[Ipcop-svn] SF.net SVN: ipcop:[2769] ipcop/trunk/html/cgi-bin/ovpnmain.cgi

Sat, 02 May 2009 08:21:32 -0700 

Revision: 2769
          http://ipcop.svn.sourceforge.net/ipcop/?rev=2769&view=rev
Author:   owes
Date:     2009-05-02 15:20:58 +0000 (Sat, 02 May 2009)

Log Message:
-----------
Use the isReservedPort function when checking port for OpenVPN server.
We will need a similar isPortforwardPort in DataAccess.pl to check against 
portforwards.

Modified Paths:
--------------
    ipcop/trunk/html/cgi-bin/ovpnmain.cgi

Modified: ipcop/trunk/html/cgi-bin/ovpnmain.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/ovpnmain.cgi       2009-05-02 14:25:18 UTC (rev 
2768)
+++ ipcop/trunk/html/cgi-bin/ovpnmain.cgi       2009-05-02 15:20:58 UTC (rev 
2769)
@@ -22,6 +22,7 @@
 require '/usr/lib/ipcop/lang.pl';
 require '/usr/lib/ipcop/header.pl';
 require '/usr/lib/ipcop/countries.pl';
+require '/usr/lib/ipcop/DataAccess.pl';
 
 # enable only the following on debugging purpose
 use warnings;
@@ -111,143 +112,6 @@
     }
 }
 
-sub checkportfw {
-    my $KEY2 = $_[0]; # key2
-    my $SRC_PORT = $_[1]; # src_port
-    my $PROTOCOL = $_[2]; # protocol
-    my $SRC_IP = $_[3]; # sourceip
-
-    my $pfwfilename = "/var/ipcop/portfw/config";
-    open(FILE, $pfwfilename) or die 'Unable to open config file.';
-    my @pfwcurrent = <FILE>;
-    close(FILE);
-    my $pfwkey1 = 0; # used for finding last sequence number used
-    foreach my $pfwline (@pfwcurrent)
-    {
-        my @pfwtemp = split(/\,/,$pfwline);
-
-        chomp ($pfwtemp[8]);
-        if ($KEY2 eq "0") {
-            # if key2 is 0 then it is a portfw addition
-            if ( $SRC_PORT eq $pfwtemp[3] && $PROTOCOL eq $pfwtemp[2] && 
$SRC_IP eq $pfwtemp[7]) {
-                $errormessage = "$Lang::tr{'source port in use'}: $SRC_PORT";
-            }
-    
-            # Check if key2 = 0, if it is then it is a port forward entry and 
we want the sequence number
-            if ( $pfwtemp[1] eq "0") {
-                $pfwkey1=$pfwtemp[0];
-            }
-
-            # Darren Critchley - Duplicate or overlapping Port range check
-            if ($pfwtemp[1] eq "0" && $PROTOCOL eq $pfwtemp[2] && $SRC_IP eq 
$pfwtemp[7] && $errormessage eq '')
-            {
-                &portchecks($SRC_PORT, $pfwtemp[5]);
-            }
-        }
-    }
-    return;
-}
-
-sub checkportoverlap
-{
-    my $portrange1 = $_[0]; # New port range
-    my $portrange2 = $_[1]; # existing port range
-    my @tempr1 = split(/\:/,$portrange1);
-    my @tempr2 = split(/\:/,$portrange2);
-
-    unless (&checkportinc($tempr1[0], $portrange2)){ return 0;}
-    unless (&checkportinc($tempr1[1], $portrange2)){ return 0;}
-
-    unless (&checkportinc($tempr2[0], $portrange1)){ return 0;}
-    unless (&checkportinc($tempr2[1], $portrange1)){ return 0;}
-
-    return 1; # Everything checks out!
-}
-
-# Darren Critchley - we want to make sure that a port entry is not within an 
already existing range
-sub checkportinc
-{
-    my $port1 = $_[0]; # Port
-    my $portrange2 = $_[1]; # Port range
-    my @tempr1 = split(/\:/,$portrange2);
-
-    if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) {
-        return 1;
-    } else {
-        return 0;
-    }
-}
-# Darren Critchley - Duplicate or overlapping Port range check
-sub portchecks
-{
-    my $p1 = $_[0]; # New port range
-    my $p2 = $_[1]; # existing port range
-#   $_ = $_[0];
-    our ($prtrange1, $prtrange2);
-    $prtrange1 = 0;
-#   if (m/:/ && $prtrange1 == 1) { # comparing two port ranges
-#       unless (&checkportoverlap($p1,$p2)) {
-#           $errormessage = "$Lang::tr{'source port overlaps'} $p1";
-#       }
-#   }
-    if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port 
to a range
-        unless (&checkportinc($p2,$p1)) {
-            $errormessage = "$Lang::tr{'srcprt within existing'} $p1";
-        }
-    }
-    $prtrange1 = 1;
-    if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port 
to a range
-        unless (&checkportinc($p1,$p2)) {
-            $errormessage = "$Lang::tr{'srcprt range overlaps'} $p2";
-        }
-    }
-    return;
-}
-
-# Darren Critchley - certain ports are reserved for Ipcop
-# TCP 67,68,81,222,445
-# UDP 67,68
-# Params passed in -> port, rangeyn, protocol
-sub disallowreserved
-{
-    # port 67 and 68 same for tcp and udp, don't bother putting in an array
-    my $msg = "";
-    my @tcp_reserved = (81,222,445);
-    my $prt = $_[0]; # the port or range
-    my $ryn = $_[1]; # tells us whether or not it is a port range
-    my $prot = $_[2]; # protocol
-    my $srcdst = $_[3]; # source or destination
-    if ($ryn) { # disect port range
-        if ($srcdst eq "src") {
-            $msg = "$Lang::tr{'rsvd src port overlap'}:";
-        } else {
-            $msg = "$Lang::tr{'rsvd dst port overlap'}:";
-        }
-        my @tmprng = split(/\:/,$prt);
-        unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; 
return; }
-        unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; 
return; }
-        if ($prot eq "tcp") {
-            foreach my $prange (@tcp_reserved) {
-                unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { 
$errormessage="$msg $prange"; return; }
-            }
-        }
-    } else {
-        if ($srcdst eq "src") {
-            $msg = "$Lang::tr{'reserved src port'}:";
-        } else {
-            $msg = "$Lang::tr{'reserved dst port'}:";
-        }
-        if ($prt == 67) { $errormessage="$msg 67"; return; }
-        if ($prt == 68) { $errormessage="$msg 68"; return; }
-        if ($prot eq "tcp") {
-            foreach my $prange (@tcp_reserved) {
-                if ($prange == $prt) { $errormessage="$msg $prange"; return; }
-            }
-        }
-    }
-    return;
-}
-
 sub writeserverconf {
     my %sovpnsettings = ();
     &General::readhash('/var/ipcop/ovpn/settings', \%sovpnsettings);
@@ -520,19 +384,15 @@
             goto SETTINGS_ERROR;
         }
     }
-    if ($cgiparams{'ENABLED_RED_1'} eq 'on') {
-        
&disallowreserved($cgiparams{'DDEST_PORT'},0,$cgiparams{'DPROTOCOL'},"dest");
+    if (($cgiparams{'DPROTOCOL'} ne $vpnsettings{'DPROTOCOL'}) || 
($cgiparams{'DDEST_PORT'} ne $vpnsettings{'DDEST_PORT'})) {
+        # Verify port (usually udp/1994) only if want to change it.
+        if 
(&DATA::isReservedPort($cgiparams{'DPROTOCOL'},$cgiparams{'DDEST_PORT'})) {
+            $errormessage = $Lang::tr{'reserved dst port'};
+            goto SETTINGS_ERROR; 
+        }
     }
-    if ($errormessage) { 
-        goto SETTINGS_ERROR; 
-    }
 
-    if ($cgiparams{'ENABLED_RED_1'} eq 'on') {
-        
&checkportfw(0,$cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'},'0.0.0.0');
-    }
-    if ($errormessage) {
-        goto SETTINGS_ERROR; 
-    }
+    # TODO: checking for portforwards will need to be done differently.
 
     if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
         $errormessage = $Lang::tr{'ovpn subnet is invalid'};


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn

Reply via email to