int main(int argc, char *argv[]) { if ( argc < 2 ) { printf("invalid parameter(s)\n"); return(1); } if (!(initsetuid())) exit(1); if (strcmp(argv[1], "cron") == 0) { safe_system("rm /etc/fcron.*/updxlrator 2&>/dev/null"); if (strcmp(argv[2], "daily") == 0) { safe_system("ln -s /var/ipfire/updatexlrator/bin/checkup /etc/fcron.daily/updxlrator"); } else if (strcmp(argv[2], "weekly") == 0) { safe_system("ln -s /var/ipfire/updatexlrator/bin/checkup /etc/fcron.weekly/updxlrator"); } else if (strcmp(argv[2], "monthly") == 0) { safe_system("ln -s /var/ipfire/updatexlrator/bin/checkup /etc/fcron.monthly/updxlrator"); } else { printf("invalid parameter(s)\n"); return(1); } } return 0; }
/* ACCEPT the ipsec protocol ah, esp & udp (for nat traversal) on the specified interface */ void open_physical (char *interface, int nat_traversal_port) { char str[STRING_SIZE]; // GRE ??? // sprintf(str, "/sbin/iptables -A " phystable " -p 47 -i %s -j ACCEPT", interface); // safe_system(str); // ESP // sprintf(str, "/sbin/iptables -A " phystable " -p 50 -i %s -j ACCEPT", interface); // safe_system(str); // AH // sprintf(str, "/sbin/iptables -A " phystable " -p 51 -i %s -j ACCEPT", interface); // safe_system(str); // IKE sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface); safe_system(str); sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface); safe_system(str); if (! nat_traversal_port) return; sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port); safe_system(str); sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port); safe_system(str); }
int main(int argc, char *argv[]) { char command[512]; if (!(initsetuid())) exit(1); snprintf(command, 512, "/var/ipfire/extrahd/bin/extrahd.pl %s %s", argv[1], argv[2]); safe_system("chmod 755 /var/ipfire/extrahd/bin/extrahd.pl 2>&1 >/dev/null"); safe_system(command); }
void exithandler(void) { /* added comment mark to the drop rules to be able to collect the bytes by the collectd */ if (strlen(blue_dev) > 0) { snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -i %s -j DROP -m comment --comment 'DROP_Wirelessinput'", blue_dev); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -i %s -j DROP -m comment --comment 'DROP_Wirelessforward'", blue_dev); safe_system(command); } if (fd) fclose(fd); }
int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); snprintf(command, BUFFER_SIZE-1, "/usr/sbin/etherwake -i %s %s", argv[2], argv[1]); safe_system(command); /* Send magic packet with broadcast flag set. */ snprintf(command, BUFFER_SIZE-1, "/usr/sbin/etherwake -i %s -b %s", argv[2], argv[1]); safe_system(command); return(0); }
int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); if (argc < 2) { fprintf(stderr, "\nNo argument given.\n\nsquidctrl (start|stop|restart|flush|reconfigure)\n\n"); exit(1); } if (strcmp(argv[1], "start") == 0) { safe_system("/etc/rc.d/init.d/squid start"); } else if (strcmp(argv[1], "stop") == 0) { safe_system("/etc/rc.d/init.d/squid stop"); } else if (strcmp(argv[1], "restart") == 0) { safe_system("/etc/rc.d/init.d/squid restart"); } else if (strcmp(argv[1], "reconfigure") == 0) { safe_system("/etc/rc.d/init.d/squid reconfigure"); } else if (strcmp(argv[1], "flush") == 0) { safe_system("/etc/rc.d/init.d/squid flush"); } else if (strcmp(argv[1], "enable") == 0) { safe_system("ln -fs ../init.d/squid /etc/rc.d/rc0.d/K00squid >/dev/null 2>&1"); safe_system("ln -fs ../init.d/squid /etc/rc.d/rc6.d/K00squid >/dev/null 2>&1"); } else if (strcmp(argv[1], "disable") == 0) { safe_system("rm -f /etc/rc.d/rc*.d/*squid >/dev/null 2>&1"); } else { fprintf(stderr, "\nBad argument given.\n\nsquidctrl (start|stop|restart|flush|reconfigure|setperms)\n\n"); exit(1); } return 0; }
/* issue ipsec commmands to turn off connection 'name' */ void turn_connection_off (char *name) { /* * To turn off a connection, all SAs must be turned down. * After that, the configuration must be reloaded. */ char command[STRING_SIZE]; // Bring down the connection. snprintf(command, STRING_SIZE - 1, "/usr/sbin/ipsec down %s >/dev/null", name); safe_system(command); // Reload, so the connection is dropped. safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1"); }
void safe_system_f( const char *command, int *timeout_seconds, int *return_status ) { int status = safe_system( command, *timeout_seconds ); *return_status = status; }
int main(void) { if (!(initsetuid())) exit(1); safe_system("/usr/bin/sendprofile"); return 0; }
int main(void) { if (!(initsetuid())) exit(1); safe_system("/sbin/shutdown -h now"); return 0; }
/* issue ipsec commmands to turn on connection 'name' */ void turn_connection_on(char *name, char *type) { /* * To bring up a connection, we need to reload the configuration * and issue ipsec up afterwards. To make sure the connection * is not established from the start, we bring it down in advance. */ char command[STRING_SIZE]; // Bring down the connection (if established). snprintf(command, STRING_SIZE - 1, "/usr/sbin/ipsec down %s >/dev/null", name); safe_system(command); // Reload the configuration into the daemon. safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1"); // Bring the connection up again. snprintf(command, STRING_SIZE - 1, "/usr/sbin/ipsec up %s >/dev/null", name); safe_system(command); }
int main(int argc, char *argv[]) { static struct option long_options[] = { { "eroute", no_argument, &flag_eroute, 1 }, { "verbose", no_argument, 0, 'v' }, { "help", no_argument, 0, 'h' }, { 0, 0, 0, 0} }; int c; int option_index = 0; while ((c = getopt_long(argc, argv, "v", long_options, &option_index)) != -1) { switch (c) { case 0: break; case 'v': /* verbose */ flag_verbose++; break; case 'h': usage(argv[0], 0); default: fprintf(stderr, "unknown option\n"); usage(argv[0], 1); } } if ( !(initsetuid()) ) exit(1); if (flag_eroute) { safe_system("/bin/cat /proc/net/ipsec_eroute 2>/dev/null"); } else { safe_system("/usr/sbin/conntrack -L -o xml 2>/dev/null"); } return(0); }
int main(int argc, char *argv[]) { struct keyvalue* kv = NULL; int fd = -1; int r = 0; if (!(initsetuid())) exit(1); if (argc < 2) { fprintf(stderr, "\nNo argument given.\n\nqosctrl (start|stop|restart|status|generate)\n\n"); exit(1); } if (strcmp(argv[1], "generate") == 0) { kv = initkeyvalues(); if (!readkeyvalues(kv, CONFIG_ROOT "/qos/settings")) { fprintf(stderr, "Cannot read QoS settings\n"); r = 1; goto END; } char enabled[STRING_SIZE]; if (!findkey(kv, "ENABLED", enabled)) strcpy(enabled, "off"); if (strcmp(enabled, "on") == 0) safe_system("/usr/bin/perl /var/ipfire/qos/bin/makeqosscripts.pl > " QOS_SH); else unlink(QOS_SH); } if ((fd = open(QOS_SH, O_RDONLY)) != -1) { close(fd); } else { // If there is no qos.sh do nothing. goto END; } safe_system("chmod 755 " QOS_SH " &>/dev/null"); if (strcmp(argv[1], "start") == 0) { safe_system(QOS_SH " start"); } else if (strcmp(argv[1], "stop") == 0) { safe_system(QOS_SH " clear"); } else if (strcmp(argv[1], "status") == 0) { safe_system(QOS_SH " status"); } else if (strcmp(argv[1], "restart") == 0) { safe_system(QOS_SH " restart"); } else { if (strcmp(argv[1], "generate") == 0) {exit(0);} fprintf(stderr, "\nBad argument given.\n\nqosctrl (start|stop|restart|status|generate)\n\n"); exit(1); } END: if (kv) freekeyvalues(kv); return r; }
int main(int argc, char *argv[]) { if (argc < 2) return(1); if (!(initsetuid())) exit(-1); snprintf(command, BUFFER_SIZE-1, "/bin/chown nobody:squid /home/httpd/vhost81/html/updatecache/%s", argv[1]); safe_system(command); return(0); }
int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); if (argc < 2) { fprintf(stderr, "\nNo argument given.\n\nredctrl (start|stop|restart)\n\n"); exit(1); } if (strcmp(argv[1], "start") == 0) { safe_system("/etc/rc.d/init.d/network start red"); } else if (strcmp(argv[1], "stop") == 0) { safe_system("/etc/rc.d/init.d/network stop red"); } else if (strcmp(argv[1], "restart") == 0) { safe_system("/etc/rc.d/init.d/network restart red"); } else { fprintf(stderr, "\nBad argument given.\n\nredctrl (start|stop|restart)\n\n"); exit(1); } return 0; }
int main() { CURL *curl = curl_easy_init( ); printf("Content-Type: text/html;charset=us-ascii\n\n"); char *q = getenv("QUERY_STRING"); if(q == NULL || strlen(q) <= 0) { printf("<p>You must pass in some source code.</p>"); return 1; } if(strlen(q) > 1024) { printf("<p>The source code is too long.</p>"); return 1; } q = curl_easy_unescape(curl, q, strlen(q), NULL); FILE * log = fopen(HOME "/tmp/build.log", "w+"); char * filename = tempnam("/tmp", "gcc_"); fprintf(log, "%d IP: %s Output: %s\n", time(0), getenv("REMOTE_ADDR"), filename); fflush(log); chdir(HOME "/root"); chroot(HOME "/root"); struct passwd *passwd = getpwnam(USER); if(passwd == NULL) { printf("<p>User does not exist.</p>"); return 1; } if(setuid(passwd->pw_uid) < 0) return 1; char buffer[2048]; sprintf(buffer, "echo -n '%s' | gcc -x c -o %s -", q, filename); printf("Starting build...\n"); int pid = safe_system(buffer); fprintf(log, "%d %s done.\n", time(0), filename); fclose(log); sleep_kill(pid); return 0; }
int main(int argc, char *argv[]) { int i; char command[1024]; char add[STRING_SIZE]; if (!(initsetuid())) exit(1); snprintf(command, STRING_SIZE, "/opt/pakfire/pakfire"); for (i = 1; i < argc; i++) { sprintf(add, " %s", argv[i]); strcat(command, add); } return safe_system(command); }
int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); if (argc < 2) { fprintf(stderr, "\nNo argument given.\n\ndnsmasqctrl (restart)\n\n"); exit(1); } if (strcmp(argv[1], "restart") == 0) { safe_system("/etc/rc.d/init.d/dnsmasq restart"); } else { fprintf(stderr, "\nBad argument given.\n\ndnsmasqctrl (restart)\n\n"); exit(1); } return 0; }
void exithandler(void) { char command[STRING_SIZE]; /* clean up temporary files and directory */ snprintf(command, STRING_SIZE - 1, "/tmp/%s.tar.gz", hostname); unlink(command); if (tmpdir[0]) { snprintf(command, STRING_SIZE - 1, "/bin/rm -rf %s &>/dev/null", tmpdir); safe_system(command); } if (tmpdatefile[0]) unlink(tmpdatefile); /* remove just uploaded file */ snprintf(command, STRING_SIZE - 1, MOUNTPOINT "/%s.dat", hostname); unlink(command); snprintf(command, STRING_SIZE - 1, "/tmp/%s.tar", hostname); unlink(command); }
void run_command_event( struct state *state, struct event *event, struct command_spec *command) { DEBUGP("%d: command: `%s`\n", event->line_number, command->command_line); /* Wait for the right time before firing off this event. */ wait_for_event(state); char *error = NULL; if (safe_system(command->command_line, &error)) goto error_out; return; error_out: die("%s:%d: error executing `%s` command: %s\n", state->config->script_path, event->line_number, command->command_line, error); free(error); }
int main(int argc, char *argv[]) { char cmd[STRING_SIZE]; if (!(initsetuid())) exit(1); if (argc < 2) { fprintf(stderr, "\nNo argument given.\n\nddnsctrl (update-all)\n\n"); exit(1); } if (strcmp(argv[1], "update-all") == 0) { snprintf(cmd, sizeof(cmd), "/usr/bin/ddns --config %s update-all >/dev/null 2>&1", conffile); safe_system(cmd); } else { fprintf(stderr, "\nBad argument given.\n\nddnsctrl (update-all)\n\n"); exit(1); } return 0; }
void CPlugins::startScriptPlugin(int number) { const char * script = plugin_list[number].pluginfile.c_str(); dprintf(DEBUG_NORMAL, "[CPlugins] executing script %s\n", script); if (!pluginfile_exists(plugin_list[number].pluginfile)) { dprintf(DEBUG_NORMAL, "[CPlugins] could not find %s,\nperhaps wrong plugin type in %s\n", script, plugin_list[number].cfgfile.c_str()); return; } if( !safe_system(script) ) { dprintf(DEBUG_NORMAL, "CPlugins::startScriptPlugin: script %s successfull started\n", script); } else { dprintf(DEBUG_NORMAL, "[CPlugins] can't execute %s\n",script); } }
int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); if (argc < 2) { fprintf(stderr, "\nNo argument given.\n\nsmartctrl <device>\n\n"); exit(1); } sprintf(command, "/var/run/hddshutdown-%s", argv[1]); FILE *fp = fopen(command,"r"); if( fp ) { fclose(fp); printf("\nDisk %s is in Standby. Do nothing because we won't wakeup\n",argv[1]); exit(1); } sprintf(command, "smartctl -iHA /dev/%s", argv[1]); safe_system(command); return 0; }
int main(void) { char green_dev[STRING_SIZE] = ""; char buffer[STRING_SIZE]; char *index, *ipaddress, *macaddress, *enabled; struct keyvalue *kv = NULL; if (!(initsetuid())) exit(1); /* flush wireless iptables */ safe_system("/sbin/iptables --wait -F WIRELESSINPUT > /dev/null 2> /dev/null"); safe_system("/sbin/iptables --wait -F WIRELESSFORWARD > /dev/null 2> /dev/null"); memset(buffer, 0, STRING_SIZE); /* Init the keyvalue structure */ kv=initkeyvalues(); /* Read in the current values */ if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) { fprintf(stderr, "Cannot read ethernet settings\n"); exit(1); } /* Read in the firewall values */ if (!readkeyvalues(kv, CONFIG_ROOT "/optionsfw/settings")) { fprintf(stderr, "Cannot read optionsfw settings\n"); exit(1); } /* Get the GREEN interface details */ if (findkey(kv, "GREEN_DEV", green_dev) > 0) { if (!VALID_DEVICE(green_dev)) { fprintf(stderr, "Bad GREEN_DEV: %s\n", green_dev); exit(1); } } /* Get the BLUE interface details */ if (findkey(kv, "BLUE_DEV", blue_dev) > 0) { if ((strlen(blue_dev) > 0) && !VALID_DEVICE(blue_dev)) { fprintf(stderr, "Bad BLUE_DEV: %s\n", blue_dev); exit(1); } } if (strlen(blue_dev) == 0) { exit(0); } if ((fd = fopen(CONFIG_ROOT "/wireless/nodrop", "r"))) return 0; /* register exit handler to ensure the block rule is always present */ atexit(exithandler); if (!(fd = fopen(CONFIG_ROOT "/wireless/config", "r"))) { exit(0); } /* restrict blue access tp the proxy port */ if (findkey(kv, "DROPPROXY", buffer) && strcmp(buffer, "on") == 0) { /* Read the proxy values */ if (!readkeyvalues(kv, CONFIG_ROOT "/proxy/settings") || !(findkey(kv, "PROXY_PORT", buffer))) { fprintf(stderr, "Cannot read proxy settings\n"); exit(1); } snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -i %s -p tcp ! --dport %s -j DROP -m comment --comment 'DROP_Wirelessforward'", blue_dev, buffer); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -i %s -p tcp ! --dport %s -j DROP -m comment --comment 'DROP_Wirelessinput'", blue_dev, buffer); safe_system(command); } /* not allow blue to acces a samba server running on local fire*/ if (findkey(kv, "DROPSAMBA", buffer) && strcmp(buffer, "on") == 0) { snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -i %s -p tcp -m multiport --ports 135,137,138,139,445,1025 -j DROP -m comment --comment 'DROP_Wirelessforward'", blue_dev); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -i %s -p tcp -m multiport --ports 135,137,138,139,445,1025 -j DROP -m comment --comment 'DROP_Wirelessinput'", blue_dev); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -i %s -p udp -m multiport --ports 135,137,138,139,445,1025 -j DROP -m comment --comment 'DROP_Wirelessforward'", blue_dev); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -i %s -p udp -m multiport --ports 135,137,138,139,445,1025 -j DROP -m comment --comment 'DROP_Wirelessinput'", blue_dev); safe_system(command); } while (fgets(buffer, STRING_SIZE, fd)) { buffer[strlen(buffer) - 1] = 0; index = strtok(buffer, ","); ipaddress = strtok(NULL, ","); macaddress = strtok(NULL, ","); enabled = strtok(NULL, ","); if (strcmp(enabled, "on") == 0) { /* both specified, added security */ if ((strlen(macaddress) == 17) && (VALID_IP_AND_MASK(ipaddress))) { snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -m mac --mac-source %s -s %s -i %s -j ACCEPT", macaddress, ipaddress, blue_dev); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j RETURN", macaddress, ipaddress, blue_dev); safe_system(command); } else { /* correctly formed mac address is 17 chars */ if (strlen(macaddress) == 17) { snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -m mac --mac-source %s -i %s -j ACCEPT", macaddress, blue_dev); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j RETURN", macaddress, blue_dev); safe_system(command); } if (VALID_IP_AND_MASK(ipaddress)) { snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -s %s -i %s -j ACCEPT", ipaddress, blue_dev); safe_system(command); snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -s %s -i %s -j RETURN", ipaddress, blue_dev); safe_system(command); } } } } /* with this rule you can disable the logging of the dropped wireless input packets*/ if (findkey(kv, "DROPWIRELESSINPUT", buffer) && strcmp(buffer, "on") == 0) { snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSINPUT -i %s -j LOG --log-prefix 'DROP_Wirelessinput'", blue_dev); safe_system(command); } /* with this rule you can disable the logging of the dropped wireless forward packets*/ if (findkey(kv, "DROPWIRELESSFORWARD", buffer) && strcmp(buffer, "on") == 0) { snprintf(command, STRING_SIZE-1, "/sbin/iptables --wait -A WIRELESSFORWARD -i %s -j LOG --log-prefix 'DROP_Wirelessforward'", blue_dev); safe_system(command); } return 0; }
/* read the IPsec config file and adds a rule for every net-to-net definition that skip the transparent rules REDIRECT */ void setdirectipsec(int setdirectipsec_green, int setdirectipsec_blue) { int count; char *result; char *name; char *type; char *running; char *ipsec_network_mask; char *ipsec_netaddress; char *ipsec_netmask; FILE *file = NULL; char *conn_enabled; char buffer[STRING_SIZE]; char s[STRING_SIZE_LARGE]; if (!setdirectipsec_green && !setdirectipsec_blue) return; /* nothing to do */ if (!(file = fopen("/var/ipcop/ipsec/config", "r"))) { fprintf(stderr, "Couldn't open IPsec config file"); return; /* error! exit or return? */ } while (fgets(s, STRING_SIZE_LARGE, file) != NULL) { /* Line should contain 25+ comma seperated fields */ if (strlen(s) < 25) { verbose_printf(2, "Bad (empty?) configline\n"); continue; } if (s[strlen(s) - 1] == '\n') { s[strlen(s) - 1] = '\0'; } running = strdup(s); result = strsep(&running, ","); count = 0; name = NULL; type = NULL; ipsec_network_mask = NULL; conn_enabled = NULL; while (result) { if (count == 1) conn_enabled = result; if (count == 2) name = result; if (count == 4) type = result; if (count == 12) ipsec_network_mask = result; count++; result = strsep(&running, ","); } if (name == NULL) { verbose_printf(2, "Bad (empty?) configline\n"); continue; } if (strspn(name, LETTERS_NUMBERS) != strlen(name)) { verbose_printf(1, "Bad connection name: %s\n", name); continue; } if (count < 25) { verbose_printf(2, "Bad configline, name %s count %d, %s\n", name, count, s); continue; } if (!(strcmp(type, "net") == 0)) { verbose_printf(2, "Skip (no net-net) connection name: %s\n", name); continue; } /* Darren Critchley - new check to see if connection is enabled */ if (!(strcmp(conn_enabled, "on") == 0)) { verbose_printf(2, "Skip disabled connection name: %s\n", name); continue; } result = strsep(&ipsec_network_mask, "/"); count = 0; ipsec_netaddress = NULL; ipsec_netmask = NULL; while (result) { if (count == 0) ipsec_netaddress = result; if (count == 1) ipsec_netmask = result; count++; result = strsep(&ipsec_network_mask, "/"); } if (!VALID_IP(ipsec_netaddress)) { verbose_printf(1, "Bad network for IPsec connection %s: %s\n", name, ipsec_netaddress); continue; } if ((!VALID_IP(ipsec_netmask)) && (!VALID_SHORT_MASK(ipsec_netmask))) { verbose_printf(1, "Bad mask for IPsec connection %s: %s\n", name, ipsec_netmask); continue; } memset(buffer, 0, STRING_SIZE); if (setdirectipsec_green) { if (snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", ipcop_ethernet.device[GREEN][1], ipsec_netaddress, ipsec_netmask) >= STRING_SIZE) { fprintf(stderr, "Command too long\n"); fclose(file); exit(1); } verbose_printf(1, "Bypass proxy redirect for GREEN to remote IPsec network %s/%s\n", ipsec_netaddress, ipsec_netmask); safe_system(buffer); } if (setdirectipsec_blue) { if (snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", ipcop_ethernet.device[BLUE][1], ipsec_netaddress, ipsec_netmask) >= STRING_SIZE) { fprintf(stderr, "Command too long\n"); fclose(file); exit(1); } verbose_printf(1, "Bypass proxy redirect for BLUE to remote IPsec network %s/%s\n", ipsec_netaddress, ipsec_netmask); safe_system(buffer); } } fclose(file); }
void run_script(struct config *config, struct script *script) { char *error = NULL; struct state *state = NULL; struct netdev *netdev = NULL; struct event *event = NULL; DEBUGP("run_script: running script\n"); set_scheduling_priority(); lock_memory(); /* This interpreter loop runs for local mode or wire client mode. */ assert(!config->is_wire_server); /* How we use the network is of course a little different in * each of the two cases.... */ if (config->is_wire_client) netdev = wire_client_netdev_new(config); else netdev = local_netdev_new(config); state = state_new(config, script, netdev); if (config->is_wire_client) { state->wire_client = wire_client_new(); wire_client_init(state->wire_client, config, script, state); } if (script->init_command != NULL) { if (safe_system(script->init_command->command_line, &error)) { die("%s: error executing init command: %s\n", config->script_path, error); } } signal(SIGPIPE, SIG_IGN); /* ignore EPIPE */ state->live_start_time_usecs = schedule_start_time_usecs(); DEBUGP("live_start_time_usecs is %lld\n", state->live_start_time_usecs); if (state->wire_client != NULL) wire_client_send_client_starting(state->wire_client); while (1) { if (get_next_event(state, &error)) die("%s", error); event = state->event; if (event == NULL) break; if (state->wire_client != NULL) wire_client_next_event(state->wire_client, event); /* In wire mode, we adjust relative times after * getting notification that previous packet events * have completed, if any. */ adjust_relative_event_times(state, event); switch (event->type) { case PACKET_EVENT: /* For wire clients, the server handles packets. */ if (!config->is_wire_client) { run_local_packet_event(state, event, event->event.packet); } break; case SYSCALL_EVENT: run_system_call_event(state, event, event->event.syscall); break; case COMMAND_EVENT: run_command_event(state, event, event->event.command); break; case CODE_EVENT: run_code_event(state, event, event->event.code->text); break; case INVALID_EVENT: case NUM_EVENT_TYPES: assert(!"bogus type"); break; /* We omit default case so compiler catches missing values. */ } } /* Wait for any outstanding packet events we requested on the server. */ if (state->wire_client != NULL) wire_client_next_event(state->wire_client, NULL); if (code_execute(state->code, &error)) { die("%s: error executing code: %s\n", state->config->script_path, error); free(error); } state_free(state); DEBUGP("run_script: done running\n"); }
void CPlugins::startPlugin(int number) { dprintf(DEBUG_NORMAL, "CPlugins::startPlugin: %s type:%d\n", plugin_list[number].pluginfile.c_str(), plugin_list[number].type); // export neutrino settings to the environment char tmp[32]; sprintf(tmp, "%d", g_settings.screen_StartX); setenv("SCREEN_OFF_X", tmp, 1); sprintf(tmp, "%d", g_settings.screen_StartY); setenv("SCREEN_OFF_Y", tmp, 1); sprintf(tmp, "%d", g_settings.screen_EndX); setenv("SCREEN_END_X", tmp, 1); sprintf(tmp, "%d", g_settings.screen_EndY); setenv("SCREEN_END_Y", tmp, 1); // script type if (plugin_list[number].type == CPlugins::P_TYPE_SCRIPT) { g_RCInput->clearRCMsg(); g_RCInput->stopInput(); startScriptPlugin(number); frameBuffer->paintBackground(); frameBuffer->blit(); g_RCInput->restartInput(); g_RCInput->clearRCMsg(); return; } // neutrinoHD plugins (standalone) if ( (plugin_list[number].type == CPlugins::P_TYPE_TOOL) || (plugin_list[number].type == CPlugins::P_TYPE_GAME) ) { /* stop rc input */ g_RCInput->stopInput(); safe_system((char *) plugin_list[number].pluginfile.c_str()); frameBuffer->paintBackground(); frameBuffer->blit(); g_RCInput->restartInput(); g_RCInput->clearRCMsg(); return; } else if (plugin_list[number].type == CPlugins::P_TYPE_NEUTRINO) { PluginExec execPlugin; void *handle; char * error; g_RCInput->clearRCMsg(); // load handle = dlopen ( plugin_list[number].pluginfile.c_str(), RTLD_NOW); if (!handle) { fputs (dlerror(), stderr); } else { execPlugin = (PluginExec) dlsym(handle, "plugin_exec"); if ((error = dlerror()) != NULL) { fputs(error, stderr); dlclose(handle); } else { dprintf(DEBUG_NORMAL, "[CPlugins] try exec...\n"); frameBuffer->paintBackground(); frameBuffer->blit(); execPlugin(); dlclose(handle); dprintf(DEBUG_NORMAL, "[CPlugins] exec done...\n"); } } g_RCInput->clearRCMsg(); } }
int main(int argc, char *argv[]) { char configtype[STRING_SIZE]; char redtype[STRING_SIZE] = ""; struct keyvalue *kv = NULL; if (argc < 2) { usage(); exit(1); } if (!(initsetuid())) exit(1); FILE *file = NULL; if (strcmp(argv[1], "I") == 0) { safe_system("/usr/sbin/ipsec status"); exit(0); } if (strcmp(argv[1], "R") == 0) { safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1"); exit(0); } /* FIXME: workaround for pclose() issue - still no real idea why * this is happening */ signal(SIGCHLD, SIG_DFL); /* handle operations that doesn't need start the ipsec system */ if (argc == 2) { if (strcmp(argv[1], "D") == 0) { safe_system("/usr/sbin/ipsec stop >/dev/null 2>&1"); ipsec_norules(); exit(0); } } /* read vpn config */ kv=initkeyvalues(); if (!readkeyvalues(kv, CONFIG_ROOT "/vpn/settings")) { fprintf(stderr, "Cannot read vpn settings\n"); exit(1); } /* check is the vpn system is enabled */ { char s[STRING_SIZE]; findkey(kv, "ENABLED", s); freekeyvalues(kv); if (strcmp (s, "on") != 0) exit(0); } /* read interface settings */ kv=initkeyvalues(); if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) { fprintf(stderr, "Cannot read ethernet settings\n"); exit(1); } if (!findkey(kv, "CONFIG_TYPE", configtype)) { fprintf(stderr, "Cannot read CONFIG_TYPE\n"); exit(1); } findkey(kv, "RED_TYPE", redtype); /* Loop through the config file to find physical interface that will accept IPSEC */ int enable_red=0; // states 0: not used int enable_green=0; // 1: error condition int enable_orange=0; // 2: good int enable_blue=0; char if_red[STRING_SIZE] = ""; char if_green[STRING_SIZE] = ""; char if_orange[STRING_SIZE] = ""; char if_blue[STRING_SIZE] = ""; char s[STRING_SIZE]; // when RED is up, find interface name in special file FILE *ifacefile = NULL; if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r"))) { if (fgets(if_red, STRING_SIZE, ifacefile)) { if (if_red[strlen(if_red) - 1] == '\n') if_red[strlen(if_red) - 1] = '\0'; } fclose (ifacefile); if (VALID_DEVICE(if_red)) enable_red++; } // Check if GREEN is enabled. findkey(kv, "GREEN_DEV", if_green); if (VALID_DEVICE(if_green)) enable_green++; // Check if ORANGE is enabled. findkey(kv, "ORANGE_DEV", if_orange); if (VALID_DEVICE(if_orange)) enable_orange++; // Check if BLUE is enabled. findkey(kv, "BLUE_DEV", if_blue); if (VALID_DEVICE(if_blue)) enable_blue++; freekeyvalues(kv); // exit if nothing to do if ((enable_red+enable_green+enable_orange+enable_blue) == 0) exit(0); // open needed ports if (enable_red > 0) open_physical(if_red, 4500); if (enable_green > 0) open_physical(if_green, 4500); if (enable_orange > 0) open_physical(if_orange, 4500); if (enable_blue > 0) open_physical(if_blue, 4500); // start the system if ((argc == 2) && strcmp(argv[1], "S") == 0) { safe_system("/usr/sbin/ipsec restart >/dev/null"); exit(0); } // it is a selective start or stop // second param is only a number 'key' if ((argc == 2) || strspn(argv[2], NUMBERS) != strlen(argv[2])) { fprintf(stderr, "Bad arg: %s\n", argv[2]); usage(); exit(1); } // search the vpn pointed by 'key' if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) { fprintf(stderr, "Couldn't open vpn settings file"); exit(1); } while (fgets(s, STRING_SIZE, file) != NULL) { char *key; char *name; char *type; if (!decode_line(s,&key,&name,&type)) continue; // is it the 'key' requested ? if (strcmp(argv[2], key) != 0) continue; // Start or Delete this Connection if (strcmp(argv[1], "S") == 0) turn_connection_on (name, type); else if (strcmp(argv[1], "D") == 0) turn_connection_off (name); else { fprintf(stderr, "Bad command\n"); exit(1); } } fclose(file); return 0; }
void ipsec_norules() { /* clear input rules */ safe_system("/sbin/iptables -F IPSECINPUT"); safe_system("/sbin/iptables -F IPSECFORWARD"); safe_system("/sbin/iptables -F IPSECOUTPUT"); }
int main(int argc, char**argv) { if (!(initsetuid())) return 1; // Check what command is asked if (argc==1) { fprintf (stderr, "Missing reboot command!\n"); return 1; } if (argc==2 && strcmp(argv[1], OP_SHUTDOWN)==0) { safe_system("/sbin/shutdown -h now"); return 0; } if (argc==2 && strcmp(argv[1], OP_REBOOT)==0) { safe_system("/sbin/shutdown -r now"); return 0; } if (argc==2 && strcmp(argv[1], OP_REBOOT_FS)==0) { safe_system("/sbin/shutdown -F -r now"); return 0; } // output schedule to stdout if (argc==2 && strcmp(argv[1], OP_SCHEDULE_GET)==0) { safe_system("/bin/grep /sbin/shutdown /var/spool/cron/root.orig"); return 0; } if (argc==2 && strcmp(argv[1], OP_SCHEDULE_REM)==0) { safe_system("/usr/bin/perl -i -p -e 's/^.*\\/sbin\\/shutdown.*$//s' /var/spool/cron/root.orig"); safe_system("/usr/bin/fcrontab -u root -z"); return 0; } if (argc==6 && strcmp(argv[1], OP_SCHEDULE_ADD)==0) { // check args if (!( strlen(argv[2])<3 && strspn(argv[2], "0123456789") == strlen (argv[2]) && strlen(argv[3])<3 && strspn(argv[3], "0123456789") == strlen (argv[3]) && strlen(argv[4])<14 && strspn(argv[4], "1234567,*") == strlen (argv[4]) && ((strcmp(argv[5], "-r")==0) || //reboot (strcmp(argv[5], "-h")==0)) ) //hangup ) { fprintf (stderr, "Bad cron+ parameters!\n"); return 1; } // remove old entry safe_system("/usr/bin/perl -i -p -e 's/^.*\\/sbin\\/shutdown.*$//s' /var/spool/cron/root.orig"); // add new entry FILE *fd = NULL; if ((fd = fopen("/var/spool/cron/root.orig", "a"))) { fprintf (fd,"%s %s * * %s /sbin/shutdown %s 1\n",argv[2],argv[3],argv[4],argv[5]); fclose (fd); } // inform cron safe_system("/usr/bin/fcrontab -u root -z"); return 0; } fprintf (stderr, "Bad reboot command!\n"); return 1; }