1 /* $Id: ssp_fwexec.c,v 2.7 2008/04/26 19:53:21 fknobbe Exp $
2 *
3 *
4 * Copyright (c) 2004-2008 Frank Knobbe <frank@knobbe.us>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 *
28 *
29 * ssp_fwexec.c
30 *
31 * Purpose:
32 *
33 * This SnortSam plugin calls the fw.exe program of Firewall-1 to block/unblock.
34 * (This used to be a built-in function but has now been moved to a plugin as
35 * an example for other executable plugins. Hopefully this will be wrapped into
36 * a generic script wrapper at some time.)
37 *
38 */
39
40
41 #ifndef __SSP_FWEXEC_C__
42 #define __SSP_FWEXEC_C__
43
44
45 #include "snortsam.h"
46 #include "ssp_fwexec.h"
47
48 #include <stdio.h>
49 #include <string.h>
50
51
52 /* This routine parses the fwexec statement in the config file.
53 */
FWExecParse(char * val,char * file,unsigned long line,DATALIST * plugindatalist)54 void FWExecParse(char *val,char *file,unsigned long line,DATALIST *plugindatalist)
55 { char *filename,msg[STRBUFSIZE+2];
56 int len;
57
58 #ifdef FWSAMDEBUG
59 printf("Debug: [fwexec] Plugin Parsing...\n");
60 #endif
61
62 if(*val)
63 { len=strlen(val);
64 filename=safemalloc(len+1,"FWExecParse","filename");
65 strncpy(filename,val,len);
66 filename[len]=0;
67 plugindatalist->data=filename;
68 snprintf(msg,sizeof(msg)-1,"fwexec: Will call '%s' to initiate blocks.",filename);
69 logmessage(3,msg,"fwexec",0);
70 }
71 else
72 { snprintf(msg,sizeof(msg)-1,"Error: [%s: %lu] No fw.exe executable specified.",file,line);
73 logmessage(1,msg,"fwexec",0);
74 }
75 }
76
77 /* This routine initiates the block by calling fw.exe.
78 */
FWExecBlock(BLOCKINFO * bd,void * fwexec,unsigned long qp)79 void FWExecBlock(BLOCKINFO *bd,void *fwexec,unsigned long qp)
80 { char cmd[STRBUFSIZE+2],dura[32];
81 #ifdef WIN32
82 const char pref[]="start /low /min ";
83 #else
84 const char pref[]="";
85 #endif
86 #ifdef FWSAMDEBUG
87 #ifdef WIN32
88 unsigned long threadid=GetCurrentThreadId();
89 #else
90 pthread_t threadid=pthread_self();
91 #endif
92 #endif
93
94 if(!fwexec)
95 return;
96
97 *dura=0;
98 if(bd->duration>0)
99 snprintf(dura,sizeof(dura)-1,"-t %lu ",(unsigned long)bd->duration);
100
101 switch(bd->mode&FWSAM_HOW)
102 { case FWSAM_HOW_INOUT:
103 snprintf(cmd,sizeof(cmd)-1,"%s%s sam %s%s-I any %s",pref,(char *)fwexec,bd->block?"":"-C ",dura,inettoa(bd->blockip));
104 break;
105 case FWSAM_HOW_IN:
106 snprintf(cmd,sizeof(cmd)-1,"%s%s sam %s%s-I src %s",pref,(char *)fwexec,bd->block?"":"-C ",dura,inettoa(bd->blockip));
107 break;
108 case FWSAM_HOW_OUT:
109 snprintf(cmd,sizeof(cmd)-1,"%s%s sam %s%s-I dst %s",pref,(char *)fwexec,bd->block?"":"-C ",dura,inettoa(bd->blockip));
110 break;
111 case FWSAM_HOW_THIS:
112 snprintf(cmd,sizeof(cmd)-1,"%s%s sam %s%s-I srv %s %s %u %u",pref,(char *)fwexec,bd->block?"":"-C ",dura,inettoa(bd->blockip),inettoa(bd->peerip),bd->port,bd->proto);
113 break;
114 }
115
116 #ifdef FWSAMDEBUG
117 printf("Debug: [fwexec][%lx] Calling: %s\n",(unsigned long)threadid,cmd);
118 #endif
119
120 system(cmd); /* or maybe use spawnlp */
121 }
122
123
124 #endif /* __SSP_FWEXEC_C__ */
125
126
127
128
129
130
131