From 6e62056466fc6d31cb0dc8996cf3100caeb5a685 Mon Sep 17 00:00:00 2001
From: MOHAMED Kallel <mohamed.kallel@pivasoftware.com>
Date: Wed, 14 May 2014 10:40:15 +0100
Subject: [PATCH] add ip table command to allow acs for connection request

Signed-off-by: MOHAMED Kallel <mohamed.kallel@pivasoftware.com>
---
 cwmp.c              |  6 +++---
 external.c          |  3 ++-
 http.c              | 14 +++++++++++++-
 inc/external.h      |  2 +-
 scripts/freecwmp.sh | 18 ++++++++++++++++++
 xml.c               |  2 +-
 6 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/cwmp.c b/cwmp.c
index 9cc02ba..38c2294 100644
--- a/cwmp.c
+++ b/cwmp.c
@@ -442,20 +442,20 @@ int run_session_end_func (struct session *session)
 	if (session->end_session & END_SESSION_EXTERNAL_ACTION)
 	{
 		CWMP_LOG (INFO,"Executing external commands: end session request");
-		external_simple("end_session");
+		external_simple("end_session", NULL);
 	}
 
 	if (session->end_session & END_SESSION_FACTORY_RESET)
 	{
 		CWMP_LOG (INFO,"Executing factory reset: end session request");
-		external_simple("factory_reset");
+		external_simple("factory_reset", NULL);
 		exit(EXIT_SUCCESS);
 	}
 
 	if (session->end_session & END_SESSION_REBOOT)
 	{
 		CWMP_LOG (INFO,"Executing Reboot: end session request");
-		external_simple("reboot");
+		external_simple("reboot", NULL);
 		exit(EXIT_SUCCESS);
 	}
 
diff --git a/external.c b/external.c
index 7b442c8..9009a67 100644
--- a/external.c
+++ b/external.c
@@ -339,7 +339,7 @@ int external_object_action(char *command, char *name)
 	return 0;
 }
 
-int external_simple(char *command)
+int external_simple(char *command, char *arg)
 {
 	DD(INFO,"executing %s request", command);
 
@@ -349,6 +349,7 @@ int external_simple(char *command)
 	json_obj_out = json_object_new_object();
 
 	json_obj_out_add(json_obj_out, "command", command);
+	if (arg) json_obj_out_add(json_obj_out, "arg", arg);
 
 	external_write_pipe_output(json_object_to_json_string(json_obj_out));
 
diff --git a/http.c b/http.c
index b5052b7..9665e37 100644
--- a/http.c
+++ b/http.c
@@ -158,6 +158,8 @@ http_send_message(struct cwmp *cwmp, char *msg_out, char **msg_in)
 #ifdef HTTP_CURL
 	CURLcode res;
 	long http_code = 0;
+	static char *ip_acs = NULL;
+	char *ip = NULL;
 	curl_easy_setopt(curl, CURLOPT_URL, http_c.url);
 	curl_easy_setopt(curl, CURLOPT_USERNAME, cwmp->conf.acs_userid);
 	curl_easy_setopt(curl, CURLOPT_PASSWORD, cwmp->conf.acs_passwd);
@@ -165,6 +167,7 @@ http_send_message(struct cwmp *cwmp, char *msg_out, char **msg_in)
 	curl_easy_setopt(curl, CURLOPT_HTTPHEADER, http_c.header_list);
 	curl_easy_setopt(curl, CURLOPT_TIMEOUT, HTTP_TIMEOUT);
 	curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, HTTP_TIMEOUT);
+	curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
 
 	curl_easy_setopt(curl, CURLOPT_POSTFIELDS, msg_out);
 	if (msg_out)
@@ -191,7 +194,16 @@ http_send_message(struct cwmp *cwmp, char *msg_out, char **msg_in)
 	if (!strlen(*msg_in))
 		FREE(*msg_in);
 
-	curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
+    curl_easy_getinfo(curl, CURLINFO_PRIMARY_IP, &ip);
+    if (ip) {
+        if (!ip_acs || strcmp(ip_acs, ip) != 0) {
+            FREE(ip_acs);
+            ip_acs = strdup(ip);
+            external_simple("allow_cr_ip", ip_acs);
+        }
+    }
+
+    curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
 
 	if(http_code == 204)
 	{
diff --git a/inc/external.h b/inc/external.h
index 6952fea..3e42657 100644
--- a/inc/external.h
+++ b/inc/external.h
@@ -38,7 +38,7 @@ void external_fetch_delObjectResp (char **status, char **fault);
 int external_get_action(char *action, char *name, char *next_level);
 int external_set_action(char *action, char *name, char *value, char *change);
 int external_object_action(char *command, char *name);
-int external_simple(char *command);
+int external_simple(char *command, char *arg);
 int external_download(char *url, char *size, char *type, char *user, char *pass);
 int external_apply(char *action, char *type);
 int external_handle_action(int (*external_handler)(char *msg));
diff --git a/scripts/freecwmp.sh b/scripts/freecwmp.sh
index 87644c0..a50c1a9 100644
--- a/scripts/freecwmp.sh
+++ b/scripts/freecwmp.sh
@@ -150,6 +150,10 @@ case "$1" in
 	end_session)
 		action="end_session"
 		;;
+	allow_cr_ip)
+		action="allow_cr_ip"
+		__arg1="$2"
+		;;
 	json_continuous_input)
 		action="json_continuous_input"
 		;;
@@ -611,6 +615,16 @@ handle_action() {
 		/bin/sh /tmp/end_session.sh
 	fi
 	
+	if [ "$action" = "allow_cr_ip" ]; then
+		local port=`$UCI_GET cwmp.cpe.port`
+		local if_wan=`$UCI_GET cwmp.cpe.default_wan_interface`
+		[ "$if_wan" = "" ] && return
+		local zone=`$UCI_SHOW firewall | grep "firewall\.@zone\[[0-9]\+\]\.network=.*$if_wan" | head -1 | cut -f2 -d.`
+		[ "$if_wan" = "" ] && return
+		local zone_name=`$UCI_GET firewall.$zone.name`
+		iptables -I $zone_name -p tcp -s $__arg1 --dport $port -j ACCEPT
+	fi
+	
 	if [ "$action" = "json_continuous_input" ]; then
 		echo "EOF"
 		while read CMD; do
@@ -696,6 +710,10 @@ handle_action() {
 				end_session)
 					action="end_session"
 					;;
+				allow_cr_ip)
+					action="allow_cr_ip"
+					json_get_var __arg1 arg
+					;;
 				end)
 					echo "EOF"
 					;;
diff --git a/xml.c b/xml.c
index f1f4253..ea15d33 100644
--- a/xml.c
+++ b/xml.c
@@ -549,7 +549,7 @@ int cwmp_rpc_acs_prepare_message_inform (struct cwmp *cwmp, struct session *sess
         }
     }
 
-    external_simple("inform");
+    external_simple("inform", NULL);
 
     external_handle_action(cwmp_handle_getParamValues);