communicator.java

sifi-0.1.6.tar.gz 出自http://www.ifi.unizh.ch/ikm/SINUS/firewall/ 一个linux的防火墙工具。

/* ----------------------------------------------------------------------
   The SINUS Firewall -- a TCP/IP packet filter for Linux

   Written within the SINUS project at the University of Zurich,
   SWITCH, Telekurs Payserv AG, ETH Zurich.
   originally based on the sf Firewall Software (C) 1996 by Robert
   Muchsel and Roland Schmid.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

   SINUS Firewall resources:
   SINUS Homepage: http://www.ifi.unizh.ch/ikm/SINUS/
   Firewall Homepage: http://www.ifi.unizh.ch/ikm/SINUS/firewall.html
   Frequently asked questions: http://www.ifi.unizh.ch/ikm/SINUS/sf_faq.html
   Mailing list for comments, questions, bug reports: firewall@ifi.unizh.ch
   ----------------------------------------------------------------------  */



package sfclasses;

import java.awt.*;
import java.io.*;
import java.net.*;
import java.util.*;

/**
 * This class implements the communication with the firewall. All methods
 * in this class are static and synchronized.
 * @version 1.0 10 Dec 1996
 * @author Roland E. Schmid
 */

public class Communicator {

  static { // This is a static initializer

  }

  // public methods
	/**
	 * Check if connection exists.
	 * @param conn IP-Address to check for.
	 * @return Connection if a connection to the given IP-Adddress exists,
	 *				 null otherwise.
	 */
	public static Connection findConnection(byte[] conn) {

	Connection c;
	InetAddress iaddr;
	String s;

		s = resolveIP(conn);
		try {
			iaddr = InetAddress.getByName(s);
		}
		catch (UnknownHostException e) {
			System.out.println("Error in Connection.connExists: "+e);
			return null;
		}
	
		Enumeration en = openConns.elements();
		while (en.hasMoreElements()) {
			c = (Connection)en.nextElement();
			if (c.iaddr.equals(iaddr));
				return c;
		}
		return null;
	} // findConnection

  /**
   * Open server connection or return Connection if already open.
   * @param servAddr server address
   * @return Connection serves as interface for communication
   */
  public static synchronized Connection openServer(byte[] server) {

	Connection conn;
	
		conn = findConnection(server);
		if (conn != null) {
			if (!conn.open()) {
				commError = COMM_OPENCONN;
				return null;
			}
			return conn;
		}

		conn = new Connection(server);
		if (!conn.isValid())
			return null;

		if (!conn.open())
			return null;
		openConns.addElement(conn);

		if (!performAuthentication(conn))
			commError = COMM_AUTH_FAILED;
		return conn;
  } // openServer

	public static synchronized boolean performAuthentication(Connection server) {
	byte[] keynum = new byte[4];

		Authentication auth = new Authentication(parent, server.iaddr.getHostName());
		auth.display();
		
		login = auth.getLogin().trim() + "\u0000";
		key = auth.getKey().trim();

		if ((login == null) || (login.length() <= 1)) {
			// user hit Cancel button
			commError = COMM_AUTH_FAILED;
			return false;
		}

		try {
			server.writeHeader(SERV_AUTHENTICATE, key.length() + login.length());
			server.out.writeBytes(key);
			server.out.writeBytes(login);
			server.readHeader();
			switch (server.readCommand) {
				case SERV_SERVER_AUTHOK:
					UserDialog.NoticeBox("Authentification succesfull.");
					commError = COMM_OK;
					server.writeHeader(SERV_CLIENT_AUTHOK, 0);
					return true;
				case SERV_KEY_EXPIRED:
					return performKeyupdate(server);
				case SERV_ERROR_AUTH:
					UserDialog.ErrorBox("Authentification failed.");
					commError = COMM_AUTH_FAILED;
					return false;
				default:
					commError = COMM_ERROR;
					return false;
			}
		}
		catch (Exception e) {
      dispose(server);
      commError = COMM_IO;
      return false;
		}
	} // performAuthentification


	public static synchronized boolean performKeyupdate(Connection conn) {

		Keyupdate ku = new Keyupdate(parent, conn.iaddr.getHostName());
		key = ku.getKey().trim();

		try {
			conn.writeHeader(SERV_KEY_UPDATE, key.length());
			conn.out.writeBytes(key);
			conn.readHeader();
			switch (conn.readCommand) {
				case SERV_OK:
					UserDialog.NoticeBox("Password updated. New Keynumber is 99");
					commError = COMM_OK;
					return true;
				case SERV_ERROR_AUTH:
					commError = COMM_AUTH_FAILED;
					return false;
				default:
					commError = COMM_ERROR;
					return false;
			}
		}
    catch (Exception e) {
      dispose(conn);
      commError = COMM_IO;
      return false;
    }
	} // performKeyupdate


  /**
   * Check generated config file for errors and rename it to firewall.conf
   * @param servAddr Server address
   * @return true if successful, commError is set when returning false
   */
  public static synchronized boolean checkConfig(byte[] servAddr) {

	Connection conn;

		conn = openServer(servAddr);
		if (conn == null)
			return false;

    try {
      conn.writeHeader(SERV_CHECKCONFIG, 0);
      conn.readHeader();
      if (conn.readCommand != SERV_OK) {
        commError = COMM_ERROR;
        conn.in.skipBytes(conn.readLength);
        return false;
      }
      conn.readHeader(); // read result of check operation
      return (conn.readCommand == SERV_OK);
    } // try
    catch (Exception e) {
      dispose(conn);
      commError = COMM_IO;
      return false;
    }
  }

  /**
   * Reconfigure the firewall
   * @param servAddr Server Address
   * @return true if successful, commError is set when returning false
   */
  public static synchronized boolean reconfig(byte[] servAddr) {

	Connection conn;

		conn = openServer(servAddr);
		if (conn == null)
			return false;

    try {
      for (int i = 0; i < 3; i++) { // max. 3 retries when ERROR_NOTCONN
        conn.writeHeader(SERV_RECONFIG, 0);
        conn.readHeader(); // read result of check operation
        if (conn.readCommand == SERV_OK) {
					conn.stop();
					openConns.removeElement(conn);
          try {
            Thread.sleep(10000);
          }
          catch (InterruptedException ignore) {}
          if (openServer(servAddr) == null)
						return false;
					return true;
        }
        else
          return false;
      } // for
      return false;
    } // try
    catch (Exception e) {
      dispose(conn);
      commError = COMM_IO;
      return false;
    }
  }

  /**
   * Fetch file from server and store as temporary file
   * @param servAddr server address
   * @param fname filename
   * @return filename of temporary file, commError is set when returning null
   */
  public static synchronized String getTempFile(byte[] servAddr, String fname) {

	String s;
	byte[] buffer;
	Connection conn;

		conn = openServer(servAddr);
		if (conn == null)
			return null;

		try {

      String filename = fname.trim() + "\u0000";
      int len = filename.length();
      conn.writeHeader(SERV_GET_FILE, len);
      conn.out.writeBytes(filename);
			conn.readHeader();
			switch (conn.readCommand) {
				case SERV_OK:
					break;
				default:
					commError = COMM_IO;
					return null;
			}

			s = new String();
			while (true) {
				conn.readHeader();
				if (conn.readCommand != SERV_FILE_DATA) {
					conn.in.skipBytes(conn.readLength);
					return s;
				}
				else
					if (conn.readLength != 0) {
						buffer = new byte[conn.readLength];
						conn.in.readFully(buffer, 0, conn.readLength);
						s += new String(buffer);
					}
					else return s;
			} // while
		} // try
    catch (Exception e) {
      commError = COMM_IO;
      return null;
    }
  }

  /**
   * Request file from server. This method is called from ServerInputStream
   * @param servAddr server address
   * @param fname filename
   * @return true if successful, commError is set when returning false
   * @see ServerInputStream
   */
  public static boolean requestFile(byte[] servAddr, String fname) {

	Connection conn;

		conn = openServer(servAddr);
		if (conn == null) {
			return false;
			}
	
    try {
      String filename = fname.trim() + "\u0000";
      int len = filename.length();
      conn.writeHeader(SERV_GET_FILE, len);
      conn.out.writeBytes(filename);
			conn.readHeader();
			switch(conn.readCommand) {
				case SERV_OK:
					return true;
				default:
					return false;
			}
    } // try
    catch (Exception e) {
      dispose(conn);
      commError = COMM_IO;
      return false;
    }
  }

  /**
   * Write file to server. This method is called from ServerOutputStream
   * @param servAddr server address
   * @param fname filename
   * @return true if successful, commError is set when returning false
   * @see ServerOutputStream
   */
  public static synchronized boolean writeFile(byte[] servAddr, String fname) {

	Connection conn;

		conn = openServer(servAddr);
		if (conn == null)
			return false;
			
    try {
      for (int i = 0; i < 3; i++) { // max. 3 retries when ERROR_NOTCONN
				String filename = fname.trim() + "\u0000";
				int len = filename.length();
				conn.writeHeader(SERV_WRITE_FILE, len);
				conn.out.writeBytes(filename);
				conn.readHeader();
				switch (conn.readCommand) {
          case SERV_OK:
            return true;
					case SERV_WRITE_FAIL:
						commError = COMM_IO;
						return false;
          default:
            commError = COMM_ERROR;
            conn.in.skipBytes(conn.readLength);
            return false;
        } // switch
      } // for
      dispose(conn);
      commError = COMM_IO;
      return false;
    } // try
    catch (Exception e) {
      dispose(conn);
      commError = COMM_IO;
      return false;
    }
  }

  /**
   * Read active TCP connections from firewall
   * @param host Firewall to read configuration from
   * @return true if successful, commError is set when returning false
   */
  public static synchronized boolean readTcpConns(Host host) {
    int tmpint;
    if (!host.isFirewall) {
      commError = COMM_NOFIREWALL;
      return false;
    }
    byte[] hostAddr = host.HostAddresses.getFirstAddress();
    if (hostAddr == null) {
      commError = COMM_NOADDRESS;
      return false;
    }
		
		Connection conn = openServer(hostAddr);
		if (conn == null)
			return false;

    try {
      conn.writeHeader(SERV_READ_TCP, 0);
      conn.readHeader();
      switch (conn.readCommand) {
        case SERV_OK:
          break;
        default:
          commError = COMM_ERROR;
          conn.in.skipBytes(conn.readLength);
          return false;
      } // switch
      TcpConnection tc;
      host.tcpconns = new Vector(10,10);
      conn.readHeader();
      if (conn.readLength != 4) {
        commError = COMM_ERROR;
        return false;
      }
      tmpint = conn.in.readInt();
      host.actDate = new Date((long)tmpint * 1000);
      conn.readHeader();
      while (conn.readLength == 48) {
        tc = new TcpConnection();
        host.tcpconns.addElement(tc);
        tc.id = conn.in.readInt();
        tc.key = conn.in.readInt();
        tmpint = conn.in.readInt();
        tc.created = new Date((long)tmpint * 1000);
        tc.created_jiffies = conn.in.readInt();
        tmpint = conn.in.readInt();
        tc.lastuse = new Date((long)tmpint * 1000);
        tmpint = conn.in.readInt();
        tc.timeout = new Date((long)tmpint * 1000);
        tc.fromaddr = new byte[4];
        conn.in.readFully(tc.fromaddr, 0, 4);
        tc.fromport = conn.in.readInt();
        tc.toaddr = new byte[4];
        conn.in.readFully(tc.toaddr, 0, 4);
        tc.toport = conn.in.readInt();
        tmpint = conn.in.readInt();
        tc.allpsource = tmpint != 0;
        tc.state = conn.in.readInt();
        conn.readHeader();
      }
      if (conn.readLength != 0) {
        commError = COMM_ERROR;
        return false;
      }
      return true;
    }
    catch (Exception e) {
      dispose(conn);
      commError = COMM_IO;
      return false;
    }
  }

  /**
   * Kill TCP connection on firewall
   * @param servAddr Server address (firewall)
   * @param id TCP connection ID
   * @param key TCP connection key
   * @param created Creation time of TCP connection
   * @return true if successful, commError is set when returning false
   */
  public static synchronized boolean killTcp(byte[] servAddr, 
                                       int id, int key, int created) {

		Connection conn = openServer(servAddr);
		if (conn == null)
			return false;

    try {
      conn.writeHeader(SERV_KILL_TCP, 12);
      conn.out.writeInt(id);
      conn.out.writeInt(key);
      conn.out.writeInt(created);
      conn.readHeader();
      if (conn.readCommand != SERV_OK) {
        commError = COMM_ERROR;
        conn.in.skipBytes(conn.readLength);
        return false;
      }
      return true;
    } // try
    catch (Exception e) {
      dispose(conn);