]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | /* IPCop helper program - restartwireless\r |
2 | *\r | |
3 | * This program is distributed under the terms of the GNU General Public\r | |
4 | * Licence. See the file COPYING for details.\r | |
5 | *\r | |
6 | * (c) Alan Hourihane, 2003\r | |
7 | * \r | |
8 | * $Id: restartwireless.c,v 1.2.2.5 2005/07/11 10:56:47 franck78 Exp $\r | |
9 | *\r | |
10 | */\r | |
11 | \r | |
12 | #include "libsmooth.h"\r | |
13 | #include <stdio.h>\r | |
14 | #include <stdlib.h>\r | |
15 | #include <unistd.h>\r | |
16 | #include <fcntl.h>\r | |
17 | #include <string.h>\r | |
18 | #include <sys/types.h>\r | |
19 | #include <sys/stat.h>\r | |
20 | #include <signal.h>\r | |
21 | #include "setuid.h"\r | |
22 | \r | |
23 | FILE *fd = NULL;\r | |
24 | char blue_dev[STRING_SIZE] = "";\r | |
25 | char command[STRING_SIZE];\r | |
26 | \r | |
27 | void exithandler(void)\r | |
28 | {\r | |
29 | if(strlen(blue_dev))\r | |
30 | {\r | |
31 | snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -i %s -j LOG_DROP", blue_dev);\r | |
32 | safe_system(command);\r | |
33 | snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -i %s -j LOG_DROP", blue_dev);\r | |
34 | safe_system(command);\r | |
35 | }\r | |
36 | \r | |
37 | if (fd)\r | |
38 | fclose(fd);\r | |
39 | }\r | |
40 | \r | |
41 | int main(void)\r | |
42 | {\r | |
43 | char green_dev[STRING_SIZE] = "";\r | |
44 | char buffer[STRING_SIZE];\r | |
45 | char *index, *ipaddress, *macaddress, *enabled;\r | |
46 | struct keyvalue *kv = NULL;\r | |
47 | \r | |
48 | if (!(initsetuid()))\r | |
49 | exit(1);\r | |
50 | \r | |
51 | /* flush wireless iptables */\r | |
52 | safe_system("/sbin/iptables -F WIRELESSINPUT > /dev/null 2> /dev/null");\r | |
53 | safe_system("/sbin/iptables -F WIRELESSFORWARD > /dev/null 2> /dev/null");\r | |
54 | \r | |
55 | memset(buffer, 0, STRING_SIZE);\r | |
56 | \r | |
57 | /* Init the keyvalue structure */\r | |
58 | kv=initkeyvalues();\r | |
59 | \r | |
60 | /* Read in the current values */\r | |
61 | if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))\r | |
62 | {\r | |
63 | fprintf(stderr, "Cannot read ethernet settings\n");\r | |
64 | exit(1);\r | |
65 | }\r | |
66 | \r | |
67 | /* Get the GREEN interface details */\r | |
68 | if(!findkey(kv, "GREEN_DEV", green_dev))\r | |
69 | {\r | |
70 | fprintf(stderr, "Cannot read GREEN_DEV\n");\r | |
71 | exit(1);\r | |
72 | }\r | |
73 | if (!VALID_DEVICE(green_dev))\r | |
74 | {\r | |
75 | fprintf(stderr, "Bad GREEN_DEV: %s\n", green_dev);\r | |
76 | exit(1);\r | |
77 | }\r | |
78 | /* Get the BLUE interface details */\r | |
79 | if(!findkey(kv, "BLUE_DEV", blue_dev))\r | |
80 | {\r | |
81 | fprintf(stderr, "Cannot read BLUE_DEV\n");\r | |
82 | exit(1);\r | |
83 | }\r | |
84 | if (strlen(blue_dev) && !VALID_DEVICE(blue_dev))\r | |
85 | {\r | |
86 | fprintf(stderr, "Bad BLUE_DEV: %s\n", blue_dev);\r | |
87 | exit(1);\r | |
88 | }\r | |
89 | if(! strlen(blue_dev) > 0)\r | |
90 | {\r | |
91 | fprintf(stderr, "No BLUE interface\n");\r | |
92 | exit(0);\r | |
93 | }\r | |
94 | \r | |
95 | /* register exit handler to ensure the block rule is always present */\r | |
96 | atexit(exithandler);\r | |
97 | \r | |
98 | if (!(fd = fopen(CONFIG_ROOT "/wireless/config", "r")))\r | |
99 | {\r | |
100 | exit(0);\r | |
101 | }\r | |
102 | while (fgets(buffer, STRING_SIZE, fd))\r | |
103 | {\r | |
104 | buffer[strlen(buffer) - 1] = 0;\r | |
105 | \r | |
106 | index = strtok(buffer, ",");\r | |
107 | ipaddress = strtok(NULL, ",");\r | |
108 | macaddress = strtok(NULL, ",");\r | |
109 | enabled = strtok(NULL, ",");\r | |
110 | \r | |
111 | if (!strncmp(enabled, "on", 2)) {\r | |
112 | \r | |
113 | /* both specified, added security */\r | |
114 | if ((strlen(macaddress) == 17) && \r | |
115 | (VALID_IP(ipaddress))) {\r | |
116 | snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -s %s -i %s -j ACCEPT", macaddress, ipaddress, blue_dev);\r | |
117 | safe_system(command);\r | |
118 | snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -o ! %s -j ACCEPT", macaddress, ipaddress, blue_dev, green_dev);\r | |
119 | safe_system(command);\r | |
120 | snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);\r | |
121 | safe_system(command);\r | |
122 | } else {\r | |
123 | \r | |
124 | /* correctly formed mac address is 17 chars */\r | |
125 | if (strlen(macaddress) == 17) {\r | |
126 | snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -i %s -j ACCEPT", macaddress, blue_dev);\r | |
127 | safe_system(command);\r | |
128 | snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -o ! %s -j ACCEPT", macaddress, blue_dev, green_dev);\r | |
129 | safe_system(command);\r | |
130 | snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);\r | |
131 | safe_system(command);\r | |
132 | }\r | |
133 | \r | |
134 | if (VALID_IP(ipaddress)) {\r | |
135 | snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -s %s -i %s -j ACCEPT", ipaddress, blue_dev);\r | |
136 | safe_system(command);\r | |
137 | snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -o ! %s -j ACCEPT", ipaddress, blue_dev, green_dev);\r | |
138 | safe_system(command);\r | |
139 | snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);\r | |
140 | safe_system(command);\r | |
141 | }\r | |
142 | }\r | |
143 | }\r | |
144 | }\r | |
145 | \r | |
146 | return 0;\r | |
147 | }\r |