smeserver/smeserver-manager
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix 1267 in remoteaccess panel

Browse Source
This commit is contained in:
Brian Read 2024-11-26 16:38:31 +00:00
parent 6c1b6ed1f4
commit 2b83be6d70
2 changed files with 283 additions and 260 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
root/usr/share/smanager/lib/SrvMngr/Controller/Remoteaccess.pm
View File

@ -26,17 +26,18 @@ use Socket qw( inet_aton );
#our @ISA = qw(esmith::FormMagick Exporter); #our @ISA = qw(esmith::FormMagick Exporter);
our @EXPORT = qw( networkAccess_list passwordLogin_list get_ssh_permit_root_login get_ssh_access get_telnet_mode our @EXPORT =
qw( networkAccess_list passwordLogin_list get_ssh_permit_root_login get_ssh_access get_telnet_mode
get_ftp_access get_ftp_password_login_access get_ftp_access get_ftp_password_login_access
get_value get_prop get_ssh_password_auth get_value get_prop get_ssh_password_auth
validate_network_and_mask ip_number_or_blank subnet_mask_or_blank validate_network_and_mask ip_number_or_blank subnet_mask_or_blank
get_ipsecrw_sessions pptp_and_dhcp_range get_ipsecrw_sessions pptp_and_dhcp_range
); );
# get_pptp_sessions # get_pptp_sessions
our $db = esmith::ConfigDB->open || warn "Couldn't open configuration database"; our $db = esmith::ConfigDB->open || warn "Couldn't open configuration database";
sub main { sub main {
my $c = shift; my $c = shift;
@ -46,6 +47,8 @@ sub main {
my $notif = ''; my $notif = '';
my %rma_datas = (); my %rma_datas = ();
$db = esmith::ConfigDB->open || warn "Couldn't open configuration database";
#$rma_datas{ipsecrwSess} = $c->get_ipsecrw_sessions(); #$rma_datas{ipsecrwSess} = $c->get_ipsecrw_sessions();
#$rma_datas{pptpSessions} = $c->get_pptp_sessions(); #$rma_datas{pptpSessions} = $c->get_pptp_sessions();
$rma_datas{sshAccess} = $c->get_ssh_access(); $rma_datas{sshAccess} = $c->get_ssh_access();
@ -54,13 +57,13 @@ sub main {
$rma_datas{sshTCPPort} = $c->get_ssh_port(); $rma_datas{sshTCPPort} = $c->get_ssh_port();
$rma_datas{ftpAccess} = $c->get_ftp_access(); $rma_datas{ftpAccess} = $c->get_ftp_access();
$rma_datas{ftpPasswordAccess} = $c->get_ftp_password_login_access(); $rma_datas{ftpPasswordAccess} = $c->get_ftp_password_login_access();
#$rma_datas{telnetAccess} = $c->get_telnet_access; #$rma_datas{telnetAccess} = $c->get_telnet_access;
$c->stash( title => $title, notif => $notif, rma_datas => \%rma_datas ); $c->stash( title => $title, notif => $notif, rma_datas => \%rma_datas );
$c->render( template => 'remoteaccess' ); $c->render( template => 'remoteaccess' );
}; }
sub do_action { sub do_action {
@ -71,6 +74,8 @@ sub do_action {
my ( $result, $res, $trt ) = ''; my ( $result, $res, $trt ) = '';
my %rma_datas = (); my %rma_datas = ();
$db = esmith::ConfigDB->open || warn "Couldn't open configuration database";
$rma_datas{ipsecrwSess} = ( $c->param('IpsecrwSess') || '' ); $rma_datas{ipsecrwSess} = ( $c->param('IpsecrwSess') || '' );
$rma_datas{ipsecrwReset} = ( $c->param('IpsecrwReset') || '' ); $rma_datas{ipsecrwReset} = ( $c->param('IpsecrwReset') || '' );
@ -83,12 +88,15 @@ sub do_action {
$rma_datas{remove_nets} = join ',', @vals; $rma_datas{remove_nets} = join ',', @vals;
$rma_datas{sshaccess} = ( $c->param('SshAccess') || 'off' ); $rma_datas{sshaccess} = ( $c->param('SshAccess') || 'off' );
$rma_datas{sshPermitRootLogin} = ($c->param ('SshPermitRootLogin') || 'no'); $rma_datas{sshPermitRootLogin} =
$rma_datas{sshPasswordAuthentication} = ($c->param ('SshPasswordAuthentication') || 'no'); ( $c->param('SshPermitRootLogin') || 'no' );
$rma_datas{sshPasswordAuthentication} =
( $c->param('SshPasswordAuthentication') || 'no' );
$rma_datas{sshTCPPort} = ( $c->param('SshTCPPort') || '22' ); $rma_datas{sshTCPPort} = ( $c->param('SshTCPPort') || '22' );
$rma_datas{ftpAccess} = ( $c->param('FtpAccess') || 'off' ); $rma_datas{ftpAccess} = ( $c->param('FtpAccess') || 'off' );
$rma_datas{ftpPasswordAccess} = ($c->param ('FtpPasswordAccess') || 'private'); $rma_datas{ftpPasswordAccess} =
( $c->param('FtpPasswordAccess') || 'private' );
$rma_datas{telnetAccess} = ( $c->param('TelnetAccess') || 'off' ); $rma_datas{telnetAccess} = ( $c->param('TelnetAccess') || 'off' );
@ -97,8 +105,12 @@ sub do_action {
return $c->render('remoteaccess') unless $v->has_data; return $c->render('remoteaccess') unless $v->has_data;
#$v->optional('PptpSessions')->num(0, 999)->is_valid; #$v->optional('PptpSessions')->num(0, 999)->is_valid;
if ( $c->param('ValidFromNetwork') ne "" ) {
$v->optional('ValidFromNetwork')->size( 7, 15 )->is_valid; $v->optional('ValidFromNetwork')->size( 7, 15 )->is_valid;
}
if ( $c->param('ValidFromMask') ne "" ) {
$v->optional('ValidFromMask')->size( 7, 15 )->is_valid; $v->optional('ValidFromMask')->size( 7, 15 )->is_valid;
}
$v->required('SshTCPPort')->num( 1, 65535 )->is_valid; $v->required('SshTCPPort')->num( 1, 65535 )->is_valid;
$result .= 'field validation error' if $v->has_error; $result .= 'field validation error' if $v->has_error;
@ -115,7 +127,11 @@ sub do_action {
$res = subnet_mask_or_blank( $c, $rma_datas{validFromMask} ); $res = subnet_mask_or_blank( $c, $rma_datas{validFromMask} );
$result .= $res . ' ' unless $res eq 'OK'; $result .= $res . ' ' unless $res eq 'OK';
$res = validate_network_and_mask( $c, $rma_datas{validFromNetwork}, $rma_datas{validFromMask} ); $res = validate_network_and_mask(
$c,
$rma_datas{validFromNetwork},
$rma_datas{validFromMask}
);
$result .= $res . ' ' unless $res eq 'OK'; $result .= $res . ' ' unless $res eq 'OK';
#$result .= ' blocked for testing !' . $rma_datas{remove_nets}; #$result .= ' blocked for testing !' . $rma_datas{remove_nets};
@ -126,37 +142,41 @@ sub do_action {
$result .= $res unless $res eq 'OK'; $result .= $res unless $res eq 'OK';
} }
if ( ! $result ) { if ( $result eq "" ) {
$result = $c->l('rma_ACTION_SUCCEEDED'); $result = $c->l('rma_SUCCESS');
$trt = 'SUC'; $trt = 'SUC';
} }
$c->stash( title => $title, notif => $result, rma_datas => \%rma_datas ); $c->stash( title => $title, notif => $result, rma_datas => \%rma_datas );
if ( $trt ne 'SUC' ) { #return $c->render( template => 'remoteaccess' );
return $c->render(template => 'remoteaccess');
if ( $trt eq 'SUC' ) {
$c->stash( title => $title,modul => $result);
return $c->render( template => 'module' );
} }
$c->redirect_to('/remoteaccess'); return $c->render( template => 'remoteaccess' );
#$c->redirect_to('/remoteaccess');
};
}
sub networkAccess_list { sub networkAccess_list {
my $c = shift; my $c = shift;
return [[ $c->l('rma_NO_ACCESS') => 'off'], return [
[ $c->l('rma_NO_ACCESS') => 'off' ],
[ $c->l('NETWORKS_ALLOW_LOCAL') => 'private' ], [ $c->l('NETWORKS_ALLOW_LOCAL') => 'private' ],
[ $c->l('NETWORKS_ALLOW_PUBLIC') => 'public']]; [ $c->l('NETWORKS_ALLOW_PUBLIC') => 'public' ]
];
} }
sub passwordLogin_list { sub passwordLogin_list {
my $c = shift; my $c = shift;
return [[$c->l('rma_PASSWORD_LOGIN_PRIVATE') => 'private'], return [
[$c->l('rma_PASSWORD_LOGIN_PUBLIC') => 'public']]; [ $c->l('rma_PASSWORD_LOGIN_PRIVATE') => 'private' ],
[ $c->l('rma_PASSWORD_LOGIN_PUBLIC') => 'public' ]
];
} }
sub get_prop { sub get_prop {
my ( $c, $item, $prop ) = @_; my ( $c, $item, $prop ) = @_;
@ -166,7 +186,6 @@ sub get_prop {
return $record ? $record->prop($prop) : undef; return $record ? $record->prop($prop) : undef;
} }
sub get_value { sub get_value {
my $c = shift; my $c = shift;
@ -174,7 +193,6 @@ sub get_value {
return ( $db->get($item)->value() ); return ( $db->get($item)->value() );
} }
sub get_ftp_access { sub get_ftp_access {
my $status = get_prop( '', 'ftp', 'status' ) || 'disabled'; my $status = get_prop( '', 'ftp', 'status' ) || 'disabled';
@ -184,7 +202,6 @@ sub get_ftp_access {
return ( $access eq 'public' ) ? 'normal' : 'private'; return ( $access eq 'public' ) ? 'normal' : 'private';
} }
#sub get_pptp_sessions { #sub get_pptp_sessions {
# my $status = get_prop('','pptpd','status'); # my $status = get_prop('','pptpd','status');
# if (defined($status) && ($status eq 'enabled')) { # if (defined($status) && ($status eq 'enabled')) {
@ -192,17 +209,14 @@ sub get_ftp_access {
# return '0'; # return '0';
#} #}
sub get_ssh_permit_root_login { sub get_ssh_permit_root_login {
return ( get_prop( '', 'sshd', 'PermitRootLogin' ) || 'no' ); return ( get_prop( '', 'sshd', 'PermitRootLogin' ) || 'no' );
} }
sub get_ssh_password_auth { sub get_ssh_password_auth {
return ( get_prop( '', 'sshd', 'PasswordAuthentication' ) || 'yes' ); return ( get_prop( '', 'sshd', 'PasswordAuthentication' ) || 'yes' );
} }
sub get_ssh_access { sub get_ssh_access {
my $status = get_prop( '', 'sshd', 'status' ); my $status = get_prop( '', 'sshd', 'status' );
@ -216,12 +230,10 @@ sub get_ssh_access {
} }
} }
sub get_ssh_port { sub get_ssh_port {
return ( get_prop( '$c', 'sshd', 'TCPPort' ) || '22' ); return ( get_prop( '$c', 'sshd', 'TCPPort' ) || '22' );
} }
sub get_ftp_password_login_access { sub get_ftp_password_login_access {
my $status = get_prop( '', 'ftp', 'status' ) || 'disabled'; my $status = get_prop( '', 'ftp', 'status' ) || 'disabled';
@ -232,7 +244,6 @@ sub get_ftp_password_login_access {
return ( $access eq 'public' ) ? 'public' : 'private'; return ( $access eq 'public' ) ? 'public' : 'private';
} }
sub get_telnet_mode { sub get_telnet_mode {
my $telnet = $db->get('telnet'); my $telnet = $db->get('telnet');
@ -243,7 +254,6 @@ sub get_telnet_mode {
return ( $access eq "public" ) ? "public" : "private"; return ( $access eq "public" ) ? "public" : "private";
} }
sub get_ipsecrw_sessions { sub get_ipsecrw_sessions {
my $status = $db->get('ipsec')->prop('RoadWarriorStatus'); my $status = $db->get('ipsec')->prop('RoadWarriorStatus');
@ -255,7 +265,6 @@ sub get_ipsecrw_sessions {
} }
} }
sub get_ipsecrw_status { sub get_ipsecrw_status {
return undef unless ( $db->get('ipsec') ); return undef unless ( $db->get('ipsec') );
@ -263,7 +272,6 @@ sub get_ipsecrw_status {
} }
sub pptp_and_dhcp_range { sub pptp_and_dhcp_range {
my $c = shift; my $c = shift;
@ -277,13 +285,15 @@ sub pptp_and_dhcp_range {
my $ip_end = unpack 'N', inet_aton($dhcp_end); my $ip_end = unpack 'N', inet_aton($dhcp_end);
my $ip_count = $ip_end - $ip_start; my $ip_count = $ip_end - $ip_start;
return 'OK' if ( $val < $ip_count ); return 'OK' if ( $val < $ip_count );
return $c->l('rma_NUMBER_OF_PPTP_CLIENTS_MUST_BE_LESSER_THAN_NUMBER_OF_IP_IN_DHCP_RANGE'); return $c->l(
} else { 'rma_NUMBER_OF_PPTP_CLIENTS_MUST_BE_LESSER_THAN_NUMBER_OF_IP_IN_DHCP_RANGE'
);
}
else {
return 'OK'; return 'OK';
} }
} }
sub _get_valid_from { sub _get_valid_from {
my $c = shift; my $c = shift;
@ -294,7 +304,6 @@ sub _get_valid_from {
return @vals; return @vals;
} }
sub ip_number_or_blank { sub ip_number_or_blank {
my $c = shift; my $c = shift;
@ -306,7 +315,6 @@ sub ip_number_or_blank {
return ip_number( $c, $ip ); return ip_number( $c, $ip );
} }
sub subnet_mask_or_blank { sub subnet_mask_or_blank {
my $c = shift; my $c = shift;
@ -318,10 +326,11 @@ sub subnet_mask_or_blank {
chomp $mask; chomp $mask;
return ( subnet_mask( $mask ) ne 'OK' ) ? $c->l('rma_INVALID_SUBNET_MASK') . " (" . $mask . ")" : 'OK'; return ( subnet_mask($mask) ne 'OK' )
? $c->l('rma_INVALID_SUBNET_MASK') . " (" . $mask . ")"
: 'OK';
} }
sub validate_network_and_mask { sub validate_network_and_mask {
my $c = shift; my $c = shift;
@ -329,12 +338,12 @@ sub validate_network_and_mask {
my $mask = shift || ""; my $mask = shift || "";
if ( $net xor $mask ) { if ( $net xor $mask ) {
return $c->l('rma_ERR_INVALID_PARAMS' . " (" . $net."/".$mask . ")"); return $c->l(
'rma_ERR_INVALID_PARAMS' . " (" . $net . "/" . $mask . ")" );
} }
return 'OK'; return 'OK';
} }
sub change_settings { sub change_settings {
my ( $c, %rma_datas ) = @_; my ( $c, %rma_datas ) = @_;
@ -347,7 +356,8 @@ sub change_settings {
if ($rec) { if ($rec) {
if ( $rma_datas{telnetAccess} eq "off" ) { if ( $rma_datas{telnetAccess} eq "off" ) {
$rec->set_prop( 'status', 'disabled' ); $rec->set_prop( 'status', 'disabled' );
} else { }
else {
$rec->set_prop( 'status', 'enabled' ); $rec->set_prop( 'status', 'enabled' );
$rec->set_prop( 'access', $rma_datas{telnetAccess} ); $rec->set_prop( 'access', $rma_datas{telnetAccess} );
} }
@ -355,11 +365,12 @@ sub change_settings {
$rec = $db->get('sshd') || $db->new_record( 'sshd', { type => 'service' } ); $rec = $db->get('sshd') || $db->new_record( 'sshd', { type => 'service' } );
$rec->set_prop( 'TCPPort', $rma_datas{sshTCPPort} ); $rec->set_prop( 'TCPPort', $rma_datas{sshTCPPort} );
$rec->set_prop('status', ( $rma_datas{sshaccess} eq "off" ? 'disabled' : 'enabled')); $rec->set_prop( 'status',
( $rma_datas{sshaccess} eq "off" ? 'disabled' : 'enabled' ) );
$rec->set_prop( 'access', $rma_datas{sshaccess} ); $rec->set_prop( 'access', $rma_datas{sshaccess} );
$rec->set_prop( 'PermitRootLogin', $rma_datas{sshPermitRootLogin} ); $rec->set_prop( 'PermitRootLogin', $rma_datas{sshPermitRootLogin} );
$rec->set_prop('PasswordAuthentication', $rma_datas{sshPasswordAuthentication}); $rec->set_prop( 'PasswordAuthentication',
$rma_datas{sshPasswordAuthentication} );
$rec = $db->get('ftp'); $rec = $db->get('ftp');
if ($rec) { if ($rec) {
@ -367,11 +378,13 @@ sub change_settings {
$rec->set_prop( 'status', 'disabled' ); $rec->set_prop( 'status', 'disabled' );
$rec->set_prop( 'access', 'private' ); $rec->set_prop( 'access', 'private' );
$rec->set_prop( 'LoginAccess', 'private' ); $rec->set_prop( 'LoginAccess', 'private' );
} elsif ($rma_datas{ftpAccess} eq "normal") { }
elsif ( $rma_datas{ftpAccess} eq "normal" ) {
$rec->set_prop( 'status', 'enabled' ); $rec->set_prop( 'status', 'enabled' );
$rec->set_prop( 'access', 'public' ); $rec->set_prop( 'access', 'public' );
$rec->set_prop( 'LoginAccess', $rma_datas{ftpPasswordAccess} ); $rec->set_prop( 'LoginAccess', $rma_datas{ftpPasswordAccess} );
} else { }
else {
$rec->set_prop( 'status', 'enabled' ); $rec->set_prop( 'status', 'enabled' );
$rec->set_prop( 'access', 'private' ); $rec->set_prop( 'access', 'private' );
$rec->set_prop( 'LoginAccess', $rma_datas{ftpPasswordAccess} ); $rec->set_prop( 'LoginAccess', $rma_datas{ftpPasswordAccess} );
@ -386,12 +399,18 @@ sub change_settings {
# } # }
if ( $rma_datas{validFromNetwork} && $rma_datas{validFromMask} ) { if ( $rma_datas{validFromNetwork} && $rma_datas{validFromMask} ) {
unless (add_new_valid_from( $c, $rma_datas{validFromNetwork}, $rma_datas{validFromMask} )) { unless (
add_new_valid_from(
$c,
$rma_datas{validFromNetwork},
$rma_datas{validFromMask}
)
)
{
return $c->l('rma_ERROR_UPDATING_CONFIGURATION') . 'new net'; return $c->l('rma_ERROR_UPDATING_CONFIGURATION') . 'new net';
} }
} }
if ( $rma_datas{remove_nets} ) { if ( $rma_datas{remove_nets} ) {
unless ( remove_valid_from( $c, $rma_datas{remove_nets} ) ) { unless ( remove_valid_from( $c, $rma_datas{remove_nets} ) ) {
return $c->l('rma_ERROR_UPDATING_CONFIGURATION') . 'del net'; return $c->l('rma_ERROR_UPDATING_CONFIGURATION') . 'del net';
@ -400,22 +419,23 @@ sub change_settings {
# reset ipsec roadwarrior CA,server,client certificates # reset ipsec roadwarrior CA,server,client certificates
if ( $rma_datas{ipsecrwReset} ) { if ( $rma_datas{ipsecrwReset} ) {
system('/sbin/e-smith/roadwarrior', 'reset_certs') == 0 or system( '/sbin/e-smith/roadwarrior', 'reset_certs' ) == 0
return $c->l('rma_ERROR_UPDATING_CONFIGURATION') . 'rst ipsec'; or return $c->l('rma_ERROR_UPDATING_CONFIGURATION') . 'rst ipsec';
} }
if ( $rma_datas{ipsecrwSess} ) { if ( $rma_datas{ipsecrwSess} ) {
set_ipsecrw_sessions( $c, $rma_datas{ipsecrwSess} ); set_ipsecrw_sessions( $c, $rma_datas{ipsecrwSess} );
} }
unless ( system( "/sbin/e-smith/signal-event", "remoteaccess-update" ) == 0 ) { unless (
system( "/sbin/e-smith/signal-event", "remoteaccess-update" ) == 0 )
{
return $c->l('rma_ERROR_UPDATING_CONFIGURATION'); return $c->l('rma_ERROR_UPDATING_CONFIGURATION');
} }
return 'OK'; return 'OK';
} }
sub set_ipsecrw_sessions { sub set_ipsecrw_sessions {
my $c = shift; my $c = shift;
@ -430,7 +450,6 @@ sub set_ipsecrw_sessions {
return ''; return '';
} }
sub add_new_valid_from { sub add_new_valid_from {
my $c = shift; my $c = shift;
@ -450,7 +469,8 @@ sub add_new_valid_from {
if ( $prop ne '' ) { if ( $prop ne '' ) {
$prop .= ",$net/$mask"; $prop .= ",$net/$mask";
} else { }
else {
$prop = "$net/$mask"; $prop = "$net/$mask";
} }
@ -459,7 +479,6 @@ sub add_new_valid_from {
return 1; return 1;
} }
sub remove_valid_from { sub remove_valid_from {
my $c = shift; my $c = shift;
@ -477,7 +496,8 @@ sub remove_valid_from {
my ( $net, $mask ) = split( /\//, $entry ); my ( $net, $mask ) = split( /\//, $entry );
unless (@vals) { unless (@vals) {
print STDERR "ERROR: unable to load ValidFrom property from conf db\n"; print STDERR
"ERROR: unable to load ValidFrom property from conf db\n";
return undef; return undef;
} }
@ -492,7 +512,8 @@ sub remove_valid_from {
my $prop; my $prop;
if (@vals) { if (@vals) {
$prop = join ',', @vals; $prop = join ',', @vals;
} else { }
else {
$prop = ''; $prop = '';
} }
@ -501,5 +522,4 @@ sub remove_valid_from {
return 1; return 1;
} }
1; 1;

5
smeserver-manager.spec
View File

@ -2,7 +2,7 @@ Summary: Sme server navigation module : manager 2
%define name smeserver-manager %define name smeserver-manager
Name: %{name} Name: %{name}
%define version 11.0.0 %define version 11.0.0
%define release 28 %define release 29
Version: %{version} Version: %{version}
Release: %{release}%{?dist} Release: %{release}%{?dist}
License: GPL License: GPL
@ -113,6 +113,9 @@ true
%defattr(-,root,root) %defattr(-,root,root)
%changelog %changelog
* Tue Nov 26 2024 Brian Read <brianr@koozali.org> 11.0.0-29.sme
- Fix remoteaccess panel, reformat pm file and bring success panel into line with other similar panels [SME: 12747]
* Fri Oct 18 2024 Brian Read <brianr@koozali.org> 11.0.0-28.sme * Fri Oct 18 2024 Brian Read <brianr@koozali.org> 11.0.0-28.sme
- Add in emailsettings for port 25,465 and 587 [SME: 12750] - Add in emailsettings for port 25,465 and 587 [SME: 12750]
- Comment out change to localhost for roundcube in _user_list email icon setting [SME: 12751] - Comment out change to localhost for roundcube in _user_list email icon setting [SME: 12751]