Update of /cvsroot/leaf/src/config/webconf/var/webconf/www
In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv3118
Added Files:
ipsec.cgi
Log Message:
Initial version
--- NEW FILE: ipsec.cgi ---
#!/usr/bin/haserl --upload-dir=/tmp --upload-limit=10
#
# Copyleft 2009 Erich Titl ([email protected])
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
<%
WEBCONF_DIR=/var/webconf
TEMPLATE_DIR=$WEBCONF_DIR/templates
FILTERDIR=$WEBCONF_DIR/lib/filter
ASP_TEMPLATE=$TEMPLATE_DIR/ipsec_asp
IPSEC_BLURB=$WEBCONF_DIR/www/blurb.ipsec
IPSEC_TEXT=$WEBCONF_DIR/www/text.ipsec
IPSEC_CONN_TEMPLATE=$TEMPLATE_DIR/ipsec_conn
IPSEC_CMD="/usr/sbin/ipsec auto"
RM=/bin/rm
. /var/webconf/lib/validator.sh # Sets colours CL0 to CL4
. /var/webconf/lib/networking.func # make various functions for
# networking available
. /var/webconf/lib/ipsec.func
######################################################################
# this is for the calls to ifup/down and ip
######################################################################
PATH=$PATH:/sbin
export PATH
######################################################################
/var/webconf/lib/preamble.sh
######################################################################
# insert the javascript functions
######################################################################
cat <<-EOF
<script src="ipsec.js" type="text/javascript"></script>
EOF
######################################################################
######################################################################
# insert the ipsec css file
######################################################################
cat <<-EOF
<link rel="stylesheet" type="text/css" href="/ipsec.css">
EOF
######################################################################
TEMP=/tmp/$SCRIPT_NAME$$
cat <<-EOF
<form name="$SCRIPT_NAME_form" action="$SCRIPT_NAME" method=post
enctype="multipart/form-data">
<h1>Configure IPSEC</h1>
<div class="think">
EOF
FORM_name="$( echo $FORM_name | to_html | sed "s-[^/a-zA-Z\.0-9\-_]--g"
)"
FORM_name_ok="$( ls -1 /var/log | grep "^$FORM_name\$" )"
CONNECTION_FILE=$CONNECTION_DIR/$FORM_connectionname
echo "<br><div class=info>"
[ -s $IPSEC_BLURB ] && cat $IPSEC_BLURB
echo "</div>"
case "$FORM_cmd" in
Apply|Save)
###########################################################
# make sure the destination directories exist
###########################################################
[ ! -d $CERT_DIR ] && mkdir -p $CERT_DIR
[ ! -d $KEY_DIR ] && mkdir -p $KEY_DIR
[ ! -d $CACERT_DIR ] && mkdir -p $CACERT_DIR
[ ! -d $CRL_DIR ] && mkdir -p $CRL_DIR
###########################################################
# copy the certificate files to the destination
directories
###########################################################
[ "$FORM_leftcert" != "" ] && [ -s $FORM_leftcert ] &&
cp $FORM_leftcert $CERT_DIR/$FORM_leftcert_name
[ "$FORM_key" != "" ] && [ -s $FORM_key ] && cp
$FORM_Key $KEY_DIR/$FORM_key_name
[ "$FORM_cacert" != "" ] && [ -s $FORM_cacert ] && cp
$FORM_cacert $CACERT_DIR/$FORM_cacert_name
[ "$FORM_crl" != "" ] && [ -s $FORM_crl ] && cp
$FORM_crl $CRL_DIR/$FORM_crl_name
###########################################################
# build the connection file
###########################################################
cp $IPSEC_CONN_TEMPLATE $TEMP
echo "conn $FORM_connectionname" >> $TEMP
[ "$FORM_left" != "" ] && echo "
left=$FORM_left" >> $TEMP
[ "$FORM_leftsubnet" != "" ] && echo "
leftsubnet=$FORM_leftsubnet" >> $TEMP
[ "$FORM_leftrsasigkey" != "" ] && echo "
leftrsasigkey=$FORM_leftrsasigkey" >> $TEMP
[ "$FORM_leftid" != "" ] && echo "
leftid=\"$FORM_leftid\"">> $TEMP
[ "$FORM_leftcert_name" != "" ] &&
CONFIG_leftcert=$FORM_leftcert_name
[ "$CONFIG_leftcert" = "" ] &&
CONFIG_leftcert=$FORM_old_leftcert
[ "$CONFIG_leftcert" != "" ] && echo "
leftcert=$CONFIG_leftcert" >> $TEMP
[ "$FORM_right" ] & echo "
right=$FORM_right" >> $TEMP
[ "$FORM_rightsubnet" != "" ] && echo "
rightsubnet=$FORM_rightsubnet" >> $TEMP
[ "$FORM_rightrsasigkey" != "" ] && echo "
rightrsasigkey=$FORM_rightrsasigkey" >> $TEMP
[ "$FORM_rightid" != "" ] && echo "
rightid=\"$FORM_rightid\"" >> $TEMP
[ "$FORM_authby" != "" ] && echo "
authby=$FORM_authby" >> $TEMP
[ "$FORM_keylife" != "" ] && echo "
keylife=$FORM_keylife" >> $TEMP
[ "$FORM_keyingtries" != "" ] && echo "
keyingtries=$FORM_keyingtries" >> $TEMP
[ "$FORM_ikelifetime" != "" ] && echo "
ikelifetime=$FORM_ikelifetime" >> $TEMP
[ "$FORM_rekeyfuzz" != "" ] && echo "
rekeyfuzz=$FORM_rekeyfuzz" >> $TEMP
[ "$FORM_rekeymargin" != "" ] && echo "
rekeymargin=$FORM_rekeymargin" >> $TEMP
[ "$FORM_dpddelay" != "" ] && echo "
dpddelay=$FORM_dpddelay" >> $TEMP
[ "$FORM_dpdtimeout" != "" ] && echo "
dpdtimeout=$FORM_dpdtimeout" >> $TEMP
[ "$FORM_pfs" != "" ] && echo "
pfs=yes" >> $TEMP
[ "$FORM_pfs" = "" ] && echo " pfs=no"
>> $TEMP
[ "$FORM_compress" != "" ] && echo "
compress=yes" >> $TEMP
[ "$FORM_compress" = "" ] && echo "
compress=no" >> $TEMP
###########################################################
# assemble the ike parameter and write it to FORM_ike
###########################################################
TMP_ike=`assemble_ike $FORM_ike_cipher $FORM_ike_hash
$FORM_ike_dh`
[ "$TMP_ike" != "" ] && echo "
ike=$TMP_ike" >> $TEMP
###########################################################
# assemble the esp parameter and write it to FORM_esp
# and the pfsgroup to FORM_pfsgroup
###########################################################
TMP_esp=`assemble_esp $FORM_esp_cipher $FORM_esp_hash`
[ "X$TMP_esp" != "X" ] && echo "
esp=$TMP_esp" >> $TEMP
TMP_pfsgroup=`transform_modp $FORM_pfs_group`
[ "X$TMP_pfsgroup" != "X" ] && echo "
pfsgroup=$TMP_pfsgroup" >> $TEMP
[ "$FORM_auto" != "" ] && echo "
auto=$FORM_auto" >> $TEMP
[ "$FORM_connectionname" != "" ] && mv $TEMP
$CONNECTION_DIR/$FORM_connectionname
[ -f "$TEMP" ] && rm $TEMP
###########################################################
# build the secrets file
###########################################################
# we need the CONFIG values to decide if there is
anything to do
[ -s $CONNECTION_FILE ] && init_ipsec_values
$CONNECTION_FILE
if [ "X$FORM_authby" = "Xsecret" ] ; then
installed_secret=`get_psk`
if [ "$installed_secret" != "$FORM_secret" ] ;
then
if [ "X$installed_secret" != "X" ] ;
then
replace_psk $FORM_secret
else
add_psk $FORM_secret
fi
fi
elif [ "X$FORM_authby" = "Xrsasig" ] ; then
###########################################################
# check if we uploaded a new key file, if so we need
# to install that key into the ipsec.secrets file
# the call to set_X509_secret checks if a new entry is
needed
###########################################################
if [ "$FORM_key" != "" -a "$FORM_key_name" !=
"" ]; then
set_X509_secret $FORM_key_name
$FORM_passphrase
fi
fi
###########################################################
# add the connection to the ipsec.conf file
###########################################################
add_connection $FORM_connectionname
if [ "$FORM_cmd" = "Apply" ]; then
[ $FORM_auto == "start" ] && up_connection
$FORM_connectionname
[ $FORM_auto == "add" ] && listen_connection
$FORM_connectionname
fi
;;
Delete)
if [ "X$FORM_connectionname" != "X" ]; then
[ -s $CONNECTION_FILE ] && init_ipsec_values
$CONNECTION_FILE
delete_connection $FORM_connectionname
delete_psk
fi
;;
Up)
[ "X$FORM_connectionname" != "X" ] && up_connection
$FORM_connectionname
;;
Down)
[ "X$FORM_connectionname" != "X" ] && down_connection
$FORM_connectionname
;;
Restart)
/etc/init.d/ipsec restart
;;
*)
;; # View
esac
###########################################################
# read the connection values (doubtfull)
###########################################################
#[ -s $CONNECTION_FILE ] && init_ipsec_values $CONNECTION_FILE
cat <<-EOF
<div class=ipsec>
<table><tr><td>
<select class=ipsec_list name=connectionname size=10 >
EOF
# echo "<select class=ipsec_list name=IPSEC_CONNECTION
size=`list_connections | wc -l` >"
for j in `list_connections`
do
echo "<option>$j</option>"
done
cat <<-EOF
</select>
</td>
<td valign=top>
<div id=ipsec_txt class=ipsec_txt>
<div>
EOF
[ -r $IPSEC_TEXT ] && cat $IPSEC_TEXT
cat <<-EOF
</div> <!-- info -->
</div> <!-- ipsec_txt -->
</td></tr>
</table>
<div id=apply>
<input class=button type=submit name=cmd value=Edit
onClick=onSubmitForm("ipsec_conn.cgi")>
<input class=button type=submit name=cmd value=Create
onClick=onSubmitForm("ipsec_conn.cgi")>
<input class=button type=submit name=cmd value=Delete>
<input class=button type=submit name=cmd value=Down>
<input class=button type=submit name=cmd value=Up>
<input class=button type=submit name=cmd value=Restart>
</div> <!-- apply -->
</div> <!-- ipsec -->
</div> <!-- think -->
</form>
EOF
/var/webconf/lib/footer.sh
%>
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
leaf-cvs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits
