From: ms Date: Thu, 31 Jan 2008 18:55:11 +0000 (+0000) Subject: Removed the old webinterface... X-Git-Tag: v3.0-alpha1~1116 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c1342d4c29e4ec2a2f7f5ff4a0d3874da65b2e79;p=ipfire-3.x.git Removed the old webinterface... git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@1169 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 --- diff --git a/html/cgi-bin/backup.cgi b/html/cgi-bin/backup.cgi deleted file mode 100644 index 552132250..000000000 --- a/html/cgi-bin/backup.cgi +++ /dev/null @@ -1,283 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; -# enable only the following on debugging purpose -use warnings; -use CGI::Carp 'fatalsToBrowser'; -use File::Copy; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %color = (); -my %mainsettings = (); -my %cgiparams=(); -my %checked = (); -my $message = ""; -my $errormessage = ""; - -$a = new CGI; - -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -$cgiparams{'ACTION'} = ''; -$cgiparams{'FILE'} = ''; -$cgiparams{'UPLOAD'} = ''; -$cgiparams{'BACKUPLOGS'} = ''; - -&Header::getcgihash(\%cgiparams); - -############################################################################################################################ -################################################ Workaround for Directories ################################################ - -system("/usr/local/bin/backupctrl makedirs >/dev/null 2>&1 ") unless ( -e '/var/ipfire/backup/addons/backup') ; - -############################################################################################################################ -############################################## System calls ohne Http Header ############################################### - - -if ( $cgiparams{'ACTION'} eq "download" ) -{ - open(DLFILE, "; - print "Content-Type:application/x-download\n"; - print "Content-Disposition:attachment;filename=$cgiparams{'FILE'}\n\n"; - print @fileholder; - exit (0); -} -if ( $cgiparams{'ACTION'} eq "downloadaddon" ) -{ - open(DLFILE, "; - print "Content-Type:application/x-download\n"; - print "Content-Disposition:attachment;filename=$cgiparams{'FILE'}\n\n"; - print @fileholder; - exit (0); -} -elsif ( $cgiparams{'ACTION'} eq "restore" ) -{ - my $upload = $a->param("UPLOAD"); - open UPLOADFILE, ">/tmp/restore.ipf"; - binmode $upload; - while ( <$upload> ) { - print UPLOADFILE; - } - close UPLOADFILE; - system("/usr/local/bin/backupctrl restore >/dev/null 2>&1"); -} -elsif ( $cgiparams{'ACTION'} eq "restoreaddon" ) -{ - chomp($cgiparams{'UPLOAD'}); - # we need to fix cause IE7 gives the full path and FF only the filename - my @temp = split(/\\/,$cgiparams{'UPLOAD'}); - my $upload = $a->param("UPLOAD"); - open UPLOADFILE, ">/tmp/".$temp[$#temp]; - binmode $upload; - while ( <$upload> ) { - print UPLOADFILE; - } - close UPLOADFILE; - system("/usr/local/bin/backupctrl restoreaddon ".$temp[$#temp]." >/dev/null 2>&1"); -} - -&Header::showhttpheaders(); - -sub refreshpage{&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'pagerefresh'}
";&Header::closebox();} - -&Header::openpage($Lang::tr{'backup'}, 1, ""); -&Header::openbigbox('100%', 'left', '', $errormessage); - -############################################################################################################################ -################################################### Default System calls ################################################### - -if ( $cgiparams{'ACTION'} eq "backup" ) -{ - if ( $cgiparams{'BACKUPLOGS'} eq "include" ){system("/usr/local/bin/backupctrl include >/dev/null 2>&1");} - else {system("/usr/local/bin/backupctrl exclude >/dev/null 2>&1");} -} -if ( $cgiparams{'ACTION'} eq "addonbackup" ) -{ - system("/usr/local/bin/backupctrl addonbackup $cgiparams{'ADDON'} >/dev/null 2>&1"); -} -elsif ( $cgiparams{'ACTION'} eq "delete" ) -{ - system("/usr/local/bin/backupctrl $cgiparams{'FILE'} >/dev/null 2>&1"); -} - -############################################################################################################################ -############################################ Backups des Systems erstellen ################################################# - -if ( $message ne "" ){ - &Header::openbox('100%','left',$Lang::tr{'error messages'}); - print "$message\n"; - &Header::closebox(); -} - -my @backups = `cd /var/ipfire/backup/ && ls *.ipf 2>/dev/null`; - -&Header::openbox('100%', 'center', $Lang::tr{'backup'}); - -print < - - - -
$Lang::tr{'logs'}$Lang::tr{'include logfiles'} - / - $Lang::tr{'exclude logfiles'} -
- - -
- -END -; -&Header::closebox(); - -############################################################################################################################ -############################################ Backups des Systems downloaden ################################################ - -&Header::openbox('100%', 'center', $Lang::tr{'backups'}); - -print < -END -; -foreach (@backups){ -chomp($_); -my $Datei = "/var/ipfire/backup/".$_; -my @Info = stat($Datei); -my $Size = $Info[7] / 1024; -$Size = sprintf("%02d", $Size); -print "$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB
"; -print "
"; -} -print < -END -; -&Header::closebox(); - -############################################################################################################################ -############################################# Backups von Addons erstellen ################################################# - -&Header::openbox('100%', 'center', 'addons'); - -my @addonincluds = `ls /var/ipfire/backup/addons/includes/ 2>/dev/null`; -my @addons = `ls /var/ipfire/backup/addons/backup/ 2>/dev/null`; -my %addons; - -foreach (@addons){ - my $addon=substr($_,0,length($_)-5); - $addons{$addon}=''; -} - -print ""; -foreach (@addonincluds){ -chomp($_); -delete $addons{$_}; -my $Datei = "/var/ipfire/backup/addons/backup/".$_.".ipf"; -my @Info = stat($Datei); -my $Size = $Info[7] / 1024; -$Size = sprintf("%2d", $Size); -if ( -e $Datei ){ -print ""; -print < -
- - - - - -
-END -; -} -else{ - print ""; -} -print < -
- - - - -
-END -; -} -foreach (keys(%addons)){ -chomp($_); -my $Datei = "/var/ipfire/backup/addons/backup/".$_.".ipf"; -my @Info = stat($Datei); -my $Size = $Info[7] / 1024; -$Size = sprintf("%2d", $Size); -print ""; -print < -
- - - - - -
- -END -; -} - -print "
$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB $Lang::tr{'date'} ".localtime($Info[9])." -
- - - -
-
$Lang::tr{'backup from'} $_
$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB $Lang::tr{'date'} ".localtime($Info[9])." -
- - - -
-
"; -&Header::closebox(); - -############################################################################################################################ -####################################### Backups des Systems wiederherstellen ############################################### - -&Header::openbox('100%', 'center', $Lang::tr{'restore'}); - -print < -
$Lang::tr{'backupwarning'}


-$Lang::tr{'backup'}
-$Lang::tr{'backupaddon'}
- -END -; -&Header::closebox(); -&Header::closebigbox(); -&Header::closepage(); diff --git a/html/cgi-bin/chpasswd.cgi b/html/cgi-bin/chpasswd.cgi deleted file mode 100644 index 5e000f07e..000000000 --- a/html/cgi-bin/chpasswd.cgi +++ /dev/null @@ -1,323 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use CGI qw(param); - -$swroot = "/var/ipfire"; - -my %cgiparams; -my %mainsettings; -my %proxysettings; - -$proxysettings{'NCSA_MIN_PASS_LEN'} = 6; - -### Initialize environment -&readhash("${swroot}/main/settings", \%mainsettings); -&readhash("${swroot}/proxy/advanced/settings", \%proxysettings); -$language = $mainsettings{'LANGUAGE'}; - -### Initialize language -if ($language =~ /^(\w+)$/) {$language = $1;} - # - # Uncomment this to force a certain language: - # $language='en'; - # -require "${swroot}/langs/en.pl"; -require "${swroot}/langs/${language}.pl"; - -my $userdb = "$swroot/proxy/advanced/ncsa/passwd"; - -&readhash("$swroot/ethernet/settings", \%netsettings); - -my $success = 0; - -&getcgihash(\%cgiparams); - -if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'}) -{ - if ($cgiparams{'USERNAME'} eq '') - { - $errormessage = $tr{'advproxy errmsg no username'}; - goto ERROR; - } - if (($cgiparams{'OLD_PASSWORD'} eq '') || ($cgiparams{'NEW_PASSWORD_1'} eq '') || ($cgiparams{'NEW_PASSWORD_2'} eq '')) - { - $errormessage = $tr{'advproxy errmsg no password'}; - goto ERROR; - } - if (!($cgiparams{'NEW_PASSWORD_1'} eq $cgiparams{'NEW_PASSWORD_2'})) - { - $errormessage = $tr{'advproxy errmsg passwords different'}; - goto ERROR; - } - if (length($cgiparams{'NEW_PASSWORD_1'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) - { - $errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'}; - goto ERROR; - } - if (! -z $userdb) - { - open FILE, $userdb; - @users = ; - close FILE; - - $username = ''; - $cryptpwd = ''; - - foreach (@users) - { - chomp; - @temp = split(/:/,$_); - if ($temp[0] =~ /^$cgiparams{'USERNAME'}$/i) - { - $username = $temp[0]; - $cryptpwd = $temp[1]; - } - } - } - if ($username eq '') - { - $errormessage = $tr{'advproxy errmsg invalid user'}; - goto ERROR; - } - if (!(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd)) - { - $errormessage = $tr{'advproxy errmsg password incorrect'}; - goto ERROR; - } - $returncode = system("/usr/bin/htpasswd -b $userdb $username $cgiparams{'NEW_PASSWORD_1'}"); - if ($returncode == 0) - { - $success = 1; - undef %cgiparams; - } else { - $errormessage = $tr{'advproxy errmsg change fail'}; - goto ERROR; - } -} - -ERROR: - -print "Pragma: no-cache\n"; -print "Cache-control: no-cache\n"; -print "Connection: close\n"; -print "Content-type: text/html\n\n"; - -print < - - - - - - - -
- -
- - - - - - - - - - - -
- -   - -
- - - - - - - -END -; - -if ($errormessage) -{ - print < - - -END -; -} - -if ($success) -{ - print < - - -END -; -} - - -print < - -
- - $tr{'advproxy chgwebpwd change web password'} - -
- - - - - - - - - - - - - - - - - -
- - $tr{'advproxy chgwebpwd username'}: - -
- - $tr{'advproxy chgwebpwd old password'}: - -
- - $tr{'advproxy chgwebpwd new password'}: - -
- - $tr{'advproxy chgwebpwd new password confirm'}: - -
- - - - -

-
- - $tr{'advproxy chgwebpwd ERROR'} $errormessage - -
- - $tr{'advproxy chgwebpwd SUCCESS'} $tr{'advproxy errmsg change success'} - -
- -
- - Advanced Proxy running on - - IPCop -
- -
- -
- - - - -END -; - -# ------------------------------------------------------------------- - -sub readhash -{ - my $filename = $_[0]; - my $hash = $_[1]; - my ($var, $val); - - if (-e $filename) - { - open(FILE, $filename) or die "Unable to read file $filename"; - while () - { - chop; - ($var, $val) = split /=/, $_, 2; - if ($var) - { - $val =~ s/^\'//g; - $val =~ s/\'$//g; - - # Untaint variables read from hash - $var =~ /([A-Za-z0-9_-]*)/; $var = $1; - $val =~ /([\w\W]*)/; $val = $1; - $hash->{$var} = $val; - } - } - close FILE; - } -} - -# ------------------------------------------------------------------- - -sub getcgihash -{ - my ($hash, $params) = @_; - my $cgi = CGI->new (); - return if ($ENV{'REQUEST_METHOD'} ne 'POST'); - if (!$params->{'wantfile'}) { - $CGI::DISABLE_UPLOADS = 1; - $CGI::POST_MAX = 512 * 1024; - } else { - $CGI::POST_MAX = 10 * 1024 * 1024; - } - - $cgi->referer() =~ m/^https?\:\/\/([^\/]+)/; - my $referer = $1; - $cgi->url() =~ m/^https?\:\/\/([^\/]+)/; - my $servername = $1; - return if ($referer ne $servername); - - ### Modified for getting multi-vars, split by | - %temp = $cgi->Vars(); - foreach my $key (keys %temp) { - $hash->{$key} = $temp{$key}; - $hash->{$key} =~ s/\0/|/g; - $hash->{$key} =~ s/^\s*(.*?)\s*$/$1/; - } - - if (($params->{'wantfile'})&&($params->{'filevar'})) { - $hash->{$params->{'filevar'}} = $cgi->upload - ($params->{'filevar'}); - } - return; -} - -# ------------------------------------------------------------------- diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi deleted file mode 100644 index fd95f239b..000000000 --- a/html/cgi-bin/connections.cgi +++ /dev/null @@ -1,423 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -my @network=(); -my @masklen=(); -my @colour=(); - -use Net::IPv4Addr qw( :all ); - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::table1colour} ); -undef (@dummy); - -# Read various files - -my %netsettings=(); -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - -open (ACTIVE, 'iptstate -1rbt |') or die 'Unable to open ip_conntrack'; -my @active = ; -close (ACTIVE); - -if (open(IP, "${General::swroot}/red/local-ipaddress")) { - my $redip = ; - close(IP); - chomp $redip; - push(@network, $redip); - push(@masklen, '255.255.255.255' ); - push(@colour, ${Header::colourfw} ); -} - -my @vpn = ` route -n | grep ipsec | awk '{ print \$1" "\$3}'`; - foreach my $route (@vpn) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - if ( $temp[0] eq '$redip' ){next;} - push(@network, $temp[0]); - push(@masklen, $temp[1]); - push(@colour, ${Header::colourvpn} ); - } - -my $aliasfile = "${General::swroot}/ethernet/aliases"; -open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; -my @aliases = ; -close(ALIASES); - -# Add Green Firewall Interface -push(@network, $netsettings{'GREEN_ADDRESS'}); -push(@masklen, "255.255.255.255" ); -push(@colour, ${Header::colourfw} ); - -# Add Green Network to Array -push(@network, $netsettings{'GREEN_NETADDRESS'}); -push(@masklen, $netsettings{'GREEN_NETMASK'} ); -push(@colour, ${Header::colourgreen} ); - -# Add Green Routes to Array -my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`; -foreach my $route (@routes) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - push(@network, $temp[0]); - push(@masklen, $temp[2]); - push(@colour, ${Header::colourgreen} ); -} - -# Add Firewall Localhost 127.0.0.1 -push(@network, '127.0.0.1'); -push(@masklen, '255.255.255.255' ); -push(@colour, ${Header::colourfw} ); - -# Add Orange Network -if ($netsettings{'ORANGE_DEV'}) { - push(@network, $netsettings{'ORANGE_NETADDRESS'}); - push(@masklen, $netsettings{'ORANGE_NETMASK'} ); - push(@colour, ${Header::colourorange} ); - # Add Orange Routes to Array - @routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`; - foreach my $route (@routes) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - push(@network, $temp[0]); - push(@masklen, $temp[2]); - push(@colour, ${Header::colourorange} ); - } -} - -# Add Blue Firewall Interface -push(@network, $netsettings{'BLUE_ADDRESS'}); -push(@masklen, "255.255.255.255" ); -push(@colour, ${Header::colourfw} ); - -# Add Blue Network -if ($netsettings{'BLUE_DEV'}) { - push(@network, $netsettings{'BLUE_NETADDRESS'}); - push(@masklen, $netsettings{'BLUE_NETMASK'} ); - push(@colour, ${Header::colourblue} ); - # Add Blue Routes to Array - @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`; - foreach my $route (@routes) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - push(@network, $temp[0]); - push(@masklen, $temp[2]); - push(@colour, ${Header::colourblue} ); - } -} - -# Add OpenVPN net and RED/BLUE/ORANGE entry (when appropriate) -if (-e "${General::swroot}/ovpn/settings") { - my %ovpnsettings = (); - &General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings); - my @tempovpnsubnet = split("\/",$ovpnsettings{'DOVPN_SUBNET'}); - - # add OpenVPN net - push(@network, $tempovpnsubnet[0]); - push(@masklen, $tempovpnsubnet[1]); - push(@colour, ${Header::colourovpn} ); - - - if ( ($ovpnsettings{'ENABLED_BLUE'} eq 'on') && $netsettings{'BLUE_DEV'} ) { - # add BLUE:port / proto - push(@network, $netsettings{'BLUE_ADDRESS'} ); - push(@masklen, '255.255.255.255' ); - push(@colour, ${Header::colourovpn} ); - } - if ( ($ovpnsettings{'ENABLED_ORANGE'} eq 'on') && $netsettings{'ORANGE_DEV'} ) { - # add ORANGE:port / proto - push(@network, $netsettings{'ORANGE_ADDRESS'} ); - push(@masklen, '255.255.255.255' ); - push(@colour, ${Header::colourovpn} ); - } -} - -# Add STATIC RED aliases -if ($netsettings{'RED_DEV'}) { - # We have a RED eth iface - if ($netsettings{'RED_TYPE'} eq 'STATIC') { - # We have a STATIC RED eth iface - foreach my $line (@aliases) - { - chomp($line); - my @temp = split(/\,/,$line); - if ( $temp[0] ) { - push(@network, $temp[0]); - push(@masklen, $netsettings{'RED_NETMASK'} ); - push(@colour, ${Header::colourfw} ); - } - } - } -} - -# Add VPNs -if ( $vpn[0] ne 'none' ) { - foreach my $line (@vpn) { - my @temp = split(/[\t ]+/,$line); - my @temp1 = split(/[\/:]+/,$temp[3]); - push(@network, $temp1[0]); - push(@masklen, ipv4_cidr2msk($temp1[1])); - push(@colour, ${Header::colourvpn} ); - } -} - -#Establish simple filtering&sorting boxes on top of table - -our %cgiparams; -&Header::getcgihash(\%cgiparams); - -my @list_proto = ($Lang::tr{'all'}, 'icmp', 'udp', 'tcp'); -my @list_state = ($Lang::tr{'all'}, 'SYN_SENT', 'SYN_RECV', 'ESTABLISHED', 'FIN_WAIT', - 'CLOSE_WAIT', 'LAST_ACK', 'TIME_WAIT', 'CLOSE', 'LISTEN'); -my @list_mark = ($Lang::tr{'all'}, '[ASSURED]', '[UNREPLIED]'); -my @list_sort = ('orgsip','protocol', 'expires', 'status', 'orgdip', 'orgsp', - 'orgdp', 'exsip', 'exdip', 'exsp', 'exdp', 'marked'); - -# init or silently correct unknown value... -if ( ! grep ( /^$cgiparams{'SEE_PROTO'}$/ , @list_proto )) { $cgiparams{'SEE_PROTO'} = $list_proto[0] }; -if ( ! grep ( /^$cgiparams{'SEE_STATE'}$/ , @list_state )) { $cgiparams{'SEE_STATE'} = $list_state[0] }; -if ( ($cgiparams{'SEE_MARK'} ne $Lang::tr{'all'}) && # ok the grep should work but it doesn't because of - ($cgiparams{'SEE_MARK'} ne '[ASSURED]') && # the '[' & ']' interpreted as list separator. - ($cgiparams{'SEE_MARK'} ne '[UNREPLIED]') # So, explicitly enumerate items. - ) { $cgiparams{'SEE_MARK'} = $list_mark[0] }; -if ( ! grep ( /^$cgiparams{'SEE_SORT'}$/ , @list_sort )) { $cgiparams{'SEE_SORT'} = $list_sort[0] }; -# *.*.*.* or a valid IP -if ( $cgiparams{'SEE_SRC'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/) { $cgiparams{'SEE_SRC'} = '*.*.*.*' }; -if ( $cgiparams{'SEE_DEST'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/) { $cgiparams{'SEE_DEST'} = '*.*.*.*' }; - - -our %entries = (); # will hold the lines analyzed correctly -my $unknownlines = ''; # should be empty all the time... -my $index = 0; # just a counter to make unique entryies in entries - -&Header::showhttpheaders(); -&Header::openpage($Lang::tr{'connections'}, 1, ''); -&Header::openbigbox('100%', 'left'); -&Header::openbox('100%', 'left', $Lang::tr{'connection tracking'}); - -# Build listbox objects -my $menu_proto = &make_select ('SEE_PROTO', $cgiparams{'SEE_PROTO'}, @list_proto); -my $menu_state = &make_select ('SEE_STATE', $cgiparams{'SEE_STATE'}, @list_state); - -print < - - - - - - - - - - -
$Lang::tr{'legend'} : $Lang::tr{'lan'}$Lang::tr{'internet'}$Lang::tr{'dmz'}$Lang::tr{'wireless'}IPFire$Lang::tr{'vpn'}$Lang::tr{'OpenVPN'}
-
- - - - - - - - - - - - - - - - - - - - - - -END -; - -my $i=0; -foreach my $line (@active) { - $i++; - if ($i < 3) { - next; - } - chomp($line); - my @temp = split(' ',$line); - - my ($sip, $sport) = split(':', $temp[0]); - my ($dip, $dport) = split(':', $temp[1]); - my $proto = $temp[2]; - my $state; my $ttl; - if ( $proto eq "esp" ){$state = "";$ttl = $temp[3];} - elsif ( $proto eq "icmp" ){$state = "";$ttl = $temp[4];} - else{$state = $temp[3];$ttl = $temp[4];} - - next if( !( - (($cgiparams{'SEE_PROTO'} eq $Lang::tr{'all'}) || ($proto eq $cgiparams{'SEE_PROTO'} )) - && (($cgiparams{'SEE_STATE'} eq $Lang::tr{'all'}) || ($state eq $cgiparams{'SEE_STATE'} )) - && (($cgiparams{'SEE_SRC'} eq "*.*.*.*") || ($sip eq $cgiparams{'SEE_SRC'} )) - && (($cgiparams{'SEE_DEST'} eq "*.*.*.*") || ($dip eq $cgiparams{'SEE_DEST'} )) - )); - - if (($proto eq 'udp') && ($ttl eq '')) { - $ttl = $state; - $state = ' '; - } - - my $sipcol = ipcolour($sip); - my $dipcol = ipcolour($dip); - - my $sserv = ''; - if ($sport < 1024) { - $sserv = uc(getservbyport($sport, lc($proto))); - if ($sserv ne '') { - $sserv = " ($sserv)"; - } - } - - my $dserv = ''; - if ($dport < 1024) { - $dserv = uc(getservbyport($dport, lc($proto))); - if ($dserv ne '') { - $dserv = " ($dserv)"; - } - } - - print < - - - - - - - - -END -; -} - -print "
$Lang::tr{'source ip and port'} $Lang::tr{'dest ip and port'} $Lang::tr{'protocol'}$Lang::tr{'connection'}

$Lang::tr{'status'}
$Lang::tr{'expires'}

($Lang::tr{'seconds'})
 $menu_proto$menu_state 
- - $sip - - - - $sport$sserv - - - - $dip - - - - $dport$dserv - - $proto$state$ttl
"; - -&Header::closebox(); -&Header::closebigbox(); -&Header::closepage(); - -sub ipcolour($) { - my $id = 0; - my $line; - my $colour = ${Header::colourred}; - my ($ip) = $_[0]; - my $found = 0; - foreach $line (@network) { - if ($network[$id] eq '') { - $id++; - } else { - if (!$found && ipv4_in_network( $network[$id] , $masklen[$id], $ip) ) { - $found = 1; - $colour = $colour[$id]; - } - $id++; - } - } - return $colour -} - -# Create a string containing a complete SELECT html object -# param1: name -# param2: current value selected -# param3: field list -sub make_select ($,$,$) { - my $select_name = shift; - my $selected = shift; - my $select = ""; - return $select; -} - -# Build a list of IP obtained from the %entries hash -# param1: IP field name -sub get_known_ips ($) { - my $field = shift; - my $qs = $cgiparams{'SEE_SORT'}; # switch the sort order - $cgiparams{'SEE_SORT'} = $field; - - my @liste=('*.*.*.*'); - foreach my $entry ( sort sort_entries keys %entries) { - push (@liste, $entries{$entry}->{$field}) if (! grep (/^$entries{$entry}->{$field}$/,@liste) ); - } - - $cgiparams{'SEE_SORT'} = $qs; #restore sort order - return @liste; -} - -# Used to sort the table containing the lines displayed. -sub sort_entries { #Reverse is not implemented - my $qs=$cgiparams{'SEE_SORT'}; - if ($qs =~ /orgsip|orgdip|exsip|exdip/) { - my @a = split(/\./,$entries{$a}->{$qs}); - my @b = split(/\./,$entries{$b}->{$qs}); - ($a[0]<=>$b[0]) || - ($a[1]<=>$b[1]) || - ($a[2]<=>$b[2]) || - ($a[3]<=>$b[3]); - } elsif ($qs =~ /expire|orgsp|orgdp|exsp|exdp/) { - $entries{$a}->{$qs} <=> $entries{$b}->{$qs}; - } else { - $entries{$a}->{$qs} cmp $entries{$b}->{$qs}; - } -} - -1; diff --git a/html/cgi-bin/connscheduler.cgi b/html/cgi-bin/connscheduler.cgi deleted file mode 100644 index b257adb2e..000000000 --- a/html/cgi-bin/connscheduler.cgi +++ /dev/null @@ -1,489 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -require '/var/ipfire/connscheduler/lib.pl'; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -my $buttontext = $Lang::tr{'add'}; -my $hiddenvalue = 'add'; -my $day; -my $hour; -my $minute; -my %temppppsettings=(); -my @profilenames=(); - - -# -# defaults for settings -# -my $selected_hour = '00'; -my $selected_minute = '00'; -my $checked_connect = "checked='checked'"; -my $checked_profile = ''; -my %selected = (); -$selected{'reconnect'} = ''; -$selected{'dial'} = ''; -$selected{'hangup'} = ''; -$selected{'reboot'} = ''; -$selected{'shutdown'} = ''; -$selected{'ipsecstart'} = ''; -$selected{'ipsecstop'} = ''; -my $selected_profile = 1; -my $checked_days = "checked='checked'"; -my $selected_daystart = 1; -my $selected_dayend = 31; -my $checked_weekdays = ''; -my $checked_mon = "checked='checked'"; -my $checked_tue = "checked='checked'"; -my $checked_wed = "checked='checked'"; -my $checked_thu = "checked='checked'"; -my $checked_fri = "checked='checked'"; -my $checked_sat = "checked='checked'"; -my $checked_sun = "checked='checked'"; -my $comment = ''; - -my %cgiparams = (); - -$cgiparams{'ACTION'} = ''; # add/edit/update/remove/wakeup -$cgiparams{'ACTION_ACTION'} = ''; # CONNECT/PROFILE -$cgiparams{'ACTION_CONNECT'} = ''; # connect/disconnect/reconnect -$cgiparams{'ACTION_PROFILENR'} = 0; -$cgiparams{'ACTION_HOUR'} = ''; -$cgiparams{'ACTION_MINUTE'} = ''; -$cgiparams{'ACTION_DAYSTYPE'} = ''; -$cgiparams{'ACTION_DAYSTART'} = 1; -$cgiparams{'ACTION_DAYEND'} = 31; -$cgiparams{'Mon'} = ''; -$cgiparams{'Tue'} = ''; -$cgiparams{'Wed'} = ''; -$cgiparams{'Thu'} = ''; -$cgiparams{'Fri'} = ''; -$cgiparams{'Sat'} = ''; -$cgiparams{'Sun'} = ''; -$cgiparams{'ACTION_COMMENT'} = ''; - -&Header::getcgihash(\%cgiparams); - - -# read the profile names -my $i=0; -for ($i = 1; $i <= $CONNSCHED::maxprofiles; $i++) -{ - %temppppsettings = (); - $temppppsettings{'PROFILENAME'} = $Lang::tr{'empty'}; - &General::readhash("${General::swroot}/ppp/settings-$i", \%temppppsettings); - $profilenames[$i] = $temppppsettings{'PROFILENAME'}; -} - -&Header::showhttpheaders(); -&Header::openpage($Lang::tr{'connscheduler'}, 1, ''); -&Header::openbigbox('100%', 'left', '', ''); - - -# Found this usefull piece of code in BlockOutTraffic AddOn 8-) -# fwrules.cgi -############### -# DEBUG DEBUG -#&Header::openbox('100%', 'left', 'DEBUG'); -#my $debugCount = 0; -#foreach my $line (sort keys %cgiparams) { -# print "$line = $cgiparams{$line}
\n"; -# $debugCount++; -#} -#print " Count: $debugCount\n"; -#&Header::closebox(); -# DEBUG DEBUG -############### - - -if ( $cgiparams{'ACTION'} eq 'toggle' ) -{ - if ( $CONNSCHED::config[$cgiparams{'ID'}]{'ACTIVE'} eq 'on' ) - { - $CONNSCHED::config[$cgiparams{'ID'}]{'ACTIVE'} = 'off'; - } - else - { - $CONNSCHED::config[$cgiparams{'ID'}]{'ACTIVE'} = 'on'; - } - - &CONNSCHED::WriteConfig; -} - -if ( ($cgiparams{'ACTION'} eq 'add') || ($cgiparams{'ACTION'} eq 'update') ) -{ - my $l_action = $cgiparams{'ACTION_CONNECT'}; - my $l_profilenr = ''; - my $l_days = ''; - my $l_weekdays = ''; - - if ( $cgiparams{'ACTION'} eq 'add' ) - { - $i = $#CONNSCHED::config + 1; - $CONNSCHED::config[$i]{'ACTIVE'} = 'on'; - } - else - { - $i = $cgiparams{'UPDATE_ID'}; - } - - if ( $cgiparams{'ACTION_ACTION'} eq 'PROFILE') - { - $l_action = 'select profile'; - $l_profilenr = $cgiparams{'ACTION_PROFILENR'}; - } - - if ( $cgiparams{'ACTION_DAYSTYPE'} eq 'WEEKDAYS' ) - { - if ( $cgiparams{'Mon'} eq 'on' ) { $l_weekdays .= 'Mon '; } - if ( $cgiparams{'Tue'} eq 'on' ) { $l_weekdays .= 'Tue '; } - if ( $cgiparams{'Wed'} eq 'on' ) { $l_weekdays .= 'Wed '; } - if ( $cgiparams{'Thu'} eq 'on' ) { $l_weekdays .= 'Thu '; } - if ( $cgiparams{'Fri'} eq 'on' ) { $l_weekdays .= 'Fri '; } - if ( $cgiparams{'Sat'} eq 'on' ) { $l_weekdays .= 'Sat '; } - if ( $cgiparams{'Sun'} eq 'on' ) { $l_weekdays .= 'Sun '; } - } - else - { - $l_days = "$cgiparams{'ACTION_DAYSTART'} - $cgiparams{'ACTION_DAYEND'}"; - } - - $CONNSCHED::config[$i]{'ACTION'} = $l_action; - $CONNSCHED::config[$i]{'PROFILENR'} = $l_profilenr; - $CONNSCHED::config[$i]{'TIME'} = "$cgiparams{'ACTION_HOUR'}:$cgiparams{'ACTION_MINUTE'}"; - $CONNSCHED::config[$i]{'DAYSTYPE'} = lc($cgiparams{'ACTION_DAYSTYPE'}); - $CONNSCHED::config[$i]{'DAYS'} = $l_days; - $CONNSCHED::config[$i]{'WEEKDAYS'} = $l_weekdays; - $CONNSCHED::config[$i]{'COMMENT'} = &Header::cleanhtml($cgiparams{'ACTION_COMMENT'}); - - &CONNSCHED::WriteConfig; -} - -if ( $cgiparams{'ACTION'} eq 'edit' ) -{ - $i = $cgiparams{'ID'}; - - $selected_hour = substr($CONNSCHED::config[$i]{'TIME'},0,2); - $selected_minute = substr($CONNSCHED::config[$i]{'TIME'},3,2); - - if ( $CONNSCHED::config[$i]{'ACTION'} eq 'select profile' ) - { - $checked_connect = ''; - $checked_profile = "checked='checked'"; - $selected_profile = $CONNSCHED::config[$i]{'PROFILENR'}; - } - else - { - $selected{"$CONNSCHED::config[$i]{'ACTION'}"} = "selected='selected'"; - } - - if ( $CONNSCHED::config[$i]{'DAYSTYPE'} eq 'days' ) - { - my @temp = split(/-/,$CONNSCHED::config[$i]{'DAYS'},2); - - $selected_daystart = substr($temp[0], 0, -1); - $selected_dayend = substr($temp[1], 1); - } - else - { - my $wd = $CONNSCHED::config[$i]{'WEEKDAYS'}; - $checked_mon = '' if ( index($wd, 'Mon') == -1 ) ; - $checked_tue = '' if ( index($wd, 'Tue') == -1 ) ; - $checked_wed = '' if ( index($wd, 'Wed') == -1 ) ; - $checked_thu = '' if ( index($wd, 'Thu') == -1 ) ; - $checked_fri = '' if ( index($wd, 'Fri') == -1 ) ; - $checked_sat = '' if ( index($wd, 'Sat') == -1 ) ; - $checked_sun = '' if ( index($wd, 'Sun') == -1 ) ; - - $checked_days = ''; - $checked_weekdays = "checked='checked'"; - } - - $comment = $CONNSCHED::config[$cgiparams{'ID'}]{'COMMENT'}; - - $buttontext = $Lang::tr{'update'}; - $hiddenvalue = 'update'; -} - -if ( $cgiparams{'ACTION'} eq 'remove' ) -{ - # simply set ACTIVE to empty, WriteConfig will handle the gory details - $CONNSCHED::config[$cgiparams{'ID'}]{'ACTIVE'} = ''; - &CONNSCHED::WriteConfig; -} -if ( ($cgiparams{'ACTION'} eq 'down') || ($cgiparams{'ACTION'} eq 'up') ) -{ - my $action = @CONNSCHED::config[$cgiparams{'ID'}]; - my $newpos = 0; - - splice(@CONNSCHED::config, $cgiparams{'ID'}, 1); - - if ( ($cgiparams{'ACTION'} eq 'down') ) - { - $newpos = $cgiparams{'ID'} + 1; - } - else - { - $newpos = $cgiparams{'ID'} - 1; - } - - splice(@CONNSCHED::config, $newpos, 0, $action); - - &CONNSCHED::WriteConfig; -} - - -# -# Add / Edit Box -# - -&Header::openbox('100%', 'left', $Lang::tr{'ConnSched add action'}); - -print < - - - - - - - - - - - - - - -
$Lang::tr{'ConnSched time'} : 

$Lang::tr{'ConnSched action'} - 
  $Lang::tr{'ConnSched change profile title'} 

$Lang::tr{'ConnSched days'}  - 
  $Lang::tr{'ConnSched weekdays'}
-  $Lang::tr{'monday'}
-  $Lang::tr{'tuesday'}
-  $Lang::tr{'wednesday'}
-  $Lang::tr{'thursday'}
-  $Lang::tr{'friday'}
-  $Lang::tr{'saturday'}
-  $Lang::tr{'sunday'} -

$Lang::tr{'remark title'} *
-
- - - - - -
*$Lang::tr{'this field may be blank'} -
- - -END -; - -&Header::closebox(); - -# -# Box with List of events -# - -&Header::openbox('100%', 'left', $Lang::tr{'ConnSched scheduled actions'}); -print < - -$Lang::tr{'time'} -  -$Lang::tr{'remark'} -$Lang::tr{'action'} - -END -; - -for my $id ( 0 .. $#CONNSCHED::config ) -{ - my $trcolor; - - if ( ($cgiparams{'ACTION'} eq 'edit') && ($id == $cgiparams{'ID'}) ) - { - $trcolor = ""; - } - elsif ( $id % 2 ) - { - $trcolor = ""; - } - else - { - $trcolor = ""; - } - -print <$CONNSCHED::config[$id]{'TIME'} -$Lang::tr{"ConnSched $CONNSCHED::config[$id]{'ACTION'}"} $CONNSCHED::config[$id]{'PROFILENR'} -$CONNSCHED::config[$id]{'COMMENT'} - -
- - - -
- - -
- - - -
- - -
- - - -
- - -
- - - -
- - -
- - - -
- - -$trcolor -  -$CONNSCHED::config[$id]{'DAYS'}$CONNSCHED::config[$id]{'WEEKDAYS_PR'}  - -END -; -} - -print < -
-
-END -; - - -&Header::closebox(); - -&Header::closebigbox(); -&Header::closepage(); diff --git a/html/cgi-bin/country.cgi b/html/cgi-bin/country.cgi deleted file mode 100644 index 250915a72..000000000 --- a/html/cgi-bin/country.cgi +++ /dev/null @@ -1,110 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -use Locale::Country; - -my $flagdir = '/home/httpd/html/images/flags'; -my $lines = '1'; -my $lines2 = ''; -my @flaglist=(); -my @flaglistfiles=(); -my $flag = ''; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -&Header::showhttpheaders(); - -&Header::openpage('Country Codes', 1, ''); -&Header::openbigbox('100%', 'LEFT'); - -&Header::openbox('100%', 'LEFT', 'Flags & Country Codes:'); -print ""; -print ""; -print ""; -print ""; -print ""; -print ""; -print ""; -print ""; - -@flaglist = <$flagdir/*>; - -undef @flaglistfiles; - -foreach (@flaglist) -{ - if (!-d) { push(@flaglistfiles,substr($_,rindex($_,"/")+1)); } -} - -foreach $flag (@flaglistfiles) -{ - $lines++; - - my $flagcode = uc(substr($flag, 0, 2)); - my $fcode = lc($flagcode); - my $country = Locale::Country::code2country($fcode); - if($fcode eq 'eu') { $country = 'Europe'; } - if($fcode eq 'tp') { $country = 'East Timor'; } - if($fcode eq 'yu') { $country = 'Yugoslavia'; } - if ($lines % 2) { - print ""; - print "\n"; - } - else { - $lines2++; - if($lines2 % 2) { - print ""; - } else { - print ""; - } - print ""; - print ""; - #print ""; - print ""; - } -} - - -print "
FlagCodeCountry FlagCodeCountry
$flagcode"; - print "$flagcode$country
$flagcode"; - print "$flagcode$country* 
"; -&Header::closebox(); - -&Header::closebigbox(); - -print < - - - - -
$Lang::tr{'back'}
- -END -; - -&Header::closepage(); - - diff --git a/html/cgi-bin/credits.cgi b/html/cgi-bin/credits.cgi deleted file mode 100644 index 82630c73a..000000000 --- a/html/cgi-bin/credits.cgi +++ /dev/null @@ -1,766 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -&Header::showhttpheaders(); - -&Header::openpage($Lang::tr{'credits'}, 1, ''); - -&Header::openbigbox('100%', 'center'); - -&Header::openbox('100%', 'left', 'Version'); -print "This is IPFire Build ".`cat /var/ipfire/firebuild`." and tagged as ".`cat /opt/pakfire/etc/pakfire.conf | grep "version =" | cut -d\\" -f2`; -&Header::closebox(); - -&Header::openbox('100%', 'left', $Lang::tr{'credits'}); - -print <
http://www.ipfire.org/
-
-

- IPFire is based on IPCop and Smoothwall. Many thanks to its developers.
- We want to say thank you to all of the developers who ever contributed anything to IPFire. -

- -

Development:
- -Project Leader - Michael Tremer -(mitch\@ipfire.org)
-Vice Project Leader - Christian Schmidt -(maniacikarus\@ipfire.org)
-Developer - Heiner Schmeling -(cm\@ipfire.org)
-Developer - Sven Nierlein -(affect\@versatel.de)
-Developer - Arne Fitzenreiter -(arne\@ipfire.org)
-Sponsor - Detlef Lampart -(delaco\@ipfire.org)
-Developer & Security Manager - Rene Zingel -(linuxadmin\@ipfire.org)
-Supporter - Silvio Rechenbach -(exciter\@ipfire.org)
-Sponsor - Karsten Rechenbach -(space\@ipfire.org)
-Tester - Ronald Wiesinger -(rowie\@ipfire.org)
-

-

Some parts of the distribution are left ajar on third-party software, that is licensed under the GPL, too.
-There are: Advanced Proxy with URL-Filter and Update-Accelerator, ZERINA, Connection Scheduler, mbmon-Graphs, Hddtemp and Wake-on-LAN.
-Distributed by Marco Sondermann, Ufuk Altinkaynak, Thomas Eichstaedt and Olaf Westrik.

-END -; -&Header::closebox(); - -&Header::openbox('100%', 'left', 'General Public License v3'); -print < - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - Copyright (C) - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. - - -END -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi deleted file mode 100644 index b70c50959..000000000 --- a/html/cgi-bin/ddns.cgi +++ /dev/null @@ -1,552 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::table2colour}, ${Header::colouryellow} ); -undef (@dummy); - -my $ddnsprefix = $Lang::tr{'ddns noip prefix'}; -$ddnsprefix =~ s/%/$General::noipprefix/; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -# Files used -my $setting = "${General::swroot}/ddns/settings"; -our $datafile = "${General::swroot}/ddns/config"; - -my %settings=(); -#Settings1 -$settings{'BEHINDROUTER'} = 'RED_IP'; -$settings{'MINIMIZEUPDATES'} = ''; - -#Settings2 for editing the multi-line list -#Must not be saved ! -$settings{'HOSTNAME'} = ''; -$settings{'DOMAIN'} = ''; -$settings{'LOGIN'} = ''; -$settings{'PASSWORD'} = ''; -$settings{'PASSWORD2'} = ''; -$settings{'ENABLED'} = ''; -$settings{'PROXY'} = ''; -$settings{'WILDCARDS'} = ''; -$settings{'SERVICE'} = ''; - -my @nosaved=('HOSTNAME','DOMAIN','LOGIN','PASSWORD','PASSWORD2', - 'ENABLED','PROXY','WILDCARDS','SERVICE'); # List here ALL setting2 fields. Mandatory - -$settings{'ACTION'} = ''; # add/edit/remove -$settings{'KEY1'} = ''; # point record for ACTION -$settings{'KEY2'} = ''; # point record for ACTION - -my $errormessage = ''; -my $warnmessage = ''; - -&Header::showhttpheaders(); - -#Get GUI values -&Header::getcgihash(\%settings); - -# Load multiline data -our @current = (); -if (open(FILE, "$datafile")) { - @current = ; - close (FILE); -} - -# -# Check Settings1 first because they are needed before working on @current -# -if ($settings{'ACTION'} eq $Lang::tr{'save'}) { - # No user input to check. ! - #unless ($errormessage) { # Everything is ok, save settings - $settings{'BEHINDROUTERWAITLOOP'} = '-1'; # init & will update on next setddns.pl call - map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1','KEY2'));# Must never be saved - &General::writehash($setting, \%settings); # Save good settings - $settings{'ACTION'} = $Lang::tr{'save'}; # Recreate 'ACTION' - map ($settings{$_}= '',(@nosaved,'KEY1','KEY2')); # and reinit var to empty - #} -} else { - &General::readhash($setting, \%settings); # Get saved settings and reset to good if needed -} - -# -# Now manipulate the multi-line list with Settings2 -# -# Toggle enable/disable field. Field is in second position -if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { - #move out new line - chomp(@current[$settings{'KEY1'}]); - my @temp = split(/\,/,@current[$settings{'KEY1'}]); - my $K2=$settings{'KEY2'}; - $temp[ $K2 ] = ( $temp[ $K2 ] eq 'on') ? '' : 'on'; # Toggle the field - @current[$settings{'KEY1'}] = join (',',@temp)."\n"; - $settings{'KEY1'} = ''; # End edit mode - &General::log($Lang::tr{'ddns hostname modified'}); - - # Write changes to config file. - &WriteDataFile; # sort newly added/modified entry -} - -if ($settings{'ACTION'} eq $Lang::tr{'add'}) { - # Validate inputs - - unless ($settings{'LOGIN'} ne '') { - $errormessage = $Lang::tr{'username not set'}; - } - - # list box returns 'service optional synonyms' - # keep only first name - $settings{'SERVICE'} =~ s/ .*$//; - - # for freedns.afraid.org, only 'connect string' is mandatory - if ($settings{'SERVICE'} ne 'freedns.afraid.org') { - unless ($settings{'SERVICE'} eq 'regfish.com' || $settings{'PASSWORD'} ne '') { - $errormessage = $Lang::tr{'password not set'}; - } - unless ($settings{'PASSWORD'} eq $settings{'PASSWORD2'}) { - $errormessage = $Lang::tr{'passwords do not match'}; - } - - # Permit an empty HOSTNAME for the nsupdate, regfish, dyndns, enom, ovh, zoneedit, no-ip, easydns - unless ($settings{'SERVICE'} eq 'zoneedit.com' || $settings{'SERVICE'} eq 'nsupdate' || - $settings{'SERVICE'} eq 'dyndns-custom'|| $settings{'SERVICE'} eq 'regfish.com' || - $settings{'SERVICE'} eq 'enom.com' || $settings{'SERVICE'} eq 'dnspark.com' || - $settings{'SERVICE'} eq 'ovh.com' || $settings{'HOSTNAME'} ne '' || - $settings{'SERVICE'} eq 'no-ip.com' || $settings{'SERVICE'} eq 'easydns.com' ) { - $errormessage = $Lang::tr{'hostname not set'}; - } - unless ($settings{'HOSTNAME'} eq '' || $settings{'HOSTNAME'} =~ /^[a-zA-Z_0-9-]+$/) { - $errormessage = $Lang::tr{'invalid hostname'}; - } - unless ($settings{'DOMAIN'} ne '') { - $errormessage = $Lang::tr{'domain not set'}; - } - unless ($settings{'DOMAIN'} =~ /^[a-zA-Z_0-9.-]+$/) { - $errormessage = $Lang::tr{'invalid domain name'}; - } - unless ($settings{'DOMAIN'} =~ /[.]/) { - $errormessage = $Lang::tr{'invalid domain name'}; - } - } - - # recheck service wich don't need too much fields - if ($settings{'SERVICE'} eq 'cjb.net') { - $errormessage = ''; # clear previous error - unless ($settings{'LOGIN'} ne '') { - $errormessage = $Lang::tr{'username not set'}; - } - unless ($settings{'PASSWORD'} ne '') { - $errormessage = $Lang::tr{'password not set'}; - } - unless ($settings{'PASSWORD'} eq $settings{'PASSWORD2'}) { - $errormessage = $Lang::tr{'passwords do not match'}; - } - } - - unless ($errormessage) { - if ($settings{'KEY1'} eq '') { #add or edit ? - unshift (@current, "$settings{'SERVICE'},$settings{'HOSTNAME'},$settings{'DOMAIN'},$settings{'PROXY'},$settings{'WILDCARDS'},$settings{'LOGIN'},$settings{'PASSWORD'},$settings{'ENABLED'}\n"); - &General::log($Lang::tr{'ddns hostname added'}); - } else { - @current[$settings{'KEY1'}] = "$settings{'SERVICE'},$settings{'HOSTNAME'},$settings{'DOMAIN'},$settings{'PROXY'},$settings{'WILDCARDS'},$settings{'LOGIN'},$settings{'PASSWORD'},$settings{'ENABLED'}\n"; - $settings{'KEY1'} = ''; # End edit mode - &General::log($Lang::tr{'ddns hostname modified'}); - } - map ($settings{$_}='' ,@nosaved); # Clear fields - # Write changes to config file. - &WriteDataFile; # sort newly added/modified entry - } -} - -if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { - #move out new line - my $line = @current[$settings{'KEY1'}]; # KEY1 is the index in current - chomp($line); - my @temp = split(/\,/, $line); - $settings{'SERVICE'} = $temp[0]; - $settings{'HOSTNAME'} = $temp[1]; - $settings{'DOMAIN'} = $temp[2]; - $settings{'PROXY'} = $temp[3]; - $settings{'WILDCARDS'} = $temp[4]; - $settings{'LOGIN'} = $temp[5]; - $settings{'PASSWORD'} = $settings{'PASSWORD2'} = $temp[6]; - $settings{'ENABLED'} = $temp[7]; -} - -if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { - splice (@current,$settings{'KEY1'},1); # Delete line - open(FILE, ">$datafile") or die 'ddns datafile error'; - print FILE @current; - close(FILE); - $settings{'KEY1'} = ''; # End remove mode - &General::log($Lang::tr{'ddns hostname removed'}); - # Write changes to config file. - &WriteDataFile; -} - -if ($settings{'ACTION'} eq $Lang::tr{'instant update'}) { - system('/usr/local/bin/setddns.pl', '-f'); -} - - -if ($settings{'ACTION'} eq '') -{ - $settings{'SERVICE'} = 'dyndns.org'; - $settings{'ENABLED'} = 'on'; -} - -&Header::openpage($Lang::tr{'dynamic dns'}, 1, ''); -&Header::openbigbox('100%', 'left', '', $errormessage); - -my %checked =(); # Checkbox manipulations -$checked{'SERVICE'}{'cjb.net'} = ''; -$checked{'SERVICE'}{'dhs.org'} = ''; -$checked{'SERVICE'}{'dnspark.com'} = ''; -$checked{'SERVICE'}{'dtdns.com'} = ''; -$checked{'SERVICE'}{'dyndns.org'} = ''; -$checked{'SERVICE'}{'dyndns-custom'} = ''; -$checked{'SERVICE'}{'dyndns-static'} = ''; -$checked{'SERVICE'}{'dyns.cx'} = ''; -$checked{'SERVICE'}{'dynu.ca'} = ''; -$checked{'SERVICE'}{'easydns.com'} = ''; -$checked{'SERVICE'}{'enom.com'} = ''; -$checked{'SERVICE'}{'freedns.afraid.org'} = ''; -$checked{'SERVICE'}{'hn.org'} = ''; -$checked{'SERVICE'}{'no-ip.com'} = ''; -$checked{'SERVICE'}{'nsupdate'} = ''; -$checked{'SERVICE'}{'ovh.com'} = ''; -$checked{'SERVICE'}{'regfish.com'} = ''; -$checked{'SERVICE'}{'selfhost.de'} = ''; -$checked{'SERVICE'}{'tzo.com'} = ''; -$checked{'SERVICE'}{'zoneedit.com'} = ''; -$checked{'SERVICE'}{$settings{'SERVICE'}} = "selected='selected'"; - -$checked{'BEHINDROUTER'}{'RED_IP'} = ''; -$checked{'BEHINDROUTER'}{'FETCH_IP'} = ''; -$checked{'BEHINDROUTER'}{$settings{'BEHINDROUTER'}} = "checked='checked'"; -$checked{'MINIMIZEUPDATES'} = ($settings{'MINIMIZEUPDATES'} eq '' ) ? '' : "checked='checked'"; - -$checked{'PROXY'}{'on'} = ($settings{'PROXY'} eq '') ? '' : "checked='checked'"; -$checked{'WILDCARDS'}{'on'} = ($settings{'WILDCARDS'} eq '') ? '' : "checked='checked'"; -$checked{'ENABLED'}{'on'} = ($settings{'ENABLED'} eq '' ) ? '' : "checked='checked'"; - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage "; - &Header::closebox(); -} - -if ($warnmessage) { - $warnmessage = "$Lang::tr{'capswarning'}: $warnmessage"; -} -&Header::openbox('100%', 'left', $Lang::tr{'settings'}); -print "
"; -print < - - $Lang::tr{'dyn dns source choice'} - - - $Lang::tr{'use ipfire red ip'} - - - $Lang::tr{'fetch ip from'} * - - - - $Lang::tr{'ddns minimize updates'} - - -

-END -; - -print < - - * - $Lang::tr{'avoid dod'} - - - - -END -; -&Header::closebox(); # end of Settings1 - - -my $buttontext = $Lang::tr{'add'}; -if ($settings{'KEY1'} ne '') { - $buttontext = $Lang::tr{'update'}; - &Header::openbox('100%', 'left', $Lang::tr{'edit an existing host'}); -} else { - &Header::openbox('100%', 'left', $Lang::tr{'add a host'}); -} - -#Edited line number (KEY1) passed until cleared by 'save' or 'remove' -print < - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$Lang::tr{'service'}:$Lang::tr{'hostname'}: *
$Lang::tr{'behind a proxy'}$Lang::tr{'domain'}:
$Lang::tr{'enable wildcards'}$Lang::tr{'username'}
$Lang::tr{'password'}
$Lang::tr{'enabled'}$Lang::tr{'again'}
-
- - - - - - - -
*$ddnsprefix - -
- -END -; -&Header::closebox(); - -# -# Third box shows the list, in columns -# -&Header::openbox('100%', 'left', $Lang::tr{'current hosts'}); -print < - - $Lang::tr{'service'} - $Lang::tr{'hostname'} - $Lang::tr{'domain'} - $Lang::tr{'proxy'} - $Lang::tr{'wildcards'} - $Lang::tr{'action'} - -END -; -my $ip = &General::GetDyndnsRedIP; -my $key = 0; -foreach my $line (@current) { - chomp($line); # remove newline - my @temp = split(/\,/,$line); - - if ($temp[0] eq 'no-ip.com') { - $temp[1] =~ s!$General::noipprefix(.*)!group:$1 !; - } - - #Choose icon for checkbox - - my $gifproxy=''; - my $descproxy=''; - if ($temp[3] eq "on") { - $gifproxy = 'on.gif'; - $descproxy = $Lang::tr{'click to disable'}; - } else { - $gifproxy = 'off.gif'; - $descproxy = $Lang::tr{'click to enable'}; - } - - my $gifwildcard=''; - my $descwildcard=''; - if ($temp[4] eq "on") { - $gifwildcard = 'on.gif'; - $descwildcard = $Lang::tr{'click to disable'}; - } else { - $gifwildcard = 'off.gif'; - $descwildcard = $Lang::tr{'click to enable'}; - } - - my $sync = ""; - my $gif = ''; - my $gdesc = ''; - if ($temp[7] eq "on") { - $gif = 'on.gif'; - $gdesc = $Lang::tr{'click to disable'}; - $sync = (&General::DyndnsServiceSync ($ip,$temp[1], $temp[2]) ? "": "") ; - } else { - $gif = 'off.gif'; - $gdesc = $Lang::tr{'click to enable'}; - } - - #Colorize each line - if ($settings{'KEY1'} eq $key) { - print ""; - } elsif ($key % 2) { - print ""; - } else { - print ""; - } - - #if a field is empty, replace it with a '---' to see colorized info! - $temp[1] = '---' if (!$temp[1]); - $temp[2] = '---' if (!$temp[2]); - - print <$temp[0] -$sync$temp[1] -$sync$temp[2] - - -
- - - - -
- - - -
- - - - -
- - - -
- - - - -
- - - -
- - - -
- - - -
- - - -
- - -END -; - $key++; -} -print ""; - -# If table contains entries, print 'Key to action icons' -if ($key) { -print < - -  $Lang::tr{'legend'}:  - $Lang::tr{ - $Lang::tr{'click to disable'} -    - $Lang::tr{ - $Lang::tr{'click to enable'} -    - $Lang::tr{ - $Lang::tr{'edit'} -    - $Lang::tr{ - $Lang::tr{'remove'} -
- -
- - -END -; -} - -&Header::closebox(); -&Header::closebigbox(); -&Header::closepage(); - -## Ouf it's the end ! - - -# write the "current" array -sub WriteDataFile { - #Save current - open(FILE, ">$datafile") or die 'ddns datafile error'; - print FILE @current; - close (FILE); -} diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi deleted file mode 100644 index 4e932be8b..000000000 --- a/html/cgi-bin/dhcp.cgi +++ /dev/null @@ -1,1261 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::colouryellow} ); -undef (@dummy); - -our %dhcpsettings=(); -our %netsettings=(); -my %mainsettings=(); -my %timesettings=(); -my $setting = "${General::swroot}/dhcp/settings"; -our $filename1 = "${General::swroot}/dhcp/advoptions"; # Field separator is TAB in this file (comma is standart) - # because we need commas in the some data -our $filename2 = "${General::swroot}/dhcp/fixleases"; -our $filename3 = "${General::swroot}/dhcp/advoptions-list"; # Describe the allowed syntax for dhcp options -my $errormessage = ''; -my $warnNTPmessage = ''; -my @nosaved=(); -my %color = (); - -#Basic syntax allowed for new Option definition. Not implemented: RECORDS & array of RECORDS -our $OptionTypes = 'boolean|((un)?signed )?integer (8|16|32)|ip-address|text|string|encapsulate \w+|array of ip-address'; - -&Header::showhttpheaders(); -our @ITFs=('GREEN'); -if (&Header::blue_used()){push(@ITFs,'BLUE');} - -#Settings1 for the first screen box -foreach my $itf (@ITFs) { - $dhcpsettings{"ENABLE_${itf}"} = 'off'; - $dhcpsettings{"ENABLEBOOTP_${itf}"} = 'off'; - $dhcpsettings{"START_ADDR_${itf}"} = ''; - $dhcpsettings{"END_ADDR_${itf}"} = ''; - $dhcpsettings{"DOMAIN_NAME_${itf}"} = ''; - $dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} = ''; - $dhcpsettings{"MAX_LEASE_TIME_${itf}"} = ''; - $dhcpsettings{"WINS1_${itf}"} = ''; - $dhcpsettings{"WINS2_${itf}"} = ''; - $dhcpsettings{"DNS1_${itf}"} = ''; - $dhcpsettings{"DNS2_${itf}"} = ''; - $dhcpsettings{"NTP1_${itf}"} = ''; - $dhcpsettings{"NTP2_${itf}"} = ''; - $dhcpsettings{"NEXT_${itf}"} = ''; - $dhcpsettings{"FILE_${itf}"} = ''; -} - -$dhcpsettings{'SORT_FLEASELIST'} = 'FIPADDR'; -$dhcpsettings{'SORT_LEASELIST'} = 'IPADDR'; - -#Settings2 for editing the multi-line list -#Must not be saved with writehash ! -$dhcpsettings{'FIX_MAC'} = ''; -$dhcpsettings{'FIX_ADDR'} = ''; -$dhcpsettings{'FIX_ENABLED'} = 'off'; -$dhcpsettings{'FIX_NEXTADDR'} = ''; -$dhcpsettings{'FIX_FILENAME'} = ''; -$dhcpsettings{'FIX_ROOTPATH'} = ''; -$dhcpsettings{'FIX_REMARK'} = ''; -$dhcpsettings{'ACTION'} = ''; -$dhcpsettings{'KEY1'} = ''; -$dhcpsettings{'KEY2'} = ''; -@nosaved=('FIX_MAC','FIX_ADDR','FIX_ENABLED','FIX_NEXTADDR', - 'FIX_FILENAME','FIX_ROOTPATH','FIX_REMARK'); - -$dhcpsettings{'ADVOPT_ENABLED'} = ''; -$dhcpsettings{'ADVOPT_NAME'} = ''; -$dhcpsettings{'ADVOPT_DATA'} = ''; -unshift (@nosaved,'ADVOPT_ENABLED','ADVOPT_NAME','ADVOPT_DATA'); -foreach my $itf (@ITFs) { - $dhcpsettings{"ADVOPT_SCOPE_${itf}"} = 'off'; - unshift (@nosaved, "ADVOPT_SCOPE_${itf}"); -} - -# Read Ipcop settings -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("${General::swroot}/time/settings", \%timesettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -#Get GUI values -&Header::getcgihash(\%dhcpsettings); - -open(FILE, "$filename1") or die 'Unable to open dhcp advanced options file.'; -our @current1 = ; -close(FILE); -# Extract OptionDefinition -foreach my $line (@current1) { - #chomp($line); # remove newline #don't know why, but this remove newline in @current1 .... ! - my @temp = split(/\t/,$line); - AddNewOptionDefinition ($temp[1] . ' ' . $temp[2]); -} - -open(FILE, "$filename2") or die 'Unable to open fixed leases file.'; -our @current2 = ; -close(FILE); - -# Check Settings1 first because they are needed by &buildconf -if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) { - foreach my $itf (@ITFs) { - if ($dhcpsettings{"ENABLE_${itf}"} eq 'on' ) { - # "Start" is defined, need "End" and vice versa - if ($dhcpsettings{"START_ADDR_${itf}"}) { - if (!(&General::validip($dhcpsettings{"START_ADDR_${itf}"}))) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid start address'}; - goto ERROR; - } - if (!$dhcpsettings{"END_ADDR_${itf}"}) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid end address'}; - goto ERROR; - } - if (! &General::IpInSubnet ( $dhcpsettings{"START_ADDR_${itf}"}, - $netsettings{"${itf}_NETADDRESS"}, - $netsettings{"${itf}_NETMASK"})) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid start address'}; - goto ERROR; - } - } - - if ($dhcpsettings{"END_ADDR_${itf}"}) { - if (!(&General::validip($dhcpsettings{"END_ADDR_${itf}"}))) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid end address'}; - goto ERROR; - } - if (!$dhcpsettings{"START_ADDR_${itf}"}) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid start address'}; - goto ERROR; - } - if (! &General::IpInSubnet ( $dhcpsettings{"END_ADDR_${itf}"}, - $netsettings{"${itf}_NETADDRESS"}, - $netsettings{"${itf}_NETMASK"})) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid end address'}; - goto ERROR; - } - #swap if necessary! (support 255.255.0.0 range, I doubt we need more) GE - my @startoct = split (/\./, $dhcpsettings{"START_ADDR_${itf}"}); - my @endoct = split (/\./, $dhcpsettings{"END_ADDR_${itf}"}); - if ( $endoct[2]*256+$endoct[3] < $startoct[2]*256+$startoct[3] ) { - ($dhcpsettings{"START_ADDR_${itf}"},$dhcpsettings{"END_ADDR_${itf}"}) = - ($dhcpsettings{"END_ADDR_${itf}"},$dhcpsettings{"START_ADDR_${itf}"}); - } - } - - if (!($dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} =~ /^\d+$/)) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid default lease time'} . $dhcpsettings{'DEFAULT_LEASE_TIME_${itf}'}; - goto ERROR; - } - - if (!($dhcpsettings{"MAX_LEASE_TIME_${itf}"} =~ /^\d+$/)) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid max lease time'} . $dhcpsettings{'MAX_LEASE_TIME_${itf}'}; - goto ERROR; - } - - if ($dhcpsettings{"DNS1_${itf}"}) { - if (!(&General::validip($dhcpsettings{"DNS1_${itf}"}))) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid primary dns'}; - goto ERROR; - } - } - if ($dhcpsettings{"DNS2_${itf}"}) { - if (!(&General::validip($dhcpsettings{"DNS2_${itf}"}))) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid secondary dns'}; - goto ERROR; - } - if (! $dhcpsettings{"DNS1_${itf}"}) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'cannot specify secondary dns without specifying primary'}; - goto ERROR; - } - } - - if ($dhcpsettings{"WINS1_${itf}"}) { - if (!(&General::validip($dhcpsettings{"WINS1_${itf}"}))) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid wins address'}; - goto ERROR; - } - } - if ($dhcpsettings{"WINS2_${itf}"}) { - if (!(&General::validip($dhcpsettings{"WINS2_${itf}"}))) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid wins address'}; - goto ERROR; - } - if (! $dhcpsettings{"WINS1_${itf}"} ) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'cannot specify secondary wins without specifying primary'}; - goto ERROR; - } - } - if ($dhcpsettings{"NEXT_${itf}"}) { - if (!(&General::validip($dhcpsettings{"NEXT_${itf}"}))) { - $errormessage = "next-server on ${itf}: " . $Lang::tr{'invalid ip'}; - goto ERROR; - } - } - if ($dhcpsettings{"NTP1_${itf}"}) { - if (!(&General::validip($dhcpsettings{"NTP1_${itf}"}))) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid primary ntp'}; - goto ERROR; - } - if ($dhcpsettings{"NTP1_${itf}"} eq $netsettings{"${itf}_ADDRESS"} && ($timesettings{'ENABLECLNTP'} ne 'on')) { - $warnNTPmessage = "DHCP on ${itf}: " . $Lang::tr{'local ntp server specified but not enabled'}; - #goto ERROR; - } - } - if ($dhcpsettings{"NTP2_${itf}"}) { - if (!(&General::validip($dhcpsettings{"NTP2_${itf}"}))) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid secondary ntp'}; - goto ERROR; - } - if ($dhcpsettings{"NTP2_${itf}"} eq $netsettings{"${itf}_ADDRESS"} && ($timesettings{'ENABLECLNTP'} ne 'on')) { - $warnNTPmessage = "DHCP on ${itf}: " . $Lang::tr{'local ntp server specified but not enabled'}; - #goto ERROR; - } - if (! $dhcpsettings{"NTP1_${itf}"}) { - $errormessage = "DHCP on ${itf}: " . $Lang::tr{'cannot specify secondary ntp without specifying primary'}; - goto ERROR; - } - } - } # enabled - }#loop interface verify - - map (delete ($dhcpsettings{$_}) ,@nosaved,'ACTION','KEY1','KEY2'); # Must not be saved - &General::writehash($setting, \%dhcpsettings); # Save good settings - $dhcpsettings{'ACTION'} = $Lang::tr{'save'}; # create an 'ACTION' - map ($dhcpsettings{$_} = '',@nosaved,'KEY1','KEY2'); # and reinit vars to empty - &buildconf; - ERROR: # Leave the faulty field untouched -} else { - &General::readhash($setting, \%dhcpsettings); # Get saved settings and reset to good if needed -} - -## Sorting of fixed leases -if ($ENV{'QUERY_STRING'} =~ /^FETHER|^FIPADDR/ ) { - my $newsort=$ENV{'QUERY_STRING'}; - my $act=$dhcpsettings{'SORT_FLEASELIST'}; - #Reverse actual sort ? - if ($act =~ $newsort) { - my $Rev=''; - if ($act !~ 'Rev') { - $Rev='Rev'; - } - $newsort.=$Rev; - } - $dhcpsettings{'SORT_FLEASELIST'}=$newsort; - map (delete ($dhcpsettings{$_}) ,@nosaved,'ACTION','KEY1','KEY2'); # Must never be saved - &General::writehash($setting, \%dhcpsettings); - &sortcurrent2; - $dhcpsettings{'ACTION'} = 'SORT'; # create an 'ACTION' - map ($dhcpsettings{$_} = '',@nosaved,'KEY1','KEY2');# and reinit vars to empty -} - -#Sorting of allocated leases -&Header::CheckSortOrder; - - -## Now manipulate the two multi-line list with Settings2. -# '1' suffix is for ADVANCED OPTIONS -# '2' suffix is for FIXED LEASES - -# Toggle enable/disable field on specified options. - -if ($dhcpsettings{'ACTION'} eq $Lang::tr{'toggle enable disable'}.'1') { - #move out new line - chomp(@current1[$dhcpsettings{'KEY1'}]); - my @temp = split(/\t/,@current1[$dhcpsettings{'KEY1'}]); #use TAB separator ! - $temp[0] = $temp[0] eq 'on' ? '' : 'on'; # Toggle the field - @current1[$dhcpsettings{'KEY1'}] = join ("\t",@temp)."\n"; - $dhcpsettings{'KEY1'} = ''; # End edit mode - &General::log($Lang::tr{'dhcp advopt modified'}); - open(FILE, ">$filename1") or die 'Unable to open dhcp advanced options file.'; - print FILE @current1; - close(FILE); - - #Write changes to dhcpd.conf. - &buildconf; -} - - - -if ($dhcpsettings{'ACTION'} eq $Lang::tr{'add'}.'1' && - $dhcpsettings{'SUBMIT'} ne $Lang::tr{'dhcp advopt help'}) { - $dhcpsettings{'ADVOPT_NAME'} =~ s/[^ \w-]//g; # prevent execution of code by removing everything except letters/space - $dhcpsettings{'ADVOPT_DATA'} =~ s/`//g; # back tik ` ? not allowed ! - - if ($dhcpsettings{'ADVOPT_DATA'} eq '') { - $errormessage=$Lang::tr{'dhcp advopt blank value'}; - } - - # Test for a new option definition string (join field name & data) - if (ExistNewOptionDefinition ($dhcpsettings{'ADVOPT_NAME'} . ' ' . $dhcpsettings{'ADVOPT_DATA'})) { - #only edit permitted if option definition exists - $errormessage = $Lang::tr{'dhcp advopt definition exists'} if ($dhcpsettings{'KEY1'} eq ''); - $dhcpsettings{'ADVOPT_ENABLED'} = 'on'; # force active - map ($dhcpsettings{"ADVOPT_SCOPE_$_"} = 'off', @ITFs); # force global - } elsif (AddNewOptionDefinition ($dhcpsettings{'ADVOPT_NAME'} . ' ' . $dhcpsettings{'ADVOPT_DATA'})) { - #was a new option definition - $dhcpsettings{'ADVOPT_ENABLED'} = 'on'; # force active - map ($dhcpsettings{"ADVOPT_SCOPE_$_"} = 'off', @ITFs); # force global - } elsif (ValidNewOption ($dhcpsettings{'ADVOPT_NAME'} . ' ' . $dhcpsettings{'ADVOPT_DATA'})) { - #was a new option - } elsif (! `grep "\$option $dhcpsettings{'ADVOPT_NAME'} " $filename3`) { - $errormessage=$Lang::tr{'dhcp advopt unknown'}.': '.$dhcpsettings{'ADVOPT_NAME'}; - } - - unless ($errormessage) { - - my $scope = ''; - foreach my $itf (@ITFs) { # buils "RED,GREEN,ORANGE,... based on selection - $scope .= $dhcpsettings{"ADVOPT_SCOPE_${itf}"} eq 'on' ? "\t$itf" : "\toff" ; - } - if ($dhcpsettings{'KEY1'} eq '') { #add or edit ? TAB separator ! - unshift (@current1, "$dhcpsettings{'ADVOPT_ENABLED'}\t$dhcpsettings{'ADVOPT_NAME'}\t$dhcpsettings{'ADVOPT_DATA'}$scope\n"); - &General::log($Lang::tr{'dhcp advopt added'}); - } else { - @current1[$dhcpsettings{'KEY1'}] = "$dhcpsettings{'ADVOPT_ENABLED'}\t$dhcpsettings{'ADVOPT_NAME'}\t$dhcpsettings{'ADVOPT_DATA'}$scope\n"; - $dhcpsettings{'KEY1'} = ''; # End edit mode - &General::log($Lang::tr{'dhcp advopt modified'}); - } - - #Write changes to dhcpd.conf. - &sortcurrent1; # sort newly added/modified entry - &buildconf; # before calling buildconf which use fixed lease file ! - } -} - -if ($dhcpsettings{'ACTION'} eq $Lang::tr{'edit'}.'1') { - #move out new line - my $line = @current1[$dhcpsettings{'KEY1'}]; - chomp($line); - my @temp = split(/\t/, $line); - $dhcpsettings{'ADVOPT_ENABLED'}=$temp[0]; - $dhcpsettings{'ADVOPT_NAME'}=$temp[1]; - $dhcpsettings{'ADVOPT_DATA'}=$temp[2]; - - # read next fields which are the name (color) of an interface if this interface is scoped - for (my $key=0; $key<@ITFs; $key++) { - my $itf = $temp[3+$key]; - if ($itf ne 'off') # Only is an interface name is read - { - $dhcpsettings{"ADVOPT_SCOPE_${itf}"} = 'on'; - } - } -} - -if ($dhcpsettings{'ACTION'} eq $Lang::tr{'remove'}.'1') { - splice (@current1,$dhcpsettings{'KEY1'},1); - open(FILE, ">$filename1") or die 'Unable to open dhcp advanced options file.'; - print FILE @current1; - close(FILE); - $dhcpsettings{'KEY1'} = ''; # End remove mode - &General::log($Lang::tr{'dhcp advopt removed'}); - #Write changes to dhcpd.conf. - &buildconf; -} -#end KEY1 - - -# Toggle enable/disable field on specified lease. -if ($dhcpsettings{'ACTION'} eq $Lang::tr{'toggle enable disable'}.'2') { - #move out new line - chomp(@current2[$dhcpsettings{'KEY2'}]); - my @temp = split(/\,/,@current2[$dhcpsettings{'KEY2'}]); - $temp[2] = $temp[2] eq 'on' ? '' : 'on'; # Toggle the field - @current2[$dhcpsettings{'KEY2'}] = join (',',@temp)."\n"; - $dhcpsettings{'KEY2'} = ''; # End edit mode - &General::log($Lang::tr{'fixed ip lease modified'}); - open(FILE, ">$filename2") or die 'Unable to open fixed leases file.'; - print FILE @current2; - close(FILE); - - #Write changes to dhcpd.conf. - &buildconf; -} - -if ($dhcpsettings{'ACTION'} eq $Lang::tr{'add'}.'2') { - $dhcpsettings{'FIX_MAC'} =~ tr/-/:/; - unless(&General::validip($dhcpsettings{'FIX_ADDR'})) { $errormessage = $Lang::tr{'invalid fixed ip address'}; } - unless(&General::validmac($dhcpsettings{'FIX_MAC'})) { $errormessage = $Lang::tr{'invalid fixed mac address'}; } - if ($dhcpsettings{'FIX_NEXTADDR'}) { - unless(&General::validip($dhcpsettings{'FIX_NEXTADDR'})) { $errormessage = $Lang::tr{'invalid fixed ip address'}; } - } - - my $key = 0; - CHECK:foreach my $line (@current2) { - my @temp = split(/\,/,$line); - if($dhcpsettings{'KEY2'} ne $key) { - # same MAC is OK on different subnets. This test is not complete because - # if ip are not inside a known subnet, I don't warn. - # Also it may be needed to put duplicate fixed lease in their right subnet definition.. - foreach my $itf (@ITFs) { - my $scoped = &General::IpInSubnet($dhcpsettings{'FIX_ADDR'}, - $netsettings{"${itf}_NETADDRESS"}, - $netsettings{"${itf}_NETMASK"}) && - $dhcpsettings{"ENABLE_${itf}"} eq 'on'; - if ( $scoped && - (lc($dhcpsettings{'FIX_MAC'}) eq lc($temp[0])) && - &General::IpInSubnet($temp[1], - $netsettings{"${itf}_NETADDRESS"}, - $netsettings{"${itf}_NETMASK"})) { - $errormessage = "$Lang::tr{'mac address in use'} $dhcpsettings{'FIX_MAC'}"; - last CHECK; - } - } - } - $key++; - } - - unless ($errormessage) { - $dhcpsettings{'FIX_REMARK'} = &Header::cleanhtml($dhcpsettings{'FIX_REMARK'}); - $dhcpsettings{'FIX_NEXTADDR'} = &Header::cleanhtml($dhcpsettings{'FIX_NEXTADDR'}); - $dhcpsettings{'FIX_FILENAME'} = &Header::cleanhtml($dhcpsettings{'FIX_FILENAME'}); - $dhcpsettings{'FIX_ROOTPATH'} = &Header::cleanhtml($dhcpsettings{'FIX_ROOTPATH'}); - if ($dhcpsettings{'KEY2'} eq '') { #add or edit ? - unshift (@current2, "$dhcpsettings{'FIX_MAC'},$dhcpsettings{'FIX_ADDR'},$dhcpsettings{'FIX_ENABLED'},$dhcpsettings{'FIX_NEXTADDR'},$dhcpsettings{'FIX_FILENAME'},$dhcpsettings{'FIX_ROOTPATH'},$dhcpsettings{'FIX_REMARK'}\n"); - &General::log($Lang::tr{'fixed ip lease added'}); - } else { - @current2[$dhcpsettings{'KEY2'}] = "$dhcpsettings{'FIX_MAC'},$dhcpsettings{'FIX_ADDR'},$dhcpsettings{'FIX_ENABLED'},$dhcpsettings{'FIX_NEXTADDR'},$dhcpsettings{'FIX_FILENAME'},$dhcpsettings{'FIX_ROOTPATH'},$dhcpsettings{'FIX_REMARK'}\n"; - $dhcpsettings{'KEY2'} = ''; # End edit mode - &General::log($Lang::tr{'fixed ip lease modified'}); - } - - #Write changes to dhcpd.conf. - &sortcurrent2; # sort newly added/modified entry - &buildconf; # before calling buildconf which use fixed lease file ! - } -} - -if ($dhcpsettings{'ACTION_ALL'} eq '+') { - my $news = 0; - foreach (keys %dhcpsettings) { - if (/^(\d+\.\d+\.\d+\.\d+)-([0-9a-fA-F:]+)$/) { # checked names are index of the line - my $ip=$1; - my $mac=$2; - if (!grep (/$2/,@current2)) { - unshift (@current2, "$mac,$ip,on,,,,imported\n"); - $news++; - } - } - } - if ($news) { - #Write changes to dhcpd.conf. - $warnNTPmessage = $Lang::tr{'fixed ip lease added'}."($news)"; - &General::log($warnNTPmessage); - &sortcurrent2; # sort newly added/modified entry - &buildconf; # before calling buildconf which use fixed lease file ! - } -} - -if ($dhcpsettings{'ACTION'} eq $Lang::tr{'edit'}.'2') { - #move out new line - my $line = @current2[$dhcpsettings{'KEY2'}]; - chomp($line); - my @temp = split(/\,/, $line); - $dhcpsettings{'FIX_MAC'}=$temp[0]; - $dhcpsettings{'FIX_ADDR'}=$temp[1]; - $dhcpsettings{'FIX_ENABLED'}=$temp[2]; - $dhcpsettings{'FIX_NEXTADDR'}=$temp[3]; - $dhcpsettings{'FIX_FILENAME'}=$temp[4]; - $dhcpsettings{'FIX_ROOTPATH'}=$temp[5]; - $dhcpsettings{'FIX_REMARK'}=$temp[6]; -} - -if ($dhcpsettings{'ACTION'} eq $Lang::tr{'remove'}.'2') { - splice (@current2,$dhcpsettings{'KEY2'},1); - open(FILE, ">$filename2") or die 'Unable to open fixed lease file.'; - print FILE @current2; - close(FILE); - $dhcpsettings{'KEY2'} = ''; # End remove mode - &General::log($Lang::tr{'fixed ip lease removed'}); - #Write changes to dhcpd.conf. - &buildconf; -} -#end KEY2 defined - - - - -if ($dhcpsettings{'ACTION'} eq '' ) { # First launch from GUI - - # Set default DHCP values only if blank and disabled - foreach my $itf (@ITFs) { - if ($dhcpsettings{"ENABLE_${itf}"} ne 'on' ) { - $dhcpsettings{"DNS1_${itf}"} = $netsettings{"${itf}_ADDRESS"}; - $dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} = '60'; - $dhcpsettings{"MAX_LEASE_TIME_${itf}"} = '120'; - $dhcpsettings{"DOMAIN_NAME_${itf}"} = $mainsettings{'DOMAINNAME'}; - } - } - $dhcpsettings{'FIX_ENABLED'} = 'on'; -} - -&Header::openpage($Lang::tr{'dhcp configuration'}, 1, ''); -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} -if ($warnNTPmessage) { - $warnNTPmessage = "$Lang::tr{'capswarning'}: $warnNTPmessage"; -} - -&Header::openbox('100%', 'left', 'DHCP'); -print "
"; - -foreach my $itf (@ITFs) { - my %checked=(); - $checked{'ENABLE'}{'on'} = ( $dhcpsettings{"ENABLE_${itf}"} ne 'on') ? '' : "checked='checked'"; - $checked{'ENABLEBOOTP'}{'on'} = ( $dhcpsettings{"ENABLEBOOTP_${itf}"} ne 'on') ? '' : "checked='checked'"; - - if ($netsettings{"${itf}_DEV"} ne '' ) { # Show only defined interface - my $lc_itf=lc($itf); -print < - - $Lang::tr{"$lc_itf interface"} - $Lang::tr{'enabled'} - - $Lang::tr{'ip address'}
$Lang::tr{'netmask'}:$netsettings{"${itf}_ADDRESS"}
$netsettings{"${itf}_NETMASK"}
- - $Lang::tr{'start address'} * - - $Lang::tr{'end address'} * - - - $Lang::tr{'default lease time'} - - $Lang::tr{'max lease time'} - - - $Lang::tr{'domain name suffix'} * - - $Lang::tr{'dhcp allow bootp'}: - - - $Lang::tr{'primary dns'} - - $Lang::tr{'secondary dns'} * - - - $Lang::tr{'primary ntp server'}: * - - $Lang::tr{'secondary ntp server'}: * - - - $Lang::tr{'primary wins server address'}: * - - $Lang::tr{'secondary wins server address'}: * - - - next-server: * - - filename: * - - - -
-END -; - }# Show only defined interface -}#foreach itf -print < - - * $Lang::tr{'this field may be blank'} - $warnNTPmessage - -   - - - -END -; - -&Header::closebox(); - -&Header::openbox('100%', 'left', $Lang::tr{'dhcp advopt list'}); -# DHCP Advanced options settings -my %checked=(); -$checked{'ADVOPT_ENABLED'}{'on'} = ($dhcpsettings{'ADVOPT_ENABLED'} ne 'on') ? '' : "checked='checked'"; - -print "
"; -my $buttontext = $Lang::tr{'add'}; -if ($dhcpsettings{'KEY1'} ne '') { - $buttontext = $Lang::tr{'update'}; - print ""; -} else { - print "" -} - -#search if the 'option' is in the list and print the syntax model -my $opt = `grep "\$option $dhcpsettings{'ADVOPT_NAME'} " $filename3`; -if ($opt ne '') { - $opt =~ s/option $dhcpsettings{'ADVOPT_NAME'}/Syntax:/; # "option xyz abc" => "syntax: abc" - $opt =~ s/;//; - $opt = ""; -} -print < - - - - -$opt - - - -
$Lang::tr{'dhcp advopt edit'}
$Lang::tr{'dhcp advopt add'}
$opt
$Lang::tr{'dhcp advopt name'}:$Lang::tr{'dhcp advopt value'}:
$Lang::tr{'enabled'}$Lang::tr{'dhcp advopt scope'}: * -END -; - -# Put a checkbox for each interface. Checkbox visible disabled if interface is disabled -foreach my $itf (@ITFs) { - my $lc_itf=lc($itf); - $checked{'ADVOPT_SCOPE_${itf}'}{'on'} = $dhcpsettings{"ADVOPT_SCOPE_${itf}"} ne 'on' ? '' : "checked='checked'"; - print "$Lang::tr{\"${lc_itf}\"} " : "disabled='disabled' />"; - print "   "; -} - -print < -
-
- - - - - -
* $Lang::tr{'dhcp advopt scope help'} - - - - -
-
-END -; -#Edited line number (KEY1) passed until cleared by 'save' or 'remove' or 'new sort order' - -# print help taken from the file describing options -if ($dhcpsettings{'SUBMIT'} eq $Lang::tr{'dhcp advopt help'}) { - print "
"; - print ""; - print ""; - open(FILE, "$filename3"); - my @current3 = ; - close(FILE); - foreach my $line (@current3) { - $line =~ /option ([a-z0-9-]+) (.*);/; - print "\n"; - } - print "\n"; - print ''; - print ''; - print ''; - print ''; - print '
$Lang::tr{'dhcp advopt name'}$Lang::tr{'dhcp advopt value'}
$1$2

string type"quoted string" or 00:01:FF...
ip-address type 10.0.0.1 | www.dot.com
int,uint typesnumbers
flag typeon | off
'; - print "
"; - print ""; - print ""; - print ""; - print ''; - print ''; - print ''; - print ''; - print '
$Lang::tr{'dhcp advopt custom definition'}$Lang::tr{'dhcp advopt value'}
any-name code NNN=$OptionTypes
a-stringcode 100=string
a-numbercode 101=signed integer 8
wpadcode 252=text
wpad"http://www.server.fr/path-to/proxy.pac"
'; - -} - -print < - - - - - - - -END -; -my $key = 0; -foreach my $line (@current1) { - my $gif = ''; - my $gdesc = ''; - chomp($line); # remove newline - my @temp = split(/\t/,$line); - - if ($temp[0] eq "on") { - $gif = 'on.gif'; - $gdesc = $Lang::tr{'click to disable'}; - } else { - $gif = 'off.gif'; - $gdesc = $Lang::tr{'click to enable'}; - } - - if ($dhcpsettings{'KEY1'} eq $key) { - print ""; - } elsif ($key % 2) { - print ""; - } else { - print ""; - } - - print <$temp[1] - - - - - - - -END -; - $key++; -} - -print "
$Lang::tr{'dhcp advopt name'}$Lang::tr{'dhcp advopt value'}$Lang::tr{'dhcp advopt scope'}$Lang::tr{'action'}
$temp[2] -END -; - # Prepare a global flag to make easy reading - my $global = ''; - my $disabledTogle = ''; - my $disabledEditRemove = ''; - if ( ExistNewOptionDefinition ($temp[1] . ' ' . $temp[2]) ) { - $global = $Lang::tr{'dhcp advopt definition'}; - $disabledTogle = "disabled='disabled'"; - # Search if it is a used NewOptionDefinition to also disable edit & delete - $disabledEditRemove = "disabled='disabled'" if (IsUsedNewOptionDefinition ($temp[1], $temp[2])); - } else { - $global = $Lang::tr{'dhcp advopt scope global'}; - } - - - # Print each checked interface - for (my $key=0; $key<@ITFs; $key++) { - my $itf = $temp[3+$key]; - if ($itf ne 'off') { # Only if an interface name is read - print "$itf"; - $global=''; # fall to local scope ! - } - } - print < - -
- - - -
-
-
- - - -
-
-
- - - -
-
"; - -# If there are dhcp options, print Key to action icons -if ($key) { -print < - -  $Lang::tr{'legend'}:  - $Lang::tr{ - $Lang::tr{'click to disable'} -    - $Lang::tr{ - $Lang::tr{'click to enable'} -    - $Lang::tr{ - $Lang::tr{'edit'} -    - $Lang::tr{ - $Lang::tr{'remove'} - - -END -; -} -&Header::closebox(); - -&Header::openbox('100%', 'left', $Lang::tr{'current fixed leases'}); -# Fixed leases screens -$checked{'FIX_ENABLED'}{'on'} = ($dhcpsettings{'FIX_ENABLED'} ne 'on') ? '' : "checked='checked'"; - -$buttontext = $Lang::tr{'add'}; -print "
"; - -if ($dhcpsettings{'KEY2'} ne '') { - $buttontext = $Lang::tr{'update'}; - print ""; -} else { - print "" -} -print < - - - - - - - - - - - - - - - - - - -
$Lang::tr{'edit an existing lease'}
$Lang::tr{'add new lease'}
$Lang::tr{'mac address'}:$Lang::tr{'ip address'}:$Lang::tr{'remark'}: *
$Lang::tr{'enabled'}
$Lang::tr{'dhcp bootp pxe data'}
next-server: *filename: *root path: *
-
- - - - - -
* $Lang::tr{'this field may be blank'} - - -
-
-END -; -#Edited line number (KEY2) passed until cleared by 'save' or 'remove' or 'new sort order' - -print < - - - - - - - - - - -END -; -my $ipdup = 0; -my %ipinuse = (); -my %macdupl = (); # Duplicate MACs have to be on different subnets -my %ipoutside = (); - -# mark duplicate ip or duplicate MAC -foreach my $line (@current2) { - my @temp = split(/\,/,$line); - $macdupl{$temp[0]} += 1; - if ($macdupl{$temp[0]} > 1) { - $ipdup = 1; # Flag up duplicates for use later - } - $ipinuse{$temp[1]} += 1; - if ($ipinuse{$temp[1]} > 1) { - $ipdup = 1; # Flag up duplicates for use later - } - # Mark IP addresses outwith known subnets - $ipoutside{$temp[1]} = 1; - foreach my $itf (@ITFs) { - if ( &General::IpInSubnet($temp[1], - $netsettings{"${itf}_NETADDRESS"}, - $netsettings{"${itf}_NETMASK"})) { - $ipoutside{$temp[1]} = 0; - } - } -} - -$key = 0; -foreach my $line (@current2) { - my $gif = ''; - my $gdesc = ''; - chomp($line); # remove newline - my @temp = split(/\,/,$line); - - if ($temp[2] eq "on") { - $gif = 'on.gif'; - $gdesc = $Lang::tr{'click to disable'}; - } else { - $gif = 'off.gif'; - $gdesc = $Lang::tr{'click to enable'}; - } - - if ($dhcpsettings{'KEY2'} eq $key) { - print ""; - } elsif ($key % 2) { - print ""; - } else { - print ""; - } - my $TAG0 = ''; - my $TAG1 = ''; - my $TAG2 = ''; - my $TAG3 = ''; - my $TAG4 = ''; - if ($ipinuse{$temp[1]} > 1) { - $TAG0 = ''; - $TAG1 = ''; - } - if ($macdupl{$temp[0]} > 1) { - $TAG2 = ''; - $TAG3 = ''; - } - if ($ipoutside{$temp[1]} > 0) { - $TAG4 = "bgcolor='orange'" if ($dhcpsettings{'KEY2'} ne $key); - } - - print <$TAG2$temp[0]$TAG3 - - - - - - - - - - - - -END -; - $key++; -} -print "
$Lang::tr{'mac address'}$Lang::tr{'ip address'}$Lang::tr{'remark'}next-serverfilenameroot path$Lang::tr{'action'}
$TAG0$temp[1]$TAG1$temp[6] $temp[3] $temp[4] $temp[5]  -
- - - -
-
-
- - - -
-
-
- - - -
-
"; - -# If the fixed lease file contains entries, print Key to action icons -if ($key) { -my $dup = $ipdup ? "$Lang::tr{'duplicate ip bold'}" :''; -print < - -  $Lang::tr{'legend'}:  - $Lang::tr{ - $Lang::tr{'click to disable'} -    - $Lang::tr{ - $Lang::tr{'click to enable'} -    - $Lang::tr{ - $Lang::tr{'edit'} -    - $Lang::tr{ - $Lang::tr{'remove'} - - -   -   - $Lang::tr{'ip address outside subnets'} -   -   - $dup - - -END -; -} - -&Header::closebox(); - -foreach my $itf (@ITFs) { - if ($dhcpsettings{"ENABLE_${itf}"} eq 'on') { - # display leases with a list of actions to do with the global select checkbox. - &Header::PrintActualLeases("+"); # "+" => create fixed leases from nodeaddress - last; #Print one time only for all interfaces - }; -} - -&Header::closebigbox(); -&Header::closepage(); - -## Ouf it's the end ! - -sub sortcurrent1 # by now, do not sort, just write -{ - open(FILE, ">$filename1") or die 'Unable to open dhcp advanced options file.'; - print FILE @current1; - close(FILE); -} - - -# Sort the "current2" array according to choices -sub sortcurrent2 -{ - our %entries = (); - - sub fixedleasesort { - my $qs=''; - if (rindex ($dhcpsettings{'SORT_FLEASELIST'},'Rev') != -1) { - $qs=substr ($dhcpsettings{'SORT_FLEASELIST'},0,length($dhcpsettings{'SORT_FLEASELIST'})-3); - if ($qs eq 'FIPADDR') { - my @a = split(/\./,$entries{$a}->{$qs}); - my @b = split(/\./,$entries{$b}->{$qs}); - ($b[0]<=>$a[0]) || - ($b[1]<=>$a[1]) || - ($b[2]<=>$a[2]) || - ($b[3]<=>$a[3]); - } else { - $entries{$b}->{$qs} cmp $entries{$a}->{$qs}; - } - } else { #not reverse - $qs=$dhcpsettings{'SORT_FLEASELIST'}; - if ($qs eq 'FIPADDR') { - my @a = split(/\./,$entries{$a}->{$qs}); - my @b = split(/\./,$entries{$b}->{$qs}); - ($a[0]<=>$b[0]) || - ($a[1]<=>$b[1]) || - ($a[2]<=>$b[2]) || - ($a[3]<=>$b[3]); - } else { - $entries{$a}->{$qs} cmp $entries{$b}->{$qs}; - } - } - } - - #Use an associative array (%entries) - foreach my $line (@current2) { - chomp( $line); #remove newline because can be on field 5 or 6 (addition of REMARK) - my @temp = split (',',$line); - my @record = ('FETHER',$temp[0],'FIPADDR',$temp[1],'DATA',join(',',@temp[2..6])); - my $record = {}; # create a reference to empty hash - %{$record} = @record; # populate that hash with @record - # use combination of ether & IP as key to allow duplicates in either but not both - $entries{$record->{FETHER} . $record->{FIPADDR}} = $record; # add this to a hash of hashes - } - - open(FILE, ">$filename2") or die 'Unable to open fixed lease file.'; - foreach my $entry ( sort fixedleasesort keys %entries) { - print FILE "$entries{$entry}->{FETHER},$entries{$entry}->{FIPADDR},$entries{$entry}->{DATA}\n"; - } - close(FILE); - - # Reload sorted @current2 - open (FILE, "$filename2"); - @current2 = ; - close (FILE); - undef (%entries); #This array is reused latter. Clear it. -} - -# Build the configuration file mixing settings, fixed leases and advanced options -sub buildconf { - open(FILE, ">/${General::swroot}/dhcp/dhcpd.conf") or die "Unable to write dhcpd.conf file"; - flock(FILE, 2); - - # Global settings - print FILE "ddns-update-style none;\n"; - print FILE "deny bootp; #default\n"; - print FILE "authoritative;\n"; - - # Write first new option definition - foreach my $line (@current1) { - chomp($line); # remove newline - my @temp = split(/\t/,$line); - if (ExistNewOptionDefinition ($temp[1] . ' ' . $temp[2])) { - print FILE "option $temp[1] $temp[2];\n"; - } - } - # Write other global options - foreach my $line (@current1) { - chomp($line); # remove newline - my @temp = split(/\t/,$line); - - if ($temp[0] eq 'on' && !ExistNewOptionDefinition ($temp[1] . ' ' . $temp[2])){ # active & !definition - my $global=1; - for (my $key=0; $key<@ITFs; $key++) { - my $itf = $temp[3+$key]; - if ($itf ne 'off') # Only if an interface name is read - { - $global=0; - } - } - if ($global) { - print FILE "option $temp[1] $temp[2];\n"; - } - }# on - }# foreach line - - #Subnet range definition - foreach my $itf (@ITFs) { - my $lc_itf=lc($itf); - if ($dhcpsettings{"ENABLE_${itf}"} eq 'on' ){ - print FILE "\nsubnet " . $netsettings{"${itf}_NETADDRESS"} . " netmask ". $netsettings{"${itf}_NETMASK"} . " #$itf\n"; - print FILE "{\n"; - print FILE "\trange " . $dhcpsettings{"START_ADDR_${itf}"} . ' ' . $dhcpsettings{"END_ADDR_${itf}"}.";\n" if ($dhcpsettings{"START_ADDR_${itf}"}); - print FILE "\toption subnet-mask " . $netsettings{"${itf}_NETMASK"} . ";\n"; - print FILE "\toption domain-name \"" . $dhcpsettings{"DOMAIN_NAME_${itf}"} . "\";\n"; - print FILE "\toption routers " . $netsettings{"${itf}_ADDRESS"} . ";\n"; - print FILE "\toption domain-name-servers " . $dhcpsettings{"DNS1_${itf}"} if ($dhcpsettings{"DNS1_${itf}"}); - print FILE ", " . $dhcpsettings{"DNS2_${itf}"} if ($dhcpsettings{"DNS2_${itf}"}); - print FILE ";\n" if ($dhcpsettings{"DNS1_${itf}"}); - print FILE "\toption ntp-servers " . $dhcpsettings{"NTP1_${itf}"} if ($dhcpsettings{"NTP1_${itf}"}); - print FILE ", " . $dhcpsettings{"NTP2_${itf}"} if ($dhcpsettings{"NTP2_${itf}"}); - print FILE ";\n" if ($dhcpsettings{"NTP1_${itf}"}); - print FILE "\toption netbios-name-servers " . $dhcpsettings{"WINS1_${itf}"} if ($dhcpsettings{"WINS1_${itf}"}); - print FILE ", " . $dhcpsettings{"WINS2_${itf}"} if ($dhcpsettings{"WINS2_${itf}"}); - print FILE ";\n" if ($dhcpsettings{"WINS1_${itf}"}); - print FILE "\tnext-server " . $dhcpsettings{"NEXT_${itf}"} . ";\n" if ($dhcpsettings{"NEXT_${itf}"}); - print FILE "\tfilename \"" . $dhcpsettings{"FILE_${itf}"} . "\";\n" if ($dhcpsettings{"FILE_${itf}"}); - print FILE "\tdefault-lease-time " . ($dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} * 60). ";\n"; - print FILE "\tmax-lease-time " . ($dhcpsettings{"MAX_LEASE_TIME_${itf}"} * 60) . ";\n"; - print FILE "\tallow bootp;\n" if ($dhcpsettings{"ENABLEBOOTP_${itf}"} eq 'on'); - - - - # Write scoped options - foreach my $line (@current1) { - chomp($line); # remove newline - my @temp = split(/\t/,$line); # Use TAB separator ! - - if ($temp[0] eq 'on'){ - for (my $key=0; $key<@ITFs; $key++) { - if ($itf eq $temp[3+$key]) # Only is an interface name is read - { - print FILE "\toption $temp[1] $temp[2];\n"; - } - } - }# on - }# foreach line - print FILE "} #$itf\n"; - - system ('/usr/bin/touch', "${General::swroot}/dhcp/enable_${lc_itf}"); - &General::log("DHCP on ${itf}: " . $Lang::tr{'dhcp server enabled'}) - } else { - unlink "${General::swroot}/dhcp/enable_${lc_itf}"; - &General::log("DHCP on ${itf}: " . $Lang::tr{'dhcp server disabled'}) - } - } - - #write fixed leases if any. Does not handle duplicates to write them elsewhere than the global scope. - my $key = 0; - foreach my $line (@current2) { - chomp($line); - my @temp = split(/\,/,$line); - if ($temp[2] eq "on") { - print FILE "\nhost fix$key # $temp[6]\n"; - print FILE "{\n"; - print FILE "\thardware ethernet $temp[0];\n"; - print FILE "\tfixed-address $temp[1];\n"; - print FILE "\tnext-server $temp[3];\n" if ($temp[3]); - print FILE "\tfilename \"$temp[4]\";\n" if ($temp[4]); - print FILE "\toption root-path \"$temp[5]\";\n" if ($temp[5]); - print FILE "}\n"; - $key++; - } - } - close FILE; - if ( $dhcpsettings{"ENABLE_GREEN"} eq 'on' || $dhcpsettings{"ENABLE_BLUE"} eq 'on' ) {system '/usr/local/bin/dhcpctrl enable >/dev/null 2>&1';} - else {system '/usr/local/bin/dhcpctrl disable >/dev/null 2>&1';} - system '/usr/local/bin/dhcpctrl restart >/dev/null 2>&1'; -} - -# -# Receive a string and if it match model for a new option, -# add it to the list %newOptions -# -my %NewOptions = (); - -sub AddNewOptionDefinition { - my ($line) = @_; - if ( $line =~ /^([-\w]+)( code \d+=($OptionTypes))/ ) { - $NewOptions{$1} = $2; - #&General::log ("new:<$1><$2>"); - return 1; - } - return 0; -} - -# -# Check existence of definition for a new option -# -sub ExistNewOptionDefinition { - my ($line) = @_; - - if ( $line =~ /^([-\w]+)( code \d+=($OptionTypes))/ ) { - return defined $NewOptions{$1}; - } - return 0; -} - -# -# Check if it is a new option (definition must exist) -# "code=" test eliminate a false response when definition exists -# but this string is a definition with bad $OptionTypes. -sub ValidNewOption { - my ($line) = @_; - if ($line =~ /^([-\w]+) (.*)/ ) { - return defined ( $NewOptions{$1} ) && $2 !~ /code=/; - } - return 0; -} - -# -# Check if the new option $opt is used, except the definition of itself! -# -sub IsUsedNewOptionDefinition { - my ($opt,$val) = @_; - - foreach my $line (@current1) { - #chomp($line); # remove newline #don't know why, but this remove newline in @current1 .... ! - my @temp = split(/\t/,$line); - # if we find something "opt value" & value != "code nnn=" it's ok. - return 1 if ( ($opt eq $temp[1]) && ($temp[2] !~ /code \d+=/) ); - } - return 0; -} diff --git a/html/cgi-bin/dmzholes.cgi b/html/cgi-bin/dmzholes.cgi deleted file mode 100644 index 5c16f004c..000000000 --- a/html/cgi-bin/dmzholes.cgi +++ /dev/null @@ -1,446 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::table2colour}, ${Header::colouryellow} ); -undef (@dummy); - -my %cgiparams=(); -my %checked=(); -my %selected=(); -my %netsettings=(); -my $errormessage = ''; -my $filename = "${General::swroot}/dmzholes/config"; - -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - -&Header::showhttpheaders(); - -$cgiparams{'ENABLED'} = 'off'; -$cgiparams{'REMARK'} = ''; -$cgiparams{'ACTION'} = ''; -$cgiparams{'SRC_IP'} = ''; -$cgiparams{'DEST_IP'} =''; -$cgiparams{'DEST_PORT'} = ''; -&Header::getcgihash(\%cgiparams); - -open(FILE, $filename) or die 'Unable to open config file.'; -my @current = ; -close(FILE); - -if ($cgiparams{'ACTION'} eq $Lang::tr{'add'}) -{ - unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; } - unless(&General::validipormask($cgiparams{'SRC_IP'})) { $errormessage = $Lang::tr{'source ip bad'}; } - unless($errormessage){$errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst');} - unless(&General::validipormask($cgiparams{'DEST_IP'})) { $errormessage = $Lang::tr{'destination ip bad'}; } - unless ($errormessage) { - $errormessage = &validNet($cgiparams{'SRC_NET'},$cgiparams{'DEST_NET'}); } - # Darren Critchley - Remove commas from remarks - $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); - - unless ($errormessage) - { - if($cgiparams{'EDITING'} eq 'no') { - open(FILE,">>$filename") or die 'Unable to open config file.'; - flock FILE, 2; - print FILE "$cgiparams{'PROTOCOL'},"; # [0] - print FILE "$cgiparams{'SRC_IP'},"; # [1] - print FILE "$cgiparams{'DEST_IP'},"; # [2] - print FILE "$cgiparams{'DEST_PORT'},"; # [3] - print FILE "$cgiparams{'ENABLED'},"; # [4] - print FILE "$cgiparams{'SRC_NET'},"; # [5] - print FILE "$cgiparams{'DEST_NET'},"; # [6] - print FILE "$cgiparams{'REMARK'}\n"; # [7] - } else { - open(FILE,">$filename") or die 'Unable to open config file.'; - flock FILE, 2; - my $id = 0; - foreach my $line (@current) - { - $id++; - if ($cgiparams{'EDITING'} eq $id) { - print FILE "$cgiparams{'PROTOCOL'},"; # [0] - print FILE "$cgiparams{'SRC_IP'},"; # [1] - print FILE "$cgiparams{'DEST_IP'},"; # [2] - print FILE "$cgiparams{'DEST_PORT'},"; # [3] - print FILE "$cgiparams{'ENABLED'},"; # [4] - print FILE "$cgiparams{'SRC_NET'},"; # [5] - print FILE "$cgiparams{'DEST_NET'},"; # [6] - print FILE "$cgiparams{'REMARK'}\n"; # [7] - } else { print FILE "$line"; } - } - } - close(FILE); - undef %cgiparams; - &General::log($Lang::tr{'dmz pinhole rule added'}); - system('/usr/local/bin/setdmzholes'); - } -} -if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) -{ - my $id = 0; - open(FILE, ">$filename") or die 'Unable to open config file.'; - flock FILE, 2; - foreach my $line (@current) - { - $id++; - unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } - } - close(FILE); - system('/usr/local/bin/setdmzholes'); - &General::log($Lang::tr{'dmz pinhole rule removed'}); -} -if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) -{ - my $id = 0; - open(FILE, ">$filename") or die 'Unable to open config file.'; - flock FILE, 2; - foreach my $line (@current) - { - $id++; - unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } - else - { - chomp($line); - my @temp = split(/\,/,$line); - print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$cgiparams{'ENABLE'},$temp[5],$temp[6],$temp[7]\n"; - } - } - close(FILE); - system('/usr/local/bin/setdmzholes'); -} -if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) -{ - my $id = 0; - foreach my $line (@current) - { - $id++; - if ($cgiparams{'ID'} eq $id) - { - chomp($line); - my @temp = split(/\,/,$line); - $cgiparams{'PROTOCOL'} = $temp[0]; - $cgiparams{'SRC_IP'} = $temp[1]; - $cgiparams{'DEST_IP'} = $temp[2]; - $cgiparams{'DEST_PORT'} = $temp[3]; - $cgiparams{'ENABLED'} = $temp[4]; - $cgiparams{'SRC_NET'} = $temp[5]; - $cgiparams{'DEST_NET'} = $temp[6]; - $cgiparams{'REMARK'} = $temp[7]; - } - } -} - -if ($cgiparams{'ACTION'} eq '') -{ - $cgiparams{'PROTOCOL'} = 'tcp'; - $cgiparams{'ENABLED'} = 'on'; - $cgiparams{'SRC_NET'} = 'orange'; - $cgiparams{'DEST_NET'} = 'blue'; -} - -$selected{'PROTOCOL'}{'udp'} = ''; -$selected{'PROTOCOL'}{'tcp'} = ''; -$selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'"; - -$selected{'SRC_NET'}{'orange'} = ''; -$selected{'SRC_NET'}{'blue'} = ''; -$selected{'SRC_NET'}{$cgiparams{'SRC_NET'}} = "selected='selected'"; - -$selected{'DEST_NET'}{'blue'} = ''; -$selected{'DEST_NET'}{'green'} = ''; -$selected{'DEST_NET'}{$cgiparams{'DEST_NET'}} = "selected='selected'"; - -$checked{'ENABLED'}{'off'} = ''; -$checked{'ENABLED'}{'on'} = ''; -$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'"; - -&Header::openpage($Lang::tr{'dmz pinhole configuration'}, 1, ''); - -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage\n"; - print " \n"; - &Header::closebox(); -} - -print "
\n"; - -my $buttonText = $Lang::tr{'add'}; -if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { - &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'}); - $buttonText = $Lang::tr{'update'}; -} else { - &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'}); -} -print < - - - - - - $Lang::tr{'source net'}: - - - - - -   - - $Lang::tr{'destination net'}: - - - - - $Lang::tr{'destination ip or net'}: - - - - - $Lang::tr{'destination port'}:  - - - - - - - - - - - - - -
- $Lang::tr{'remark title'} * - -
- *  - $Lang::tr{'this field may be blank'} - $Lang::tr{'enabled'} - - -
-END -; -if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { - print "\n"; -} else { - print "\n"; -} -&Header::closebox(); -print "\n"; - -&Header::openbox('100%', 'left', $Lang::tr{'current rules'}); -print < - -$Lang::tr{'proto'} -$Lang::tr{'net'} -$Lang::tr{'source'} -  -$Lang::tr{'net'} -$Lang::tr{'destination'} -$Lang::tr{'remark'} -  -$Lang::tr{'action'} -END -; - -# Achim Weber: if i add a new rule, this rule is not displayed?!? -# we re-read always config. -# If something has happeened re-read config -#if($cgiparams{'ACTION'} ne '') -#{ - open(FILE, $filename) or die 'Unable to open config file.'; - @current = ; - close(FILE); -#} -my $id = 0; -foreach my $line (@current) -{ - my $protocol=''; - my $gif=''; - my $toggle=''; - my $gdesc=''; - $id++; - chomp($line); - my @temp = split(/\,/,$line); - if ($temp[0] eq 'udp') { $protocol = 'UDP'; } else { $protocol = 'TCP' } - - my $srcnetcolor = ($temp[5] eq 'blue')? ${Header::colourblue} : ${Header::colourorange}; - my $destnetcolor = ($temp[6] eq 'blue')? ${Header::colourblue} : ${Header::colourgreen}; - - if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) { - print "\n"; } - elsif ($id % 2) { - print "\n"; } - else { - print "\n"; } - if ($temp[4] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};} - else { $gif = 'off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; } - - # Darren Critchley - Get Port Service Name if we can - code borrowed from firewalllog.dat - my $dstprt =$temp[3]; - $_=$temp[3]; - if (/^\d+$/) { - my $servi = uc(getservbyport($temp[3], lc($temp[0]))); - if ($servi ne '' && $temp[3] < 1024) { - $dstprt = "$dstprt($servi)"; } - } - # Darren Critchley - If the line is too long, wrap the port numbers - my $dstaddr = "$temp[2] : $dstprt"; - if (length($dstaddr) > 26) { - $dstaddr = "$temp[2] :
$dstprt"; - } -print <$protocol - -$temp[1] - - -$dstaddr -$temp[7] - - -
- - - - -
- - - -
- - - -
- - - -
- - - -
- - - -END - ; -} -print "\n"; - -# If the fixed lease file contains entries, print Key to action icons -if ( ! -z "$filename") { -print < - -   $Lang::tr{'legend'}: -   $Lang::tr{ - $Lang::tr{'click to disable'} -     $Lang::tr{ - $Lang::tr{'click to enable'} -     $Lang::tr{ - $Lang::tr{'edit'} -     $Lang::tr{ - $Lang::tr{'remove'} - - -END -; -} - -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); - -sub validNet -{ - my $srcNet = $_[0]; - my $destNet = $_[1]; - - if ($srcNet eq $destNet) { - return $Lang::tr{'dmzpinholes for same net not necessary'}; } - unless ($srcNet =~ /^(blue|orange)$/) { - return $Lang::tr{'select source net'}; } - unless ($destNet =~ /^(blue|green)$/) { - return $Lang::tr{'select dest net'}; } - - return ''; -} - -sub haveOrangeNet -{ - if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;} - if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;} - return 0; -} - -sub haveBlueNet -{ - if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;} - if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;} - return 0; -} diff --git a/html/cgi-bin/extrahd.cgi b/html/cgi-bin/extrahd.cgi deleted file mode 100644 index a07273391..000000000 --- a/html/cgi-bin/extrahd.cgi +++ /dev/null @@ -1,238 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %extrahdsettings = (); -my $message = ""; -my $errormessage = ""; -my $size = ""; -my $ok = "true"; -my @tmp = (); -my @tmpline = (); -my $tmpentry = ""; -my @devices = (); -my @deviceline = (); -my $deviceentry = ""; -my @scans = (); -my @scanline = (); -my $scanentry = ""; -my @partitions = (); -my @partitionline = (); -my $partitionentry = ""; -my $devicefile = "/var/ipfire/extrahd/devices"; -my $scanfile = "/var/ipfire/extrahd/scan"; -my $partitionsfile = "/var/ipfire/extrahd/partitions"; -system("/usr/local/bin/scanhd ide"); -system("/usr/local/bin/scanhd partitions"); - -&Header::showhttpheaders(); - -### Values that have to be initialized -$extrahdsettings{'PATH'} = ''; -$extrahdsettings{'FS'} = ''; -$extrahdsettings{'DEVICE'} = ''; -$extrahdsettings{'ACTION'} = ''; - -&General::readhash("${General::swroot}/extrahd/settings", \%extrahdsettings); -&Header::getcgihash(\%extrahdsettings); - -&Header::openpage('ExtraHD', 1, ''); -&Header::openbigbox('100%', 'left', '', $errormessage); - -############################################################################################################################ -############################################################################################################################ - -if ($extrahdsettings{'ACTION'} eq $Lang::tr{'add'}) -{ - open( FILE, "< $devicefile" ) or die "Unable to read $devicefile"; - @devices = ; - close FILE; - foreach $deviceentry (sort @devices) - { - @deviceline = split( /\;/, $deviceentry ); - if ( "$extrahdsettings{'PATH'}" eq "$deviceline[2]" ) { - $ok = "false"; - $errormessage = "You can't mount $extrahdsettings{'DEVICE'} to $extrahdsettings{'PATH'}, because there is already a device mounted."; - } - if ( "$extrahdsettings{'PATH'}" eq "/" ) { - $ok = "false"; - $errormessage = "You can't mount $extrahdsettings{'DEVICE'} to root /."; - } - } - - if ( "$ok" eq "true" ) { - open(FILE, ">> $devicefile" ) or die "Unable to write $devicefile"; - print FILE <; - close FILE; - open( FILE, "> $devicefile" ) or die "Unable to write $devicefile"; - foreach $deviceentry (sort @tmp) - { - @tmpline = split( /\;/, $deviceentry ); - if ( $tmpline[2] ne $extrahdsettings{'PATH'} ) - { - print FILE $deviceentry; - } - } - close FILE; - } else { - $errormessage = "Can't umount $extrahdsettings{'PATH'}. Maybe the device is in use?"; - } -} - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage\n"; - print " \n"; - &Header::closebox(); -} - -############################################################################################################################ -############################################################################################################################ - -&Header::openbox('100%', 'center', 'ExtraHD'); - open( FILE, "< $devicefile" ) or die "Unable to read $devicefile"; - @devices = ; - close FILE; - print < -END -; - foreach $deviceentry (sort @devices) - { - @deviceline = split( /\;/, $deviceentry ); - my $color="$Header::colourred"; - if ( `/bin/mount | /bin/fgrep $deviceline[2] | /bin/fgrep /dev/$deviceline[0]` ) { - $color=$Header::colourgreen; - } - print <  - /dev/$deviceline[0] - $deviceline[1] - $deviceline[2] - -
- - - - - -
-END -; - } - print < -END -; - -&Header::closebox(); - -&Header::openbox('100%', 'center', 'Gefundene Laufwerke'); - print < -END -; - open( FILE, "< $scanfile" ) or die "Unable to read $scanfile"; - @scans = ; - close FILE; - open( FILE, "< $partitionsfile" ) or die "Unable to read $partitionsfile"; - @partitions = ; - close FILE; - foreach $scanentry (sort @scans) - { - @scanline = split( /\;/, $scanentry ); - print <  - /dev/$scanline[0] - $scanline[1] -END -; - foreach $partitionentry (sort @partitions) - { - @partitionline = split( /\;/, $partitionentry ); - if ( "$partitionline[0]" eq "$scanline[0]" ) { - $size = int($partitionline[1] / 1024); - print <$Lang::tr{'size'} $size MB -   -   -END -; - } - } - - foreach $partitionentry (sort @partitions) - { - @partitionline = split( /\;/, $partitionentry ); - if (( "$partitionline[0]" =~ /^$scanline[0]/ ) && ! ( "$partitionline[0]" eq "$scanline[0]" )) { - $size = int($partitionline[1] / 1024); - print < - /dev/$partitionline[0] - $Lang::tr{'size'} $size MB - - - - - - - - -END -; - } - } - } - - print <If your device isn't listed here, you need to install or load the driver.
If you can see your device but no partitions you have to create them first. - -END -; -&Header::closebox(); - -&Header::closebigbox(); -&Header::closepage(); diff --git a/html/cgi-bin/fwhits.cgi b/html/cgi-bin/fwhits.cgi deleted file mode 100644 index 9c5729019..000000000 --- a/html/cgi-bin/fwhits.cgi +++ /dev/null @@ -1,105 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; -require "${General::swroot}/graphs.pl"; - -my %cgiparams=(); -my @cgigraphs=(); -my @graphs=(); - -&Graphs::updatefwhitsgraph ("day"); -&Graphs::updatefwhitsgraph ("week"); -&Graphs::updatefwhitsgraph ("month"); -&Graphs::updatefwhitsgraph ("year"); - -$ENV{'QUERY_STRING'} =~ s/&//g; -@cgigraphs = split(/graph=/,$ENV{'QUERY_STRING'}); -$cgigraphs[1] = '' unless defined $cgigraphs[1]; - -&Header::showhttpheaders(); - -my $graphdir = "/home/httpd/html/graphs"; -my @LOCALCHECK=(); -my $errormessage=""; - -&Header::openpage($Lang::tr{'firewall graphs'}, 1, ''); -&Header::openbigbox('100%', 'left', '', $errormessage); - - &Header::openbox('100%', 'center', $Lang::tr{"daily firewallhits"}); -if (-e "$Header::graphdir/firewallhits-day-area.png") { - my $ftime = localtime((stat("$Header::graphdir/firewallhits-day-area.png"))[9]); - print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; - print ""; - print "
\n"; -} else { - print $Lang::tr{'no information available'}; -} -print "
\n"; - &Header::closebox(); - - &Header::openbox('100%', 'center', $Lang::tr{"weekly firewallhits"}); -if (-e "$Header::graphdir/firewallhits-week-area.png") { - my $ftime = localtime((stat("$Header::graphdir/firewallhits-week-area.png"))[9]); - print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; - print ""; - print "
\n"; -} else { - print $Lang::tr{'no information available'}; -} -print "
\n"; - &Header::closebox(); - - &Header::openbox('100%', 'center', $Lang::tr{"monthly firewallhits"}); -if (-e "$Header::graphdir/firewallhits-month-area.png") { - my $ftime = localtime((stat("$Header::graphdir/firewallhits-month-area.png"))[9]); - print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; - print ""; - print "
\n"; -} else { - print $Lang::tr{'no information available'}; -} -print "
\n"; - &Header::closebox(); - - &Header::openbox('100%', 'center', $Lang::tr{"yearly firewallhits"}); -if (-e "$Header::graphdir/firewallhits-year-area.png") { - my $ftime = localtime((stat("$Header::graphdir/firewallhits-year-area.png"))[9]); - print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; - print ""; - print "
\n"; -} else { - print $Lang::tr{'no information available'}; -} -print "
\n"; - &Header::closebox(); - -&Header::closebigbox(); -&Header::closepage(); diff --git a/html/cgi-bin/graphs.cgi b/html/cgi-bin/graphs.cgi deleted file mode 100644 index 71e0b99c4..000000000 --- a/html/cgi-bin/graphs.cgi +++ /dev/null @@ -1,128 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; -require "${General::swroot}/graphs.pl"; - -my %cgiparams=(); -my %pppsettings=(); -my %netsettings=(); -my @cgigraphs=(); -my @graphs=(); -my $iface=''; - -&Header::showhttpheaders(); - -my $graphdir = "/srv/web/ipfire/html/graphs"; -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - -$ENV{'QUERY_STRING'} =~ s/&//g; -@cgigraphs = split(/graph=/,$ENV{'QUERY_STRING'}); -$cgigraphs[1] = '' unless defined $cgigraphs[1]; - -if ($cgigraphs[1] =~ /(load)/) {&Graphs::updateloadgraph ("week");&Graphs::updateloadgraph ("month");&Graphs::updateloadgraph ("year");} -if ($cgigraphs[1] =~ /(cpu)/) {&Graphs::updatecpugraph ("week");&Graphs::updatecpugraph ("month");&Graphs::updatecpugraph ("year");} -if ($cgigraphs[1] =~ /(memory|swap)/) {&Graphs::updatememgraph ("week");&Graphs::updatememgraph ("month");&Graphs::updatememgraph ("year");} -if ($cgigraphs[1] =~ /disk/){ - my @devices = `kudzu -qps -c HD | grep device: | cut -d" " -f2 | sort | uniq`; - - foreach (@devices) { - my $device = $_; - chomp($device); - &Graphs::updatediskgraph ("week",$device); - &Graphs::updatediskgraph ("month",$device); - &Graphs::updatediskgraph ("year",$device);}} -if ($cgigraphs[1] =~ /lq/) {&Graphs::updatelqgraph("week");&Graphs::updatelqgraph("month");&Graphs::updatelqgraph("year");} -if ($cgigraphs[1] =~ /RED/) {&Graphs::updateifgraph("RED", "week");&Graphs::updateifgraph("RED", "month");&Graphs::updateifgraph("RED", "year");} -if ($cgigraphs[1] =~ /GREEN/) {&Graphs::updateifgraph("GREEN", "week");&Graphs::updateifgraph("GREEN", "month");&Graphs::updateifgraph("GREEN", "year");} -if ($cgigraphs[1] =~ /BLUE/) {&Graphs::updateifgraph("BLUE", "week");&Graphs::updateifgraph("BLUE", "month");&Graphs::updateifgraph("BLUE", "year");} -if ($cgigraphs[1] =~ /ORANGE/) {&Graphs::updateifgraph("ORANGE", "week");&Graphs::updateifgraph("ORANGE", "month");&Graphs::updateifgraph("ORANGE", "year");} - -if ($cgigraphs[1] =~ /(network|GREEN|BLUE|ORANGE|RED|lq)/) { - &Header::openpage($Lang::tr{'network traffic graphs'}, 1, ''); -} else { - &Header::openpage($Lang::tr{'system graphs'}, 1, ''); -} - -&Header::openbigbox('100%', 'left'); - -if ($cgigraphs[1] =~ /(GREEN|BLUE|ORANGE|RED|lq|cpu|memory|swap|disk|load)/) { - my $graph = $cgigraphs[1]; - my $graphname = ucfirst(lc($cgigraphs[1])); - &Header::openbox('100%', 'center', "$graphname $Lang::tr{'graph'}"); - - if (-e "$graphdir/${graph}-day.png") { - my $ftime = localtime((stat("$graphdir/${graph}-day.png"))[9]); - print "
"; - print "$Lang::tr{'the statistics were last updated at'}: $ftime


\n"; - print "
"; - print "
"; - print "
"; - print ""; - } else { - print $Lang::tr{'no information available'}; - } - &Header::closebox(); -} elsif ($cgigraphs[1] =~ /network/) { - push (@graphs, ('GREEN')); - if ($netsettings{'BLUE_DEV'}) { - push (@graphs, ('BLUE')); } - if ($netsettings{'ORANGE_DEV'}) { - push (@graphs, ('ORANGE')); } - push (@graphs, ("RED")); - push (@graphs, ('lq')); - - foreach my $graphname (@graphs) { - &Header::openbox('100%', 'center', "$graphname $Lang::tr{'graph'}"); - - if (-e "$graphdir/${graphname}-day.png") { - my $ftime = localtime((stat("$graphdir/${graphname}-day.png"))[9]); - print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; - print ""; - print ""; - print ""; - } else { - print $Lang::tr{'no information available'}; - } - print "
\n"; - &Header::closebox(); - } -} - -print "\n"; - -&Header::closebigbox(); -&Header::closepage(); diff --git a/html/cgi-bin/gui.cgi b/html/cgi-bin/gui.cgi deleted file mode 100644 index 432e9fe72..000000000 --- a/html/cgi-bin/gui.cgi +++ /dev/null @@ -1,290 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %cgiparams=(); -my %mainsettings=(); -my %checked=(); -my $errormessage=''; - - -$cgiparams{'FX'} = 'off'; -$cgiparams{'SPEED'} = 'off'; -$cgiparams{'WINDOWWITHHOSTNAME'} = 'off'; -$cgiparams{'REFRESHINDEX'} = 'off'; -$cgiparams{'ACTION'} = ''; -&Header::getcgihash(\%cgiparams); - -&Header::showhttpheaders(); -&General::readhash("${General::swroot}/main/settings",\%mainsettings); -if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") -{ - open(FILE,"${General::swroot}/langs/list"); - my $found=0; - while () - { - my $lang=''; - my $engname=''; - my $natname=''; - chomp; - ($lang,$engname,$natname) = split (/:/, $_,3); - if ($cgiparams{'lang'} eq $lang) - { - $found=1; - } - } - close (FILE); - if ( $found == 0 ) - { - $errormessage="$errormessage

$Lang::tr{'invalid input'}"; - goto SAVE_ERROR; - } - - # Set flag if index page is to refresh whilst ppp is up. - # Default is NO refresh. - if ($cgiparams{'REFRESHINDEX'} ne 'off') { - system ('/usr/bin/touch', "${General::swroot}/main/refreshindex"); - } else { - unlink "${General::swroot}/main/refreshindex"; - } - - # Beep on ip-up or ip-down. Default is ON. - if ($cgiparams{'PPPUPDOWNBEEP'} ne 'on') { - $cgiparams{'PPPUPDOWNBEEP'} = 'off'; - system ('/usr/bin/touch', "${General::swroot}/ppp/nobeeps"); - } else { - unlink "${General::swroot}/ppp/nobeeps"; - } - - # write cgi vars to the file. - $mainsettings{'LANGUAGE'} = $cgiparams{'lang'}; - $mainsettings{'WINDOWWITHHOSTNAME'} = $cgiparams{'WINDOWWITHHOSTNAME'}; - $mainsettings{'PPPUPDOWNBEEP'} = $cgiparams{'PPPUPDOWNBEEP'}; - $mainsettings{'FX'} = $cgiparams{'FX'}; - $mainsettings{'SPEED'} = $cgiparams{'SPEED'}; - $mainsettings{'THEME'} = $cgiparams{'theme'}; - $mainsettings{'REFRESHINDEX'} = $cgiparams{'REFRESHINDEX'}; - &General::writehash("${General::swroot}/main/settings", \%mainsettings); - &Lang::reload($cgiparams{'lang'}); - SAVE_ERROR: -} else { - if ($mainsettings{'WINDOWWITHHOSTNAME'}) { - $cgiparams{'WINDOWWITHHOSTNAME'} = $mainsettings{'WINDOWWITHHOSTNAME'}; - } else { - $cgiparams{'WINDOWWITHHOSTNAME'} = 'off'; - } - - if ($mainsettings{'PPPUPDOWNBEEP'}) { - $cgiparams{'PPPUPDOWNBEEP'} = $mainsettings{'PPPUPDOWNBEEP'}; - } else { - $cgiparams{'PPPUPDOWNBEEP'} = 'on'; - } - - if ($mainsettings{'FX'}) { - $cgiparams{'FX'} = $mainsettings{'FX'}; - } else { - $cgiparams{'FX'} = 'on'; - } - - if ($mainsettings{'THEME'}) { - $cgiparams{'THEME'} = $mainsettings{'THEME'}; - } else { - $cgiparams{'THEME'} = 'ipfire'; - } - - if($mainsettings{'REFRESHINDEX'}) { - $cgiparams{'REFRESHINDEX'} = $mainsettings{'REFRESHINDEX'}; - } else { - $cgiparams{'REFRESHINDEX'} = 'off'; - } - if($mainsettings{'SPEED'}) { - $cgiparams{'SPEED'} = $mainsettings{'SPEED'}; - } else { - $cgiparams{'SPEED'} = 'off'; - } -} - -# Default settings -if ($cgiparams{'ACTION'} eq "$Lang::tr{'restore defaults'}") -{ - $cgiparams{'WINDOWWITHHOSTNAME'} = 'off'; - $cgiparams{'PPPUPDOWNBEEP'} = 'on'; - $cgiparams{'REFRESHINDEX'} = 'off'; - $cgiparams{'FX'} = 'on'; - $cgiparams{'SPEED'} = 'on'; - $cgiparams{'THEME'} = 'ipfire'; -} - -$checked{'WINDOWWITHHOSTNAME'}{'off'} = ''; -$checked{'WINDOWWITHHOSTNAME'}{'on'} = ''; -$checked{'WINDOWWITHHOSTNAME'}{$cgiparams{'WINDOWWITHHOSTNAME'}} = "checked='checked'"; - -$checked{'PPPUPDOWNBEEP'}{'off'} = ''; -$checked{'PPPUPDOWNBEEP'}{'on'} = ''; -$checked{'PPPUPDOWNBEEP'}{$cgiparams{'PPPUPDOWNBEEP'}} = "checked='checked'"; - -$checked{'REFRESHINDEX'}{'off'} = ''; -$checked{'REFRESHINDEX'}{'on'} = ''; -$checked{'REFRESHINDEX'}{$cgiparams{'REFRESHINDEX'}} = "checked='checked'"; - -$checked{'FX'}{'off'} = ''; -$checked{'FX'}{'on'} = ''; -$checked{'FX'}{$cgiparams{'FX'}} = "checked='checked'"; - -$checked{'SPEED'}{'off'} = ''; -$checked{'SPEED'}{'on'} = ''; -$checked{'SPEED'}{$cgiparams{'SPEED'}} = "checked='checked'"; - -&Header::openpage($Lang::tr{'gui settings'}, 1, ''); -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%','left',$Lang::tr{'error messages'}); - print "${errormessage} \n"; - &Header::closebox(); -} - -&Header::openbox('100%','left',$Lang::tr{'gui settings'}); - -print < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

$Lang::tr{'display'}

$Lang::tr{'display webinterface effects'}
$Lang::tr{'display hostname in window title'}
$Lang::tr{'refresh index page while connected'}
$Lang::tr{'show ajax speedmeter in footer'}
 $Lang::tr{'languagepurpose'}
 

$Lang::tr{'theme'}

 

$Lang::tr{'sound'}

$Lang::tr{'beep when ppp connects or disconnects'}

-

- - - - - -
-
- -END -; -&Header::closebox(); -&Header::closebigbox(); -&Header::closepage(); - - - diff --git a/html/cgi-bin/hardwaregraphs.cgi b/html/cgi-bin/hardwaregraphs.cgi deleted file mode 100644 index b2c9408d8..000000000 --- a/html/cgi-bin/hardwaregraphs.cgi +++ /dev/null @@ -1,326 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -# use warnings; -# use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; -require "${General::swroot}/graphs.pl"; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -my %cgiparams=(); -my @cgigraphs=(); - -&Header::showhttpheaders(); - -my $graphdir = "/srv/web/ipfire/html/graphs"; - -my @disks = `kudzu -qps -c HD | grep device: | cut -d" " -f2 | sort | uniq`; -foreach (@disks){ - my $disk = $_; - chomp $disk; - my @array = split(/\//,$disk); - &Graphs::updatehddgraph ($array[$#array],"day");&Graphs::updatehddgraph ($array[$#array],"week");&Graphs::updatehddgraph ($array[$#array],"month");&Graphs::updatehddgraph ($array[$#array],"year"); -} - - &Graphs::updatetempgraph ("day"); - &Graphs::updatefangraph ("day"); - &Graphs::updatevoltgraph ("day"); - -my @graphs=(); - -&Header::getcgihash(\%cgiparams); - -$ENV{'QUERY_STRING'} =~ s/&//g; -@cgigraphs = split(/graph=/,$ENV{'QUERY_STRING'}); -$cgigraphs[1] = '' unless defined $cgigraphs[1]; - -my %mbmon_settings = (); -my %mbmon_values = (); -&General::readhash("/var/log/mbmon-values", \%mbmon_values); -my $key; - -if ( $cgiparams{'ACTION'} eq $Lang::tr{'save'} ) -{ - $mbmon_settings{'GRAPH_TEMP'} = ($cgiparams{'TEMP'} eq 'on'); - $mbmon_settings{'GRAPH_FAN'} = ($cgiparams{'FAN'} eq 'on'); - $mbmon_settings{'GRAPH_VOLT'} = ($cgiparams{'VOLT'} eq 'on'); - $mbmon_settings{'GRAPH_HDD'} = ($cgiparams{'HDD'} eq 'on'); - - foreach my $line (sort keys %cgiparams) - { - if ( index($line, "LINE-") != -1 ) - { - $mbmon_settings{$line} = 'on'; - } - - if ( index($line, "LABEL-") != -1 ) - { - $mbmon_settings{$line} = $cgiparams{$line}; - } - } - - &General::writehash("${General::swroot}/mbmon/settings", \%mbmon_settings); -} -else -{ - &General::readhash("${General::swroot}/mbmon/settings", \%mbmon_settings); -} - -my $selected_temp = ''; -my $selected_fan = ''; -my $selected_volt = ''; -my $selected_hdd = ''; - -$selected_temp = "checked='checked'" if ( $mbmon_settings{'GRAPH_TEMP'} == 1 ); -$selected_fan = "checked='checked'" if ( $mbmon_settings{'GRAPH_FAN'} == 1 ); -$selected_volt = "checked='checked'" if ( $mbmon_settings{'GRAPH_VOLT'} == 1 ); -$selected_hdd = "checked='checked'" if ( $mbmon_settings{'GRAPH_HDD'} == 1 ); - -my %mbmon_graphs = (); -foreach $key ( sort(keys %mbmon_values) ) -{ - $mbmon_graphs{$key} = "checked='checked'" if ( $mbmon_settings{'LINE-'.$key} eq 'on' ); - if ( !defined($mbmon_settings{'LABEL-'.$key}) ) - { - $mbmon_settings{'LABEL-'.$key} = $key; - } -} - -&Header::openpage($Lang::tr{'harddisk temperature graphs'}, 1, ''); - -&Header::openbigbox('100%', 'left'); - -############### -# DEBUG DEBUG -#&Header::openbox('100%', 'left', 'DEBUG'); -#my $debugCount = 0; -#foreach my $line (sort keys %cgiparams) { -# print "$line = $cgiparams{$line}
\n"; -# $debugCount++; -#} -#print " Count: $debugCount
\n"; -#print " CGIParams: $cgigraphs[1]\n"; -#&Header::closebox(); -# DEBUG DEBUG -############### - -if ($cgigraphs[1] =~ /hddtemp/) -{ - my $graph = $cgigraphs[1]; - my $graphname = $Lang::tr{"harddisk temperature"}; - &Header::openbox('100%', 'center', "$graphname $Lang::tr{'graph'}"); - - if (-e "$graphdir/${graph}-day.png") - { - my $ftime = localtime((stat("$graphdir/${graph}-day.png"))[9]); - print "
"; - print "$Lang::tr{'the statistics were last updated at'}: $ftime


\n"; - print "
"; - print "
"; - print "
"; - print ""; - if ( -e "/var/log/smartctl_out_${graph}" ) - { - my $output = `/bin/cat /var/log/smartctl_out_${graph}`; - $output = &Header::cleanhtml($output); - print "
$output
\n"; - } - } - else - { - print $Lang::tr{'no information available'}; - } - &Header::closebox(); - print "\n"; -} -elsif ($cgigraphs[1] =~ /(temp|fan|volt)/) -{ -if ($cgigraphs[1] =~ /temp/) {&Graphs::updatetempgraph ("week");&Graphs::updatetempgraph ("month");&Graphs::updatetempgraph ("year");} -if ($cgigraphs[1] =~ /fan/) {&Graphs::updatefangraph ("week");&Graphs::updatefangraph ("month");&Graphs::updatefangraph ("year");} -if ($cgigraphs[1] =~ /volt/) {&Graphs::updatevoltgraph ("week");&Graphs::updatevoltgraph ("month");&Graphs::updatevoltgraph ("year");} - - my $graph = $cgigraphs[1]; - my $graphname = $Lang::tr{"mbmon $cgigraphs[1]"}; - &Header::openbox('100%', 'center', "$graphname $Lang::tr{'graph'}"); - - if (-e "$graphdir/mbmon-${graph}-day.png") - { - my $ftime = localtime((stat("$graphdir/mbmon-${graph}-day.png"))[9]); - print "
"; - print "$Lang::tr{'the statistics were last updated at'}: $ftime


\n"; - print "
"; - print "
"; - print "
"; - print ""; - } - else - { - print $Lang::tr{'no information available'}; - } - &Header::closebox(); - print "\n"; -} -else -{ - if ( $mbmon_settings{'GRAPH_TEMP'} == 1 ) - { - &Header::openbox('100%', 'center', "$Lang::tr{'mbmon temp'} $Lang::tr{'graph'}"); - if (-e "$graphdir/mbmon-temp-day.png") - { - my $ftime = localtime((stat("$graphdir/mbmon-temp-day.png"))[9]); - print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; - print ""; - print ""; - print ""; - } - else - { - print $Lang::tr{'no information available'}; - } - print "
\n"; - &Header::closebox(); - } - - if ( $mbmon_settings{'GRAPH_FAN'} == 1 ) - { - &Header::openbox('100%', 'center', "$Lang::tr{'mbmon fan'} $Lang::tr{'graph'}"); - if (-e "$graphdir/mbmon-fan-day.png") - { - my $ftime = localtime((stat("$graphdir/mbmon-fan-day.png"))[9]); - print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; - print ""; - print ""; - print ""; - } - else - { - print $Lang::tr{'no information available'}; - } - print "
\n"; - &Header::closebox(); - } - - if ( $mbmon_settings{'GRAPH_VOLT'} == 1 ) - { - &Header::openbox('100%', 'center', "$Lang::tr{'mbmon volt'} $Lang::tr{'graph'}"); - if (-e "$graphdir/mbmon-volt-day.png") - { - my $ftime = localtime((stat("$graphdir/mbmon-volt-day.png"))[9]); - print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; - print ""; - print ""; - print ""; - } - else - { - print $Lang::tr{'no information available'}; - } - print "
\n"; - &Header::closebox(); - } - - if ( $mbmon_settings{'GRAPH_HDD'} == 1 ) - { - my @devices = `kudzu -qps -c HD | grep device: | cut -d" " -f2 | sort | uniq`; - foreach (@devices) { - my $device = $_; - chomp($device); - my @array = split(/\//,$device); - hddtempbox($array[$#array]);} - } - - &Header::openbox('100%', 'center', $Lang::tr{'settings'}); -print < - - - - - -
 $Lang::tr{'mbmon temp'} $Lang::tr{'graph'}
 $Lang::tr{'mbmon fan'} $Lang::tr{'graph'}
 $Lang::tr{'mbmon volt'} $Lang::tr{'graph'}
 $Lang::tr{'harddisk temperature'}-$Lang::tr{'graph'}
-
- - -END -; - -my $i = 0; -foreach $key ( sort(keys %mbmon_values) ) -{ - if ( $i % 2 ) - { - print(""); - } - else - { - print(""); - } - $mbmon_settings{'LABEL-'.$key} = &Header::cleanhtml($mbmon_settings{'LABEL-'.$key}); - print(""); - print("\n"); - print("\n"); - $i++; -} - -print < - -
$Lang::tr{'mbmon display'} $Lang::tr{'mbmon value'}$Lang::tr{'mbmon label'}
$key$mbmon_values{$key} 
- -
 
- - -END -; - &Header::closebox(); -} - -&Header::closebigbox(); -&Header::closepage(); - -sub hddtempbox { - my $disk = $_[0]; - if (-e "$graphdir/hddtemp-$disk-day.png") { - - &Header::openbox('100%', 'center', "Disk $disk $Lang::tr{'graph'}"); - my $ftime = localtime((stat("$graphdir/hddtemp-$disk-day.png"))[9]); - print "
$Lang::tr{'the statistics were last updated at'}: $ftime

\n"; - print ""; - print ""; - print ""; - print "
\n"; - &Header::closebox(); - } -} diff --git a/html/cgi-bin/hosts.cgi b/html/cgi-bin/hosts.cgi deleted file mode 100644 index 94a48d326..000000000 --- a/html/cgi-bin/hosts.cgi +++ /dev/null @@ -1,462 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::colouryellow} ); -undef (@dummy); - -# Files used -my $setting = "${General::swroot}/main/settings"; -our $datafile = "${General::swroot}/main/hosts"; #(our: used in subroutine) - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -our %settings = (); -#Settings1 -# removed - -#Settings2 for editing the multi-line list -#Must not be saved ! -$settings{'EN'} = ''; # reuse for dummy field in position zero -$settings{'IP'} = ''; -$settings{'HOST'} = ''; -$settings{'DOM'} = ''; -my @nosaved=('EN','IP','HOST','DOM'); # List here ALL setting2 fields. Mandatory - -$settings{'ACTION'} = ''; # add/edit/remove -$settings{'KEY1'} = ''; # point record for ACTION - -#Define each field that can be used to sort columns -my $sortstring='^IP|^HOST|^DOM'; -$settings{'SORT_HOSTSLIST'} = 'HOST'; -my $errormessage = ''; -my $warnmessage = ''; - -&Header::showhttpheaders(); - -#Get GUI values -&Header::getcgihash(\%settings); - -# Load multiline data -our @current = (); -if (open(FILE, "$datafile")) { - @current = ; - close (FILE); -} - -## Settings1 Box not used... -&General::readhash("${General::swroot}/main/settings", \%settings); - - -## Now manipulate the multi-line list with Settings2 -# Basic actions are: -# toggle the check box -# add/update a new line -# begin editing a line -# remove a line - - -# Toggle enable/disable field. Field is in second position -if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { - #move out new line - chomp(@current[$settings{'KEY1'}]); - my @temp = split(/\,/,@current[$settings{'KEY1'}]); - - $temp[0] = $temp[0] ne '' ? '' : 'on'; # Toggle the field - @current[$settings{'KEY1'}] = join (',',@temp)."\n"; - $settings{'KEY1'} = ''; # End edit mode - - &General::log($Lang::tr{'hosts config changed'}); - - #Save current - open(FILE, ">$datafile") or die 'hosts datafile error'; - print FILE @current; - close(FILE); - - # Rebuild configuration file - &BuildConfiguration; -} - -if ($settings{'ACTION'} eq $Lang::tr{'add'}) { - # Validate inputs - unless(&General::validip($settings{'IP'})) { - $errormessage = $Lang::tr{'invalid fixed ip address'}; - } - - unless(&General::validhostname($settings{'HOST'})) { - $errormessage = $Lang::tr{'invalid hostname'}; - } - - if ($settings{'DOM'} && ! &General::validdomainname($settings{'DOM'})) { - $errormessage = $Lang::tr{'invalid domain name'}; - } - - - unless ($errormessage) { - if ($settings{'KEY1'} eq '') { #add or edit ? - unshift (@current, "$settings{'EN'},$settings{'IP'},$settings{'HOST'},$settings{'DOM'}\n"); - &General::log($Lang::tr{'hosts config added'}); - } else { - @current[$settings{'KEY1'}] = "$settings{'EN'},$settings{'IP'},$settings{'HOST'},$settings{'DOM'}\n"; - $settings{'KEY1'} = ''; # End edit mode - &General::log($Lang::tr{'hosts config changed'}); - } - - # Write changes to config file. - &SortDataFile; # sort newly added/modified entry - &BuildConfiguration; # then re-build new host - - #map ($settings{$_}='' ,@nosaved); # Clear fields - } -} - -if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { - #move out new line - my $line = @current[$settings{'KEY1'}]; # KEY1 is the index in current - chomp($line); - my @temp = split(/\,/, $line); - $settings{'EN'}=$temp[0]; # Prepare the screen for editing - $settings{'IP'}=$temp[1]; - $settings{'HOST'}=$temp[2]; - $settings{'DOM'}=$temp[3]; -} - -if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { - splice (@current,$settings{'KEY1'},1); # Delete line - open(FILE, ">$datafile") or die 'hosts datafile error'; - print FILE @current; - close(FILE); - $settings{'KEY1'} = ''; # End remove mode - &General::log($Lang::tr{'hosts config changed'}); - - &BuildConfiguration; # then re-build conf which use new data -} - - - -## Check if sorting is asked -# If same column clicked, reverse the sort. -if ($ENV{'QUERY_STRING'} =~ /$sortstring/ ) { - my $newsort=$ENV{'QUERY_STRING'}; - my $actual=$settings{'SORT_HOSTSLIST'}; - #Reverse actual sort ? - if ($actual =~ $newsort) { - my $Rev=''; - if ($actual !~ 'Rev') { - $Rev='Rev'; - } - $newsort.=$Rev; - } - $settings{'SORT_HOSTSLIST'}=$newsort; - map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1'));# Must never be saved - &General::writehash($setting, \%settings); - &SortDataFile; - $settings{'ACTION'} = 'SORT'; # Create an 'ACTION' - map ($settings{$_} = '' ,@nosaved,'KEY1'); # and reinit vars to empty -} - -if ($settings{'ACTION'} eq '' ) { # First launch from GUI - # Place here default value when nothing is initialized - $settings{'EN'} = 'on'; - $settings{'DOM'} = $settings{'DOMAINNAME'}; -} - -&Header::openpage($Lang::tr{'hostname'}, 1, ''); -&Header::openbigbox('100%', 'left', '', $errormessage); -my %checked=(); # Checkbox manipulations - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage "; - &Header::closebox(); -} - -# -# Remove if no Setting1 needed -# -#if ($warnmessage) { -# $warnmessage = "$Lang::tr{'capswarning'}: $warnmessage"; -#} -#&Header::openbox('100%', 'left', $Lang::tr{'settings'}); -#print "
"; -#print < -# -# $Lang::tr{'domain name'} : $settings{'DOMAINNAME'} -# -# -#END -#; -# -#print < -#
-# -# -# $warnmessage -# -# -# -# -#END -#; -#&Header::closebox(); # end of Settings1 - - -# -# Second check box is for editing the list -# -$checked{'EN'}{'on'} = ($settings{'EN'} eq '' ) ? '' : "checked='checked'"; - -my $buttontext = $Lang::tr{'add'}; -if ($settings{'KEY1'} ne '') { - $buttontext = $Lang::tr{'update'}; - &Header::openbox('100%', 'left', $Lang::tr{'edit an existing host'}); -} else { - &Header::openbox('100%', 'left', $Lang::tr{'add a host'}); -} - -#Edited line number (KEY1) passed until cleared by 'save' or 'remove' or 'new sort order' -print < - - - - - - - - - - - - - -
$Lang::tr{'host ip'}: $Lang::tr{'hostname'}:
$Lang::tr{'domain name'}: *$Lang::tr{'enabled'}
-
- - - - - -
* $Lang::tr{'this field may be blank'}
- -END -; -&Header::closebox(); - -# -# Third box shows the list, in columns -# -# Columns headers may content a link. In this case it must be named in $sortstring -# -&Header::openbox('100%', 'left', $Lang::tr{'current hosts'}); -print < - - $Lang::tr{'host ip'} - $Lang::tr{'hostname'} - $Lang::tr{'domain name'} - $Lang::tr{'action'} - -END -; - -# -# Print each line of @current list -# - -my $key = 0; -foreach my $line (@current) { - chomp($line); # remove newline - my @temp=split(/\,/,$line); - $temp[3] ='' unless defined $temp[3]; # not always populated - - #Choose icon for checkbox - my $gif = ''; - my $gdesc = ''; - if ($temp[0] ne '' ) { - $gif = 'on.gif'; - $gdesc = $Lang::tr{'click to disable'}; - } else { - $gif = 'off.gif'; - $gdesc = $Lang::tr{'click to enable'}; - } - - #Colorize each line - if ($settings{'KEY1'} eq $key) { - print ""; - } elsif ($key % 2) { - print ""; - } else { - print ""; - } - print <$temp[1] -$temp[2] -$temp[3] - -
- - - -
- - - -
- - - -
- - - -
- - - -
- - -END -; - $key++; -} -print ""; - -# If table contains entries, print 'Key to action icons' -if ($key) { -print < - -  $Lang::tr{'legend'}:  - $Lang::tr{ - $Lang::tr{'click to disable'} -    - $Lang::tr{ - $Lang::tr{'click to enable'} -    - $Lang::tr{ - $Lang::tr{'edit'} -    - $Lang::tr{ - $Lang::tr{'remove'} - - -END -; -} - -&Header::closebox(); -&Header::closebigbox(); -&Header::closepage(); - -## Ouf it's the end ! - -# Sort the "current" array according to choices -sub SortDataFile -{ - our %entries = (); - - # Sort pair of record received in $a $b special vars. - # When IP is specified use numeric sort else alpha. - # If sortname ends with 'Rev', do reverse sort. - # - sub fixedleasesort { - my $qs=''; # The sort field specified minus 'Rev' - if (rindex ($settings{'SORT_HOSTSLIST'},'Rev') != -1) { - $qs=substr ($settings{'SORT_HOSTSLIST'},0,length($settings{'SORT_HOSTSLIST'})-3); - if ($qs eq 'IP') { - my @a = split(/\./,$entries{$a}->{$qs}); - my @b = split(/\./,$entries{$b}->{$qs}); - ($b[0]<=>$a[0]) || - ($b[1]<=>$a[1]) || - ($b[2]<=>$a[2]) || - ($b[3]<=>$a[3]); - } else { - $entries{$b}->{$qs} cmp $entries{$a}->{$qs}; - } - } else { #not reverse - $qs=$settings{'SORT_HOSTSLIST'}; - if ($qs eq 'IP') { - my @a = split(/\./,$entries{$a}->{$qs}); - my @b = split(/\./,$entries{$b}->{$qs}); - ($a[0]<=>$b[0]) || - ($a[1]<=>$b[1]) || - ($a[2]<=>$b[2]) || - ($a[3]<=>$b[3]); - } else { - $entries{$a}->{$qs} cmp $entries{$b}->{$qs}; - } - } - } - - #Use an associative array (%entries) - my $key = 0; - foreach my $line (@current) { - chomp( $line); #remove newline because can be on field 5 or 6 (addition of REMARK) - my @temp = ( '','','', ''); - @temp = split (',',$line); - - # Build a pair 'Field Name',value for each of the data dataline. - # Each SORTABLE field must have is pair. - # Other data fields (non sortable) can be grouped in one - - my @record = ('KEY',$key++,'EN',$temp[0],'IP',$temp[1],'HOST',$temp[2],'DOM',$temp[3]); - my $record = {}; # create a reference to empty hash - %{$record} = @record; # populate that hash with @record - $entries{$record->{KEY}} = $record; # add this to a hash of hashes - } - - open(FILE, ">$datafile") or die 'hosts datafile error'; - - # Each field value is printed , with the newline ! Don't forget separator and order of them. - foreach my $entry (sort fixedleasesort keys %entries) { - print FILE "$entries{$entry}->{EN},$entries{$entry}->{IP},$entries{$entry}->{HOST},$entries{$entry}->{DOM}\n"; - } - - close(FILE); - # Reload sorted @current - open (FILE, "$datafile"); - @current = ; - close (FILE); -} - -# -# Build the configuration file -# -sub BuildConfiguration { - system '/usr/local/bin/rebuildhosts'; -} diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi deleted file mode 100644 index 56122658f..000000000 --- a/html/cgi-bin/ids.cgi +++ /dev/null @@ -1,736 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - - -use LWP::UserAgent; -use File::Copy; -use File::Temp qw/ tempfile tempdir /; -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -my %snortsettings=(); -my %checked=(); -my %selected=(); -my %netsettings=(); -our $errormessage = ''; -our $md5 = '0';# not '' to avoid displaying the wrong message when INSTALLMD5 not set -our $realmd5 = ''; -our $results = ''; -our $tempdir = ''; -our $url=''; -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - -&Header::showhttpheaders(); - -$snortsettings{'ENABLE_SNORT'} = 'off'; -$snortsettings{'ENABLE_SNORT_GREEN'} = 'off'; -$snortsettings{'ENABLE_SNORT_BLUE'} = 'off'; -$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off'; -$snortsettings{'ENABLE_GUARDIAN'} = 'off'; -$snortsettings{'GUARDIAN_INTERFACE'} = `cat /var/ipfire/red/iface`; -$snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'} = '1'; -$snortsettings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log'; -$snortsettings{'GUARDIAN_ALERTFILE'} = '/var/log/snort/alert'; -$snortsettings{'GUARDIAN_IGNOREFILE'} = '/var/ipfire/guardian/guardian.ignore'; -$snortsettings{'GUARDIAN_TARGETFILE'} = '/var/ipfire/guardian/guardian.target'; -$snortsettings{'GUARDIAN_TIMELIMIT'} = '86400'; -$snortsettings{'GUARDIAN_IGNOREFILE_CONTENT'} = `cat $snortsettings{'GUARDIAN_IGNOREFILE'}`; -$snortsettings{'ACTION'} = ''; -$snortsettings{'ACTION2'} = ''; -$snortsettings{'RULES'} = ''; -$snortsettings{'OINKCODE'} = ''; -$snortsettings{'INSTALLDATE'} = ''; -$snortsettings{'INSTALLMD5'} = ''; - -&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'}); - -####################### Added for snort rules control ################################# -my $snortrulepath; # change to "/etc/snort/rules" - maniac -my @snortconfig; -my $restartsnortrequired = 0; -my %snortrules; -my $rule = ''; -my $table1colour = ''; -my $table2colour = ''; -my $var = ''; -my $value = ''; -my $tmp = ''; -my $linkedrulefile = ''; -my $border = ''; -my $checkboxname = ''; - -if (-e "/etc/snort/snort.conf") { - - - # Open snort.conf file, read it in, close it, and re-open for writing - open(FILE, "/etc/snort/snort.conf") or die 'Unable to read snort config file.'; - @snortconfig = ; - close(FILE); - open(FILE, ">/etc/snort/snort.conf") or die 'Unable to write snort config file.'; - - my @rules = `cd /etc/snort/rules/ && ls *.rules`; # With this loop the rule might be display with correct rulepath set - foreach (@rules) { - chomp $_; - my $temp = join(";",@snortconfig); - if ( $temp =~ /$_/ ){next;} - else { push(@snortconfig,"#include \$RULE_PATH/".$_);} - } - - # Loop over each line - foreach my $line (@snortconfig) { - # Trim the line - chomp $line; - - # Check for a line with .rules - if ($line =~ /\.rules$/) { - # Parse out rule file name - $rule = $line; - $rule =~ s/\$RULE_PATH\///i; - $rule =~ s/ ?include ?//i; - $rule =~ s/\#//i; - my $snortrulepathrule = "$snortrulepath/$rule"; - - # Open rule file and read in contents - open(RULEFILE, "$snortrulepath/$rule") or die "Unable to read snort rule file for reading => $snortrulepath/$rule."; - my @snortrulefile = ; - close(RULEFILE); - open(RULEFILE, ">$snortrulepath/$rule") or die "Unable to write snort rule file for writing $snortrulepath/$rule"; - - # Local vars - my $dashlinecnt = 0; - my $desclook = 1; - my $snortruledesc = ''; - my %snortruledef = (); - my $rulecnt = 1; - - # Loop over rule file contents - foreach my $ruleline (@snortrulefile) { - chomp $ruleline; - - # If still looking for a description - if ($desclook) { - # If line does not start with a # anymore, then done looking for a description - if ($ruleline !~ /^\#/) { - $desclook = 0; - } - - # If see more than one dashed line, (start to) create rule file description - if ($dashlinecnt > 1) { - # Check for a line starting with a # - if ($ruleline =~ /^\#/) { - # Create tempruleline - my $tempruleline = $ruleline; - - # Strip off # and clean up line - $tempruleline =~ s/\# ?//i; - - # Check for part of a description - if ($snortruledesc eq '') { - $snortruledesc = $tempruleline; - } else { - $snortruledesc .= " $tempruleline"; - } - } else { - # Must be done - $desclook = 0; - } - } - - # If have a dashed line, increment count - if ($ruleline =~ /\# ?\-+/) { - $dashlinecnt++; - } - } else { - # Parse out rule file rule's message for display - if ($ruleline =~ /(msg\:\"[^\"]+\";)/) { - my $msg = ''; - $msg = $1; - $msg =~ s/msg\:\"//i; - $msg =~ s/\";//i; - $snortruledef{$rulecnt}{'Description'} = $msg; - - # Check for 'Save' and rule file displayed in query string - if (($snortsettings{'ACTION'} eq $Lang::tr{'update'}) && ($ENV{'QUERY_STRING'} =~ /$rule/i)) { - # Check for a disable rule which is now enabled, or an enabled rule which is now disabled - if ((($ruleline =~ /^\#/) && (exists $snortsettings{"SNORT_RULE_$rule\_$rulecnt"})) || (($ruleline !~ /^\#/) && (!exists $snortsettings{"SNORT_RULE_$rule\_$rulecnt"}))) { - $restartsnortrequired = 1; - } - - # Strip out leading # from rule line - $ruleline =~ s/\# ?//i; - - # Check if it does not exists (which means it is disabled), append a # - if (!exists $snortsettings{"SNORT_RULE_$rule\_$rulecnt"}) { - $ruleline = "#"." $ruleline"; - } - } - - # Check if ruleline does not begin with a #, so it is enabled - if ($ruleline !~ /^\#/) { - $snortruledef{$rulecnt++}{'State'} = 'Enabled'; - } else { - # Otherwise it is disabled - $snortruledef{$rulecnt++}{'State'} = 'Disabled'; - } - } - } - - # Print ruleline to RULEFILE - print RULEFILE "$ruleline\n"; - } - - # Close RULEFILE - close(RULEFILE); - - # Check for 'Save' - if ($snortsettings{'ACTION'} eq $Lang::tr{'update'}) { - # Check for a disable rule which is now enabled, or an enabled rule which is now disabled - if ((($line =~ /^\#/) && (exists $snortsettings{"SNORT_RULE_$rule"})) || (($line !~ /^\#/) && (!exists $snortsettings{"SNORT_RULE_$rule"}))) { - $restartsnortrequired = 1; - } - - # Strip out leading # from rule line - $line =~ s/\# ?//i; - - # Check if it does not exists (which means it is disabled), append a # - if (!exists $snortsettings{"SNORT_RULE_$rule"}) { - $line = "# $line"; - } - } - - # Check for rule state - if ($line =~ /^\#/) { - $snortrules{$rule}{"State"} = "Disabled"; - } else { - $snortrules{$rule}{"State"} = "Enabled"; - } - - # Set rule description - $snortrules{$rule}{"Description"} = $snortruledesc; - - # Loop over sorted rules - foreach my $ruledef (sort {$a <=> $b} keys(%snortruledef)) { - $snortrules{$rule}{"Definition"}{$ruledef}{'Description'} = $snortruledef{$ruledef}{'Description'}; - $snortrules{$rule}{"Definition"}{$ruledef}{'State'} = $snortruledef{$ruledef}{'State'}; - } - - $snortruledesc = ''; - print FILE "$line\n"; - } elsif ($line =~ /var RULE_PATH/) { - ($tmp, $tmp, $snortrulepath) = split(' ', $line); - print FILE "$line\n"; - } else { - print FILE "$line\n"; - } - } - close(FILE); - - if ($restartsnortrequired) { - system('/usr/local/bin/snortctrl restart >/dev/null'); - } -} - -####################### End added for snort rules control ################################# - -if ($snortsettings{'RULES'} eq 'subscripted') { - $url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-CURRENT_s.tar.gz"; -} elsif ($snortsettings{'RULES'} eq 'registered') { - $url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-CURRENT.tar.gz"; -} else { - $url="http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz"; -} - -if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "snort" ) -{ - $errormessage = $Lang::tr{'invalid input for oink code'} unless ( - ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/) || - ($snortsettings{'RULESTYPE'} eq 'nothing' ) ); - - &General::writehash("${General::swroot}/snort/settings", \%snortsettings); - if ($snortsettings{'ENABLE_SNORT'} eq 'on') - { - system ('/usr/bin/touch', "${General::swroot}/snort/enable"); - } else { - unlink "${General::swroot}/snort/enable"; - } - if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on') - { - system ('/usr/bin/touch', "${General::swroot}/snort/enable_green"); - } else { - unlink "${General::swroot}/snort/enable_green"; - } - if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on') - { - system ('/usr/bin/touch', "${General::swroot}/snort/enable_blue"); - } else { - unlink "${General::swroot}/snort/enable_blue"; - } - if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on') - { - system ('/usr/bin/touch', "${General::swroot}/snort/enable_orange"); - } else { - unlink "${General::swroot}/snort/enable_orange"; - } - if ($snortsettings{'ENABLE_GUARDIAN'} eq 'on') - { - system ('/usr/bin/touch', "${General::swroot}/guardian/enable"); - } else { - unlink "${General::swroot}/guardian/enable"; - } - - system('/usr/local/bin/snortctrl restart >/dev/null'); - -} elsif ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "guardian" ){ - open(IGNOREFILE, ">$snortsettings{'GUARDIAN_IGNOREFILE'}") or die "Unable to write guardian ignore file $snortsettings{'GUARDIAN_IGNOREFILE'}"; - print IGNOREFILE $snortsettings{'GUARDIAN_IGNOREFILE_CONTENT'}; - close(IGNOREFILE); - open(GUARDIAN, ">/var/ipfire/guardian/guardian.conf") or die "Unable to write guardian conf /var/ipfire/guardian/guardian.conf"; - print GUARDIAN </dev/null'); -} - # INSTALLMD5 is not in the form, so not retrieved by getcgihash - &General::readhash("${General::swroot}/snort/settings", \%snortsettings); - -if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) { - $md5 = &getmd5; - if (($snortsettings{'INSTALLMD5'} ne $md5) && defined $md5 ) { - chomp($md5); - my $filename = &downloadrulesfile(); - if (defined $filename) { - # Check MD5sum - $realmd5 = `/usr/bin/md5sum $filename`; - chomp ($realmd5); - $realmd5 =~ s/^(\w+)\s.*$/$1/; - if ($md5 ne $realmd5) { - $errormessage = "$Lang::tr{'invalid md5sum'}"; - } else { - $results = "$Lang::tr{'installed updates'}\n
";
-				$results .=`/usr/local/bin/oinkmaster.pl -s -u file://$filename -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules 2>&1`;
-				$results .= "
"; - } - unlink ($filename); - } - } -} - -$checked{'ENABLE_SNORT'}{'off'} = ''; -$checked{'ENABLE_SNORT'}{'on'} = ''; -$checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'"; -$checked{'ENABLE_SNORT_GREEN'}{'off'} = ''; -$checked{'ENABLE_SNORT_GREEN'}{'on'} = ''; -$checked{'ENABLE_SNORT_GREEN'}{$snortsettings{'ENABLE_SNORT_GREEN'}} = "checked='checked'"; -$checked{'ENABLE_SNORT_BLUE'}{'off'} = ''; -$checked{'ENABLE_SNORT_BLUE'}{'on'} = ''; -$checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='checked'"; -$checked{'ENABLE_SNORT_ORANGE'}{'off'} = ''; -$checked{'ENABLE_SNORT_ORANGE'}{'on'} = ''; -$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'"; -$checked{'ENABLE_GUARDIAN'}{'off'} = ''; -$checked{'ENABLE_GUARDIAN'}{'on'} = ''; -$checked{'ENABLE_GUARDIAN'}{$snortsettings{'ENABLE_GUARDIAN'}} = "checked='checked'"; -$selected{'RULES'}{'nothing'} = ''; -$selected{'RULES'}{'community'} = ''; -$selected{'RULES'}{'registered'} = ''; -$selected{'RULES'}{'subscripted'} = ''; -$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'"; - -&Header::openpage($Lang::tr{'intrusion detection system'}, 1, ''); - -####################### Added for snort rules control ################################# -print ""; -print < - - -END -; -####################### End added for snort rules control ################################# - -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage\n"; - print " \n"; - &Header::closebox(); -} - -&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system2'}); -print < - - - - - - - - - - - - - - - - - - "; -} else { - if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'} && $md5 eq $realmd5 ) { - $snortsettings{'INSTALLMD5'} = $realmd5; - $snortsettings{'INSTALLDATE'} = `/bin/date +'%Y-%m-%d'`; - &General::writehash("${General::swroot}/snort/settings", \%snortsettings); - } - print " $Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}"; -} -print < -
GREEN Snort -END -; -if ($netsettings{'BLUE_DEV'} ne '') { - print "       BLUE Snort"; -} -if ($netsettings{'ORANGE_DEV'} ne '') { - print "       ORANGE Snort"; -} - print "       RED Snort"; -if ( -e "/var/ipfire/guardian/guardian.conf" ) { - print "       Guardian"; -} - -print <

$Lang::tr{'ids rules update'}
-

- $Lang::tr{'ids rules license'} http://www.snort.org.
-
- $Lang::tr{'ids rules license2'} USER PREFERENCES, $Lang::tr{'ids rules license3'}
-
Oinkcode: 
-END -; - -if ($snortsettings{'INSTALLMD5'} eq $md5) { - print " $Lang::tr{'rules already up to date'}
-
- - - - -
- -END -; - -if ($results ne '') { - print "$results"; -} - -&Header::closebox(); - -####################### Added for guardian control #################################### -if ( -e "/var/ipfire/guardian/guardian.conf" ) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'guardian configuration'}); -print < - - - - - - -
$Lang::tr{'guardian interface'}
$Lang::tr{'guardian timelimit'}
$Lang::tr{'guardian logfile'}
$Lang::tr{'guardian alertfile'}
$Lang::tr{'guardian ignorefile'}
- -END -; - &Header::closebox(); -} - - - - -####################### Added for snort rules control ################################# -if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable_green" || -e "${General::swroot}/snort/enable_blue" || -e "${General::swroot}/snort/enable_orange" ) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'}); - # Output display table for rule files - print "
"; - - print ""; - - # Local vars - my $ruledisplaycnt = 1; - my $rulecnt = keys %snortrules; - $rulecnt++; - $rulecnt = $rulecnt / 2; - - # Loop over each rule file - foreach my $rulefile (sort keys(%snortrules)) { - my $rulechecked = ''; - - # Check if reached half-way through rule file rules to start new column - if ($ruledisplaycnt > $rulecnt) { - print "
"; - $ruledisplaycnt = 0; - } - - # Check if rule file is enabled - if ($snortrules{$rulefile}{"State"} eq 'Enabled') { - $rulechecked = 'CHECKED'; - } - - # Create rule file link, vars array, and display flag - my $rulefilelink = "?RULEFILE=$rulefile"; - my $rulefiletoclose = ''; - my @queryvars = (); - my $displayrulefilerules = 0; - - # Check for passed in query string - if ($ENV{'QUERY_STRING'}) { - # Split out vars - @queryvars = split(/\&/, $ENV{'QUERY_STRING'}); - - # Loop over values - foreach $value (@queryvars) { - # Split out var pairs - ($var, $linkedrulefile) = split(/=/, $value); - - # Check if var is 'RULEFILE' - if ($var eq 'RULEFILE') { - # Check if rulefile equals linkedrulefile - if ($rulefile eq $linkedrulefile) { - # Set display flag - $displayrulefilerules = 1; - - # Strip out rulefile from rulefilelink - $rulefilelink =~ s/RULEFILE=$linkedrulefile//g; - } else { - # Add linked rule file to rulefilelink - $rulefilelink .= "&RULEFILE=$linkedrulefile"; - } - } - } - } - - # Strip out extra & & ? from rulefilelink - $rulefilelink =~ s/^\?\&/\?/i; - - # Check for a single '?' and replace with page for proper link display - if ($rulefilelink eq '?') { - $rulefilelink = "ids.cgi"; - } - - # Output rule file name and checkbox - print ""; - print "
$rulefile
"; - - # Check for empty 'Description' - if ($snortrules{$rulefile}{'Description'} eq '') { - print ""; - } else { - # Output rule file 'Description' - print "
No description available
"; - } - - # Check for display flag - if ($displayrulefilerules) { - # Rule file definition rule display - print ""; - } - - # Close display table - print "
$snortrules{$rulefile}{'Description'}
"; - - # Local vars - my $ruledefdisplaycnt = 0; - my $ruledefcnt = keys %{$snortrules{$rulefile}{"Definition"}}; - $ruledefcnt++; - $ruledefcnt = $ruledefcnt / 2; - - # Loop over rule file rules - foreach my $ruledef (sort {$a <=> $b} keys(%{$snortrules{$rulefile}{"Definition"}})) { - # Local vars - my $ruledefchecked = ''; - - # If have display 2 rules, start new row - if (($ruledefdisplaycnt % 2) == 0) { - print ""; - $ruledefdisplaycnt = 0; - } - - # Check for rules state - if ($snortrules{$rulefile}{'Definition'}{$ruledef}{'State'} eq 'Enabled') { - $ruledefchecked = 'CHECKED'; - } - - # Create rule file rule's checkbox - $checkboxname = "SNORT_RULE_$rulefile"; - $checkboxname .= "_$ruledef"; - print ""; - - # Increment count - $ruledefdisplaycnt++; - } - - # If do not have second rule for row, create empty cell - if (($ruledefdisplaycnt % 2) != 0) { - print ""; - } - - # Close display table - print "
$snortrules{$rulefile}{'Definition'}{$ruledef}{'Description'}
"; - - # Increment ruledisplaycnt - $ruledisplaycnt++; - } - print "
"; - print < - -   - - -   - - - - -END -; - &Header::closebox(); -} - -####################### End added for snort rules control ################################# -&Header::closebigbox(); -&Header::closepage(); - -sub getmd5 { - # Retrieve MD5 sum from $url.md5 file - # - my $md5buf = &geturl("$url.md5"); - return undef unless $md5buf; - - if (0) { # 1 to debug - my $filename=''; - my $fh=''; - ($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.md5' ); - binmode ($fh); - syswrite ($fh, $md5buf->content); - close($fh); - } - return $md5buf->content; -} -sub downloadrulesfile { - my $return = &geturl($url); - return undef unless $return; - - if (index($return->content, "\037\213") == -1 ) { # \037\213 is .gz beginning - $errormessage = $Lang::tr{'invalid loaded file'}; - return undef; - } - - my $filename=''; - my $fh=''; - ($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.tar.gz' );#oinkmaster work only with this extension - binmode ($fh); - syswrite ($fh, $return->content); - close($fh); - return $filename; -} - -sub geturl ($) { - my $url=$_[0]; - - unless (-e "${General::swroot}/red/active") { - $errormessage = $Lang::tr{'could not download latest updates'}; - return undef; - } - - my $downloader = LWP::UserAgent->new; - $downloader->timeout(5); - - my %proxysettings=(); - &General::readhash("${General::swroot}/proxy/settings", \%proxysettings); - - if ($_=$proxysettings{'UPSTREAM_PROXY'}) { - my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); - if ($proxysettings{'UPSTREAM_USER'}) { - $downloader->proxy("http","http://$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'}@"."$peer:$peerport/"); - } else { - $downloader->proxy("http","http://$peer:$peerport/"); - } - } - - my $return = $downloader->get($url,'Cache-Control','no-cache'); - - if ($return->code == 403) { - $errormessage = $Lang::tr{'access refused with this oinkcode'}; - return undef; - } elsif (!$return->is_success()) { - $errormessage = $Lang::tr{'could not download latest updates'}; - return undef; - } - - return $return; - -} diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi deleted file mode 100644 index 207e30455..000000000 --- a/html/cgi-bin/index.cgi +++ /dev/null @@ -1,397 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %cgiparams=(); -my %pppsettings=(); -my %modemsettings=(); -my %netsettings=(); -my %ddnssettings=(); -my $warnmessage = ''; -my $refresh = ""; -my $ipaddr=''; - -&Header::showhttpheaders(); - -$cgiparams{'ACTION'} = ''; -&Header::getcgihash(\%cgiparams); -$pppsettings{'VALID'} = ''; -$pppsettings{'PROFILENAME'} = 'None'; -&General::readhash("${General::swroot}/ppp/settings", \%pppsettings); -&General::readhash("${General::swroot}/modem/settings", \%modemsettings); -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); -&General::readhash("${General::swroot}/ddns/settings", \%ddnssettings); - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -my $connstate = &Header::connectionstatus(); - -if ($cgiparams{'ACTION'} eq $Lang::tr{'shutdown'} || $cgiparams{'ACTION'} eq $Lang::tr{'reboot'}) { - $refresh = ""; -} elsif ($connstate =~ /$Lang::tr{'connecting'}/ || /$Lang::tr{'connection closed'}/ ){ - $refresh = ""; -} elsif ($connstate =~ /$Lang::tr{'dod waiting'}/ || -e "${General::swroot}/main/refreshindex") { - $refresh = ""; -} - -if ($cgiparams{'ACTION'} eq $Lang::tr{'dial profile'}) -{ - my $profile = $cgiparams{'PROFILE'}; - my %tempcgiparams = (); - $tempcgiparams{'PROFILE'} = ''; - &General::readhash("${General::swroot}/ppp/settings-$cgiparams{'PROFILE'}", - \%tempcgiparams); - - # make a link from the selected profile to the "default" one. - unlink("${General::swroot}/ppp/settings"); - link("${General::swroot}/ppp/settings-$cgiparams{'PROFILE'}", - "${General::swroot}/ppp/settings"); - system ("/usr/bin/touch", "${General::swroot}/ppp/updatesettings"); - - # read in the new params "early" so we can write secrets. - %cgiparams = (); - &General::readhash("${General::swroot}/ppp/settings", \%cgiparams); - $cgiparams{'PROFILE'} = $profile; - $cgiparams{'BACKUPPROFILE'} = $profile; - &General::writehash("${General::swroot}/ppp/settings-$cgiparams{'PROFILE'}", - \%cgiparams); - - # write secrets file. - open(FILE, ">/${General::swroot}/ppp/secrets") or die "Unable to write secrets file."; - flock(FILE, 2); - my $username = $cgiparams{'USERNAME'}; - my $password = $cgiparams{'PASSWORD'}; - print FILE "'$username' * '$password'\n"; - chmod 0600, "${General::swroot}/ppp/secrets"; - close FILE; - - &General::log("$Lang::tr{'profile made current'} $tempcgiparams{'PROFILENAME'}"); - $cgiparams{'ACTION'} = "$Lang::tr{'dial'}"; -} - -if ($cgiparams{'ACTION'} eq $Lang::tr{'dial'}) { - system('/usr/local/bin/redctrl start > /dev/null') == 0 - or &General::log("Dial failed: $?"); sleep 1;} -elsif ($cgiparams{'ACTION'} eq $Lang::tr{'hangup'}) { - system('/usr/local/bin/redctrl stop > /dev/null') == 0 - or &General::log("Hangup failed: $?"); sleep 1;} - -my $c; -my $maxprofiles = 5; -my @profilenames = (); - -for ($c = 1; $c <= $maxprofiles; $c++) -{ - my %temppppsettings = (); - $temppppsettings{'PROFILENAME'} = ''; - &General::readhash("${General::swroot}/ppp/settings-$c", \%temppppsettings); - $profilenames[$c] = $temppppsettings{'PROFILENAME'}; -} -my %selected; -for ($c = 1; $c <= $maxprofiles; $c++) { - $selected{'PROFILE'}{$c} = ''; -} -$selected{'PROFILE'}{$pppsettings{'PROFILE'}} = "selected='selected'"; -my $dialButtonDisabled = "disabled='disabled'"; - - -&Header::openpage($Lang::tr{'main page'}, 1, $refresh); -&Header::openbigbox('', 'center'); -&Header::openbox('100%', 'center', &Header::cleanhtml(`/bin/uname -n`,"y")); - - - -if ( ( $pppsettings{'VALID'} eq 'yes' && $modemsettings{'VALID'} eq 'yes' ) || ( $netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ && $netsettings{'RED_TYPE'} =~ /^(DHCP|STATIC)$/ )) { - if (open(IPADDR,"${General::swroot}/ddns/ipcache")) { - $ipaddr = ; - close IPADDR; - chomp ($ipaddr); - } - if (open(IPADDR,"${General::swroot}/red/local-ipaddress")) { - $ipaddr = ; - close IPADDR; - chomp ($ipaddr); - } -} elsif ($modemsettings{'VALID'} eq 'no') { - print "$Lang::tr{'modem settings have errors'}\n
\n"; -} else { - print "$Lang::tr{'profile has errors'}\n
\n"; -} - -#if ( $netsettings{'RED_TYPE'} =~ /^(DHCP|STATIC)$/ ) { -# $ipaddr = $netsettings{'RED_ADDRESS'}; -#} - -my $death = 0; -my $rebirth = 0; - -if ($cgiparams{'ACTION'} eq $Lang::tr{'shutdown'}) { - $death = 1; - &General::log($Lang::tr{'shutting down ipfire'}); - system '/usr/local/bin/ipfirereboot down'; -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reboot'}) { - $rebirth = 1; - &General::log($Lang::tr{'rebooting ipfire'}); - system '/usr/local/bin/ipfirereboot boot'; -} - -if ($death == 0 && $rebirth == 0) { - -print < - - - - - - -
-END -; -print < - - "; - } else { - print ""; - } - - my $active = "
$Lang::tr{'network'} - IP - $Lang::tr{'status'} -
$Lang::tr{'internet'}
-
$ipaddr - $connstate -END -if ( $netsettings{'RED_TYPE'} ne "STATIC" && $netsettings{'RED_TYPE'} ne "DHCP" ){ -print `/usr/local/bin/dialctrl.pl show`; -print < -
$Lang::tr{'profile'}: - -
-
- - -
- -
-
- -
-
-END - } else { - print "$Lang::tr{'profile has errors'}\n \n"; - } -} - my $HOSTNAME = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0]; - if ( "$HOSTNAME" ne "" ) { - print <
Hostname:$HOSTNAME  -END - } - - if ( -e "/var/ipfire/red/remote-ipaddress" ) { - my $GATEWAY = `cat /var/ipfire/red/remote-ipaddress`; - chomp($GATEWAY); - print <Gateway:$GATEWAY  -END - } - - my $DNS1 = `cat /var/ipfire/red/dns1`; - my $DNS2 = `cat /var/ipfire/red/dns2`; - chomp($DNS1); - chomp($DNS1); - - if ( $DNS1 ) { print <DNS-Server:$DNS1 -END - } - if ( $DNS2 ) { print <$DNS2 -END - } else { print <  -END - } - - if ( $netsettings{'GREEN_DEV'} ) { print <$Lang::tr{'lan'} - $netsettings{'GREEN_ADDRESS'} - -END - if ( `cat /var/ipfire/proxy/advanced/settings | grep ^ENABLE=on` ) { - print "Proxy an"; - if ( `cat /var/ipfire/proxy/advanced/settings | grep ^TRANSPARENT=on` ) { print " (transparent)"; } - } else { print "Proxy aus"; } - } - if ( $netsettings{'BLUE_DEV'} ) { print <$Lang::tr{'wireless'}
-
$netsettings{'BLUE_ADDRESS'} - -END - if ( `cat /var/ipfire/proxy/advanced/settings | grep ^ENABLE_BLUE=on` ) { - print "Proxy an"; - if ( `cat /var/ipfire/proxy/advanced/settings | grep ^TRANSPARENT_BLUE=on` ) { print " (transparent)"; } - } else { print "Proxy aus"; } - } - if ( $netsettings{'ORANGE_DEV'} ) { print <$Lang::tr{'dmz'}
-
$netsettings{'ORANGE_ADDRESS'} - Online -END - } - if ( `cat /var/ipfire/vpn/settings | grep ^ENABLED=on` || - `cat /var/ipfire/vpn/settings | grep ^ENABLED_BLUE=on` ) { - my $ipsecip = `cat /var/ipfire/vpn/settings | grep ^VPN_IP= | cut -c 8-`; - my @status = `/usr/sbin/ipsec auto --status`; - my %confighash = (); - &General::readhasharray("${General::swroot}/vpn/config", \%confighash); - print <$Lang::tr{'vpn'}
-
$ipsecip - Online -END - my $id = 0; - my $gif; - foreach my $key (keys %confighash) { - if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } - - if ($id % 2) { - print "
 $confighash{$key}[1] / " . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")
 $confighash{$key}[1] / " . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")
$Lang::tr{'capsclosed'}
"; - if ($confighash{$key}[0] eq 'off') { - $active = "
$Lang::tr{'capsclosed'}
"; - } else { - foreach my $line (@status) { - if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) { - $active = "
$Lang::tr{'capsopen'}
"; - } - } - } - print "$active"; - } - } - if ( `cat /var/ipfire/ovpn/settings | grep ^ENABLED=on` || - `cat /var/ipfire/ovpn/settings | grep ^ENABLED_BLUE=on` || - `cat /var/ipfire/ovpn/settings | grep ^ENABLED_ORANGE=on`) { - my $ovpnip = `cat /var/ipfire/ovpn/settings | grep ^DOVPN_SUBNET= | cut -c 14- | sed -e 's\/\\/255.255.255.0\/\/'`; - print <OpenVPN
- $ovpnip - Online -END - } - -# Memory usage warning -my @free = `/usr/bin/free`; -$free[1] =~ m/(\d+)/; -my $mem = $1; -$free[2] =~ m/(\d+)/; -my $used = $1; -my $pct = int 100 * ($mem - $used) / $mem; -if ($used / $mem > 90) { - $warnmessage .= "
  • $Lang::tr{'high memory usage'}: $pct% !
  • \n"; -} - -# Diskspace usage warning -my @temp=(); -my $temp2=(); -my @df = `/bin/df -B M -x rootfs`; -foreach my $line (@df) { - next if $line =~ m/^Filesystem/; - if ($line =~ m/root/ ) { - $line =~ m/^.* (\d+)M.*$/; - @temp = split(/ +/,$line); - if ($1<5) { - # available:plain value in MB, and not %used as 10% is too much to waste on small disk - # and root size should not vary during time - $warnmessage .= "$Lang::tr{'filesystem full'}: $temp[0] $Lang::tr{'free'}=$1M !\n"; - } - - } else { - # $line =~ m/^.* (\d+)m.*$/; - $line =~ m/^.* (\d+)\%.*$/; - if ($1>90) { - @temp = split(/ /,$line); - $temp2=int(100-$1); - $warnmessage .= "$Lang::tr{'filesystem full'}: $temp[0] $Lang::tr{'free'}=$temp2% !\n"; - } - } -} - -if ($warnmessage) { - print "$warnmessage"; -} -print < - -END -} else { - my $message=''; - if ($death) { - $message = $Lang::tr{'ipfire has now shutdown'}; - } else { - $message = $Lang::tr{'ipfire has now rebooted'}; - } - print < - - -
    -




    -
    -
    -$message - -END -; -} -&Header::closebox(); -&Header::closebigbox(); -&Header::closepage(); diff --git a/html/cgi-bin/ipinfo.cgi b/html/cgi-bin/ipinfo.cgi deleted file mode 100644 index bc214f095..000000000 --- a/html/cgi-bin/ipinfo.cgi +++ /dev/null @@ -1,111 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use IO::Socket; -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %cgiparams=(); - -&Header::showhttpheaders(); - -&Header::getcgihash(\%cgiparams); - -$ENV{'QUERY_STRING'} =~s/&//g; -my @addrs = split(/ip=/,$ENV{'QUERY_STRING'}); - -my %whois_servers = ("RIPE"=>"whois.ripe.net","APNIC"=>"whois.apnic.net","LACNIC"=>"whois.lacnic.net"); - -&Header::openpage($Lang::tr{'ip info'}, 1, ''); - -&Header::openbigbox('100%', 'left'); -my @lines=(); -my $extraquery=''; -foreach my $addr (@addrs) { -next if $addr eq ""; - $extraquery=''; - @lines=(); - my $whoisname = "whois.arin.net"; - my $iaddr = inet_aton($addr); - my $hostname = gethostbyaddr($iaddr, AF_INET); - if (!$hostname) { $hostname = $Lang::tr{'lookup failed'}; } - - my $sock = new IO::Socket::INET ( PeerAddr => $whoisname, PeerPort => 43, Proto => 'tcp'); - if ($sock) - { - print $sock "$addr\n"; - while (<$sock>) { - $extraquery = $1 if (/NetType: Allocated to (\S+)\s+/); - push(@lines,$_); - } - close($sock); - if ($extraquery) { - undef (@lines); - $whoisname = $whois_servers{$extraquery}; - my $sock = new IO::Socket::INET ( PeerAddr => $whoisname, PeerPort => 43, Proto => 'tcp'); - if ($sock) - { - print $sock "$addr\n"; - while (<$sock>) { - push(@lines,$_); - } - } - else - { - @lines = ( "$Lang::tr{'unable to contact'} $whoisname" ); - } - } - } - else - { - @lines = ( "$Lang::tr{'unable to contact'} $whoisname" ); - } - - &Header::openbox('100%', 'left', $addr . ' (' . $hostname . ') : '.$whoisname); - print "
    \n";
    -	foreach my $line (@lines) {
    -		print &Header::cleanhtml($line,"y");
    -	}
    -	print "
    \n"; - &Header::closebox(); -} - -print < - - - - -
    $Lang::tr{'back'}
    - -END -; - -&Header::closebigbox(); - -&Header::closepage(); diff --git a/html/cgi-bin/iptables.cgi b/html/cgi-bin/iptables.cgi deleted file mode 100644 index 7f29365a8..000000000 --- a/html/cgi-bin/iptables.cgi +++ /dev/null @@ -1,122 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my @iplines; -my $lines = 0; -my @ipmanlines; -my $manlines = 0; -my @ipnatlines; -my $natlines = 0; - -system('/usr/local/bin/getipstat'); - -&Header::showhttpheaders(); -&Header::openpage($Lang::tr{'ipts'}, 1, ''); -&Header::openbigbox('100%', 'LEFT'); -&Header::openbox('100%', 'LEFT', $Lang::tr{'ipts'}.':'); -print < -
    -END
    -;
    -	open (FILE, '/srv/web/ipfire/html/iptables.txt');
    -	while ()
    -       {
    -         	$iplines[$lines] = $_;
    -		$lines++;
    -       }
    -	close (FILE);
    -	foreach $_ (@iplines) {
    -		print "$_"; }
    -
    -print <
    -    
    -    
    - -END -; -&Header::closebox(); - -## MANGLE -&Header::openbox('100%', 'LEFT', $Lang::tr{'iptmangles'}.':'); -print < -
    -END
    -;
    -	open (FILEMAN, '/srv/web/ipfire/html/iptablesmangle.txt');
    -	while ()
    -       {
    -         	$ipmanlines[$manlines] = $_;
    -		$manlines++;
    -       }
    -	close (FILEMAN);
    -	foreach $_ (@ipmanlines) {
    -		print "$_"; }
    -
    -print <
    -    
    -    
    - -END -; -&Header::closebox(); - -## NAT -&Header::openbox('100%', 'LEFT', $Lang::tr{'iptnats'}.':'); -print < -
    -END
    -;
    -	open (FILENAT, '/srv/web/ipfire/html/iptablesnat.txt');
    -	while ()
    -       {
    -         	$ipnatlines[$natlines] = $_;
    -		$natlines++;
    -       }
    -	close (FILENAT);
    -	foreach $_ (@ipnatlines) {
    -		print "$_"; }
    -
    -print <
    -    
    -    
    - -END -; -&Header::closebox(); -&Header::closebigbox(); -&Header::closepage(); - -system(rm -f "/srv/web/ipfire/html/iptables.txt"); -system(rm -f "/srv/web/ipfire/html/iptablesmangle.txt"); -system(rm -f "/srv/web/ipfire/html/iptablesnat.txt"); diff --git a/html/cgi-bin/logs.cgi/calamaris.dat b/html/cgi-bin/logs.cgi/calamaris.dat deleted file mode 100644 index 19a369399..000000000 --- a/html/cgi-bin/logs.cgi/calamaris.dat +++ /dev/null @@ -1,558 +0,0 @@ -#!/usr/bin/perl -# -# This code is distributed under the terms of the GPL -# -# (c) 2005,2006 marco.s -# -# $Id: calamaris.dat,v 2.1 2006/03/12 00:00:00 marco.s Exp $ -# - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -use Time::Local; -use IO::Socket; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my $unique=time; - -my $squidlogdir = "/var/log/squid"; -my $reportdir = "${General::swroot}/proxy/calamaris/reports"; - -unless (-e $reportdir) { mkdir($reportdir) } - -my %cgiparams=(); -my %reportsettings=(); -my %selected=(); -my %checked=(); - -my $errormessage=''; - -my $hintcolour='#FFFFCC'; - -my $commandline=''; - -my %monthidx = (qw(Jan 0 Feb 1 Mar 2 Apr 3 May 4 Jun 5 Jul 6 Aug 7 Sep 8 Oct 9 Nov 10 Dec 11)); - -my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, - $Lang::tr{'august'}, $Lang::tr{'september'}, $Lang::tr{'october'}, - $Lang::tr{'november'}, $Lang::tr{'december'} ); - -my @now = localtime(time); -my $year = $now[5]+1900; - -my $day_begin=0; -my $month_begin=0; -my $year_begin=0; -my $day_end=0; -my $month_end=0; -my $year_end=0; - -$reportsettings{'ACTION'} = ''; - -$reportsettings{'DAY_BEGIN'} = $now[3]; -$reportsettings{'MONTH_BEGIN'} = $now[4]; -$reportsettings{'YEAR_BEGIN'} = $now[5]+1900; -$reportsettings{'DAY_END'} = $now[3]; -$reportsettings{'MONTH_END'} = $now[4]; -$reportsettings{'YEAR_END'} = $now[5]+1900; - -$reportsettings{'ENABLE_DOMAIN'} = 'off'; -$reportsettings{'NUM_DOMAINS'} = '10'; -$reportsettings{'ENABLE_PERFORMANCE'} = 'off'; -$reportsettings{'PERF_INTERVAL'} = '60'; -$reportsettings{'ENABLE_CONTENT'} = 'off'; -$reportsettings{'NUM_CONTENT'} = '10'; -$reportsettings{'ENABLE_REQUESTER'} = 'off'; -$reportsettings{'ENABLE_USERNAME'} = 'off'; -$reportsettings{'NUM_HOSTS'} = '10'; -$reportsettings{'NUM_URLS'} = '0'; -$reportsettings{'ENABLE_HISTOGRAM'} = 'off'; -$reportsettings{'HIST_LEVEL'} = '10'; -$reportsettings{'ENABLE_VERBOSE'} = 'off'; -$reportsettings{'BYTE_UNIT'} = 'B'; -$reportsettings{'SKIP_GZLOGS'} = 'off'; -$reportsettings{'RUN_BACKGROUND'} = 'off'; - -&Header::getcgihash(\%reportsettings); - -if ($reportsettings{'ACTION'} eq $Lang::tr{'calamaris create report'}) -{ - $cgiparams{'DAY_BEGIN'} = $reportsettings{'DAY_BEGIN'}; - $cgiparams{'MONTH_BEGIN'} = $reportsettings{'MONTH_BEGIN'}; - $cgiparams{'YEAR_BEGIN'} = $reportsettings{'YEAR_BEGIN'}; - $cgiparams{'DAY_END'} = $reportsettings{'DAY_END'}; - $cgiparams{'MONTH_END'} = $reportsettings{'MONTH_END'}; - $cgiparams{'YEAR_END'} = $reportsettings{'YEAR_END'}; - - delete $reportsettings{'DAY_BEGIN'}; - delete $reportsettings{'MONTH_BEGIN'}; - delete $reportsettings{'YEAR_BEGIN'}; - delete $reportsettings{'DAY_END'}; - delete $reportsettings{'MONTH_END'}; - delete $reportsettings{'YEAR_END'}; - - &General::writehash("${General::swroot}/proxy/calamaris/settings", \%reportsettings); - - $reportsettings{'DAY_BEGIN'} = $cgiparams{'DAY_BEGIN'}; - $reportsettings{'MONTH_BEGIN'} = $cgiparams{'MONTH_BEGIN'}; - $reportsettings{'YEAR_BEGIN'} = $cgiparams{'YEAR_BEGIN'}; - $reportsettings{'DAY_END'} = $cgiparams{'DAY_END'}; - $reportsettings{'MONTH_END'} = $cgiparams{'MONTH_END'}; - $reportsettings{'YEAR_END'} = $cgiparams{'YEAR_END'}; - - $day_begin = $reportsettings{'DAY_BEGIN'}; - $month_begin = $reportsettings{'MONTH_BEGIN'}; - $year_begin = $reportsettings{'YEAR_BEGIN'}; - $day_end = $reportsettings{'DAY_END'}; - $month_end = $reportsettings{'MONTH_END'}; - $year_end = $reportsettings{'YEAR_END'}; - - if ($reportsettings{'SKIP_GZLOGS'} eq 'on') { $commandline.='nogz '; } - - $commandline.="$day_begin $month_begin $year_begin $day_end $month_end $year_end"; - - if ($reportsettings{'ENABLE_DOMAIN'} eq 'on') - { - $commandline.=' -d '; - $commandline.=$reportsettings{'NUM_DOMAINS'}; - } - if ($reportsettings{'ENABLE_PERFORMANCE'} eq 'on') - { - $commandline.=' -P '; - $commandline.=$reportsettings{'PERF_INTERVAL'}; - } - if ($reportsettings{'ENABLE_CONTENT'} eq 'on') - { - $commandline.=' -t '; - $commandline.=$reportsettings{'NUM_CONTENT'}; - } - if ($reportsettings{'ENABLE_HISTOGRAM'} eq 'on') - { - $commandline.=' -D '; - $commandline.=$reportsettings{'HIST_LEVEL'}; - } - if ($reportsettings{'ENABLE_REQUESTER'} eq 'on') - { - if ($reportsettings{'ENABLE_USERNAME'} eq 'on') - { - $commandline.=' -u'; - } - $commandline.=' -r '; - $commandline.=$reportsettings{'NUM_HOSTS'}; - - unless ($reportsettings{'NUM_URLS'} eq '0') - { - $commandline.=' -R '; - $commandline.=$reportsettings{'NUM_URLS'}; - } - } - unless ($reportsettings{'BYTE_UNIT'} eq 'B') - { - $commandline.=' -U '; - $commandline.=$reportsettings{'BYTE_UNIT'}; - } - if ($reportsettings{'ENABLE_VERBOSE'} eq 'on') - { - $commandline.=' -s'; - } - - $commandline.=' < /dev/null > /dev/null 2>&1'; - - if ($reportsettings{'RUN_BACKGROUND'} eq 'on') { $commandline.=" &"; } - - system("${General::swroot}/proxy/calamaris/bin/mkreport $commandline") -} - -if ($reportsettings{'ACTION'} eq $Lang::tr{'export'}) -{ - print "Content-type: application/octet-stream\n"; - print "Content-length: "; - print (-s "$reportdir/$reportsettings{'REPORT'}"); - print "\n"; - print "Content-disposition: attachment; filename=$reportsettings{'REPORT'}\n\n"; - - open (FILE, "$reportdir/$reportsettings{'REPORT'}"); - while () { print; } - close (FILE); - - exit; -} - -if ($reportsettings{'ACTION'} eq $Lang::tr{'delete'}) { unlink("$reportdir/$reportsettings{'REPORT'}"); } - -if (-e "${General::swroot}/proxy/calamaris/settings") -{ - &General::readhash("${General::swroot}/proxy/calamaris/settings", \%reportsettings); -} - -&Header::showhttpheaders(); - -$checked{'ENABLE_DOMAIN'}{'off'} = ''; -$checked{'ENABLE_DOMAIN'}{'on'} = ''; -$checked{'ENABLE_DOMAIN'}{$reportsettings{'ENABLE_DOMAIN'}} = "checked='checked'"; -$selected{'NUM_DOMAINS'}{$reportsettings{'NUM_DOMAINS'}} = "selected='selected'"; -$checked{'ENABLE_PERFORMANCE'}{'off'} = ''; -$checked{'ENABLE_PERFORMANCE'}{'on'} = ''; -$checked{'ENABLE_PERFORMANCE'}{$reportsettings{'ENABLE_PERFORMANCE'}} = "checked='checked'"; -$selected{'PERF_INTERVAL'}{$reportsettings{'PERF_INTERVAL'}} = "selected='selected'"; -$checked{'ENABLE_CONTENT'}{'off'} = ''; -$checked{'ENABLE_CONTENT'}{'on'} = ''; -$checked{'ENABLE_CONTENT'}{$reportsettings{'ENABLE_CONTENT'}} = "checked='checked'"; -$selected{'NUM_CONTENT'}{$reportsettings{'NUM_CONTENT'}} = "selected='selected'"; -$checked{'ENABLE_REQUESTER'}{'off'} = ''; -$checked{'ENABLE_REQUESTER'}{'on'} = ''; -$checked{'ENABLE_REQUESTER'}{$reportsettings{'ENABLE_REQUESTER'}} = "checked='checked'"; -$checked{'ENABLE_USERNAME'}{'off'} = ''; -$checked{'ENABLE_USERNAME'}{'on'} = ''; -$checked{'ENABLE_USERNAME'}{$reportsettings{'ENABLE_USERNAME'}} = "checked='checked'"; -$selected{'NUM_HOSTS'}{$reportsettings{'NUM_HOSTS'}} = "selected='selected'"; -$selected{'NUM_URLS'}{$reportsettings{'NUM_URLS'}} = "selected='selected'"; -$checked{'ENABLE_HISTOGRAM'}{'off'} = ''; -$checked{'ENABLE_HISTOGRAM'}{'on'} = ''; -$checked{'ENABLE_HISTOGRAM'}{$reportsettings{'ENABLE_HISTOGRAM'}} = "checked='checked'"; -$selected{'HIST_LEVEL'}{$reportsettings{'HIST_LEVEL'}} = "selected='selected'"; -$checked{'ENABLE_VERBOSE'}{'off'} = ''; -$checked{'ENABLE_VERBOSE'}{'on'} = ''; -$checked{'ENABLE_VERBOSE'}{$reportsettings{'ENABLE_VERBOSE'}} = "checked='checked'"; -$selected{'BYTE_UNIT'}{$reportsettings{'BYTE_UNIT'}} = "selected='selected'"; -$checked{'SKIP_GZLOGS'}{'off'} = ''; -$checked{'SKIP_GZLOGS'}{'on'} = ''; -$checked{'SKIP_GZLOGS'}{$reportsettings{'SKIP_GZLOGS'}} = "checked='checked'"; -$checked{'RUN_BACKGROUND'}{'off'} = ''; -$checked{'RUN_BACKGROUND'}{'on'} = ''; -$checked{'RUN_BACKGROUND'}{$reportsettings{'RUN_BACKGROUND'}} = "checked='checked'"; - -&Header::openpage($Lang::tr{'calamaris proxy reports'}, 1, ''); - -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); - -print < - - - - - - - - - - - - - - -
    $Lang::tr{'calamaris report period'}
    $Lang::tr{'from'}: - - - $Lang::tr{'to'}: - - -
    - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'calamaris report options'}
    $Lang::tr{'calamaris enable domain report'}: [-d]$Lang::tr{'calamaris number of domains'}:
    $Lang::tr{'calamaris enable performance report'}: [-P]$Lang::tr{'calamaris report interval (in minutes)'}:
    $Lang::tr{'calamaris enable content report'}: [-t]$Lang::tr{'calamaris number of content types'}:
    $Lang::tr{'calamaris enable requester report'}: [-r/-R]$Lang::tr{'calamaris number of requesting hosts'}:
    $Lang::tr{'calamaris show usernames'}: [-u]$Lang::tr{'calamaris number of requested urls'}:
    $Lang::tr{'calamaris enable distribution histogram'}: [-D]$Lang::tr{'calamaris histogram resolution'}:
    $Lang::tr{'calamaris enable verbose reporting'}: [-s]$Lang::tr{'calamaris byte unit'}:
    - -
    - - - - - - - - - - - -
    $Lang::tr{'calamaris performance options'}
    $Lang::tr{'calamaris skip archived logfiles'}:$Lang::tr{'calamaris run as background task'}:
    - -
    - - - - - - - - -
      
    - -END -; - -&Header::closebox(); - -&Header::openbox('100%', 'left', "$Lang::tr{'calamaris available reports'}:"); - -my @content=(); -my @reports=(); -my @reportdata=(); -my $description; - -undef @reports; - -foreach (<$reportdir/*>) -{ - open (FILE, "$_"); - @content=; - if ($content[3] =~ /^Report\speriod/) - { - $description = timelocal( - substr($content[4],31,2), - substr($content[4],28,2), - substr($content[4],25,2), - substr($content[4],15,2), - $monthidx{substr($content[4],18,3)}, - "20".substr($content[4],22,2)); - push(@reports,join("#",$description,substr($_,rindex($_,"/")+1),$content[3],$content[4])); - } - close FILE; -} - -@reports=reverse(sort(@reports)); - - -print < - -END -; - -if (@reports) -{ - print "\n"; -} else { print "$Lang::tr{'calamaris no reports available'}\n"; } - -print < - -
    - - - -END -; - -if (@reports) -{ -print <  - - - - - -END -; -} - -print < -
     
    - -END -; - -if (($reportsettings{'ACTION'} eq $Lang::tr{'calamaris view'}) && (!($reportsettings{'REPORT'} eq ''))) -{ - &Header::closebox(); - &Header::openbox('100%', 'left', "$Lang::tr{'calamaris view report'}:"); - print "
    \n";
    -	open (FILE, "$reportdir/$reportsettings{'REPORT'}");
    -	@content=;
    -	close FILE;
    -	foreach (@content)
    -	{
    -		s//\>/;
    -		print;
    -	}
    -	print "
    \n"; -} - -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); diff --git a/html/cgi-bin/logs.cgi/config.dat b/html/cgi-bin/logs.cgi/config.dat deleted file mode 100644 index f39981ed0..000000000 --- a/html/cgi-bin/logs.cgi/config.dat +++ /dev/null @@ -1,175 +0,0 @@ -#!/usr/bin/perl -# -# IPFire CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The IPFire Team -# -# $Id: config.dat,v 1.2.2.10 2005/06/14 12:32:07 eoberlander Exp $ -# - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %logsettings=(); -my %checked=(); -my %selected=(); -my $errormessage=''; - -&Header::showhttpheaders(); - -$logsettings{'LOGVIEW_REVERSE'} = 'off'; -$logsettings{'LOGVIEW_VIEWSIZE'} = '150'; -$logsettings{'LOGWATCH_LEVEL'} = 'Low'; -$logsettings{'LOGWATCH_KEEP'} = '56'; -my @VS = ('15','50','100','150','250','500'); -$logsettings{'ENABLE_REMOTELOG'} = 'off'; -$logsettings{'REMOTELOG_ADDR'} = ''; -$logsettings{'VARMESSAGES'} = 'cron.none;daemon.*;local0.*;local2.*;*.info;mail.none;authpriv.*'; -$logsettings{'ACTION'} = ''; -&Header::getcgihash(\%logsettings); - -if ($logsettings{'ACTION'} eq $Lang::tr{'save'}) -{ - if ($logsettings{'ENABLE_REMOTELOG'} eq 'on') - { - unless ( &General::validfqdn($logsettings{'REMOTELOG_ADDR'}) || - &General::validip ($logsettings{'REMOTELOG_ADDR'})) - { - $errormessage = $Lang::tr{'invalid logserver address'}; - } - } - unless ($logsettings{'LOGWATCH_KEEP'} =~ /^\d+$/) - { - $errormessage = $Lang::tr{'invalid keep time'}; - } - unless ($logsettings{'LOGWATCH_LEVEL'} =~ /^Low|Med|High$/) - { - $errormessage = $Lang::tr{'invalid input'}; - } - unless ($errormessage) - { - &General::writehash("${General::swroot}/logging/settings", \%logsettings); - system('/usr/local/bin/syslogdctrl') == 0 - or $errormessage = "$Lang::tr{'bad return code'} " . $?/256; - } - -} - -&General::readhash("${General::swroot}/logging/settings", \%logsettings); - -$checked{'ENABLE_REMOTELOG'}{'off'} = ''; -$checked{'ENABLE_REMOTELOG'}{'on'} = ''; -$checked{'ENABLE_REMOTELOG'}{$logsettings{'ENABLE_REMOTELOG'}} = "checked='checked'"; - -$checked{'LOGVIEW_REVERSE'}{'off'} = ''; -$checked{'LOGVIEW_REVERSE'}{'on'} = ''; -$checked{'LOGVIEW_REVERSE'}{$logsettings{'LOGVIEW_REVERSE'}} = "checked='checked'"; - -$selected{'LOGWATCH_LEVEL'}{'Low'} = ''; -$selected{'LOGWATCH_LEVEL'}{'Med'} = ''; -$selected{'LOGWATCH_LEVEL'}{'High'} = ''; -$selected{'LOGWATCH_LEVEL'}{$logsettings{'LOGWATCH_LEVEL'}} = "selected='selected'"; - -map ($selected{'LOGVIEW_VIEWSIZE'}{$_} = '', @VS); -$selected{'LOGVIEW_VIEWSIZE'}{$logsettings{'LOGVIEW_VIEWSIZE'}} = "selected='selected'"; - -&Header::openpage($Lang::tr{'log settings'}, 1, ''); - -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -print "
    \n"; - -&Header::openbox('100%', 'left', $Lang::tr{'log viewing options'}); -print < - - - $Lang::tr{'reverse sort'} - $Lang::tr{'log lines per page'}:  -  $Lang::tr{'days'} - $Lang::tr{'detail level'}: - - - -END -; -&Header::closebox(); - -&Header::openbox('100%', 'left', $Lang::tr{'remote logging'}); -print < - - $Lang::tr{'enabled'} - $Lang::tr{'log server address'} - - -END -; -&Header::closebox(); - -&Header::openbox('100%', 'left', $Lang::tr{'messages logging'}); -print < - - $Lang::tr{'log var messages'} - - -END -; -&Header::closebox(); - -print < - - - - -
    - -END -; - -print "\n"; - -&Header::closebigbox(); - -&Header::closepage(); diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat deleted file mode 100644 index 2812d435e..000000000 --- a/html/cgi-bin/logs.cgi/firewalllog.dat +++ /dev/null @@ -1,420 +0,0 @@ -#!/usr/bin/perl -# -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The SmoothWall Team -# -# $Id: firewalllog.dat,v 1.4.2.18 2005/08/23 12:01:50 eoberlander Exp $ -# -# July 28, 2003 - Darren Critchley - darren@kdi.ca -# - added source mac adapter to layout -# -use strict; - -use Geo::IP::PurePerl; -use Getopt::Std; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -use POSIX(); - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::table2colour} ); -undef (@dummy); - -my %cgiparams=(); -my %logsettings=(); -my $errormessage = ''; - -my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); -my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); - -my @now = localtime(); -my $dow = $now[6]; -my $doy = $now[7]; -my $tdoy = $now[7]; -my $year = $now[5]+1900; - -$cgiparams{'DAY'} = $now[3]; -$cgiparams{'MONTH'} = $now[4]; -$cgiparams{'ACTION'} = ''; - -&Header::getcgihash(\%cgiparams); -$logsettings{'LOGVIEW_REVERSE'} = 'off'; -&General::readhash("${General::swroot}/logging/settings", \%logsettings); -${Header::viewsize} = defined ($logsettings{'LOGVIEW_VIEWSIZE'}) ? $logsettings{'LOGVIEW_VIEWSIZE'} : 150; - -my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index of firts line number to display - -if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) -{ - my @temp = split(',',$ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; -} - -if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || - !($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) -{ - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; -} -elsif($cgiparams{'ACTION'} eq '>>') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - if ($cgiparams{'DAY'}) { - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day + - ## 86400 seconds in a day - } else { - $temp_now[3] = 1; - $temp_now[4] = ($temp_now[4]+1) %12; - @temp_then = localtime(POSIX::mktime(@temp_now) ); - $temp_then[3] = 0; - } - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} -elsif($cgiparams{'ACTION'} eq '<<') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - if ($cgiparams{'DAY'}) { - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - } else { - $temp_now[3] = 1; - $temp_now[4] = ($temp_now[4]-1) %12; - @temp_then = localtime(POSIX::mktime(@temp_now) ); - $temp_then[3] = 0; - } - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} - -# Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of access.log -my $gzindex; -my $date = $cgiparams{'DAY'} == 0 ? '' : $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; - -{ - my $xday; - - # Calculate time. If future date, calculate for past year !!! - if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ); - $date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1); - } else { - $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ); - $date = "$longmonths[$cgiparams{'MONTH'}] $date, $year"; - } - - # calculate end of active week (saturday 23H59) - my @then = (); - @then = localtime(time()); - my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]); - $sunday += (6-$then[6]) * 86400; - - # Convert delta in second to full weeks - $gzindex = int (($sunday-$xday)/604800 ); -} - -my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; -my $daystr = $cgiparams{'DAY'} == 0 ? '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; - -my $lines = 0; -my @log=(); - -my $loop = 1; -my $filestr = 0; -my $lastdatetime; # for debug -my $search_for_end = 0; - -while ($gzindex >=0 && $loop) { - # calculate file name - if ($gzindex == 0) { - $filestr = "/var/log/messages"; - } else { - $filestr = "/var/log/messages.$gzindex"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - # now read file if existing - if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) { - #&General::log("reading $filestr"); - READ:while () { - my $line = $_; - if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ kernel:.*IN=.*$/) { - # when standart viewing, just keep in memory the correct slice - # it starts a '$start' and size is $viewport - # If export, then keep all lines... - if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){ - $log[$lines++] = "$line"; - } else { - if ($lines++ < ($start + $Header::viewsize)) { - push(@log,"$line"); - if (@log > $Header::viewsize) { - shift (@log); - } - #} else { dont do this optimisation, need to count lines ! - # $datetime = $maxtime; # we have read viewsize lines, stop main loop - # last READ; # exit read file - } - } - $search_for_end = 1; # we find the start of slice, can look for end now - } else { - if ($search_for_end == 1) { - #finish read files when date is over (test month equality only) - $line =~ /^(...) (..) ..:..:..*$/; - $loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) ); - } - } - } - close (FILE); - } - $gzindex--; # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped - # for a long time -}# while - -# $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - -if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}) -{ - print "Content-type: text/plain\n\n"; - print "IPFire firewall log\r\n"; - print "$Lang::{'date'}: $date\r\n\r\n"; - - if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } - - foreach $_ (@log) - { - /^... (..) (..:..:..) [\w\-]+ kernel:.*(IN=.*)$/; - my $day = $1; - $day =~ tr / /0/; - my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; - print "$time $3\r\n"; - - } - exit 0; -} - -&Header::showhttpheaders(); - -&Header::openpage($Lang::tr{'firewall log'}, 1, ''); - -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); - -print < - - - - - - - - - - - -
    $Lang::tr{'month'}:  -  $Lang::tr{'day'}:  -
    - -END -; - -&Header::closebox(); - -&Header::openbox('100%', 'left', $Lang::tr{'log'}); -print "

    $Lang::tr{'firewall hits'} $date: $lines

    "; - -$start = $lines - ${Header::viewsize} if ($start >= $lines - ${Header::viewsize}); -$start = 0 if ($start < 0); - -my $prev; - if ($start == 0) { - $prev = -1; - } else { - $prev = $start - ${Header::viewsize}; - $prev = 0 if ( $prev < 0); - } - -my $next; - if ($start == $lines - ${Header::viewsize}) { - $next = -1; - } else { - $next = $start + ${Header::viewsize}; - $next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize}); - } - -if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } -if ($lines != 0) { &oldernewer(); } - -print < - - $Lang::tr{'time'} - $Lang::tr{'chain'} - $Lang::tr{'iface'} - $Lang::tr{'proto'} - $Lang::tr{'source'}
    $Lang::tr{'destination'}
    - $Lang::tr{'src port'}
    $Lang::tr{'dst port'}
    - Flag - $Lang::tr{'mac address'} - -END -; - - -$lines = 0; -foreach $_ (@log) -{ - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; - my $day = $1; - $day =~ tr / /0/; - my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; - my $comment = $3; - my $packet = $4; - - $packet =~ /IN=(\w+)/; my $iface=$1; - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; - $packet =~ /DST=([\d\.]+)/; my $dstaddr=$1; - $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1; - $packet =~ /PROTO=(\w+)/; my $proto=$1; - $packet =~ /SPT=(\d+)/; my $srcport=$1; - $packet =~ /DPT=(\d+)/; my $dstport=$1; - - my $gi = Geo::IP::PurePerl->new(); - my $ccode = $gi->country_code_by_name($srcaddr); - my $fcode = lc($ccode); - - my $servi = uc(getservbyport($srcport, lc($proto))); - if ($servi ne '' && $srcport < 1024) { - $srcport = "$srcport($servi)"; } - $servi = uc(getservbyport($dstport, lc($proto))); - if ($servi ne '' && $dstport < 1024) { - $dstport = "$dstport($servi)";} - my @mactemp = split(/:/,$macaddr); - $macaddr = "$mactemp[6]:$mactemp[7]:$mactemp[8]:$mactemp[9]:$mactemp[10]:$mactemp[11]"; - if ($lines % 2) { - print "\n"; } - else { - print "\n"; } - print <$time - $comment - $iface - $proto - $srcaddr
    $dstaddr - $srcport
    $dstport -END -; - if ( $fcode ne "" ){ - print "$ccode";} - else { - print "";} - print <$macaddr - -END - ; - $lines++; -} - -print ""; - -&oldernewer(); - -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); - -sub oldernewer -{ -print < - -END -; - -print ""; -if ($prev != -1) { - print "$Lang::tr{'older'}"; } -else { - print "$Lang::tr{'older'}"; } -print "\n"; - -print ""; -if ($next >= 0) { - print "$Lang::tr{'newer'}"; } -else { - print "$Lang::tr{'newer'}"; } -print "\n"; - -print < - -END -; -} - diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi-bin/logs.cgi/firewalllogip.dat deleted file mode 100644 index 3ec3f6df2..000000000 --- a/html/cgi-bin/logs.cgi/firewalllogip.dat +++ /dev/null @@ -1,509 +0,0 @@ -#!/usr/bin/perl -# -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# JC HERITIER -# page inspired from the initial firewalllog.dat -# -# Modified for IPFire by Christian Schmidt -# and Michael Tremer (www.ipfire.org) - -use strict; -use Geo::IP::PurePerl; -use Getopt::Std; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -use POSIX(); - -my %cgiparams=(); -my %settings=(); -my $pienumber; -my $otherspie; -my $showpie; -my $sortcolumn; -my $errormessage = ''; - -$cgiparams{'pienumber'} = 10; -$cgiparams{'otherspie'} = 1; -$cgiparams{'showpie'} = 1; -$cgiparams{'sortcolumn'} = 1; - -my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); -my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); - -my @now = localtime(); -my $dow = $now[6]; -my $doy = $now[7]; -my $tdoy = $now[7]; -my $year = $now[5]+1900; - -$cgiparams{'DAY'} = $now[3]; -$cgiparams{'MONTH'} = $now[4]; -$cgiparams{'ACTION'} = ''; - -&General::readhash("${General::swroot}/fwlogs/ipsettings", \%settings); -if ($settings{'pienumber'} != 0) { $cgiparams{'pienumber'} = $settings{'pienumber'} }; -if ($settings{'otherspie'} != 0) { $cgiparams{'otherspie'} = $settings{'otherspie'} }; -if ($settings{'showpie'} != 0) { $cgiparams{'showpie'} = $settings{'showpie'} }; -if ($settings{'sortcolumn'} != 0) { $cgiparams{'sortcolumn'} = $settings{'sortcolumn'} }; - -&Header::getcgihash(\%cgiparams); -if ($cgiparams{'pienumber'} != 0) { $settings{'pienumber'} = $cgiparams{'pienumber'} }; -if ($cgiparams{'otherspie'} != 0) { $settings{'otherspie'} = $cgiparams{'otherspie'} }; -if ($cgiparams{'showpie'} != 0) { $settings{'showpie'} = $cgiparams{'showpie'} }; -if ($cgiparams{'sortcolumn'} != 0) { $settings{'sortcolumn'} = $cgiparams{'sortcolumn'} }; - -if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) -{ - &General::writehash("${General::swroot}/fwlogs/ipsettings", \%settings); -} - -my $start = -1; -if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) -{ - my @temp = split(',',$ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; -} - -if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || - !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) -{ - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; -} -elsif($cgiparams{'ACTION'} eq '>>') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} -elsif($cgiparams{'ACTION'} eq '<<') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} - -if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) -{ - my @then = (); - if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); - } else { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); - } - $tdoy = $then[7]; - my $lastleap=($year-1)%4; - if ($tdoy>$doy) { - if ($lastleap == 0 && $tdoy < 60) { - $doy=$tdoy+366; - } else { - $doy=$doy+365; - } - } -} - -my $datediff=0; -my $dowd=0; -my $multifile=0; -if ($tdoy ne $doy) { - $datediff=int(($doy-$tdoy)/7); - $dowd=($doy-$tdoy)%7; - if (($dow-$dowd)<1) { - $datediff=$datediff+1; - } - if (($dow-$dowd)==0) { - $multifile=1; - } -} - -my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; -my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; -my $day = $cgiparams{'DAY'}; -my $daystr=''; -if ($day <= 9) { - $daystr = " $day"; } -else { - $daystr = $day; -} - -my $skip=0; -my $filestr=''; -if ($datediff==0) { - $filestr="/var/log/messages"; -} else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; -} - -if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - # Note: This is in case the log does not exist for that date -} -my $lines = 0; -my @log=(); - -if (!$skip) -{ - while () - { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - $log[$lines] = $_; - $lines++; - } - } - close (FILE); -} - -$skip=0; -if ($multifile) { - $datediff=$datediff-1; - if ($datediff==0) { - $filestr="/var/log/messages"; - } else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - } - if (!$skip) { - while () { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - $log[$lines] = $_; - $lines++; - } - } - close (FILE); - } -} - -my $MODNAME="fwlogs"; - -&Header::showhttpheaders(); -&Header::openpage($Lang::tr{'firewall log'}, 1, ''); -&Header::openbigbox('100%', 'left', '', $errormessage); - - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); - -print < - - - - - - - - - - -
    $Lang::tr{'month'}:  -  $Lang::tr{'day'}:  -
    - - - - -
    $Lang::tr{'Number of IPs for the pie chart'}:
    - -END -; - -&Header::closebox(); - -&Header::openbox('100%', 'left', 'Firewall Logs'); -print "

    $Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines

    "; - -my $linesjc = 0; -my %tabjc; - -if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber = $lines; }; -$lines = 0; -foreach $_ (@log) -{ - if($_ =~ /SRC\=([\d\.]+)/){ - $tabjc{$1} = $tabjc{$1} + 1 ; - if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } - $linesjc++; - } -} - -$pienumber = $lines; - -my @keytabjc = keys %tabjc; - -my @slice; -my $go; -my $nblinejc; - -if( $cgiparams{'linejc'} eq 'all' ){ $nblinejc = $linesjc; $go=1; } -if( ($cgiparams{'linejc'} != 0) && ($cgiparams{'linejc'} ne 'all') ){ $nblinejc = $cgiparams{'linejc'}; $go=1;} -if( $go != 1){ $nblinejc = 1000; } - -my @key; -my @value; -my $indice=0; -my @tabjc2; - -if ($sortcolumn == 1) -{ - @tabjc2 = sort { $b <=> $a } values (%tabjc); -} -else -{ - @tabjc2 = sort { $a <=> $b } keys (%tabjc); -} - -my $colour=1; - -############################################## -#pie chart generation -use GD::Graph::pie; -use GD::Graph::colour; -#ips sort by hits number -my $v; - -if ($sortcolumn == 1) -{ - for ($v=0;$v<$pienumber;$v++){ - findkey($tabjc2[$v]); - } -} -else -{ - foreach $v (@tabjc2) { - $key[$indice] = $v; - $value[$indice] = $tabjc{$v}; - $indice++; - } -} - -my @ips; -my @numb; - -@ips = @key; -@numb = @value; - -my $o; - -if($cgiparams{'otherspie'} == 2 ){} -else{ - my $numothers; - for($o=0;$o<$pienumber;$o++){ - $numothers = $numothers + $numb[$o]; - } - $numothers = $linesjc - $numothers; - if ($numothers > 0) { - $ips[$pienumber]="$Lang::tr{'otherip'}"; - $numb[$pienumber] = $numothers; - } -} - -my @data = (\@ips,\@numb); -use GD::Graph::colour qw( :files ); - -my $color=0; -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) { - my $mygraph = GD::Graph::pie->new(500, 350); - $mygraph->set( - 'title' => '', - 'pie_height' => 50, - 'start_angle' => 89 - ) or warn $mygraph->error; - - $mygraph->set_value_font(GD::gdMediumBoldFont); - $mygraph->set( dclrs => [ "$color{'color1'}" , "$color{'color2'}" , "$color{'color3'}" , "$color{'color4'}" , "$color{'color5'}" , "$color{'color6'}" , "$color{'color7'}" , "$color{'color8'}" , "$color{'color9'}" , "$color{'color10'}" ] ); - my $myimage = $mygraph->plot(\@data) or die $mygraph->error; - - my @filenames = glob("/srv/web/ipfire/html/graphs/fwlog-ip*.png"); - unlink(@filenames); - my $imagerandom = rand(1000000); - my $imagename = "/srv/web/ipfire/html/graphs/fwlog-ip$imagerandom.png"; - open(FILE,">$imagename"); - print FILE $myimage->png; - close(FILE); - ##################################################### - print "
    "; - print ""; - print "
    "; -} - -print < - - -IP -Flag -Count -Percent - -END -; - -my $total=0; -my $show=0; - -my $s; -my $percent; - -for($s=0;$s<$lines;$s++) -{ - $show++; - $percent = $value[$s] * 100 / $linesjc; - $percent = sprintf("%.f", $percent); - $total = $total + $value[$s]; - if ( ($color % 10) == 1 ){print "\n";} - if ( ($color % 10) == 2 ){print "\n";} - if ( ($color % 10) == 3 ){print "\n";} - if ( ($color % 10) == 4 ){print "\n";} - if ( ($color % 10) == 5 ){print "\n";} - if ( ($color % 10) == 6 ){print "\n";} - if ( ($color % 10) == 7 ){print "\n";} - if ( ($color % 10) == 8 ){print "\n";} - if ( ($color % 10) == 9 ){print "\n";} - if ( ($color % 10) == 0 ){print "\n";} - - my $gi = Geo::IP::PurePerl->new(); - my $ccode = $gi->country_code_by_name($key[$s]); - my $fcode = lc($ccode); - - $color++; - print "
    "; - print "$key[$s]"; - if ( $fcode ne "" ){ - print "$ccode";} - else { - print "";} - print "$value[$s]"; - print "$percent"; - print ""; -} - -if($cgiparams{'otherspie'} == 2 ){} -else{ -if ( ($color % 10) == 1 ){print "\n";} -if ( ($color % 10) == 2 ){print "\n";} -if ( ($color % 10) == 3 ){print "\n";} -if ( ($color % 10) == 4 ){print "\n";} -if ( ($color % 10) == 5 ){print "\n";} -if ( ($color % 10) == 6 ){print "\n";} -if ( ($color % 10) == 7 ){print "\n";} -if ( ($color % 10) == 8 ){print "\n";} -if ( ($color % 10) == 9 ){print "\n";} -if ( ($color % 10) == 0 ){print "\n";} - -if ( $linesjc ne "0") -{ -my $dif; -$dif = $linesjc - $total; -$percent = $dif * 100 / $linesjc; -$percent = sprintf("%.f", $percent); -print < -$Lang::tr{'otherip'} - -$dif -$percent - -END -; -} -} -print < -END -; - -&Header::closebox(); -&Header::closebigbox(); -&Header::closepage(); - -sub findkey { - my $v; - foreach $v (@keytabjc) { - if ($tabjc{$v} eq $_[0]) { - delete $tabjc{$v}; - $key[$indice] = "$v"; - $value[$indice] = $_[0]; - $indice++; - last; - } - } -}sub checkversion { - #Automatic Updates is disabled - return "0","0"; - } diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat b/html/cgi-bin/logs.cgi/firewalllogport.dat deleted file mode 100644 index af9b85288..000000000 --- a/html/cgi-bin/logs.cgi/firewalllogport.dat +++ /dev/null @@ -1,501 +0,0 @@ -#!/usr/bin/perl -# -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# JC HERITIER -# page inspired from the initial firewalllog.dat -# -# Modified for IPFire by Christian Schmidt -# and Michael Tremer (www.ipfire.org) - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -use POSIX(); - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::table2colour} ); -undef (@dummy); - -my %cgiparams=(); -my %settings=(); -my $pienumber; -my $otherspie; -my $showpie; -my $sortcolumn; -my $errormessage = ''; - -$cgiparams{'pienumber'} = 10; -$cgiparams{'otherspie'} = 1; -$cgiparams{'showpie'} = 1; -$cgiparams{'sortcolumn'} = 1; - -my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); -my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); - -my @now = localtime(); -my $dow = $now[6]; -my $doy = $now[7]; -my $tdoy = $now[7]; -my $year = $now[5]+1900; - -$cgiparams{'DAY'} = $now[3]; -$cgiparams{'MONTH'} = $now[4]; -$cgiparams{'ACTION'} = ''; - -&General::readhash("${General::swroot}/fwlogs/portsettings", \%settings); -if ($settings{'pienumber'} != 0) { $cgiparams{'pienumber'} = $settings{'pienumber'} }; -if ($settings{'otherspie'} != 0) { $cgiparams{'otherspie'} = $settings{'otherspie'} }; -if ($settings{'showpie'} != 0) { $cgiparams{'showpie'} = $settings{'showpie'} }; -if ($settings{'sortcolumn'} != 0) { $cgiparams{'sortcolumn'} = $settings{'sortcolumn'} }; - -&Header::getcgihash(\%cgiparams); -if ($cgiparams{'pienumber'} != 0) { $settings{'pienumber'} = $cgiparams{'pienumber'} }; -if ($cgiparams{'otherspie'} != 0) { $settings{'otherspie'} = $cgiparams{'otherspie'} }; -if ($cgiparams{'showpie'} != 0) { $settings{'showpie'} = $cgiparams{'showpie'} }; -if ($cgiparams{'sortcolumn'} != 0) { $settings{'sortcolumn'} = $cgiparams{'sortcolumn'} }; - -if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) -{ - &General::writehash("${General::swroot}/fwlogs/portsettings", \%settings); -} - -my $start = -1; -if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) -{ - my @temp = split(',',$ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; -} - -if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || - !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) -{ - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; -} -elsif($cgiparams{'ACTION'} eq '>>') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} -elsif($cgiparams{'ACTION'} eq '<<') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} - -if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) -{ - my @then = (); - if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); - } else { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); - } - $tdoy = $then[7]; - my $lastleap=($year-1)%4; - if ($tdoy>$doy) { - if ($lastleap == 0 && $tdoy < 60) { - $doy=$tdoy+366; - } else { - $doy=$doy+365; - } - } -} - -my $datediff=0; -my $dowd=0; -my $multifile=0; -if ($tdoy ne $doy) { - $datediff=int(($doy-$tdoy)/7); - $dowd=($doy-$tdoy)%7; - if (($dow-$dowd)<1) { - $datediff=$datediff+1; - } - if (($dow-$dowd)==0) { - $multifile=1; - } -} - -my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; -my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; -my $day = $cgiparams{'DAY'}; -my $daystr=''; -if ($day <= 9) { - $daystr = " $day"; } -else { - $daystr = $day; -} - -my $skip=0; -my $filestr=''; -if ($datediff==0) { - $filestr="/var/log/messages"; -} else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; -} - -if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - # Note: This is in case the log does not exist for that date -} -my $lines = 0; -my @log=(); - -if (!$skip) -{ - while () - { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - $log[$lines] = $_; - $lines++; - } - } - close (FILE); -} - -$skip=0; -if ($multifile) { - $datediff=$datediff-1; - if ($datediff==0) { - $filestr="/var/log/messages"; - } else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - } - if (!$skip) { - while () { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - $log[$lines] = $_; - $lines++; - } - } - close (FILE); - } -} - -my $MODNAME="fwlogs"; - -&Header::showhttpheaders(); -&Header::openpage($Lang::tr{'firewall log'}, 1, ''); -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); - -print < - - - - - - - - - - -
    $Lang::tr{'month'}:  -  $Lang::tr{'day'}:  -
    - - - - -
    $Lang::tr{'Number of Ports for the pie chart'}:
    - -END -; - -&Header::closebox(); - -&Header::openbox('100%', 'left', 'Firewall Logs'); -print "

    $Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines

    "; - -my $linesjc = 0; -my %tabjc; - -if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber = $lines; }; -$lines = 0; -foreach $_ (@log) -{ - if($_ =~ /DPT\=([\d\.]+)/){ - $tabjc{$1} = $tabjc{$1} + 1 ; - if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } - $linesjc++; - } -} - -$pienumber = $lines; - -my @keytabjc = keys %tabjc; - -my @slice; -my $go; -my $nblinejc; - -if( $cgiparams{'linejc'} eq 'all' ){ $nblinejc = $linesjc; $go=1; } -if( ($cgiparams{'linejc'} != 0) && ($cgiparams{'linejc'} ne 'all') ){ $nblinejc = $cgiparams{'linejc'}; $go=1;} -if( $go != 1){ $nblinejc = 1000; } - -my @key; -my @value; -my $indice=0; -my @tabjc2; - -if ($sortcolumn == 1) -{ - @tabjc2 = sort { $b <=> $a } values (%tabjc); -} -else -{ - @tabjc2 = sort { $a <=> $b } keys (%tabjc); -} - -my $color=10; - - - -############################################## -#pie chart generation -use GD::Graph::pie; -use GD::Graph::colour; -#ports sort by hits number -#(port - number_of_hit) sorted by number_of_hit -my $v; - -if ($sortcolumn == 1) -{ - for ($v=0;$v<$pienumber;$v++){ - findkey($tabjc2[$v]); - } -} -else -{ - foreach $v (@tabjc2) { - $key[$indice] = $v; - $value[$indice] = $tabjc{$v}; - $indice++; - } -} - -my @ports; -my @numb; - -@ports = @key; -@numb = @value; - -my $o; - -if($cgiparams{'otherspie'} == 2 ){} -else{ - my $numothers; - for($o=0;$o<$pienumber;$o++){ - $numothers = $numothers + $numb[$o]; - } - $numothers = $linesjc - $numothers; - if ($numothers > 0) { - $ports[$pienumber]="$Lang::tr{'otherport'}"; - $numb[$pienumber] = $numothers; - } -} - -my @data = (\@ports,\@numb); -use GD::Graph::colour qw( :files ); - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) { - my $mygraph = GD::Graph::pie->new(500, 350); - $mygraph->set( - 'title' => '', - 'pie_height' => 50, - 'start_angle' => 89 - ) or warn $mygraph->error; - - $mygraph->set_value_font(GD::gdMediumBoldFont); - $mygraph->set( dclrs => [ "$color{'color1'}" , "$color{'color2'}" , "$color{'color3'}" , "$color{'color4'}" , "$color{'color5'}" , "$color{'color6'}" , "$color{'color7'}" , "$color{'color8'}" , "$color{'color9'}" , "$color{'color10'}" ] ); - my $myimage = $mygraph->plot(\@data) or die $mygraph->error; - - my @filenames = glob("/srv/web/ipfire/html/graphs/fwlog-port*.png"); - unlink(@filenames); - my $imagerandom = rand(1000000); - my $imagename = "/srv/web/ipfire/html/graphs/fwlog-port$imagerandom.png"; - open(FILE,">$imagename"); - print FILE $myimage->png; - close(FILE); - ##################################################### - print "
    "; - print ""; - print "
    "; -} - -print < - - -Port -Count -Percent - -END -; - -my $total=0; -my $show=0; - -my $s; -my $percent; -for($s=0;$s<$lines;$s++) -{ - $show++; - $percent = $value[$s] * 100 / $linesjc; - $percent = sprintf("%.f", $percent); - $total = $total + $value[$s]; - if ( ($color % 10) == 1 ){print "\n";} - if ( ($color % 10) == 2 ){print "\n";} - if ( ($color % 10) == 3 ){print "\n";} - if ( ($color % 10) == 4 ){print "\n";} - if ( ($color % 10) == 5 ){print "\n";} - if ( ($color % 10) == 6 ){print "\n";} - if ( ($color % 10) == 7 ){print "\n";} - if ( ($color % 10) == 8 ){print "\n";} - if ( ($color % 10) == 9 ){print "\n";} - if ( ($color % 10) == 0 ){print "\n";} - - $color++; - print "
    "; - print "$key[$s]"; - print "$value[$s]"; - print "$percent"; - print ""; -} - -if($cgiparams{'otherspie'} == 2 ){} -else{ -if ( ($color % 10) == 1 ){print "\n";} -if ( ($color % 10) == 2 ){print "\n";} -if ( ($color % 10) == 3 ){print "\n";} -if ( ($color % 10) == 4 ){print "\n";} -if ( ($color % 10) == 5 ){print "\n";} -if ( ($color % 10) == 6 ){print "\n";} -if ( ($color % 10) == 7 ){print "\n";} -if ( ($color % 10) == 8 ){print "\n";} -if ( ($color % 10) == 9 ){print "\n";} -if ( ($color % 10) == 0 ){print "\n";} - -if ( $linesjc ne "0") -{ -my $dif; -$dif = $linesjc - $total; -$percent = $dif * 100 / $linesjc; -$percent = sprintf("%.f", $percent); -print < -$Lang::tr{'otherport'} -$dif -$percent - -END -; -} -} -print < -END -; - -&Header::closebox(); -&Header::closebigbox(); -&Header::closepage(); - -sub findkey { - foreach $v (@keytabjc) { - if ($tabjc{$v} eq $_[0]) { - delete $tabjc{$v}; - $key[$indice] = "$v"; - $value[$indice] = $_[0]; - $indice++; - last; - } - } -} -sub checkversion { - #Automatic Updates is disabled - return "0","0"; - } diff --git a/html/cgi-bin/logs.cgi/ids.dat b/html/cgi-bin/logs.cgi/ids.dat deleted file mode 100644 index 67a2c4052..000000000 --- a/html/cgi-bin/logs.cgi/ids.dat +++ /dev/null @@ -1,463 +0,0 @@ -#!/usr/bin/perl -# -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The SmoothWall Team -# -# Copyright (C) 18-03-2002 Mark Wormgoor -# - Added links to Snort database and ipinfo.cgi -# -# $Id: ids.dat,v 1.6.2.16 2005/06/14 08:25:30 eoberlander Exp $ -# - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -use POSIX(); - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::table1colour}, ${Header::table2colour} ); -undef (@dummy); - -my %cgiparams=(); -my %logsettings=(); -my @log=(); -my $errormessage = ''; - -my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); -my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); - -my @now = localtime(time); -my $dow = $now[6]; -my $doy = $now[7]; -my $tdoy = $now[7]; -my $year = $now[5]+1900; - -$cgiparams{'DAY'} = $now[3]; -$cgiparams{'MONTH'} = $now[4]; -$cgiparams{'ACTION'} = ''; - -&Header::getcgihash(\%cgiparams); -$logsettings{'LOGVIEW_REVERSE'} = 'off'; -&General::readhash("${General::swroot}/logging/settings", \%logsettings); -${Header::viewsize} = defined ($logsettings{'LOGVIEW_VIEWSIZE'}) ? $logsettings{'LOGVIEW_VIEWSIZE'} : 150; -$Header::viewsize /= 5; # each ids is displayed on 5 lines - -$now[4] = $cgiparams{'MONTH'}+1; -if($now[4] < 10) { - $now[4] = "0$now[4]"; } - -my $start = -1; -if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) -{ - my @temp = split(',',$ ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; -} - -if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || - !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) -{ - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; -} -elsif($cgiparams{'ACTION'} eq '>>') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day + - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} -elsif($cgiparams{'ACTION'} eq '<<') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} - - -if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) -{ - my @then = (); - if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); - } else { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); - } - $tdoy = $then[7]; - my $lastleap=($year-1)%4; - if ($tdoy>$doy) { - if ($lastleap == 0 && $tdoy < 60) { - $doy=$doy+366; - } else { - $doy=$doy+365; - } - } -} -my $datediff=0; -my $dowd=0; -my $multifile=0; -if ($tdoy ne $doy) { - $datediff=int(($doy-$tdoy)/7); - $dowd=($doy-$tdoy)%7; - if (($dow-$dowd)<1) { - $datediff=$datediff+1; - } - if (($dow-$dowd)==0) { - $multifile=1; - } -} - -my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; -my $monthnum = $cgiparams{'MONTH'} + 1; -my $monthstr = $monthnum <= 9 ? "0$monthnum" : "$monthnum"; -my $daystr = $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; - -my $lines = 0; -my ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid, @refs); - -&processevent; - -if ($multifile) { - $datediff=$datediff-1; - &processevent; -} - -if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}) -{ - print "Content-type: text/plain\n\n"; - print "IPFire IDS snort log\r\n"; - print "Date: $cgiparams{'DAY'} $longmonths[$cgiparams{'MONTH'}]\r\n"; - print "\r\n"; - - if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } - - foreach $_ (@log) - { - my ($datetime,$title,$priority,$classification,$srcip,$srcport,$destip,$destport,$sid,$refs) = split(/\|/); - $refs =~ s/,$//; - print "Date: $datetime\n"; - print "Name: $title\n"; - print "Priority: $priority\n"; - print "Type: $classification\n"; - print "IP Info: "; - print "$srcip"; - if ($srcport != "n/a") { - print ":$srcport"; - } - print " -> "; - print "$destip"; - if ($destport != "n/a") { - print ":$destport"; - } - print "\n"; - print "SID: $sid\n"; - print "Refs: $refs\n\n"; - } - - exit; -} - -&Header::showhttpheaders(); - -&Header::openpage($Lang::tr{'ids log viewer'}, 1, ''); - -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); - -print < - - - - - - - - - - - -
    $Lang::tr{'month'}:  -  $Lang::tr{'day'}:  -
    - -END -; - -&Header::closebox(); - -&Header::openbox('100%', 'left', $Lang::tr{'log'}); -print "

    $Lang::tr{'snort hits'} $longmonthstr $daystr: $lines

    "; - -if ($start == -1) { - $start = $lines - ${Header::viewsize}; } -if ($start >= $lines - ${Header::viewsize}) { $start = $lines - ${Header::viewsize}; }; -if ($start < 0) { $start = 0; } - -my $prev = $start - ${Header::viewsize}; -my $next = $start + ${Header::viewsize}; - -if ($prev < 0) { $prev = 0; } -if ($next >= $lines) { $next = -1 } -if ($start == 0) { $prev = -1; } -my @slice = splice(@log, $start, ${Header::viewsize}); - -if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @slice = reverse @slice; } - -if ($lines != 0) { - -&oldernewer(); - -$lines = 0; - -print < -END -; - -foreach $_ (@slice) -{ - if ($lines % 2) { - print "\n"; } - else { - print "\n"; } - my ($datetime,$title,$priority,$classification,$srcip,$srcport,$destip,$destport,$sid,$refs) = split(/\|/); - print < - -$Lang::tr{'date'}:$datetime -$Lang::tr{'name'}:$title - -$Lang::tr{'priority'}:$priority -$Lang::tr{'type'}:$classification - -$Lang::tr{'ipinfo'}: - -END - ; - if ($srcip ne "n/a") { - print "$srcip"; - } else { - print "$srcip"; - } - print ":$srcport -> "; - if ($destip ne "n/a") { - print "$destip"; - } else { - print "$destip"; - } - print ":$destport"; -print < - -$Lang::tr{'references'}: -END -; - foreach my $ref (split(/,/,$refs)) { - if ($ref =~ m/url (.*)/) { - print "$1
    "; - } elsif ($ref =~ m/cve (.*)/) { - print "$1
    "; - } elsif ($ref =~ m/nessus (.*)/) { - print "Nessus $1
    "; - } elsif ($ref =~ m/bugtraq (.*)/) { - print "Bugtraq $1
    "; - } else { - print "$ref
    "; - } - } - print $Lang::tr{'none found'} unless $refs =~ /,/; -print <SID: - -END - ; - if ($sid ne "n/a") { - print "$sid\n"; - } else { - print $sid; - } -print < - - -END - ; - $lines++; -} - -print ""; - -} - -&oldernewer(); - -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); - -sub processevent -{ - our ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid, @refs); - - my $filestr=''; - if ($datediff==0) { - $filestr="/var/log/snort/alert"; - } else { - $filestr="/var/log/snort/alert.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - if (!(open (LOG,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage="$errormessage$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - } else { - my $line = 0; - - while() { - $line++; - if ($_ =~ m/\[\*\*\]/) { - unless ($line == 1 || $date ne "$monthstr/$daystr") { - &append; - $line = 1; - } - ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid) = ("n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a", "n/a"); - @refs = (); - $_ =~ m/:([0-9]{1,4})\] (.*) \[\*\*\]/; - $title = &Header::cleanhtml($2,"y"); - } - if ($_ =~ m/Classification: (.*)\] \[Priority: (\d)\]/) { - $classification = &Header::cleanhtml($1,"y"); - $priority = $2; - } - if ($_ =~ m/([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3}) \-\> ([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/) { - $srcip = $1 . "." . $2 . "." . $3 . "." . $4; - $destip = $5 . "." . $6 . "." . $7 . "." . $8; - } - if ($_ =~ m/([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\:([0-9]{1,6}) \-\> ([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\:([0-9]{1,6})/) { - $srcip = $1 . "." . $2 . "." . $3 . "." . $4; - $srcport = $5; - $destip = $6 . "." . $7 . "." . $8 . "." . $9; - $destport = $10; - } - - if ($_ =~ m/^([0-9\/]{3,5})\-([0-9\:]{5,8})\.([0-9]{1,14})/) { - ($date,$time) = ($1,$2); - } - if ($_ =~ m/\[Xref \=\>.*\]/) { - $_ =~ s/\]\[Xref \=\> /, /g; - $_ =~ m/\[Xref \=\> (.*)\]/; - push(@refs, $1); - } - if ($_ =~ m/\[1:([0-9]+):[0-9]+\]/) { - $sid = $1; - } - } - $line++; - unless ($line == 1 || $date ne "$monthstr/$daystr") { &append; } - close(LOG); - } -} - -sub append -{ - our ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid, @refs); - - $log[$lines] = "$date $time|$title|$priority|$classification|$srcip|$srcport|$destip|$destport|$sid|"; - foreach $_ (@refs) { - $log[$lines] = "$log[$lines]$_,"; } - $lines++; -} - -sub oldernewer -{ -print < - -END -; - -print ""; -if ($prev != -1) { - print "$Lang::tr{'older'}"; } -else { - print "$Lang::tr{'older'}"; } -print "\n"; - -print ""; -if ($next != -1) { - print "$Lang::tr{'newer'}"; } -else { - print "$Lang::tr{'newer'}"; } -print "\n"; - -print < - -END -; -} diff --git a/html/cgi-bin/logs.cgi/log.dat b/html/cgi-bin/logs.cgi/log.dat deleted file mode 100644 index 5a2ef9b52..000000000 --- a/html/cgi-bin/logs.cgi/log.dat +++ /dev/null @@ -1,431 +0,0 @@ -#!/usr/bin/perl -# -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The SmoothWall Team -# -# $Id: log.dat,v 1.6.2.22 2006/01/03 12:47:17 franck78 Exp $ -# - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -use POSIX(); - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::table2colour} ); -undef (@dummy); - -my %cgiparams=(); -my %logsettings=(); -my $errormessage = ''; - -my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); -my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); - -my @now = localtime(); -my $dow = $now[6]; -my $doy = $now[7]; -my $tdoy = $now[7]; -my $year = $now[5]+1900; - -$cgiparams{'DAY'} = $now[3]; -$cgiparams{'MONTH'} = $now[4]; -$cgiparams{'ACTION'} = ''; -$cgiparams{'SECTION'} = 'ipfire'; - -my %sections = ( - 'ipfire' => '(ipfire)', - 'red' => '(red.*|kernel: usb.*|pppd\[.*\]|chat\[.*\]|pppoe\[.*\]|pptp\[.*\]|pppoa\[.*\]|pppoa3\[.*\]|pppoeci\[.*\]|ipppd|ipppd\[.*\]|kernel: ippp\d|kernel: isdn.*|ibod\[.*\]|kernel: eth.*|dhcpcd\[.*\]|modem_run\[.*\])', - 'dns' => '(dnsmasq\[.*\])', - 'dhcp' => '(dhcpd)', - 'cron' => '(fcron\[.*\])', - 'ntp' => '(ntpd(?:ate)?\[.*\])', - 'ssh' => '(sshd(?:\(.*\))?\[.*\])', - 'auth' => '(\w+\(pam_unix\)\[.*\])', - 'kernel' => '(kernel)', - 'ipsec' => '(ipsec_[\w_]+|pluto\[.*\]|vpnwatch)', - 'snort' => '(snort)', - 'openvpn' => '(openvpnserver)\[.*\]' - ); - -# Translations for the %sections array. -my %trsections = ( - 'ipfire' => 'IPFire', - 'red' => 'RED', - 'dns' => 'DNS', - 'dhcp' => "$Lang::tr{'dhcp server'}", - 'cron' => 'Cron', - 'ntp' => 'NTP', - 'ssh' => 'SSH', - 'auth' => "$Lang::tr{'loginlogout'}", - 'kernel' => "$Lang::tr{'kernel'}", - 'ipsec' => 'IPSec', - 'openvpn' => 'OpenVPN', - 'snort' => 'Snort' - ); - - -&Header::getcgihash(\%cgiparams); -$logsettings{'LOGVIEW_REVERSE'} = 'off'; -&General::readhash("${General::swroot}/logging/settings", \%logsettings); -${Header::viewsize} = defined ($logsettings{'LOGVIEW_VIEWSIZE'}) ? $logsettings{'LOGVIEW_VIEWSIZE'} : 150; - -my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index of firts line number to display - -if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) -{ - my @temp = split(',',$ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; - $cgiparams{'SECTION'} = $temp[3]; -} - -if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || - !($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) -{ - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; -} -elsif($cgiparams{'ACTION'} eq '>>') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - if ($cgiparams{'DAY'}) { - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day + - ## 86400 seconds in a day - } else { - $temp_now[3] = 1; - $temp_now[4] = ($temp_now[4]+1) %12; - @temp_then = localtime(POSIX::mktime(@temp_now) ); - $temp_then[3] = 0; - } - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} -elsif($cgiparams{'ACTION'} eq '<<') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - if ($cgiparams{'DAY'}) { - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - } else { - $temp_now[3] = 1; - $temp_now[4] = ($temp_now[4]-1) %12; - @temp_then = localtime(POSIX::mktime(@temp_now) ); - $temp_then[3] = 0; - } - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} - -# Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of access.log -my $gzindex; -my $date = $cgiparams{'DAY'} == 0 ? '' : $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; - -{ - my $xday; - - # Calculate time. If future date, calculate for past year !!! - if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ); - $date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1); - } else { - $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ); - $date = "$longmonths[$cgiparams{'MONTH'}] $date, $year"; - } - - # calculate end of active week (saturday 23H59) - my @then = (); - @then = localtime(time()); - my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]); - $sunday += (6-$then[6]) * 86400; - - # Convert delta in second to full weeks - $gzindex = int (($sunday-$xday)/604800 ); -} - -my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; -my $daystr = $cgiparams{'DAY'} == 0 ? '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; -my $section = $sections{$cgiparams{'SECTION'}}; - -my $lines = 0; -my @log=(); - -my $loop = 1; -my $filestr = 0; -my $lastdatetime; # for debug -my $search_for_end = 0; - -while ($gzindex >=0 && $loop) { - # calculate file name - if ($gzindex == 0) { - $filestr = "/var/log/messages"; - } else { - $filestr = "/var/log/messages.$gzindex"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - # now read file if existing - if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) { - #&General::log("reading $filestr"); - READ:while () { - my $line = $_; - if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ ${section}: (.*)/) { - # when standart viewing, just keep in memory the correct slice - # it starts a '$start' and size is $viewport - # If export, then keep all lines... - if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){ - $log[$lines++] = "$line"; - } else { - if ($lines++ < ($start + $Header::viewsize)) { - push(@log,"$line"); - if (@log > $Header::viewsize) { - shift (@log); - } - #} else { dont do this optimisation, need to count lines ! - # $datetime = $maxtime; # we have read viewsize lines, stop main loop - # last READ; # exit read file - } - } - $search_for_end = 1; # we find the start of slice, can look for end now - } else { - if ($search_for_end == 1) { - #finish read files when date is over (test month equality only) - $line =~ /^(...) (..) ..:..:..*$/; - $loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) ); - } - } - } - close (FILE); - } - $gzindex--; # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped - # for a long time -}# while - -# $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - -if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}) -{ - print "Content-type: text/plain\n\n"; - print "IPFire diagnostics\r\n"; - print "$Lang::tr{'section'}: $cgiparams{'SECTION'}\n"; - print "$Lang::tr{'date'}: $date\r\n\r\n"; - - if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } - - foreach $_ (@log) - { - /^... (..) (..:..:..) [\w\-]+ ${section}: (.*)$/; - my $day = $1; - $day =~ tr / /0/; - my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; - print "$time $3 $4\r\n"; - } - exit 0; -} - -&Header::showhttpheaders(); - -&Header::openpage($Lang::tr{'system logs'}, 1, ''); - -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); - -print < - - - - - - - - - - - - - -
    $Lang::tr{'section'}:  - $Lang::tr{'month'}:  -  $Lang::tr{'day'}:  -
    - -END -; - -&Header::closebox(); - -&Header::openbox('100%', 'left', $Lang::tr{'log'}); -print "

    $Lang::tr{'total hits for log section'} $cgiparams{'SECTION'} $date: $lines

    "; - -$start = $lines - ${Header::viewsize} if ($start >= $lines - ${Header::viewsize}); -$start = 0 if ($start < 0); - -my $prev; - if ($start == 0) { - $prev = -1; - } else { - $prev = $start - ${Header::viewsize}; - $prev = 0 if ( $prev < 0); - } - -my $next; - if ($start == $lines - ${Header::viewsize}) { - $next = -1; - } else { - $next = $start + ${Header::viewsize}; - $next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize}); - } - -if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } -if ($lines != 0) { &oldernewer(); } - -print < - - $Lang::tr{'time'} - $Lang::tr{'section'} -   - -END -; - -$lines = 0; -#print ''; -foreach $_ (@log) -{ - /^... (..) (..:..:..) [\w\-]+ ${section}: (.*)$/; - my $day = $1; - $day =~ tr / /0/; - my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; - my $sec = $3; - my $data = $4; - # correct the cut position, just when section=RED - if (($cgiparams{'SECTION'} eq 'red' ) && ($sec =~ /(kernel:)(.*)/)) { - $sec = 'kernel'; - $data = $2.': '.$data; - } - my $d = substr ($data,0,80); - while (length($data)>80){ #very basic breaking of lines... - $data = substr ($data,80); #permit correct display in table cell - $d .= ' ' . substr ($data,0,80); - } - - - if ($lines % 2) { - print ""; } - else { - print ""; } - print "$time$sec" .&Header::cleanhtml ("$d", 'y') . "\n"; - $lines++; -} -#print ''; -print ""; - -&oldernewer(); - -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); - -sub oldernewer -{ -print < - -END -; - -print ""; -if ($prev != -1) { - print "$Lang::tr{'older'}"; } -else { - print "$Lang::tr{'older'}"; } -print "\n"; - -print ""; -if ($next >= 0) { - print "$Lang::tr{'newer'}"; } -else { - print "$Lang::tr{'newer'}"; } -print "\n"; - -print < - -END -; -} diff --git a/html/cgi-bin/logs.cgi/proxylog.dat b/html/cgi-bin/logs.cgi/proxylog.dat deleted file mode 100644 index e529be061..000000000 --- a/html/cgi-bin/logs.cgi/proxylog.dat +++ /dev/null @@ -1,521 +0,0 @@ -#!/usr/bin/perl -# -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The SmoothWall Team -# - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -use POSIX(); - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::table2colour} ); -undef (@dummy); - -my %cgiparams=(); -my %logsettings=(); -my %ips=(); -my %users=(); -my %selected=(); -my %checked=(); -my @log=(); -my $errormessage = ''; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); -my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); - -my @now = localtime(); -my $dow = $now[6]; # day of week -my $doy = $now[7]; # day of year (0..364) -my $tdoy = $now[7]; -my $year = $now[5]+1900; - -$cgiparams{'DAY'} = $now[3]; -$cgiparams{'MONTH'} = $now[4]; -$cgiparams{'SOURCE_IP'} = 'ALL'; -$cgiparams{'FILTER'} = "[.](gif|jpeg|jpg|png|css|js)\$"; -$cgiparams{'ENABLE_FILTER'} = 'off'; -$cgiparams{'ACTION'} = ''; - -&Header::getcgihash(\%cgiparams); -$logsettings{'LOGVIEW_REVERSE'} = 'off'; -&General::readhash("${General::swroot}/logging/settings", \%logsettings); -${Header::viewsize} = defined ($logsettings{'LOGVIEW_VIEWSIZE'}) ? $logsettings{'LOGVIEW_VIEWSIZE'} : 150; - -if ($cgiparams{'ACTION'} eq '') -{ - $cgiparams{'ENABLE_FILTER'} = 'on'; -} - -if ($cgiparams{'ACTION'} eq $Lang::tr{'restore defaults'}) -{ - $cgiparams{'FILTER'} = "[.](gif|jpeg|jpg|png|css|js)\$"; - $cgiparams{'ENABLE_FILTER'} = 'off'; -} - -{ - my %save=(); - $save{'FILTER'} = $cgiparams{'FILTER'}; - $save{'ENABLE_FILTER'} = $cgiparams{'ENABLE_FILTER'}; - &General::writehash("${General::swroot}/proxy/viewersettings", \%save); - &General::readhash("${General::swroot}/proxy/viewersettings", \%save); -} - -my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index of first line number to display - -if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) -{ - my @temp = split(',',$ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; - $cgiparams{'SOURCE_IP'} = $temp[3]; - $cgiparams{'USERNAME'} = $temp[4]; -} - -if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || - !($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) -{ - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; -} -elsif($cgiparams{'ACTION'} eq '>>') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - if ($cgiparams{'DAY'}) { - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day + - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; - } else { - $temp_now[3] = 1; - $temp_now[4] = ($temp_now[4]+1) %12; - @temp_then = localtime(POSIX::mktime(@temp_now) ); - @temp_then[3] = 0; - } - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} -elsif($cgiparams{'ACTION'} eq '<<') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - if ($cgiparams{'DAY'}) { - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; - } else { - $temp_now[3] = 1; - $temp_now[4] = ($temp_now[4]-1) %12; - @temp_then = localtime(POSIX::mktime(@temp_now) ); - @temp_then[3] = 0; - } - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} - -# Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of *.log -my $gzindex; -my $daystr = $cgiparams{'DAY'} == 0 ? '' :$cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; - -{ - my $xday; - - # Calculate time. If future date, calculate for past year !!! - if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ); - $daystr = "$longmonths[$cgiparams{'MONTH'}] $daystr, ". int($year-1); - } else { - $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ); - $daystr = "$longmonths[$cgiparams{'MONTH'}] $daystr, $year"; - } - - # calculate end of active week (saturday 23H59) - my @then = (); - @then = localtime(time()); - my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]); - $sunday += (6-$then[6]) * 86400; - - # Convert delta in second to full weeks - $gzindex = int (($sunday-$xday)/604800 ); -} - - -my $filter = $cgiparams{'ENABLE_FILTER'} eq 'on' ? $cgiparams{'FILTER'} : ''; -my $sourceip = $cgiparams{'SOURCE_IP'}; -my $sourceall = $cgiparams{'SOURCE_IP'} eq 'ALL' ? 1 : 0; -my $username = $cgiparams{'USERNAME'}; -my $usersall = $cgiparams{'USERNAME'} eq 'ALL' ? 1 : 0; - -my $lines = 0; -my $temp = (); -my $thiscode = '$temp =~ /$filter/;'; -eval($thiscode); -if ($@ ne '') -{ - $errormessage = "$Lang::tr{'bad ignore filter'}.$@

    "; - $filter = ''; -} else { - my $loop = 1; - my $filestr = 0; - my $lastdatetime; # for debug - - while ($gzindex >=0 && $loop) { - # calculate file name - if ($gzindex == 0) { - $filestr = "/var/log/squid/access.log"; - } else { - $filestr = "/var/log/squid/access.log.$gzindex"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - # now read file if existing - if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) { - #&General::log("reading $filestr"); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - $temp_now[5]--; # past year - } - - $temp_now[2] = $temp_now[1] = $temp_now[0] = 0; # start at 00:00:00 - $temp_now[3] = 1 if ($cgiparams{'DAY'}==0); # All days selected, start at '1' - my $mintime = POSIX::mktime(@temp_now); - my $maxtime; - if ($cgiparams{'DAY'}==0) { # full month - if ($temp_now[4]++ == 12){ - $temp_now[4] = 0; - $temp_now[5]++; - }; - $maxtime = POSIX::mktime(@temp_now); - } else { - $maxtime = $mintime + 86400; # full day - } - READ:while () { - my ($datetime,$do,$ip,$ray,$me,$far,$url,$so) = split; - $ips{$ip}++; - $users{$so}++; - # for debug - #$lastdatetime = $datetime; - - # collect lines between date && filter - if (( ($datetime>$mintime)&&($datetime<$maxtime)) && !($url =~ /$filter/) && - ((($ip eq $sourceip) || $sourceall)) && - ((($so eq $username) || $usersall))) - { - # when standart viewing, just keep in memory the correct slices - # it starts a '$start' and size is $viewport - # If export, then keep all lines... - if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){ - $log[$lines++] = "$datetime $ip $so $url"; - } else { - if ($lines++ < ($start + $Header::viewsize)) { - push(@log,"$datetime $ip $so $url"); - if (@log > $Header::viewsize) { - shift (@log); - } - #} else { dont do this optimisation, need to count lines ! - # $datetime = $maxtime; # we have read viewsize lines, stop main loop - # last READ; # exit read file - } - } - } - - # finish loop when date of lines are past maxtime - $loop = ($datetime < $maxtime); - } - close (FILE); - } - $gzindex--; # will try next gz file eg 40,39,38,.... because it may have holes when ipfire stopped - # for a long time - - } - - #$errormessage="$errormessage$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - if (0) { # print last date record read - my ($SECdt, $MINdt, $HOURdt, $DAYdt, $MONTHdt, $YEARdt) = localtime($lastdatetime); - $SECdt = sprintf ("%.02d",$SECdt); - $MINdt = sprintf ("%.02d",$MINdt); - $HOURdt = sprintf ("%.02d",$HOURdt); - $DAYdt = sprintf ("%.02d",$DAYdt); - $MONTHdt = sprintf ("%.02d",$MONTHdt+1); - $YEARdt = sprintf ("%.04d",$YEARdt+1900); - &General::log ("$HOURdt:$MINdt:$SECdt, $DAYdt/$MONTHdt/$YEARdt--"); - } -} - -if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}) -{ - print "Content-type: text/plain\n\n"; - print "IPFire proxy log\r\n"; - print "$Lang::tr{'date'}: $daystr\r\n"; - print "Source IP: $cgiparams{'SOURCE_IP'}\r\n"; - print "Username: $cgiparams{'USERNAME'}\r\n"; - if ($cgiparams{'ENABLE_FILTER'} eq 'on') { - print "Ignore filter: $cgiparams{'FILTER'}\r\n"; } - print "\r\n"; - - if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } - - foreach $_ (@log) { - my ($datetime,$ip,$so,$url) = split; - my ($SECdt, $MINdt, $HOURdt, $DAYdt, $MONTHdt, $YEARdt) = localtime($datetime); - $SECdt = sprintf ("%.02d",$SECdt); - $MINdt = sprintf ("%.02d",$MINdt); - $HOURdt = sprintf ("%.02d",$HOURdt); - if ($cgiparams{'DAY'}==0) { # full month - $DAYdt = sprintf ("%.02d",$DAYdt); - print "$DAYdt/$HOURdt:$MINdt:$SECdt $ip $so $url\n"; - } else { - print "$HOURdt:$MINdt:$SECdt $ip $so $url\n"; - } - } - exit; -} - -$selected{'SOURCE_IP'}{$cgiparams{'SOURCE_IP'}} = "selected='selected'"; -$selected{'USERNAME'}{$cgiparams{'USERNAME'}} = "selected='selected'"; - -$checked{'ENABLE_FILTER'}{'off'} = ''; -$checked{'ENABLE_FILTER'}{'on'} = ''; -$checked{'ENABLE_FILTER'}{$cgiparams{'ENABLE_FILTER'}} = "checked='checked'"; - -&Header::showhttpheaders(); - -&Header::openpage($Lang::tr{'proxy log viewer'}, 1, ''); - -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); - -print < - - - - - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'month'}: - $Lang::tr{'day'}:  - $Lang::tr{'source ip'}: -
     $Lang::tr{'advproxy NCSA username'}: -
    $Lang::tr{'ignore filter'}:$Lang::tr{'enable ignore filter'}:
    -

    - - - - - - -
    -
    - -END -; - -&Header::closebox(); -&Header::openbox('100%', 'left', $Lang::tr{'log'}); - - -$start = $lines - ${Header::viewsize} if ($start >= $lines - ${Header::viewsize}); -$start = 0 if ($start < 0); - -my $prev; - if ($start == 0) { - $prev = -1; - } else { - $prev = $start - ${Header::viewsize}; - $prev = 0 if ( $prev < 0); - } - -my $next; - if ($start == $lines - ${Header::viewsize}) { - $next = -1; - } else { - $next = $start + ${Header::viewsize}; - $next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize}); - } - -if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } - -print "

    $Lang::tr{'web hits'} $daystr: $lines

    "; -if ($lines != 0) { &oldernewer(); } -print < - -$Lang::tr{'time'} -$Lang::tr{'source ip'} -$Lang::tr{'advproxy NCSA username'} -$Lang::tr{'website'} - -END -; -my $ll = 0; -foreach $_ (@log) -{ - if ($ll % 2) { - print "\n"; } - else { - print "\n"; } - my ($datetime,$ip,$so,$url) = split; - my ($SECdt, $MINdt, $HOURdt, $DAYdt, $MONTHdt, $YEARdt) = localtime($datetime); - $SECdt = sprintf ("%.02d",$SECdt); - $MINdt = sprintf ("%.02d",$MINdt); - $HOURdt = sprintf ("%.02d",$HOURdt); - - $url =~ /(^.{0,60})/; - my $part = $1; - unless (length($part) < 60) { $part = "${part}..."; } - $url = &Header::cleanhtml($url,"y"); - $part = &Header::cleanhtml($part,"y"); - if ($cgiparams{'DAY'}==0) { # full month - $DAYdt = sprintf ("%.02d/",$DAYdt); - } else { - $DAYdt=''; - } - print <$DAYdt$HOURdt:$MINdt:$SECdt - $ip - $so - $part - -END - ; - $ll++; -} - -print ""; - -&oldernewer(); - -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); - - -sub oldernewer -{ -print < - -END -; - -print ""; -if ($prev != -1) { - print "$Lang::tr{'older'}"; } -else { - print "$Lang::tr{'older'}"; } -print "\n"; - -print ""; -if ($next >= 0 ) { - print "$Lang::tr{'newer'}"; } -else { - print "$Lang::tr{'newer'}"; } -print "\n"; - -print < - -END -; -} - diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat b/html/cgi-bin/logs.cgi/showrequestfromip.dat deleted file mode 100644 index 0e8a71fb5..000000000 --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat +++ /dev/null @@ -1,388 +0,0 @@ -#!/usr/bin/perl -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# JC HERITIER -# page inspired from the initial firewalllog.dat -# -# Modified for IPFire by Christian Schmidt (www.ipfire.org) - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -use POSIX(); - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::table2colour} ); -undef (@dummy); - -my %cgiparams=(); -my %logsettings=(); -my $errormessage = ''; - -my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); -my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); - -my @now = localtime(); -my $dow = $now[6]; -my $doy = $now[7]; -my $tdoy = $now[7]; -my $year = $now[5]+1900; - -$cgiparams{'DAY'} = $now[3]; -$cgiparams{'MONTH'} = $now[4]; -$cgiparams{'ACTION'} = ''; - -&Header::getcgihash(\%cgiparams); - -$logsettings{'LOGVIEW_REVERSE'} = 'off'; -&General::readhash("${General::swroot}/logging/settings", \%logsettings); - -my $start = -1; -if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) -{ - my @temp = split(',',$ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; - $cgiparams{ip} = $temp[3]; -} - -if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || - !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) -{ - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; -} -elsif($cgiparams{'ACTION'} eq '>>') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} -elsif($cgiparams{'ACTION'} eq '<<') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} - -if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) -{ - my @then = (); - if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); - } else { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); - } - $tdoy = $then[7]; - my $lastleap=($year-1)%4; - if ($tdoy>$doy) { - if ($lastleap == 0 && $tdoy < 60) { - $doy=$tdoy+366; - } else { - $doy=$doy+365; - } - } -} -my $datediff=0; -my $dowd=0; -my $multifile=0; -if ($tdoy ne $doy) { - $datediff=int(($doy-$tdoy)/7); - $dowd=($doy-$tdoy)%7; - if (($dow-$dowd)<1) { - $datediff=$datediff+1; - } - if (($dow-$dowd)==0) { - $multifile=1; - } -} - -my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; -my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; -my $day = $cgiparams{'DAY'}; -my $daystr=''; -if ($day <= 9) { - $daystr = " $day"; } -else { - $daystr = $day; -} - -my $skip=0; -my $filestr=''; -if ($datediff==0) { - $filestr="/var/log/messages"; -} else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; -} - -if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - # Note: This is in case the log does not exist for that date -} -my $lines = 0; -my @log=(); -my $ip = $cgiparams{ip}; - -if (!$skip) -{ - while () - { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - if($_ =~ /SRC\=([\d\.]+)/){ - if($1 eq $ip){ - $log[$lines] = $_; - $lines++; - } - } - } - } - close (FILE); -} - -$skip=0; -if ($multifile) { - $datediff=$datediff-1; - if ($datediff==0) { - $filestr="/var/log/messages"; - } else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - } - if (!$skip) { - while () { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - if($_ =~ /SRC\=([\d\.]+)/){ - if($1 eq $ip){ - $log[$lines] = $_; - $lines++; - } - } - } - } - close (FILE); - } -} - -&Header::showhttpheaders(); -&Header::openpage($Lang::tr{'firewall log'}, 1, ''); -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); - -print < - - - - - - - - - - - -
    $Lang::tr{'month'}:  -  $Lang::tr{'day'}:  -
    $Lang::tr{'source ip'}
    - -END -; - -&Header::closebox(); - -&Header::openbox('100%', 'left', $Lang::tr{'firewall log'}); -print "

    $Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines

    "; - -if ($start == -1) { - $start = $lines - ${Header::viewsize}; } -if ($start >= $lines - ${Header::viewsize}) { $start = $lines - ${Header::viewsize}; }; -if ($start < 0) { $start = 0; } - -my $prev = $start - ${Header::viewsize}; -my $next = $start + ${Header::viewsize}; - -if ($prev < 0) { $prev = 0; } -if ($next >= $lines) { $next = -1 } -if ($start == 0) { $prev = -1; } - -if ($lines != 0) { &oldernewer(); } - -print < - -$Lang::tr{'time'} -$Lang::tr{'chain'} -$Lang::tr{'iface'} -$Lang::tr{'proto'} -$Lang::tr{'source'} -$Lang::tr{'src port'} -$Lang::tr{'destination'} -$Lang::tr{'dst port'} - -END -; - -my @slice = splice(@log, $start, ${Header::viewsize}); - -if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @slice = reverse @slice; } - -$lines = 0; -foreach $_ (@slice) -{ - $a = $_; - if($_ =~ /SRC\=([\d\.]+)/){ - if($1 eq $ip){ - my $chain = ''; - my $in = '-'; my $out = '-'; - my $srcaddr = ''; my $dstaddr = ''; - my $protostr = ''; - my $srcport = ''; my $dstport = ''; - - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; - my $timestamp = $1; my $chain = $2; my $packet = $3; - $timestamp =~ /(...) (..) (..:..:..)/; - my $month = $1; my $day = $2; my $time = $3; - - if ($a =~ /IN\=(\w+)/) { $in = $1; } - if ($a =~ /OUT\=(\w+)/) { $out = $1; } - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; } - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; } - if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } - my $protostrlc = lc($protostr); - if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } - if ($a =~ /DPT\=([\d\.]+)/){ $dstport = $1; } - $a =~ /IN=(\w+)/; my $iface=$1; - - if ($lines % 2) { - print "\n"; } - else { - print "\n"; } - print <$time - $chain - $iface - $protostr - - - -
    $srcaddr
    - - $srcport - - - -
    $dstaddr
    - - $dstport - -END - ; - $lines++; - } - } -} - -print < -END -; - -&oldernewer(); - -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); - -sub oldernewer -{ -print < - -END -; - -print ""; -if ($prev != -1) { - print "$Lang::tr{'older'}"; } -else { - print "$Lang::tr{'older'}"; } -print "\n"; - -print ""; -if ($next != -1) { - print "$Lang::tr{'newer'}"; } -else { - print "$Lang::tr{'newer'}"; } -print "\n"; - -print < - -END -; -} diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat b/html/cgi-bin/logs.cgi/showrequestfromport.dat deleted file mode 100644 index bf8fe581c..000000000 --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat +++ /dev/null @@ -1,395 +0,0 @@ -#!/usr/bin/perl -# -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# JC HERITIER -# page inspired from the initial firewalllog.dat -# -# Modified for IPFire by Christian Schmidt (www.ipfire.org) - -#Aug 28 14:54:30 shite kernel: IN=ppp0 OUT= MAC= SRC=213.48.150.1 -#DST=213.208.115.234 LEN=110 TOS=0x00 PREC=0x00 TTL=60 ID=30699 DF PROTO=TCP -#SPT=6667 DPT=62593 WINDOW=2505 RES=0x00 ACK PSH URGP=0 - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -use POSIX(); - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::table2colour} ); -undef (@dummy); - -my %cgiparams=(); -my %logsettings=(); -my $errormessage = ''; - -my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); -my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); - -my @now = localtime(); -my $dow = $now[6]; -my $doy = $now[7]; -my $tdoy = $now[7]; -my $year = $now[5]+1900; - -$cgiparams{'DAY'} = $now[3]; -$cgiparams{'MONTH'} = $now[4]; -$cgiparams{'ACTION'} = ''; - -&Header::getcgihash(\%cgiparams); - -$logsettings{'LOGVIEW_REVERSE'} = 'off'; -&General::readhash("${General::swroot}/logging/settings", \%logsettings); - -my $start = -1; -if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) -{ - my @temp = split(',',$ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; - $cgiparams{port} = $temp[3]; -} - -if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || - !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) -{ - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; -} -elsif($cgiparams{'ACTION'} eq '>>') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} -elsif($cgiparams{'ACTION'} eq '<<') -{ - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} - -if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) -{ - my @then = (); - if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); - } else { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); - } - $tdoy = $then[7]; - my $lastleap=($year-1)%4; - if ($tdoy>$doy) { - if ($lastleap == 0 && $tdoy < 60) { - $doy=$tdoy+366; - } else { - $doy=$doy+365; - } - } -} -my $datediff=0; -my $dowd=0; -my $multifile=0; -if ($tdoy ne $doy) { - $datediff=int(($doy-$tdoy)/7); - $dowd=($doy-$tdoy)%7; - if (($dow-$dowd)<1) { - $datediff=$datediff+1; - } - if (($dow-$dowd)==0) { - $multifile=1; - } -} - -my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; -my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; -my $day = $cgiparams{'DAY'}; -my $daystr=''; -if ($day <= 9) { - $daystr = " $day"; } -else { - $daystr = $day; -} - -my $skip=0; -my $filestr=''; -if ($datediff==0) { - $filestr="/var/log/messages"; -} else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; -} - -if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - # Note: This is in case the log does not exist for that date -} -my $lines = 0; -my @log=(); -my $port = $cgiparams{port}; - -if (!$skip) -{ - while () - { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - if($_ =~ /DPT\=([\d\.]+)/){ - if($1 eq $port){ - $log[$lines] = $_; - $lines++; - } - } - } - } - close (FILE); -} - -$skip=0; -if ($multifile) { - $datediff=$datediff-1; - if ($datediff==0) { - $filestr="/var/log/messages"; - } else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - } - if (!$skip) { - while () { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - if($_ =~ /DPT\=([\d\.]+)/){ - if($1 eq $port){ - $log[$lines] = $_; - $lines++; - } - } - } - } - close (FILE); - } -} - -&Header::showhttpheaders(); -&Header::openpage($Lang::tr{'firewall log'}, 1, ''); -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); - -print < - - - - - - - - - - - -
    $Lang::tr{'month'}:  -  $Lang::tr{'day'}:  -
    $Lang::tr{'destination port'}
    - -END -; - -&Header::closebox(); - -&Header::openbox('100%', 'left', $Lang::tr{'firewall log'}); -print "

    $Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines

    "; - -if ($start == -1) { - $start = $lines - ${Header::viewsize}; } -if ($start >= $lines - ${Header::viewsize}) { $start = $lines - ${Header::viewsize}; }; -if ($start < 0) { $start = 0; } - -my $prev = $start - ${Header::viewsize}; -my $next = $start + ${Header::viewsize}; - -if ($prev < 0) { $prev = 0; } -if ($next >= $lines) { $next = -1 } -if ($start == 0) { $prev = -1; } - -if ($lines != 0) { &oldernewer(); } - -print < - -$Lang::tr{'time'} -$Lang::tr{'chain'} -$Lang::tr{'iface'} -$Lang::tr{'proto'} -$Lang::tr{'source'} -$Lang::tr{'src port'} -$Lang::tr{'destination'} -$Lang::tr{'dst port'} - -END -; -my @slice = splice(@log, $start, ${Header::viewsize}); - -if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @slice = reverse @slice; } - -$lines = 0; -foreach $_ (@slice) -{ - $a = $_; - if($_ =~ /DPT\=([\d\.]+)/){ - if($1 eq $port){ - my $chain = ''; - my $in = '-'; my $out = '-'; - my $srcaddr = ''; my $dstaddr = ''; - my $protostr = ''; - my $srcport = ''; my $dstport = ''; - - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; - my $timestamp = $1; my $chain = $2; my $packet = $3; - $timestamp =~ /(...) (..) (..:..:..)/; - my $month = $1; my $day = $2; my $time = $3; - - if ($a =~ /IN\=(\w+)/) { $in = $1; } - if ($a =~ /OUT\=(\w+)/) { $out = $1; } - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; } - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; } - if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } - my $protostrlc = lc($protostr); - if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } - if ($a =~ /DPT\=([\d\.]+)/){ $dstport = $1; } - $a =~ /IN=(\w+)/; my $iface=$1; - - if ($lines % 2) { - print "\n"; } - else { - print "\n"; } - print <$time - $chain - $iface - $protostr - - - -
    $srcaddr
    - - $srcport - - - -
    $dstaddr
    - - $dstport - -END - ; - $lines++; - } - } -} - -print < -END -; - -&oldernewer(); - -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); - -sub oldernewer -{ -print < - -END -; - -print ""; -if ($prev != -1) { - print "$Lang::tr{'older'}"; } -else { - print "$Lang::tr{'older'}"; } -print "\n"; - -print ""; -if ($next != -1) { - print "$Lang::tr{'newer'}"; } -else { - print "$Lang::tr{'newer'}"; } -print "\n"; - -print < - -END -; -} - diff --git a/html/cgi-bin/logs.cgi/summary.dat b/html/cgi-bin/logs.cgi/summary.dat deleted file mode 100644 index 1efe8b71f..000000000 --- a/html/cgi-bin/logs.cgi/summary.dat +++ /dev/null @@ -1,213 +0,0 @@ -#!/usr/bin/perl -# -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The SmoothWall Team -# -# $Id: summary.dat,v 1.3.2.14 2005/07/10 00:48:42 franck78 Exp $ -# - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -use POSIX(); - -my %cgiparams=(); -my $errormessage = ''; - -my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); - -my @now = localtime(); -my $year = $now[5]+1900; - -$cgiparams{'MONTH'} = ''; -$cgiparams{'DAY'} = ''; -$cgiparams{'ACTION'} = ''; - -&Header::getcgihash(\%cgiparams); - -my $start = -1; -if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) { - my @temp = split(',',$ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; -} - -if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || - !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) { - # Reports are generated at the end of the day, so if nothing is selected - # we need to display yesterdays (todays won't have been generated yet) - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $now[4]; - $temp_now[3] = $now[3]; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} -elsif($cgiparams{'ACTION'} eq '>>') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day + - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} -elsif($cgiparams{'ACTION'} eq '<<') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} - -if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) { - if ( ($cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ($cgiparams{'MONTH'} > $now[4]) ) { - $year = $year - 1; - } -} - -my $monthnum = $cgiparams{'MONTH'} + 1; -my $monthstr = $monthnum <= 9 ? "0$monthnum" : "$monthnum"; -my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; -my $daystr = $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; - -my $skip=0; -my $filestr="/var/log/logwatch/$year-$monthstr-$daystr"; - -if (!(open (FILE,$filestr))) { - $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - # Note: This is in case the log does not exist for that date -} - -if (! $skip && $cgiparams{'ACTION'} eq $Lang::tr{'export'}) { - print "Content-type: text/plain\n\n"; - - while () { - print "$_\r\n"; - } - close (FILE); - exit 0; -} - -&Header::showhttpheaders(); - -&Header::openpage($Lang::tr{'log summary'}, 1, ''); - -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); - -print < - - - - - - - - - - - -
    $Lang::tr{'month'}: - $Lang::tr{'day'}: -
    - -END -; - -&Header::closebox(); - -my $header = 0; -my @content=(); - -if(!$skip) -{ - while () { - if (/^\s*--+ ([^-]+) Begin --+\s*$/) { - # New Section. open box - @content = (); - &Header::openbox('100%', 'left', $Lang::tr{"ls_\L$1"} ? $Lang::tr{"ls_\L$1"} : $1); - print "
    ";
    -    } elsif (/^\s*--+ ([^-]+) End --+\s*$/) {
    -      # End of Section, kill leading and trailing blanks, print info, close
    -      # box
    -      while ( $content[0] =~ /^\s*$/ ) { shift @content; }
    -      while ( $content[$#content] =~ /^\s*$/ ) { pop @content; }
    -      foreach $_ (@content) { $_ =~ s/\s*$//; print &Header::cleanhtml($_,"y")."\n"; }
    -      print "\n
    "; - &Header::closebox(); - } elsif (/^\s*#+ LogWatch [^#]+[)] #+\s*$/) { - # Start of logwatch header, skip it - $header = 1; - } elsif (/^\s*#+\s*$/) { - # End of logwatch header - $header = 0; - } elsif (/^\s*#+ LogWatch End #+\s*$/) { - # End of report - } elsif ($header eq 0) { - push(@content,$_); - } - } - close (FILE); -} - -&Header::closebigbox(); - -&Header::closepage(); diff --git a/html/cgi-bin/logs.cgi/urlfilter.dat b/html/cgi-bin/logs.cgi/urlfilter.dat deleted file mode 100644 index 7fb2ff9c4..000000000 --- a/html/cgi-bin/logs.cgi/urlfilter.dat +++ /dev/null @@ -1,456 +0,0 @@ -#!/usr/bin/perl -# -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The SmoothWall Team -# -# $Id: urlfilter.dat,v 1.4 2005/05/15 00:00:00 marco Exp $ -# - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -use POSIX(); - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -my $dbdir = "${General::swroot}/urlfilter/blacklists"; -my $logdir = "/var/log/squidGuard"; - -my %cgiparams=(); -my %logsettings=(); -my %filtersettings=(); -my %selected=(); - -my $errormessage=''; - -my @log=(); -my $logarch=''; -my $date=''; -my $time=''; -my $pid=''; -my @loginfo=(); -my @ip=(); -my @category=(); -my $dsturl=''; -my $site=''; -my $attr1=''; -my $attr2=''; - -my $start=0; -my $prev=0; -my $next=0; -my $lines=0; -my @slice=(); - -my @then=(); -my @temp=(); -my @temp_then=(); -my @temp_now=(); -my $lastleap=''; - -my $day=''; -my $daystr=''; -my $month=''; -my $monthstr=''; -my $longmonthstr=''; -my $year=''; - -my $logday=''; -my $logmonth=''; -my $logyear=''; - -my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); -my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); - -my @now = localtime(time); -my $doy = $now[7]; -my $tdoy = $now[7]; -my $year = $now[5]+1900; - -$cgiparams{'DAY'} = $now[3]; -$cgiparams{'MONTH'} = $now[4]; -$cgiparams{'LOGTYPE'} = 'urlfilter'; - -&Header::getcgihash(\%cgiparams); -$logsettings{'LOGVIEW_REVERSE'} = 'off'; -&General::readhash("${General::swroot}/logging/settings", \%logsettings); -if (-e "${General::swroot}/urlfilter/settings") -{ - &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings); -} - -$now[4] = $cgiparams{'MONTH'}+1; -if($now[4] < 10) { - $now[4] = "0$now[4]"; } - -$start = -1; - -if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) -{ - @temp = split(',',$ ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; - $cgiparams{'LOGTYPE'} = $temp[3]; -} - -if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || - !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) -{ - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; -} -elsif($cgiparams{'ACTION'} eq '>>') -{ - @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} -elsif($cgiparams{'ACTION'} eq '<<') -{ - @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; -} - -$monthstr = $shortmonths[$cgiparams{'MONTH'}]; -$longmonthstr = $longmonths[$cgiparams{'MONTH'}]; - -if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) -{ - @then = (); - if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); - } else { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); - } - $tdoy = $then[7]; - $lastleap=($year-1)%4; - if ($tdoy>$doy) { - if ($lastleap == 0 && $tdoy < 60) { - $doy=$tdoy+366; - } else { - $doy=$doy+365; - } - } -} - -$day = $cgiparams{'DAY'}; -if ($day <= 9) { - $daystr = " $day"; -} else { - $daystr = $day; -} -if ($day < 10) { - $day = "0$day"; -} - -&processevent; - -if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}) -{ - print "Content-type: text/plain\n\n"; - print "IPCop URL filter log\r\n"; - print "Section: $cgiparams{'LOGTYPE'}\r\n"; - print "Date: $daystr $longmonthstr\r\n"; - print "\r\n"; - - if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } - - foreach (@log) - { - ($date,$time,$pid,@loginfo) = split(/ /); - @ip = split(/\//,$loginfo[2]); - @category = split(/\//,$loginfo[0]); - $dsturl = $loginfo[1]; - $loginfo[3] =~ s/\%5c/\\/; - print "$date "; - print "$time "; - if ($cgiparams{'LOGTYPE'} eq 'squidGuard') - { - print "$pid "; - print "@loginfo"; - } else { - print "$category[1] "; - print "$ip[0] "; - if ($filtersettings{'ENABLE_USERNAME_LOG'} eq 'on') { print "$loginfo[3] "; } - print "$dsturl"; - print "\n"; - } - } - - exit; -} - -&Header::showhttpheaders(); - -&Header::openpage($Lang::tr{'urlfilter log viewer'}, 1, ''); - -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); - -$selected{'LOGTYPE'}{$cgiparams{'LOGTYPE'}} = "selected='selected'"; - -print < - - - - - - - - - - - - - - -
    $Lang::tr{'section'} - - $Lang::tr{'month'}: - $Lang::tr{'day'}: -
    - -END -; - -&Header::closebox(); - -&Header::openbox('100%', 'left', $Lang::tr{'log'}); - -$lines = @log; - -if ($start == -1) { $start = $lines - $Header::viewsize; } -if ($start >= $lines - $Header::viewsize) { $start = $lines - $Header::viewsize; }; -if ($start < 0) { $start = 0; } - -$prev = $start - $Header::viewsize; -$next = $start + $Header::viewsize; - -if ($prev < 0) { $prev = 0; } -if ($next >= $lines) { $next = -1 } -if ($start == 0) { $prev = -1; } - -if ($cgiparams{'LOGTYPE'} eq 'urlfilter') -{ - print "$Lang::tr{'urlfilter log summary'} $longmonthstr $daystr: $lines

    \n"; -} - -@slice = splice(@log, $start, $Header::viewsize); - -if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @slice = reverse @slice; } - -if ($lines) -{ - - $lines = 0; - - print "\n"; - unless ($cgiparams{'LOGTYPE'} eq 'squidGuard') - { - print "\n"; - print "\n"; - print "\n"; - print "\n"; - if ($filtersettings{'ENABLE_USERNAME_LOG'} eq 'on') { print "\n"; } - print "\n"; - print "\n"; - } - - foreach (@slice) - { - undef $attr1; undef $attr2; - $lines++; - ($date,$time,$pid,@loginfo) = split(/ /); - @ip = split(/\//,$loginfo[2]); - @category = split(/\//,$loginfo[0]); - $dsturl = $loginfo[1]; - $loginfo[3] =~ s/\%5c/\\/; - if ($cgiparams{'LOGTYPE'} eq 'squidGuard') { - if (@loginfo[0] =~ /squidGuard/) { $attr1 .= ""; $attr2 .= ""; } - if (@loginfo[1] =~ /ready/) { $attr1 .= ""; $attr2 .= ""; } - if (@loginfo[2] =~ /emergency/) { $attr1 .= ""; $attr2 .= ""; } - print "\n"; - } else { - if ($lines % 2) { print "\n"; } else { print "\n"; } - } - if ($cgiparams{'LOGTYPE'} eq 'squidGuard') { - print "\n"; - } else { - print "\n"; - print "\n"; - print "\n"; - if ($filtersettings{'ENABLE_USERNAME_LOG'} eq 'on') - { - print "\n"; - $site = substr($dsturl,0,55); - if (length($dsturl) > 55) { $site .= "..."; } - } else { - $site = substr($dsturl,0,69); - if (length($dsturl) > 69) { $site .= "..."; } - } - #print "\n"; - print "\n"; - } - print "\n"; - } - - print "
    $Lang::tr{'urlfilter time'}$Lang::tr{'urlfilter category'}$Lang::tr{'urlfilter client'}$Lang::tr{'urlfilter username'}$Lang::tr{'urlfilter dst'}
    $time   $pid   $attr1@loginfo$attr2$time$category[1]$ip[0]$loginfo[3]$site$site

    \n"; - -} - -&oldernewer(); - -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); - -# ------------------------------------------------------------------- - -sub processevent -{ - my $filestr=''; - - undef @log; - if ($cgiparams{'LOGTYPE'} eq 'squidGuard') - { - $filestr = "$logdir/squidGuard.log"; - foreach $logarch (<$filestr.*.gz>) - { - open (LOG,"gzip -dc $logarch |"); - foreach () { - ($date,$time,$pid,@loginfo) = split(/ /); - ($logyear,$logmonth,$logday) = split(/-/,$date); - if (($logyear == $year) && ($logmonth == $cgiparams{'MONTH'}+1) && ($logday == $day)) { push(@log,$_) } - } - close(LOG); - } - open (LOG,$filestr); - foreach () { - ($date,$time,$pid,@loginfo) = split(/ /); - ($logyear,$logmonth,$logday) = split(/-/,$date); - if (($logyear == $year) && ($logmonth == $cgiparams{'MONTH'}+1) && ($logday == $day)) { push(@log,$_) } - } - close(LOG); - } else { - foreach $logarch (<$logdir/*.gz>) - { - if ($logarch !~ /squidGuard\.log/) { - open (LOG,"gzip -dc $logarch |"); - foreach () { - ($date,$time,$pid,@loginfo) = split(/ /); - ($logyear,$logmonth,$logday) = split(/-/,$date); - if (($logyear == $year) && ($logmonth == $cgiparams{'MONTH'}+1) && ($logday == $day)) { push(@log,$_) } - } - close(LOG); - } - } - foreach $filestr (<$logdir/*.log>) - { - if ($filestr !~ /squidGuard\.log/) { - open (LOG,$filestr); - foreach () { - ($date,$time,$pid,@loginfo) = split(/ /); - ($logyear,$logmonth,$logday) = split(/-/,$date); - if (($logyear == $year) && ($logmonth == $cgiparams{'MONTH'}+1) && ($logday == $day)) { push(@log,$_) } - } - close(LOG); - } - } - @log = sort { substr($a,11,8) cmp substr($b,11,8) } @log; - - } -} - -# ------------------------------------------------------------------- - -sub oldernewer -{ - print ""; - print ""; - - print "\n"; - - print "\n"; - - print ""; - print "
    "; - if ($prev != -1) { - print "$Lang::tr{'older'}"; } - else { - print "$Lang::tr{'older'}"; } - print ""; - if ($next != -1) { - print "$Lang::tr{'newer'}"; } - else { - print "$Lang::tr{'newer'}"; } - print "
    "; -} - -# ------------------------------------------------------------------- diff --git a/html/cgi-bin/media.cgi b/html/cgi-bin/media.cgi deleted file mode 100644 index 1eacb3428..000000000 --- a/html/cgi-bin/media.cgi +++ /dev/null @@ -1,227 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; -require "${General::swroot}/graphs.pl"; - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::colourred} ); -undef (@dummy); - -my %cgiparams=(); - -&Header::showhttpheaders(); - -&Header::getcgihash(\%cgiparams); - -&Header::openpage($Lang::tr{'media information'}, 1, ''); - -&Header::openbigbox('100%', 'left'); - -my @devices = `kudzu -qps -c HD | grep device: | cut -d" " -f2 | sort | uniq`; - -foreach (@devices) { - my $device = $_; - chomp($device); - my @array = split(/\//,$device); - &Graphs::updatediskgraph ("day",$array[$#array]); - diskbox($array[$#array]); -} - -&Header::openbox('100%', 'center', $Lang::tr{'disk usage'}); -print "\n"; -open(DF,'/bin/df -B M -x rootfs|'); -while() -{ - if ($_ =~ m/^Filesystem/ ) - { - print < - - - - - - - -END -; - } - else - { - my ($device,$size,$used,$free,$percent,$mount) = split; - print < - - - - - - - -END -; - } -} -close DF; -print " - - - - - - -END -; - } - else - { - my ($device,$size,$used,$free,$percent,$mount) = split; - print < - - - - - - - -END -; - } -} -close DF; -my @iostat1 = qx(/usr/bin/iostat -dm -p | grep -v "Linux" | awk '{print \$1}'); -my @iostat2 = qx(/usr/bin/iostat -dm -p | grep -v "Linux" | awk '{print \$5}'); -my @iostat3 = qx(/usr/bin/iostat -dm -p | grep -v "Linux" | awk '{print \$6}'); -print ""; -my $i=0; - -for(my $i = 1; $i <= $#iostat1; $i++) -{ -if ( $i eq '1' ){print "";} -else {print "";} -} -print "
    $Lang::tr{'device'}$Lang::tr{'mounted on'}$Lang::tr{'size'}$Lang::tr{'used'}$Lang::tr{'free'}$Lang::tr{'percentage'}
    $device$mount$size$used$free -END -; - &percentbar($percent); - print < -$percent
     \n

    Inodes

    \n"; - -open(DF,'/bin/df -i -x rootfs|'); -while() -{ - if ($_ =~ m/^Filesystem/ ) - { - print < -
    $Lang::tr{'device'}$Lang::tr{'mounted on'}$Lang::tr{'size'}$Lang::tr{'used'}$Lang::tr{'free'}$Lang::tr{'percentage'}
    $device$mount$size$used$free -END -; - &percentbar($percent); - print < -$percent
     \n

    transfers

    DeviceMB readMB writen
    $iostat1[$i]$iostat2[$i]$iostat3[$i]
    \n"; -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); - -sub percentbar -{ - my $percent = $_[0]; - my $fg = '#a0a0a0'; - my $bg = '#e2e2e2'; - - if ($percent =~ m/^(\d+)%$/ ) - { - print < - -END -; - if ($percent eq "100%") { - print "" - } elsif ($percent eq "0%") { - print "" - } else { - print "" - } - print < -END -; - } -} - -sub diskbox { - my $disk = $_[0]; - chomp $disk; - my @status; - if (-e "$Header::graphdir/disk-$disk-day.png") { - &Header::openbox('100%', 'center', "Disk $disk $Lang::tr{'graph'}"); - my $ftime = localtime((stat("$Header::graphdir/disk-$disk-day.png"))[9]); - print "

    $Lang::tr{'the statistics were last updated at'}: $ftime

    \n"; - print ""; - print ""; - print ""; - print "
    \n"; - - if (-e "/tmp/hddstatus") { - open(DATEI, "; - close(DATEI); - - foreach (@diskstate){ - if ( $_ =~/$disk/ ){@status = split(/-/,$_);} - } - - if ( $status[1]=~/standby/){ - my $ftime = localtime((stat("/tmp/hddshutdown-$disk"))[9]); - print"Disk $disk status:".$status[1]." (since $ftime)"; - } - else{ - print"Disk $disk status:".$status[1].""; - } - } - my $smart = `/usr/local/bin/smartctrl $disk`; - $smart = &Header::cleanhtml($smart); - print < - -END -; - &Header::closebox(); - } -} diff --git a/html/cgi-bin/memory.cgi b/html/cgi-bin/memory.cgi deleted file mode 100644 index ed73fb3f8..000000000 --- a/html/cgi-bin/memory.cgi +++ /dev/null @@ -1,177 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; -require "${General::swroot}/graphs.pl"; - -my %cgiparams=(); - -&Graphs::updatememgraph ("day"); - -&Header::showhttpheaders(); -&Header::getcgihash(\%cgiparams); -&Header::openpage($Lang::tr{'memory information'}, 1, ''); -&Header::openbigbox('100%', 'left'); - -&Header::openbox('100%', 'center', "Memory $Lang::tr{'graph'}"); -if (-e "$Header::graphdir/memory-day.png") { - my $ftime = localtime((stat("$Header::graphdir/memory-day.png"))[9]); - print "
    $Lang::tr{'the statistics were last updated at'}: $ftime

    \n"; - print ""; - print ""; - print ""; -} else { - print $Lang::tr{'no information available'}; -} -print "
    \n"; -&Header::closebox(); - -&Header::openbox('100%', 'center', "Swap $Lang::tr{'graph'}"); -if (-e "$Header::graphdir/swap-day.png") { - my $ftime = localtime((stat("$Header::graphdir/swap-day.png"))[9]); - print "
    $Lang::tr{'the statistics were last updated at'}: $ftime

    \n"; - print ""; - print ""; - print ""; -} else { - print $Lang::tr{'no information available'}; -} -print "
    \n"; -&Header::closebox(); - -&Header::openbox('100%', 'center', $Lang::tr{'memory'}); -print ""; -my $ram=0; -my $size=0; -my $used=0; -my $free=0; -my $percent=0; -my $shared=0; -my $buffers=0; -my $cached=0; -open(FREE,'/usr/bin/free |'); -while() -{ - if ($_ =~ m/^\s+total\s+used\s+free\s+shared\s+buffers\s+cached$/ ) - { - print < - - - - - - -END -; - } else { - if ($_ =~ m/^Mem:\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)$/) { - ($ram,$size,$used,$free,$shared,$buffers,$cached) = ($1,$1,$2,$3,$4,$5,$6); - ($percent = ($used/$size)*100) =~ s/^(\d+)(\.\d+)?$/$1%/; - print < - - -END -; - } elsif ($_ =~ m/^Swap:\s+(\d+)\s+(\d+)\s+(\d+)$/) { - ($size,$used,$free) = ($1,$2,$3); - if ($size != 0) - { - ($percent = ($used/$size)*100) =~ s/^(\d+)(\.\d+)?$/$1%/; - } else { - ($percent = ''); - } - print < - - -END -; - } elsif ($ram and $_ =~ m/^-\/\+ buffers\/cache:\s+(\d+)\s+(\d+)$/ ) { - ($used,$free) = ($1,$2); - ($percent = ($used/$ram)*100) =~ s/^(\d+)(\.\d+)?$/$1%/; - print "" - } - print <$used KB - - - -END -; - } -} -close FREE; -print < - - - -
     $Lang::tr{'size'}$Lang::tr{'used'}$Lang::tr{'free'}$Lang::tr{'percentage'}
    $Lang::tr{'ram'}$size KB$Lang::tr{'swap'}$size KB
    $Lang::tr{'excluding buffers and cache'}$free KB -END -; - &percentbar($percent); - print < -$percent

    $Lang::tr{'shared'}$shared KB
    $Lang::tr{'buffers'}$buffers KB
    $Lang::tr{'cached'}$cached KB
    -END -; -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); - -sub percentbar -{ - my $percent = $_[0]; - my $fg = '#a0a0a0'; - my $bg = '#e2e2e2'; - - if ($percent =~ m/^(\d+)%$/ ) - { - print < - -END -; - if ($percent eq "100%") { - print "" - } elsif ($percent eq "0%") { - print "" - } else { - print "" - } - print < -END -; - } -} diff --git a/html/cgi-bin/modem.cgi b/html/cgi-bin/modem.cgi deleted file mode 100644 index 48d1260e8..000000000 --- a/html/cgi-bin/modem.cgi +++ /dev/null @@ -1,130 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %modemsettings=(); -my $errormessage = ''; - -&Header::showhttpheaders(); - -$modemsettings{'ACTION'} = ''; -$modemsettings{'VALID'} = ''; - -&Header::getcgihash(\%modemsettings); - -if ($modemsettings{'ACTION'} eq $Lang::tr{'save'}) -{ - if (!($modemsettings{'TIMEOUT'} =~ /^\d+$/)) - { - $errormessage = $Lang::tr{'timeout must be a number'}; - goto ERROR; - } -ERROR: - if ($errormessage) { - $modemsettings{'VALID'} = 'no'; } - else { - $modemsettings{'VALID'} = 'yes'; } - - &General::writehash("${General::swroot}/modem/settings", \%modemsettings); -} - -if ($modemsettings{'ACTION'} eq $Lang::tr{'restore defaults'}) -{ - system('/bin/cp', "${General::swroot}/modem/defaults", "${General::swroot}/modem/settings", '-f'); -} - -&General::readhash("${General::swroot}/modem/settings", \%modemsettings); - -&Header::openpage($Lang::tr{'modem configuration'}, 1, ''); - -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -print "
    \n"; - -&Header::openbox('100%', 'left', "$Lang::tr{'modem configuration'}:"); -print < - - $Lang::tr{'init string'} * - - $Lang::tr{'hangup string'} * - - - - $Lang::tr{'speaker on'} * - - $Lang::tr{'speaker off'} * - - - - $Lang::tr{'tone dial'} * - - $Lang::tr{'pulse dial'} * - - - - $Lang::tr{'connect timeout'} - -   -   - - - - -
    - - - - - -
    - *  - $Lang::tr{'this field may be blank'} - - - - -
    - -END -; -&Header::closebox(); - -print "\n"; - -&Header::closebigbox(); - -&Header::closepage(); diff --git a/html/cgi-bin/mpfire.cgi b/html/cgi-bin/mpfire.cgi deleted file mode 100644 index 3b5262f8e..000000000 --- a/html/cgi-bin/mpfire.cgi +++ /dev/null @@ -1,481 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %color = (); -my %mainsettings = (); -my %mpfiresettings = (); -my %checked = (); -my $message = '0'; -my $errormessage = ""; - -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -if ( $ENV{'QUERY_STRING'} =~ /title/){ -my $song = `/usr/local/bin/mpfirectrl song 2>/dev/null`; -if ( $song eq "" ){$song = "None";} -&Header::showhttpheaders(); -print < - -Song - - - -
    -= $song =-
    - -END -; -} -else{ -&Header::showhttpheaders(); - -sub refreshpage{&Header::openbox( 'Waiting', 1, "" );print "

    $Lang::tr{'pagerefresh'}
    ";&Header::closebox();} - -$mpfiresettings{'PAGE'} = "1"; - -open(DATEI, "<${General::swroot}/mpfire/db/mpd.db") || die "No Database found"; -my @songdb = ; -close(DATEI); - -my @artist; my @album; my @genre; my @year; my $linecount = 0; my %songs; -my $key;my $file;my $Time;my $Artist;my $Title;my $Album;my $Track;my $Date;my $Genre; -foreach (@songdb){ - if ( $_ =~ /mtime: / ){ - $songs{$key}="$file|$Time|$Artist|$Title|$Album|$Track|$Date|$Genre"; - push(@artist,$Artist);push(@album,$Album);push(@year,$Date);push(@genre,$Genre); - $key="";$file="";$Time="";$Artist="";$Title="";$Album="";$Track="";$Date="";$Genre=""; - } - elsif ( $_ =~ /key: / ){my @temp = split(/: /,$_);$key=$temp[1];} - elsif ( $_ =~ /file: / ){my @temp = split(/: /,$_);$file=$temp[1];} - elsif ( $_ =~ /Time: / ){my @temp = split(/: /,$_);$Time=$temp[1];} - elsif ( $_ =~ /Artist: / ){my @temp = split(/: /,$_);$Artist=$temp[1];} - elsif ( $_ =~ /Title: / ){my @temp = split(/: /,$_);$Title=$temp[1];} - elsif ( $_ =~ /Album: / ){my @temp = split(/: /,$_);$Album=$temp[1];} - elsif ( $_ =~ /Track: / ){my @temp = split(/: /,$_);$Track=$temp[1];} - elsif ( $_ =~ /Date: / ){my @temp = split(/: /,$_);$Date=$temp[1];} - elsif ( $_ =~ /Genre: / ){my @temp = split(/: /,$_);$Genre=$temp[1];} - else {next;} - } - - my %hash = map{ $_, 1 }@artist; - @artist = sort keys %hash; - my %hash = map{ $_, 1 }@album; - @album = sort keys %hash; - my %hash = map{ $_, 1 }@year; - @year = sort keys %hash; - my %hash = map{ $_, 1 }@genre; - @genre = sort keys %hash; - - my $artistcount = $#artist+1; - my $albumcount = $#album+1; - my $yearcount = $#year+1; - my $genrecount = $#genre+1; - -&Header::getcgihash(\%mpfiresettings); -&Header::openpage($Lang::tr{'mpfire'}, 1,); -&Header::openbigbox('100%', 'left', '', $errormessage); - -############################################################################################################################ -######################################## Scanne Verzeichnisse nach Mp3 Dateien ############################################# - -if ( $mpfiresettings{'ACTION'} eq "scan" ) -{ -delete $mpfiresettings{'__CGI__'};delete $mpfiresettings{'x'};delete $mpfiresettings{'y'};delete $mpfiresettings{'PAGE'}; -&General::writehash("${General::swroot}/mpfire/settings", \%mpfiresettings); -open(DATEI, "<${General::swroot}/mpfire/mpd.conf") || die "Datei nicht gefunden"; -my @Zeilen = ; -close(DATEI); -open(DATEI, ">${General::swroot}/mpfire/mpd.conf") || die "Datei nicht gefunden"; -foreach (@Zeilen){ -if ( $_ =~ /music_directory/){print DATEI "music_directory \"".$mpfiresettings{'MUSICDIR'}."\"\n";} -else {print DATEI $_;} -} -close(DATEI); - -$message=system("/usr/local/bin/mpfirectrl scan 2>/dev/null"); -refreshpage(); -} -elsif ( $mpfiresettings{'ACTION'} eq ">" ){$message=system("/usr/local/bin/mpfirectrl","play","\"$mpfiresettings{'FILE'}\"","2>/dev/null");} -elsif ( $mpfiresettings{'ACTION'} eq "x" ){$message=system("/usr/local/bin/mpfirectrl stop 2>/dev/null");} -elsif ( $mpfiresettings{'ACTION'} eq "|>" ){$message=system("/usr/local/bin/mpfirectrl toggle 2>/dev/null");} -elsif ( $mpfiresettings{'ACTION'} eq "<<" ){$message=system("/usr/local/bin/mpfirectrl prev 2>/dev/null");} -elsif ( $mpfiresettings{'ACTION'} eq ">>" ){$message=system("/usr/local/bin/mpfirectrl next 2>/dev/null");} -elsif ( $mpfiresettings{'ACTION'} eq "+" ){$message=system("/usr/local/bin/mpfirectrl volup 5 2>/dev/null");} -elsif ( $mpfiresettings{'ACTION'} eq "-" ){$message=system("/usr/local/bin/mpfirectrl voldown 5 2>/dev/null");} -elsif ( $mpfiresettings{'ACTION'} eq "++" ){$message=system("/usr/local/bin/mpfirectrl volup 10 2>/dev/null");} -elsif ( $mpfiresettings{'ACTION'} eq "--" ){$message=system("/usr/local/bin/mpfirectrl voldown 10 2>/dev/null");} -elsif ( $mpfiresettings{'ACTION'} eq "playweb" ){$message=system("/usr/local/bin/mpfirectrl","playweb","\"$mpfiresettings{'FILE'}\"","2>/dev/null");} -elsif ( $mpfiresettings{'ACTION'} eq "playlist" ){$message=system("/usr/local/bin/mpfirectrl playlist 2>/dev/null");} -elsif ( $mpfiresettings{'ACTION'} eq "emptyplaylist" ){$message=system("/usr/local/bin/mpfirectrl clearplaylist 2>/dev/null");} -elsif ( $mpfiresettings{'ACTION'} eq "addtoplaylist" ){$message=system("/usr/local/bin/mpfirectrl","playadd","\"$mpfiresettings{'FILE'}\"","2>/dev/null");} -elsif ( $mpfiresettings{'ACTION'} eq "playall" ){ -my @temp = ""; my @song = ""; - -foreach (keys(%songs)){ - @song = split(/\|/,$songs{$_});push(@temp,$song[0]) - } -open(DATEI, ">${General::swroot}/mpfire/playlist.m3u") || die "Could not add playlist"; -print DATEI @temp; -close(DATEI); - -$message=system("/usr/local/bin/mpfirectrl playlist 2>/dev/null"); -} -elsif ( $mpfiresettings{'ACTION'} eq "playalbum" ) -{ -my @temp = ""; my @song = ""; my @select = split(/\|/,$mpfiresettings{'album'}); - -foreach (keys(%songs)){ - @song = split(/\|/,$songs{$_});$song[4] =~ s/\W/ /g; - - foreach (@select){ - $_ =~ s/\W/ /g; - if ( $song[4] =~ /$_/ ){push(@temp,$song[0]);} - } -} - -open(DATEI, ">${General::swroot}/mpfire/playlist.m3u") || die "Could not add playlist"; -print DATEI @temp; -close(DATEI); -$message=system("/usr/local/bin/mpfirectrl playlist 2>/dev/null"); -} -elsif ( $mpfiresettings{'ACTION'} eq "playartist" ) -{ -my @temp = ""; my @song = ""; my @select = split(/\|/,$mpfiresettings{'artist'}); - -foreach (keys(%songs)){ - @song = split(/\|/,$songs{$_});$song[2] =~ s/\W/ /g; - - foreach (@select){ - $_ =~ s/\W/ /g; - if ( $song[2] =~ /$_/ ){push(@temp,$song[0]);} - } -} - -open(DATEI, ">${General::swroot}/mpfire/playlist.m3u") || die "Could not add playlist"; -print DATEI @temp; -close(DATEI); -$message=system("/usr/local/bin/mpfirectrl playlist 2>/dev/null"); -} -elsif ( $mpfiresettings{'ACTION'} eq "playyear" ) -{ -my @temp = ""; my @song = ""; my @select = split(/\|/,$mpfiresettings{'year'}); - -foreach (keys(%songs)){ - @song = split(/\|/,$songs{$_});$song[6] =~ s/\W/ /g; - - foreach (@select){ - $_ =~ s/\W/ /g; - if ( $song[6] =~ /$_/ ){push(@temp,$song[0]);} - } -} - -open(DATEI, ">${General::swroot}/mpfire/playlist.m3u") || die "Could not add playlist"; -print DATEI @temp; -close(DATEI); -$message=system("/usr/local/bin/mpfirectrl playlist 2>/dev/null"); -} -elsif ( $mpfiresettings{'ACTION'} eq "playgenre" ) -{ -my @temp = ""; my @song = ""; my @select = split(/\|/,$mpfiresettings{'genre'}); - -foreach (keys(%songs)){ - @song = split(/\|/,$songs{$_});$song[7] =~ s/\W/ /g; - - foreach (@select){ - $_ =~ s/\W/ /g; - if ( $song[7] =~ /$_/ ){push(@temp,$song[0]);} - } -} - -open(DATEI, ">${General::swroot}/mpfire/playlist.m3u") || die "Could not add playlist"; -print DATEI @temp; -close(DATEI); -$message=system("/usr/local/bin/mpfirectrl playlist 2>/dev/null"); -} -elsif ( $mpfiresettings{'SHOWLIST'} ){delete $mpfiresettings{'__CGI__'};delete $mpfiresettings{'x'};delete $mpfiresettings{'y'};delete $mpfiresettings{'PAGE'};&General::writehash("${General::swroot}/mpfire/settings", \%mpfiresettings);refreshpage();} - -############################################################################################################################ -################################### Aufbau der HTML Seite fr globale Sambaeinstellungen #################################### - -$mpfiresettings{'MUSICDIR'} = "/"; - -&General::readhash("${General::swroot}/mpfire/settings", \%mpfiresettings); - -############################################################################################################################ -########################################### rekursiv nach neuen Mp3s Scannen ##############################################ä - -if ( $message ne '0' ) { print "An Error occured while launching the command"; } -elsif ( $message ne "" && $message ne '0' ) { print "$message"; } - -&Header::openbox('100%', 'center', $Lang::tr{'mpfire scanning'}); - -print < - - - - -
    $Lang::tr{'Scan for Files'}
    $Lang::tr{'Scan from Directory'}
    -
    - -END -; -&Header::closebox(); - -my $Volume = `/usr/local/bin/mpfirectrl volume 2>/dev/null`; -$Volume=~s//
    /g; -my $stats = `mpc stats | tail -4 2>/dev/null`; -$stats=~s/\\/
    /g - -&Header::openbox('100%', 'center', $Lang::tr{'mpfire controls'}); -print < - -END -; -my $countsongs=`/usr/local/bin/mpfirectrl stats 2>/dev/null`; -print ""; -print < - - - - - - -END -; -if ( $mpfiresettings{'SHOWLIST'} eq "on" ){print"";} -else { print"";} -print <
    -
    - - - - - -
    ".$countsongs."
    $Volume

    $stats
    -END -; -&Header::closebox(); - -&Header::openbox('100%', 'center', $Lang::tr{'quick playlist'}); - -print ""; -if ( $#songdb eq '-1' ) {print "";} -else {print "";} -print < - - -END -; -if ( $#songdb eq '-1' ) {print "";} -else {print "";} -print < - -
    $Lang::tr{'artist'}$Lang::tr{'album'}
    $Lang::tr{'artist'} - ".$artistcount."$Lang::tr{'album'} - ".$albumcount."
    -
    - - -
    -
    - - -
    $Lang::tr{'year'}$Lang::tr{'genre'}
    $Lang::tr{'year'} - ".$yearcount."$Lang::tr{'genre'} - ".$genrecount."
    -
    - - -
    -
    - - -
    -END -; -&Header::closebox(); - -if ( $mpfiresettings{'SHOWLIST'} eq "on" ){ - -&Header::openbox('100%', 'center', $Lang::tr{'mpfire songs'}); -print < - - - - - - - - - - -END -; -my $lines=0;my $i=0;my $begin;my $end; -if ( $mpfiresettings{'PAGE'} eq 'all' ){ - $begin=0; - $end=keys(%songs); -} -else{ - $begin=(($mpfiresettings{'PAGE'}-1) * 100); - $end=(($mpfiresettings{'PAGE'} * 100)-1); -} -foreach (keys(%songs)){ - if (!($i >= $begin && $i <= $end)){ -# print $begin."->".$i."<-".$end."\n"; - $i++;next;} - my @song = split(/\|/,$songs{$_}); - my $minutes = sprintf ("%.0f", $song[1] / 60 ); - my $seconds = $song[1] % 60; - - if ($lines % 2) {print "";} else {print "";} - print <
    -
    - - - - - -END -; - $lines++; - $i++; - } -print "
    $Lang::tr{'Existing Files'}

    $Lang::tr{'Pages'}

    -END -; -my $pages =(int(keys(%songs)/100)+1); -for(my $i = 1; $i <= $pages; $i++) { -print ""; -if (!($i % 205)){print"
    ";} -} -print <
    $Lang::tr{'artist'}
    $Lang::tr{'title'}
    $Lang::tr{'number'}$Lang::tr{'album'}$Lang::tr{'year'}$Lang::tr{'genre'}$Lang::tr{'length'}
    $song[2]
    $song[3]
    $song[5]$song[4]$song[6]$song[7]$minutes:$seconds
    "; -&Header::closebox(); -} - -&Header::openbox('100%', 'center', $Lang::tr{'mpfire playlist'}); - -my @playlist = `mpc playlist 2>/dev/null`; - -print < -$Lang::tr{'current playlist'} - - -
    - - -
    - - -
    - - -
    - - -END -; -&Header::closebox(); - -&Header::openbox('100%', 'center', $Lang::tr{'mpfire webradio'}); - -open(DATEI, "<${General::swroot}/mpfire/webradio") || die "Could not open playlist"; -my @webradio = ; -close(DATEI); - -print < -$Lang::tr{'webradio playlist'} -Stream -END -; -my $lines=0; -foreach (@webradio){ - my @stream = split(/\|/,$_); - $lines++; - chomp($stream[2]); - if ($lines % 2) {print "";} else {print "";} -print <$stream[1] -
    - -END -; - } - $lines++; - if ($lines % 2) {print "";} else {print "";} -print <

    http:// -
    - -END -; -print ""; -&Header::closebox(); - -&Header::closebigbox(); -&Header::closepage(); -} diff --git a/html/cgi-bin/network.cgi b/html/cgi-bin/network.cgi deleted file mode 100644 index 1a77bee99..000000000 --- a/html/cgi-bin/network.cgi +++ /dev/null @@ -1,189 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; -require "${General::swroot}/graphs.pl"; - -my %cgiparams=(); -my %pppsettings=(); -my %netsettings=(); -my @cgiparams=(); -my @graphs=(); -my $iface=''; -my %dhcpsettings=(); -my %dhcpinfo=(); -my $output=''; - -&Header::showhttpheaders(); - -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - -$ENV{'QUERY_STRING'} =~ s/&//g; -@cgiparams = split(/network=/,$ENV{'QUERY_STRING'}); -$cgiparams[1] = '' unless defined $cgiparams[1]; - -if ($cgiparams[1] =~ /red/) { - &Header::openpage($Lang::tr{'network traffic graphs external'}, 1, ''); - push (@graphs, ("RED")); - push (@graphs, ('lq')); -} else { - &Header::openpage($Lang::tr{'network traffic graphs internal'}, 1, ''); - push (@graphs, ('GREEN')); - if ($netsettings{'BLUE_DEV'}) { - push (@graphs, ('BLUE')); } - if ($netsettings{'ORANGE_DEV'}) { - push (@graphs, ('ORANGE')); } -} - -&Header::openbigbox('100%', 'left'); - -foreach my $graphname (@graphs) { - - if ($graphname eq "lq" ) - { &Graphs::updatelqgraph("day"); } - else - { &Graphs::updateifgraph($graphname, "day"); } - - &Header::openbox('100%', 'center', "$graphname $Lang::tr{'graph'}"); - if (-e "$Header::graphdir/${graphname}-day.png") { - my $ftime = localtime((stat("$Header::graphdir/${graphname}-day.png"))[9]); - print "
    $Lang::tr{'the statistics were last updated at'}: $ftime

    \n"; - print ""; - print ""; - print ""; - } else { - print $Lang::tr{'no information available'}; - } - print "
    \n"; - &Header::closebox(); -} - -if ($cgiparams[1] =~ /red/) { - - if ( $netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ && $netsettings{'RED_TYPE'} eq "DHCP") { - - &Header::openbox('100%', 'left', "RED $Lang::tr{'dhcp configuration'}"); - if (-s "${General::swroot}/dhcpc/dhcpcd-$netsettings{'RED_DEV'}.info") { - - &General::readhash("${General::swroot}/dhcpc/dhcpcd-$netsettings{'RED_DEV'}.info", \%dhcpinfo); - - my $DNS1=`echo $dhcpinfo{'DNS'} | cut -f 1 -d ,`; - my $DNS2=`echo $dhcpinfo{'DNS'} | cut -f 2 -d ,`; - - my $lsetme=0; - my $leasetime=""; - if ($dhcpinfo{'LEASETIME'} ne "") { - $lsetme=$dhcpinfo{'LEASETIME'}; - $lsetme=($lsetme/60); - if ($lsetme > 59) { - $lsetme=($lsetme/60); $leasetime=$lsetme." Hour"; - } else { - $leasetime=$lsetme." Minute"; - } - if ($lsetme > 1) { - $leasetime=$leasetime."s"; - } - } - my $rentme=0; - my $rnwltime=""; - if ($dhcpinfo{'RENEWALTIME'} ne "") { - $rentme=$dhcpinfo{'RENEWALTIME'}; - $rentme=($rentme/60); - if ($rentme > 59){ - $rentme=($rentme/60); $rnwltime=$rentme." Hour"; - } else { - $rnwltime=$rentme." Minute"; - } - if ($rentme > 1){ - $rnwltime=$rnwltime."s"; - } - } - my $maxtme=0; - my $maxtime=""; - if ($dhcpinfo{'REBINDTIME'} ne "") { - $maxtme=$dhcpinfo{'REBINDTIME'}; - $maxtme=($maxtme/60); - if ($maxtme > 59){ - $maxtme=($maxtme/60); $maxtime=$maxtme." Hour"; - } else { - $maxtime=$maxtme." Minute"; - } - if ($maxtme > 1) { - $maxtime=$maxtime."s"; - } - } - - print ""; - if ($dhcpinfo{'HOSTNAME'}) { - print "\n"; - } else { - print "\n"; - } - print < - - - - - - -
    $Lang::tr{'hostname'}$dhcpinfo{'HOSTNAME'}.$dhcpinfo{'DOMAIN'}
    $Lang::tr{'domain'}$dhcpinfo{'DOMAIN'}
    $Lang::tr{'gateway'}$dhcpinfo{'GATEWAY'}
    $Lang::tr{'primary dns'}$DNS1
    $Lang::tr{'secondary dns'}$DNS2
    $Lang::tr{'dhcp server'}$dhcpinfo{'DHCPSIADDR'}
    $Lang::tr{'def lease time'}$leasetime
    $Lang::tr{'default renewal time'}$rnwltime
    $Lang::tr{'max renewal time'}$maxtime
    -END - ; - } - else - { - print "$Lang::tr{'no dhcp lease'}"; - } - &Header::closebox(); - } - - if ($dhcpsettings{'ENABLE_GREEN'} eq 'on' || $dhcpsettings{'ENABLE_BLUE'} eq 'on') { - &Header::CheckSortOrder; - &Header::PrintActualLeases; - } - -} else { - - &Header::openbox('100%', 'left', $Lang::tr{'routing table entries'}); - $output = `/sbin/ip route show`; - $output = &Header::cleanhtml($output,"y"); - print "
    $output
    \n"; - &Header::closebox(); - - &Header::openbox('100%', 'left', $Lang::tr{'arp table entries'}); - $output = `/sbin/ip neigh show`; - $output = &Header::cleanhtml($output,"y"); - print "
    $output
    \n"; - &Header::closebox(); - -} - -&Header::closebigbox(); -&Header::closepage(); diff --git a/html/cgi-bin/networks.cgi b/html/cgi-bin/networks.cgi deleted file mode 100644 index b14f3c664..000000000 --- a/html/cgi-bin/networks.cgi +++ /dev/null @@ -1,419 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - - -use strict; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %netsettings=(); -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - -my @networks=(); -my $filename = "${General::swroot}/firewall/customnetworks"; -&setup_default_networks(); - -&Header::getcgihash(\%cgiparams); - -if ($cgiparams{'ACTION'} eq $Lang::tr{'add'}){ - - &validateparams(); - unless($errormessage){ - $key++; # Add one to last sequence number - open(FILE,">>$filename") or die 'Unable to open custom networks file.'; - flock FILE, 2; - print FILE "$key,$cgiparams{'NAME'},$cgiparams{'IPADDRESS'},$cgiparams{'NETMASK'}\n"; - close(FILE); - &General::log("$Lang::tr{'network added'}: $cgiparams{'NAME'}"); - undef %cgiparams; - } -} - -if ($cgiparams{'ACTION'} eq $Lang::tr{'update'}) -{ - &validateparams(); - # Darren Critchley - If there is an error don't waste any more processing time - if ($errormessage) { $cgiparams{'ACTION'} = $Lang::tr{'edit'}; goto UPD_ERROR; } - - unless($errormessage){ - open(FILE, $filename) or die 'Unable to open custom networks file.'; - my @current = ; - close(FILE); - open(FILE, ">$filename") or die 'Unable to open config file.'; - flock FILE, 2; - foreach my $line (@current) { - chomp($line); - my @temp = split(/\,/,$line); - if ($cgiparams{'KEY'} eq $temp[0]) { - print FILE "$cgiparams{'KEY'},$cgiparams{'NAME'},$cgiparams{'IPADDRESS'},$cgiparams{'NETMASK'}\n"; - } else { - print FILE "$line\n"; - } - } - close(FILE); - &General::log("$Lang::tr{'network updated'}: $cgiparams{'NAME'}"); - undef %cgiparams; - } -UPD_ERROR: -} - -if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) -{ - open(FILE, "$filename") or die 'Unable to open custom networks file.'; - my @current = ; - close(FILE); - - unless ($errormessage) - { - foreach my $line (@current) - { - chomp($line); - my @temp = split(/\,/,$line); - if ($cgiparams{'KEY'} eq $temp[0]) { - $cgiparams{'NAME'} = $temp[1]; - $cgiparams{'IPADDRESS'} = $temp[2]; - $cgiparams{'NETMASK'} = $temp[3]; - } - - } - } -} - -if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) -{ - open(FILE, $filename) or die 'Unable to open custom networks file.'; - my @current = ; - close(FILE); - - open(FILE, ">$filename") or die 'Unable to open custom networks file.'; - flock FILE, 2; - foreach my $line (@current) - { - chomp($line); - if ($line ne '') { - my @temp = split(/\,/,$line); - if ($cgiparams{'KEY'} eq $temp[0]) { - &General::log("$Lang::tr{'network removed'}: $temp[1]"); - } else { - print FILE "$temp[0],$temp[1],$temp[2],$temp[3]\n"; - } - } - } - close(FILE); - undef %cgiparams; -} - -if ($cgiparams{'ACTION'} eq $Lang::tr{'reset'}) -{ - undef %cgiparams; -} - -if ($cgiparams{'ACTION'} eq '') -{ - $cgiparams{'KEY'} = ''; - $cgiparams{'IPADDRESS'} = ''; - $cgiparams{'NETMASK'} = ''; - $cgiparams{'NAME'} = ''; -} - -&Header::showhttpheaders(); - -&Header::openpage($Lang::tr{'networks settings'}, 1, ''); - -&Header::openbigbox('100%', 'LEFT', '', $errormessage); - -# DEBUG DEBUG -#&Header::openbox('100%', 'LEFT', 'DEBUG'); -#foreach $line (keys %cgiparams) { -# print "$line = $cgiparams{$line}
    "; -#} -#print "$ENV{'QUERY_STRING'}\n"; -#print " 
    \n"; -#&Header::closebox(); - -if ($errormessage) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); - print "$errormessage\n"; - print " \n"; - &Header::closebox(); -} - -if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}){ - &Header::openbox('100%', 'LEFT', "$Lang::tr{'edit network'}:"); -} else { - &Header::openbox('100%', 'LEFT', "$Lang::tr{'add network'}:"); -} -print < -
    - - - - - - - - - - - - - -END -; -if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}){ -# Darren Critchley - put in next release - author has authorized GPL inclusion -# print "\n"; - print "\n"; - print "\n"; - print "\n"; -} else { -# Darren Critchley - put in next release - author has authorized GPL inclusion -# print "\n"; - print "\n"; - print "\n"; -} -print < -
    $Lang::tr{'name'}$Lang::tr{'ip address'}$Lang::tr{'netmask'}   
    - - - - - - IP CalculatorIP Calculator
    -
    - -END -; -&Header::closebox(); - -&Header::openbox('100%', 'LEFT', "$Lang::tr{'custom networks'}:"); -print < - - - - - - -END -; -&display_custom_networks(); -print < - -END -; -&Header::closebox(); - -&Header::openbox('100%', 'LEFT', "$Lang::tr{'default networks'}:"); -print < -
    $Lang::tr{'name'}$Lang::tr{'ip address'}$Lang::tr{'netmask'}
    - - - - - -END -; -&display_default_networks(); -print < - -END -; -&Header::closebox(); - - print "$Lang::tr{'this feature has been sponsored by'} : "; - print "Kobelt Development Inc..\n"; - -&Header::closebigbox(); - -&Header::closepage(); - -sub display_custom_networks -{ - open(FILE, "$filename") or die 'Unable to open networks file.'; - my @current = ; - close(FILE); - - my $id = 0; - foreach $line (@current) - { - chomp($line); - if ($line ne ''){ - my @temp = split(/\,/,$line); - # Darren Critchley highlight the row we are editing - if ( $cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'KEY'} eq $temp[0] ) { - print "\n"; - } else { - if ($id % 2) { - print "\n"; - } else { - print "\n"; - } - } - print "\n"; - print "\n"; - print "\n"; - print < - - - - - -END -; - print "\n"; - $id++; - } - } -} - -sub display_default_networks -{ - foreach $line (sort @networks) - { - my @temp = split(/\,/,$line); - if ($id % 2) { - print "\n"; - } else { - print "\n"; - } - print "\n"; - print "\n"; - print "\n"; - print "\n"; - $id++; - } -} - -sub setup_default_networks -{ - # Get current defined networks (Red, Green, Blue, Orange) - my $line = "Any,0.0.0.0,0.0.0.0"; - push (@networks, $line); - $line = "localhost,127.0.0.1,255.255.255.255"; - push (@networks, $line); - $line = "localnet,127.0.0.0,255.0.0.0"; - push (@networks, $line); - $line = "Private Network 10.0.0.0,10.0.0.0,255.0.0.0"; - push (@networks, $line); - $line = "Private Network 172.16.0.0,172.16.0.0,255.240.0.0"; - push (@networks, $line); - $line = "Private Network 192.168.0.0,192.168.0.0,255.255.0.0"; - push (@networks, $line); - - my $red_address=`cat ${General::swroot}/red/local-ipaddress`; - $line = "Red Address,$red_address,"; - push (@networks, $line); - - $line = "Green Address,$netsettings{'GREEN_ADDRESS'},255.255.255.255"; - push (@networks, $line); - $line = "Green Network,$netsettings{'GREEN_NETADDRESS'},$netsettings{'GREEN_NETMASK'}"; - push (@networks, $line); - - if ($netsettings{'ORANGE_DEV'}ne ''){ - $line = "Orange Address,$netsettings{'ORANGE_ADDRESS'},255.255.255.255"; - push (@networks, $line); - $line = "Orange Network,$netsettings{'ORANGE_NETADDRESS'},$netsettings{'ORANGE_NETMASK'}"; - push (@networks, $line); - } - - if ($netsettings{'BLUE_DEV'}ne ''){ - $line = "Blue Address,$netsettings{'BLUE_ADDRESS'},255.255.255.255"; - push (@networks, $line); - $line = "Blue Network,$netsettings{'BLUE_NETADDRESS'},$netsettings{'BLUE_NETMASK'}"; - push (@networks, $line); - } - open(FILE, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.'; - my @current = ; - close(FILE); - my $ctr = 0; - foreach my $lne (@current) - { - if ($lne ne ''){ - chomp($lne); - my @temp = split(/\,/,$lne); - if ($temp[2] eq '') { - $temp[2] = "Alias $ctr : $temp[0]"; - } - $line = "$temp[2],$temp[0],"; - push (@networks, $line); - $ctr++; - } - } -} - -# Validate Field Entries -sub validateparams -{ - if ($cgiparams{'NAME'} eq '') { - $errormessage = $Lang::tr{'nonetworkname'}; - return; - } - $cgiparams{'NAME'}=&Header::cleanhtml($cgiparams{'NAME'}); - unless(&General::validip($cgiparams{'IPADDRESS'})){$errormessage = $Lang::tr{'invalid ip'}; } - unless($errormessage){ - my @tmp = split(/\./,$cgiparams{'IPADDRESS'}); - if ($cgiparams{'NETMASK'} eq '' && $tmp[3] ne '255' && $tmp[3] ne '0'){ - $cgiparams{'NETMASK'} = "255.255.255.255"; - } - } - unless(&General::validmask($cgiparams{'NETMASK'})){$errormessage = $Lang::tr{'subnet is invalid'}; } - - open(FILE, $filename) or die 'Unable to open custom network file.'; - my @current = ; - close(FILE); - foreach my $line (@current) - { - chomp($line); - if ($line ne '') { - my @temp = split(/\,/,$line); - if ($cgiparams{'NAME'} eq $temp[1] && $cgiparams{'KEY'} ne $temp[0]) { - $errormessage=$Lang::tr{'duplicate name'}; - return; - } - $key=$temp[0]; - } - } - foreach $line (@networks) - { - my @temp = split(/\,/,$line); - if ($cgiparams{'NAME'} eq $temp[0]) { - $errormessage=$Lang::tr{'duplicate name'}; - return; - } - } -} diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi deleted file mode 100644 index 013f6005e..000000000 --- a/html/cgi-bin/outgoingfw.cgi +++ /dev/null @@ -1,523 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %outfwsettings = (); -my %checked = (); -my %selected= () ; -my %netsettings = (); -my $errormessage = ""; -my $configentry = ""; -my @configs = (); -my @configline = (); -my $p2pentry = ""; -my @p2ps = (); -my @p2pline = (); - -my $configfile = "/var/ipfire/outgoing/rules"; -my $p2pfile = "/var/ipfire/outgoing/p2protocols"; -my $servicefile = "/var/ipfire/outgoing/defaultservices"; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - -&Header::showhttpheaders(); - -### Values that have to be initialized -$outfwsettings{'ACTION'} = ''; -$outfwsettings{'VALID'} = 'yes'; -$outfwsettings{'EDIT'} = 'no'; -$outfwsettings{'NAME'} = ''; -$outfwsettings{'SNET'} = ''; -$outfwsettings{'SIP'} = ''; -$outfwsettings{'SPORT'} = ''; -$outfwsettings{'SMAC'} = ''; -$outfwsettings{'DIP'} = ''; -$outfwsettings{'DPORT'} = ''; -$outfwsettings{'PROT'} = ''; -$outfwsettings{'STATE'} = ''; -$outfwsettings{'DISPLAY_DIP'} = ''; -$outfwsettings{'DISPLAY_DPORT'} = ''; -$outfwsettings{'DISPLAY_SMAC'} = ''; -$outfwsettings{'DISPLAY_SIP'} = ''; -$outfwsettings{'POLICY'} = 'MODE0'; - -&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings); -&Header::getcgihash(\%outfwsettings); - -if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; } -if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; } -if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; } - -&Header::openpage('Ausgehende Firewall', 1, ''); -&Header::openbigbox('100%', 'left', '', $errormessage); - -############################################################################################################################ -############################################################################################################################ - -if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'}) -{ - $outfwsettings{'POLICY'}='MODE0'; - unlink $configfile; - system("/usr/bin/touch $configfile"); - my $MODE = $outfwsettings{'POLICY'}; - %outfwsettings = (); - $outfwsettings{'POLICY'} = "$MODE"; - &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings); -} -if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'}) -{ - my $MODE = $outfwsettings{'POLICY'}; - %outfwsettings = (); - $outfwsettings{'POLICY'} = "$MODE"; - &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings); - system("/usr/local/bin/outgoingfwctrl"); -} -if ($outfwsettings{'ACTION'} eq 'enable') -{ - open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; - @p2ps = ; - close FILE; - open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile"; - foreach $p2pentry (sort @p2ps) - { - @p2pline = split( /\;/, $p2pentry ); - if ($p2pline[1] eq $outfwsettings{'P2PROT'}) { - print FILE "$p2pline[0];$p2pline[1];on;\n"; - } else { - print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n"; - } - } - close FILE; - system("/usr/local/bin/outgoingfwctrl"); -} -if ($outfwsettings{'ACTION'} eq 'disable') -{ - open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; - @p2ps = ; - close FILE; - open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile"; - foreach $p2pentry (sort @p2ps) - { - @p2pline = split( /\;/, $p2pentry ); - if ($p2pline[1] eq $outfwsettings{'P2PROT'}) { - print FILE "$p2pline[0];$p2pline[1];off;\n"; - } else { - print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n"; - } - } - close FILE; - system("/usr/local/bin/outgoingfwctrl"); -} -if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'}) -{ - open( FILE, "< $configfile" ) or die "Unable to read $configfile"; - @configs = ; - close FILE; - open( FILE, "> $configfile" ) or die "Unable to write $configfile"; - foreach $configentry (sort @configs) - { - @configline = split( /\;/, $configentry ); - unless (($configline[0] eq $outfwsettings{'STATE'}) && - ($configline[1] eq $outfwsettings{'ENABLED'}) && - ($configline[2] eq $outfwsettings{'SNET'}) && - ($configline[3] eq $outfwsettings{'PROT'}) && - ($configline[4] eq $outfwsettings{'NAME'}) && - ($configline[5] eq $outfwsettings{'SIP'}) && - ($configline[6] eq $outfwsettings{'SMAC'}) && - ($configline[7] eq $outfwsettings{'DIP'}) && - ($configline[9] eq $outfwsettings{'LOG'}) && - ($configline[8] eq $outfwsettings{'DPORT'})) - { - print FILE $configentry; - } - } - close FILE; - $selected{'SNET'}{"$outfwsettings{'SNET'}"} = 'selected'; - $selected{'PROT'}{"$outfwsettings{'PROT'}"} = 'selected'; - $selected{'LOG'}{"$outfwsettings{'LOG'}"} = 'selected'; - &addrule(); - &Header::closebigbox(); - &Header::closepage(); - exit - system("/usr/local/bin/outgoingfwctrl"); -} -if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'}) -{ - open( FILE, "< $configfile" ) or die "Unable to read $configfile"; - @configs = ; - close FILE; - open( FILE, "> $configfile" ) or die "Unable to write $configfile"; - foreach $configentry (sort @configs) - { - @configline = split( /\;/, $configentry ); - unless (($configline[0] eq $outfwsettings{'STATE'}) && - ($configline[1] eq $outfwsettings{'ENABLED'}) && - ($configline[2] eq $outfwsettings{'SNET'}) && - ($configline[3] eq $outfwsettings{'PROT'}) && - ($configline[4] eq $outfwsettings{'NAME'}) && - ($configline[5] eq $outfwsettings{'SIP'}) && - ($configline[6] eq $outfwsettings{'SMAC'}) && - ($configline[7] eq $outfwsettings{'DIP'}) && - ($configline[9] eq $outfwsettings{'LOG'}) && - ($configline[8] eq $outfwsettings{'DPORT'})) - { - print FILE $configentry; - } - } - close FILE; - system("/usr/local/bin/outgoingfwctrl"); -} -if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'}) -{ - if ( $outfwsettings{'VALID'} eq 'yes' ) { - open( FILE, ">> $configfile" ) or die "Unable to write $configfile"; - print FILE <$errormessage\n"; - print " \n"; - &Header::closebox(); -} - -############################################################################################################################ -############################################################################################################################ - -if ($outfwsettings{'POLICY'} ne 'MODE0'){ - &Header::openbox('100%', 'center', 'Rules'); - print < - - -END -; - open( FILE, "< $configfile" ) or die "Unable to read $configfile"; - @configs = ; - close FILE; - if (@configs) { - print < -
    $Lang::tr{'name'}$Lang::tr{'ip address'}$Lang::tr{'netmask'}
    $temp[1]$temp[2]$temp[3] - - - -
    - - - -
    $temp[0]$temp[1]$temp[2]
    - - \n"; - print <$p2pline[0]: - -
    Protokoll - Netzwerk - Ziel - Anmerkung - Politik - Logging - Aktionen -END -; - foreach $configentry (sort @configs) - { - @configline = split( /\;/, $configentry ); - $outfwsettings{'STATE'} = $configline[0]; - $outfwsettings{'ENABLED'} = $configline[1]; - $outfwsettings{'SNET'} = $configline[2]; - $outfwsettings{'PROT'} = $configline[3]; - $outfwsettings{'NAME'} = $configline[4]; - $outfwsettings{'SIP'} = $configline[5]; - $outfwsettings{'SMAC'} = $configline[6]; - $outfwsettings{'DIP'} = $configline[7]; - $outfwsettings{'DPORT'} = $configline[8]; - $outfwsettings{'LOG'} = $configline[9]; - if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; } - if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; } - if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "DENY"; } - if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "ALLOW"; } - if ((($outfwsettings{'POLICY'} eq 'MODE1') && ($outfwsettings{'STATE'} eq 'ALLOW')) || (($outfwsettings{'POLICY'} eq 'MODE2') && ($outfwsettings{'STATE'} eq 'DENY'))){ - print < - $outfwsettings{'PROT'} - $outfwsettings{'SNET'} - $outfwsettings{'DISPLAY_DIP'}:$outfwsettings{'DISPLAY_DPORT'} - $outfwsettings{'NAME'} - $outfwsettings{'DISPLAY_STATE'} - $outfwsettings{'LOG'} - - -
    - - - - - - - - - - - - -
    -
    - - - - - - - - - - - - -
    -END -; - if (($outfwsettings{'SIP'}) || ($outfwsettings{'SMAC'})) { - unless ($outfwsettings{'SIP'}) { $outfwsettings{'DISPLAY_SIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'}; } - unless ($outfwsettings{'SMAC'}) { $outfwsettings{'DISPLAY_SMAC'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'}; } - print <
    Quell-IP-Adresse: - $outfwsettings{'DISPLAY_SIP'} - Quell-MAC-Adresse: - $outfwsettings{'DISPLAY_SMAC'} - -END -; - } - print < -END -; - } - } - print < -END -; - - } - &Header::closebox(); -} - -if ($outfwsettings{'POLICY'} ne 'MODE0'){ - open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; - @p2ps = ; - close FILE; - &Header::openbox('100%', 'center', 'P2P-Block'); - print < -
    Protokoll - Status -END -; - my $id = 1; - foreach $p2pentry (sort @p2ps) - { - @p2pline = split( /\;/, $p2pentry ); - print < -END -; - print "\t\t\t
    -END -; - if ($p2pline[2] eq 'on') { - print < - -END -; - } else { - print < - -END -; - } - print < -END -; - } - print < -
    Klicken Sie auf die Symbole um das entsprechende iptables P2P-Blockmodul zu (de-)aktivieren. -END -; - &Header::closebox(); -} - -&Header::openbox('100%', 'center', 'Policy'); -print < - - - - - - \n\n"; - print "\n"; - &Header::closebox(); - &Header::closebigbox(); - &Header::closepage(); - exit (0); -} -##hier die refresh page - - -### -### OpenVPN Server Control -### -if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} || - $cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'} || - $cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}) { - #start openvpn server - if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){ - &emptyserverlog(); - system('/usr/local/bin/openvpnctrl', '-s'); - } - #stop openvpn server - if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){ - system('/usr/local/bin/openvpnctrl', '-k'); - &emptyserverlog(); - } -# #restart openvpn server - if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){ -#workarund, till SIGHUP also works when running as nobody - system('/usr/local/bin/openvpnctrl', '-r'); - &emptyserverlog(); - } -} - -### -### Save Advanced options -### - -if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too, - #DAN this value has to leave. -#new settings for daemon - $vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'}; - $vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'}; - $vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'}; - $vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'}; - $vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'}; - $vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'}; - $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'}; - $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'}; - $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'}; - - if ($cgiparams{'DHCP_DOMAIN'} ne ''){ - unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) { - $errormessage = $Lang::tr{'invalid input for dhcp domain'}; - goto ADV_ERROR; - } - } - if ($cgiparams{'DHCP_DNS'} ne ''){ - unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) { - $errormessage = $Lang::tr{'invalid input for dhcp dns'}; - goto ADV_ERROR; - } - } - if ($cgiparams{'DHCP_WINS'} ne ''){ - unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) { - $errormessage = $Lang::tr{'invalid input for dhcp wins'}; - goto ADV_ERROR; - } - } - if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) { - $errormessage = $Lang::tr{'invalid input for max clients'}; - goto ADV_ERROR; - } - if ($cgiparams{'KEEPALIVE_1'} ne '') { - if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) { - $errormessage = $Lang::tr{'invalid input for keepalive 1'}; - goto ADV_ERROR; - } - } - if ($cgiparams{'KEEPALIVE_2'} ne ''){ - if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) { - $errormessage = $Lang::tr{'invalid input for keepalive 2'}; - goto ADV_ERROR; - } - } - if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){ - $errormessage = $Lang::tr{'invalid input for keepalive 1:2'}; - goto ADV_ERROR; - } - - &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings); - &writeserverconf();#hier ok -} - - - - -### -### Save main settings -### -if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') { - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too, - #DAN this value has to leave. - if ($cgiparams{'ENABLED'} eq 'on'){ - unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})) { - $errormessage = $Lang::tr{'invalid input for hostname'}; - goto SETTINGS_ERROR; - } - } - if ($cgiparams{'ENABLED'} eq 'on'){ - &disallowreserved($cgiparams{'DDEST_PORT'},0,$cgiparams{'DPROTOCOL'},"dest"); - } - if ($errormessage) { goto SETTINGS_ERROR; } - - - if ($cgiparams{'ENABLED'} eq 'on'){ - &checkportfw(0,$cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'},'0.0.0.0'); - } - - if ($errormessage) { goto SETTINGS_ERROR; } - - if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) { - $errormessage = $Lang::tr{'ovpn subnet is invalid'}; - goto SETTINGS_ERROR; - } - my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'}); - - if (&General::IpInSubnet ( $netsettings{'RED_ADDRESS'}, - $tmpovpnsubnet[0], $tmpovpnsubnet[1])) { - $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire RED Network $netsettings{'RED_ADDRESS'}"; - goto SETTINGS_ERROR; - } - - if (&General::IpInSubnet ( $netsettings{'GREEN_ADDRESS'}, - $tmpovpnsubnet[0], $tmpovpnsubnet[1])) { - $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Green Network $netsettings{'GREEN_ADDRESS'}"; - goto SETTINGS_ERROR; - } - - if (&General::IpInSubnet ( $netsettings{'BLUE_ADDRESS'}, - $tmpovpnsubnet[0], $tmpovpnsubnet[1])) { - $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Blue Network $netsettings{'BLUE_ADDRESS'}"; - goto SETTINGS_ERROR; - } - - if (&General::IpInSubnet ( $netsettings{'ORANGE_ADDRESS'}, - $tmpovpnsubnet[0], $tmpovpnsubnet[1])) { - $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Orange Network $netsettings{'ORANGE_ADDRESS'}"; - goto SETTINGS_ERROR; - } - open(ALIASES, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.'; - while () - { - chomp($_); - my @tempalias = split(/\,/,$_); - if ($tempalias[1] eq 'on') { - if (&General::IpInSubnet ($tempalias[0] , - $tmpovpnsubnet[0], $tmpovpnsubnet[1])) { - $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire alias entry $tempalias[0]"; - } - } - } - close(ALIASES); - if ($errormessage ne ''){ - goto SETTINGS_ERROR; - } - if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) { - $errormessage = $Lang::tr{'invalid input'}; - goto SETTINGS_ERROR; - } - if ((length($cgiparams{'DMTU'})==0) || (($cgiparams{'DMTU'}) < 1000 )) { - $errormessage = $Lang::tr{'invalid mtu input'}; - goto SETTINGS_ERROR; - } - - unless (&General::validport($cgiparams{'DDEST_PORT'})) { - $errormessage = $Lang::tr{'invalid port'}; - goto SETTINGS_ERROR; - } - $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'}; - $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'}; - $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'}; - $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'}; -#new settings for daemon - $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'}; - $vpnsettings{'DDEVICE'} = $cgiparams{'DDEVICE'}; - $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'}; - $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'}; - $vpnsettings{'DMTU'} = $cgiparams{'DMTU'}; - $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'}; - $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'}; -#wrtie enable - - if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");} - if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");} - if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");} -#new settings for daemon - &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings); - &writeserverconf();#hier ok -SETTINGS_ERROR: -### -### Reset all step 2 -### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'} && $cgiparams{'AREUSURE'} eq 'yes') { - my $file = ''; - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - foreach my $key (keys %confighash) { - if ($confighash{$key}[4] eq 'cert') { - delete $confighash{$cgiparams{'$key'}}; - } - } - while ($file = glob("${General::swroot}/ovpn/ca/*")) { - unlink $file - } - while ($file = glob("${General::swroot}/ovpn/certs/*")) { - unlink $file - } - while ($file = glob("${General::swroot}/ovpn/crls/*")) { - unlink $file - } - &cleanssldatabase(); - if (open(FILE, ">${General::swroot}/ovpn/caconfig")) { - print FILE ""; - close FILE; - } - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - #&writeserverconf(); -### -### Reset all step 1 -### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'}) { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'}); - print <
    -
    -
    Modus 0:In diesem Modus ist es allen Rechnern im Netzwerk uneingeschraenkt moeglich Verbindungen ins Internet aufzubauen.
    Modus 1:In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.
    Modus 2:In diesem Modus werden saemtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.

    - - -END -; - if ($outfwsettings{'POLICY'} ne 'MODE0') { - print < -END -; - } -print < - -END -; -&Header::closebox(); - -&Header::closebigbox(); -&Header::closepage(); - -############################################################################################################################ -############################################################################################################################ - -sub addrule -{ - &Header::openbox('100%', 'center', 'Rules hinzufuegen'); - if ($outfwsettings{'EDIT'} eq 'no') { $selected{'ENABLED'} = 'checked'; } - print < - - -
    Anmerkung: - - Aktiviert: - -
    Protokoll: - - Sicherheitspolitik: - -END -; - if ($outfwsettings{'POLICY'} eq 'MODE1'){ - print "\t\t\tALLOW\n"; - } elsif ($outfwsettings{'POLICY'} eq 'MODE2'){ - print "\t\t\tDENY\n"; - } - print <Quellnetz: - Quell-IP-Adresse: - -
    Logging: - Quell-MAC-Adresse: - -
    Ziel-IP-Adresse: - - Ziel-Port: - -
    -
    $Lang::tr{'this field may be blank'} - -
    -END -; - &Header::closebox(); - -if ($outfwsettings{'POLICY'} eq 'MODE1' || $outfwsettings{'POLICY'} eq 'MODE2') -{ -&Header::openbox('100%', 'center', 'Quick Add'); - - open( FILE, "< /var/ipfire/outgoing/defaultservices" ) or die "Unable to read default services"; - my @defservices = ; - close FILE; - -print ""; -foreach my $serviceline(@defservices) - { - my @service = split(/,/,$serviceline); - print <
    -
    - - - - - ";} - elsif ($outfwsettings{'POLICY'} eq 'MODE2'){print "";} - } - print "
    $Lang::tr{'service'}$Lang::tr{'description'}$Lang::tr{'port'}$Lang::tr{'protocol'}$Lang::tr{'source net'}$Lang::tr{'logging'}
    $service[0]$service[3]$service[1]$service[2] - - - -END -; - if ($outfwsettings{'POLICY'} eq 'MODE1'){ print "
    "; - &Header::closebox(); - } -} diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi deleted file mode 100644 index 746f7eece..000000000 --- a/html/cgi-bin/ovpnmain.cgi +++ /dev/null @@ -1,2967 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use CGI; -use CGI qw/:standard/; -use Net::DNS; -use File::Copy; -use File::Temp qw/ tempfile tempdir /; -use strict; -use Archive::Zip qw(:ERROR_CODES :CONSTANTS); -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; -require "${General::swroot}/countries.pl"; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::colourgreen} ); -undef (@dummy); - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -### -### Initialize variables -### -my %netsettings=(); -my %cgiparams=(); -my %vpnsettings=(); -my %checked=(); -my %confighash=(); -my %cahash=(); -my %selected=(); -my $warnmessage = ''; -my $errormessage = ''; -my %settings=(); -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); -$cgiparams{'ENABLED'} = 'off'; -$cgiparams{'ENABLED_BLUE'} = 'off'; -$cgiparams{'ENABLED_ORANGE'} = 'off'; -$cgiparams{'EDIT_ADVANCED'} = 'off'; -$cgiparams{'NAT'} = 'off'; -$cgiparams{'COMPRESSION'} = 'off'; -$cgiparams{'ONLY_PROPOSED'} = 'off'; -$cgiparams{'ACTION'} = ''; -$cgiparams{'CA_NAME'} = ''; -$cgiparams{'DHCP_DOMAIN'} = ''; -$cgiparams{'DHCP_DNS'} = ''; -$cgiparams{'DHCP_WINS'} = ''; -$cgiparams{'DCOMPLZO'} = 'off'; -&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); - -# prepare openvpn config file -### -### Useful functions -### -sub haveOrangeNet -{ - if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;} - if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;} - return 0; -} - -sub haveBlueNet -{ - if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;} - if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;} - return 0; -} - -sub sizeformat{ - my $bytesize = shift; - my $i = 0; - - while(abs($bytesize) >= 1024){ - $bytesize=$bytesize/1024; - $i++; - last if($i==6); - } - - my @units = ("Bytes","KB","MB","GB","TB","PB","EB"); - my $newsize=(int($bytesize*100 +0.5))/100; - return("$newsize $units[$i]"); -} - -sub valid_dns_host { - my $hostname = $_[0]; - unless ($hostname) { return "No hostname"}; - my $res = new Net::DNS::Resolver; - my $query = $res->search("$hostname"); - if ($query) { - foreach my $rr ($query->answer) { - ## Potential bug - we are only looking at A records: - return 0 if $rr->type eq "A"; - } - } else { - return $res->errorstring; - } -} - -sub cleanssldatabase -{ - if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) { - print FILE "01"; - close FILE; - } - if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) { - print FILE ""; - close FILE; - } - unlink ("${General::swroot}/ovpn/certs/index.txt.old"); - unlink ("${General::swroot}/ovpn/certs/serial.old"); - unlink ("${General::swroot}/ovpn/certs/01.pem"); -} - -sub newcleanssldatabase -{ - if (! -s "${General::swroot}/ovpn/certs/serial" ) { - open(FILE, ">${General::swroot}(ovpn/certs/serial"); - print FILE "01"; - close FILE; - } - if (! -s ">${General::swroot}/ovpn/certs/index.txt") { - system ("touch ${General::swroot}/ovpn/certs/index.txt"); - } - unlink ("${General::swroot}/ovpn/certs/index.txt.old"); - unlink ("${General::swroot}/ovpn/certs/serial.old"); -} - -sub deletebackupcert -{ - if (open(FILE, "${General::swroot}/ovpn/certs/serial.old")) { - my $hexvalue = ; - chomp $hexvalue; - close FILE; - unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem"); - } -} - -sub checkportfw { - my $KEY2 = $_[0]; # key2 - my $SRC_PORT = $_[1]; # src_port - my $PROTOCOL = $_[2]; # protocol - my $SRC_IP = $_[3]; # sourceip - - my $pfwfilename = "${General::swroot}/portfw/config"; - open(FILE, $pfwfilename) or die 'Unable to open config file.'; - my @pfwcurrent = ; - close(FILE); - my $pfwkey1 = 0; # used for finding last sequence number used - foreach my $pfwline (@pfwcurrent) - { - my @pfwtemp = split(/\,/,$pfwline); - - chomp ($pfwtemp[8]); - if ($KEY2 eq "0"){ # if key2 is 0 then it is a portfw addition - if ( $SRC_PORT eq $pfwtemp[3] && - $PROTOCOL eq $pfwtemp[2] && - $SRC_IP eq $pfwtemp[7]) - { - $errormessage = "$Lang::tr{'source port in use'} $SRC_PORT"; - } - # Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number - if ( $pfwtemp[1] eq "0") { - $pfwkey1=$pfwtemp[0]; - } - # Darren Critchley - Duplicate or overlapping Port range check - if ($pfwtemp[1] eq "0" && - $PROTOCOL eq $pfwtemp[2] && - $SRC_IP eq $pfwtemp[7] && - $errormessage eq '') - { - &portchecks($SRC_PORT, $pfwtemp[5]); -# &portchecks($pfwtemp[3], $pfwtemp[5]); -# &portchecks($pfwtemp[3], $SRC_IP); - } - } - } -# $errormessage="$KEY2 $SRC_PORT $PROTOCOL $SRC_IP"; - - return; -} - -sub checkportoverlap -{ - my $portrange1 = $_[0]; # New port range - my $portrange2 = $_[1]; # existing port range - my @tempr1 = split(/\:/,$portrange1); - my @tempr2 = split(/\:/,$portrange2); - - unless (&checkportinc($tempr1[0], $portrange2)){ return 0;} - unless (&checkportinc($tempr1[1], $portrange2)){ return 0;} - - unless (&checkportinc($tempr2[0], $portrange1)){ return 0;} - unless (&checkportinc($tempr2[1], $portrange1)){ return 0;} - - return 1; # Everything checks out! -} - -# Darren Critchley - we want to make sure that a port entry is not within an already existing range -sub checkportinc -{ - my $port1 = $_[0]; # Port - my $portrange2 = $_[1]; # Port range - my @tempr1 = split(/\:/,$portrange2); - - if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) { - return 1; - } else { - return 0; - } -} -# Darren Critchley - Duplicate or overlapping Port range check -sub portchecks -{ - my $p1 = $_[0]; # New port range - my $p2 = $_[1]; # existing port range -# $_ = $_[0]; - our ($prtrange1, $prtrange2); - $prtrange1 = 0; -# if (m/:/ && $prtrange1 == 1) { # comparing two port ranges -# unless (&checkportoverlap($p1,$p2)) { -# $errormessage = "$Lang::tr{'source port overlaps'} $p1"; -# } -# } - if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range - unless (&checkportinc($p2,$p1)) { - $errormessage = "$Lang::tr{'srcprt within existing'} $p1"; - } - } - $prtrange1 = 1; - if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range - unless (&checkportinc($p1,$p2)) { - $errormessage = "$Lang::tr{'srcprt range overlaps'} $p2"; - } - } - return; -} - -# Darren Critchley - certain ports are reserved for IPFire -# TCP 67,68,81,222,445 -# UDP 67,68 -# Params passed in -> port, rangeyn, protocol -sub disallowreserved -{ - # port 67 and 68 same for tcp and udp, don't bother putting in an array - my $msg = ""; - my @tcp_reserved = (81,222,445); - my $prt = $_[0]; # the port or range - my $ryn = $_[1]; # tells us whether or not it is a port range - my $prot = $_[2]; # protocol - my $srcdst = $_[3]; # source or destination - if ($ryn) { # disect port range - if ($srcdst eq "src") { - $msg = "$Lang::tr{'rsvd src port overlap'}"; - } else { - $msg = "$Lang::tr{'rsvd dst port overlap'}"; - } - my @tmprng = split(/\:/,$prt); - unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; } - unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; } - if ($prot eq "tcp") { - foreach my $prange (@tcp_reserved) { - unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; } - } - } - } else { - if ($srcdst eq "src") { - $msg = "$Lang::tr{'reserved src port'}"; - } else { - $msg = "$Lang::tr{'reserved dst port'}"; - } - if ($prt == 67) { $errormessage="$msg 67"; return; } - if ($prt == 68) { $errormessage="$msg 68"; return; } - if ($prot eq "tcp") { - foreach my $prange (@tcp_reserved) { - if ($prange == $prt) { $errormessage="$msg $prange"; return; } - } - } - } - return; -} - -sub writeserverconf { - my %sovpnsettings = (); - &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings); - - open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!"; - flock CONF, 2; - print CONF "#OpenVPN Server conf\n"; - print CONF "\n"; - print CONF "daemon openvpnserver\n"; - print CONF "writepid /var/run/openvpn.pid\n"; - print CONF "#DAN prepare OpenVPN for listening on blue and orange\n"; - print CONF ";local $sovpnsettings{'VPN_IP'}\n"; - print CONF "dev $sovpnsettings{'DDEVICE'}\n"; - print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; - print CONF "proto $sovpnsettings{'DPROTOCOL'}\n"; - print CONF "port $sovpnsettings{'DDEST_PORT'}\n"; - print CONF "tls-server\n"; - print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n"; - print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n"; - print CONF "key /var/ipfire/ovpn/certs/serverkey.pem\n"; - print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n"; - my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'}); - print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; - print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; - if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { - print CONF "client-to-client\n"; - } - if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) { - print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n"; - } - print CONF "status-version 1\n"; - print CONF "status /var/log/ovpnserver.log 30\n"; - print CONF "cipher $sovpnsettings{DCIPHER}\n"; - if ($sovpnsettings{DCOMPLZO} eq 'on') { - print CONF "comp-lzo\n"; - } - if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') { - print CONF "push \"redirect-gateway def1\"\n"; - } - if ($sovpnsettings{DHCP_DOMAIN} ne '') { - print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n"; - } - - if ($sovpnsettings{DHCP_DNS} ne '') { - print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS}\"\n"; - } - - if ($sovpnsettings{DHCP_WINS} ne '') { - print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n"; - } - - if ($sovpnsettings{DHCP_WINS} eq '') { - print CONF "max-clients 100\n"; - } - - if ($sovpnsettings{DHCP_WINS} ne '') { - print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n"; - } - print CONF "tls-verify /var/ipfire/ovpn/verify\n"; - print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n"; - print CONF "user nobody\n"; - print CONF "group nobody\n"; - print CONF "persist-key\n"; - print CONF "persist-tun\n"; - if ($sovpnsettings{LOG_VERB} ne '') { - print CONF "verb $sovpnsettings{LOG_VERB}\n"; - } else { - print CONF "verb 3\n"; - } - print CONF "\n"; - - close(CONF); -} -# -sub emptyserverlog{ - if (open(FILE, ">/var/log/ovpnserver.log")) { - flock FILE, 2; - print FILE ""; - close FILE; - } - -} - -#hier die refresh page -if ( -e "${General::swroot}/ovpn/gencanow") { - my $refresh = ''; - $refresh = ""; - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'OVPN'}, 1, $refresh); - &Header::openbigbox('100%', 'center'); - &Header::openbox('100%', 'left', "$Lang::tr{'generate root/host certificates'}:"); - print "
    Please be patient this realy can take some time on older hardware...
    - $Lang::tr{'capswarning'}: - $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'} -
    -
    -END - ; - &Header::closebox(); - &Header::closebigbox(); - &Header::closepage(); - exit (0); - -### -### Upload CA Certificate -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) { - &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash); - - if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) { - $errormessage = $Lang::tr{'name must only contain characters'}; - goto UPLOADCA_ERROR; - } - - if (length($cgiparams{'CA_NAME'}) >60) { - $errormessage = $Lang::tr{'name too long'}; - goto VPNCONF_ERROR; - } - - if ($cgiparams{'CA_NAME'} eq 'ca') { - $errormessage = $Lang::tr{'name is invalid'}; - goto UPLOAD_CA_ERROR; - } - - # Check if there is no other entry with this name - foreach my $key (keys %cahash) { - if ($cahash{$key}[0] eq $cgiparams{'CA_NAME'}) { - $errormessage = $Lang::tr{'a ca certificate with this name already exists'}; - goto UPLOADCA_ERROR; - } - } - - if (ref ($cgiparams{'FH'}) ne 'Fh') { - $errormessage = $Lang::tr{'there was no file upload'}; - goto UPLOADCA_ERROR; - } - # Move uploaded ca to a temporary file - (my $fh, my $filename) = tempfile( ); - if (copy ($cgiparams{'FH'}, $fh) != 1) { - $errormessage = $!; - goto UPLOADCA_ERROR; - } - my $temp = `/usr/bin/openssl x509 -text -in $filename`; - if ($temp !~ /CA:TRUE/i) { - $errormessage = $Lang::tr{'not a valid ca certificate'}; - unlink ($filename); - goto UPLOADCA_ERROR; - } else { - move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem"); - if ($? ne 0) { - $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; - unlink ($filename); - goto UPLOADCA_ERROR; - } - } - - my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`; - $casubject =~ /Subject: (.*)[\n]/; - $casubject = $1; - $casubject =~ s+/Email+, E+; - $casubject =~ s/ ST=/ S=/; - $casubject = &Header::cleanhtml($casubject); - - my $key = &General::findhasharraykey (\%cahash); - $cahash{$key}[0] = $cgiparams{'CA_NAME'}; - $cahash{$key}[1] = $casubject; - &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash); -# system('/usr/local/bin/ipsecctrl', 'R'); - - UPLOADCA_ERROR: - -### -### Display ca certificate -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show ca certificate'}) { - &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash); - - if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', $errormessage); - &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:"); - my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`; - $output = &Header::cleanhtml($output,"y"); - print "
    $output
    \n"; - &Header::closebox(); - print ""; - &Header::closebigbox(); - &Header::closepage(); - exit(0); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } - -### -### Download ca certificate -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download ca certificate'}) { - &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash); - - if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) { - print "Content-Type: application/octet-stream\r\n"; - print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n"; - print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`; - exit(0); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } - -### -### Remove ca certificate (step 2) -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'} && $cgiparams{'AREUSURE'} eq 'yes') { - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash); - - if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) { - foreach my $key (keys %confighash) { - my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; - if ($test =~ /: OK/) { - # Delete connection -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'D', $key); -# } - unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12"); - delete $confighash{$key}; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); -# &writeipsecfiles(); - } - } - unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem"); - delete $cahash{$cgiparams{'KEY'}}; - &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash); -# system('/usr/local/bin/ipsecctrl', 'R'); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } -### -### Remove ca certificate (step 1) -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'}) { - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash); - - my $assignedcerts = 0; - if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) { - foreach my $key (keys %confighash) { - my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; - if ($test =~ /: OK/) { - $assignedcerts++; - } - } - if ($assignedcerts) { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', $errormessage); - &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'}); - print <
    - -
    - $Lang::tr{'capswarning'}: $assignedcerts - $Lang::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'} -
    -
    -END - ; - &Header::closebox(); - &Header::closebigbox(); - &Header::closepage(); - exit (0); - } else { - unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem"); - delete $cahash{$cgiparams{'KEY'}}; - &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash); -# system('/usr/local/bin/ipsecctrl', 'R'); - } - } else { - $errormessage = $Lang::tr{'invalid key'}; - } - -### -### Display root certificate -### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} || - $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) { - my $output; - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) { - &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:"); - $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; - } else { - &Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:"); - $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`; - } - $output = &Header::cleanhtml($output,"y"); - print "
    $output
    \n"; - &Header::closebox(); - print ""; - &Header::closebigbox(); - &Header::closepage(); - exit(0); - -### -### Download root certificate -### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download root certificate'}) { - if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) { - print "Content-Type: application/octet-stream\r\n"; - print "Content-Disposition: filename=cacert.pem\r\n\r\n"; - print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`; - exit(0); - } - -### -### Download host certificate -### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download host certificate'}) { - if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) { - print "Content-Type: application/octet-stream\r\n"; - print "Content-Disposition: filename=servercert.pem\r\n\r\n"; - print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`; - exit(0); - } -### -### Form for generating a root certificate -### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} || - $cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) { - - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - if (-f "${General::swroot}/ovpn/ca/cacert.pem") { - $errormessage = $Lang::tr{'valid root certificate already exists'}; - $cgiparams{'ACTION'} = ''; - goto ROOTCERT_ERROR; - } - - if (($cgiparams{'ROOTCERT_HOSTNAME'} eq '') && -e "${General::swroot}/red/active") { - if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) { - my $ipaddr = ; - close IPADDR; - chomp ($ipaddr); - $cgiparams{'ROOTCERT_HOSTNAME'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0]; - if ($cgiparams{'ROOTCERT_HOSTNAME'} eq '') { - $cgiparams{'ROOTCERT_HOSTNAME'} = $ipaddr; - } - } - } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) { - - if (ref ($cgiparams{'FH'}) ne 'Fh') { - $errormessage = $Lang::tr{'there was no file upload'}; - goto ROOTCERT_ERROR; - } - - # Move uploaded certificate request to a temporary file - (my $fh, my $filename) = tempfile( ); - if (copy ($cgiparams{'FH'}, $fh) != 1) { - $errormessage = $!; - goto ROOTCERT_ERROR; - } - - # Create a temporary dirctory - my $tempdir = tempdir( CLEANUP => 1 ); - - # Extract the CA certificate from the file - my $pid = open(OPENSSL, "|-"); - $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;}; - if ($pid) { # parent - if ($cgiparams{'P12_PASS'} ne '') { - print OPENSSL "$cgiparams{'P12_PASS'}\n"; - } - close (OPENSSL); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ($filename); - goto ROOTCERT_ERROR; - } - } else { # child - unless (exec ('/usr/bin/openssl', 'pkcs12', '-cacerts', '-nokeys', - '-in', $filename, - '-out', "$tempdir/cacert.pem")) { - $errormessage = "$Lang::tr{'cant start openssl'}: $!"; - unlink ($filename); - goto ROOTCERT_ERROR; - } - } - - # Extract the Host certificate from the file - $pid = open(OPENSSL, "|-"); - $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;}; - if ($pid) { # parent - if ($cgiparams{'P12_PASS'} ne '') { - print OPENSSL "$cgiparams{'P12_PASS'}\n"; - } - close (OPENSSL); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ($filename); - goto ROOTCERT_ERROR; - } - } else { # child - unless (exec ('/usr/bin/openssl', 'pkcs12', '-clcerts', '-nokeys', - '-in', $filename, - '-out', "$tempdir/hostcert.pem")) { - $errormessage = "$Lang::tr{'cant start openssl'}: $!"; - unlink ($filename); - goto ROOTCERT_ERROR; - } - } - - # Extract the Host key from the file - $pid = open(OPENSSL, "|-"); - $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;}; - if ($pid) { # parent - if ($cgiparams{'P12_PASS'} ne '') { - print OPENSSL "$cgiparams{'P12_PASS'}\n"; - } - close (OPENSSL); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ($filename); - goto ROOTCERT_ERROR; - } - } else { # child - unless (exec ('/usr/bin/openssl', 'pkcs12', '-nocerts', - '-nodes', - '-in', $filename, - '-out', "$tempdir/serverkey.pem")) { - $errormessage = "$Lang::tr{'cant start openssl'}: $!"; - unlink ($filename); - goto ROOTCERT_ERROR; - } - } - - move("$tempdir/cacert.pem", "${General::swroot}/ovpn/ca/cacert.pem"); - if ($? ne 0) { - $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; - unlink ($filename); - unlink ("${General::swroot}/ovpn/ca/cacert.pem"); - unlink ("${General::swroot}/ovpn/certs/servercert.pem"); - unlink ("${General::swroot}/ovpn/certs/serverkey.pem"); - goto ROOTCERT_ERROR; - } - - move("$tempdir/hostcert.pem", "${General::swroot}/ovpn/certs/servercert.pem"); - if ($? ne 0) { - $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; - unlink ($filename); - unlink ("${General::swroot}/ovpn/ca/cacert.pem"); - unlink ("${General::swroot}/ovpn/certs/servercert.pem"); - unlink ("${General::swroot}/ovpn/certs/serverkey.pem"); - goto ROOTCERT_ERROR; - } - - move("$tempdir/serverkey.pem", "${General::swroot}/ovpn/certs/serverkey.pem"); - if ($? ne 0) { - $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; - unlink ($filename); - unlink ("${General::swroot}/ovpn/ca/cacert.pem"); - unlink ("${General::swroot}/ovpn/certs/servercert.pem"); - unlink ("${General::swroot}/ovpn/certs/serverkey.pem"); - goto ROOTCERT_ERROR; - } - - goto ROOTCERT_SUCCESS; - - } elsif ($cgiparams{'ROOTCERT_COUNTRY'} ne '') { - - # Validate input since the form was submitted - if ($cgiparams{'ROOTCERT_ORGANIZATION'} eq ''){ - $errormessage = $Lang::tr{'organization cant be empty'}; - goto ROOTCERT_ERROR; - } - if (length($cgiparams{'ROOTCERT_ORGANIZATION'}) >60) { - $errormessage = $Lang::tr{'organization too long'}; - goto ROOTCERT_ERROR; - } - if ($cgiparams{'ROOTCERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) { - $errormessage = $Lang::tr{'invalid input for organization'}; - goto ROOTCERT_ERROR; - } - if ($cgiparams{'ROOTCERT_HOSTNAME'} eq ''){ - $errormessage = $Lang::tr{'hostname cant be empty'}; - goto ROOTCERT_ERROR; - } - unless (&General::validfqdn($cgiparams{'ROOTCERT_HOSTNAME'}) || &General::validip($cgiparams{'ROOTCERT_HOSTNAME'})) { - $errormessage = $Lang::tr{'invalid input for hostname'}; - goto ROOTCERT_ERROR; - } - if ($cgiparams{'ROOTCERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'ROOTCERT_EMAIL'}))) { - $errormessage = $Lang::tr{'invalid input for e-mail address'}; - goto ROOTCERT_ERROR; - } - if (length($cgiparams{'ROOTCERT_EMAIL'}) > 40) { - $errormessage = $Lang::tr{'e-mail address too long'}; - goto ROOTCERT_ERROR; - } - if ($cgiparams{'ROOTCERT_OU'} ne '' && $cgiparams{'ROOTCERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) { - $errormessage = $Lang::tr{'invalid input for department'}; - goto ROOTCERT_ERROR; - } - if ($cgiparams{'ROOTCERT_CITY'} ne '' && $cgiparams{'ROOTCERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) { - $errormessage = $Lang::tr{'invalid input for city'}; - goto ROOTCERT_ERROR; - } - if ($cgiparams{'ROOTCERT_STATE'} ne '' && $cgiparams{'ROOTCERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) { - $errormessage = $Lang::tr{'invalid input for state or province'}; - goto ROOTCERT_ERROR; - } - if ($cgiparams{'ROOTCERT_COUNTRY'} !~ /^[A-Z]*$/) { - $errormessage = $Lang::tr{'invalid input for country'}; - goto ROOTCERT_ERROR; - } - - # Copy the cgisettings to vpnsettings and save the configfile - $vpnsettings{'ROOTCERT_ORGANIZATION'} = $cgiparams{'ROOTCERT_ORGANIZATION'}; - $vpnsettings{'ROOTCERT_HOSTNAME'} = $cgiparams{'ROOTCERT_HOSTNAME'}; - $vpnsettings{'ROOTCERT_EMAIL'} = $cgiparams{'ROOTCERT_EMAIL'}; - $vpnsettings{'ROOTCERT_OU'} = $cgiparams{'ROOTCERT_OU'}; - $vpnsettings{'ROOTCERT_CITY'} = $cgiparams{'ROOTCERT_CITY'}; - $vpnsettings{'ROOTCERT_STATE'} = $cgiparams{'ROOTCERT_STATE'}; - $vpnsettings{'ROOTCERT_COUNTRY'} = $cgiparams{'ROOTCERT_COUNTRY'}; - &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings); - - # Replace empty strings with a . - (my $ou = $cgiparams{'ROOTCERT_OU'}) =~ s/^\s*$/\./; - (my $city = $cgiparams{'ROOTCERT_CITY'}) =~ s/^\s*$/\./; - (my $state = $cgiparams{'ROOTCERT_STATE'}) =~ s/^\s*$/\./; - - # refresh - #system ('/bin/touch', "${General::swroot}/ovpn/gencanow"); - - # Create the CA certificate - my $pid = open(OPENSSL, "|-"); - $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;}; - if ($pid) { # parent - print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n"; - print OPENSSL "$state\n"; - print OPENSSL "$city\n"; - print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n"; - print OPENSSL "$ou\n"; - print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'} CA\n"; - print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n"; - close (OPENSSL); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ("${General::swroot}/ovpn/ca/cakey.pem"); - unlink ("${General::swroot}/ovpn/ca/cacert.pem"); - goto ROOTCERT_ERROR; - } - } else { # child - unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-days', '999999', '-newkey', 'rsa:2048', - '-keyout', "${General::swroot}/ovpn/ca/cakey.pem", - '-out', "${General::swroot}/ovpn/ca/cacert.pem", - '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) { - $errormessage = "$Lang::tr{'cant start openssl'}: $!"; - goto ROOTCERT_ERROR; - } - } - - # Create the Host certificate request - $pid = open(OPENSSL, "|-"); - $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;}; - if ($pid) { # parent - print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n"; - print OPENSSL "$state\n"; - print OPENSSL "$city\n"; - print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n"; - print OPENSSL "$ou\n"; - print OPENSSL "$cgiparams{'ROOTCERT_HOSTNAME'}\n"; - print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n"; - print OPENSSL ".\n"; - print OPENSSL ".\n"; - close (OPENSSL); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ("${General::swroot}/ovpn/certs/serverkey.pem"); - unlink ("${General::swroot}/ovpn/certs/serverreq.pem"); - goto ROOTCERT_ERROR; - } - } else { # child - unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-newkey', 'rsa:1024', - '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem", - '-out', "${General::swroot}/ovpn/certs/serverreq.pem", - '-extensions', 'server', - '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" )) { - $errormessage = "$Lang::tr{'cant start openssl'}: $!"; - unlink ("${General::swroot}/ovpn/certs/serverkey.pem"); - unlink ("${General::swroot}/ovpn/certs/serverreq.pem"); - unlink ("${General::swroot}/ovpn/ca/cakey.pem"); - unlink ("${General::swroot}/ovpn/ca/cacert.pem"); - goto ROOTCERT_ERROR; - } - } - - # Sign the host certificate request - system('/usr/bin/openssl', 'ca', '-days', '999999', - '-batch', '-notext', - '-in', "${General::swroot}/ovpn/certs/serverreq.pem", - '-out', "${General::swroot}/ovpn/certs/servercert.pem", - '-extensions', 'server', - '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf"); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ("${General::swroot}/ovpn/ca/cakey.pem"); - unlink ("${General::swroot}/ovpn/ca/cacert.pem"); - unlink ("${General::swroot}/ovpn/serverkey.pem"); - unlink ("${General::swroot}/ovpn/certs/serverreq.pem"); - unlink ("${General::swroot}/ovpn/certs/servercert.pem"); - &newcleanssldatabase(); - goto ROOTCERT_ERROR; - } else { - unlink ("${General::swroot}/ovpn/certs/serverreq.pem"); - &deletebackupcert(); - } - - # Create an empty CRL - system('/usr/bin/openssl', 'ca', '-gencrl', - '-out', "${General::swroot}/ovpn/crls/cacrl.pem", - '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" ); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ("${General::swroot}/ovpn/certs/serverkey.pem"); - unlink ("${General::swroot}/ovpn/certs/servercert.pem"); - unlink ("${General::swroot}/ovpn/ca/cacert.pem"); - unlink ("${General::swroot}/ovpn/crls/cacrl.pem"); - &cleanssldatabase(); - goto ROOTCERT_ERROR; -# } else { -# &cleanssldatabase(); - } - # Create Diffie Hellmann Parameter - system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-out', "${General::swroot}/ovpn/ca/dh1024.pem", - '1024' ); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ("${General::swroot}/ovpn/certs/serverkey.pem"); - unlink ("${General::swroot}/ovpn/certs/servercert.pem"); - unlink ("${General::swroot}/ovpn/ca/cacert.pem"); - unlink ("${General::swroot}/ovpn/crls/cacrl.pem"); - unlink ("${General::swroot}/ovpn/ca/dh1024.pem"); - &cleanssldatabase(); - goto ROOTCERT_ERROR; -# } else { -# &cleanssldatabase(); - } - goto ROOTCERT_SUCCESS; - } - ROOTCERT_ERROR: - if ($cgiparams{'ACTION'} ne '') { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - if ($errormessage) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); - print "$errormessage"; - print " "; - &Header::closebox(); - } - &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:"); - print < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'organization name'}: 
    $Lang::tr{'ipfires hostname'}: 
    $Lang::tr{'your e-mail'}:  
    $Lang::tr{'your department'}:  
    $Lang::tr{'city'}:  
    $Lang::tr{'state or province'}:  
    $Lang::tr{'country'}: 
       
    - * $Lang::tr{'this field may be blank'}
    - $Lang::tr{'capswarning'}: - $Lang::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'} -
    $Lang::tr{'upload p12 file'}: 
    $Lang::tr{'pkcs12 file password'}: * 
      
    -  $Lang::tr{'this field may be blank'}
    -END - ; - &Header::closebox(); - - &Header::closebigbox(); - &Header::closepage(); - exit(0) - } - - ROOTCERT_SUCCESS: - system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem"); -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLE_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'S'); -# } - -### -### Enable/Disable connection -### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { - - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ($confighash{$cgiparams{'KEY'}}) { - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { - $confighash{$cgiparams{'KEY'}}[0] = 'on'; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - #&writeserverconf(); -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}); -# } - } else { - $confighash{$cgiparams{'KEY'}}[0] = 'off'; -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); -# } - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - #&writeserverconf(); - } - } else { - $errormessage = $Lang::tr{'invalid key'}; - } - -### -### Download OpenVPN client package -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) { - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - my $file = ''; - my $clientovpn = ''; - my @fileholder; - my $tempdir = tempdir( CLEANUP => 1 ); - my $zippath = "$tempdir/"; - my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip"; - my $zippathname = "$zippath$zipname"; - $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn"; - open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!"; - flock CLIENTCONF, 2; - - my $zip = Archive::Zip->new(); - - print CLIENTCONF "#OpenVPN Server conf\r\n"; - print CLIENTCONF "tls-client\r\n"; - print CLIENTCONF "client\r\n"; - print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n"; - print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n"; - print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; - if ( $vpnsettings{'ENABLED'} eq 'on'){ - print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n"; - if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){ - print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Blue interface\r\n"; - print CLIENTCONF ";remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; - } - if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){ - print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n"; - print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; - } - } elsif ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){ - print CLIENTCONF "remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; - if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){ - print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n"; - print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; - } - } elsif ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){ - print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; - } - - if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { - print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n"; - $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; - } else { - print CLIENTCONF "ca cacert.pem\r\n"; - print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n"; - print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n"; - $zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n"; - $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n"; - } - print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n"; - if ($vpnsettings{DCOMPLZO} eq 'on') { - print CLIENTCONF "comp-lzo\r\n"; - } - print CLIENTCONF "verb 3\r\n"; - print CLIENTCONF "ns-cert-type server\r\n"; - close(CLIENTCONF); - $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n"; - my $status = $zip->writeToFileNamed($zippathname); - - open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!"; - @fileholder = ; - print "Content-Type:application/x-download\n"; - print "Content-Disposition:attachment;filename=$zipname\n\n"; - print @fileholder; - exit (0); - -### -### Remove connection -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ($confighash{$cgiparams{'KEY'}}) { -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); -# } -# - my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); - delete $confighash{$cgiparams{'KEY'}}; - my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - #&writeserverconf(); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } -### -### Download PKCS12 file -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download pkcs12 file'}) { - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n"; - print "Content-Type: application/octet-stream\r\n\r\n"; - print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`; - exit (0); - -### -### Display certificate -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show certificate'}) { - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:"); - my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`; - $output = &Header::cleanhtml($output,"y"); - print "
    $output
    \n"; - &Header::closebox(); - print ""; - &Header::closebigbox(); - &Header::closepage(); - exit(0); - } -### -### Display Certificate Revoke List -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) { -# &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ( -f "${General::swroot}/ovpn/crls/cacrl.pem") { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:"); - my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`; - $output = &Header::cleanhtml($output,"y"); - print "
    $output
    \n"; - &Header::closebox(); - print ""; - &Header::closebigbox(); - &Header::closepage(); - exit(0); - } - -### -### Advanced Server Settings -### - -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'advanced server'}) { - %cgiparams = (); - %cahash = (); - %confighash = (); - &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams); - -# if ($cgiparams{'CLIENT2CLIENT'} eq '') { -# $cgiparams{'CLIENT2CLIENT'} = 'on'; -# } -ADV_ERROR: - if ($cgiparams{'MAX_CLIENTS'} eq '') { - $cgiparams{'MAX_CLIENTS'} = '100'; - } - - if ($cgiparams{'KEEPALIVE_1'} eq '') { - $cgiparams{'KEEPALIVE_1'} = '10'; - } - if ($cgiparams{'KEEPALIVE_2'} eq '') { - $cgiparams{'KEEPALIVE_2'} = '60'; - } - if ($cgiparams{'LOG_VERB'} eq '') { - $cgiparams{'LOG_VERB'} = '3'; - } - $checked{'CLIENT2CLIENT'}{'off'} = ''; - $checked{'CLIENT2CLIENT'}{'on'} = ''; - $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED'; - $checked{'REDIRECT_GW_DEF1'}{'off'} = ''; - $checked{'REDIRECT_GW_DEF1'}{'on'} = ''; - $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED'; - $selected{'LOG_VERB'}{'1'} = ''; - $selected{'LOG_VERB'}{'2'} = ''; - $selected{'LOG_VERB'}{'3'} = ''; - $selected{'LOG_VERB'}{'4'} = ''; - $selected{'LOG_VERB'}{'5'} = ''; - $selected{'LOG_VERB'}{'6'} = ''; - $selected{'LOG_VERB'}{'7'} = ''; - $selected{'LOG_VERB'}{'8'} = ''; - $selected{'LOG_VERB'}{'9'} = ''; - $selected{'LOG_VERB'}{'10'} = ''; - $selected{'LOG_VERB'}{'11'} = ''; - $selected{'LOG_VERB'}{'0'} = ''; - $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED'; - - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', $errormessage); - if ($errormessage) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); - print "$errormessage\n"; - print " \n"; - &Header::closebox(); - } - &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'}); - print < - - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'dhcp-options'}
    Domain
    DNS
    WINS
    -
    - - - - - - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'misc-options'}
    Client-To-Client
    Redirect-Gateway def1
    Max-Clients
    Keppalive (ping/ping-restart)
    -
    - - - - - - - - - - -
    $Lang::tr{'log-options'}
    VERB
    -
    - - - - - - - -
      
    - -END -; - - &Header::closebox(); -# print ""; - &Header::closebigbox(); - &Header::closepage(); - exit(0); - -### -### Openvpn Connections Statistics -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ovpn con stat'}) { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'ovpn con stat'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'}); - -# -# $Lang::tr{'protocol'} -# protocol temp removed - print < - - $Lang::tr{'common name'} - $Lang::tr{'real address'} - $Lang::tr{'virtual address'} - $Lang::tr{'loged in at'} - $Lang::tr{'bytes sent'} - $Lang::tr{'bytes received'} - $Lang::tr{'last activity'} - -END -; - my $filename = "/var/log/ovpnserver.log"; - open(FILE, $filename) or die 'Unable to open config file.'; - my @current = ; - close(FILE); - my @users =(); - my $status; - my $uid = 0; - my $cn; - my @match = (); - my $proto = "udp"; - my $address; - my %userlookup = (); - foreach my $line (@current) - { - chomp($line); - if ( $line =~ /^Updated,(.+)/){ - @match = split( /^Updated,(.+)/, $line); - $status = $match[1]; - } -#gian - if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) { - @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line); - if ($match[1] ne "Common Name") { - $cn = $match[1]; - $userlookup{$match[2]} = $uid; - $users[$uid]{'CommonName'} = $match[1]; - $users[$uid]{'RealAddress'} = $match[2]; - $users[$uid]{'BytesReceived'} = &sizeformat($match[3]); - $users[$uid]{'BytesSent'} = &sizeformat($match[4]); - $users[$uid]{'Since'} = $match[5]; - $users[$uid]{'Proto'} = $proto; - $uid++; - } - } - if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/) { - @match = split(m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/, $line); - if ($match[1] ne "Virtual Address") { - $address = $match[3]; - #find the uid in the lookup table - $uid = $userlookup{$address}; - $users[$uid]{'VirtualAddress'} = $match[1]; - $users[$uid]{'LastRef'} = $match[4]; - } - } - } - my $user2 = @users; - if ($user2 >= 1){ - for (my $idx = 1; $idx <= $user2; $idx++){ - if ($idx % 2) { - print "\n"; - } else { - print "\n"; - } - print "$users[$idx-1]{'CommonName'}"; - print "$users[$idx-1]{'RealAddress'}"; - print "$users[$idx-1]{'VirtualAddress'}"; - print "$users[$idx-1]{'Since'}"; - print "$users[$idx-1]{'BytesSent'}"; - print "$users[$idx-1]{'BytesReceived'}"; - print "$users[$idx-1]{'LastRef'}"; -# print "$users[$idx-1]{'Proto'}"; - } - } - - print ""; - print < - - - - - $Lang::tr{'the statistics were last updated at'} $status - -END -; - &Header::closebox(); - print ""; - &Header::closebigbox(); - &Header::closepage(); - exit(0); - -### -### Download Certificate -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download certificate'}) { - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") { - print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n"; - print "Content-Type: application/octet-stream\r\n\r\n"; - print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`; - exit (0); - } - -### -### Enable/Disable connection -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { - - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ($confighash{$cgiparams{'KEY'}}) { - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { - $confighash{$cgiparams{'KEY'}}[0] = 'on'; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - #&writeserverconf(); -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}); -# } - } else { - $confighash{$cgiparams{'KEY'}}[0] = 'off'; -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); -# } - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - #&writeserverconf(); - } - } else { - $errormessage = $Lang::tr{'invalid key'}; - } - -### -### Restart connection -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'restart'}) { - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ($confighash{$cgiparams{'KEY'}}) { -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}); -# } - } else { - $errormessage = $Lang::tr{'invalid key'}; - } - -### -### Remove connection -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ($confighash{$cgiparams{'KEY'}}) { -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); -# } - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); - delete $confighash{$cgiparams{'KEY'}}; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - #&writeserverconf(); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } -#test33 - -### -### Choose between adding a host-net or net-net connection -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') { - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'}); - print <$Lang::tr{'connection type'}:
    - - - - - - -
    $Lang::tr{'host to net vpn'}
    $Lang::tr{'net to net vpn'}
    -END - ; - &Header::closebox(); - &Header::closebigbox(); - &Header::closepage(); - exit (0); -### -### Adding a new connection -### -} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) || - ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) || - ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) { - - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { - if (! $confighash{$cgiparams{'KEY'}}[0]) { - $errormessage = $Lang::tr{'invalid key'}; - goto VPNCONF_END; - } - $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; - $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; - $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; - $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; - $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; - $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; - $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; - $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; - $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; - $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; - $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; -#new fields - $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; - $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; - $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; - $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; - $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; -#new fields -#ab hiere error uebernehmen - } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { - $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); - if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { - $errormessage = $Lang::tr{'connection type is invalid'}; - goto VPNCONF_ERROR; - } - - - if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) { - $errormessage = $Lang::tr{'name must only contain characters'}; - goto VPNCONF_ERROR; - } - - if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) { - $errormessage = $Lang::tr{'name is invalid'}; - goto VPNCONF_ERROR; - } - - if (length($cgiparams{'NAME'}) >60) { - $errormessage = $Lang::tr{'name too long'}; - goto VPNCONF_ERROR; - } - -# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) { -# $errormessage = $Lang::tr{'ipfire side is invalid'}; -# goto VPNCONF_ERROR; -# } - - # Check if there is no other entry with this name - if (! $cgiparams{'KEY'}) { - foreach my $key (keys %confighash) { - if ($confighash{$key}[1] eq $cgiparams{'NAME'}) { - $errormessage = $Lang::tr{'a connection with this name already exists'}; - goto VPNCONF_ERROR; - } - } - } - - if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) { - $errormessage = $Lang::tr{'invalid input for remote host/ip'}; - goto VPNCONF_ERROR; - } - - if ($cgiparams{'REMOTE'}) { - if (! &General::validip($cgiparams{'REMOTE'})) { - if (! &General::validfqdn ($cgiparams{'REMOTE'})) { - $errormessage = $Lang::tr{'invalid input for remote host/ip'}; - goto VPNCONF_ERROR; - } else { - if (&valid_dns_host($cgiparams{'REMOTE'})) { - $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}"; - } - } - } - } - if ($cgiparams{'TYPE'} ne 'host') { - unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) { - $errormessage = $Lang::tr{'local subnet is invalid'}; - goto VPNCONF_ERROR;} - } - # Check if there is no other entry without IP-address and PSK - if ($cgiparams{'REMOTE'} eq '') { - foreach my $key (keys %confighash) { - if(($cgiparams{'KEY'} ne $key) && - ($confighash{$key}[4] eq 'psk' || $cgiparams{'AUTH'} eq 'psk') && - $confighash{$key}[10] eq '') { - $errormessage = $Lang::tr{'you can only define one roadwarrior connection when using pre-shared key authentication'}; - goto VPNCONF_ERROR; - } - } - } - if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) { - $errormessage = $Lang::tr{'remote subnet is invalid'}; - goto VPNCONF_ERROR; - } - - if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) { - $errormessage = $Lang::tr{'invalid input'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'EDIT_ADVANCED'} !~ /^(on|off)$/) { - $errormessage = $Lang::tr{'invalid input'}; - goto VPNCONF_ERROR; - } - -#fixplausi - if ($cgiparams{'AUTH'} eq 'psk') { -# if (! length($cgiparams{'PSK'}) ) { -# $errormessage = $Lang::tr{'pre-shared key is too short'}; -# goto VPNCONF_ERROR; -# } -# if ($cgiparams{'PSK'} =~ /['",&]/) { -# $errormessage = $Lang::tr{'invalid characters found in pre-shared key'}; -# goto VPNCONF_ERROR; -# } - } elsif ($cgiparams{'AUTH'} eq 'certreq') { - if ($cgiparams{'KEY'}) { - $errormessage = $Lang::tr{'cant change certificates'}; - goto VPNCONF_ERROR; - } - if (ref ($cgiparams{'FH'}) ne 'Fh') { - $errormessage = $Lang::tr{'there was no file upload'}; - goto VPNCONF_ERROR; - } - - # Move uploaded certificate request to a temporary file - (my $fh, my $filename) = tempfile( ); - if (copy ($cgiparams{'FH'}, $fh) != 1) { - $errormessage = $!; - goto VPNCONF_ERROR; - } - - # Sign the certificate request and move it - # Sign the host certificate request - system('/usr/bin/openssl', 'ca', '-days', '999999', - '-batch', '-notext', - '-in', $filename, - '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", - '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf"); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ($filename); - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); - &newcleanssldatabase(); - goto VPNCONF_ERROR; - } else { - unlink ($filename); - &deletebackupcert(); - } - - my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`; - $temp =~ /Subject:.*CN=(.*)[\n]/; - $temp = $1; - $temp =~ s+/Email+, E+; - $temp =~ s/ ST=/ S=/; - $cgiparams{'CERT_NAME'} = $temp; - $cgiparams{'CERT_NAME'} =~ s/,//g; - $cgiparams{'CERT_NAME'} =~ s/\'//g; - if ($cgiparams{'CERT_NAME'} eq '') { - $errormessage = $Lang::tr{'could not retrieve common name from certificate'}; - goto VPNCONF_ERROR; - } - } elsif ($cgiparams{'AUTH'} eq 'certfile') { - if ($cgiparams{'KEY'}) { - $errormessage = $Lang::tr{'cant change certificates'}; - goto VPNCONF_ERROR; - } - if (ref ($cgiparams{'FH'}) ne 'Fh') { - $errormessage = $Lang::tr{'there was no file upload'}; - goto VPNCONF_ERROR; - } - # Move uploaded certificate to a temporary file - (my $fh, my $filename) = tempfile( ); - if (copy ($cgiparams{'FH'}, $fh) != 1) { - $errormessage = $!; - goto VPNCONF_ERROR; - } - - # Verify the certificate has a valid CA and move it - my $validca = 0; - my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`; - if ($test =~ /: OK/) { - $validca = 1; - } else { - foreach my $key (keys %cahash) { - $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`; - if ($test =~ /: OK/) { - $validca = 1; - } - } - } - if (! $validca) { - $errormessage = $Lang::tr{'certificate does not have a valid ca associated with it'}; - unlink ($filename); - goto VPNCONF_ERROR; - } else { - move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); - if ($? ne 0) { - $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; - unlink ($filename); - goto VPNCONF_ERROR; - } - } - - my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`; - $temp =~ /Subject:.*CN=(.*)[\n]/; - $temp = $1; - $temp =~ s+/Email+, E+; - $temp =~ s/ ST=/ S=/; - $cgiparams{'CERT_NAME'} = $temp; - $cgiparams{'CERT_NAME'} =~ s/,//g; - $cgiparams{'CERT_NAME'} =~ s/\'//g; - if ($cgiparams{'CERT_NAME'} eq '') { - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); - $errormessage = $Lang::tr{'could not retrieve common name from certificate'}; - goto VPNCONF_ERROR; - } - } elsif ($cgiparams{'AUTH'} eq 'certgen') { - if ($cgiparams{'KEY'}) { - $errormessage = $Lang::tr{'cant change certificates'}; - goto VPNCONF_ERROR; - } - # Validate input since the form was submitted - if (length($cgiparams{'CERT_NAME'}) >60) { - $errormessage = $Lang::tr{'name too long'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) { - $errormessage = $Lang::tr{'invalid input for name'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) { - $errormessage = $Lang::tr{'invalid input for e-mail address'}; - goto VPNCONF_ERROR; - } - if (length($cgiparams{'CERT_EMAIL'}) > 40) { - $errormessage = $Lang::tr{'e-mail address too long'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_OU'} ne '' && $cgiparams{'CERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) { - $errormessage = $Lang::tr{'invalid input for department'}; - goto VPNCONF_ERROR; - } - if (length($cgiparams{'CERT_ORGANIZATION'}) >60) { - $errormessage = $Lang::tr{'organization too long'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) { - $errormessage = $Lang::tr{'invalid input for organization'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_CITY'} ne '' && $cgiparams{'CERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) { - $errormessage = $Lang::tr{'invalid input for city'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_STATE'} ne '' && $cgiparams{'CERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) { - $errormessage = $Lang::tr{'invalid input for state or province'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_COUNTRY'} !~ /^[A-Z]*$/) { - $errormessage = $Lang::tr{'invalid input for country'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'CERT_PASS1'} ne '' && $cgiparams{'CERT_PASS2'} ne ''){ - if (length($cgiparams{'CERT_PASS1'}) < 5) { - $errormessage = $Lang::tr{'password too short'}; - goto VPNCONF_ERROR; - } - } - if ($cgiparams{'CERT_PASS1'} ne $cgiparams{'CERT_PASS2'}) { - $errormessage = $Lang::tr{'passwords do not match'}; - goto VPNCONF_ERROR; - } - - # Replace empty strings with a . - (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./; - (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./; - (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./; - - # Create the Host certificate request client - my $pid = open(OPENSSL, "|-"); - $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto VPNCONF_ERROR;}; - if ($pid) { # parent - print OPENSSL "$cgiparams{'CERT_COUNTRY'}\n"; - print OPENSSL "$state\n"; - print OPENSSL "$city\n"; - print OPENSSL "$cgiparams{'CERT_ORGANIZATION'}\n"; - print OPENSSL "$ou\n"; - print OPENSSL "$cgiparams{'CERT_NAME'}\n"; - print OPENSSL "$cgiparams{'CERT_EMAIL'}\n"; - print OPENSSL ".\n"; - print OPENSSL ".\n"; - close (OPENSSL); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}key.pem"); - unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}req.pem"); - goto VPNCONF_ERROR; - } - } else { # child - unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-newkey', 'rsa:1024', - '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem", - '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem", - '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) { - $errormessage = "$Lang::tr{'cant start openssl'}: $!"; - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem"); - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem"); - goto VPNCONF_ERROR; - } - } - - # Sign the host certificate request - system('/usr/bin/openssl', 'ca', '-days', '999999', - '-batch', '-notext', - '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem", - '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", - '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf"); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem"); - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem"); - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); - &newcleanssldatabase(); - goto VPNCONF_ERROR; - } else { - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem"); - &deletebackupcert(); - } - - # Create the pkcs12 file - system('/usr/bin/openssl', 'pkcs12', '-export', - '-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem", - '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", - '-name', $cgiparams{'NAME'}, - '-passout', "pass:$cgiparams{'CERT_PASS1'}", - '-certfile', "${General::swroot}/ovpn/ca/cacert.pem", - '-caname', "$vpnsettings{'ROOTCERT_ORGANIZATION'} CA", - '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12"); - if ($?) { - $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem"); - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12"); - goto VPNCONF_ERROR; - } else { - unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem"); - } - } elsif ($cgiparams{'AUTH'} eq 'cert') { - ;# Nothing, just editing - } else { - $errormessage = $Lang::tr{'invalid input for authentication method'}; - goto VPNCONF_ERROR; - } - - # Check if there is no other entry with this common name - if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) { - foreach my $key (keys %confighash) { - if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) { - $errormessage = $Lang::tr{'a connection with this common name already exists'}; - goto VPNCONF_ERROR; - } - } - } - - # Save the config - my $key = $cgiparams{'KEY'}; - if (! $key) { - $key = &General::findhasharraykey (\%confighash); - foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} - } - $confighash{$key}[0] = $cgiparams{'ENABLED'}; - $confighash{$key}[1] = $cgiparams{'NAME'}; - if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') { - $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; - } - $confighash{$key}[3] = $cgiparams{'TYPE'}; - if ($cgiparams{'AUTH'} eq 'psk') { - $confighash{$key}[4] = 'psk'; - $confighash{$key}[5] = $cgiparams{'PSK'}; - } else { - $confighash{$key}[4] = 'cert'; - } - if ($cgiparams{'TYPE'} eq 'net') { - $confighash{$key}[6] = $cgiparams{'SIDE'}; - $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; - } - $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; - $confighash{$key}[10] = $cgiparams{'REMOTE'}; - $confighash{$key}[25] = $cgiparams{'REMARK'}; - $confighash{$key}[26] = $cgiparams{'INTERFACE'}; -# new fields - $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'}; - $confighash{$key}[28] = $cgiparams{'PROTOCOL'}; - $confighash{$key}[29] = $cgiparams{'DEST_PORT'}; - $confighash{$key}[30] = $cgiparams{'COMPLZO'}; - $confighash{$key}[31] = $cgiparams{'MTU'}; -# new fileds - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - if ($cgiparams{'EDIT_ADVANCED'} eq 'on') { - $cgiparams{'KEY'} = $key; - $cgiparams{'ACTION'} = $Lang::tr{'advanced'}; - } - goto VPNCONF_END; - } else { - $cgiparams{'ENABLED'} = 'on'; - $cgiparams{'SIDE'} = 'left'; - if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { - $cgiparams{'AUTH'} = 'psk'; - } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") { - $cgiparams{'AUTH'} = 'certfile'; - } else { - $cgiparams{'AUTH'} = 'certgen'; - } - $cgiparams{'LOCAL_SUBNET'} ="$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"; - $cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'}; - $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'}; - $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'}; - $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'}; - } - - VPNCONF_ERROR: - $checked{'ENABLED'}{'off'} = ''; - $checked{'ENABLED'}{'on'} = ''; - $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED'; - $checked{'ENABLED_BLUE'}{'off'} = ''; - $checked{'ENABLED_BLUE'}{'on'} = ''; - $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED'; - $checked{'ENABLED_ORANGE'}{'off'} = ''; - $checked{'ENABLED_ORANGE'}{'on'} = ''; - $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED'; - - - $checked{'EDIT_ADVANCED'}{'off'} = ''; - $checked{'EDIT_ADVANCED'}{'on'} = ''; - $checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = 'CHECKED'; - - $selected{'SIDE'}{'server'} = ''; - $selected{'SIDE'}{'client'} = ''; - $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED'; - - $checked{'AUTH'}{'psk'} = ''; - $checked{'AUTH'}{'certreq'} = ''; - $checked{'AUTH'}{'certgen'} = ''; - $checked{'AUTH'}{'certfile'} = ''; - $checked{'AUTH'}{$cgiparams{'AUTH'}} = 'CHECKED'; - - $selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = 'SELECTED'; - - $checked{'COMPLZO'}{'off'} = ''; - $checked{'COMPLZO'}{'on'} = ''; - $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED'; - - - if (1) { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', $errormessage); - if ($errormessage) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); - print "$errormessage"; - print " "; - &Header::closebox(); - } - - if ($warnmessage) { - &Header::openbox('100%', 'LEFT', "$Lang::tr{'warning messages'}:"); - print "$warnmessage"; - print " "; - &Header::closebox(); - } - - print "
    "; - print ""; - - if ($cgiparams{'KEY'}) { - print ""; - print ""; - } - - &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:"); - print "\n"; - print ""; - if ($cgiparams{'TYPE'} eq 'host') { - if ($cgiparams{'KEY'}) { - print "\n"; - } else { - print ""; - } -# print ""; -# print ""; -# print <"; - if ($cgiparams{'KEY'}) { - print ""; - } else { - print ""; - } - print <  - - - - - - - - - -ttt - - - - - - - - - - - - -END - ; - } - print ""; - print ""; - -# if ($cgiparams{'TYPE'} eq 'net') { - print "\n"; - -# if ($cgiparams{'KEY'}) { -# print "
    $Lang::tr{'name'}:$cgiparams{'NAME'}
    $Lang::tr{'interface'}
    $cgiparams{'NAME'} 
    $Lang::tr{'Act as'}$Lang::tr{'remote host/ip'}:
    $Lang::tr{'local subnet'}$Lang::tr{'remote subnet'}
    $Lang::tr{'ovpn subnet'}
    $Lang::tr{'protocol'}$Lang::tr{'destination port'}:
    $Lang::tr{'comp-lzo'}
    $Lang::tr{'MTU'} 
    $Lang::tr{'remark title'} 
    $Lang::tr{'enabled'}  
    "; -# } else { -# print " $Lang::tr{'edit advanced settings when done'}"; -# } -# }else{ - print " "; -# } - - - - &Header::closebox(); - - if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') { - # &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'}); - # print < - # $Lang::tr{'use a pre-shared key'} - # - # -END - # ; - # &Header::closebox(); - } elsif (! $cgiparams{'KEY'}) { - my $disabled=''; - my $cakeydisabled=''; - my $cacrtdisabled=''; - if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" }; - if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" }; - &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'}); - print < - - - $Lang::tr{'upload a certificate request'} - - - $Lang::tr{'upload a certificate'} - - - $Lang::tr{'generate a certificate'}  -   - $Lang::tr{'users fullname or system hostname'}: - -   - $Lang::tr{'users email'}:  - -   - $Lang::tr{'users department'}:  - -   - $Lang::tr{'organization name'}:  - -   - $Lang::tr{'city'}:  - -   - $Lang::tr{'state or province'}:  - -   - $Lang::tr{'country'}: - -  $Lang::tr{'pkcs12 file password'}:
    ($Lang::tr{'confirmation'}) - - -END - ; - &Header::closebox(); - } - - print "
    "; - if ($cgiparams{'KEY'}) { -# print ""; - } - print "
    "; - &Header::closebigbox(); - &Header::closepage(); - exit (0); - } - VPNCONF_END: -} - -# SETTINGS_ERROR: -### -### Default status page -### - %cgiparams = (); - %cahash = (); - %confighash = (); - &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams); - &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - my @status = `/bin/cat /var/log/ovpnserver.log`; - - if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") { - if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) { - my $ipaddr = ; - close IPADDR; - chomp ($ipaddr); - $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0]; - if ($cgiparams{'VPN_IP'} eq '') { - $cgiparams{'VPN_IP'} = $ipaddr; - } - } - } - -#default setzen - if ($cgiparams{'DCIPHER'} eq '') { - $cgiparams{'DCIPHER'} = 'BF-CBC'; - } -# if ($cgiparams{'DCOMPLZO'} eq '') { -# $cgiparams{'DCOMPLZO'} = 'on'; -# } - if ($cgiparams{'DDEST_PORT'} eq '') { - $cgiparams{'DDEST_PORT'} = '1194'; - } - if ($cgiparams{'DMTU'} eq '') { - $cgiparams{'DMTU'} = '1400'; - } - if ($cgiparams{'DOVPN_SUBNET'} eq '') { - $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0'; - } - - $checked{'ENABLED'}{'off'} = ''; - $checked{'ENABLED'}{'on'} = ''; - $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED'; - $checked{'ENABLED_BLUE'}{'off'} = ''; - $checked{'ENABLED_BLUE'}{'on'} = ''; - $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED'; - $checked{'ENABLED_ORANGE'}{'off'} = ''; - $checked{'ENABLED_ORANGE'}{'on'} = ''; - $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED'; - - -#new settings - $selected{'DDEVICE'}{'tun'} = ''; - $selected{'DDEVICE'}{'tap'} = ''; - $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED'; - - $selected{'DPROTOCOL'}{'udp'} = ''; - $selected{'DPROTOCOL'}{'tcp'} = ''; - $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED'; - - $selected{'DCIPHER'}{'DES-CBC'} = ''; - $selected{'DCIPHER'}{'DES-EDE-CBC'} = ''; - $selected{'DCIPHER'}{'DES-EDE3-CBC'} = ''; - $selected{'DCIPHER'}{'DESX-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-40-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-64-CBC'} = ''; - $selected{'DCIPHER'}{'BF-CBC'} = ''; - $selected{'DCIPHER'}{'CAST5-CBC'} = ''; - $selected{'DCIPHER'}{'AES-128-CBC'} = ''; - $selected{'DCIPHER'}{'AES-192-CBC'} = ''; - $selected{'DCIPHER'}{'AES-256-CBC'} = ''; - $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED'; - $checked{'DCOMPLZO'}{'off'} = ''; - $checked{'DCOMPLZO'}{'on'} = ''; - $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED'; - -#new settings - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', $errormessage); - - if ($errormessage) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); - print "$errormessage\n"; - print " \n"; - &Header::closebox(); - } - - my $sactive = "
    $Lang::tr{'stopped'}
    "; - my $srunning = "no"; - my $activeonrun = ""; - if ( -e "/var/run/openvpn.pid"){ - $sactive = "
    $Lang::tr{'running'}
    "; - $srunning ="yes"; - $activeonrun = ""; - } else { - $activeonrun = "disabled='disabled'"; - } - &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'}); - print < -
    -   -   -   - $Lang::tr{'ovpn server status'} - $sactive - $Lang::tr{'ovpn on red'} - -END -; - if (&haveBlueNet()) { - print "$Lang::tr{'ovpn on blue'}"; - print ""; - } - if (&haveOrangeNet()) { - print "$Lang::tr{'ovpn on orange'}"; - print ""; - } - print <$Lang::tr{'local vpn hostname/ip'}:
    - $Lang::tr{'ovpn subnet'}
    - $Lang::tr{'ovpn device'} - - $Lang::tr{'protocol'} - - $Lang::tr{'destination port'}: - - $Lang::tr{'MTU'}  - - $Lang::tr{'comp-lzo'} - - $Lang::tr{'cipher'} - -END -; - - if ( $srunning eq "yes" ) { - print ""; - print ""; - print ""; - print ""; - } else{ - print ""; - print ""; - if (( -e "${General::swroot}/ovpn/ca/cacert.pem" && - -e "${General::swroot}/ovpn/ca/dh1024.pem" && - -e "${General::swroot}/ovpn/certs/servercert.pem" && - -e "${General::swroot}/ovpn/certs/serverkey.pem") && - (( $cgiparams{'ENABLED'} eq 'on') || - ( $cgiparams{'ENABLED_BLUE'} eq 'on') || - ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){ - print ""; - print ""; - } else { - print ""; - print ""; - } - } - print ""; - &Header::closebox(); - &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}:"); - print < - - $Lang::tr{'name'} - $Lang::tr{'subject'} - $Lang::tr{'action'} - -EOF - ; - if (-f "${General::swroot}/ovpn/ca/cacert.pem") { - my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; - $casubject =~ /Subject: (.*)[\n]/; - $casubject = $1; - $casubject =~ s+/Email+, E+; - $casubject =~ s/ ST=/ S=/; - - print < - $Lang::tr{'root certificate'} - $casubject -
    - - -
    -
    - - -
    -   -END - ; - } else { - # display rootcert generation buttons - print < - $Lang::tr{'root certificate'}: - $Lang::tr{'not present'} -   -END - ; - } - - if (-f "${General::swroot}/ovpn/certs/servercert.pem") { - my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`; - $hostsubject =~ /Subject: (.*)[\n]/; - $hostsubject = $1; - $hostsubject =~ s+/Email+, E+; - $hostsubject =~ s/ ST=/ S=/; - - print < - $Lang::tr{'host certificate'} - $hostsubject -
    - - -
    -
    - - -
    -   -END - ; - } else { - # Nothing - print < - $Lang::tr{'host certificate'}: - $Lang::tr{'not present'} -   -END - ; - } - - if (! -f "${General::swroot}/ovpn/ca/cacert.pem") { - print "
    "; - print ""; - print "
    \n"; - } - - if (keys %cahash > 0) { - foreach my $key (keys %cahash) { - if (($key + 1) % 2) { - print "\n"; - } else { - print "\n"; - } - print "$cahash{$key}[0]\n"; - print "$cahash{$key}[1]\n"; - print < - - - - -
    - - - -
    -
    - - - -
    -END - ; - } - } - - print ""; - - # If the file contains entries, print Key to action icons - if ( -f "${General::swroot}/ovpn/ca/cacert.pem") { - print < - -   $Lang::tr{'legend'}: -     $Lang::tr{ - $Lang::tr{'show certificate'} -     $Lang::tr{ - $Lang::tr{'download certificate'} - - -END - ; - } - print < - - - - -
    $Lang::tr{'ca name'}: -
    -END - ; - - &Header::closebox(); - if ( $srunning eq "yes" ) { - print "
    \n"; - }else{ - print "
    \n"; - } - if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' }); - print < - - $Lang::tr{'name'} - $Lang::tr{'type'} - $Lang::tr{'common name'} - $Lang::tr{'valid till'} - $Lang::tr{'remark'}
    L2089 - $Lang::tr{'status'} - $Lang::tr{'action'} - -END - ; - my $id = 0; - my $gif; - foreach my $key (keys %confighash) { - if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } - - if ($id % 2) { - print "\n"; - } else { - print "\n"; - } - print "$confighash{$key}[1]"; - print "" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")"; - if ($confighash{$key}[4] eq 'cert') { - print "$confighash{$key}[2]"; - } else { - print " "; - } - my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; - $cavalid =~ /Not After : (.*)[\n]/; - $cavalid = $1; - print "$cavalid"; - print "$confighash{$key}[25]"; - my $active = "
    $Lang::tr{'capsclosed'}
    "; - if ($confighash{$key}[0] eq 'off') { - $active = "
    $Lang::tr{'capsclosed'}
    "; - } else { - my $cn; - my @match = (); - foreach my $line (@status) { - chomp($line); - if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) { - @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line); - if ($match[1] ne "Common Name") { - $cn = $match[1]; - } - $cn =~ s/[_]/ /g; - if ($cn eq "$confighash{$key}[2]") { - $active = "
    $Lang::tr{'capsopen'}
    "; - } - } - } - } - my $disable_clientdl = "disabled='disabled'"; - if (( $cgiparams{'ENABLED'} eq 'on') || - ( $cgiparams{'ENABLED_BLUE'} eq 'on') || - ( $cgiparams{'ENABLED_ORANGE'} eq 'on')){ - $disable_clientdl = ""; - } - print <$active - -
    - - - -
    -END - ; - if ($confighash{$key}[4] eq 'cert') { - print < - - - - -END - ; } else { - print " "; - } - if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") { - print < - - - - -END - ; } elsif ($confighash{$key}[4] eq 'cert') { - print < - - - - -END - ; } else { - print " "; - } - print < - - - - - -
    - - - -
    -
    - - - -
    - -END - ; - $id++; - } - ; - - # If the config file contains entries, print Key to action icons - if ( $id ) { - print < - -   $Lang::tr{'legend'}: -   $Lang::tr{ - $Lang::tr{'click to disable'} -     $Lang::tr{ - $Lang::tr{'show certificate'} -     $Lang::tr{ - $Lang::tr{'edit'} -     $Lang::tr{ - $Lang::tr{'remove'} - - -   -   ?OFF - $Lang::tr{'click to enable'} -     ?FLOPPY - $Lang::tr{'download certificate'} -     ?RELOAD - $Lang::tr{'dl client arch'} - - -END - ; - } - - print < -
    - - -
    - -END - ; - &Header::closebox(); -} -&Header::closepage(); diff --git a/html/cgi-bin/pakfire.cgi b/html/cgi-bin/pakfire.cgi deleted file mode 100644 index 28786fa78..000000000 --- a/html/cgi-bin/pakfire.cgi +++ /dev/null @@ -1,303 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; -require "/opt/pakfire/lib/functions.pl"; - -my %pakfiresettings=(); -my $errormessage = ''; -my %color = (); -my %mainsettings = (); - -&Header::showhttpheaders(); - -$pakfiresettings{'ACTION'} = ''; -$pakfiresettings{'VALID'} = ''; - -$pakfiresettings{'INSPAKS'} = ''; -$pakfiresettings{'DELPAKS'} = ''; -$pakfiresettings{'AUTOUPDATE'} = 'off'; -$pakfiresettings{'AUTOUPGRADE'} = 'off'; -$pakfiresettings{'UUID'} = 'on'; - -&Header::getcgihash(\%pakfiresettings); - -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -&Header::openpage($Lang::tr{'pakfire configuration'}, 1); -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($pakfiresettings{'ACTION'} eq 'install'){ - $pakfiresettings{'INSPAKS'} =~ s/\|/\ /g; - if ("$pakfiresettings{'FORCE'}" eq "on") { - my $command = "/usr/local/bin/pakfire install --non-interactive --no-colors $pakfiresettings{'INSPAKS'} &>/dev/null &"; - system("$command"); - sleep(2); - } else { - &Header::openbox("100%", "center", "Abfrage"); - my @output = `/usr/local/bin/pakfire resolvedeps --no-colors $pakfiresettings{'INSPAKS'}`; - print <$Lang::tr{'pakfire install package'}.$pakfiresettings{'INSPAKS'}.$Lang::tr{'pakfire possible dependency'} -
    		
    -END
    -		foreach (@output) {
    -			print "$_\n";
    -		}
    -		print <
    -		$Lang::tr{'pakfire accept all'}
    -		 
    -		
    - - - - -
    - -
    - - -
    - -END - &Header::closebox(); - &Header::closebigbox(); - &Header::closepage(); - exit; - } -} elsif ($pakfiresettings{'ACTION'} eq 'remove') { - - $pakfiresettings{'DELPAKS'} =~ s/\|/\ /g; - if ("$pakfiresettings{'FORCE'}" eq "on") { - my $command = "/usr/local/bin/pakfire remove --non-interactive --no-colors $pakfiresettings{'DELPAKS'} &>/dev/null &"; - system("$command"); - sleep(2); - } else { - &Header::openbox("100%", "center", "Abfrage"); - my @output = `/usr/local/bin/pakfire resolvedeps --no-colors $pakfiresettings{'DELPAKS'}`; - print <$Lang::tr{'pakfire uninstall package'}.$pakfiresettings{'DELPAKS'}.$Lang::tr{'pakfire possible dependency'} -
    		
    -END
    -		foreach (@output) {
    -			print "$_\n";
    -		}
    -		print <
    -		$Lang::tr{'pakfire accept all'}
    -		 
    -		
    - - - - -
    - -
    - - -
    - -END - &Header::closebox(); - &Header::closebigbox(); - &Header::closepage(); - exit; - } - -} elsif ($pakfiresettings{'ACTION'} eq 'update') { - - system("/usr/local/bin/pakfire update --force --no-colors &>/dev/null"); - -} elsif ($pakfiresettings{'ACTION'} eq 'upgrade') { - - system("/usr/local/bin/pakfire upgrade -y --no-colors &>/dev/null"); - -} elsif ($pakfiresettings{'ACTION'} eq "$Lang::tr{'save'}") { - - if ($pakfiresettings{'AUTOUPDATE'} == "on") { - system("/usr/local/bin/pakfire enable updates >/dev/null 2>&1"); - } else { - system("/usr/local/bin/pakfire disable updates >/dev/null 2>&1"); - } - - if ($pakfiresettings{'AUTOUPGRADE'} == "on") { - system("/usr/local/bin/pakfire enable upgrades >/dev/null 2>&1"); - } else { - system("/usr/local/bin/pakfire disable upgrades >/dev/null 2>&1"); - } - - &General::writehash("${General::swroot}/pakfire/settings", \%pakfiresettings); -} - -&General::readhash("${General::swroot}/pakfire/settings", \%pakfiresettings); - -my %selected=(); -my %checked=(); - -$checked{'AUTOUPDATE'}{'off'} = ''; -$checked{'AUTOUPDATE'}{'on'} = ''; -$checked{'AUTOUPDATE'}{$pakfiresettings{'AUTOUPDATE'}} = "checked='checked'"; -$checked{'AUTOUPGRADE'}{'off'} = ''; -$checked{'AUTOUPGRADE'}{'on'} = ''; -$checked{'AUTOUPGRADE'}{$pakfiresettings{'AUTOUPGRADE'}} = "checked='checked'"; -$checked{'UUID'}{'off'} = ''; -$checked{'UUID'}{'on'} = ''; -$checked{'UUID'}{$pakfiresettings{'UUID'}} = "checked='checked'"; - -# DPC move error message to top so it is seen! -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -my $return = `pidof pakfire`; -chomp($return); -if ($return) { - &Header::openbox( 'Waiting', 1, "" ); - print < - - $Lang::tr{  - - $Lang::tr{'pakfire working'} - -
    - -
    -
    -END
    -	my @output = `tail -20 /var/log/pakfire.log`;
    -	foreach (@output) {
    -		print "$_";
    -	}
    -	print <
    -		
    -END
    -	&Header::closebox();
    -	&Header::closebigbox();
    -	&Header::closepage();
    -	exit;
    -}
    -
    -my $core_release = `cat /opt/pakfire/db/core/mine 2>/dev/null`;
    -chomp($core_release);
    -my $core_update_age = &General::age("/opt/pakfire/db/core/mine");
    -my $corelist_update_age = &General::age("/opt/pakfire/db/lists/core-list.db");
    -my $server_update_age = &General::age("/opt/pakfire/db/lists/server-list.db");
    -my $packages_update_age = &General::age("/opt/pakfire/db/lists/packages_list.db");
    -
    -&Header::openbox("100%", "center", "Pakfire");
    -
    -print <
    -		$Lang::tr{'pakfire system state'}:
    -				
    -		$Lang::tr{'pakfire core update level'}: $core_release
    - $Lang::tr{'pakfire last update'} $core_update_age ago
    - $Lang::tr{'pakfire last serverlist update'} $server_update_age ago
    - $Lang::tr{'pakfire last core list update'} $corelist_update_age ago
    - $Lang::tr{'pakfire last package update'} $packages_update_age ago -
    - -
    -
    - -
    - - -
    - -   - $Lang::tr{'pakfire available addons'} - $Lang::tr{'pakfire installed addons'} - -

    $Lang::tr{'pakfire install description'}

    -
    - - -
    - - -

    $Lang::tr{'pakfire uninstall description'}

    -
    - - -
    - -END - -&Header::closebox(); -&Header::openbox("100%", "center", "$Lang::tr{'settings'}"); - -print < - - - - - - -
    $Lang::tr{'basic options'}
    $Lang::tr{'pakfire update daily'} - on / - off
    $Lang::tr{'pakfire core update auto'} - on / - off
    $Lang::tr{'pakfire register'} - on / - off
    - -END - -&Header::closebox(); -&Header::closebigbox(); -&Header::closepage(); diff --git a/html/cgi-bin/portfw.cgi b/html/cgi-bin/portfw.cgi deleted file mode 100644 index 5583fb88a..000000000 --- a/html/cgi-bin/portfw.cgi +++ /dev/null @@ -1,1177 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::colouryellow} ); -undef (@dummy); - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -my %cgiparams=(); -my %selected=(); -my %checked=(); -my $prtrange1=0; -my $prtrange2=0; -my $errormessage = ''; -my $filename = "${General::swroot}/portfw/config"; -my $aliasfile = "${General::swroot}/ethernet/aliases"; - -&Header::showhttpheaders(); - -$cgiparams{'ENABLED'} = 'off'; -$cgiparams{'KEY1'} = '0'; -$cgiparams{'KEY2'} = '0'; -$cgiparams{'PROTOCOL'} = ''; -$cgiparams{'SRC_PORT'} = ''; -$cgiparams{'DEST_IP'} = ''; -$cgiparams{'DEST_PORT'} = ''; -$cgiparams{'SRC_IP'} = ''; -$cgiparams{'ORIG_IP'} = ''; -$cgiparams{'REMARK'} = ''; -$cgiparams{'OVERRIDE'} = 'off'; -$cgiparams{'ACTION'} = ''; - -&Header::getcgihash(\%cgiparams); - -my $disable_all = "0"; -my $enable_all = "0"; - -if ($cgiparams{'ACTION'} eq $Lang::tr{'add'}) -{ - &valaddupdate(); - - # Darren Critchley - if there is an error, don't waste any more time processing - if ($errormessage) { goto ERROR; } - - open(FILE, $filename) or die 'Unable to open config file.'; - my @current = ; - close(FILE); - my $key1 = 0; # used for finding last sequence number used - foreach my $line (@current) - { - my @temp = split(/\,/,$line); - - chomp ($temp[8]); - if ($cgiparams{'KEY2'} eq "0"){ # if key2 is 0 then it is a portfw addition - if ( $cgiparams{'SRC_PORT'} eq $temp[3] && - $cgiparams{'PROTOCOL'} eq $temp[2] && - $cgiparams{'SRC_IP'} eq $temp[7]) - { - $errormessage = - "$Lang::tr{'source port in use'} $cgiparams{'SRC_PORT'}"; - } - # Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number - if ( $temp[1] eq "0") { - $key1=$temp[0]; - } - # Darren Critchley - Duplicate or overlapping Port range check - if ($temp[1] eq "0" && - $cgiparams{'PROTOCOL'} eq $temp[2] && - $cgiparams{'SRC_IP'} eq $temp[7] && - $errormessage eq '') - { - &portchecks($temp[3], $temp[5]); - } - } else { - if ( $cgiparams{'KEY1'} eq $temp[0] && - $cgiparams{'ORIG_IP'} eq $temp[8]) - { - $errormessage = - "$Lang::tr{'source ip in use'} $cgiparams{'ORIG_IP'}"; - } - } - } - -ERROR: - unless ($errormessage) - { - # Darren Critchley - we only want to store ranges with Colons - $cgiparams{'SRC_PORT'} =~ tr/-/:/; - $cgiparams{'DEST_PORT'} =~ tr/-/:/; - - if ($cgiparams{'KEY1'} eq "0") { # 0 in KEY1 indicates it is a portfw add - $key1++; # Add one to last sequence number - open(FILE,">>$filename") or die 'Unable to open config file.'; - flock FILE, 2; - if ($cgiparams{'ORIG_IP'} eq '0.0.0.0/0') { - # if the default/all is taken, then write it to the rule - print FILE "$key1,0,$cgiparams{'PROTOCOL'},$cgiparams{'SRC_PORT'},$cgiparams{'DEST_IP'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'SRC_IP'},$cgiparams{'ORIG_IP'},$cgiparams{'REMARK'}\n"; - } else { # else create an extra record so it shows up - print FILE "$key1,0,$cgiparams{'PROTOCOL'},$cgiparams{'SRC_PORT'},$cgiparams{'DEST_IP'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'SRC_IP'},0,$cgiparams{'REMARK'}\n"; - print FILE "$key1,1,$cgiparams{'PROTOCOL'},0,$cgiparams{'DEST_IP'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},0,$cgiparams{'ORIG_IP'},$cgiparams{'REMARK'}\n"; - } - close(FILE); - undef %cgiparams; - &General::log($Lang::tr{'forwarding rule added'}); - system('/usr/local/bin/setportfw'); - } else { # else key1 eq 0 - my $insertpoint = ($cgiparams{'KEY2'} - 1); - open(FILE, ">$filename") or die 'Unable to open config file.'; - flock FILE, 2; - foreach my $line (@current) { - chomp($line); - my @temp = split(/\,/,$line); - if ($cgiparams{'KEY1'} eq $temp[0] && $insertpoint eq $temp[1]) { - if ($temp[1] eq "0") { # this is the first xtaccess rule, therefore modify the portfw rule - $temp[8] = '0'; - } - print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7],$temp[8],$temp[9]\n"; - print FILE "$cgiparams{'KEY1'},$cgiparams{'KEY2'},$cgiparams{'PROTOCOL'},0,$cgiparams{'DEST_IP'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},0,$cgiparams{'ORIG_IP'},$cgiparams{'REMARK'}\n"; - } else { - print FILE "$line\n"; - } - } - close(FILE); - undef %cgiparams; - &General::log($Lang::tr{'external access rule added'}); - system('/usr/local/bin/setportfw'); - } # end if if KEY1 eq 0 - } # end unless($errormessage) -} - -if ($cgiparams{'ACTION'} eq $Lang::tr{'update'}) -{ - &valaddupdate(); - - # Darren Critchley - If there is an error don't waste any more processing time - if ($errormessage) { $cgiparams{'ACTION'} = $Lang::tr{'edit'}; goto UPD_ERROR; } - - open(FILE, $filename) or die 'Unable to open config file.'; - my @current = ; - close(FILE); - my $disabledpfw = '0'; - my $lastpfw = ''; - my $xtaccessdel = '0'; - - foreach my $line (@current) - { - my @temp = split(/\,/,$line); - if ( $temp[1] eq "0" ) { # keep track of the last portfw and if it is enabled - $disabledpfw = $temp[6]; - $lastpfw = $temp[0]; - } - chomp ($temp[8]); - if ( $cgiparams{'SRC_PORT'} eq $temp[3] && - $cgiparams{'PROTOCOL'} eq $temp[2] && - $cgiparams{'SRC_IP'} eq $temp[7]) - { - if ($cgiparams{'KEY1'} ne $temp[0] && $cgiparams{'KEY2'} eq "0") - { - $errormessage = - "$Lang::tr{'source port in use'} $cgiparams{'SRC_PORT'}"; - } - } - if ($cgiparams{'ORIG_IP'} eq $temp[8]) - { - if ($cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} ne $temp[1]) - # If we have the same source ip within a portfw group, then we have a problem! - { - $errormessage = "$Lang::tr{'source ip in use'} $cgiparams{'ORIG_IP'}"; - $cgiparams{'ACTION'} = $Lang::tr{'edit'}; - } - } - - # Darren Critchley - Flag when a user disables an xtaccess - if ($cgiparams{'KEY1'} eq $temp[0] && - $cgiparams{'KEY2'} eq $temp[1] && - $cgiparams{'KEY2'} ne "0" && # if KEY2 is 0 then it is a portfw - $cgiparams{'ENABLED'} eq "off" && - $temp[6] eq "on") { # we have determined that someone has turned an xtaccess off - $xtaccessdel = "1"; - } - - # Darren Critchley - Portfw enabled, then enable xtaccess for all associated xtaccess records - if ($cgiparams{'ENABLED'} eq "on" && $cgiparams{'KEY2'} eq "0" && $cgiparams{'ENABLED'} ne $temp[6]) - { - $enable_all = "1"; - } else { - $enable_all = "0"; - } - # Darren Critchley - Portfw disabled, then disable xtaccess for all associated xtaccess records - if ($cgiparams{'ENABLED'} eq "off" && $cgiparams{'KEY2'} eq "0") - { - $disable_all = "1"; - } else { - $disable_all = "0"; - } - - # Darren Critchley - if we are enabling an xtaccess, only allow if the associated Portfw is enabled - if ($cgiparams{'KEY1'} eq $lastpfw && $cgiparams{'KEY2'} ne "0") { # identifies an xtaccess record in the group - if ($cgiparams{'ENABLED'} eq "on" && $cgiparams{'ENABLED'} ne $temp[6] ){ # a change has been made - if ($disabledpfw eq "off") - { - $errormessage = "$Lang::tr{'cant enable xtaccess'}"; - $cgiparams{'ACTION'} = $Lang::tr{'edit'}; - } - } - } - - # Darren Critchley - rule to stop someone from entering ALL into a external access rule, - # the portfw is the only place that ALL can be specified - if ($cgiparams{'KEY2'} ne "0" && $cgiparams{'ORIG_IP'} eq "0.0.0.0/0") { - $errormessage = "$Lang::tr{'xtaccess all error'}"; - $cgiparams{'ACTION'} = $Lang::tr{'edit'}; - } - - # Darren Critchley - Duplicate or overlapping Port range check - if ($temp[1] eq "0" && - $cgiparams{'KEY1'} ne $temp[0] && - $cgiparams{'PROTOCOL'} eq $temp[2] && - $cgiparams{'SRC_IP'} eq $temp[7] && - $errormessage eq '') - { - &portchecks($temp[3], $temp[5]); - } # end port testing - - } - - # Darren Critchley - if an xtaccess was disabled, now we need to check to see if it was the only xtaccess - if($xtaccessdel eq "1") { - my $xctr = 0; - foreach my $line (@current) - { - my @temp = split(/\,/,$line); - if($temp[0] eq $cgiparams{'KEY1'} && - $temp[6] eq "on") { # we only want to count the enabled xtaccess's - $xctr++; - } - } - if ($xctr == 2){ - $disable_all = "1"; - } - } - -UPD_ERROR: - unless ($errormessage) - { - # Darren Critchley - we only want to store ranges with Colons - $cgiparams{'SRC_PORT'} =~ tr/-/:/; - $cgiparams{'DEST_PORT'} =~ tr/-/:/; - - open(FILE, ">$filename") or die 'Unable to open config file.'; - flock FILE, 2; - foreach my $line (@current) { - chomp($line); - my @temp = split(/\,/,$line); - if ($cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq $temp[1]) { - print FILE "$cgiparams{'KEY1'},$cgiparams{'KEY2'},$cgiparams{'PROTOCOL'},$cgiparams{'SRC_PORT'},$cgiparams{'DEST_IP'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'SRC_IP'},$cgiparams{'ORIG_IP'},$cgiparams{'REMARK'}\n"; - } else { - # Darren Critchley - If it is a port forward record, then chances are good that a change was made to - # Destination Ip or Port, and we need to update all the associated external access records - if ($cgiparams{'KEY2'} eq "0" && $cgiparams{'KEY1'} eq $temp[0]) { - $temp[4] = $cgiparams{'DEST_IP'}; - $temp[5] = $cgiparams{'DEST_PORT'}; - $temp[2] = $cgiparams{'PROTOCOL'}; - } - - # Darren Critchley - If a Portfw has been disabled, then set all associated xtaccess as disabled - if ( $disable_all eq "1" && $cgiparams{'KEY1'} eq $temp[0] ) { - $temp[6] = 'off'; - } - if ( $enable_all eq "1" && $cgiparams{'KEY1'} eq $temp[0] ) { - $temp[6] = 'on'; - } - # Darren Critchley - Deal with the override to allow ALL - if ( $cgiparams{'OVERRIDE'} eq "on" && $temp[1] ne "0" && $cgiparams{'KEY1'} eq $temp[0] ) { - $temp[6] = 'off'; - } - print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7],$temp[8],$temp[9]\n"; - } - } - close(FILE); - undef %cgiparams; - &General::log($Lang::tr{'forwarding rule updated'}); - system('/usr/local/bin/setportfw'); - } - if ($errormessage) { - $cgiparams{'ACTION'} = $Lang::tr{'edit'}; - } -} - -# Darren Critchley - Allows rules to be enabled and disabled -if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) -{ - open(FILE, $filename) or die 'Unable to open config file.'; - my @current = ; - close(FILE); - my $disabledpfw = '0'; - my $lastpfw = ''; - my $xtaccessdel = '0'; - - foreach my $line (@current) - { - my @temp = split(/\,/,$line); - if ( $temp[1] eq "0" ) { # keep track of the last portfw and if it is enabled - $disabledpfw = $temp[6]; - $lastpfw = $temp[0]; - } - # Darren Critchley - Flag when a user disables an xtaccess - if ($cgiparams{'KEY1'} eq $temp[0] && - $cgiparams{'KEY2'} eq $temp[1] && - $cgiparams{'KEY2'} ne "0" && # if KEY2 is 0 then it is a portfw - $cgiparams{'ENABLED'} eq "off" && - $temp[6] eq "on") { # we have determined that someone has turned an xtaccess off - $xtaccessdel = "1"; - } - - # Darren Critchley - Portfw enabled, then enable xtaccess for all associated xtaccess records - if ($cgiparams{'ENABLED'} eq "on" && $cgiparams{'KEY2'} eq "0" && $cgiparams{'ENABLED'} ne $temp[6]) - { - $enable_all = "1"; - } else { - $enable_all = "0"; - } - # Darren Critchley - Portfw disabled, then disable xtaccess for all associated xtaccess records - if ($cgiparams{'ENABLED'} eq "off" && $cgiparams{'KEY2'} eq "0") - { - $disable_all = "1"; - } else { - $disable_all = "0"; - } - - # Darren Critchley - if we are enabling an xtaccess, only allow if the associated Portfw is enabled - if ($cgiparams{'KEY1'} eq $lastpfw && $cgiparams{'KEY2'} ne "0") { # identifies an xtaccess record in the group - if ($cgiparams{'ENABLED'} eq "on" && $cgiparams{'ENABLED'} ne $temp[6] ){ # a change has been made - if ($disabledpfw eq "off") - { - $errormessage = "$Lang::tr{'cant enable xtaccess'}"; - goto TOGGLEEXIT; - } - } - } - } - - # Darren Critchley - if an xtaccess was disabled, now we need to check to see if it was the only xtaccess - if($xtaccessdel eq "1") { - my $xctr = 0; - foreach my $line (@current) - { - my @temp = split(/\,/,$line); - if($temp[0] eq $cgiparams{'KEY1'} && - $temp[6] eq "on") { # we only want to count the enabled xtaccess's - $xctr++; - } - } - if ($xctr == 2){ - $disable_all = "1"; - } - } - - open(FILE, ">$filename") or die 'Unable to open config file.'; - flock FILE, 2; - foreach my $line (@current) { - chomp($line); - my @temp = split(/\,/,$line); - if ($cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq $temp[1]) { - print FILE "$cgiparams{'KEY1'},$cgiparams{'KEY2'},$temp[2],$temp[3],$temp[4],$temp[5],$cgiparams{'ENABLED'},$temp[7],$temp[8],$temp[9]\n"; - } else { - # Darren Critchley - If a Portfw has been disabled, then set all associated xtaccess as disabled - if ( $disable_all eq "1" && $cgiparams{'KEY1'} eq $temp[0] ) { - $temp[6] = 'off'; - } - if ( $enable_all eq "1" && $cgiparams{'KEY1'} eq $temp[0] ) { - $temp[6] = 'on'; - } - print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7],$temp[8],$temp[9]\n"; - } - } - close(FILE); - &General::log($Lang::tr{'forwarding rule updated'}); - system('/usr/local/bin/setportfw'); -TOGGLEEXIT: - undef %cgiparams; -} - - -# Darren Critchley - broke out Edit routine from the delete routine - Edit routine now just puts values in fields -if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) -{ - open(FILE, "$filename") or die 'Unable to open config file.'; - my @current = ; - close(FILE); - - unless ($errormessage) - { - foreach my $line (@current) - { - chomp($line); - my @temp = split(/\,/,$line); - if ($cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq $temp[1] ) { - $cgiparams{'PROTOCOL'} = $temp[2]; - $cgiparams{'SRC_PORT'} = $temp[3]; - $cgiparams{'DEST_IP'} = $temp[4]; - $cgiparams{'DEST_PORT'} = $temp[5]; - $cgiparams{'ENABLED'} = $temp[6]; - $cgiparams{'SRC_IP'} = $temp[7]; - $cgiparams{'ORIG_IP'} = $temp[8]; - $cgiparams{'REMARK'} = $temp[9]; - } - - } - } -} - -# Darren Critchley - broke out Remove routine as the logic is getting too complex to be combined with the Edit -if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) -{ - open(FILE, "$filename") or die 'Unable to open config file.'; - my @current = ; - close(FILE); - - # If the record being deleted is an xtaccess record, and it is the only one for a portfw record - # then we need to adjust the portfw record to be open to ALL ip addressess or an error will occur - # in setportfw.c - my $fixportfw = '0'; - if ($cgiparams{'KEY2'} ne "0") { - my $counter = 0; - foreach my $line (@current) - { - chomp($line); - my @temp = split(/\,/,$line); - if ($temp[0] eq $cgiparams{'KEY1'}) { - $counter++; - } - } - if ($counter eq 2) { - $fixportfw = '1'; - } - } - - unless ($errormessage) - { - open(FILE, ">$filename") or die 'Unable to open config file.'; - flock FILE, 2; - my $linedeleted = 0; - foreach my $line (@current) - { - chomp($line); - my @temp = split(/\,/,$line); - - if ($cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq $temp[1] || - $cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq "0" ) - { - $linedeleted = 1; - } else { - if ($temp[0] eq $cgiparams{'KEY1'} && $temp[1] eq "0" && $fixportfw eq "1") { - $temp[8] = '0.0.0.0/0'; - } - print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7],$temp[8],$temp[9]\n"; -# print FILE "$line\n"; - } - } - close(FILE); - if ($linedeleted == 1) { - &General::log($Lang::tr{'forwarding rule removed'}); - undef %cgiparams; - } - system('/usr/local/bin/setportfw'); - } -} - -# Darren Critchley - Added routine to allow external access rules to be added -if ($cgiparams{'ACTION'} eq $Lang::tr{'add xtaccess'}) -{ - open(FILE, $filename) or die 'Unable to open config file.'; - my @current = ; - close(FILE); - my $key = 0; # used for finding last sequence number used - foreach my $line (@current) - { - my @temp = split(/\,/,$line); - if ($temp[0] eq $cgiparams{'KEY1'}) { - $key = $temp[1] - } - if ($cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq $temp[1] ) { - $cgiparams{'PROTOCOL'} = $temp[2]; - $cgiparams{'SRC_PORT'} = $temp[3]; - $cgiparams{'DEST_IP'} = $temp[4]; - $cgiparams{'DEST_PORT'} = $temp[5]; - $cgiparams{'ENABLED'} = $temp[6]; - $cgiparams{'SRC_IP'} = $temp[7]; - $cgiparams{'ORIG_IP'} = ''; - $cgiparams{'REMARK'} = $temp[9]; - } - } - $key++; - $cgiparams{'KEY2'} = $key; - # Until the ADD button is hit, there needs to be no change to portfw rules -} - -if ($cgiparams{'ACTION'} eq $Lang::tr{'reset'}) -{ - undef %cgiparams; -} - -if ($cgiparams{'ACTION'} eq '') -{ - $cgiparams{'PROTOCOL'} = 'tcp'; - $cgiparams{'ENABLED'} = 'on'; - $cgiparams{'SRC_IP'} = '0.0.0.0'; -} - -$selected{'PROTOCOL'}{'udp'} = ''; -$selected{'PROTOCOL'}{'tcp'} = ''; -$selected{'PROTOCOL'}{'gre'} = ''; -$selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'"; - -$selected{'SRC_IP'}{$cgiparams{'SRC_IP'}} = "selected='selected'"; - -$checked{'ENABLED'}{'off'} = ''; -$checked{'ENABLED'}{'on'} = ''; -$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'"; - -&Header::openpage($Lang::tr{'port forwarding configuration'}, 1, ''); - -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage\n"; - print " \n"; - &Header::closebox(); -} - -print "
    \n"; - -if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}){ - &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'}); -} else { - &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'}); -} - -if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'KEY2'} ne "0" || $cgiparams{'ACTION'} eq $Lang::tr{'add xtaccess'}){ -# if it is not a port forward record, don't validate as the fields are disabled - my $PROT = "\U$cgiparams{'PROTOCOL'}\E"; - # Darren Critchley - Format the source and destination ports - my $dstprt = $cgiparams{'DEST_PORT'}; - $dstprt =~ s/-/ - /; - $dstprt =~ s/:/ - /; - -print < - - $Lang::tr{'protocol'}: $PROT -   - $Lang::tr{'destination ip'}:  - $cgiparams{'DEST_IP'} -   - $Lang::tr{'destination port'}:  - $dstprt - - - - - - - - -END -; -} else { -print < - - $Lang::tr{'protocol'}:  - - - - $Lang::tr{'alias ip'}: - - - - -   -   - $Lang::tr{'destination ip'}: - - $Lang::tr{'destination port'}: - - - -END -; -} - -print < - - $Lang::tr{'remark title'} *  - -END -; -unless ($cgiparams{'ACTION'} eq $Lang::tr{'add xtaccess'} && $cgiparams{'ENABLED'} eq "off") { - print " "; - print "$Lang::tr{'enabled'} \n"; -} -print < - -END -; - -if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'KEY2'} eq "0" && ($cgiparams{'ORIG_IP'} eq "0" || $cgiparams{'ORIG_IP'} eq "0.0.0.0/0")){ -# if it is a port forward rule with a 0 in the orig_port field, this means there are xtaccess records, and we -# don't want to allow a person to change the orig_ip field as it will mess other logic up - print "\n"; -} else { -print < - - $Lang::tr{'source network'} *  - - - -END -; -} - -print < -
    - - * $Lang::tr{'this field may be blank'} -END -; - - -if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}){ - if($cgiparams{'KEY2'} eq "0"){ - print "$Lang::tr{'open to all'}: \n"; - } else { - print " \n"; - } - print ""; - print ""; - print ""; - print ""; - # on an edit and an xtaccess add, for some reason the "Reset" button stops working, so I make it a submit button -} else { - print " \n"; - print ""; - if ($cgiparams{'ACTION'} eq $Lang::tr{'add xtaccess'}) { - print ""; - print ""; - print ""; - } elsif ($errormessage ne '') { - print ""; - } else { - print ""; - } -} -print <  - - -END -; -&Header::closebox(); - -print "\n"; - -&Header::openbox('100%', 'left', $Lang::tr{'current rules'}); -print < - -$Lang::tr{'proto'} -$Lang::tr{'source'} -  -$Lang::tr{'destination'} -$Lang::tr{'remark'} -$Lang::tr{'action'} - -END -; - -my $id = 0; -my $xtaccesscolor = '#F6F4F4'; -open(RULES, "$filename") or die 'Unable to open config file.'; -while () -{ - my $protocol = ''; - my $gif = ''; - my $gdesc = ''; - my $toggle = ''; - chomp($_); - my @temp = split(/\,/,$_); - $temp[9] ='' unless defined $temp[9];# Glles ESpinasse : suppress warning on page init - if ($temp[2] eq 'udp') { - $protocol = 'UDP'; } - elsif ($temp[2] eq 'gre') { - $protocol = 'GRE' } - else { - $protocol = 'TCP' } - # Change bgcolor when a new portfw rule is added - if ($temp[1] eq "0"){ - $id++; - } - # Darren Critchley highlight the row we are editing - if ( $cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq $temp[1] ) { - print "\n"; - } else { - if ($id % 2) { - print "\n"; - } - else { - print "\n"; - } - } - - if ($temp[6] eq 'on') { $gif = 'on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};} - else { $gif = 'off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; } - - # Darren Critchley - this code no longer works - should we remove? - # catch for 'old-style' rules file - assume default ip if - # none exists - if (!&General::validip($temp[7]) || $temp[7] eq '0.0.0.0') { - $temp[7] = 'DEFAULT IP'; } - if ($temp[1] eq '0') { # Port forwarding entry - - # Darren Critchley - Format the source and destintation ports - my $srcprt = $temp[3]; - $srcprt =~ s/-/ - /; - $srcprt =~ s/:/ - /; - my $dstprt = $temp[5]; - $dstprt =~ s/-/ - /; - $dstprt =~ s/:/ - /; - - # Darren Critchley - Get Port Service Name if we can - code borrowed from firewalllog.dat - $_=$temp[3]; - if (/^\d+$/) { - my $servi = uc(getservbyport($temp[3], lc($temp[2]))); - if ($servi ne '' && $temp[3] < 1024) { - $srcprt = "$srcprt($servi)"; } - } - $_=$temp[5]; - if (/^\d+$/) { - my $servi = uc(getservbyport($temp[5], lc($temp[2]))); - if ($servi ne '' && $temp[5] < 1024) { - $dstprt = "$dstprt($servi)"; } - } - - # Darren Critchley - If the line is too long, wrap the port numbers - my $srcaddr = "$temp[7] : $srcprt"; - if (length($srcaddr) > 22) { - $srcaddr = "$temp[7] :
    $srcprt"; - } - my $dstaddr = "$temp[4] : $dstprt"; - if (length($dstaddr) > 26) { - $dstaddr = "$temp[4] :
    $dstprt"; - } -print <$protocol -$srcaddr -=> -$dstaddr - $temp[9] - -
    - - - - - -
    - - - -
    - - - - -
    - - - -
    - - - - -
    - - - -
    - - - - -
    - - - -END - ; - } else { # external access entry -print <  - - $Lang::tr{'access allowed'} $temp[8]     ($temp[9]) - - -
    - - - - - -
    - - -  - - -
    - - - - -
    - - - -
    - - - - -
    - - - -END - ; - } -} - -close(RULES); - -print ""; - -# If the fixed lease file contains entries, print Key to action icons -if ( ! -z "$filename") { -print < - -  $Lang::tr{'legend'}:  - $Lang::tr{ - $Lang::tr{'click to disable'} -    - $Lang::tr{ - $Lang::tr{'click to enable'} -    - $Lang::tr{ - $Lang::tr{'add xtaccess'} -    - $Lang::tr{ - $Lang::tr{'edit'} -    - $Lang::tr{ - $Lang::tr{'remove'} - - -END -; -} - -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); - -# Validate Field Entries -sub validateparams -{ - # Darren Critchley - Get rid of dashes in port ranges - $cgiparams{'DEST_PORT'}=~ tr/-/:/; - $cgiparams{'SRC_PORT'}=~ tr/-/:/; - - # Darren Critchley - code to substitue wildcards - if ($cgiparams{'SRC_PORT'} eq "*") { - $cgiparams{'SRC_PORT'} = "1:65535"; - } - if ($cgiparams{'SRC_PORT'} =~ /^(\D)\:(\d+)$/) { - $cgiparams{'SRC_PORT'} = "1:$2"; - } - if ($cgiparams{'SRC_PORT'} =~ /^(\d+)\:(\D)$/) { - $cgiparams{'SRC_PORT'} = "$1:65535"; - } - if ($cgiparams{'DEST_PORT'} eq "*") { - $cgiparams{'DEST_PORT'} = "1:65535"; - } - if ($cgiparams{'DEST_PORT'} =~ /^(\D)\:(\d+)$/) { - $cgiparams{'DEST_PORT'} = "1:$2"; - } - if ($cgiparams{'DEST_PORT'} =~ /^(\d+)\:(\D)$/) { - $cgiparams{'DEST_PORT'} = "$1:65535"; - } - - # Darren Critchley - Add code for GRE protocol - we want to ignore ports, but we need a place holder - if ($cgiparams{'PROTOCOL'} eq 'gre') { - $cgiparams{'SRC_PORT'} = "GRE"; - $cgiparams{'DEST_PORT'} = "GRE"; - } - - unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp|gre)$/) { $errormessage = $Lang::tr{'invalid input'}; } - # Darren Critchley - Changed how the error routine works a bit - for the validportrange check, we need to - # pass in src or dest to determine which side we are working with. - # the routine returns the complete error or '' - if ($cgiparams{'PROTOCOL'} ne 'gre') { - $errormessage = &General::validportrange($cgiparams{'SRC_PORT'}, 'src'); - } - if( ($cgiparams{'ORIG_IP'} ne "0" && $cgiparams{'KEY2'} ne "0") || $cgiparams{'ACTION'} eq $Lang::tr{'add'}) { - # if it is a port forward record with 0 in orig_ip then ignore checking this field - unless(&General::validipormask($cgiparams{'ORIG_IP'})) - { - if ($cgiparams{'ORIG_IP'} ne '') { - $errormessage = $Lang::tr{'source ip bad'}; } - else { - $cgiparams{'ORIG_IP'} = '0.0.0.0/0'; } - } - } - # Darren Critchey - New rule that sets destination same as source if dest_port is blank. - if ($cgiparams{'DEST_PORT'} eq ''){ - $cgiparams{'DEST_PORT'} = $cgiparams{'SRC_PORT'}; - } - # Darren Critchey - Just in case error message is already set, this routine would wipe it out if - # we don't do a test here - if ($cgiparams{'PROTOCOL'} ne 'gre') { - unless($errormessage) {$errormessage = &General::validportrange($cgiparams{'DEST_PORT'}, 'dest');} - } - unless(&General::validip($cgiparams{'DEST_IP'})) { $errormessage = $Lang::tr{'destination ip bad'}; } - return; -} - -# Darren Critchley - we want to make sure that a port range does not overlap another port range -sub checkportoverlap -{ - my $portrange1 = $_[0]; # New port range - my $portrange2 = $_[1]; # existing port range - my @tempr1 = split(/\:/,$portrange1); - my @tempr2 = split(/\:/,$portrange2); - - unless (&checkportinc($tempr1[0], $portrange2)){ return 0;} - unless (&checkportinc($tempr1[1], $portrange2)){ return 0;} - - unless (&checkportinc($tempr2[0], $portrange1)){ return 0;} - unless (&checkportinc($tempr2[1], $portrange1)){ return 0;} - - return 1; # Everything checks out! -} - -# Darren Critchley - we want to make sure that a port entry is not within an already existing range -sub checkportinc -{ - my $port1 = $_[0]; # Port - my $portrange2 = $_[1]; # Port range - my @tempr1 = split(/\:/,$portrange2); - - if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) { - return 1; - } else { - return 0; - } -} - -# Darren Critchley - certain ports are reserved for Ipcop -# TCP 67,68,81,222,445 -# UDP 67,68 -# Params passed in -> port, rangeyn, protocol -sub disallowreserved -{ - # port 67 and 68 same for tcp and udp, don't bother putting in an array - my $msg = ""; - my @tcp_reserved = (81,222,444); - my $prt = $_[0]; # the port or range - my $ryn = $_[1]; # tells us whether or not it is a port range - my $prot = $_[2]; # protocol - my $srcdst = $_[3]; # source or destination - - if ($ryn) { # disect port range - if ($srcdst eq "src") { - $msg = "$Lang::tr{'rsvd src port overlap'}"; - } else { - $msg = "$Lang::tr{'rsvd dst port overlap'}"; - } - my @tmprng = split(/\:/,$prt); - unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; } - unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; } - if ($prot eq "tcp") { - foreach my $prange (@tcp_reserved) { - unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; } - } - } - } else { - if ($srcdst eq "src") { - $msg = "$Lang::tr{'reserved src port'}"; - } else { - $msg = "$Lang::tr{'reserved dst port'}"; - } - if ($prt == 67) { $errormessage="$msg 67"; return; } - if ($prt == 68) { $errormessage="$msg 68"; return; } - if ($prot eq "tcp") { - foreach my $prange (@tcp_reserved) { - if ($prange == $prt) { $errormessage="$msg $prange"; return; } - } - } - } - return; -} - -# Darren Critchley - Attempt to combine Add/Update validation as they are almost the same -sub valaddupdate -{ - if ($cgiparams{'KEY2'} eq "0"){ # if it is a port forward rule, then validate properly - &validateparams(); - } else { # it is an xtaccess rule, just check for a valid ip - unless(&General::validipormask($cgiparams{'ORIG_IP'})) - { - if ($cgiparams{'ORIG_IP'} ne '') { - $errormessage = $Lang::tr{'source ip bad'}; } - else { # this rule stops someone from adding an ALL xtaccess record - $errormessage = $Lang::tr{'xtaccess all error'}; - $cgiparams{'ACTION'} = $Lang::tr{'add xtaccess'}; - } - } - # Darren Critchley - check for 0.0.0.0/0 - not allowed for xtaccess - if ($cgiparams{'ORIG_IP'} eq "0.0.0.0/0" || $cgiparams{'ORIG_IP'} eq "0.0.0.0") { - $errormessage = $Lang::tr{'xtaccess all error'}; - $cgiparams{'ACTION'} = $Lang::tr{'add xtaccess'}; - } - } - # Darren Critchley - Remove commas from remarks - $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); - - # Darren Critchley - Check to see if we are working with port ranges - our ($prtrange1, $prtrange2); - $_ = $cgiparams{'SRC_PORT'}; - if ($cgiparams{'KEY2'} eq "0" && m/:/){ - $prtrange1 = 1; - } - if ($cgiparams{'SRC_IP'} eq '0.0.0.0') { # Dave Roberts - only check if using DEFAULT IP - if ($prtrange1 == 1){ # check for source ports reserved for Ipcop - &disallowreserved($cgiparams{'SRC_PORT'},1,$cgiparams{'PROTOCOL'},"src"); - if ($errormessage) { goto EXITSUB; } - } else { # check for source port reserved for Ipcop - &disallowreserved($cgiparams{'SRC_PORT'},0,$cgiparams{'PROTOCOL'},"src"); - if ($errormessage) { goto EXITSUB; } - } - } - - $_ = $cgiparams{'DEST_PORT'}; - if ($cgiparams{'KEY2'} eq "0" && m/:/){ - $prtrange2 = 1; - } - if ($cgiparams{'SRC_IP'} eq '0.0.0.0') { # Dave Roberts - only check if using DEFAULT IP - if ($prtrange2 == 1){ # check for destination ports reserved for IPFire - &disallowreserved($cgiparams{'DEST_PORT'},1,$cgiparams{'PROTOCOL'},"dst"); - if ($errormessage) { goto EXITSUB; } - } else { # check for destination port reserved for IPFire - &disallowreserved($cgiparams{'DEST_PORT'},0,$cgiparams{'PROTOCOL'},"dst"); - if ($errormessage) { goto EXITSUB; } - } - } - - -EXITSUB: - return; -} - -# Darren Critchley - Duplicate or overlapping Port range check -sub portchecks -{ - $_ = $_[0]; - our ($prtrange1, $prtrange2); - if (m/:/ && $prtrange1 == 1) { # comparing two port ranges - unless (&checkportoverlap($cgiparams{'SRC_PORT'},$_[0])) { - $errormessage = "$Lang::tr{'source port overlaps'} $_[0]"; - } - } - if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range - unless (&checkportinc($cgiparams{'SRC_PORT'}, $_[0])) { - $errormessage = "$Lang::tr{'srcprt within existing'} $_[0]"; - } - } - if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range - unless (&checkportinc($_[0], $cgiparams{'SRC_PORT'})) { - $errormessage = "$Lang::tr{'srcprt range overlaps'} $_[0]"; - } - } - - if ($errormessage eq ''){ - $_ = $_[1]; - if (m/:/ && $prtrange2 == 1) { # if true then there is a port range - unless (&checkportoverlap($cgiparams{'DEST_PORT'},$_[1])) { - $errormessage = "$Lang::tr{'destination port overlaps'} $_[1]"; - } - } - if (m/:/ && $prtrange2 == 0 && $errormessage eq '') { # compare one port to a range - unless (&checkportinc($cgiparams{'DEST_PORT'}, $_[1])) { - $errormessage = "$Lang::tr{'dstprt within existing'} $_[1]"; - } - } - if (! m/:/ && $prtrange2 == 1 && $errormessage eq '') { # compare one port to a range - unless (&checkportinc($_[1], $cgiparams{'DEST_PORT'})) { - $errormessage = "$Lang::tr{'dstprt range overlaps'} $_[1]"; - } - } - } - return; -} diff --git a/html/cgi-bin/pppsetup.cgi b/html/cgi-bin/pppsetup.cgi deleted file mode 100644 index 516935448..000000000 --- a/html/cgi-bin/pppsetup.cgi +++ /dev/null @@ -1,890 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -our %pppsettings=(); -my %temppppsettings=(); -our %modemsettings=(); -our %isdnsettings=(); -our %netsettings=(); -my %selected=(); -my %checked=(); -my @profilenames=(); -my $errormessage = ''; -my $maxprofiles = 5; -my $kernel=`/bin/uname -r | /usr/bin/tr -d '\012'`; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -&Header::showhttpheaders(); - -$pppsettings{'ACTION'} = ''; -&initprofile(); -&Header::getcgihash(\%pppsettings); - -if ($pppsettings{'ACTION'} ne '' && - (-e '/var/run/ppp-ipcop.pid' || -e "${General::swroot}/red/active")) -{ - $errormessage = $Lang::tr{'unable to alter profiles while red is active'}; - # read in the current vars - %pppsettings = (); - $pppsettings{'VALID'} = ''; - &General::readhash("${General::swroot}/ppp/settings", \%pppsettings); -} -elsif ($pppsettings{'ACTION'} eq $Lang::tr{'refresh'}) -{ - unless ($pppsettings{'TYPE'} =~ /^(modem|serial|isdn|pppoe|pptp|pppoeatm)$/) { - $errormessage = $Lang::tr{'invalid input'}; - goto ERROR; } - my $type = $pppsettings{'TYPE'}; - &General::readhash("${General::swroot}/ppp/settings", \%pppsettings); - $pppsettings{'TYPE'} = $type; -} -elsif ($pppsettings{'ACTION'} eq $Lang::tr{'save'}) -{ - if ($pppsettings{'TYPE'} =~ /^(modem|serial|isdn)$/ && $pppsettings{'COMPORT'} !~ /^(ttyS0|ttyS1|ttyS2|ttyS3|ttyS4|ttyACM0|ttyACM1|ttyACM2|ttyACM3|isdn1|isdn2)$/) { - $errormessage = $Lang::tr{'invalid input'}; - goto ERROR; } - if ($pppsettings{'TYPE'} =~ /^(modem|serial)$/ && $pppsettings{'DTERATE'} !~ /^(9600|19200|38400|57600|115200|230400|460800|921600)$/) { - $errormessage = $Lang::tr{'invalid input'}; - goto ERROR; } - if ($pppsettings{'TYPE'} eq 'modem' && $pppsettings{'DIALMODE'} !~ /^(T|P)$/) { - $errormessage = $Lang::tr{'invalid input'}; - goto ERROR; } - if ($pppsettings{'AUTH'} !~ /^(pap-or-chap|pap|chap|standard-login-script|demon-login-script|other-login-script)$/) { - $errormessage = $Lang::tr{'invalid input'}; - goto ERROR; - } - - if ($pppsettings{'PROFILENAME'} eq '') { - $errormessage = $Lang::tr{'profile name not given'}; - $pppsettings{'PROFILENAME'} = ''; - goto ERROR; } - if ($pppsettings{'TYPE'} =~ /^(modem|isdn)$/) { - if ($pppsettings{'TELEPHONE'} eq '') { - $errormessage = $Lang::tr{'telephone not set'}; - goto ERROR; } - if (!($pppsettings{'TELEPHONE'} =~ /^[\d\*\#\,]+$/)) { - $errormessage = $Lang::tr{'bad characters in the telephone number field'}; - goto ERROR; } - } - unless (($pppsettings{'PROTOCOL'} eq 'RFC1483' && $pppsettings{'METHOD'} =~ /^(STATIC|DHCP)$/)) { - if ($pppsettings{'USERNAME'} eq '') { - $errormessage = $Lang::tr{'username not set'}; - goto ERROR; } - if ($pppsettings{'PASSWORD'} eq '') { - $errormessage = $Lang::tr{'password not set'}; - goto ERROR; } - } - - if ($pppsettings{'TIMEOUT'} eq '') { - $errormessage = $Lang::tr{'idle timeout not set'}; - goto ERROR; } - if (!($pppsettings{'TIMEOUT'} =~ /^\d+$/)) { - $errormessage = $Lang::tr{'only digits allowed in the idle timeout'}; - goto ERROR; } - - if ($pppsettings{'LOGINSCRIPT'} =~ /[.\/ ]/ ) { - $errormessage = $Lang::tr{'bad characters in script field'}; - goto ERROR; } - - if ($pppsettings{'DNS1'}) - { - if (!(&General::validip($pppsettings{'DNS1'}))) { - $errormessage = $Lang::tr{'invalid primary dns'}; - goto ERROR; } - } - if ($pppsettings{'DNS2'}) - { - if (!(&General::validip($pppsettings{'DNS2'}))) { - $errormessage = $Lang::tr{'invalid secondary dns'}; - goto ERROR; } - } - - if ($pppsettings{'MAXRETRIES'} eq '') { - $errormessage = $Lang::tr{'max retries not set'}; - goto ERROR; } - if (!($pppsettings{'MAXRETRIES'} =~ /^\d+$/)) { - $errormessage = $Lang::tr{'only digits allowed in max retries field'}; - goto ERROR; } - - if (!($pppsettings{'HOLDOFF'} =~ /^\d+$/)) { - $errormessage = $Lang::tr{'only digits allowed in holdoff field'}; - goto ERROR; } - - if ($pppsettings{'TYPE'} eq 'pptp') { - $errormessage = ''; - if ($pppsettings{'METHOD'} eq 'STATIC') { - if (! &General::validip($pppsettings{'ROUTERIP'})) { - $errormessage = $Lang::tr{'router ip'}.' '.$Lang::tr{'invalid ip'}; - } - } else { - if (($pppsettings{'DHCP_HOSTNAME'} ne '') && (! &General::validfqdn($pppsettings{'DHCP_HOSTNAME'})) ) { - $errormessage = $errormessage.' '.$Lang::tr{'hostname'}.' '.$Lang::tr{'invalid hostname'}; - } - } - if ($errormessage ne '') {goto ERROR; } - } - if ($pppsettings{'TYPE'} =~ /^(pppoeatm)$/) { - if ( ($pppsettings{'VPI'} eq '') || ($pppsettings{'VCI'} eq '') ) { - $errormessage = $Lang::tr{'invalid vpi vpci'}; - goto ERROR; } - if ( (!($pppsettings{'VPI'} =~ /^\d+$/)) || (!($pppsettings{'VCI'} =~ /^\d+$/)) ) { - $errormessage = $Lang::tr{'invalid vpi vpci'}; - goto ERROR; } - if (($pppsettings{'VPI'} eq '0') && ($pppsettings{'VCI'} eq '0')) { - $errormessage = $Lang::tr{'invalid vpi vpci'}; - goto ERROR; } - if ( $pppsettings{'PROTOCOL'} eq '' ) { - $errormessage = $Lang::tr{'invalid input'}; - goto ERROR; } - } - - if ( ($pppsettings{'PROTOCOL'} eq 'RFC1483') && ($pppsettings{'METHOD'} eq '') && \ - ($pppsettings{'TYPE'} !~ /^(alcatelusb|fritzdsl)$/)) { - $errormessage = $Lang::tr{'invalid input'}; - goto ERROR; } - - if (($pppsettings{'PROTOCOL'} eq 'RFC1483' && $pppsettings{'METHOD'} eq 'DHCP')) { - if ($pppsettings{'DHCP_HOSTNAME'} ne '') { - if (! &General::validfqdn($pppsettings{'DHCP_HOSTNAME'})) { - $errormessage = $errormessage.' '.$Lang::tr{'hostname'}.': '.$Lang::tr{'invalid hostname'}; } - } - } - - if (($pppsettings{'PROTOCOL'} eq 'RFC1483' && $pppsettings{'METHOD'} eq 'STATIC')) { - $errormessage = ''; - if (! &General::validip($pppsettings{'IP'})) { - $errormessage = $Lang::tr{'static ip'}.' '.$Lang::tr{'invalid ip'}; } - if (! &General::validip($pppsettings{'GATEWAY'})) { - $errormessage = $errormessage.' '.$Lang::tr{'gateway ip'}.' '.$Lang::tr{'invalid ip'}; } - if (! &General::validmask($pppsettings{'NETMASK'})) { - $errormessage = $errormessage.' '.$Lang::tr{'netmask'}.' '.$Lang::tr{'invalid netmask'}; } - if ($pppsettings{'BROADCAST'} ne '') { - if (! &General::validip($pppsettings{'BROADCAST'})) { - $errormessage = $errormessage.' '.$Lang::tr{'broadcast'}.' '.$Lang::tr{'invalid broadcast ip'}; } - } - if( $pppsettings{'DNS'} eq 'Automatic') { - $errormessage = $Lang::tr{'invalid input'}; } - if ($errormessage ne '') {goto ERROR; } - } - - if( $pppsettings{'PROTOCOL'} eq 'RFC1483' && $pppsettings{'METHOD'} ne 'PPPOE' && \ - $pppsettings{'RECONNECTION'} eq 'dialondemand' ) { - $errormessage = $Lang::tr{'invalid input'}; - goto ERROR; } - - if( $pppsettings{'RECONNECTION'} eq 'dialondemand' && `/bin/cat ${General::swroot}/ddns/config` =~ /,on$/m ) { - $errormessage = $Lang::tr{'dod not compatible with ddns'}; - goto ERROR; } - -# if( $pppsettings{'PROTOCOL'} eq 'RFC1483') { -# $pppsettings{'ENCAP'} = $pppsettings{'ENCAP_RFC1483'}; } -# if( $pppsettings{'PROTOCOL'} eq 'RFC2364') { -# $pppsettings{'ENCAP'} = $pppsettings{'ENCAP_RFC2364'}; } - delete $pppsettings{'ENCAP_RFC1483'}; - delete $pppsettings{'ENCAP_RFC2364'}; - -ERROR: - if ($errormessage) { - $pppsettings{'VALID'} = 'no'; } - else { - $pppsettings{'VALID'} = 'yes'; } - - # write cgi vars to the file. - &General::writehash("${General::swroot}/ppp/settings-$pppsettings{'PROFILE'}", - \%pppsettings); - - # make link and write secret file. - &updatesettings(); - &writesecrets(); - - &General::log("$Lang::tr{'profile saved'} $pppsettings{'PROFILENAME'}"); -} -if ($pppsettings{'ACTION'} eq $Lang::tr{'select'}) -{ - my $profile = $pppsettings{'PROFILE'}; - %temppppsettings = (); - $temppppsettings{'PROFILE'} = ''; - &General::readhash("${General::swroot}/ppp/settings-$pppsettings{'PROFILE'}", - \%temppppsettings); - - # make link. - &updatesettings(); - - # read in the new params "early" so we can write secrets. - %pppsettings = (); - &General::readhash("${General::swroot}/ppp/settings", \%pppsettings); - $pppsettings{'PROFILE'} = $profile; - &General::writehash("${General::swroot}/ppp/settings-$pppsettings{'PROFILE'}", - \%pppsettings); - - &writesecrets(); - - &General::log("$Lang::tr{'profile made current'} $pppsettings{'PROFILENAME'}"); -} -elsif ($pppsettings{'ACTION'} eq $Lang::tr{'delete'}) -{ - &General::log("$Lang::tr{'profile deleted'} $pppsettings{'PROFILENAME'}"); - - my $profile = $pppsettings{'PROFILE'}; - truncate ("${General::swroot}/ppp/settings-$pppsettings{'PROFILE'}", 0); - - %temppppsettings = (); - $temppppsettings{'PROFILE'} = ''; - &General::readhash("${General::swroot}/ppp/settings-$pppsettings{'PROFILE'}", - \%temppppsettings); - - # make link. - &updatesettings(); - - # read in the new params "early" so we can write secrets. - %pppsettings = (); - &General::readhash("${General::swroot}/ppp/settings", \%pppsettings); - $pppsettings{'PROFILE'} = $profile; - &initprofile; - &General::writehash("${General::swroot}/ppp/settings-$pppsettings{'PROFILE'}", - \%pppsettings); -} -elsif ($pppsettings{'ACTION'} eq $Lang::tr{'refresh'}) -{ -} -else -{ - # read in the current vars - %pppsettings = (); - $pppsettings{'VALID'} = ''; - &General::readhash("${General::swroot}/ppp/settings", \%pppsettings); -} - -# read in the profile names into @profilenames. -my $c=0; -for ($c = 1; $c <= $maxprofiles; $c++) -{ - %temppppsettings = (); - $temppppsettings{'PROFILENAME'} = $Lang::tr{'empty profile'}; - &General::readhash("${General::swroot}/ppp/settings-$c", \%temppppsettings); - $profilenames[$c] = $temppppsettings{'PROFILENAME'}; -} - -if ($pppsettings{'VALID'} eq '') -{ - if ($pppsettings{'PROFILE'} eq '') { - $pppsettings{'PROFILE'} = '1'; - &initprofile(); - } -} -for ($c = 1; $c <= $maxprofiles; $c++) { - $selected{'PROFILE'}{$c} = ''; } -$selected{'PROFILE'}{$pppsettings{'PROFILE'}} = "selected='selected'"; -for ($c = 1; $c <= $maxprofiles; $c++) { - $selected{'BACKUPPROFILE'}{$c} = ''; } -$selected{'BACKUPPROFILE'}{$pppsettings{'BACKUPPROFILE'}} = "selected='selected'"; - -$selected{'TYPE'}{'modem'} = ''; -$selected{'TYPE'}{'serial'} = ''; -$selected{'TYPE'}{'pppoe'} = ''; -$selected{'TYPE'}{'pptp'} = ''; -$selected{'TYPE'}{$pppsettings{'TYPE'}} = "selected='selected'"; -$checked{'DEBUG'}{'off'} = ''; -$checked{'DEBUG'}{'on'} = ''; -$checked{'DEBUG'}{$pppsettings{'DEBUG'}} = "checked='checked'"; - -$selected{'COMPORT'}{'ttyS0'} = ''; -$selected{'COMPORT'}{'ttyS1'} = ''; -$selected{'COMPORT'}{'ttyS2'} = ''; -$selected{'COMPORT'}{'ttyS3'} = ''; -$selected{'COMPORT'}{'ttyS4'} = ''; -if ( $pppsettings{'TYPE'} ne '' ){ -$selected{'COMPORT'}{'ttyACM0'} = ''; -$selected{'COMPORT'}{'ttyACM1'} = ''; -$selected{'COMPORT'}{'ttyACM2'} = ''; -$selected{'COMPORT'}{'ttyACM3'} = '';} -$selected{'COMPORT'}{$pppsettings{'COMPORT'}} = "selected='selected'"; - -$selected{'DTERATE'}{'9600'} = ''; -$selected{'DTERATE'}{'19200'} = ''; -$selected{'DTERATE'}{'38400'} = ''; -$selected{'DTERATE'}{'57600'} = ''; -$selected{'DTERATE'}{'115200'} = ''; -$selected{'DTERATE'}{'230400'} = ''; -$selected{'DTERATE'}{'460800'} = ''; -$selected{'DTERATE'}{'921600'} = ''; -$selected{'DTERATE'}{$pppsettings{'DTERATE'}} = "selected='selected'"; - -$checked{'SPEAKER'}{'off'} = ''; -$checked{'SPEAKER'}{'on'} = ''; -$checked{'SPEAKER'}{$pppsettings{'SPEAKER'}} = "checked='checked'"; - -$selected{'DIALMODE'}{'T'} = ''; -$selected{'DIALMODE'}{'P'} = ''; -$selected{'DIALMODE'}{$pppsettings{'DIALMODE'}} = "selected='selected'"; - -$checked{'RECONNECTION'}{'persistent'} = ''; -$checked{'RECONNECTION'}{'dialondemand'} = ''; -$checked{'RECONNECTION'}{$pppsettings{'RECONNECTION'}} = "checked='checked'"; - -$checked{'DIALONDEMANDDNS'}{'off'} = ''; -$checked{'DIALONDEMANDDNS'}{'on'} = ''; -$checked{'DIALONDEMANDDNS'}{$pppsettings{'DIALONDEMANDDNS'}} = "checked='checked'"; - -$checked{'AUTOCONNECT'}{'off'} = ''; -$checked{'AUTOCONNECT'}{'on'} = ''; -$checked{'AUTOCONNECT'}{$pppsettings{'AUTOCONNECT'}} = "checked='checked'"; - -$checked{'SENDCR'}{'off'} = ''; -$checked{'SENDCR'}{'on'} = ''; -$checked{'SENDCR'}{$pppsettings{'SENDCR'}} = "checked='checked'"; -$checked{'USEDOV'}{'off'} = ''; -$checked{'USEDOV'}{'on'} = ''; -$checked{'USEDOV'}{$pppsettings{'USEDOV'}} = "checked='checked'"; - -$checked{'MODEM'}{'PCIST'} = ''; -$checked{'MODEM'}{'USB'} = ''; -$checked{'MODEM'}{$pppsettings{'MODEM'}} = "checked='checked'"; - -$selected{'LINE'}{'WO'} = ''; -$selected{'LINE'}{'ES'} = ''; -$selected{'LINE'}{'ES03'} = ''; -$selected{'LINE'}{'FR'} = ''; -$selected{'LINE'}{'FR04'} = ''; -$selected{'LINE'}{'FR10'} = ''; -$selected{'LINE'}{'IT'} = ''; -$selected{'LINE'}{$pppsettings{'LINE'}} = "selected='selected'"; - -$checked{'MODULATION'}{'GDMT'} = ''; -$checked{'MODULATION'}{'ANSI'} = ''; -$checked{'MODULATION'}{'GLITE'} = ''; -$checked{'MODULATION'}{'AUTO'} = ''; -$checked{'MODULATION'}{$pppsettings{'MODULATION'}} = "checked='checked'"; - -$checked{'PROTOCOL'}{'RFC1483'} = ''; -$checked{'PROTOCOL'}{'RFC2364'} = ''; -$checked{'PROTOCOL'}{$pppsettings{'PROTOCOL'}} = "checked='checked'"; - -$selected{'ENCAP'}{'0'} = ''; -$selected{'ENCAP'}{'1'} = ''; -#$selected{'ENCAP'}{'2'} = ''; -#$selected{'ENCAP'}{'3'} = ''; -#$selected{'ENCAP'}{'4'} = ''; -$selected{'ENCAP'}{$pppsettings{'ENCAP'}} = "selected='selected'"; - -$checked{'METHOD'}{'STATIC'} = ''; -$checked{'METHOD'}{'PPPOE'} = ''; -$checked{'METHOD'}{'PPPOE_PLUGIN'} = ''; -$checked{'METHOD'}{'DHCP'} = ''; -$checked{'METHOD'}{$pppsettings{'METHOD'}} = "checked='checked'"; - -$selected{'AUTH'}{'pap-or-chap'} = ''; -$selected{'AUTH'}{'pap'} = ''; -$selected{'AUTH'}{'chap'} = ''; -$selected{'AUTH'}{'standard-login-script'} = ''; -$selected{'AUTH'}{'demon-login-script'} = ''; -$selected{'AUTH'}{'other-login-script'} = ''; -$selected{'AUTH'}{$pppsettings{'AUTH'}} = "selected='selected'"; - -$checked{'DNS'}{'Automatic'} = ''; -$checked{'DNS'}{'Manual'} = ''; -$checked{'DNS'}{$pppsettings{'DNS'}} = "checked='checked'"; - -&Header::openpage($Lang::tr{'ppp setup'}, 1, ''); -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($netsettings{'RED_TYPE'} ne 'PPPOE') { - $errormessage = $Lang::tr{'dialup red not ppp'}; - &Header::openbox('100%', 'center', $Lang::tr{'error messages'}); - print "$errormessage\n"; - print " \n"; - &Header::closebox(); - &Header::closebigbox(); - - &Header::closepage(); - exit(1); -} - -if ($errormessage) { - &Header::openbox('100%', 'center', $Lang::tr{'error messages'}); - print "$errormessage\n"; - print " \n"; - &Header::closebox(); -} - - -### -### Box for selecting profile -### -print "
    \n"; -&Header::openbox('100%', 'center', $Lang::tr{'profile'}); -print < - - $Lang::tr{'profile'} - - - - - - -

    -
    -END -; - -&Header::closebox(); -&Header::openbox('100%', 'center', $Lang::tr{'connection'}); - -print < - - $Lang::tr{'interface'}: - - -END -; - if ($pppsettings{'TYPE'} =~ /^(modem)$/) { - print <$Lang::tr{'modem configuration'} -END -; -} - - print ""; - -#if (-f "/proc/bus/usb/devices") { -# USB: -# my $usb=`lsmod | cut -d ' ' -f1 | grep -E "hci"`; -# if ($usb eq '') { -# print "\t$Lang::tr{'not running'}\n"; -# } else { -# print "\t$usb\n"; -# } -#} - -if ($pppsettings{'TYPE'}) { - print "

    "; - - if ($pppsettings{'TYPE'} =~ /^(modem|serial)$/) { - print < - $Lang::tr{'interface'}: - "} - if ($pppsettings{'TYPE'} =~ /^(modem|serial)$/ ) { - print < - $Lang::tr{'computer to modem rate'} - - -END -; - } - if ($pppsettings{'TYPE'} =~ /^(modem)$/ ) { - print "$Lang::tr{'number'}\n"; - print "\n"; - if ($pppsettings{'TYPE'} eq 'modem' ) { - print "$Lang::tr{'modem speaker on'}\n"; - print "\n"; - } - } - } - if ($pppsettings{'TYPE'} eq 'modem') { - print < - $Lang::tr{'dialing mode'} - - - - $Lang::tr{'send cr'} - - -END -; -} - -print < - $Lang::tr{'idle timeout'} - - - - $Lang::tr{'connection debugging'}: - - - -

    - - $Lang::tr{'reconnection'}: - - - $Lang::tr{'dod'} - -END -; -if ($pppsettings{'TYPE'} ne 'isdn') { -print < - $Lang::tr{'persistent'} - - - $Lang::tr{'backupprofile'}: - - - - $Lang::tr{'holdoff'}: - - - - $Lang::tr{'maximum retries'} - - -END -; - -if ($pppsettings{'TYPE'} eq 'pptp') -{ -print <

    - - $Lang::tr{'pptp settings'} - - - $Lang::tr{'phonebook entry'} - - - - - $Lang::tr{'static ip'} - $Lang::tr{'router ip'} - - - - $Lang::tr{'dhcp mode'} - $Lang::tr{'hostname'}: * - - -END -; -} -if ($pppsettings{'TYPE'} =~ /^(pppoeatm)$/) -{ - -print < - $Lang::tr{'adsl settings'}: - - - $Lang::tr{'encapsulation'}: - - - - - - - $Lang::tr{'vpi number'} - - $Lang::tr{'vci number'} - - -END -; -} - - -if ($pppsettings{'TYPE'} eq 'pppoe' || $pppsettings{'TYPE'} eq 'pppoeatm') -{ -print <

    - - $Lang::tr{'pppoe settings'} - - - PPPoE plugin - $Lang::tr{'service name'} * - - - - $Lang::tr{'pppoe'} - $Lang::tr{'concentrator name'} * - - - - MTU - - - -END -; -} - -print <

    - - $Lang::tr{'authentication'} - - - $Lang::tr{'username'} - - $Lang::tr{'password'} - - - - $Lang::tr{'method'} - - -

    - - DNS: - - - $Lang::tr{'automatic'} - - - $Lang::tr{'manual'} - - - $Lang::tr{'primary dns'} - - $Lang::tr{'secondary dns'} - - -




    - - $Lang::tr{'profile name'} - - - - - - - - $Lang::tr{'legend'}: - * $Lang::tr{'this field may be blank'} - - -END -; -&Header::closebox(); -} - -print "\n"; - -&Header::closebigbox(); - -&Header::closepage(); - -sub updatesettings -{ - # make a link from the selected profile to the "default" one. - unlink("${General::swroot}/ppp/settings"); - link("${General::swroot}/ppp/settings-$pppsettings{'PROFILE'}", - "${General::swroot}/ppp/settings"); - system ("/usr/bin/touch", "${General::swroot}/ppp/updatesettings"); -} - -sub writesecrets -{ - # write secrets file. - open(FILE, ">/${General::swroot}/ppp/secrets") or die "Unable to write secrets file."; - flock(FILE, 2); - my $username = $pppsettings{'USERNAME'}; - my $password = $pppsettings{'PASSWORD'}; - print FILE "'$username' * '$password'\n"; - chmod 0600, "${General::swroot}/ppp/secrets"; - close FILE; -} - -sub initprofile -{ - $pppsettings{'PROFILENAME'} = $Lang::tr{'unnamed'}; - $pppsettings{'COMPORT'} = 'ttyS0'; - $pppsettings{'DTERATE'} = 115200; - $pppsettings{'SPEAKER'} = 'off'; - $pppsettings{'RECONNECTION'} = 'persistent'; - $pppsettings{'DIALONDEMANDDNS'} = 'off'; - $pppsettings{'AUTOCONNECT'} = 'on'; - $pppsettings{'SENDCR'} = 'off'; - $pppsettings{'USEIBOD'} = 'off'; - $pppsettings{'USEDOV'} = 'off'; - $pppsettings{'MODEM'} = 'PCIST'; - $pppsettings{'LINE'} = 'WO'; - $pppsettings{'ENCAP'} = '0'; - $pppsettings{'VPI'} = '1'; - $pppsettings{'VCI'} = '32'; - $pppsettings{'PHONEBOOK'} = 'RELAY_PPP1'; - $pppsettings{'PROTOCOL'} = 'RFC2364'; - $pppsettings{'METHOD'} = 'PPPOE_PLUGIN'; - if ( $pppsettings{'METHOD'} eq 'PPPOE_PLUGIN' ) { - $pppsettings{'MTU'} = '1492'; - $pppsettings{'MRU'} = '1492'; - } else { - $pppsettings{'MTU'} = '1452'; - $pppsettings{'MRU'} = '1452'; - } - $pppsettings{'DIALMODE'} = 'T'; - $pppsettings{'MAXRETRIES'} = 5; - $pppsettings{'HOLDOFF'} = 30; - $pppsettings{'TIMEOUT'} = 15; - $pppsettings{'MODULATION'} = 'AUTO'; - $pppsettings{'AUTH'} = 'pap-or-chap'; - $pppsettings{'DNS'} = 'Automatic'; - $pppsettings{'DEBUG'} = 'off'; - $pppsettings{'BACKUPPROFILE'} = $pppsettings{'PROFILE'}; - - # Get PPPoE settings so we can see if PPPoE is enabled or not. - &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - - # empty profile partial pre-initialization - if ($netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/) { - $pppsettings{'TYPE'}=lc($netsettings{'RED_TYPE'}); - } else { - $pppsettings{'TYPE'}='modem'; - } -} - diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi deleted file mode 100644 index dc46ca56a..000000000 --- a/html/cgi-bin/proxy.cgi +++ /dev/null @@ -1,3774 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my @squidversion = `/usr/sbin/squid -v`; -my $http_port='81'; -my $https_port='444'; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -my %proxysettings=(); -my %netsettings=(); -my %filtersettings=(); -my %xlratorsettings=(); -my %stdproxysettings=(); -my %mainsettings=(); - -my %checked=(); -my %selected=(); - -my @throttle_limits=(64,128,256,384,512,1024,2048,3072,5120); -my $throttle_binary="bin|cab|exe|gz|rar|sea|tar|tgz|zip"; -my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi"; -my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|qt|ra?m"; - -my $def_ports_safe="80 # http\n21 # ftp\n443 # https\n563 # snews\n70 # gopher\n210 # wais\n1025-65535 # unregistered ports\n280 # http-mgmt\n488 # gss-http\n591 # filemaker\n777 # multiling http\n800 # Squids port (for icons)\n"; -my $def_ports_ssl="443 # https\n563 # snews\n"; - -my @useragent=(); -my @useragentlist=(); - -my $hintcolour='#FFFFCC'; -my $ncsa_buttontext=''; -my $language=''; -my $i=0; -my $n=0; -my $id=0; -my $line=''; -my $user=''; -my @userlist=(); -my @grouplist=(); -my @temp=(); -my @templist=(); - -my $cachemem=0; -my $proxy1=''; -my $proxy2=''; -my $replybodymaxsize=0; -my $browser_regexp=''; -my $needhup = 0; -my $errormessage=''; - -my $acldir = "${General::swroot}/proxy/advanced/acls"; -my $ncsadir = "${General::swroot}/proxy/advanced/ncsa"; -my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm"; -my $raddir = "${General::swroot}/proxy/advanced/radius"; -my $identdir = "${General::swroot}/proxy/advanced/ident"; -my $credir = "${General::swroot}/proxy/advanced/cre"; - -my $userdb = "$ncsadir/passwd"; -my $stdgrp = "$ncsadir/standard.grp"; -my $extgrp = "$ncsadir/extended.grp"; -my $disgrp = "$ncsadir/disabled.grp"; - -my $browserdb = "${General::swroot}/proxy/advanced/useragents"; -my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes"; -my $throttled_urls = "${General::swroot}/proxy/advanced/throttle"; - -my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable"; -my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms"; -my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors"; - -my $identhosts = "$identdir/hosts"; - -my $authdir = "/usr/lib/squid/auth"; -my $errordir = "/usr/lib/squid/errors"; - -my $acl_src_subnets = "$acldir/src_subnets.acl"; -my $acl_src_banned_ip = "$acldir/src_banned_ip.acl"; -my $acl_src_banned_mac = "$acldir/src_banned_mac.acl"; -my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl"; -my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl"; -my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl"; -my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl"; -my $acl_dst_nocache = "$acldir/dst_nocache.acl"; -my $acl_dst_noauth = "$acldir/dst_noauth.acl"; -my $acl_dst_throttle = "$acldir/dst_throttle.acl"; -my $acl_ports_safe = "$acldir/ports_safe.acl"; -my $acl_ports_ssl = "$acldir/ports_ssl.acl"; -my $acl_include = "$acldir/include.acl"; - -my $updaccelversion = 'n/a'; -my $urlfilterversion = 'n/a'; - -unless (-d "$acldir") { mkdir("$acldir"); } -unless (-d "$ncsadir") { mkdir("$ncsadir"); } -unless (-d "$ntlmdir") { mkdir("$ntlmdir"); } -unless (-d "$raddir") { mkdir("$raddir"); } -unless (-d "$identdir") { mkdir("$identdir"); } -unless (-d "$credir") { mkdir("$credir"); } - -unless (-e $cre_groups) { system("touch $cre_groups"); } -unless (-e $cre_svhosts) { system("touch $cre_svhosts"); } - -unless (-e $userdb) { system("touch $userdb"); } -unless (-e $stdgrp) { system("touch $stdgrp"); } -unless (-e $extgrp) { system("touch $extgrp"); } -unless (-e $disgrp) { system("touch $disgrp"); } - -unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); } -unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); } -unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); } -unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); } -unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); } -unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); } -unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); } -unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); } -unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); } -unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); } -unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); } -unless (-e $acl_ports_ssl) { system("touch $acl_ports_ssl"); } -unless (-e $acl_include) { system("touch $acl_include"); } - -unless (-e $browserdb) { system("touch $browserdb"); } -unless (-e $mimetypes) { system("touch $mimetypes"); } - -open FILE, $browserdb; -@useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,; -close(FILE); - -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); - -$filtersettings{'CHILDREN'} = '5'; -if (-e "${General::swroot}/urlfilter/settings") { - &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings); -} - -$xlratorsettings{'CHILDREN'} = '5'; -if (-e "${General::swroot}/updatexlrator/settings") { - &General::readhash("${General::swroot}/updatexlrator/settings", \%xlratorsettings); -} - -&Header::showhttpheaders(); - -$proxysettings{'ACTION'} = ''; -$proxysettings{'VALID'} = ''; - -$proxysettings{'ENABLE'} = 'off'; -$proxysettings{'ENABLE_BLUE'} = 'off'; -$proxysettings{'TRANSPARENT'} = 'off'; -$proxysettings{'TRANSPARENT_BLUE'} = 'off'; -$proxysettings{'PROXY_PORT'} = '800'; -$proxysettings{'VISIBLE_HOSTNAME'} = ''; -$proxysettings{'ADMIN_MAIL_ADDRESS'} = ''; -$proxysettings{'ERR_LANGUAGE'} = 'German'; -$proxysettings{'ERR_DESIGN'} = 'ipfire'; -$proxysettings{'SUPPRESS_VERSION'} = 'off'; -$proxysettings{'FORWARD_VIA'} = 'off'; -$proxysettings{'FORWARD_IPADDRESS'} = 'off'; -$proxysettings{'FORWARD_USERNAME'} = 'off'; -$proxysettings{'NO_CONNECTION_AUTH'} = 'off'; -$proxysettings{'UPSTREAM_PROXY'} = ''; -$proxysettings{'UPSTREAM_USER'} = ''; -$proxysettings{'UPSTREAM_PASSWORD'} = ''; -$proxysettings{'LOGGING'} = 'off'; -$proxysettings{'LOGQUERY'} = 'off'; -$proxysettings{'LOGUSERAGENT'} = 'off'; -$proxysettings{'CACHE_MEM'} = '2'; -$proxysettings{'CACHE_SIZE'} = '50'; -$proxysettings{'MAX_SIZE'} = '4096'; -$proxysettings{'MIN_SIZE'} = '0'; -$proxysettings{'MEM_POLICY'} = 'LRU'; -$proxysettings{'CACHE_POLICY'} = 'LRU'; -$proxysettings{'L1_DIRS'} = '16'; -$proxysettings{'OFFLINE_MODE'} = 'off'; -$proxysettings{'CLASSROOM_EXT'} = 'off'; -$proxysettings{'SUPERVISOR_PASSWORD'} = ''; -$proxysettings{'NO_PROXY_LOCAL'} = 'off'; -$proxysettings{'NO_PROXY_LOCAL_BLUE'} = 'off'; -$proxysettings{'TIME_ACCESS_MODE'} = 'allow'; -$proxysettings{'TIME_FROM_HOUR'} = '00'; -$proxysettings{'TIME_FROM_MINUTE'} = '00'; -$proxysettings{'TIME_TO_HOUR'} = '24'; -$proxysettings{'TIME_TO_MINUTE'} = '00'; -$proxysettings{'MAX_OUTGOING_SIZE'} = '0'; -$proxysettings{'MAX_INCOMING_SIZE'} = '0'; -$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited'; -$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited'; -$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited'; -$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited'; -$proxysettings{'THROTTLE_BINARY'} = 'off'; -$proxysettings{'THROTTLE_DSKIMG'} = 'off'; -$proxysettings{'THROTTLE_MMEDIA'} = 'off'; -$proxysettings{'ENABLE_MIME_FILTER'} = 'off'; -$proxysettings{'ENABLE_BROWSER_CHECK'} = 'off'; -$proxysettings{'FAKE_USERAGENT'} = ''; -$proxysettings{'FAKE_REFERER'} = ''; -$proxysettings{'AUTH_METHOD'} = 'none'; -$proxysettings{'AUTH_REALM'} = ''; -$proxysettings{'AUTH_MAX_USERIP'} = ''; -$proxysettings{'AUTH_CACHE_TTL'} = '60'; -$proxysettings{'AUTH_IPCACHE_TTL'} = '0'; -$proxysettings{'AUTH_CHILDREN'} = '5'; -$proxysettings{'NCSA_MIN_PASS_LEN'} = '6'; -$proxysettings{'NCSA_BYPASS_REDIR'} = 'off'; -$proxysettings{'NCSA_USERNAME'} = ''; -$proxysettings{'NCSA_GROUP'} = ''; -$proxysettings{'NCSA_PASS'} = ''; -$proxysettings{'NCSA_PASS_CONFIRM'} = ''; -$proxysettings{'LDAP_BASEDN'} = ''; -$proxysettings{'LDAP_TYPE'} = 'ADS'; -$proxysettings{'LDAP_SERVER'} = ''; -$proxysettings{'LDAP_PORT'} = '389'; -$proxysettings{'LDAP_BINDDN_USER'} = ''; -$proxysettings{'LDAP_BINDDN_PASS'} = ''; -$proxysettings{'LDAP_GROUP'} = ''; -$proxysettings{'NTLM_DOMAIN'} = ''; -$proxysettings{'NTLM_PDC'} = ''; -$proxysettings{'NTLM_BDC'} = ''; -$proxysettings{'NTLM_ENABLE_ACL'} = 'off'; -$proxysettings{'NTLM_USER_ACL'} = 'positive'; -$proxysettings{'RADIUS_SERVER'} = ''; -$proxysettings{'RADIUS_PORT'} = '1812'; -$proxysettings{'RADIUS_IDENTIFIER'} = ''; -$proxysettings{'RADIUS_SECRET'} = ''; -$proxysettings{'RADIUS_ENABLE_ACL'} = 'off'; -$proxysettings{'RADIUS_USER_ACL'} = 'positive'; -$proxysettings{'IDENT_REQUIRED'} = 'off'; -$proxysettings{'IDENT_TIMEOUT'} = '10'; -$proxysettings{'IDENT_ENABLE_ACL'} = 'off'; -$proxysettings{'IDENT_USER_ACL'} = 'positive'; -$proxysettings{'ENABLE_FILTER'} = 'off'; -$proxysettings{'ENABLE_UPDXLRATOR'} = 'off'; - -$ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'}; - -&Header::getcgihash(\%proxysettings); - -if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';} -if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';} -if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';} -if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';} - -if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'}) -{ - $proxysettings{'NCSA_EDIT_MODE'} = 'yes'; -} - -if ($proxysettings{'ACTION'} eq $Lang::tr{'add'}) -{ - $proxysettings{'NCSA_EDIT_MODE'} = 'yes'; - if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) { - $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'}; - } - if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) { - $errormessage = $Lang::tr{'advproxy errmsg passwords different'}; - } - if ($proxysettings{'NCSA_USERNAME'} eq '') { - $errormessage = $Lang::tr{'advproxy errmsg no username'}; - } - if (!$errormessage) { - $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/; - &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'}); - } - $proxysettings{'NCSA_USERNAME'} = ''; - $proxysettings{'NCSA_GROUP'} = ''; - $proxysettings{'NCSA_PASS'} = ''; - $proxysettings{'NCSA_PASS_CONFIRM'} = ''; -} - -if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'}) -{ - $proxysettings{'NCSA_EDIT_MODE'} = 'yes'; - &deluser($proxysettings{'ID'}); -} - -$checked{'ENABLE_UPDXLRATOR'}{'off'} = ''; -$checked{'ENABLE_UPDXLRATOR'}{'on'} = ''; -$checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'"; - -if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) -{ - $proxysettings{'NCSA_EDIT_MODE'} = 'yes'; - $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'}; - @temp = split(/:/,$proxysettings{'ID'}); - $proxysettings{'NCSA_USERNAME'} = $temp[0]; - $proxysettings{'NCSA_GROUP'} = $temp[1]; - $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE"; - $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'}; -} - -if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'})) -{ - if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ || - $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ || - $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ || - $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) { - $errormessage = $Lang::tr{'invalid input'}; - goto ERROR; - } - if (!(&General::validport($proxysettings{'PROXY_PORT'}))) - { - $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'}; - goto ERROR; - } - if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) || - ($proxysettings{'CACHE_SIZE'} < 10)) - { - $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'}; - goto ERROR; - } - if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) || - ($proxysettings{'CACHE_MEM'} < 1)) - { - $errormessage = $Lang::tr{'advproxy errmsg mem cache size'}; - goto ERROR; - } - my @free = `/usr/bin/free`; - $free[1] =~ m/(\d+)/; - $cachemem = int $1 / 2048; - if ($proxysettings{'CACHE_MEM'} > $cachemem) { - $proxysettings{'CACHE_MEM'} = $cachemem; - } - if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/)) - { - $errormessage = $Lang::tr{'invalid maximum object size'}; - goto ERROR; - } - if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/)) - { - $errormessage = $Lang::tr{'invalid minimum object size'}; - goto ERROR; - } - if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/)) - { - $errormessage = $Lang::tr{'invalid maximum outgoing size'}; - goto ERROR; - } - if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'})) - { - $errormessage = $Lang::tr{'advproxy errmsg time restriction'}; - goto ERROR; - } - if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/)) - { - $errormessage = $Lang::tr{'invalid maximum incoming size'}; - goto ERROR; - } - if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') - { - $browser_regexp = ''; - foreach (@useragentlist) - { - chomp; - @useragent = split(/,/); - if ($proxysettings{'UA_'.$useragent[0]} eq 'on') { $browser_regexp .= "$useragent[2]|"; } - } - chop($browser_regexp); - if (!$browser_regexp) - { - $errormessage = $Lang::tr{'advproxy errmsg no browser'}; - goto ERROR; - } - } - if (!($proxysettings{'AUTH_METHOD'} eq 'none')) - { - unless (($proxysettings{'AUTH_METHOD'} eq 'ident') && - ($proxysettings{'IDENT_REQUIRED'} eq 'off') && - ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off')) - { - if ($netsettings{'BLUE_DEV'}) - { - if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) && - (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on'))) - { - $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'}; - goto ERROR; - } - } else { - if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) - { - $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'}; - goto ERROR; - } - } - } - if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && - ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255))) - { - $errormessage = $Lang::tr{'advproxy errmsg max userip'}; - goto ERROR; - } - if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/)) - { - $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'}; - goto ERROR; - } - if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/)) - { - $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'}; - goto ERROR; - } - if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) - { - $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'}; - goto ERROR; - } - if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255)) - { - $errormessage = $Lang::tr{'advproxy errmsg auth children'}; - goto ERROR; - } - } - if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') - { - if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255)) - { - $errormessage = $Lang::tr{'advproxy errmsg password length'}; - goto ERROR; - } - } - if ($proxysettings{'AUTH_METHOD'} eq 'ident') - { - if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1)) - { - $errormessage = $Lang::tr{'advproxy errmsg ident timeout'}; - goto ERROR; - } - } - if ($proxysettings{'AUTH_METHOD'} eq 'ldap') - { - if ($proxysettings{'LDAP_BASEDN'} eq '') - { - $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'}; - goto ERROR; - } - if (!&General::validip($proxysettings{'LDAP_SERVER'})) - { - $errormessage = $Lang::tr{'advproxy errmsg ldap server'}; - goto ERROR; - } - if (!&General::validport($proxysettings{'LDAP_PORT'})) - { - $errormessage = $Lang::tr{'advproxy errmsg ldap port'}; - goto ERROR; - } - if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS')) - { - if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq '')) - { - $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'}; - goto ERROR; - } - } - } - if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') - { - if ($proxysettings{'NTLM_DOMAIN'} eq '') - { - $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'}; - goto ERROR; - } - if ($proxysettings{'NTLM_PDC'} eq '') - { - $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'}; - goto ERROR; - } - if (!&General::validhostname($proxysettings{'NTLM_PDC'})) - { - $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'}; - goto ERROR; - } - if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'}))) - { - $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'}; - goto ERROR; - } - } - if ($proxysettings{'AUTH_METHOD'} eq 'radius') - { - if (!&General::validip($proxysettings{'RADIUS_SERVER'})) - { - $errormessage = $Lang::tr{'advproxy errmsg radius server'}; - goto ERROR; - } - if (!&General::validport($proxysettings{'RADIUS_PORT'})) - { - $errormessage = $Lang::tr{'advproxy errmsg radius port'}; - goto ERROR; - } - if ($proxysettings{'RADIUS_SECRET'} eq '') - { - $errormessage = $Lang::tr{'advproxy errmsg radius secret'}; - goto ERROR; - } - } - - # Quick parent proxy error checking of username and password info. If username password don't both exist give an error. - $proxy1 = 'YES'; - $proxy2 = 'YES'; - if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';} - if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';} - if ($proxysettings{'UPSTREAM_USER'} eq 'PASS') {$proxy1=$proxy2='PASS'; $proxysettings{'UPSTREAM_PASSWORD'} = '';} - if (($proxy1 ne $proxy2)) - { - $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'}; - goto ERROR; - } - -ERROR: - &check_acls; - - if ($errormessage) { - $proxysettings{'VALID'} = 'no'; } - else { - $proxysettings{'VALID'} = 'yes'; } - - if ($proxysettings{'VALID'} eq 'yes') - { - &write_acls; - - delete $proxysettings{'SRC_SUBNETS'}; - delete $proxysettings{'SRC_BANNED_IP'}; - delete $proxysettings{'SRC_BANNED_MAC'}; - delete $proxysettings{'SRC_UNRESTRICTED_IP'}; - delete $proxysettings{'SRC_UNRESTRICTED_MAC'}; - delete $proxysettings{'DST_NOCACHE'}; - delete $proxysettings{'DST_NOAUTH'}; - delete $proxysettings{'PORTS_SAFE'}; - delete $proxysettings{'PORTS_SSL'}; - delete $proxysettings{'MIME_TYPES'}; - delete $proxysettings{'NTLM_ALLOW_USERS'}; - delete $proxysettings{'NTLM_DENY_USERS'}; - delete $proxysettings{'RADIUS_ALLOW_USERS'}; - delete $proxysettings{'RADIUS_DENY_USERS'}; - delete $proxysettings{'IDENT_HOSTS'}; - delete $proxysettings{'IDENT_ALLOW_USERS'}; - delete $proxysettings{'IDENT_DENY_USERS'}; - - delete $proxysettings{'CRE_GROUPS'}; - delete $proxysettings{'CRE_SVHOSTS'}; - - delete $proxysettings{'NCSA_USERNAME'}; - delete $proxysettings{'NCSA_GROUP'}; - delete $proxysettings{'NCSA_PASS'}; - delete $proxysettings{'NCSA_PASS_CONFIRM'}; - - $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'}; - $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'}; - $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'}; - $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'}; - $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'}; - $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'}; - $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'}; - - $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'}; - $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'}; - - &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings); - - if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); } - $stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'}; - $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'}; - $stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'}; - &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings); - - &writeconfig; - &writepacfile; - - system ('/usr/local/bin/squidctrl', 'disable'); - unlink "${General::swroot}/proxy/enable"; - unlink "${General::swroot}/proxy/transparent"; - unlink "${General::swroot}/proxy/enable_blue"; - unlink "${General::swroot}/proxy/transparent_blue"; - - if ($proxysettings{'ENABLE'} eq 'on') { - system ('/usr/bin/touch', "${General::swroot}/proxy/enable"); - system ('/usr/local/bin/squidctrl', 'enable'); } - if ($proxysettings{'TRANSPARENT'} eq 'on') { - system ('/usr/bin/touch', "${General::swroot}/proxy/transparent"); } - if ($proxysettings{'ENABLE_BLUE'} eq 'on') { - system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue"); - system ('/usr/local/bin/squidctrl', 'enable'); } - if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') { - system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); } - - if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); } - } -} - -if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'}) -{ - system('/usr/local/bin/squidctrl flush >/dev/null 2>&1'); -} - -if (!$errormessage) -{ - if (-e "${General::swroot}/proxy/advanced/settings") { - &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings); - } elsif (-e "${General::swroot}/proxy/settings") { - &General::readhash("${General::swroot}/proxy/settings", \%proxysettings); - } - &read_acls; -} - -$checked{'ENABLE'}{'off'} = ''; -$checked{'ENABLE'}{'on'} = ''; -$checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'"; - -$checked{'TRANSPARENT'}{'off'} = ''; -$checked{'TRANSPARENT'}{'on'} = ''; -$checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'"; - -$checked{'ENABLE_BLUE'}{'off'} = ''; -$checked{'ENABLE_BLUE'}{'on'} = ''; -$checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'"; - -$checked{'TRANSPARENT_BLUE'}{'off'} = ''; -$checked{'TRANSPARENT_BLUE'}{'on'} = ''; -$checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'"; - -$checked{'SUPPRESS_VERSION'}{'off'} = ''; -$checked{'SUPPRESS_VERSION'}{'on'} = ''; -$checked{'SUPPRESS_VERSION'}{$proxysettings{'SUPPRESS_VERSION'}} = "checked='checked'"; - -$checked{'FORWARD_IPADDRESS'}{'off'} = ''; -$checked{'FORWARD_IPADDRESS'}{'on'} = ''; -$checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'"; -$checked{'FORWARD_USERNAME'}{'off'} = ''; -$checked{'FORWARD_USERNAME'}{'on'} = ''; -$checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'"; -$checked{'FORWARD_VIA'}{'off'} = ''; -$checked{'FORWARD_VIA'}{'on'} = ''; -$checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'"; -$checked{'NO_CONNECTION_AUTH'}{'off'} = ''; -$checked{'NO_CONNECTION_AUTH'}{'on'} = ''; -$checked{'NO_CONNECTION_AUTH'}{$proxysettings{'NO_CONNECTION_AUTH'}} = "checked='checked'"; - -$selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'"; -$selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'"; -$selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'"; -$checked{'OFFLINE_MODE'}{'off'} = ''; -$checked{'OFFLINE_MODE'}{'on'} = ''; -$checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'"; - -$checked{'LOGGING'}{'off'} = ''; -$checked{'LOGGING'}{'on'} = ''; -$checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'"; -$checked{'LOGQUERY'}{'off'} = ''; -$checked{'LOGQUERY'}{'on'} = ''; -$checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'"; -$checked{'LOGUSERAGENT'}{'off'} = ''; -$checked{'LOGUSERAGENT'}{'on'} = ''; -$checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'"; - -$selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'"; -$selected{'ERR_DESIGN'}{$proxysettings{'ERR_DESIGN'}} = "selected='selected'"; - -$checked{'NO_PROXY_LOCAL'}{'off'} = ''; -$checked{'NO_PROXY_LOCAL'}{'on'} = ''; -$checked{'NO_PROXY_LOCAL'}{$proxysettings{'NO_PROXY_LOCAL'}} = "checked='checked'"; -$checked{'NO_PROXY_LOCAL_BLUE'}{'off'} = ''; -$checked{'NO_PROXY_LOCAL_BLUE'}{'on'} = ''; -$checked{'NO_PROXY_LOCAL_BLUE'}{$proxysettings{'NO_PROXY_LOCAL_BLUE'}} = "checked='checked'"; - -$checked{'CLASSROOM_EXT'}{'off'} = ''; -$checked{'CLASSROOM_EXT'}{'on'} = ''; -$checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'"; - -$selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'"; -$selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'"; -$selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'"; -$selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'"; -$selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'"; - -$proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'}; -$proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'}; -$proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'}; -$proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'}; -$proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'}; -$proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'}; -$proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'}; - -$checked{'TIME_MON'}{'off'} = ''; -$checked{'TIME_MON'}{'on'} = ''; -$checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'"; -$checked{'TIME_TUE'}{'off'} = ''; -$checked{'TIME_TUE'}{'on'} = ''; -$checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'"; -$checked{'TIME_WED'}{'off'} = ''; -$checked{'TIME_WED'}{'on'} = ''; -$checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'"; -$checked{'TIME_THU'}{'off'} = ''; -$checked{'TIME_THU'}{'on'} = ''; -$checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'"; -$checked{'TIME_FRI'}{'off'} = ''; -$checked{'TIME_FRI'}{'on'} = ''; -$checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'"; -$checked{'TIME_SAT'}{'off'} = ''; -$checked{'TIME_SAT'}{'on'} = ''; -$checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'"; -$checked{'TIME_SUN'}{'off'} = ''; -$checked{'TIME_SUN'}{'on'} = ''; -$checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'"; - -$selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'"; -$selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'"; -$selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'"; -$selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'"; - -$checked{'THROTTLE_BINARY'}{'off'} = ''; -$checked{'THROTTLE_BINARY'}{'on'} = ''; -$checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'"; -$checked{'THROTTLE_DSKIMG'}{'off'} = ''; -$checked{'THROTTLE_DSKIMG'}{'on'} = ''; -$checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'"; -$checked{'THROTTLE_MMEDIA'}{'off'} = ''; -$checked{'THROTTLE_MMEDIA'}{'on'} = ''; -$checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'"; - -$checked{'ENABLE_MIME_FILTER'}{'off'} = ''; -$checked{'ENABLE_MIME_FILTER'}{'on'} = ''; -$checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'"; - -$checked{'ENABLE_BROWSER_CHECK'}{'off'} = ''; -$checked{'ENABLE_BROWSER_CHECK'}{'on'} = ''; -$checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'"; - -foreach (@useragentlist) { - @useragent = split(/,/); - $checked{'UA_'.$useragent[0]}{'off'} = ''; - $checked{'UA_'.$useragent[0]}{'on'} = ''; - $checked{'UA_'.$useragent[0]}{$proxysettings{'UA_'.$useragent[0]}} = "checked='checked'"; -} - -$checked{'AUTH_METHOD'}{'none'} = ''; -$checked{'AUTH_METHOD'}{'ncsa'} = ''; -$checked{'AUTH_METHOD'}{'ident'} = ''; -$checked{'AUTH_METHOD'}{'ldap'} = ''; -$checked{'AUTH_METHOD'}{'ntlm'} = ''; -$checked{'AUTH_METHOD'}{'radius'} = ''; -$checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'"; - -$proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'}; - -$checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = ''; -$checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = ''; -$checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'"; - -$checked{'NCSA_BYPASS_REDIR'}{'off'} = ''; -$checked{'NCSA_BYPASS_REDIR'}{'on'} = ''; -$checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'"; - -$selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'"; - -$selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'"; - -$proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'}; - -$checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = ''; -$checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = ''; -$checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'"; - -$checked{'NTLM_ENABLE_ACL'}{'off'} = ''; -$checked{'NTLM_ENABLE_ACL'}{'on'} = ''; -$checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'"; - -$checked{'NTLM_USER_ACL'}{'positive'} = ''; -$checked{'NTLM_USER_ACL'}{'negative'} = ''; -$checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'"; - -$checked{'RADIUS_ENABLE_ACL'}{'off'} = ''; -$checked{'RADIUS_ENABLE_ACL'}{'on'} = ''; -$checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'"; - -$checked{'RADIUS_USER_ACL'}{'positive'} = ''; -$checked{'RADIUS_USER_ACL'}{'negative'} = ''; -$checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'"; - -$checked{'IDENT_REQUIRED'}{'off'} = ''; -$checked{'IDENT_REQUIRED'}{'on'} = ''; -$checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'"; - -$checked{'IDENT_ENABLE_ACL'}{'off'} = ''; -$checked{'IDENT_ENABLE_ACL'}{'on'} = ''; -$checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'"; - -$checked{'IDENT_USER_ACL'}{'positive'} = ''; -$checked{'IDENT_USER_ACL'}{'negative'} = ''; -$checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'"; - -$checked{'ENABLE_FILTER'}{'off'} = ''; -$checked{'ENABLE_FILTER'}{'on'} = ''; -$checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'"; - -$checked{'ENABLE_UPDXLRATOR'}{'off'} = ''; -$checked{'ENABLE_UPDXLRATOR'}{'on'} = ''; -$checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'"; - -&Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, ''); - -&Header::openbigbox('100%', 'left', '', $errormessage); - -if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); -} - -if ($squidversion[0] =~ /^Squid\sCache:\sVersion\s/i) -{ - $squidversion[0] =~ s/^Squid\sCache:\sVersion//i; - $squidversion[0] =~ s/^\s+//g; - $squidversion[0] =~ s/\s+$//g; -} else { - $squidversion[0] = $Lang::tr{'advproxy unknown'}; -} - -# =================================================================== -# Main settings -# =================================================================== - -unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') { - -print "
    \n"; - -&Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}"); - -print < - - $Lang::tr{'advproxy common settings'} - - - $Lang::tr{'advproxy enabled on'} Green: - - $Lang::tr{'advproxy proxy port'}: - - - - $Lang::tr{'advproxy transparent on'} Green: - - $Lang::tr{'advproxy visible hostname'}: * - - - -END -; -if ($netsettings{'BLUE_DEV'}) { - print "$Lang::tr{'advproxy enabled on'} Blue:"; - print ""; -} else { - print " "; -} -print <$Lang::tr{'advproxy admin mail'}: * - - - -END -; -if ($netsettings{'BLUE_DEV'}) { - print "$Lang::tr{'advproxy transparent on'} Blue:"; - print ""; -} else { - print " "; -} -print <$Lang::tr{'advproxy error language'}: - - - $Lang::tr{'advproxy error design'}: - - - - $Lang::tr{'advproxy squid version'}: -  [ $squidversion[0] ] -   -   - - -
    - - - - - -
    $Lang::tr{'advproxy url filter'} $Lang::tr{'advproxy enabled'}$Lang::tr{'advproxy update accelerator'} $Lang::tr{'advproxy enabled'}
    -
    - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy upstream proxy'}
    $Lang::tr{'advproxy via forwarding'}:$Lang::tr{'advproxy upstream proxy host:port'}*
    $Lang::tr{'advproxy client IP forwarding'}:$Lang::tr{'advproxy upstream username'}*
    $Lang::tr{'advproxy username forwarding'}: - $Lang::tr{'advproxy upstream password'}:*
    $Lang::tr{'advproxy no connection auth'}:
    -
    - - - - - - - - - -
    $Lang::tr{'advproxy log settings'}
    $Lang::tr{'advproxy log enabled'}:$Lang::tr{'advproxy log query'}:$Lang::tr{'advproxy log useragent'}:
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy cache management'}
    $Lang::tr{'advproxy ram cache size'}:$Lang::tr{'advproxy hdd cache size'}:
    $Lang::tr{'advproxy min size'}:$Lang::tr{'advproxy max size'}:
    $Lang::tr{'advproxy number of L1 dirs'}: - - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy no cache sites'}: *
    -
    $Lang::tr{'advproxy memory replacement policy'}:
    $Lang::tr{'advproxy cache replacement policy'}:
     
    $Lang::tr{'advproxy offline mode'}:
    -
    - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy destination ports'}
    $Lang::tr{'advproxy standard ports'}:$Lang::tr{'advproxy ssl ports'}:
    -
    - - - - - - - - - - - - -END -; - -$line = $Lang::tr{'advproxy no internal proxy on green'}; -$line =~ s/Green/Green<\/font>/i; -print "\n"; -print < - -END -; -if ($netsettings{'BLUE_DEV'}) { - $line = $Lang::tr{'advproxy no internal proxy on blue'}; - $line =~ s/Blue/Blue<\/font>/i; - print "\n"; - print "\n"; - print < - -END -; -} -print < - - - - - -
    $Lang::tr{'advproxy network based access'}
    $Lang::tr{'advproxy allowed subnets'}:
    $line:
    $line:
     
     
    - - - - - - - - - - - - -
    $Lang::tr{'advproxy unrestricted ip clients'}: *$Lang::tr{'advproxy unrestricted mac clients'}: *
    - - - - - - - - - - - - -
    $Lang::tr{'advproxy banned ip clients'}: *$Lang::tr{'advproxy banned mac clients'}: *
    - -
    - -END -; -# ------------------------------------------------------------------- -# CRE GUI - optional -# ------------------------------------------------------------------- - -if (-e $cre_enabled) { print < - - - $Lang::tr{'advproxy classroom extensions'} $Lang::tr{'advproxy enabled'}: - - - - - - -END -; -if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){ -print <$Lang::tr{'advproxy supervisor password'}: * - - - - $Lang::tr{'advproxy cre group definitions'}: - $Lang::tr{'advproxy cre supervisors'}: * -END -; -} -print ""; -if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){ -print < - - - -END -; -} -print "
    "; - -} else { - print < - - -END -; -} - -# ------------------------------------------------------------------- - -print < - - $Lang::tr{'advproxy time restrictions'} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy access'} $Lang::tr{'advproxy monday'}$Lang::tr{'advproxy tuesday'}$Lang::tr{'advproxy wednesday'}$Lang::tr{'advproxy thursday'}$Lang::tr{'advproxy friday'}$Lang::tr{'advproxy saturday'}$Lang::tr{'advproxy sunday'}  $Lang::tr{'advproxy from'} $Lang::tr{'advproxy to'} 
    - -    - : - - - : -
    -
    - - - - - - - - - - -
    $Lang::tr{'advproxy transfer limits'}
    $Lang::tr{'advproxy max download size'}:$Lang::tr{'advproxy max upload size'}:
    -
    - - - - - - - - - - -END -; - -if ($netsettings{'BLUE_DEV'}) { - print < - - - - - -END -; -} - -print < -
    $Lang::tr{'advproxy download throttling'}
    $Lang::tr{'advproxy throttling total on'} Green: - - $Lang::tr{'advproxy throttling per host on'} Green: - -
    $Lang::tr{'advproxy throttling total on'} Blue: - - $Lang::tr{'advproxy throttling per host on'} Blue: - -
    - - - - - - - - - - - - - -
    $Lang::tr{'advproxy content based throttling'}:
    $Lang::tr{'advproxy throttle binary'}:$Lang::tr{'advproxy throttle dskimg'}:$Lang::tr{'advproxy throttle mmedia'}:  
    -
    - - - - -END -; -if ( $proxysettings{'ENABLE_MIME_FILTER'} eq 'on' ){ -print < - - - - - - - - - -END -; -} -print < - -
    -
    $Lang::tr{'advproxy MIME filter'} $Lang::tr{'advproxy enabled'}:
    $Lang::tr{'advproxy MIME block types'}: *  
      
    - - - -END -; -if ( $proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on' ){ -print < - - -
    $Lang::tr{'advproxy web browser'} $Lang::tr{'advproxy UA enable filter'}:
    -END -; -if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; } -print <
    - -END -; - -for ($n=0; $n<=@useragentlist; $n = $n + $i) { - for ($i=0; $i<=3; $i++) { - if ($i eq 0) { print "\n"; } - if (($n+$i) < @useragentlist) { - @useragent = split(/,/,@useragentlist[$n+$i]); - print "\n"; - } - if ($i eq 3) { print "<\/tr>\n"; } - } -} -} -print < -
    -
    $useragent[1]:<\/td>\n"; - print "
    - - - - - - - - - - - -
    $Lang::tr{'advproxy privacy'}
    $Lang::tr{'advproxy fake useragent'}: *$Lang::tr{'advproxy fake referer'}: *
    -
    -END -; - -print < - - $Lang::tr{'advproxy AUTH method'} - - - $Lang::tr{'advproxy AUTH method none'} - $Lang::tr{'advproxy AUTH method ncsa'} - $Lang::tr{'advproxy AUTH method ident'} - $Lang::tr{'advproxy AUTH method ldap'} - $Lang::tr{'advproxy AUTH method ntlm'} - $Lang::tr{'advproxy AUTH method radius'} - - -END -; - -if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy AUTH global settings'}
    $Lang::tr{'advproxy AUTH number of auth processes'}: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy AUTH realm'}: *
    $Lang::tr{'advproxy AUTH no auth'}: *
    -
    $Lang::tr{'advproxy AUTH auth cache TTL'}:
    $Lang::tr{'advproxy AUTH limit of IP addresses'}: *
    $Lang::tr{'advproxy AUTH user IP cache TTL'}:
    $Lang::tr{'advproxy AUTH always required'}:
     
    -END -; -} - -# =================================================================== -# NCSA auth settings -# =================================================================== - -if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') { -print < - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy NCSA auth'}
    $Lang::tr{'advproxy NCSA min password length'}:$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':

     
      
    -END -; } - -# =================================================================== -# IDENTD auth settings -# =================================================================== - -if ($proxysettings{'AUTH_METHOD'} eq 'ident') { -print < - - - - - - - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy IDENT identd settings'}
    $Lang::tr{'advproxy IDENT required'}:$Lang::tr{'advproxy AUTH always required'}:
    $Lang::tr{'advproxy IDENT timeout'}:  
    $Lang::tr{'advproxy IDENT aware hosts'}:$Lang::tr{'advproxy AUTH no auth'}: *
    -
    - - - - - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy IDENT user based access restrictions'}
    $Lang::tr{'advproxy enabled'}:  
    - $Lang::tr{'advproxy IDENT use positive access list'}: - $Lang::tr{'advproxy IDENT use negative access list'}:
    $Lang::tr{'advproxy IDENT authorized users'}$Lang::tr{'advproxy IDENT unauthorized users'}
    -END -; } - -# =================================================================== -# NTLM auth settings -# =================================================================== - -if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { -print < - - - - - - - - - - - - -
    $Lang::tr{'advproxy NTLM domain settings'}
    $Lang::tr{'advproxy NTLM domain'}:$Lang::tr{'advproxy NTLM PDC hostname'}:$Lang::tr{'advproxy NTLM BDC hostname'}: *
    -
    - - - - - - - - - -
    $Lang::tr{'advproxy NTLM auth mode'}
    $Lang::tr{'advproxy NTLM use integrated auth'}: 
    -
    - - - - - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy NTLM user based access restrictions'}
    $Lang::tr{'advproxy enabled'}:  
    - $Lang::tr{'advproxy NTLM use positive access list'}: - $Lang::tr{'advproxy NTLM use negative access list'}:
    $Lang::tr{'advproxy NTLM authorized users'}$Lang::tr{'advproxy NTLM unauthorized users'}
    -END -; } - -# =================================================================== -# LDAP auth settings -# =================================================================== - -if ($proxysettings{'AUTH_METHOD'} eq 'ldap') { -print < - - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy LDAP common settings'}
    $Lang::tr{'advproxy LDAP basedn'}:$Lang::tr{'advproxy LDAP type'}:
    $Lang::tr{'advproxy LDAP server'}:$Lang::tr{'advproxy LDAP port'}:
    -
    - - - - - - - - - - -
    $Lang::tr{'advproxy LDAP binddn settings'}
    $Lang::tr{'advproxy LDAP binddn username'}:$Lang::tr{'advproxy LDAP binddn password'}:
    -
    - - - - - - - - - - -
    $Lang::tr{'advproxy LDAP group access control'}
    $Lang::tr{'advproxy LDAP group required'}: *  
    -END -; } - -# =================================================================== -# RADIUS auth settings -# =================================================================== - -if ($proxysettings{'AUTH_METHOD'} eq 'radius') { -print < - - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy RADIUS radius settings'}
    $Lang::tr{'advproxy RADIUS server'}:$Lang::tr{'advproxy RADIUS port'}:
    $Lang::tr{'advproxy RADIUS identifier'}: *$Lang::tr{'advproxy RADIUS secret'}:
    -
    - - - - - - - - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy RADIUS user based access restrictions'}
    $Lang::tr{'advproxy enabled'}:  
    - $Lang::tr{'advproxy RADIUS use positive access list'}: - $Lang::tr{'advproxy RADIUS use negative access list'}:
    $Lang::tr{'advproxy RADIUS authorized users'}$Lang::tr{'advproxy RADIUS unauthorized users'}
    -END -; } - -# =================================================================== - -} - -print "\n"; - -if ($proxysettings{'AUTH_METHOD'} eq 'none') { -print < - - - - - - -END -; } - -if ($proxysettings{'AUTH_METHOD'} eq 'ident') { -print < - - - - -END -; } - -if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) { -print < - -END -; } - -if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { -print < - - - - - - -END -; } - -if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) { -print < - - - - - - -END -; } - -if (!($proxysettings{'AUTH_METHOD'} eq 'ntlm')) { -print < - - - - - - - -END -; } - -if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) { -print < - - - - - - - -END -; } - -print "
    \n"; - -print < -END -; - -print < - -   - - - -   - - - -
    - - - - - -
    *  - $Lang::tr{'this field may be blank'} -  
    - -END -; - -&Header::closebox(); - -} else { - -# =================================================================== -# NCSA user management -# =================================================================== - -&Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}"); -print < - - - - - - - - - - - - - - - - - -
    $Lang::tr{'advproxy NCSA user management'}
    $Lang::tr{'advproxy NCSA username'}:$Lang::tr{'advproxy NCSA group'}: - -
    $Lang::tr{'advproxy NCSA password'}:$Lang::tr{'advproxy NCSA password confirm'}:
    -
    - - - - - - -END -; - if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { - print "\n"; - } - -print <  - - - -
      
    - -
    - - - - -
    $Lang::tr{'advproxy NCSA user accounts'}:
    - -END -; - -if (-e $extgrp) -{ - open(FILE, $extgrp); @grouplist = ; close(FILE); - foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); } -} -if (-e $stdgrp) -{ - open(FILE, $stdgrp); @grouplist = ; close(FILE); - foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); } -} -if (-e $disgrp) -{ - open(FILE, $disgrp); @grouplist = ; close(FILE); - foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); } -} - -@userlist = sort(@userlist); - -# If the password file contains entries, print entries and action icons - -if ( $userdb ne "" ) { - print < - - - - -END -; - $id = 0; - foreach $line (@userlist) - { - $id++; - chomp($line); - @temp = split(/:/,$line); - if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) { - print "\n"; } - elsif ($id % 2) { - print "\n"; } - else { - print "\n"; } - - print <$temp[0] - - - - -END -; - } - -print < -
    -
    $Lang::tr{'advproxy NCSA username'}$Lang::tr{'advproxy NCSA group membership'} 
    -END -; - if ($temp[1] eq 'standard') { - print $Lang::tr{'advproxy NCSA grp standard'}; - } elsif ($temp[1] eq 'extended') { - print $Lang::tr{'advproxy NCSA grp extended'}; - } elsif ($temp[1] eq 'disabled') { - print $Lang::tr{'advproxy NCSA grp disabled'}; } - print < - -
    - - - -
    -
    -
    - - - -
    -
    - - - - - - - -END -; -} else { - print < - - -END -; -} - -print < -END -; - -&Header::closebox(); - -} - -# =================================================================== - -&Header::closebigbox(); - -&Header::closepage(); - -# ------------------------------------------------------------------- - -sub read_acls -{ - if (-e "$acl_src_subnets") { - open(FILE,"$acl_src_subnets"); - delete $proxysettings{'SRC_SUBNETS'}; - while () { $proxysettings{'SRC_SUBNETS'} .= $_ }; - close(FILE); - } - if (-e "$acl_src_banned_ip") { - open(FILE,"$acl_src_banned_ip"); - delete $proxysettings{'SRC_BANNED_IP'}; - while () { $proxysettings{'SRC_BANNED_IP'} .= $_ }; - close(FILE); - } - if (-e "$acl_src_banned_mac") { - open(FILE,"$acl_src_banned_mac"); - delete $proxysettings{'SRC_BANNED_MAC'}; - while () { $proxysettings{'SRC_BANNED_MAC'} .= $_ }; - close(FILE); - } - if (-e "$acl_src_unrestricted_ip") { - open(FILE,"$acl_src_unrestricted_ip"); - delete $proxysettings{'SRC_UNRESTRICTED_IP'}; - while () { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ }; - close(FILE); - } - if (-e "$acl_src_unrestricted_mac") { - open(FILE,"$acl_src_unrestricted_mac"); - delete $proxysettings{'SRC_UNRESTRICTED_MAC'}; - while () { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ }; - close(FILE); - } - if (-e "$acl_dst_nocache") { - open(FILE,"$acl_dst_nocache"); - delete $proxysettings{'DST_NOCACHE'}; - while () { $proxysettings{'DST_NOCACHE'} .= $_ }; - close(FILE); - } - if (-e "$acl_dst_noauth") { - open(FILE,"$acl_dst_noauth"); - delete $proxysettings{'DST_NOAUTH'}; - while () { $proxysettings{'DST_NOAUTH'} .= $_ }; - close(FILE); - } - if (-e "$acl_ports_safe") { - open(FILE,"$acl_ports_safe"); - delete $proxysettings{'PORTS_SAFE'}; - while () { $proxysettings{'PORTS_SAFE'} .= $_ }; - close(FILE); - } - if (-e "$acl_ports_ssl") { - open(FILE,"$acl_ports_ssl"); - delete $proxysettings{'PORTS_SSL'}; - while () { $proxysettings{'PORTS_SSL'} .= $_ }; - close(FILE); - } - if (-e "$mimetypes") { - open(FILE,"$mimetypes"); - delete $proxysettings{'MIME_TYPES'}; - while () { $proxysettings{'MIME_TYPES'} .= $_ }; - close(FILE); - } - if (-e "$ntlmdir/msntauth.allowusers") { - open(FILE,"$ntlmdir/msntauth.allowusers"); - delete $proxysettings{'NTLM_ALLOW_USERS'}; - while () { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ }; - close(FILE); - } - if (-e "$ntlmdir/msntauth.denyusers") { - open(FILE,"$ntlmdir/msntauth.denyusers"); - delete $proxysettings{'NTLM_DENY_USERS'}; - while () { $proxysettings{'NTLM_DENY_USERS'} .= $_ }; - close(FILE); - } - if (-e "$raddir/radauth.allowusers") { - open(FILE,"$raddir/radauth.allowusers"); - delete $proxysettings{'RADIUS_ALLOW_USERS'}; - while () { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ }; - close(FILE); - } - if (-e "$raddir/radauth.denyusers") { - open(FILE,"$raddir/radauth.denyusers"); - delete $proxysettings{'RADIUS_DENY_USERS'}; - while () { $proxysettings{'RADIUS_DENY_USERS'} .= $_ }; - close(FILE); - } - if (-e "$identdir/identauth.allowusers") { - open(FILE,"$identdir/identauth.allowusers"); - delete $proxysettings{'IDENT_ALLOW_USERS'}; - while () { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ }; - close(FILE); - } - if (-e "$identdir/identauth.denyusers") { - open(FILE,"$identdir/identauth.denyusers"); - delete $proxysettings{'IDENT_DENY_USERS'}; - while () { $proxysettings{'IDENT_DENY_USERS'} .= $_ }; - close(FILE); - } - if (-e "$identhosts") { - open(FILE,"$identhosts"); - delete $proxysettings{'IDENT_HOSTS'}; - while () { $proxysettings{'IDENT_HOSTS'} .= $_ }; - close(FILE); - } - if (-e "$cre_groups") { - open(FILE,"$cre_groups"); - delete $proxysettings{'CRE_GROUPS'}; - while () { $proxysettings{'CRE_GROUPS'} .= $_ }; - close(FILE); - } - if (-e "$cre_svhosts") { - open(FILE,"$cre_svhosts"); - delete $proxysettings{'CRE_SVHOSTS'}; - while () { $proxysettings{'CRE_SVHOSTS'} .= $_ }; - close(FILE); - } -} - -# ------------------------------------------------------------------- - -sub check_acls -{ - @temp = split(/\n/,$proxysettings{'PORTS_SAFE'}); - undef $proxysettings{'PORTS_SAFE'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) - { - $line = $_; - if (/^[^#]+\s+#\sSquids\sport/) { s/(^[^#]+)(\s+#\sSquids\sport)/$proxysettings{'PROXY_PORT'}\2/; $line=$_; } - s/#.*//g; s/\s+//g; - if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } - @templist = split(/-/); - foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } } - $proxysettings{'PORTS_SAFE'} .= $line."\n"; - } - } - - @temp = split(/\n/,$proxysettings{'PORTS_SSL'}); - undef $proxysettings{'PORTS_SSL'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) - { - $line = $_; - s/#.*//g; s/\s+//g; - if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } - @templist = split(/-/); - foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } } - $proxysettings{'PORTS_SSL'} .= $line."\n"; - } - } - - @temp = split(/\n/,$proxysettings{'DST_NOCACHE'}); - undef $proxysettings{'DST_NOCACHE'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) - { - unless (/^\./) { $_ = '.'.$_; } - $proxysettings{'DST_NOCACHE'} .= $_."\n"; - } - } - - @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'}); - undef $proxysettings{'SRC_SUBNETS'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) - { - unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } - $proxysettings{'SRC_SUBNETS'} .= $_."\n"; - } - } - - @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'}); - undef $proxysettings{'SRC_BANNED_IP'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) - { - unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } - $proxysettings{'SRC_BANNED_IP'} .= $_."\n"; - } - } - - @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'}); - undef $proxysettings{'SRC_BANNED_MAC'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; s/-/:/g; - if ($_) - { - unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; } - $proxysettings{'SRC_BANNED_MAC'} .= $_."\n"; - } - } - - @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'}); - undef $proxysettings{'SRC_UNRESTRICTED_IP'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) - { - unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } - $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n"; - } - } - - @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'}); - undef $proxysettings{'SRC_UNRESTRICTED_MAC'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; s/-/:/g; - if ($_) - { - unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; } - $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n"; - } - } - - @temp = split(/\n/,$proxysettings{'DST_NOAUTH'}); - undef $proxysettings{'DST_NOAUTH'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) - { - unless (/^\./) { $_ = '.'.$_; } - $proxysettings{'DST_NOAUTH'} .= $_."\n"; - } - } - - if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive')) - { - @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'}); - undef $proxysettings{'NTLM_ALLOW_USERS'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; } - } - if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } - } - - if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative')) - { - @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'}); - undef $proxysettings{'NTLM_DENY_USERS'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; } - } - if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } - } - - if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive')) - { - @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'}); - undef $proxysettings{'IDENT_ALLOW_USERS'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; } - } - if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } - } - - if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative')) - { - @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'}); - undef $proxysettings{'IDENT_DENY_USERS'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; } - } - if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } - } - - if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive')) - { - @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'}); - undef $proxysettings{'RADIUS_ALLOW_USERS'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; } - } - if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } - } - - if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative')) - { - @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'}); - undef $proxysettings{'RADIUS_DENY_USERS'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; } - } - if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } - } - - @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'}); - undef $proxysettings{'IDENT_HOSTS'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) - { - unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } - $proxysettings{'IDENT_HOSTS'} .= $_."\n"; - } - } - - @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'}); - undef $proxysettings{'CRE_SVHOSTS'}; - foreach (@temp) - { - s/^\s+//g; s/\s+$//g; - if ($_) - { - unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } - $proxysettings{'CRE_SVHOSTS'} .= $_."\n"; - } - } -} - -# ------------------------------------------------------------------- - -sub write_acls -{ - open(FILE, ">$acl_src_subnets"); - flock(FILE, 2); - if (!$proxysettings{'SRC_SUBNETS'}) - { - print FILE "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n"; - if ($netsettings{'BLUE_DEV'}) - { - print FILE "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n"; - } - } else { print FILE $proxysettings{'SRC_SUBNETS'}; } - close(FILE); - - open(FILE, ">$acl_src_banned_ip"); - flock(FILE, 2); - print FILE $proxysettings{'SRC_BANNED_IP'}; - close(FILE); - - open(FILE, ">$acl_src_banned_mac"); - flock(FILE, 2); - print FILE $proxysettings{'SRC_BANNED_MAC'}; - close(FILE); - - open(FILE, ">$acl_src_unrestricted_ip"); - flock(FILE, 2); - print FILE $proxysettings{'SRC_UNRESTRICTED_IP'}; - close(FILE); - - open(FILE, ">$acl_src_unrestricted_mac"); - flock(FILE, 2); - print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'}; - close(FILE); - - open(FILE, ">$acl_dst_nocache"); - flock(FILE, 2); - print FILE $proxysettings{'DST_NOCACHE'}; - close(FILE); - - open(FILE, ">$acl_dst_noauth"); - flock(FILE, 2); - print FILE $proxysettings{'DST_NOAUTH'}; - close(FILE); - - open(FILE, ">$acl_ports_safe"); - flock(FILE, 2); - if (!$proxysettings{'PORTS_SAFE'}) { print FILE $def_ports_safe; } else { print FILE $proxysettings{'PORTS_SAFE'}; } - close(FILE); - - open(FILE, ">$acl_ports_ssl"); - flock(FILE, 2); - if (!$proxysettings{'PORTS_SSL'}) { print FILE $def_ports_ssl; } else { print FILE $proxysettings{'PORTS_SSL'}; } - close(FILE); - - open(FILE, ">$acl_dst_throttle"); - flock(FILE, 2); - if ($proxysettings{'THROTTLE_BINARY'} eq 'on') - { - @temp = split(/\|/,$throttle_binary); - foreach (@temp) { print FILE "\\.$_\$\n"; } - } - if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on') - { - @temp = split(/\|/,$throttle_dskimg); - foreach (@temp) { print FILE "\\.$_\$\n"; } - } - if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on') - { - @temp = split(/\|/,$throttle_mmedia); - foreach (@temp) { print FILE "\\.$_\$\n"; } - } - if (-s $throttled_urls) - { - open(URLFILE, $throttled_urls); - @temp = ; - close(URLFILE); - foreach (@temp) { print FILE; } - } - close(FILE); - - open(FILE, ">$mimetypes"); - flock(FILE, 2); - print FILE $proxysettings{'MIME_TYPES'}; - close(FILE); - - open(FILE, ">$ntlmdir/msntauth.allowusers"); - flock(FILE, 2); - print FILE $proxysettings{'NTLM_ALLOW_USERS'}; - close(FILE); - - open(FILE, ">$ntlmdir/msntauth.denyusers"); - flock(FILE, 2); - print FILE $proxysettings{'NTLM_DENY_USERS'}; - close(FILE); - - open(FILE, ">$raddir/radauth.allowusers"); - flock(FILE, 2); - print FILE $proxysettings{'RADIUS_ALLOW_USERS'}; - close(FILE); - - open(FILE, ">$raddir/radauth.denyusers"); - flock(FILE, 2); - print FILE $proxysettings{'RADIUS_DENY_USERS'}; - close(FILE); - - open(FILE, ">$identdir/identauth.allowusers"); - flock(FILE, 2); - print FILE $proxysettings{'IDENT_ALLOW_USERS'}; - close(FILE); - - open(FILE, ">$identdir/identauth.denyusers"); - flock(FILE, 2); - print FILE $proxysettings{'IDENT_DENY_USERS'}; - close(FILE); - - open(FILE, ">$identhosts"); - flock(FILE, 2); - print FILE $proxysettings{'IDENT_HOSTS'}; - close(FILE); - - open(FILE, ">$cre_groups"); - flock(FILE, 2); - print FILE $proxysettings{'CRE_GROUPS'}; - close(FILE); - - open(FILE, ">$cre_svhosts"); - flock(FILE, 2); - print FILE $proxysettings{'CRE_SVHOSTS'}; - close(FILE); -} - -# ------------------------------------------------------------------- - -sub writepacfile -{ - open(FILE, ">/srv/web/ipfire/html/proxy.pac"); - flock(FILE, 2); - print FILE "function FindProxyForURL(url, host)\n"; - print FILE "{\n"; - if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on')) - { - print FILE <; - close(SUBNETS); - } - - foreach (@templist) - { - @temp = split(/\//); - if ( - ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) && - ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'}) - ) - { - chomp $temp[1]; - print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))"; - } - } - - print FILE "\n"; - - print FILE <${General::swroot}/proxy/squid.conf"); - flock(FILE, 2); - print FILE <$ntlmdir/msntauth.conf"); - flock(MSNTCONF,2); - print MSNTCONF "server $proxysettings{'NTLM_PDC'}"; - if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; } - print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n"; - if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') - { - if ($proxysettings{'NTLM_USER_ACL'} eq 'positive') - { - print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n"; - } else { - print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n"; - } - } - close(MSNTCONF); - } - } - - if ($proxysettings{'AUTH_METHOD'} eq 'radius') - { - print FILE "auth_param basic program $authdir/squid_radius_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} "; - if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; } - print FILE "-w $proxysettings{'RADIUS_SECRET'}\n"; - print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n"; - print FILE "auth_param basic realm $authrealm\n"; - print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n"; - if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; } - } - - print FILE "\n"; - print FILE "acl for_inetusers proxy_auth REQUIRED\n"; - if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')) - { - if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive')) - { - print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n"; - } - if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative')) - { - print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n"; - } - } - if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')) - { - if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive')) - { - print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n"; - } - if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative')) - { - print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n"; - } - } - if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') - { - print FILE "\n"; - if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; } - if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; } - } - if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; } - print FILE "\n"; - - if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n"; } - print FILE "\n"; - } - - if ($proxysettings{'AUTH_METHOD'} eq 'ident') - { - if ($proxysettings{'IDENT_REQUIRED'} eq 'on') - { - print FILE "acl for_inetusers ident REQUIRED\n"; - } - if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') - { - if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive')) - { - print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n"; - } - if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative')) - { - print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n"; - } - } - if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n"; } - print FILE "\n"; - } - - if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; } - - if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; } - - print FILE "acl within_timeframe time "; - if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; } - if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; } - if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; } - if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; } - if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; } - if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; } - if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; } - print FILE " $proxysettings{'TIME_FROM_HOUR'}:"; - print FILE "$proxysettings{'TIME_FROM_MINUTE'}-"; - print FILE "$proxysettings{'TIME_TO_HOUR'}:"; - print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n"; - - if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) { - print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n"; - } - - print FILE <; -close PORTS; -if (@temp) -{ - foreach (@temp) { print FILE "acl SSL_ports port $_"; } -} -open (PORTS,"$acl_ports_safe"); -@temp = ; -close PORTS; -if (@temp) -{ - foreach (@temp) { print FILE "acl Safe_ports port $_"; } -} - print FILE <) { - $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/; - $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/; - $_ =~ s/__BLUE_IP__/$blue_ip/; - $_ =~ s/__BLUE_NET__/$blue_net/; - $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/; - print FILE $_; - } - print FILE "#End of custom includes\n"; - close (ACL); - } - if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; } - print FILE < 0) { - if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; } - if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; } - if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') - { - if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; } - } - } - print FILE "reply_body_max_size $replybodymaxsize allow all\n\n"; - - print FILE "visible_hostname"; - if ($proxysettings{'VISIBLE_HOSTNAME'} eq '') - { - print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n"; - } else { - print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n"; - } - - if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; } - - # Write the parent proxy info, if needed. - if ($remotehost ne '') - { - print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query"; - - # Enter authentication for the parent cache. Option format is - # login=user:password ($proxy1='YES') - # login=PASS ($proxy1='PASS') - # login=*:password ($proxysettings{'FORWARD_USERNAME'} eq 'on') - if (($proxy1 eq 'YES') || ($proxy1 eq 'PASS')) - { - print FILE " login=$proxysettings{'UPSTREAM_USER'}"; - if ($proxy1 eq 'YES') { print FILE ":$proxysettings{'UPSTREAM_PASSWORD'}"; } - } - elsif ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; } - - print FILE "\nnever_direct allow all\n\n"; - } - if (($proxysettings{'ENABLE_FILTER'} eq 'on') && ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on')) - { - print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n"; - if ($filtersettings{'CHILDREN'} > $xlratorsettings{'CHILDREN'}) - { - print FILE "url_rewrite_children $filtersettings{'CHILDREN'}\n\n"; - } else { - print FILE "url_rewrite_children $xlratorsettings{'CHILDREN'}\n\n"; - } - } else - { - - if ($proxysettings{'ENABLE_FILTER'} eq 'on') - { - print FILE <; - close(FILE); - foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } } - &deluser($str_user); - open(FILE, ">>$userdb"); - flock FILE,2; - print FILE "$str_user$str_pass"; - close(FILE); - } else { - &deluser($str_user); - system("/usr/bin/htpasswd -b $userdb $str_user $str_pass"); - } - - if ($str_group eq 'standard') { open(FILE, ">>$stdgrp"); - } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp"); - } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); } - flock FILE, 2; - print FILE "$str_user\n"; - close(FILE); - - return; -} - -# ------------------------------------------------------------------- - -sub deluser -{ - my ($str_user) = @_; - my $groupfile=''; - my @groupmembers=(); - my @templist=(); - - foreach $groupfile ($stdgrp, $extgrp, $disgrp) - { - undef @templist; - open(FILE, "$groupfile"); - @groupmembers = ; - close(FILE); - foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } } - open(FILE, ">$groupfile"); - flock FILE, 2; - print FILE @templist; - close(FILE); - } - - undef @templist; - open(FILE, "$userdb"); - @groupmembers = ; - close(FILE); - foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } } - open(FILE, ">$userdb"); - flock FILE, 2; - print FILE @templist; - close(FILE); - - return; -} - -# ------------------------------------------------------------------- diff --git a/html/cgi-bin/proxygraphs.cgi b/html/cgi-bin/proxygraphs.cgi deleted file mode 100644 index c0f5428a9..000000000 --- a/html/cgi-bin/proxygraphs.cgi +++ /dev/null @@ -1,77 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %cgiparams=(); -my %pppsettings=(); -my %netsettings=(); -my @graphs=(); - -&Header::showhttpheaders(); - -my $dir = "/srv/web/ipfire/html/sgraph"; -$cgiparams{'ACTION'} = ''; -&Header::getcgihash(\%cgiparams); -my $sgraphdir = "/srv/web/ipfire/html/sgraph"; - -&Header::openpage($Lang::tr{'proxy access graphs'}, 1, ''); - -&Header::openbigbox('100%', 'left'); - -&Header::openbox('100%', 'left', $Lang::tr{'proxy access graphs'} . ":" ); - -if (open(IPACHTML, "$sgraphdir/index.html")) -{ - my $skip = 1; - while () - { - $skip = 1 if /^
    $/; - if ($skip) - { - $skip = 0 if /

    /; - next; - } - s/]+)>/Graph/; - s/
    /
    /g; - s/
    /
    /g; - s/<([^>]*)>/\L<$1>\E/g; - s/(size|align|border|color)=([^'"> ]+)/$1='$2'/g; - print; - } - close(IPACHTML); -} -else { - print $Lang::tr{'no information available'}; } - -&Header::closebox(); - -&Header::closebigbox(); - -&Header::closepage(); diff --git a/html/cgi-bin/qos.cgi b/html/cgi-bin/qos.cgi deleted file mode 100644 index 9dcee782b..000000000 --- a/html/cgi-bin/qos.cgi +++ /dev/null @@ -1,1530 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use RRDs; -use strict; -# enable only the following on debugging purpose -# use warnings; -# use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; -require "${General::swroot}/graphs.pl"; - -my %qossettings = (); -my %checked = (); -my %netsettings = (); -my $message = ''; -my $errormessage = ""; -my $c = ""; -my $direntry = ""; -my $classentry = ""; -my $subclassentry = ""; -my $l7ruleentry = ""; -my $portruleentry = ""; -my $tosruleentry = ""; -my @tmp = (); -my @classes = (); -my @subclasses = (); -my @l7rules = (); -my @portrules = (); -my @tosrules = (); -my @tmpline = (); -my @classline = (); -my @subclassline = (); -my @l7ruleline = (); -my @portruleline = (); -my @tosruleline = (); -my @proto = (); -my %selected= (); -my @checked = (); -my $classfile = "/var/ipfire/qos/classes"; -my $subclassfile = "/var/ipfire/qos/subclasses"; -my $level7file = "/var/ipfire/qos/level7config"; -my $portfile = "/var/ipfire/qos/portconfig"; -my $tosfile = "/var/ipfire/qos/tosconfig"; -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); - -&Header::showhttpheaders(); - -$qossettings{'ENABLED'} = 'off'; -$qossettings{'EDIT'} = 'no'; -$qossettings{'OUT_SPD'} = ''; -$qossettings{'INC_SPD'} = ''; -$qossettings{'DEF_OUT_SPD'} = ''; -$qossettings{'DEF_INC_SPD'} = ''; -$qossettings{'DEFCLASS_INC'} = ''; -$qossettings{'DEFCLASS_OUT'} = ''; -$qossettings{'ACK'} = ''; -$qossettings{'MTU'} = '1492'; -$qossettings{'SFQ_PERTUB'} = '10'; -$qossettings{'QLENGTH'} = '30'; -$qossettings{'RED_DEV'} = `cat /var/ipfire/red/iface`; -$qossettings{'IMQ_DEV'} = 'imq0'; -$qossettings{'VALID'} = 'yes'; -### Values that have to be initialized -$qossettings{'ACTION'} = ''; -$qossettings{'ACTIONDEF'} = ''; -$qossettings{'ACTIONBW'} = ''; -$qossettings{'RED_DEV_SEL'} = ''; -$qossettings{'IMQ_DEV_SEL'} = ''; -$qossettings{'PRIO'} = ''; -$qossettings{'SPD'} = ''; -$qossettings{'CLASS'} = ''; -$qossettings{'SCLASS'} = ''; -$qossettings{'QPORT'} = ''; -$qossettings{'DPORT'} = ''; -$qossettings{'QIP'} = ''; -$qossettings{'DIP'} = ''; -$qossettings{'PPROT'} = ''; -$qossettings{'L7PROT'} = ''; -$qossettings{'DEVICE'} = ''; -$qossettings{'MINBWDTH'} = ''; -$qossettings{'MAXBWDTH'} = ''; -$qossettings{'BURST'} = ''; -$qossettings{'CBURST'} = ''; -$qossettings{'DOCLASS'} = ''; -$qossettings{'DOSCLASS'} = ''; -$qossettings{'DOLEVEL7'} = ''; -$qossettings{'DOPORT'} = ''; -$qossettings{'CLASS'} = ''; -$qossettings{'CLASSPRFX'} = ''; -$qossettings{'DEV'} = ''; -$qossettings{'TOS'} = ''; - - -&General::readhash("${General::swroot}/qos/settings", \%qossettings); -&Header::getcgihash(\%qossettings); - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -&Header::openpage('QoS', 1, ''); -&Header::openbigbox('100%', 'left', '', $errormessage); - -############################################################################################################################ -############################################################################################################################ - -if ($qossettings{'DOCLASS'} eq $Lang::tr{'save'}) -{ - &validclass(); - &validminbwdth(); - &validmaxbwdth(); - if ( $qossettings{'VALID'} eq 'yes' ) { - open( FILE, ">> $classfile" ) or die "Unable to write $classfile"; - print FILE <; - close FILE; - open( FILE, "> $classfile" ) or die "Unable to write $classfile"; - foreach $classentry (sort @classes) - { - @classline = split( /\;/, $classentry ); - if ( $classline[1] ne $qossettings{'CLASS'} ) { - print FILE $classentry; - } else { - $qossettings{'DEVICE'} = $classline[0]; - $qossettings{'PRIO'} = $classline[2]; - $qossettings{'MINBWDTH'} = $classline[3]; - $qossettings{'MAXBWDTH'} = $classline[4]; - $qossettings{'BURST'} = $classline[5]; - $qossettings{'CBURST'} = $classline[6]; - $qossettings{'TOS'} = $classline[7]; - $qossettings{'REMARK'} = $classline[8]; - $qossettings{'EDIT'} = 'yes'; - } - } - close FILE; - &parentclass(); - &Header::closebigbox(); - &Header::closepage(); - exit -} -elsif ($qossettings{'DOCLASS'} eq 'Loeschen') -{ - open( FILE, "< $classfile" ) or die "Unable to read $classfile"; - @tmp = ; - close FILE; - open( FILE, "> $classfile" ) or die "Unable to write $classfile"; - foreach $classentry (sort @tmp) - { - @tmpline = split( /\;/, $classentry ); - if ( $tmpline[1] ne $qossettings{'CLASS'} ) - { - print FILE $classentry; - } - } - close FILE; - open( FILE, "< $subclassfile" ) or die "Unable to read $classfile"; - @tmp = ; - close FILE; - open( FILE, "> $subclassfile" ) or die "Unable to write $classfile"; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /\;/, $subclassentry ); - if ( $tmpline[1] ne $qossettings{'CLASS'} ) - { - print FILE $subclassentry; - } - } - close FILE; - $message = "$Lang::tr{'Class'} $qossettings{'CLASS'} $Lang::tr{'Class was deleted'}"; -} - -############################################################################################################################ -############################################################################################################################ - -if ($qossettings{'DOSCLASS'} eq $Lang::tr{'save'}) -{ - &validsubclass(); - &validminbwdth(); - if ( $qossettings{'VALID'} eq 'yes' ) { - open( FILE, ">> $subclassfile" ) or die "Unable to write $subclassfile"; - print FILE <; - close FILE; - open( FILE, "> $subclassfile" ) or die "Unable to write $classfile"; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /\;/, $subclassentry ); - if ( $tmpline[2] ne $qossettings{'CLASS'} ) - { - print FILE $subclassentry; - } - } - close FILE; - $message = "$Lang::tr{'Subclass'} $qossettings{'CLASS'} $Lang::tr{'was deleted'}."; -} - -############################################################################################################################ -############################################################################################################################ - -if ($qossettings{'DOLEVEL7'} eq $Lang::tr{'save'}) -{ - if ( $qossettings{'QIP'} ne '' ) { - unless ( &General::validip($qossettings{'QIP'}) ) { - $qossettings{'VALID'} = 'no'; - $message = "Die Quell-IP-Adresse ist ungueltig."; - } - } - if ( $qossettings{'DIP'} ne '' ) { - unless ( &General::validip($qossettings{'DIP'}) ) { - $qossettings{'VALID'} = 'no'; - $message = "Die Ziel-IP-Adresse ist ungueltig."; - } - } - if ($qossettings{'CLASS'} >= 100 && $qossettings{'CLASS'} < 121) { - $qossettings{'DEVICE'} = $qossettings{'RED_DEV'}; - } elsif ($qossettings{'CLASS'} >= 1000 && $qossettings{'CLASS'} < 1021) { - $qossettings{'DEVICE'} = $qossettings{'RED_DEV'}; - } elsif ($qossettings{'CLASS'} >= 200 && $qossettings{'CLASS'} < 221) { - $qossettings{'DEVICE'} = $qossettings{'IMQ_DEV'}; - } elsif ($qossettings{'CLASS'} >= 2000 && $qossettings{'CLASS'} < 2021) { - $qossettings{'DEVICE'} = $qossettings{'IMQ_DEV'}; - } - if ( $qossettings{'VALID'} eq 'yes' ) { - open( FILE, ">> $level7file" ) or die "Unable to write $level7file"; - print FILE <; - close FILE; - system("rm $level7file"); - foreach $l7ruleentry (sort @l7rules) - { - @l7ruleline = split( /\;/, $l7ruleentry ); - if ( ($l7ruleline[0] eq $qossettings{'CLASS'}) && ($l7ruleline[2] eq $qossettings{'L7PROT'})) - {$message = "Level7-Regel ($qossettings{'CLASS'} - $qossettings{'L7PROT'}) wurde geloescht.";} - else - { open( FILE, ">> $level7file" ) or die "Unable to read $level7file"; - print FILE $l7ruleentry; - close FILE; - } - } - open( FILE, "< $level7file" ) or system("touch $level7file");close FILE; - } elsif ($qossettings{'DOLEVEL7'} eq 'Bearbeiten') -{ - open( FILE, "< $level7file" ) or die "Unable to read $level7file"; - @l7rules = ; - close FILE; - system("rm $level7file"); - foreach $l7ruleentry (sort @l7rules) - { - @l7ruleline = split( /\;/, $l7ruleentry ); - if ( ($l7ruleline[0] eq $qossettings{'CLASS'}) && ($l7ruleline[2] eq $qossettings{'L7PROT'})) - {$qossettings{'QIP'} = $l7ruleline[3];$qossettings{'DIP'} = $l7ruleline[4];} - else { - open( FILE, ">> $level7file" ) or die "Unable to write $level7file"; - print FILE $l7ruleentry; - close FILE; - } - } - &level7rule; - open( FILE, "< $level7file" ) or system("touch $level7file");close FILE; - } - -############################################################################################################################ -############################################################################################################################ - -if ($qossettings{'DOPORT'} eq $Lang::tr{'save'}) -{ - if ( $qossettings{'QIP'} ne '' ) { - unless ( &General::validip($qossettings{'QIP'}) ) { - $qossettings{'VALID'} = 'no'; - $message = "Die Quell-IP-Adresse ist ungueltig."; - } - } - if ( $qossettings{'DIP'} ne '' ) { - unless ( &General::validip($qossettings{'DIP'}) ) { - $qossettings{'VALID'} = 'no'; - $message = "Die Ziel-IP-Adresse ist ungueltig."; - } - } - if ($qossettings{'CLASS'} >= 100 && $qossettings{'CLASS'} < 121) { - $qossettings{'DEVICE'} = $qossettings{'RED_DEV'}; - } elsif ($qossettings{'CLASS'} >= 1000 && $qossettings{'CLASS'} < 1021) { - $qossettings{'DEVICE'} = $qossettings{'RED_DEV'}; - } elsif ($qossettings{'CLASS'} >= 200 && $qossettings{'CLASS'} < 221) { - $qossettings{'DEVICE'} = $qossettings{'IMQ_DEV'}; - } elsif ($qossettings{'CLASS'} >= 2000 && $qossettings{'CLASS'} < 2021) { - $qossettings{'DEVICE'} = $qossettings{'IMQ_DEV'}; - } - if ( $qossettings{'VALID'} eq 'yes' ) { - open( FILE, ">> $portfile" ) or die "Unable to write $portfile"; - print FILE <; - close FILE; - open( FILE, "> $portfile" ) or die "Unable to read $portfile"; - foreach $portruleentry (sort @portrules) - { - @portruleline = split( /\;/, $portruleentry ); - unless ( ($portruleline[0] eq $qossettings{'CLASS'}) && ($portruleline[2] eq $qossettings{'PPROT'}) && ($portruleline[3] eq $qossettings{'QIP'}) && ($portruleline[4] eq $qossettings{'QPORT'}) && ($portruleline[5] eq $qossettings{'DIP'}) && ($portruleline[6] eq $qossettings{'DPORT'})) - { - print FILE $portruleentry; - } - } - close FILE; - $message = "$Lang::tr{'Port Rule'} ($qossettings{'CLASS'} - $qossettings{'PPROT'}) $Lang::tr{'was deleted'}."; -} elsif ($qossettings{'DOPORT'} eq 'Bearbeiten') -{ - open( FILE, "< $portfile" ) or die "Unable to read $portfile"; - @portrules = ; - close FILE; - system("rm $portfile"); - foreach $portruleentry (sort @portrules) - { - @portruleline = split( /\;/, $portruleentry ); - if ( ($portruleline[0] eq $qossettings{'CLASS'}) && ($portruleline[2] eq $qossettings{'PPROT'}) && ($portruleline[3] eq $qossettings{'QIP'}) && ($portruleline[4] eq $qossettings{'QPORT'}) && ($portruleline[5] eq $qossettings{'DIP'}) && ($portruleline[6] eq $qossettings{'DPORT'})) - {$qossettings{'CLASS'}=$portruleline[0];$qossettings{'PPROT'}=$portruleline[2];$qossettings{'QIP'}=$portruleline[3];$qossettings{'QPORT'}=$portruleline[4];$qossettings{'DIP'}=$portruleline[5];$qossettings{'DPORT'}=$portruleline[6];} - else { - open( FILE, ">> $portfile" ) or die "Unable to write $portfile"; - print FILE $portruleentry; - close FILE; - } - } - &portrule; - open( FILE, "< $portfile" ) or system("touch $portfile");close FILE; - } - -############################################################################################################################ -############################################################################################################################ - -if ($qossettings{'DOTOS'} eq $Lang::tr{'save'}) -{ - if ($qossettings{'CLASS'} >= 100 && $qossettings{'CLASS'} < 121) { - $qossettings{'DEVICE'} = $qossettings{'RED_DEV'}; - } elsif ($qossettings{'CLASS'} >= 1000 && $qossettings{'CLASS'} < 1021) { - $qossettings{'DEVICE'} = $qossettings{'RED_DEV'}; - } elsif ($qossettings{'CLASS'} >= 200 && $qossettings{'CLASS'} < 221) { - $qossettings{'DEVICE'} = $qossettings{'IMQ_DEV'}; - } elsif ($qossettings{'CLASS'} >= 2000 && $qossettings{'CLASS'} < 2021) { - $qossettings{'DEVICE'} = $qossettings{'IMQ_DEV'}; - } - open( FILE, ">> $tosfile" ) or die "Unable to write $tosfile"; - print FILE <; - close FILE; - open( FILE, "> $tosfile" ) or die "Unable to read $tosfile"; - foreach $tosruleentry (sort @tosrules) - { - @tosruleline = split( /\;/, $tosruleentry ); - unless ( ($tosruleline[0] eq $qossettings{'CLASS'}) && ($tosruleline[2] eq $qossettings{'TOS'})) - { - print FILE $tosruleentry; - } - } - close FILE; - $message = "$Lang::tr{'TOS Rule'} ($qossettings{'CLASS'} - $qossettings{'TOS'}) $Lang::tr{'was deleted'}."; -} elsif ($qossettings{'DOTOS'} eq 'Bearbeiten') -{ - open( FILE, "< $tosfile" ) or die "Unable to read $tosfile"; - @tosrules = ; - close FILE; - open( FILE, "> $tosfile" ) or die "Unable to write $tosfile"; - foreach $tosruleentry (sort @tosrules) - { - @tosruleline = split( /\;/, $tosruleentry ); - if (( $tosruleline[0] eq $qossettings{'CLASS'} ) && ( $tosruleline[2] eq $qossettings{'TOS'} )) { - $qossettings{'DEVICE'} = $tosruleline[1]; - $qossettings{'CLASS'} = $tosruleline[0]; - $qossettings{'TOS'} = $tosruleline[2]; - $qossettings{'EDIT'} = 'yes'; - } else { - print FILE $tosruleentry; - } - } - close FILE; - &tosrule(); - &Header::closebigbox(); - &Header::closepage(); - exit -} - -############################################################################################################################ -############################################################################################################################ - -if ($qossettings{'ACTION'} eq 'Start') -{ - system("/usr/local/bin/qosctrl generate >/dev/null 2>&1"); - system("/usr/bin/touch /var/ipfire/qos/enable"); - system("/usr/local/bin/qosctrl start >/dev/null 2>&1"); - system("logger -t ipfire 'QoS started'"); - $qossettings{'ENABLED'} = 'on'; - &General::writehash("${General::swroot}/qos/settings", \%qossettings); -} -elsif ($qossettings{'ACTION'} eq 'Stop') -{ - system("/usr/local/bin/qosctrl stop >/dev/null 2>&1"); - unlink "/var/ipfire/qos/bin/qos.sh"; - unlink "/var/ipfire/qos/enable"; - system("logger -t ipfire 'QoS stopped'"); - $qossettings{'ENABLED'} = 'off'; - &General::writehash("${General::swroot}/qos/settings", \%qossettings); -} -elsif ($qossettings{'ACTION'} eq 'Neustart') -{ - if ($qossettings{'ENABLED'} eq 'on'){ - system("/usr/local/bin/qosctrl stop >/dev/null 2>&1"); - system("/usr/local/bin/qosctrl generate >/dev/null 2>&1"); - system("/usr/local/bin/qosctrl start >/dev/null 2>&1"); - system("logger -t ipfire 'QoS restarted'"); - } -} -elsif ($qossettings{'ACTION'} eq $Lang::tr{'save'}) -{ - if ($qossettings{'DEF_INC_SPD'} eq '') { - $qossettings{'DEF_INC_SPD'} = int($qossettings{'INC_SPD'} * 0.9); - } - if ($qossettings{'DEF_OUT_SPD'} eq '') { - $qossettings{'DEF_OUT_SPD'} = int($qossettings{'OUT_SPD'} * 0.9); - } - &General::writehash("${General::swroot}/qos/settings", \%qossettings); -} -elsif ($qossettings{'ACTION'} eq $Lang::tr{'template'} ) -{ - my @UP; - #print "UP
    "; - for(my $i = 1; $i <= 10; $i++) { - $UP[$i] = int($qossettings{'OUT_SPD'} / $i ); - #print $i."=".$UP[$i]." "; - } - my @DOWN; - #print "

    Down
    "; - for(my $i = 1; $i <= 20; $i++) { - $DOWN[$i] = int($qossettings{'INC_SPD'} / $i); - #print $i."=".$DOWN[$i]." "; - } - open( FILE, "> $classfile" ) or die "Unable to write $classfile"; - print FILE < $level7file" ) or die "Unable to write $level7file"; - print FILE < $portfile" ) or die "Unable to write $portfile"; - print FILE <$output\n"; - } else { print "$Lang::tr{'QoS not enabled'}"; } - &Header::closebox(); - &Header::closebigbox(); - &Header::closepage(); - exit -} -elsif ($qossettings{'ACTION'} eq 'Parentklasse hinzufuegen') -{ - &parentclass(); - &Header::closebigbox(); - &Header::closepage(); - exit -} -elsif ($qossettings{'ACTION'} eq 'Unterklasse hinzufuegen') -{ - &subclass(); - &Header::closebigbox(); - &Header::closepage(); - exit -} -elsif ($qossettings{'ACTION'} eq 'Regel hinzufuegen') -{ - &Header::openbox('100%', 'center', $Lang::tr{'Add Rule'}); - print < -

      $Lang::tr{'legend'}:    $Lang::tr{$Lang::tr{'edit'}    $Lang::tr{$Lang::tr{'remove'}
    $Lang::tr{'advproxy NCSA no accounts'}
    $Lang::tr{'Choose Rule'} -
    - - - -
    -END -; - &Header::closebox(); - print <