/mandos/trunk : revision 927

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-helpers/mandos-client-iprouteadddel.c

Committer: Teddy Hogeborn
Date: 2018-02-10 13:23:58 UTC
Revision ID: teddy@recompile.se-20180210132358-8pfvo9vshq9l32y5

Remove unnecessary text left from old example init.d file

* init.d-mandos: Remove unnecessary text left from old example init.d
file.

files added:
DBUS-API

NEWS

bugs.xml

common.ent

dbus-mandos.conf

debian/mandos-client.examples

debian/mandos.README.Debian

debian/mandos.prerm

debian/po

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

tmpfiles.d-mandos.conf

files removed:
etc-plugins.d-README

plugins.d/usplash

files modified:
.bzrignore

INSTALL

Makefile

README

TODO

clients.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugin-helpers/mandos-client-iprouteadddel.c

/* -*- coding: utf-8 -*- */

* iprouteadddel - Add or delete direct route to a local IP address

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* asprintf(),

program_invocation_short_name */

#include <stdbool.h> /* bool, false, true */

#include <stdio.h> /* fprintf(), stderr, FILE, vfprintf */

#include <errno.h> /* program_invocation_short_name,

errno, perror(), EINVAL, ENOMEM */

#include <stdarg.h> /* va_list, va_start */

#include <stdlib.h> /* EXIT_SUCCESS */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, ARGP_KEY_ARG,

argp_usage(), ARGP_KEY_END,

ARGP_ERR_UNKNOWN, struct argp,

argp_parse() */

#include <sysexits.h> /* EX_USAGE, EX_OSERR */

#include <netinet/ip.h> /* sa_family_t, AF_INET6, AF_INET */

#include <inttypes.h> /* PRIdMAX, intmax_t */

#include <netlink/netlink.h> /* struct nl_addr, nl_addr_parse(),

nl_geterror(),

nl_addr_get_family(),

nl_addr_put() */

#include <netlink/route/route.h> /* struct rtnl_route,

struct rtnl_nexthop,

rtnl_route_alloc(),

rtnl_route_set_family(),

rtnl_route_set_protocol(),

RTPROT_BOOT,

rtnl_route_set_scope(),

RT_SCOPE_LINK,

rtnl_route_set_type(),

RTN_UNICAST,

rtnl_route_set_dst(),

rtnl_route_set_table(),

RT_TABLE_MAIN,

rtnl_route_nh_alloc(),

rtnl_route_nh_set_ifindex(),

rtnl_route_add_nexthop(),

rtnl_route_add(),

rtnl_route_delete(),

rtnl_route_put(),

rtnl_route_nh_free() */

#include <netlink/socket.h> /* struct nl_sock, nl_socket_alloc(),

nl_connect(), nl_socket_free() */

#include <netlink/route/link.h> /* rtnl_link_get_kernel(),

rtnl_link_get_ifindex(),

rtnl_link_put() */

bool debug = false;

const char *argp_program_version = "mandos-client-iprouteadddel " VERSION;

const char *argp_program_bug_address = "<mandos@recompile.se>";

/* Function to use when printing errors */

void perror_plus(const char *print_text){

int e = errno;

fprintf(stderr, "Mandos plugin helper %s: ",

program_invocation_short_name);

errno = e;

perror(print_text);

}

__attribute__((format (gnu_printf, 2, 3), nonnull))

int fprintf_plus(FILE *stream, const char *format, ...){

va_list ap;

va_start (ap, format);

fprintf(stream, "Mandos plugin helper %s: ",

program_invocation_short_name);

return vfprintf(stream, format, ap);

}

int main(int argc, char *argv[]){

int ret;

int exitcode = EXIT_SUCCESS;

struct arguments {

100

bool add; /* true: add, false: delete */

101

char *address; /* IP address as string */

102

struct nl_addr *nl_addr; /* Netlink IP address */

103

char *interface; /* interface name */

104

} arguments = { .add = true, .address = NULL, .interface = NULL };

105

struct argp_option options[] = {

106

{ .name = "debug", .key = 128,

107

.doc = "Debug mode" },

108

{ .name = NULL }

109

};

110

struct rtnl_route *route = NULL;

111

struct rtnl_nexthop *nexthop = NULL;

112

struct nl_sock *sk = NULL;

113

114

error_t parse_opt(int key, char *arg, struct argp_state *state){

115

int lret;

116

errno = 0;

117

switch(key){

118

case 128: /* --debug */

119

debug = true;

120

break;

121

case ARGP_KEY_ARG:

122

switch(state->arg_num){

123

case 0:

124

if(strcasecmp(arg, "add") == 0){

125

((struct arguments *)(state->input))->add = true;

126

} else if(strcasecmp(arg, "delete") == 0){

127

((struct arguments *)(state->input))->add = false;

128

} else {

129

fprintf_plus(stderr, "Unrecognized command: %s\n", arg);

130

argp_usage(state);

131

}

132

break;

133

case 1:

134

((struct arguments *)(state->input))->address = arg;

135

lret = nl_addr_parse(arg, AF_UNSPEC, &(((struct arguments *)

136

(state->input))

137

->nl_addr));

138

if(lret != 0){

139

fprintf_plus(stderr, "Failed to parse address %s: %s\n",

140

arg, nl_geterror(lret));

141

argp_usage(state);

142

}

143

break;

144

case 2:

145

((struct arguments *)(state->input))->interface = arg;

146

break;

147

default:

148

argp_usage(state);

149

}

150

break;

151

case ARGP_KEY_END:

152

if(state->arg_num < 3){

153

argp_usage(state);

154

}

155

break;

156

default:

157

return ARGP_ERR_UNKNOWN;

158

}

159

return errno;

160

}

161

162

struct argp argp = { .options = options, .parser = parse_opt,

163

.args_doc = "[ add | delete ] ADDRESS INTERFACE",

164

.doc = "Mandos client helper -- Add or delete"

165

" local route to IP address on interface" };

166

167

ret = argp_parse(&argp, argc, argv, ARGP_IN_ORDER, 0, &arguments);

168

switch(ret){

169

case 0:

170

break;

171

case EINVAL:

172

exit(EX_USAGE);

173

case ENOMEM:

174

default:

175

errno = ret;

176

perror_plus("argp_parse");

177

exitcode = EX_OSERR;

178

goto end;

179

}

180

/* Get netlink socket */

181

sk = nl_socket_alloc();

182

if(sk == NULL){

183

fprintf_plus(stderr, "Failed to allocate netlink socket: %s\n",

184

nl_geterror(ret));

185

exitcode = EX_OSERR;

186

goto end;

187

}

188

/* Connect socket to netlink */

189

ret = nl_connect(sk, NETLINK_ROUTE);

190

if(ret < 0){

191

fprintf_plus(stderr, "Failed to connect socket to netlink: %s\n",

192

nl_geterror(ret));

193

exitcode = EX_OSERR;

194

goto end;

195

}

196

/* Get link object of specified interface */

197

struct rtnl_link *link = NULL;

198

ret = rtnl_link_get_kernel(sk, 0, arguments.interface, &link);

199

if(ret < 0){

200

fprintf_plus(stderr, "Failed to use interface %s: %s\n",

201

arguments.interface, nl_geterror(ret));

202

exitcode = EX_OSERR;

203

goto end;

204

}

205

/* Get netlink route object */

206

route = rtnl_route_alloc();

207

if(route == NULL){

208

fprintf_plus(stderr, "Failed to get netlink route:\n");

209

exitcode = EX_OSERR;

210

goto end;

211

}

212

/* Get address family of specified address */

213

sa_family_t af = (sa_family_t)nl_addr_get_family(arguments.nl_addr);

214

if(debug){

215

fprintf_plus(stderr, "Address family of %s is %s (%" PRIdMAX

216

")\n", arguments.address,

217

af == AF_INET6 ? "AF_INET6" :

218

( af == AF_INET ? "AF_INET" : "UNKNOWN"),

219

(intmax_t)af);

220

}

221

/* Set route parameters: */

222

rtnl_route_set_family(route, (uint8_t)af); /* Address family */

223

rtnl_route_set_protocol(route, RTPROT_BOOT); /* protocol - see

224

ip-route(8) */

225

rtnl_route_set_scope(route, RT_SCOPE_LINK); /* link scope */

226

rtnl_route_set_type(route, RTN_UNICAST); /* normal unicast

227

address route */

228

rtnl_route_set_dst(route, arguments.nl_addr); /* Destination

229

address */

230

rtnl_route_set_table(route, RT_TABLE_MAIN); /* "main" routing

231

table */

232

/* Create nexthop */

233

nexthop = rtnl_route_nh_alloc();

234

if(nexthop == NULL){

235

fprintf_plus(stderr, "Failed to get netlink route nexthop\n");

236

exitcode = EX_OSERR;

237

goto end;

238

}

239

/* Get index number of specified interface */

240

int ifindex = rtnl_link_get_ifindex(link);

241

if(debug){

242

fprintf_plus(stderr, "ifindex of %s is %d\n", arguments.interface,

243

ifindex);

244

}

245

/* Set interface index number on nexthop object */

246

rtnl_route_nh_set_ifindex(nexthop, ifindex);

247

/* Set route tu use nexthop object */

248

rtnl_route_add_nexthop(route, nexthop);

249

/* Add or delete route? */

250

if(arguments.add){

251

ret = rtnl_route_add(sk, route, NLM_F_EXCL);

252

} else {

253

ret = rtnl_route_delete(sk, route, 0);

254

}

255

if(ret < 0){

256

fprintf_plus(stderr, "Failed to %s route: %s\n",

257

arguments.add ? "add" : "delete",

258

nl_geterror(ret));

259

exitcode = EX_OSERR;

260

goto end;

261

}

262

end:

263

/* Deallocate route */

264

if(route){

265

rtnl_route_put(route);

266

} else if(nexthop) {

267

/* Deallocate route nexthop */

268

rtnl_route_nh_free(nexthop);

269

}

270

/* Deallocate parsed address */

271

if(arguments.nl_addr){

272

nl_addr_put(arguments.nl_addr);

273

}

274

/* Deallocate link struct */

275

if(link){

276

rtnl_link_put(link);

277

}

278

/* Deallocate netlink socket struct */

279

if(sk){

280

nl_socket_free(sk);

281

}

282

return exitcode;

283

}

Older »