void statevent(const int debuglvl, struct vuurmuur_config *cnf, int type, d_list *list, Conntrack *ct, VR_ConntrackRequest *connreq, Zones *zones, BlockList *blocklist, Interfaces *interfaces, Services *services) { StatEventCtl *ctl = NULL; VrBusyWinShow(); ctl = statevent_init_ctl(debuglvl, type); if(ctl == NULL) { return; } //vrprint.warning(VR_WARN,"list %u", ctl->list.len); /* convert datatypes list to our own type */ if(ctl->convert(debuglvl, ctl, list) == FALSE) { (void)vrprint.error(-1, VR_ERR, "loading data failed."); } //vrprint.warning(VR_WARN,"list %u", ctl->list.len); statevent_menu(debuglvl, cnf, type, ctl, ct, connreq, zones, blocklist, interfaces, services); statevent_free_ctl(debuglvl, &ctl); // hide if not already hidden VrBusyWinHide(); }
/* Display the menu that allows the user to act on a connection. */ static void statevent_interactivemenu_log( const int debuglvl, struct vuurmuur_config *cnf, StatEventCtl *ctl, Conntrack *ct, VR_ConntrackRequest *connreqnull, Zones *zones, BlockList *blocklist, Interfaces *interfaces, Services *services, StatEventGen *gen_ptr) { VrWin *win = NULL; VrMenu *menu = NULL; int ch = 0; int menu_items = 10; char *str = NULL; const int width = 70; /* top menu */ char *key_choices[] = { "F12", "F10"}; int key_choices_n = 2; char *cmd_choices[] = { gettext("help"), gettext("back")}; int cmd_choices_n = 2; StatEventLog *log = (StatEventLog *)gen_ptr; Conntrack *ctr = NULL; VR_ConntrackRequest connreq; char *title = gettext("Manage Log"); /* number labels */ char *nums[9] = { "1", "2", "3", "4", "5", "6", "7", "8", NULL }; int n = 0; int action = 0; VrBusyWinShow(); /* init filter */ VR_connreq_setup(debuglvl, &connreq); connreq.group_conns = TRUE; connreq.unknown_ip_as_net = TRUE; /* sorting, relevant for grouping */ connreq.sort_in_out_fwd = FALSE; connreq.sort_conn_status = FALSE; /* drawing */ connreq.draw_acc_data = TRUE; connreq.draw_details = TRUE; /* get the connections for killing them later if the user chooses to */ ctr = conn_init_ct(debuglvl, zones, interfaces, services, blocklist); conn_ct_get_connections(debuglvl, cnf, ctr, &connreq); action = rules_actiontoi(log->action); if(action == AT_DROP || action == AT_REJECT) menu_items--; /* create the window and put it in the middle of the screen */ win = VrNewWin(menu_items + 2,width,0,0,vccnf.color_win); if(win == NULL) { (void)vrprint.error(-1, VR_ERR, "VrNewWin failed"); return; } VrWinSetTitle(win, title); menu = VrNewMenu(menu_items, width - 2, 1,1, menu_items,vccnf.color_win,vccnf.color_win); if(menu == NULL) { (void)vrprint.error(-1, VR_ERR, "VrNewMenu failed"); return; } VrMenuSetDescFreeFunc(menu, free); VrMenuSetupNameList(debuglvl, menu); VrMenuSetupDescList(debuglvl, menu); if(action != AT_DROP && action != AT_REJECT) { /* setup menu items */ str = VrGetString(gettext("Kill this connection")); VrMenuAddItem(debuglvl, menu, nums[n], str); n++; } str = VrGetString("--- %s ---", gettext("Kill options")); VrMenuAddSepItem(debuglvl, menu, str); str = VrGetString(gettext("Kill all connections with source %s"), log->src_ip); VrMenuAddItem(debuglvl, menu, nums[n++], str); str = VrGetString(gettext("Kill all connections with destination %s"), log->dst_ip); VrMenuAddItem(debuglvl, menu, nums[n++], str); str = VrGetString(gettext("Kill all connections of %s"), log->src_ip); VrMenuAddItem(debuglvl, menu, nums[n++], str); str = VrGetString(gettext("Kill all connections of %s"), log->dst_ip); VrMenuAddItem(debuglvl, menu, nums[n++], str); str = VrGetString("--- %s ---", gettext("BlockList options")); VrMenuAddSepItem(debuglvl, menu, str); str = VrGetString(gettext("Add source %s to BlockList"), log->src_ip); VrMenuAddItem(debuglvl, menu, nums[n++], str); str = VrGetString(gettext("Add destination %s to BlockList"), log->dst_ip); VrMenuAddItem(debuglvl, menu, nums[n++], str); str = VrGetString(gettext("Add both source and destination to BlockList")); VrMenuAddItem(debuglvl, menu, nums[n], str); /* n != n++ */ VrMenuConnectToWin(debuglvl, menu, win); VrMenuPost(debuglvl, menu); draw_top_menu(debuglvl, top_win, title, key_choices_n, key_choices, cmd_choices_n, cmd_choices); update_panels(); doupdate(); VrBusyWinHide(); /* user input */ char quit = FALSE; while(quit == FALSE) { ch = VrWinGetch(win); switch(ch) { case 27: case 'q': case 'Q': case KEY_F(10): quit = TRUE; break; case 10: { ITEM *cur = current_item(menu->m); if(cur != NULL) { int act = atoi((char *)item_name(cur)); switch(act) { case 1: /* kill */ { /* check if the conntrack tool is set */ if(conf.conntrack_location[0] == '\0') { (void)vrprint.error(-1, VR_ERR, STR_CONNTRACK_LOC_NOT_SET); } else { if(confirm(gettext("Kill connections"),gettext("Are you sure?"), vccnf.color_win_note, vccnf.color_win_note_rev|A_BOLD, 1) == 1) { kill_connections_by_ip(debuglvl, &conf, ctr, log->src_ip, log->dst_ip, log->ser, CONN_UNUSED); } } break; } case 2: /* kill all src ip */ /* check if the conntrack tool is set */ if(conf.conntrack_location[0] == '\0') { (void)vrprint.error(-1, VR_ERR, STR_CONNTRACK_LOC_NOT_SET); } else if(confirm(gettext("Kill connections"),gettext("Are you sure?"), vccnf.color_win_note, vccnf.color_win_note_rev|A_BOLD, 1) == 1) { kill_connections_by_ip(debuglvl, &conf, ctr, log->src_ip, NULL, NULL, CONN_UNUSED); } break; case 3: /* kill all dst ip */ /* check if the conntrack tool is set */ if(conf.conntrack_location[0] == '\0') { (void)vrprint.error(-1, VR_ERR, STR_CONNTRACK_LOC_NOT_SET); } else if(confirm(gettext("Kill connections"),gettext("Are you sure?"), vccnf.color_win_note, vccnf.color_win_note_rev|A_BOLD, 1) == 1) { kill_connections_by_ip(debuglvl, &conf, ctr, NULL, log->dst_ip, NULL, CONN_UNUSED); } break; case 4: /* check if the conntrack tool is set */ if(conf.conntrack_location[0] == '\0') { (void)vrprint.error(-1, VR_ERR, STR_CONNTRACK_LOC_NOT_SET); } else if(confirm(gettext("Kill connections"),gettext("Are you sure?"), vccnf.color_win_note, vccnf.color_win_note_rev|A_BOLD, 1) == 1) { kill_connections_by_ip(debuglvl, &conf, ctr, NULL, log->src_ip, NULL, CONN_UNUSED); kill_connections_by_ip(debuglvl, &conf, ctr, log->src_ip, NULL, NULL, CONN_UNUSED); } break; case 5: /* check if the conntrack tool is set */ if(conf.conntrack_location[0] == '\0') { (void)vrprint.error(-1, VR_ERR, STR_CONNTRACK_LOC_NOT_SET); } else if(confirm(gettext("Kill connections"),gettext("Are you sure?"), vccnf.color_win_note, vccnf.color_win_note_rev|A_BOLD, 1) == 1) { kill_connections_by_ip(debuglvl, &conf, ctr, NULL, log->dst_ip, NULL, CONN_UNUSED); kill_connections_by_ip(debuglvl, &conf, ctr, log->dst_ip, NULL, NULL, CONN_UNUSED); } break; case 6: if(confirm(gettext("Add to BlockList and Apply Changes"),gettext("Are you sure?"), vccnf.color_win_note, vccnf.color_win_note_rev|A_BOLD, 1) == 1) { block_and_kill(debuglvl, ctr, zones, blocklist, interfaces, log->src_ip); } break; case 7: if(confirm(gettext("Add to BlockList and Apply Changes"),gettext("Are you sure?"), vccnf.color_win_note, vccnf.color_win_note_rev|A_BOLD, 1) == 1) { block_and_kill(debuglvl, ctr, zones, blocklist, interfaces, log->dst_ip); } break; case 8: if(confirm(gettext("Add to BlockList and Apply Changes"),gettext("Are you sure?"), vccnf.color_win_note, vccnf.color_win_note_rev|A_BOLD, 1) == 1) { block_and_kill(debuglvl, ctr, zones, blocklist, interfaces, log->src_ip); block_and_kill(debuglvl, ctr, zones, blocklist, interfaces, log->dst_ip); } break; default: break; } } break; } case KEY_F(12): case 'h': case 'H': case '?': print_help(debuglvl, ctl->help_actions); break; default: (void)VrMenuDefaultNavigation(debuglvl, menu, ch); break; } } conn_ct_clear_connections(debuglvl, ctr); conn_free_ct(debuglvl, &ctr, zones); VrDelMenu(debuglvl, menu); VrDelWin(win); update_panels(); doupdate(); return; }
int statevent_menu(const int debuglvl, struct vuurmuur_config *cnf, int type, StatEventCtl *ctl, Conntrack *ct, VR_ConntrackRequest *connreq, Zones *zones, BlockList *blocklist, Interfaces *interfaces, Services *services) { VrWin *win = NULL; VrMenu *menu = NULL; int ch = 0; d_list_node *d_node = NULL; StatEventGen *gen_ptr = NULL; /* top menu */ char *key_choices[] = { "F12", "enter", "F10"}; int key_choices_n = 3; char *cmd_choices[] = { gettext("help"), ctl->options_str, gettext("back")}; int cmd_choices_n = 3; /* print a warning if we have no data */ if(ctl->list.len == 0) { (void)vrprint.warning(VR_WARN, ctl->warn_no_data_str); return(0); } win = VrNewWin(LINES - 6,COLS - 2,3,1,vccnf.color_win); if(win == NULL) { (void)vrprint.error(-1, VR_ERR, "VrNewWin failed"); return(-1); } VrWinSetTitle(win, ctl->title_str); draw_top_menu(debuglvl, top_win, ctl->title_str, key_choices_n, key_choices, cmd_choices_n, cmd_choices); menu = VrNewMenu(LINES - 8,COLS - 4,1,1,ctl->list.len, vccnf.color_win,vccnf.color_win_rev); if(menu == NULL) { (void)vrprint.error(-1, VR_ERR, "VrNewMenu failed"); return(-1); } VrMenuSetNameFreeFunc(menu, free); VrMenuSetDescFreeFunc(menu, free); VrMenuSetupNameList(debuglvl, menu); VrMenuSetupDescList(debuglvl, menu); unsigned int num = 1; for(d_node = ctl->list.top; d_node; d_node = d_node->next) { gen_ptr = d_node->data; if(debuglvl >= MEDIUM) (void)vrprint.debug(__FUNC__, "gen_ptr->filtered %d", gen_ptr->filtered); if(gen_ptr->filtered == 0) { char *desc_str = NULL; char *name_str = NULL; char strtmp[512] = ""; size_t name_len = 0, desc_len = 0; if(ctl->list.len <= 9) snprintf(strtmp, sizeof(strtmp), "%u", num); else if(ctl->list.len <= 99) snprintf(strtmp, sizeof(strtmp), "%2u", num); else if(ctl->list.len <= 999) snprintf(strtmp, sizeof(strtmp), "%3u", num); else if(ctl->list.len <= 9999) snprintf(strtmp, sizeof(strtmp), "%4u", num); else if(ctl->list.len <= 99999) snprintf(strtmp, sizeof(strtmp), "%5u", num); else if(ctl->list.len <= 999999) snprintf(strtmp, sizeof(strtmp), "%6u", num); else snprintf(strtmp, sizeof(strtmp), "%10u", num); name_len = strlen(strtmp) + 1; name_str = malloc(name_len); strlcpy(name_str, strtmp, name_len); /* get the str that will form the desc */ desc_len = win->width - 2 - name_len; desc_str = ctl->print2str(debuglvl, gen_ptr, desc_len); num++; /* add the item to the menu */ VrMenuAddItem(debuglvl, menu, name_str, desc_str); } } /* check if we didn't add any item (if all was filtered) */ if(num == 1) { (void)vrprint.warning(VR_WARN, ctl->warn_no_data_str); VrDelMenu(debuglvl, menu); VrDelWin(win); update_panels(); doupdate(); return(0); } VrMenuConnectToWin(debuglvl, menu, win); VrMenuPost(debuglvl, menu); VrBusyWinHide(); update_panels(); doupdate(); /* user input */ char quit = FALSE; while(quit == FALSE) { ch = VrWinGetch(win); switch(ch) { case 27: case 'q': case 'Q': case KEY_F(10): quit = TRUE; break; case 10: { ITEM *cur = current_item(menu->m); if(cur != NULL) { int i = atoi((char *)item_name(cur)); unsigned int u = 1; gen_ptr = NULL; /* get the current event: handle * filtered events as well */ for(d_node = ctl->list.top; d_node; d_node = d_node->next, u++) { gen_ptr = d_node->data; if(!gen_ptr->filtered) { if(u == (unsigned int)i) break; } else { u--; } gen_ptr = NULL; } if(gen_ptr == NULL) { // error return(-1); } else { /* call the interactive menu function */ ctl->menu(debuglvl, cnf, ctl, ct, connreq, zones, blocklist, interfaces, services, gen_ptr); /* when done, restore the title and options */ draw_top_menu(debuglvl, top_win, ctl->title_str, key_choices_n, key_choices, cmd_choices_n, cmd_choices); } } break; } case KEY_F(12): case 'h': case 'H': case '?': print_help(debuglvl, ctl->help_overview); break; default: (void)VrMenuDefaultNavigation(debuglvl, menu, ch); break; } } VrDelMenu(debuglvl, menu); VrDelWin(win); update_panels(); doupdate(); return(0); }
int main(int argc, char *argv[]) { struct vrmr_ctx vctx; int retval = 0, optch = 0; static char optstring[] = "c:d:hVW"; struct option long_options[] = { {"configfile", required_argument, NULL, 'c'}, {"debug", required_argument, NULL, 'd'}, {"help", no_argument, NULL, 'h'}, {"version", no_argument, NULL, 'V'}, {"wizard", no_argument, NULL, 'W'}, {0, 0, 0, 0}, }; int longopt_index = 0; int debug_level = NONE; PANEL *main_panels[5]; char *s = NULL; /* some defaults */ vuurmuur_semid = -1; vuurmuur_shmid = -1; vuurmuurlog_semid = -1; vuurmuurlog_shmid = -1; /* create the version string */ snprintf(version_string, sizeof(version_string), "%s (using libvuurmuur %s)", VUURMUURCONF_VERSION, libvuurmuur_get_version()); /* some initilization */ if (vrmr_init(&vctx, "vuurmuur_conf") < 0) exit(EXIT_FAILURE); /* settings file */ memset(vccnf.configfile_location, 0, sizeof(vccnf.configfile_location)); if (vctx.conf.etcdir[0] == '\0') (void)strlcpy(vccnf.configfile_location, VUURMUURCONF_CONFIGFILE, sizeof(vccnf.configfile_location)); else (void)snprintf(vccnf.configfile_location, sizeof(vccnf.configfile_location), "%s/vuurmuur/vuurmuur_conf.conf", vctx.conf.etcdir); #ifdef ENABLE_NLS setlocale(LC_ALL, ""); setlocale(LC_TIME, ""); setlocale(LC_MESSAGES, ""); setlocale(LC_COLLATE, ""); setlocale(LC_CTYPE, ""); setlocale(LC_MONETARY, ""); setlocale(LC_NUMERIC, ""); #endif /* check if we are in utf-8 mode */ utf8_mode = 0; if ((s = getenv("LC_ALL")) || (s = getenv("LC_CTYPE")) || (s = getenv("LANG"))) { if (strstr(s, "UTF-8")) utf8_mode = 1; } #ifdef ENABLE_NLS bindtextdomain("vuurmuur", xstr(VRMR_LOCALEDIR)); textdomain("vuurmuur"); #endif /* process commandline options */ while ((optch = getopt_long(argc, argv, optstring, long_options, &longopt_index)) != -1) { switch (optch) { case 'h': print_commandline_args(); break; /* configfile */ case 'c': if (strlcpy(vctx.conf.configfile, optarg, sizeof(vctx.conf.configfile)) >= sizeof(vctx.conf.configfile)) { vrmr_error(EXIT_FAILURE, VR_ERR, gettext("commandline argument too long for option " "-c.")); exit(EXIT_FAILURE); } break; case 'd': /* convert the debug string and check the result */ debug_level = atoi(optarg); if (debug_level < 0 || debug_level > HIGH) { vrmr_error(EXIT_FAILURE, VR_ERR, gettext("commandline debuglevel out of range.")); exit(EXIT_FAILURE); } vrmr_debug_level = debug_level; fprintf(stdout, "vuurmuur_conf: debugging enabled.\n"); fprintf(stdout, "vuurmuur_conf: debug level: %d\n", debug_level); break; case 'V': /* print version */ fprintf(stdout, "Vuurmuur_conf %s\n", version_string); fprintf(stdout, "%s\n", VUURMUUR_COPYRIGHT); exit(EXIT_SUCCESS); case 'W': { char wizard_path[512] = ""; snprintf(wizard_path, sizeof(wizard_path), "%s/scripts/vuurmuur-wizard.sh", vctx.conf.datadir); printf("Running %s...\n", wizard_path); exec_wizard(wizard_path); exit(EXIT_SUCCESS); } default: vrmr_error(EXIT_FAILURE, VR_ERR, gettext("unknown commandline option.")); exit(EXIT_FAILURE); } } /* close the STDERR_FILENO because it gives us annoying "Broken Pipe" errors on some systems with bash3. Let's see if this has negative side-effects. */ close(STDERR_FILENO); /* init vuurmuur_conf config already to get background */ (void)init_vcconfig(&vctx.conf, vccnf.configfile_location, &vccnf); /* Initialize curses */ (void)initscr(); (void)start_color(); (void)cbreak(); (void)noecho(); (void)keypad(stdscr, (bool)TRUE); setup_colors(); /* create the three main windows */ if (!(status_frame_win = create_newwin( 3, COLS, LINES - 3, 0, NULL, vccnf.color_bgd))) exit(EXIT_FAILURE); if (!(status_win = create_newwin( 1, COLS - 4, LINES - 2, 2, NULL, vccnf.color_bgd))) exit(EXIT_FAILURE); if (!(top_win = create_newwin(3, COLS, 0, 0, NULL, vccnf.color_bgd))) exit(EXIT_FAILURE); if (!(main_win = create_newwin( LINES - 6, COLS, 3, 0, NULL, vccnf.color_bgd))) exit(EXIT_FAILURE); if (!(mainlog_win = newwin(LINES - 8, COLS - 2, 4, 1))) exit(EXIT_FAILURE); (void)wbkgd(mainlog_win, vccnf.color_bgd); wattron(status_frame_win, vccnf.color_bgd); mvwprintw(status_frame_win, 0, 2, " %s ", gettext("Status")); mvwprintw(status_frame_win, 2, (int)(COLS - 4 - StrLen(vctx.user_data.realusername) - 6), " user: %s ", vctx.user_data.realusername); wattroff(status_frame_win, vccnf.color_bgd); /* Attach a panel to each window */ main_panels[0] = new_panel(top_win); main_panels[1] = new_panel(main_win); main_panels[2] = new_panel(status_win); main_panels[3] = new_panel(mainlog_win); main_panels[4] = new_panel(status_frame_win); (void)update_panels(); (void)doupdate(); /* init the vrprint functions for the Gui */ vrprint.error = vuumuurconf_print_error; vrprint.warning = vuumuurconf_print_warning; vrprint.info = vuumuurconf_print_info; if (status_print(status_win, gettext("This is Vuurmuur_conf %s, %s"), version_string, VUURMUUR_COPYRIGHT) < 0) exit(EXIT_FAILURE); /* setup the global busywin */ VrBusyWinCreate(); VrBusyWinHide(); // form_test(); /* startup_screen inits the config, loads the zones, rules, etc */ if (startup_screen(&vctx, &vctx.rules, &vctx.zones, &vctx.services, &vctx.interfaces, &vctx.blocklist, &vctx.reg) < 0) { /* failure! Lets quit. */ /* delete panels and windows */ (void)del_panel(main_panels[0]); (void)del_panel(main_panels[1]); (void)del_panel(main_panels[2]); (void)del_panel(main_panels[3]); (void)del_panel(main_panels[4]); (void)destroy_win(top_win); (void)destroy_win(main_win); (void)destroy_win(status_win); (void)destroy_win(status_frame_win); /* clear screen */ (void)refresh(); /* end ncurses mode */ (void)endwin(); exit(EXIT_FAILURE); } /* setup statuslist */ (void)setup_statuslist(); status_print(status_win, STR_READY); mm_status_checkall(&vctx, NULL, &vctx.rules, &vctx.zones, &vctx.interfaces, &vctx.services); /* main menu loop */ while (main_menu(&vctx, &vctx.rules, &vctx.zones, &vctx.interfaces, &vctx.services, &vctx.blocklist, &vctx.reg) == 1) ; /* clean up the status list */ vrmr_list_cleanup(&vuurmuur_status.StatusList); /* detach from shared memory, if we were attached */ if (vuurmuur_shmp != NULL && vuurmuur_shmp != (char *)(-1) && vuurmuur_shmtable != 0) { if (vrmr_lock(vuurmuur_semid)) { vuurmuur_shmtable->configtool.connected = 3; vrmr_unlock(vuurmuur_semid); } (void)shmdt(vuurmuur_shmp); } if (vuurmuurlog_shmp != NULL && vuurmuurlog_shmp != (char *)(-1) && vuurmuurlog_shmtable != 0) { if (vrmr_lock(vuurmuurlog_semid)) { vuurmuurlog_shmtable->configtool.connected = 3; vrmr_unlock(vuurmuurlog_semid); } (void)shmdt(vuurmuurlog_shmp); } /* destroy the global busywin */ VrBusyWinDelete(); /* delete panels and windows */ (void)del_panel(main_panels[0]); (void)del_panel(main_panels[1]); (void)del_panel(main_panels[2]); (void)del_panel(main_panels[3]); (void)del_panel(main_panels[4]); (void)destroy_win(mainlog_win); (void)destroy_win(top_win); (void)destroy_win(main_win); (void)destroy_win(status_win); (void)destroy_win(status_frame_win); /* clear screen */ (void)refresh(); /* end ncurses mode */ (void)endwin(); /* set error functions to the stdout versions */ vrprint.error = vrmr_stdoutprint_error; vrprint.warning = vrmr_stdoutprint_warning; vrprint.info = vrmr_stdoutprint_info; vrprint.debug = vrmr_stdoutprint_debug; vrprint.audit = vrmr_stdoutprint_audit; /* unload the backends */ if (vrmr_backends_unload(&vctx.conf, &vctx) < 0) { vrmr_error(-1, VR_ERR, gettext("unloading the backends failed")); retval = -1; } /* cleanup the datastructures */ (void)vrmr_list_cleanup(&vctx.blocklist.list); (void)vrmr_destroy_serviceslist(&vctx.services); (void)vrmr_destroy_zonedatalist(&vctx.zones); (void)vrmr_rules_cleanup_list(&vctx.rules); (void)vrmr_destroy_interfaceslist(&vctx.interfaces); vrmr_deinit(&vctx); return (retval); }