Advanced Proxy - Web Access Manager

#!/usr/bin/perl ############################################################################### # # # IPFire.org - A linux based firewall # # Copyright (C) 2007 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see . # # # ############################################################################### use strict; #usable only the following on debugging purpose #use warnings; #use CGI::Carp 'fatalsToBrowser'; use CGI; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; my $swroot = "/var/ipfire"; my $apdir = "$swroot/proxy/advanced"; my $group_def_file = "$apdir/cre/classrooms"; my $svhosts_file = "$apdir/cre/supervisors"; my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl"; my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl"; my $banner = "A D V A N C E D P R O X Y - W E B A C C E S S M A N A G E R"; my %cgiparams; my %proxysettings; my %temp; my %acl=(); my @group_defs=(); my @groups=(); ### Initialize environment &readhash("${swroot}/proxy/advanced/settings", \%proxysettings); ### Initialize language require "${swroot}/lang.pl"; &getcgihash(\%cgiparams); &read_all_groups; &read_acl_groups; foreach (@groups) { if ($cgiparams{$_} eq $Lang::tr{'advproxy mode deny'}) { $acl{$_}='on'; } if ($cgiparams{$_} eq $Lang::tr{'advproxy mode allow'}) { $acl{$_}='off'; } } &read_all_groups; my $is_supervisor=0; if ((-e $svhosts_file) && (!-z $svhosts_file)) { open (FILE, $svhosts_file); while () { chomp; if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; } } close (FILE); } else { $is_supervisor=1; } if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor)) { if ( ($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) || ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))) { &write_acl; &General::system("/usr/local/bin/squidctrl", "restart"); } } &read_acl_groups; #undef(%cgiparams); # ------------------------------------------------------------------- print < Advanced Proxy - Web Access Manager

END ; if ($proxysettings{'CLASSROOM_EXT'} eq 'on') { if (@groups) { print < END ; } else { print " \n"; print " \n"; print " \n"; } } else { print " \n"; print " \n"; print " \n"; } print <

$banner

END ; if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))) { print < $Lang::tr{'advproxy supervisor password'}: END ; } print <

END ; foreach (@groups) { if ($is_supervisor) { print""; } else { print"
"; } print "\n"; if ((defined($acl{$_})) && ($acl{$_} eq 'on')) { print " \n"; } else { print "\n"; } } print "\n"; print "
$_"; } else { print " $_"; } if ($is_supervisor) { if ((defined($acl{$_})) && ($acl{$_} eq 'on')) { print " "; print ""; print " "; print ""; print "
\n"; print""; print "\n"; print "
\n"; } print <

\n"; print " $Lang::tr{'advproxy no cre groups'}\n"; print "

\n"; print " $Lang::tr{'advproxy cre disabled'}\n"; print "

Advanced Proxy running on IPFire

END ; # ------------------------------------------------------------------- sub readhash { my $filename = $_[0]; my $hash = $_[1]; my ($var, $val); if (-e $filename) { open(FILE, $filename) or die "Unable to read file $filename"; while () { chop; ($var, $val) = split /=/, $_, 2; if ($var) { $val =~ s/^\'//g; $val =~ s/\'$//g; # Untaint variables read from hash $var =~ /([A-Za-z0-9_-]*)/; $var = $1; $val =~ /([\w\W]*)/; $val = $1; $hash->{$var} = $val; } } close FILE; } } # ------------------------------------------------------------------- sub getcgihash { my ($hash, $params) = @_; my $cgi = CGI->new (); return if ($ENV{'REQUEST_METHOD'} ne 'POST'); if (!$params->{'wantfile'}) { $CGI::DISABLE_UPLOADS = 1; $CGI::POST_MAX = 512 * 1024; } else { $CGI::POST_MAX = 10 * 1024 * 1024; } $cgi->referer() =~ m/^https?\:\/\/([^\/]+)/; my $referer = $1; $cgi->url() =~ m/^https?\:\/\/([^\/]+)/; my $servername = $1; return if ($referer ne $servername); ### Modified for getting multi-vars, split by | %temp = $cgi->Vars(); foreach my $key (keys %temp) { $hash->{$key} = $temp{$key}; $hash->{$key} =~ s/\0/|/g; $hash->{$key} =~ s/^\s*(.*?)\s*$/$1/; } if (($params->{'wantfile'})&&($params->{'filevar'})) { $hash->{$params->{'filevar'}} = $cgi->upload ($params->{'filevar'}); } return; } # ------------------------------------------------------------------- sub read_acl_groups { undef(%acl); open (FILE,"$acl_src_noaccess_ips"); my @aclgroups = ; close (FILE); foreach (@aclgroups) { chomp; if (/^\#/) { s/^\# //; $acl{$_}='on'; } } } # ------------------------------------------------------------------- sub read_all_groups { my $grpstr; open (FILE,"$group_def_file"); @group_defs = ; close (FILE); undef(@groups); foreach (@group_defs) { chomp; if (/^\s*\[.*\]\s*$/) { $grpstr=$_; $grpstr =~ s/^\s*\[\s*//; $grpstr =~ s/\s*\]\s*$//; push(@groups,$grpstr); } } } # ------------------------------------------------------------------- sub write_acl { my $is_blocked=0; open (FILE_IPS,">$acl_src_noaccess_ips"); open (FILE_MAC,">$acl_src_noaccess_mac"); flock (FILE_IPS, 2); flock (FILE_MAC, 2); foreach (@group_defs) { if (/^\s*\[.*\]\s*$/) { s/^\s*\[\s*//; s/\s*\]\s*$//; if ((defined($acl{$_})) && ($acl{$_} eq 'on')) { print FILE_IPS "# $_\n"; print FILE_MAC "# $_\n"; $is_blocked=1; } else { $is_blocked=0; } } elsif (($is_blocked) && ($_)) { s/^\s+//g; s/\s+$//g; /^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n"; } } close (FILE_IPS); close (FILE_MAC); } # -------------------------------------------------------------------