From f275c2283ea37325dfd94f5884763d907a103a23 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Fri, 1 Aug 2008 20:36:48 +0000 Subject: [PATCH] newer and better fwbedit, deprecatin fwblookup --- build_num | 2 +- doc/ChangeLog | 17 ++ doc/doc.pro | 1 - doc/fwbedit.1 | 140 +++++++++++-- doc/fwblookup.1 | 95 --------- doc/fwblookup21.1 | 95 --------- runqmake.sh | 1 - src/fwbedit/fwbedit.cpp | 84 ++++---- src/fwbedit/fwbedit.h | 7 + src/fwbedit/fwbedit.pro | 2 +- src/fwbedit/list_object.cpp | 272 +++++++++++++++++++++++++ src/fwbedit/new_object.cpp | 6 +- src/fwbedit/repair_tree.cpp | 9 +- src/fwblookup/.cvsignore | 4 - src/fwblookup/fwblookup.cpp | 386 ------------------------------------ src/fwblookup/fwblookup.pro | 14 -- src/src.pro | 2 +- 17 files changed, 474 insertions(+), 663 deletions(-) delete mode 100644 doc/fwblookup.1 delete mode 100644 doc/fwblookup21.1 create mode 100644 src/fwbedit/list_object.cpp delete mode 100644 src/fwblookup/.cvsignore delete mode 100644 src/fwblookup/fwblookup.cpp delete mode 100644 src/fwblookup/fwblookup.pro diff --git a/build_num b/build_num index 72bd49f87..7fbe81599 100644 --- a/build_num +++ b/build_num @@ -1 +1 @@ -#define BUILD_NUM 428 +#define BUILD_NUM 430 diff --git a/doc/ChangeLog b/doc/ChangeLog index 030edf985..e2c31809a 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,20 @@ +2008-08-01 Vadim Kurland + + * list_object.cpp (getAttributeValue): added command "list" to + fwbedit. This command can print contents of one object, an object + and all objects below it in the tree or contents of a + group. Object's attributes can be arranged in the output according + to the provided format string where attributes are represented by + macros of the format "%attr_name%" where attr_name is the name of + the attribute. + + * fwbedit.1: Man page fwbedit.1 has been updated with the list of + commands, options, supported attributes and examples. + + * with addition of the "list" command to fwbedit, utility + fwblookup has been deprecated and removed from the package and + source code tree. + 2008-07-31 Vadim Kurland * fwbedit.cpp (usage): Redesigned command line interface for diff --git a/doc/doc.pro b/doc/doc.pro index 07aa4e1ac..eb72449b7 100644 --- a/doc/doc.pro +++ b/doc/doc.pro @@ -40,7 +40,6 @@ doc.files = AUTHORS \ doc.path = $$DOCDIR man.files = fwbedit.1 \ - fwblookup.1 \ fwbuilder.1 \ fwb_iosacl.1 \ fwb_ipf.1 \ diff --git a/doc/fwbedit.1 b/doc/fwbedit.1 index cf5151263..d40df6dc8 100644 --- a/doc/fwbedit.1 +++ b/doc/fwbedit.1 @@ -27,7 +27,7 @@ below). .SH COMMANDS AND OPTIONS: -.B new +.B new -f file.fwb -t objtype -n name -c comment -p parent [-a attrs] Creates new object. @@ -45,7 +45,7 @@ Creates new object. -.B delete +.B delete -f file.fwb -o object Deletes object specified by its full path in the tree or object ID. @@ -56,7 +56,7 @@ Deletes object specified by its full path in the tree or object ID. -.B modify +.B modify -f file.fwb -o object -c comment [-a attrs] Modifies object specified by its full path in the tree or object ID. Object can not be renamed using this operation. @@ -73,7 +73,7 @@ Object can not be renamed using this operation. -.B list +.B list -f file.fwb -o object [-r|-c] [-d|-Fformat] Prints name and ID of an object. @@ -81,10 +81,28 @@ Prints name and ID of an object. -f file.fwb: data file .PP -o object: object to print, full path or ID +.PP +-r print specified object and all objects under it in the tree +.PP +-c print only children objects of the given object but do not + print the object itself. +.PP +-d print full dump of all object's attributes including internal debugging +information if available, this can be very verbose. +.PP +-Fformat_string Program recognizes macros in the format string and +replaces them with values of corresponding object's attributes. Macro +is the name of the attribute surrounded with '%', such as '%name%' +or '%address%'. Here is the list of some attribute names: "id", +"name", "path", "comment", "type", "address", "netmask", +"dnsname". TCP and UDP service objects provide attributes +"src_range_start", "src_range_end", "dst_range_start", "dst_range_end" +for the source and destination port ranges. ICMP and ICMP6 service +objects have attributes "icmp_type" and "icmp_code". -.B add +.B add -f file.fwb -p group -o object Adds object specified by path or ID to a group, also specified by its path or ID. @@ -99,7 +117,7 @@ path or ID. -.B remove +.B remove -f file.fwb -p group -o object Removes object from a group. @@ -113,14 +131,14 @@ Removes object from a group. -.B upgrade +.B upgrade -f file.fwb Upgrades data file to the latest data format version. -f file.fwb: data file -.B checktree +.B checktree -f file.fwb Checks consistency and correctness of the object tree in the given data file and repairs it if necessary. @@ -166,6 +184,73 @@ data file and repairs it if necessary. .SH EXAMPLES +.PP +Print contents of the object /User/Firewalls/firewall/eth0 according +to the provided format. Note that object of the type "Interface" does not have +attribute that would define its address, IP address is defined by its child +object of the type IPv4 or IPv6. +.PP +fwbedit list -f x.fwb -o /User/Firewalls/firewall/eth0 -F "type=%type% name=%name% id=%id% %comment%" + + +.PP +Print contents of the object /User/Firewalls/firewall/eth0 and all its +child objects. This is the way to see addresses and +netmasks. Interface object does not have attribiute "address" so the program +ignores macro "%address%" when it prints interface. +.PP +fwbedit list -f x.fwb -o /User/Firewalls/firewall/eth0 -F "type=%type% name=%name% id=%id% %comment% %address%" -r + + +.PP +Print group object /User/Objects/Addresses +.PP +fwbedit list -f x.fwb -o /User/Objects/Addresses -F "type=%type% name=%name% id=%id% %comment%" + + +.PP +Print group object /User/Objects/Addresses and all address objects inside of it: +.PP +fwbedit list -f x.fwb -o /User/Objects/Addresses -F "type=%type% name=%name% id=%id% %comment%" -r + + +.PP +Print address objects inside group /User/Objects/Addresses but do not print +the group object itself: +.PP +fwbedit list -f x.fwb -o /User/Objects/Addresses -F "type=%type% name=%name% id=%id% %comment%" -c + + +.PP +Print addresses and netmasks of all interfaces of all firewalls in the +form of their full object tree path, followed by the type, id, address +and netmask: +.PP +fwbedit list -f x.fwb -o /User/Firewalls -F "%path% %type% %id% %address% %netmask%" -r | grep IP + + +.PP +Print names, platform and version information for all firewall objects defined +in the data file: +.PP +fwbedit list -f x.fwb -o /User/Firewalls -F "%name% platform: %platform% version: %version%" -c + + +.PP +Print name, source and destination port ranges for all TCP services in +the folder TCP of the user-defined group User: +.PP +fwbedit list -f x.fwb -o /User/Services/TCP -c -F "name='%name%' est=%established% \t %src_range_start%-%src_range_end% : %dst_range_start%-%dst_range_end%" + + +.PP +Print icmp type and code for all ICMP services in the folder ICMP of +the user-defined group User: +.PP +fwbedit list -f x.fwb -o /User/Services/ICMP -c -F "name='%name%' icmp_type=%icmp_type% icmp_code=%icmp_code%" + + + .PP Add IPv6 address to one of the interfaces of firewall object "firewall": .PP @@ -193,21 +278,32 @@ fwbedit add -f x.fwb -o id3D71A1BA -g /User/Objects/Groups/testgroup .PP -fwbedit can be used in combination with fwblookup to execute -operations on many objects. -.PP -First, the following script uses fwblookup to print full path of all -Host objects (option -l in combination with option -P prints full path -for all children objects of /Objects/Hosts), then uses grep to filter -only those hosts that have 'domain.com' in their name, then cycles -through the obtained list and uses fwbedit to add them to the -group 'domainGRP'. +The following script uses fwbedit "list" command to print IDs of all +Address objects in the folder /User/Objects/Addresses , then cycles +through the obtained list and uses fwbedit to add them to the group +"group1". + .LP - fwblookup -f x.fwb -lP /User/Objects/Hosts | \\ - grep domain.com | \\ - while read h; do \\ - fwbedit add -f x.fwb -o $h -g /User/Objects/Groups/domainGRP; \\ - done + fwbedit list -f x.fwb -o /User/Objects/Addresses -F "%id%" -c | \\ + while read id; do \\ + fwbedit add -f x.fwb -g /User/Objects/Groups/group1 -o $id; \\ + done + + +.PP +Here is slightly more complex example. The following script uses +fwbedit "list" command to print types and IDs of all Address objects +in the folder /User/Objects/Addresses , then filters them using grep +to get only IPv6 objects and finally cycles through the obtained list +and uses fwbedit to add them to the group "group1". + +.LP + fwbedit list -f x.fwb -o /User/Objects/Addresses -F "%type% %id%" -c | \\ + grep IPv6 | \\ + while read type id; do \\ + fwbedit add -f x.fwb -g /User/Objects/Groups/group1 -o $id; \\ + done + .SH URL diff --git a/doc/fwblookup.1 b/doc/fwblookup.1 deleted file mode 100644 index d0032bdc2..000000000 --- a/doc/fwblookup.1 +++ /dev/null @@ -1,95 +0,0 @@ -.TH fwblookup 1 "" FWB "Firewall Builder" -.SH NAME -fwblookup \- General purpose object lookup tool -.SH SYNOPSIS - -.B fwblookup -.RB [-a attribute] -.RB [-rADILMNPTV] -.RB -f data_file.xml -object_id|tree_path_to_object - -.SH "DESCRIPTION" - -.B fwblookup -is a general purpose object lookup tool for Firewall Builder (see -fwbuilder(1)). This tool finds object in the data file specified with -"-f" option and prints its attributes requested via command line -options. Object to be found is designated by its ID or full tree path -given as an argument on the command line. This tool can be used in -scripts that need to be able to find and inspect objects in the XML -file, such as firewall policy installation script etc. - -.SH OPTIONS -.IP "-f FILE" -Specify the name of the data file to be processed. - -.IP "-a atribute" -Print value of the XML attribute 'attribute'. If specified attribute -does not exist in the object, fwblookup prints an error message and -terminates. This is universal option that can find and print any -attribute in any object, provided it exists, however you need to know -full tree path to the object or its ID and correct name of the -attribute you want to print. This means that detailed knowledge of -Firewall Builder XML DTD is required. See below for some convenient -shortcut options. This option can be used only once on a command line; -if it is used multiple times, then only the last attribute is printed. - -.IP "-A" -Print an address of the object. Since not all objects can have an -address, the program verifies type of the object and returns an error -if the object does not have an address. - -.IP "-D" -Dump all the data available for the object. If option "-r" is also -used, dump recursively the object and all other objects in the tree -below it. - -.IP "-I" -Print object's ID. - -.IP "-l" -List all the objects located immediately under the given object in the -tree (its 'children') and print their names, IDs, path or type, -depending on the options -N, -I, -T or -P which can be used together -with -l. - -.IP "-L" -Print interface label - -.IP "-M" -Print management address. Only Host and Firewall objects can have -management address. - -.IP "-N" -Print object's name - -.IP "-P" -Print full tree path to the object, starting with a tree root -"FWobjectDatabase". - -.IP "-r" -Dump or list the object and all other objects in the tree below -it (see "-l and -D") - -.IP "-T" -Print objects's type name. - -.IP "-V" -Print version number and quit. - -.SH URL -Firewall Builder home page is located at the following URL: -.B http://www.fwbuilder.org/ - -.SH BUGS -Please report bugs using bug tracking system on SourceForge: - -.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 - - -.SH SEE ALSO -.BR fwbuilder(1), -.BR fwbedit(1), - -.P diff --git a/doc/fwblookup21.1 b/doc/fwblookup21.1 deleted file mode 100644 index d0032bdc2..000000000 --- a/doc/fwblookup21.1 +++ /dev/null @@ -1,95 +0,0 @@ -.TH fwblookup 1 "" FWB "Firewall Builder" -.SH NAME -fwblookup \- General purpose object lookup tool -.SH SYNOPSIS - -.B fwblookup -.RB [-a attribute] -.RB [-rADILMNPTV] -.RB -f data_file.xml -object_id|tree_path_to_object - -.SH "DESCRIPTION" - -.B fwblookup -is a general purpose object lookup tool for Firewall Builder (see -fwbuilder(1)). This tool finds object in the data file specified with -"-f" option and prints its attributes requested via command line -options. Object to be found is designated by its ID or full tree path -given as an argument on the command line. This tool can be used in -scripts that need to be able to find and inspect objects in the XML -file, such as firewall policy installation script etc. - -.SH OPTIONS -.IP "-f FILE" -Specify the name of the data file to be processed. - -.IP "-a atribute" -Print value of the XML attribute 'attribute'. If specified attribute -does not exist in the object, fwblookup prints an error message and -terminates. This is universal option that can find and print any -attribute in any object, provided it exists, however you need to know -full tree path to the object or its ID and correct name of the -attribute you want to print. This means that detailed knowledge of -Firewall Builder XML DTD is required. See below for some convenient -shortcut options. This option can be used only once on a command line; -if it is used multiple times, then only the last attribute is printed. - -.IP "-A" -Print an address of the object. Since not all objects can have an -address, the program verifies type of the object and returns an error -if the object does not have an address. - -.IP "-D" -Dump all the data available for the object. If option "-r" is also -used, dump recursively the object and all other objects in the tree -below it. - -.IP "-I" -Print object's ID. - -.IP "-l" -List all the objects located immediately under the given object in the -tree (its 'children') and print their names, IDs, path or type, -depending on the options -N, -I, -T or -P which can be used together -with -l. - -.IP "-L" -Print interface label - -.IP "-M" -Print management address. Only Host and Firewall objects can have -management address. - -.IP "-N" -Print object's name - -.IP "-P" -Print full tree path to the object, starting with a tree root -"FWobjectDatabase". - -.IP "-r" -Dump or list the object and all other objects in the tree below -it (see "-l and -D") - -.IP "-T" -Print objects's type name. - -.IP "-V" -Print version number and quit. - -.SH URL -Firewall Builder home page is located at the following URL: -.B http://www.fwbuilder.org/ - -.SH BUGS -Please report bugs using bug tracking system on SourceForge: - -.BR http://sourceforge.net/tracker/?group_id=5314&atid=105314 - - -.SH SEE ALSO -.BR fwbuilder(1), -.BR fwbedit(1), - -.P diff --git a/runqmake.sh b/runqmake.sh index 7679d6d9c..8b83b8bcc 100755 --- a/runqmake.sh +++ b/runqmake.sh @@ -18,7 +18,6 @@ for d in src/ \ doc/ \ src/antlr/ \ src/gui/ \ - src/fwblookup/ \ src/fwbedit/ \ src/ipt/ \ src/pflib/ \ diff --git a/src/fwbedit/fwbedit.cpp b/src/fwbedit/fwbedit.cpp index 9a43d9b66..63951e820 100644 --- a/src/fwbedit/fwbedit.cpp +++ b/src/fwbedit/fwbedit.cpp @@ -182,10 +182,17 @@ void usage() cout << endl; cout << - " list -f file.fwb -o object\n" + " list -f file.fwb -o object [-r|-c] [-d|-Fformat]\n" "\n" " -f file.fwb: data file\n" - " -o object: object to print, full path or ID\n"; + " -o object: object to print, full path or ID\n" + " -r print given object and all object below it in the tree\n" + " -c print all children of given object but not the object\n" + " itself\n" + " -d print full dump of all object's attributes including\n" + " internal debugging information if available\n" + " -F format_string print according to the format; see\n" + " man fwbedit(1) for the list of macros and examples\n"; cout << endl; cout << @@ -270,13 +277,14 @@ void usage() } -void findObjects(const string &obj_path, FWObject *obj, list &res) +void _findObjects(const string &obj_path, FWObject *obj, list &res) { - if (obj->getPath()==obj_path) res.push_back(obj); + string path = fixPath(obj_path); + if (obj->getPath()==path) res.push_back(obj); for (FWObject::iterator it=obj->begin(); it!=obj->end(); ++it) { if (FWReference::cast(*it)) continue; - findObjects(obj_path, *it, res); + _findObjects(path, *it, res); } } @@ -296,6 +304,26 @@ string fixPath(const string &obj_path) return res; } +void findObjects(const string &obj_path, FWObject *obj, list &res) +{ + if (obj_path.find('/')==string::npos) + { + int id = FWObjectDatabase::getIntId(obj_path); + if (id>=0) + { + FWObject *o = obj->getRoot()->findInIndex(id); + if (o) + { + res.push_back(o); + return; + } + } + } + + string path = fixPath(obj_path); + _findObjects(path, obj, res); +} + int splitStr(char ch,string s, operands * ops) { int res=0; @@ -334,27 +362,6 @@ bool getBool(string s) -void listObject(FWObjectDatabase *objdb, const string &path) -{ - list objects; - findObjects(fixPath(path), objdb, objects); - if (objects.size()==0) - { - cout << "Object " << path << " not found" << endl; - exit(-1); - } - - for (list::iterator it=objects.begin(); - it!=objects.end(); ++it) - { - FWObject *obj = *it; - cout << obj->getName() << _(" ( ") - << FWObjectDatabase::getStringId(obj->getId()) << _(" ) ") - << endl; - } -} - - int main(int argc, char * const *argv) { operands ops; @@ -365,6 +372,10 @@ int main(int argc, char * const *argv) string group; string parent; string comment_txt; + bool list_children = false; + bool recursive = false; + string list_format; + bool full_dump = false; if (argc<=2) { @@ -476,14 +487,18 @@ int main(int argc, char * const *argv) break; case LIST: - // -f file.fwb -o object + // -f file.fwb -o object [-r] [-Fformat_string] [-d] // object can be either path or ID - while( (opt=getopt(argc, args, "f:o:")) != EOF ) + while( (opt=getopt(argc, args, "f:o:crdF:")) != EOF ) { switch(opt) { case 'f': filename = optarg; break; case 'o': object = optarg; break; + case 'c': list_children = true; break; + case 'r': recursive = true; break; + case 'F': list_format = optarg; break; + case 'd': full_dump = true; break; } } break; @@ -544,13 +559,14 @@ int main(int argc, char * const *argv) } else if (cmd == LIST) { - listObject(objdb, object); + listObject(objdb, object, list_children, recursive, + list_format, full_dump); return(0); } else if (cmd == UPGRADE) { - cout << _("File upgraded; current version: ") - << libfwbuilder::Constants::getLibraryVersion() << endl; + cout << _("File upgraded; current data format version: ") + << libfwbuilder::Constants::getDataFormatVersion() << endl; } else if (cmd == NEWOBJECT) { @@ -568,7 +584,7 @@ int main(int argc, char * const *argv) { list objects; - findObjects(fixPath(object), objdb, objects); + findObjects(object, objdb, objects); if (objects.size()==0) { cout << "Object " << object << " not found" << endl; @@ -583,7 +599,7 @@ int main(int argc, char * const *argv) if (cmd==ADDGRP) { list groups; - findObjects(fixPath(group), objdb, groups); + findObjects(group, objdb, groups); if (groups.size()==0) { cout << "Group " << group << " not found" << endl; @@ -598,7 +614,7 @@ int main(int argc, char * const *argv) if (cmd==REMGRP) { list groups; - findObjects(fixPath(group), objdb, groups); + findObjects(group, objdb, groups); if (groups.size()==0) { cout << "Group " << group << " not found" << endl; diff --git a/src/fwbedit/fwbedit.h b/src/fwbedit/fwbedit.h index f2036a141..5a44cc696 100644 --- a/src/fwbedit/fwbedit.h +++ b/src/fwbedit/fwbedit.h @@ -45,6 +45,13 @@ class OperandsError : public std::exception {}; // to make it compile on windows typedef std::deque operands; +extern void listObject(libfwbuilder::FWObjectDatabase *objdb, + const std::string &path, + bool list_children, + bool recursive, + const std::string &list_format, + bool full_dump); + extern void newObject(libfwbuilder::FWObjectDatabase *objdb, const std::string &objtype, const std::string &name, diff --git a/src/fwbedit/fwbedit.pro b/src/fwbedit/fwbedit.pro index 7421ad0d4..8e7b82be7 100644 --- a/src/fwbedit/fwbedit.pro +++ b/src/fwbedit/fwbedit.pro @@ -6,7 +6,7 @@ include(../../qmake.inc) TEMPLATE = app -SOURCES = fwbedit.cpp new_object.cpp repair_tree.cpp +SOURCES = fwbedit.cpp new_object.cpp repair_tree.cpp list_object.cpp HEADERS = ../../config.h fwbedit.h TARGET = fwbedit diff --git a/src/fwbedit/list_object.cpp b/src/fwbedit/list_object.cpp new file mode 100644 index 000000000..7b0d2c30a --- /dev/null +++ b/src/fwbedit/list_object.cpp @@ -0,0 +1,272 @@ +/* + + Firewall Builder + + Copyright (C) 2008 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + $Id: fwbedit.cpp 429 2008-07-31 07:03:39Z vadim $ + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "../../config.h" +#include "fwbuilder/libfwbuilder-config.h" +#include "fwbuilder/Constants.h" + +#include +#include + +#ifdef HAVE_LOCALE_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include + + +#ifndef _WIN32 +# include +#endif + +#include +#include +#include +#include +#include + +#ifdef HAVE_GETOPT_H +# include +#else +# ifdef _WIN32 +# include +# else +# include +# endif +#endif + +#include "fwbuilder/Resources.h" + +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/XMLTools.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/Group.h" + +#include "fwbuilder/Library.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Host.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/NetworkIPv6.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/IPv6.h" +#include "fwbuilder/DNSName.h" +#include "fwbuilder/AddressTable.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/ObjectGroup.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/CustomService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/ServiceGroup.h" +#include "fwbuilder/Interval.h" +#include "fwbuilder/IntervalGroup.h" +#include "fwbuilder/TagService.h" +#include "fwbuilder/UserService.h" + +#include + +#include "fwbedit.h" + + +using namespace libfwbuilder; +using namespace std; + + +string getAttributeValue(FWObject *obj, const string &attr_name) +{ + if (attr_name=="ID" || attr_name=="id") + return FWObjectDatabase::getStringId(obj->getId()); + if (attr_name=="type") + return obj->getTypeName(); + if (attr_name=="name") + return obj->getName(); + if (attr_name=="path") + return obj->getPath(); + if (attr_name=="comment") + return obj->getComment(); + + string objtype = obj->getTypeName(); + + if (attr_name=="address") + { + if (objtype==IPv4::TYPENAME || + objtype==IPv6::TYPENAME || + objtype==Network::TYPENAME || + objtype==NetworkIPv6::TYPENAME) + { + return Address::cast(obj)->getAddressPtr()->toString(); + } + } + + if (attr_name=="netmask") + { + if (objtype==IPv4::TYPENAME || objtype==Network::TYPENAME) + { + return Address::cast(obj)->getNetmaskPtr()->toString(); + } + + if (objtype==IPv6::TYPENAME || objtype==NetworkIPv6::TYPENAME) + { + ostringstream str; + str << Address::cast(obj)->getNetmaskPtr()->getLength(); + return str.str(); + } + } + + if (attr_name=="start_address" && objtype==AddressRange::TYPENAME) + { + return AddressRange::cast(obj)->getRangeStart().toString(); + } + + if (attr_name=="end_address" && objtype==AddressRange::TYPENAME) + { + return AddressRange::cast(obj)->getRangeEnd().toString(); + } + + if (attr_name=="dnsname" && objtype==DNSName::TYPENAME) + { + return DNSName::cast(obj)->getSourceName(); + } + + if (TCPUDPService::cast(obj)!=NULL) + { + ostringstream str; + if (attr_name=="src_range_start") + str << TCPUDPService::cast(obj)->getSrcRangeStart(); + if (attr_name=="src_range_end") + str << TCPUDPService::cast(obj)->getSrcRangeEnd(); + if (attr_name=="dst_range_start") + str << TCPUDPService::cast(obj)->getDstRangeStart(); + if (attr_name=="dst_range_end") + str << TCPUDPService::cast(obj)->getDstRangeEnd(); + if (str.tellp()>0) return str.str(); + } + + if (ICMPService::cast(obj)!=NULL) + { + if (attr_name=="icmp_type") return obj->getStr("type"); + if (attr_name=="icmp_code") return obj->getStr("code"); + } + + string av = obj->getStr(attr_name); + return av; +} + +/* + * find first occurrence of the %attr% macro and replace it with the + * value of corresponding attribute of the obj. Replacement is done in + * the same string in place, function returns true if it found and + * replaced at least one macro, false otherwise + */ +bool replaceFirstMacroInString(string &str, FWObject *obj) +{ + string::size_type n = 0; + for (n=0; n=str.length()) return false; + n1 = n; + string attr_name = str.substr(n0+1, n1-n0-1); + string attr_value = getAttributeValue(obj, attr_name); + str.replace(n0, n1-n0+1, attr_value); + return true; + } + } + return false; +} + +void listObject(FWObject *obj, bool list_children, bool recursive, + const string &list_format, + bool full_dump, int offset) +{ + int off = offset; + /* + * print according to the list_format + * format macros are attribute names surrounded by %%, like + * %name% or %address% + */ + if (!list_children) + { + if (full_dump) obj->dump(recursive, false); + else + { + string format = list_format; + while (replaceFirstMacroInString(format, obj)); + + string::size_type n; + while ( (n=format.find("\\t"))!=string::npos ) + format.replace(n, 2, "\t"); + while ( (n=format.find("\\n"))!=string::npos ) + format.replace(n, 2, "\n"); + + cout << string(offset,' ') << format << endl; + off += 4; + } + } + if (recursive || list_children) + { + for (FWObject::iterator it=obj->begin(); it!=obj->end(); ++it) + listObject(*it, false, recursive, + list_format, full_dump, off); + } +} + + +void listObject(FWObjectDatabase *objdb, + const string &path, + bool list_children, + bool recursive, + const string &list_format, + bool full_dump) +{ + list objects; + findObjects(path, objdb, objects); + if (objects.size()==0) + { + cout << "Object " << path << " not found" << endl; + exit(-1); + } + + for (list::iterator it=objects.begin(); it!=objects.end(); ++it) + listObject(*it, list_children, recursive, list_format, full_dump, 0); + +} + diff --git a/src/fwbedit/new_object.cpp b/src/fwbedit/new_object.cpp index 60ed4e17a..01a24456c 100644 --- a/src/fwbedit/new_object.cpp +++ b/src/fwbedit/new_object.cpp @@ -236,7 +236,7 @@ FWObject* createObject(FWObjectDatabase *objdb, path = parent; list parents; - findObjects(fixPath(path), objdb, parents); + findObjects(path, objdb, parents); if (parents.size()) { FWObject *parent_obj = parents.front(); @@ -785,7 +785,7 @@ void modObject(FWObjectDatabase *objdb, operands &ops) { list objects; - findObjects(fixPath(object), objdb, objects); + findObjects(object, objdb, objects); if (objects.size()==0) { cout << "Object " << object << " not found" << endl; @@ -803,7 +803,7 @@ void modObject(FWObjectDatabase *objdb, void delObject(FWObjectDatabase *objdb, const string &object) { list objects; - findObjects(fixPath(object), objdb, objects); + findObjects(object, objdb, objects); if (objects.size()==0) { cout << "Object " << object << " not found" << endl; diff --git a/src/fwbedit/repair_tree.cpp b/src/fwbedit/repair_tree.cpp index 7265c4bc8..f7c755828 100644 --- a/src/fwbedit/repair_tree.cpp +++ b/src/fwbedit/repair_tree.cpp @@ -41,14 +41,13 @@ using namespace std; void testAndFix(FWObjectDatabase *objdb, const string &path, const string &type, FWObject *root) { - string fixed_path = fixPath(path); list objects; - findObjects(fixed_path, root, objects); + findObjects(path, root, objects); if (objects.size()==0) { - string::size_type n = fixed_path.rfind('/'); - string obj_name = fixed_path.substr(n+1); - string parent_path = fixed_path.substr(0, n); + string::size_type n = path.rfind('/'); + string obj_name = path.substr(n+1); + string parent_path = path.substr(0, n); findObjects(parent_path, root, objects); assert(objects.size()==1); FWObject *parent = objects.front(); diff --git a/src/fwblookup/.cvsignore b/src/fwblookup/.cvsignore deleted file mode 100644 index 641d40f7f..000000000 --- a/src/fwblookup/.cvsignore +++ /dev/null @@ -1,4 +0,0 @@ -Makefile -.moc -.ui -*.app diff --git a/src/fwblookup/fwblookup.cpp b/src/fwblookup/fwblookup.cpp deleted file mode 100644 index 16cd636bd..000000000 --- a/src/fwblookup/fwblookup.cpp +++ /dev/null @@ -1,386 +0,0 @@ -/* - - Firewall Builder - - Copyright (C) 2003 NetCitadel, LLC - - Author: Vadim Kurland vadim@fwbuilder.org - - $Id$ - - This program is free software which we release under the GNU General Public - License. You may redistribute and/or modify this program under the terms - of that license as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - To get a copy of the GNU General Public License, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -#include "../../config.h" -#include "fwbuilder/libfwbuilder-config.h" - -#include - -#ifdef HAVE_LOCALE_H -#include -#endif - -#include -#include -#include -#include -#include - -// #include -#include -#include -#include -#include - -#include "fwbuilder/Resources.h" - -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/XMLTools.h" -#include "fwbuilder/FWException.h" -#include "fwbuilder/FWReference.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/Interface.h" - -#ifdef HAVE_GETOPT_H -# include -#else -# ifdef _WIN32 -# include -# else -# include -# endif -#endif - - -#include "../common/init.cpp" - -using namespace libfwbuilder; -using namespace std; - -static char *filename = NULL; -static char *attr = NULL; -static char *optn = NULL; -static bool dump = false; /* -D */ -static bool recursive = false; /* -r */ -static bool print_path = false; /* -P */ -static bool print_id = false; /* -I */ -static bool print_type = false; /* -T */ -static bool print_name = false; /* -N */ -static bool print_label = false; /* -L */ -static bool print_addr = false; /* -A */ -static bool print_mgmt_addr = false; /* -M */ -static bool list_children = false; /* -l */ - -FWObjectDatabase *objdb = NULL; - -int fwbdebug = 0; - -class UpgradePredicate: public XMLTools::UpgradePredicate -{ - public: - virtual bool operator()(const string&) const - { - cout << _("Data file has been created in the old version of Firewall Builder. Use fwbuilder GUI to convert it.") << endl; - return false; - } -}; - -void usage(const char *name) -{ - cout << _("Firewall Builder: general purpose object lookup tool") << endl; - cout << _("Version ") << VERSION << "-" << RELEASE_NUM << endl; - cout << _("Usage: ") << name - << _(" [-V] -f filename.xml [-a attribute] [-o option_name] [-rADIlLMNPT] object_id | full_path_to_object") << endl; -} - -void find_objects(const string &obj_path, FWObject *obj, list &res) -{ - if (obj->getPath()==obj_path) res.push_back(obj); - for (FWObject::iterator it=obj->begin(); it!=obj->end(); ++it) - { - if (FWReference::cast(*it)) continue; - find_objects(obj_path, *it, res); - } -} - -void simplePrint(FWObject *o) -{ - if ( print_id ) cout << o->getId() << "\t"; - if ( print_name ) cout << o->getName() << "\t"; - if ( print_path ) - { - FWObject *o1=o; - string path=o1->getName(); - if (path.empty()) path=o1->getTypeName(); - while (o1->getParent()!=NULL && o1->getParent()!=o1->getRoot()) - { - string pp = o1->getParent()->getName(); - if (pp.empty()) pp = o1->getParent()->getTypeName(); - path = pp + "/" + path; - o1=o1->getParent(); - } - path = "/" + path; - cout << path << "\t"; - } - if ( print_type ) cout << o->getTypeName() << "\t"; - cout << endl; -} - -void listObject(FWObject *obj,bool recursive) -{ - for (FWObject::iterator i=obj->begin(); i!=obj->end(); i++) - { - FWObject *o=*i; - if (FWReference::cast(o)==NULL) - { - simplePrint(o); - if (recursive) listObject(o,recursive); - } - } -} - -string printObjectNameAndId(FWObject *obj) -{ - ostringstream strm; - strm << obj->getName() - << " (ID='" - << FWObjectDatabase::getStringId(obj->getId()) - << "')"; - return strm.str(); -} - -void performOperation(FWObject *obj) -{ - if (attr!=NULL) - { - if (obj->exists(attr)) - cout << obj->getStr(attr) << endl; - else - { - ostringstream err; - err << "Object " << printObjectNameAndId(obj) - << " does not have attribute " << attr; - throw FWException(err.str()); - } - exit(0); - } else - { - if (optn!=NULL) - { - if (Host::isA(obj) || Firewall::isA(obj)) - { - FWOptions *opt=Host::cast(obj)->getOptionsObject(); - if (opt!=NULL) - { - cout << opt->getStr(optn); - } else - { - ostringstream err; - err << "Object " << printObjectNameAndId(obj) - << " has no options"; - throw FWException(err.str()); - } - } else - { - ostringstream err; - err << "Can not print management address for " - << printObjectNameAndId(obj) - << ": only Host and Firewall objects have " - "management interface"; - throw FWException(err.str()); - } - - } - if ( print_addr ) - { - if (Address::cast(obj)!=NULL) - cout << Address::cast(obj)->getAddressPtr()->toString() - << endl; - else - { - ostringstream err; - err << "Can not print address for " - << printObjectNameAndId(obj) - << ": objects of this type do not have address"; - throw FWException(err.str()); - } - } - if ( print_label ) - { - if (Interface::isA(obj)) - cout << Interface::cast(obj)->getLabel() << endl; - else - { - ostringstream err; - err << "Can not print label for " - << printObjectNameAndId(obj) - << ": only Interface object has label"; - throw FWException(err.str()); - } - } - if ( print_mgmt_addr ) - { - if (Host::isA(obj) || Firewall::isA(obj)) - { - const InetAddr *ma = Host::cast(obj)->getManagementAddress(); - if (ma && (*ma) != InetAddr::getAny()) - { - cout << ma->toString() << endl; - } else - { - ostringstream err; - err << "Object " << printObjectNameAndId(obj) - << " does not have management interface"; - throw FWException(err.str()); - } - } else { - ostringstream err; - err << "Can not print management address for " - << printObjectNameAndId(obj) - << ": only Host and Firewall objects have " - "management interface"; - throw FWException(err.str()); - } - } - if ( list_children ) - { - simplePrint(obj); - listObject(obj,recursive); - exit(0); - } - simplePrint(obj); - if (dump ) obj->dump(cout,recursive,false); - } -} - -int main(int argc, char * const *argv) -{ - string object; - - - if (argc<=1) - { - usage(argv[0]); - exit(1); - } - - int opt; - - while( (opt=getopt(argc,argv,"rADIlLMNPTVf:a:o:")) != EOF ) - { - switch(opt) - { - case 'l': list_children=true; break; - case 'D': dump=true; break; - case 'r': recursive=true; break; - case 'A': print_addr=true; break; - case 'I': print_id=true; break; - case 'L': print_label=true; break; - case 'M': print_mgmt_addr=true; break; - case 'N': print_name=true; break; - case 'P': print_path=true; break; - case 'T': print_type=true; break; - case 'f': filename = strdup(optarg); break; - case 'a': attr = strdup(optarg); break; - case 'o': optn = strdup(optarg); break; - case 'V': usage(argv[0]); exit(1); - } - } - - if((argc-1) != optind) - { - usage(argv[0]); - exit(1); - } - - object = strdup( argv[optind++] ); - - init(argv); - - try { - - new Resources(respath+FS_SEPARATOR+"resources.xml"); - - /* create database */ - objdb = new FWObjectDatabase(); - - /* load the data file */ - UpgradePredicate upgrade_predicate; - - objdb->load(filename, &upgrade_predicate, librespath); - FWObject *obj = NULL; - list work_objects; - - if (object.find('/')!=string::npos) - { - /* - * got full path to the object. Since name of the object is - * not necessarily unique, this path could designate - * several objects. To find all these objects take one - * step up the tree and then loop over all children - * objects, comparing the name. - */ - - // add leading "/" if it is not there - if (object[0]!='/') object = string("/") + object; - - // strip trailing "/" - if (object[object.length()-1] == '/') - object = object.substr(0, object.length()-1); - - if (object.find("/FWObjectDatabase")!=0) - object = string("/FWObjectDatabase") + object; - - find_objects( object, objdb, work_objects ); - - if (work_objects.size()==0) throw FWException( - string("Object ") + object + string(" not found")); - - for (list::iterator it=work_objects.begin(); - it!=work_objects.end(); ++it) - { - performOperation(*it); - } - - - } else - { -/* got object ID */ - obj=objdb->getById(FWObjectDatabase::getIntId(object), true); - if (obj==NULL) throw FWException( - string("Object ") + - printObjectNameAndId(obj) + string(" not found")); - else - performOperation(obj); - - } - - } catch(FWException &ex) { - cerr << ex.toString() << endl; - exit(1); - } catch (std::string s) { - cerr << s; - exit(1); - } catch (std::exception ex) { - cerr << ex.what(); - exit(1); - } catch (...) { - cerr << _("Unsupported exception"); - exit(1); - } - - return(0); -} - diff --git a/src/fwblookup/fwblookup.pro b/src/fwblookup/fwblookup.pro deleted file mode 100644 index 6154abc1c..000000000 --- a/src/fwblookup/fwblookup.pro +++ /dev/null @@ -1,14 +0,0 @@ -#-*- mode: makefile; tab-width: 4; -*- -# -include(../../qmake.inc) -# -# -SOURCES = fwblookup.cpp -HEADERS = ../../config.h - -TARGET = fwblookup - -QMAKE_COPY = ../../install.sh -m 0755 -s - -win32:CONFIG += console - diff --git a/src/src.pro b/src/src.pro index 8f341fc20..9fe29126b 100644 --- a/src/src.pro +++ b/src/src.pro @@ -8,7 +8,7 @@ TEMPLATE = subdirs CONFIG += ordered TARGET = src -SUBDIRS = res fwbedit fwblookup +SUBDIRS = res fwbedit # NOTE: 2.1 does not install scripts from src/tools ( fwb_install , fwb_compile_all) contains( HAVE_ANTLR_RUNTIME, 1 ) {