-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.cpp
181 lines (166 loc) · 5.71 KB
/
main.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
// Copyright (C) 2015-2019 Itay Grudev <[email protected]>
//
// This file is part of the USB Firewall.
// USB Firewall is free software: you can redistribute it and/or modify it
// under the terms of the GNU General Public License version 3 as published
// by the Free Software Foundation.
//
// USB Firewall is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even implied warranty of MERCHANTABILITY
// or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
// version 3 for more details.
//
// You should have received a copy of the GNU General Public License along
// with the software. If not, see <http://www.gnu.org/licenses/>.
#include <cstdio>
#include <string>
#include <cstring>
#include <unistd.h>
#define LOGFILE "/var/log/usbfw.log"
// Help and usage
void help();
void usage();
// Commands
int event( char*, char** );
int enable(){ return 0; }
int disable(){ return 0; }
int logging( int ){ return 0; }
int allow( int, char*[] ){ return 0; }
int deny( int, char*[] ){ return 0; }
int limit( int, char*[] ){ return 0; }
int delete_rule( int, char*[] ){ return 0; }
int insert( int, char*[], bool ){ return 0; }
int reload(){ return 0; }
int status( int, char*[] ){ return 0; }
int logs( int ){ return 0; }
int version(){ return 0; }
/**
* @brief Debug mode flag.
* If set, no actions are executed and everything that would have been done
* is outputed with details on stdout;
*/
bool debug = false;
int main( int argc, char* argv[], char **envp ){
// Anything less than 2 arguments is invalid
if( argc < 2 ){
usage();
return 0;
}
// Check if the command includes a help flag
for( int i = 1; i < argc; ++i ){
// Help and Usage flags
if( strcmp( argv[i], "-h" ) == 0 ){
usage();
return 0;
}
if( strcmp( argv[i], "--help" ) == 0 ){
help();
return 0;
}
}
// Event processing command
if( strcmp( argv[1], "-e" ) == 0 ){ // EVENT command
if( argc < 3 ){
usage();
return 1;
}
return event( argv[2], envp );
} else if( strcmp( argv[1], "help" ) == 0 ){ // HELP command
help();
return 0;
} else if( strcmp( argv[1], "enable" ) == 0 ){ // ENABLE command
if( argc != 2 ) help();
else return enable();
} else if( strcmp( argv[1], "disable" ) == 0 ){ // DISABLE command
if( argc != 2 ) help();
else return disable();
} else if( strcmp( argv[1], "logging" ) == 0 ){ // LOGGING command
if( argc != 3 ) help();
else return logging(std::stoi( argv[2]));
} else if( strcmp( argv[1], "allow" ) == 0 ){ // ALLOW command
return allow( argc - 2, &argv[2]);
} else if( strcmp( argv[1], "deny" ) == 0 ){ // DENY command
return deny( argc - 2, &argv[2]);
} else if( strcmp( argv[1], "limit" ) == 0 ){ // LIMIT command
return limit( argc - 2, &argv[2]);
} else if( strcmp( argv[1], "delete" ) == 0 ){ // DELETE command
return delete_rule( argc - 2, &argv[2]);
} else if( strcmp( argv[1], "insert" ) == 0 ){ // INSERT command
return insert( argc - 2, &argv[2], true);
} else if( strcmp( argv[1], "reload" ) == 0 ){ // RELOAD command
if( argc != 2 ) help();
else return reload();
} else if( strcmp( argv[1], "status" ) == 0 ){ // STATUS command
return status( argc - 2, &argv[2]);
} else if( strcmp( argv[1], "logs" ) == 0 ){ // LOGS command
if( argc != 3 ) help();
else return logs(std::stoi( argv[2]));
} else if( strcmp( argv[1], "version" ) == 0 ){ // VERSION command
if( argc != 2 ) help();
else return version();
}
return 1;
}
int event( char* devpath, char **envp ){
int counter = 0;
pid_t pid = fork();
if( pid == 0 ); // child process
else if( pid > 0 ) return 0; // parent process
else return 1; // fork failed
// Log either to stdout or to LOGFILE (in /var/log/)
if( debug ){
printf( "%s\n", devpath );
for( char **env = envp; *env != 0; ++env ){
char *thisEnv = *env;
printf( "%s\n", thisEnv );
}
} else {
FILE *logfile = fopen( LOGFILE, "a" );
fprintf( logfile, "%s\n", devpath );
for( char **env = envp; *env != 0; ++env ){
char *thisEnv = *env;
fprintf( logfile, "%s\n", thisEnv );
}
fclose( logfile );
}
return 0;
}
void usage(){
printf( "Usage: usbfw [<command> [[ARG] ...]] "
"[-e <event> <devpath> <devnode> <parent> [-d]] [-h] [--help] \n" );
}
void help(){
printf( "\n" );
usage();
printf( "\nCommands:\n"
" enable\t\t Enable the firewall\n"
" disable\t\t Disable the firewall\n"
" logging LEVEL\t\t Set logging to LEVEL\n"
" allow ARGS\t\t Add allow rule\n"
" deny ARGS\t\t Add deny rule\n"
" limit ARGS\t\t Add limit rule\n"
" delete RULE|NUM\t Delete RULE\n"
" insert NUM RULE\t Insert RULE at NUM\n"
" reload\t\t Reload the firewall\n"
" status\t\t Show firewall status\n"
" status verbose\t Show verbose firewall status\n"
" logs NUM\t\t Show the last NUM entries from the log\n"
" version\t\t Display version information\n"
"\nEvents (These are only used by the system itself or for debugging):\n"
" Use the \"-e\" flag instead of a command, followed by 4 arguments:\n"
" <TYPE>\t\t The type of the event\n"
" <DEVPATH>\t\t The device path as defined by udev\n"
" <DEVNODE>\t\t The device node name as defined by udev\n"
" <PARENT>\t\t The device node name of the parent if the device\n"
" -d Toggles debug mode. Used for debugging events. This showes how\n"
" the event will be processed without authorizing the device.\n"
"\nExamples:\n"
" # Enable / Disable the firewall\n"
" usbfw enable\n"
" usbfw disable\n\n"
" # Show verbose status of the firewall\n"
" usbfw status verbose\n\n"
" # Test an event without actually deauthorizing the device\n"
" usbfw -e add DEVPATH DEVNODE PARENT -d\n" );
printf( "\n" );
}