webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

upnp.cgi und status.cgi von Maniac eingebaut

Browse Source 
IPSec aktualisiert


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@453 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
This commit is contained in:
ms
2007-03-24 13:30:47 +00:00
parent 2abc4aad76
commit 5fd302326d
14 changed files with 1013 additions and 598 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
config/kernel/kernel.config.i586
View File

@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.16.42-ipfire
# Mon Mar 19 13:34:52 2007
# Sat Mar 24 12:58:07 2007
#
CONFIG_X86_32=y
CONFIG_SEMAPHORE_SLEEPERS=y
@@ -66,7 +66,7 @@ CONFIG_MODULE_UNLOAD=y
CONFIG_OBSOLETE_MODPARM=y
CONFIG_MODVERSIONS=y
# CONFIG_MODULE_SRCVERSION_ALL is not set
# CONFIG_KMOD is not set
CONFIG_KMOD=y
#
# Block layer
@@ -217,7 +217,7 @@ CONFIG_ACPI_FAN=m
CONFIG_ACPI_PROCESSOR=m
CONFIG_ACPI_THERMAL=m
# CONFIG_ACPI_ASUS is not set
CONFIG_ACPI_IBM=m
# CONFIG_ACPI_IBM is not set
# CONFIG_ACPI_TOSHIBA is not set
# CONFIG_ACPI_CUSTOM_DSDT is not set
CONFIG_ACPI_BLACKLIST_YEAR=0
@@ -611,10 +611,11 @@ CONFIG_KLIPS=m
# KLIPS options
#
CONFIG_KLIPS_ESP=y
# CONFIG_KLIPS_AH is not set
CONFIG_KLIPS_AH=y
CONFIG_KLIPS_AUTH_HMAC_MD5=y
CONFIG_KLIPS_AUTH_HMAC_SHA1=y
# CONFIG_KLIPS_ENC_CRYPTOAPI is not set
CONFIG_KLIPS_ENC_CRYPTOAPI=y
CONFIG_KLIPS_ENC_1DES=y
CONFIG_KLIPS_ENC_3DES=y
CONFIG_KLIPS_ENC_AES=y
CONFIG_KLIPS_ENC_NULL=y
@@ -1731,14 +1732,18 @@ CONFIG_REISERFS_PROC_INFO=y
CONFIG_REISERFS_FS_XATTR=y
CONFIG_REISERFS_FS_POSIX_ACL=y
CONFIG_REISERFS_FS_SECURITY=y
# CONFIG_JFS_FS is not set
CONFIG_JFS_FS=m
CONFIG_JFS_POSIX_ACL=y
CONFIG_JFS_SECURITY=y
# CONFIG_JFS_DEBUG is not set
CONFIG_JFS_STATISTICS=y
CONFIG_FS_POSIX_ACL=y
CONFIG_XFS_FS=m
CONFIG_XFS_EXPORT=y
CONFIG_XFS_QUOTA=y
CONFIG_XFS_SECURITY=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_XFS_RT=y
# CONFIG_XFS_RT is not set
# CONFIG_OCFS2_FS is not set
CONFIG_MINIX_FS=y
# CONFIG_ROMFS_FS is not set
@@ -1748,7 +1753,7 @@ CONFIG_QUOTACTL=y
CONFIG_DNOTIFY=y
# CONFIG_AUTOFS_FS is not set
# CONFIG_AUTOFS4_FS is not set
CONFIG_FUSE_FS=m
# CONFIG_FUSE_FS is not set
#
# CD-ROM/DVD Filesystems
@@ -1843,7 +1848,7 @@ CONFIG_NLS_DEFAULT="cp437"
# CONFIG_NLS_CODEPAGE_437 is not set
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
# CONFIG_NLS_CODEPAGE_850 is not set
CONFIG_NLS_CODEPAGE_850=y
# CONFIG_NLS_CODEPAGE_852 is not set
# CONFIG_NLS_CODEPAGE_855 is not set
# CONFIG_NLS_CODEPAGE_857 is not set
@@ -1864,7 +1869,7 @@ CONFIG_NLS_DEFAULT="cp437"
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
# CONFIG_NLS_ASCII is not set
# CONFIG_NLS_ISO8859_1 is not set
CONFIG_NLS_ISO8859_1=y
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
@@ -1877,7 +1882,7 @@ CONFIG_NLS_DEFAULT="cp437"
# CONFIG_NLS_ISO8859_15 is not set
# CONFIG_NLS_KOI8_R is not set
# CONFIG_NLS_KOI8_U is not set
# CONFIG_NLS_UTF8 is not set
CONFIG_NLS_UTF8=y
#
# Instrumentation Support

27
config/kernel/kernel.config.i586.smp
View File

@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.16.42-ipfire
# Fri Mar 16 12:03:27 2007
# Sat Mar 24 12:58:22 2007
#
CONFIG_X86_32=y
CONFIG_SEMAPHORE_SLEEPERS=y
@@ -67,7 +67,7 @@ CONFIG_MODULE_UNLOAD=y
CONFIG_OBSOLETE_MODPARM=y
CONFIG_MODVERSIONS=y
# CONFIG_MODULE_SRCVERSION_ALL is not set
# CONFIG_KMOD is not set
CONFIG_KMOD=y
CONFIG_STOP_MACHINE=y
#
@@ -222,7 +222,7 @@ CONFIG_ACPI_FAN=m
CONFIG_ACPI_PROCESSOR=m
CONFIG_ACPI_THERMAL=m
# CONFIG_ACPI_ASUS is not set
CONFIG_ACPI_IBM=m
# CONFIG_ACPI_IBM is not set
# CONFIG_ACPI_TOSHIBA is not set
# CONFIG_ACPI_CUSTOM_DSDT is not set
CONFIG_ACPI_BLACKLIST_YEAR=0
@@ -617,10 +617,11 @@ CONFIG_KLIPS=m
# KLIPS options
#
CONFIG_KLIPS_ESP=y
# CONFIG_KLIPS_AH is not set
CONFIG_KLIPS_AH=y
CONFIG_KLIPS_AUTH_HMAC_MD5=y
CONFIG_KLIPS_AUTH_HMAC_SHA1=y
# CONFIG_KLIPS_ENC_CRYPTOAPI is not set
CONFIG_KLIPS_ENC_CRYPTOAPI=y
CONFIG_KLIPS_ENC_1DES=y
CONFIG_KLIPS_ENC_3DES=y
CONFIG_KLIPS_ENC_AES=y
CONFIG_KLIPS_ENC_NULL=y
@@ -1734,14 +1735,18 @@ CONFIG_REISERFS_PROC_INFO=y
CONFIG_REISERFS_FS_XATTR=y
CONFIG_REISERFS_FS_POSIX_ACL=y
CONFIG_REISERFS_FS_SECURITY=y
# CONFIG_JFS_FS is not set
CONFIG_JFS_FS=m
CONFIG_JFS_POSIX_ACL=y
CONFIG_JFS_SECURITY=y
# CONFIG_JFS_DEBUG is not set
CONFIG_JFS_STATISTICS=y
CONFIG_FS_POSIX_ACL=y
CONFIG_XFS_FS=m
CONFIG_XFS_EXPORT=y
CONFIG_XFS_QUOTA=y
CONFIG_XFS_SECURITY=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_XFS_RT=y
# CONFIG_XFS_RT is not set
# CONFIG_OCFS2_FS is not set
CONFIG_MINIX_FS=y
# CONFIG_ROMFS_FS is not set
@@ -1751,7 +1756,7 @@ CONFIG_QUOTACTL=y
CONFIG_DNOTIFY=y
# CONFIG_AUTOFS_FS is not set
# CONFIG_AUTOFS4_FS is not set
CONFIG_FUSE_FS=m
# CONFIG_FUSE_FS is not set
#
# CD-ROM/DVD Filesystems
@@ -1846,7 +1851,7 @@ CONFIG_NLS_DEFAULT="cp437"
# CONFIG_NLS_CODEPAGE_437 is not set
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
# CONFIG_NLS_CODEPAGE_850 is not set
CONFIG_NLS_CODEPAGE_850=y
# CONFIG_NLS_CODEPAGE_852 is not set
# CONFIG_NLS_CODEPAGE_855 is not set
# CONFIG_NLS_CODEPAGE_857 is not set
@@ -1867,7 +1872,7 @@ CONFIG_NLS_DEFAULT="cp437"
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
# CONFIG_NLS_ASCII is not set
# CONFIG_NLS_ISO8859_1 is not set
CONFIG_NLS_ISO8859_1=y
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
@@ -1880,7 +1885,7 @@ CONFIG_NLS_DEFAULT="cp437"
# CONFIG_NLS_ISO8859_15 is not set
# CONFIG_NLS_KOI8_R is not set
# CONFIG_NLS_KOI8_U is not set
# CONFIG_NLS_UTF8 is not set
CONFIG_NLS_UTF8=y
#
# Instrumentation Support

1
doc/packages-list.txt
View File

@@ -117,6 +117,7 @@
* ipp2p-0.8.2
* ipp2p-0.8.2-iptables
* iproute2-2.6.16-060323
* iptables-1.3.5
* iptables-1.3.7
* iptraf-3.0.0
* iptstate-2.1

353
html/cgi-bin/status.cgi
View File

@@ -6,14 +6,13 @@
#
# (c) The SmoothWall Team
#
# $Id: status.cgi,v 1.6.2.7 2005/02/24 07:44:35 gespinasse Exp $
#
use strict;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
use warnings;
use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
@@ -31,35 +30,45 @@ my %cgiparams=();
# is also the name of the program
my %servicenames =
(
$Lang::tr{'dhcp server'} => 'dhcpd',
$Lang::tr{'web server'} => 'httpd',
$Lang::tr{'cron server'} => 'fcron',
$Lang::tr{'dns proxy server'} => 'dnsmasq',
$Lang::tr{'logging server'} => 'syslogd',
$Lang::tr{'kernel logging server'} => 'klogd',
$Lang::tr{'ntp server'} => 'ntpd',
$Lang::tr{'secure shell server'} => 'sshd',
$Lang::tr{'vpn'} => 'pluto',
$Lang::tr{'web proxy'} => 'squid',
'OpenVPN' => 'openvpn'
$Lang::tr{'dhcp server'} => 'dhcpd',
$Lang::tr{'web server'} => 'httpd',
$Lang::tr{'cron server'} => 'fcron',
$Lang::tr{'dns proxy server'} => 'dnsmasq',
$Lang::tr{'logging server'} => 'syslogd',
$Lang::tr{'kernel logging server'} => 'klogd',
$Lang::tr{'ntp server'} => 'ntpd',
$Lang::tr{'secure shell server'} => 'sshd',
$Lang::tr{'vpn'} => 'pluto',
$Lang::tr{'web proxy'} => 'squid',
'OpenVPN' => 'openvpn'
);
my $iface = '';
if (open(FILE, "${General::swroot}/red/iface"))
{
$iface = <FILE>;
close FILE;
chomp $iface;
$iface = <FILE>;
close FILE;
chomp $iface;
}
$servicenames{"$Lang::tr{'intrusion detection system'} (RED)"} = "snort_${iface}";
$servicenames{"$Lang::tr{'intrusion detection system'} (GREEN)"} = "snort_$netsettings{'GREEN_DEV'}";
if ($netsettings{'ORANGE_DEV'} ne '') {
$servicenames{"$Lang::tr{'intrusion detection system'} (ORANGE)"} = "snort_$netsettings{'ORANGE_DEV'}";
$servicenames{"$Lang::tr{'intrusion detection system'} (ORANGE)"} = "snort_$netsettings{'ORANGE_DEV'}";
}
if ($netsettings{'BLUE_DEV'} ne '') {
$servicenames{"$Lang::tr{'intrusion detection system'} (BLUE)"} = "snort_$netsettings{'BLUE_DEV'}";
$servicenames{"$Lang::tr{'intrusion detection system'} (BLUE)"} = "snort_$netsettings{'BLUE_DEV'}";
}
my %dhcpsettings=();
my %netsettings=();
my %dhcpinfo=();
my %pppsettings=();
my $output='';
&General::readhash("${General::swroot}/dhcp/settings", \%dhcpsettings);
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
&General::readhash("${General::swroot}/ppp/settings", \%pppsettings);
&Header::showhttpheaders();
&Header::getcgihash(\%cgiparams);
@@ -80,16 +89,16 @@ my $lines = 0;
my $key = '';
foreach $key (sort keys %servicenames)
{
if ($lines % 2) {
print "<tr bgcolor='${Header::table1colour}'>\n"; }
else {
print "<tr bgcolor='${Header::table2colour}'>\n"; }
print "<td align='left'>$key</td>\n";
my $shortname = $servicenames{$key};
my $status = &isrunning($shortname);
print "$status\n";
print "</tr>\n";
$lines++;
if ($lines % 2) {
print "<tr bgcolor='${Header::table1colour}'>\n"; }
else {
print "<tr bgcolor='${Header::table2colour}'>\n"; }
print "<td align='left'>$key</td>\n";
my $shortname = $servicenames{$key};
my $status = &isrunning($shortname);
print "$status\n";
print "</tr>\n";
$lines++;
}
@@ -97,7 +106,7 @@ print "</table></div>\n";
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'memory'});
&Header::openbox('100%', 'center', $Lang::tr{'memory'});
print "<table><tr><td><table>";
my $ram=0;
my $size=0;
@@ -110,8 +119,8 @@ my $cached=0;
open(FREE,'/usr/bin/free |');
while(<FREE>)
{
if ($_ =~ m/^\s+total\s+used\s+free\s+shared\s+buffers\s+cached$/ )
{
if ($_ =~ m/^\s+total\s+used\s+free\s+shared\s+buffers\s+cached$/ )
{
print <<END
<tr>
<td>&nbsp;</td>
@@ -179,14 +188,14 @@ END
;
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'disk usage'});
print "<table>\n";
&Header::openbox('100%', 'center', $Lang::tr{'disk usage'});
print "<table width=66%>\n";
open(DF,'/bin/df -B M -x rootfs|');
while(<DF>)
{
if ($_ =~ m/^Filesystem/ )
{
print <<END
if ($_ =~ m/^Filesystem/ )
{
print <<END
<tr>
<td align='left' class='boldbase'><b>$Lang::tr{'device'}</b></td>
<td align='left' class='boldbase'><b>$Lang::tr{'mounted on'}</b></td>
@@ -197,11 +206,11 @@ while(<DF>)
</tr>
END
;
}
else
{
my ($device,$size,$used,$free,$percent,$mount) = split;
print <<END
}
else
{
my ($device,$size,$used,$free,$percent,$mount) = split;
print <<END
<tr>
<td>$device</td>
<td>$mount</td>
@@ -211,35 +220,217 @@ END
<td>
END
;
&percentbar($percent);
print <<END
&percentbar($percent);
print <<END
</td>
<td align='right'>$percent</td>
</tr>
END
;
}
}
}
close DF;
print "<tr><td colspan='6'>&nbsp;\n<tr><td colspan='6'><h2>Inodes</h2>\n";
open(DF,'/bin/df -i -x rootfs|');
while(<DF>)
{
if ($_ =~ m/^Filesystem/ )
{
print <<END
<tr>
<td align='left' class='boldbase'><b>$Lang::tr{'device'}</b></td>
<td align='left' class='boldbase'><b>$Lang::tr{'mounted on'}</b></td>
<td align='center' class='boldbase'><b>$Lang::tr{'size'}</b></td>
<td align='center' class='boldbase'><b>$Lang::tr{'used'}</b></td>
<td align='center' class='boldbase'><b>$Lang::tr{'free'}</b></td>
<td align='left' class='boldbase' colspan='2'><b>$Lang::tr{'percentage'}</b></td>
</tr>
END
;
}
else
{
my ($device,$size,$used,$free,$percent,$mount) = split;
print <<END
<tr>
<td>$device</td>
<td>$mount</td>
<td align='right'>$size</td>
<td align='right'>$used</td>
<td align='right'>$free</td>
<td>
END
;
&percentbar($percent);
print <<END
</td>
<td align='right'>$percent</td>
</tr>
END
;
}
}
close DF;
print "</table>\n";
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'uptime and users'});
my $output = `/usr/bin/who`;
&Header::openbox('100%', 'left', $Lang::tr{'interfaces'});
$output = `/sbin/ifconfig`;
$output = &Header::cleanhtml($output,"y");
my @itfs = ('ORANGE','BLUE','GREEN');
foreach my $itf (@itfs) {
my $ColorName='';
my $lc_itf=lc($itf);
my $dev = $netsettings{"${itf}_DEV"};
if ($dev){
$ColorName = "${lc_itf}"; #dereference variable name...
$output =~ s/$dev/<b><font color="$ColorName">$dev<\/font><\/b>/ ;
}
}
if (open(REDIFACE, "${General::swroot}/red/iface")) {
my $lc_itf='red';
my $reddev = <REDIFACE>;
close(REDIFACE);
chomp $reddev;
$output =~ s/$reddev/<b><font color='red'>${reddev}<\/font><\/b>/;
}
print "<pre>$output</pre>\n";
&Header::closebox();
if ( $netsettings{'CONFIG_TYPE'} =~ /^(2|3|6|7)$/ && $netsettings{'RED_TYPE'} eq "DHCP") {
print "<a name='reddhcp'/>\n";
&Header::openbox('100%', 'left', "RED $Lang::tr{'dhcp configuration'}");
if (-s "${General::swroot}/dhcpc/dhcpcd-$netsettings{'RED_DEV'}.info") {
&General::readhash("${General::swroot}/dhcpc/dhcpcd-$netsettings{'RED_DEV'}.info", \%dhcpinfo);
my $DNS1=`echo $dhcpinfo{'DNS'} | cut -f 1 -d ,`;
my $DNS2=`echo $dhcpinfo{'DNS'} | cut -f 2 -d ,`;
my $lsetme=0;
my $leasetime="";
if ($dhcpinfo{'LEASETIME'} ne "") {
$lsetme=$dhcpinfo{'LEASETIME'};
$lsetme=($lsetme/60);
if ($lsetme > 59) {
$lsetme=($lsetme/60); $leasetime=$lsetme." Hour";
} else {
$leasetime=$lsetme." Minute";
}
if ($lsetme > 1) {
$leasetime=$leasetime."s";
}
}
my $rentme=0;
my $rnwltime="";
if ($dhcpinfo{'RENEWALTIME'} ne "") {
$rentme=$dhcpinfo{'RENEWALTIME'};
$rentme=($rentme/60);
if ($rentme > 59){
$rentme=($rentme/60); $rnwltime=$rentme." Hour";
} else {
$rnwltime=$rentme." Minute";
}
if ($rentme > 1){
$rnwltime=$rnwltime."s";
}
}
my $maxtme=0;
my $maxtime="";
if ($dhcpinfo{'REBINDTIME'} ne "") {
$maxtme=$dhcpinfo{'REBINDTIME'};
$maxtme=($maxtme/60);
if ($maxtme > 59){
$maxtme=($maxtme/60); $maxtime=$maxtme." Hour";
} else {
$maxtime=$maxtme." Minute";
}
if ($maxtme > 1) {
$maxtime=$maxtime."s";
}
}
print "<table width='100%'>";
if ($dhcpinfo{'HOSTNAME'}) {
print "<tr><td width='30%'>$Lang::tr{'hostname'}</td><td>$dhcpinfo{'HOSTNAME'}.$dhcpinfo{'DOMAIN'}</td></tr>\n";
} else {
print "<tr><td width='30%'>$Lang::tr{'domain'}</td><td>$dhcpinfo{'DOMAIN'}</td></tr>\n";
}
print <<END
<tr><td>$Lang::tr{'gateway'}</td><td>$dhcpinfo{'GATEWAY'}</td></tr>
<tr><td>$Lang::tr{'primary dns'}</td><td>$DNS1</td></tr>
<tr><td>$Lang::tr{'secondary dns'}</td><td>$DNS2</td></tr>
<tr><td>$Lang::tr{'dhcp server'}</td><td>$dhcpinfo{'DHCPSIADDR'}</td></tr>
<tr><td>$Lang::tr{'def lease time'}</td><td>$leasetime</td></tr>
<tr><td>$Lang::tr{'default renewal time'}</td><td>$rnwltime</td></tr>
<tr><td>$Lang::tr{'max renewal time'}</td><td>$maxtime</td></tr>
</table>
END
;
}
else
{
print "$Lang::tr{'no dhcp lease'}";
}
&Header::closebox();
}
if ($dhcpsettings{'ENABLE_GREEN'} eq 'on' || $dhcpsettings{'ENABLE_BLUE'} eq 'on') {
print "<a name='leases'/>";
&Header::CheckSortOrder;
&Header::PrintActualLeases;
}
&Header::openbox('100%', 'left', $Lang::tr{'routing table entries'});
$output = `/sbin/route -n`;
$output = &Header::cleanhtml($output,"y");
print "<pre>$output</pre>\n";
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'arp table entries'});
$output = `/sbin/arp -n`;
$output = &Header::cleanhtml($output,"y");
print "<pre>$output</pre>\n";
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'loaded modules'});
$output = qx+/bin/lsmod+;
($output = &Header::cleanhtml($output,"y")) =~ s/\[.*\]//g;
print "<pre>\n$output\n</pre>\n";
&Header::closebox();
my $module = qx(/bin/lsmod | awk -F" " '{print \$1}');
my $size = qx(/bin/lsmod | awk -F" " '{print \$2}');
my $used = qx(/bin/lsmod | awk -F" " '{print \$3}');
my @usedby = qx(/bin/lsmod | awk -F" " '{print \$4}');
my @usedbyf;
my $usedbyline;
&Header::openbox('100%', 'left', $Lang::tr{'kernel version'});
print "<pre>\n";
print `/bin/uname -a`;
print "</pre>\n";
foreach $usedbyline(@usedby)
{
my $laenge = length($usedbyline);
if ( $laenge > 30)
{
my $usedbylinef=substr($usedbyline,0,30);
$usedbyline="$usedbylinef ...\n";
push(@usedbyf,$usedbyline);
}
else
{push(@usedbyf,$usedbyline);}
}
print <<END
<table cellspacing=25><tr>
<td><pre>$module</pre></td>
<td><pre>$size</pre></td>
<td><pre>$used</pre></td>
<td><pre>@usedbyf</pre></td>
</tr></table>
END
;
print "";
&Header::closebox();
&Header::closebigbox();
@@ -248,35 +439,35 @@ print "</pre>\n";
sub isrunning
{
my $cmd = $_[0];
my $status = "<td bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td>";
my $pid = '';
my $testcmd = '';
my $exename;
my $cmd = $_[0];
my $status = "<td bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td>";
my $pid = '';
my $testcmd = '';
my $exename;
$cmd =~ /(^[a-z]+)/;
$exename = $1;
$cmd =~ /(^[a-z]+)/;
$exename = $1;
if (open(FILE, "/var/run/${cmd}.pid"))
{
$pid = <FILE>; chomp $pid;
close FILE;
if (open(FILE, "/proc/${pid}/status"))
{
while (<FILE>)
{
if (/^Name:\W+(.*)/) {
$testcmd = $1; }
}
close FILE;
if ($testcmd =~ /$exename/)
{
$status = "<td bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
}
}
}
if (open(FILE, "/var/run/${cmd}.pid"))
{
$pid = <FILE>; chomp $pid;
close FILE;
if (open(FILE, "/proc/${pid}/status"))
{
while (<FILE>)
{
if (/^Name:\W+(.*)/) {
$testcmd = $1; }
}
close FILE;
if ($testcmd =~ /$exename/)
{
$status = "<td bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
}
}
}
return $status;
return $status;
}
sub percentbar

247
html/cgi-bin/upnp.cgi
View File

@@ -26,7 +26,7 @@ my %selected= () ;
my %servicenames =
(
'UPnP Daemon' => 'upnpd',
'UPnP Daemon' => 'upnpd',
);
&Header::showhttpheaders();
@@ -42,8 +42,14 @@ $upnpsettings{'UPSTREAM'} = '16000000';
$upnpsettings{'DESCRIPTION'} = 'gatedesc.xml';
$upnpsettings{'XML'} = '/etc/linuxigd';
$upnpsettings{'ENABLED'} = 'off';
$upnpsettings{'GREEN'} = 'on';
$upnpsettings{'BLUE'} = 'off';
$upnpsettings{'GREENi'} = 'on';
$upnpsettings{'BLUEi'} = 'off';
$upnpsettings{'REDi'} = 'off';
$upnpsettings{'ORANGEi'} = 'off';
$upnpsettings{'GREENe'} = 'off';
$upnpsettings{'BLUEe'} = 'off';
$upnpsettings{'REDe'} = 'on';
$upnpsettings{'ORANGEe'} = 'off';
### Values that have to be initialized
$upnpsettings{'ACTION'} = '';
@@ -60,9 +66,9 @@ if ($upnpsettings{'ACTION'} eq $Lang::tr{'save'})
{
&General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
open (FILE, ">${General::swroot}/upnp/upnpd.conf") or die "Can't save the upnp config: $!";
flock (FILE, 2);
open (FILE, ">${General::swroot}/upnp/upnpd.conf") or die "Can't save the upnp config: $!";
flock (FILE, 2);
print FILE <<END
# UPnP Config by Ipfire Project
@@ -82,90 +88,144 @@ close FILE;
}
elsif ($upnpsettings{'ACTION'} eq 'Start')
{
$upnpsettings{'ENABLED'} = 'on';
&General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
system('/usr/local/bin/upnpctrl start');
}
$upnpsettings{'ENABLED'} = 'on';
&General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
system('/usr/local/bin/upnpctrl upnpdstart $netsettings{'RED_DEV'} $netsettings{'GREEN_DEV'}');
}
elsif ($upnpsettings{'ACTION'} eq 'Stop')
{
$upnpsettings{'ENABLED'} = 'off';
&General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
system('/usr/local/bin/upnpctrl stop');
}
$upnpsettings{'ENABLED'} = 'off';
&General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
system('/usr/local/bin/upnpctrl upnpstop');
}
elsif ($upnpsettings{'ACTION'} eq $Lang::tr{'restart'})
{
&General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
system('/usr/local/bin/upnpctrl restart');
&General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
system('/usr/local/bin/upnpctrl upnpstop');
system('/usr/local/bin/upnpctrl upnpstart $netsettings{'RED_DEV'} $netsettings{'GREEN_DEV'}');
}
&General::readhash("${General::swroot}/upnp/settings", \%upnpsettings);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<class name='base'>$errormessage\n";
print "&nbsp;</class>\n";
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<class name='base'>$errormessage\n";
print "&nbsp;</class>\n";
&Header::closebox();
}
$checked{'GREEN'}{'on'} = '';
$checked{'GREEN'}{'off'} = '';
$checked{'GREEN'}{"$upnpsettings{'GREEN'}"} = 'checked';
$checked{'BLUE'}{'on'} = '';
$checked{'BLUE'}{'off'} = '';
$checked{'BLUE'}{"$upnpsettings{'BLUE'}"} = 'checked';
$checked{'GREENi'}{'on'} = '';
$checked{'GREENi'}{'off'} = '';
$checked{'GREENi'}{"$upnpsettings{'GREENi'}"} = 'checked';
$checked{'BLUEi'}{'on'} = '';
$checked{'BLUEi'}{'off'} = '';
$checked{'BLUEi'}{"$upnpsettings{'BLUEi'}"} = 'checked';
$checked{'REDi'}{'on'} = '';
$checked{'REDi'}{'off'} = '';
$checked{'REDi'}{"$upnpsettings{'REDi'}"} = 'checked';
$checked{'ORANGEi'}{'on'} = '';
$checked{'ORANGEi'}{'off'} = '';
$checked{'ORANGEi'}{"$upnpsettings{'ORANGEi'}"} = 'checked';
$checked{'GREENe'}{'on'} = '';
$checked{'GREENe'}{'off'} = '';
$checked{'GREENe'}{"$upnpsettings{'GREENe'}"} = 'checked';
$checked{'BLUEe'}{'on'} = '';
$checked{'BLUEe'}{'off'} = '';
$checked{'BLUEe'}{"$upnpsettings{'BLUEe'}"} = 'checked';
$checked{'REDe'}{'on'} = '';
$checked{'REDe'}{'off'} = '';
$checked{'REDe'}{"$upnpsettings{'REDe'}"} = 'checked';
$checked{'ORANGEe'}{'on'} = '';
$checked{'ORANGEe'}{'off'} = '';
$checked{'ORANGEe'}{"$upnpsettings{'ORANGEe'}"} = 'checked';
############################################################################################################################
############################################################################################################################
&Header::openbox('100%', 'center', 'UPnP');
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='400' cellspacing='0'>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='95%' cellspacing='0'>
END
;
if ( $message ne "" ) {
print "<tr><td colspan='3' align='center'><font color='red'>$message</font>";
}
if ( $message ne "" ) {
print "<tr><td colspan='3' align='center'><font color='red'>$message</font>";
}
my $lines = 0;
my $key = '';
foreach $key (sort keys %servicenames)
{
if ($lines % 2) {
print "<tr bgcolor='${Header::table1colour}'>\n"; }
else {
print "<tr bgcolor='${Header::table2colour}'>\n"; }
print "<td align='left'>$key\n";
my $shortname = $servicenames{$key};
my $status = &isrunning($shortname);
print "$status\n";
$lines++;
}
print <<END
<tr><td><b>Alle Dienste:</b></td><td colspan='2'>
<input type='submit' name='ACTION' value='Start' />
<input type='submit' name='ACTION' value='Stop' />
<input type='submit' name='ACTION' value='$Lang::tr{'restart'}' />
</table>
</form>
<hr />
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='500'>
<tr><td colspan='2' align='left'><b>$Lang::tr{'options'}</b>
<tr><td align='left'>$Lang::tr{'interfaces'}
<td align='left'>&nbsp;<td><input type='checkbox' name='GREEN' $checked{'GREEN'}{'on'} /> <font size='2' color='$Header::colourgreen'><b>$Lang::tr{'green'} - $netsettings{'GREEN_DEV'}</b></font>
END
;
if (&Header::blue_used()){
my $lines = 0;
my $key = '';
foreach $key (sort keys %servicenames)
{
if ($lines % 2) {
print "<tr bgcolor='${Header::table1colour}'>\n"; }
else {
print "<tr bgcolor='${Header::table2colour}'>\n"; }
print "<td align='left'>$key\n";
my $shortname = $servicenames{$key};
my $status = &isrunning($shortname);
print "$status\n";
$lines++;
}
print <<END
<tr><td align='left'>&nbsp;<td><input type='checkbox' name='BLUE' $checked{'BLUE'}{'on'} /> <font size='2' color='$Header::colourblue'><b>$Lang::tr{'wireless'} - $netsettings{'BLUE_DEV'}</b></font>
<tr><td><b>Alle Dienste:</b></td><td colspan='2'>
<input type='submit' name='ACTION' value='Start' />
<input type='submit' name='ACTION' value='Stop' />
<input type='submit' name='ACTION' value='$Lang::tr{'restart'}' />
</table>
END
;
}
print <<END
</table>
#print <<END
# <br></br>
# <hr />
# <br></br>
#
# <table width='95%'>
# <tr><td colspan='2' align='left' bgcolor='${Header::table1colour}'><b>External Interface</b></td></tr>
# <tr><td align='left'>&nbsp;</td><td><input type='radio' name='External' value='$netsettings{'RED_DEV'}' $checked{'REDe'}{'on'}><font size='2' color='$Header::colourred'><b>RED - $netsettings{'RED_DEV'}</b></font><br></br>
# <input type='radio' name='External' value='$netsettings{'GREEN_DEV'}' $checked{'GREENe'}{'on'}><font size='2' color='$Header::colourgreen'><b>$Lang::tr{'green'} - $netsettings{'GREEN_DEV'}</b></font><br></br>
#END
#;
# if (&Header::blue_used()){
# print <<END
# <input type='radio' name='External' value='$netsettings{'BLUE_DEV'}' $checked{'BLUEe'}{'on'}><font size='2' color='$Header::colourblue'><b>$Lang::tr{'wireless'} - $netsettings{'BLUE_DEV'}</b></font><br></br>
#END
#;
# }
# if (&Header::orange_used()){
# print <<END
# <input type='radio' name='External' value='$netsettings{'ORANGE_DEV'}' $checked{'ORANGEe'}{'on'}><font size='2' color='$Header::colourorange'><b>$Lang::tr{'dmz'} - $netsettings{'ORANGE_DEV'}</b></font><br></br>
#END
#;
# }
# print <<END
# </td></tr>
# <tr><td colspan='2' align='left'><br></br></td></tr>
# <tr><td colspan='2' align='left' bgcolor='${Header::table1colour}'><b>Internal Interface</b></td></tr>
# <tr><td align='left'>&nbsp;</td><td><input type='radio' name='Internal' value='$netsettings{'RED_DEV'}' $checked{'REDi'}{'on'}><font size='2' color='$Header::colourred'><b>RED - $netsettings{'RED_DEV'}</b></font><br></br>
# <input type='radio' name='Internal' value='$netsettings{'GREEN_DEV'}' $checked{'GREENi'}{'on'}><font size='2' color='$Header::colourgreen'><b>$Lang::tr{'green'} - $netsettings{'GREEN_DEV'}</b></font><br></br>
#END
#;
# if (&Header::blue_used()){
# print <<END
# <input type='radio' name='Internal' value='$netsettings{'BLUE_DEV'}' $checked{'BLUEi'}{'on'}><font size='2' color='$Header::colourblue'><b>$Lang::tr{'wireless'} - $netsettings{'BLUE_DEV'}</b></font><br></br>
#END
#;
# }
# if (&Header::orange_used()){
# print <<END
# <input type='radio' name='Internal' value='$netsettings{'ORANGE_DEV'}' $checked{'ORANGEi'}{'on'}><font size='2' color='$Header::colourorange'><b>$Lang::tr{'dmz'} - $netsettings{'ORANGE_DEV'}</b></font><br></br>
#END
#;
# }
# print <<END
# </td></tr></table>
print <<END
</form>
<br></br>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='95%' cellspacing='0'>
<tr><td colspan='2' align='left' bgcolor='${Header::table1colour}'><b>$Lang::tr{'options'}</b></td></tr>
<tr><td colspan='2' align='left'><br></br></td></tr>
<tr><td align='left'>Debug Mode:</td><td><input type='text' name='DEBUGMODE' value='$upnpsettings{'DEBUGMODE'}' size="30"></input></td></tr>
<tr><td align='left'>Forward Rules:</td><td><input type='text' name='FORWARDRULES' value='$upnpsettings{'FORWARDRULES'}' size="30"></input></td></tr>
<tr><td align='left'>Forward Chain:</td><td><input type='text' name='FORWARDCHAIN' value='$upnpsettings{'FORWARDCHAIN'}' size="30"></input></td></tr>
@@ -174,6 +234,7 @@ END
<tr><td align='left'>Up Strean:</td><td><input type='text' name='UPSTREAM' value='$upnpsettings{'UPSTREAM'}' size="30"></input></td></tr>
<tr><td align='left'>Description Document:</td><td><input type='text' name='DESCRIPTION' value='$upnpsettings{'DESCRIPTION'}' size="30"></input></td></tr>
<tr><td align='left'>XML Document:</td><td><input type='text' name='XML' value='$upnpsettings{'XML'}' size="30"></input></td></tr>
<tr><td colspan='2' align='left'><br></br></td></tr>
<tr><td colspan='2' align='center'><input type='submit' name='ACTION' value=$Lang::tr{'save'} />
</table></form>
<br></br>
@@ -190,33 +251,33 @@ END
sub isrunning
{
my $cmd = $_[0];
my $status = "<td bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td>";
my $pid = '';
my $testcmd = '';
my $exename;
my $cmd = $_[0];
my $status = "<td bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td>";
my $pid = '';
my $testcmd = '';
my $exename;
$cmd =~ /(^[a-z]+)/;
$exename = $1;
$cmd =~ /(^[a-z]+)/;
$exename = $1;
if (open(FILE, "/var/run/${cmd}.pid"))
{
$pid = <FILE>; chomp $pid;
close FILE;
if (open(FILE, "/proc/${pid}/status"))
{
while (<FILE>)
{
if (/^Name:\W+(.*)/) {
$testcmd = $1; }
}
close FILE;
if ($testcmd =~ /$exename/)
{
$status = "<td bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
}
}
}
if (open(FILE, "/var/run/${cmd}.pid"))
{
$pid = <FILE>; chomp $pid;
close FILE;
if (open(FILE, "/proc/${pid}/status"))
{
while (<FILE>)
{
if (/^Name:\W+(.*)/) {
$testcmd = $1; }
}
close FILE;
if ($testcmd =~ /$exename/)
{
$status = "<td bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
}
}
}
return $status;
}
return $status;
}

284
html/cgi-bin/vpnmain.cgi
View File

@@ -1,25 +1,4 @@
#!/usr/bin/perl
#
# This file is part of the IPCop Firewall.
#
# IPCop is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# IPCop is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with IPCop; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Copyright (C) 2003-05-25 Mark Wormgoor <mark@wormgoor.com>
#
# $Id: vpnmain.cgi,v 1.10.2.104 2006/11/30 12:43:10 franck78 Exp $
#
use Net::DNS;
use File::Copy;
@@ -56,9 +35,6 @@ my $errormessage = '';
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'ENABLED_GREEN'} = 'off';
$cgiparams{'ENABLED_ORANGE'} = 'off';
$cgiparams{'ENABLED_BLUE'} = 'off';
$cgiparams{'EDIT_ADVANCED'} = 'off';
$cgiparams{'ACTION'} = '';
$cgiparams{'CA_NAME'} = '';
@@ -124,10 +100,7 @@ sub valid_dns_host {
### Just return true is one interface is vpn enabled
###
sub vpnenabled {
return ($vpnsettings{'ENABLED'} eq 'on' ||
$vpnsettings{'ENABLED_GREEN'} eq 'on' ||
$vpnsettings{'ENABLED_ORANGE'} eq 'on' ||
$vpnsettings{'ENABLED_BLUE'} eq 'on');
return ($vpnsettings{'ENABLED'} eq 'on');
}
###
### old version: maintain serial number to one, without explication.
@@ -232,9 +205,6 @@ sub makeconnname ($) {
### the side is always defined as 'left'.
### configihash[14]: 'VHOST' is allowed
###
###Type=Net : GUI can choose to be left or right. This serve nothing in the conf!
### interface is fixed to RED only. No special reason for this also.
###
sub writeipsecfiles {
my %lconfighash = ();
@@ -249,11 +219,15 @@ sub writeipsecfiles {
print CONF "version 2\n\n";
print CONF "config setup\n";
#create an ipsec Interface for each 'enabled' ones
#loop trought configuration and add physical interfaces to the list
my $interfaces = "\tinterfaces=\"";
$interfaces .= "%defaultroute " if ($lvpnsettings{'ENABLED'} eq 'on');
$interfaces .= "ipsec1=$netsettings{'GREEN_DEV'} " if ($lvpnsettings{'ENABLED_GREEN'} eq 'on');
$interfaces .= "ipsec2=$netsettings{'BLUE_DEV'} " if ($lvpnsettings{'ENABLED_BLUE'} eq 'on');
$interfaces .= "ipsec3=$netsettings{'ORANGE_DEV'} " if ($lvpnsettings{'ENABLED_ORANGE'} eq 'on');
foreach my $key (keys %lconfighash) {
next if ($lconfighash{$key}[0] ne 'on');
$interfaces .= "%defaultroute " if ($interfaces !~ /defaultroute/ && $lconfighash{$key}[26] eq 'RED');
$interfaces .= "ipsec1=$netsettings{'GREEN_DEV'} " if ($interfaces !~ /ipsec1/ && $lconfighash{$key}[26] eq 'GREEN');
$interfaces .= "ipsec2=$netsettings{'BLUE_DEV'} " if ($interfaces !~ /ipsec2/ && $lconfighash{$key}[26] eq 'BLUE');
$interfaces .= "ipsec3=$netsettings{'ORANGE_DEV'} " if ($interfaces !~ /ipsec3/ && $lconfighash{$key}[26] eq 'ORANGE');
}
print CONF $interfaces . "\"\n";
my $plutodebug = ''; # build debug list
@@ -266,8 +240,6 @@ sub writeipsecfiles {
# deprecated in ipsec.conf version 2
#print CONF "\tplutoload=%search\n";
#print CONF "\tplutostart=%search\n";
print CONF "\tplutoload=%search\n";
print CONF "\tplutostart=%search\n";
print CONF "\tuniqueids=yes\n";
print CONF "\tnat_traversal=yes\n";
print CONF "\toverridemtu=$lvpnsettings{'VPN_OVERRIDE_MTU'}\n" if ($lvpnsettings{'VPN_OVERRIDE_MTU'} ne '');
@@ -301,47 +273,39 @@ sub writeipsecfiles {
#remote peer is not set? => use '%any'
$lconfighash{$key}[10] = '%any' if ($lconfighash{$key}[10] eq '');
my ($L,$R); #Local & Remote sides
print CONF "conn $lconfighash{$key}[1]\n";
#always choose LEFT localside for roadwarrior
if ($lconfighash{$key}[3] eq 'host' || $lconfighash{$key}[6] eq 'left') {
$L = 'left';
$R = 'right';
} else {
$R = 'left';
$L = 'right';
}
print CONF "\t${L}=";
my $localside;
if ($lconfighash{$key}[26] eq 'BLUE') {
print CONF "$netsettings{'BLUE_ADDRESS'}\n";
} elsif ($lconfighash{$key}[26] eq 'ORANGE') {
print CONF "$netsettings{'ORANGE_ADDRESS'}\n";
$localside = $netsettings{'BLUE_ADDRESS'};
} elsif ($lconfighash{$key}[26] eq 'GREEN') {
print CONF "$netsettings{'GREEN_ADDRESS'}\n";
} elsif ($lconfighash{$key}[26] eq 'RED') {
print CONF "$lvpnsettings{'VPN_IP'}\n";
print CONF "\t${L}nexthop=%defaultroute\n" if ($lvpnsettings{'VPN_IP'} ne '%defaultroute');
$localside = $netsettings{'GREEN_ADDRESS'};
} elsif ($lconfighash{$key}[26] eq 'ORANGE') {
$localside = $netsettings{'ORANGE_ADDRESS'};
} else { # it is RED
$localside = $lvpnsettings{'VPN_IP'};
}
print CONF "\t${L}subnet=$lconfighash{$key}[8]\n";
print CONF "\t${R}=$lconfighash{$key}[10]\n";
print CONF "conn $lconfighash{$key}[1] #$lconfighash{$key}[26]\n";
print CONF "\tleft=$localside\n";
print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute');
print CONF "\tleftsubnet=$lconfighash{$key}[8]\n";
print CONF "\tright=$lconfighash{$key}[10]\n";
if ($lconfighash{$key}[3] eq 'net') {
print CONF "\t${R}subnet=$lconfighash{$key}[11]\n";
print CONF "\t${R}nexthop=%defaultroute\n";
} elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed?
print CONF "\trightsubnet=$lconfighash{$key}[11]\n";
print CONF "\trightnexthop=%defaultroute\n";
} elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors?
print CONF "\trightsubnet=vhost:%no,%priv\n";
}
# Local Cert and Remote Cert (unless auth is DN dn-auth)
if ($lconfighash{$key}[4] eq 'cert') {
print CONF "\t${L}cert=${General::swroot}/certs/hostcert.pem\n";
print CONF "\t${R}cert=${General::swroot}/certs/$lconfighash{$key}[1]cert.pem\n" if ($lconfighash{$key}[2] ne '%auth-dn');
print CONF "\tleftcert=${General::swroot}/certs/hostcert.pem\n";
print CONF "\trightcert=${General::swroot}/certs/$lconfighash{$key}[1]cert.pem\n" if ($lconfighash{$key}[2] ne '%auth-dn');
}
# Local and Remote IDs
print CONF "\t${L}id=\"$lconfighash{$key}[7]\"\n" if ($lconfighash{$key}[7]);
print CONF "\t${R}id=\"$lconfighash{$key}[9]\"\n" if ($lconfighash{$key}[9]);
print CONF "\tleftid=\"$lconfighash{$key}[7]\"\n" if ($lconfighash{$key}[7]);
print CONF "\trightid=\"$lconfighash{$key}[9]\"\n" if ($lconfighash{$key}[9]);
# Algorithms
if ($lconfighash{$key}[18] && $lconfighash{$key}[19] && $lconfighash{$key}[20]) {
@@ -406,16 +370,6 @@ sub writeipsecfiles {
# Build Authentication details: LEFTid RIGHTid : PSK psk
my $psk_line;
if ($lconfighash{$key}[4] eq 'psk') {
my $localside;
if ($lconfighash{$key}[26] eq 'BLUE') {
$localside = $netsettings{'BLUE_ADDRESS'};
} elsif ($lconfighash{$key}[26] eq 'GREEN') {
$localside = $netsettings{'GREEN_ADDRESS'};
} elsif ($lconfighash{$key}[26] eq 'ORANGE') {
$localside = $netsettings{'ORANGE_ADDRESS'};
} else { # it is RED
$localside = $lvpnsettings{'VPN_IP'};
}
$psk_line = ($lconfighash{$key}[7] ? $lconfighash{$key}[7] : $localside) . " " ;
$psk_line .= $lconfighash{$key}[9] ? $lconfighash{$key}[9] : $lconfighash{$key}[10]; #remoteid or remote address?
$psk_line .= " : PSK '$lconfighash{$key}[5]'\n";
@@ -472,7 +426,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
}
map ($vpnsettings{$_} = $cgiparams{$_},
('ENABLED','ENABLED_GREEN','ENABLED_ORANGE','ENABLED_BLUE','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
$vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
@@ -881,7 +835,7 @@ END
# Create empty CRL cannot be done because we don't have
# the private key for this CAROOT
# Ipcop can only import certificates
# IPFire can only import certificates
&General::log("ipsec", "p12 import completed!");
&cleanssldatabase();
@@ -1072,7 +1026,7 @@ END
<table width='100%' border='0' cellspacing='1' cellpadding='0'>
<tr><td width='40%' class='base'>$Lang::tr{'organization name'}:</td>
<td width='60%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td></tr>
<tr><td class='base'>$Lang::tr{'ipcops hostname'}:</td>
<tr><td class='base'>$Lang::tr{'IPFires hostname'}:</td>
<td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td></tr>
<tr><td class='base'>$Lang::tr{'your e-mail'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
<td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td></tr>
@@ -1186,10 +1140,10 @@ END
&writeipsecfiles();
system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled);
} else {
system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
$confighash{$cgiparams{'KEY'}}[0] = 'off';
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
}
sleep $sleepDelay;
} else {
@@ -1278,7 +1232,7 @@ END
$cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
$cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
$cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
$cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
#$cgiparams{'free'} = $confighash{$cgiparams{'KEY'}}[6];
$cgiparams{'LOCAL_ID'} = $confighash{$cgiparams{'KEY'}}[7];
$cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
$cgiparams{'REMOTE_ID'} = $confighash{$cgiparams{'KEY'}}[9];
@@ -1323,11 +1277,6 @@ END
goto VPNCONF_ERROR;
}
if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
$errormessage = $Lang::tr{'ipcop side is invalid'};
goto VPNCONF_ERROR;
}
# Check if there is no other entry with this name
if (! $cgiparams{'KEY'}) { #only for add
foreach my $key (keys %confighash) {
@@ -1394,8 +1343,8 @@ END
) {
$errormessage = $Lang::tr{'invalid local-remote id'} . '<br />' .
'DER_ASN1_DN: @c=FR/ou=Paris/ou=Home/cn=*<br />' .
'FQDN: @ipcop.org<br />' .
'USER_FQDN: franck@ipcop.org<br />' .
'FQDN: @ipfire.org<br />' .
'USER_FQDN: info@ipfire.org<br />' .
'IPV4_ADDR: @123.123.123.123';
goto VPNCONF_ERROR;
}
@@ -1786,7 +1735,6 @@ END
$confighash{$key}[4] = 'cert';
}
if ($cgiparams{'TYPE'} eq 'net') {
$confighash{$key}[6] = $cgiparams{'SIDE'};
$confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
}
$confighash{$key}[7] = $cgiparams{'LOCAL_ID'};
@@ -1813,6 +1761,7 @@ END
$confighash{$key}[14] = $cgiparams{'VHOST'};
#free unused fields!
$confighash{$key}[6] = 'off';
$confighash{$key}[15] = 'off';
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
@@ -1828,7 +1777,6 @@ END
goto VPNCONF_END;
} else { # add new connection
$cgiparams{'ENABLED'} = 'on';
$cgiparams{'SIDE'} = 'left';
if ( ! -f "${General::swroot}/private/cakey.pem" ) {
$cgiparams{'AUTH'} = 'psk';
} elsif ( ! -f "${General::swroot}/ca/cacert.pem") {
@@ -1878,24 +1826,11 @@ END
$checked{'ENABLED'}{'off'} = '';
$checked{'ENABLED'}{'on'} = '';
$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
$checked{'ENABLED_GREEN'}{'off'} = '';
$checked{'ENABLED_GREEN'}{'on'} = '';
$checked{'ENABLED_GREEN'}{$cgiparams{'ENABLED_GREEN'}} = "checked='checked'";
$checked{'ENABLED_ORANGE'}{'off'} = '';
$checked{'ENABLED_ORANGE'}{'on'} = '';
$checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = "checked='checked'";
$checked{'ENABLED_BLUE'}{'off'} = '';
$checked{'ENABLED_BLUE'}{'on'} = '';
$checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = "checked='checked'";
$checked{'EDIT_ADVANCED'}{'off'} = '';
$checked{'EDIT_ADVANCED'}{'on'} = '';
$checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = "checked='checked'";
$selected{'SIDE'}{'left'} = '';
$selected{'SIDE'}{'right'} = '';
$selected{'SIDE'}{$cgiparams{'SIDE'}} = "selected='selected'";
$checked{'AUTH'}{'psk'} = '';
$checked{'AUTH'}{'certreq'} = '';
$checked{'AUTH'}{'certgen'} = '';
@@ -1964,69 +1899,53 @@ END
print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' size='30' /></td>";
}
print "<td>$Lang::tr{'enabled'}</td><td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td></tr>";
print '</tr><td><br /></td><tr>';
my $disabled;
my $blob;
if ($cgiparams{'TYPE'} eq 'host') {
$disabled = "disabled='disabled'";
$blob = "<img src='/blob.gif' alt='*' />";
};
print "<tr><td>$Lang::tr{'interface'}</td>";
print "<td><select name='INTERFACE'>";
print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>" if ($netsettings{'BLUE_DEV'} ne '');
print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
print "</select></td></tr>";
print <<END
<tr><td class='boldbase'>$Lang::tr{'local subnet'}</td>
<td><input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' /></td>
<td colspan='2'>&nbsp;</td>
</tr><tr>
<td class='boldbase'>$Lang::tr{'remote host/ip'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
print "<tr><td>$Lang::tr{'host ip'}:</td>";
print "<td><select name='INTERFACE'>";
print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED ($vpnsettings{'VPN_IP'})</option>";
print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN ($netsettings{'GREEN_ADDRESS'})</option>";
print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE ($netsettings{'BLUE_ADDRESS'})</option>" if ($netsettings{'BLUE_DEV'} ne '');
print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE ($netsettings{'ORANGE_ADDRESS'})</option>" if ($netsettings{'ORANGE_DEV'} ne '');
print "</select></td>";
print <<END
<td class='boldbase'>$Lang::tr{'remote host/ip'}:&nbsp;$blob</td>
<td><input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size='30' /></td>
<td colspan='2'>&nbsp;</td>
</tr>
END
;
} else {
print <<END
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ipcop side'}
<input type='hidden' name='INTERFACE' value='RED' /></td>
<td><select name='SIDE'><option value='left' $selected{'SIDE'}{'left'}>left</option>
<option value='right' $selected{'SIDE'}{'right'}>right</option></select></td>
<td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
<td><input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size ='30' /></td>
</tr><tr>
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
<td><input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' /></td>
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
<td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' /></td>
</tr>
END
;
}
print <<END
<tr>
<td>$Lang::tr{'dpd action'}:</td>
<td><select name='DPD_ACTION'>
<option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
<option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option>
<option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option>
</select>&nbsp; <a href='http://www.openswan.com/docs/local/README.DPD'>?</a>
</td>
</tr><tr>
<td><input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' /></td>
</tr><tr>
<td class='boldbase'>$Lang::tr{'vpn local id'}:&nbsp;<img src='/blob.gif' alt='*' />
<br />($Lang::tr{'eg'} <tt>&#64;xy.example.com</tt>)</td>
<td><input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' /></td>
<td class='boldbase'>$Lang::tr{'vpn remote id'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
<td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td>
</tr><tr>
</tr><td><br /></td><tr>
<td>$Lang::tr{'dpd action'}:</td>
<td><select name='DPD_ACTION'>
<option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
<option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option>
<option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option>
</select>&nbsp; <a href='http://www.openswan.com/docs/local/README.DPD'>?</a>
</td>
</tr><tr>
<!--http://www.openswan.com/docs/local/README.DPD
http://bugs.xelerance.com/view.php?id=156
restart = clear + reinitiate connection
-->
<td><b>$Lang::tr{'options'}</b></td>
</tr><tr>
<td class='boldbase'>$Lang::tr{'vpn local id'}:&nbsp;<img src='/blob.gif' alt='*' />
<br />($Lang::tr{'eg'} <tt>&#64;xy.example.com</tt>)</td>
<td><input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' /></td>
<td class='boldbase'>$Lang::tr{'vpn remote id'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
<td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td>
</tr><tr>
<td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' alt='*' /></td>
<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td>
</tr>
<td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' alt='*' /></td>
<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td>
</tr>
END
;
if (!$cgiparams{'KEY'}) {
@@ -2502,7 +2421,7 @@ EOF
$cgiparams{'VPN_DELAYED_START'} = 0 if (! defined ($cgiparams{'VPN_DELAYED_START'}));
$checked{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'} eq 'on' ? "checked='checked'" : '' ;
map ($checked{$_} = $cgiparams{$_} eq 'on' ? "checked='checked'" : '',
('ENABLED','ENABLED_GREEN','ENABLED_ORANGE','ENABLED_BLUE','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
@@ -2518,47 +2437,27 @@ EOF
}
&Header::openbox('100%', 'left', $Lang::tr{'global settings'});
my $checkbox="";
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<tr>
<td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'local vpn hostname/ip'}:</td>
<td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'vpn red name'}:</td>
<td width='20%'><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' /></td>
<td width='20%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'} /></td>
<td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'vpn on green'}:</td>
<td width='20%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED_GREEN' $checked{'ENABLED_GREEN'} /></td>
</tr>
END
;
if ($netsettings{'ORANGE_DEV'} ne '') {
$checkbox=<<END
<td class='base' nowrap='nowrap'>$Lang::tr{'vpn on orange'}:</td>
<td class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'} /></td>
END
;}
print <<END
<tr>
<td class='base' nowrap='nowrap'>$Lang::tr{'override mtu'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
<td ><input type='text' name='VPN_OVERRIDE_MTU' value='$cgiparams{'VPN_OVERRIDE_MTU'}' /></td>
<td></td>
$checkbox
</tr>
END
;
if ($netsettings{'BLUE_DEV'} ne '') {
$checkbox=<<END
<td class='base' nowrap='nowrap'>$Lang::tr{'vpn on blue'}:</td>
<td class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED_BLUE' $checked{'ENABLED_BLUE'} /></td>
END
;}
print <<END
<tr>
<td class='base' nowrap='nowrap'>$Lang::tr{'vpn delayed start'}:&nbsp;<img src='/blob.gif' alt='*' /><img src='/blob.gif' alt='*' /></td>
<td ><input type='text' name='VPN_DELAYED_START' value='$cgiparams{'VPN_DELAYED_START'}' /></td>
<td></td>
$checkbox
</tr>
</table>
<p>$Lang::tr{'vpn watch'}:<input type='checkbox' name='VPN_WATCH' $checked{'VPN_WATCH'} /></p>
@@ -2587,7 +2486,6 @@ END
;
print "</form>";
&Header::closebox();
undef ($checkbox);
&Header::openbox('100%', 'left', $Lang::tr{'connection status and controlc'});
print <<END
@@ -2622,16 +2520,17 @@ END
print "<td align='left'>&nbsp;</td>";
}
print "<td align='center'>$confighash{$key}[25]</td>";
# get real state
my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
if ($confighash{$key}[0] eq 'off') {
$active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
} else {
foreach my $line (@status) {
if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) {
$active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
}
foreach my $line (@status) {
if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) {
$active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
}
}
# move to blueif really down
if ($confighash{$key}[0] eq 'off' && $active =~ /${Header::colourred}/ ) {
$active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
}
print <<END
<td align='center'>$active</td>
<td align='center'>
@@ -2825,14 +2724,15 @@ END
END
;
}
my $rowcolor = 0;
if (keys %cahash > 0) {
foreach my $key (keys %cahash) {
if (($key + 1) % 2) {
print "<tr bgcolor='${Header::table1colour}'>\n";
} else {
print "<tr bgcolor='${Header::table2colour}'>\n";
}
foreach my $key (keys %cahash) {
if ($rowcolor++ % 2) {
print "<tr bgcolor='${Header::table1colour}'>\n";
} else {
print "<tr bgcolor='${Header::table2colour}'>\n";
}
print "<td class='base'>$cahash{$key}[0]</td>\n";
print "<td class='base'>$cahash{$key}[1]</td>\n";
print <<END
@@ -2898,9 +2798,5 @@ END
END
;
&Header::closebox();
print "$Lang::tr{'this feature has been sponsored by'} : ";
print "<a href='http://www.seminolegas.com/' target='_blank'>Seminole Canada Gas Company</a>.\n";
&Header::closebigbox();
&Header::closepage();

4
lfs/iptables
View File

@@ -26,7 +26,7 @@
include Config
VER = 1.3.7
VER = 1.3.5
THISAPP = iptables-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -47,7 +47,7 @@ netfilter-layer7-v2.9.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.9.tar.gz
libnfnetlink-0.0.25.tar.bz2 = $(URL_IPFIRE)/libnfnetlink-0.0.25.tar.bz2
libnetfilter_queue-0.0.13.tar.bz2 = $(URL_IPFIRE)/libnetfilter_queue-0.0.13.tar.bz2
$(DL_FILE)_MD5 = dd965bdacbb86ce2a6498829fddda6b7
$(DL_FILE)_MD5 = 00fb916fa8040ca992a5ace56d905ea5
netfilter-layer7-v2.9.tar.gz_MD5 = ebf9043a5352ebe6dbd721989ef83dee
libnfnetlink-0.0.25.tar.bz2_MD5 = fc915a2e66d282e524af6ef939042d7d
libnetfilter_queue-0.0.13.tar.bz2_MD5 = 660cbfd3dc8c10bf9b1803cd2b688256

12
lfs/linux
View File

@@ -50,14 +50,14 @@ endif
objects =$(DL_FILE) \
mISDN-CVS-2007-01-26.tar.bz2 \
squashfs3.2-r2.tar.gz \
iptables-1.3.7.tar.bz2 \
iptables-1.3.5.tar.bz2 \
patch-o-matic-ng-20061210.tar.bz2 \
netfilter-layer7-v2.9.tar.gz \
patch-2.6.16-nath323-1.3.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
patch-o-matic-ng-20061210.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20061210.tar.bz2
iptables-1.3.7.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.7.tar.bz2
iptables-1.3.5.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.5.tar.bz2
netfilter-layer7-v2.9.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.9.tar.gz
patch-2.6.16-nath323-1.3.bz2 = $(URL_IPFIRE)/patch-2.6.16-nath323-1.3.bz2
squashfs3.2-r2.tar.gz = $(URL_IPFIRE)/squashfs3.2-r2.tar.gz
@@ -65,7 +65,7 @@ mISDN-CVS-2007-01-26.tar.bz2 = $(URL_IPFIRE)/mISDN-CVS-2007-01-26.tar.bz2
$(DL_FILE)_MD5 = 87e998bb87839b962702815dd5aecc73
patch-o-matic-ng-20061210.tar.bz2_MD5 = 76edac76301b45f89e467b41c8cf4393
iptables-1.3.7.tar.bz2_MD5 = dd965bdacbb86ce2a6498829fddda6b7
iptables-1.3.5.tar.bz2_MD5 = 00fb916fa8040ca992a5ace56d905ea5
netfilter-layer7-v2.9.tar.gz_MD5 = ebf9043a5352ebe6dbd721989ef83dee
patch-2.6.16-nath323-1.3.bz2_MD5 = f926409ff703a307baf54b57ab75d138
squashfs3.2-r2.tar.gz_MD5 = bf360b92eba9e6d5610196ce2e02fcd1
@@ -124,8 +124,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Patch-o-matic
cd $(DIR_SRC) && rm -rf iptables-* patch-o-matic*
cd $(DIR_SRC) && tar xfj $(DIR_DL)/iptables-1.3.7.tar.bz2
cd $(DIR_SRC) && ln -sf iptables-1.3.7 iptables
cd $(DIR_SRC) && tar xfj $(DIR_DL)/iptables-1.3.5.tar.bz2
cd $(DIR_SRC) && ln -sf iptables-1.3.5 iptables
cd $(DIR_SRC) && tar xfj $(DIR_DL)/patch-o-matic-ng-20061210.tar.bz2
cd $(DIR_SRC)/patch-o-matic-ng* && \
./runme --batch --kernel-path=$(ROOT)/usr/src/$(THISAPP)/ \
@@ -151,7 +151,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
ifeq "$(SMP)" ""
# Only do this once on the non-SMP pass
cd $(DIR_SRC) && tar czf $(DIR_DL)/iptables-fixed.tar.gz iptables-1.3.7
cd $(DIR_SRC) && tar czf $(DIR_DL)/iptables-fixed.tar.gz iptables-1.3.5
endif
# Bootsplash

24
src/initscripts/init.d/firewall
View File

@@ -151,6 +151,14 @@ case "$1" in
# Accept everything connected
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
/sbin/iptables -N IPSECVIRTUAL
/sbin/iptables -N OPENSSLVIRTUAL
/sbin/iptables -A INPUT -j IPSECVIRTUAL
/sbin/iptables -A INPUT -j OPENSSLVIRTUAL
/sbin/iptables -A FORWARD -j IPSECVIRTUAL
/sbin/iptables -A FORWARD -j OPENSSLVIRTUAL
# localhost and ethernet.
/sbin/iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
@@ -167,19 +175,17 @@ case "$1" in
# we end up with orange -> orange traffic passing through IPFire
[ "$ORANGE_DEV" != "" ] && /sbin/iptables -A FORWARD -i $ORANGE_DEV -o $ORANGE_DEV -m state --state NEW -j ACCEPT
# accept all traffic from ipsec interfaces
/sbin/iptables -A INPUT -i ipsec+ -j ACCEPT
/sbin/iptables -A FORWARD -i ipsec+ -j ACCEPT
# allow DHCP on BLUE to be turned on/off
/sbin/iptables -N DHCPBLUEINPUT
/sbin/iptables -A INPUT -j DHCPBLUEINPUT
# IPSec chains
/sbin/iptables -N IPSECRED
/sbin/iptables -A INPUT -j IPSECRED
/sbin/iptables -N IPSECBLUE
/sbin/iptables -A INPUT -j IPSECBLUE
# IPSec
/sbin/iptables -N IPSECPHYSICAL
/sbin/iptables -A INPUT -j IPSECPHYSICAL
# OPenSSL
/sbin/iptables -N OPENSSLPHYSICAL
/sbin/iptables -A INPUT -j OPENSSLPHYSICAL
# WIRELESS chains
/sbin/iptables -N WIRELESSINPUT

4
src/install+setup/install/main.c
View File

@@ -547,9 +547,9 @@ int main(int argc, char *argv[])
if (strlen(driver) > 1) {
fprintf(flog, "Fixing up ipfirerd.img\n");
mkdir("/harddisk/initrd", S_IRWXU|S_IRWXG|S_IRWXO);
snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitrd -v --with=scsi_mod %s --with=sd_mod --with=sr_mod /boot/ipfirerd.img %s-ipfire", driver, KERNEL_VERSION);
snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitrd --with=scsi_mod %s --with=sd_mod --with=sr_mod /boot/ipfirerd.img %s-ipfire", driver, KERNEL_VERSION);
runcommandwithstatus(commandstring, ctr[TR_BUILDING_INITRD]);
snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitrd -v --with=scsi_mod %s --with=sd_mod --with=sr_mod /boot/ipfirerd-smp.img %s-ipfire-smp", driver, KERNEL_VERSION);
snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitrd --with=scsi_mod %s --with=sd_mod --with=sr_mod /boot/ipfirerd-smp.img %s-ipfire-smp", driver, KERNEL_VERSION);
runcommandwithstatus(commandstring, ctr[TR_BUILDING_INITRD]);
mysystem("/sbin/chroot /harddisk /bin/mv /boot/grub/scsigrub.conf /boot/grub/grub.conf");
}

5
src/misc-progs/Makefile
View File

@@ -11,7 +11,7 @@ SUID_PROGS = setdmzholes setportfw setfilters setxtaccess restartdhcp restartsno
restartapplejuice setdate rebuildhosts \
restartsyslogd logwatch openvpnctrl timecheckctrl \
restartwireless getipstat qosctrl launch-ether-wake \
redctrl extrahdctrl sambactrl
redctrl extrahdctrl sambactrl upnpctrl
install : all
install -m 755 $(PROGS) /usr/local/bin
@@ -48,6 +48,9 @@ redctrl: redctrl.c setuid.o ../install+setup/libsmooth/varval.o
extrahdctrl: extrahdctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ extrahdctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
upnpctrl: upnpctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ upnpctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
sambactrl: sambactrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ sambactrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@

540
src/misc-progs/ipsecctrl.c
View File

@@ -3,8 +3,6 @@
* File originally from the Smoothwall project
* (c) 2001 Smoothwall Team
*
* $Id: ipsecctrl.c,v 1.5.2.14 2005/05/15 12:58:28 rkerr Exp $
*
*/
#include "libsmooth.h"
@@ -17,6 +15,40 @@
#include <signal.h>
#include "setuid.h"
/*
This module is responsible for start stop of the vpn system.
1) it allows AH & ESP to get in from interface where a vpn is mounted
The NAT traversal is used on the udp 4500 port.
2) it starts the ipsec daemon
The RED interface is a problem because it can be up or down a startup.
Then, the state change and it must not affect other VPN mounted on
other interface.
Unfortunatly, openswan 1 cannot do that correctly. It cannot use an
interface without restarting everything.
IPCop should control vpn this way:
rc.netaddrsesup.up
call ipsecctrl once to start vpns on all interface
RED based vpn won't start because "auto=ignore" instead off "auto=start"
rc.updatered
call ipsectrl to turn on or off vpn based on RED
but now it is only:
rc.updatered
call ipsectrl S at every event on RED.
Consequence: BLUE vpn is not started until RED goes up.
*/
#define phystable "IPSECPHYSICAL"
#define virtualtable "IPSECVIRTUAL"
void usage() {
fprintf (stderr, "Usage:\n");
fprintf (stderr, "\tipsecctrl S [connectionkey]\n");
@@ -27,43 +59,66 @@ void usage() {
fprintf (stderr, "\t\tR : Reload Certificates and Secrets\n");
}
void loadalgmodules() {
void load_modules() {
safe_system("/sbin/modprobe ipsec");
}
void ipsecrules(char *chain, char *interface)
{
/*
ACCEPT the ipsec protocol ah, esp & udp (for nat traversal) on the specified interface
*/
void open_physical (char *interface, int nat_traversal_port) {
char str[STRING_SIZE];
sprintf(str, "/sbin/iptables -A %s -p 47 -i %s -j ACCEPT", chain, interface);
// GRE ???
sprintf(str, "/sbin/iptables -A " phystable " -p 47 -i %s -j ACCEPT", interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A %s -p 50 -i %s -j ACCEPT", chain, interface);
// ESP
sprintf(str, "/sbin/iptables -A " phystable " -p 50 -i %s -j ACCEPT", interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A %s -p 51 -i %s -j ACCEPT", chain, interface);
// AH
sprintf(str, "/sbin/iptables -A " phystable " -p 51 -i %s -j ACCEPT", interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A %s -p udp -i %s --sport 500 --dport 500 -j ACCEPT", chain, interface);
// IKE
sprintf(str, "/sbin/iptables -A " phystable " -p udp -i %s --sport 500 --dport 500 -j ACCEPT", interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A %s -p udp -i %s --dport 4500 -j ACCEPT", chain, interface);
if (! nat_traversal_port)
return;
sprintf(str, "/sbin/iptables -A " phystable " -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
safe_system(str);
}
void addaliasinterfaces(char *configtype, char *redtype, char *redif, char *enablered, char*enableblue)
/*
Basic control for what can flow from/to ipsecX interfaces.
rc.firewall call this chain just before ACCEPTing everything
from green (-i DEV_GREEN -j ACCEPT).
*/
void open_virtual (void) {
// allow anything from any ipsec to go on all interface, including other ipsec
safe_system("/sbin/iptables -A " virtualtable " -i ipsec+ -j ACCEPT");
//todo: BOT extension?; allowing ipsec0<<==port-list-filter==>>GREEN ?
}
void ipsec_norules() {
/* clear input rules */
safe_system("/sbin/iptables -F " phystable);
safe_system("/sbin/iptables -F " virtualtable);
// unmap red alias ????
}
void add_alias_interfaces(char *configtype,
char *redtype,
char *redif,
int offset) //reserve room for ipsec0=red, ipsec1=green, ipsec2=orange,ipsec3=blue
{
FILE *file = NULL;
char s[STRING_SIZE];
char *sptr;
char *aliasip=NULL;
char *enabled=NULL;
char *comment=NULL;
int count=0;
int alias=0;
int add=0;
if ( strcmp(enablered, "on") == 0 )
add += 1;
if ( strcmp(enableblue, "on") == 0 )
add += 1;
/* Check for CONFIG_TYPE=2 or 3 i.e. RED ethernet present. If not,
* exit gracefully. This is not an error... */
if (!((strcmp(configtype, "2")==0) || (strcmp(configtype, "3")==0) || (strcmp(configtype, "6")==0) || (strcmp(configtype, "7")==0)))
@@ -79,16 +134,15 @@ void addaliasinterfaces(char *configtype, char *redtype, char *redif, char *enab
fprintf(stderr, "Unable to open aliases configuration file\n");
return;
}
while (fgets(s, STRING_SIZE, file) != NULL && (add+alias) < 16)
while (fgets(s, STRING_SIZE, file) != NULL && (offset+alias) < 16 )
{
if (s[strlen(s) - 1] == '\n')
s[strlen(s) - 1] = '\0';
sptr = strtok(s, ",");
count = 0;
aliasip = NULL;
enabled = NULL;
comment = NULL;
int count = 0;
char *aliasip=NULL;
char *enabled=NULL;
char *comment=NULL;
char *sptr = strtok(s, ",");
while (sptr)
{
if (count == 0)
@@ -113,213 +167,333 @@ void addaliasinterfaces(char *configtype, char *redtype, char *redif, char *enab
if (strcmp(enabled, "on") == 0)
{
memset(s, 0, STRING_SIZE);
snprintf(s, STRING_SIZE-1, "/usr/sbin/ipsec tncfg --attach --virtual ipsec%d --physical %s:%d >/dev/null", alias+add, redif, alias);
snprintf(s, STRING_SIZE-1, "/usr/sbin/ipsec tncfg --attach --virtual ipsec%d --physical %s:%d >/dev/null", offset+alias, redif, alias);
safe_system(s);
alias++;
}
}
}
/*
return values from the vpn config file or false if not 'on'
*/
int decode_line (char *s,
char **key,
char **name,
char **type,
char **interface
) {
int count = 0;
*key = NULL;
*name = NULL;
*type = NULL;
if (s[strlen(s) - 1] == '\n')
s[strlen(s) - 1] = '\0';
char *result = strsep(&s, ",");
while (result) {
if (count == 0)
*key = result;
if ((count == 1) && strcmp(result, "on") != 0)
return 0; // a disabled line
if (count == 2)
*name = result;
if (count == 4)
*type = result;
if (count == 27)
*interface = result;
count++;
result = strsep(&s, ",");
}
// check other syntax
if (! *name)
return 0;
if (strspn(*name, LETTERS_NUMBERS) != strlen(*name)) {
fprintf(stderr, "Bad connection name: %s\n", *name);
return 0;
}
if (! (strcmp(*type, "host") == 0 || strcmp(*type, "net") == 0)) {
fprintf(stderr, "Bad connection type: %s\n", *type);
return 0;
}
if (! (strcmp(*interface, "RED") == 0 || strcmp(*interface, "GREEN") == 0 ||
strcmp(*interface, "ORANGE") == 0 || strcmp(*interface, "BLUE") == 0)) {
fprintf(stderr, "Bad interface name: %s\n", *interface);
return 0;
}
//it's a valid & active line
return 1;
}
/*
issue ipsec commmands to turn on connection 'name'
*/
void turn_connection_on (char *name, char *type) {
char command[STRING_SIZE];
safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --replace %s >/dev/null", name);
safe_system(command);
if (strcmp(type, "net") == 0) {
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --asynchronous --up %s >/dev/null", name);
safe_system(command);
}
}
/*
issue ipsec commmands to turn off connection 'name'
*/
void turn_connection_off (char *name) {
char command[STRING_SIZE];
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --down %s >/dev/null", name);
safe_system(command);
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --delete %s >/dev/null", name);
safe_system(command);
safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
}
int main(int argc, char *argv[]) {
int count;
char s[STRING_SIZE];
char configtype[STRING_SIZE];
char redtype[STRING_SIZE] = "";
char command[STRING_SIZE];
char *result;
char *key;
char *enabled;
char *name;
char *type;
char *running;
FILE *file = NULL;
struct keyvalue *kv = NULL;
char enablered[STRING_SIZE] = "off";
char enableblue[STRING_SIZE] = "off";
char redif[STRING_SIZE] = "";;
char blueif[STRING_SIZE] = "";
FILE *ifacefile = NULL;
if (!(initsetuid()))
exit(1);
if (argc < 2) {
usage();
exit(1);
}
if (!(initsetuid()))
exit(1);
/* FIXME: workaround for pclose() issue - still no real idea why
* this is happening */
signal(SIGCHLD, SIG_DFL);
/* Init the keyvalue structure */
kv=initkeyvalues();
/* handle operations that doesn't need start the ipsec system */
if (argc == 2) {
if (strcmp(argv[1], "D") == 0) {
safe_system("/usr/local/bin/vpn-watch --stop");
ipsec_norules();
/* Only shutdown pluto if it really is running */
int fd;
/* Get pluto pid */
if ((fd = open("/var/run/pluto.pid", O_RDONLY)) != -1) {
safe_system("/etc/rc.d/ipsec stop 2> /dev/null >/dev/null");
close(fd);
}
exit(0);
}
/* Read in the current values */
if (strcmp(argv[1], "R") == 0) {
safe_system("/usr/sbin/ipsec auto --rereadall");
exit(0);
}
}
/* stop the watch script as soon as possible */
safe_system("/usr/local/bin/vpn-watch --stop");
/* clear iptables vpn rules */
ipsec_norules();
/* read vpn config */
kv=initkeyvalues();
if (!readkeyvalues(kv, CONFIG_ROOT "/vpn/settings"))
{
fprintf(stderr, "Cannot read vpn settings\n");
exit(1);
}
findkey(kv, "ENABLED", enablered);
findkey(kv, "ENABLED_BLUE", enableblue);
/* check is the vpn system is enabled */
{
char s[STRING_SIZE];
findkey(kv, "ENABLED", s);
freekeyvalues(kv);
if (strcmp (s, "on") != 0)
exit(0);
}
freekeyvalues(kv);
/* read interface settings */
kv=initkeyvalues();
if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
{
fprintf(stderr, "Cannot read ethernet settings\n");
exit(1);
}
if (!findkey(kv, "CONFIG_TYPE", configtype))
{
fprintf(stderr, "Cannot read CONFIG_TYPE\n");
exit(1);
}
findkey(kv, "RED_TYPE", redtype);
findkey(kv, "BLUE_DEV", blueif);
/* Loop through the config file to find physical interface that will accept IPSEC */
int enable_red=0; // states 0: not used
int enable_green=0; // 1: error condition
int enable_orange=0; // 2: good
int enable_blue=0;
char if_red[STRING_SIZE] = "";
char if_green[STRING_SIZE] = "";
char if_orange[STRING_SIZE] = "";
char if_blue[STRING_SIZE] = "";
char s[STRING_SIZE];
FILE *file = NULL;
if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
fprintf(stderr, "Couldn't open vpn settings file");
exit(1);
}
while (fgets(s, STRING_SIZE, file) != NULL) {
char *key;
char *name;
char *type;
char *interface;
if (!decode_line(s,&key,&name,&type,&interface))
continue;
/* search interface */
if (!enable_red && strcmp (interface, "RED") == 0) {
// when RED is up, find interface name in special file
FILE *ifacefile = NULL;
if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r"))) {
if (fgets(if_red, STRING_SIZE, ifacefile)) {
if (if_red[strlen(if_red) - 1] == '\n')
if_red[strlen(if_red) - 1] = '\0';
}
fclose (ifacefile);
if (VALID_DEVICE(if_red))
enable_red+=2; // present and running
}
}
if (!enable_green && strcmp (interface, "GREEN") == 0) {
enable_green = 1;
findkey(kv, "GREEN_DEV", if_green);
if (VALID_DEVICE(if_green))
enable_green++;
else
fprintf(stderr, "IPSec enabled on green but green interface is invalid or not found\n");
}
if (!enable_orange && strcmp (interface, "ORANGE") == 0) {
enable_orange = 1;
findkey(kv, "ORANGE_DEV", if_orange);
if (VALID_DEVICE(if_orange))
enable_orange++;
else
fprintf(stderr, "IPSec enabled on orange but orange interface is invalid or not found\n");
}
if (!enable_blue && strcmp (interface, "BLUE") == 0) {
enable_blue++;
findkey(kv, "BLUE_DEV", if_blue);
if (VALID_DEVICE(if_blue))
enable_blue++;
else
fprintf(stderr, "IPSec enabled on blue but blue interface is invalid or not found\n");
}
}
fclose(file);
freekeyvalues(kv);
memset(redif, 0, STRING_SIZE);
if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))
{
if (fgets(redif, STRING_SIZE, ifacefile))
{
if (redif[strlen(redif) - 1] == '\n')
redif[strlen(redif) - 1] = '\0';
}
fclose (ifacefile);
ifacefile = NULL;
// do nothing if something is in error condition
if ((enable_red==1) || (enable_green==1) || (enable_orange==1) || (enable_blue==1) )
exit(1);
if (!VALID_DEVICE(redif))
{
memset(redif, 0, STRING_SIZE);
}
}
// exit if nothing to do
if ( (enable_red+enable_green+enable_orange+enable_blue) == 0 )
exit(0);
safe_system("/sbin/iptables -F IPSECRED");
if (!strcmp(enablered, "on") && strlen(redif)) {
ipsecrules("IPSECRED", redif);
}
// open needed ports
// todo: read a nat_t indicator to allow or not openning UDP/4500
if (enable_red==2)
open_physical(if_red, 4500);
safe_system("/sbin/iptables -F IPSECBLUE");
if (!strcmp(enableblue, "on")) {
if (VALID_DEVICE(blueif))
ipsecrules("IPSECBLUE", blueif);
else
{
fprintf(stderr, "IPSec enabled on blue but blue interface is invalid or not found\n");
exit(1);
}
}
if (enable_green==2)
open_physical(if_green, 4500);
/* Only shutdown pluto if it really is running */
if (argc == 2) {
if (strcmp(argv[1], "D") == 0) {
int fd;
/* Get pluto pid */
if ((fd = open("/var/run/pluto.pid", O_RDONLY)) != -1) {
safe_system("/etc/rc.d/init.d/ipsec stop 2> /dev/null >/dev/null");
close(fd);
}
}
}
if (enable_orange==2)
open_physical(if_orange, 4500);
if ((strcmp(enablered, "on") || !strlen(redif)) && strcmp(enableblue, "on"))
if (enable_blue==2)
open_physical(if_blue, 4500);
// then open the ipsecX
open_virtual();
// start the system
if ((argc == 2) && strcmp(argv[1], "S") == 0) {
load_modules();
safe_system("/usr/sbin/ipsec tncfg --clear >/dev/null");
safe_system("/etc/rc.d/ipsec restart >/dev/null");
add_alias_interfaces(configtype, redtype, if_red, (enable_red+enable_green+enable_orange+enable_blue) >>1 );
safe_system("/usr/local/bin/vpn-watch --start");
exit(0);
}
if (argc == 2) {
if (strcmp(argv[1], "S") == 0) {
loadalgmodules();
safe_system("/usr/sbin/ipsec tncfg --clear >/dev/null");
safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null");
addaliasinterfaces(configtype, redtype, redif, enablered, enableblue);
} else if (strcmp(argv[1], "R") == 0) {
safe_system("/usr/sbin/ipsec auto --rereadall");
} else {
fprintf(stderr, "Bad arg\n");
usage();
exit(1);
}
} else if (strspn(argv[2], NUMBERS) == strlen(argv[2])) {
if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
fprintf(stderr, "Couldn't open vpn settings file");
exit(1);
}
while (fgets(s, STRING_SIZE, file) != NULL) {
if (s[strlen(s) - 1] == '\n')
s[strlen(s) - 1] = '\0';
running = strdup (s);
result = strsep(&running, ",");
count = 0;
key = NULL;
name = NULL;
enabled = NULL;
type = NULL;
while (result) {
if (count == 0)
key = result;
if (count == 1)
enabled = result;
if (count == 2)
name = result;
if (count == 4)
type = result;
count++;
result = strsep(&running, ",");
}
if (strcmp(key, argv[2]) != 0)
continue;
if (!(name && enabled))
continue;
if (strspn(name, LETTERS_NUMBERS) != strlen(name)) {
fprintf(stderr, "Bad connection name: %s\n", name);
goto EXIT;
}
if (! (strcmp(type, "host") == 0 || strcmp(type, "net") == 0)) {
fprintf(stderr, "Bad connection type: %s\n", type);
goto EXIT;
}
if (strcmp(argv[1], "S") == 0 && strcmp(enabled, "on") == 0) {
safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --replace %s >/dev/null", name);
safe_system(command);
if (strcmp(type, "net") == 0) {
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --asynchronous --up %s >/dev/null", name);
safe_system(command);
}
} else if (strcmp(argv[1], "D") == 0) {
safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --down %s >/dev/null", name);
safe_system(command);
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec auto --delete %s >/dev/null", name);
safe_system(command);
}
}
} else {
// it is a selective start or stop
// second param is only a number 'key'
if ((argc == 2) || strspn(argv[2], NUMBERS) != strlen(argv[2])) {
ipsec_norules();
fprintf(stderr, "Bad arg\n");
usage();
exit(1);
}
EXIT:
if (file)
fclose(file);
// search the vpn pointed by 'key'
if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
ipsec_norules();
fprintf(stderr, "Couldn't open vpn settings file");
exit(1);
}
while (fgets(s, STRING_SIZE, file) != NULL) {
char *key;
char *name;
char *type;
char *interface;
if (!decode_line(s,&key,&name,&type,&interface))
continue;
// start/stop a vpn if belonging to specified interface
if (strcmp(argv[1], interface) == 0 ) {
if (strcmp(argv[2], "0")==0)
turn_connection_off (name);
else
turn_connection_on (name, type);
continue;
}
// is it the 'key' requested ?
if (strcmp(argv[2], key) != 0)
continue;
// Start or Delete this Connection
if (strcmp(argv[1], "S") == 0)
turn_connection_on (name, type);
else
if (strcmp(argv[1], "D") == 0)
turn_connection_off (name);
else {
ipsec_norules();
fprintf(stderr, "Bad command\n");
exit(1);
}
}
fclose(file);
safe_system("/usr/local/bin/vpn-watch --start");
return 0;
}

36
src/misc-progs/sambactrl.c
View File

@@ -27,7 +27,6 @@ int main(int argc, char *argv[])
{
snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -d %s", argv[2]);
safe_system(command);
printf(command);
return 0;
}
@@ -35,7 +34,6 @@ int main(int argc, char *argv[])
{
snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -e %s", argv[2]);
safe_system(command);
printf(command);
return 0;
}
@@ -43,10 +41,8 @@ int main(int argc, char *argv[])
{
snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -x %s", argv[2]);
safe_system(command);
printf(command);
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/userdel %s", argv[2]);
safe_system(command);
printf(command);
return 0;
}
@@ -56,10 +52,17 @@ int main(int argc, char *argv[])
return 0;
}
if (strcmp(argv[1], "smbsafeconfpdc")==0)
{
safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
return 0;
}
if (strcmp(argv[1], "smbglobalreset")==0)
{
safe_system("/bin/cat /var/ipfire/samba/default.global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
safe_system("/bin/cat /var/ipfire/samba/default.settings > /var/ipfire/samba/settings");
safe_system("/bin/cat /var/ipfire/samba/default.global > /var/ipfire/samba/global");
return 0;
}
@@ -85,9 +88,19 @@ int main(int argc, char *argv[])
return 0;
}
if (strcmp(argv[1], "smbstatus")==0)
{
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/smbstatus");
safe_system(command);
printf(command);
return 0;
}
if (strcmp(argv[1], "smbuseradd")==0)
{
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -d /opt/samba -g 2110 -p %s -s /bin/false %s", argv[3], argv[2]);
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambauser");
safe_system(command);
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -m -g %s -p %s -s %s %s", argv[4], argv[3], argv[5], argv[2]);
safe_system(command);
printf(command);
snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s", argv[3], argv[3], argv[2]);
@@ -96,6 +109,19 @@ int main(int argc, char *argv[])
return 0;
}
if (strcmp(argv[1], "smbpcadd")==0)
{
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambawks");
safe_system(command);
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba Workstation' -g %s -s %s %s", argv[3], argv[4], argv[2]);
safe_system(command);
printf(command);
snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -a -m %s", argv[2]);
safe_system(command);
printf(command);
return 0;
}
if (strcmp(argv[1], "smbchangepw")==0)
{
snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s", argv[3], argv[3], argv[2]);

47
src/misc-progs/upnpctrl.c Normal file
View File

@@ -0,0 +1,47 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>
#include "setuid.h"
#define BUFFER_SIZE 1024
char command[BUFFER_SIZE];
int main(int argc, char *argv[])
{
if (!(initsetuid()))
exit(1);
// Check what command is asked
if (argc==1)
{
fprintf (stderr, "Missing upnpctrl command!\n");
return 1;
}
if (strcmp(argv[1], "start")==0)
{
snprintf(command, BUFFER_SIZE-1, "route add -net 239.0.0.0 netmask 255.0.0.0 %s", argv[2]);
safe_system(command);
printf(command);
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/upnpd %s %s", argv[2], argv[3] );
safe_system(command);
printf(command);
return 0;
}
if (strcmp(argv[1], "stop")==0)
{
snprintf(command, BUFFER_SIZE-1, "killall upnpd");
safe_system(command);
printf(command);
snprintf(command, BUFFER_SIZE-1, "route del -net 239.0.0.0 netmask 255.0.0.0 %s", argv[2]);
safe_system(command);
printf(command);
return 0;
}
}