int
main(int argc, char *argv[])
{
int retval = 0,
result = 0,
debuglvl = 0;
VuurmuurScript vr_script;
static char optstring[] = "CRDMPLB:AOo:g:n:z:s:i:r:V:S:hc:d:v";
static int version_flag = 0;
static int apply_flag = 0;
static int no_apply_flag = 0;
static int reload_flag = 0;
static int print_linenum_flag = 0;
char tmp_set[sizeof(vr_script.set)] = "";
char *str = NULL;
static struct option long_options[] =
{
/* commands */
{"create", 0, NULL, 'C'},
{"delete", 0, NULL, 'D'},
{"rename", 0, NULL, 'R'},
{"modify", 0, NULL, 'M'},
{"print", 0, NULL, 'P'},
{"list", 0, NULL, 'L'},
{"block", 1, NULL, 0},
{"unblock", 1, NULL, 0},
{"list-blocked",0, NULL, 0},
{"list-paths", 0, NULL, 0},
/* object name */
{"variable", 1, NULL, 'V'},
{"set", 1, NULL, 'S'},
{"append", 0, NULL, 'A'},
{"overwrite", 0, NULL, 'O'},
/* object types */
{"host", 1, NULL, 'o'}, /* h we use for help */
{"group", 1, NULL, 'g'},
{"network", 1, NULL, 'n'},
{"zone", 1, NULL, 'z'},
{"service", 1, NULL, 's'},
{"interface", 1, NULL, 'i'},
{"rule", 1, NULL, 'r'},
/* options */
{"apply", 0, &apply_flag, 1},
{"no-apply", 0, &no_apply_flag, 1},
{"reload", 0, &reload_flag, 1},
/* print options */
{"rule-numbers",0, &print_linenum_flag, 1},
{"verbose", 0, NULL, 'v'},
{"debug", 0, NULL, 'd'},
{"version", 0, &version_flag, 1},
{"help", 0, NULL, 'h'},
{NULL, 0, NULL, 0}
};
int opt = 0,
longopt_index = 0;
/* initialize our central data structure */
memset(&vr_script, 0, sizeof(vr_script));
vr_script.overwrite = TRUE;
/* get the current user */
get_user_info(debuglvl, &user_data);
/* exit if the user is not root. */
if(user_data.user > 0 || user_data.group > 0)
{
fprintf(stdout, "Error: you are not root! Exitting.\n");
exit(VRS_ERR_COMMANDLINE);
}
/* assemble version string */
snprintf(version_string, sizeof(version_string), "%s (using libvuurmuur %s)", VUURMUUR_VERSION, libvuurmuur_get_version());
/* init the print functions: all to stdout */
vrprint.logger = "vuurmuur_scrp";
vrprint.error = libvuurmuur_stdoutprint_error;
vrprint.warning = libvuurmuur_stdoutprint_warning;
vrprint.info = libvuurmuur_stdoutprint_info;
vrprint.debug = libvuurmuur_stdoutprint_debug;
vrprint.username = user_data.realusername;
vrprint.audit = libvuurmuur_stdoutprint_audit;
/* registering signals we use */
if(signal(SIGINT, &catch_sigint) == SIG_ERR)
{
fprintf(stdout, "Error: couldn't attach the signal SIGINT to the signal handler.\n");
exit(VRS_ERR_INTERNAL);
}
if(signal(SIGHUP, &catch_sighup) == SIG_ERR)
{
fprintf(stdout, "Error: couldn't attach the signal SIGHUP to the signal handler.\n");
exit(VRS_ERR_INTERNAL);
}
/* handle commandline options that don't require a config so they can be
* used by the wizard. */
if (argc > 1 && strcmp(argv[1], "--list-devices") == 0) {
script_list_devices(debuglvl);
exit(EXIT_SUCCESS);
}
/* some initilization */
if(pre_init_config(&conf) < 0)
exit(VRS_ERR_INTERNAL);
/* prepare for later shm connection */
shm_table = NULL;
sem_id = 0;
/* Process commandline options */
longopt_index = 0;
optind = 0; /* reset optind */
while((opt = getopt_long(argc, argv, optstring, long_options, &longopt_index)) >= 0)
{
switch(opt)
{
/* first handle the longoption only options */
case 0:
/* If this option set a flag, do nothing else now. */
if(long_options[longopt_index].flag != NULL)
break;
if(strcmp(long_options[longopt_index].name, "block") == 0)
{
/* block
*
* usage is vuurmuur_script --block 1.2.3.4
* this means we have to add a rule to the blocklist like this:
* vuurmuur_script -M -r blocklist -V RULE --set "block 1.2.3.4" --append --apply
*/
vr_script.cmd = CMD_BLK; /* we will change this to -M later */
/* -V RULE */
if(strlcpy(vr_script.var, "RULE", sizeof(vr_script.var)) >= sizeof(vr_script.var))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR,
"could not set variable: internal argument 'RULE' too long (max: %d).",
(int)sizeof(vr_script.var)-1);
exit(VRS_ERR_COMMANDLINE);
}
/* --set "block 1.2.3.4" */
if(snprintf(tmp_set, sizeof(tmp_set), "block %s", optarg) >= (int)sizeof(tmp_set))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR,
"could not set ip address: argument too long (max: %d).",
(int)sizeof(tmp_set)-1);
exit(VRS_ERR_COMMANDLINE);
}
if(strlcpy(vr_script.set, tmp_set, sizeof(vr_script.set)) >= sizeof(vr_script.set))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR,
"could not set ip address: argument too long (max: %d).",
(int)sizeof(vr_script.set)-1);
exit(VRS_ERR_COMMANDLINE);
}
/* -r blocklist */
vr_script.type = TYPE_RULE;
if(strlcpy(vr_script.name, "blocklist", sizeof(vr_script.name)) >= sizeof(vr_script.name))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR,
"rule (-r/--rule): internal argument too long (max: %d).",
(int)sizeof(vr_script.name)-1);
exit(VRS_ERR_COMMANDLINE);
}
/* --apply */
vr_script.apply = TRUE;
}
else if(strcmp(long_options[longopt_index].name, "unblock") == 0)
{
/* unblock an ip
* more difficult than blocking... for the logic see script_unblock.c!
*/
vr_script.cmd = CMD_UBL;
if(strlcpy(vr_script.set, optarg, sizeof(vr_script.set)) >= sizeof(vr_script.set))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR,
"could not set object to unblock: argument too long (max: %d).",
(int)sizeof(vr_script.set)-1);
exit(VRS_ERR_COMMANDLINE);
}
vr_script.type = TYPE_RULE;
/* --apply */
vr_script.apply = TRUE;
break;
}
else if(strcmp(long_options[longopt_index].name, "list-blocked") == 0)
{
vr_script.type = TYPE_RULE;
vr_script.cmd = CMD_LBL;
break;
}
else if(strcmp(long_options[longopt_index].name, "list-paths") == 0)
{
printf("SYSCONFDIR %s\n", conf.etcdir);
printf("VUURMUURCONFDIR %s/vuurmuur\n", conf.etcdir);
printf("CONFIGFILE %s\n", conf.configfile);
printf("PLUGINDIR %s\n", conf.plugdir);
printf("DATADIR %s\n", conf.datadir);
exit(EXIT_SUCCESS);
}
else
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR,
"unknown option '%s'. See --help for valid options.",
long_options[longopt_index].name);
exit(VRS_ERR_COMMANDLINE);
}
break;
case 'c' :
/* config file */
if(conf.verbose_out == TRUE)
fprintf(stdout, "Using this configfile: %s\n", optarg);
if(strlcpy(conf.configfile, optarg, sizeof(conf.configfile)) >= sizeof(conf.configfile))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "configfile (-c): argument too long (max: %d).", (int)sizeof(conf.configfile)-1);
exit(VRS_ERR_COMMANDLINE);
}
break;
case 'd' :
/* debugging */
fprintf(stdout, "vuurmuur: debugging enabled.\n");
/* convert the debug string and check the result */
debuglvl = atoi(optarg);
if(debuglvl < 0 || debuglvl > HIGH)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "illegal debug level: %d (max: %d)", debuglvl, HIGH);
exit(VRS_ERR_COMMANDLINE);
}
fprintf(stdout, "vuurmuur: debug level: %d\n", debuglvl);
break;
case '?' :
case 'h' :
/* help */
fprintf(stdout, "Usage: vuurmuur_script [OPTIONS]\n");
fprintf(stdout, "\n");
fprintf(stdout, "Options:\n");
fprintf(stdout, " -d [1 - 3]\t\t\tenables debugging, 1 low, 3 high\n");
fprintf(stdout, " -h, --help\t\t\tgives this help\n");
fprintf(stdout, " -v, --verbose\t\t\tverbose mode.\n");
fprintf(stdout, "\n");
fprintf(stdout, "Commands:\n");
fprintf(stdout, " --block <name>\t\tblock host/group or ipaddress.\n");
fprintf(stdout, " --unblock <name>\t\tunblock host/group or ipaddress.\n");
fprintf(stdout, " --list-blocked\t\tlist the hosts/group and ipaddresses that are blocked.\n");
fprintf(stdout, " --reload\t\t\tmake Vuurmuur reload it's config\n");
fprintf(stdout, "\n");
fprintf(stdout, " -C, --create\t\t\tcreate object.\n");
fprintf(stdout, " -D, --delete\t\t\tdelete object.\n");
fprintf(stdout, " -R, --rename\t\t\trename object.\n");
fprintf(stdout, " -M, --modify\t\t\tmodify object.\n");
fprintf(stdout, " -L, --list \t\t\tlist objects.\n");
fprintf(stdout, " -P, --print \t\t\tprint data of object.\n");
fprintf(stdout, "\n");
fprintf(stdout, "Object:\n");
fprintf(stdout, " -o, --host <name>\t\thost.\n");
fprintf(stdout, " -g, --group <name>\t\tgroup.\n");
fprintf(stdout, " -n, --network <name>\t\tnetwork.\n");
fprintf(stdout, " -z, --zone <name>\t\tzone.\n");
fprintf(stdout, " -s, --service <name>\t\tservice.\n");
fprintf(stdout, " -i, --interface <name>\t\tinterface.\n");
fprintf(stdout, " -r, --rule <name>\t\trule.\n");
fprintf(stdout, "\n");
fprintf(stdout, " -V, --variable <variable>\tvariable to modify/print.\n");
fprintf(stdout, " -S, --set <value>\t\tvalue to set on modify,\n");
fprintf(stdout, " \t\tor new name when renaming.\n");
fprintf(stdout, "\n");
fprintf(stdout, " -A, --append\t\t\tappend the variable on modify\n");
fprintf(stdout, " -O, --overwrite\t\toverwrite the variable on modify\n");
fprintf(stdout, "\n");
fprintf(stdout, " --rule-numbers\t\tprint rule numbers\n");
fprintf(stdout, " --apply\t\t\ttry to apply the changes directly to Vuurmuur\n");
fprintf(stdout, " --no-apply\t\t\tdon't try to apply the changes to Vuurmuur\n");
fprintf(stdout, "\n");
exit(EXIT_SUCCESS);
case 'v' :
/* verbose */
conf.verbose_out = TRUE;
break;
case 'C' :
vr_script.cmd = CMD_ADD;
break;
case 'D' :
vr_script.cmd = CMD_DEL;
break;
case 'R' :
vr_script.cmd = CMD_REN;
break;
case 'M' :
vr_script.cmd = CMD_MOD;
break;
case 'P' :
vr_script.cmd = CMD_PRT;
break;
case 'L' :
vr_script.cmd = CMD_LST;
break;
case 'o' : /* host */
vr_script.type = TYPE_HOST;
if(strlcpy(vr_script.name, optarg, sizeof(vr_script.name)) >= sizeof(vr_script.name))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "host (-o/--host): argument too long (max: %d).", (int)sizeof(vr_script.name)-1);
exit(VRS_ERR_COMMANDLINE);
}
break;
case 'g' : /* group */
vr_script.type = TYPE_GROUP;
if(strlcpy(vr_script.name, optarg, sizeof(vr_script.name)) >= sizeof(vr_script.name))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "group (-g/--group): argument too long (max: %d).", (int)sizeof(vr_script.name)-1);
exit(VRS_ERR_COMMANDLINE);
}
break;
case 'n' : /* network */
vr_script.type = TYPE_NETWORK;
if(strlcpy(vr_script.name, optarg, sizeof(vr_script.name)) >= sizeof(vr_script.name))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "network (-n/--network): argument too long (max: %d).", (int)sizeof(vr_script.name)-1);
exit(VRS_ERR_COMMANDLINE);
}
break;
case 'z' : /* zone */
vr_script.type = TYPE_ZONE;
if(strlcpy(vr_script.name, optarg, sizeof(vr_script.name)) >= sizeof(vr_script.name))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "zone (-z/--zone): argument too long (max: %d).", (int)sizeof(vr_script.name)-1);
exit(VRS_ERR_COMMANDLINE);
}
break;
case 's' : /* service */
vr_script.type = TYPE_SERVICE;
if(strlcpy(vr_script.name, optarg, sizeof(vr_script.name)) >= sizeof(vr_script.name))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "service (-s/--service): argument too long (max: %d).", (int)sizeof(vr_script.name)-1);
exit(VRS_ERR_COMMANDLINE);
}
break;
case 'i' : /* interface */
vr_script.type = TYPE_INTERFACE;
if(strlcpy(vr_script.name, optarg, sizeof(vr_script.name)) >= sizeof(vr_script.name))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "host (-i/--interface): argument too long (max: %d).", (int)sizeof(vr_script.name)-1);
exit(VRS_ERR_COMMANDLINE);
}
break;
case 'r' : /* rule */
vr_script.type = TYPE_RULE;
if(strlcpy(vr_script.name, optarg, sizeof(vr_script.name)) >= sizeof(vr_script.name))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "rule (-r/--rule): argument too long (max: %d).", (int)sizeof(vr_script.name)-1);
exit(VRS_ERR_COMMANDLINE);
}
break;
case 'S' :
if(strlcpy(vr_script.set, optarg, sizeof(vr_script.set)) >= sizeof(vr_script.set))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "set (-S/--set): argument too long (max: %d).", (int)sizeof(vr_script.set)-1);
exit(VRS_ERR_COMMANDLINE);
}
break;
case 'V' :
if(strlcpy(vr_script.var, optarg, sizeof(vr_script.var)) >= sizeof(vr_script.var))
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "var (-V/--var): argument too long (max: %d).", (int)sizeof(vr_script.var)-1);
exit(VRS_ERR_COMMANDLINE);
}
break;
case 'O' :
vr_script.overwrite = TRUE;
break;
case 'A' :
vr_script.overwrite = FALSE;
break;
default:
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "unknown option '%c'. See --help for valid options.", opt);
exit(VRS_ERR_COMMANDLINE);
}
}
if(version_flag == 1)
{
fprintf(stdout, "Vuurmuur_script %s\n", version_string);
fprintf(stdout, "Copyright (C) 2002-2008 by Victor Julien\n");
exit(VRS_SUCCESS);
}
if(conf.verbose_out == TRUE)
{
/* print some nice info about me being the coolest of 'm all ;-) */
(void)vrprint.info("Info", "This is Vuurmuur_script %s", version_string);
(void)vrprint.info("Info", "Copyright (C) 2002-2008 by Victor Julien");
}
/* setup regexes */
if(setup_rgx(1, &vr_script.reg) < 0)
{
(void)vrprint.error(VRS_ERR_INTERNAL, VR_INTERR, "setting up regular expressions failed.");
exit(VRS_ERR_INTERNAL);
}
/* apply and no-apply */
if(apply_flag == 1)
vr_script.apply = TRUE;
if(no_apply_flag == 1)
vr_script.apply = FALSE;
/* reload the config */
if (reload_flag == 1)
{
vr_script.cmd = CMD_RLD;
vr_script.apply = TRUE;
}
/*
handling the command
*/
if(vr_script.cmd == CMD_UNSET)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "missing command option, use --help to see a list of possible commands.");
exit(VRS_ERR_COMMANDLINE);
}
if(vr_script.cmd == CMD_ADD)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "command 'add' selected.");
}
else if(vr_script.cmd == CMD_DEL)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "command 'delete' selected.");
}
else if(vr_script.cmd == CMD_MOD)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "command 'modify' selected.");
}
else if(vr_script.cmd == CMD_REN)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "command 'rename' selected.");
}
else if(vr_script.cmd == CMD_LST)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "command 'list' selected.");
}
else if(vr_script.cmd == CMD_PRT)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "command 'print' selected.");
}
else if(vr_script.cmd == CMD_BLK)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "command 'block' selected.");
}
else if(vr_script.cmd == CMD_UBL)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "command 'unblock' selected.");
}
else if(vr_script.cmd == CMD_LBL)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "command 'list-blocked' selected.");
}
else if(vr_script.cmd == CMD_RLD)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "command 'reload-config' selected.");
}
else
{
(void)vrprint.error(VRS_ERR_INTERNAL, VR_INTERR, "unknown command option %d.", vr_script.cmd);
exit(VRS_ERR_INTERNAL);
}
/*
handling the type
*/
if(vr_script.type == TYPE_UNSET && vr_script.cmd != CMD_RLD)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "type option not set. Please see --help for options.");
exit(VRS_ERR_COMMANDLINE);
}
if(vr_script.type == TYPE_HOST)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "type 'host' selected.");
}
else if(vr_script.type == TYPE_GROUP)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "type 'group' selected.");
}
else if(vr_script.type == TYPE_NETWORK)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "type 'network' selected.");
}
else if(vr_script.type == TYPE_ZONE)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "type 'zone' selected.");
}
else if(vr_script.type == TYPE_SERVICE)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "type 'service' selected.");
}
else if(vr_script.type == TYPE_INTERFACE)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "type 'interface' selected.");
}
else if(vr_script.type == TYPE_RULE)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "type 'rule' selected.");
}
else if(vr_script.cmd == CMD_RLD)
{
if(conf.verbose_out == TRUE)
(void)vrprint.info(VR_INFO, "reload has no option.");
}
else
{
(void)vrprint.error(VRS_ERR_INTERNAL, VR_INTERR, "unknown type option %d.", vr_script.type);
exit(VRS_ERR_INTERNAL);
}
/*
handling the name
*/
if(vr_script.name[0] == '\0')
{
(void)strlcpy(vr_script.name, "any", sizeof(vr_script.name));
}
else if(strcasecmp(vr_script.name, "any") == 0)
{
/* ignore any */
}
else
{
if( vr_script.type == TYPE_ZONE || vr_script.type == TYPE_NETWORK ||
vr_script.type == TYPE_HOST || vr_script.type == TYPE_GROUP)
{
/* validate and split the new name */
if(validate_zonename(debuglvl, vr_script.name, 0, vr_script.name_zone, vr_script.name_net, vr_script.name_host, vr_script.reg.zonename, VALNAME_VERBOSE) != 0)
{
if(vr_script.type == TYPE_ZONE)
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "invalid zone name '%s' (in: %s:%d).", vr_script.name, __FUNC__, __LINE__);
else if(vr_script.type == TYPE_NETWORK)
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "invalid network name '%s' (in: %s:%d).", vr_script.name, __FUNC__, __LINE__);
else if(vr_script.type == TYPE_HOST)
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "invalid host name '%s' (in: %s:%d).", vr_script.name, __FUNC__, __LINE__);
else if(vr_script.type == TYPE_GROUP)
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "invalid group name '%s' (in: %s:%d).", vr_script.name, __FUNC__, __LINE__);
exit(VRS_ERR_COMMANDLINE);
}
if(debuglvl >= HIGH)
(void)vrprint.debug(__FUNC__, "name: '%s': host/group '%s', net '%s', zone '%s'.",
vr_script.name, vr_script.name_host,
vr_script.name_net, vr_script.name_zone);
}
else if(vr_script.type == TYPE_SERVICE)
{
if(validate_servicename(debuglvl, vr_script.name, vr_script.reg.servicename, VALNAME_QUIET) != 0)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "invalid service name '%s' (in: %s:%d).", vr_script.name, __FUNC__, __LINE__);
exit(VRS_ERR_COMMANDLINE);
}
}
else if(vr_script.type == TYPE_INTERFACE)
{
if(validate_interfacename(debuglvl, vr_script.name, vr_script.reg.interfacename) != 0)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "invalid interface name '%s' (in: %s:%d).", vr_script.name, __FUNC__, __LINE__);
exit(VRS_ERR_COMMANDLINE);
}
}
else if(vr_script.type == TYPE_RULE)
{
if( strcmp(vr_script.name, "blocklist") == 0 ||
strcmp(vr_script.name, "rules") == 0)
{
/* ok */
}
else
{
/* error */
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "invalid ruleset name '%s' (in: %s:%d).", vr_script.name, __FUNC__, __LINE__);
exit(VRS_ERR_COMMANDLINE);
}
}
else
{
/* error */
(void)vrprint.error(VRS_ERR_INTERNAL, VR_INTERR, "unknown type option %d.", vr_script.type);
exit(VRS_ERR_INTERNAL);
}
}
/* set var to any if var is empty */
if(vr_script.var[0] == '\0')
(void)strlcpy(vr_script.var, "any", sizeof(vr_script.var));
/* see if we need to print rule numbers */
if(print_linenum_flag == 1)
vr_script.print_rule_numbers = TRUE;
/* initialize the config from the config file */
if(debuglvl >= MEDIUM)
(void)vrprint.debug(__FUNC__, "initializing config... calling init_config()");
result = init_config(debuglvl, &conf);
if(result >= VR_CNF_OK)
{
if(debuglvl >= MEDIUM)
(void)vrprint.debug(__FUNC__, "initializing config complete and succesful.");
}
else
{
fprintf(stdout, "Initializing config failed.\n");
exit(EXIT_FAILURE);
}
/* now we know the logfile locations, so init the log functions */
if(conf.verbose_out == TRUE)
{
/* if we use verbose output, we still print the logfiles as well */
vrprint.error = libvuurmuur_logstdoutprint_error;
vrprint.warning = libvuurmuur_logstdoutprint_warning;
vrprint.info = libvuurmuur_logstdoutprint_info;
vrprint.debug = libvuurmuur_logstdoutprint_debug;
}
else
{
vrprint.error = libvuurmuur_logprint_error;
vrprint.warning = libvuurmuur_logprint_warning;
vrprint.info = libvuurmuur_logprint_info;
vrprint.debug = libvuurmuur_logprint_debug;
}
/* audit only to the log, no matter if we are in verbose mode or not
because it prints: username: message... example:
victor : interface 'abcd' added.
*/
vrprint.audit = libvuurmuur_logprint_audit;
/* load the backends */
result = load_backends(debuglvl, &PluginList);
if(result < 0)
{
fprintf(stdout, "Error: loading backends failed\n");
exit(EXIT_FAILURE);
}
/* main part: handle the different commands */
if(vr_script.cmd == CMD_LST)
{
retval = script_list(debuglvl, &vr_script);
}
else if(vr_script.cmd == CMD_PRT)
{
if(strcasecmp(vr_script.name,"any") == 0)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "cannot use command 'print' on object 'any'.");
retval = VRS_ERR_COMMANDLINE;
}
else
{
retval = script_print(debuglvl, &vr_script);
}
}
else if(vr_script.cmd == CMD_ADD)
{
if(strcasecmp(vr_script.name,"any") == 0)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "cannot use command 'add' on object 'any'.");
retval = VRS_ERR_COMMANDLINE;
}
else
{
retval = script_add(debuglvl, &vr_script);
}
}
else if(vr_script.cmd == CMD_DEL)
{
if(strcasecmp(vr_script.name,"any") == 0)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "cannot use command 'del' on object 'any'.");
retval = VRS_ERR_COMMANDLINE;
}
else
{
retval = script_delete(debuglvl, &vr_script);
}
}
else if(vr_script.cmd == CMD_MOD || vr_script.cmd == CMD_BLK)
{
/* workaround for the problem that we don't want to append into
* append into an empty list then using --block */
if (vr_script.cmd == CMD_BLK) {
/* append or overwrite mode (fix ticket #49) */
if ((rf->ask(debuglvl, rule_backend, "blocklist", "RULE",
vr_script.bdat, sizeof(vr_script.bdat), TYPE_RULE, 1) == 1))
{
/* we got a rule from the backend so we have to append */
vr_script.overwrite = FALSE;
} else {
/* there are no rules in the backend so we overwrite */
vr_script.overwrite = TRUE;
}
/* switch to mod here */
vr_script.cmd = CMD_MOD;
}
if(strcasecmp(vr_script.name,"any") == 0)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "cannot use command 'modify' on object 'any'.");
retval = VRS_ERR_COMMANDLINE;
}
else if(vr_script.var[0] == '\0' || strcasecmp(vr_script.var, "any") == 0)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "please set the variable to modify with --variable.");
retval = VRS_ERR_COMMANDLINE;
}
/* allow empty 'set' if we overwrite, since that way we can clear variables */
else if(vr_script.set[0] == '\0' && vr_script.overwrite == FALSE)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "please set the new value with --set.");
retval = VRS_ERR_COMMANDLINE;
}
else
{
retval = script_modify(debuglvl, &vr_script);
}
}
else if(vr_script.cmd == CMD_REN)
{
if(strcasecmp(vr_script.name,"any") == 0)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "cannot use command 'rename' on object 'any'.");
retval = VRS_ERR_COMMANDLINE;
}
else if(strcasecmp(vr_script.set,"any") == 0)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "cannot rename a object to 'any'.");
retval = VRS_ERR_COMMANDLINE;
}
else if(strncasecmp(vr_script.set,"firewall", 8) == 0)
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "cannot rename a object to a name that starts with 'firewall'.");
retval = VRS_ERR_COMMANDLINE;
}
else if(vr_script.set[0] == '\0')
{
(void)vrprint.error(VRS_ERR_COMMANDLINE, VR_ERR, "please set the new name with --set.");
retval = VRS_ERR_COMMANDLINE;
}
else
{
retval = script_rename(debuglvl, &vr_script);
}
}
else if(vr_script.cmd == CMD_UBL)
{
retval = script_unblock(debuglvl, &vr_script);
}
else if(vr_script.cmd == CMD_LBL)
{
while((result = rf->ask(debuglvl, rule_backend, "blocklist", "RULE", vr_script.bdat, sizeof(vr_script.bdat), TYPE_RULE, 1) == 1))
{
rules_encode_rule(debuglvl, vr_script.bdat, sizeof(vr_script.bdat));
str = remove_leading_part(vr_script.bdat);
printf("%s\n", str);
free(str);
}
/* check the result */
if(result == 0)
retval = 0;
else
retval = VRS_ERR_COMMAND_FAILED;
}
else if(vr_script.cmd == CMD_RLD)
{
retval = VRS_SUCCESS;
}
else
{
printf("FIXME: command not implemented\n");
retval = VRS_ERR_COMMANDLINE;
}
/* if all went well (retval == 0) we can apply now */
if(vr_script.apply == TRUE && retval == VRS_SUCCESS)
{
retval = script_apply(debuglvl, &vr_script);
}
/* unload the backends */
result = unload_backends(debuglvl, &PluginList);
if(result < 0)
{
fprintf(stdout, "Error: unloading backends failed.\n");
exit(EXIT_FAILURE);
}
/*
Destroy the data structures
*/
/* cleanup regexes */
(void)setup_rgx(0, &vr_script.reg);
if(debuglvl >= HIGH)
(void)vrprint.debug(__FUNC__, "** end **, return = %d", retval);
return(retval);
}
int main(int argc, char *argv[])
{
struct vrmr_ctx vctx;
int retval = 0, optch = 0;
static char optstring[] = "c:d:hVW";
struct option long_options[] = {
{"configfile", required_argument, NULL, 'c'},
{"debug", required_argument, NULL, 'd'},
{"help", no_argument, NULL, 'h'},
{"version", no_argument, NULL, 'V'},
{"wizard", no_argument, NULL, 'W'},
{0, 0, 0, 0},
};
int longopt_index = 0;
int debug_level = NONE;
PANEL *main_panels[5];
char *s = NULL;
/* some defaults */
vuurmuur_semid = -1;
vuurmuur_shmid = -1;
vuurmuurlog_semid = -1;
vuurmuurlog_shmid = -1;
/* create the version string */
snprintf(version_string, sizeof(version_string),
"%s (using libvuurmuur %s)", VUURMUURCONF_VERSION,
libvuurmuur_get_version());
/* some initilization */
if (vrmr_init(&vctx, "vuurmuur_conf") < 0)
exit(EXIT_FAILURE);
/* settings file */
memset(vccnf.configfile_location, 0, sizeof(vccnf.configfile_location));
if (vctx.conf.etcdir[0] == '\0')
(void)strlcpy(vccnf.configfile_location, VUURMUURCONF_CONFIGFILE,
sizeof(vccnf.configfile_location));
else
(void)snprintf(vccnf.configfile_location,
sizeof(vccnf.configfile_location),
"%s/vuurmuur/vuurmuur_conf.conf", vctx.conf.etcdir);
#ifdef ENABLE_NLS
setlocale(LC_ALL, "");
setlocale(LC_TIME, "");
setlocale(LC_MESSAGES, "");
setlocale(LC_COLLATE, "");
setlocale(LC_CTYPE, "");
setlocale(LC_MONETARY, "");
setlocale(LC_NUMERIC, "");
#endif
/* check if we are in utf-8 mode */
utf8_mode = 0;
if ((s = getenv("LC_ALL")) || (s = getenv("LC_CTYPE")) ||
(s = getenv("LANG"))) {
if (strstr(s, "UTF-8"))
utf8_mode = 1;
}
#ifdef ENABLE_NLS
bindtextdomain("vuurmuur", xstr(VRMR_LOCALEDIR));
textdomain("vuurmuur");
#endif
/* process commandline options */
while ((optch = getopt_long(argc, argv, optstring, long_options,
&longopt_index)) != -1) {
switch (optch) {
case 'h':
print_commandline_args();
break;
/* configfile */
case 'c':
if (strlcpy(vctx.conf.configfile, optarg,
sizeof(vctx.conf.configfile)) >=
sizeof(vctx.conf.configfile)) {
vrmr_error(EXIT_FAILURE, VR_ERR,
gettext("commandline argument too long for option "
"-c."));
exit(EXIT_FAILURE);
}
break;
case 'd':
/* convert the debug string and check the result */
debug_level = atoi(optarg);
if (debug_level < 0 || debug_level > HIGH) {
vrmr_error(EXIT_FAILURE, VR_ERR,
gettext("commandline debuglevel out of range."));
exit(EXIT_FAILURE);
}
vrmr_debug_level = debug_level;
fprintf(stdout, "vuurmuur_conf: debugging enabled.\n");
fprintf(stdout, "vuurmuur_conf: debug level: %d\n",
debug_level);
break;
case 'V':
/* print version */
fprintf(stdout, "Vuurmuur_conf %s\n", version_string);
fprintf(stdout, "%s\n", VUURMUUR_COPYRIGHT);
exit(EXIT_SUCCESS);
case 'W': {
char wizard_path[512] = "";
snprintf(wizard_path, sizeof(wizard_path),
"%s/scripts/vuurmuur-wizard.sh", vctx.conf.datadir);
printf("Running %s...\n", wizard_path);
exec_wizard(wizard_path);
exit(EXIT_SUCCESS);
}
default:
vrmr_error(EXIT_FAILURE, VR_ERR,
gettext("unknown commandline option."));
exit(EXIT_FAILURE);
}
}
/* close the STDERR_FILENO because it gives us annoying "Broken
Pipe" errors on some systems with bash3. Let's see if this
has negative side-effects. */
close(STDERR_FILENO);
/* init vuurmuur_conf config already to get background */
(void)init_vcconfig(&vctx.conf, vccnf.configfile_location, &vccnf);
/* Initialize curses */
(void)initscr();
(void)start_color();
(void)cbreak();
(void)noecho();
(void)keypad(stdscr, (bool)TRUE);
setup_colors();
/* create the three main windows */
if (!(status_frame_win = create_newwin(
3, COLS, LINES - 3, 0, NULL, vccnf.color_bgd)))
exit(EXIT_FAILURE);
if (!(status_win = create_newwin(
1, COLS - 4, LINES - 2, 2, NULL, vccnf.color_bgd)))
exit(EXIT_FAILURE);
if (!(top_win = create_newwin(3, COLS, 0, 0, NULL, vccnf.color_bgd)))
exit(EXIT_FAILURE);
if (!(main_win = create_newwin(
LINES - 6, COLS, 3, 0, NULL, vccnf.color_bgd)))
exit(EXIT_FAILURE);
if (!(mainlog_win = newwin(LINES - 8, COLS - 2, 4, 1)))
exit(EXIT_FAILURE);
(void)wbkgd(mainlog_win, vccnf.color_bgd);
wattron(status_frame_win, vccnf.color_bgd);
mvwprintw(status_frame_win, 0, 2, " %s ", gettext("Status"));
mvwprintw(status_frame_win, 2,
(int)(COLS - 4 - StrLen(vctx.user_data.realusername) - 6),
" user: %s ", vctx.user_data.realusername);
wattroff(status_frame_win, vccnf.color_bgd);
/* Attach a panel to each window */
main_panels[0] = new_panel(top_win);
main_panels[1] = new_panel(main_win);
main_panels[2] = new_panel(status_win);
main_panels[3] = new_panel(mainlog_win);
main_panels[4] = new_panel(status_frame_win);
(void)update_panels();
(void)doupdate();
/* init the vrprint functions for the Gui */
vrprint.error = vuumuurconf_print_error;
vrprint.warning = vuumuurconf_print_warning;
vrprint.info = vuumuurconf_print_info;
if (status_print(status_win, gettext("This is Vuurmuur_conf %s, %s"),
version_string, VUURMUUR_COPYRIGHT) < 0)
exit(EXIT_FAILURE);
/* setup the global busywin */
VrBusyWinCreate();
VrBusyWinHide();
// form_test();
/* startup_screen inits the config, loads the zones, rules, etc */
if (startup_screen(&vctx, &vctx.rules, &vctx.zones, &vctx.services,
&vctx.interfaces, &vctx.blocklist, &vctx.reg) < 0) {
/* failure! Lets quit. */
/* delete panels and windows */
(void)del_panel(main_panels[0]);
(void)del_panel(main_panels[1]);
(void)del_panel(main_panels[2]);
(void)del_panel(main_panels[3]);
(void)del_panel(main_panels[4]);
(void)destroy_win(top_win);
(void)destroy_win(main_win);
(void)destroy_win(status_win);
(void)destroy_win(status_frame_win);
/* clear screen */
(void)refresh();
/* end ncurses mode */
(void)endwin();
exit(EXIT_FAILURE);
}
/* setup statuslist */
(void)setup_statuslist();
status_print(status_win, STR_READY);
mm_status_checkall(&vctx, NULL, &vctx.rules, &vctx.zones, &vctx.interfaces,
&vctx.services);
/* main menu loop */
while (main_menu(&vctx, &vctx.rules, &vctx.zones, &vctx.interfaces,
&vctx.services, &vctx.blocklist, &vctx.reg) == 1)
;
/* clean up the status list */
vrmr_list_cleanup(&vuurmuur_status.StatusList);
/* detach from shared memory, if we were attached */
if (vuurmuur_shmp != NULL && vuurmuur_shmp != (char *)(-1) &&
vuurmuur_shmtable != 0) {
if (vrmr_lock(vuurmuur_semid)) {
vuurmuur_shmtable->configtool.connected = 3;
vrmr_unlock(vuurmuur_semid);
}
(void)shmdt(vuurmuur_shmp);
}
if (vuurmuurlog_shmp != NULL && vuurmuurlog_shmp != (char *)(-1) &&
vuurmuurlog_shmtable != 0) {
if (vrmr_lock(vuurmuurlog_semid)) {
vuurmuurlog_shmtable->configtool.connected = 3;
vrmr_unlock(vuurmuurlog_semid);
}
(void)shmdt(vuurmuurlog_shmp);
}
/* destroy the global busywin */
VrBusyWinDelete();
/* delete panels and windows */
(void)del_panel(main_panels[0]);
(void)del_panel(main_panels[1]);
(void)del_panel(main_panels[2]);
(void)del_panel(main_panels[3]);
(void)del_panel(main_panels[4]);
(void)destroy_win(mainlog_win);
(void)destroy_win(top_win);
(void)destroy_win(main_win);
(void)destroy_win(status_win);
(void)destroy_win(status_frame_win);
/* clear screen */
(void)refresh();
/* end ncurses mode */
(void)endwin();
/* set error functions to the stdout versions */
vrprint.error = vrmr_stdoutprint_error;
vrprint.warning = vrmr_stdoutprint_warning;
vrprint.info = vrmr_stdoutprint_info;
vrprint.debug = vrmr_stdoutprint_debug;
vrprint.audit = vrmr_stdoutprint_audit;
/* unload the backends */
if (vrmr_backends_unload(&vctx.conf, &vctx) < 0) {
vrmr_error(-1, VR_ERR, gettext("unloading the backends failed"));
retval = -1;
}
/* cleanup the datastructures */
(void)vrmr_list_cleanup(&vctx.blocklist.list);
(void)vrmr_destroy_serviceslist(&vctx.services);
(void)vrmr_destroy_zonedatalist(&vctx.zones);
(void)vrmr_rules_cleanup_list(&vctx.rules);
(void)vrmr_destroy_interfaceslist(&vctx.interfaces);
vrmr_deinit(&vctx);
return (retval);
}
