#!/usr/bin/perl -w # # open firewall (one port) for some workstations # # Copyright 2000 August Hoerandl (august.hoerandl@gmx.at) # http://elina.htlw16.ac.at/~hoerandl # # This program is free software. You can redistribute it and/or modify # it under the terms of the GNU General Public License # # this script is used # - as a selection page (started as cgi from web server) # - as the answer page handling the data # - as a process to read the pipe and execute the commands (when started by root) # # INSTALL # put script onto web server and protect via password # create pipe (mkfifo) # owner: wwwrun (user which runs httpd) # only W for owner od pipe # -rwx------ 1 wwwrun root 6334 Mar 16 00:14 ws.cgi # p-w-r----- 1 wwwrun root 0 Mar 16 00:15 ws.pipe # start script as root to read pipe & execute commands # # Sample Apache Config (using Virtual Hosts): # NameVirtualHost 172.16.1.1 # # DocumentRoot /usr/local/httpd/squid # CustomLog /var/log/httpd/squid.access_log common # # AuthType Basic # AuthName anything # AuthUserFile /etc/squid.passwd # require valid-user # Options +ExecCGI # DirectoryIndex ws.cgi # # $| = 1; require "cgi-lib.pl"; $ver = 'v0.3 © 2000 August Hörandl'; # Defaults - Modify to point to the location of your list $wsfile = "ws.txt"; #$wsfile = "/etc/dhcpd.conf"; $LOG = "log.txt"; #$LOG = /var/log/httpd/squid.access_log # how to set the rules $IPCHAINS="/sbin/ipchains"; $DEV = "-i eth0"; $CHAIN = "squid"; $PORT = 3128; # for auto deactivate $AT = "/usr/bin/at"; # used to secure the pipe a little $secret="SX!H-348&§G"; $wspipe="ws.pipe"; # time values - end of classes $dauer{"Test - 1 Min"} = "now + 1 minutes"; $dauer{"1 Std"} = "now + 1 hours"; $dauer{"2 Std"} = "now + 2 hours"; $dauer{"4 Std"} = "now + 4 hours"; $dauer{"bis 8.40"} = "8:40"; $dauer{"bis 9.40"} = "9:30"; $dauer{"bis 10.30"} = "10:30"; $dauer{"bis 11.20"} = "11:20"; $dauer{"bis 12.10"} = "12:10"; $dauer{"bis 13.00"} = "13:00"; $dauer{"bis 13.50"} = "13:50"; $dauer{"bis 14.50"} = "14:50"; $dauer{"bis 15.40"} = "15:40"; $dauer{"bis 16.30"} = "16:30"; $dauer{"bis 17.20"} = "17:20"; $dauer{"bis 18.15"} = "18:15"; $dauer{"bis 19.00"} = "19:00"; $dauer{"bis 20.00"} = "20:00"; $dauer{"bis 20.45"} = "20:45"; $dauer{"bis 21.30"} = "21:30"; # ------------------------------------------------------------------ # no user serviceable parts below # ------------------------------------------------------------------ MAIN: { if ($< == 0) { &readpipe; } # Read in all the variables set by the form if (&ReadParse(*input)) { &ProcessForm; } else { &PrintForm; } } sub ProcessForm { # Print the header print &PrintHeader; print &HtmlTop ("SQUID - Access Control - Result"); select PIPE; $| = 1; select STDOUT; print "

"; if (defined($input{'action'})) { if ($input{'action'} =~ "EIN") { print "ON"; $seton = 1; } elsif ($input{'action'} =~ "AUS") { print "OFF"; $seton = 0; } elsif ($input{'action'} =~ "RESET") { print "RESET"; $seton = 2; } else { &CgiDie("bad action"); } } else { &CgiDie("no action"); } if (defined($input{'dauer'})) { $attime = $dauer{$input{'dauer'}}; } else { $attime = "now + 1 hours"; } print "
at $attime\n
"; alarm(10); open (PIPE, "> $wspipe") || &CgiDie("cannt open $wspipe: $!\n"); if($seton==2) { print "flush\n"; print PIPE "$secret;flush;x;now\n"; } else { foreach (keys %input) { $x = $_; next unless (/rechner/i || /reihe/i || /saal/i); print "$x = $input{$x}
\n"; if ($seton == 1) { print PIPE "$secret;add;$input{$x};$attime\n"; } elsif ($seton == 0) { print PIPE "$secret;delete;$input{$x};now\n"; } } } close PIPE; print ''; print "$ver

"; print &HtmlBot; exit; } sub PrintForm { print &PrintHeader; print &HtmlTop ("SQUID - Access Control"); &readfile(); print "

$ver

"; print &HtmlBot; exit; } sub readfile { open (FILE, "< $wsfile") || &CgiDie("cannt open $wsfile: $!\n"); print "Datafile: $wsfile

\n"; print <