+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-/*
- $Revision: 1.1.1.1 $
- $Date: 2009/02/24 08:13:03 $
- $Author: faust $
- */
-
-#include <fstream>
-#include <sstream>
-#include <cstdlib>
-#include <limits>
-#include <cerrno>
-#include <locale>
-
-#include <arpa/inet.h>
-#include <netdb.h>
-
-#include "rules.h"
-#include "utils.h"
-
-using namespace std;
-
-STG::RULES_PARSER::RULES_PARSER()
- : rules(),
- error(false),
- errorStream(""),
- protocols()
-{
-error = InitProtocols();
-}
-
-STG::RULES_PARSER::RULES_PARSER(const string & fileName)
- : rules(),
- error(false),
- errorStream(""),
- protocols()
-{
-error = InitProtocols();
-SetFile(fileName);
-}
-
-void STG::RULES_PARSER::SetFile(const string & fileName)
-{
-errorStream.str("");
-
-ifstream rulesFile(fileName.c_str());
-
-int lineNumber = 0;
-
-if (!rulesFile)
- {
- error = true;
- errorStream << "RULES_PARSER::SetFile - Error opening file '" << fileName << "'\n";
- return;
- }
-
-string line;
-
-rules.erase(rules.begin(), rules.end());
-
-while (getline(rulesFile, line))
- {
- lineNumber++;
- if (ParseLine(line))
- {
- error = true;
- errorStream << "RULES_PARSER::SetFile - Error parsing line at '" << fileName << ":" << lineNumber << "'\n";
- return;
- }
- }
-
-STG::RULE rule;
-
-// Adding lastest rule: ALL 0.0.0.0/0 NULL
-rule.dir = -1; //NULL
-rule.ip = 0; //0.0.0.0
-rule.mask = 0;
-rule.port1 = 0;
-rule.port2 = 65535;
-rule.proto = -1;
-
-rules.push_back(rule);
-
-errorStream.str("");
-
-return;
-}
-
-bool STG::RULES_PARSER::ParseLine(string line)
-{
-size_t pos;
-
-pos = line.find('#');
-if (pos != string::npos)
- {
- line = line.substr(0, pos);
- }
-
-if (line.empty())
- {
- return false;
- }
-
-size_t lpos = line.find_first_not_of("\t ", 0, 2);
-
-if (lpos == string::npos)
- {
- return false;
- }
-
-size_t rpos = line.find_first_of("\t ", lpos, 2);
-
-if (rpos == string::npos)
- {
- return false;
- }
-
-string proto(line.begin() + lpos, line.begin() + rpos);
-
-lpos = line.find_first_not_of("\t ", rpos, 2);
-
-if (lpos == string::npos)
- {
- return false;
- }
-
-rpos = line.find_first_of("\t ", lpos, 2);
-
-if (rpos == string::npos)
- {
- return false;
- }
-
-string address(line.begin() + lpos, line.begin() + rpos);
-
-lpos = line.find_first_not_of("\t ", rpos, 2);
-
-if (lpos == string::npos)
- {
- return false;
- }
-string direction(line.begin() + lpos, line.end());
-
-if (proto.empty() ||
- address.empty() ||
- direction.empty())
- {
- return false;
- }
-
-map<string, int>::const_iterator it(protocols.find(proto));
-
-if (it == protocols.end())
- {
- errorStream << "RULES_PARSER::ParseLine - Invalid protocol\n";
- return true;
- }
-
-STG::RULE rule;
-
-rule.proto = it->second;
-
-if (direction.length() < 4)
- {
- errorStream << "RULES_PARSER::ParseLine - Invalid direction\n";
- return true;
- }
-
-if (direction == "NULL")
- {
- rule.dir = -1;
- }
-else
- {
- string prefix(direction.begin(), direction.begin() + 3);
- direction = direction.substr(3, direction.length() - 3);
- if (prefix != "DIR")
- {
- errorStream << "RULES_PARSER::ParseLine - Invalid direction prefix\n";
- return true;
- }
- char * endptr;
- /*
- * 'cause strtol don't change errno on success
- * according to: http://www.opengroup.org/onlinepubs/000095399/functions/strtol.html
- */
- errno = 0;
- rule.dir = strtol(direction.c_str(), &endptr, 10);
-
- // Code from strtol(3) release 3.10
- if ((errno == ERANGE && (rule.dir == numeric_limits<int>::max() ||
- rule.dir == numeric_limits<int>::min()))
- || (errno != 0 && rule.dir == 0))
- {
- errorStream << "RULES_PARSER::ParseLine - Direction out of range\n";
- return true;
- }
- if (endptr == direction.c_str())
- {
- errorStream << "RULES_PARSER::ParseLine - Invalid direction\n";
- return true;
- }
- }
-
-if (ParseAddress(address, &rule))
- {
- errorStream << "RULES_PARSER::ParseLine - Invalid address\n";
- return true;
- }
-
-rules.push_back(rule);
-
-return false;
-}
-
-bool STG::RULES_PARSER::ParseAddress(const string & address, RULE * rule) const
-{
-// Format: <address>[/<mask>[:<port1>[-<port2>]]]
-size_t pos = address.find('/');
-string ip;
-string mask;
-string ports;
-
-if (pos != string::npos)
- {
- ip = address.substr(0, pos);
- mask = address.substr(pos + 1, address.length() - pos - 1);
- pos = mask.find(':');
- if (pos != string::npos)
- {
- ports = mask.substr(pos + 1, mask.length() - pos - 1);
- mask = mask.substr(0, pos);
- }
- else
- {
- ports = "0-65535";
- }
- }
-else
- {
- mask = "32";
- pos = address.find(':');
- if (pos != string::npos)
- {
- ip = address.substr(0, pos);
- ports = address.substr(pos + 1, address.length() - pos - 1);
- }
- else
- {
- ip = address;
- ports = "0-65536";
- }
- }
-
-struct in_addr ipaddr;
-
-if (!inet_aton(ip.c_str(), &ipaddr))
- {
- errorStream << "RULES_PARSER::ParseAddress - Invalid IP\n";
- return true;
- }
-
-rule->ip = ntohl(ipaddr.s_addr);
-
-if (ParseMask(mask, rule))
- {
- errorStream << "RULES_PARSER::ParseAddress - Error parsing mask\n";
- return true;
- }
-
-pos = ports.find('-');
-string port1;
-string port2;
-
-if (pos != string::npos)
- {
- port1 = ports.substr(0, pos);
- port2 = ports.substr(pos + 1, ports.length() - pos - 1);
- }
-else
- {
- port1 = port2 = ports;
- }
-
-if (ParsePorts(port1, port2, rule))
- {
- errorStream << "RULES_PARSER::ParseAddress - Error pasing ports\n";
- return true;
- }
-
-return false;
-}
-
-bool STG::RULES_PARSER::ParseMask(const string & mask, RULE * rule) const
-{
-char * endptr;
-
-errno = 0;
-/*
- * 'cause strtol don't change errno on success
- * according to: http://www.opengroup.org/onlinepubs/000095399/functions/strtol.html
- */
-rule->mask = strtol(mask.c_str(), &endptr, 10);
-
-if ((errno == ERANGE && (rule->mask == numeric_limits<uint32_t>::max() ||
- rule->mask == numeric_limits<uint32_t>::min()))
- || (errno != 0 && rule->mask == 0))
- {
- errorStream << "RULES_PARSER::ParseMask - Mask is out of range\n";
- return true;
- }
-
-if (endptr == NULL)
- {
- errorStream << "RULES_PARSER::ParseMask - NULL endptr\n";
- return true;
- }
-
-if (*endptr != '\0')
- {
- errorStream << "RULES_PARSER::ParseMask - Invalid mask\n";
- return true;
- }
-
-if (rule->mask > 32)
- {
- errorStream << "RULES_PARSER::ParseMask - Mask is greater than 32\n";
- return true;
- }
-
-rule->mask = 0xffFFffFF >> (32 - rule->mask);
-
-return false;
-}
-
-bool STG::RULES_PARSER::ParsePorts(const string & port1,
- const string & port2,
- RULE * rule) const
-{
-char * endptr;
-
-errno = 0;
-/*
- * 'cause strtol don't change errno on success
- * according to: http://www.opengroup.org/onlinepubs/000095399/functions/strtol.html
- */
-rule->port1 = strtol(port1.c_str(), &endptr, 10);
-
-if ((errno == ERANGE && (rule->port1 == numeric_limits<uint16_t>::max() ||
- rule->port1 == numeric_limits<uint16_t>::min()))
- || (errno != 0 && rule->port1 == 0))
- {
- errorStream << "RULES_PARSER::ParsePorts - Min port is out of range\n";
- return true;
- }
-
-if (endptr == NULL)
- {
- errorStream << "RULES_PARSER::ParsePorts - NULL endptr on min port\n";
- return true;
- }
-
-if (*endptr != '\0')
- {
- errorStream << "RULES_PARSER::ParsePorts - Invalid min port\n";
- return true;
- }
-
-errno = 0;
-/*
- * 'cause strtol don't change errno on success
- * according to: http://www.opengroup.org/onlinepubs/000095399/functions/strtol.html
- */
-rule->port2 = strtol(port2.c_str(), &endptr, 10);
-
-if ((errno == ERANGE && (rule->port2 == numeric_limits<uint16_t>::max() ||
- rule->port2 == numeric_limits<uint16_t>::min()))
- || (errno != 0 && rule->port2 == 0))
- {
- errorStream << "RULES_PARSER::ParseAddress - Max port is out of range\n";
- return true;
- }
-
-if (endptr == NULL)
- {
- errorStream << "RULES_PARSER::ParsePorts - NULL endptr on max port\n";
- return true;
- }
-
-if (*endptr != '\0')
- {
- errorStream << "RULES_PARSER::ParsePorts - Invalid max port\n";
- return true;
- }
-
-return false;
-}
-
-bool STG::RULES_PARSER::InitProtocols()
-{
-struct protoent * pe;
-
-locale loc("");
-
-protocols.erase(protocols.begin(), protocols.end());
-
-setprotoent(true); // Open link to /etc/protocols
-
-while ((pe = getprotoent()) != NULL)
- {
- string proto(pe->p_name);
- protocols.insert(make_pair(STG::ToUpper(pe->p_name, loc), pe->p_proto));
- }
-
-endprotoent();
-
-protocols["ALL"] = -1;
-protocols["TCP_UDP"] = -2;
-
-errorStream.str("");
-
-return protocols.empty();
-}
git.stg.codes / stg.git / blobdiff