webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

Browse Source
This commit is contained in:
Michael Tremer
2013-07-15 22:05:12 +02:00
parent a610e13655 c50ba483d2
commit 920cc72333
40 changed files with 2109 additions and 273 deletions
Download Patch File Download Diff File Expand all files Collapse all files

359
html/cgi-bin/dnsforward.cgi Normal file
View File

@@ -0,0 +1,359 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 IPFire Development Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colouryellow} );
undef (@dummy);
my %cgiparams=();
my %checked=();
my %selected=();
my $errormessage = '';
my $filename = "${General::swroot}/dnsforward/config";
my $changed = 'no';
my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
&Header::showhttpheaders();
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'ACTION'} = '';
$cgiparams{'ZONE'} = '';
$cgiparams{'FORWARD_SERVER'} = '';
$cgiparams{'REMARK'} ='';
&Header::getcgihash(\%cgiparams);
open(FILE, $filename) or die 'Unable to open config file.';
my @current = <FILE>;
close(FILE);
###
# Add / Edit entries.
#
if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
{
# Check if the entered domainname is valid.
unless (&General::validdomainname($cgiparams{'ZONE'})) {
$errormessage = $Lang::tr{'invalid domain name'};
}
# Check if the settings for the forward server are valid.
unless(&General::validip($cgiparams{'FORWARD_SERVER'})) {
$errormessage = $Lang::tr{'invalid ip'};
}
# Go further if there was no error.
if ( ! $errormessage)
{
# Check if a remark has been entered.
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
# Check if we want to edit an existing or add a new entry.
if($cgiparams{'EDITING'} eq 'no') {
open(FILE,">>$filename") or die 'Unable to open config file.';
flock FILE, 2;
print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVER'},$cgiparams{'REMARK'}\n";
} else {
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
my $id = 0;
foreach my $line (@current)
{
$id++;
if ($cgiparams{'EDITING'} eq $id) {
print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVER'},$cgiparams{'REMARK'}\n";
} else { print FILE "$line"; }
}
}
close(FILE);
undef %cgiparams;
$changed = 'yes';
} else {
# stay on edit mode if an error occur
if ($cgiparams{'EDITING'} ne 'no')
{
$cgiparams{'ACTION'} = $Lang::tr{'edit'};
$cgiparams{'ID'} = $cgiparams{'EDITING'};
}
}
# Restart dnsmasq.
system('/usr/local/bin/dnsmasqctrl restart >/dev/null');
}
###
# Remove existing entries.
#
if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})
{
my $id = 0;
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
foreach my $line (@current)
{
$id++;
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
}
close(FILE);
# Restart dnsmasq.
system('/usr/local/bin/dnsmasqctrl restart >/dev/null');
}
###
# Toggle Enable/Disable for entries.
#
if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})
{
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
my $id = 0;
foreach my $line (@current)
{
$id++;
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
else
{
chomp($line);
my @temp = split(/\,/,$line);
print FILE "$cgiparams{'ENABLE'},$temp[1],$temp[2],$temp[3]\n";
}
}
close(FILE);
# Restart dnsmasq.
system('/usr/local/bin/dnsmasqctrl restart >/dev/null');
}
###
# Read items for edit mode.
#
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})
{
my $id = 0;
foreach my $line (@current)
{
$id++;
if ($cgiparams{'ID'} eq $id)
{
chomp($line);
my @temp = split(/\,/,$line);
$cgiparams{'ENABLED'} = $temp[0];
$cgiparams{'ZONE'} = $temp[1];
$cgiparams{'FORWARD_SERVER'} = $temp[2];
$cgiparams{'REMARK'} = $temp[3];
}
}
}
$checked{'ENABLED'}{'off'} = '';
$checked{'ENABLED'}{'on'} = '';
$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
&Header::openpage($Lang::tr{'dnsforward configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
###
# Error messages layout.
#
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<class name='base'>$errormessage\n";
print "&nbsp;</class>\n";
&Header::closebox();
}
print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
my $buttontext = $Lang::tr{'add'};
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
&Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
$buttontext = $Lang::tr{'update'};
} else {
&Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
}
###
# Content of the main page.
#
print <<END
<table width='100%'>
<tr>
<td width='20%' class='base'><font>$Lang::tr{'dnsforward zone'}:</font></td>
<td><input type='text' name='ZONE' value='$cgiparams{'ZONE'}' size='24' /></td>
<td width='30%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
</tr>
<tr>
<td width='20%' class='base'><font>$Lang::tr{'dnsforward forward_server'}:</font></td>
<td><input type='text' name='FORWARD_SERVER' value='$cgiparams{'FORWARD_SERVER'}' size='24' /></td>
</tr>
</table>
<table width='100%'>
<tr>
<td width ='20%' class='base'><font class='boldbase'>$Lang::tr{'remark'}:</font>&nbsp;<img src='/blob.gif' alt='*' /></td>
<td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
</tr>
</table>
<hr>
<table width='100%'>
<tr>
<td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;<font class='base'>$Lang::tr{'this field may be blank'}</font></td>
<td width='40%' align='center'>
<input type='hidden' name='ACTION' value='$Lang::tr{'add'}' />
<input type='submit' name='SUBMIT' value='$buttontext' />
</td>
</tr>
</table>
END
;
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n";
} else {
print "<input type='hidden' name='EDITING' value='no' />\n";
}
&Header::closebox();
print "</form>\n";
###
# Existing rules.
#
&Header::openbox('100%', 'left', $Lang::tr{'dnsforward entries'});
print <<END
<table width='100%'>
<tr>
<td width='35%' class='boldbase' align='center'><b>$Lang::tr{'dnsforward zone'}</b></td>
<td width='30%' class='boldbase' align='center'><b>$Lang::tr{'dnsforward forward_server'}</b></td>
<td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
<td width='5%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>
</tr>
END
;
# If something has happened re-read config
if($cgiparams{'ACTION'} ne '' or $changed ne 'no')
{
open(FILE, $filename) or die 'Unable to open config file.';
@current = <FILE>;
close(FILE);
}
###
# Re-read entries and highlight selected item for editing.
#
my $id = 0;
foreach my $line (@current)
{
$id++;
chomp($line);
my @temp = split(/\,/,$line);
my $toggle = '';
my $gif = '';
my $gdesc = '';
my $toggle = '';
if($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {
print "<tr bgcolor='${Header::colouryellow}'>\n"; }
elsif ($id % 2) {
print "<tr bgcolor='$color{'color22'}'>\n"; }
else {
print "<tr bgcolor='$color{'color20'}'>\n"; }
if ($temp[0] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};}
else { $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; }
###
# Display edit page.
#
print <<END
<td align='center'>$temp[1]</td>
<td align='center'>$temp[2]</td>
<td align='center'>$temp[3]</td>
<td align='center'>
<form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
<input type='hidden' name='ID' value='$id' />
<input type='hidden' name='ENABLE' value='$toggle' />
<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
</form>
</td>
<td align='center'>
<form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
<input type='hidden' name='ID' value='$id' />
<input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
</form>
</td>
<td align='center'>
<form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
<input type='hidden' name='ID' value='$id' />
<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
</form>
</td>
</tr>
END
;
}
print "</table>\n";
###
# Print the legend at the bottom if there are any configured entries.
#
# Check if the file size is zero - no existing entries.
if ( ! -z "$filename") {
print <<END
<table>
<tr>
<td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
<td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
<td class='base'>$Lang::tr{'click to disable'}</td>
<td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
<td class='base'>$Lang::tr{'click to enable'}</td>
<td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
<td class='base'>$Lang::tr{'edit'}</td>
<td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
<td class='base'>$Lang::tr{'remove'}</td>
</tr>
</table>
END
;
}
&Header::closebox();
&Header::closebigbox();
&Header::closepage();

13
html/cgi-bin/ids.cgi
View File

@@ -263,9 +263,11 @@ if (-e "/etc/snort/snort.conf") {
####################### End added for snort rules control #################################
if ($snortsettings{'RULES'} eq 'subscripted') {
$url=" http://www.snort.org/sub-rules/snortrules-snapshot-2940.tar.gz/$snortsettings{'OINKCODE'}";
$url=" http://www.snort.org/sub-rules/snortrules-snapshot-2950.tar.gz/$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'registered') {
$url=" http://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/$snortsettings{'OINKCODE'}";
$url=" http://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz/$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'community') {
$url=" http://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz";
} else {
$url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz";
}
@@ -274,8 +276,9 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e
{
$errormessage = $Lang::tr{'invalid input for oink code'} unless (
($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/) ||
($snortsettings{'RULESTYPE'} eq 'nothing' ) ||
($snortsettings{'RULESTYPE'} eq 'community' ));
($snortsettings{'RULES'} eq 'nothing' ) ||
($snortsettings{'RULES'} eq 'emerging' ) ||
($snortsettings{'RULES'} eq 'community' ));
&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
if ($snortsettings{'ENABLE_SNORT'} eq 'on')
@@ -402,6 +405,7 @@ $checked{'ENABLE_GUARDIAN'}{'on'} = '';
$checked{'ENABLE_GUARDIAN'}{$snortsettings{'ENABLE_GUARDIAN'}} = "checked='checked'";
$selected{'RULES'}{'nothing'} = '';
$selected{'RULES'}{'community'} = '';
$selected{'RULES'}{'emerging'} = '';
$selected{'RULES'}{'registered'} = '';
$selected{'RULES'}{'subscripted'} = '';
$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";
@@ -515,6 +519,7 @@ print <<END
<tr>
<td><select name='RULES'>
<option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
<option value='emerging' $selected{'RULES'}{'emerging'} >$Lang::tr{'emerging rules'}</option>
<option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
<option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
<option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>

41
html/cgi-bin/proxy.cgi
View File

@@ -699,6 +699,16 @@ if (!$errormessage)
&read_acls;
}
# ------------------------------------------------------------------
# Hook to regenerate the configuration files, if cgi got called from command line.
if ($ENV{"REMOTE_ADDR"} eq "") {
writeconfig();
exit(0);
}
# -------------------------------------------------------------------
$checked{'ENABLE'}{'off'} = '';
$checked{'ENABLE'}{'on'} = '';
$checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
@@ -3061,12 +3071,6 @@ icp_port 0
END
;
# Include file with user defined settings.
if (-e "/etc/squid/squid.conf.pre.local") {
print FILE "include /etc/squid/squid.conf.pre.local\n\n";
}
print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
if ($proxysettings{'TRANSPARENT'} eq 'on') { print FILE " transparent" }
if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
@@ -3448,6 +3452,19 @@ END
close (ACL);
}
if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
# Check if squidclamav is enabled.
if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
print FILE "\n#Settings for squidclamav:\n";
print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'} transparent\n";
print FILE "acl to_localhost dst 127.0.0.0/8\n";
print FILE "acl purge method PURGE\n";
print FILE "http_access deny to_localhost\n";
print FILE "http_access allow localhost\n";
print FILE "http_access allow purge localhost\n";
print FILE "http_access deny purge\n";
print FILE "url_rewrite_access deny localhost\n";
}
print FILE <<END
#Access to squid:
@@ -3963,6 +3980,18 @@ END
print FILE "include /etc/squid/squid.conf.local\n";
}
close FILE;
# Proxy settings for squidclamav - if installed.
#
# Check if squidclamav is enabled.
if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
my $configfile='/etc/squidclamav.conf';
my $data = &General::read_file_utf8($configfile);
$data =~ s/squid_port [0-9]+/squid_port $proxysettings{'PROXY_PORT'}/g;
&General::write_file_utf8($configfile, $data);
}
}
# -------------------------------------------------------------------