includes.c 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222
  1. /*
  2. * firewall3 - 3rd OpenWrt UCI firewall implementation
  3. *
  4. * Copyright (C) 2013 Jo-Philipp Wich <jo@mein.io>
  5. *
  6. * Permission to use, copy, modify, and/or distribute this software for any
  7. * purpose with or without fee is hereby granted, provided that the above
  8. * copyright notice and this permission notice appear in all copies.
  9. *
  10. * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  11. * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  12. * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  13. * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  14. * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  15. * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  16. * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  17. */
  18. #include "includes.h"
  19. const struct fw3_option fw3_include_opts[] = {
  20. FW3_OPT("enabled", bool, include, enabled),
  21. FW3_OPT("path", string, include, path),
  22. FW3_OPT("type", include_type, include, type),
  23. FW3_OPT("family", family, include, family),
  24. FW3_OPT("reload", bool, include, reload),
  25. { }
  26. };
  27. static bool
  28. check_include(struct fw3_state *state, struct fw3_include *include, struct uci_element *e)
  29. {
  30. if (!include->enabled)
  31. return false;
  32. if (!include->path)
  33. {
  34. warn_section("include", include, e, "must specify a path");
  35. return false;
  36. }
  37. if (include->type == FW3_INC_TYPE_RESTORE && !include->family)
  38. warn_section("include", include, e, "does not specify a family, include will get"
  39. "loaded with both iptables-restore and ip6tables-restore!");
  40. return true;
  41. }
  42. static struct fw3_include *
  43. fw3_alloc_include(struct fw3_state *state)
  44. {
  45. struct fw3_include *include;
  46. include = calloc(1, sizeof(*include));
  47. if (!include)
  48. return NULL;
  49. include->enabled = true;
  50. list_add_tail(&include->list, &state->includes);
  51. return include;
  52. }
  53. void
  54. fw3_load_includes(struct fw3_state *state, struct uci_package *p,
  55. struct blob_attr *a)
  56. {
  57. struct uci_section *s;
  58. struct uci_element *e;
  59. struct fw3_include *include;
  60. struct blob_attr *entry;
  61. unsigned rem;
  62. INIT_LIST_HEAD(&state->includes);
  63. blob_for_each_attr(entry, a, rem)
  64. {
  65. const char *type;
  66. const char *name = "ubus include";
  67. if (!fw3_attr_parse_name_type(entry, &name, &type))
  68. continue;
  69. if (strcmp(type, "script") && strcmp(type, "restore"))
  70. continue;
  71. include = fw3_alloc_include(state);
  72. if (!include)
  73. continue;
  74. if (!fw3_parse_blob_options(include, fw3_include_opts, entry, name))
  75. {
  76. warn_section("include", include, NULL, "skipped due to invalid options");
  77. fw3_free_include(include);
  78. continue;
  79. }
  80. if (!check_include(state, include, NULL))
  81. fw3_free_include(include);
  82. }
  83. uci_foreach_element(&p->sections, e)
  84. {
  85. s = uci_to_section(e);
  86. if (strcmp(s->type, "include"))
  87. continue;
  88. include = fw3_alloc_include(state);
  89. if (!include)
  90. continue;
  91. include->name = e->name;
  92. if (!fw3_parse_options(include, fw3_include_opts, s))
  93. warn_elem(e, "has invalid options");
  94. if (!check_include(state, include, e))
  95. fw3_free_include(include);
  96. }
  97. }
  98. static void
  99. print_include(struct fw3_include *include)
  100. {
  101. FILE *f;
  102. char line[1024];
  103. info(" * Loading include '%s'", include->path);
  104. if (!(f = fopen(include->path, "r")))
  105. {
  106. info(" ! Skipping due to open error: %s", strerror(errno));
  107. return;
  108. }
  109. while (fgets(line, sizeof(line), f))
  110. fw3_pr("%s", line);
  111. fclose(f);
  112. }
  113. void
  114. fw3_print_includes(struct fw3_state *state, enum fw3_family family, bool reload)
  115. {
  116. struct fw3_include *include;
  117. bool exec = false;
  118. const char *restore = "iptables-restore";
  119. if (family == FW3_FAMILY_V6)
  120. restore = "ip6tables-restore";
  121. list_for_each_entry(include, &state->includes, list)
  122. {
  123. if (reload && !include->reload)
  124. continue;
  125. if (include->type != FW3_INC_TYPE_RESTORE)
  126. continue;
  127. if (!fw3_is_family(include, family))
  128. continue;
  129. if (!exec)
  130. {
  131. exec = fw3_command_pipe(false, restore, "--noflush");
  132. if (!exec)
  133. return;
  134. }
  135. print_include(include);
  136. }
  137. if (exec)
  138. fw3_command_close();
  139. }
  140. #define TEMPLATE "config() { echo \"You cannot use UCI in firewall includes!\" >&2; exit 1; }; . %s"
  141. static void
  142. run_include(struct fw3_include *include)
  143. {
  144. int rv;
  145. struct stat s;
  146. char buf[PATH_MAX + sizeof(TEMPLATE)];
  147. info(" * Running script '%s'", include->path);
  148. if (stat(include->path, &s))
  149. {
  150. info(" ! Skipping due to path error: %s", strerror(errno));
  151. return;
  152. }
  153. snprintf(buf, sizeof(buf), TEMPLATE, include->path);
  154. rv = system(buf);
  155. if (rv)
  156. info(" ! Failed with exit code %u", WEXITSTATUS(rv));
  157. }
  158. void
  159. fw3_run_includes(struct fw3_state *state, bool reload)
  160. {
  161. struct fw3_include *include;
  162. list_for_each_entry(include, &state->includes, list)
  163. {
  164. if (reload && !include->reload)
  165. continue;
  166. if (include->type == FW3_INC_TYPE_SCRIPT)
  167. run_include(include);
  168. }
  169. }