#!/usr/perl5/bin/perl
#
# File: 
#       /opt/fw/scripts/rreport.pl
#
# Purpose: 
#       read raptor configuration to terminal
#
# Assumptions:
#       raptor config is in /usr/adm/sg and raptor version is 6.5.3
#
# Source: http://www.bastard.net/~kos/rreport.pl
#
# History:
#   
#   10-Nov-2001 fmigge,         adjusted for Oracle raptor firewalls
#

$raptorroot = "/usr/adm/sg";

sub gethostname {
    my $hostname;
    my $ind;
    
    open(FOO, "</etc/nodename") || return 1;
    $hostname = <FOO>;
    chomp($hostname);
    close(FOO);
    return $hostname;
}

sub parseline {
	my @line;
	my @out;
	my $i;
	my $quoted;
	my $current;

	@line = split(/ /, $_[0]);
	$quoted = 0;
	for($i=0; $i<$#line; $i++) {
	
		if($line[$i] =~ /^\{(.*)/) {	
			$quoted = 1;
			$current = "";
			$line[$i] = $1;
		}
	
		if($line[$i] =~ /(.*)}$/) {
			$quoted = 0;
			$line[$i] = $current.$1;
		}

		if($quoted) {
 			$current .= $line[$i];
			$current .= " ";
			next;
		} else {
			$current = $line[$i];
		}
		
		push(@out, $current);
	}
	
	return @out;
}

sub doentities {
	my $file = shift;
	my @ents;
	my @group;

	# First pass: do hosts
	open(IN, $file) || die "Cant open $file: $!";
	while(<IN>) {
		chomp;
		@group = ();
		@ents = parseline($_);
		if($ents[1] eq "host") {
			$entity{$ents[0]} = $ents[3];
		}
		if($ents[1] eq "subnet") {
			$entity{$ents[0]} = $ents[3];
		}
		if($ents[1] eq "secure") {
			$entity{$ents[0]} = $ents[3];
		}
		if($ents[1] eq "domain") {
			$entity{$ents[0]} = $ents[3];
		}
	}
	close(IN);
	
	# Second pass: do groups
	open(IN, $file) || die "Cant open $file: $!";
	while(<IN>) {
		chomp;
		@group = ();
		@ents = parseline($_);
		if($ents[1] eq "group") {
			@group = split(/ /, $ents[5]);
			for($i=0; $i<=$#group; $i++) {
				$group[$i] = $entity{$group[$i]};
			}
			$entity{$ents[0]} = join(", ", @group);
		}
	}
	close(IN);
}

sub doprotos {
	my $file;
	
	$file = $_[0];
	open(IN, $file) || die "Cant open $file: $!";
	while(<IN>) {
		chomp;
		@line = parseline($_);
		$proto{$line[1]} = $line[5]."/".$line[3];
	}
	close(IN);
}

sub dogsps {
	my $file;
	
	$file = $_[0];
	open(IN, $file) || die "Cant open $file: $!";
	while(<IN>) {
		chomp;
		@line = parseline($_);
		$gsp{$line[0]} = $proto{$line[2]};
	}
	close(IN);
}

sub dorules {
	my $file = shift;
	
	open(IN, $file) || die "Cant open $file: $!";
	while(<IN>) {
		chomp;
		@line = parseline($_);
		print "Rule:      ".$line[0]." (".$line[1].")\n";
		print "Desc:      ".$line[10]."\n";
		print "From:      ".$line[6]." (".$entity{$line[6]}.")\n";
		print "To:        ".$line[2]." (".$entity{$line[2]}.")\n";
		print "Protocols: ";
		@p = split(/ /, $line[20]);
		for($i=0; $i<=$#p; $i++) {
			if(defined($gsp{$p[$i]} )) {
				print $p[$i]."(".$gsp{$p[$i]}.")";
			} else {
				print $p[$i];
			}
			print ", " unless ($i==$#p);
		}
		print "\n";
		if($line[21] eq "a") { 
				$action = "Allow"; }
		if($line[21] eq "d") { 
				$action = "Deny"; }
		print "Action:    $action\n\n";
	}
	close(IN);
}

#
# main
#

$raptorroot = $ARGV[0] unless ($#ARGV==-1);

stat($raptorroot) || die "The raptor main directory $raptorroot does not exist. Try passing it as an argument";

doentities($raptorroot."/pkentity");
if ( -e $raptorroot."/pkapps.csm")
   { doprotos($raptorroot."/pkapps.csm"); }
if ( -e $raptorroot."/pkservices")
   { dogsps($raptorroot."/pkservices"); }
dorules($raptorroot."/pkrule4.".gethostname());

#while(<>) {
#	chomp;
#print join("|", parseline($_));
#	print "\n";
#}