/***** * * Copyright (C) 2002 Vincent Glaume * All Rights Reserved * * This file is part of the Prelude program. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; see the file COPYING. If not, write to * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. * *****/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "config.h" #include "pconfig.h" extern config_agent_t config; static int print_version(prelude_option_t *opt, const char *arg) { printf("prelude-cm-agent %s\n", VERSION); return prelude_option_end; } static int get_version(char *buf, size_t size) { snprintf(buf, size, "prelude-cm-agent %s", VERSION); return prelude_option_success; } static int print_help(prelude_option_t *opt, const char *arg) { prelude_option_print(CLI_HOOK, 25); return prelude_option_end; } static int set_debug_mode(prelude_option_t *opt, const char *arg) { config.debug = 1; return prelude_option_success; } static int parse_ip(const char *string, struct in_addr *addr, struct in_addr *mask) { int ret; char *s, *str = strdup(string); int i; static char *netmasks[] = { "0.0.0.0", "128.0.0.0", "192.0.0.0", "224.0.0.0", "240.0.0.0", "248.0.0.0", "252.0.0.0", "254.0.0.0", "255.0.0.0", "255.128.0.0", "255.192.0.0", "255.224.0.0", "255.240.0.0", "255.248.0.0", "255.252.0.0", "255.254.0.0", "255.255.0.0", "255.255.128.0", "255.255.192.0", "255.255.224.0", "255.255.240.0", "255.255.248.0", "255.255.252.0", "255.255.254.0", "255.255.255.0", "255.255.255.128", "255.255.255.192", "255.255.255.224", "255.255.255.240", "255.255.255.248", "255.255.255.252", "255.255.255.254", "255.255.255.255", }; /* get ip from ip/netmask */ s = strtok(str, "/"); ret = inet_aton(s, addr); if ( ! ret ) return -1; /* get netmask */ s = strtok(NULL, "/"); if ( ! s ) { mask->s_addr = 0xffffffff; free(str); return 1; } if ( strchr(s, '.') ) { /* netmask a.b.c.d */ ret = inet_aton(s, mask); free(str); if ( ret == 0 ) return -1; return 1; } else { /* numeric netmask */ i = atoi(s); if ( i < 0 || i > 32 ) { free(str); return -1; } ret = inet_aton(netmasks[i], mask); free(str); if ( ret == 0 ) return -1; return 1; } return 0; } static int set_protected_net_list(prelude_option_t *opt, const char *arg) { struct in_addr addr, mask; net_protect_list_t *npl = NULL; int ret; char *ptr, *s, *tmp; char c; int i; s = tmp = ptr = strdup(arg); for ( i = 0 ; ; i++ ) { c = ptr[i]; if ( ( c != ' ' ) && ( c != '\0' ) ) continue; ptr[i] = '\0'; ret = parse_ip(tmp, &addr, &mask); if ( ret < 0 ) { free(s); return prelude_option_error; } npl = malloc(sizeof(*npl)); if ( ! npl ) { log(LOG_ERR, "memory exhausted.\n"); free(s); return prelude_option_error; } npl->np.net = addr; npl->np.mask = mask; npl->np.actions = CM_AGT_CAN_FIREWALL; npl->next = config.npl; config.npl = npl; config.net_num++; ptr[i] = c; if ( c == '\0' ) break; while ( ptr[i+1] == ' ' ) i++; tmp = ptr + i + 1 ; } free(s); return prelude_option_success; } int pconfig_init(int argc, char **argv) { int ret; config.manager_addr = "127.0.0.1"; config.manager_port = 5556; config.debug = 0; config.npl = NULL; config.net_num = 0; config.netfilter_checks = 0; prelude_option_add(NULL, CLI_HOOK, 'h', "help", "Print this help", no_argument, print_help, NULL); prelude_option_add(NULL, CLI_HOOK, 'v', "version", "Print version number", no_argument, print_version, get_version); prelude_option_add(NULL, CLI_HOOK|CFG_HOOK, 'd', "debug", "Debug mode: print some additional information", no_argument, set_debug_mode, NULL); prelude_option_add(NULL, CLI_HOOK|CFG_HOOK, 'p', "protected-nets", "Networks (IP/mask) protected by this agent", required_argument, set_protected_net_list, NULL); ret = prelude_sensor_init("prelude-cm-agent", PRELUDE_CM_AGENT_CONF, argc, argv); if ( ret == prelude_option_error || ret == prelude_option_end ) return -1; return 0; }