webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-21 08:22:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

setfilters und setaliases entfernt.

Browse Source 
qosctrl Fix.


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@806 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
This commit is contained in:
ms
2007-08-22 19:58:53 +00:00
parent f7c162140c
commit 903310c40d
13 changed files with 113 additions and 887 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/misc-progs/Makefile
View File

@@ -4,8 +4,8 @@ CFLAGS=-O2 -Wall
COMPILE=$(CC) $(CFLAGS)
PROGS = iowrap
SUID_PROGS = setdmzholes setportfw setfilters setxtaccess \
squidctrl restartssh ipfirereboot setaliases \
SUID_PROGS = setdmzholes setportfw setxtaccess \
squidctrl restartssh ipfirereboot \
ipsecctrl timectrl dhcpctrl snortctrl \
applejuicectrl rebuildhosts backupctrl \
logwatch openvpnctrl outgoingfwctrl \
@@ -61,9 +61,6 @@ tripwirectrl: tripwirectrl.c setuid.o ../install+setup/libsmooth/varval.o
smartctrl: smartctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ smartctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
monitorTraff: monitorTraff.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ monitorTraff.c setuid.o ../install+setup/libsmooth/varval.o -o $@
clamavctrl: clamavctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ clamavctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
@@ -76,18 +73,12 @@ timectrl: timectrl.c setuid.o ../install+setup/libsmooth/varval.o
launch-ether-wake: launch-ether-wake.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ launch-ether-wake.c setuid.o ../install+setup/libsmooth/varval.o -o $@
setaliases: setaliases.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ setaliases.c setuid.o ../install+setup/libsmooth/varval.o -o $@
setdmzholes: setdmzholes.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ setdmzholes.c setuid.o ../install+setup/libsmooth/varval.o -o $@
setportfw: setportfw.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ setportfw.c setuid.o ../install+setup/libsmooth/varval.o -o $@
setfilters: setfilters.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ setfilters.c setuid.o ../install+setup/libsmooth/varval.o -o $@
rebuildhosts: rebuildhosts.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ rebuildhosts.c setuid.o ../install+setup/libsmooth/varval.o -o $@

20
src/misc-progs/qosctrl.c
View File

@@ -16,7 +16,6 @@
int main(int argc, char *argv[]) {
int fd = -1;
int enable = 0;
if (!(initsetuid()))
exit(1);
@@ -25,18 +24,17 @@ int main(int argc, char *argv[]) {
fprintf(stderr, "\nNo argument given.\n\nqosctrl (start|stop|restart|status|generate)\n\n");
exit(1);
}
if ((fd = open("/var/ipfire/qos/bin/qos.sh", O_RDONLY)) != -1) {
close(fd);
} else {
// If there is no qos.sh do nothing.
exit(0);
}
safe_system("chmod 755 /var/ipfire/qos/bin/qos.sh &>/dev/null");
if (strcmp(argv[1], "start") == 0) {
if ((fd = open("/var/ipfire/qos/bin/qos.sh", O_RDONLY)) != -1)
{
close(fd);
enable = 1;
}
if (enable)
{
safe_system("/var/ipfire/qos/bin/qos.sh start");
}
safe_system("/var/ipfire/qos/bin/qos.sh start");
} else if (strcmp(argv[1], "stop") == 0) {
safe_system("/var/ipfire/qos/bin/qos.sh clear");
} else if (strcmp(argv[1], "status") == 0) {

186
src/misc-progs/setaliases.c
View File

@@ -1,186 +0,0 @@
/*
* setaliases - configure red aliased interfaces
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*
* (c) Steve Bootes, 2002/04/15
*
* 21/04/03 Robert Kerr Changed to link directly to libsmooth rather than
* using a copy & paste
*
* $Id: setaliases.c,v 1.2.2.4 2004/08/22 22:01:44 alanh Exp $
*
*/
#include "libsmooth.h"
#include "setuid.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
struct keyvalue *kv = NULL;
FILE *file = NULL;
void exithandler(void)
{
if (kv) freekeyvalues(kv);
if (file) fclose(file);
}
int main(void)
{
char s[STRING_SIZE];
char command[STRING_SIZE];
char red_netmask[STRING_SIZE];
char red_broadcast[STRING_SIZE];
char red_dev[STRING_SIZE];
char default_gateway[STRING_SIZE];
char *aliasip;
char *enabled;
char *sptr;
char *comment;
int alias;
int count;
if (!(initsetuid()))
{
fprintf(stderr, "Cannot run setuid\n");
exit(1);
}
atexit(exithandler);
/* Init the keyvalue structure */
kv=initkeyvalues();
/* Read in the current values */
if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
{
fprintf(stderr, "Cannot read ethernet settings\n");
exit(1);
}
/* Find the CONFIG_TYPE value */
if (!findkey(kv, "CONFIG_TYPE", s))
{
fprintf(stderr, "Cannot read CONFIG_TYPE\n");
exit(1);
}
/* Check for CONFIG_TYPE=2 or 3 i.e. RED ethernet present. If not,
* exit gracefully. This is not an error... */
if (!((strcmp(s, "2")==0) || (strcmp(s, "3")==0) || (strcmp(s, "6")==0) || (strcmp(s, "7")==0)))
exit(0);
/* Now check the RED_TYPE - aliases only work with STATIC.
* At least, that's what /etc/rc.d/rc.netaddress.up thinks.. */
/* Find the RED_TYPE value */
if (!findkey(kv, "RED_TYPE", s))
{
fprintf(stderr, "Cannot read RED_TYPE\n");
exit(1);
}
/* Make sure it's the right type */
if (!(strcmp(s, "STATIC")==0))
exit(0);
/* Get the RED interface details */
if((!findkey(kv, "RED_NETMASK", red_netmask)) || (!findkey(kv, "RED_BROADCAST", red_broadcast)) ||
(!findkey(kv, "RED_DEV", red_dev)) || (!findkey(kv, "DEFAULT_GATEWAY", default_gateway)))
{
fprintf(stderr, "Cannot read RED settings\n");
exit(1);
}
if (!VALID_DEVICE(red_dev))
{
fprintf(stderr, "Bad red_dev: %s\n", red_dev);
exit(1);
}
if (!VALID_IP(red_netmask))
{
fprintf(stderr, "Bad red_netmask : %s\n", red_netmask);
exit(1);
}
if (!VALID_IP(red_broadcast))
{
fprintf(stderr, "Bad red_broadcast : %s\n", red_broadcast);
exit(1);
}
if (!VALID_IP(default_gateway))
{
fprintf(stderr, "Bad default_gateway : %s\n", default_gateway);
exit(1);
}
/* down the aliases in turn until ifconfig complains */
alias=0;
do
{
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE-1, "/sbin/ifconfig %s:%d down 2>/dev/null", red_dev, alias++);
} while (safe_system(command)==0);
/* Now set up the new aliases from the config file */
if (!(file = fopen(CONFIG_ROOT "/ethernet/aliases", "r")))
{
fprintf(stderr, "Unable to open aliases configuration file\n");
exit(1);
}
alias=0;
while (fgets(s, STRING_SIZE, file) != NULL)
{
if (s[strlen(s) - 1] == '\n')
s[strlen(s) - 1] = '\0';
sptr = strtok(s, ",");
count = 0;
aliasip = NULL;
enabled = NULL;
comment = NULL;
while (sptr)
{
if (count == 0)
aliasip = sptr;
if (count == 1)
enabled = sptr;
else
comment = sptr;
count++;
sptr = strtok(NULL, ",");
}
if (!(aliasip && enabled))
continue;
if (!VALID_IP(aliasip))
{
fprintf(stderr, "Bad alias : %s\n", aliasip);
exit(1);
}
if (strcmp(enabled, "on") == 0)
{
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE-1, "/sbin/ifconfig %s:%d %s netmask %s broadcast %s up", red_dev, alias, aliasip, red_netmask, red_broadcast);
safe_system(command);
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE-1, "/usr/sbin/arping -q -c 1 -w 1 -i %s -S %s %s", red_dev, aliasip, default_gateway);
safe_system(command);
alias++;
}
}
return 0;
}

100
src/misc-progs/setfilters.c
View File

@@ -1,100 +0,0 @@
/* Derivated from SmoothWall helper programs
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*
* (c) Daniel Goscomb, 2001
*
* Modifications and improvements by Lawrence Manning.
*
* 19/04/03 Robert Kerr Fixed root exploit
*
* 20/08/05 Achim Weber 20 Modified to have a binary for the new firewall options page in IPCop 1.4.8
*
* 02/10/05 Gilles Espinasse treat only ping actually
*
* $Id: setfilters.c,v 1.1.2.2 2006/02/07 20:54:16 gespinasse Exp $
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "libsmooth.h"
#include "setuid.h"
struct keyvalue *kv = NULL;
FILE *ifacefile = NULL;
void exithandler(void)
{
if(kv)
freekeyvalues(kv);
}
int main(void)
{
char iface[STRING_SIZE] = "";
char command[STRING_SIZE];
char disableping[STRING_SIZE];
int redAvailable = 1;
if (!(initsetuid()))
exit(1);
atexit(exithandler);
/* Read in and verify config */
kv=initkeyvalues();
if (!readkeyvalues(kv, CONFIG_ROOT "/optionsfw/settings")) {
fprintf(stderr, "Cannot read firewall option settings\n");
exit(1);
}
if (!findkey(kv, "DISABLEPING", disableping)) {
fprintf(stderr, "Cannot read DISABLEPING\n");
exit(1);
}
if (strcmp(disableping, "NO") != 0 && strcmp(disableping, "ONLYRED") != 0 && strcmp(disableping, "ALL") != 0) {
fprintf(stderr, "Bad DISABLEPING: %s\n", disableping);
exit(1);
}
if (!(ifacefile = fopen(CONFIG_ROOT "/red/iface", "r"))) {
redAvailable = 0;
} else {
if (fgets(iface, STRING_SIZE, ifacefile)) {
if (iface[strlen(iface) - 1] == '\n')
iface[strlen(iface) - 1] = '\0';
}
fclose (ifacefile);
if (!VALID_DEVICE(iface)) {
fprintf(stderr, "Bad iface: %s\n", iface);
exit(1);
}
redAvailable = 1;
}
safe_system("/sbin/iptables -F GUIINPUT");
/* don't need to do anything if ping is disabled, so treat only other cases */
if (strcmp(disableping, "NO") == 0
|| (strcmp(disableping, "ONLYRED") == 0 && redAvailable == 0)) {
// We allow ping (icmp type 8) on every interfaces
// or RED is not available, so we can enable it on all (available) Interfaces
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A GUIINPUT -p icmp --icmp-type 8 -j ACCEPT");
safe_system(command);
} else {
// Allow ping only on internal interfaces
if(strcmp(disableping, "ONLYRED") == 0) {
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
"/sbin/iptables -A GUIINPUT -i ! %s -p icmp --icmp-type 8 -j ACCEPT", iface);
safe_system(command);
}
}
return 0;
}

165
src/misc-progs/setuid.h
View File

@@ -1,91 +1,74 @@
/* SmoothWall helper program - header file
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
* Simple header file for all setuid progs.
*
* $Id: setuid.h,v 1.4.2.4 2005/11/20 23:20:13 franck78 Exp $
*
*/
#ifndef SETUID_H
#define SETUID_H 1
#include <stdlib.h>
#include <sys/types.h>
/* As nothing in setuid.c uses STRING_SIZE specifically there's no real reason
* to redefine it if it already is set */
#ifndef STRING_SIZE
#define STRING_SIZE 256
#endif
#define LETTERS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
#define NUMBERS "0123456789"
#define LETTERS_NUMBERS LETTERS NUMBERS
#define IP_NUMBERS "./" NUMBERS
#define PORT_NUMBERS ":-" NUMBERS
#define VALID_FQDN LETTERS_NUMBERS ".-"
#define VALID_IP(ip) (strlen(ip) > 6 \
&& strlen(ip) < 16 \
&& strspn(ip, NUMBERS ".") == strlen(ip))
#define VALID_IP_AND_MASK(ip) (strlen(ip) > 6 \
&& strlen(ip) < 32 \
&& strspn(ip, IP_NUMBERS) == strlen(ip))
#define VALID_PORT(port) (strlen(port) \
&& strlen(port) < 6 \
&& strspn(port, NUMBERS) == strlen(port))
#define VALID_PORT_RANGE(port) (strlen(port) \
&& strlen(port) < 12 \
&& strspn(port, PORT_NUMBERS) == strlen(port))
#define VALID_SHORT_MASK(ip) (strlen(ip) > 1 \
&& strlen(ip) < 3 \
&& strspn(ip, NUMBERS) == strlen(ip))
/* Can't find any info on valid characters/length hopefully these are
* reasonable guesses */
#define VALID_DEVICE(dev) (strlen(dev) \
&& strlen(dev) < 16 \
&& strspn(dev, LETTERS_NUMBERS ":.") == strlen(dev))
/* Again, can't find any hard and fast rules for protocol names, these
* restrictions are based on the keywords currently listed in
* <http://www.iana.org/assignments/protocol-numbers>
* though currently the ipcop cgis will only pass tcp, udp or gre anyway */
#define VALID_PROTOCOL(prot) (strlen(prot) \
&& strlen(prot) <16 \
&& strspn(prot, LETTERS_NUMBERS "-") == strlen(prot))
extern char * trusted_env[4];
int system_core(char* command, uid_t uid, gid_t gid, char *error);
int safe_system(char* command);
int unpriv_system(char* command, uid_t uid, gid_t gid);
size_t strlcat(char *dst, const char *src, size_t len);
int initsetuid(void);
/* check whether a file exists */
int file_exists(const char *fname);
int file_exists_w(const char *fname); //wildcard filename test
// Backup restore
#define MOUNTPOINT "/home/httpd/html/backup"
#define BACKUP_KEY CONFIG_ROOT"/backup/backup.key"
/* defines for config create/restore return status*/
#define ERR_ANY 1 // unspecified error
#define ERR_KEY 2 // error creating key file
#define ERR_TAR 3 // error creating .tar
#define ERR_GZ 4 // error creating .tar.gz
#define ERR_ENCRYPT 5 // error creating .dat
#define ERR_DECRYPT 6 // error decrypting .dat file
#define ERR_UNTARTST 7 // error (test) untarring .tar.gz
#define ERR_UNTAR 8 // error (real) untarring .tar.gz
#define ERR_DAT 9 // missing .dat file
#endif
/* SmoothWall helper program - header file
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
* Simple header file for all setuid progs.
*
*/
#ifndef SETUID_H
#define SETUID_H 1
#include <stdlib.h>
#include <sys/types.h>
/* As nothing in setuid.c uses STRING_SIZE specifically there's no real reason
* to redefine it if it already is set */
#ifndef STRING_SIZE
#define STRING_SIZE 256
#endif
#define LETTERS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
#define NUMBERS "0123456789"
#define LETTERS_NUMBERS LETTERS NUMBERS
#define IP_NUMBERS "./" NUMBERS
#define PORT_NUMBERS ":-" NUMBERS
#define VALID_FQDN LETTERS_NUMBERS ".-"
#define VALID_IP(ip) (strlen(ip) > 6 \
&& strlen(ip) < 16 \
&& strspn(ip, NUMBERS ".") == strlen(ip))
#define VALID_IP_AND_MASK(ip) (strlen(ip) > 6 \
&& strlen(ip) < 32 \
&& strspn(ip, IP_NUMBERS) == strlen(ip))
#define VALID_PORT(port) (strlen(port) \
&& strlen(port) < 6 \
&& strspn(port, NUMBERS) == strlen(port))
#define VALID_PORT_RANGE(port) (strlen(port) \
&& strlen(port) < 12 \
&& strspn(port, PORT_NUMBERS) == strlen(port))
#define VALID_SHORT_MASK(ip) (strlen(ip) > 1 \
&& strlen(ip) < 3 \
&& strspn(ip, NUMBERS) == strlen(ip))
/* Can't find any info on valid characters/length hopefully these are
* reasonable guesses */
#define VALID_DEVICE(dev) (strlen(dev) \
&& strlen(dev) < 16 \
&& strspn(dev, LETTERS_NUMBERS ":.") == strlen(dev))
/* Again, can't find any hard and fast rules for protocol names, these
* restrictions are based on the keywords currently listed in
* <http://www.iana.org/assignments/protocol-numbers>
* though currently the ipcop cgis will only pass tcp, udp or gre anyway */
#define VALID_PROTOCOL(prot) (strlen(prot) \
&& strlen(prot) <16 \
&& strspn(prot, LETTERS_NUMBERS "-") == strlen(prot))
extern char * trusted_env[4];
int system_core(char* command, uid_t uid, gid_t gid, char *error);
int safe_system(char* command);
int unpriv_system(char* command, uid_t uid, gid_t gid);
size_t strlcat(char *dst, const char *src, size_t len);
int initsetuid(void);
/* check whether a file exists */
int file_exists(const char *fname);
int file_exists_w(const char *fname); //wildcard filename test
#endif