]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | /* SmoothWall helper program - setdmzhole\r |
2 | *\r | |
3 | * This program is distributed under the terms of the GNU General Public\r | |
4 | * Licence. See the file COPYING for details.\r | |
5 | *\r | |
6 | * (c) Daniel Goscomb, 2001\r | |
7 | * \r | |
8 | * Modifications and improvements by Lawrence Manning.\r | |
9 | *\r | |
10 | * 10/04/01 Aslak added protocol support\r | |
11 | * This program reads the list of ports to forward and setups iptables\r | |
12 | * and rules in ipmasqadm to enable them.\r | |
13 | * \r | |
14 | * $Id: setdmzholes.c,v 1.5.2.3 2005/10/18 17:05:27 franck78 Exp $\r | |
15 | * \r | |
16 | */\r | |
17 | #include "libsmooth.h"\r | |
18 | #include <stdio.h>\r | |
19 | #include <string.h>\r | |
20 | #include <stdlib.h>\r | |
21 | #include "setuid.h"\r | |
22 | \r | |
23 | FILE *fwdfile = NULL;\r | |
24 | \r | |
25 | void exithandler(void)\r | |
26 | {\r | |
27 | if (fwdfile)\r | |
28 | fclose(fwdfile);\r | |
29 | }\r | |
30 | \r | |
31 | int main(void)\r | |
32 | {\r | |
33 | int count;\r | |
34 | char *protocol;\r | |
35 | char *locip;\r | |
36 | char *remip;\r | |
37 | char *remport;\r | |
38 | char *enabled;\r | |
39 | char *src_net;\r | |
40 | char *dst_net;\r | |
41 | char s[STRING_SIZE];\r | |
42 | char *result;\r | |
43 | struct keyvalue *kv = NULL;\r | |
44 | char orange_dev[STRING_SIZE] = "";\r | |
45 | char blue_dev[STRING_SIZE] = "";\r | |
46 | char green_dev[STRING_SIZE] = "";\r | |
47 | char *idev;\r | |
48 | char *odev;\r | |
49 | char command[STRING_SIZE];\r | |
50 | \r | |
51 | if (!(initsetuid()))\r | |
52 | exit(1);\r | |
53 | \r | |
54 | atexit(exithandler);\r | |
55 | \r | |
56 | kv=initkeyvalues();\r | |
57 | if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))\r | |
58 | {\r | |
59 | fprintf(stderr, "Cannot read ethernet settings\n");\r | |
60 | exit(1);\r | |
61 | }\r | |
62 | \r | |
63 | if (!findkey(kv, "GREEN_DEV", green_dev))\r | |
64 | {\r | |
65 | fprintf(stderr, "Cannot read GREEN_DEV\n");\r | |
66 | exit(1);\r | |
67 | }\r | |
68 | findkey(kv, "BLUE_DEV", blue_dev);\r | |
69 | findkey(kv, "ORANGE_DEV", orange_dev);\r | |
70 | \r | |
71 | if (!(fwdfile = fopen(CONFIG_ROOT "/dmzholes/config", "r")))\r | |
72 | {\r | |
73 | fprintf(stderr, "Couldn't open dmzholes settings file\n");\r | |
74 | exit(1);\r | |
75 | }\r | |
76 | \r | |
77 | safe_system("/sbin/iptables -F DMZHOLES");\r | |
78 | \r | |
79 | while (fgets(s, STRING_SIZE, fwdfile) != NULL)\r | |
80 | {\r | |
81 | if (s[strlen(s) - 1] == '\n')\r | |
82 | s[strlen(s) - 1] = '\0';\r | |
83 | result = strtok(s, ",");\r | |
84 | \r | |
85 | count = 0;\r | |
86 | protocol = NULL;\r | |
87 | locip = NULL; remip = NULL;\r | |
88 | remport = NULL;\r | |
89 | enabled = NULL;\r | |
90 | src_net = NULL;\r | |
91 | dst_net = NULL;\r | |
92 | idev = NULL;\r | |
93 | odev = NULL;\r | |
94 | \r | |
95 | while (result)\r | |
96 | {\r | |
97 | if (count == 0)\r | |
98 | protocol = result;\r | |
99 | else if (count == 1)\r | |
100 | locip = result;\r | |
101 | else if (count == 2)\r | |
102 | remip = result;\r | |
103 | else if (count == 3)\r | |
104 | remport = result;\r | |
105 | else if (count == 4)\r | |
106 | enabled = result;\r | |
107 | else if (count == 5)\r | |
108 | src_net = result;\r | |
109 | else if (count == 6)\r | |
110 | dst_net = result;\r | |
111 | count++;\r | |
112 | result = strtok(NULL, ",");\r | |
113 | }\r | |
114 | \r | |
115 | if (!(protocol && locip && remip && remport && enabled))\r | |
116 | {\r | |
117 | fprintf(stderr, "Bad line:\n");\r | |
118 | break;\r | |
119 | }\r | |
120 | \r | |
121 | if (!VALID_PROTOCOL(protocol))\r | |
122 | {\r | |
123 | fprintf(stderr, "Bad protocol: %s\n", protocol);\r | |
124 | exit(1);\r | |
125 | }\r | |
126 | if (!VALID_IP_AND_MASK(locip))\r | |
127 | {\r | |
128 | fprintf(stderr, "Bad local IP: %s\n", locip);\r | |
129 | exit(1);\r | |
130 | }\r | |
131 | if (!VALID_IP_AND_MASK(remip))\r | |
132 | {\r | |
133 | fprintf(stderr, "Bad remote IP: %s\n", remip);\r | |
134 | exit(1);\r | |
135 | }\r | |
136 | if (!VALID_PORT_RANGE(remport))\r | |
137 | {\r | |
138 | fprintf(stderr, "Bad remote port: %s\n", remport);\r | |
139 | exit(1);\r | |
140 | }\r | |
141 | \r | |
142 | if (!src_net) { src_net = strdup ("orange");}\r | |
143 | if (!dst_net) { dst_net = strdup ("green");}\r | |
144 | \r | |
145 | if (!strcmp(src_net, "blue")) { idev = blue_dev; }\r | |
146 | if (!strcmp(src_net, "orange")) { idev = orange_dev; }\r | |
147 | if (!strcmp(dst_net, "blue")) { odev = blue_dev; }\r | |
148 | if (!strcmp(dst_net, "green")) { odev = green_dev; }\r | |
149 | \r | |
150 | if (!strcmp(enabled, "on") && strlen(idev) && strlen (odev))\r | |
151 | {\r | |
152 | char *ctr;\r | |
153 | /* If remport contains a - we need to change it to a : */\r | |
154 | if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}\r | |
155 | memset(command, 0, STRING_SIZE);\r | |
156 | snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A DMZHOLES -p %s -i %s -o %s -s %s -d %s --dport %s -j ACCEPT", protocol, idev, odev, locip, remip, remport);\r | |
157 | safe_system(command);\r | |
158 | }\r | |
159 | }\r | |
160 | \r | |
161 | return 0;\r | |
162 | }\r |