+++ /dev/null
-/* SmoothWall helper program - setxtaccess\r
- *\r
- * This program is distributed under the terms of the GNU General Public\r
- * Licence. See the file COPYING for details.\r
- *\r
- * (c) Daniel Goscomb, 2001\r
- * \r
- * Modifications and improvements by Lawrence Manning.\r
- *\r
- * 10/04/01 Aslak added protocol support\r
- * \r
- * (c) Steve Bootes 2002/04/14 - Added source IP support for aliases\r
- *\r
- * 19/04/03 Robert Kerr Fixed root exploit\r
- *\r
- * $Id: setxtaccess.c,v 1.3.2.1 2005/01/04 17:21:40 eoberlander Exp $\r
- * \r
- */\r
-\r
-#include <stdio.h>\r
-#include <stdlib.h>\r
-#include <string.h>\r
-#include "setuid.h"\r
-\r
-FILE *ifacefile = NULL;\r
-FILE *fwdfile = NULL;\r
-FILE *ipfile = NULL;\r
-\r
-void exithandler(void)\r
-{\r
- if (fwdfile)\r
- fclose(fwdfile);\r
-}\r
-\r
-int main(void)\r
-{\r
- char iface[STRING_SIZE] = "";\r
- char locip[STRING_SIZE] = "";\r
- char s[STRING_SIZE] = "";\r
- int count;\r
- char *protocol;\r
- char *destip;\r
- char *remip;\r
- char *locport;\r
- char *enabled;\r
- char *information;\r
- char *result;\r
- char command[STRING_SIZE];\r
-\r
- if (!(initsetuid()))\r
- exit(1);\r
-\r
- atexit(exithandler);\r
-\r
- if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open local ip file\n");\r
- exit(1);\r
- }\r
- if (fgets(locip, STRING_SIZE, ipfile))\r
- {\r
- if (locip[strlen(locip) - 1] == '\n')\r
- locip[strlen(locip) - 1] = '\0';\r
- }\r
- fclose (ipfile);\r
- if (!VALID_IP(locip))\r
- {\r
- fprintf(stderr, "Bad local IP: %s\n", locip);\r
- exit(1);\r
- }\r
-\r
- if (!(ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open iface file\n");\r
- exit(1);\r
- }\r
- if (fgets(iface, STRING_SIZE, ifacefile))\r
- {\r
- if (iface[strlen(iface) - 1] == '\n')\r
- iface[strlen(iface) - 1] = '\0';\r
- }\r
- fclose (ifacefile);\r
- if (!VALID_DEVICE(iface))\r
- {\r
- fprintf(stderr, "Bad iface: %s\n", iface);\r
- exit(1);\r
- }\r
- \r
- if (!(fwdfile = fopen(CONFIG_ROOT "/xtaccess/config", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open xtaccess settings file\n");\r
- exit(1);\r
- }\r
-\r
- safe_system("/sbin/iptables -F XTACCESS");\r
-\r
- while (fgets(s, STRING_SIZE, fwdfile) != NULL)\r
- {\r
- if (s[strlen(s) - 1] == '\n')\r
- s[strlen(s) - 1] = '\0';\r
- count = 0;\r
- protocol = NULL;\r
- remip = NULL;\r
- destip = NULL;\r
- locport = NULL;\r
- enabled = NULL;\r
- information = NULL;\r
- result = strtok(s, ",");\r
- while (result)\r
- {\r
- if (count == 0)\r
- protocol = result;\r
- else if (count == 1)\r
- remip = result;\r
- else if (count == 2)\r
- locport = result;\r
- else if (count == 3)\r
- enabled = result;\r
- else if (count == 4)\r
- destip = result;\r
- else\r
- information = result;\r
- count++;\r
- result = strtok(NULL, ",");\r
- }\r
-\r
- if (!(protocol && remip && locport && enabled))\r
- break;\r
- \r
- if (!VALID_PROTOCOL(protocol))\r
- {\r
- fprintf(stderr, "Bad protocol: %s\n", protocol);\r
- exit(1);\r
- }\r
- if (!VALID_IP_AND_MASK(remip))\r
- {\r
- fprintf(stderr, "Bad remote IP: %s\n", remip);\r
- exit(1);\r
- }\r
- if (!VALID_PORT_RANGE(locport))\r
- {\r
- fprintf(stderr, "Bad local port: %s\n", locport);\r
- exit(1);\r
- }\r
-\r
- /* check for destination ip in config file. If it's there\r
- * and it's not 0.0.0.0, use it; else use the current\r
- * local ip address. (This makes sure we can use old-style\r
- * config files without the destination ip) */\r
- if (!destip || !strcmp(destip, "0.0.0.0"))\r
- destip = locip;\r
- if (!VALID_IP(destip))\r
- {\r
- fprintf(stderr, "Bad destination IP: %s\n", remip);\r
- exit(1);\r
- }\r
-\r
- if (strcmp(enabled, "on") == 0)\r
- {\r
- memset(command, 0, STRING_SIZE);\r
- snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A XTACCESS -i %s -p %s -s %s -d %s --dport %s -j ACCEPT",\r
- iface, protocol, remip, destip, locport);\r
- safe_system(command);\r
- }\r
- }\r
- \r
- return 0;\r
-}\r