[people/pmueller/ipfire-2.x.git] / src / misc-progs / setdmzholes.c

/* SmoothWall helper program - setdmzhole\r
 *\r
 * This program is distributed under the terms of the GNU General Public\r
 * Licence.  See the file COPYING for details.\r
 *\r
 * (c) Daniel Goscomb, 2001\r
 * \r
 * Modifications and improvements by Lawrence Manning.\r
 *\r
 * 10/04/01 Aslak added protocol support\r
 * This program reads the list of ports to forward and setups iptables\r
 * and rules in ipmasqadm to enable them.\r
 * \r
 * $Id: setdmzholes.c,v 1.5.2.3 2005/10/18 17:05:27 franck78 Exp $\r
 * \r
 */\r
#include "libsmooth.h"\r
#include <stdio.h>\r
#include <string.h>\r
#include <stdlib.h>\r
#include "setuid.h"\r
\r
FILE *fwdfile = NULL;\r
\r
void exithandler(void)\r
{\r
	if (fwdfile)\r
		fclose(fwdfile);\r
}\r
\r
int main(void)\r
{\r
	int count;\r
	char *protocol;\r
	char *locip;\r
	char *remip;\r
	char *remport;\r
	char *enabled;\r
	char *src_net;\r
	char *dst_net;\r
	char s[STRING_SIZE];\r
	char *result;\r
	struct keyvalue *kv = NULL;\r
	char orange_dev[STRING_SIZE] = "";\r
	char blue_dev[STRING_SIZE] = "";\r
	char green_dev[STRING_SIZE] = "";\r
	char *idev;\r
	char *odev;\r
	char command[STRING_SIZE];\r
\r
	if (!(initsetuid()))\r
		exit(1);\r
\r
	atexit(exithandler);\r
\r
	kv=initkeyvalues();\r
	if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))\r
	{\r
		fprintf(stderr, "Cannot read ethernet settings\n");\r
		exit(1);\r
	}\r
\r
	if (!findkey(kv, "GREEN_DEV", green_dev))\r
	{\r
		fprintf(stderr, "Cannot read GREEN_DEV\n");\r
		exit(1);\r
	}\r
	findkey(kv, "BLUE_DEV", blue_dev);\r
	findkey(kv, "ORANGE_DEV", orange_dev);\r
\r
	if (!(fwdfile = fopen(CONFIG_ROOT "/dmzholes/config", "r")))\r
	{\r
		fprintf(stderr, "Couldn't open dmzholes settings file\n");\r
		exit(1);\r
	}\r
\r
	safe_system("/sbin/iptables -F DMZHOLES");\r
\r
	while (fgets(s, STRING_SIZE, fwdfile) != NULL)\r
	{\r
		if (s[strlen(s) - 1] == '\n')\r
		        s[strlen(s) - 1] = '\0';\r
		result = strtok(s, ",");\r
		\r
		count = 0;\r
		protocol = NULL;\r
		locip = NULL; remip = NULL;\r
		remport = NULL;\r
		enabled = NULL;\r
		src_net = NULL;\r
		dst_net = NULL;\r
		idev = NULL;\r
		odev = NULL;\r
		\r
		while (result)\r
		{\r
			if (count == 0)\r
				protocol = result;\r
			else if (count == 1)\r
				locip = result;\r
			else if (count == 2)\r
				remip = result;\r
			else if (count == 3)\r
				remport = result;\r
			else if (count == 4)\r
				enabled = result;\r
			else if (count == 5)\r
				src_net = result;\r
			else if (count == 6)\r
				dst_net = result;\r
			count++;\r
			result = strtok(NULL, ",");\r
		}\r
\r
		if (!(protocol && locip && remip && remport && enabled))\r
		{\r
			fprintf(stderr, "Bad line:\n");\r
			break;\r
		}\r
\r
		if (!VALID_PROTOCOL(protocol))\r
		{\r
			fprintf(stderr, "Bad protocol: %s\n", protocol);\r
			exit(1);\r
		}\r
		if (!VALID_IP_AND_MASK(locip))\r
		{\r
			fprintf(stderr, "Bad local IP: %s\n", locip);\r
			exit(1);\r
		}\r
		if (!VALID_IP_AND_MASK(remip))\r
		{\r
			fprintf(stderr, "Bad remote IP: %s\n", remip);\r
			exit(1);\r
		}\r
		if (!VALID_PORT_RANGE(remport))\r
		{\r
			fprintf(stderr, "Bad remote port: %s\n", remport);\r
			exit(1);\r
		}\r
		\r
		if (!src_net) { src_net = strdup ("orange");}\r
		if (!dst_net) { dst_net = strdup ("green");}\r
		\r
		if (!strcmp(src_net, "blue"))   { idev = blue_dev; }\r
		if (!strcmp(src_net, "orange")) { idev = orange_dev; }\r
		if (!strcmp(dst_net, "blue"))   { odev = blue_dev; }\r
		if (!strcmp(dst_net, "green"))  { odev = green_dev; }\r
		\r
		if (!strcmp(enabled, "on") && strlen(idev) && strlen (odev))\r
		{\r
			char *ctr;\r
			/* If remport contains a - we need to change it to a : */\r
			if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}\r
			memset(command, 0, STRING_SIZE);\r
			snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A DMZHOLES -p %s -i %s -o %s -s %s -d %s --dport %s -j ACCEPT", protocol, idev, odev, locip, remip, remport);\r
			safe_system(command);\r
		}\r
	}\r
\r
	return 0;\r
}\r
Commit	Line	Data
cd1a2927 MT	1	/* SmoothWall helper program - setdmzhole\r
	2	*\r
	3	* This program is distributed under the terms of the GNU General Public\r
	4	* Licence. See the file COPYING for details.\r
	5	*\r
	6	* (c) Daniel Goscomb, 2001\r
	7	* \r
	8	* Modifications and improvements by Lawrence Manning.\r
	9	*\r
	10	* 10/04/01 Aslak added protocol support\r
	11	* This program reads the list of ports to forward and setups iptables\r
	12	* and rules in ipmasqadm to enable them.\r
	13	* \r
	14	* $Id: setdmzholes.c,v 1.5.2.3 2005/10/18 17:05:27 franck78 Exp $\r
	15	* \r
	16	*/\r
	17	#include "libsmooth.h"\r
	18	#include <stdio.h>\r
	19	#include <string.h>\r
	20	#include <stdlib.h>\r
	21	#include "setuid.h"\r
	22	\r
	23	FILE *fwdfile = NULL;\r
	24	\r
	25	void exithandler(void)\r
	26	{\r
	27	if (fwdfile)\r
	28	fclose(fwdfile);\r
	29	}\r
	30	\r
	31	int main(void)\r
	32	{\r
	33	int count;\r
	34	char *protocol;\r
	35	char *locip;\r
	36	char *remip;\r
	37	char *remport;\r
	38	char *enabled;\r
	39	char *src_net;\r
	40	char *dst_net;\r
	41	char s[STRING_SIZE];\r
	42	char *result;\r
	43	struct keyvalue *kv = NULL;\r
	44	char orange_dev[STRING_SIZE] = "";\r
	45	char blue_dev[STRING_SIZE] = "";\r
	46	char green_dev[STRING_SIZE] = "";\r
	47	char *idev;\r
	48	char *odev;\r
	49	char command[STRING_SIZE];\r
	50	\r
	51	if (!(initsetuid()))\r
	52	exit(1);\r
	53	\r
	54	atexit(exithandler);\r
	55	\r
	56	kv=initkeyvalues();\r
	57	if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))\r
	58	{\r
	59	fprintf(stderr, "Cannot read ethernet settings\n");\r
	60	exit(1);\r
	61	}\r
	62	\r
	63	if (!findkey(kv, "GREEN_DEV", green_dev))\r
	64	{\r
65	fprintf(stderr, "Cannot read GREEN_DEV\n");\r
66	exit(1);\r
67	}\r
68	findkey(kv, "BLUE_DEV", blue_dev);\r
69	findkey(kv, "ORANGE_DEV", orange_dev);\r
70	\r
71	if (!(fwdfile = fopen(CONFIG_ROOT "/dmzholes/config", "r")))\r
72	{\r
73	fprintf(stderr, "Couldn't open dmzholes settings file\n");\r
74	exit(1);\r
75	}\r
76	\r
77	safe_system("/sbin/iptables -F DMZHOLES");\r
78	\r
79	while (fgets(s, STRING_SIZE, fwdfile) != NULL)\r
80	{\r
81	if (s[strlen(s) - 1] == '\n')\r
82	s[strlen(s) - 1] = '\0';\r
83	result = strtok(s, ",");\r
84	\r
85	count = 0;\r
86	protocol = NULL;\r
87	locip = NULL; remip = NULL;\r
88	remport = NULL;\r
89	enabled = NULL;\r
90	src_net = NULL;\r
91	dst_net = NULL;\r
92	idev = NULL;\r
93	odev = NULL;\r
94	\r
95	while (result)\r
96	{\r
97	if (count == 0)\r
98	protocol = result;\r
99	else if (count == 1)\r
100	locip = result;\r
101	else if (count == 2)\r
102	remip = result;\r
103	else if (count == 3)\r
104	remport = result;\r
105	else if (count == 4)\r
106	enabled = result;\r
107	else if (count == 5)\r
108	src_net = result;\r
109	else if (count == 6)\r
110	dst_net = result;\r
111	count++;\r
112	result = strtok(NULL, ",");\r
113	}\r
114	\r
115	if (!(protocol && locip && remip && remport && enabled))\r
116	{\r
117	fprintf(stderr, "Bad line:\n");\r
118	break;\r
119	}\r
120	\r
121	if (!VALID_PROTOCOL(protocol))\r
122	{\r
123	fprintf(stderr, "Bad protocol: %s\n", protocol);\r
124	exit(1);\r
125	}\r
126	if (!VALID_IP_AND_MASK(locip))\r
127	{\r
128	fprintf(stderr, "Bad local IP: %s\n", locip);\r
129	exit(1);\r
130	}\r
131	if (!VALID_IP_AND_MASK(remip))\r
132	{\r
133	fprintf(stderr, "Bad remote IP: %s\n", remip);\r
134	exit(1);\r
135	}\r
136	if (!VALID_PORT_RANGE(remport))\r
137	{\r
138	fprintf(stderr, "Bad remote port: %s\n", remport);\r
139	exit(1);\r
140	}\r
141	\r
142	if (!src_net) { src_net = strdup ("orange");}\r
143	if (!dst_net) { dst_net = strdup ("green");}\r
144	\r
145	if (!strcmp(src_net, "blue")) { idev = blue_dev; }\r
146	if (!strcmp(src_net, "orange")) { idev = orange_dev; }\r
147	if (!strcmp(dst_net, "blue")) { odev = blue_dev; }\r
148	if (!strcmp(dst_net, "green")) { odev = green_dev; }\r
149	\r
150	if (!strcmp(enabled, "on") && strlen(idev) && strlen (odev))\r
151	{\r
152	char *ctr;\r
153	/* If remport contains a - we need to change it to a : */\r
154	if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}\r
155	memset(command, 0, STRING_SIZE);\r
156	snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A DMZHOLES -p %s -i %s -o %s -s %s -d %s --dport %s -j ACCEPT", protocol, idev, odev, locip, remip, remport);\r
157	safe_system(command);\r
158	}\r
159	}\r
160	\r
161	return 0;\r
162	}\r