]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - src/misc-progs/setxtaccess.c
tor: added daemon stats and little changes on styling
[people/teissler/ipfire-2.x.git] / src / misc-progs / setxtaccess.c
1 /* SmoothWall helper program - setxtaccess
2 *
3 * This program is distributed under the terms of the GNU General Public
4 * Licence. See the file COPYING for details.
5 *
6 * (c) Daniel Goscomb, 2001
7 *
8 * Modifications and improvements by Lawrence Manning.
9 *
10 * 10/04/01 Aslak added protocol support
11 *
12 * (c) Steve Bootes 2002/04/14 - Added source IP support for aliases
13 *
14 * 19/04/03 Robert Kerr Fixed root exploit
15 *
16 * $Id: setxtaccess.c,v 1.3.2.1 2005/01/04 17:21:40 eoberlander Exp $
17 *
18 */
19
20 #include <stdio.h>
21 #include <stdlib.h>
22 #include <string.h>
23 #include "setuid.h"
24
25 FILE *ifacefile = NULL;
26 FILE *fwdfile = NULL;
27 FILE *ipfile = NULL;
28
29 void exithandler(void)
30 {
31 if (fwdfile)
32 fclose(fwdfile);
33 }
34
35 int main(void)
36 {
37 char iface[STRING_SIZE] = "";
38 char locip[STRING_SIZE] = "";
39 char s[STRING_SIZE] = "";
40 int count;
41 char *protocol;
42 char *destip;
43 char *remip;
44 char *locport;
45 char *enabled;
46 char *information;
47 char *result;
48 char command[STRING_SIZE];
49
50 if (!(initsetuid()))
51 exit(1);
52
53 atexit(exithandler);
54
55 if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))
56 {
57 fprintf(stderr, "Couldn't open local ip file\n");
58 exit(1);
59 }
60 if (fgets(locip, STRING_SIZE, ipfile))
61 {
62 if (locip[strlen(locip) - 1] == '\n')
63 locip[strlen(locip) - 1] = '\0';
64 }
65 fclose (ipfile);
66 if (!VALID_IP(locip))
67 {
68 fprintf(stderr, "Bad local IP: %s\n", locip);
69 exit(1);
70 }
71
72 if (!(ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))
73 {
74 fprintf(stderr, "Couldn't open iface file\n");
75 exit(1);
76 }
77 if (fgets(iface, STRING_SIZE, ifacefile))
78 {
79 if (iface[strlen(iface) - 1] == '\n')
80 iface[strlen(iface) - 1] = '\0';
81 }
82 fclose (ifacefile);
83 if (!VALID_DEVICE(iface))
84 {
85 fprintf(stderr, "Bad iface: %s\n", iface);
86 exit(1);
87 }
88
89 if (!(fwdfile = fopen(CONFIG_ROOT "/xtaccess/config", "r")))
90 {
91 fprintf(stderr, "Couldn't open xtaccess settings file\n");
92 exit(1);
93 }
94
95 safe_system("/sbin/iptables -F XTACCESS");
96
97 while (fgets(s, STRING_SIZE, fwdfile) != NULL)
98 {
99 if (s[strlen(s) - 1] == '\n')
100 s[strlen(s) - 1] = '\0';
101 count = 0;
102 protocol = NULL;
103 remip = NULL;
104 destip = NULL;
105 locport = NULL;
106 enabled = NULL;
107 information = NULL;
108 result = strtok(s, ",");
109 while (result)
110 {
111 if (count == 0)
112 protocol = result;
113 else if (count == 1)
114 remip = result;
115 else if (count == 2)
116 locport = result;
117 else if (count == 3)
118 enabled = result;
119 else if (count == 4)
120 destip = result;
121 else
122 information = result;
123 count++;
124 result = strtok(NULL, ",");
125 }
126
127 if (!(protocol && remip && locport && enabled))
128 break;
129
130 if (!VALID_PROTOCOL(protocol))
131 {
132 fprintf(stderr, "Bad protocol: %s\n", protocol);
133 exit(1);
134 }
135 if (!VALID_IP_AND_MASK(remip))
136 {
137 fprintf(stderr, "Bad remote IP: %s\n", remip);
138 exit(1);
139 }
140 if (!VALID_PORT_RANGE(locport))
141 {
142 fprintf(stderr, "Bad local port: %s\n", locport);
143 exit(1);
144 }
145
146 /* check for destination ip in config file. If it's there
147 * and it's not 0.0.0.0, use it; else use the current
148 * local ip address. (This makes sure we can use old-style
149 * config files without the destination ip) */
150 if (!destip || !strcmp(destip, "0.0.0.0"))
151 destip = locip;
152 if (!VALID_IP(destip))
153 {
154 fprintf(stderr, "Bad destination IP: %s\n", remip);
155 exit(1);
156 }
157
158 if (strcmp(enabled, "on") == 0)
159 {
160 memset(command, 0, STRING_SIZE);
161 snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A XTACCESS -i %s -p %s -s %s -d %s --dport %s -j ACCEPT",
162 iface, protocol, remip, destip, locport);
163 safe_system(command);
164 }
165 }
166
167 return 0;
168 }