projects / people / pmueller / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| cd1a2927 MT |
1 | /* SmoothWall helper program - setxtaccess\r |
| 2 | *\r | |
| 3 | * This program is distributed under the terms of the GNU General Public\r | |
| 4 | * Licence. See the file COPYING for details.\r | |
| 5 | *\r | |
| 6 | * (c) Daniel Goscomb, 2001\r | |
| 7 | * \r | |
| 8 | * Modifications and improvements by Lawrence Manning.\r | |
| 9 | *\r | |
| 10 | * 10/04/01 Aslak added protocol support\r | |
| 11 | * \r | |
| 12 | * (c) Steve Bootes 2002/04/14 - Added source IP support for aliases\r | |
| 13 | *\r | |
| 14 | * 19/04/03 Robert Kerr Fixed root exploit\r | |
| 15 | *\r | |
| 16 | * $Id: setxtaccess.c,v 1.3.2.1 2005/01/04 17:21:40 eoberlander Exp $\r | |
| 17 | * \r | |
| 18 | */\r | |
| 19 | \r | |
| 20 | #include <stdio.h>\r | |
| 21 | #include <stdlib.h>\r | |
| 22 | #include <string.h>\r | |
| 23 | #include "setuid.h"\r | |
| 24 | \r | |
| 25 | FILE *ifacefile = NULL;\r | |
| 26 | FILE *fwdfile = NULL;\r | |
| 27 | FILE *ipfile = NULL;\r | |
| 28 | \r | |
| 29 | void exithandler(void)\r | |
| 30 | {\r | |
| 31 | if (fwdfile)\r | |
| 32 | fclose(fwdfile);\r | |
| 33 | }\r | |
| 34 | \r | |
| 35 | int main(void)\r | |
| 36 | {\r | |
| 37 | char iface[STRING_SIZE] = "";\r | |
| 38 | char locip[STRING_SIZE] = "";\r | |
| 39 | char s[STRING_SIZE] = "";\r | |
| 40 | int count;\r | |
| 41 | char *protocol;\r | |
| 42 | char *destip;\r | |
| 43 | char *remip;\r | |
| 44 | char *locport;\r | |
| 45 | char *enabled;\r | |
| 46 | char *information;\r | |
| 47 | char *result;\r | |
| 48 | char command[STRING_SIZE];\r | |
| 49 | \r | |
| 50 | if (!(initsetuid()))\r | |
| 51 | exit(1);\r | |
| 52 | \r | |
| 53 | atexit(exithandler);\r | |
| 54 | \r | |
| 55 | if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))\r | |
| 56 | {\r | |
| 57 | fprintf(stderr, "Couldn't open local ip file\n");\r | |
| 58 | exit(1);\r | |
| 59 | }\r | |
| 60 | if (fgets(locip, STRING_SIZE, ipfile))\r | |
| 61 | {\r | |
| 62 | if (locip[strlen(locip) - 1] == '\n')\r | |
| 63 | locip[strlen(locip) - 1] = '\0';\r | |
| 64 | }\r | |
| 65 | fclose (ipfile);\r | |
| 66 | if (!VALID_IP(locip))\r | |
| 67 | {\r | |
| 68 | fprintf(stderr, "Bad local IP: %s\n", locip);\r | |
| 69 | exit(1);\r | |
| 70 | }\r | |
| 71 | \r | |
| 72 | if (!(ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))\r | |
| 73 | {\r | |
| 74 | fprintf(stderr, "Couldn't open iface file\n");\r | |
| 75 | exit(1);\r | |
| 76 | }\r | |
| 77 | if (fgets(iface, STRING_SIZE, ifacefile))\r | |
| 78 | {\r | |
| 79 | if (iface[strlen(iface) - 1] == '\n')\r | |
| 80 | iface[strlen(iface) - 1] = '\0';\r | |
| 81 | }\r | |
| 82 | fclose (ifacefile);\r | |
| 83 | if (!VALID_DEVICE(iface))\r | |
| 84 | {\r | |
| 85 | fprintf(stderr, "Bad iface: %s\n", iface);\r | |
| 86 | exit(1);\r | |
| 87 | }\r | |
| 88 | \r | |
| 89 | if (!(fwdfile = fopen(CONFIG_ROOT "/xtaccess/config", "r")))\r | |
| 90 | {\r | |
| 91 | fprintf(stderr, "Couldn't open xtaccess settings file\n");\r | |
| 92 | exit(1);\r | |
| 93 | }\r | |
| 94 | \r | |
| 95 | safe_system("/sbin/iptables -F XTACCESS");\r | |
| 96 | \r | |
| 97 | while (fgets(s, STRING_SIZE, fwdfile) != NULL)\r | |
| 98 | {\r | |
| 99 | if (s[strlen(s) - 1] == '\n')\r | |
| 100 | s[strlen(s) - 1] = '\0';\r | |
| 101 | count = 0;\r | |
| 102 | protocol = NULL;\r | |
| 103 | remip = NULL;\r | |
| 104 | destip = NULL;\r | |
| 105 | locport = NULL;\r | |
| 106 | enabled = NULL;\r | |
| 107 | information = NULL;\r | |
| 108 | result = strtok(s, ",");\r | |
| 109 | while (result)\r | |
| 110 | {\r | |
| 111 | if (count == 0)\r | |
| 112 | protocol = result;\r | |
| 113 | else if (count == 1)\r | |
| 114 | remip = result;\r | |
| 115 | else if (count == 2)\r | |
| 116 | locport = result;\r | |
| 117 | else if (count == 3)\r | |
| 118 | enabled = result;\r | |
| 119 | else if (count == 4)\r | |
| 120 | destip = result;\r | |
| 121 | else\r | |
| 122 | information = result;\r | |
| 123 | count++;\r | |
| 124 | result = strtok(NULL, ",");\r | |
| 125 | }\r | |
| 126 | \r | |
| 127 | if (!(protocol && remip && locport && enabled))\r | |
| 128 | break;\r | |
| 129 | \r | |
| 130 | if (!VALID_PROTOCOL(protocol))\r | |
| 131 | {\r | |
| 132 | fprintf(stderr, "Bad protocol: %s\n", protocol);\r | |
| 133 | exit(1);\r | |
| 134 | }\r | |
| 135 | if (!VALID_IP_AND_MASK(remip))\r | |
| 136 | {\r | |
| 137 | fprintf(stderr, "Bad remote IP: %s\n", remip);\r | |
| 138 | exit(1);\r | |
| 139 | }\r | |
| 140 | if (!VALID_PORT_RANGE(locport))\r | |
| 141 | {\r | |
| 142 | fprintf(stderr, "Bad local port: %s\n", locport);\r | |
| 143 | exit(1);\r | |
| 144 | }\r | |
| 145 | \r | |
| 146 | /* check for destination ip in config file. If it's there\r | |
| 147 | * and it's not 0.0.0.0, use it; else use the current\r | |
| 148 | * local ip address. (This makes sure we can use old-style\r | |
| 149 | * config files without the destination ip) */\r | |
| 150 | if (!destip || !strcmp(destip, "0.0.0.0"))\r | |
| 151 | destip = locip;\r | |
| 152 | if (!VALID_IP(destip))\r | |
| 153 | {\r | |
| 154 | fprintf(stderr, "Bad destination IP: %s\n", remip);\r | |
| 155 | exit(1);\r | |
| 156 | }\r | |
| 157 | \r | |
| 158 | if (strcmp(enabled, "on") == 0)\r | |
| 159 | {\r | |
| 160 | memset(command, 0, STRING_SIZE);\r | |
| 161 | snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A XTACCESS -i %s -p %s -s %s -d %s --dport %s -j ACCEPT",\r | |
| 162 | iface, protocol, remip, destip, locport);\r | |
| 163 | safe_system(command);\r | |
| 164 | }\r | |
| 165 | }\r | |
| 166 | \r | |
| 167 | return 0;\r | |
| 168 | }\r |