--- /dev/null
+/* SmoothWall helper program - restartsnort\r
+ *\r
+ * This program is distributed under the terms of the GNU General Public\r
+ * Licence. See the file COPYING for details.\r
+ *\r
+ * (c) Lawrence Manning, 2001\r
+ * Restarting snort.\r
+ * \r
+ * $Id: restartsnort.c,v 1.8.2.3 2005/10/16 12:36:14 rkerr Exp $\r
+ * \r
+ */\r
+ \r
+#include <stdio.h>\r
+#include <string.h>\r
+#include <stdlib.h>\r
+#include <unistd.h>\r
+#include <sys/types.h>\r
+#include <sys/stat.h>\r
+#include <string.h>\r
+#include <fcntl.h>\r
+#include <signal.h>\r
+#include "libsmooth.h"\r
+#include "setuid.h"\r
+\r
+struct keyvalue *kv = NULL;\r
+FILE *varsfile = NULL;\r
+\r
+void exithandler(void)\r
+{\r
+ if (varsfile)\r
+ fclose (varsfile);\r
+\r
+ if (kv)\r
+ freekeyvalues(kv);\r
+}\r
+\r
+int killsnort(char *interface)\r
+{\r
+ int fd;\r
+ char pidname[STRING_SIZE] = "";\r
+ char buffer[STRING_SIZE] = "";\r
+ int pid;\r
+\r
+ sprintf(pidname, "/var/run/snort_%s.pid", interface);\r
+\r
+ if ((fd = open(pidname, O_RDONLY)) != -1)\r
+ {\r
+ if (read(fd, buffer, STRING_SIZE - 1) == -1)\r
+ fprintf(stderr, "Couldn't read from pid file\n");\r
+ else\r
+ {\r
+ pid = atoi(buffer);\r
+ if (pid <= 1)\r
+ fprintf(stderr, "Bad pid value\n");\r
+ else\r
+ {\r
+ if (kill(pid, SIGTERM) == -1)\r
+ fprintf(stderr, "Unable to send SIGTERM\n");\r
+ close (fd);\r
+ return 0;\r
+ }\r
+ }\r
+ close(fd);\r
+ }\r
+ return 1;\r
+}\r
+\r
+int main(int argc, char *argv[])\r
+{\r
+ int fd = -1;\r
+ FILE *ifacefile, *ipfile, *dns1file, *dns2file;\r
+ char iface[STRING_SIZE] = "";\r
+ char locip[STRING_SIZE] = "";\r
+ char dns1[STRING_SIZE] = "";\r
+ char dns2[STRING_SIZE] = "";\r
+ char command[STRING_SIZE] = "";\r
+ char greendev[STRING_SIZE] = "";\r
+ char orangedev[STRING_SIZE] = "";\r
+ char bluedev[STRING_SIZE] = "";\r
+ char greenip[STRING_SIZE] = "";\r
+ char orangeip[STRING_SIZE] = "";\r
+ char blueip[STRING_SIZE] = "";\r
+ struct stat st;\r
+ int i;\r
+ int restartred = 0, restartgreen = 0, restartblue = 0, restartorange = 0;\r
+ \r
+ if (!(initsetuid()))\r
+ exit(1);\r
+ \r
+ atexit(exithandler);\r
+\r
+ for (i=0; i<argc; i++) {\r
+ if (!strcmp(argv[i], "red"))\r
+ restartred = 1;\r
+ if (!strcmp(argv[i], "orange"))\r
+ restartorange = 1;\r
+ if (!strcmp(argv[i], "blue"))\r
+ restartblue = 1;\r
+ if (!strcmp(argv[i], "green"))\r
+ restartgreen = 1;\r
+ }\r
+ \r
+ kv = initkeyvalues();\r
+ if (!(readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")))\r
+ exit(1);\r
+\r
+ if (! findkey(kv, "GREEN_DEV", greendev)) {\r
+ fprintf(stderr, "Couldn't find GREEN device\n");\r
+ exit(1);\r
+ }\r
+ if (! strlen (greendev) > 0) {\r
+ fprintf(stderr, "Couldn't find GREEN device\n");\r
+ exit(1);\r
+ }\r
+ if (!VALID_DEVICE(greendev))\r
+ {\r
+ fprintf(stderr, "Bad GREEN_DEV: %s\n", greendev);\r
+ exit(1);\r
+ }\r
+ if (!(findkey(kv, "GREEN_ADDRESS", greenip))) {\r
+ fprintf(stderr, "Couldn't find GREEN address\n");\r
+ exit(1);\r
+ }\r
+ if (!VALID_IP(greenip)) {\r
+ fprintf(stderr, "Bad GREEN_ADDRESS: %s\n", greenip);\r
+ exit(1);\r
+ }\r
+\r
+ if (findkey(kv, "ORANGE_DEV", orangedev) && strlen (orangedev) > 0) {\r
+ if (!VALID_DEVICE(orangedev))\r
+ {\r
+ fprintf(stderr, "Bad ORANGE_DEV: %s\n", orangedev);\r
+ exit(1);\r
+ }\r
+ if (!(findkey(kv, "ORANGE_ADDRESS", orangeip))) {\r
+ fprintf(stderr, "Couldn't find ORANGE address\n");\r
+ exit(1);\r
+ }\r
+ if (!VALID_IP(orangeip)) {\r
+ fprintf(stderr, "Bad ORANGE_ADDRESS: %s\n", orangeip);\r
+ exit(1);\r
+ }\r
+ }\r
+\r
+ if (findkey(kv, "BLUE_DEV", bluedev) && strlen (bluedev) > 0) {\r
+ if (!VALID_DEVICE(bluedev))\r
+ {\r
+ fprintf(stderr, "Bad BLUE_DEV: %s\n", bluedev);\r
+ exit(1);\r
+ }\r
+ if (!(findkey(kv, "BLUE_ADDRESS", blueip))) {\r
+ fprintf(stderr, "Couldn't find BLUE address\n");\r
+ exit(1);\r
+ }\r
+ if (!VALID_IP(blueip)) {\r
+ fprintf(stderr, "Bad BLUE_ADDRESS: %s\n", blueip);\r
+ exit(1);\r
+ }\r
+ }\r
+\r
+ stat(CONFIG_ROOT "/red/active", &st);\r
+\r
+ if (S_ISREG(st.st_mode)) {\r
+ if (!(ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))\r
+ {\r
+ fprintf(stderr, "Couldn't open iface file\n");\r
+ exit(0);\r
+ }\r
+\r
+ if (fgets(iface, STRING_SIZE, ifacefile))\r
+ {\r
+ if (iface[strlen(iface) - 1] == '\n')\r
+ iface[strlen(iface) - 1] = '\0';\r
+ }\r
+ fclose(ifacefile);\r
+ if (!VALID_DEVICE(iface))\r
+ {\r
+ fprintf(stderr, "Bad iface: %s\n", iface);\r
+ exit(0);\r
+ }\r
+\r
+ if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))\r
+ {\r
+ fprintf(stderr, "Couldn't open local ip file\n");\r
+ exit(0);\r
+ }\r
+ if (fgets(locip, STRING_SIZE, ipfile))\r
+ {\r
+ if (locip[strlen(locip) - 1] == '\n')\r
+ locip[strlen(locip) - 1] = '\0';\r
+ }\r
+ fclose (ipfile);\r
+ if (strlen(locip) && !VALID_IP(locip))\r
+ {\r
+ fprintf(stderr, "Bad local IP: %s\n", locip);\r
+ exit(1);\r
+ }\r
+ \r
+ if (!(dns1file = fopen(CONFIG_ROOT "/red/dns1", "r")))\r
+ {\r
+ fprintf(stderr, "Couldn't open dns1 file\n");\r
+ exit(0);\r
+ }\r
+ if (fgets(dns1, STRING_SIZE, dns1file))\r
+ {\r
+ if (dns1[strlen(dns1) - 1] == '\n')\r
+ dns1[strlen(dns1) - 1] = '\0';\r
+ }\r
+ fclose (dns1file);\r
+ if (strlen(dns1) && !VALID_IP(dns1))\r
+ {\r
+ fprintf(stderr, "Bad DNS1 IP: %s\n", dns1);\r
+ exit(1);\r
+ }\r
+ \r
+ if (!(dns2file = fopen(CONFIG_ROOT "/red/dns2", "r")))\r
+ {\r
+ fprintf(stderr, "Couldn't open dns2 file\n");\r
+ exit(1);\r
+ }\r
+ if (fgets(dns2, STRING_SIZE, dns2file))\r
+ {\r
+ if (dns2[strlen(dns2) - 1] == '\n')\r
+ dns2[strlen(dns2) - 1] = '\0';\r
+ }\r
+ fclose (dns2file);\r
+ if (strlen(dns2) && !VALID_IP(dns2))\r
+ {\r
+ fprintf(stderr, "Bad DNS2 IP: %s\n", dns2);\r
+ exit(1);\r
+ }\r
+ }\r
+\r
+ if (restartred)\r
+ killsnort(iface);\r
+\r
+ if (restartblue)\r
+ killsnort(bluedev);\r
+ \r
+ if (restartorange)\r
+ killsnort(orangedev);\r
+\r
+ if (restartgreen)\r
+ killsnort(greendev);\r
+ \r
+ if (!(varsfile = fopen("/etc/snort/vars", "w")))\r
+ {\r
+ fprintf(stderr, "Couldn't create vars file\n");\r
+ exit(1);\r
+ }\r
+ if (strlen(blueip)) {\r
+ if (strlen(orangeip)) {\r
+ if (strlen(locip)) {\r
+ fprintf(varsfile, "var HOME_NET [%s,%s,%s,%s]\n", greenip, orangeip, blueip, locip);\r
+ } else {\r
+ fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip, orangeip, blueip);\r
+ }\r
+ } else {\r
+ if (strlen(locip)) {\r
+ fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip, blueip, locip);\r
+ } else {\r
+ fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, blueip);\r
+ }\r
+ }\r
+ } else {\r
+ if (strlen(orangeip)) {\r
+ if (strlen(locip)) {\r
+ fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip, orangeip, locip);\r
+ } else {\r
+ fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, orangeip);\r
+ }\r
+ } else {\r
+ if (strlen(locip)) {\r
+ fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, locip);\r
+ } else {\r
+ fprintf(varsfile, "var HOME_NET [%s]\n", greenip);\r
+ }\r
+ }\r
+ }\r
+ if (strlen(dns1))\r
+ {\r
+ if (strlen(dns2))\r
+ fprintf(varsfile, "var DNS_SERVERS [%s,%s]\n", dns1, dns2);\r
+ else\r
+ fprintf(varsfile, "var DNS_SERVERS %s\n", dns1);\r
+ } else {\r
+ fprintf(varsfile, "var DNS_SERVERS []\n");\r
+ }\r
+ fclose(varsfile);\r
+ varsfile = NULL;\r
+ \r
+ if (restartred && strlen(iface) && (fd = open(CONFIG_ROOT "/snort/enable", O_RDONLY)) != -1)\r
+ {\r
+ close(fd);\r
+ snprintf(command, STRING_SIZE -1,\r
+ "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",\r
+ iface);\r
+ safe_system(command);\r
+ }\r
+ if (restartblue && strlen(bluedev) && (fd = open(CONFIG_ROOT "/snort/enable_blue", O_RDONLY)) != -1 && bluedev)\r
+ {\r
+ close(fd);\r
+ snprintf(command, STRING_SIZE -1,\r
+ "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",\r
+ bluedev);\r
+ safe_system(command);\r
+ }\r
+ if (restartorange && strlen(orangedev) && (fd = open(CONFIG_ROOT "/snort/enable_orange", O_RDONLY)) != -1 && orangedev)\r
+ {\r
+ close(fd);\r
+ snprintf(command, STRING_SIZE -1,\r
+ "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",\r
+ orangedev);\r
+ safe_system(command);\r
+ }\r
+ if (restartgreen && (fd = open(CONFIG_ROOT "/snort/enable_green", O_RDONLY)) != -1)\r
+ {\r
+ close(fd);\r
+ snprintf(command, STRING_SIZE -1,\r
+ "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",\r
+ greendev);\r
+ safe_system(command);\r
+ }\r
+\r
+ return 0;\r
+}\r