src/misc-progs/setdmzholes.c

   1 /* SmoothWall helper program - setdmzhole
   2  *
   3  * This program is distributed under the terms of the GNU General Public
   4  * Licence.  See the file COPYING for details.
   5  *
   6  * (c) Daniel Goscomb, 2001
   7  *
   8  * Modifications and improvements by Lawrence Manning.
   9  *
  10  * 10/04/01 Aslak added protocol support
  11  * This program reads the list of ports to forward and setups iptables
  12  * and rules in ipmasqadm to enable them.
  13  *
  14  * $Id: setdmzholes.c,v 1.5.2.3 2005/10/18 17:05:27 franck78 Exp $
  15  *
  16  */
  17 #include "libsmooth.h"
  18 #include <stdio.h>
  19 #include <string.h>
  20 #include <stdlib.h>
  21 #include "setuid.h"
  22
  23 FILE *fwdfile = NULL;
  24
  25 void exithandler(void)
  26 {
  27         if (fwdfile)
  28                 fclose(fwdfile);
  29 }
  30
  31 int main(void)
  32 {
  33         int count;
  34         char *protocol;
  35         char *locip;
  36         char *remip;
  37         char *remport;
  38         char *enabled;
  39         char *src_net;
  40         char *dst_net;
  41         char s[STRING_SIZE];
  42         char *result;
  43         struct keyvalue *kv = NULL;
  44         char orange_dev[STRING_SIZE] = "";
  45         char blue_dev[STRING_SIZE] = "";
  46         char green_dev[STRING_SIZE] = "";
  47         char *idev;
  48         char *odev;
  49         char command[STRING_SIZE];
  50
  51         if (!(initsetuid()))
  52                 exit(1);
  53
  54         atexit(exithandler);
  55
  56         kv=initkeyvalues();
  57         if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
  58         {
  59                 fprintf(stderr, "Cannot read ethernet settings\n");
  60                 exit(1);
  61         }
  62
  63         if (!findkey(kv, "GREEN_DEV", green_dev))
  64         {
  65                 fprintf(stderr, "Cannot read GREEN_DEV\n");
  66                 exit(1);
  67         }
  68         findkey(kv, "BLUE_DEV", blue_dev);
  69         findkey(kv, "ORANGE_DEV", orange_dev);
  70
  71         if (!(fwdfile = fopen(CONFIG_ROOT "/dmzholes/config", "r")))
  72         {
  73                 fprintf(stderr, "Couldn't open dmzholes settings file\n");
  74                 exit(1);
  75         }
  76
  77         safe_system("/sbin/iptables -F DMZHOLES");
  78
  79         while (fgets(s, STRING_SIZE, fwdfile) != NULL)
  80         {
  81                 if (s[strlen(s) - 1] == '\n')
  82                         s[strlen(s) - 1] = '\0';
  83                 result = strtok(s, ",");
  84
  85                 count = 0;
  86                 protocol = NULL;
  87                 locip = NULL; remip = NULL;
  88                 remport = NULL;
  89                 enabled = NULL;
  90                 src_net = NULL;
  91                 dst_net = NULL;
  92                 idev = NULL;
  93                 odev = NULL;
  94
  95                 while (result)
  96                 {
  97                         if (count == 0)
  98                                 protocol = result;
  99                         else if (count == 1)
 100                                 locip = result;
 101                         else if (count == 2)
 102                                 remip = result;
 103                         else if (count == 3)
 104                                 remport = result;
 105                         else if (count == 4)
 106                                 enabled = result;
 107                         else if (count == 5)
 108                                 src_net = result;
 109                         else if (count == 6)
 110                                 dst_net = result;
 111                         count++;
 112                         result = strtok(NULL, ",");
 113                 }
 114
 115                 if (!(protocol && locip && remip && remport && enabled))
 116                 {
 117                         fprintf(stderr, "Bad line:\n");
 118                         break;
 119                 }
 120
 121                 if (!VALID_PROTOCOL(protocol))
 122                 {
 123                         fprintf(stderr, "Bad protocol: %s\n", protocol);
 124                         exit(1);
 125                 }
 126                 if (!VALID_IP_AND_MASK(locip))
 127                 {
 128                         fprintf(stderr, "Bad local IP: %s\n", locip);
 129                         exit(1);
 130                 }
 131                 if (!VALID_IP_AND_MASK(remip))
 132                 {
 133                         fprintf(stderr, "Bad remote IP: %s\n", remip);
 134                         exit(1);
 135                 }
 136                 if (!VALID_PORT_RANGE(remport))
 137                 {
 138                         fprintf(stderr, "Bad remote port: %s\n", remport);
 139                         exit(1);
 140                 }
 141
 142                 if (!src_net) { src_net = strdup ("orange");}
 143                 if (!dst_net) { dst_net = strdup ("green");}
 144
 145                 if (!strcmp(src_net, "blue"))   { idev = blue_dev; }
 146                 if (!strcmp(src_net, "orange")) { idev = orange_dev; }
 147                 if (!strcmp(dst_net, "blue"))   { odev = blue_dev; }
 148                 if (!strcmp(dst_net, "green"))  { odev = green_dev; }
 149
 150                 if (!strcmp(enabled, "on") && strlen(idev) && strlen (odev))
 151                 {
 152                         char *ctr;
 153                         /* If remport contains a - we need to change it to a : */
 154                         if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}
 155                         memset(command, 0, STRING_SIZE);
 156                         snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A DMZHOLES -p %s -i %s -o %s -s %s -d %s --dport %s -j ACCEPT", protocol, idev, odev, locip, remip, remport);
 157                         safe_system(command);
 158                 }
 159         }
 160
 161         return 0;
 162 }