int main(int argc, char *argv[]) { if ( argc < 2 ) { printf("invalid parameter(s)\n"); return(1); } if (!(initsetuid())) exit(1); if (strcmp(argv[1], "cron") == 0) { safe_system("rm /etc/fcron.*/updxlrator 2&>/dev/null"); if (strcmp(argv[2], "daily") == 0) { safe_system("ln -s /var/ipfire/updatexlrator/bin/checkup /etc/fcron.daily/updxlrator"); } else if (strcmp(argv[2], "weekly") == 0) { safe_system("ln -s /var/ipfire/updatexlrator/bin/checkup /etc/fcron.weekly/updxlrator"); } else if (strcmp(argv[2], "monthly") == 0) { safe_system("ln -s /var/ipfire/updatexlrator/bin/checkup /etc/fcron.monthly/updxlrator"); } else { printf("invalid parameter(s)\n"); return(1); } } return 0; }
int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); if (argc < 2) { fprintf(stderr, "\nNo argument given.\n\nsquidctrl (start|stop|restart|flush|reconfigure)\n\n"); exit(1); } if (strcmp(argv[1], "start") == 0) { safe_system("/etc/rc.d/init.d/squid start"); } else if (strcmp(argv[1], "stop") == 0) { safe_system("/etc/rc.d/init.d/squid stop"); } else if (strcmp(argv[1], "restart") == 0) { safe_system("/etc/rc.d/init.d/squid restart"); } else if (strcmp(argv[1], "reconfigure") == 0) { safe_system("/etc/rc.d/init.d/squid reconfigure"); } else if (strcmp(argv[1], "flush") == 0) { safe_system("/etc/rc.d/init.d/squid flush"); } else if (strcmp(argv[1], "enable") == 0) { safe_system("ln -fs ../init.d/squid /etc/rc.d/rc0.d/K00squid >/dev/null 2>&1"); safe_system("ln -fs ../init.d/squid /etc/rc.d/rc6.d/K00squid >/dev/null 2>&1"); } else if (strcmp(argv[1], "disable") == 0) { safe_system("rm -f /etc/rc.d/rc*.d/*squid >/dev/null 2>&1"); } else { fprintf(stderr, "\nBad argument given.\n\nsquidctrl (start|stop|restart|flush|reconfigure|setperms)\n\n"); exit(1); } return 0; }
int main(int argc, char *argv[]) { struct keyvalue* kv = NULL; int fd = -1; int r = 0; if (!(initsetuid())) exit(1); if (argc < 2) { fprintf(stderr, "\nNo argument given.\n\nqosctrl (start|stop|restart|status|generate)\n\n"); exit(1); } if (strcmp(argv[1], "generate") == 0) { kv = initkeyvalues(); if (!readkeyvalues(kv, CONFIG_ROOT "/qos/settings")) { fprintf(stderr, "Cannot read QoS settings\n"); r = 1; goto END; } char enabled[STRING_SIZE]; if (!findkey(kv, "ENABLED", enabled)) strcpy(enabled, "off"); if (strcmp(enabled, "on") == 0) safe_system("/usr/bin/perl /var/ipfire/qos/bin/makeqosscripts.pl > " QOS_SH); else unlink(QOS_SH); } if ((fd = open(QOS_SH, O_RDONLY)) != -1) { close(fd); } else { // If there is no qos.sh do nothing. goto END; } safe_system("chmod 755 " QOS_SH " &>/dev/null"); if (strcmp(argv[1], "start") == 0) { safe_system(QOS_SH " start"); } else if (strcmp(argv[1], "stop") == 0) { safe_system(QOS_SH " clear"); } else if (strcmp(argv[1], "status") == 0) { safe_system(QOS_SH " status"); } else if (strcmp(argv[1], "restart") == 0) { safe_system(QOS_SH " restart"); } else { if (strcmp(argv[1], "generate") == 0) {exit(0);} fprintf(stderr, "\nBad argument given.\n\nqosctrl (start|stop|restart|status|generate)\n\n"); exit(1); } END: if (kv) freekeyvalues(kv); return r; }
int main(void) { if (!(initsetuid())) exit(1); safe_system("/usr/bin/sendprofile"); return 0; }
int main(void) { if (!(initsetuid(1))) exit(1); system("/sbin/shutdown -r now"); return 0; }
int main(int argc, char *argv[]) { if (!(initsetuid()) ) exit(1); system("/etc/rc.d/rc.vlan"); return 0; }
int main(int argc, char *argv[]) { char command[512]; if (!(initsetuid())) exit(1); snprintf(command, 512, "/var/ipfire/extrahd/bin/extrahd.pl %s %s", argv[1], argv[2]); safe_system("chmod 755 /var/ipfire/extrahd/bin/extrahd.pl 2>&1 >/dev/null"); safe_system(command); }
int main(int argc, char *argv[]) { if (argc < 2) return(1); if (!(initsetuid())) exit(-1); snprintf(command, BUFFER_SIZE-1, "/bin/chown nobody:squid /home/httpd/vhost81/html/updatecache/%s", argv[1]); safe_system(command); return(0); }
int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); snprintf(command, BUFFER_SIZE-1, "/usr/sbin/etherwake -i %s %s", argv[2], argv[1]); safe_system(command); /* Send magic packet with broadcast flag set. */ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/etherwake -i %s -b %s", argv[2], argv[1]); safe_system(command); return(0); }
int main(void) { FILE *f; if (!(initsetuid(1))) exit(1); if ((f = fopen("/var/smoothwall/adsl/mgmt.o", "r"))) { system("/usr/bin/modem_run -f /var/smoothwall/adsl/mgmt.o -v 1"); fclose(f); } return 0; }
int main(int argc, char *argv[]) { int i; char command[1024]; char add[STRING_SIZE]; if (!(initsetuid())) exit(1); snprintf(command, STRING_SIZE, "/opt/pakfire/pakfire"); for (i = 1; i < argc; i++) { sprintf(add, " %s", argv[i]); strcat(command, add); } return safe_system(command); }
int main(void) { if (!(initsetuid())) exit(1); FILE *fp = fopen("/proc/net/nf_conntrack", "r"); if (fp == NULL) { exit(1); } /* Read content line by line and write it to stdout. */ char linebuf[STRING_SIZE]; while (fgets(linebuf, STRING_SIZE, fp)) { printf("%s", linebuf); } fclose(fp); return 0; }
int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); if (argc < 2) { fprintf(stderr, "\nNo argument given.\n\ndnsmasqctrl (restart)\n\n"); exit(1); } if (strcmp(argv[1], "restart") == 0) { safe_system("/etc/rc.d/init.d/dnsmasq restart"); } else { fprintf(stderr, "\nBad argument given.\n\ndnsmasqctrl (restart)\n\n"); exit(1); } return 0; }
int main(int argc, char *argv[]) { char cmd[STRING_SIZE]; if (!(initsetuid())) exit(1); if (argc < 2) { fprintf(stderr, "\nNo argument given.\n\nddnsctrl (update-all)\n\n"); exit(1); } if (strcmp(argv[1], "update-all") == 0) { snprintf(cmd, sizeof(cmd), "/usr/bin/ddns --config %s update-all >/dev/null 2>&1", conffile); safe_system(cmd); } else { fprintf(stderr, "\nBad argument given.\n\nddnsctrl (update-all)\n\n"); exit(1); } return 0; }
int main(int argc, char *argv[]) { static struct option long_options[] = { { "eroute", no_argument, &flag_eroute, 1 }, { "verbose", no_argument, 0, 'v' }, { "help", no_argument, 0, 'h' }, { 0, 0, 0, 0} }; int c; int option_index = 0; while ((c = getopt_long(argc, argv, "v", long_options, &option_index)) != -1) { switch (c) { case 0: break; case 'v': /* verbose */ flag_verbose++; break; case 'h': usage(argv[0], 0); default: fprintf(stderr, "unknown option\n"); usage(argv[0], 1); } } if ( !(initsetuid()) ) exit(1); if (flag_eroute) { safe_system("/bin/cat /proc/net/ipsec_eroute 2>/dev/null"); } else { safe_system("/usr/sbin/conntrack -L -o xml 2>/dev/null"); } return(0); }
int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); if (argc < 2) { fprintf(stderr, "\nNo argument given.\n\nredctrl (start|stop|restart)\n\n"); exit(1); } if (strcmp(argv[1], "start") == 0) { safe_system("/etc/rc.d/init.d/network start red"); } else if (strcmp(argv[1], "stop") == 0) { safe_system("/etc/rc.d/init.d/network stop red"); } else if (strcmp(argv[1], "restart") == 0) { safe_system("/etc/rc.d/init.d/network restart red"); } else { fprintf(stderr, "\nBad argument given.\n\nredctrl (start|stop|restart)\n\n"); exit(1); } return 0; }
int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); if (argc < 2) { fprintf(stderr, "\nNo argument given.\n\nsmartctrl <device>\n\n"); exit(1); } sprintf(command, "/var/run/hddshutdown-%s", argv[1]); FILE *fp = fopen(command,"r"); if( fp ) { fclose(fp); printf("\nDisk %s is in Standby. Do nothing because we won't wakeup\n",argv[1]); exit(1); } sprintf(command, "smartctl -iHA /dev/%s", argv[1]); safe_system(command); return 0; }
int main(int argc, char *argv[]) { char configtype[STRING_SIZE]; char redtype[STRING_SIZE] = ""; struct keyvalue *kv = NULL; if (argc < 2) { usage(); exit(1); } if (!(initsetuid())) exit(1); FILE *file = NULL; if (strcmp(argv[1], "I") == 0) { safe_system("/usr/sbin/ipsec status"); exit(0); } if (strcmp(argv[1], "R") == 0) { safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1"); exit(0); } /* FIXME: workaround for pclose() issue - still no real idea why * this is happening */ signal(SIGCHLD, SIG_DFL); /* handle operations that doesn't need start the ipsec system */ if (argc == 2) { if (strcmp(argv[1], "D") == 0) { safe_system("/usr/sbin/ipsec stop >/dev/null 2>&1"); ipsec_norules(); exit(0); } } /* read vpn config */ kv=initkeyvalues(); if (!readkeyvalues(kv, CONFIG_ROOT "/vpn/settings")) { fprintf(stderr, "Cannot read vpn settings\n"); exit(1); } /* check is the vpn system is enabled */ { char s[STRING_SIZE]; findkey(kv, "ENABLED", s); freekeyvalues(kv); if (strcmp (s, "on") != 0) exit(0); } /* read interface settings */ kv=initkeyvalues(); if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) { fprintf(stderr, "Cannot read ethernet settings\n"); exit(1); } if (!findkey(kv, "CONFIG_TYPE", configtype)) { fprintf(stderr, "Cannot read CONFIG_TYPE\n"); exit(1); } findkey(kv, "RED_TYPE", redtype); /* Loop through the config file to find physical interface that will accept IPSEC */ int enable_red=0; // states 0: not used int enable_green=0; // 1: error condition int enable_orange=0; // 2: good int enable_blue=0; char if_red[STRING_SIZE] = ""; char if_green[STRING_SIZE] = ""; char if_orange[STRING_SIZE] = ""; char if_blue[STRING_SIZE] = ""; char s[STRING_SIZE]; // when RED is up, find interface name in special file FILE *ifacefile = NULL; if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r"))) { if (fgets(if_red, STRING_SIZE, ifacefile)) { if (if_red[strlen(if_red) - 1] == '\n') if_red[strlen(if_red) - 1] = '\0'; } fclose (ifacefile); if (VALID_DEVICE(if_red)) enable_red++; } // Check if GREEN is enabled. findkey(kv, "GREEN_DEV", if_green); if (VALID_DEVICE(if_green)) enable_green++; // Check if ORANGE is enabled. findkey(kv, "ORANGE_DEV", if_orange); if (VALID_DEVICE(if_orange)) enable_orange++; // Check if BLUE is enabled. findkey(kv, "BLUE_DEV", if_blue); if (VALID_DEVICE(if_blue)) enable_blue++; freekeyvalues(kv); // exit if nothing to do if ((enable_red+enable_green+enable_orange+enable_blue) == 0) exit(0); // open needed ports if (enable_red > 0) open_physical(if_red, 4500); if (enable_green > 0) open_physical(if_green, 4500); if (enable_orange > 0) open_physical(if_orange, 4500); if (enable_blue > 0) open_physical(if_blue, 4500); // start the system if ((argc == 2) && strcmp(argv[1], "S") == 0) { safe_system("/usr/sbin/ipsec restart >/dev/null"); exit(0); } // it is a selective start or stop // second param is only a number 'key' if ((argc == 2) || strspn(argv[2], NUMBERS) != strlen(argv[2])) { fprintf(stderr, "Bad arg: %s\n", argv[2]); usage(); exit(1); } // search the vpn pointed by 'key' if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) { fprintf(stderr, "Couldn't open vpn settings file"); exit(1); } while (fgets(s, STRING_SIZE, file) != NULL) { char *key; char *name; char *type; if (!decode_line(s,&key,&name,&type)) continue; // is it the 'key' requested ? if (strcmp(argv[2], key) != 0) continue; // Start or Delete this Connection if (strcmp(argv[1], "S") == 0) turn_connection_on (name, type); else if (strcmp(argv[1], "D") == 0) turn_connection_off (name); else { fprintf(stderr, "Bad command\n"); exit(1); } } fclose(file); return 0; }
int main(void) { char s[STRING_SIZE]; char command[STRING_SIZE]; char red_netmask[STRING_SIZE]; char red_broadcast[STRING_SIZE]; char red_dev[STRING_SIZE]; char default_gateway[STRING_SIZE]; char *aliasip; char *enabled; char *sptr; char *comment; int alias; int count; if (!(initsetuid())) { fprintf(stderr, "Cannot run setuid\n"); exit(1); } atexit(exithandler); /* Init the keyvalue structure */ kv=initkeyvalues(); /* Read in the current values */ if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) { fprintf(stderr, "Cannot read ethernet settings\n"); exit(1); } /* Find the CONFIG_TYPE value */ if (!findkey(kv, "CONFIG_TYPE", s)) { fprintf(stderr, "Cannot read CONFIG_TYPE\n"); exit(1); } /* Check for CONFIG_TYPE=2 or 3 i.e. RED ethernet present. If not, * exit gracefully. This is not an error... */ if (!((strcmp(s, "1")==0) || (strcmp(s, "2")==0) || (strcmp(s, "3")==0) || (strcmp(s, "4")==0))) exit(0); /* Now check the RED_TYPE - aliases only work with STATIC. * At least, that's what /etc/rc.d/rc.netaddress.up thinks.. */ /* Find the RED_TYPE value */ if (!findkey(kv, "RED_TYPE", s)) { fprintf(stderr, "Cannot read RED_TYPE\n"); exit(1); } /* Make sure it's the right type */ if (!(strcmp(s, "STATIC")==0)) exit(0); /* Get the RED interface details */ if((!findkey(kv, "RED_NETMASK", red_netmask)) || (!findkey(kv, "RED_BROADCAST", red_broadcast)) || (!findkey(kv, "RED_DEV", red_dev)) || (!findkey(kv, "DEFAULT_GATEWAY", default_gateway))) { fprintf(stderr, "Cannot read RED settings\n"); exit(1); } if (!VALID_DEVICE(red_dev)) { fprintf(stderr, "Bad red_dev: %s\n", red_dev); exit(1); } if (!VALID_IP(red_netmask)) { fprintf(stderr, "Bad red_netmask : %s\n", red_netmask); exit(1); } if (!VALID_IP(red_broadcast)) { fprintf(stderr, "Bad red_broadcast : %s\n", red_broadcast); exit(1); } if (!VALID_IP(default_gateway)) { fprintf(stderr, "Bad default_gateway : %s\n", default_gateway); exit(1); } /* down the aliases in turn until ifconfig complains */ alias=0; do { memset(command, 0, STRING_SIZE); snprintf(command, STRING_SIZE-1, "/sbin/ifconfig %s:%d down 2>/dev/null", red_dev, alias++); } while (safe_system(command)==0); /* Now set up the new aliases from the config file */ if (!(file = fopen(CONFIG_ROOT "/ethernet/aliases", "r"))) { fprintf(stderr, "Unable to open aliases configuration file\n"); exit(1); } alias=0; int linecounter = 0; while (fgets(s, STRING_SIZE, file) != NULL) { linecounter++; if (s[strlen(s) - 1] == '\n') s[strlen(s) - 1] = '\0'; count = 0; aliasip = NULL; enabled = NULL; comment = NULL; sptr = strtok(s, ","); while (sptr) { if (count == 0) aliasip = sptr; if (count == 1) enabled = sptr; else comment = sptr; count++; sptr = strtok(NULL, ","); } if (!(aliasip && enabled)) { fprintf(stderr, "Incomplete data line: in %s(%d)\n", CONFIG_ROOT "/ethernet/aliases", linecounter); exit(1); } if (!strcmp(enabled, "on") == 0) /* disabled rule? */ continue; if (!VALID_IP(aliasip)) { fprintf(stderr, "Bad alias : %s in %s(%d)\n", aliasip, CONFIG_ROOT "/ethernet/aliases", linecounter); exit(1); } memset(command, 0, STRING_SIZE); snprintf(command, STRING_SIZE-1, "/sbin/ifconfig %s:%d %s netmask %s broadcast %s up", red_dev, alias, aliasip, red_netmask, red_broadcast); safe_system(command); memset(command, 0, STRING_SIZE); snprintf(command, STRING_SIZE-1, "/usr/sbin/arping -q -c 1 -w 1 -i %s -S %s %s", red_dev, aliasip, default_gateway); safe_system(command); alias++; } return 0; }
int main(int argc, char**argv) { if (!(initsetuid())) return 1; // Check what command is asked if (argc==1) { fprintf (stderr, "Missing reboot command!\n"); return 1; } if (argc==2 && strcmp(argv[1], OP_SHUTDOWN)==0) { safe_system("/sbin/shutdown -h now"); return 0; } if (argc==2 && strcmp(argv[1], OP_REBOOT)==0) { safe_system("/sbin/shutdown -r now"); return 0; } if (argc==2 && strcmp(argv[1], OP_REBOOT_FS)==0) { safe_system("/sbin/shutdown -F -r now"); return 0; } // output schedule to stdout if (argc==2 && strcmp(argv[1], OP_SCHEDULE_GET)==0) { safe_system("/bin/grep /sbin/shutdown /var/spool/cron/root.orig"); return 0; } if (argc==2 && strcmp(argv[1], OP_SCHEDULE_REM)==0) { safe_system("/usr/bin/perl -i -p -e 's/^.*\\/sbin\\/shutdown.*$//s' /var/spool/cron/root.orig"); safe_system("/usr/bin/fcrontab -u root -z"); return 0; } if (argc==6 && strcmp(argv[1], OP_SCHEDULE_ADD)==0) { // check args if (!( strlen(argv[2])<3 && strspn(argv[2], "0123456789") == strlen (argv[2]) && strlen(argv[3])<3 && strspn(argv[3], "0123456789") == strlen (argv[3]) && strlen(argv[4])<14 && strspn(argv[4], "1234567,*") == strlen (argv[4]) && ((strcmp(argv[5], "-r")==0) || //reboot (strcmp(argv[5], "-h")==0)) ) //hangup ) { fprintf (stderr, "Bad cron+ parameters!\n"); return 1; } // remove old entry safe_system("/usr/bin/perl -i -p -e 's/^.*\\/sbin\\/shutdown.*$//s' /var/spool/cron/root.orig"); // add new entry FILE *fd = NULL; if ((fd = fopen("/var/spool/cron/root.orig", "a"))) { fprintf (fd,"%s %s * * %s /sbin/shutdown %s 1\n",argv[2],argv[3],argv[4],argv[5]); fclose (fd); } // inform cron safe_system("/usr/bin/fcrontab -u root -z"); return 0; } fprintf (stderr, "Bad reboot command!\n"); return 1; }
int main(int argc, char *argv[]) { int tempfd; char command[STRING_SIZE]; char filename[STRING_SIZE]; char buffer[STRING_SIZE]; char *timestamp = NULL; FILE *fd; NODEKV *kv_old = NULL; NODEKV *kv_new = NULL; char port_gui[STRING_SIZE]; char port_ssh[STRING_SIZE]; static struct option long_options[] = { { "hardware", no_argument, &flag_hardware, 1 }, { "hostname", required_argument, &flag_hostname, 1 }, { "import", no_argument, &flag_import, 1 }, { "restore", required_argument, &flag_restore, 1}, { "verbose", no_argument, 0, 'v' }, { "help", no_argument, 0, 'h' }, { 0, 0, 0, 0} }; int c; int option_index = 0; char *opt_filename = NULL; while ((c = getopt_long(argc, argv, "r:v", long_options, &option_index)) != -1) { switch (c) { case 0: if (!strcmp("hostname", long_options[option_index].name)) { strcpy(hostname, optarg); } else if (!strcmp("restore", long_options[option_index].name)) { opt_filename = strdup(optarg); } break; case 'v': /* verbose */ flag_verbose++; break; case 'h': usage(argv[0], 0); default: fprintf(stderr, "unknown option\n"); usage(argv[0], BACKUP_ERR_PARM); } } if (!flag_import && !flag_restore) { /* need at least one of import or restore */ usage(argv[0], 1); } /* Init setuid */ if (!(initsetuid())) exit(BACKUP_ERR_SUID); if (!flag_hostname) { gethostname(hostname, STRING_SIZE - 1); } if (flag_restore) { /* check filename valid, full file name length */ if (strlen(opt_filename) != (strlen(MOUNTPOINT "/-YYYY-MM-DD_HH-MM-SS.dat")+ strlen(hostname))) { fprintf(stderr, "ipcoprscfg : bad file name\n"); fprintf(stderr, "%s\n", hostname); fprintf(stderr, "%s\n", opt_filename); exit(BACKUP_ERR_FILENAME); } /* file in the path */ if (!strstr(opt_filename, MOUNTPOINT)) { fprintf(stderr, "ipcoprscfg : wrong path\n"); exit(BACKUP_ERR_PATHNAME); } /* and exist */ if (access(opt_filename, F_OK) == -1) { fprintf(stderr, "Missing backup\n"); exit(BACKUP_ERR_DAT); } strcpy(filename, opt_filename); } else { snprintf(filename, STRING_SIZE - 1, MOUNTPOINT "/%s.dat", hostname); } /* key file and encrypted .dat are required */ if (access(BACKUP_KEY, F_OK) == -1) { fprintf(stderr, "Missing encryption key\n"); exit(BACKUP_ERR_DECRYPT); } /* now exithandler will have something to do */ atexit(exithandler); /* decrypt .dat file to /tmp/hostname.tar.gz */ snprintf(command, STRING_SIZE - 1, "/usr/bin/openssl des3 -d -salt " "-in %s " "-out /tmp/%s.tar.gz " "-kfile " BACKUP_KEY "> /dev/null 2> /dev/null", filename, hostname); if (safe_system(command)) { fprintf(stderr, "Couldn't decrypt %s.dat archive\n", hostname); exit(BACKUP_ERR_DECRYPT); } /* create temporary directory for testing untar */ strcpy(tmpdir, "/tmp/cfg_XXXXXX"); if (mkdtemp(tmpdir) == NULL) { exit(BACKUP_ERR_ANY); } /* Start (test) untarring files from compressed archive */ snprintf(command, STRING_SIZE - 1, "/bin/tar -C %s -xzvf /tmp/%s.tar.gz > /dev/null 2> /dev/null", tmpdir, hostname); if (safe_system(command)) { fprintf(stderr, "Invalid archive\n"); exit(BACKUP_ERR_UNTARTST); } /* Backup version OK ? */ if (testbackupversion(tmpdir) != SUCCESS) { fprintf(stderr, "No version or invalid version in archive\n"); exit(BACKUP_ERR_VERSION); } /* If in import mode, read tagfile if include * or parse backup to read newest file time change */ if (flag_import) { snprintf(filename, STRING_SIZE - 1, "%s/var/ipcop/backup.dat.time", tmpdir); if (access(filename, F_OK) == -1) { /* without tagfile include */ strcpy(tmpdatefile, "/tmp/date.XXXXXX"); if (!(tempfd = mkstemp(tmpdatefile)) > 0) { fprintf(stderr, "Couldn't create temporary file.\n"); exit(BACKUP_ERR_ANY); } /* Parse all files of a backup * to read last modification date. * The most recent date is written on tmp file */ snprintf(command, STRING_SIZE - 1, "/usr/bin/find %s -type f -exec " "/bin/ls --time-style=+%%Y-%%m-%%d_%%H-%%M-%%S -l {} \\; | " "/usr/bin/awk '{print $6}' | " "/usr/bin/sort -rn | /bin/head -n 1 >%s", tmpdir, tmpdatefile); if (safe_system(command)) { fprintf(stderr, "Couldn't write tmpdatefile\n"); exit(BACKUP_ERR_ANY); } /* read the date */ if (!(fd = fopen(tmpdatefile, "r"))) { perror("ipcoprscfg : Failed opening file tagfile"); exit(BACKUP_ERR_ANY); } if (fgets(buffer, STRING_SIZE, fd)) { if (buffer[strlen(buffer) - 1] == '\n') buffer[strlen(buffer) - 1] = '\0'; } fclose(fd); timestamp = strtok(buffer, " "); /* Write tagfile for backup */ snprintf(filename, STRING_SIZE - 1, MOUNTPOINT "/%s-%s.dat.time", hostname, timestamp); writetagfile(filename, timestamp); } else { /* date is available to be read directly */ if (!(fd = fopen(filename, "r"))) { perror("ipcoprscfg : Failed opening file tagfile"); exit(BACKUP_ERR_ANY); } if (fgets(buffer, STRING_SIZE, fd)) { timestamp = strtok(buffer, " "); } fclose(fd); /* Moving from ext3 to FAT system, system warn not * able to preserve ownership, change before */ if (chown(filename, 99, 99)) { fprintf(stderr, "Couldn't chown .dat.time file\n"); exit(BACKUP_ERR_ANY); } snprintf(command, STRING_SIZE - 1, "/bin/mv %s " MOUNTPOINT "/%s-%s.dat.time", filename, hostname, timestamp); if (safe_system(command)) { perror("Failed to copy tagfile"); exit(BACKUP_ERR_ANY); } } /* backup is valid, move to a name with date */ snprintf(filename, STRING_SIZE - 1, MOUNTPOINT "/%s.dat", hostname); snprintf(command, STRING_SIZE - 1, "/bin/mv %s " MOUNTPOINT "/%s-%s.dat", filename, hostname, timestamp); if (safe_system(command)) { perror("Failed to copy backup"); exit(BACKUP_ERR_ANY); } exit(0); } /* uncompress archive */ snprintf(command, STRING_SIZE - 1, "/bin/gunzip -d -f /tmp/%s.tar.gz", hostname); safe_system(command); /* remove hardware specific settings */ if (flag_hardware == 0) { snprintf(command, STRING_SIZE - 1, "/bin/tar --delete --file=/tmp/%s.tar -T /var/ipcop/backup/exclude.hardware", hostname); safe_system(command); } /* get current ports for GUI and ssh */ if (read_kv_from_file(&kv_old, "/var/ipcop/main/settings") == SUCCESS) { if (find_kv_default(kv_old, "GUIPORT", port_gui) != SUCCESS) { strcpy(port_gui, "8443"); } if (find_kv_default(kv_old, "SSHPORT", port_ssh) != SUCCESS) { strcpy(port_ssh, "8022"); } free_kv(&kv_old); } /* Start (real) untarring files from compressed archive */ snprintf(command, STRING_SIZE - 1, "/bin/tar -X /var/ipcop/backup/exclude.system -C / -xvf /tmp/%s.tar &>/dev/null", hostname); if (safe_system(command)) { fprintf(stderr, "Error restoring archive\n"); exit(BACKUP_ERR_UNTAR); } else { /* TODO: here we will need to add mechanism for upgrade from 1.4.xx configuration files */ /* get new ports for GUI and ssh and check for modifications */ if (read_kv_from_file(&kv_new, "/var/ipcop/main/settings") == SUCCESS) { if (test_kv(kv_new, "GUIPORT", port_gui) != SUCCESS) { find_kv_default(kv_new, "GUIPORT", port_gui); snprintf(command, STRING_SIZE, "/usr/local/bin/setreservedports.pl --nocheck --gui %s", port_gui); safe_system(command); } if (test_kv(kv_new, "SSHPORT", port_ssh) != SUCCESS) { find_kv_default(kv_new, "SSHPORT", port_ssh); snprintf(command, STRING_SIZE, "/usr/local/bin/setreservedports.pl --nocheck --ssh %s", port_ssh); safe_system(command); } free_kv(&kv_new); } if (safe_system("/usr/local/bin/upgrade.sh &>/dev/null")) { fprintf(stderr, "Error upgrading data from backup!\n"); exit(BACKUP_ERR_ANY); } } exit(0); }
int main(int argc, char *argv[]) { int flag_disk = 0; int flag_link = 0; int flag_mii = 0; int flag_pci = 0; int flag_raid = 0; int flag_usb = 0; char *opt_eth = NULL; char *opt_mii = NULL; char *opt_drive = NULL; char *opt_raid = NULL; char *opt_slot = NULL; static struct option long_options[] = { { "disk", required_argument, 0, 'd' }, { "link", required_argument, 0, 'l' }, { "mii", required_argument, 0, 'm' }, { "pci", required_argument, 0, 'p' }, { "raid", required_argument, 0, 'r' }, { "usb", no_argument, 0, 'u' }, { "verbose", no_argument, 0, 'v' }, { "help", no_argument, 0, 'h' }, { 0, 0, 0, 0} }; int c; int option_index = 0; if (!(initsetuid())) exit(1); while ((c = getopt_long(argc, argv, "d:l:m:p:r:uv", long_options, &option_index)) != -1) { switch (c) { case 'd': /* hdparm drive */ flag_disk = 1; opt_drive = strdup(optarg); break; case 'l': /* ethtool link */ flag_link = 1; opt_eth = strdup(optarg); break; case 'm': /* mii-tool link */ flag_mii = 1; opt_mii = strdup(optarg); break; case 'p': /* pci slot */ flag_pci = 1; opt_slot = strdup(optarg); break; case 'r': /* raid drive */ flag_raid = 1; opt_raid = strdup(optarg); break; case 'u': /* lsusb */ flag_usb = 1; break; case 'v': /* verbose */ flag_verbose++; break; case 'h': usage(argv[0], 0); default: fprintf(stderr, "unknown option\n"); usage(argv[0], 1); } } if (!flag_disk && !flag_link && !flag_mii && !flag_pci && !flag_raid && !flag_usb) { fprintf(stderr, "option missing\n"); usage(argv[0], 2); } if (flag_disk) { snprintf(command, STRING_SIZE - 1, "/usr/sbin/hdparm -I /dev/%s", opt_drive); safe_system(command); } if (flag_pci) { snprintf(command, STRING_SIZE - 1, "/usr/sbin/lspci -nvvvs %s", opt_slot); safe_system(command); } if (flag_raid) { snprintf(command, STRING_SIZE - 1, "/sbin/mdadm --detail /dev/%s", opt_raid); safe_system(command); } if (flag_usb) { safe_system("/usr/bin/lsusb"); } if (flag_link) { snprintf(command, STRING_SIZE - 1, "/usr/sbin/ethtool %s", opt_eth); safe_system(command); } if (flag_mii) { snprintf(command, STRING_SIZE - 1, "/sbin/mii-tool %s", opt_mii); safe_system(command); } return (0); }
int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); // Check what command is asked if (argc==1) { fprintf (stderr, "Missing tripwirectrl command!\n"); return 1; } if (strcmp(argv[1], "tripwirelog")==0) { snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twprint -m r --cfgfile /var/ipfire/tripwire/tw.cfg --twrfile /var/ipfire/tripwire/report/%s", argv[2]); safe_system(command); return 0; } if (strcmp(argv[1], "generatereport")==0) { safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol"); return 0; } if (strcmp(argv[1], "deletereport")==0) { sprintf(command, "rm -f /var/ipfire/tripwire/report/%s", argv[2]); safe_system(command); return 0; } if (strcmp(argv[1], "updatedatabase")==0) { snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s --twrfile %s", argv[2], argv[3]); safe_system(command); return 0; } if (strcmp(argv[1], "keys")==0) { snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key", argv[2]); safe_system(command); snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/local.key", argv[3]); safe_system(command); snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg", argv[2]); safe_system(command); snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol", argv[2]); safe_system(command); snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]); safe_system(command); return 0; } if (strcmp(argv[1], "generatepolicy")==0) { snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt", argv[2]); safe_system(command); snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]); safe_system(command); return 0; } if (strcmp(argv[1], "resetpolicy")==0) { snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default", argv[2]); safe_system(command); snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]); safe_system(command); return 0; } if (strcmp(argv[1], "readconfig")==0) { safe_system("/bin/chown nobody:nobody /var/ipfire/tripwire/twcfg.txt"); return 0; } if (strcmp(argv[1], "lockconfig")==0) { safe_system("/bin/chown root:root /var/ipfire/tripwire/twcfg.txt"); return 0; } if (strcmp(argv[1], "enable")==0) { safe_system("touch /var/ipfire/tripwire/enable"); safe_system("rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire && chmod 640 /var/ipfire/tripwire/site.key"); safe_system("rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase ipfire && chmod 640 /var/ipfire/tripwire/local.key"); safe_system("rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg"); safe_system("rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol"); safe_system("/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase ipfire"); safe_system("cat /usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol > /etc/fcron.daily/tripwire0600"); safe_system("chmod 755 /etc/fcron.daily/tripwire0600"); safe_system("touch -t 01010600 /etc/fcron.daily/tripwire0600"); return 0; } if (strcmp(argv[1], "disable")==0) { safe_system("unlink /var/ipfire/tripwire/enable"); safe_system("unlink /etc/fcron.daily/tripwire*"); safe_system("rm -rf /var/ipfire/tripwire/site.key"); safe_system("rm -rf /var/ipfire/tripwire/local.key"); safe_system("rm -rf /var/ipfire/tripwire/tw.cfg*"); safe_system("rm -rf /var/ipfire/tripwire/tw.pol*"); safe_system("rm -rf /var/ipfire/tripwire/*.twd*"); safe_system("rm -rf /var/ipfire/tripwire/report/*"); return 0; } if (strcmp(argv[1], "addcron")==0) { snprintf(command, BUFFER_SIZE-1, "echo \"/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol\" > /etc/fcron.daily/tripwire%s%s", argv[2], argv[3]); safe_system(command); snprintf(command, BUFFER_SIZE-1, "chmod 755 /etc/fcron.daily/tripwire%s%s", argv[2], argv[3]); safe_system(command); snprintf(command, BUFFER_SIZE-1, "touch -t 0101%s%s /etc/fcron.daily/tripwire%s%s", argv[2], argv[3], argv[2], argv[3]); safe_system(command); return 0; } if (strcmp(argv[1], "disablecron")==0) { snprintf(command, BUFFER_SIZE-1, "unlink /etc/fcron.daily/tripwire%s", argv[2]); safe_system(command); return 0; } return 0; }
int main(void) { char green_dev[STRING_SIZE] = ""; char buffer[STRING_SIZE]; char *index, *ipaddress, *macaddress, *enabled; struct keyvalue *kv = NULL; if (!(initsetuid())) exit(1); /* flush wireless iptables */ safe_system("/sbin/iptables --wait -F WIRELESSINPUT > /dev/null 2> /dev/null"); safe_system("/sbin/iptables --wait -F WIRELESSFORWARD > /dev/null 2> /dev/null"); memset(buffer, 0, STRING_SIZE); /* Init the keyvalue structure */ kv=initkeyvalues(); /* Read in the current values */ if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) { fprintf(stderr, "Cannot read ethernet settings\n"); exit(1); } /* Read in the firewall values */ if (!readkeyvalues(kv, CONFIG_ROOT "/optionsfw/settings")) { fprintf(stderr, "Cannot read optionsfw settings\n"); exit(1); } /* Get the GREEN interface details */ if (findkey(kv, "GREEN_DEV", green_dev) > 0) { if (!VALID_DEVICE(green_dev)) { fprintf(stderr, "Bad GREEN_DEV: %s\n", green_dev); exit(1); } } /* Get the BLUE interface details */ if (findkey(kv, "BLUE_DEV", blue_dev) > 0) { if ((strlen(blue_dev) > 0) && !VALID_DEVICE(blue_dev)) { fprintf(stderr, "Bad BLUE_DEV: %s\n", blue_dev); exit(1); } } if (strlen(blue_dev) == 0) { exit(0); } if ((fd = fopen(CONFIG_ROOT "/wireless/nodrop", "r"))) return 0; /* register exit handler to ensure the block rule is always present */ atexit(exithandler); if (!(fd = fopen(CONFIG_ROOT "/wireless/config", "r"))) { exit(0); } /* restrict blue access tp the proxy port */ if (findkey(kv, "DROPPROXY", buffer) && strcmp(buffer, "on") == 0) { /* Read the proxy values */ if (!readkeyvalues(kv, CONFIG_ROOT "/proxy/settings") || !(findkey(kv, "PROXY_PORT", buffer))) { fprintf(stderr, "Cannot read proxy settings\n"); exit(1); } snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -i %s -p tcp ! --dport %s -j DROP -m comment --comment 'DROP_Wirelessforward'", blue_dev, buffer); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -i %s -p tcp ! --dport %s -j DROP -m comment --comment 'DROP_Wirelessinput'", blue_dev, buffer); safe_system(command); } /* not allow blue to acces a samba server running on local fire*/ if (findkey(kv, "DROPSAMBA", buffer) && strcmp(buffer, "on") == 0) { snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -i %s -p tcp -m multiport --ports 135,137,138,139,445,1025 -j DROP -m comment --comment 'DROP_Wirelessforward'", blue_dev); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -i %s -p tcp -m multiport --ports 135,137,138,139,445,1025 -j DROP -m comment --comment 'DROP_Wirelessinput'", blue_dev); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -i %s -p udp -m multiport --ports 135,137,138,139,445,1025 -j DROP -m comment --comment 'DROP_Wirelessforward'", blue_dev); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -i %s -p udp -m multiport --ports 135,137,138,139,445,1025 -j DROP -m comment --comment 'DROP_Wirelessinput'", blue_dev); safe_system(command); } while (fgets(buffer, STRING_SIZE, fd)) { buffer[strlen(buffer) - 1] = 0; index = strtok(buffer, ","); ipaddress = strtok(NULL, ","); macaddress = strtok(NULL, ","); enabled = strtok(NULL, ","); if (strcmp(enabled, "on") == 0) { /* both specified, added security */ if ((strlen(macaddress) == 17) && (VALID_IP_AND_MASK(ipaddress))) { snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -m mac --mac-source %s -s %s -i %s -j ACCEPT", macaddress, ipaddress, blue_dev); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j RETURN", macaddress, ipaddress, blue_dev); safe_system(command); } else { /* correctly formed mac address is 17 chars */ if (strlen(macaddress) == 17) { snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -m mac --mac-source %s -i %s -j ACCEPT", macaddress, blue_dev); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j RETURN", macaddress, blue_dev); safe_system(command); } if (VALID_IP_AND_MASK(ipaddress)) { snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -s %s -i %s -j ACCEPT", ipaddress, blue_dev); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -s %s -i %s -j RETURN", ipaddress, blue_dev); safe_system(command); } } } } /* with this rule you can disable the logging of the dropped wireless input packets*/ if (findkey(kv, "DROPWIRELESSINPUT", buffer) && strcmp(buffer, "on") == 0) { snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -i %s -j LOG --log-prefix 'DROP_Wirelessinput'", blue_dev); safe_system(command); } /* with this rule you can disable the logging of the dropped wireless forward packets*/ if (findkey(kv, "DROPWIRELESSFORWARD", buffer) && strcmp(buffer, "on") == 0) { snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -i %s -j LOG --log-prefix 'DROP_Wirelessforward'", blue_dev); safe_system(command); } return 0; }
int main(int argc, char **argv) { char server[STRING_SIZE]; char port[STRING_SIZE]; char opt_port[STRING_SIZE]; char user[STRING_SIZE]; char opt_user[STRING_SIZE]; char password[STRING_SIZE]; char opt_password[STRING_SIZE]; char from[STRING_SIZE]; char to[STRING_SIZE]; char hostname[STRING_SIZE]; char domainname[STRING_SIZE]; char subject[STRING_SIZE]; char subject_prefix[STRING_SIZE]; char message[STRING_SIZE]; char attachment[STRING_SIZE]; char *opt_subject = NULL; char *opt_messagefile = NULL; char *opt_attachment = NULL; char date[STRING_SIZE]; NODEKV *kv = NULL; NODEKV *main_kv = NULL; int rc; time_t curtime; struct tm *loctime; static struct option long_options[] = { { "subject", required_argument, 0, 's'}, { "messagefile", required_argument, 0, 'm'}, { "delete", no_argument, 0, 'd'}, { "attachment", required_argument, 0, 'a'}, { "verbose", no_argument, 0, 'v'}, { "help", no_argument, 0, 'h'}, {0, 0, 0, 0} }; int c; int option_index = 0; if (!(initsetuid())) exit(1); while ((c = getopt_long(argc, argv, "s:m:da:vh", long_options, &option_index)) != -1) { switch (c) { case 0: break; case 's': verbose_printf(3, "Option s ... \n"); flag_subject = 1; /* check a valid subject */ int len = 0; len = strlen(optarg); if (len > STRING_SIZE - 1) { fprintf(stdout, "Subject too long: %s\n", optarg); exit(EMAIL_ERR_SUBJECT); } if (strspn(optarg, LETTERS_NUMBERS "-_:.+, ") != len) { fprintf(stdout, "Invalid character in subject (%s)\n", optarg); exit(EMAIL_ERR_SUBJECT); } opt_subject = strdup(optarg); break; case 'm': verbose_printf(3, "Option m ... \n"); flag_messagefile = 1; opt_messagefile = strdup(optarg); break; case 'd': verbose_printf(3, "Option d ... \n"); flag_delete_messagefile = 1; break; case 'a': verbose_printf(3, "Option a ... \n"); flag_attachment = 1; opt_attachment = strdup(optarg); break; case 'v': /* verbose */ flag_verbose++; break; case 'h': usage(argv[0], EMAIL_SUCCESS); default: fprintf(stdout, "unknown option\n"); usage(argv[0], EMAIL_ERR_ANY); } } verbose_printf(1, "Reading email settings ... \n"); if (read_kv_from_file(&kv, "/var/ipcop/email/settings") != SUCCESS) { fprintf(stdout, "Cannot read email settings\n"); exit(EMAIL_ERR_ANY); } strcpy(server, ""); verbose_printf(2, "Reading EMAIL_SERVER ... \n"); if (find_kv_default(kv, "EMAIL_SERVER", server) != SUCCESS) { fprintf(stdout, "Cannot read EMAIL_SERVER\n"); exit(EMAIL_ERR_SERVER); } verbose_printf(2, "Validate EMAIL_SERVER ... \n"); if (!(strlen(server))) { fprintf(stdout, "Email server cannot be empty\n"); exit(EMAIL_ERR_SERVER); } else if (strchr(server, ' ')) { fprintf(stdout, "Email server cannot contain spaces\n"); exit(EMAIL_ERR_SERVER); } else if (strlen(server) != strspn(server, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-.")) { fprintf(stdout, "Email server contains non valid chars\n"); exit(EMAIL_ERR_SERVER); } strcpy(opt_port, ""); verbose_printf(2, "Reading EMAIL_SERVER_PORT ... \n"); if (find_kv_default(kv, "EMAIL_SERVER_PORT", opt_port) != SUCCESS) { fprintf(stdout, "Cannot read EMAIL_SERVER_PORT\n"); exit(EMAIL_ERR_PORT); } verbose_printf(2, "Validate EMAIL_SERVER_PORT ... \n"); if (strchr(opt_port, ' ')) { fprintf(stdout, "Email server port cannot contain spaces\n"); exit(EMAIL_ERR_PORT); } else if (strlen(opt_port) != strspn(opt_port, NUMBERS)) { fprintf(stdout, "Email server port contains non valid chars\n"); exit(EMAIL_ERR_PORT); } else if (strlen(opt_port)) { verbose_printf(2, "Use EMAIL_SERVER_PORT from settings... \n"); snprintf(port, STRING_SIZE, ":%s", opt_port); } else { verbose_printf(2, "No EMAIL_SERVER_PORT in settings... \n"); strcpy(port, ""); } strcpy(opt_user, ""); verbose_printf(2, "Reading EMAIL_USR ... \n"); if (find_kv_default(kv, "EMAIL_USR", opt_user) != SUCCESS) { fprintf(stdout, "Cannot read EMAIL_USR\n"); exit(EMAIL_ERR_USR); } verbose_printf(2, "Validate EMAIL_USR ... \n"); if (strchr(opt_user, ' ')) { fprintf(stdout, "Username cannot contain spaces\n"); exit(EMAIL_ERR_USR); } else if (strlen(opt_user) != strspn(opt_user, LETTERS_NUMBERS "-_.@")) { fprintf(stdout, "Username contains non valid chars\n"); exit(EMAIL_ERR_USR); } else if (strlen(opt_user)) { verbose_printf(2, "Use EMAIL_USR from settings... \n"); snprintf(user, STRING_SIZE, "-xu %s", opt_user); } else { verbose_printf(2, "No EMAIL_USR in settings... \n"); strcpy(user, ""); } strcpy(opt_password, ""); verbose_printf(2, "Reading EMAIL_PW ... \n"); if (find_kv_default(kv, "EMAIL_PW", opt_password) != SUCCESS) { fprintf(stdout, "Cannot read EMAIL_PW\n"); exit(EMAIL_ERR_PW); } verbose_printf(2, "Validate EMAIL_PW ... \n"); if (strchr(opt_password, ' ')) { fprintf(stdout, "Password cannot contain spaces\n"); exit(EMAIL_ERR_PW); } else if (strchr(opt_password, '"') || strstr(opt_password, "'")) { fprintf(stdout, "Password cannot contain single or double quotes\n"); exit(EMAIL_ERR_PW); } else if (strlen(opt_password)) { verbose_printf(2, "Use EMAIL_PW from settings... \n"); snprintf(password, STRING_SIZE, "-xp %s", opt_password); } else { verbose_printf(2, "No EMAIL_PW in settings... \n"); strcpy(password, ""); } strcpy(from, ""); verbose_printf(2, "Reading EMAIL_FROM ... \n"); if (find_kv_default(kv, "EMAIL_FROM", from) != SUCCESS) { fprintf(stdout, "Cannot read EMAIL_FROM\n"); exit(EMAIL_ERR_FROM); } verbose_printf(2, "Validate EMAIL_FROM ... \n"); if (!(strlen(from))) { fprintf(stdout, "From email cannot be empty\n"); exit(EMAIL_ERR_FROM); } else if (strchr(from, ' ')) { fprintf(stdout, "From email cannot contain spaces\n"); exit(EMAIL_ERR_FROM); } else if (strlen(from) != strspn(from, LETTERS_NUMBERS "-_.@=+#")) { fprintf(stdout, "From email contains non valid chars\n"); exit(EMAIL_ERR_FROM); } strcpy(to, ""); verbose_printf(2, "Reading EMAIL_TO ... \n"); if (find_kv_default(kv, "EMAIL_TO", to) != SUCCESS) { fprintf(stdout, "Cannot read EMAIL_TO\n"); exit(EMAIL_ERR_TO); } verbose_printf(2, "Validate EMAIL_TO ... \n"); if (!(strlen(to))) { fprintf(stdout, "To email cannot be empty\n"); exit(EMAIL_ERR_TO); } else if (strlen(to) != strspn(to, LETTERS_NUMBERS "-_.@=+# ")) { fprintf(stdout, "To email contains non valid chars\n"); exit(EMAIL_ERR_TO); } verbose_printf(1, "Reading main settings ... \n"); if (read_kv_from_file(&main_kv, "/var/ipcop/main/settings") != SUCCESS) { fprintf(stdout, "Cannot read main settings\n"); exit(EMAIL_ERR_ANY); } strcpy(hostname, ""); verbose_printf(2, "Reading HOSTNAME ... \n"); if (find_kv_default(main_kv, "HOSTNAME", hostname) != SUCCESS) { fprintf(stdout, "Cannot read HOSTNAME\n"); exit(EMAIL_ERR_HOSTNAME); } strcpy(domainname, ""); verbose_printf(2, "Reading DOMAINNAME ... \n"); if (find_kv_default(main_kv, "DOMAINNAME", domainname) != SUCCESS) { fprintf(stdout, "Cannot read DOMAINNAME\n"); exit(EMAIL_ERR_DOMAINNAME); } snprintf(subject_prefix, STRING_SIZE, "[IPCop] %s.%s:", hostname, domainname); if (flag_subject) { verbose_printf(1, "Have subject: %s \n", opt_subject); snprintf(subject, STRING_SIZE, "-u \"%s %s\"", subject_prefix, opt_subject); } else { verbose_printf(2, "No subject... \n"); snprintf(subject, STRING_SIZE, "-u \"%s\"", subject_prefix); } if (flag_messagefile) { if (access(opt_messagefile, 0) == -1) { verbose_printf(2, "Messagefile is not available \n"); exit(EMAIL_ERR_MESSAGE); } else { verbose_printf(1, "Use messagefile: %s \n", opt_messagefile); snprintf(message, STRING_SIZE, "-o message-file=%s", tmpEmailFile); verbose_printf(2, "Replace placeholders in messagefile\n"); curtime = time (NULL); loctime = localtime (&curtime); strftime (date, STRING_SIZE, "%Y-%m-%d, %H:%M", loctime); snprintf(sed, STRING_SIZE_LARGE, "/bin/sed -e 's/__HOSTNAME__/%s.%s/;s/__CURRENT_DATE__/%s/;' %s > %s", hostname, domainname, date, opt_messagefile, tmpEmailFile); verbose_printf(2, "sed: %s\n", sed); rc = safe_system(sed); if (rc) { fprintf(stdout, "Couldn't replace placeholders in messagefile: %d\n", rc); exit(EMAIL_ERR_SED); } } } else { verbose_printf(2, "No message... \n"); strcpy(message, "-m \" \""); } if (flag_attachment) { if (access(opt_attachment, 0) == -1) { verbose_printf(2, "Attachment is not available \n"); exit(EMAIL_ERR_ATTACH); } else { verbose_printf(1, "Use attachment: %s \n", opt_attachment); snprintf(attachment, STRING_SIZE, "-a %s", opt_attachment); } } else { verbose_printf(2, "No attachment... \n"); strcpy(attachment, ""); } snprintf(command, STRING_SIZE_LARGE, "/usr/bin/sendEmail -s %s%s %s %s -f %s -t %s %s %s %s -o message-charset=utf-8", server, port, user, password, from, to, subject, message, attachment); verbose_printf(2, "Command: %s\n", command); rc = safe_system(command); if (rc) { fprintf(stdout, "Couldn't send Email, sendEmail exitcode: %d\n", rc); exit(EMAIL_ERR_SENDEMAIL); } unlink(tmpEmailFile); if (flag_messagefile && flag_delete_messagefile) { verbose_printf(1, "Delete messagefile: %s \n", opt_messagefile); unlink(opt_messagefile); } return EMAIL_SUCCESS; }
int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); // Check what command is asked if (argc==1) { fprintf (stderr, "Missing smbctrl command!\n"); return 1; } else if (strcmp(argv[1], "smbuserdisable")==0) { snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -d %s >/dev/null", argv[2]); safe_system(command); return 0; } else if (strcmp(argv[1], "smbuserenable")==0) { snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -e %s >/dev/null", argv[2]); safe_system(command); return 0; } else if (strcmp(argv[1], "smbuserdelete")==0) { snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -x %s >/dev/null", argv[2]); safe_system(command); snprintf(command, BUFFER_SIZE-1, "/usr/sbin/userdel %s >/dev/null", argv[2]); safe_system(command); return 0; } else if (strcmp(argv[1], "smbsafeconf")==0) { safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf"); return 0; } else if (strcmp(argv[1], "smbsafeconfcups")==0) { safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf"); return 0; } else if (strcmp(argv[1], "smbsafeconfpdc")==0) { safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf"); return 0; } else if (strcmp(argv[1], "smbsafeconfpdccups")==0) { safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf"); return 0; } else if (strcmp(argv[1], "smbglobalreset")==0) { safe_system("/bin/cat /var/ipfire/samba/default.global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf"); safe_system("/bin/cat /var/ipfire/samba/default.settings > /var/ipfire/samba/settings"); safe_system("/bin/cat /var/ipfire/samba/default.global > /var/ipfire/samba/global"); safe_system("/bin/cat /var/ipfire/samba/default.pdc > /var/ipfire/samba/pdc"); return 0; } else if (strcmp(argv[1], "smbsharesreset")==0) { safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/default.shares > /var/ipfire/samba/smb.conf"); safe_system("/bin/cat /var/ipfire/samba/default.shares > /var/ipfire/samba/shares"); return 0; } else if (strcmp(argv[1], "smbprinterreset")==0) { safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/default.printer > /var/ipfire/samba/smb.conf"); safe_system("/bin/cat /var/ipfire/samba/default.printer > /var/ipfire/samba/printer"); return 0; } else if (strcmp(argv[1], "smbstop")==0) { safe_system("/etc/rc.d/init.d/samba stop >/dev/null"); safe_system("/usr/local/bin/sambactrl disable"); return 0; } else if (strcmp(argv[1], "smbstart")==0) { safe_system("/etc/rc.d/init.d/samba start >/dev/null"); safe_system("/usr/local/bin/sambactrl enable"); return 0; } else if (strcmp(argv[1], "smbrestart")==0) { safe_system("/etc/rc.d/init.d/samba restart >/dev/null"); return 0; } else if (strcmp(argv[1], "smbreload")==0) { safe_system("/etc/rc.d/init.d/samba reload >/dev/null"); return 0; } else if (strcmp(argv[1], "smbstatus")==0) { snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbstatus 2>/dev/null"); safe_system(command); return 0; } else if (strcmp(argv[1], "smbuseradd")==0) { snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambauser >/dev/null"); safe_system(command); snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -m -g %s -s %s %s >/dev/null", argv[4], argv[5], argv[2]); safe_system(command); snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]); safe_system(command); snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]); safe_system(command); return 0; } else if (strcmp(argv[1], "smbpcadd")==0) { snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambawks >/dev/null"); safe_system(command); snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba Workstation' -g %s -s %s %s >/dev/null", argv[3], argv[4], argv[2]); safe_system(command); snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -a -m %s >/dev/null", argv[2]); safe_system(command); return 0; } else if (strcmp(argv[1], "smbchangepw")==0) { snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]); safe_system(command); snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]); safe_system(command); return 0; } else if (strcmp(argv[1], "readsmbpasswd")==0) { safe_system("/bin/chown root:nobody /var/ipfire/samba/private >/dev/null"); safe_system("/bin/chown root:nobody /var/ipfire/samba/private/smbpasswd >/dev/null"); safe_system("/bin/chmod 640 /var/ipfire/samba/private/smbpasswd >/dev/null"); safe_system("/bin/chmod 650 /var/ipfire/samba/private >/dev/null"); return 0; } else if (strcmp(argv[1], "locksmbpasswd")==0) { safe_system("/bin/chown root:root /var/ipfire/samba/private >/dev/null"); safe_system("/bin/chown root:root /var/ipfire/samba/private/smbpasswd >/dev/null"); safe_system("/bin/chmod 600 /var/ipfire/samba/private/smbpasswd >/dev/null"); safe_system("/bin/chmod 600 /var/ipfire/samba/private >/dev/null"); return 0; } else if (strcmp(argv[1], "enable")==0) { safe_system("touch /var/ipfire/samba/enable"); safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc3.d/S45samba"); safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc0.d/K48samba"); safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc6.d/K48samba"); return 0; } else if (strcmp(argv[1], "disable")==0) { safe_system("unlink /var/ipfire/samba/enable"); safe_system("rm -rf /etc/rc.d/rc*.d/*samba"); return 0; } return 0; }
int main(int argc, char **argv) { int flag_test = 0; int flag_flush = 0; int flag_repair = 0; int enabled_green = 0; int transparent_green = 0; int enabled_blue = 0; int transparent_blue = 0; int enabled_ovpn = 0; int transparent_ovpn = 0; struct stat st; NODEKV *squid_kv = NULL; char buffer[STRING_SIZE]; char proxy_port[STRING_SIZE]; NODEKV *ipsec_kv = NULL; char enabled_IPsec[STRING_SIZE] = ""; static struct option long_options[] = { { "flush", no_argument, 0, 'f' }, { "repair", no_argument, 0, 'r' }, { "test", no_argument, 0, 't' }, { "verbose", no_argument, 0, 'v' }, { "help", no_argument, 0, 'h' }, { 0, 0, 0, 0} }; int c; int option_index = 0; if (!(initsetuid())) exit(1); while ((c = getopt_long(argc, argv, "frtv", long_options, &option_index)) != -1) { switch (c) { case 't': /* test first */ flag_test = 1; break; case 'f': /* flush cache */ flag_flush = 1; break; case 'r': /* repair cache */ flag_repair = 1; break; case 'v': /* verbose */ flag_verbose++; break; case 'h': usage(argv[0], 0); default: fprintf(stderr, "unknown option\n"); usage(argv[0], 1); } } /* Retrieve the Squid pid file */ if ((access("/var/run/squid.pid", F_OK) == -1) && flag_test) { verbose_printf(1, "Squid not running, no need to start\n"); exit(0); /* Not running, no need to start with -t */ } if (access("/var/run/squid.pid", F_OK) != -1) { /* Kill running squid */ verbose_printf(1, "Flush squid iptables chain ... \n"); safe_system("/sbin/iptables -t nat -F SQUID"); verbose_printf(1, "Shutdown squid ... \n"); safe_system("/usr/sbin/squid -k shutdown >/dev/null 2>/dev/null"); c = 0; while ((c++ < 15) && (access("/var/run/squid.pid", F_OK) != -1)) { sleep(1); } if (access("/var/run/squid.pid", F_OK) != -1) { verbose_printf(1, "Really shutdown squid ... \n"); safe_system("/usr/bin/killall -9 squid >/dev/null 2>/dev/null"); } } if (access("/var/run/squid.pid", F_OK) != -1) { verbose_printf(2, "Remove leftover PID file ... \n"); unlink("/var/run/squid.pid"); } /* See if we need to flush/repair the cache */ if (flag_flush) { struct passwd *pw; if ((pw = getpwnam("squid"))) { endpwent(); /* probably paranoia, but just in case.. */ verbose_printf(1, "Flushing proxy cache ... \n"); unpriv_system("/bin/rm -rf /var/log/cache/*", pw->pw_uid, pw->pw_gid); } else { fprintf(stderr, "User squid not found, cache not flushed\n"); endpwent(); } } int saferestart = 0; if (flag_repair) { struct passwd *pw; if ((pw = getpwnam("squid"))) { endpwent(); /* probably paranoia, but just in case.. */ verbose_printf(1, "Repairing proxy cache ... \n"); if (stat("/var/log/cache/swap.state", &st) == 0) { unpriv_system("/bin/rm -f /var/log/cache/swap.state", pw->pw_uid, pw->pw_gid); } saferestart = 1; } else { fprintf(stderr, "User squid not found, cache not repaired\n"); endpwent(); } } verbose_printf(1, "Reading Proxy settings ... \n"); if (read_kv_from_file(&squid_kv, "/var/ipcop/proxy/settings") != SUCCESS) { fprintf(stderr, "Cannot read proxy settings\n"); exit(1); } /* See if proxy is enabled and / or transparent */ if (test_kv(squid_kv, "ENABLED_GREEN_1", "on") == SUCCESS) { enabled_green = 1; } if (test_kv(squid_kv, "TRANSPARENT_GREEN_1", "on") == SUCCESS) { transparent_green = 1; } if (test_kv(squid_kv, "ENABLED_BLUE_1", "on") == SUCCESS) { enabled_blue = 1; } if (test_kv(squid_kv, "TRANSPARENT_BLUE_1", "on") == SUCCESS) { transparent_blue = 1; } if (test_kv(squid_kv, "ENABLED_OVPN", "on") == SUCCESS) { enabled_ovpn = 1; } if (test_kv(squid_kv, "TRANSPARENT_OVPN", "on") == SUCCESS) { transparent_ovpn = 1; } /* Retrieve the proxy port */ if (transparent_green || transparent_blue || transparent_ovpn) { if (find_kv_default(squid_kv, "PROXY_PORT", proxy_port) != SUCCESS) { strcpy(proxy_port, "8080"); } else { if (strspn(proxy_port, NUMBERS) != strlen(proxy_port)) { fprintf(stderr, "Invalid proxy port: %s, defaulting to 8080\n", proxy_port); strcpy(proxy_port, "8080"); } } } free_kv(&squid_kv); if (!enabled_green && !enabled_blue && !enabled_ovpn) { verbose_printf(1, "Proxy not enabled ... exit ... \n"); return 0; } /* We can't start squid if .conf is missing */ if (access("/var/ipcop/proxy/squid.conf", F_OK) == -1) { fprintf(stderr, "Configuration file squid.conf not found\n"); exit(1); } /* Fetch ethernet/settings, exit on error */ read_ethernet_settings(1); if (enabled_green || enabled_blue || enabled_ovpn) { /* rebuild firewall rules, proxy port may be different now */ verbose_printf(1, "Rebuild firewall rules ... \n"); safe_system("/usr/local/bin/setfwrules --ipcop"); verbose_printf(1, "Create swap directories ... \n"); if (safe_system("/usr/sbin/squid -s -z 2>/dev/null")) { verbose_printf(1, "Error creating swap directories ... \n"); } verbose_printf(1, "Starting squid ... \n"); if (saferestart) safe_system("/usr/sbin/squid -s -S"); else safe_system("/usr/sbin/squid -s"); } /* static (green/blue) interfaces must exist if transparence is requested */ if (transparent_green && enabled_green && !ipcop_ethernet.count[GREEN]) { fprintf(stderr, "No GREEN device, not running transparent\n"); exit(1); } if (transparent_blue && enabled_blue && !ipcop_ethernet.count[BLUE]) { fprintf(stderr, "No BLUE device, not running transparent\n"); exit(1); } /* TODO: test for OpenVPN device if ovpn transparent is selected? */ /* For now we use fixed tun0 and expect it to be present. */ /* disable transparence for known IPsec networks */ verbose_printf(1, "Reading IPsec settings ... \n"); if (read_kv_from_file(&ipsec_kv, "/var/ipcop/ipsec/settings") != SUCCESS) { fprintf(stderr, "Cannot read IPsec settings\n"); exit(1); } find_kv_default(ipsec_kv, "ENABLED_RED_1", enabled_IPsec); if (strcmp(enabled_IPsec, "on")) { find_kv_default(ipsec_kv, "ENABLED_BLUE_1", enabled_IPsec); } free_kv(&ipsec_kv); if (!strcmp(enabled_IPsec, "on")) { setdirectipsec (enabled_green && transparent_green, enabled_blue && transparent_blue); } /* TODO: disable transparence for OpenVPN networks, but only for OpenVPN net-2-net which we currently have not implemented */ /* choose RED destination: 'localip' or 'red_netaddress/red_netmask' */ char destination[STRING_SIZE] = ""; if (strcmp(ipcop_ethernet.red_type[1], "STATIC") == 0) { snprintf(destination, STRING_SIZE, "%s/%s", ipcop_ethernet.address[RED][1], ipcop_ethernet.netmask[RED][1]); } else { if (ipcop_ethernet.red_address[1][0] && VALID_IP(ipcop_ethernet.red_address[1])) { snprintf(destination, STRING_SIZE, "%s", ipcop_ethernet.red_address[1]); } } /* RED may be down */ if (!strlen(destination)) { verbose_printf(1, "Cannot determine RED network.\n"); } else { verbose_printf(2, "Dest IP is set to: %s\n", destination); } /* install the transparency rules */ /* green transparent ? */ if (transparent_green && enabled_green) { /* direct http GREEN-->RED network */ verbose_printf(1, "Setting transparent iptables rule for GREEN ... \n"); if (snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN", ipcop_ethernet.device[GREEN][1], destination) >= STRING_SIZE) { fprintf(stderr, "Command too long\n"); exit(1); } if (strlen(destination)) safe_system(buffer); /* only id known RED */ /* install the redirect for other port http destinations from green */ if (snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s", ipcop_ethernet.device[GREEN][1], proxy_port) >= STRING_SIZE) { fprintf(stderr, "Command too long\n"); exit(1); } safe_system(buffer); } /* blue transparent ? */ if (transparent_blue && enabled_blue) { /* direct http BLUE-->RED network */ verbose_printf(1, "Setting transparent iptables rule for BLUE ... \n"); if (snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN", ipcop_ethernet.device[BLUE][1], destination) >= STRING_SIZE) { fprintf(stderr, "Command too long\n"); exit(1); } if (strlen(destination)) safe_system(buffer); /* only id known RED */ /* install the redirect for other port http destinations from blue */ if (snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s", ipcop_ethernet.device[BLUE][1], proxy_port) >= STRING_SIZE) { fprintf(stderr, "Command too long\n"); exit(1); } safe_system(buffer); } /* OpenVPN roadwarriors transparent ? */ if (transparent_ovpn && enabled_ovpn) { /* direct http OpenVPN-->RED network */ verbose_printf(1, "Setting transparent iptables rule for OpenVPN RW ... \n"); if (snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN", "tun0", destination) >= STRING_SIZE) { fprintf(stderr, "Command too long\n"); exit(1); } if (strlen(destination)) safe_system(buffer); /* only id known RED */ /* install the redirect for other port http destinations from OpenVPN */ if (snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s", "tun0", proxy_port) >= STRING_SIZE) { fprintf(stderr, "Command too long\n"); exit(1); } safe_system(buffer); } return 0; }
int main(int argc, char *argv[]) { char hostname[STRING_SIZE] = ""; char domainname[STRING_SIZE] = ""; char buffer[STRING_SIZE]; char string[STRING_SIZE]; char *active, *ip, *host, *domain; static struct option long_options[] = { { "nosighup", no_argument, &flag_nosighup, 1 }, { "verbose", no_argument, 0, 'v'}, { "help", no_argument, 0, 'h'}, {0, 0, 0, 0} }; int c; int option_index = 0; if (!(initsetuid())) exit(1); while ((c = getopt_long(argc, argv, "hv", long_options, &option_index)) != -1) { switch (c) { case 0: break; case 'v': /* verbose */ flag_verbose++; break; case 'h': usage(argv[0], 0); default: fprintf(stderr, "unknown option\n"); usage(argv[0], 1); } } atexit(exithandler); memset(buffer, 0, STRING_SIZE); /* Fetch ethernet/settings, exit on error */ read_ethernet_settings(1); if (read_kv_from_file(&main_kv, "/var/ipcop/main/settings") != SUCCESS) { fprintf(stderr, "Couldn't read main settings\n"); exit(1); } strcpy(hostname, SNAME); find_kv_default(main_kv, "HOSTNAME", hostname); find_kv_default(main_kv, "DOMAINNAME", domainname); free_kv(&main_kv); main_kv = NULL; if (!(fd = fopen("/var/ipcop/main/hosts", "r"))) { fprintf(stderr, "Couldn't open main hosts file\n"); exit(1); } snprintf(string, STRING_SIZE, "/etc/hosts"); if (!(hosts = fopen(string, "w"))) { fprintf(stderr, "Couldn't open /etc/hosts file\n"); fclose(fd); fd = NULL; exit(1); } fprintf(hosts, "127.0.0.1\tlocalhost\n"); if (strlen(domainname)) fprintf(hosts, "%s\t%s.%s\t%s\n", ipcop_ethernet.address[GREEN][1], hostname, domainname, hostname); else fprintf(hosts, "%s\t%s\n", ipcop_ethernet.address[GREEN][1], hostname); while (fgets(buffer, STRING_SIZE, fd)) { buffer[strlen(buffer) - 1] = 0; if (buffer[0] == ',') continue; /* disabled if empty field */ active = strtok(buffer, ","); if (strcmp(active, "off") == 0) continue; /* or 'off' */ ip = strtok(NULL, ","); host = strtok(NULL, ","); domain = strtok(NULL, ","); if (!(ip && host)) continue; /* bad line ? skip */ if (!VALID_IP(ip)) { fprintf(stderr, "Bad IP: %s\n", ip); continue; /* bad ip, continue */ } if (strspn(host, LETTERS_NUMBERS "-") != strlen(host)) { fprintf(stderr, "Bad Host: %s\n", host); continue; /* bad name, continue */ } if (domain) fprintf(hosts, "%s\t%s.%s\t%s\n", ip, host, domain, host); else fprintf(hosts, "%s\t%s\n", ip, host); } fclose(fd); fd = NULL; fclose(hosts); hosts = NULL; if (flag_nosighup) { verbose_printf(1, "Restart dnsmasq... \n"); safe_system("/etc/rc.d/rc.dnsmasq --restart"); } else { verbose_printf(1, "Send SIGHUP to dnsmasq... \n"); safe_system("/etc/rc.d/rc.dnsmasq --sighup"); } return 0; }
int main(int argc, char **argv) { int flag_boot = 0; int fd, config_fd, rc, pid; char buffer[STRING_SIZE_LARGE], command[STRING_SIZE_LARGE] = "/bin/sed -e '"; NODEKV *ssh_kv = NULL; int enabled = 0; static struct option long_options[] = { { "boot", no_argument, 0, 'b' }, { "verbose", no_argument, 0, 'v' }, { "help", no_argument, 0, 'h' }, { 0, 0, 0, 0} }; int c; int option_index = 0; if (!(initsetuid())) exit(1); while ((c = getopt_long(argc, argv, "bv", long_options, &option_index)) != -1) { switch (c) { case 'b': /* booting */ flag_boot = 1; break; case 'v': /* verbose */ flag_verbose++; break; case 'h': usage(argv[0], 0); default: fprintf(stderr, "unknown option\n"); usage(argv[0], 1); } } verbose_printf(1, "Reading SSHd settings ... \n"); if (read_kv_from_file(&ssh_kv, "/var/ipcop/remote/settings") != SUCCESS) { fprintf(stderr, "Cannot read remote access settings\n"); exit(1); } /* By using O_CREAT with O_EXCL open() will fail if the file already exists, * this prevents 2 copies of restartssh both trying to edit the config file * at once. It also prevents race conditions, but these shouldn't be * possible as /etc/ssh/ should only be writable by root anyhow */ if ((config_fd = open("/etc/ssh/sshd_config.new", O_WRONLY | O_CREAT | O_EXCL, 0644)) == -1) { perror("Unable to open new config file"); free_kv(&ssh_kv); exit(1); } verbose_printf(1, "Rebuilding SSHd config ... \n"); if (test_kv(ssh_kv, "ENABLE_SSH_PROTOCOL1", "on") == SUCCESS) strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE_LARGE - 1); else strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE_LARGE - 1); if (test_kv(ssh_kv, "ENABLE_SSH_KEYS", "off") == SUCCESS) strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;" "s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;", STRING_SIZE_LARGE - 1); else strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;" "s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;", STRING_SIZE_LARGE - 1); if (test_kv(ssh_kv, "ENABLE_SSH_PASSWORDS", "off") == SUCCESS) strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE_LARGE - 1); else strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE_LARGE - 1); if (test_kv(ssh_kv, "ENABLE_SSH_PORTFW", "on") == SUCCESS) strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE_LARGE - 1); else strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE_LARGE - 1); if (test_kv(ssh_kv, "ENABLE_SSH", "on") == SUCCESS) enabled = 1; free_kv(&ssh_kv); snprintf(buffer, STRING_SIZE_LARGE - 1, "' /etc/ssh/sshd_config >&%d", config_fd); strlcat(command, buffer, STRING_SIZE_LARGE - 1); if ((rc = unpriv_system(command, 99, 99)) != 0) { fprintf(stderr, "sed returned bad exit code: %d\n", rc); close(config_fd); unlink("/etc/ssh/sshd_config.new"); exit(1); } close(config_fd); if (rename("/etc/ssh/sshd_config.new", "/etc/ssh/sshd_config") != 0) { perror("Unable to replace old config file"); unlink("/etc/ssh/sshd_config.new"); exit(1); } memset(buffer, 0, STRING_SIZE_LARGE); verbose_printf(1, "Shutdown SSHd ... \n"); if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1) { if ((read(fd, buffer, STRING_SIZE_LARGE - 1) == -1) && !flag_boot) { fprintf(stderr, "Couldn't read from pid file\n"); } else { pid = atoi(buffer); if (pid <= 1) fprintf(stderr, "Bad pid value\n"); else { if (kill(pid, SIGTERM) == -1) fprintf(stderr, "Unable to send SIGTERM\n"); else unlink("/var/run/sshd.pid"); } } close(fd); } else { if (!flag_boot && (errno != ENOENT)) { perror("Unable to open pid file"); exit(1); } } if (enabled) { verbose_printf(1, "Starting SSHd ... \n"); safe_system("/usr/sbin/sshd"); /* Give SSHd some time to start */ sleep(1); if (access("/var/run/sshd.pid", F_OK) == -1) { fprintf(stderr, "Couldn't read from pid file, SSHd not running?\n"); } else if (flag_verbose >= 2) { safe_system("echo -n \"SSHd running with PID \" && cat /var/run/sshd.pid"); } } return 0; }
int main(void) { FILE *ipfile = NULL, *ifacefile = NULL; FILE *fwdfile = NULL; int count; char iface[STRING_SIZE]; char locip[STRING_SIZE]; char *protocol; char *extip; char *locport; char *remip; char *remport; char *origremport; char *enabled; char s[STRING_SIZE]; char *result; char command[STRING_SIZE]; char remdouble[STRING_SIZE]; if (!(initsetuid(1))) exit(1); if (!(ipfile = fopen("/var/smoothwall/red/local-ipaddress", "r"))) { fprintf(stderr, "Couldn't open local ip file"); goto EXIT; } fgets(locip, STRING_SIZE, ipfile); if (locip[strlen(locip) - 1] == '\n') locip[strlen(locip) - 1] = '\0'; fclose (ipfile); ipfile = NULL; if (strspn(locip, IP_NUMBERS) != strlen(locip)) { fprintf(stderr, "Bad local IP: %s\n", locip); goto EXIT; } if (!(ifacefile = fopen("/var/smoothwall/red/iface", "r"))) { fprintf(stderr, "Couldn't open iface file"); goto EXIT; } fgets(iface, STRING_SIZE, ifacefile); if (iface[strlen(iface) - 1] == '\n') iface[strlen(iface) - 1] = '\0'; fclose (ifacefile); ifacefile = NULL; if (strspn(iface, LETTERS_NUMBERS) != strlen(iface)) { fprintf(stderr, "Bad iface: %s\n", iface); goto EXIT; } if (!(fwdfile = fopen("/var/smoothwall/portfw/config", "r"))) { fprintf(stderr, "Couldn't open portfw settings file\n"); goto EXIT; } system("/sbin/iptables -F portfwf"); system("/sbin/iptables -t nat -F portfw"); while (fgets(s, STRING_SIZE, fwdfile) != NULL) { if (s[strlen(s) - 1] == '\n') s[strlen(s) - 1] = '\0'; result = strtok(s, ","); count = 0; protocol = NULL; extip = NULL; locport = NULL; remip = NULL; remport = NULL; enabled = NULL; while (result) { if (count == 0) protocol = result; else if (count == 1) extip = result; else if (count == 2) locport = result; else if (count == 3) remip = result; else if (count == 4) remport = result; else enabled = result; count++; result = strtok(NULL, ","); } if (!(protocol && extip && locport && remip && remport && enabled)) break; if (strspn(protocol, LETTERS) != strlen(protocol)) { fprintf(stderr, "Bad protocol: %s\n", protocol); goto EXIT; } if (strspn(extip, IP_NUMBERS) != strlen(extip)) { fprintf(stderr, "Bad external IP: %s\n", extip); goto EXIT; } if (strspn(locport, NUMBERS_COLON) != strlen(locport)) { fprintf(stderr, "Bad loal port: %s\n", locport); goto EXIT; } if (strspn(remport, NUMBERS) != strlen(remport)) { fprintf(stderr, "Bad remote port: %s\n", remport); goto EXIT; } if (strcmp(enabled, "on") == 0) { origremport = remport; if (!atol(remport)) remport = locport; if (!strchr(locport, ':') || atol(origremport)) { snprintf(remdouble, STRING_SIZE - 1, "%s:%s", remip, remport); } else strncpy(remdouble, remip, STRING_SIZE - 1); memset(command, 0, STRING_SIZE); snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A portfwf -m state --state NEW -i %s -p %s -s %s -d %s --dport %s -j ACCEPT", iface, protocol, extip, remip, remport); system(command); snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t nat -A portfw -p %s -s %s -d %s --dport %s -j DNAT --to %s", protocol, extip, locip, locport, remdouble); system(command); } } EXIT: if (ipfile) fclose(ipfile); if (ifacefile) fclose(ifacefile); if (fwdfile) fclose(fwdfile); return 0; }