From: ptaylor Date: Mon, 6 Feb 2006 22:06:24 +0000 (+0000) Subject: git-svn-id: https://svn.m0n0.ch/wall/trunk@50 e36fee2c-cc09-0410-a7cc-ebac5c6737de X-Git-Url: https://git.gsnw.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=59877bd1e25d7ac0ed1a6f995c6a8403ed309d4c;p=m0n0chwall.git git-svn-id: https://svn.m0n0.ch/wall/trunk@50 e36fee2c-cc09-0410-a7cc-ebac5c6737de --- diff --git a/phpconf/inc/pear.inc b/phpconf/inc/pear.inc index 5383e00..74fc18d 100644 --- a/phpconf/inc/pear.inc +++ b/phpconf/inc/pear.inc @@ -1,5 +1,5 @@ $userdata) { + fwrite($fd, $user . ":" + . $userdata['password'] . "\n"); + } + } + fclose($fd); chmod("{$g['varrun_path']}/htpasswd", 0600); diff --git a/phpconf/inc/xmlparse.inc b/phpconf/inc/xmlparse.inc index ea829b4..229f333 100644 --- a/phpconf/inc/xmlparse.inc +++ b/phpconf/inc/xmlparse.inc @@ -30,7 +30,7 @@ */ /* tags that are always to be handled as lists */ -$listtags = explode(" ", "rule user key dnsserver winsserver " . +$listtags = explode(" ", "rule user key dnsserver winsserver pages " . "encryption-algorithm-option hash-algorithm-option hosts tunnel onetoone " . "staticmap route alias pipe queue shellcmd cacert earlyshellcmd mobilekey " . "servernat proxyarpnet passthrumac allowedip wolentry vlan domainoverrides element"); diff --git a/webgui/auth.inc b/webgui/auth.inc new file mode 100644 index 0000000..26a4831 --- /dev/null +++ b/webgui/auth.inc @@ -0,0 +1,67 @@ +. + All rights reserved. + Copyright (C) 2003-2006 Manuel Kasper . + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +// Once here, the user has authenticated with the web server. +// Now, we give them access only to the appropriate pages for their group. +if (!($_SERVER['REMOTE_USER'] === $config['system']['username'])) { + $allowed[] = ''; + if (isset($config['system']['groups'][$config['system']['users'][$_SERVER['REMOTE_USER']]['group']]['pages'])) { + $allowed = &$config['system']['groups'][$config['system']['users'][$_SERVER['REMOTE_USER']]['group']]['pages']; + } + + // If the user is attempting to hit the default page, set it to specifically look for /index.php. + // Without this, any user would have access to the index page. + if ($_SERVER['PHP_SELF'] == '/') + $_SERVER['PHP_SELF'] = '/index.php'; + + // Strip the leading / from the currently requested PHP page + if (!in_array(basename($_SERVER['PHP_SELF']),$allowed)) { + // The currently logged in user is not allowed to access the page + // they are attempting to go to. Redirect them to an allowed page. + + if (in_array("index.php",$allowed)) { + header("Location: /index.php"); + exit; + } + else { + header("HTTP/1.0 401 Unauthorized"); + header("Status: 401 Unauthorized"); + + echo "401 Unauthorized

401 Unauthorized

Authorization required."; + exit; + } + } +} + + + +?> \ No newline at end of file diff --git a/webgui/diag_ipsec_sad.php b/webgui/diag_ipsec_sad.php index 3d3e8a3..ae2b401 100644 --- a/webgui/diag_ipsec_sad.php +++ b/webgui/diag_ipsec_sad.php @@ -1,129 +1,132 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "IPsec"); - -require("guiconfig.inc"); -?> - - - - -
-
    -
  • SAD
    • -
  • SPD
    • -
-
- /dev/null 2>&1", "w"); - if ($fd) { - fwrite($fd, "delete {$_GET['src']} {$_GET['dst']} {$_GET['proto']} {$_GET['spi']} ;\n"); - pclose($fd); - sleep(1); - } -} - -/* query SAD */ -$fd = @popen("/usr/sbin/setkey -D", "r"); -$sad = array(); -if ($fd) { - while (!feof($fd)) { - $line = chop(fgets($fd)); - if (!$line) - continue; - if ($line == "No SAD entries.") - break; - if ($line[0] != "\t") { - if (is_array($cursa)) - $sad[] = $cursa; - $cursa = array(); - list($cursa['src'],$cursa['dst']) = explode(" ", $line); - $i = 0; - } else { - $linea = explode(" ", trim($line)); - if ($i == 1) { - $cursa['proto'] = $linea[0]; - $cursa['spi'] = substr($linea[2], strpos($linea[2], "x")+1, -1); - } else if ($i == 2) { - $cursa['ealgo'] = $linea[1]; - } else if ($i == 3) { - $cursa['aalgo'] = $linea[1]; - } - } - $i++; - } - if (is_array($cursa) && count($cursa)) - $sad[] = $cursa; - pclose($fd); -} -if (count($sad)): -?> - - - - - - - - - - - - - - - - - - - - - - -
SourceDestinationProtocolSPIEnc. alg.Auth. alg.
- - -
- -

No IPsec security associations.

- -
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "IPsec"); + +require("guiconfig.inc"); +?> + + + + +
+
    + 'diag_ipsec_sad.php', + 'SPD' => 'diag_ipsec_spd.php'); + dynamic_tab_menu($tabs); +?> +
+
+ /dev/null 2>&1", "w"); + if ($fd) { + fwrite($fd, "delete {$_GET['src']} {$_GET['dst']} {$_GET['proto']} {$_GET['spi']} ;\n"); + pclose($fd); + sleep(1); + } +} + +/* query SAD */ +$fd = @popen("/usr/sbin/setkey -D", "r"); +$sad = array(); +if ($fd) { + while (!feof($fd)) { + $line = chop(fgets($fd)); + if (!$line) + continue; + if ($line == "No SAD entries.") + break; + if ($line[0] != "\t") { + if (is_array($cursa)) + $sad[] = $cursa; + $cursa = array(); + list($cursa['src'],$cursa['dst']) = explode(" ", $line); + $i = 0; + } else { + $linea = explode(" ", trim($line)); + if ($i == 1) { + $cursa['proto'] = $linea[0]; + $cursa['spi'] = substr($linea[2], strpos($linea[2], "x")+1, -1); + } else if ($i == 2) { + $cursa['ealgo'] = $linea[1]; + } else if ($i == 3) { + $cursa['aalgo'] = $linea[1]; + } + } + $i++; + } + if (is_array($cursa) && count($cursa)) + $sad[] = $cursa; + pclose($fd); +} +if (count($sad)): +?> + + + + + + + + + + + + + + + + + + + + + + +
SourceDestinationProtocolSPIEnc. alg.Auth. alg.
+ + +
+ +

No IPsec security associations.

+ +
+ diff --git a/webgui/diag_ipsec_spd.php b/webgui/diag_ipsec_spd.php index aabdb3a..6056625 100644 --- a/webgui/diag_ipsec_spd.php +++ b/webgui/diag_ipsec_spd.php @@ -1,145 +1,148 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "IPsec"); - -require("guiconfig.inc"); -?> - - - - -
-
    -
  • SAD
    • -
  • SPD
    • -
-
- /dev/null 2>&1", "w"); - if ($fd) { - fwrite($fd, "spddelete {$_GET['src']} {$_GET['dst']} any -P {$_GET['dir']} ;\n"); - pclose($fd); - sleep(1); - } -} - -/* query SAD */ -$fd = @popen("/usr/sbin/setkey -DP", "r"); -$spd = array(); -if ($fd) { - while (!feof($fd)) { - $line = chop(fgets($fd)); - if (!$line) - continue; - if ($line == "No SPD entries.") - break; - if ($line[0] != "\t") { - if (is_array($cursp)) - $spd[] = $cursp; - $cursp = array(); - $linea = explode(" ", $line); - $cursp['src'] = substr($linea[0], 0, strpos($linea[0], "[")); - $cursp['dst'] = substr($linea[1], 0, strpos($linea[1], "[")); - $i = 0; - } else if (is_array($cursp)) { - $linea = explode(" ", trim($line)); - if ($i == 1) { - if ($linea[1] == "none") /* don't show default anti-lockout rule */ - unset($cursp); - else - $cursp['dir'] = $linea[0]; - } else if ($i == 2) { - $upperspec = explode("/", $linea[0]); - $cursp['proto'] = $upperspec[0]; - list($cursp['ep_src'], $cursp['ep_dst']) = explode("-", $upperspec[2]); - } - } - $i++; - } - if (is_array($cursp) && count($cursp)) - $spd[] = $cursp; - pclose($fd); -} -if (count($spd)): -?> - - - - - - - - - - - - - - - - - - - - -
SourceDestinationDirectionProtocolTunnel endpoints
-
- 		- - -
-
- - - - - - - - - - - - -
incoming (as seen by firewall)
outgoing (as seen by firewall)
- -

No IPsec security policies.

- -
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "IPsec"); + +require("guiconfig.inc"); +?> + + + + +
+
    + 'diag_ipsec_sad.php', + 'SPD' => 'diag_ipsec_spd.php'); + dynamic_tab_menu($tabs); +?> +
+
+ /dev/null 2>&1", "w"); + if ($fd) { + fwrite($fd, "spddelete {$_GET['src']} {$_GET['dst']} any -P {$_GET['dir']} ;\n"); + pclose($fd); + sleep(1); + } +} + +/* query SAD */ +$fd = @popen("/usr/sbin/setkey -DP", "r"); +$spd = array(); +if ($fd) { + while (!feof($fd)) { + $line = chop(fgets($fd)); + if (!$line) + continue; + if ($line == "No SPD entries.") + break; + if ($line[0] != "\t") { + if (is_array($cursp)) + $spd[] = $cursp; + $cursp = array(); + $linea = explode(" ", $line); + $cursp['src'] = substr($linea[0], 0, strpos($linea[0], "[")); + $cursp['dst'] = substr($linea[1], 0, strpos($linea[1], "[")); + $i = 0; + } else if (is_array($cursp)) { + $linea = explode(" ", trim($line)); + if ($i == 1) { + if ($linea[1] == "none") /* don't show default anti-lockout rule */ + unset($cursp); + else + $cursp['dir'] = $linea[0]; + } else if ($i == 2) { + $upperspec = explode("/", $linea[0]); + $cursp['proto'] = $upperspec[0]; + list($cursp['ep_src'], $cursp['ep_dst']) = explode("-", $upperspec[2]); + } + } + $i++; + } + if (is_array($cursp) && count($cursp)) + $spd[] = $cursp; + pclose($fd); +} +if (count($spd)): +?> + + + + + + + + + + + + + + + + + + + + +
SourceDestinationDirectionProtocolTunnel endpoints
-
+ 		+ + +
+
+ + + + + + + + + + + + +
incoming (as seen by firewall)
outgoing (as seen by firewall)
+ +

No IPsec security policies.

+ +
+ diff --git a/webgui/diag_logs.php b/webgui/diag_logs.php index 2acea3e..5577649 100644 --- a/webgui/diag_logs.php +++ b/webgui/diag_logs.php @@ -1,95 +1,98 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Logs"); -require("guiconfig.inc"); - -$nentries = $config['syslog']['nentries']; -if (!$nentries) - $nentries = 50; - -if ($_POST['clear']) { - exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); - /* redirect to avoid reposting form data on refresh */ - header("Location: diag_logs.php"); - exit; -} - -function dump_clog($logfile, $tail, $withorig = true) { - global $g, $config; - - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; - - exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); - - foreach ($logarr as $logent) { - $logent = preg_split("/\s+/", $logent, 6); - echo "\n"; - - if ($withorig) { - echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; - echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . "\n"; - } else { - echo "" . htmlspecialchars($logent[5]) . "\n"; - } - echo "\n"; - } -} - -?> - - - - - - -
- -
- - - - - -
- Last system log entries
-
- -
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Logs"); +require("guiconfig.inc"); + +$nentries = $config['syslog']['nentries']; +if (!$nentries) + $nentries = 50; + +if ($_POST['clear']) { + exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); + /* redirect to avoid reposting form data on refresh */ + header("Location: diag_logs.php"); + exit; +} + +function dump_clog($logfile, $tail, $withorig = true) { + global $g, $config; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 6); + echo "\n"; + + if ($withorig) { + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . "\n"; + } else { + echo "" . htmlspecialchars($logent[5]) . "\n"; + } + echo "\n"; + } +} + +?> + + + + + + +
+
    + 'diag_logs.php', + 'Firewall' => 'diag_logs_filter.php', + 'DHCP' => 'diag_logs_dhcp.php', + 'Captive portal' => 'diag_logs_portal.php', + 'PPTP VPN' => 'diag_logs_vpn.php', + 'Settings' => 'diag_logs_settings.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + +
+ Last system log entries
+
+ +
+
+ diff --git a/webgui/diag_logs_dhcp.php b/webgui/diag_logs_dhcp.php index 2577ef3..31b0af8 100644 --- a/webgui/diag_logs_dhcp.php +++ b/webgui/diag_logs_dhcp.php @@ -1,95 +1,98 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Logs"); -require("guiconfig.inc"); - -$nentries = $config['syslog']['nentries']; -if (!$nentries) - $nentries = 50; - -if ($_POST['clear']) { - exec("/usr/sbin/clog -i -s 32768 /var/log/dhcpd.log"); - /* redirect to avoid reposting form data on refresh */ - header("Location: diag_logs_dhcp.php"); - exit; -} - -function dump_clog($logfile, $tail, $withorig = true) { - global $g, $config; - - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; - - exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); - - foreach ($logarr as $logent) { - $logent = preg_split("/\s+/", $logent, 6); - echo "\n"; - - if ($withorig) { - echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; - echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . "\n"; - } else { - echo "" . htmlspecialchars($logent[5]) . "\n"; - } - echo "\n"; - } -} - -?> - - - - - - -
- -
- - - - - -
- Last DHCP service log entries
-
- -
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Logs"); +require("guiconfig.inc"); + +$nentries = $config['syslog']['nentries']; +if (!$nentries) + $nentries = 50; + +if ($_POST['clear']) { + exec("/usr/sbin/clog -i -s 32768 /var/log/dhcpd.log"); + /* redirect to avoid reposting form data on refresh */ + header("Location: diag_logs_dhcp.php"); + exit; +} + +function dump_clog($logfile, $tail, $withorig = true) { + global $g, $config; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 6); + echo "\n"; + + if ($withorig) { + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . "\n"; + } else { + echo "" . htmlspecialchars($logent[5]) . "\n"; + } + echo "\n"; + } +} + +?> + + + + + + +
+
    + 'diag_logs.php', + 'Firewall' => 'diag_logs_filter.php', + 'DHCP' => 'diag_logs_dhcp.php', + 'Captive portal' => 'diag_logs_portal.php', + 'PPTP VPN' => 'diag_logs_vpn.php', + 'Settings' => 'diag_logs_settings.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + +
+ Last DHCP service log entries
+
+ +
+
+ diff --git a/webgui/diag_logs_filter.php b/webgui/diag_logs_filter.php index d75cece..6c40e0a 100644 --- a/webgui/diag_logs_filter.php +++ b/webgui/diag_logs_filter.php @@ -1,289 +1,292 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Logs"); -require("guiconfig.inc"); - -$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPv6 IGMP any"); - -$nentries = $config['syslog']['nentries']; -$resolve = isset($config['syslog']['resolve']); - -if (!$nentries) - $nentries = 50; - -if ($_POST['clear']) { - exec("/usr/sbin/clog -i -s 262144 /var/log/filter.log"); - /* redirect to avoid reposting form data on refresh */ - header("Location: diag_logs_filter.php"); - exit; -} - - -if (isset($_GET['act']) && preg_match("/^[pb]+$/", $_GET['act'])) { - $action = $_GET['act']; - $ifstring .= "&act=$action"; - $srcstring .= "&act=$action"; - $dststring .= "&act=$action"; - $prstring .= "&act=$action"; -} - -if (isset($_GET['if']) && ($_GET['if'] != "")) { - $iface = $_GET['if']; - $actstring .= "&if=$iface"; - $srcstring .= "&if=$iface"; - $dststring .= "&if=$iface"; - $prstring .= "&if=$iface"; -} - -if (isset($_GET['pr']) && in_array($_GET['pr'], $protocols)) { - $proto = $_GET['pr']; - $actstring .= "&pr=$proto"; - $ifstring .= "&pr=$proto"; - $srcstring .= "&pr=$proto"; - $dststring .= "&pr=$proto"; -} - -if (isset($_GET['sp']) && (is_numeric($_GET['sp']))) { - $srcport = $_GET['sp']; - $actstring .= "&sp=$srcport"; - $ifstring .= "&sp=$srcport"; - $dststring .= "&sp=$srcport"; - $prstring .= "&sp=$srcport"; -} - -if (isset($_GET['dp']) && (is_numeric($_GET['dp']))) { - $dstport = $_GET['dp']; - $actstring .= "&dp=$dstport"; - $ifstring .= "&dp=$dstport"; - $srcstring .= "&dp=$dstport"; - $prstring .= "&dp=$dstport"; -} - - -function dump_clog($logfile, $tail, $withorig = true) { - global $g, $config; - - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; - - exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); - - foreach ($logarr as $logent) { - $logent = preg_split("/\s+/", $logent, 6); - echo "\n"; - - if ($withorig) { - echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; - echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . "\n"; - } else { - echo "" . htmlspecialchars($logent[5]) . "\n"; - } - echo "\n"; - } -} - -function conv_clog($logfile, $tail) { - global $g, $config, $iface, $action, $proto, $srcport, $dstport; - - /* make interface/port table */ - $iftable = array(); - $iftable[$config['interfaces']['lan']['if']] = "LAN"; - $iftable[get_real_wan_interface()] = "WAN"; - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) - $iftable[$config['interfaces']['opt' . $i]['if']] = $config['interfaces']['opt' . $i]['descr']; - - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; - - exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); - - $filterlog = array(); - - foreach ($logarr as $logent) { - $logent = preg_split("/\s+/", $logent, 6); - $ipfa = explode(" ", $logent[5]); - - $flent = array(); - $i = 0; - $flent['time'] = $ipfa[$i]; - $i++; - if (substr($ipfa[$i], -1) == "x") { - $flent['count'] = substr($ipfa[$i], 0, -1); - $i++; - } - - if ($iftable[$ipfa[$i]]) - $flent['interface'] = $iftable[$ipfa[$i]]; - else if (strpos($ipfa[$i], "ng") !== false) - $flent['interface'] = "PPTP"; - else - $flent['interface'] = $ipfa[$i]; - - if (isset($iface)) { - if ($iface != $flent['interface']) - continue; - } - - $i += 2; - if (!isset($action) || strstr($action, $ipfa[$i])) - $flent['act'] = $ipfa[$i]; - else - continue; - $i++; - list($flent['src'], $flent['srcport']) = format_ipf_ip($ipfa[$i],$srcport); - if (!isset($flent['src'])) - continue; - $i += 2; - list($flent['dst'], $flent['dstport']) = format_ipf_ip($ipfa[$i],$dstport); - if (!isset($flent['dst'])) - continue; - $i += 2; - $protocol = strtoupper($ipfa[$i]); - if (!isset($proto) || ($proto == $protocol)) - $flent['proto'] = $protocol; - else - continue; - if ($protocol == "ICMP") { - $i += 5; - $flent['dst'] = $flent['dst'] . ", type " . $ipfa[$i]; - } - $filterlog[] = $flent; - } - - return $filterlog; -} - -function format_ipf_ip($ipfip,$uport) { - global $resolve; - - list($ip,$port) = explode(",", $ipfip); - if ($resolve) { - if (!$port) - return array(gethostbyaddr($ip), ""); - if ($uport == "" || ($uport == $port)) - return array(gethostbyaddr($ip) . ", port " . $port, $port); - return; - } - - if (!$port) - return array($ip, ""); - if ($uport == "" || ($uport == $port)) - return array($ip . ", port " . $port, $port); - return; -} -?> - - - - - - - -
- -
- - - - - - - - - - - - - '; - $ifstring .= '" style="color:black" title="click to select interface">'; - $srcstring .= '" style="color:black" title="click to select source port">'; - $dststring .= '" style="color:black" title="click to select destination port">'; - $prstring .= '" style="color:black" title="click to select protocol">'; - ?> - - - - - - - -
- Last firewall log entries
ActTimeIfSourceDestinationProto
- - " width="11" height="11" align="absmiddle" border="0" title="click to select action"> - - - - - -
Note:
- There are many possibilities to filter this log. - Just click on the accept () or - deny symbol () to filter for - accepted or denied IP packets. Do the same for the desired - interface, source/destination port or protocol. To deselect - a selected filter entry, click on the column description above. - To reset all filter entries and reload the firewall logs page, - click on the "Firewall" tab below "Diagnostics: Logs". -
- - - - - - -
- Last firewall log entries
- -
- -
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Logs"); +require("guiconfig.inc"); + +$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPv6 IGMP any"); + +$nentries = $config['syslog']['nentries']; +$resolve = isset($config['syslog']['resolve']); + +if (!$nentries) + $nentries = 50; + +if ($_POST['clear']) { + exec("/usr/sbin/clog -i -s 262144 /var/log/filter.log"); + /* redirect to avoid reposting form data on refresh */ + header("Location: diag_logs_filter.php"); + exit; +} + + +if (isset($_GET['act']) && preg_match("/^[pb]+$/", $_GET['act'])) { + $action = $_GET['act']; + $ifstring .= "&act=$action"; + $srcstring .= "&act=$action"; + $dststring .= "&act=$action"; + $prstring .= "&act=$action"; +} + +if (isset($_GET['if']) && ($_GET['if'] != "")) { + $iface = $_GET['if']; + $actstring .= "&if=$iface"; + $srcstring .= "&if=$iface"; + $dststring .= "&if=$iface"; + $prstring .= "&if=$iface"; +} + +if (isset($_GET['pr']) && in_array($_GET['pr'], $protocols)) { + $proto = $_GET['pr']; + $actstring .= "&pr=$proto"; + $ifstring .= "&pr=$proto"; + $srcstring .= "&pr=$proto"; + $dststring .= "&pr=$proto"; +} + +if (isset($_GET['sp']) && (is_numeric($_GET['sp']))) { + $srcport = $_GET['sp']; + $actstring .= "&sp=$srcport"; + $ifstring .= "&sp=$srcport"; + $dststring .= "&sp=$srcport"; + $prstring .= "&sp=$srcport"; +} + +if (isset($_GET['dp']) && (is_numeric($_GET['dp']))) { + $dstport = $_GET['dp']; + $actstring .= "&dp=$dstport"; + $ifstring .= "&dp=$dstport"; + $srcstring .= "&dp=$dstport"; + $prstring .= "&dp=$dstport"; +} + + +function dump_clog($logfile, $tail, $withorig = true) { + global $g, $config; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 6); + echo "\n"; + + if ($withorig) { + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . "\n"; + } else { + echo "" . htmlspecialchars($logent[5]) . "\n"; + } + echo "\n"; + } +} + +function conv_clog($logfile, $tail) { + global $g, $config, $iface, $action, $proto, $srcport, $dstport; + + /* make interface/port table */ + $iftable = array(); + $iftable[$config['interfaces']['lan']['if']] = "LAN"; + $iftable[get_real_wan_interface()] = "WAN"; + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) + $iftable[$config['interfaces']['opt' . $i]['if']] = $config['interfaces']['opt' . $i]['descr']; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + + $filterlog = array(); + + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 6); + $ipfa = explode(" ", $logent[5]); + + $flent = array(); + $i = 0; + $flent['time'] = $ipfa[$i]; + $i++; + if (substr($ipfa[$i], -1) == "x") { + $flent['count'] = substr($ipfa[$i], 0, -1); + $i++; + } + + if ($iftable[$ipfa[$i]]) + $flent['interface'] = $iftable[$ipfa[$i]]; + else if (strpos($ipfa[$i], "ng") !== false) + $flent['interface'] = "PPTP"; + else + $flent['interface'] = $ipfa[$i]; + + if (isset($iface)) { + if ($iface != $flent['interface']) + continue; + } + + $i += 2; + if (!isset($action) || strstr($action, $ipfa[$i])) + $flent['act'] = $ipfa[$i]; + else + continue; + $i++; + list($flent['src'], $flent['srcport']) = format_ipf_ip($ipfa[$i],$srcport); + if (!isset($flent['src'])) + continue; + $i += 2; + list($flent['dst'], $flent['dstport']) = format_ipf_ip($ipfa[$i],$dstport); + if (!isset($flent['dst'])) + continue; + $i += 2; + $protocol = strtoupper($ipfa[$i]); + if (!isset($proto) || ($proto == $protocol)) + $flent['proto'] = $protocol; + else + continue; + if ($protocol == "ICMP") { + $i += 5; + $flent['dst'] = $flent['dst'] . ", type " . $ipfa[$i]; + } + $filterlog[] = $flent; + } + + return $filterlog; +} + +function format_ipf_ip($ipfip,$uport) { + global $resolve; + + list($ip,$port) = explode(",", $ipfip); + if ($resolve) { + if (!$port) + return array(gethostbyaddr($ip), ""); + if ($uport == "" || ($uport == $port)) + return array(gethostbyaddr($ip) . ", port " . $port, $port); + return; + } + + if (!$port) + return array($ip, ""); + if ($uport == "" || ($uport == $port)) + return array($ip . ", port " . $port, $port); + return; +} +?> + + + + + + + +
+
    + 'diag_logs.php', + 'Firewall' => 'diag_logs_filter.php', + 'DHCP' => 'diag_logs_dhcp.php', + 'Captive portal' => 'diag_logs_portal.php', + 'PPTP VPN' => 'diag_logs_vpn.php', + 'Settings' => 'diag_logs_settings.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + '; + $ifstring .= '" style="color:black" title="click to select interface">'; + $srcstring .= '" style="color:black" title="click to select source port">'; + $dststring .= '" style="color:black" title="click to select destination port">'; + $prstring .= '" style="color:black" title="click to select protocol">'; + ?> + + + + + + + +
+ Last firewall log entries
ActTimeIfSourceDestinationProto
+ + " width="11" height="11" align="absmiddle" border="0" title="click to select action"> + + + + + +
Note:
+ There are many possibilities to filter this log. + Just click on the accept () or + deny symbol () to filter for + accepted or denied IP packets. Do the same for the desired + interface, source/destination port or protocol. To deselect + a selected filter entry, click on the column description above. + To reset all filter entries and reload the firewall logs page, + click on the "Firewall" tab below "Diagnostics: Logs". +
+ + + + + + +
+ Last firewall log entries
+ +
+ +
+
+ diff --git a/webgui/diag_logs_portal.php b/webgui/diag_logs_portal.php index 916a253..fc70dbb 100644 --- a/webgui/diag_logs_portal.php +++ b/webgui/diag_logs_portal.php @@ -1,90 +1,93 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Logs"); -require("guiconfig.inc"); - -$nentries = $config['syslog']['nentries']; -if (!$nentries) - $nentries = 50; - -if ($_POST['clear']) { - exec("/usr/sbin/clog -i -s 32768 /var/log/portalauth.log"); - /* redirect to avoid reposting form data on refresh */ - header("Location: diag_logs_portal.php"); - exit; -} - -function dump_clog($logfile, $tail) { - global $g, $config; - - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; - - exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); - - foreach ($logarr as $logent) { - $logent = preg_split("/\s+/", $logent, 6); - echo "\n"; - echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; - echo "" . htmlspecialchars($logent[5]) . "\n"; - echo "\n"; - } -} - -?> - - - - - - -
- -
- - - - - -
- Last captive portal log entries
-
- -
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Logs"); +require("guiconfig.inc"); + +$nentries = $config['syslog']['nentries']; +if (!$nentries) + $nentries = 50; + +if ($_POST['clear']) { + exec("/usr/sbin/clog -i -s 32768 /var/log/portalauth.log"); + /* redirect to avoid reposting form data on refresh */ + header("Location: diag_logs_portal.php"); + exit; +} + +function dump_clog($logfile, $tail) { + global $g, $config; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 6); + echo "\n"; + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + echo "" . htmlspecialchars($logent[5]) . "\n"; + echo "\n"; + } +} + +?> + + + + + + +
+
    + 'diag_logs.php', + 'Firewall' => 'diag_logs_filter.php', + 'DHCP' => 'diag_logs_dhcp.php', + 'Captive portal' => 'diag_logs_portal.php', + 'PPTP VPN' => 'diag_logs_vpn.php', + 'Settings' => 'diag_logs_settings.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + +
+ Last captive portal log entries
+
+ +
+
+ diff --git a/webgui/diag_logs_settings.php b/webgui/diag_logs_settings.php index 51c0233..254b9a0 100644 --- a/webgui/diag_logs_settings.php +++ b/webgui/diag_logs_settings.php @@ -1,211 +1,214 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Logs"); -require("guiconfig.inc"); - -$pconfig['reverse'] = isset($config['syslog']['reverse']); -$pconfig['nentries'] = $config['syslog']['nentries']; -$pconfig['remoteserver'] = $config['syslog']['remoteserver']; -$pconfig['filter'] = isset($config['syslog']['filter']); -$pconfig['dhcp'] = isset($config['syslog']['dhcp']); -$pconfig['portalauth'] = isset($config['syslog']['portalauth']); -$pconfig['vpn'] = isset($config['syslog']['vpn']); -$pconfig['system'] = isset($config['syslog']['system']); -$pconfig['enable'] = isset($config['syslog']['enable']); -$pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']); -$pconfig['rawfilter'] = isset($config['syslog']['rawfilter']); -$pconfig['resolve'] = isset($config['syslog']['resolve']); - -if (!$pconfig['nentries']) - $pconfig['nentries'] = 50; - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - if ($_POST['enable'] && !is_ipaddr($_POST['remoteserver'])) { - $input_errors[] = "A valid IP address must be specified."; - } - if (($_POST['nentries'] < 5) || ($_POST['nentries'] > 1000)) { - $input_errors[] = "Number of log entries to show must be between 5 and 1000."; - } - - if (!$input_errors) { - $config['syslog']['reverse'] = $_POST['reverse'] ? true : false; - $config['syslog']['nentries'] = (int)$_POST['nentries']; - $config['syslog']['remoteserver'] = $_POST['remoteserver']; - $config['syslog']['filter'] = $_POST['filter'] ? true : false; - $config['syslog']['dhcp'] = $_POST['dhcp'] ? true : false; - $config['syslog']['portalauth'] = $_POST['portalauth'] ? true : false; - $config['syslog']['vpn'] = $_POST['vpn'] ? true : false; - $config['syslog']['system'] = $_POST['system'] ? true : false; - $config['syslog']['enable'] = $_POST['enable'] ? true : false; - $oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']); - $config['syslog']['nologdefaultblock'] = $_POST['logdefaultblock'] ? false : true; - $config['syslog']['rawfilter'] = $_POST['rawfilter'] ? true : false; - $config['syslog']['resolve'] = $_POST['resolve'] ? true : false; - - write_config(); - - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) { - config_lock(); - $retval = system_syslogd_start(); - if ($oldnologdefaultblock !== isset($config['syslog']['nologdefaultblock'])) - $retval |= filter_configure(); - config_unlock(); - } - $savemsg = get_std_save_message($retval); - } -} - -?> - - -
- - - - - - - -
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  > - Show log entries in reverse order (newest entries - on top)
 Number of log entries to - show: -
  > - Log packets blocked by the default rule
- Hint: packets that are blocked by the - implicit default block rule will not be logged anymore - if you uncheck this option. Per-rule logging options are not affected.
  > - Show raw filter logs
- Hint: If this is checked, filter logs are shown as generated by the packet filter, without any formatting. This will reveal more detailed information.
  > - Resolve IP addresses to hostnames
- Hint: If this is checked, IP addresses in firewall logs are resolved to real hostnames where possible.
- Warning: This can cause a huge delay in loading the firewall log page!
  onClick="enable_change(false)"> - Enable syslog'ing to remote syslog server
Remote syslog - server -
- IP address of remote syslog server

- > - system events
- > - firewall events
- > - DHCP service events
- > - Captive portal
- > - PPTP VPN events
  -
 Note:
- syslog sends UDP datagrams to port 514 on the specified - remote syslog server. Be sure to set syslogd on the - remote server to accept syslog messages from m0n0wall. -
-
-
- - +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Logs"); +require("guiconfig.inc"); + +$pconfig['reverse'] = isset($config['syslog']['reverse']); +$pconfig['nentries'] = $config['syslog']['nentries']; +$pconfig['remoteserver'] = $config['syslog']['remoteserver']; +$pconfig['filter'] = isset($config['syslog']['filter']); +$pconfig['dhcp'] = isset($config['syslog']['dhcp']); +$pconfig['portalauth'] = isset($config['syslog']['portalauth']); +$pconfig['vpn'] = isset($config['syslog']['vpn']); +$pconfig['system'] = isset($config['syslog']['system']); +$pconfig['enable'] = isset($config['syslog']['enable']); +$pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']); +$pconfig['rawfilter'] = isset($config['syslog']['rawfilter']); +$pconfig['resolve'] = isset($config['syslog']['resolve']); + +if (!$pconfig['nentries']) + $pconfig['nentries'] = 50; + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['enable'] && !is_ipaddr($_POST['remoteserver'])) { + $input_errors[] = "A valid IP address must be specified."; + } + if (($_POST['nentries'] < 5) || ($_POST['nentries'] > 1000)) { + $input_errors[] = "Number of log entries to show must be between 5 and 1000."; + } + + if (!$input_errors) { + $config['syslog']['reverse'] = $_POST['reverse'] ? true : false; + $config['syslog']['nentries'] = (int)$_POST['nentries']; + $config['syslog']['remoteserver'] = $_POST['remoteserver']; + $config['syslog']['filter'] = $_POST['filter'] ? true : false; + $config['syslog']['dhcp'] = $_POST['dhcp'] ? true : false; + $config['syslog']['portalauth'] = $_POST['portalauth'] ? true : false; + $config['syslog']['vpn'] = $_POST['vpn'] ? true : false; + $config['syslog']['system'] = $_POST['system'] ? true : false; + $config['syslog']['enable'] = $_POST['enable'] ? true : false; + $oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']); + $config['syslog']['nologdefaultblock'] = $_POST['logdefaultblock'] ? false : true; + $config['syslog']['rawfilter'] = $_POST['rawfilter'] ? true : false; + $config['syslog']['resolve'] = $_POST['resolve'] ? true : false; + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = system_syslogd_start(); + if ($oldnologdefaultblock !== isset($config['syslog']['nologdefaultblock'])) + $retval |= filter_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + } +} + +?> + + +
+ + + + + + + +
+
    + 'diag_logs.php', + 'Firewall' => 'diag_logs_filter.php', + 'DHCP' => 'diag_logs_dhcp.php', + 'Captive portal' => 'diag_logs_portal.php', + 'PPTP VPN' => 'diag_logs_vpn.php', + 'Settings' => 'diag_logs_settings.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
  > + Show log entries in reverse order (newest entries + on top)
 Number of log entries to + show: +
  > + Log packets blocked by the default rule
+ Hint: packets that are blocked by the + implicit default block rule will not be logged anymore + if you uncheck this option. Per-rule logging options are not affected.
  > + Show raw filter logs
+ Hint: If this is checked, filter logs are shown as generated by the packet filter, without any formatting. This will reveal more detailed information.
  > + Resolve IP addresses to hostnames
+ Hint: If this is checked, IP addresses in firewall logs are resolved to real hostnames where possible.
+ Warning: This can cause a huge delay in loading the firewall log page!
  onClick="enable_change(false)"> + Enable syslog'ing to remote syslog server
Remote syslog + server +
+ IP address of remote syslog server

+ > + system events
+ > + firewall events
+ > + DHCP service events
+ > + Captive portal
+ > + PPTP VPN events
  +
 Note:
+ syslog sends UDP datagrams to port 514 on the specified + remote syslog server. Be sure to set syslogd on the + remote server to accept syslog messages from m0n0wall. +
+
+
+ + diff --git a/webgui/diag_logs_vpn.php b/webgui/diag_logs_vpn.php index 056430b..569efe8 100644 --- a/webgui/diag_logs_vpn.php +++ b/webgui/diag_logs_vpn.php @@ -1,104 +1,107 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Logs"); -require("guiconfig.inc"); - -$nentries = $config['syslog']['nentries']; -if (!$nentries) - $nentries = 50; - -if ($_POST['clear']) { - exec("/usr/sbin/clog -i -s 65536 /var/log/vpn.log"); - /* redirect to avoid reposting form data on refresh */ - header("Location: diag_logs_vpn.php"); - exit; -} - -function dump_clog($logfile, $tail) { - global $g, $config; - - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; - - exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); - - foreach ($logarr as $logent) { - $logent = preg_split("/\s+/", $logent, 6); - $llent = explode(",", $logent[5]); - - echo "\n"; - echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; - - if ($llent[0] == "login") - echo "\n"; - else - echo "\n"; - - echo "" . htmlspecialchars($llent[3]) . "\n"; - echo "" . htmlspecialchars($llent[2]) . " \n"; - echo "\n"; - } -} - -?> - - - - - - -
- -
- - - - - - - - - - -
- Last PPTP VPN log entries
TimeActionUserIP address
-
- -
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Logs"); +require("guiconfig.inc"); + +$nentries = $config['syslog']['nentries']; +if (!$nentries) + $nentries = 50; + +if ($_POST['clear']) { + exec("/usr/sbin/clog -i -s 65536 /var/log/vpn.log"); + /* redirect to avoid reposting form data on refresh */ + header("Location: diag_logs_vpn.php"); + exit; +} + +function dump_clog($logfile, $tail) { + global $g, $config; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 6); + $llent = explode(",", $logent[5]); + + echo "\n"; + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + + if ($llent[0] == "login") + echo "\n"; + else + echo "\n"; + + echo "" . htmlspecialchars($llent[3]) . "\n"; + echo "" . htmlspecialchars($llent[2]) . " \n"; + echo "\n"; + } +} + +?> + + + + + + +
+
    + 'diag_logs.php', + 'Firewall' => 'diag_logs_filter.php', + 'DHCP' => 'diag_logs_dhcp.php', + 'Captive portal' => 'diag_logs_portal.php', + 'PPTP VPN' => 'diag_logs_vpn.php', + 'Settings' => 'diag_logs_settings.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + +
+ Last PPTP VPN log entries
TimeActionUserIP address
+
+ +
+
+ diff --git a/webgui/diag_ping.php b/webgui/diag_ping.php index 5452f5b..8729074 100644 --- a/webgui/diag_ping.php +++ b/webgui/diag_ping.php @@ -1,157 +1,160 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Ping/Traceroute"); -require("guiconfig.inc"); - -define('MAX_COUNT', 10); -define('DEFAULT_COUNT', 3); - -if ($_POST) { - unset($input_errors); - unset($do_ping); - - /* input validation */ - $reqdfields = explode(" ", "host count"); - $reqdfieldsn = explode(",", "Host,Count"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (($_POST['count'] < 1) || ($_POST['count'] > MAX_COUNT)) { - $input_errors[] = "Count must be between 1 and {MAX_COUNT}"; - } - - if (!$input_errors) { - $do_ping = true; - $host = $_POST['host']; - $interface = $_POST['interface']; - $count = $_POST['count']; - } -} -if (!isset($do_ping)) { - $do_ping = false; - $host = ''; - $count = DEFAULT_COUNT; -} - -function get_interface_addr($ifdescr) { - - global $config, $g; - - /* find out interface name */ - if ($ifdescr == "wan") - $if = get_real_wan_interface(); - else - $if = $config['interfaces'][$ifdescr]['if']; - - /* try to determine IP address and netmask with ifconfig */ - unset($ifconfiginfo); - exec("/sbin/ifconfig " . $if, $ifconfiginfo); - - foreach ($ifconfiginfo as $ici) { - if (preg_match("/inet (\S+)/", $ici, $matches)) { - return $matches[1]; - } - } - - return false; -} -?> - - - - -
- -
- -
- - - - - - - - - - - - - - - - - - - - -
Host -
Interface - -
Count -
  - -
- Ping output:
"); - echo('
');
-					ob_end_flush();
-					$ifaddr = get_interface_addr($interface);
-					if ($ifaddr)
-						system("/sbin/ping -S$ifaddr -c$count " . escapeshellarg($host));
-					else
-						system("/sbin/ping -c$count " . escapeshellarg($host));
-					echo('
'); - } - ?> -
-
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Ping"); +require("guiconfig.inc"); + +define('MAX_COUNT', 10); +define('DEFAULT_COUNT', 3); + +if ($_POST) { + unset($input_errors); + unset($do_ping); + + /* input validation */ + $reqdfields = explode(" ", "host count"); + $reqdfieldsn = explode(",", "Host,Count"); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['count'] < 1) || ($_POST['count'] > MAX_COUNT)) { + $input_errors[] = "Count must be between 1 and {MAX_COUNT}"; + } + + if (!$input_errors) { + $do_ping = true; + $host = $_POST['host']; + $interface = $_POST['interface']; + $count = $_POST['count']; + } +} +if (!isset($do_ping)) { + $do_ping = false; + $host = ''; + $count = DEFAULT_COUNT; +} + +function get_interface_addr($ifdescr) { + + global $config, $g; + + /* find out interface name */ + if ($ifdescr == "wan") + $if = get_real_wan_interface(); + else + $if = $config['interfaces'][$ifdescr]['if']; + + /* try to determine IP address and netmask with ifconfig */ + unset($ifconfiginfo); + exec("/sbin/ifconfig " . $if, $ifconfiginfo); + + foreach ($ifconfiginfo as $ici) { + if (preg_match("/inet (\S+)/", $ici, $matches)) { + return $matches[1]; + } + } + + return false; +} +?> + + + + +
+
    + 'diag_ping.php', + 'Traceroute' => 'diag_traceroute.php'); + dynamic_tab_menu($tabs); +?> +
+
+ +
+ + + + + + + + + + + + + + + + + + + + +
Host +
Interface + +
Count +
  + +
+ Ping output:
"); + echo('
');
+					ob_end_flush();
+					$ifaddr = get_interface_addr($interface);
+					if ($ifaddr)
+						system("/sbin/ping -S$ifaddr -c$count " . escapeshellarg($host));
+					else
+						system("/sbin/ping -c$count " . escapeshellarg($host));
+					echo('
'); + } + ?> +
+
+
+ diff --git a/webgui/diag_traceroute.php b/webgui/diag_traceroute.php index ccf3823..524bdbc 100644 --- a/webgui/diag_traceroute.php +++ b/webgui/diag_traceroute.php @@ -1,121 +1,124 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Ping/Traceroute"); -require("guiconfig.inc"); - - -define('MAX_TTL', 64); -define('DEFAULT_TTL', 18); - -if ($_POST) { - unset($input_errors); - unset($do_traceroute); - - /* input validation */ - $reqdfields = explode(" ", "host ttl"); - $reqdfieldsn = explode(",", "Host,ttl"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (($_POST['ttl'] < 1) || ($_POST['ttl'] > MAX_TTL)) { - $input_errors[] = "Maximum number of hops must be between 1 and {MAX_TTL}"; - } - - if (!$input_errors) { - $do_traceroute = true; - $host = $_POST['host']; - $ttl = $_POST['ttl']; - $resolve = $_POST['resolve']; - } -} -if (!isset($do_traceroute)) { - $do_traceroute = false; - $host = ''; - $ttl = DEFAULT_TTL; - $resolve = false; -} -?> - - - - -
-
    -
  • Ping
    • -
  • Traceroute
    • -
-
- -
- - - - - - - - - - - - - - - - - - - - -
Host -
Maximum number of hops -
  > - Resolve IP addresses to hostnames
-
  - -
-

Note: Traceroute may take a while to complete. You may hit the Stop button on your browser at any time to see the progress of failed traceroutes.

- Traceroute output:
"); - echo('

');
-					ob_end_flush();
-					system("/usr/sbin/traceroute " . ($resolve ? "" : "-n ") . "-w 2 -m " . escapeshellarg($ttl) . " " . escapeshellarg($host));
-					echo('
'); - } - ?> -
-
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Traceroute"); +require("guiconfig.inc"); + + +define('MAX_TTL', 64); +define('DEFAULT_TTL', 18); + +if ($_POST) { + unset($input_errors); + unset($do_traceroute); + + /* input validation */ + $reqdfields = explode(" ", "host ttl"); + $reqdfieldsn = explode(",", "Host,ttl"); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['ttl'] < 1) || ($_POST['ttl'] > MAX_TTL)) { + $input_errors[] = "Maximum number of hops must be between 1 and {MAX_TTL}"; + } + + if (!$input_errors) { + $do_traceroute = true; + $host = $_POST['host']; + $ttl = $_POST['ttl']; + $resolve = $_POST['resolve']; + } +} +if (!isset($do_traceroute)) { + $do_traceroute = false; + $host = ''; + $ttl = DEFAULT_TTL; + $resolve = false; +} +?> + + + + +
+
    + 'diag_ping.php', + 'Traceroute' => 'diag_traceroute.php'); + dynamic_tab_menu($tabs); +?> +
+
+ +
+ + + + + + + + + + + + + + + + + + + + +
Host +
Maximum number of hops +
  > + Resolve IP addresses to hostnames
+
  + +
+

Note: Traceroute may take a while to complete. You may hit the Stop button on your browser at any time to see the progress of failed traceroutes.

+ Traceroute output:
"); + echo('

');
+					ob_end_flush();
+					system("/usr/sbin/traceroute " . ($resolve ? "" : "-n ") . "-w 2 -m " . escapeshellarg($ttl) . " " . escapeshellarg($host));
+					echo('
'); + } + ?> +
+
+
+ diff --git a/webgui/exec.php b/webgui/exec.php index 0a76d55..6ff8e4b 100644 --- a/webgui/exec.php +++ b/webgui/exec.php @@ -1,290 +1,291 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -if (($_POST['submit'] == "Download") && file_exists($_POST['dlPath'])) { - session_cache_limiter('public'); - $fd = fopen($_POST['dlPath'], "rb"); - header("Content-Type: application/octet-stream"); - header("Content-Length: " . filesize($_POST['dlPath'])); - header("Content-Disposition: attachment; filename=\"" . - trim(htmlentities(basename($_POST['dlPath']))) . "\""); - - fpassthru($fd); - exit; -} else if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_name'])) { - move_uploaded_file($_FILES['ulfile']['tmp_name'], "/tmp/" . $_FILES['ulfile']['name']); - $ulmsg = "Uploaded file to /tmp/" . htmlentities($_FILES['ulfile']['name']); - unset($_POST['txtCommand']); -} -?> - - - -) -*/ - -// Function: is Blank -// Returns true or false depending on blankness of argument. - -function isBlank( $arg ) { return ereg( "^\s*$", $arg ); } - - -// Function: Puts -// Put string, Ruby-style. - -function puts( $arg ) { echo "$arg\n"; } - - -// "Constants". - -$Version = ''; -$ScriptName = $HTTP_SERVER_VARS['SCRIPT_NAME']; -$Title = 'm0n0wall: execute command'; - -// Get year. - -$arrDT = localtime(); -$intYear = $arrDT[5] + 1900; - -?> - -<?=$Title ?> - - - - -> -

- -

Note: this function is unsupported. Use it -on your own risk!

- -" . $ulmsg . "

\n"; ?> -"); - puts("\$ " . htmlspecialchars($_POST['txtCommand'])); - putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"); - putenv("SCRIPT_FILENAME=" . strtok($_POST['txtCommand'], " ")); /* PHP scripts */ - $ph = popen($_POST['txtCommand'], "r" ); - while ($line = fgets($ph)) echo htmlspecialchars($line); - pclose($ph); - puts(""); -} - -?> - -
- - - - - - - - - - - - - - - - - - - - - -
Command:
  - - - - - -
Download: - - -
Upload: - -
-
- - +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require("guiconfig.inc"); + +if (($_POST['submit'] == "Download") && file_exists($_POST['dlPath'])) { + session_cache_limiter('public'); + $fd = fopen($_POST['dlPath'], "rb"); + header("Content-Type: application/octet-stream"); + header("Content-Length: " . filesize($_POST['dlPath'])); + header("Content-Disposition: attachment; filename=\"" . + trim(htmlentities(basename($_POST['dlPath']))) . "\""); + + fpassthru($fd); + exit; +} else if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_name'])) { + move_uploaded_file($_FILES['ulfile']['tmp_name'], "/tmp/" . $_FILES['ulfile']['name']); + $ulmsg = "Uploaded file to /tmp/" . htmlentities($_FILES['ulfile']['name']); + unset($_POST['txtCommand']); +} +?> + + + +) +*/ + +// Function: is Blank +// Returns true or false depending on blankness of argument. + +function isBlank( $arg ) { return ereg( "^\s*$", $arg ); } + + +// Function: Puts +// Put string, Ruby-style. + +function puts( $arg ) { echo "$arg\n"; } + + +// "Constants". + +$Version = ''; +$ScriptName = $HTTP_SERVER_VARS['SCRIPT_NAME']; +$Title = 'm0n0wall: execute command'; + +// Get year. + +$arrDT = localtime(); +$intYear = $arrDT[5] + 1900; + +?> + +<?=$Title ?> + + + + +> +

+ +

Note: this function is unsupported. Use it +on your own risk!

+ +" . $ulmsg . "

\n"; ?> +"); + puts("\$ " . htmlspecialchars($_POST['txtCommand'])); + putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"); + putenv("SCRIPT_FILENAME=" . strtok($_POST['txtCommand'], " ")); /* PHP scripts */ + $ph = popen($_POST['txtCommand'], "r" ); + while ($line = fgets($ph)) echo htmlspecialchars($line); + pclose($ph); + puts(""); +} + +?> + +
+ + + + + + + + + + + + + + + + + + + + + +
Command:
  + + + + + +
Download: + + +
Upload: + +
+
+ + diff --git a/webgui/exec_raw.php b/webgui/exec_raw.php index a51b4e9..f27ae71 100644 --- a/webgui/exec_raw.php +++ b/webgui/exec_raw.php @@ -1,38 +1,39 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -header("Content-Type: text/plain"); - -putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"); -passthru($_GET['cmd']); - -exit(0); +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require("guiconfig.inc"); + +header("Content-Type: text/plain"); + +putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"); +passthru($_GET['cmd']); + +exit(0); ?> \ No newline at end of file diff --git a/webgui/fbegin.inc b/webgui/fbegin.inc index 833fd76..cbcb73d 100644 --- a/webgui/fbegin.inc +++ b/webgui/fbegin.inc @@ -41,7 +41,135 @@ function genhtmltitle($title) { global $config; return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . gentitle($title); } + +function dynamic_menu(&$menu, $menu_title) { + global $allowed, $config; + + // Make sure the admin can see everything + if ($_SERVER['REMOTE_USER'] === $config['system']['username']) { + unset($allowed); + foreach ($menu as $item) { + $allowed[] = $item[0]; + } + } + + foreach ($menu as $desc => $links) { + if ($intersect = array_intersect($menu[$desc],$allowed)) { + if (!isset($header_displayed) && !($menu_title=='Diagnostics')) { + echo "\n ".$menu_title.'
'; + $header_displayed = true; + } + else { + if (!isset($header_displayed)) { + if (isset($config['system']['webgui']['expanddiags']) || strstr($_SERVER['SCRIPT_FILENAME'], "diag_") || strstr($_SERVER['SCRIPT_FILENAME'], "reboot")): ?> + Diagnostics
+ + + Diagnostics
+