2 Fwtool (http
://hcoop
.sf
.net
/)
3 Copyright (C
) 2005 Adam Chlipala
5 This program is free software
; you can redistribute it
and/or
6 modify it under the terms
of the GNU General Public License
7 as published by the Free Software Foundation
; either version
2
8 of the License
, or (at your option
) any later version
.
10 This program is distributed
in the hope that it will be useful
,
11 but WITHOUT ANY WARRANTY
; without even the implied warranty
of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE
. See the
13 GNU General Public License for more details
.
15 You should have received a copy
of the GNU General Public License
16 along
with this program
; if not
, write to the Free Software
17 Foundation
, Inc
., 51 Franklin St
, Fifth Floor
, Boston
, MA
02110-1301 USA
20 (* Main functionality
*)
22 structure Fwtool
:> FWTOOL
= struct
28 val inf
= TextIO.openIn (fwdir ^
"/users.rules")
29 val out_lines
= ref StringMap
.empty
30 val in_lines
= ref StringMap
.empty
31 val users_tcp_out_conf
= TextIO.openOut (fwdir ^
"/users_tcp_out.conf")
32 val users_tcp_in_conf
= TextIO.openOut (fwdir ^
"/users_tcp_in.conf")
34 fun confLine (f
, r
) (uid
, uname
, line
) =
36 val line
= String.concat
["\t", line
, "\n"]
37 val lines
= case StringMap
.find (!r
, uname
) of
38 NONE
=> (f (uid
, uname
); [])
41 r
:= StringMap
.insert (!r
, uname
, line
:: lines
)
44 val confLine_in
= confLine ((fn (uid
, uname
) =>
45 TextIO.output (users_tcp_in_conf
, String.concat
46 ["mod owner uid-owner ",
50 "_tcp_in goto lreject; }\n"])),
53 val confLine_out
= confLine ((fn (uid
, uname
) =>
54 TextIO.output (users_tcp_out_conf
, String.concat
55 ["mod owner uid-owner ",
59 "_tcp_out; goto lreject; }\n"])),
62 fun parsePorts ports
=
63 case String.fields (fn ch
=> ch
= #
",") ports
of
65 | pps
=> String.concat
["(", String.concatWith
" " pps
, ")"]
67 fun parseHosts addr hosts
=
70 |
[host
] => String.concat
[" ", addr
, " ", host
]
71 | _
=> String.concat
[" ", addr
, " (", String.concatWith
" " hosts
, ")"]
74 case TextIO.inputLine inf
of
77 case String.tokens
Char.isSpace line
of
80 val uid
= Posix
.SysDB
.Passwd
.uid (Posix
.SysDB
.getpwnam uname
)
81 val uid
= SysWord
.toInt (Posix
.ProcEnv
.uidToWord uid
)
84 "Client" :: ports
:: hosts
=>
85 confLine_out (uid
, uname
, String.concat
["dport ", parsePorts ports
, parseHosts
"daddr" hosts
, " ACCEPT;"])
86 |
"Server" :: ports
:: hosts
=>
87 confLine_in (uid
, uname
, String.concat
["dport ", parsePorts ports
, parseHosts
"daddr" hosts
, " ACCEPT;"])
88 |
["LocalServer", ports
] =>
89 confLine_in (uid
, uname
, String.concat
["saddr $WE dport ", parsePorts ports
, " ACCEPT;"])
90 | _
=> print
"Invalid config line\n";
97 val _
= TextIO.closeOut users_tcp_out_conf
;
98 val _
= TextIO.closeOut users_tcp_in_conf
;
99 val users_conf
= TextIO.openOut (fwdir ^
"/users.conf")
101 StringMap
.appi (fn (uname
, lines
) =>
102 TextIO.output (users_conf
,
103 String.concat ("chain users_"
105 :: "_tcp_in proto tcp {\n"
107 @
["}\n\n"]))) (!in_lines
);
108 StringMap
.appi (fn (uname
, lines
) =>
109 TextIO.output (users_conf
,
110 String.concat ("chain users_"
112 :: "_tcp_out proto tcp {\n"
114 @
["}\n\n"]))) (!out_lines
);
115 TextIO.closeOut users_conf
;