]>
git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - src/misc-progs/setxtaccess.c
1 /* SmoothWall helper program - setxtaccess
3 * This program is distributed under the terms of the GNU General Public
4 * Licence. See the file COPYING for details.
6 * (c) Daniel Goscomb, 2001
8 * Modifications and improvements by Lawrence Manning.
10 * 10/04/01 Aslak added protocol support
12 * (c) Steve Bootes 2002/04/14 - Added source IP support for aliases
14 * 19/04/03 Robert Kerr Fixed root exploit
16 * $Id: setxtaccess.c,v 1.3.2.1 2005/01/04 17:21:40 eoberlander Exp $
25 FILE *ifacefile
= NULL
;
29 void exithandler(void)
37 char iface
[STRING_SIZE
] = "";
38 char locip
[STRING_SIZE
] = "";
39 char s
[STRING_SIZE
] = "";
48 char command
[STRING_SIZE
];
55 if (!(ipfile
= fopen(CONFIG_ROOT
"/red/local-ipaddress", "r")))
57 fprintf(stderr
, "Couldn't open local ip file\n");
60 if (fgets(locip
, STRING_SIZE
, ipfile
))
62 if (locip
[strlen(locip
) - 1] == '\n')
63 locip
[strlen(locip
) - 1] = '\0';
68 fprintf(stderr
, "Bad local IP: %s\n", locip
);
72 if (!(ifacefile
= fopen(CONFIG_ROOT
"/red/iface", "r")))
74 fprintf(stderr
, "Couldn't open iface file\n");
77 if (fgets(iface
, STRING_SIZE
, ifacefile
))
79 if (iface
[strlen(iface
) - 1] == '\n')
80 iface
[strlen(iface
) - 1] = '\0';
83 if (!VALID_DEVICE(iface
))
85 fprintf(stderr
, "Bad iface: %s\n", iface
);
89 if (!(fwdfile
= fopen(CONFIG_ROOT
"/xtaccess/config", "r")))
91 fprintf(stderr
, "Couldn't open xtaccess settings file\n");
95 safe_system("/sbin/iptables -F XTACCESS");
97 while (fgets(s
, STRING_SIZE
, fwdfile
) != NULL
)
99 if (s
[strlen(s
) - 1] == '\n')
100 s
[strlen(s
) - 1] = '\0';
108 result
= strtok(s
, ",");
122 information
= result
;
124 result
= strtok(NULL
, ",");
127 if (!(protocol
&& remip
&& locport
&& enabled
))
130 if (!VALID_PROTOCOL(protocol
))
132 fprintf(stderr
, "Bad protocol: %s\n", protocol
);
135 if (!VALID_IP_AND_MASK(remip
))
137 fprintf(stderr
, "Bad remote IP: %s\n", remip
);
140 if (!VALID_PORT_RANGE(locport
))
142 fprintf(stderr
, "Bad local port: %s\n", locport
);
146 /* check for destination ip in config file. If it's there
147 * and it's not 0.0.0.0, use it; else use the current
148 * local ip address. (This makes sure we can use old-style
149 * config files without the destination ip) */
150 if (!destip
|| !strcmp(destip
, "0.0.0.0"))
152 if (!VALID_IP(destip
))
154 fprintf(stderr
, "Bad destination IP: %s\n", remip
);
158 if (strcmp(enabled
, "on") == 0)
160 memset(command
, 0, STRING_SIZE
);
161 snprintf(command
, STRING_SIZE
- 1, "/sbin/iptables -A XTACCESS -i %s -p %s -s %s -d %s --dport %s -j ACCEPT",
162 iface
, protocol
, remip
, destip
, locport
);
163 safe_system(command
);