]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | /* SmoothWall helper program - setxtaccess\r |
2 | *\r | |
3 | * This program is distributed under the terms of the GNU General Public\r | |
4 | * Licence. See the file COPYING for details.\r | |
5 | *\r | |
6 | * (c) Daniel Goscomb, 2001\r | |
7 | * \r | |
8 | * Modifications and improvements by Lawrence Manning.\r | |
9 | *\r | |
10 | * 10/04/01 Aslak added protocol support\r | |
11 | * \r | |
12 | * (c) Steve Bootes 2002/04/14 - Added source IP support for aliases\r | |
13 | *\r | |
14 | * 19/04/03 Robert Kerr Fixed root exploit\r | |
15 | *\r | |
16 | * $Id: setxtaccess.c,v 1.3.2.1 2005/01/04 17:21:40 eoberlander Exp $\r | |
17 | * \r | |
18 | */\r | |
19 | \r | |
20 | #include <stdio.h>\r | |
21 | #include <stdlib.h>\r | |
22 | #include <string.h>\r | |
23 | #include "setuid.h"\r | |
24 | \r | |
25 | FILE *ifacefile = NULL;\r | |
26 | FILE *fwdfile = NULL;\r | |
27 | FILE *ipfile = NULL;\r | |
28 | \r | |
29 | void exithandler(void)\r | |
30 | {\r | |
31 | if (fwdfile)\r | |
32 | fclose(fwdfile);\r | |
33 | }\r | |
34 | \r | |
35 | int main(void)\r | |
36 | {\r | |
37 | char iface[STRING_SIZE] = "";\r | |
38 | char locip[STRING_SIZE] = "";\r | |
39 | char s[STRING_SIZE] = "";\r | |
40 | int count;\r | |
41 | char *protocol;\r | |
42 | char *destip;\r | |
43 | char *remip;\r | |
44 | char *locport;\r | |
45 | char *enabled;\r | |
46 | char *information;\r | |
47 | char *result;\r | |
48 | char command[STRING_SIZE];\r | |
49 | \r | |
50 | if (!(initsetuid()))\r | |
51 | exit(1);\r | |
52 | \r | |
53 | atexit(exithandler);\r | |
54 | \r | |
55 | if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))\r | |
56 | {\r | |
57 | fprintf(stderr, "Couldn't open local ip file\n");\r | |
58 | exit(1);\r | |
59 | }\r | |
60 | if (fgets(locip, STRING_SIZE, ipfile))\r | |
61 | {\r | |
62 | if (locip[strlen(locip) - 1] == '\n')\r | |
63 | locip[strlen(locip) - 1] = '\0';\r | |
64 | }\r | |
65 | fclose (ipfile);\r | |
66 | if (!VALID_IP(locip))\r | |
67 | {\r | |
68 | fprintf(stderr, "Bad local IP: %s\n", locip);\r | |
69 | exit(1);\r | |
70 | }\r | |
71 | \r | |
72 | if (!(ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))\r | |
73 | {\r | |
74 | fprintf(stderr, "Couldn't open iface file\n");\r | |
75 | exit(1);\r | |
76 | }\r | |
77 | if (fgets(iface, STRING_SIZE, ifacefile))\r | |
78 | {\r | |
79 | if (iface[strlen(iface) - 1] == '\n')\r | |
80 | iface[strlen(iface) - 1] = '\0';\r | |
81 | }\r | |
82 | fclose (ifacefile);\r | |
83 | if (!VALID_DEVICE(iface))\r | |
84 | {\r | |
85 | fprintf(stderr, "Bad iface: %s\n", iface);\r | |
86 | exit(1);\r | |
87 | }\r | |
88 | \r | |
89 | if (!(fwdfile = fopen(CONFIG_ROOT "/xtaccess/config", "r")))\r | |
90 | {\r | |
91 | fprintf(stderr, "Couldn't open xtaccess settings file\n");\r | |
92 | exit(1);\r | |
93 | }\r | |
94 | \r | |
95 | safe_system("/sbin/iptables -F XTACCESS");\r | |
96 | \r | |
97 | while (fgets(s, STRING_SIZE, fwdfile) != NULL)\r | |
98 | {\r | |
99 | if (s[strlen(s) - 1] == '\n')\r | |
100 | s[strlen(s) - 1] = '\0';\r | |
101 | count = 0;\r | |
102 | protocol = NULL;\r | |
103 | remip = NULL;\r | |
104 | destip = NULL;\r | |
105 | locport = NULL;\r | |
106 | enabled = NULL;\r | |
107 | information = NULL;\r | |
108 | result = strtok(s, ",");\r | |
109 | while (result)\r | |
110 | {\r | |
111 | if (count == 0)\r | |
112 | protocol = result;\r | |
113 | else if (count == 1)\r | |
114 | remip = result;\r | |
115 | else if (count == 2)\r | |
116 | locport = result;\r | |
117 | else if (count == 3)\r | |
118 | enabled = result;\r | |
119 | else if (count == 4)\r | |
120 | destip = result;\r | |
121 | else\r | |
122 | information = result;\r | |
123 | count++;\r | |
124 | result = strtok(NULL, ",");\r | |
125 | }\r | |
126 | \r | |
127 | if (!(protocol && remip && locport && enabled))\r | |
128 | break;\r | |
129 | \r | |
130 | if (!VALID_PROTOCOL(protocol))\r | |
131 | {\r | |
132 | fprintf(stderr, "Bad protocol: %s\n", protocol);\r | |
133 | exit(1);\r | |
134 | }\r | |
135 | if (!VALID_IP_AND_MASK(remip))\r | |
136 | {\r | |
137 | fprintf(stderr, "Bad remote IP: %s\n", remip);\r | |
138 | exit(1);\r | |
139 | }\r | |
140 | if (!VALID_PORT_RANGE(locport))\r | |
141 | {\r | |
142 | fprintf(stderr, "Bad local port: %s\n", locport);\r | |
143 | exit(1);\r | |
144 | }\r | |
145 | \r | |
146 | /* check for destination ip in config file. If it's there\r | |
147 | * and it's not 0.0.0.0, use it; else use the current\r | |
148 | * local ip address. (This makes sure we can use old-style\r | |
149 | * config files without the destination ip) */\r | |
150 | if (!destip || !strcmp(destip, "0.0.0.0"))\r | |
151 | destip = locip;\r | |
152 | if (!VALID_IP(destip))\r | |
153 | {\r | |
154 | fprintf(stderr, "Bad destination IP: %s\n", remip);\r | |
155 | exit(1);\r | |
156 | }\r | |
157 | \r | |
158 | if (strcmp(enabled, "on") == 0)\r | |
159 | {\r | |
160 | memset(command, 0, STRING_SIZE);\r | |
161 | snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A XTACCESS -i %s -p %s -s %s -d %s --dport %s -j ACCEPT",\r | |
162 | iface, protocol, remip, destip, locport);\r | |
163 | safe_system(command);\r | |
164 | }\r | |
165 | }\r | |
166 | \r | |
167 | return 0;\r | |
168 | }\r |