp gives us a clue on the - # time period the next item covers. - $do_collect = 0; - } - - my $irec; - # read each record - my $data = &read_data_record(CHILD, $number_of_records); - - if ($do_collect && $in_time == 0) { - # the data is from after starttime. if it is the - # first one, split the data (if we know for how - # long this data is valid, and if $laststamp is not - # equal to $starttime in which case the split is - # redundant). If we don't have a clue about the - # last file time before our first file was created, - # we do not know how much of the file data is in our - # time frame. we assume everything belongs to us. - $in_time = 1; -# if ($laststamp && $laststamp != $starttime) { - if ($laststamp && $laststamp != $newest_timestamp_before_starttime) { - my $newdata = &split_data($data, - $laststamp, $timestamp, $starttime); -#~ $glb_data_before = $data; - $data = $newdata; - $laststamp = $starttime; - } - } - - if ($timestamp > $endtime) { - # this data is too new, but the data in it may have - # begun within our time frame. (if endtime eq laststamp - # we do a redundant split here, too - it works for now - # and --replace relies on it, but it is ugly.) - if ($after_time == 0) { - $after_time = 1; - if ($laststamp) { -#~ $glb_data_after = -#~ &split_data($data,$laststamp,$timestamp,$endtime); - &split_data($data,$laststamp,$timestamp,$endtime); - } else { - $do_collect = 0; - } - } else { - $do_collect = 0; # just too new. - } - } - - if ($do_collect) { - &collect_data($data, $i, $curDay); - } - $laststamp = $timestamp; - $i++; - } - close CHILD; - wait; -} - -# split the data in $1 (format as from read_data) into a pair of two -# such data sets. The set referenced to as $1 will afterwards contain -# the first part of the data, another set which is returned contains -# the second part of the data. -# interpret the data as having start time=$2 and end time=$3 and split -# time=$4 -sub split_data { - my $data = shift; - my $mstart = shift; - my $mend = shift; - my $msplit = shift; - - # calculate factors for multiplications - my $ust = $mstart; - my $uperiod = $mend - $ust; - my $usplit = $msplit - $ust; - - if ($uperiod < 0) { - # hmmm? die Daten sind rueckwaerts??? - $uperiod = -$uperiod; - } - my $fac1; - if ($usplit < 0) { - $fac1 = 0; - } - elsif ($usplit > $uperiod) { - $fac1 = 1; - } - else { - $fac1 = $usplit / $uperiod; - } - - # $fac1 now says us how much weight the first result has. - # initialize the set we will return. - my @ret = ( ); - - foreach my $set (@$data) { - my ($rule, $bytes, $pkts) = @$set; - $$set[1] = int($bytes * $fac1 + 0.5); - $$set[2] = int($pkts * $fac1 + 0.5); - push(@ret, [ $rule, $bytes - $$set[1], $pkts - $$set[2] ]); - } - return \@ret; -} - -# put data from one file into global data structures -# must be called in correct sorted file name order to set rules_lastfile -# and rules_firstfile (which are currently useless) -# arguments: -# $1=index number of file; $2 = reference to array with data from file -sub collect_data { - my($filedata, $ifile, $i, $day); - - $filedata = shift; - $ifile=shift; - $day =shift; - - # if day first appeared in this file, initialize its - # life. - if (!defined($allDays{$day})) { - return if (&init_filter_id($day)); - $allDays{$day} = $rulenumber++; - } - - for ($i=0; $i<=$#$filedata; $i++) { - my $set = $$filedata[$i]; - my $rule = $$set[0]; - my $bytes = $$set[1]; - my $pkts = $$set[2]; - - $_ = $rule; - /^(.*) \(.*$/; - $_ = $1; - /^forwarded (.*)$/; - $rule = $1; - $allDaysBytes->{$day}{$rule} += $bytes; - } -} - -# initialize data variables for a new rule - if it is new -sub init_filter_id { - my($s, $ifile) = @_; - - if (!defined $allDaysBytes->{$s}) { - if ($displayMode =~ /^daily/) { - my $newDay = &makemydailytime($s); - $newDay =~ /^\d\d\d\d-(\d\d)-\d\d$/; - - return 1 if ($1 > $curMonth && $displayMode ne "daily_multi"); - - $allDaysBytes->{$s}{'Day'} = $newDay; - } - else { - $allDaysBytes->{$s}{'Day'} = &makemymonthlytime($s); - } - $allDaysBytes->{$s}{${Traffic::blue_in}} = int(0); - $allDaysBytes->{$s}{${Traffic::green_in}} = int(0); - $allDaysBytes->{$s}{${Traffic::orange_in}} = int(0); - $allDaysBytes->{$s}{${Traffic::red_in}} = int(0); - $allDaysBytes->{$s}{${Traffic::blue_out}} = int(0); - $allDaysBytes->{$s}{${Traffic::green_out}} = int(0); - $allDaysBytes->{$s}{${Traffic::orange_out}} = int(0); - $allDaysBytes->{$s}{${Traffic::red_out}} = int(0); - } - return 0; -} - -# read data record from filehandle $1 -# number of records is $2 -# Return value: reference to array a of length n; -# n is the number of rules -# each field in a is an array aa with 3 fields -# the fields in arrays aa are: [0]=name of rule; [1]=byte count; -# [2]=packet count -# function does not use global variables -sub read_data_record { - my($file, $number_of_records, $beforedata, $indata, $i, $irec); - my($pkts, $bytes, $rule); - my(@result); - - $file=shift; - $number_of_records = shift; - $indata=0; - $beforedata=1; - - for($irec = 0; $irec < $number_of_records; $irec++) { - $_ = <$file>; - chop; - /^\(\s*(.*)$/ or die "$me: bad line from fetchipac (expecting machine name): $_\n"; - $machine_name = $1; # remember final machine name - while(<$file>) { - last if (/^\)$/); # terminating line ')' - /^(\d+)\s(\d+)\s\|(.*)\|$/ - or die "$me: bad line from fetchipac (expecting rule item): $_\n"; - $bytes = $1; - $pkts = $2; - $rule = $3; - if ($rule =~ /$rule_regex/) { - push(@result, [ $rule, $bytes, $pkts]); - } - } - } - # read another emtpy line (data format consistency) - $_ = <$file>; - die "$me: bad data from fetchipac (expected emtpy line): $_\n" - if ($_ !~ /^$/); - \@result; -} - -# given a string in format YYYYMMDD[hh[mm[ss]]], make unix time -# use time zone offset $tzoffset (input=wall clock time, output=UTC) -sub makeunixtime { - my($y, $m, $d, $h, $i, $e); - my $s = shift; - - $h=0; $i=0; $e=0; - if ($s =~ /^(\d\d\d\d)(\d\d)(\d\d)/) { - ($y, $m, $d) = ($1, $2, $3); - if ($s =~ /^\d\d\d\d\d\d\d\d-?(\d\d)/) { - $h=$1; - if ($s =~ /^\d\d\d\d\d\d\d\d-?\d\d(\d\d)/) { - $i=$1; - if ($s =~ /^\d\d\d\d\d\d\d\d-?\d\d\d\d(\d\d)/) { - $e=$1; - } - } - } - } - else { - return 0; - } - - $y-=1970; - $s = (($y)*365) + int(($y+2)/4) + $moff[$m-1] + $d-1; - $s-- if (($y+2)%4 == 0 && $m < 3); - $s*86400 + $h*3600 + $i*60 + $e + $tzoffset; -} - -# return the given unix time in localtime in "mydaily" time format -sub makemydailytime { - my($s)=shift; - - my($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = - localtime($s); - return sprintf("%04d-%02d-%02d", 1900+$year, $mon+1, $mday); -} - -# return the given unix time in localtime in "mymonthly" time format -sub makemymonthlytime { - my($s)=shift; - - my($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = - localtime($s); - return sprintf("%04d-%02d", 1900+$year, $mon+1); -} - -# EOF diff --git a/config/cfgroot/nfs-server b/config/cfgroot/nfs-server deleted file mode 100644 index c13747175..000000000 --- a/config/cfgroot/nfs-server +++ /dev/null @@ -1,4 +0,0 @@ -PORT="2049" -PROCESSES="8" -QUOTAS="no" -KILLDELAY="10" diff --git a/config/cfgroot/oinkmaster.conf b/config/cfgroot/oinkmaster.conf deleted file mode 100644 index e52d89dc9..000000000 --- a/config/cfgroot/oinkmaster.conf +++ /dev/null @@ -1,292 +0,0 @@ -# $Id: oinkmaster.conf,v 1.1.2.2 2005/05/02 17:11:58 franck78 Exp $ # - -# Oinkmaster is a tool to update snort rules, which allow to conserve -# a particular setting even after a rules update. -# This file is a customised version for IPCop. -# Disabling/enabling a particular rule should be made in this file. -# In case you want to use some of the rules files commented out in -# standard ipcop /etc/snort/snort.conf : -# -comment out the corresponding skipfile in this oinkmaster.conf -# -uncomment the corresponding include in /etc/snort.conf -# -save snort settings to restart snort - - -################################################ -# General options you may want to change # -################################################ - - - -# The PATH to use during execution. If you prefer to use external -# binaries (i.e. use_external_bins=1, see below), tar and gzip must be -# found, and also wget if downloading via ftp, http or https. All with -# optional .exe suffix. If you're on Cygwin, make sure that the path -# contains the Cygwin binaries and not the native Win32 binaries or -# you will get problems. -# Assume UNIX style by default: -#path = /bin:/usr/bin:/usr/local/bin -path = /bin - -# Files in the archive(s) matching this regular expression will be -# checked for changes, and then updated or added if needed. -# All other files will be ignored. You can then choose to skip -# individual files by specifying the "skipfile" keyword below. -# Normally you shouldn't need to change this one. -update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$ - - -# Regexp of keywords that starts a snort rule. -# May be useful if you create your own ruletypes and want those -# lines to be regarded as rules as well. -# rule_actions = alert|drop|log|pass|reject|sdrop|activate|dynamic - - -####################################################################### -# Files to totally skip (i.e. never update or check for changes) # -# # -# Syntax: skipfile filename # -# or: skipfile filename1, filename2, filename3, ... # -####################################################################### - -# Ignore local.rules from the rules archive by default since we might -# have put some local rules in our own local.rules and we don't want it -# to get overwritten by the empty one from the archive after each -# update. -skipfile local.rules - -# The file deleted.rules contains rules that have been deleted from -# other files, so there is usually no point in updating it. -skipfile deleted.rules - -# Also skip snort.conf by default since we don't want to overwrite our -# own snort.conf if we have it in the same directory as the rules. If -# you have your own production copy of snort.conf in another directory, -# it may be really nice to check for changes in this file though, -# especially since variables are sometimes added or modified and -# new/old files are included/excluded. -skipfile snort.conf - -# You may want to consider ignoring threshold.conf for the same reasons -# as for snort.conf, i.e. if you customize it locally and don't want it -# to become overwritten by the default one. It may be better to put -# local thresholding/suppressing in some local file and still update -# and use the official one though, in case important stuff is added to -# it some day. We do update it by default, but it's your call. -# skipfile threshold.conf - -# If you update from multiple URLs at the same time you must ignore -# the sid-msg.map (and generate it yourself if you need one) as it's -# usually included in each rules tarball. See the FAQ for more info. -# skipfile sid-msg.map -skipfile web-attacks.rules -skipfile backdoor.rules -skipfile shellcode.rules -skipfile policy.rules -skipfile porn.rules -skipfile info.rules -skipfile icmp-info.rules -skipfile virus.rules -skipfile chat.rules -skipfile multimedia.rules -skipfile p2p.rules -skipfile experimental.rules - - -########################################################################## -# SIDs to modify after each update (only for the skilled/stupid/brave). # -# Don't use it unless you have to. There is nothing that stops you from # -# modifying rules in such ways that they become invalid or generally # -# break things. You have been warned. # -# If you just want to disable SIDs, please skip this section and have a # -# look at the "disablesid" keyword below. # -# # -# You may specify multiple modifysid directives for the same SID (they # -# will be processed in order of appearance), and you may also specify a # -# list of SIDs on which the substitution should be applied. # -# If the argument is in the form something.something it is regarded # -# as a filename and the substitution will apply on all rules in that # -# file. The wildcard ("*") can be used to apply the substitution on all # -# rules regardless of the SID or file. Please avoid using #comments # -# at the end of modifysid lines, they may confuse the parser in some # -# situations. # -# # -# Syntax: # -# modifysid SID "replacethis" | "withthis" # -# or: # -# modifysid SID1, SID2, SID3, ... "replacethis" | "withthis" # -# or: # -# modifysid file "replacethis" | "withthis" # -# or: # -# modifysid * "replacethis" | "withthis" # -# # -# The strings within the quotes will simply be passed to a # -# s/replacethis/withthis/ statement in Perl, so they must be valid # -# regular expressions. The strings are case-sensitive and only the first # -# occurrence will be replaced. If there are multiple occurrences you # -# want to replace, simply repeat the same modifysid line. # -# # -# If you specify a modifysid statement for a multi-line rule, Oinkmaster # -# will first translate the rule into a single-line version and then # -# perform the substitution, so you don't have to care about the trailing # -# backslashes and newlines. # -# # -# If you use variables in the substitution expression, it is strongly # -# recommended to always specify them like ${varname} instead of # -# $varname (like ${1} instead of $1 for example) to avoid parsing # -# confusion in some situations. Note that modifysid statements # -# will process both active and inactive (disabled) rules. # -# # -# You may want to check out README.templates and template-examples.conf # -# to find how you can simplify the modifysid usage by using templates. # -########################################################################## - -# Example to enable a rule (in this case SID 1325) that is disabled by -# default, by simply replacing leading "#alert" with "alert". -# (You should really use 'enablesid' for this though.) -# Oinkmaster removes whitespaces next to the leading "#" so you don't -# have to worry about that, but be careful about possible whitespace in -# other places when writing the regexps. -# modifysid 1325 "^#alert" | "alert" - -# You could also do this to enable it no matter what type of rule it is -# (alert, log, pass, etc). -# modifysid 1325 "^#" | "" - -# Example to add "tag" stuff to SID 1325. -# modifysid 1325 "sid:1325;" | "sid:1325; tag: host, src, 300, seconds;" - -# Example to make SID 1378 a 'drop' rule (valid if you're running -# Snort_inline). -# modifysid 1378 "^alert" | "drop" - -# Example to replace first occurrence of $EXTERNAL_NET with $HOME_NET -# in SID 302. Remember that the strings are regular expressions, so you -# must escape special characters like $. -# modifysid 302 "\$EXTERNAL_NET" | "\$HOME_NET" - -# You can also specify that a substitution should apply on multiple SIDs. -# modifysid 302,429,1821 "\$EXTERNAL_NET" | "\$HOME_NET" - -# You can take advantage of the fact that it's regular expressions and -# do more complex stuff. This example (for Snort_inline) adds a 'replace' -# statement to SID 1324 that replaces "/bin/sh" with "/foo/sh". -# modifysid 1324 "(content\s*:\s*"\/bin\/sh"\s*;)" | \ -# "${1} replace:"\/foo\/sh";" - -# If you for some reason would like to add a comment inside the actual -# rules file, like the reason why you disabled this rule, you can do -# like this (you would normally add such comments in oinkmaster.conf -# though). -# modifysid 1324 "(.+)" | "# 20020101: disabled this rule just for fun:\n#${1}" - -# Here is an example that is actually useful. Let's say you don't care -# about incoming welchia pings (detected by SID 483 at the time of -# writing) but you want to know when infected hosts on your network -# scans hosts on the outside. (Remember that watching for outgoing -# malicious packets is often just as important as watching for incoming -# ones, especially in this case.) The rule currently looks like -# "alert icmp $EXTERNAL_NET any -> $HOME_NET any ..." -# but we want to switch that so it becomes -# "alert icmp $HOME_NET any -> $EXTERNAL_NET any ...". -# Here is how it could be done. -# modifysid 483 \ -# "(.+) \$EXTERNAL_NET (.+) \$HOME_NET (.+)" | \ -# "${1} \$HOME_NET ${2} \$EXTERNAL_NET ${3}" - -# The wildcard (modifysid * ...) can be used to do all kinds of -# interesting things. The substitution expression will be applied on all -# matching rules. First, a silly example to replace "foo" with "bar" in -# all rules (that have the string "foo" in them, that is.) -# modifysid * "foo" | "bar" - -# If you for some reason don't want to use the stream preprocessor to -# match established streams, you may want to replace the 'flow' -# statement with 'flags:A+;' in all those rules. -# modifysid * "flow:[a-z,_ ]+;" | "flags:A+;" - -# Example to convert all rules of classtype attempted-admin to 'drop' -# rules (for Snort_inline only, obviously). -# modifysid * "^alert (.*classtype\s*:\s*attempted-admin)" | "drop ${1}" - -# This one will append some text to the 'msg' string for all rules that -# have the 'tag' keyword in them. -# modifysid * "(.*msg:\s*".+?)"(\s*;.+;\s*tag:.*)" | \ -# "${1}, going to tag this baby"${2}" - -# There may be times when you want to replace multiple occurrences of a -# certain keyword/string in a rule and not just the first one. To -# replace the first two occurrences of "foo" with "bar" in SID 100, -# simply repeat the modifysid statement: -# modifysid 100 "foo" | "bar" -# modifysid 100 "foo" | "bar" - -# Or you can even specify a SID list but repeat the same SID as many -# times as required, like: -# modifysid 100,100,100 "foo" | "bar" - -# Enable all rules in the file exploit.rules. -# modifysid exploit.rules "^#" | "" - -# Enable all rules in exploit.rules, icmp-info.rules and also SID 1171. -# modifysid exploit.rules, snmp.rules, 1171 "^#" | "" - - - -######################################################################## -# SIDs that we don't want to update. # -# If you for some reason don't want a specific rule to be updated # -# (e.g. you made local modifications to it and you never want to # -# update it and don't care about changes in the official version), you # -# can specify a "localsid" statement for it. This means that the old # -# version of the rule (i.e. the one in the rules file on your # -# harddrive) is always kept, regardless if the official version has # -# been updated. Please do not use this feature unless in special # -# cases as it's easy to end up with many signatures that aren't # -# maintained anymore. See the FAQ for details about this and hints # -# about better solutions regarding customization of rules. # -# # -# Syntax: localsid SID # -# or: localsid SID1, SID2, SID3, ... # -######################################################################## - -# Example to never update SID 1325. -# localsid 1325 - - - -######################################################################## -# SIDs to enable after each update. # -# Will simply remove all the leading '#' for a specified SID (if it's # -# a multi-line rule, the leading '#' for all lines are removed.) # -# These will be processed after all the modifysid and disablesid # -# statements. Using 'enablesid' on a rule that is not disabled is a # -# NOOP. # -# # -# Syntax: enablesid SID # -# or: enablesid SID1, SID2, SID3, ... # -######################################################################## - -# Example to enable SID 1325. -# enablesid 1325 - - - -######################################################################## -# SIDs to comment out, i.e. disable, after each update by placing a # -# '#' in front of the rule (if it's a multi-line rule, it will be put # -# in front of all lines). # -# # -# Syntax: disablesid SID # -# or: disablesid SID1, SID2, SID3, ... # -######################################################################## - -# You can specify one SID per line. -# disablesid 1 -# disablesid 2 -# disablesid 3 - -# And also as comma-separated lists. -# disablesid 4,5,6 - -# It's a good idea to also add comment about why you disable the sid: -# disablesid 1324 # 20020101: disabled this SID just because I can diff --git a/config/cfgroot/p2protocols b/config/cfgroot/p2protocols deleted file mode 100644 index 78c610115..000000000 --- a/config/cfgroot/p2protocols +++ /dev/null @@ -1,9 +0,0 @@ -Bittorrent;bit;on; -Edonkey;edk;on; -KaZaA;kazaa;on; -Gnutella;gnu;on; -DirectConnect;dc;on; -Applejuice;apple;on; -WinMX;winmx;on; -SoulSeek;soul;on; -Ares;ares;on; \ No newline at end of file diff --git a/config/cfgroot/protocols.pl b/config/cfgroot/protocols.pl deleted file mode 100644 index 39fb676ba..000000000 --- a/config/cfgroot/protocols.pl +++ /dev/null @@ -1,162 +0,0 @@ -# Protocols Data File -# -# This file is part of the IPCop Firewall. -# -# IPCop is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# IPCop is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with IPCop; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -# (c) The IPCop Team -# -# $Id: protocols.pl,v 1.2.2.1 2005/01/26 12:23:20 riddles Exp $ -# -# Generated from /etc/protocols using: -# cat /etc/protocols | grep -ve "^#" | grep -v "^$" | \ -# awk '{ print "\"" $1 "\" => \"" $2 "\","}' -# -# Code supplied by Mark Wormgroor -# - -package Protocols; - -%protocols = ( -"ip" => "0", -"icmp" => "1", -"igmp" => "2", -"ggp" => "3", -"ipencap" => "4", -"st" => "5", -"tcp" => "6", -"cbt" => "7", -"egp" => "8", -"igp" => "9", -"bbn-rcc" => "10", -"nvp" => "11", -"pup" => "12", -"argus" => "13", -"emcon" => "14", -"xnet" => "15", -"chaos" => "16", -"udp" => "17", -"mux" => "18", -"dcn" => "19", -"hmp" => "20", -"prm" => "21", -"xns-idp" => "22", -"trunk-1" => "23", -"trunk-2" => "24", -"leaf-1" => "25", -"leaf-2" => "26", -"rdp" => "27", -"irtp" => "28", -"iso-tp4" => "29", -"netblt" => "30", -"mfe-nsp" => "31", -"merit-inp" => "32", -"sep" => "33", -"3pc" => "34", -"idpr" => "35", -"xtp" => "36", -"ddp" => "37", -"idpr-cmtp" => "38", -"tp++" => "39", -"il" => "40", -"ipv6" => "41", -"sdrp" => "42", -"ipv6-route" => "43", -"ipv6-frag" => "44", -"idrp" => "45", -"rsvp" => "46", -"gre" => "47", -"mhrp" => "48", -"bna" => "49", -"ipv6-crypt" => "50", -"ipv6-auth" => "51", -"i-nlsp" => "52", -"swipe" => "53", -"narp" => "54", -"mobile" => "55", -"tlsp" => "56", -"skip" => "57", -"ipv6-icmp" => "58", -"ipv6-nonxt" => "59", -"ipv6-opts" => "60", -"cftp" => "62", -"sat-expak" => "64", -"kryptolan" => "65", -"rvd" => "66", -"ippc" => "67", -"sat-mon" => "69", -"visa" => "70", -"ipcv" => "71", -"cpnx" => "72", -"cphb" => "73", -"wsn" => "74", -"pvp" => "75", -"br-sat-mon" => "76", -"sun-nd" => "77", -"wb-mon" => "78", -"wb-expak" => "79", -"iso-ip" => "80", -"vmtp" => "81", -"secure-vmtp" => "82", -"vines" => "83", -"ttp" => "84", -"nsfnet-igp" => "85", -"dgp" => "86", -"tcf" => "87", -"eigrp" => "88", -"ospf" => "89", -"sprite-rpc" => "90", -"larp" => "91", -"mtp" => "92", -"ax.25" => "93", -"ipip" => "94", -"micp" => "95", -"scc-sp" => "96", -"etherip" => "97", -"encap" => "98", -"gmtp" => "100", -"ifmp" => "101", -"pnni" => "102", -"pim" => "103", -"aris" => "104", -"scps" => "105", -"qnx" => "106", -"a/n" => "107", -"ipcomp" => "108", -"snp" => "109", -"compaq-peer" => "110", -"ipx-in-ip" => "111", -"vrrp" => "112", -"pgm" => "113", -"l2tp" => "115", -"ddx" => "116", -"iatp" => "117", -"stp" => "118", -"srp" => "119", -"uti" => "120", -"smp" => "121", -"sm" => "122", -"ptp" => "123", -"isis" => "124", -"fire" => "125", -"crtp" => "126", -"crdup" => "127", -"sscopmce" => "128", -"iplt" => "129", -"sps" => "130", -"pipe" => "131", -"sctp" => "132", -"fc" => "133", -); diff --git a/config/cfgroot/proxy-acl b/config/cfgroot/proxy-acl deleted file mode 100644 index b7ebc6936..000000000 --- a/config/cfgroot/proxy-acl +++ /dev/null @@ -1,49 +0,0 @@ -# Do not modify '/var/ipfire/proxy/squid.conf' directly since any changes -# you make will be overwritten whenever you resave proxy settings using the -# web interface! Instead, modify the file '/var/ipfire/proxy/acl' and then -# restart squid using the web interface. Changes made to the 'acl' file -# will propagate to the 'squid.conf' file at that time. -# [Scott Tregear, 22 Feb 2005] - -# Uncomment the following line to enable logging of User-Agent header: -#useragent_log /var/log/squid/user_agent.log - -# Uncomment the following line to enable logging of Referer header: -#referer_log /var/log/squid/referer.log - -acl all src 0.0.0.0/0.0.0.0 -acl localhost src 127.0.0.1/255.255.255.255 -acl SSL_ports port 443 563 -acl Safe_ports port 80 # http -acl Safe_ports port 21 # ftp -acl Safe_ports port 443 563 # https, snews -acl Safe_ports port 70 # gopher -acl Safe_ports port 210 # wais -acl Safe_ports port 1025-65535 # unregistered ports -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http -acl Safe_ports port __PROXY_PORT__ # Squid port (for icons) - -acl IPCop_http port 81 -acl IPCop_https port 444 -acl IPCop_ips dst __GREEN_IP__ __BLUE_IP__ -acl IPCop_networks src __GREEN_NET__ __BLUE_NET__ -acl CONNECT method CONNECT - -##Access to squid: -#local machine, no restriction -http_access allow localhost - -#GUI admin if local machine connects -http_access allow IPCop_ips IPCop_networks IPCop_http -http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https - -#Deny not web services -http_access deny !Safe_ports -http_access deny CONNECT !SSL_ports - -#Finally allow IPCop_networks clients -http_access allow IPCop_networks -http_access deny all diff --git a/config/cfgroot/ssh-settings b/config/cfgroot/ssh-settings deleted file mode 100644 index 83b8876dd..000000000 --- a/config/cfgroot/ssh-settings +++ /dev/null @@ -1,6 +0,0 @@ -ENABLE_SSH_KEYS=off -ENABLE_SSH_PROTOCOL1=off -ENABLE_SSH_PASSWORDS=on -ENABLE_SSH_PORTFW=off -ENABLE_SSH=off -__CGI__=CGI=HASH(0x840b7a0) diff --git a/config/cfgroot/time-settings b/config/cfgroot/time-settings deleted file mode 100644 index 577b0b345..000000000 --- a/config/cfgroot/time-settings +++ /dev/null @@ -1,7 +0,0 @@ -NTP_ADDR_2=pool.ntp.org -UPDATE_PERIOD=daily -UPDATE_VALUE=1 -UPDATE_METHOD=manually -ENABLENTP=off -NTP_ADDR_1=de.pool.ntp.org -VALID=yes diff --git a/config/cfgroot/useragents b/config/cfgroot/useragents deleted file mode 100644 index 17950d112..000000000 --- a/config/cfgroot/useragents +++ /dev/null @@ -1,20 +0,0 @@ -APTGET,apt-get,(APT\-HTTP) -AOL,AOL,(AOL) -AVANT,AvantBrowser,(avantbrowser) -FIREFOX,Firefox,(Firefox) -FRONTPAGE,FrontPage,(FrontPage) -GEARTH,Google Earth,(kh_lt\/LT) -GECKO,Gecko compatible,(Gecko) -GETRIGHT,GetRight,(GetRight) -GOZILLA,Go!Zilla,(Go!Zilla) -GOOGLE,Google Toolbar,(Google\sToolbar) -JAVA,Java,(Java) -KONQUEROR,Konqueror,(Konqueror) -LYNX,Lynx,(Lynx) -MSIE,Internet Explorer,(MSIE.*[)]$) -NETSCAPE,Netscape,(^Mozilla\/4.[7|8])|(Netscape) -OPERA,Opera,(Opera) -WGA,WGA,(LegitCheck) -WGET,Wget,(Wget) -WINUPD,Windows Update,(Industry\sUpdate\sControl)|(Windows\sUpdate)|(Service\sPack\sSetup)|(Progressive\sDownload)|(Windows\-Update\-Agent)|(Microsoft\sBITS) -WMP,Media Player,(Windows\-Media\-Player)|(NSPlayer) diff --git a/config/cfgroot/xtaccess-config b/config/cfgroot/xtaccess-config deleted file mode 100644 index 74019ef20..000000000 --- a/config/cfgroot/xtaccess-config +++ /dev/null @@ -1 +0,0 @@ -tcp,0.0.0.0/0,113,on,0.0.0.0 diff --git a/config/extrahd/extrahd.pl b/config/extrahd/extrahd.pl deleted file mode 100644 index e4b2a483a..000000000 --- a/config/extrahd/extrahd.pl +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; -# enable only the following on debugging purpose -# use warnings; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %extrahdsettings = (); -my $ok = "true"; -my @devices = (); -my @deviceline = (); -my $deviceentry = ""; -my $devicefile = "/var/ipfire/extrahd/devices"; -my $fstab = "/var/ipfire/extrahd/fstab"; - -### Values that have to be initialized -$extrahdsettings{'PATH'} = ''; -$extrahdsettings{'FS'} = ''; -$extrahdsettings{'DEVICE'} = ''; -$extrahdsettings{'ACTION'} = ''; - -open( FILE, "< $devicefile" ) or die "Unable to read $devicefile"; -@devices = ; -close FILE; - -############################################################################################################################ -############################################################################################################################ - -print "$ARGV[0] $ARGV[1]"; - -if ( "$ARGV[0]" eq "mount" ) { - system("/bin/cp -f /etc/fstab $fstab"); - - foreach $deviceentry (sort @devices) - { - @deviceline = split( /\;/, $deviceentry ); - if ( "$ARGV[1]" eq "$deviceline[2]" ) { - print "Insert /dev/$deviceline[0] ($deviceline[1]) --> $deviceline[2] into /etc/fstab!\n"; - unless ( -d $deviceline[2] ) { system("/bin/mkdir -p $deviceline[2] && chmod 0777 $deviceline[2]"); } - open(FILE, ">>$fstab"); - print FILE "/dev/$deviceline[0]\t$deviceline[2]\t$deviceline[1]\tdefaults\t0\t0\n"; - close(FILE); - } - } - - system("/bin/cp -f $fstab /etc/fstab"); - if ( `/bin/mount -a` ) { - exit(0); - } else { - exit(1); - } - -} elsif ( "$ARGV[0]" eq "umount" ) { - system("/bin/umount $ARGV[1]"); - if ( ! `/bin/mount | /bin/fgrep $ARGV[1]` ) { - system("/bin/cp -f /etc/fstab $fstab"); - system("/bin/fgrep -v $ARGV[1] <$fstab >/etc/fstab"); - print "Succesfully umounted $ARGV[1].\n"; - exit(0); - } else { - print "Can't umount $ARGV[1].\n"; - exit(1); - } - -} else { - print "Usage: $0 (mount|umount) mountpoint\n"; -} - -############################################################################################################################ -############################################################################################################################ diff --git a/config/ipac-ng/ipac.conf b/config/ipac-ng/ipac.conf deleted file mode 100644 index b4145952c..000000000 --- a/config/ipac-ng/ipac.conf +++ /dev/null @@ -1,5 +0,0 @@ -access agent = files -account agent = iptables -storage = gdbm -rules file = /etc/ipac-ng/rules.conf -drop zero lines = yes diff --git a/config/ipac-ng/rules.conf b/config/ipac-ng/rules.conf deleted file mode 100644 index d5ab1a3ec..000000000 --- a/config/ipac-ng/rules.conf +++ /dev/null @@ -1,36 +0,0 @@ -# Example config file with accounting rules -# Install as /etc/ipac-ng/rules.conf.iptables -# -# Format: -# Name of rule|direction|interface|protocol|source|destination -# WARNING!!!! spaces are not allowed before and after '|'. -# -# where -# Name of rule Any string to identify this rule -# direction ipac~fi - forward in -# ipac~fo - forward out -# ipac~i - outgoing from machine with ipac-ng to other host(/net) -# (or incoming to otherhost) -# ipac~o - incoming to machine with ipac-ng -# (or outgoing from otherhost) -# -# interface interface name, '+' means all interfaces (dont try to use ip numbers here!) -# protocol tcp | udp | icmp | all -# source \ -# destination both as described in ipfwadm(8), or empty -# -# incoming: - -# lets demonstrate this by following rules. -# Example 1: -# there are some hosts in out net 192.168.0.0/24 -# our ipac-ng host has two interfaces - eth0 connected to local net -# and eth1 to internet -Incoming GREEN|ipac~i|green0|all||| -Outgoing GREEN|ipac~o|green0|all||| - -Incoming RED (PPP)|ipac~i|ppp0|all||| -Outgoing RED (PPP)|ipac~o|ppp0|all||| - -Incoming RED (ISDN PPP)|ipac~i|ippp0|all||| -Outgoing RED (ISDN PPP)|ipac~o|ippp0|all||| diff --git a/config/menu/00-menu.main b/config/menu/00-menu.main deleted file mode 100644 index a53fa5a5a..000000000 --- a/config/menu/00-menu.main +++ /dev/null @@ -1,32 +0,0 @@ - $menu->{'01.system'} = {'caption' => $Lang::tr{'alt system'}, - 'enabled' => 1, - 'subMenu' => $subsystem - }; - $menu->{'02.status'} = {'caption' => $Lang::tr{'status'}, - 'enabled' => 1, - 'subMenu' => $substatus - }; - $menu->{'03.network'} = {'caption' => $Lang::tr{'network'}, - 'enabled' => 1, - 'subMenu' => $subnetwork - }; - $menu->{'04.services'} = {'caption' => $Lang::tr{'alt services'}, - 'enabled' => 1, - 'subMenu' => $subservices - }; - $menu->{'05.firewall'} = {'caption' => $Lang::tr{'firewall'}, - 'enabled' => 1, - 'subMenu' => $subfirewall - }; - $menu->{'06.proxy'} = {'caption' => $Lang::tr{'alt proxy'}, - 'enabled' => 1, - 'subMenu' => $subproxy - }; - $menu->{'07.ipfire'} = {'caption' => 'IPFire', - 'enabled' => 1, - 'subMenu' => $subipfire - }; - $menu->{'08.logs'} = {'caption' => $Lang::tr{'alt logs'}, - 'enabled' => 1, - 'subMenu' => $sublogs - }; diff --git a/config/menu/10-system.menu b/config/menu/10-system.menu deleted file mode 100644 index 692f133f8..000000000 --- a/config/menu/10-system.menu +++ /dev/null @@ -1,36 +0,0 @@ - $subsystem->{'10.home'} = { - 'caption' => $Lang::tr{'alt home'}, - 'uri' => '/cgi-bin/index.cgi', - 'title' => "$Lang::tr{'alt home'}", - 'enabled' => 1, - }; - $subsystem->{'20.dialup'} = { - 'caption' => $Lang::tr{'alt dialup'}, - 'uri' => '/cgi-bin/pppsetup.cgi', - 'title' => "$Lang::tr{'alt dialup'}", - 'enabled' => 1, - }; - $subsystem->{'30.ssh'} = { - 'caption' => $Lang::tr{'ssh access'}, - 'uri' => '/cgi-bin/remote.cgi', - 'title' => "$Lang::tr{'ssh access'}", - 'enabled' => 1, - }; - $subsystem->{'40.gui'} = { - 'caption' => $Lang::tr{'gui settings'}, - 'uri' => '/cgi-bin/gui.cgi', - 'title' => "$Lang::tr{'gui settings'}", - 'enabled' => 1, - }; - $subsystem->{'40.backup'} = { - 'caption' => $Lang::tr{'backup'}, - 'uri' => '/cgi-bin/backup.cgi', - 'title' => "$Lang::tr{'backup'}", - 'enabled' => 1, - }; - $subsystem->{'99.credits'} = { - 'caption' => $Lang::tr{'credits'}, - 'uri' => '/cgi-bin/credits.cgi', - 'title' => "$Lang::tr{'credits'}", - 'enabled' => 1, - }; diff --git a/config/menu/20-status.menu b/config/menu/20-status.menu deleted file mode 100644 index d81cefdad..000000000 --- a/config/menu/20-status.menu +++ /dev/null @@ -1,68 +0,0 @@ - $substatus->{'10.systemstatus'} = { - 'caption' => $Lang::tr{'system'}, - 'uri' => '/cgi-bin/system.cgi', - 'title' => "$Lang::tr{'system'}", - 'enabled' => 1, - }; - $substatus->{'20.memory'} = { - 'caption' => $Lang::tr{'memory'}, - 'uri' => '/cgi-bin/memory.cgi', - 'title' => "$Lang::tr{'memory'}", - 'enabled' => 1, - }; - $substatus->{'30.media'} = { - 'caption' => $Lang::tr{'media'}, - 'uri' => '/cgi-bin/media.cgi', - 'title' => "$Lang::tr{'media'}", - 'enabled' => 1, - }; - $substatus->{'40.networkred'} = { - 'caption' => "$Lang::tr{'network red'}", - 'uri' => '/cgi-bin/network.cgi', - 'vars' => 'network=red', - 'title' => "$Lang::tr{'network red'}", - 'enabled' => 1, - }; - $substatus->{'41.networkother'} = { - 'caption' => "$Lang::tr{'network other'}", - 'uri' => '/cgi-bin/network.cgi', - 'vars' => 'network=other', - 'title' => "$Lang::tr{'network other'}", - 'enabled' => 1, - }; - $substatus->{'50.proxygraphs'} = { - 'caption' => $Lang::tr{'ssproxy graphs'}, - 'uri' => '/cgi-bin/proxygraphs.cgi', - 'title' => "$Lang::tr{'ssproxy graphs'}", - 'enabled' => 1, - }; - $substatus->{'60.hardwaregraphs'} = { - 'caption' => "$Lang::tr{'hardware graphs'}", - 'uri' => '/cgi-bin/hardwaregraphs.cgi', - 'title' => "$Lang::tr{'hardware graphs'}", - 'enabled' => 1, - }; - $substatus->{'70.fwhits'} = { - 'caption' => "$Lang::tr{'firewall graphs'}", - 'uri' => '/cgi-bin/fwhits.cgi', - 'title' => "$Lang::tr{'firewall graphs'}", - 'enabled' => 1, - }; - $substatus->{'71.connections'} = { - 'caption' => $Lang::tr{'connections'}, - 'uri' => '/cgi-bin/connections.cgi', - 'title' => "$Lang::tr{'connections'}", - 'enabled' => 1, - }; - $substatus->{'72.nettraf'} = { - 'caption' => $Lang::tr{'sstraffic'}, - 'uri' => '/cgi-bin/traffic.cgi', - 'title' => "$Lang::tr{'sstraffic'}", - 'enabled' => 1, - }; - $substatus->{'73.qos'} = { - 'caption' => $Lang::tr{'qos graphs'}, - 'uri' => '/cgi-bin/qosgraphs.cgi', - 'title' => "$Lang::tr{'qos graphs'}", - 'enabled' => 1, - }; diff --git a/config/menu/30-network.menu b/config/menu/30-network.menu deleted file mode 100644 index d3eecf5e6..000000000 --- a/config/menu/30-network.menu +++ /dev/null @@ -1,55 +0,0 @@ - $subnetwork->{'10.netconf'} = {'caption' => "$Lang::tr{'net config'}", - 'uri' => '/cgi-bin/netconfig.cgi', - 'title' => "$Lang::tr{'net config'}", - 'enabled' => 0, - }; - $subnetwork->{'20.proxy'} = {'caption' => 'Webproxy', - 'uri' => '/cgi-bin/proxy.cgi', - 'title' => "Webproxy", - 'enabled' => 1, - }; - $subnetwork->{'21.urlfilter'} = {'caption' => $Lang::tr{'url filter'}, - 'uri' => '/cgi-bin/urlfilter.cgi', - 'title' => $Lang::tr{'url filter'}, - 'enabled' => 1, - }; - $subnetwork->{'22.updxlrator'} = {'caption' => $Lang::tr{'update accelerator'}, - 'uri' => '/cgi-bin/updatexlrator.cgi', - 'title' => $Lang::tr{'update accelerator'}, - 'enabled' => 1, - }; - $subnetwork->{'30.dhcp'} = {'caption' => $Lang::tr{'dhcp server'}, - 'uri' => '/cgi-bin/dhcp.cgi', - 'title' => "$Lang::tr{'dhcp server'}", - 'enabled' => 1, - }; - $subnetwork->{'40.scheduler'} = { - 'caption' => $Lang::tr{'connscheduler'}, - 'uri' => '/cgi-bin/connscheduler.cgi', - 'title' => "$Lang::tr{'connscheduler'}", - 'enabled' => 1, - }; - $subnetwork->{'50.hosts'} = { - 'caption' => $Lang::tr{'edit hosts'}, - 'uri' => '/cgi-bin/hosts.cgi', - 'title' => "$Lang::tr{'edit hosts'}", - 'enabled' => 1, - }; - $subnetwork->{'60.upload'} = { - 'caption' => $Lang::tr{'upload'}, - 'uri' => '/cgi-bin/upload.cgi', - 'title' => "$Lang::tr{'upload'}", - 'enabled' => 0, - }; - $subnetwork->{'70.aliases'} = { - 'caption' => $Lang::tr{'aliases'}, - 'uri' => '/cgi-bin/aliases.cgi', - 'title' => "$Lang::tr{'aliases'}", - 'enabled' => 0, - }; - $subnetwork->{'80.wakeonlan'} = { - 'caption' => $Lang::tr{'WakeOnLan'}, - 'uri' => '/cgi-bin/wakeonlan.cgi', - 'title' => "$Lang::tr{'WakeOnLan'}", - 'enabled' => 1, - }; diff --git a/config/menu/40-services.menu b/config/menu/40-services.menu deleted file mode 100644 index 9901e8f3f..000000000 --- a/config/menu/40-services.menu +++ /dev/null @@ -1,37 +0,0 @@ - $subservices->{'10.ipsec'} = { - 'caption' => 'IPSec', - 'uri' => '/cgi-bin/vpnmain.cgi', - 'title' => "$Lang::tr{'virtual private networking'}", - 'enabled' => 1, - }; - $subservices->{'20.openvpn'} = { - 'caption' => 'OpenVPN', - 'uri' => '/cgi-bin/ovpnmain.cgi', - 'title' => "$Lang::tr{'virtual private networking'}", - 'enabled' => 1, - }; - $subservices->{'30.dyndns'} = {'caption' => $Lang::tr{'dynamic dns'}, - 'uri' => '/cgi-bin/ddns.cgi', - 'title' => "$Lang::tr{'dynamic dns'}", - 'enabled' => 1, - }; - $subservices->{'40.time'} = {'caption' => $Lang::tr{'time server'}, - 'uri' => '/cgi-bin/time.cgi', - 'title' => "$Lang::tr{'time server'}", - 'enabled' => 1, - }; - $subservices->{'50.qos'} = {'caption' => 'Quality of Service', - 'uri' => '/cgi-bin/qos.cgi', - 'title' => "Quality of Service", - 'enabled' => 1, - }; - $subservices->{'60.ids'} = {'caption' => $Lang::tr{'intrusion detection'}, - 'enabled' => 1, - 'uri' => '/cgi-bin/ids.cgi', - 'title' => "$Lang::tr{'intrusion detection system'}", - }; - $subservices->{'70.extrahd'} = {'caption' => "ExtraHD", - 'enabled' => 1, - 'uri' => '/cgi-bin/extrahd.cgi', - 'title' => "ExtraHD", - }; diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu deleted file mode 100644 index 69357b7a0..000000000 --- a/config/menu/50-firewall.menu +++ /dev/null @@ -1,36 +0,0 @@ - $subfirewall->{'10.dnat'} = { - 'caption' => $Lang::tr{'ssport forwarding'}, - 'uri' => '/cgi-bin/portfw.cgi', - 'title' => "$Lang::tr{'ssport forwarding'}", - 'enabled' => 1, - }; - $subfirewall->{'20.xtaccess'} = { - 'caption' => $Lang::tr{'external access'}, - 'uri' => '/cgi-bin/xtaccess.cgi', - 'title' => "$Lang::tr{'external access'}", - 'enabled' => 1, - }; - $subfirewall->{'30.wireless'} = { - 'caption' => $Lang::tr{'blue access'}, - 'uri' => '/cgi-bin/wireless.cgi', - 'title' => "$Lang::tr{'blue access'}", - 'enabled' => 1, - }; - $subfirewall->{'40.dmz'} = { - 'caption' => $Lang::tr{'ssdmz pinholes'}, - 'uri' => '/cgi-bin/dmzholes.cgi', - 'title' => "$Lang::tr{'dmz pinhole configuration'}", - 'enabled' => 1, - }; - $subfirewall->{'50.outgoing'} = { - 'caption' => $Lang::tr{'outgoing firewall'}, - 'uri' => '/cgi-bin/outgoingfw.cgi', - 'title' => "$Lang::tr{'outgoing firewall'}", - 'enabled' => 1, - }; - $subfirewall->{'60.upnp'} = { - 'caption' => 'UPnP', - 'uri' => '/cgi-bin/upnp.cgi', - 'title' => "Universal Plug and Play", - 'enabled' => 0, - }; diff --git a/config/menu/60-ipfire.menu b/config/menu/60-ipfire.menu deleted file mode 100644 index 8b4c13950..000000000 --- a/config/menu/60-ipfire.menu +++ /dev/null @@ -1,10 +0,0 @@ - $subipfire->{'10.pakfire'} = {'caption' => 'Pakfire', - 'uri' => '/cgi-bin/pakfire.cgi', - 'title' => "Pakfire", - 'enabled' => 1, - }; - $subipfire->{'99.help'} = {'caption' => $Lang::tr{'help'}, - 'uri' => '/cgi-bin/help.cgi', - 'title' => "$Lang::tr{'help'}", - 'enabled' => 1, - }; diff --git a/config/menu/70-log.menu b/config/menu/70-log.menu deleted file mode 100644 index 25ba090fc..000000000 --- a/config/menu/70-log.menu +++ /dev/null @@ -1,61 +0,0 @@ - $sublogs->{'10.summary'} = {'caption' => $Lang::tr{'log summary'}, - 'uri' => '/cgi-bin/logs.cgi/summary.dat', - 'title' => "$Lang::tr{'log summary'}", - 'enabled' => 1 - }; - $sublogs->{'20.settings'} = {'caption' => $Lang::tr{'log settings'}, - 'uri' => '/cgi-bin/logs.cgi/config.dat', - 'title' => "$Lang::tr{'log settings'}", - 'enabled' => 1 - }; - $sublogs->{'30.proxy'} = {'caption' => $Lang::tr{'proxy logs'}, - 'uri' => '/cgi-bin/logs.cgi/proxylog.dat', - 'title' => "$Lang::tr{'proxy logs'}", - 'enabled' => 1 - }; - $sublogs->{'31.calamaris'} = {'caption' => $Lang::tr{'calamaris proxy reports'}, - 'uri' => '/cgi-bin/logs.cgi/calamaris.dat', - 'title' => "$Lang::tr{'calamaris proxy reports'}", - 'enabled' => 1 - }; - $sublogs->{'40.firewall'} = {'caption' => $Lang::tr{'firewall logs'}, - 'uri' => '/cgi-bin/logs.cgi/firewalllog.dat', - 'title' => "$Lang::tr{'firewall logs'}", - 'enabled' => 1 - }; - $sublogs->{'41.firewallip'} = {'caption' => $Lang::tr{'firewall logs ip'}, - 'uri' => '/cgi-bin/logs.cgi/firewalllogip.dat', - 'title' => "$Lang::tr{'firewall logs ip'}", - 'enabled' => 1 - }; - $sublogs->{'42.firewallport'} = {'caption' => $Lang::tr{'firewall logs port'}, - 'uri' => '/cgi-bin/logs.cgi/firewalllogport.dat', - 'title' => "$Lang::tr{'firewall logs port'}", - 'enabled' => 1 - }; - $sublogs->{'50.ids'} = {'caption' => $Lang::tr{'ids logs'}, - 'uri' => '/cgi-bin/logs.cgi/ids.dat', - 'title' => "$Lang::tr{'ids logs'}", - 'enabled' => 1 - }; - $sublogs->{'60.urlfilter'} = { - 'caption' => $Lang::tr{'urlfilter logs'}, - 'uri' => '/cgi-bin/logs.cgi/urlfilter.dat', - 'title' => "$Lang::tr{'urlfilter log'}", - 'enabled' => 1, - }; - $sublogs->{'70.openvpn'} = {'caption' => $Lang::tr{'openvpn log'}, - 'uri' => '/cgi-bin/logs.cgi/openvpn.dat', - 'title' => "$Lang::tr{'openvpn log'}", - 'enabled' => 1 - }; - $sublogs->{'80.system'} = {'caption' => $Lang::tr{'system logs'}, - 'uri' => '/cgi-bin/logs.cgi/log.dat', - 'title' => "$Lang::tr{'system logs'}", - 'enabled' => 1 - }; - $sublogs->{'90.userlog'} = {'caption' => $Lang::tr{'user proxy logs'}, - 'uri' => '/cgi-bin/logs.cgi/userlog.dat', - 'title' => "$Lang::tr{'user log'}", - 'enabled' => 1 - }; diff --git a/config/menu/EX-mpfire.menu b/config/menu/EX-mpfire.menu deleted file mode 100644 index afba4dbde..000000000 --- a/config/menu/EX-mpfire.menu +++ /dev/null @@ -1,5 +0,0 @@ - $subipfire->{'40.mpfire'} = {'caption' => $Lang::tr{'mpfire'}, - 'uri' => '/cgi-bin/mpfire.cgi', - 'title' => $Lang::tr{'mpfire'}, - 'enabled' => 1, - }; diff --git a/config/menu/EX-samba.menu b/config/menu/EX-samba.menu deleted file mode 100644 index 6a9a1ae71..000000000 --- a/config/menu/EX-samba.menu +++ /dev/null @@ -1,5 +0,0 @@ - $subipfire->{'30.samba'} = {'caption' => $Lang::tr{'samba'}, - 'uri' => '/cgi-bin/samba.cgi', - 'title' => $Lang::tr{'samba'}, - 'enabled' => 1, - }; diff --git a/config/menu/EX-tripwire.menu b/config/menu/EX-tripwire.menu deleted file mode 100644 index 6a23312b5..000000000 --- a/config/menu/EX-tripwire.menu +++ /dev/null @@ -1,5 +0,0 @@ - $subipfire->{'40.tripwire'} = {'caption' => $Lang::tr{'tripwire'}, - 'uri' => '/cgi-bin/tripwire.cgi', - 'title' => $Lang::tr{'tripwire'}, - 'enabled' => 1, - }; diff --git a/config/outgoingfw/defaultservices b/config/outgoingfw/defaultservices deleted file mode 100644 index f2cf47514..000000000 --- a/config/outgoingfw/defaultservices +++ /dev/null @@ -1,34 +0,0 @@ -bootpc,68,tcp&udp,Bootstrap Protocol Client -bootps,67,tcp&udp,Bootstrap Protocol Server -domain,53,tcp&udp,Domain Name Server -echo,7,tcp&udp,Echo -ftp,21,tcp&udp,File Transfer Control -ftp-data,20,tcp&udp,File Control Data -http,80,tcp,Hypertext Transfer Protocol -https,443,tcp,secure HTTP -imap,143,tcp,Interactive Mail Access Protocol -imap3,220,tcp,Interactive Mail Access Protocol v3 -imaps,993,tcp,secure IMAP -ipfire-https,444,tcp,IPFire HTTPS -ipfire-ssh,222,tcp&udp,IPFire SSH -irc,194,tcp&udp,Internet Relay Chat -ircd,6667,tcp&udp,Internet Relay Chat -microsoft-ds,445,tcp&udp,Netbios Filesharing -nameserver,42,tcp&udp,Host Name Server -netbios-dgm,138,tcp&udp,NETBIOS Datagram Service -netbios-ns,137,tcp&udp,NETBIOS Name Server -netbios-ssn,139,tcp&udp,NETBIOS Session Service -nfs,2049,tcp&udp,Network File System -ntp,123,udp,Network Time Protocol -pop3,110,tcp,POP3 Email -pop3s,995,tcp,secure POP3 Email -sftp,115,tcp&udp,secure File Transfer Protocol -smtp,25,tcp,Simple Mail Transfer Protocol -smtps,465,tcp,secure Simple Mail Transfer Protocol -snmp,161,tcp&udp,Simple Network Management -snmptrap,162,udp,SNMP Trap -ssh,22,tcp&udp,SSH -telnet,23,tcp&udp,Telnet -tftp,69,tcp&udp,Trivial File Transfer -time,37,tcp&udp,Time -wins,1512,tcp&udp,Windows Internet Name Service diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl deleted file mode 100644 index 84298e415..000000000 --- a/config/outgoingfw/outgoingfw.pl +++ /dev/null @@ -1,222 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - - -use strict; -# enable only the following on debugging purpose -#use warnings; - -require '/var/ipfire/general-functions.pl'; - -my %outfwsettings = (); -my %checked = (); -my %selected= () ; -my %netsettings = (); -my $errormessage = ""; -my $configentry = ""; -my @configs = (); -my @configline = (); -my $p2pentry = ""; -my @p2ps = (); -my @p2pline = (); -my @proto = (); -my $CMD = ""; -my $P2PSTRING = ""; - -my $DEBUG = 0; - -my $configfile = "/var/ipfire/outgoing/rules"; -my $p2pfile = "/var/ipfire/outgoing/p2protocols"; - -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - -### Values that have to be initialized -$outfwsettings{'ACTION'} = ''; -$outfwsettings{'VALID'} = 'yes'; -$outfwsettings{'EDIT'} = 'no'; -$outfwsettings{'NAME'} = ''; -$outfwsettings{'SNET'} = ''; -$outfwsettings{'SIP'} = ''; -$outfwsettings{'SPORT'} = ''; -$outfwsettings{'SMAC'} = ''; -$outfwsettings{'DIP'} = ''; -$outfwsettings{'DPORT'} = ''; -$outfwsettings{'PROT'} = ''; -$outfwsettings{'STATE'} = ''; -$outfwsettings{'DISPLAY_DIP'} = ''; -$outfwsettings{'DISPLAY_DPORT'} = ''; -$outfwsettings{'DISPLAY_SMAC'} = ''; -$outfwsettings{'DISPLAY_SIP'} = ''; -$outfwsettings{'POLICY'} = 'MODE0'; -my $SOURCE = ""; -my $DESTINATION = ""; -my $PROTO = ""; -my $DPORT = ""; -my $DEV = ""; -my $MAC = ""; -my $POLICY = ""; -my $DO = ""; - -# read files -&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings); -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - -open( FILE, "< $configfile" ) or die "Unable to read $configfile"; -@configs = ; -close FILE; - -if ( $outfwsettings{'POLICY'} eq 'MODE1' ) { - $outfwsettings{'STATE'} = "ALLOW"; - $POLICY = "DROP"; - $DO = "ACCEPT"; -} elsif ( $outfwsettings{'POLICY'} eq 'MODE2' ) { - $outfwsettings{'STATE'} = "DENY"; - $POLICY = "ACCEPT"; - $DO = "DROP"; -} - -### Initialize IPTables -system("/sbin/iptables --flush OUTGOINGFW >/dev/null 2>&1"); -system("/sbin/iptables --delete-chain OUTGOINGFW >/dev/null 2>&1"); -system("/sbin/iptables -N OUTGOINGFW >/dev/null 2>&1"); - -if ( $outfwsettings{'POLICY'} eq 'MODE0' ) { - exit 0 -} - -if ( $outfwsettings{'POLICY'} eq 'MODE1' ) { - $CMD = "/sbin/iptables -A OUTGOINGFW -m state --state ESTABLISHED,RELATED -j ACCEPT"; - if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); } - $CMD = "/sbin/iptables -A OUTGOINGFW -p icmp -j ACCEPT"; - if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); } -} - -foreach $configentry (sort @configs) -{ - $SOURCE = ""; - $DESTINATION = ""; - $PROTO = ""; - $DPORT = ""; - $DEV = ""; - $MAC = ""; - @configline = split( /\;/, $configentry ); - if ($outfwsettings{'STATE'} eq $configline[0]) { - if ($configline[2] eq 'green') { - $SOURCE = "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"; - $DEV = $netsettings{'GREEN_DEV'}; - } elsif ($configline[2] eq 'blue') { - $SOURCE = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"; - $DEV = $netsettings{'BLUE_DEV'}; - } elsif ($configline[2] eq 'orange') { - $SOURCE = "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"; - $DEV = $netsettings{'ORANGE_DEV'}; - } elsif ($configline[2] eq 'ip') { - $SOURCE = "$configline[5]"; - $DEV = ""; - } else { - $SOURCE = "0/0"; - $DEV = ""; - } - - if ($configline[7]) { $DESTINATION = "$configline[7]"; } else { $DESTINATION = "0/0"; } - - if ($configline[3] eq 'tcp') { - @proto = ("tcp"); - } elsif ($configline[3] eq 'udp') { - @proto = ("udp"); - } else { - @proto = ("tcp", "udp"); - } - - foreach $PROTO (@proto) { - $CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO"; - - if ($configline[8]) { - $DPORT = "$configline[8]"; - $CMD = "$CMD --dport $DPORT"; - } - - if ($DEV) { - $CMD = "$CMD -i $DEV"; - } - - if ($configline[6]) { - $MAC = "$configline[6]"; - $CMD = "$CMD -m mac --mac-source $MAC"; - } - - $CMD = "$CMD -o $netsettings{'RED_DEV'}"; - - if ($configline[9] eq "aktiv") { - if ($DEBUG) { - print "$CMD -m state --state NEW -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '\n"; - } else { - system("$CMD -m state --state NEW -m limit --limit 10/minute -j LOG --log-prefix 'OUTGOINGFW '"); - } - } - - if ($DEBUG) { - print "$CMD -j $DO\n"; - } else { - system("$CMD -j $DO"); - } - } - } -} - -### Do the P2P-Stuff here -open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; -@p2ps = ; -close FILE; - -$CMD = "/sbin/iptables -A OUTGOINGFW -m ipp2p"; - -foreach $p2pentry (sort @p2ps) -{ - @p2pline = split( /\;/, $p2pentry ); - if ( $outfwsettings{'POLICY'} eq 'MODE2' ) { - $DO = "DROP"; - if ("$p2pline[2]" eq "off") { - $P2PSTRING = "$P2PSTRING --$p2pline[1]"; - } - } else { - $DO = "ACCEPT"; - if ("$p2pline[2]" eq "on") { - $P2PSTRING = "$P2PSTRING --$p2pline[1]"; - } - } -} -if ($P2PSTRING) { - if ($DEBUG) { - print "$CMD $P2PSTRING -j $DO\n"; - } else { - system("$CMD $P2PSTRING -j $DO"); - } -} - -if ( $outfwsettings{'POLICY'} eq 'MODE1' ) { - $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP"; - if ($DEBUG) { - print "$CMD\n"; - } else { - system("$CMD"); - } -} diff --git a/config/ovpn/caconfig b/config/ovpn/caconfig deleted file mode 100644 index e69de29bb..000000000 diff --git a/config/ovpn/certs/index.txt b/config/ovpn/certs/index.txt deleted file mode 100644 index e69de29bb..000000000 diff --git a/config/ovpn/certs/serial b/config/ovpn/certs/serial deleted file mode 100644 index a616ad491..000000000 --- a/config/ovpn/certs/serial +++ /dev/null @@ -1 +0,0 @@ -01 \ No newline at end of file diff --git a/config/ovpn/openssl/ovpn.cnf b/config/ovpn/openssl/ovpn.cnf deleted file mode 100644 index d82c04b90..000000000 --- a/config/ovpn/openssl/ovpn.cnf +++ /dev/null @@ -1,103 +0,0 @@ -HOME = . -RANDFILE = /var/ipfire/ovpn/ca/.rnd -oid_section = new_oids - -[ new_oids ] - -[ ca ] -default_ca = openvpn - -[ openvpn ] -dir = /var/ipfire/ovpn -certs = $dir/certs -crl_dir = $dir/crl -database = $dir/certs/index.txt -new_certs_dir = $dir/certs -certificate = $dir/ca/cacert.pem -serial = $dir/certs/serial -crl = $dir/crl.pem -private_key = $dir/ca/cakey.pem -RANDFILE = $dir/ca/.rand -x509_extensions = usr_cert -default_days = 999999 -default_crl_days= 30 -default_md = md5 -preserve = no -policy = policy_match -email_in_dn = no - -[ policy_match ] -countryName = optional -stateOrProvinceName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ req ] -default_bits = 1024 -default_keyfile = privkey.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -x509_extensions = v3_ca -string_mask = nombstr - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = GB -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = - -localityName = Locality Name (eg, city) -#localityName_default = - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = My Company Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - -commonName = Common Name (eg, your name or your server\'s hostname) -commonName_max = 64 - -emailAddress = Email Address -emailAddress_max = 40 - -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 -unstructuredName = An optional company name - -[ usr_cert ] -basicConstraints=CA:FALSE -nsComment = "OpenSSL Generated Certificate" -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always - -[ server ] - -# JY ADDED -- Make a cert with nsCertType set to "server" -basicConstraints=CA:FALSE -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always - -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ v3_ca ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always -basicConstraints = CA:true - -[ crl_ext ] -authorityKeyIdentifier=keyid:always,issuer:always - -[ engine ] -default = openssl diff --git a/config/ovpn/ovpnconfig b/config/ovpn/ovpnconfig deleted file mode 100644 index e69de29bb..000000000 diff --git a/config/ovpn/settings b/config/ovpn/settings deleted file mode 100644 index e69de29bb..000000000 diff --git a/config/ovpn/verify b/config/ovpn/verify deleted file mode 100644 index 8fbe59e0e..000000000 --- a/config/ovpn/verify +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -if [ $1 -eq 0 ]; then - name2=`echo $2` - name3=${name2##*/} - name4=${name3##*CN=} - clientdisabled=`/bin/grep -iwc off,.*,$name4 /var/ipfire/ovpn/ovpnconfig` - if [ "$clientdisabled" = "1" ]; then - exit 1 - fi - exit 0 -fi -exit 0 diff --git a/config/qos/RRD-func.pl b/config/qos/RRD-func.pl deleted file mode 100644 index fbd457589..000000000 --- a/config/qos/RRD-func.pl +++ /dev/null @@ -1,192 +0,0 @@ - -########################################## -## -## DESCRIPTION -## -## RRD function for tc-graph. -## Which is part of the ADSL-optimizer. -## -## REQUIRES -## -## -## AUTHOR -## Jesper Dangaard Brouer , d.15/4-2004 -## -## CHANGELOG -## 2004-04-15: Initial version. -## -########################################## - -use RRDs; - -if (not defined $STEP) { - my $STEP=10; -} - -my $heartbeat=$STEP*2; - -# Update script samples every 10 seconds. -# 24*60*60 = 86400 seconds (== one day) -# 8640 *10 = 86400 seconds (== one day) -# 8640 * 5days = 43200 seconds with 10 sec samples -# -my @rrd_data_sources = - ("-s", $STEP, - "DS:bytes:COUNTER:$heartbeat:0:U", - "DS:bits:COUNTER:$heartbeat:0:U", - "DS:pkts:COUNTER:$heartbeat:0:U", - "DS:dropped:COUNTER:$heartbeat:0:U", - "DS:overlimits:COUNTER:$heartbeat:0:U", - "DS:lended:COUNTER:$heartbeat:0:U", - "DS:borrowed:COUNTER:$heartbeat:0:U", - "DS:giants:COUNTER:$heartbeat:0:U", - "DS:backlog:GAUGE:$heartbeat:0:U", - "RRA:AVERAGE:0.5:1:43200", - "RRA:AVERAGE:0.5:7:8640", - "RRA:AVERAGE:0.5:31:8640", - "RRA:AVERAGE:0.5:372:8640", - "RRA:MAX:0.5:7:8640", - "RRA:MAX:0.5:31:8640", - "RRA:MAX:0.5:372:8640" - ); - - -sub get_filename_rrd($) { - my $class_device = "$_[0]"; - my $filename = "${rrd_datadir}class_${class_device}.rrd"; - return $filename; -} - -sub create_rrdfile($) { - my $class_device = "$_[0]"; - my $filename = get_filename_rrd($class_device); - RRDs::create $filename, @rrd_data_sources; - my $ERROR = RRDs::error; - if ($ERROR) { - my $timestamp = time; - die "$timestamp: ERROR - Unable to create RRDfile \"$filename\": $ERROR\n"; - } -} - -sub format_class_data($) { - my $class = $_[0]; - my ($rrd_template, $rrd_data); - my (@array_template, @array_data); - #print "Ref:". ref($class) ."\n"; - - # Select and correct undef values and key - while ( (my $key, my $value) = each %{$class}) { - # Skip timestamps - if ( ($key eq "last_update") || - ($key eq "file_update") || - ($key =~ /hfsc_/ )) {next} - - push @array_template, $key; - - if ( (not defined $value) || - ("$value" eq "") ) { - $value = "U"; - } - push @array_data, $value; - } - - # Makes a RRD suitable input format - $rrd_template = join(":",@array_template); - $rrd_data = join(":",@array_data); - - return ($rrd_template, $rrd_data); -} - -sub update_rrds { - - my $res=0; - - my @test = keys %classes_data; - if ( $#test <= 0) { - print time, " [update_rrds] WARNING: classes_data empty!\n"; - return "classes_data empty"; - } - - # Find the class_device (keys) in %classes_data - for my $class_device ( keys %classes_data ) { - - if ("last_update" eq "$class_device") {next} - - # Verify file exist (else create it) - my $filename = get_filename_rrd($class_device); - if ( ! -f $filename ) { - print "Creating RRDfile: $filename\n"; - create_rrdfile($class_device); - } - #print "$class_device\n"; - - # Make a RRD suitable input format - my ($rrd_template, $rrd_data) = format_class_data($classes_data{$class_device}); - #print "rrd_template: $rrd_template\n"; - #print "rrd_data: $rrd_data\n"; - - - # WHAT ABOUT: - # $classes_data{$device}{last_update} ???? - my ($tmp, $device) = split /_/, $class_device; - #print "device: $device $classes_data{last_update}{$device} \n"; - if ( (exists $classes_data{last_update}{$device}) ) { - if ((($classes_data{$class_device}{last_update} + $heartbeat) < - $classes_data{last_update}{$device})) { - print "WARNING: the class $class_device was"; - print "not updated in lastrun + heartbeat...\n"; - print "Assuming $class_device is removed,"; - print " thus deleteing from hash table."; -# # ??? MAYBE DELETE THE OLD HASH ??? - $res="Deleting class $class_device"; - for my $key ( keys %{ $classes_data{$class_device} } ) { - delete( $classes_data{$class_device}{$key}); - print " Deleting key: $key from: $class_device \n"; - } - delete $classes_data{$class_device}; - next; - } - } - - # Verifies that it is new data, - # and not old data which already have been updated - # FIXME -# print "$0 FIXME update_rrds \n"; - if ( exists $classes_data{$class_device}{file_update} ) { - if (($classes_data{$class_device}{file_update} >= - $classes_data{$class_device}{last_update})) { - print "Warning ($class_device):"; - print " data already updated... old data or deleted class?\n"; - $res="Old data or deleted class"; - # ??? MAYBE DELETE THE OLD HASH ??? - next; - } - } - - - # Update the RRD file - my $update_time = $classes_data{$class_device}{last_update}; -# print "Updates: $filename time:$update_time\n"; -# print " --template=$rrd_template\n"; -# print " $update_time:$rrd_data\n"; - -# `rrdtool update $filename --template=$rrd_template $update_time:$rrd_data`; - RRDs::update ($filename, "--template=$rrd_template", - "N:$rrd_data"); - - my $ERROR = RRDs::error; - if ($ERROR) { - my $timestamp = time; - print "$timestamp: WARNING - "; - print "Unable to update RRDfile \"$filename\": $ERROR\n"; - $res="Unable to update RRDfile \"$filename\""; - } else { - $classes_data{$class_device}{file_update} = time; - } - } - return $res; -} - - -return 1; - diff --git a/config/qos/event-func.pl b/config/qos/event-func.pl deleted file mode 100644 index e28702e41..000000000 --- a/config/qos/event-func.pl +++ /dev/null @@ -1,136 +0,0 @@ -#!/usr/bin/perl - -########################################## -## -## NAME -## -## DESCRIPTION -## -## Which is part of the ADSL-optimizer. -## -## USAGE / FUNCTIONS -## -## -## -## -## -## REQUIRES -## -## -## AUTHOR -## Jesper Dangaard Brouer , d.21/4-2004 -## -## CHANGELOG -## 2004-04-21: Initial version. -## -########################################## - -our $event_file_all = "${event_datadir}changes.evt"; -sub get_filename_event($) { - my $class_device = "$_[0]"; - my $filename = "${event_datadir}class_${class_device}.evt"; - return $filename; -} - -sub get_filename_bandwidth_info($) { - my $class_device = "$_[0]"; - my $filename = "${event_datadir}class_${class_device}_bandwidth.evt"; - return $filename; -} - -sub update_event_file($$$) { - my $filename = $_[0]; - my $information = $_[1]; - my $timestamp = $_[2]; - - if ("$information" ne "") { - # Append to file - open( OUTPUT, ">>$filename") - or print "ERROR: Opening/updating event file $filename\n"; - print OUTPUT "$timestamp $information\n"; - close(OUTPUT); - } -} - -sub update_info_file($$$) { - my $filename = $_[0]; - my $information = $_[1]; - my $timestamp = $_[2]; - # Truncate file - open( OUTPUT, ">$filename") - or print "ERROR: Opening/updating info event file $filename\n"; - print OUTPUT "$timestamp $information\n"; - close(OUTPUT); - -} - -sub process_events { - - my @test = keys %classes_info; - if ( $#test < 0) { - print time, " [process_events] WARNING: classes_info empty!\n"; - return "classes_info empty"; - } - - my @bandwidth_items = ( "type", "prio", "rate", "ceil" ); - - my $event_reduced = ""; - my $last_update; - - # Find the class_device (keys) in %classes_info - for my $class_device ( sort keys %classes_info ) { - - if ("$class_device" eq "last_update") {next} - - my $event_class = ""; - my $bandwidth_info = ""; - - # Tests if something has changed - if ((not exists $classes_info{$class_device}{file_update}) || - ($classes_info{$class_device}{last_update} > - $classes_info{$class_device}{file_update})) { - - $last_update = $classes_info{$class_device}{last_update}; - - $event_class .= "($class_device)"; - if ( "$event_reduced" eq "" ) {$event_reduced="Class changed:"} - $event_reduced .= " ($class_device)"; - # The list of changed keys - while( $changed_key = - shift @{ $classes_info{$class_device}{changed} }) - { - my $value = $classes_info{$class_device}{$changed_key}; - $event_class .= " $changed_key=$value"; - } - - # When something changed always update all the bandwidth info - foreach my $item (@bandwidth_items) { - if (exists $classes_info{$class_device}{$item}) { - my $value = $classes_info{$class_device}{$item}; - if (defined $value) { - $bandwidth_info .= " $item:$value"; - } - } - } - - print time . "($class_device) changes... ($last_update) \"$bandwidth_info\" \n"; - - $classes_info{$class_device}{file_update}=$last_update; - - my $event_file = get_filename_event($class_device); - update_event_file($event_file , $event_class, $last_update); - - my $info_file = get_filename_bandwidth_info($class_device); - update_info_file($info_file, $bandwidth_info, $last_update); - } - - } - # Only one line per process_events call - # (notice $last_update is the latest timestamp assignment) - if (defined $last_update) { - update_event_file($event_file_all, $event_reduced, $last_update); - } -} - - -1; diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl deleted file mode 100644 index fa0b6edf0..000000000 --- a/config/qos/makeqosscripts.pl +++ /dev/null @@ -1,693 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; -# enable only the following on debugging purpose -# use warnings; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %qossettings = (); -my %checked = (); -my %netsettings = (); -my $message = ""; -my $errormessage = ""; -my $c = ""; -my $direntry = ""; -my $classentry = ""; -my $subclassentry = ""; -my $l7ruleentry = ""; -my $portruleentry = ""; -my $tosruleentry = ""; -my @tmp = (); -my @classes = (); -my @subclasses = (); -my @l7rules = (); -my @portrules = (); -my @tosrules = (); -my @tmpline = (); -my @classline = (); -my @subclassline = (); -my @tosruleline = (); -my @l7ruleline = (); -my @portruleline = (); -my @proto = (); -my %selected= () ; -my $classfile = "/var/ipfire/qos/classes"; -my $subclassfile = "/var/ipfire/qos/subclasses"; -my $level7file = "/var/ipfire/qos/level7config"; -my $portfile = "/var/ipfire/qos/portconfig"; -my $tosfile = "/var/ipfire/qos/tosconfig"; - -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - -$qossettings{'ENABLED'} = 'off'; -$qossettings{'EDIT'} = 'no'; -$qossettings{'OUT_SPD'} = ''; -$qossettings{'INC_SPD'} = ''; -$qossettings{'DEF_OUT_SPD'} = ''; -$qossettings{'DEF_INC_SPD'} = ''; -$qossettings{'DEFCLASS_INC'} = ''; -$qossettings{'DEFCLASS_OUT'} = ''; -$qossettings{'ACK'} = ''; -$qossettings{'MTU'} = '1492'; -$qossettings{'RED_DEV'} = `cat /var/ipfire/red/iface`; -$qossettings{'IMQ_DEV'} = 'imq0'; -$qossettings{'TOS'} = ''; -$qossettings{'VALID'} = 'yes'; - -&General::readhash("${General::swroot}/qos/settings", \%qossettings); - -open( FILE, "< $classfile" ) or die "Unable to read $classfile"; -@classes = ; -close FILE; -open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; -@subclasses = ; -close FILE; -open( FILE, "< $level7file" ) or die "Unable to read $level7file"; -@l7rules = ; -close FILE; -open( FILE, "< $portfile" ) or die "Unable to read $portfile"; -@portrules = ; -close FILE; -open( FILE, "< $tosfile" ) or die "Unable to read $tosfile"; -@tosrules = ; -close FILE; - -############################################################################################################################ -############################################################################################################################ - -print < /dev/null - iptables -t mangle -n -L QOS-INC -v -x 2> /dev/null - iptables -t mangle -n -L QOS-TOS -v -x 2> /dev/null - exit 0 - ;; - esac - \$0 \$1 qdisc - \$0 \$1 class - \$0 \$1 filter - \$0 \$1 iptables - exit 0 - ;; - start) - ### - ### $qossettings{'RED_DEV'} - ### - - ### INIT KERNEL - modprobe sch_htb - - ### SET QUEUE LENGTH & MTU - has just to be tested!!! IMPORTANT - ip link set dev $qossettings{'RED_DEV'} qlen $qossettings{'QLENGTH'} - ip link set dev $qossettings{'RED_DEV'} mtu $qossettings{'MTU'} - - ### ADD HTB QDISC FOR $qossettings{'RED_DEV'} - tc qdisc add dev $qossettings{'RED_DEV'} root handle 1: htb default $qossettings{'DEFCLASS_OUT'} - - ### MAIN RATE LIMIT - tc class add dev $qossettings{'RED_DEV'} parent 1: classid 1:1 htb rate $qossettings{'OUT_SPD'}kbit - - ### CLASSES FOR $qossettings{'RED_DEV'} -END -; -foreach $classentry (sort @classes) -{ - @classline = split( /\;/, $classentry ); - if ($qossettings{'RED_DEV'} eq $classline[0]) { - $qossettings{'DEVICE'} = $classline[0]; - $qossettings{'CLASS'} = $classline[1]; - $qossettings{'PRIO'} = $classline[2]; - $qossettings{'RATE'} = $classline[3]; - $qossettings{'CEIL'} = $classline[4]; - $qossettings{'BURST'} = $classline[5]; - $qossettings{'CBURST'} = $classline[6]; - print "\ttc class add dev $qossettings{'DEVICE'} parent 1:1 classid 1:$qossettings{'CLASS'} htb rate $qossettings{'RATE'}kbit ceil $qossettings{'CEIL'}kbit prio $qossettings{'PRIO'} "; - if (($qossettings{'BURST'} ne '') && ($qossettings{'BURST'} ne 0)) { - print "burst $qossettings{'BURST'}k "; - } - if (($qossettings{'CBURST'} ne '') && ($qossettings{'CBURST'} ne 0)) { - print "cburst $qossettings{'CBURST'}k"; - } - print "\n"; - } -} -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /\;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - $qossettings{'SPRIO'} = $subclassline[3]; - $qossettings{'SRATE'} = $subclassline[4]; - $qossettings{'SCEIL'} = $subclassline[5]; - $qossettings{'SBURST'} = $subclassline[6]; - $qossettings{'SCBURST'} = $subclassline[7]; - print "\ttc class add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} classid 1:$qossettings{'SCLASS'} htb rate $qossettings{'SRATE'}kbit ceil $qossettings{'SCEIL'}kbit prio $qossettings{'SPRIO'} "; - if ($qossettings{'SBURST'} > 0) { - print "burst $qossettings{'SBURST'}k "; - } - if (($qossettings{'SCBURST'} ne '') && ($qossettings{'SCBURST'} ne 0)) { - print "cburst $qossettings{'CBURST'}k"; - } - print "\n"; - } -} - -print "\n\t### ATTACH QDISC TO LEAF CLASSES\n"; -foreach $classentry (sort @classes) -{ - @classline = split( /\;/, $classentry ); - if ($qossettings{'RED_DEV'} eq $classline[0]) { - $qossettings{'DEVICE'} = $classline[0]; - $qossettings{'CLASS'} = $classline[1]; - print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: sfq perturb $qossettings{'SFQ_PERTUB'}\n"; - } -} -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /\;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: sfq perturb $qossettings{'SFQ_PERTUB'}\n"; - } -} -print "\n\t### FILTER TRAFFIC INTO CLASSES\n"; -foreach $classentry (sort @classes) -{ - @classline = split( /\;/, $classentry ); - if ($qossettings{'RED_DEV'} eq $classline[0]) { - $qossettings{'DEVICE'} = $classline[0]; - $qossettings{'CLASS'} = $classline[1]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip handle $qossettings{'CLASS'} fw flowid 1:$qossettings{'CLASS'}\n"; - } -} -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /\;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 1:$qossettings{'SCLASS'}\n"; - } -} -print < 0) { - print "burst $qossettings{'SBURST'}k "; - } - if (($qossettings{'SCBURST'} ne '') && ($qossettings{'SCBURST'} ne 0)) { - print "cburst $qossettings{'CBURST'}k"; - } - print "\n"; - } -} - -print "\n\t### ATTACH QDISC TO LEAF CLASSES\n"; -foreach $classentry (sort @classes) -{ - @classline = split( /\;/, $classentry ); - if ($qossettings{'IMQ_DEV'} eq $classline[0]) { - $qossettings{'DEVICE'} = $classline[0]; - $qossettings{'CLASS'} = $classline[1]; - print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: sfq perturb $qossettings{'SFQ_PERTUB'}\n"; - } -} -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /\;/, $subclassentry ); - if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: sfq perturb $qossettings{'SFQ_PERTUB'}\n"; - } -} -print "\n\t### FILTER TRAFFIC INTO CLASSES\n"; -foreach $classentry (sort @classes) -{ - @classline = split( /\;/, $classentry ); - if ($qossettings{'IMQ_DEV'} eq $classline[0]) { - $qossettings{'DEVICE'} = $classline[0]; - $qossettings{'CLASS'} = $classline[1]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'CLASS'} fw flowid 2:$qossettings{'CLASS'}\n"; - } -} -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /\;/, $subclassentry ); - if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 2:$qossettings{'SCLASS'}\n"; - } -} -print </dev/null 2>&1) & - ( sleep 10 && /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1) & - - echo "Quality of Service was successfully started!" - exit 0 - ;; - clear|stop) - ### RESET EVERYTHING TO A KNOWN STATE - killall qosd - (sleep 3 && killall -9 qosd &>/dev/null) & - # DELETE QDISCS - tc qdisc del dev $qossettings{'RED_DEV'} root - tc qdisc del dev $qossettings{'IMQ_DEV'} root - # STOP IMQ-DEVICE - ip link set $qossettings{'IMQ_DEV'} down - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0 - rmmod imq - # REMOVE & FLUSH CHAINS - iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT - iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS - iptables -t mangle --flush QOS-OUT - iptables -t mangle --delete-chain QOS-OUT - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS - iptables -t mangle --flush QOS-INC - iptables -t mangle --delete-chain QOS-INC - iptables -t mangle --flush QOS-TOS - iptables -t mangle --delete-chain QOS-TOS - rmmod sch_htb - echo "Quality of Service was successfully cleared!" - ;; - gen|generate) - echo -n "Generateing the QoS-Scripts..." - /usr/bin/perl /var/ipfire/qos/bin/makeqosscripts.pl > /var/ipfire/qos/bin/qos.sh - echo ".Done!" - exit 0 - ;; - restart) - ### FIRST CLEAR EVERYTHING - \$0 clear - - ### THEN START - \$0 start - ;; -esac -### EOF -END -; - -############################################################################################################################ -############################################################################################################################ diff --git a/config/qos/parse-func.pl b/config/qos/parse-func.pl deleted file mode 100644 index bdd0e69f0..000000000 --- a/config/qos/parse-func.pl +++ /dev/null @@ -1,488 +0,0 @@ -#!/usr/bin/perl - -########################################## -## -## NAME -## -## DESCRIPTION -## -## Which is part of the ADSL-optimizer. -## -## USAGE / FUNCTIONS -## -## -## -## -## -## REQUIRES -## -## -## AUTHOR -## Jesper Dangaard Brouer , d.15/4-2004 -## -## CHANGELOG -## 2004-04-15: Initial version. -## 2005-04-18: Remove some warnings. -## -########################################## - -#use Data::Dumper; - -#our %classes_data; -#our %classes_info; -#our $tc_command="/sbin/tc"; - -my @input_htb = (<<"END_OF_HERE_HTB" =~ m/^\s*(.+)/gm); -class tbf 4220:1 parent 4220: -class htb 1:1 root rate 400Kbit ceil 400Kbit burst 2111b cburst 2111b - Sent 12369084336 bytes 80967118 pkts (dropped 0, overlimits 0) - rate 45020bps 258pps - lended: 23353805 borrowed: 0 giants: 0 - tokens: 30210 ctokens: 30210 - -class htb 1:10 parent 1:1 prio 0 rate 80Kbit ceil 320Kbit burst 1701b cburst 2008b - Sent 80640087 bytes 247988 pkts (dropped 0, overlimits 0) - backlog 42p - lended: 230876 borrowed: 17112 giants: 0 - tokens: 127200 ctokens: 37940 - -class htb 1:20 parent 1:1 leaf 4220: prio 1 rate 100Kbit ceil 200Kbit burst 1727b cburst 1855b - Sent 2495181573 bytes 44034303 pkts (dropped 5837, overlimits 0) - lended: 43825585 borrowed: 208718 giants: 0 - tokens: 103424 ctokens: 55808 - -class htb 1:30 parent 1:1 leaf 4230: prio 3 rate 80Kbit ceil 400Kbit burst 1701b cburst 2111b - Sent 2060213567 bytes 5465574 pkts (dropped 121, overlimits 0) - rate 16851bps 35pps - lended: 4556992 borrowed: 908582 giants: 0 - tokens: -25364 ctokens: 32897 - -class htb 1:50 parent 1:1 leaf 4250: prio 5 rate 40Kbit ceil 120Kbit burst 1650b cburst 1752b - Sent 6071486687 bytes 24448436 pkts (dropped 8086739, overlimits 0) - rate 15801bps 85pps backlog 126p - lended: 8324530 borrowed: 16123780 giants: 0 - tokens: -202717 ctokens: -172499 - -class htb 1:666 parent 1:1 leaf 666: prio 7 rate 4Kbit ceil 40Kbit burst 1604b cburst 1650b - Sent 2148626078 bytes 6771069 pkts (dropped 2078536, overlimits 0) - rate 5221bps 17pps backlog 125p - lended: 675330 borrowed: 6095613 giants: 0 - tokens: -1149121 ctokens: -293386 - -END_OF_HERE_HTB - - -my @input_hfsc = (<<"END_OF_HERE_HFSC" =~ m/^\s*(.+)/gm); -class hfsc 1: root - Sent 0 bytes 0 pkts (dropped 0, overlimits 0) - period 0 level 2 - -class hfsc 1:1 parent 1: ls m1 0bps d 0us m2 250Kbit ul m1 0bps d 0us m2 250Kbit - Sent 0 bytes 0 pkts (dropped 0, overlimits 0) - period 6 work 131770097 bytes level 1 - -class hfsc 1:10 parent 1:1 rt m1 250Kbit d 30.0ms m2 50Kbit ls m1 250Kbit d 50.0ms m2 50Kbit - Sent 1300885 bytes 7052 pkts (dropped 0, overlimits 0) - period 6502 work 1300885 bytes rtwork 1245495 bytes level 0 - -class hfsc 1:20 parent 1: rt m1 0bps d 64.0ms m2 75Kbit ls m1 0bps d 0us m2 250Kbit - Sent 19144279 bytes 325503 pkts (dropped 46, overlimits 0) - backlog 3p - period 20242 work 19143778 bytes level 0 - -class hfsc 1:30 parent 1:1 leaf 4230: ls m1 0bps d 150.0ms m2 50Kbit - Sent 45139930 bytes 74200 pkts (dropped 1664, overlimits 0) - backlog 24p - period 140 work 44885232 bytes level 0 - -class hfsc 1:50 parent 1:1 leaf 4250: ls m1 0bps d 235.7ms m2 72Kbit - Sent 73910198 bytes 301294 pkts (dropped 104807, overlimits 0) - backlog 62p - period 115 work 64625490 bytes level 0 - -class hfsc 1:666 parent 1:1 leaf 666: ls m1 0bps d 1.0s m2 2Kbit - Sent 2217104 bytes 17018 pkts (dropped 74526, overlimits 0) - backlog 22p - period 1 work 1814712 bytes level 0 - -END_OF_HERE_HFSC - -sub parse_class($) { - my $device = "$_[0]"; - my $return_val = 1; - - my $timestamp = time; - my @tc_output = `$tc_command -statistics class show dev $device`; -# my @tc_output = @input_hfsc; -# my @tc_output = @input_htb; - my $result = $?; - if ( $result != 0 ) { - print "Error executing $tc_command\n"; - return $result; - } - - $classes_data{last_update}{$device} = $timestamp; - $classes_info{last_update}{$device} = $timestamp; - - #for my $line (@tc_output) { - for my $i (0 .. $#tc_output) { - - my $line=$tc_output[$i]; - # Parsing HTB: - # ------------ - if ( $line =~ m/class htb (\d+):(\d+)( root| parent )?(\d+:\d+)?( leaf )?(\d+)?:?( prio )?(\d+)? rate (.*) ceil (.*) burst (.*) cburst (.*)/ ) { - my $type = "htb"; - my $major = $1; - my $minor = $2; - my $class = "${major}-${minor}"; - #my $hash = "${class}_${device}"; - my $parent= $4; - my $leaf = $6; - my $prio = $8; - my $rate = $9; - my $ceil = $10; - my $burst = $11; - my $cburst= $12; - - #print "class: $class\n"."parent: $parent\n"."leaf: $leaf\n"."prio: $prio\n"; - #print "rate: $rate\n"."ceil: $ceil\n"."burst: $burst\n"."cburst: $cburst\n"; - - my ($bytes, $pkts, $dropped, $overlimits); - if ($tc_output[$i + 1] =~ m/Sent (\d+) bytes (\d+) pkt \(dropped (\d+), overlimits (\d+) requeues (\d+)\)/ ) { - $bytes = $1; - $pkts = $2; - $dropped = $3; - $overlimits = $4; - $requeues = $5; - #print "bytes: $bytes\n"."pkts: $pkts\n"; - #print "dropped: $dropped\n"."overlimits: $overlimits\n"."requeues: $requeues\n"; - } else { - print "$timestamp: ERROR(+1) - Unable to parse (class ${class}_$device): "; - print "\"$tc_output[$i + 1]\"\n"; - $return_val=""; - next; - } - - # Problem: - # Sometimes the "rate" line is not shown (when a rate cannot be calculated) - # And sometimes only "backlog"... - # Use $next_index to specify the next line to parse - # - my $next_index = 3; - my ($backlog); - if ($tc_output[$i + 2] =~ m/((rate (\d+\w+) )|backlog )(\d+)?(pps )?(backlog )?(\d+)?p?/ ) { - $backlog = $7; - #print "backlog: $backlog\n"; - } else { -# Too verbose: -# print "$timestamp: WARNING \"rate\" line missing"; -# print " very inactive class ${class}_$device).\n"; - $next_index = 2; - } - - my ($lended, $borrowed, $giants); - if ($tc_output[$i + $next_index] =~ m/lended: (\d+) borrowed: (\d+) giants: (\d+)/ ) { - $lended = $1; - $borrowed = $2; - $giants = $3; - #print "lended: $lended\n"."borrowed: $borrowed\n"."giants: $giants\n"; - } else { - print "$timestamp: ERROR(+$next_index) - Unable to parse (class ${class}_$device): "; - print "\"$tc_output[$i + $next_index]\"\n"; - $return_val=""; - next; - } - - # Update the hash tables - my $hash="${class}_$device"; - - # Tests if previous data have been updated to file - if ( (exists $classes_data{$hash}{last_update}) && - (exists $classes_data{$hash}{file_update})) { - if ( $classes_data{$hash}{last_update} > - $classes_data{$hash}{file_update} ){ - print "Warning: old data from $hash has not been updated to file!\n"; - } - } - - # Update the statistics data - # (need a function call for error checking) - $classes_data{$hash}{last_update} = $timestamp; - update_counter( $hash, $timestamp, "bytes" , $bytes); - #(yes I know its bad/redundant, but it makes in easier elsewhere) - update_counter( $hash, $timestamp, "bits" , $bytes*8); - update_counter( $hash, $timestamp, "pkts" , $pkts); - update_counter( $hash, $timestamp, "dropped" , $dropped); - update_counter( $hash, $timestamp, "overlimits", $overlimits); - update_counter( $hash, $timestamp, "lended" , $lended); - update_counter( $hash, $timestamp, "borrowed" , $borrowed); - update_counter( $hash, $timestamp, "giants" , $giants); - # Not a counter value... - $classes_data{$hash}{backlog} = $backlog; - - # Update the info data - # (remember to update the "type" first) - update_info( $hash, $timestamp, "type" , $type); - update_info( $hash, $timestamp, "parent", $parent); - update_info( $hash, $timestamp, "leaf" , $leaf); - update_info( $hash, $timestamp, "prio" , $prio); - update_info( $hash, $timestamp, "rate" , $rate); - update_info( $hash, $timestamp, "ceil" , $ceil); - update_info( $hash, $timestamp, "burst" , $burst); - update_info( $hash, $timestamp, "cburst", $cburst); - - #print "\n"; - } - - # Parsing HFSC: - # ------------- - if ( $line =~ m/class hfsc (\d+):(\d+)( root| parent )?(\d+:\d?)?( leaf )?(\d+)?:?( rt m1 (\d+\w+?) d (\d+.?\d?\w+) m2 (\d+\w+?))?( ls m1 (\d+\w+?) d (\d+.?\d?\w+) m2 (\d+\w+?))?( ul m1 (\d+\w+?) d (\d+.?\d?\w+) m2 (\d+\w+?))? / ){ - - my $type = "hfsc"; - my $major = $1; - my $minor = $2; - my $class = "${major}-${minor}"; - #my $hash = "${class}_${device}"; - my $parent= $4; - my $leaf = $6; - - my $realtime_m1; if (defined $8 && $8 ne '0bps') {$realtime_m1 = $8;} - my $realtime_d; if (defined $9 && $9 ne '0us' ) {$realtime_d = $9;} - my $realtime_m2 = $10; - - my $linkshare_m1; if (defined $12 && $12 ne '0bps') { $linkshare_m1 = $12;} - my $linkshare_d ; if (defined $13 && $13 ne '0us' ) { $linkshare_d = $13;} - my $linkshare_m2 = $14; - - my $upperlimit_m1; if (defined $16 && $16 ne '0bps') { $upperlimit_m1 = $16;} - my $upperlimit_d ; if (defined $17 && $17 ne '0us' ) { $upperlimit_d = $17;} - my $upperlimit_m2 = $18; - - #print "\nType: $type\n"; - my ($bytes, $pkts, $dropped, $overlimits); - if ($tc_output[$i + 1] =~ m/Sent (\d+) bytes (\d+) pkts \(dropped (\d+), overlimits (\d+)\)/ ) { - $bytes = $1; - $pkts = $2; - $dropped = $3; - $overlimits = $4; - #print "bytes: $bytes\n"."pkts: $pkts\n"; - #print "dropped: $dropped\n"."overlimits: $overlimits\n"; - } else { - print "$timestamp: ERROR(+1) - Unable to parse (class ${class}_$device): "; - print "\"$tc_output[$i + 1]\"\n"; - $return_val=""; - next; - } - - # Sometimes the "backlog" line is not shown (when there is no backlog...) - # Use $next_index to specify the next line to parse - # - my $next_index = 3; - my ($backlog); - if ($tc_output[$i + 2] =~ m/backlog (\d+)?p?/ ) { - $backlog = $1; - #print "backlog: $backlog\n"; - } else { - $next_index = 2; - } - - my ($period, $work, $rtwork, $level); - if ($tc_output[$i + $next_index] =~ m/period (\d+) (work (\d+) bytes )?(rtwork (\d+) bytes )?level (\d+)/ ) { - $period = $1; - $work = $3; - $rtwork = $5; - $level = $6 - } else { - print "$timestamp: ERROR(+$next_index) - Unable to parse (class ${class}_$device): "; - print "\"$tc_output[$i + $next_index]\"\n"; - $return_val=""; - next; - } - - - # Update the hash tables - my $hash="${class}_$device"; - - # Tests if previous data have been updated to file - if ( (exists $classes_data{$hash}{last_update}) && - (exists $classes_data{$hash}{file_update})) { - if ( $classes_data{$hash}{last_update} > - $classes_data{$hash}{file_update} ){ - print "Warning: old data from $hash has not been updated to file!\n"; - } - } - - # HFSC - Update the statistics data - # (need a function call for error checking) - $classes_data{$hash}{last_update} = $timestamp; - update_counter( $hash, $timestamp, "bytes" , $bytes); - #(yes I know its bad/redundant, but it makes in easier elsewhere) - update_counter( $hash, $timestamp, "bits" , $bytes*8); - update_counter( $hash, $timestamp, "pkts" , $pkts); - update_counter( $hash, $timestamp, "dropped" , $dropped); - update_counter( $hash, $timestamp, "overlimits", $overlimits); - # Not a counter value... - $classes_data{$hash}{backlog} = $backlog; - # - # Extra HFSC counters - $classes_data{$hash}{hfsc_period} = $period; - update_counter( $hash, $timestamp, "hfsc_work" , $work); - update_counter( $hash, $timestamp, "hfsc_rtwork" , $rtwork); - - - # HFSC - Update the info data - # (remember to update the "type" first) - update_info( $hash, $timestamp, "type" , $type); - update_info( $hash, $timestamp, "parent", $parent); - update_info( $hash, $timestamp, "leaf" , $leaf); - # - # Extra HFSC information - update_info( $hash, $timestamp, "level" , $level); - update_info( $hash, $timestamp, "realtime_m1", $realtime_m1); - update_info( $hash, $timestamp, "realtime_d" , $realtime_d); - update_info( $hash, $timestamp, "realtime_m2", $realtime_m2); - - update_info( $hash, $timestamp, "linkshare_m1", $linkshare_m1); - update_info( $hash, $timestamp, "linkshare_d" , $linkshare_d); - update_info( $hash, $timestamp, "linkshare_m2", $linkshare_m2); - - update_info( $hash, $timestamp, "upperlimit_m1", $upperlimit_m1); - update_info( $hash, $timestamp, "upperlimit_d" , $upperlimit_d); - update_info( $hash, $timestamp, "upperlimit_m2", $upperlimit_m2); - - - } - - # Parsing XXX: - # ------------ - if ( $line =~ m/class XXX/ ) { - print "Matching class XXX\n"; - } - - } - return $return_val; -} - -# The main purpose of this function is to detect counter resets -# and avoid parsing them on to RRDtool which interprets them -# as counter overflows, thus updating with a very large number. -sub update_counter ($$$$) { - my $class_hash = "$_[0]"; - my $timestamp = "$_[1]"; - my $data_key = "$_[2]"; - my $new_value; - if ( defined $_[3]) { - $new_value = "$_[3]"; - } - # - my $max_allowed_wrap_increase = 100000000; - my $old_value; - if (exists $classes_data{$class_hash}{$data_key}) { - $old_value = $classes_data{$class_hash}{$data_key}; - #print "old_value: $old_value\n"; - } - -# # If the new and old value is not defined, nothing is done -# if ((not defined $new_value) && (not defined $old_value)) { -# return ""; -# } - - # Argh... the tc program outputs in unsigned long long (64 bit). - # but perls integers should be 32 bit, but some how perl - # manages to store numbers larger than 32 bit numbers. - my $MAX_VALUE=0xFFFFFFFF; - - if ((defined $new_value) && (defined $old_value)) { - my $delta = $new_value - $old_value; - if ( $delta < 0 ) { - # Counter wrap around... - my $real_delta = $delta + $MAX_VALUE + 1; - if ($real_delta < 0) { - print "($class_hash:$data_key): Perl-Magic using numbers bigger than 32bit "; - print "new:$new_value - old:$old_value = delta:$delta, real_delta:$real_delta.\n"; - } - print time . " ($class_hash:$data_key) Info: Counter wrap around (real delta:$real_delta)\n"; - if ( ($real_delta > $max_allowed_wrap_increase) || - ($real_delta < 0)) { - # Properly a counter reset and not a wrap around - # A counter reset normally a result of a reload of the classes - $classes_data{$class_hash}{$data_key} = undef; - $classes_info{$class_hash}{counter_reset} = $timestamp; - $classes_info{$class_hash}{last_update} = $timestamp; - print time . "Warning: Real_delta too big, assuming Counter reset"; - print "($class_hash:$data_key)\n"; - return "Counter reset"; - } - } - } - - $classes_data{$class_hash}{$data_key} = $new_value; - return 1; -} - -sub update_info ($$$$) { - my $class_hash = "$_[0]"; - my $timestamp = "$_[1]"; - my $info_key = "$_[2]"; - my $new_value; - if ( defined $_[3]) { - $new_value = "$_[3]"; - } - my $old_value; - if (exists $classes_info{$class_hash}{$info_key}) { - $old_value = $classes_info{$class_hash}{$info_key}; - #print "old_value: $old_value\n"; - } - - # If the new and old value is not defined, nothing is done - if ((not defined $new_value) && (not defined $old_value)) { - return ""; - } - - # An update is needed - # - if the old_value is not defined and new_value is defined - # - if the new_value is not defined and old_value is defined - # - if the old_value differs from the new, - # - if ( ((not defined $old_value) and (defined $new_value)) || - ((not defined $new_value) and (defined $old_value)) || - ("$old_value" ne "$new_value")) { - - # Special case: If the "type" changes the hash should be cleared - if ( "$info_key" eq "type") { - #print "Type has changed clearing hash \n"; - for my $key ( keys %{ $classes_info{$class_hash} } ) { - delete( $classes_info{$class_hash}{$key}); - print " Deleting key: $key from: $class_hash \n"; - } - } - - if (defined $new_value) { - $classes_info{$class_hash}{$info_key} = $new_value; - } else { - #print "New value undef -> Deleting key: $info_key from: $class_hash\n"; - delete($classes_info{$class_hash}{$info_key}); - } - - # Mark the class for an info-file update - $classes_info{$class_hash}{last_update} = $timestamp; - - # Update list/array of "changed" keys - push @{ $classes_info{$class_hash}{changed} }, $info_key; - - # Print debug info - #print "Update class:$class_hash $info_key="; - #if (defined $new_value) {print "$new_value"}; - #print "\n"; - return 1; - } - return ""; -} - -# test -#parse_class(eth1); - -#print Dumper(%classes_data); -#print Dumper(%classes_info); - -return 1; diff --git a/config/updxlrator/checkup b/config/updxlrator/checkup deleted file mode 100644 index fc353f443..000000000 --- a/config/updxlrator/checkup +++ /dev/null @@ -1,248 +0,0 @@ -#!/usr/bin/perl -# -# This code is distributed under the terms of the GPL -# -# (c) 2006 marco.s -# -# $Id: checkup,v 1.0 2006/08/30 00:00:00 marco.s Exp $ -# - -use strict; - -use IO::Socket; -use HTTP::Date; - -my $swroot='/var/ipfire'; -my $scriptpath=substr($0,0,rindex($0,"/")); -my $apphome="/var/ipfire/updatexlrator"; -my $logfile="/var/log/updatexlrator/checkup.log"; -my $debug=(-e "$apphome/debug"); -my $repository='/srv/web/ipfire/html/updatecache'; -my %xlratorsettings=(); -my $download=0; -my $updatefile=''; -my $sourceurl=''; -my $remote_size=0; -my $local_size=0; -my $remote_mtime=0; -my $local_mtime=0; -my @updatelist=(); -my @metadata=(); - -@updatelist = <$repository/*>; - -my $sfUnknown = "0"; -my $sfOk = "1"; -my $sfOutdated = "2"; - -if (-e "$swroot/updatexlrator/settings") -{ - &readhash("$swroot/updatexlrator/settings", \%xlratorsettings); - if ($xlratorsettings{'FULL_AUTOSYNC'} eq 'on') { $download=1; }; -} - -foreach (@updatelist) -{ - if (!-d $_) - { - $updatefile = substr($_,rindex($_,"/")+1); - if (-e "$repository/metadata/$updatefile") - { - open (FILE,"$repository/metadata/$updatefile"); - @metadata = ; - close FILE; - chomp(@metadata); - $sourceurl = $metadata[0]; - - $remote_size = &getdownloadsize($sourceurl); - $local_size = (-s "$repository/$updatefile"); - - $remote_mtime = &getlastmod($sourceurl); - $local_mtime = &getmtime("$repository/$updatefile"); - - if ($remote_mtime eq 0) - { - $metadata[2] = $sfUnknown; - if ($debug) { &writelog("$updatefile - WARNING: Source not found"); } - print "$updatefile - WARNING: Source not found\n"; - } - elsif (($local_mtime eq $remote_mtime) && ($local_size == $remote_size)) - { - $metadata[2] = $sfOk; - $metadata[3] = time; - if ($debug) { &writelog("$updatefile"); } - print "$updatefile\n"; - } - else - { - $metadata[2] = $sfOutdated; - $metadata[3] = time; - if ($debug) { &writelog("$updatefile - WARNING: Out of date"); } - print "$updatefile - WARNING: Out of date\n"; - if ($download) - { - if ($debug) - { - 1 while $remote_size =~ s/^(-?\d+)(\d{3})/$1.$2/; - print "Please wait, retrieving file ($remote_size Byte) from source ..."; - `$scriptpath/../bin/wget -nd -nv -O $repository/$updatefile $sourceurl >>$logfile 2>&1`; - print "\n"; - } else - { - `$scriptpath/../bin/wget -nd -nv -O $repository/$updatefile $sourceurl 2>&1`; - } - $local_mtime = &getmtime("$repository/$updatefile"); - if ($local_mtime eq $remote_mtime) { $metadata[2] = $sfOk; } - } - } - open (FILE,">$repository/metadata/$updatefile"); - foreach (@metadata) { print FILE "$_\n"; } - close FILE; - } - } -} - -# ------------------------------------------------------------------- - -sub readhash -{ - my $filename = $_[0]; - my $hash = $_[1]; - my ($var, $val); - - if (-e $filename) - { - open(FILE, $filename) or die "Unable to read file $filename"; - while () - { - chop; - ($var, $val) = split /=/, $_, 2; - if ($var) - { - $val =~ s/^\'//g; - $val =~ s/\'$//g; - - # Untaint variables read from hash - $var =~ /([A-Za-z0-9_-]*)/; $var = $1; - $val =~ /([\w\W]*)/; $val = $1; - $hash->{$var} = $val; - } - } - close FILE; - } -} - -# ------------------------------------------------------------------- - -sub getmtime -{ - my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,$blksize,$blocks) = stat($_[0]); - - return $mtime; -} - -# ------------------------------------------------------------------- - -sub getlastmod -{ - my $remote=0; - my @response=(); - my $lastmoddate=0; - - my $url = $_[0]; - - $url =~ s@^(.*)://([^/]*)@@; - - my $proto = $1; - my $fqhn = $2; - - if ((-e "$swroot/red/active") && ($proto eq 'http')) - { - $remote = IO::Socket::INET->new( - PeerHost => $fqhn, - PeerPort => 'http(80)', - Timeout => 1 - ); - } - - if ($remote) - { - print $remote "HEAD $url HTTP/1.0\n"; - print $remote "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\n"; - print $remote "Host: $fqhn\n"; - print $remote "Accept: */*\n\n"; - while (<$remote>) { push(@response,$_); } - close $remote; - if ($response[0] =~ /^HTTP\/\d+\.\d+\s\d+\sOK\s*$/) - { - foreach (@response) - { - if (/^Last-Modified: /i) - { - s/^Last-Modified: //i; - $lastmoddate=HTTP::Date::str2time($_); - } - } - } - } - return $lastmoddate; -} - -# ------------------------------------------------------------------- - -sub getdownloadsize -{ - my $remote=0; - my @response=(); - my $contentlength=0; - - my $url = $_[0]; - - $url =~ s@^(.*)://([^/]*)@@; - - my $proto = $1; - my $fqhn = $2; - - if ((-e "$swroot/red/active") && ($proto eq 'http')) - { - $remote = IO::Socket::INET->new( - PeerHost => $fqhn, - PeerPort => 'http(80)', - Timeout => 1 - ); - } - - if ($remote) - { - print $remote "HEAD $url HTTP/1.0\n"; - print $remote "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\n"; - print $remote "Host: $fqhn\n"; - print $remote "Accept: */*\n\n"; - while (<$remote>) { push(@response,$_); } - close $remote; - if ($response[0] =~ /^HTTP\/\d+\.\d+\s\d+\sOK\s*$/) - { - foreach (@response) - { - if (/^Content-Length: /i) - { - s/^Content-Length: //i; - $contentlength=int($_); - } - } - } - } - return $contentlength; -} - -# ------------------------------------------------------------------- - -sub writelog -{ - open (LOGFILE,">>$logfile"); - my @now = localtime(time); - printf LOGFILE "%02d:%02d:%02d %s\n",$now[2],$now[1],$now[0],$_[0]; - close LOGFILE; -} - -# ------------------------------------------------------------------- diff --git a/config/updxlrator/download b/config/updxlrator/download deleted file mode 100644 index f2af9f8e0..000000000 --- a/config/updxlrator/download +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# This code is distributed under the terms of the GPL -# -# (c) 2006 marco.s -# -# $Id: download,v 1.0 2006/08/30 00:00:00 marco.s Exp $ -# - -use strict; - -my $logfile="/var/log/updatexlrator/download.log"; -my $debug = 0; -my $updcachedir="/srv/web/ipfire/html/updatecache"; -my $updfile=''; -my @metadata=(); - -my $sfOk="1"; - -my $dsturl=@ARGV[0]; if ($dsturl eq '') { exit; } - -$dsturl =~ s@\%2f@/@ig; -$updfile = substr($dsturl,rindex($dsturl,"/")+1); - -# --------------------------------------------------------------- -# Retrieve file -# --------------------------------------------------------------- - -if ($debug) -{ - &writelog("Retrieving file for local cache: $updfile"); - `/usr/bin/wget -nc -nd -nv -P $updcachedir/download $dsturl >>$logfile 2>&1`; -} else -{ - `/usr/bin/wget -nc -nd -nv -P $updcachedir/download $dsturl 2>&1`; -} - -if ($debug) { &writelog("Moving file into the cache directory -> \"$updcachedir/$updfile\""); } -system("mv $updcachedir/download/$updfile $updcachedir"); - -# --------------------------------------------------------------- -# Write metadata -# --------------------------------------------------------------- - -if ($debug) { &writelog("Writing metadata \"$updcachedir/metadata/$updfile\""); } - -open(FILE,"$updcachedir/metadata/$updfile"); -@metadata = ; -close(FILE); -chomp @metadata; -$metadata[2]="$sfOk"; -$metadata[3]=time; -open(FILE,">$updcachedir/metadata/$updfile"); -foreach (@metadata) { print FILE "$_\n"; } -print FILE time."\n"; -close(FILE); - -# =============================================================== - -sub writelog -{ - open (LOGFILE,">>$logfile"); - my @now = localtime(time); - printf LOGFILE "%02d:%02d:%02d %s\n",$now[2],$now[1],$now[0],$_[0]; - close LOGFILE; -} - -# =============================================================== diff --git a/config/updxlrator/updxlrator b/config/updxlrator/updxlrator deleted file mode 100644 index 33f8d89ef..000000000 --- a/config/updxlrator/updxlrator +++ /dev/null @@ -1,343 +0,0 @@ -#!/usr/bin/perl -# -# This code is distributed under the terms of the GPL -# -# (c) 2006 marco.s -# -# $Id: updxlrator,v 1.0 2006/10/03 00:00:00 marco.s Exp $ -# - -use strict; - -use IO::Socket; - -$|=1; - -my $swroot="/var/ipfire"; -my $updcachedir="/srv/web/ipfire/html/updatecache"; -my %netsettings=(); -my %xlratorsettings=(); -my $http_port="81"; -my $logfile="/var/log/updatexlrator/cache.log"; -my $logging=0; -my $passive_mode=0; -my $maxusage=0; -my $nice=''; -my @tmp=(); -my $now=''; -my $request=''; -my $from_local_cache=0; -my $dsturl=''; -my $hostaddr=''; -my $username=''; -my $method=''; -my @metadata=(); - -my $sfNoSource = "0"; -my $sfOk = "1"; -my $sfOutdated = "2"; - -unless (-d "$updcachedir/metadata") -{ - unless (-d "$updcachedir") { mkdir "$updcachedir"; } - mkdir "$updcachedir/metadata"; - system("chown nobody.squid $updcachedir"); - system("chmod 775 $updcachedir"); - system("chown nobody.squid $updcachedir/metadata"); - system("chmod 775 $updcachedir/metadata"); -} - -readhash("${swroot}/ethernet/settings", \%netsettings); - -if (-e "$swroot/updatexlrator/settings") -{ - &readhash("$swroot/updatexlrator/settings", \%xlratorsettings); - if ($xlratorsettings{'ENABLE_LOG'} eq 'on') { $logging=1; }; - if ($xlratorsettings{'PASSIVE_MODE'} eq 'on') { $passive_mode=1; }; - $maxusage=$xlratorsettings{'MAX_DISK_USAGE'}; - if ($xlratorsettings{'LOW_DOWNLOAD_PRIORITY'} eq 'on') { $nice='/bin/nice --adjustment=15 '; }; -} -if (!$maxusage) { $maxusage=75; }; - - -while (<>) { - - $request=$_; - $from_local_cache=0; - - @tmp=split(/ /,$request); - chomp(@tmp); - - $dsturl =$tmp[0]; - $hostaddr=$tmp[1]; while ($hostaddr =~ /.*\/$/) { chop $hostaddr; } - $username=$tmp[2]; if ($username eq '') { $username='-'; }; - $method =$tmp[3]; - - if (($method eq 'GET') || ($method eq 'HEAD')) - { - - # ----------------------------------------------------------- - # Section: Windows Update / Windows Downloads - # ----------------------------------------------------------- - - if ( - (($dsturl =~ m@^http://[^/]*\.microsoft\.com/.*\.(exe|psf|msi)$@i) || - ($dsturl =~ m@^http://[^/]*\.windowsupdate\.com/.*\.(exe|psf|cab)$@i)) - && ($dsturl !~ m@^http://[^/]*\.microsoft\.com/.*(/autoupd|selfupdate/).*\.cab@i) - && ($dsturl !~ m@\&@) - ) - { - $from_local_cache = &cache_access($dsturl,$hostaddr,$username,"Microsoft"); - } - - # ----------------------------------------------------------- - # Section: Adobe Downloads - # ----------------------------------------------------------- - - if ($dsturl =~ m@^http://(ar)?download\.adobe\.com/.*\.(exe|bin|dmg|idx|gz)$@i) - { - $from_local_cache = &cache_access($dsturl,$hostaddr,$username,"Adobe"); - } - - # ----------------------------------------------------------- - # Section: Symantec Downloads - # ----------------------------------------------------------- - - if ($dsturl =~ m@^[f|h]t?tp://[^/]*\.symantec(liveupdate)?\.com/.*\.(exe|zip|xdb)$@i) - { - $from_local_cache = &cache_access($dsturl,$hostaddr,$username,"Symantec"); - } - - # ----------------------------------------------------------- - # Section: Avira Downloads - # ----------------------------------------------------------- - - if ($dsturl =~ m@^http://dl[0-9]\.avgate\.net/.*\.(htm|html|gz)$@i) - { - $from_local_cache = &cache_access($dsturl,$hostaddr,$username,"Avira"); - } - - # ----------------------------------------------------------- - # Section: Avast Downloads - # ----------------------------------------------------------- - - if ($dsturl =~ m@^http://download[0-99]\.avast\.com/.*\.(exe|zip|vps|stamp|vpu)$@i) - { - $from_local_cache = &cache_access($dsturl,$hostaddr,$username,"Avast"); - } - - # ----------------------------------------------------------- - # Section: IPFire Downloads - # ----------------------------------------------------------- - - if ($dsturl =~ m@^[f|h]t?tp://.*\.(ipfire)$@i) - { - $from_local_cache = &cache_access($dsturl,$hostaddr,$username,"IPFire"); - } - - # ----------------------------------------------------------- - # Section: Linux Downloads - # ----------------------------------------------------------- - - if ($dsturl =~ m@^[f|h]t?tp://.*\.(deb|rpm)$@i) - { - $from_local_cache = &cache_access($dsturl,$hostaddr,$username,"Linux"); - } - - # ----------------------------------------------------------- - - # ----------------------------------------------------------- - # Section: Apple Downloads - # ----------------------------------------------------------- - - if ($dsturl =~ m@^[f|h]t?tp://swcdn\.apple.*\.(pkm|tar)$@i) - { - $from_local_cache = &cache_access($dsturl,$hostaddr,$username,"Apple"); - } - - # ----------------------------------------------------------- - # Section: Kaspersky Downloads - # not working properly - # ----------------------------------------------------------- - - #if ($dsturl =~ m@^http://dnl-.*\.kaspersky-labs\.com\/(diffs|bases|AutoPatches).*$@i) - #{ - #$from_local_cache = &cache_access($dsturl,$hostaddr,$username,"Kaspersky"); - #} - - # ----------------------------------------------------------- - - } - - if ($from_local_cache) { $request="http://$netsettings{'GREEN_ADDRESS'}:$http_port/updatecache/".substr($dsturl,rindex($dsturl,"/")+1)." $hostaddr $username $method\n"; } - - print $request; -} - -# ------------------------------------------------------------------- - -sub readhash -{ - my $filename = $_[0]; - my $hash = $_[1]; - my ($var, $val); - - if (-e $filename) - { - open(FILE, $filename) or die "Unable to read file $filename"; - while () - { - chop; - ($var, $val) = split /=/, $_, 2; - if ($var) - { - $val =~ s/^\'//g; - $val =~ s/\'$//g; - - # Untaint variables read from hash - $var =~ /([A-Za-z0-9_-]*)/; $var = $1; - $val =~ /([\w\W]*)/; $val = $1; - $hash->{$var} = $val; - } - } - close FILE; - } -} - -# ------------------------------------------------------------------- - -sub writelog -{ - open(LOGFILE,">>$logfile"); - print LOGFILE time." $_[0] $_[1] $_[2] $_[3] $_[4]\n"; - close(LOGFILE); -} - -# ------------------------------------------------------------------- - -sub diskfree -{ - open(DF,"/bin/df --block-size=1 $_[0]|"); - while() - { - unless ($_ =~ m/^Filesystem/ ) - { - my ($device,$size,$used,$free,$percent,$mount) = split; - if ($free =~ m/^(\d+)$/) - { - close DF; - return $free; - } - } - } - close DF; -} - -# ------------------------------------------------------------------- - -sub diskusage -{ - open(DF,"/bin/df $_[0]|"); - while() - { - unless ($_ =~ m/^Filesystem/ ) - { - my ($device,$size,$used,$free,$percent,$mount) = split; - if ($percent =~ m/^(\d+)%$/) - { - close DF; - $percent =~ s/%$//; - return $percent; - } - } - } - close DF; -} - -# ------------------------------------------------------------------- - -sub getdownloadsize -{ - my $remote=0; - my @response=(); - my $contentlength=0; - - my $url = $_[0]; - - $url =~ s@^(.*)://([^/]*)@@; - - my $proto = $1; - my $fqhn = $2; - - if ((-e "$swroot/red/active") && ($proto eq 'http')) - { - $remote = IO::Socket::INET->new( - PeerHost => $fqhn, - PeerPort => 'http(80)', - Timeout => 1 - ); - } - - if ($remote) - { - print $remote "HEAD $url HTTP/1.0\n"; - print $remote "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\n"; - print $remote "Host: $fqhn\n"; - print $remote "Accept: */*\n\n"; - while (<$remote>) { push(@response,$_); } - close $remote; - if ($response[0] =~ /^HTTP\/\d+\.\d+\s\d+\sOK\s*$/) - { - foreach (@response) - { - if (/^Content-Length: /i) - { - s/^Content-Length: //i; - $contentlength=$_; - } - } - } - } - return $contentlength; -} - -# ------------------------------------------------------------------- - -sub cache_access -{ - my $updsource="UPDCACHE"; - my $updfile=''; - my $do_redirect=0; - - $_[0] =~ s@\%2f@/@ig; - $updfile = substr($_[0],rindex($_[0],"/")+1); - - if (!-e "$updcachedir/metadata/$updfile") - { - open(FILE,">$updcachedir/metadata/$updfile"); - print FILE "$_[0]\n$_[3]\n$sfOutdated\n0\n"; - close(FILE); - } - - if (-e "$updcachedir/$updfile") - { - open(FILE,">>$updcachedir/metadata/$updfile"); - print FILE time."\n"; - close(FILE); - $do_redirect=1; - } - else - { - $updsource="DLSOURCE"; - if ((!$passive_mode) && (&diskusage($updcachedir) <= $maxusage) && (&getdownloadsize <= &diskfree($updcachedir)) && (!-e "$updcachedir/download/$updfile")) - { - system("$nice/var/ipfire/updatexlrator/bin/download $_[0] &"); - } - } - - if ($logging) { &writelog($_[1],$_[2],$_[3],$updsource,$_[0]); } - - return $do_redirect; -} - -# ------------------------------------------------------------------- diff --git a/config/urlfilter/autoupdate.pl b/config/urlfilter/autoupdate.pl deleted file mode 100644 index 6d61f4374..000000000 --- a/config/urlfilter/autoupdate.pl +++ /dev/null @@ -1,213 +0,0 @@ -#!/usr/bin/perl -# -# This code is distributed under the terms of the GPL -# -# (c) 2004-2007 marco.s - http://www.urlfilter.net -# -# $Id: autoupdate.pl,v 1.1 2007/03/14 00:00:00 marco.s Exp $ -# -use strict; - -my $make_clean = 1; - -my $swroot = "/var/ipfire"; -my $target = "$swroot/urlfilter/download"; -my $tempdb = "$target/blacklists"; -my $dbdir = "$swroot/urlfilter/blacklists"; - -my $sourceurlfile = "$swroot/urlfilter/autoupdate/autoupdate.urls"; -my $updconffile = "$swroot/urlfilter/autoupdate/autoupdate.conf"; -my $updflagfile = "$swroot/urlfilter/blacklists/.autoupdate.last"; - -my %cgiparams; -my %updatesettings; -my $blacklist_url; -my $blacklist_src; -my $source_url; -my $source_name; -my @source_urllist; - -my @categories; -my $blacklist; -my $category; - -my $exitcode = 1; - -if (-e "$sourceurlfile") -{ - open(FILE, $sourceurlfile); - @source_urllist = ; - close(FILE); -} - -if (-e "$updconffile") { &readhash("$updconffile", \%updatesettings); } - -if (@ARGV[0] =~ m@^(f|h)tt?ps?://@) { $updatesettings{'UPDATE_SOURCE'} = @ARGV[0]; } - -if ($updatesettings{'UPDATE_SOURCE'} eq 'custom') -{ - $blacklist_url=$updatesettings{'CUSTOM_UPDATE_URL'}; -} else { - $blacklist_url=$updatesettings{'UPDATE_SOURCE'}; - foreach (@source_urllist) - { - chomp; - $source_name = substr($_,0,rindex($_,",")); - $source_url = substr($_,index($_,",")+1); - if ($blacklist_url eq $source_url) { $blacklist_src=$source_name; } - } -} - -if ($blacklist_src eq '') { $blacklist_src="custom source URL"; } - -$blacklist_url =~ s/\&/\\\&/; - -$blacklist=substr($blacklist_url,rindex($blacklist_url,"/")+1); -if (($blacklist =~ /\?/) || (!($blacklist =~ /\.t(ar\.)?gz$/))) { $blacklist = 'blacklist.tar.gz'; } -$blacklist=$target.'/'.$blacklist; - -unless ($blacklist_url eq '') -{ - - if (-d $target) { system("rm -rf $target"); } - system("mkdir $target"); - - system("/usr/bin/wget -o $target/wget.log -O $blacklist $blacklist_url"); - - if (-e $blacklist) - { - system("/bin/tar --no-same-owner -xzf $blacklist -C $target"); - if (-d "$target/BL") { system ("mv $target/BL $target/blacklists"); } - if (-d "$tempdb") - { - undef(@categories); - &getblockcategory ($tempdb); - foreach (@categories) { $_ = substr($_,length($tempdb)+1); } - - open(FILE, ">$target/update.conf"); - flock FILE, 2; - print FILE "logdir $target\n"; - print FILE "dbhome $tempdb\n\n"; - - foreach $category (@categories) { - $blacklist = $category; - $category =~ s/\//_/g; - print FILE "dest $category {\n"; - if (-s "$tempdb/$blacklist/domains") { - print FILE " domainlist $blacklist\/domains\n"; - } - if (-s "$tempdb/$blacklist/urls") { - print FILE " urllist $blacklist\/urls\n"; - } - print FILE "}\n\n"; - $category = $blacklist; - } - - print FILE "acl {\n"; - print FILE " default {\n"; - print FILE " pass none\n"; - print FILE " }\n"; - print FILE "}\n"; - close FILE; - - system("/usr/sbin/squidGuard -d -c $target/update.conf -C all"); - - system("cp -r $target/blacklists/* $dbdir"); - - system("chown -R nobody.nobody $dbdir"); - - &setpermissions ($dbdir); - - system("touch $updflagfile"); - system("chown nobody.nobody $updflagfile"); - - system("/usr/local/bin/restartsquid"); - - system("logger -t installpackage[urlfilter] \"URL filter blacklist - Update from $blacklist_src completed\""); - - $exitcode = 0; - - } else { - system("logger -t installpackage[urlfilter] \"URL filter blacklist - ERROR: Not a valid URL filter blacklist\""); - } - } else { - system("logger -t installpackage[urlfilter] \"URL filter blacklist - ERROR: Unable to retrieve blacklist from $blacklist_src\""); - } - -} else { - system("logger -t installpackage[urlfilter] \"URL filter blacklist - ERROR: No update source defined\""); -} - -if ((-d $target) && ($make_clean)) { system("rm -rf $target"); } - -exit $exitcode; - -# ------------------------------------------------------------------- - -sub readhash -{ - my $filename = $_[0]; - my $hash = $_[1]; - my ($var, $val); - - if (-e $filename) - { - open(FILE, $filename) or die "Unable to read file $filename"; - while () - { - chop; - ($var, $val) = split /=/, $_, 2; - if ($var) - { - $val =~ s/^\'//g; - $val =~ s/\'$//g; - - # Untaint variables read from hash - $var =~ /([A-Za-z0-9_-]*)/; $var = $1; - $val =~ /([\w\W]*)/; $val = $1; - $hash->{$var} = $val; - } - } - close FILE; - } -} - -# ------------------------------------------------------------------- - -sub getblockcategory -{ - foreach $category (<$_[0]/*>) - { - if (-d $category) - { - if ((-s "$category/domains") || (-s "$category/urls")) - { - unless ($category =~ /\bcustom\b/) { push(@categories,$category); } - } - &getblockcategory ($category); - } - } -} - -# ------------------------------------------------------------------- - -sub setpermissions -{ - my $bldir = $_[0]; - - foreach $category (<$bldir/*>) - { - if (-d $category){ - system("chmod 755 $category &> /dev/null"); - foreach $blacklist (<$category/*>) - { - if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); } - if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); } - } - system("chmod 666 $category/*.db &> /dev/null"); - &setpermissions ($category); - } - } -} - -# ------------------------------------------------------------------- diff --git a/config/urlfilter/autoupdate.urls b/config/urlfilter/autoupdate.urls deleted file mode 100644 index a42191902..000000000 --- a/config/urlfilter/autoupdate.urls +++ /dev/null @@ -1,3 +0,0 @@ -Shalla Secure Services,http://squidguard.shalla.de/Downloads/shallalist.tar.gz -MESD,http://squidguard.mesd.k12.or.us/blacklists.tgz -Univ. Toulouse,ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz diff --git a/config/urlfilter/blacklists.tar.gz b/config/urlfilter/blacklists.tar.gz deleted file mode 100644 index dc21990be..000000000 Binary files a/config/urlfilter/blacklists.tar.gz and /dev/null differ diff --git a/config/urlfilter/makeconf.pl b/config/urlfilter/makeconf.pl deleted file mode 100644 index 914461167..000000000 --- a/config/urlfilter/makeconf.pl +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/perl - -$swroot="/var/ipfire"; -$logdir="/var/log/squidGuard"; -$dbdir="/var/ipfire/urlfilter/blacklists"; - -print "Creating configuration file "; -foreach $blacklist (<$dbdir/*>) -{ - if (-d $blacklist) - { - $lastslashpos = rindex($blacklist,"/"); - $section = substr($blacklist,$lastslashpos+1); - push(@categories,$section); - } -} -open(FILE, ">$swroot/urlfilter/squidGuard.conf"); -print FILE "logdir $logdir\n"; -print FILE "dbhome $dbdir\n\n"; -foreach $category (@categories) -{ - print FILE "dest $category {\n"; - if (-e "$dbdir/$category/domains") { - print FILE " domainlist $category\/domains\n"; - } - if (-e "$dbdir/$category/urls") { - print FILE " urllist $category\/urls\n"; - } - print FILE "}\n\n"; -} -print FILE "acl {\n"; -print FILE " default {\n"; -print FILE " pass all\n"; -print FILE " }\n"; -print FILE "}\n"; -close FILE; -print "\n"; - -print "Building blacklist databases "; -system("$swroot/urlfilter/bin/prebuild.pl"); -print "\n"; - -print "Creating custom directories "; -mkdir("$dbdir/custom"); -mkdir("$dbdir/custom/allowed"); -mkdir("$dbdir/custom/blocked"); -system("touch $dbdir/custom/allowed/domains"); -system("touch $dbdir/custom/allowed/urls"); -system("touch $dbdir/custom/blocked/domains"); -system("touch $dbdir/custom/blocked/urls"); -print "\n"; - -exit diff --git a/config/urlfilter/prebuild.pl b/config/urlfilter/prebuild.pl deleted file mode 100644 index 94138e1ef..000000000 --- a/config/urlfilter/prebuild.pl +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/perl -# -# This code is distributed under the terms of the GPL -# -# (c) written from scratch -# - -$dbdir="/var/ipfire/urlfilter/blacklists"; - -system("/usr/bin/squidGuard -C all"); - -if (-e "$dbdir/custom/allowed/domains.db") { unlink("$dbdir/custom/allowed/domains.db"); } -if (-e "$dbdir/custom/allowed/urls.db") { unlink("$dbdir/custom/allowed/urls.db"); } -if (-e "$dbdir/custom/blocked/domains.db") { unlink("$dbdir/custom/blocked/domains.db"); } -if (-e "$dbdir/custom/blocked/urls.db") { unlink("$dbdir/custom/blocked/urls.db"); } - -system("chown -R nobody.nobody $dbdir"); - -&setpermissions ($dbdir); - -# ------------------------------------------------------------------- - -sub setpermissions -{ - my $bldir = $_[0]; - - foreach $category (<$bldir/*>) - { - if (-d $category){ - system("chmod 755 $category &> /dev/null"); - foreach $blacklist (<$category/*>) - { - if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); } - if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); } - } - system("chmod 666 $category/*.db &> /dev/null"); - &setpermissions ($category); - } - } -} - -# ------------------------------------------------------------------- diff --git a/config/urlfilter/redirect_wrapper b/config/urlfilter/redirect_wrapper deleted file mode 100644 index 076764188..000000000 --- a/config/urlfilter/redirect_wrapper +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -# Based on Steffen Schoch (sschoch@users.sourceforge.net) # -# # -############################################################################### - -use strict; -use IPC::Open2; -use IO::Handle; - -# define here your redirectors (use a comma sperated list) -my $redirectors = [ '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ]; - -# Attention: keep in mind that the order of your redirectors is important. -# It doesn't make sense to scan for viruses on pages you restrict access to... -# So place first your tools which restrict access, then the tools which do the -# content filtering! - - -##### no need to change anything below this line ##### - -# init -$| = 1; -STDOUT->autoflush(1); -my $line; -my $return; -my $i; - -# open progamms -my $pidlist = []; -my $rlist = []; -my $wlist = []; -for($i = 0; $i < @$redirectors; $i++) { - $pidlist->[$i] = open2($rlist->[$i], $wlist->[$i], $redirectors->[$i]); -} - -# wait for data... -while($line = <>) { - for($i = 0; $i < @$redirectors; $i++) { - $wlist->[$i]->print($line); - $return = $rlist->[$i]->getline; - last if($return ne "\n" and $return ne $line); - # break if redirector changes data - } - print $return; -} -exit 0; diff --git a/config/urlfilter/squidGuard.conf b/config/urlfilter/squidGuard.conf deleted file mode 100644 index 0232eadb8..000000000 --- a/config/urlfilter/squidGuard.conf +++ /dev/null @@ -1,8 +0,0 @@ -logdir /var/log/squidGuard -dbhome /var/ipfire/urlfilter/blacklists - -acl { - default { - pass all - } -} diff --git a/lfs/initrd b/lfs/initrd deleted file mode 100644 index a4aa83fb9..000000000 --- a/lfs/initrd +++ /dev/null @@ -1,85 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -VER = ipfire - -THISAPP = initrd -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) - -############################################################################### -# Top-level Rules -############################################################################### - -install : $(TARGET) - -check : - -download : - -md5 : - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : - @$(PREBUILD) - rm -f /install/images/initrd - - # Finish up initrd directory - -mkdir -p /install/initrd/{dev,etc,mnt,root,lib/modules/$(KVER)-ipfire/kernel/drivers,cdrom,dev,harddisk,proc,tmp,usr/share/terminfo/l,var/run,sys} && \ - cd /install/initrd/etc && rm -f fstab - cp -aRf $(DIR_SRC)/config/install/* /install/initrd/etc/ - rm -rf /install/initrd/etc{,/udev,/udev/rules.d}/.svn - rm -rf /install/initrd/usr/share/man - chmod 755 /install/initrd/etc/halt /install/initrd/etc/rc - cp -f /usr/share/terminfo/l/linux /install/initrd/usr/share/terminfo/l - - # make new dependencies - depmod -a -F /boot/System.map-$(KVER)-ipfire $(KVER)-ipfire - depmod -a -F /boot/System.map-$(KVER)-ipfire-smp $(KVER)-ipfire-smp - - cp -a /lib/modules/$(KVER)-ipfire/ /install/initrd/lib/modules/ - rm -rf /install/initrd/lib/modules/$(KVER)-ipfire/{build,source,misc/*,kernel/{crypro,sound,net}} \ - /install/initrd/lib/modules/$(KVER)-ipfire/kernel/drivers/message/fusion/mptlan* - - cp /opt/$(MACHINE)-uClibc/lib/libgcc_s.so.1 /install/initrd/lib/ - - cd /install/initrd/lib/ && ln -sf libgcc_s.so.1 libgcc_s.so - - -mkdir -p /install/{images,mnt} - rm -rf /install/mnt/* - - cp -aR /install/initrd/* /install/mnt - - # make new dependencies - depmod -a -F /boot/System.map-$(KVER)-ipfire $(KVER)-ipfire - - mksquashfs /install/initrd /install/images/initrd - cd /install/initrd && find ./ -ls > $(DIR_INFO)/_build.initrd.log - - @$(POSTBUILD) diff --git a/lfs/initscripts b/lfs/initscripts index 563fe6070..8111b9d04 100644 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -56,7 +56,6 @@ $(TARGET) : install -d -m 755 /etc/rc.d/init.d/networking install -d -m 755 /etc/rc.d/init.d/networking/red.up install -d -m 755 /etc/rc.d/init.d/networking/red.down - install -d -m 755 /etc/rc.d/helper install -d -m 755 /etc/sysconfig -rm -rf /etc/init.d ln -svf rc.d/init.d /etc/init.d @@ -85,10 +84,6 @@ $(TARGET) : done chmod -v 755 /etc/sysconfig/{firewall,rc}.local - for i in $(DIR_SRC)/src/initscripts/helper/*; do \ - install -v -m 755 $$i /etc/rc.d/helper/; \ - done - ln -sf ../init.d/sysklogd /etc/rc.d/rc0.d/K90sysklogd ln -sf ../init.d/sendsignals /etc/rc.d/rc0.d/S60sendsignals ln -sf ../init.d/localnet /etc/rc.d/rc0.d/S70localnet diff --git a/lfs/stage3 b/lfs/stage3 index c8c735433..1c8c7ba21 100644 --- a/lfs/stage3 +++ b/lfs/stage3 @@ -47,83 +47,20 @@ $(TARGET) : @$(PREBUILD) # Create all directories - for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dmzholes \ - ethernet extrahd/bin fwlogs isdn key logging main mbmon menu.d modem net-traffic \ - net-traffic/templates nfs optionsfw outgoing/bin patches pakfire portfw \ - ppp private proxy/advanced/cre proxy/calamaris/bin qos/bin red remote snort time tripwire/report \ - updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \ - wakeonlan wireless xtaccess ; do \ - mkdir -p $(CONFIG_ROOT)/$$i; \ + for i in auth ca certs crls; do \ + mkdir -p $(CONFIG_ROOT)/$$i; \ done # Touch empty files - for i in auth/users backup/include.user backup/exclude.user \ - certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \ - dhcp/fixleases dhcp/advoptions dmzholes/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \ - extrahd/scan extrahd/devices extrahd/partitions extrahd/settings fwlogs/ipsettings fwlogs/portsettings \ - isdn/settings main/hosts main/settings net-traffic/settings optionsfw/settings outgoing/settings outgoing/rules pakfire/settings \ - portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ - ppp/settings-5 ppp/settings proxy/settings proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \ - qos/tosconfig snort/settings tripwire/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \ - vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \ - touch $(CONFIG_ROOT)/$$i; \ + for i in auth/users certs/index.txt; do \ + touch $(CONFIG_ROOT)/$$i; \ done - - # Copy initial configfiles - cp $(DIR_SRC)/config/cfgroot/header.pl $(CONFIG_ROOT)/ - cp $(DIR_SRC)/config/cfgroot/general-functions.pl $(CONFIG_ROOT)/ - cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/ - cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/ - cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/ - cp $(DIR_SRC)/config/cfgroot/advoptions-list $(CONFIG_ROOT)/dhcp/advoptions-list - cp $(DIR_SRC)/config/cfgroot/connscheduler-lib.pl $(CONFIG_ROOT)/connscheduler/lib.pl - cp $(DIR_SRC)/config/cfgroot/connscheduler.conf $(CONFIG_ROOT)/connscheduler - cp $(DIR_SRC)/config/extrahd/* $(CONFIG_ROOT)/extrahd/bin/ - cp $(DIR_SRC)/config/cfgroot/mbmon-settings $(CONFIG_ROOT)/mbmon/settings - cp $(DIR_SRC)/config/menu/* $(CONFIG_ROOT)/menu.d/ - cp $(DIR_SRC)/config/cfgroot/modem-defaults $(CONFIG_ROOT)/modem/defaults - cp $(DIR_SRC)/config/cfgroot/modem-settings $(CONFIG_ROOT)/modem/settings - cp $(DIR_SRC)/config/cfgroot/net-traffic-lib.pl $(CONFIG_ROOT)/net-traffic/net-traffic-lib.pl - cp $(DIR_SRC)/config/cfgroot/net-traffic-admin.pl $(CONFIG_ROOT)/net-traffic/net-traffic-admin.pl - cp $(DIR_SRC)/config/cfgroot/nfs-server $(CONFIG_ROOT)/nfs/nfs-server - cp $(DIR_SRC)/config/cfgroot/p2protocols $(CONFIG_ROOT)/outgoing/p2protocols - cp $(DIR_SRC)/config/outgoingfw/outgoingfw.pl $(CONFIG_ROOT)/outgoing/bin/ - cp $(DIR_SRC)/config/outgoingfw/defaultservices $(CONFIG_ROOT)/outgoing/ - cp $(DIR_SRC)/config/cfgroot/proxy-acl $(CONFIG_ROOT)/proxy/acl-1.4 - cp $(DIR_SRC)/config/qos/* $(CONFIG_ROOT)/qos/bin/ - cp $(DIR_SRC)/config/cfgroot/ssh-settings $(CONFIG_ROOT)/remote/settings - cp $(DIR_SRC)/config/cfgroot/xtaccess-config $(CONFIG_ROOT)/xtaccess/config - cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings - cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings - cp $(DIR_SRC)/config/cfgroot/useragents $(CONFIG_ROOT)/proxy/advanced - + # Oneliner configfiles - echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings - echo "VPN_DELAYED_START=0" >>$(CONFIG_ROOT)/vpn/settings echo "01" > $(CONFIG_ROOT)/certs/serial - echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf - echo "DISABLEPING=NO" > $(CONFIG_ROOT)/optionsfw/settings - - # Modify variables in header.pl - sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \ - -e "s+VERSION+$(VERSION)+g" \ - $(CONFIG_ROOT)/header.pl - - # Modify variables in general-functions.pl - sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \ - -e "s+VERSION+$(VERSION)+g" \ - $(CONFIG_ROOT)/general-functions.pl - - # Modify CONFIG_ROOT in lang.pl - sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \ - $(CONFIG_ROOT)/lang.pl - + # Configroot permissions chown -R nobody:nobody $(CONFIG_ROOT) chown root:root $(CONFIG_ROOT) - for i in backup/ header.pl general-functions.pl lang.pl addon-lang/ red/ ; do \ - chown -R root:root $(CONFIG_ROOT)/$$i; \ - done - chown root:nobody $(CONFIG_ROOT)/dhcpc @$(POSTBUILD) diff --git a/src/initscripts/helper/getdnsfromdhcpc.pl b/src/initscripts/helper/getdnsfromdhcpc.pl deleted file mode 100644 index c1e59e265..000000000 --- a/src/initscripts/helper/getdnsfromdhcpc.pl +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; -require '/var/ipfire/general-functions.pl'; - -my $count = $ARGV[0]; -my ($dhcp, $dns, @alldns, %dhcpc); - -if ($count eq "" || $count < 1) { - die "Bad DNS number given"; } - -if (open(FILE, "${General::swroot}/red/iface")) { - my $iface = ; - close FILE; - chomp ($iface); - if (!&General::readhash("${General::swroot}/dhcpc/dhcpcd-$iface.info", \%dhcpc)) { - die "Could not open dhcpc info file"; - } -} else { - die "Could not open interface file"; -} - - -$dns = $dhcpc{'DNS'}; - -@alldns = split(',', $dns); - -print "$alldns[$count - 1]\n"; diff --git a/src/initscripts/helper/writeipac.pl b/src/initscripts/helper/writeipac.pl deleted file mode 100644 index 5b0b754fa..000000000 --- a/src/initscripts/helper/writeipac.pl +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; -require '/var/ipfire/general-functions.pl'; - -my %settings; -my $iface; - -General::readhash("${General::swroot}/ethernet/settings", \%settings); - -if (!open(FILE, '>/etc/ipac-ng/rules.conf')) { - die "Unable to create /etc/ipac-ng/rules.conf"; } - -if (open(IFACE, "${General::swroot}/red/iface")) -{ - $iface = ; - close IFACE; - chomp ($iface); -} - -print FILE "incoming GREEN ($settings{'GREEN_DEV'})|ipac~o|$settings{'GREEN_DEV'}|all|||\n"; -print FILE "outgoing GREEN ($settings{'GREEN_DEV'})|ipac~i|$settings{'GREEN_DEV'}|all|||\n"; -print FILE "forwarded incoming GREEN ($settings{'GREEN_DEV'})|ipac~fi|$settings{'GREEN_DEV'}|all|||\n"; -print FILE "forwarded outgoing GREEN ($settings{'GREEN_DEV'})|ipac~fo|$settings{'GREEN_DEV'}|all|||\n"; - -if ($settings{'CONFIG_TYPE'} =~ /^(2|4)$/ ) -{ - print FILE "incoming ORANGE ($settings{'ORANGE_DEV'})|ipac~o|$settings{'ORANGE_DEV'}|all|||\n"; - print FILE "outgoing ORANGE ($settings{'ORANGE_DEV'})|ipac~i|$settings{'ORANGE_DEV'}|all|||\n"; - print FILE "forwarded incoming ORANGE ($settings{'ORANGE_DEV'})|ipac~fi|$settings{'ORANGE_DEV'}|all|||\n"; - print FILE "forwarded outgoing ORANGE ($settings{'ORANGE_DEV'})|ipac~fo|$settings{'ORANGE_DEV'}|all|||\n"; -} - -if ($settings{'CONFIG_TYPE'} =~ /^(3|4)$/ ) -{ - print FILE "incoming BLUE ($settings{'BLUE_DEV'})|ipac~o|$settings{'BLUE_DEV'}|all|||\n"; - print FILE "outgoing BLUE ($settings{'BLUE_DEV'})|ipac~i|$settings{'BLUE_DEV'}|all|||\n"; - print FILE "forwarded incoming BLUE ($settings{'BLUE_DEV'})|ipac~fi|$settings{'BLUE_DEV'}|all|||\n"; - print FILE "forwarded outgoing BLUE ($settings{'BLUE_DEV'})|ipac~fo|$settings{'BLUE_DEV'}|all|||\n"; -} -if ($iface) { - print FILE "incoming RED ($iface)|ipac~o|$iface|all|||\n"; - print FILE "outgoing RED ($iface)|ipac~i|$iface|all|||\n"; - print FILE "forwarded incoming RED ($iface)|ipac~fi|$iface|all|||\n"; - print FILE "forwarded outgoing RED ($iface)|ipac~fo|$iface|all|||\n"; -} - -close FILE; diff --git a/src/initscripts/init.d/applejuice b/src/initscripts/init.d/applejuice deleted file mode 100644 index d8bbc8c50..000000000 --- a/src/initscripts/init.d/applejuice +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh -######################################################################## -# Begin $rc_base/init.d/applejuice -# -# Description : Applejuice Init script -# -# Authors : Michael Tremer - www.ipfire.org -# -# Version : 01.00 -# -# Notes : -# -######################################################################## - -. /etc/sysconfig/rc -. ${rc_functions} -eval $(/usr/local/bin/readhash /var/ipfire/applejuice/settings) - - -case "${1}" in - start) - boot_mesg "Starting Applejuice Core..." - cd /opt/applejuice - screen -dmS ajcore /usr/bin/java -Xmx${RAMSIZE} -Djava.library.path=. -jar ajcore.jar - evaluate_retval - ;; - - stop) - boot_mesg "Stopping Applejuice Core..." - killproc /usr/bin/java - ;; - - restart) - ${0} stop - sleep 1 - ${0} start - ;; - - status) - statusproc /usr/bin/java - ;; - - core) - screen -x ajcore - ;; - - *) - echo "Usage: ${0} {start|stop|restart|status|core}" - exit 1 - ;; -esac - -# End $rc_base/init.d/applejuice diff --git a/src/initscripts/init.d/mysql b/src/initscripts/init.d/mysql deleted file mode 100644 index 994e3c220..000000000 --- a/src/initscripts/init.d/mysql +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/sh -# Begin $rc_base/init.d/mysql - -# Based on sysklogd script from LFS-3.1 and earlier. -# Rewritten by Gerard Beekmans - gerard@linuxfromscratch.org - -#$LastChangedBy: bdubbs $ -#$Date: 2005-08-01 14:29:19 -0500 (Mon, 01 Aug 2005) $ - -. /etc/sysconfig/rc -. $rc_functions - -PIDFILE=/srv/mysql/`/bin/hostname`.pid -KILLDELAY=20 - -case "$1" in - start) - boot_mesg -n "Starting MySQL daemon..." - failure=0 - if [ -f "$PIDFILE" ] - then - if /bin/ps p `cat $PIDFILE` | grep mysqld >/dev/null - then - boot_mesg "mysqld already running!" ${WARNING} - echo_warning - exit 0 - else - rm -f "$PIDFILE" - if [ -f "$PIDFILE" ] - then - failure=1 - fi - fi - fi - if [ "$failure" = "1" ] - then - echo "" - echo_failure - else - echo "" - /usr/bin/mysqld_safe --user=mysql 2>&1 >/dev/null & - evaluate_retval - fi - ;; - - stop) - boot_mesg -n "Stopping MySQL daemon..." - if [ -e "$PIDFILE" ] - then - echo "" - killproc -p ${PIDFILE} /usr/bin/mysqld_safe - else - boot_mesg "mysqld not running!" ${WARNING} - echo_warning - if [ -e "$PIDFILE" ] - then - rm -f $PIDFILE - fi - fi - ;; - - restart) - $0 stop - sleep 1 - $0 start - ;; - - status) - statusproc /usr/sbin/mysqld - ;; - - *) - echo "Usage: $0 {start|stop|restart|status}" - exit 1 - ;; -esac - -# End $rc_base/init.d/mysql diff --git a/src/initscripts/init.d/xinetd b/src/initscripts/init.d/xinetd deleted file mode 100644 index 36ef45a2b..000000000 --- a/src/initscripts/init.d/xinetd +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -# Begin $rc_base/init.d/xinetd - -# Based on sysklogd script from LFS-3.1 and earlier. -# Rewritten by Gerard Beekmans - gerard@linuxfromscratch.org - -#$LastChangedBy: bdubbs $ -#$Date: 2005-08-01 14:29:19 -0500 (Mon, 01 Aug 2005) $ - -. /etc/sysconfig/rc -. $rc_functions - -case "$1" in - start) - boot_mesg "Starting xinetd..." - loadproc /usr/sbin/xinetd - ;; - - stop) - boot_mesg "Stopping xinetd..." - killproc /usr/sbin/xinetd - ;; - - reload) - boot_mesg "Reloading xinetd..." - reloadproc /usr/sbin/xinetd - ;; - - restart) - $0 stop - sleep 1 - $0 start - ;; - - status) - statusproc /usr/sbin/xinetd - ;; - - *) - echo "Usage: $0 {start|stop|reload|restart|status}" - exit 1 - ;; -esac - -# End $rc_base/init.d/xinetd diff --git a/src/patches/cyrus-imapd-2.2.12-autocreate-0.9.4.diff b/src/patches/cyrus-imapd-2.2.12-autocreate-0.9.4.diff deleted file mode 100644 index cb4c6c994..000000000 --- a/src/patches/cyrus-imapd-2.2.12-autocreate-0.9.4.diff +++ /dev/null @@ -1,2159 +0,0 @@ -diff -Naur cyrus-imapd-2.2.12/README.autocreate cyrus-imapd-2.2.12.autocreate2/README.autocreate ---- cyrus-imapd-2.2.12/README.autocreate 1970-01-01 02:00:00.000000000 +0200 -+++ cyrus-imapd-2.2.12.autocreate2/README.autocreate 2005-10-19 14:48:57.930991000 +0300 -@@ -0,0 +1,181 @@ -+Cyrus IMAP autocreate Inbox patch -+---------------------------------- -+ -+NOTE : This patch has been created at the University of Athens. For more info, as well -+as more patches on Cyrus IMAPD server, please visit http://email.uoa.gr -+ -+The design of Cyrus IMAP server does not predict the automatic creation of users' -+INBOX folders. The creation of a user's INBOX is considered to be an external task, -+that has to be completed as part of the user e-mail account creation procedure. -+Hence, to create a new e-mail account the site administrator has to -+a) Include the new account in the user database for the authentication procedure -+ (e.g. sasldb, shadow, mysql, ldap). -+b) Create the corresponding INBOX folder. -+ -+Alternatively, the user, if succesfully authenticated, may create his own INBOX folder, -+as long as the configuration of the site allows it (see "autocreatequota" in imapd.conf). -+Unlike what uncareful readers may think, enabling the "autocreatequota" option, doesn't -+lead to the automatic INBOX folder creation by Cyrus IMAP server. -+In fact, "autocreate" means that the IMAP clients are allowed to automatically create -+the user INBOX. -+ -+This patch adds the functionality of automatic creation of the users' INBOX folders into -+the Cyrus IMAP server. It is implemented as two features, namely the "create on login" -+and "create on post". -+ -+ -+ -+Create on login -+=============== -+This feauture provides automatic creation of a user's INBOX folder when all of the -+following requirements are met: -+ -+i) The user has succesfully passed the authentication procedure. -+ -+ii) The user's authorization ID (typically the same as the user's -+authentication ID) doesn't belong to the imap_admins or admins -+accounts (see imapd.conf). -+ -+iii) The "autocreatequota" option in the imap configuration file -+has been set to a non zero value. -+ -+iv) The corresponding to the user's authorizationID INBOX folder -+does not exist. -+ -+The user's first login is the most typical case when all four requirements are met. -+Note that if the authenticatedID is allowed to proxy to another account for which -+all of the above requirements are met, the corresponding INBOX folder for that account -+will be created. -+ -+ -+ -+Create on post -+============== -+This feauture provides automatic creation of a user's INBOX folder when all of the -+following requirements are met. -+ -+i) An e-mail message addressed to the user has been received. -+ -+ii) The recipient is not any of the imap_admins or admins accounts. -+Note that passing e-mails to admins or imap_admins accounts from -+the MTA to LMTP should be avoided in any case. -+ -+iii) The recipient's INBOX does not exist. -+ -+iv) The "autocreatequota" option in the imap configuration file -+has been set to a non zero value. -+ -+v) The "createonpost" option in the imap configuration file -+has been switched on. -+ -+ -+Besides the automatic creation of INBOX folder, additional functionalities are -+provided: -+ -+A) Automatic creation of INBOX subfolders controlled by "autocreateinboxfolders" -+configuration option. eg -+ -+autocreateinboxfolders: sent|drafts|spam|templates -+ -+B) Automatic subscription of INBOX subfolders controlled by "autosubscribeinboxfolders" -+configuration option. eg -+ -+autosubscribeinboxfolders: sent|spam -+ -+Obviously, only subscription to subfolders included in the "autocreateinboxfolder" -+list is meaningfull. -+ -+C) Automatic subscription to shared folders (bulletin boards). The user gets -+automatically subscribed to the shared folders declared in the "autosubscribesharedfolders" -+configuration option in imapd.conf. -+eg autosubscribesharedfolders: public_folder | public_folder.subfolder -+ -+In order the above action to succeed, the shared folder has to pre-exist the INBOX creation -+and the user must have the apropriate permissions in order to be able to subscribe to the -+shared folder. -+ -+* A new config option has been added. 'autosubscribe_all_sharedfolders' is a yes/no -+option. When set to yes, the user is automatically subscribed to all shared folders one -+has permission to subscribe to. Please, note that when this option is set to yes, then -+'autosubscribesharedfolders' option is overriden. -+ -+D) Automatic creation of a predefined default sieve script. -+ -+This is very useful when a default sieve script is used for every user. Usually, a -+default anti-spam script may me be written in a file and copied to each user -+sieve scripts upon the INBOX creation. The imapd.conf options that have been added -+are 'autocreate_sieve_script', 'autocreate_sieve_compiledscript' and -+'generate_compiled_sieve_script'. -+ -+autocreate_sieve_script configuration option refers to the full path of the file -+that contains the sieve script. The default value is null and if no file is defined, -+then no default script is created upon INBOX creation. (The feature is disabled) -+eg autocreate_sieve_script: /etc/default_sieve_script -+ -+autocreate_sieve_compiledscript configuration option refers to the full path of the -+file that contains the bytecode compiled sieve script. If this filename is defined -+in imapd.conf and the file exists, then it is automatically copied in the user's sieve -+directory. If it is not defined, then a bytecode sieve script gets on the fly compiled -+by the daemon. -+eg autocreate_sieve_compiledscript: /etc/default_sieve_script.bc -+ -+generate_compiled_sieve_script is a boolean option that triggers the compilation of the -+source sieve script to bytecode sieve script. The file that the bytecode script will -+be saved is pointed by autocreate_sieve_compiledscript. -+ -+Ways of compiling a sieve script : -+1. Compile a sieve script using the standard sievec utility, distributed by CMU -+2. Compile a sieve script using the compile_sieve utility, released by UoA. This -+ tool is almost identical to the sievec utility, with the difference that it -+ reads the input and output file from autocreate_sieve_script and -+ autocreate_sieve_compiledscript options in imapd.conf -+3. Let cyrus create a compiled sieve script using a source script. Cyrus can be -+ instructed to save the compiled script any time a compiled script does not exist. -+ -+NOTES : -+1. In order this functionality to work, the following requirements must have been met: -+ - 'sieveusehomedir' option must be 'no' in the configuration (default). -+ - 'sievedir' option must have a valid value. -+2. Currently, this patch checks the validity of the source script while generating a -+ bytecode compiled script, but not the validity of the bytecode sieve script file. -+ The administrator should make sure that the provided files contain a valid sieve -+ script as well as the compiled script is updated every time the source script changes. -+ -+ -+ -+Issues to be considered -+======================= -+ -+I) In order to use the create on post feauture one should be absolutely sure that: -+a) The MTA checks the validity of the e-mail recipient before sending the e-mail to -+LMTP. This is an RFC821 requirement. This usually expands to "the mta should be -+able to use the account database as user mailbox database". -+b) Only authorized accounts/services can talk to LMTP. -+ -+II) Especially in the case of imap logins, the current patch implementation checks -+for the INBOX folder existence upon login, causing an extra mailbox lookup in most -+of the cases. -+A better approach would be to chase the "IMAP_MAILBOX_NONEXISTENT" error code and -+check if the error is associated with an INBOX folder. However, this would mess up -+Cyrus code. The way it was implemented may not have been the most performance -+optimized, but it produces a much cleaner and simple patch. -+ -+ -+ -+Virtual Domains Support -+======================= -+ -+Virtual domains are supported by all versions of the patch for cyrus-imapd-2.2.1-BETA and -+later. However, it is not possible to declare different INBOX subfolders to be created or -+shared folders to be subscribed to for every domain. -+ -+ -+ -+Things to be done -+================= -+ -+1. Support MURDER architecture. -+ -+ -+For more information and updates please visit http://email.uoa.gr/autocreate -+ -diff -Naur cyrus-imapd-2.2.12/imap/Makefile.in cyrus-imapd-2.2.12.autocreate2/imap/Makefile.in ---- cyrus-imapd-2.2.12/imap/Makefile.in 2004-05-28 21:03:02.000000000 +0300 -+++ cyrus-imapd-2.2.12.autocreate2/imap/Makefile.in 2005-10-19 14:48:57.935240000 +0300 -@@ -104,7 +104,7 @@ - convert_code.o duplicate.o saslclient.o saslserver.o signals.o \ - annotate.o search_engines.o squat.o squat_internal.o mbdump.o \ - imapparse.o telemetry.o user.o notify.o protocol.o quota_db.o \ -- $(SEEN) $(IDLE) -+ autosieve.o $(SEEN) $(IDLE) - - IMAPDOBJS=pushstats.o backend.o imapd.o index.o tls.o version.o - -@@ -122,7 +122,7 @@ - fud smmapd reconstruct quota mbpath ipurge \ - cyrdump chk_cyrus cvt_cyrusdb deliver ctl_mboxlist \ - ctl_deliver ctl_cyrusdb squatter mbexamine cyr_expire arbitron \ -- @IMAP_PROGS@ -+ compile_sieve @IMAP_PROGS@ - - BUILTSOURCES = imap_err.c imap_err.h pushstats.c pushstats.h \ - lmtpstats.c lmtpstats.h xversion.h mupdate_err.c mupdate_err.h \ -@@ -188,7 +188,7 @@ - ### Services - idled: idled.o mutex_fake.o libimap.a $(DEPLIBS) - $(CC) $(LDFLAGS) -o idled \ -- idled.o mutex_fake.o libimap.a $(DEPLIBS) $(LIBS) -+ idled.o mutex_fake.o libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - - lmtpd: lmtpd.o $(LMTPOBJS) $(SIEVE_OBJS) mutex_fake.o libimap.a $(SIEVE_LIBS) \ - $(DEPLIBS) $(SERVICE) -@@ -214,10 +214,10 @@ - $(SERVICE) lmtpproxyd.o backend.o $(LMTPOBJS) mutex_fake.o \ - libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) $(LIB_WRAP) - --imapd: xversion $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE) -+imapd: xversion $(IMAPDOBJS) mutex_fake.o libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(SERVICE) - $(CC) $(LDFLAGS) -o imapd \ - $(SERVICE) $(IMAPDOBJS) mutex_fake.o \ -- libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) -+ libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) $(LIB_WRAP) - - imapd.pure: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE) - $(PURIFY) $(PUREOPT) $(CC) $(LDFLAGS) -o imapd.pure \ -@@ -232,7 +232,7 @@ - proxyd: $(PROXYDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE) - $(CC) $(LDFLAGS) -o proxyd \ - $(SERVICE) $(PROXYDOBJS) mutex_fake.o libimap.a \ -- $(DEPLIBS) $(LIBS) $(LIB_WRAP) -+ $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) $(LIB_WRAP) - - proxyd.pure: $(PROXYDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE) - $(PURIFY) $(PUREOPT) $(CC) $(LDFLAGS) -o proxyd.pure \ -@@ -244,7 +244,7 @@ - $(CC) $(LDFLAGS) -o mupdate \ - $(SERVICETHREAD) mupdate.o mupdate-slave.o mupdate-client.o \ - mutex_pthread.o tls.o libimap.a \ -- $(DEPLIBS) $(LIBS) $(LIB_WRAP) -lpthread -+ $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) $(LIB_WRAP) -lpthread - - mupdate.pure: mupdate.o mupdate-slave.o mupdate-client.o mutex_pthread.o \ - libimap.a $(DEPLIBS) -@@ -252,92 +252,96 @@ - $(SERVICETHREAD) mupdate.o mupdate-slave.o mupdate-client.o \ - mutex_pthread.o libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) -lpthread - --pop3d: pop3d.o backend.o tls.o mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE) -+pop3d: pop3d.o backend.o tls.o mutex_fake.o libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(SERVICE) - $(CC) $(LDFLAGS) -o pop3d pop3d.o backend.o tls.o $(SERVICE) \ -- mutex_fake.o libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) -+ mutex_fake.o libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) $(LIB_WRAP) - - nntpd: nntpd.o backend.o index.o smtpclient.o spool.o tls.o \ - mutex_fake.o nntp_err.o libimap.a $(DEPLIBS) $(SERVICE) - $(CC) $(LDFLAGS) -o nntpd nntpd.o backend.o index.o spool.o \ - smtpclient.o tls.o $(SERVICE) mutex_fake.o nntp_err.o \ -- libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) -+ libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) $(LIB_WRAP) - --fud: fud.o libimap.a mutex_fake.o $(DEPLIBS) $(SERVICE) -+fud: fud.o libimap.a mutex_fake.o $(SIEVE_LIBS) $(DEPLIBS) $(SERVICE) - $(CC) $(LDFLAGS) -o fud $(SERVICE) fud.o mutex_fake.o libimap.a \ -- $(DEPLIBS) $(LIBS) $(LIB_WRAP) -+ $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) $(LIB_WRAP) - --smmapd: smmapd.o libimap.a mutex_fake.o $(DEPLIBS) $(SERVICE) -+smmapd: smmapd.o libimap.a mutex_fake.o $(SIEVE_LIBS) $(DEPLIBS) $(SERVICE) - $(CC) $(LDFLAGS) -o smmapd $(SERVICE) smmapd.o mutex_fake.o libimap.a \ -- $(DEPLIBS) $(LIBS) $(LIB_WRAP) -+ $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) $(LIB_WRAP) - - ### Command Line Utilities --arbitron: arbitron.o $(CLIOBJS) libimap.a $(DEPLIBS) -+arbitron: arbitron.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o arbitron arbitron.o $(CLIOBJS) \ -- libimap.a $(DEPLIBS) $(LIBS) -+ libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) -+ -+compile_sieve: compile_sieve.o libimap.a $(SIEVE_LIBS) $(DEPLIBS) -+ $(CC) $(LDFLAGS) -o compile_sieve compile_sieve.o $(CLIOBJS) \ -+ libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --cvt_cyrusdb: cvt_cyrusdb.o mutex_fake.o libimap.a $(DEPLIBS) -+cvt_cyrusdb: cvt_cyrusdb.o mutex_fake.o libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o cvt_cyrusdb cvt_cyrusdb.o $(CLIOBJS) \ -- libimap.a $(DEPLIBS) $(LIBS) -+ libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --chk_cyrus: chk_cyrus.o mutex_fake.o libimap.a $(DEPLIBS) -+chk_cyrus: chk_cyrus.o mutex_fake.o libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o chk_cyrus chk_cyrus.o $(CLIOBJS) \ -- libimap.a $(DEPLIBS) $(LIBS) -+ libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --deliver: deliver.o backend.o $(LMTPOBJS) mutex_fake.o libimap.a $(DEPLIBS) -+deliver: deliver.o backend.o $(LMTPOBJS) mutex_fake.o libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o deliver deliver.o backend.o $(LMTPOBJS) \ -- mutex_fake.o libimap.a $(DEPLIBS) $(LIBS) -+ mutex_fake.o libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --ctl_deliver: ctl_deliver.o $(CLIOBJS) libimap.a $(DEPLIBS) -+ctl_deliver: ctl_deliver.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o \ -- $@ ctl_deliver.o $(CLIOBJS) libimap.a $(DEPLIBS) $(LIBS) -+ $@ ctl_deliver.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --ctl_mboxlist: ctl_mboxlist.o mupdate-client.o $(CLIOBJS) libimap.a $(DEPLIBS) -+ctl_mboxlist: ctl_mboxlist.o mupdate-client.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o $@ ctl_mboxlist.o mupdate-client.o $(CLIOBJS) \ -- libimap.a $(DEPLIBS) $(LIBS) -+ libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --ctl_cyrusdb: ctl_cyrusdb.o $(CLIOBJS) libimap.a $(DEPLIBS) -+ctl_cyrusdb: ctl_cyrusdb.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o \ -- $@ ctl_cyrusdb.o $(CLIOBJS) libimap.a $(DEPLIBS) $(LIBS) -+ $@ ctl_cyrusdb.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --cyr_expire: cyr_expire.o $(CLIOBJS) libimap.a $(DEPLIBS) -+cyr_expire: cyr_expire.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o $@ cyr_expire.o $(CLIOBJS) \ -- libimap.a $(DEPLIBS) $(LIBS) -+ libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --fetchnews: fetchnews.o $(CLIOBJS) libimap.a $(DEPLIBS) -+fetchnews: fetchnews.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o \ -- $@ fetchnews.o $(CLIOBJS) libimap.a $(DEPLIBS) $(LIBS) -+ $@ fetchnews.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --squatter: squatter.o index.o squat_build.o $(CLIOBJS) libimap.a $(DEPLIBS) -+squatter: squatter.o index.o squat_build.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o squatter squatter.o index.o squat_build.o \ -- $(CLIOBJS) libimap.a $(DEPLIBS) $(LIBS) -+ $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --mbpath: mbpath.o $(CLIOBJS) libimap.a $(DEPLIBS) -+mbpath: mbpath.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o mbpath mbpath.o $(CLIOBJS) libimap.a \ -- $(DEPLIBS) $(LIBS) -+ $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --ipurge: ipurge.o $(CLIOBJS) libimap.a $(DEPLIBS) -+ipurge: ipurge.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o ipurge ipurge.o $(CLIOBJS) \ -- libimap.a $(DEPLIBS) $(LIBS) -+ libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --cyrdump: cyrdump.o index.o $(CLIOBJS) libimap.a $(DEPLIBS) -+cyrdump: cyrdump.o index.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o cyrdump cyrdump.o index.o $(CLIOBJS) \ -- libimap.a $(DEPLIBS) $(LIBS) -+ libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --mbexamine: mbexamine.o $(CLIOBJS) libimap.a $(DEPLIBS) -+mbexamine: mbexamine.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o \ -- mbexamine mbexamine.o $(CLIOBJS) libimap.a $(DEPLIBS) $(LIBS) -+ mbexamine mbexamine.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --reconstruct: reconstruct.o $(CLIOBJS) libimap.a $(DEPLIBS) -+reconstruct: reconstruct.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o \ -- reconstruct reconstruct.o $(CLIOBJS) libimap.a $(DEPLIBS) $(LIBS) -+ reconstruct reconstruct.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --quota: quota.o $(CLIOBJS) libimap.a $(DEPLIBS) -+quota: quota.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o quota quota.o $(CLIOBJS) \ -- libimap.a $(DEPLIBS) $(LIBS) -+ libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - --tls_prune: tls_prune.o tls.o $(CLIOBJS) libimap.a $(DEPLIBS) -+tls_prune: tls_prune.o tls.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) - $(CC) $(LDFLAGS) -o \ -- $@ tls_prune.o tls.o $(CLIOBJS) libimap.a $(DEPLIBS) $(LIBS) -+ $@ tls_prune.o tls.o $(CLIOBJS) libimap.a $(SIEVE_LIBS) $(DEPLIBS) $(LIBS) - - ### Other Misc Targets - -diff -Naur cyrus-imapd-2.2.12/imap/autosieve.c cyrus-imapd-2.2.12.autocreate2/imap/autosieve.c ---- cyrus-imapd-2.2.12/imap/autosieve.c 1970-01-01 02:00:00.000000000 +0200 -+++ cyrus-imapd-2.2.12.autocreate2/imap/autosieve.c 2005-10-19 14:48:57.940098000 +0300 -@@ -0,0 +1,587 @@ -+#include -+#include -+#include -+ -+#ifdef HAVE_UNISTD_H -+#include -+#endif -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "global.h" -+#include "util.h" -+#include "mailbox.h" -+#include "imap_err.h" -+#include "sieve_interface.h" -+#include "script.h" -+ -+#define TIMSIEVE_FAIL -1 -+#define TIMSIEVE_OK 0 -+#define MAX_FILENAME 1024 -+ -+static int get_script_name(char *sievename, size_t buflen, const char *filename); -+static int get_script_dir(char *sieve_script_dir, size_t buflen, char *userid, const char *sieve_dir); -+int autoadd_sieve(char *userid, const char *source_script); -+ -+static void fatal(const char *s, int code); -+static void foo(void); -+static int sieve_notify(void *ac __attribute__((unused)), -+ void *interp_context __attribute__((unused)), -+ void *script_context __attribute__((unused)), -+ void *message_context __attribute__((unused)), -+ const char **errmsg __attribute__((unused))); -+static int mysieve_error(int lineno, const char *msg, -+ void *i __attribute__((unused)), void *s); -+static int is_script_parsable(FILE *stream, char **errstr, sieve_script_t **ret); -+ -+ -+sieve_vacation_t vacation2 = { -+ 0, /* min response */ -+ 0, /* max response */ -+ (sieve_callback *) &foo, /* autorespond() */ -+ (sieve_callback *) &foo /* send_response() */ -+}; -+ -+ -+/* -+ * Find the name of the sieve script -+ * given the source script and compiled script names -+ */ -+static int get_script_name(char *sievename, size_t buflen, const char *filename) -+{ -+ char *p; -+ int r; -+ -+ p = strrchr(filename, '/'); -+ if (p == NULL) -+ p = (char *) filename; -+ else -+ p++; -+ -+ r = strlcpy(sievename, p, buflen) - buflen; -+ return (r >= 0 || r == -buflen ? 1 : 0); -+} -+ -+ -+/* -+ * Find the directory where the sieve scripts of the user -+ * reside -+ */ -+static int get_script_dir(char *sieve_script_dir, size_t buflen, char *userid, const char *sieve_dir) -+{ -+ char *user = NULL, *domain = NULL; -+ -+ /* Setup the user and the domain */ -+ if(config_virtdomains && (domain = strchr(userid, '@'))) { -+ user = (char *) xmalloc((domain - userid +1) * sizeof(char)); -+ strlcpy(user, userid, domain - userid + 1); -+ domain++; -+ } else -+ user = userid; -+ -+ /* Find the dir path where the sieve scripts of the user will reside */ -+ if (config_virtdomains && domain) { -+ if(snprintf(sieve_script_dir, buflen, "%s%s%c/%s/%c/%s/", -+ sieve_dir, FNAME_DOMAINDIR, dir_hash_c(domain), domain, dir_hash_c(user), user) >= buflen) { -+ free(user); -+ return 1; -+ } -+ } else { -+ if(snprintf(sieve_script_dir, buflen, "%s/%c/%s/", -+ sieve_dir, dir_hash_c(user), user) >= buflen) -+ return 1; -+ } -+ -+ /* Free the xmalloced user memory, reserved above */ -+ if(user != userid) -+ free(user); -+ -+ return 0; -+} -+ -+int autoadd_sieve(char *userid, const char *source_script) -+{ -+ sieve_script_t *s = NULL; -+ bytecode_info_t *bc = NULL; -+ char *err = NULL; -+ FILE *in_stream, *out_fp; -+ int out_fd, in_fd, r, k; -+ int do_compile = 0; -+ const char *sieve_dir = NULL; -+ const char *compiled_source_script = NULL; -+ char sievename[MAX_FILENAME]; -+ char sieve_script_name[MAX_FILENAME]; -+ char sieve_script_dir[MAX_FILENAME]; -+ char sieve_bcscript_name[MAX_FILENAME]; -+ char sieve_default[MAX_FILENAME]; -+ char sieve_tmpname[MAX_FILENAME]; -+ char sieve_bctmpname[MAX_FILENAME]; -+ char sieve_bclink_name[MAX_FILENAME]; -+ char buf[4096]; -+ mode_t oldmask; -+ struct stat statbuf; -+ -+ /* We don't support using the homedirectory, like timsieved */ -+ if (config_getswitch(IMAPOPT_SIEVEUSEHOMEDIR)) { -+ syslog(LOG_WARNING,"autocreate_sieve: autocreate_sieve does not work with sieveusehomedir option in imapd.conf"); -+ return 1; -+ } -+ -+ /* Check if sievedir is defined in imapd.conf */ -+ if(!(sieve_dir = config_getstring(IMAPOPT_SIEVEDIR))) { -+ syslog(LOG_WARNING, "autocreate_sieve: sievedir option is not defined. Check imapd.conf"); -+ return 1; -+ } -+ -+ /* Check if autocreate_sieve_compiledscript is defined in imapd.conf */ -+ if(!(compiled_source_script = config_getstring(IMAPOPT_AUTOCREATE_SIEVE_COMPILEDSCRIPT))) { -+ syslog(LOG_WARNING, "autocreate_sieve: autocreate_sieve_compiledscript option is not defined. Compiling it"); -+ do_compile = 1; -+ } -+ -+ if(get_script_dir(sieve_script_dir, sizeof(sieve_script_dir), userid, sieve_dir)) { -+ syslog(LOG_WARNING, "autocreate_sieve: Cannot find sieve scripts directory"); -+ return 1; -+ } -+ -+ if (get_script_name(sievename, sizeof(sievename), source_script)) { -+ syslog(LOG_WARNING, "autocreate_sieve: Invalid sieve script %s", source_script); -+ return 1; -+ } -+ -+ if(snprintf(sieve_tmpname, sizeof(sieve_tmpname), "%s%s.script.NEW",sieve_script_dir, sievename) >= sizeof(sieve_tmpname)) { -+ syslog(LOG_WARNING, "autocreate_sieve: Invalid sieve path %s, %s, %s", sieve_dir, sievename, userid); -+ return 1; -+ } -+ if(snprintf(sieve_bctmpname, sizeof(sieve_bctmpname), "%s%s.bc.NEW",sieve_script_dir, sievename) >= sizeof(sieve_bctmpname)) { -+ syslog(LOG_WARNING, "autocreate_sieve: Invalid sieve path %s, %s, %s", sieve_dir, sievename, userid); -+ return 1; -+ } -+ if(snprintf(sieve_script_name, sizeof(sieve_script_name), "%s%s.script",sieve_script_dir, sievename) >= sizeof(sieve_script_name)) { -+ syslog(LOG_WARNING, "autocreate_sieve: Invalid sieve path %s, %s, %s", sieve_dir, sievename, userid); -+ return 1; -+ } -+ if(snprintf(sieve_bcscript_name, sizeof(sieve_bcscript_name), "%s%s.bc",sieve_script_dir, sievename) >= sizeof(sieve_bcscript_name)) { -+ syslog(LOG_WARNING, "autocreate_sieve: Invalid sieve path %s, %s, %s", sieve_dir, sievename, userid); -+ return 1; -+ } -+ if(snprintf(sieve_default, sizeof(sieve_default), "%s%s",sieve_script_dir,"defaultbc") >= sizeof(sieve_default)) { -+ syslog(LOG_WARNING, "autocreate_sieve: Invalid sieve path %s, %s, %s", sieve_dir, sievename, userid); -+ return 1; -+ } -+ if(snprintf(sieve_bclink_name, sizeof(sieve_bclink_name), "%s.bc", sievename) >= sizeof(sieve_bclink_name)) { -+ syslog(LOG_WARNING, "autocreate_sieve: Invalid sieve path %s, %s, %s", sieve_dir, sievename, userid); -+ return 1; -+ } -+ -+ /* Check if a default sieve filter alrady exists */ -+ if(!stat(sieve_default,&statbuf)) { -+ syslog(LOG_WARNING,"autocreate_sieve: Default sieve script already exists"); -+ fclose(in_stream); -+ return 1; -+ } -+ -+ /* Open the source script. if there is a problem with that exit */ -+ in_stream = fopen(source_script, "r"); -+ if(!in_stream) { -+ syslog(LOG_WARNING,"autocreate_sieve: Unable to open sieve script %s. Check permissions",source_script); -+ return 1; -+ } -+ -+ -+ /* -+ * At this point we start the modifications of the filesystem -+ */ -+ -+ /* Create the directory where the sieve scripts will reside */ -+ r = cyrus_mkdir(sieve_script_dir, 0755); -+ if(r == -1) { -+ /* If this fails we just leave */ -+ syslog(LOG_WARNING,"autocreate_sieve: Unable to create directory %s. Check permissions",sieve_script_name); -+ return 1; -+ } -+ -+ /* -+ * We open the file that will be used as the bc file. If this file exists, overwrite it -+ * since something bad has happened. We open the file here so that this error checking is -+ * done before we try to open the rest of the files to start copying etc. -+ */ -+ out_fd = open(sieve_bctmpname, O_CREAT|O_TRUNC|O_WRONLY, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); -+ if(out_fd < 0) { -+ if(errno == EEXIST) { -+ syslog(LOG_WARNING,"autocreate_sieve: File %s already exists. Probaly left over. Ignoring",sieve_bctmpname); -+ } else if (errno == EACCES) { -+ syslog(LOG_WARNING,"autocreate_sieve: No access to create file %s. Check permissions",sieve_bctmpname); -+ fclose(in_stream); -+ return 1; -+ } else { -+ syslog(LOG_WARNING,"autocreate_sieve: Unable to create %s. Unknown error",sieve_bctmpname); -+ fclose(in_stream); -+ return 1; -+ } -+ } -+ -+ if(!do_compile && compiled_source_script && (in_fd = open(compiled_source_script, O_RDONLY)) != -1) { -+ while((r = read(in_fd, buf, sizeof(buf))) > 0) { -+ if((k=write(out_fd, buf,r)) < 0) { -+ syslog(LOG_WARNING, "autocreate_sieve: Error writing to file: %s, error: %d", sieve_bctmpname, errno); -+ close(out_fd); -+ close(in_fd); -+ fclose(in_stream); -+ unlink(sieve_bctmpname); -+ return 1; -+ } -+ } -+ -+ if(r == 0) { /* EOF */ -+ close(out_fd); -+ close(in_fd); -+ } else if (r < 0) { -+ syslog(LOG_WARNING, "autocreate_sieve: Error reading compiled script file: %s. Will try to compile it", -+ compiled_source_script); -+ close(in_fd); -+ do_compile = 1; -+ if(lseek(out_fd, 0, SEEK_SET)) { -+ syslog(LOG_WARNING, "autocreate_sieve: Major IO problem. Aborting"); -+ return 1; -+ } -+ } -+ close(in_fd); -+ } else { -+ if(compiled_source_script) -+ syslog(LOG_WARNING,"autocreate_sieve: Problem opening compiled script file: %s. Compiling it", compiled_source_script); -+ do_compile = 1; -+ } -+ -+ -+ /* Because we failed to open a precompiled bc sieve script, we compile one */ -+ if(do_compile) { -+ if(is_script_parsable(in_stream,&err, &s) == TIMSIEVE_FAIL) { -+ if(err && *err) { -+ syslog(LOG_WARNING,"autocreate_sieve: Error while parsing script %s.",err); -+ free(err); -+ } else -+ syslog(LOG_WARNING,"autocreate_sieve: Error while parsing script"); -+ -+ unlink(sieve_bctmpname); -+ fclose(in_stream); -+ close(out_fd); -+ return 1; -+ } -+ -+ /* generate the bytecode */ -+ if(sieve_generate_bytecode(&bc, s) == TIMSIEVE_FAIL) { -+ syslog(LOG_WARNING,"autocreate_sieve: problem compiling sieve script"); -+ /* removing the copied script and cleaning up memory */ -+ unlink(sieve_bctmpname); -+ sieve_script_free(&s); -+ fclose(in_stream); -+ close(out_fd); -+ return 1; -+ } -+ -+ if(sieve_emit_bytecode(out_fd, bc) == TIMSIEVE_FAIL) { -+ syslog(LOG_WARNING,"autocreate_sieve: problem emiting sieve script"); -+ /* removing the copied script and cleaning up memory */ -+ unlink(sieve_bctmpname); -+ sieve_free_bytecode(&bc); -+ sieve_script_free(&s); -+ fclose(in_stream); -+ close(out_fd); -+ return 1; -+ } -+ -+ /* clean up the memory */ -+ sieve_free_bytecode(&bc); -+ sieve_script_free(&s); -+ } -+ -+ close(out_fd); -+ rewind(in_stream); -+ -+ /* Copy the initial script */ -+ oldmask = umask(077); -+ if((out_fp = fopen(sieve_tmpname, "w")) == NULL) { -+ syslog(LOG_WARNING,"autocreate_sieve: Unable to open %s destination sieve script", sieve_tmpname); -+ unlink(sieve_bctmpname); -+ umask(oldmask); -+ fclose(in_stream); -+ return 1; -+ } -+ umask(oldmask); -+ -+ while((r = fread(buf,sizeof(char), sizeof(buf), in_stream))) { -+ if( fwrite(buf,sizeof(char), r, out_fp) != r) { -+ syslog(LOG_WARNING,"autocreate_sieve: Problem writing to sieve script file: %s",sieve_tmpname); -+ fclose(out_fp); -+ unlink(sieve_tmpname); -+ unlink(sieve_bctmpname); -+ fclose(in_stream); -+ return 1; -+ } -+ } -+ -+ if(feof(in_stream)) { -+ fclose(out_fp); -+ } else { /* ferror */ -+ fclose(out_fp); -+ unlink(sieve_tmpname); -+ unlink(sieve_bctmpname); -+ fclose(in_stream); -+ return 1; -+ } -+ -+ /* Renaming the necessary stuff */ -+ if(rename(sieve_tmpname, sieve_script_name)) { -+ unlink(sieve_tmpname); -+ unlink(sieve_bctmpname); -+ return 1; -+ } -+ -+ if(rename(sieve_bctmpname, sieve_bcscript_name)) { -+ unlink(sieve_bctmpname); -+ unlink(sieve_bcscript_name); -+ return 1; -+ } -+ -+ /* end now with the symlink */ -+ if(symlink(sieve_bclink_name, sieve_default)) { -+ if(errno != EEXIST) { -+ syslog(LOG_WARNING, "autocreate_sieve: problem making the default link."); -+ /* Lets delete the files */ -+ unlink(sieve_script_name); -+ unlink(sieve_bcscript_name); -+ } -+ } -+ -+ /* -+ * If everything has succeeded AND we have compiled the script AND we have requested -+ * to generate the global script so that it is not compiled each time then we create it. -+ */ -+ if(do_compile && -+ config_getswitch(IMAPOPT_GENERATE_COMPILED_SIEVE_SCRIPT)) { -+ -+ if(!compiled_source_script) { -+ syslog(LOG_WARNING, "autocreate_sieve: To save a compiled sieve script, autocreate_sieve_compiledscript must have been defined in imapd.conf"); -+ return 0; -+ } -+ -+ if(snprintf(sieve_tmpname, sizeof(sieve_tmpname), "%s.NEW", compiled_source_script) >= sizeof(sieve_tmpname)) -+ return 0; -+ -+ /* -+ * Copy everything from the newly created bc sieve sieve script. -+ */ -+ if((in_fd = open(sieve_bcscript_name, O_RDONLY))<0) { -+ return 0; -+ } -+ -+ if((out_fd = open(sieve_tmpname, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0) { -+ if(errno == EEXIST) { -+ /* Someone is already doing this so just bail out. */ -+ syslog(LOG_WARNING, "autocreate_sieve: %s already exists. Some other instance processing it, or it is left over", sieve_tmpname); -+ close(in_fd); -+ return 0; -+ } else if (errno == EACCES) { -+ syslog(LOG_WARNING,"autocreate_sieve: No access to create file %s. Check permissions",sieve_tmpname); -+ close(in_fd); -+ return 0; -+ } else { -+ syslog(LOG_WARNING,"autocreate_sieve: Unable to create %s",sieve_tmpname); -+ close(in_fd); -+ return 0; -+ } -+ } -+ -+ while((r = read(in_fd, buf, sizeof(buf))) > 0) { -+ if((k = write(out_fd,buf,r)) < 0) { -+ syslog(LOG_WARNING, "autocreate_sieve: Error writing to file: %s, error: %d", sieve_tmpname, errno); -+ close(out_fd); -+ close(in_fd); -+ unlink(sieve_tmpname); -+ return 0; -+ } -+ } -+ -+ if(r == 0 ) { /*EOF */ -+ close(out_fd); -+ close(in_fd); -+ } else if (r < 0) { -+ syslog(LOG_WARNING, "autocreate_sieve: Error writing to file: %s, error: %d", sieve_tmpname, errno); -+ close(out_fd); -+ close(in_fd); -+ unlink(sieve_tmpname); -+ return 0; -+ } -+ -+ /* Rename the temporary created sieve script to its final name. */ -+ if(rename(sieve_tmpname, compiled_source_script)) { -+ if(errno != EEXIST) { -+ unlink(sieve_tmpname); -+ unlink(compiled_source_script); -+ } -+ return 0; -+ } -+ -+ syslog(LOG_NOTICE, "autocreate_sieve: Compiled sieve script was successfully saved in %s", compiled_source_script); -+ } -+ -+ return 0; -+} -+ -+static void fatal(const char *s, int code) -+{ -+ printf("Fatal error: %s (%d)\r\n", s, code); -+ exit(1); -+} -+ -+/* to make larry's stupid functions happy :) */ -+static void foo(void) -+{ -+ fatal("stub function called", 0); -+} -+ -+static int sieve_notify(void *ac __attribute__((unused)), -+ void *interp_context __attribute__((unused)), -+ void *script_context __attribute__((unused)), -+ void *message_context __attribute__((unused)), -+ const char **errmsg __attribute__((unused))) -+{ -+ fatal("stub function called", 0); -+ return SIEVE_FAIL; -+} -+ -+static int mysieve_error(int lineno, const char *msg, -+ void *i __attribute__((unused)), void *s) -+{ -+ char buf[1024]; -+ char **errstr = (char **) s; -+ -+ snprintf(buf, 80, "line %d: %s\r\n", lineno, msg); -+ *errstr = (char *) xrealloc(*errstr, strlen(*errstr) + strlen(buf) + 30); -+ syslog(LOG_DEBUG, "%s", buf); -+ strcat(*errstr, buf); -+ -+ return SIEVE_OK; -+} -+ -+/* end the boilerplate */ -+ -+/* returns TRUE or FALSE */ -+int is_script_parsable(FILE *stream, char **errstr, sieve_script_t **ret) -+{ -+ sieve_interp_t *i; -+ sieve_script_t *s; -+ int res; -+ -+ res = sieve_interp_alloc(&i, NULL); -+ if (res != SIEVE_OK) { -+ syslog(LOG_WARNING, "sieve_interp_alloc() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_redirect(i, (sieve_callback *) &foo); -+ if (res != SIEVE_OK) { -+ syslog(LOG_WARNING, "sieve_register_redirect() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ res = sieve_register_discard(i, (sieve_callback *) &foo); -+ if (res != SIEVE_OK) { -+ syslog(LOG_WARNING, "sieve_register_discard() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ res = sieve_register_reject(i, (sieve_callback *) &foo); -+ if (res != SIEVE_OK) { -+ syslog(LOG_WARNING, "sieve_register_reject() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ res = sieve_register_fileinto(i, (sieve_callback *) &foo); -+ if (res != SIEVE_OK) { -+ syslog(LOG_WARNING, "sieve_register_fileinto() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ res = sieve_register_keep(i, (sieve_callback *) &foo); -+ if (res != SIEVE_OK) { -+ syslog(LOG_WARNING, "sieve_register_keep() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_imapflags(i, NULL); -+ if (res != SIEVE_OK) { -+ syslog(LOG_WARNING, "sieve_register_imapflags() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_size(i, (sieve_get_size *) &foo); -+ if (res != SIEVE_OK) { -+ syslog(LOG_WARNING, "sieve_register_size() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_header(i, (sieve_get_header *) &foo); -+ if (res != SIEVE_OK) { -+ syslog(LOG_WARNING, "sieve_register_header() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_envelope(i, (sieve_get_envelope *) &foo); -+ if (res != SIEVE_OK) { -+ syslog(LOG_WARNING, "sieve_register_envelope() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_vacation(i, &vacation2); -+ if (res != SIEVE_OK) { -+ syslog(LOG_WARNING, "sieve_register_vacation() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_notify(i, &sieve_notify); -+ if (res != SIEVE_OK) { -+ syslog(LOG_WARNING, "sieve_register_notify() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_parse_error(i, &mysieve_error); -+ if (res != SIEVE_OK) { -+ syslog(LOG_WARNING, "sieve_register_parse_error() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ rewind(stream); -+ -+ *errstr = (char *) xmalloc(20 * sizeof(char)); -+ strcpy(*errstr, "script errors:\r\n"); -+ -+ res = sieve_script_parse(i, stream, errstr, &s); -+ -+ if (res == SIEVE_OK) { -+ if(ret) { -+ *ret = s; -+ } else { -+ sieve_script_free(&s); -+ } -+ free(*errstr); -+ *errstr = NULL; -+ } -+ -+ /* free interpreter */ -+ sieve_interp_free(&i); -+ -+ return (res == SIEVE_OK) ? TIMSIEVE_OK : TIMSIEVE_FAIL; -+} -+ -+/* -+ * Btw the initial date of this patch is Sep, 02 2004 which is the birthday of -+ * Pavlos. Author of cyrusmaster. So consider this patch as his birthday present -+ */ -+ -diff -Naur cyrus-imapd-2.2.12/imap/compile_sieve.c cyrus-imapd-2.2.12.autocreate2/imap/compile_sieve.c ---- cyrus-imapd-2.2.12/imap/compile_sieve.c 1970-01-01 02:00:00.000000000 +0200 -+++ cyrus-imapd-2.2.12.autocreate2/imap/compile_sieve.c 2005-10-19 14:48:57.943407000 +0300 -@@ -0,0 +1,364 @@ -+/* This tool compiles the sieve script from a command -+line so that it can be used wby the autoadd patch */ -+#include -+#include -+ -+#include -+#include -+#ifdef HAVE_UNISTD_H -+#include -+#endif -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "global.h" -+ -+#include "util.h" -+#include "mailbox.h" -+#include "imap_err.h" -+#include "sieve_interface.h" -+#include "script.h" -+ -+#include -+ -+#define TIMSIEVE_FAIL -1 -+#define TIMSIEVE_OK 0 -+#define MAX_FILENAME_SIZE 100 -+ -+/* Needed by libconfig */ -+const int config_need_data = 0; -+ -+static int is_script_parsable(FILE *stream, char **errstr, sieve_script_t **ret); -+ -+static void fatal(const char *s, int code) -+{ -+ printf("Fatal error: %s (%d)\r\n", s, code); -+ -+ exit(1); -+} -+ -+void usage(void) -+{ -+ fprintf(stderr, -+ "Usage:\n\tcompile_sieve [-C ] [-i -o ]\n"); -+ exit(-1); -+} -+ -+ -+int main (int argc, char **argv) -+{ -+ -+ sieve_script_t *s = NULL; -+ bytecode_info_t *bc = NULL; -+ char *err = NULL; -+ FILE *in_stream; -+ int out_fd,r, k, opt; -+ char *source_script = NULL; -+ char *compiled_source_script = NULL; -+ mode_t oldmask; -+ struct stat statbuf; -+ char *alt_config = NULL; -+ extern char *optarg; -+ char sieve_tmpname[MAX_MAILBOX_NAME+1]; -+ -+ if (geteuid() == 0) fatal("must run as the Cyrus user", EC_USAGE); -+ -+ while((opt = getopt(argc, argv, "C:i:o:")) != EOF) { -+ switch (opt) { -+ case 'C': /* alt config file */ -+ alt_config = optarg; -+ break; -+ case 'i': /* input script file */ -+ source_script = optarg; -+ break; -+ case 'o': /* output script file */ -+ compiled_source_script = optarg; -+ break; -+ default: -+ usage(); -+ break; -+ } -+ } -+ -+ if(source_script && !compiled_source_script) { -+ fprintf(stderr, "No output file was defined\n"); -+ usage(); -+ } else if (!source_script && compiled_source_script) { -+ fprintf(stderr, "No input file was defined\n"); -+ usage(); -+ } -+ -+ /* -+ * If no has been defined, then read them from -+ * the configuration file. -+ */ -+ if (!source_script && !compiled_source_script) { -+ cyrus_init(alt_config, "compile_sieve", 0); -+ -+ /* Initially check if we want to have the sieve script created */ -+ if(!(source_script = (char *) config_getstring(IMAPOPT_AUTOCREATE_SIEVE_SCRIPT))) { -+ fprintf(stderr,"autocreate_sieve_script option not defined. Check imapd.conf\n"); -+ return 1; -+ } -+ -+ /* Check if we have an already compiled sieve script*/ -+ if(!(compiled_source_script = (char *) config_getstring(IMAPOPT_AUTOCREATE_SIEVE_COMPILEDSCRIPT))) { -+ fprintf(stderr, "autocreate_sieve_compiledscript option not defined. Check imapd.conf\n"); -+ return 1; -+ } -+ -+ if(!strrchr(source_script,'/') || !strrchr(compiled_source_script,'/')) { -+ /* -+ * At this point the only think that is inconsistent is the directory -+ * that was created. But if the user will have any sieve scripts then -+ * they will eventually go there, so no big deal -+ */ -+ fprintf(stderr, -+ "In imapd.conf the full path of the filenames must be defined\n"); -+ return 1; -+ } -+ } -+ -+ printf("input file : %s, output file : %s\n", source_script, compiled_source_script); -+ -+ -+ if(strlen(compiled_source_script) + sizeof(".NEW") + 1 > sizeof(sieve_tmpname)) { -+ fprintf(stderr, "Filename %s is too big\n", compiled_source_script); -+ return 1; -+ } -+ -+ snprintf(sieve_tmpname, sizeof(sieve_tmpname), "%s.NEW", compiled_source_script); -+ -+ in_stream = fopen(source_script,"r"); -+ -+ if(!in_stream) { -+ fprintf(stderr,"Unable to open %s source sieve script\n",source_script); -+ return; -+ } -+ -+ /* -+ * We open the file that will be used as the bc file. If this file exists, overwrite it -+ * since something bad has happened. We open the file here so that this error checking is -+ * done before we try to open the rest of the files to start copying etc. -+ */ -+ out_fd = open(sieve_tmpname, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); -+ if(out_fd < 0) { -+ if(errno == EEXIST) { -+ fprintf(stderr, "File %s already exists\n", sieve_tmpname); -+ } else if (errno == EACCES) { -+ fprintf(stderr,"No access to create file %s. Please check that you have the correct permissions\n", -+ sieve_tmpname); -+ } else { -+ fprintf(stderr,"Unable to create %s. Please check that you have the correct permissions\n", -+ sieve_tmpname); -+ } -+ -+ fclose(in_stream); -+ return 1; -+ } -+ -+ if(is_script_parsable(in_stream,&err, &s) == TIMSIEVE_FAIL) { -+ if(err && *err) { -+ fprintf(stderr, "Error while parsing script %s\n",err); -+ free(err); -+ } -+ else -+ fprintf(stderr,"Error while parsing script\n"); -+ unlink(sieve_tmpname); -+ fclose(in_stream); -+ close(out_fd); -+ return; -+ } -+ -+ -+ /* generate the bytecode */ -+ if(sieve_generate_bytecode(&bc,s) == TIMSIEVE_FAIL) { -+ fprintf(stderr,"Error occured while compiling sieve script\n"); -+ /* removing the copied script and cleaning up memory */ -+ unlink(sieve_tmpname); -+ sieve_script_free(&s); -+ fclose(in_stream); -+ close(out_fd); -+ return; -+ } -+ if(sieve_emit_bytecode(out_fd,bc) == TIMSIEVE_FAIL) { -+ fprintf(stderr, "Error occured while emitting sieve script\n"); -+ unlink(sieve_tmpname); -+ sieve_free_bytecode(&bc); -+ sieve_script_free(&s); -+ fclose(in_stream); -+ close(out_fd); -+ return; -+ } -+ -+ /* clean up the memory */ -+ sieve_free_bytecode(&bc); -+ sieve_script_free(&s); -+ -+ close(out_fd); -+ -+ if(rename(sieve_tmpname, compiled_source_script)) { -+ if(errno != EEXIST) { -+ unlink(sieve_tmpname); -+ unlink(compiled_source_script); -+ return 1; -+ } -+ } -+ return 0; -+} -+ -+ -+/* to make larry's stupid functions happy :) */ -+static void foo(void) -+{ -+ fatal("stub function called", 0); -+} -+ -+extern sieve_vacation_t vacation2;/* = { -+ 0, / min response / -+ 0, / max response / -+ (sieve_callback *) &foo, / autorespond() / -+ (sieve_callback *) &foo / send_response() / -+}; */ -+ -+static int sieve_notify(void *ac __attribute__((unused)), -+ void *interp_context __attribute__((unused)), -+ void *script_context __attribute__((unused)), -+ void *message_context __attribute__((unused)), -+ const char **errmsg __attribute__((unused))) -+{ -+ fatal("stub function called", 0); -+ return SIEVE_FAIL; -+} -+ -+static int mysieve_error(int lineno, const char *msg, -+ void *i __attribute__((unused)), void *s) -+{ -+ char buf[1024]; -+ char **errstr = (char **) s; -+ -+ snprintf(buf, 80, "line %d: %s\r\n", lineno, msg); -+ *errstr = (char *) xrealloc(*errstr, strlen(*errstr) + strlen(buf) + 30); -+ fprintf(stderr, "%s\n", buf); -+ strcat(*errstr, buf); -+ -+ return SIEVE_OK; -+} -+ -+/* end the boilerplate */ -+ -+/* returns TRUE or FALSE */ -+int is_script_parsable(FILE *stream, char **errstr, sieve_script_t **ret) -+{ -+ sieve_interp_t *i; -+ sieve_script_t *s; -+ int res; -+ -+ res = sieve_interp_alloc(&i, NULL); -+ if (res != SIEVE_OK) { -+ fprintf(stderr, "sieve_interp_alloc() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_redirect(i, (sieve_callback *) &foo); -+ if (res != SIEVE_OK) { -+ fprintf(stderr, "sieve_register_redirect() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ res = sieve_register_discard(i, (sieve_callback *) &foo); -+ if (res != SIEVE_OK) { -+ fprintf(stderr, "sieve_register_discard() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ res = sieve_register_reject(i, (sieve_callback *) &foo); -+ if (res != SIEVE_OK) { -+ fprintf(stderr, "sieve_register_reject() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ res = sieve_register_fileinto(i, (sieve_callback *) &foo); -+ if (res != SIEVE_OK) { -+ fprintf(stderr, "sieve_register_fileinto() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ res = sieve_register_keep(i, (sieve_callback *) &foo); -+ if (res != SIEVE_OK) { -+ fprintf(stderr, "sieve_register_keep() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_imapflags(i, NULL); -+ if (res != SIEVE_OK) { -+ fprintf(stderr, "sieve_register_imapflags() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_size(i, (sieve_get_size *) &foo); -+ if (res != SIEVE_OK) { -+ fprintf(stderr, "sieve_register_size() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_header(i, (sieve_get_header *) &foo); -+ if (res != SIEVE_OK) { -+ fprintf(stderr, "sieve_register_header() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_envelope(i, (sieve_get_envelope *) &foo); -+ if (res != SIEVE_OK) { -+ fprintf(stderr, "sieve_register_envelope() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_vacation(i, &vacation2); -+ if (res != SIEVE_OK) { -+ fprintf(stderr, "sieve_register_vacation() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_notify(i, &sieve_notify); -+ if (res != SIEVE_OK) { -+ fprintf(stderr, "sieve_register_notify() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ res = sieve_register_parse_error(i, &mysieve_error); -+ if (res != SIEVE_OK) { -+ fprintf(stderr, "sieve_register_parse_error() returns %d\n", res); -+ return TIMSIEVE_FAIL; -+ } -+ -+ rewind(stream); -+ -+ *errstr = (char *) xmalloc(20 * sizeof(char)); -+ strcpy(*errstr, "script errors:\r\n"); -+ -+ res = sieve_script_parse(i, stream, errstr, &s); -+ -+ if (res == SIEVE_OK) { -+ if(ret) { -+ *ret = s; -+ } else { -+ sieve_script_free(&s); -+ } -+ free(*errstr); -+ *errstr = NULL; -+ } -+ -+ /* free interpreter */ -+ sieve_interp_free(&i); -+ -+ return (res == SIEVE_OK) ? TIMSIEVE_OK : TIMSIEVE_FAIL; -+} -+ -+ -+ -+ -+ -+ -diff -Naur cyrus-imapd-2.2.12/imap/imapd.c cyrus-imapd-2.2.12.autocreate2/imap/imapd.c ---- cyrus-imapd-2.2.12/imap/imapd.c 2005-02-14 08:39:55.000000000 +0200 -+++ cyrus-imapd-2.2.12.autocreate2/imap/imapd.c 2005-10-19 14:48:57.966749000 +0300 -@@ -158,6 +158,7 @@ - void motd_file(int fd); - void shut_down(int code); - void fatal(const char *s, int code); -+void autocreate_inbox(void); - - void cmdloop(void); - void cmd_login(char *tag, char *user); -@@ -1693,6 +1694,42 @@ - } - - /* -+ * Autocreate Inbox and subfolders upon login -+ */ -+void autocreate_inbox() -+{ -+ char inboxname[MAX_MAILBOX_NAME+1]; -+ int autocreatequota; -+ int r; -+ -+ /* -+ * Exlude admin's accounts -+ */ -+ if (imapd_userisadmin || imapd_userisproxyadmin) -+ return; -+ -+ /* -+ * Exclude anonymous -+ */ -+ if (!strcmp(imapd_userid, "anonymous")) -+ return; -+ -+ if ((autocreatequota = config_getint(IMAPOPT_AUTOCREATEQUOTA))) { -+ /* This is actyally not required -+ as long as the lenght of userid is ok */ -+ r = (*imapd_namespace.mboxname_tointernal) (&imapd_namespace, -+ "INBOX", imapd_userid, inboxname); -+ if (!r) -+ r = mboxlist_lookup(inboxname, NULL, NULL, NULL); -+ -+ if (r == IMAP_MAILBOX_NONEXISTENT) -+ mboxlist_autocreateinbox(&imapd_namespace, imapd_userid, -+ imapd_authstate, inboxname, autocreatequota); -+ } -+} -+ -+ -+/* - * Perform a LOGIN command - */ - void cmd_login(char *tag, char *user) -@@ -1848,6 +1885,9 @@ - strcspn(imapd_userid, "@") : 0); - - freebuf(&passwdbuf); -+ -+ autocreate_inbox(); -+ - return; - } - -@@ -1993,6 +2033,8 @@ - config_virtdomains ? - strcspn(imapd_userid, "@") : 0); - -+ autocreate_inbox(); -+ - return; - } - -diff -Naur cyrus-imapd-2.2.12/imap/lmtpd.c cyrus-imapd-2.2.12.autocreate2/imap/lmtpd.c ---- cyrus-imapd-2.2.12/imap/lmtpd.c 2004-12-17 18:32:15.000000000 +0200 -+++ cyrus-imapd-2.2.12.autocreate2/imap/lmtpd.c 2005-10-19 14:48:57.971145000 +0300 -@@ -106,6 +106,8 @@ - static FILE *spoolfile(message_data_t *msgdata); - static void removespool(message_data_t *msgdata); - -+static int autocreate_inbox(char *rcpt_userid); -+ - /* current namespace */ - static struct namespace lmtpd_namespace; - -@@ -504,10 +506,55 @@ - exit(code); - } - -+/* -+ * Autocreate Inbox and subfolders upon login -+ */ -+int autocreate_inbox(char *rcpt_userid) -+{ -+ struct auth_state *authstate; -+ char inboxname[MAX_MAILBOX_NAME+1]; -+ int rcptisadmin; -+ int autocreatequota; -+ int r; -+ -+ if(rcpt_userid == NULL) -+ return IMAP_MAILBOX_NONEXISTENT; -+ -+ /* -+ * Exclude anonymous -+ */ -+ if (!strcmp(rcpt_userid, "anonymous")) -+ return IMAP_MAILBOX_NONEXISTENT; -+ -+ /* -+ * Check for autocreatequota and createonpost -+ */ -+ if (!(autocreatequota = config_getint(IMAPOPT_AUTOCREATEQUOTA)) || -+ !(config_getswitch(IMAPOPT_CREATEONPOST))) -+ return IMAP_MAILBOX_NONEXISTENT; -+ -+ /* -+ * Exclude admin's accounts -+ */ -+ authstate = auth_newstate(rcpt_userid); -+ rcptisadmin = global_authisa(authstate, IMAPOPT_ADMINS); -+ if (rcptisadmin) -+ return IMAP_MAILBOX_NONEXISTENT; -+ -+ r = (*lmtpd_namespace.mboxname_tointernal) (&lmtpd_namespace, -+ "INBOX", rcpt_userid, inboxname); -+ if (!r) -+ r = mboxlist_autocreateinbox(&lmtpd_namespace, rcpt_userid, -+ authstate, inboxname, autocreatequota); -+ return r; -+} -+ -+ - static int verify_user(const char *user, const char *domain, const char *mailbox, - long quotacheck, struct auth_state *authstate) - { - char namebuf[MAX_MAILBOX_NAME+1] = ""; -+ char *userinbox = NULL; - int r = 0; - - if ((!user && !mailbox) || -@@ -545,6 +592,28 @@ - */ - r = append_check(namebuf, MAILBOX_FORMAT_NORMAL, authstate, - !user ? ACL_POST : 0, quotacheck > 0 ? 0 : quotacheck); -+ if (r == IMAP_MAILBOX_NONEXISTENT && user) { -+ if(domain) { -+ int k; -+ userinbox = (char *)xmalloc((strlen(user)+strlen(domain)+2)*sizeof(char)); -+ k = strlcpy(userinbox, user, strlen(user)+1); -+ *(userinbox + k) = '@'; -+ strlcpy(userinbox+k+1, domain, strlen(domain)+1); -+ } -+ else userinbox = user; -+ /* -+ * Try to create automatically the mailbox, if -+ * autocreate inbox option is enabled. -+ */ -+ r = autocreate_inbox(userinbox); -+ -+ if(userinbox != user) -+ free(userinbox); -+ if (!r) -+ r = append_check(namebuf, MAILBOX_FORMAT_NORMAL, authstate, -+ 0, quotacheck > 0 ? 0 : quotacheck); -+ } -+ - } - - if (r) syslog(LOG_DEBUG, "verify_user(%s) failed: %s", namebuf, -diff -Naur cyrus-imapd-2.2.12/imap/mboxlist.c cyrus-imapd-2.2.12.autocreate2/imap/mboxlist.c ---- cyrus-imapd-2.2.12/imap/mboxlist.c 2004-07-26 21:08:03.000000000 +0300 -+++ cyrus-imapd-2.2.12.autocreate2/imap/mboxlist.c 2005-10-19 14:49:25.972032000 +0300 -@@ -81,6 +81,12 @@ - #include "mboxlist.h" - #include "quota.h" - -+#ifdef USE_SIEVE -+extern int autoadd_sieve(char *userid, -+ const char *source_script); -+#endif -+ -+ - #define DB config_mboxlist_db - #define SUBDB config_subscription_db - -@@ -98,11 +104,29 @@ - static int mboxlist_changequota(const char *name, int matchlen, int maycreate, - void *rock); - -+static int mboxlist_autochangesub(char *name, int matchlen, int maycreate, -+ void *rock); -+ -+static int mboxlist_autosubscribe_sharedfolders(struct namespace *namespace, -+ char *userid, char *auth_userid, -+ struct auth_state *auth_state); -+ - struct change_rock { - struct quota *quota; - struct txn **tid; - }; - -+/* -+ * Struct needed to be passed as void *rock to -+ * mboxlist_autochangesub(); -+ */ -+struct changesub_rock_st { -+ char *userid; -+ char *auth_userid; -+ struct auth_state *auth_state; -+}; -+ -+ - #define FNAME_SUBSSUFFIX ".sub" - - /* -@@ -3124,3 +3148,338 @@ - - return DB->abort(mbdb, tid); - } -+ -+/* -+ * Automatically subscribe user to *ALL* shared folders, -+ * one has permissions to be subscribed to. -+ * INBOX subfolders are excluded. -+ */ -+static int mboxlist_autochangesub(char *name, int matchlen, int maycreate, -+ void *rock) { -+ -+ struct changesub_rock_st *changesub_rock = (struct changesub_rock_st *) rock; -+ char *userid = changesub_rock->userid; -+ char *auth_userid = changesub_rock->auth_userid; -+ struct auth_state *auth_state = changesub_rock->auth_state; -+ int r; -+ -+ -+ if((strlen(name) == 5 && !strncmp(name, "INBOX", 5)) || /* Exclude INBOX */ -+ (strlen(name) > 5 && !strncmp(name, "INBOX.",6)) || /* Exclude INBOX subfolders */ -+ (strlen(name) > 4 && !strncmp(name, "user.", 5))) /* Exclude other users' folders */ -+ return 0; -+ -+ -+ r = mboxlist_changesub(name, userid, auth_state, 1, 0); -+ -+ if (r) { -+ syslog(LOG_WARNING, -+ "autosubscribe: User %s to folder %s, subscription failed: %s", -+ auth_userid, name, error_message(r)); -+ } else { -+ syslog(LOG_NOTICE, -+ "autosubscribe: User %s to folder %s, subscription succeeded", -+ auth_userid, name); -+ } -+ -+ return 0; -+} -+ -+#define SEP '|' -+ -+/* -+ * Automatically subscribe user to a shared folder. -+ * Subscription is done successfully, if the shared -+ * folder exists and the user has the necessary -+ * permissions. -+ */ -+static int mboxlist_autosubscribe_sharedfolders(struct namespace *namespace, -+ char *userid, char *auth_userid, -+ struct auth_state *auth_state) { -+ -+ const char *sub ; -+ char *p, *q, *next_sub; -+ char folder[MAX_MAILBOX_NAME+1], name[MAX_MAILBOX_NAME+1], mailboxname[MAX_MAILBOX_NAME+1]; -+ int len; -+ int r = 0; -+ int subscribe_all_sharedfolders = 0; -+ -+ subscribe_all_sharedfolders = config_getswitch(IMAPOPT_AUTOSUBSCRIBE_ALL_SHAREDFOLDERS); -+ -+ /* -+ * If subscribeallsharedfolders is set to yes in imapd.conf, then -+ * subscribe user to every shared folder one has the apropriate -+ * permissions. -+ */ -+ if(subscribe_all_sharedfolders) { -+ char pattern[MAX_MAILBOX_PATH+1]; -+ struct changesub_rock_st changesub_rock; -+ -+ strcpy(pattern, "*"); -+ changesub_rock.userid = userid; -+ changesub_rock.auth_userid = auth_userid; -+ changesub_rock.auth_state = auth_state; -+ -+ r = mboxlist_findall(namespace, pattern, 0, userid, -+ auth_state, mboxlist_autochangesub, &changesub_rock); -+ -+ return r; -+ } -+ -+ if ((sub=config_getstring(IMAPOPT_AUTOSUBSCRIBESHAREDFOLDERS)) == NULL) -+ return r; -+ -+ next_sub = (char *) sub; -+ while (*next_sub) { -+ for (p = next_sub ; isspace((int) *p) || *p == SEP ; p++); -+ for (next_sub = p ; *next_sub && *next_sub != SEP ; next_sub++); -+ for (q = next_sub ; q > p && (isspace((int) *q) || *q == SEP || !*q) ; q--); -+ if (!*p ) continue; -+ -+ len = q - p + 1; -+ /* Check for folder length */ -+ if (len > sizeof(folder)-1) -+ continue; -+ -+ if (!r) { -+ strncpy(folder, p, len); -+ folder[len] = '\0'; -+ -+ strlcpy(name, namespace->prefix[NAMESPACE_SHARED], sizeof(name)); -+ len = strlcat(name, folder, sizeof(name)); -+ -+ r = (namespace->mboxname_tointernal) (namespace, name, userid, -+ mailboxname); -+ } -+ -+ if (!r) -+ r = mboxlist_changesub(mailboxname, userid, auth_state, 1, 0); -+ -+ if (!r) { -+ syslog(LOG_NOTICE, "autosubscribe: User %s to %s succeeded", -+ userid, folder); -+ } else { -+ syslog(LOG_WARNING, "autosubscribe: User %s to %s failed: %s", -+ userid, folder, error_message(r)); -+ r = 0; -+ } -+ } -+ -+ return r; -+} -+ -+ -+ -+int mboxlist_autocreateinbox(struct namespace *namespace, -+ char *userid, -+ struct auth_state *auth_state, -+ char *mailboxname, int autocreatequota) { -+ char name [MAX_MAILBOX_NAME+1]; -+ char folder [MAX_MAILBOX_NAME+1]; -+ char *auth_userid = NULL; -+ char *partition = NULL; -+ const char *crt; -+ const char *sub; -+ char *p, *q, *next_crt, *next_sub; -+ int len; -+ int r = 0; -+ int numcrt = 0; -+ int numsub = 0; -+#ifdef USE_SIEVE -+ const char *source_script; -+#endif -+ -+ /* -+ * While this is not needed for admins -+ * and imap_admins accounts, it would be -+ * better to separate *all* admins and -+ * proxyservers from normal accounts -+ * (accounts that have mailboxes). -+ * UOA Specific note(1): Even if we do not -+ * exclude these servers-classes here, -+ * UOA specific code, will neither return -+ * role, nor create INBOX, because none of these -+ * administrative accounts belong to the -+ * mailRecipient objectclass, or have imapPartition. -+ * UOA Specific note(2): Another good reason for doing -+ * this, is to prevent the code, from getting into -+ * cyrus_ldap.c because of the continues MSA logins to LMTPd. -+ */ -+ -+ /* -+ * admins and the coresponding imap -+ * service, had already been excluded. -+ */ -+ -+ /* -+ * Do we really need group membership -+ * for admins or service_admins? -+ */ -+ if (global_authisa(auth_state, IMAPOPT_ADMINS)) return 0; -+ if (global_authisa(auth_state, IMAPOPT_ADMINS)) return 0; -+ -+ /* -+ * Do we really need group membership -+ * for proxyservers? -+ */ -+ if (global_authisa(auth_state, IMAPOPT_PROXYSERVERS)) return 0; -+ if (global_authisa(auth_state, IMAPOPT_PROXYSERVERS)) return 0; -+ -+ auth_userid = auth_canonuser(auth_state); -+ -+ if (auth_userid == NULL) { -+ /* -+ * Couldn't get cannon userid -+ */ -+ syslog(LOG_ERR, -+ "Could not get cannon userid for user %s", userid); -+ return IMAP_PARTITION_UNKNOWN; -+ } -+ -+#if 0 -+ /* -+ * Get Partition info or return. -+ * (Here you should propably use -+ * you own "get_partition(char *userid)" -+ * function. Otherwise all new INBOXes will be -+ * created into whatever partition has been declared -+ * as default in your imapd.conf) -+ */ -+ -+ partition = get_partition(userid); -+ -+ if (partition == NULL) { -+ /* -+ * Couldn't get partition info -+ */ -+ syslog(LOG_ERR, -+ "Could not get imapPartition info for user %s", userid); -+ return IMAP_PARTITION_UNKNOWN; -+ } -+#endif -+ -+ r = mboxlist_createmailbox(mailboxname, MAILBOX_FORMAT_NORMAL, NULL, -+ 1, userid, auth_state, 0, 0, 0); -+ -+ if (!r && autocreatequota > 0) -+ r = mboxlist_setquota(mailboxname, autocreatequota, 0); -+ -+ if (!r) -+ r = mboxlist_changesub(mailboxname, userid, -+ auth_state, 1, 1); -+ -+ if (!r) { -+ syslog(LOG_NOTICE, "autocreateinbox: User %s, INBOX was successfully created in partition %s", -+ auth_userid, partition == NULL ? "default" : partition); -+ } else { -+ syslog(LOG_ERR, "autocreateinbox: User %s, INBOX failed. %s", -+ auth_userid, error_message(r)); -+ } -+ -+ -+#if 0 -+ /* Allocated from get_partition, and not needed any more */ -+ free_partition(partition); -+#endif -+ -+ if (r) return r; -+ -+ -+ /* INBOX's subfolders */ -+ if ((crt=config_getstring(IMAPOPT_AUTOCREATEINBOXFOLDERS))) -+ sub=config_getstring(IMAPOPT_AUTOSUBSCRIBEINBOXFOLDERS); -+ -+ /* Roll through crt */ -+ next_crt = (char *) crt; -+ while (next_crt!=NULL && *next_crt) { -+ for (p = next_crt ; isspace((int) *p) || *p == SEP ; p++); -+ for (next_crt = p ; *next_crt && *next_crt != SEP ; next_crt++); -+ for (q = next_crt ; q > p && (isspace((int) *q) || *q == SEP || !*q); q--); -+ -+ if (!*p) continue; -+ -+ len = q - p + 1; -+ -+ /* First time we check for length */ -+ if (len > sizeof(folder) - 5) -+ r = IMAP_MAILBOX_BADNAME; -+ -+ if (!r) { -+ strncpy(folder, p, len); -+ folder[len] = '\0'; -+ -+ strlcpy(name, namespace->prefix[NAMESPACE_INBOX], sizeof(name)); -+ len = strlcat(name, folder, sizeof(name)); -+ } -+ -+ if (!r) -+ r = (namespace->mboxname_tointernal) (namespace, name, userid, -+ mailboxname); -+ if (!r) -+ r = mboxlist_createmailbox(mailboxname, MAILBOX_FORMAT_NORMAL, NULL, -+ 1, userid, auth_state, 0, 0, 0); -+ -+ if (!r) { -+ numcrt++; -+ syslog(LOG_NOTICE, "autocreateinbox: User %s, subfolder %s creation succeeded.", -+ auth_userid, name); -+ } else { -+ syslog(LOG_WARNING, "autocreateinbox: User %s, subfolder %s creation failed. %s", -+ auth_userid, name, error_message(r)); -+ r=0; -+ continue; -+ } -+ -+ /* Roll through sub */ -+ next_sub = (char *) sub; -+ while (next_sub!=NULL && *next_sub) { -+ for (p = next_sub ; isspace((int) *p) || *p == SEP ; p++); -+ for (next_sub = p ; *next_sub && *next_sub != SEP ; next_sub++); -+ for (q = next_sub ; q > p && (isspace((int) *q) || *q == SEP || !*q) ; q--); -+ if (!*p ) continue; -+ -+ len = q - p + 1; -+ -+ if (len != strlen(folder) || strncmp(folder, p, len)) -+ continue; -+ -+ r = mboxlist_changesub(mailboxname, userid, auth_state, 1, 1); -+ -+ if (!r) { -+ numsub++; -+ syslog(LOG_NOTICE,"autocreateinbox: User %s, subscription to %s succeeded", -+ auth_userid, name); -+ } else -+ syslog(LOG_WARNING, "autocreateinbox: User %s, subscription to %s failed. %s", -+ auth_userid, name, error_message(r)); -+ -+ break; -+ } -+ } -+ -+ if (crt!=NULL && *crt) -+ syslog(LOG_INFO, "User %s, Inbox subfolders, created %d, subscribed %d", -+ auth_userid, numcrt, numsub); -+ -+ /* -+ * Check if shared folders are available for subscription. -+ */ -+ mboxlist_autosubscribe_sharedfolders(namespace, userid, auth_userid, auth_state); -+ -+#ifdef USE_SIEVE -+ /* -+ * Here the autocreate sieve script feature is iniated from. -+ */ -+ source_script = config_getstring(IMAPOPT_AUTOCREATE_SIEVE_SCRIPT); -+ -+ if (source_script) { -+ if (!autoadd_sieve(userid, source_script)) -+ syslog(LOG_NOTICE, "autocreate_sieve: User %s, default sieve script creation succeeded", auth_userid); -+ else -+ syslog(LOG_WARNING, "autocreate_sieve: User %s, default sieve script creation failed", auth_userid); -+ } -+#endif -+ -+ return r; -+} -+ -diff -Naur cyrus-imapd-2.2.12/imap/mboxlist.h cyrus-imapd-2.2.12.autocreate2/imap/mboxlist.h ---- cyrus-imapd-2.2.12/imap/mboxlist.h 2004-03-17 20:07:49.000000000 +0200 -+++ cyrus-imapd-2.2.12.autocreate2/imap/mboxlist.h 2005-10-19 14:48:58.027033000 +0300 -@@ -197,4 +197,10 @@ - int mboxlist_commit(struct txn *tid); - int mboxlist_abort(struct txn *tid); - -+int mboxlist_autocreateinbox(struct namespace *namespace, -+ char *userid, -+ struct auth_state *auth_state, -+ char *mailboxname, int autocreatequota); -+ -+ - #endif -diff -Naur cyrus-imapd-2.2.12/imap/pop3d.c cyrus-imapd-2.2.12.autocreate2/imap/pop3d.c ---- cyrus-imapd-2.2.12/imap/pop3d.c 2005-01-04 17:06:13.000000000 +0200 -+++ cyrus-imapd-2.2.12.autocreate2/imap/pop3d.c 2005-10-19 14:48:58.033335000 +0300 -@@ -152,6 +152,8 @@ - static char popd_apop_chal[45 + MAXHOSTNAMELEN + 1]; /* */ - static void cmd_apop(char *response); - -+static int autocreate_inbox(char *inboxname, char *userid); -+ - static void cmd_auth(char *arg); - static void cmd_capa(void); - static void cmd_pass(char *pass); -@@ -1084,6 +1086,7 @@ - popd_userid = xstrdup(p); - prot_printf(popd_out, "+OK Name is a valid mailbox\r\n"); - } -+ - } - - void cmd_pass(char *pass) -@@ -1328,6 +1331,46 @@ - } - - /* -+ * Autocreate Inbox and subfolders upon login -+ */ -+int autocreate_inbox(char *inboxname, char *auth_userid) -+{ -+ struct auth_state *authstate; -+ int userisadmin; -+ int autocreatequota; -+ int r; -+ -+ if(inboxname == NULL || auth_userid == NULL) -+ return IMAP_MAILBOX_NONEXISTENT; -+ -+ /* -+ * Exclude anonymous -+ */ -+ if (!strcmp(popd_userid, "anonymous")) -+ return IMAP_MAILBOX_NONEXISTENT; -+ -+ /* -+ * Check for autocreatequota -+ */ -+ if (!(autocreatequota = config_getint(IMAPOPT_AUTOCREATEQUOTA))) -+ return IMAP_MAILBOX_NONEXISTENT; -+ -+ /* -+ * Exclude admin's accounts -+ */ -+ -+ authstate = auth_newstate(popd_userid); -+ userisadmin = global_authisa(authstate, IMAPOPT_ADMINS); -+ if (userisadmin) -+ return IMAP_MAILBOX_NONEXISTENT; -+ -+ r = mboxlist_autocreateinbox(&popd_namespace, auth_userid, -+ authstate, inboxname, autocreatequota); -+ return r; -+} -+ -+ -+/* - * Complete the login process by opening and locking the user's inbox - */ - int openinbox(void) -@@ -1349,6 +1392,10 @@ - userid, inboxname); - - if (!r) r = mboxlist_detail(inboxname, &type, NULL, &server, &acl, NULL); -+ /* Try once again after autocreate_inbox */ -+ if (r == IMAP_MAILBOX_NONEXISTENT && !(r = autocreate_inbox(inboxname, userid))) -+ r = mboxlist_detail(inboxname, &type, NULL, &server, &acl, NULL); -+ - if (!r && (config_popuseacl = config_getswitch(IMAPOPT_POPUSEACL)) && - (!acl || - !((myrights = cyrus_acl_myrights(popd_authstate, acl)) & ACL_READ))) { -diff -Naur cyrus-imapd-2.2.12/lib/auth.h cyrus-imapd-2.2.12.autocreate2/lib/auth.h ---- cyrus-imapd-2.2.12/lib/auth.h 2003-10-22 21:50:12.000000000 +0300 -+++ cyrus-imapd-2.2.12.autocreate2/lib/auth.h 2005-10-19 14:48:58.035324000 +0300 -@@ -60,4 +60,6 @@ - extern struct auth_state *auth_newstate(const char *identifier); - extern void auth_freestate(struct auth_state *auth_state); - -+extern char *auth_canonuser(struct auth_state *auth_state); -+ - #endif /* INCLUDED_AUTH_H */ -diff -Naur cyrus-imapd-2.2.12/lib/auth_krb.c cyrus-imapd-2.2.12.autocreate2/lib/auth_krb.c ---- cyrus-imapd-2.2.12/lib/auth_krb.c 2003-11-11 05:26:00.000000000 +0200 -+++ cyrus-imapd-2.2.12.autocreate2/lib/auth_krb.c 2005-10-19 14:48:58.038180000 +0300 -@@ -338,3 +338,11 @@ - free((char *)auth_state); - } - -+char * -+auth_canonuser(struct auth_state *auth_state) -+{ -+ if (auth_state) -+ return auth_state->userid; -+ return NULL; -+} -+ -diff -Naur cyrus-imapd-2.2.12/lib/auth_krb5.c cyrus-imapd-2.2.12.autocreate2/lib/auth_krb5.c ---- cyrus-imapd-2.2.12/lib/auth_krb5.c 2004-01-16 17:28:58.000000000 +0200 -+++ cyrus-imapd-2.2.12.autocreate2/lib/auth_krb5.c 2005-10-19 14:48:58.040108000 +0300 -@@ -193,4 +193,11 @@ - free(auth_state); - } - -+char * -+auth_canonuser(struct auth_state *auth_state) -+{ -+ if (auth_state) -+ return auth_state->userid; -+ return NULL; -+} - -diff -Naur cyrus-imapd-2.2.12/lib/auth_pts.c cyrus-imapd-2.2.12.autocreate2/lib/auth_pts.c ---- cyrus-imapd-2.2.12/lib/auth_pts.c 2004-02-25 01:11:37.000000000 +0200 -+++ cyrus-imapd-2.2.12.autocreate2/lib/auth_pts.c 2005-10-19 14:48:58.042343000 +0300 -@@ -349,3 +349,11 @@ - { - free(auth_state); - } -+ -+char *auth_canonuser(struct auth_state *auth_state) -+{ -+ if (auth_state) -+ return auth_state->userid.id; -+ return NULL; -+} -+ -diff -Naur cyrus-imapd-2.2.12/lib/auth_unix.c cyrus-imapd-2.2.12.autocreate2/lib/auth_unix.c ---- cyrus-imapd-2.2.12/lib/auth_unix.c 2004-09-14 01:49:29.000000000 +0300 -+++ cyrus-imapd-2.2.12.autocreate2/lib/auth_unix.c 2005-10-19 14:48:58.044431000 +0300 -@@ -267,4 +267,11 @@ - free((char *)auth_state); - } - -+char *auth_canonuser(struct auth_state *auth_state) -+{ -+ if (auth_state) -+ return auth_state->userid; -+ -+ return NULL; -+} - -diff -Naur cyrus-imapd-2.2.12/lib/imapoptions cyrus-imapd-2.2.12.autocreate2/lib/imapoptions ---- cyrus-imapd-2.2.12/lib/imapoptions 2004-07-21 22:07:45.000000000 +0300 -+++ cyrus-imapd-2.2.12.autocreate2/lib/imapoptions 2005-10-19 14:48:58.048748000 +0300 -@@ -169,6 +169,51 @@ - /* Number of seconds to wait before returning a timeout failure when - performing a client connection (e.g. in a murder enviornment) */ - -+{ "createonpost", 0, SWITCH } -+/* If yes, when lmtpd receives an incoming mail for an INBOX that does not exist, -+ then the INBOX is automatically created by lmtpd. */ -+ -+{ "autocreateinboxfolders", NULL, STRING } -+/* If a user does not have an INBOX created then the INBOX as well as some INBOX subfolders are -+ created under two conditions. -+ 1. The user logins via the IMAP or the POP3 protocol. (autocreatequota option must have a nonzero value) -+ 2. A message arrives for the user through the LMTPD protocol.(createonpost option must yes) -+ autocreateinboxfolders is a list of INBOX's subfolders separated by a "|", that are automatically created by the server -+ under the previous two situations. */ -+ -+{ "autosubscribeinboxfolders", NULL, STRING } -+/* A list of folder names, separated by "|" that the users get automatically subscribed to, when their INBOX -+ is created. -+ These folder names must have been included in the autocreateinboxfolders option of the imapd.conf. */ -+ -+{ "autosubscribesharedfolders", NULL, STRING } -+/* A list of shared folders (bulletin boards), separated by "|" that the users get -+ automatically subscribed to, after their INBOX -+ is created. The shared folder must have been created and the user must have the -+ required permissions to get subscribed to the it. Otherwise the subscription fails. */ -+ -+{ "autosubscribe_all_sharedfolders", 0, SWITCH } -+/* If set to yes then the user is automatically subscribed to all shared folders, one has permission -+ to subscribe to. */ -+ -+{ "autocreate_sieve_script", NULL, STRING } -+/* The full path of a file that contains a sieve script. This script automatically becomes a -+ user's initial default sieve filter script. When this option is not defined, no default -+ sieve filter is created. The file must be readable by the cyrus daemon. */ -+ -+{ "autocreate_sieve_compiledscript", NULL, STRING } -+/* The full path of a file that contains a compiled in bytecode sieve script. This script -+ automatically becomes a user's initial default sieve filter script. -+ If this option is not specified, or the filename doesn't exist then the script defined -+ by autocreate_sieve_script is compiled on the fly and installed as the user's default -+ sieve script */ -+ -+{ "generate_compiled_sieve_script", 0, SWITCH } -+/* If set to yes and no compiled sieve script file exists then the sieve script that is -+ compiled on the fly will be saved in the file name that autocreate_sieve_compiledscript -+ option points. In order a compiled script to be generated, autocreate_sieve_script and -+ autocreate_sieve_compiledscript must have valid values */ -+ - { "configdirectory", NULL, STRING } - /* The pathname of the IMAP configuration directory. This field is - required. */ -diff -Naur cyrus-imapd-2.2.12/notifyd/Makefile.in cyrus-imapd-2.2.12.autocreate2/notifyd/Makefile.in ---- cyrus-imapd-2.2.12/notifyd/Makefile.in 2004-05-28 21:03:06.000000000 +0300 -+++ cyrus-imapd-2.2.12.autocreate2/notifyd/Makefile.in 2005-10-19 14:48:58.050575000 +0300 -@@ -69,10 +69,11 @@ - SERVICE=../master/service.o - - IMAP_LIBS = @IMAP_LIBS@ @LIB_RT@ -+SIEVE_LIBS = @SIEVE_LIBS@ - IMAP_COM_ERR_LIBS = @IMAP_COM_ERR_LIBS@ - LIB_WRAP = @LIB_WRAP@ - LIBS = @ZEPHYR_LIBS@ @LIBS@ $(IMAP_COM_ERR_LIBS) --DEPLIBS=../imap/mutex_fake.o ../imap/libimap.a ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@ -+DEPLIBS=../imap/mutex_fake.o ../imap/libimap.a $(SIEVE_LIBS) ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@ - - PURIFY=/usr/local/bin/purify - PUREOPT=-best-effort -diff -Naur cyrus-imapd-2.2.12/notifyd/notifyd.c cyrus-imapd-2.2.12.autocreate2/notifyd/notifyd.c ---- cyrus-imapd-2.2.12/notifyd/notifyd.c 2004-12-17 18:32:25.000000000 +0200 -+++ cyrus-imapd-2.2.12.autocreate2/notifyd/notifyd.c 2005-10-19 14:48:58.052220000 +0300 -@@ -97,7 +97,7 @@ - - #define NOTIFY_MAXSIZE 8192 - --int do_notify() -+static int do_notify() - { - struct sockaddr_un sun_data; - socklen_t sunlen = sizeof(sun_data); -diff -Naur cyrus-imapd-2.2.12/ptclient/Makefile.in cyrus-imapd-2.2.12.autocreate2/ptclient/Makefile.in ---- cyrus-imapd-2.2.12/ptclient/Makefile.in 2004-05-28 21:03:08.000000000 +0300 -+++ cyrus-imapd-2.2.12.autocreate2/ptclient/Makefile.in 2005-10-19 14:48:58.053762000 +0300 -@@ -57,10 +57,11 @@ - AFS_LDFLAGS = @AFS_LDFLAGS@ @COM_ERR_LDFLAGS@ - AFS_LIBS = @AFS_LIBS@ - IMAP_LIBS = @IMAP_LIBS@ @LIB_RT@ -+SIEVE_LIBS = @SIEVE_LIBS@ - LIBS = $(IMAP_LIBS) @COM_ERR_LIBS@ - LIB_SASL = @LIB_SASL@ - LIB_WRAP = @LIB_WRAP@ --DEPLIBS = ../imap/libimap.a ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@ -+DEPLIBS = ../imap/libimap.a $(SIEVE_LIBS) ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@ - UTIL_LIBS = ../imap/mutex_fake.o ../imap/cli_fatal.o - - LDAP_LIBS=@LDAP_LIBS@ diff --git a/src/patches/cyrus-imapd-2.2.12-gcc4.patch b/src/patches/cyrus-imapd-2.2.12-gcc4.patch deleted file mode 100644 index 3363beaba..000000000 --- a/src/patches/cyrus-imapd-2.2.12-gcc4.patch +++ /dev/null @@ -1,48 +0,0 @@ ---- tools/config2header 2005/04/13 08:56:16 1.1 -+++ tools/config2header 2005/04/13 08:57:48 -@@ -214,7 +214,6 @@ - print HFILE < cap_names.sed - - $(MINLIBNAME): $(OBJS) -- $(LD) -soname $(MAJLIBNAME) -x -shared -o $@ $(OBJS) -+ $(CC) -Wl,-soname,$(MAJLIBNAME) -Wl,-x -shared -o $@ $(OBJS) - ln -sf $(MINLIBNAME) $(MAJLIBNAME) - ln -sf $(MAJLIBNAME) $(LIBNAME) - - %.o: %.c $(INCLS) -- $(CC) $(CFLAGS) -c $< -o $@ -+ $(CC) $(CFLAGS) -fpic -c $< -o $@ - - install: all - mkdir -p -m 0755 $(INCDIR)/sys diff --git a/src/patches/libcap-1.10-syscall.patch b/src/patches/libcap-1.10-syscall.patch deleted file mode 100644 index 60531851d..000000000 --- a/src/patches/libcap-1.10-syscall.patch +++ /dev/null @@ -1,43 +0,0 @@ ---- libcap-1.10.old/libcap/cap_sys.c 2003-08-24 19:03:35.524759616 -0700 -+++ libcap-1.10/libcap/cap_sys.c 2003-08-24 19:03:48.406801248 -0700 -@@ -10,7 +10,7 @@ - #include "libcap.h" - #define __LIBRARY__ - #include -- -+/* - _syscall2(int, capget, - cap_user_header_t, header, - cap_user_data_t, data) -@@ -18,7 +18,7 @@ - _syscall2(int, capset, - cap_user_header_t, header, - const cap_user_data_t, data) -- -+*/ - /* - * $Log: libcap-1.10-syscall.patch,v $ - * Revision 1.1 2004/01/14 13:11:39 riddles - * Build shared libcap - * - * Revision 1.2 2003/08/29 06:28:38 cretin - * Only add -fPIC for libcap.so objects - * - * Revision 1.1 2003/08/27 06:10:53 cretin - * Added -fPIC for prelink to work, and fixed compile error - * - * Revision 1.1.1.1 1999/04/17 22:16:31 morgan ---- libcap-1.10.old/Make.Rules Mon May 21 16:22:08 2001 -+++ libcap-1.10/Make.Rules Mon May 21 16:22:32 2001 -@@ -44,10 +44,10 @@ - CC=gcc - COPTFLAGS=-O2 - DEBUG=-g #-DDEBUG --WARNINGS=-ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \ -+WARNINGS=-D_POSIX_SOURCE -Wall -Wwrite-strings \ - -Wpointer-arith -Wcast-qual -Wcast-align \ - -Wtraditional -Wstrict-prototypes -Wmissing-prototypes \ -- -Wnested-externs -Winline -Wshadow -pedantic -+ -Wnested-externs -Winline -Wshadow - LD=ld - LDFLAGS=-s #-g diff --git a/src/patches/libsafe-alpha.diff b/src/patches/libsafe-alpha.diff deleted file mode 100644 index dfeb9f227..000000000 --- a/src/patches/libsafe-alpha.diff +++ /dev/null @@ -1,232 +0,0 @@ ---- libsafe-2.0-16-orig/src/intercept.c 2003-03-15 16:02:12.000000000 +0100 -+++ libsafe-2.0-16/src/intercept.c 2003-03-15 16:12:22.000000000 +0100 -@@ -165,7 +165,8 @@ - */ - char *strcpy(char *dest, const char *src) - { -- size_t max_size, len; -+ uint max_size; -+ size_t len; - - if (!real_memcpy) - real_memcpy = (memcpy_t) getLibraryFunction("memcpy"); -@@ -196,7 +197,8 @@ - - char *strncpy(char *dest, const char *src, size_t n) - { -- size_t max_size, len; -+ uint max_size; -+ size_t len; - - if (!real_strncpy) - real_strncpy = (strncpy_t) getLibraryFunction("strncpy"); -@@ -219,7 +221,8 @@ - - char *stpcpy(char *dest, const char *src) - { -- size_t max_size, len; -+ uint max_size; -+ size_t len; - - if (!real_memcpy) - real_memcpy = (memcpy_t) getLibraryFunction("memcpy"); -@@ -251,7 +254,8 @@ - #ifndef MISSING_WCSNLEN - wchar_t *wcscpy(wchar_t *dest, const wchar_t *src) - { -- size_t max_bytes, max_wchars, len; -+ size_t max_wchars, len; -+ uint max_bytes; - - if (!real_wcscpy) - real_wcscpy = (wcscpy_t) getLibraryFunction("wcscpy"); -@@ -291,7 +295,8 @@ - - wchar_t *wcpcpy(wchar_t *dest, const wchar_t *src) - { -- size_t max_bytes, max_wchars, len; -+ size_t max_wchars, len; -+ uint max_bytes; - - if (!real_wcpcpy) - real_wcpcpy = (wcpcpy_t) getLibraryFunction("wcpcpy"); -@@ -333,9 +338,15 @@ - /* - * This is needed! See the strcpy() for the reason. -ab. - */ --void *memcpy(void *dest, const void *src, size_t n) -+void *memcpy(void *dest, const void *src, size_t hack) - { -- size_t max_size; -+ /* -+ * a size_t IS an unsigned long everywhere, though it sometimes -+ * doesn't state so, making printf misinterpret it. -+ */ -+ unsigned long n = hack; -+ uint max_size; -+ - - if (!real_memcpy) - real_memcpy = (memcpy_t) getLibraryFunction("memcpy"); -@@ -344,11 +355,11 @@ - return real_memcpy(dest, src, n); - - if ((max_size = _libsafe_stackVariableP(dest)) == 0) { -- LOG(5, "memcpy( , , %d)\n", n); -+ LOG(5, "memcpy( , , %ld)\n", n); - return real_memcpy(dest, src, n); - } - -- LOG(4, "memcpy( , , %d) stack limit=%d)\n", n, max_size); -+ LOG(4, "memcpy( , , %ld) stack limit=%d)\n", n, max_size); - if (n > max_size) - _libsafe_die("Overflow caused by memcpy()"); - return real_memcpy(dest, src, n); -@@ -357,7 +368,7 @@ - - char *strcat(char *dest, const char *src) - { -- size_t max_size; -+ uint max_size; - uint dest_len, src_len; - - if (!real_memcpy) -@@ -388,7 +399,7 @@ - - char *strncat(char *dest, const char *src, size_t n) - { -- size_t max_size; -+ uint max_size; - uint dest_len, src_len; - - if (!real_strncat) -@@ -1008,12 +1019,31 @@ - if (is_printf_convspec[(int)*p]) { - caddr_t addr; - c++; -+#if 0 -+ /* -+ * cannot add va_list (ap here) with a number on alpha. -+ * this is faster than the other method, and might be -+ * a good idea to enable this on !alpha arch. -+ */ - if (pnum) { - addr = *((caddr_t*)(ap + (atoi(pnum)-1)*sizeof(char*))); - } - else { - addr = *((caddr_t*)(ap + c*sizeof(char*))); - } -+#else -+ { -+ va_list apc; -+ uint nb = c + 1; -+ -+ va_copy(apc, ap); -+ if (pnum) -+ nb = atoi(pnum); -+ addr = NULL; -+ while (nb--) -+ addr = va_arg(apc, caddr_t); -+ } -+#endif - if (*p == 'n') { - if (_libsafe_raVariableP((void *)(addr))) { - _libsafe_die("printf(\"%%n\")"); -@@ -1172,12 +1202,32 @@ - if (is_printf_convspec[(int)*p]) { - caddr_t addr; - c++; -+#if 0 -+ /* -+ * cannot add va_list (ap here) with a number on alpha. -+ * this is faster than the other method, and might be -+ * a good idea to enable this on !alpha arch. -+ */ -+ - if (pnum) { - addr = *((caddr_t*)(ap + (atoi(pnum)-1)*sizeof(char*))); - } - else { - addr = *((caddr_t*)(ap + c*sizeof(char*))); - } -+#else -+ { -+ va_list apc; -+ uint nb = c + 1; -+ -+ va_copy(apc, ap); -+ if (pnum) -+ nb = atoi(pnum); -+ addr = NULL; -+ while (nb--) -+ addr = va_arg(apc, caddr_t); -+ } -+#endif - if (*p == 'n') { - if (_libsafe_raVariableP((void *)(addr))) { - _libsafe_die("printf(\"%%n\")"); -@@ -1194,7 +1244,7 @@ - - int sprintf(char *str, const char *format, ...) - { -- size_t max_size; -+ uint max_size; - va_list ap; - int res; - -@@ -1242,7 +1292,7 @@ - - int snprintf(char *str, size_t size, const char *format, ...) - { -- size_t max_size; -+ uint max_size; - va_list ap; - int res; - -@@ -1288,7 +1338,7 @@ - - int vsprintf(char *str, const char *format, va_list ap) - { -- size_t max_size; -+ uint max_size; - int res; - - if (!real_vsprintf) -@@ -1325,7 +1375,7 @@ - - int vsnprintf(char *str, size_t size, const char *format, va_list ap) - { -- size_t max_size; -+ uint max_size; - int res; - - if (!real_vsnprintf) -@@ -1360,7 +1410,7 @@ - - char *getwd(char *buf) - { -- size_t max_size; -+ uint max_size; - char *res; - - if (!real_getwd) -@@ -1384,7 +1434,8 @@ - - char *gets(char *s) - { -- size_t max_size, len; -+ uint max_size; -+ size_t len; - - if (!real_gets) - real_gets = (gets_t) getLibraryFunction("gets"); -@@ -1409,7 +1460,8 @@ - - char *realpath(char *path, char resolved_path[]) - { -- size_t max_size, len; -+ uint max_size; -+ size_t len; - char *res; - char buf[MAXPATHLEN + 1]; - diff --git a/src/patches/libsafe-functioncaching.diff b/src/patches/libsafe-functioncaching.diff deleted file mode 100644 index db003a4cf..000000000 --- a/src/patches/libsafe-functioncaching.diff +++ /dev/null @@ -1,258 +0,0 @@ -From: Goswin Brederlow -Subject: Bug#129345: patch to prevent a loop between libdl and libsafe causing libdl to crash -To: 129345@bugs.debian.org -Date: 01 Sep 2002 23:54:35 +0200 -Reply-To: Goswin Brederlow , - 129345@bugs.debian.org -Resent-From: Goswin Brederlow - - -------- -[D. Coe edited this patch slightly -- moved an unrelated change into the -Makefile itself [it changed the debugging comments only], and corrected a -spelling error and reworded the comments. The original patch is in the -bug tracking system, if you want to see it as submitted by Goswin.] -------- -------- -D. Coe subsequently modified the patch further, because in some cases -the initializations did not occur (e.g. when IO_vfscanf or memcpy was -called from ps or top (likely one of the libraries they use). maybe -they do something that disables libsafe's library globals initialization? - - -In any case, I've adopted both strategise in this new patch; the addresses -are preloaded as Goswin had coded, but they are also individually checked -each time needed (as was the case before Goswin's patch), and are initialized -at that point if necessary. Hopefully this will let ps and top work -and also continue to work around the libdl problem. -------- - -Hi, - -if libsafe is invoked from inside libdl (or only inside dlerror()?) -and a real_XXX function is not yet looked up it will reenter -libdl. That causes memory corruption resulting in a read from 0x0 and -thus segfault. - -The patch below makes libsafe cache all needed symbols once upon -init. That not only causes less lookups than before but should prevent -fatal loops. Failures of the initial lookups might not be reported -correctly but terminate in some odd way if the functions needed to -report are not yet looked up. - -MfG - Goswin - ----------------------------------------------------------------------- -diff -Nurd libsafe-2.0-16/src/intercept.c libsafe-2.0-16-mrvn/src/intercept.c ---- libsafe-2.0-16/src/intercept.c 2002-05-31 19:37:34.000000000 +0200 -+++ libsafe-2.0-16-mrvn/src/intercept.c 2002-09-01 23:44:55.000000000 +0200 -@@ -128,14 +128,29 @@ - } - - --/* Starting with version 2.0, we keep a single global copy of the pointer to -- * the real memcpy() function. This allows us to call -- * getLibraryFunction("memcpy") just once instead of multiple times, since -- * memcpy() is needed in four different functions below. -+/* Starting with Debian version 2.0-16-2, we keep a global copy of the pointer -+ * to each real functions. Otherwise a getLibraryFunction might -+ * be triggered from inside dlsym() and cause memory corruption reulting in a -+ * segfault. - */ --static memcpy_t real_memcpy = NULL; -- -- -+static memcpy_t real_memcpy = NULL; -+static _IO_vfscanf_t real_IO_vfscanf = NULL; -+static vfprintf_t real_vfprintf = NULL; -+static vsnprintf_t real_vsnprintf = NULL; -+static vsprintf_t real_vsprintf = NULL; -+static gets_t real_gets = NULL; -+static getwd_t real_getwd = NULL; -+static realpath_t real_realpath = NULL; -+static stpcpy_t real_stpcpy = NULL; -+static strcat_t real_strcat = NULL; -+static strcpy_t real_strcpy = NULL; -+static strncat_t real_strncat = NULL; -+static strncpy_t real_strncpy = NULL; -+static wcscpy_t real_wcscpy = NULL; -+static wcpcpy_t real_wcpcpy = NULL; -+#ifndef MISSING_WCSNLEN -+static wcscat_t real_wcscat = NULL; -+#endif - /* - * -------------- system library implementations ------------------- - * Here is the story: if a C source file includes and is -@@ -150,7 +165,6 @@ - */ - char *strcpy(char *dest, const char *src) - { -- static strcpy_t real_strcpy = NULL; - size_t max_size, len; - - if (!real_memcpy) -@@ -182,7 +196,6 @@ - - char *strncpy(char *dest, const char *src, size_t n) - { -- static strncpy_t real_strncpy = NULL; - size_t max_size, len; - - if (!real_strncpy) -@@ -206,7 +219,6 @@ - - char *stpcpy(char *dest, const char *src) - { -- static stpcpy_t real_stpcpy = NULL; - size_t max_size, len; - - if (!real_memcpy) -@@ -239,7 +251,6 @@ - #ifndef MISSING_WCSNLEN - wchar_t *wcscpy(wchar_t *dest, const wchar_t *src) - { -- static wcscpy_t real_wcscpy = NULL; - size_t max_bytes, max_wchars, len; - - if (!real_wcscpy) -@@ -280,7 +291,6 @@ - - wchar_t *wcpcpy(wchar_t *dest, const wchar_t *src) - { -- static wcpcpy_t real_wcpcpy = NULL; - size_t max_bytes, max_wchars, len; - - if (!real_wcpcpy) -@@ -347,7 +357,6 @@ - - char *strcat(char *dest, const char *src) - { -- static strcat_t real_strcat = NULL; - size_t max_size; - uint dest_len, src_len; - -@@ -379,7 +388,6 @@ - - char *strncat(char *dest, const char *src, size_t n) - { -- static strncat_t real_strncat = NULL; - size_t max_size; - uint dest_len, src_len; - -@@ -408,7 +416,6 @@ - #ifndef MISSING_WCSNLEN - wchar_t *wcscat(wchar_t *dest, const wchar_t *src) - { -- static wcscat_t real_wcscat = NULL; - size_t max_bytes; - uint dest_len, src_len; - -@@ -861,7 +868,6 @@ - */ - int vfprintf(FILE *fp, const char *format, va_list ap) - { -- static vfprintf_t real_vfprintf = NULL; - int res; - char *p, *pnum; - int c = -1; /* Next var arg to be used */ -@@ -1026,7 +1032,6 @@ - */ - int _IO_vfprintf(FILE *fp, const char *format, va_list ap) - { -- static vfprintf_t real_vfprintf = NULL; - int res; - char *p, *pnum; - int c = -1; /* Next var arg to be used */ -@@ -1189,8 +1194,6 @@ - - int sprintf(char *str, const char *format, ...) - { -- static vsprintf_t real_vsprintf = NULL; -- static vsnprintf_t real_vsnprintf = NULL; - size_t max_size; - va_list ap; - int res; -@@ -1239,7 +1242,6 @@ - - int snprintf(char *str, size_t size, const char *format, ...) - { -- static vsnprintf_t real_vsnprintf = NULL; - size_t max_size; - va_list ap; - int res; -@@ -1286,8 +1288,6 @@ - - int vsprintf(char *str, const char *format, va_list ap) - { -- static vsprintf_t real_vsprintf = NULL; -- static vsnprintf_t real_vsnprintf = NULL; - size_t max_size; - int res; - -@@ -1325,7 +1325,6 @@ - - int vsnprintf(char *str, size_t size, const char *format, va_list ap) - { -- static vsnprintf_t real_vsnprintf = NULL; - size_t max_size; - int res; - -@@ -1361,7 +1360,6 @@ - - char *getwd(char *buf) - { -- static getwd_t real_getwd = NULL; - size_t max_size; - char *res; - -@@ -1386,7 +1384,6 @@ - - char *gets(char *s) - { -- static gets_t real_gets = NULL; - size_t max_size, len; - - if (!real_gets) -@@ -1412,7 +1409,6 @@ - - char *realpath(char *path, char resolved_path[]) - { -- static realpath_t real_realpath = NULL; - size_t max_size, len; - char *res; - char buf[MAXPATHLEN + 1]; -@@ -1445,7 +1441,6 @@ - - int _IO_vfscanf (_IO_FILE *s, const char *format, _IO_va_list argptr, int *errp) - { -- static _IO_vfscanf_t real_IO_vfscanf = NULL; - int res, save_count; - caddr_t ra_array[MAXLEVELS], fp_array[MAXLEVELS]; - -@@ -1529,6 +1524,25 @@ - - fclose(fp); - } -+ -+ real_memcpy = (memcpy_t) getLibraryFunction("memcpy"); -+ real_IO_vfscanf = (_IO_vfscanf_t) getLibraryFunction("_IO_vfscanf"); -+ real_vfprintf = (vfprintf_t) getLibraryFunction("vfprintf"); -+ real_vsnprintf = (vsnprintf_t) getLibraryFunction("vsnprintf"); -+ real_vsprintf = (vsprintf_t) getLibraryFunction("vsprintf"); -+ real_gets = (gets_t) getLibraryFunction("gets"); -+ real_getwd = (getwd_t) getLibraryFunction("getwd"); -+ real_realpath = (realpath_t) getLibraryFunction("realpath"); -+ real_stpcpy = (stpcpy_t) getLibraryFunction("stpcpy"); -+ real_strcat = (strcat_t) getLibraryFunction("strcat"); -+ real_strcpy = (strcpy_t) getLibraryFunction("strcpy"); -+ real_strncat = (strncat_t) getLibraryFunction("strncat"); -+ real_strncpy = (strncpy_t) getLibraryFunction("strncpy"); -+ real_wcscpy = (wcscpy_t) getLibraryFunction("wcscpy"); -+ real_wcpcpy = (wcpcpy_t) getLibraryFunction("wcpcpy"); -+#ifndef MISSING_WCSNLEN -+ real_wcscat = (wcscat_t) getLibraryFunction("wcscat"); -+#endif - } - - diff --git a/src/patches/mISDN-avmfritz.patch b/src/patches/mISDN-avmfritz.patch deleted file mode 100644 index 69c880f40..000000000 --- a/src/patches/mISDN-avmfritz.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- avm_fritz.c.old Tue Feb 13 11:43:45 2007 -+++ avm_fritz.c Wed Apr 11 15:26:32 2007 -@@ -781,6 +781,8 @@ - spin_lock_irqsave(inst->hwlock, flags); - ret = modehdlc(bch, bch->channel, - bch->inst.pid.protocol[1]); -+ if (bch->inst.pid.protocol[2] == ISDN_PID_L2_B_TRANS) -+ test_and_set_bit(FLG_L2DATA, &bch->Flags); - spin_unlock_irqrestore(inst->hwlock, flags); - } - skb_trim(skb, 0); diff --git a/src/patches/mpg123-0.59r-security-1.patch b/src/patches/mpg123-0.59r-security-1.patch deleted file mode 100644 index 8d2547d02..000000000 --- a/src/patches/mpg123-0.59r-security-1.patch +++ /dev/null @@ -1,25 +0,0 @@ -Submitted By: David Jensen (djensen at linuxfromscratch dot org) -Date: 2005-07-23 -Initial Package Version: 0.59r -Origin: Debian -Upstream Status: not maintained -Description: Fixes buffer overflow vulnerablity (CAN-2004-0805) - -$LastChangedBy: djensen $ -$Date: 2005-07-26 21:17:28 -0600 (Tue, 26 Jul 2005) $ - -diff -Naur mpg123-0.59r.orig/layer2.c mpg123-0.59r/layer2.c ---- mpg123-0.59r.orig/layer2.c 1999-02-10 06:13:06.000000000 -0600 -+++ mpg123-0.59r/layer2.c 2005-07-23 16:44:07.000000000 -0500 -@@ -265,6 +265,11 @@ - fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ? - (fr->mode_ext<<2)+4 : fr->II_sblimit; - -+ if (fr->jsbound > fr->II_sblimit) { -+ fprintf(stderr, "Truncating stereo boundary to sideband limit.\n"); -+ fr->jsbound=fr->II_sblimit; -+ } -+ - if(stereo == 1 || single == 3) - single = 0; - diff --git a/src/patches/nasm-0.98.39-security_fix-1.patch b/src/patches/nasm-0.98.39-security_fix-1.patch deleted file mode 100644 index 795d0a370..000000000 --- a/src/patches/nasm-0.98.39-security_fix-1.patch +++ /dev/null @@ -1,21 +0,0 @@ -Submitted By: Ken Moffat -Date: 2005-08-08 -Initial Package Version: 0.98.39 -Upstream Status: From upstream cvs -Origin: Extracted by Ken Moffat -Description: This is Jindrich Novy's patch to fix another buffer overrun -in nasm, CAN-2005-1194 (users who can be persuaded to assemble and run a -malicious source file can have arbitrary code executed via a buffer -overflow). - ---- nasm-0.98.39/output/outieee.c.orig 2005-01-15 22:16:08.000000000 +0000 -+++ nasm-0.98.39/output/outieee.c 2005-08-08 22:12:46.000000000 +0100 -@@ -1120,7 +1120,7 @@ - va_list ap; - - va_start(ap, format); -- vsprintf(buffer, format, ap); -+ vsnprintf(buffer, sizeof(buffer), format, ap); - l = strlen(buffer); - for (i = 0; i < l; i++) - if ((buffer[i] & 0xff) > 31) diff --git a/src/patches/proc_net_conntrack-permissions.patch b/src/patches/proc_net_conntrack-permissions.patch deleted file mode 100644 index 56fea8686..000000000 --- a/src/patches/proc_net_conntrack-permissions.patch +++ /dev/null @@ -1,22 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/06/01 02:58:12+02:00 kaber@trash.net -# [NETFILTER]: Change permissions of /proc/net/ip_conntrack to 0440 -# -# net/ipv4/netfilter/ip_conntrack_standalone.c -# 2004/06/01 02:58:02+02:00 kaber@trash.net +1 -1 -# [NETFILTER]: Change permissions of /proc/net/ip_conntrack to 0440 -# -diff -Nru a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c ---- a/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-06-02 03:23:39 +02:00 -+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-06-02 03:23:39 +02:00 -@@ -502,7 +502,7 @@ - if (ret < 0) - goto cleanup_nothing; - -- proc = proc_net_create("ip_conntrack",0,list_conntracks); -+ proc = proc_net_create("ip_conntrack", 0440, list_conntracks); - if (!proc) goto cleanup_init; - proc->owner = THIS_MODULE; - diff --git a/src/patches/squidGuard-1.2.0-ipfire.patch b/src/patches/squidGuard-1.2.0-ipfire.patch deleted file mode 100644 index 2a28246e3..000000000 --- a/src/patches/squidGuard-1.2.0-ipfire.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff -urN squidGuard-1.2.0_orig/configure.in squidGuard-1.2.0/configure.in ---- squidGuard-1.2.0_orig/configure.in 2001-12-18 10:16:36.000000000 +0000 -+++ squidGuard-1.2.0/configure.in 2006-06-10 12:29:26.000000000 +0000 -@@ -71,7 +71,12 @@ - - dnl Checks for libraries. - --AC_CHECK_LIB(db,db_version,,[ -+AC_CHECK_LIB(db,db_version,, -+AC_CHECK_LIB(db,db_version_4000,, -+AC_CHECK_LIB(db,db_version_4001,, -+AC_CHECK_LIB(db,db_version_4002,, -+AC_CHECK_LIB(db,db_version_4003,, -+AC_CHECK_LIB(db,db_version_4004,,[ - echo - echo "** The Berkley DB library is required for squidGuard" - echo " to compile. Get it from http://www.sleepycat.com" -@@ -79,7 +84,7 @@ - echo " its location. (default is $dbprefix/BerkeleyDB)" - echo - exit 1 -- ]) -+ ])))))) - - dnl Checks for header files. - AC_HEADER_STDC -diff -urN squidGuard-1.2.0_orig/src/sgDb.c squidGuard-1.2.0/src/sgDb.c ---- squidGuard-1.2.0_orig/src/sgDb.c 2001-05-14 13:40:12.000000000 +0000 -+++ squidGuard-1.2.0/src/sgDb.c 2006-06-10 12:27:04.000000000 +0000 -@@ -98,13 +98,21 @@ - if(createdb) - flag = flag | DB_TRUNCATE; - if ((ret = -+#if DB_VERSION_MINOR == 1 || DB_VERSION_MINOR == 2 || DB_VERSION_MINOR == 3 || DB_VERSION_MINOR == 4 -+ Db->dbp->open(Db->dbp, NULL, dbfile, NULL, DB_BTREE, flag, 0664)) != 0) { -+#else - Db->dbp->open(Db->dbp, dbfile, NULL, DB_BTREE, flag, 0664)) != 0) { -+#endif - (void) Db->dbp->close(Db->dbp, 0); - sgLogFatalError("Error db_open: %s", strerror(ret)); - } - } else { - if ((ret = -+#if DB_VERSION_MINOR == 1 || DB_VERSION_MINOR == 2 || DB_VERSION_MINOR == 3 || DB_VERSION_MINOR == 4 -+ Db->dbp->open(Db->dbp, NULL, dbfile, NULL, DB_BTREE, DB_CREATE, 0664)) != 0) { -+#else - Db->dbp->open(Db->dbp, dbfile, NULL, DB_BTREE, DB_CREATE, 0664)) != 0) { -+#endif - sgLogFatalError("Error db_open: %s", strerror(ret)); - } - } diff --git a/src/patches/tcpdump-3.8.2-bgp-dos-2.patch b/src/patches/tcpdump-3.8.2-bgp-dos-2.patch deleted file mode 100644 index 64f6bae54..000000000 --- a/src/patches/tcpdump-3.8.2-bgp-dos-2.patch +++ /dev/null @@ -1,18 +0,0 @@ -borrowed from fedora -fix for CAN-2005-1267 - ---- tcpdump-3.8.2/print-bgp.c.old 2005-05-31 11:58:00.000000000 +0200 -+++ tcpdump-3.8.2/print-bgp.c 2005-05-31 12:01:01.000000000 +0200 -@@ -1706,9 +1706,10 @@ - while (dat + length > p) { - char buf[MAXHOSTNAMELEN + 100]; - i = decode_prefix4(p, buf, sizeof(buf)); -- if (i == -1) -+ if (i == -1) { - printf("\n\t (illegal prefix length)"); -- else if (i == -2) -+ break; -+ } else if (i == -2) - goto trunc; - else { - printf("\n\t %s", buf); diff --git a/src/patches/tcpdump-3.8.2-bgp-dos.patch b/src/patches/tcpdump-3.8.2-bgp-dos.patch deleted file mode 100644 index 99efd3f8e..000000000 --- a/src/patches/tcpdump-3.8.2-bgp-dos.patch +++ /dev/null @@ -1,14 +0,0 @@ -borrowed from fedora -fix for CAN-2005-1279 - ---- tcpdump-3.8.2/print-bgp.c.old 2004-03-24 01:01:00.000000000 +0100 -+++ tcpdump-3.8.2/print-bgp.c 2005-04-28 12:47:12.000000000 +0200 -@@ -1089,7 +1089,7 @@ - printf(", no SNPA"); - } - -- while (len - (tptr - pptr) > 0) { -+ while ((tptr - pptr) > 0 && len - (tptr - pptr) > 0) { - switch (af) { - case AFNUM_INET: - switch (safi) { diff --git a/src/patches/tcpdump-3.8.2-isis-dos.patch b/src/patches/tcpdump-3.8.2-isis-dos.patch deleted file mode 100644 index fae1e20a0..000000000 --- a/src/patches/tcpdump-3.8.2-isis-dos.patch +++ /dev/null @@ -1,26 +0,0 @@ -borrowed from fedora -fix for CAN-2005-1278 - ---- tcpdump-3.8.2/print-isoclns.c.old 2005-04-28 12:58:28.000000000 +0200 -+++ tcpdump-3.8.2/print-isoclns.c 2005-04-28 13:07:17.000000000 +0200 -@@ -1748,12 +1748,14 @@ - lan_alen = *tptr++; /* LAN adress length */ - tmp --; - printf("\n\t LAN address length %u bytes ",lan_alen); -- while (tmp >= lan_alen) { -- if (!TTEST2(*tptr, lan_alen)) -- goto trunctlv; -- printf("\n\t\tIS Neighbor: %s",isis_print_id(tptr,lan_alen)); -- tmp -= lan_alen; -- tptr +=lan_alen; -+ if(lan_alen >= SYSTEM_ID_LEN) { -+ while (tmp >= lan_alen) { -+ if (!TTEST2(*tptr, lan_alen)) -+ goto trunctlv; -+ printf("\n\t\tIS Neighbor: %s",isis_print_id(tptr,lan_alen)); -+ tmp -= lan_alen; -+ tptr +=lan_alen; -+ } - } - break; - diff --git a/src/patches/tcpdump-3.8.2-ldp-dos.patch b/src/patches/tcpdump-3.8.2-ldp-dos.patch deleted file mode 100644 index f71554854..000000000 --- a/src/patches/tcpdump-3.8.2-ldp-dos.patch +++ /dev/null @@ -1,42 +0,0 @@ -borrowed from fedora -fix for CAN-2005-1279 - ---- tcpdump-3.8.2/print-ldp.c.t4 2003-11-16 10:36:27.000000000 +0100 -+++ tcpdump-3.8.2/print-ldp.c 2005-04-28 14:17:15.000000000 +0200 -@@ -327,7 +327,8 @@ - LDP_MASK_U_BIT(EXTRACT_16BITS(&ldp_msg_header->type)) ? "continue processing" : "ignore"); - - msg_tptr=tptr+sizeof(struct ldp_msg_header); -- msg_tlen=msg_len-sizeof(struct ldp_msg_header)+4; /* Type & Length fields not included */ -+ /* Type & Length fields not included */ -+ msg_tlen = (msg_len >= (sizeof(struct ldp_msg_header) + 4)) ? (msg_len - sizeof(struct ldp_msg_header) + 4) : 0; - - /* did we capture enough for fully decoding the message ? */ - if (!TTEST2(*tptr, msg_len)) -@@ -372,8 +373,12 @@ - print_unknown_data(tptr+sizeof(sizeof(struct ldp_msg_header)),"\n\t ", - msg_len); - -- tptr+=msg_len; -- tlen-=msg_len; -+ if(!msg_len) -+ break; -+ else { -+ tptr+=msg_len; -+ tlen-=msg_len; -+ } - } - return; - trunc: ---- tcpdump-3.8.2/print-ascii.c.t4 2003-12-29 12:05:10.000000000 +0100 -+++ tcpdump-3.8.2/print-ascii.c 2005-04-28 14:05:42.000000000 +0200 -@@ -142,6 +142,9 @@ - register int nshorts; - - nshorts = (u_int) length / sizeof(u_short); -+ if(!nshorts) -+ return; -+ - i = 0; - while (--nshorts >= 0) { - if ((i++ % 8) == 0) { diff --git a/src/patches/tcpdump-3.8.2-rsvp-dos.patch b/src/patches/tcpdump-3.8.2-rsvp-dos.patch deleted file mode 100644 index 3a329dde5..000000000 --- a/src/patches/tcpdump-3.8.2-rsvp-dos.patch +++ /dev/null @@ -1,34 +0,0 @@ -borrowed from fedora -fix for CAN-2005-1280 - ---- tcpdump-3.8.2/print-rsvp.c.old 2004-03-24 05:00:38.000000000 +0100 -+++ tcpdump-3.8.2/print-rsvp.c 2005-04-27 17:09:34.000000000 +0200 -@@ -872,6 +872,8 @@ - - case RSVP_OBJ_RRO: - case RSVP_OBJ_ERO: -+ { -+ int step; - switch(rsvp_obj_ctype) { - case RSVP_CTYPE_IPV4: - while(obj_tlen >= 4 ) { -@@ -889,15 +891,16 @@ - "none", - *(obj_tptr+7))); /* rfc3209 says that this field is rsvd. */ - } -- obj_tlen-=*(obj_tptr+1); -- obj_tptr+=*(obj_tptr+1); -+ step = *(obj_tptr+1) ? *(obj_tptr+1) : obj_tlen; -+ obj_tlen -= step; -+ obj_tptr += step; - } - break; - default: - hexdump=TRUE; - } - break; -- -+ } - case RSVP_OBJ_HELLO: - switch(rsvp_obj_ctype) { - case RSVP_CTYPE_1: diff --git a/src/rootfiles/core/stage2 b/src/rootfiles/core/stage2 index b7bd14a9a..3125d7ffd 100644 --- a/src/rootfiles/core/stage2 +++ b/src/rootfiles/core/stage2 @@ -1,3 +1,4 @@ +bin bin/cat bin/echo bin/grep @@ -51,14 +52,10 @@ usr/bin/perl usr/lib #usr/lib/libgcc_s.so #usr/lib/libgcc_s.so.1 -#usr/lib/libstdc##.so -#usr/lib/libstdc##.so.6 +#usr/lib/libstdc++.so +#usr/lib/libstdc++.so.6 usr/local/bin -usr/local/bin/connscheduler -usr/local/bin/httpscert usr/local/bin/readhash -usr/local/bin/run-parts -usr/local/bin/scanhd usr/local/bin/setddns.pl usr/local/bin/vpn-watch #usr/local/doc diff --git a/src/scripts/connscheduler b/src/scripts/connscheduler deleted file mode 100644 index 8c7f17f0f..000000000 --- a/src/scripts/connscheduler +++ /dev/null @@ -1,229 +0,0 @@ -#!/usr/bin/perl -# -# IPFire Connection Scheduler (F)Cron Job -# -# This code is distributed under the terms of the GPL -# The original code is taken from weizen_42. -# See /home/httpd/cgi-bin/connscheduler.cgi -# - -use strict; - -require '/var/ipfire/general-functions.pl'; -require '/var/ipfire/connscheduler/lib.pl'; - -# seems to be necessary -my $sleep_after_profile = 5; - -my ($second, $minute, $hour, $day, $month ,$year, $weekday) = localtime(time); -# correction for weekday, I am used to weeks starting with Monday (= 0) ;-) -$weekday = ($weekday + 6) % 7; -# get the closest thing possible -$minute = int($minute / 5) * 5; - - -if ( $ARGV[0] eq 'hangup' ) -{ - &hangup(); -} -elsif ( $ARGV[0] eq 'dial' ) -{ - &dial(); -} -elsif ( $ARGV[0] eq 'reconnect' ) -{ - &reconnect(); -} -elsif ( $ARGV[0] eq 'profile' ) -{ - &profile($ARGV[1]); -} -elsif ( $ARGV[0] eq 'timer' ) -{ - &timer(); -} -elsif ( $ARGV[0] eq 'test' ) -{ - &test(); -} -else -{ - print "Usage: $0 {dial | hangup | reconnect | profile nr# }\n"; -} - -exit 0; - - -# __ _ _ -# / _| | | (_) -# | |_ _ _ _ __ ___| |_ _ ___ _ __ ___ -# | _| | | | '_ \ / __| __| |/ _ \| '_ \/ __| -# | | | |_| | | | | (__| |_| | (_) | | | \__ \ -# |_| \__,_|_| |_|\___|\__|_|\___/|_| |_|___/ -# -sub hangup -{ - unless ( -e "${General::swroot}/red/active" ) - { - &General::log("ConnSched already disconnected"); - return; - } - - &General::log("ConnSched disconnect"); - unless ( system('/etc/rc.d/init.d/network', 'stop', 'red') == 0 ) - { - &General::log("ConnSched disconnect failed: $?"); - return; - } - - # now wait for active triggerfile and ppp daemon to disappear - sleep 1; - while ( -e "${General::swroot}/red/active" || -e '/var/run/ppp-ipfire.pid' ) - { - sleep 1; - } -} - - -sub dial -{ - if ( -e "${General::swroot}/red/active" ) - { - &General::log("ConnSched already connected"); - return; - } - - &General::log("ConnSched connect"); - unless ( system('/etc/rc.d/init.d/network', 'start', 'red') == 0 ) - { - &General::log("ConnSched connect failed: $?"); - return; - } - - # wait maximum 60 seconds for active triggerfile - my $counter = 60; - until ( -e "${General::swroot}/red/active" || $counter == 0 ) - { - sleep 1; - $counter--; - } -} - - -sub reconnect -{ - &hangup() if ( -e "${General::swroot}/red/active" ); - &dial(); -} - - -sub profile -{ - my $profile = shift; - my $restart_red = 0; - - unless ( ($profile > 0) and ($profile < $CONNSCHED::maxprofiles) ) - { - &General::log("ConnSched invalid profile: $profile"); - return; - } - - unless ( -e "${General::swroot}/ppp/settings-$profile" ) - { - &General::log("ConnSched profile file does not exist: $profile"); - return; - } - - if ( -e "${General::swroot}/red/active" ) - { - # remember to restart red after changing profile - $restart_red = 1; - &hangup(); - } - - &General::log("ConnSched select profile: $profile"); - - # Method to change Profile from pppsetup.cgi - unlink("${General::swroot}/ppp/settings"); - link("${General::swroot}/ppp/settings-$profile", "${General::swroot}/ppp/settings"); - system ("/usr/bin/touch", "${General::swroot}/ppp/updatesettings"); - - if ( $restart_red == 1 ) - { - ## FIXME: do we need to do this ? - sleep($sleep_after_profile); - &dial(); - } -} - - -# fcronjob entry -sub timer -{ - for my $i ( 0 .. $#CONNSCHED::config ) - { - next if ( $CONNSCHED::config[$i]{'ACTIVE'} ne 'on' ); - - my $action_hour = substr($CONNSCHED::config[$i]{'TIME'},0,2); - my $action_minute = substr($CONNSCHED::config[$i]{'TIME'},3,2); - - next if ( $action_hour != $hour ); - next if ( $action_minute != $minute ); - - if ( $CONNSCHED::config[$i]{'DAYSTYPE'} eq 'days' ) - { - my @temp = split(/-/,$CONNSCHED::config[$i]{'DAYS'},2); - - my $daystart = substr($temp[0], 0, -1); - my $dayend = substr($temp[1], 1); - - next if ( ($day < $daystart) || ($day > $dayend) ); - } - else - { - next if ( index($CONNSCHED::config[$i]{'WEEKDAYS'}, $CONNSCHED::weekdays[$weekday]) == -1 ); - } - - - if ( $CONNSCHED::config[$i]{'ACTION'} eq 'reconnect' ) - { - &reconnect() - } - elsif ( $CONNSCHED::config[$i]{'ACTION'} eq 'dial' ) - { - &dial(); - } - elsif ( $CONNSCHED::config[$i]{'ACTION'} eq 'hangup' ) - { - &hangup(); - } - elsif ( $CONNSCHED::config[$i]{'ACTION'} eq 'select profile' ) - { - &profile($CONNSCHED::config[$i]{'PROFILENR'}); - } - elsif ( $CONNSCHED::config[$i]{'ACTION'} eq 'reboot' ) - { - &General::log("ConnSched reboot"); - system ("/usr/local/bin/ipfirereboot", "boot"); - } - elsif ( $CONNSCHED::config[$i]{'ACTION'} eq 'shutdown' ) - { - &General::log("ConnSched shutdown"); - system ("/usr/local/bin/ipfirereboot", "down"); - } - elsif ( $CONNSCHED::config[$i]{'ACTION'} eq 'ipsecstart' ) - { - &General::log("ConnSched ipsecstart"); - system ("/usr/local/bin/ipsecctrl", "S"); - } - elsif ( $CONNSCHED::config[$i]{'ACTION'} eq 'ipsecstop' ) - { - &General::log("ConnSched ipsecstop"); - system ("/usr/local/bin/ipsecctrl", "D"); - } - else - { - # okay ? an event we don't know about - } - } -} diff --git a/src/scripts/httpscert b/src/scripts/httpscert deleted file mode 100644 index fb2d64bac..000000000 --- a/src/scripts/httpscert +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh -# -# new : generate new certificate -# read: read issuer in certificate and verify if it is the same as hostname - -# See how we were called. -case "$1" in - new) - # set temporary random file - export RANDFILE=/root/.rnd - if [ ! -f /etc/httpd/server.key ]; then - echo "Generating https server key." - /usr/bin/openssl genrsa -rand \ - /boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \ - /etc/httpd/server.key 1024 - fi - echo "Generating CSR" - /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \ - req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr - echo "Signing certificate" - /usr/bin/openssl x509 -req -days 999999 -in \ - /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \ - /etc/httpd/server.crt - # unset and remove random file - export -n RANDFILE - rm -f /root/.rnd - ;; - read) - if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then - ISSUER=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='` - HOSTNAME=`/bin/hostname -f` - if [ "$ISSUER" != "$HOSTNAME" ]; then - echo "Certificate issuer '$ISSUER' is not the same as the hostname '$HOSTNAME'" - echo "Probably host or domain name has been changed in setup" - echo "You could remake server certificate with '/usr/local/bin/httpscert new'" - exit 1 - else - echo "https certificate issuer match $HOSTNAME" - fi - else - echo "Certificate not found" - exit 1 - fi - ;; - *) - /bin/echo "Usage: $0 {read|new}" - exit 1 - ;; -esac diff --git a/src/scripts/run-parts b/src/scripts/run-parts deleted file mode 100644 index dd6b59b3e..000000000 --- a/src/scripts/run-parts +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh -# run-parts: Runs all the scripts found in a directory. - -# keep going when something fails -set +e - -if [ $# -lt 1 ]; then - echo "Usage: run-parts " - exit 1 -fi - -if [ ! -d $1 ]; then - echo "Not a directory: $1" - echo "Usage: run-parts " - exit 1 -fi - -# There are several types of files that we would like to -# ignore automatically, as they are likely to be backups -# of other scripts: -IGNORE_SUFFIXES="~ ^ , .bak .new .rpmsave .rpmorig .rpmnew .swp" - -# Main loop: -for SCRIPT in $1/* ; do - # If this is not a regular file, skip it: - if [ ! -f $SCRIPT ]; then - continue - fi - # Determine if this file should be skipped by suffix: - SKIP=false - for SUFFIX in $IGNORE_SUFFIXES ; do - if [ ! "`basename $SCRIPT $SUFFIX`" = "`basename $SCRIPT`" ]; then - SKIP=true - break - fi - done - if [ "$SKIP" = "true" ]; then - continue - fi - # If we've made it this far, then run the script if it's executable: - if [ -x $SCRIPT ]; then - echo "$SCRIPT:" - echo - $SCRIPT 2>&1 - echo - fi -done - -exit 0 diff --git a/src/scripts/scanhd b/src/scripts/scanhd deleted file mode 100644 index f7f50d391..000000000 --- a/src/scripts/scanhd +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -case "$1" in - ide) - /sbin/kudzu -qps -c HD | egrep "desc|device:" | awk -F': ' '{print $2}' | sed -e '/"$/a\\' -e "s/$/\;/g" | tr "\n" "XX" | sed -e "s/XX/\n/g" -e "s/\;X/\;/g" > /var/ipfire/extrahd/scan - ;; - partitions) - cat /proc/partitions | awk '{print $4 ";" $3 ";"}' | grep -v name | grep -v "^;;$" > /var/ipfire/extrahd/partitions - ;; - *) - echo "Usage: $0 (ide|partitions)" - ;; -esac diff --git a/tools/finder.sh b/tools/finder.sh deleted file mode 100644 index b1b517c78..000000000 --- a/tools/finder.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -name=finder.log -echo -n "Where: " ;read wo -echo -n "String: " ;read was -echo -n "Output to file? (y/n): " ;read jn - -if [ "$jn" = "y" ]; then - echo "Creating log file $name" - find $wo -type f | xargs grep -in "$was" 2>/dev/null | grep -v ".svn" | grep -v "ChangeLog" | grep -v "/serv/ipfire/branches/ipcop-1.4" | grep -v "/serv/ipfire/tags/beta0" > $name -else - find $wo -type f | xargs grep -in "$was" 2>/dev/null | grep -v ".svn" | grep -v "ChangeLog" | grep -v "/serv/ipfire/branches/ipcop-1.4" | grep -v "/serv/ipfire/tags/beta0" -fi - -if [ -d $name ]; then - cat $name -fi