]> git.ipfire.org Git - ipfire-2.x.git/blame - src/misc-progs/restartwireless.c
Connections.cgi neu geschrieben.
[ipfire-2.x.git] / src / misc-progs / restartwireless.c
CommitLineData
cd1a2927
MT
1/* IPCop helper program - restartwireless\r
2 *\r
3 * This program is distributed under the terms of the GNU General Public\r
4 * Licence. See the file COPYING for details.\r
5 *\r
6 * (c) Alan Hourihane, 2003\r
7 * \r
8 * $Id: restartwireless.c,v 1.2.2.5 2005/07/11 10:56:47 franck78 Exp $\r
9 *\r
10 */\r
11\r
12#include "libsmooth.h"\r
13#include <stdio.h>\r
14#include <stdlib.h>\r
15#include <unistd.h>\r
16#include <fcntl.h>\r
17#include <string.h>\r
18#include <sys/types.h>\r
19#include <sys/stat.h>\r
20#include <signal.h>\r
21#include "setuid.h"\r
22\r
23FILE *fd = NULL;\r
24char blue_dev[STRING_SIZE] = "";\r
25char command[STRING_SIZE];\r
26\r
27void exithandler(void)\r
28{\r
29 if(strlen(blue_dev))\r
30 {\r
31 snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -i %s -j LOG_DROP", blue_dev);\r
32 safe_system(command);\r
33 snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -i %s -j LOG_DROP", blue_dev);\r
34 safe_system(command);\r
35 }\r
36\r
37 if (fd)\r
38 fclose(fd);\r
39}\r
40\r
41int main(void)\r
42{\r
43 char green_dev[STRING_SIZE] = "";\r
44 char buffer[STRING_SIZE];\r
45 char *index, *ipaddress, *macaddress, *enabled;\r
46 struct keyvalue *kv = NULL;\r
47\r
48 if (!(initsetuid()))\r
49 exit(1);\r
50\r
51 /* flush wireless iptables */\r
52 safe_system("/sbin/iptables -F WIRELESSINPUT > /dev/null 2> /dev/null");\r
53 safe_system("/sbin/iptables -F WIRELESSFORWARD > /dev/null 2> /dev/null");\r
54\r
55 memset(buffer, 0, STRING_SIZE);\r
56\r
57 /* Init the keyvalue structure */\r
58 kv=initkeyvalues();\r
59\r
60 /* Read in the current values */\r
61 if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))\r
62 {\r
63 fprintf(stderr, "Cannot read ethernet settings\n");\r
64 exit(1);\r
65 }\r
66\r
67 /* Get the GREEN interface details */\r
68 if(!findkey(kv, "GREEN_DEV", green_dev))\r
69 {\r
70 fprintf(stderr, "Cannot read GREEN_DEV\n");\r
71 exit(1);\r
72 }\r
73 if (!VALID_DEVICE(green_dev))\r
74 {\r
75 fprintf(stderr, "Bad GREEN_DEV: %s\n", green_dev);\r
76 exit(1);\r
77 }\r
78 /* Get the BLUE interface details */\r
79 if(!findkey(kv, "BLUE_DEV", blue_dev))\r
80 {\r
81 fprintf(stderr, "Cannot read BLUE_DEV\n");\r
82 exit(1);\r
83 }\r
84 if (strlen(blue_dev) && !VALID_DEVICE(blue_dev))\r
85 {\r
86 fprintf(stderr, "Bad BLUE_DEV: %s\n", blue_dev);\r
87 exit(1);\r
88 }\r
89 if(! strlen(blue_dev) > 0)\r
90 {\r
91 fprintf(stderr, "No BLUE interface\n");\r
92 exit(0);\r
93 }\r
94\r
95 /* register exit handler to ensure the block rule is always present */\r
96 atexit(exithandler);\r
97\r
98 if (!(fd = fopen(CONFIG_ROOT "/wireless/config", "r")))\r
99 {\r
100 exit(0);\r
101 }\r
102 while (fgets(buffer, STRING_SIZE, fd))\r
103 {\r
104 buffer[strlen(buffer) - 1] = 0;\r
105\r
106 index = strtok(buffer, ",");\r
107 ipaddress = strtok(NULL, ",");\r
108 macaddress = strtok(NULL, ",");\r
109 enabled = strtok(NULL, ",");\r
110\r
111 if (!strncmp(enabled, "on", 2)) {\r
112 \r
113 /* both specified, added security */\r
114 if ((strlen(macaddress) == 17) && \r
115 (VALID_IP(ipaddress))) {\r
116 snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -s %s -i %s -j ACCEPT", macaddress, ipaddress, blue_dev);\r
117 safe_system(command);\r
118 snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -o ! %s -j ACCEPT", macaddress, ipaddress, blue_dev, green_dev);\r
119 safe_system(command);\r
120 snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);\r
121 safe_system(command);\r
122 } else {\r
123\r
124 /* correctly formed mac address is 17 chars */\r
125 if (strlen(macaddress) == 17) {\r
126 snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -i %s -j ACCEPT", macaddress, blue_dev);\r
127 safe_system(command);\r
128 snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -o ! %s -j ACCEPT", macaddress, blue_dev, green_dev);\r
129 safe_system(command);\r
130 snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);\r
131 safe_system(command);\r
132 }\r
133\r
134 if (VALID_IP(ipaddress)) {\r
135 snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -s %s -i %s -j ACCEPT", ipaddress, blue_dev);\r
136 safe_system(command);\r
137 snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -o ! %s -j ACCEPT", ipaddress, blue_dev, green_dev);\r
138 safe_system(command);\r
139 snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);\r
140 safe_system(command);\r
141 }\r
142 }\r
143 }\r
144 }\r
145\r
146 return 0;\r
147}\r