1diff -cr ../TIS.orig/fwtk/Makefile.config.linux fwtk/Makefile.config.linux 2*** ../TIS.orig/fwtk/Makefile.config.linux Sat Sep 7 05:58:21 1996 3--- fwtk/Makefile.config.linux Sun Feb 2 05:48:01 1997 4*************** 5*** 13,19 **** 6 7 8 # Your C compiler (eg, "cc" or "gcc") 9! CC= cc 10 11 12 # program to use for installation -- this may or may not preserve 13--- 13,19 ---- 14 15 16 # Your C compiler (eg, "cc" or "gcc") 17! CC= gcc 18 19 20 # program to use for installation -- this may or may not preserve 21*************** 22*** 24,37 **** 23 24 # Defines for your operating system 25 # 26! DEFINES=-DLINUX 27 #DEFINES=-DSYSV -DSOLARIS 28 29 # Options for your compiler (eg, "-g" for debugging, "-O" for 30 # optimizing, or "-g -O" for both under GCC) 31 #COPT= -g -traditional $(DEFINES) 32! COPT= -g $(DEFINES) 33! #COPT= -O $(DEFINES) 34 35 # Version of "make" you want to use 36 #MAKE= gnumake 37--- 24,37 ---- 38 39 # Defines for your operating system 40 # 41! DEFINES=-DLINUX -DUSE_IP_FILTER 42 #DEFINES=-DSYSV -DSOLARIS 43 44 # Options for your compiler (eg, "-g" for debugging, "-O" for 45 # optimizing, or "-g -O" for both under GCC) 46 #COPT= -g -traditional $(DEFINES) 47! #COPT= -g $(DEFINES) 48! COPT= -O $(DEFINES) 49 50 # Version of "make" you want to use 51 #MAKE= gnumake 52*************** 53*** 44,50 **** 54 55 56 # Destination directory for installation of binaries 57! DEST= /usr/local/etc 58 59 60 # Destination directory for installation of man pages 61--- 44,50 ---- 62 63 64 # Destination directory for installation of binaries 65! DEST= /usr/local/sbin 66 67 68 # Destination directory for installation of man pages 69*************** 70*** 72,78 **** 71 # or -Bstatic for static binaries under SunOS 4.1.x) 72 #LDFL= -Bstatic 73 #LDFL= 74! LDFL= -g 75 76 77 # Location of the fwtk sources [For #include by any external tools needing it] 78--- 72,79 ---- 79 # or -Bstatic for static binaries under SunOS 4.1.x) 80 #LDFL= -Bstatic 81 #LDFL= 82! #LDFL= -g 83! LDFL= -O 84 85 86 # Location of the fwtk sources [For #include by any external tools needing it] 87*************** 88*** 81,87 **** 89 90 91 # Location of X libraries for X-gw 92! XLIBDIR=/usr/X11/lib 93 #XLIBDIR=/usr/local/X11R5/lib 94 95 # X Libraries 96--- 82,88 ---- 97 98 99 # Location of X libraries for X-gw 100! XLIBDIR=/usr/X11R6/lib 101 #XLIBDIR=/usr/local/X11R5/lib 102 103 # X Libraries 104*************** 105*** 96,102 **** 106 #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 107 108 # Location of X include files 109! XINCLUDE=/usr/X11/include 110 #XINCLUDE=/usr/local/X11R5/include 111 112 # Objects to include in libfwall for SYSV 113--- 97,103 ---- 114 #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 115 116 # Location of X include files 117! XINCLUDE=/usr/X11R6/include 118 #XINCLUDE=/usr/local/X11R5/include 119 120 # Objects to include in libfwall for SYSV 121diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris 122*** ../TIS.orig/fwtk/Makefile.config.solaris Sat Sep 7 06:14:13 1996 123--- fwtk/Makefile.config.solaris Sun Feb 2 06:09:19 1997 124*************** 125*** 11,30 **** 126 # 127 # RcsId: "$Header: /cvsroot/src/external/bsd/ipf/dist/FWTK/fwtk_transparent.diff,v 1.1.1.2 2012/07/22 13:44:27 darrenr Exp $" 128 129 130 # Your C compiler (eg, "cc" or "gcc") 131! CC= cc 132 133 134 # program to use for installation -- this may or may not preserve 135 # old versions (or whatever). assumes that it takes parameters: 136 # copy source dest 137! CP= cp 138 139 140 # Defines for your operating system 141 # 142! DEFINES=-DSYSV -DSOLARIS 143 144 #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \ 145 -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \ 146--- 11,34 ---- 147 # 148 # RcsId: "$Header: /cvsroot/src/external/bsd/ipf/dist/FWTK/fwtk_transparent.diff,v 1.1.1.2 2012/07/22 13:44:27 darrenr Exp $" 149 150+ # 151+ # Path to sources of ip_filter (ip_nat.h required in lib/hnam.c) 152+ # 153+ IPFPATH=/src/unpacked/firewall/ip_fil3.1.5 154 155 # Your C compiler (eg, "cc" or "gcc") 156! CC= gcc 157 158 159 # program to use for installation -- this may or may not preserve 160 # old versions (or whatever). assumes that it takes parameters: 161 # copy source dest 162! CP= /usr/ucb/install -c -s 163 164 165 # Defines for your operating system 166 # 167! DEFINES=-DSYSV -DSOLARIS -DUSE_IP_FILTER -I$(IPFPATH) 168 169 #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \ 170 -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \ 171*************** 172*** 45,52 **** 173 174 175 # Your ranlib utility (use "touch" if you don't have ranlib) 176! RANLIB= ranlib 177! #RANLIB= touch 178 179 180 # Destination directory for installation of binaries 181--- 49,56 ---- 182 183 184 # Your ranlib utility (use "touch" if you don't have ranlib) 185! # RANLIB= ranlib 186! RANLIB= touch 187 188 189 # Destination directory for installation of binaries 190diff -cr ../TIS.orig/fwtk/firewall.h fwtk/firewall.h 191*** ../TIS.orig/fwtk/firewall.h Sun Sep 8 05:55:26 1996 192--- fwtk/firewall.h Sun Feb 2 05:23:33 1997 193*************** 194*** 47,53 **** 195 system. 196 */ 197 #ifndef PERMFILE 198! #define PERMFILE "/usr/local/etc/netperm-table" 199 #endif 200 201 /* 202--- 47,53 ---- 203 system. 204 */ 205 #ifndef PERMFILE 206! #define PERMFILE "/etc/fwtk/netperm-table" 207 #endif 208 209 /* 210*************** 211*** 67,73 **** 212 213 /* Choose a system logging facility for the firewall toolkit. */ 214 #ifndef LFAC 215! #define LFAC LOG_DAEMON 216 #endif 217 218 219--- 67,73 ---- 220 221 /* Choose a system logging facility for the firewall toolkit. */ 222 #ifndef LFAC 223! #define LFAC LOG_LOCAL5 224 #endif 225 226 227*************** 228*** 215,220 **** 229 #define PERM_ALLOW 01 230 #define PERM_DENY 02 231 232! 233 #define _INCL_FWALL_H 234 #endif 235--- 215,222 ---- 236 #define PERM_ALLOW 01 237 #define PERM_DENY 02 238 239! #ifdef USE_IP_FILTER 240! extern char *getdsthost(int, int*); 241! #endif 242 #define _INCL_FWALL_H 243 #endif 244diff -cr ../TIS.orig/fwtk/ftp-gw/ftp-gw.c fwtk/ftp-gw/ftp-gw.c 245*** ../TIS.orig/fwtk/ftp-gw/ftp-gw.c Fri Sep 6 18:55:05 1996 246--- fwtk/ftp-gw/ftp-gw.c Sat Feb 1 06:49:13 1997 247*************** 248*** 50,55 **** 249--- 50,59 ---- 250 #ifndef FTPPORT 251 #define FTPPORT 21 252 #endif 253+ #ifdef USE_IP_FILTER 254+ static int do_transparent=0; 255+ static int connectdest(); 256+ #endif 257 258 static Cfg *confp; 259 static char **validests = (char **)0; 260*************** 261*** 170,175 **** 262--- 174,182 ---- 263 char xuf[1024]; 264 char huf[128]; 265 char *passuser = (char *)0; /* passed user as av */ 266+ #ifdef USE_IP_FILTER 267+ char *psychic, *hotline; 268+ #endif 269 270 #ifndef LOG_DAEMON 271 openlog("ftp-gw",LOG_PID); 272*************** 273*** 313,320 **** 274 } 275 } else 276 timeout = 60*60; 277 278- 279 /* display a welcome file or message */ 280 if(passuser == (char *)0) { 281 if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { 282--- 320,330 ---- 283 } 284 } else 285 timeout = 60*60; 286+ #ifdef USE_IP_FILTER 287+ psychic=getdsthost(0,NULL); 288+ if(psychic) { do_transparent++; } 289+ #endif 290 291 /* display a welcome file or message */ 292 if(passuser == (char *)0) { 293 if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { 294*************** 295*** 322,327 **** 296--- 332,345 ---- 297 syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); 298 exit(1); 299 } 300+ #ifdef USE_IP_FILTER 301+ if(do_transparent) { 302+ if(sayfile2(0,cf->argv[0],220)) { 303+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); 304+ exit(1); 305+ } 306+ } else 307+ #endif /* USE_IP_FILTER */ 308 if(sayfile(0,cf->argv[0],220)) { 309 syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); 310 exit(1); 311*************** 312*** 332,338 **** 313 if(authallflg) 314 if(say(0,"220-Proxy first requires authentication")) 315 exit(1); 316! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); 317 if(say(0,xuf)) 318 exit(1); 319 } 320--- 350,361 ---- 321 if(authallflg) 322 if(say(0,"220-Proxy first requires authentication")) 323 exit(1); 324! #ifdef USE_IP_FILTER 325! if(do_transparent) 326! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); 327! else 328! #endif 329! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); 330 if(say(0,xuf)) 331 exit(1); 332 } 333*************** 334*** 352,358 **** 335 if(cmd_user(2,fakav,"user internal")) 336 exit(1); 337 } 338! 339 /* main loop */ 340 while(1) { 341 FD_ZERO(&rdy); 342--- 375,386 ---- 343 if(cmd_user(2,fakav,"user internal")) 344 exit(1); 345 } 346! #ifdef USE_IP_FILTER 347! if(do_transparent) { 348! connectdest(psychic,21); 349! } 350! #endif 351! 352 /* main loop */ 353 while(1) { 354 FD_ZERO(&rdy); 355*************** 356*** 676,681 **** 357--- 704,719 ---- 358 return(sayn(0,noad,sizeof(noad)-1)); 359 } 360 361+ #ifdef USE_IP_FILTER 362+ if(do_transparent) { 363+ if((rfd==(-1)) && (x=connectdest(dest,port))) return x; 364+ sprintf(buf,"USER %s",user); 365+ if(say(rfd,buf)) return(1); 366+ x=getresp(rfd,buf,sizeof(buf),1); 367+ if(sendsaved(0,x)) return(1); 368+ return(say(0,buf)); 369+ } 370+ #endif 371 if(*dest == '\0') 372 dest = "localhost"; 373 374*************** 375*** 717,723 **** 376 char ebuf[512]; 377 378 strcpy(ebuf,buf); 379! sprintf(buf,"521 %s: %s",dest,ebuf); 380 rfd = -1; 381 return(say(0,buf)); 382 } 383--- 755,766 ---- 384 char ebuf[512]; 385 386 strcpy(ebuf,buf); 387! #ifdef USE_IP_FILTER 388! if(do_transparent) { 389! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf); 390! } else 391! #endif 392! sprintf(buf,"521 %s: %s",dest,ebuf); 393 rfd = -1; 394 return(say(0,buf)); 395 } 396*************** 397*** 1874,1876 **** 398--- 1917,2036 ---- 399 dup(nread); 400 } 401 #endif 402+ 403+ #ifdef USE_IP_FILTER 404+ static int connectdest(dest, port) 405+ char *dest; 406+ short port; 407+ { 408+ char buf[1024], mbuf[512]; 409+ int msg_int, x; 410+ 411+ if(*dest == '\0') 412+ dest = "localhost"; 413+ 414+ if(validests != (char **)0) { 415+ char **xp; 416+ int x; 417+ 418+ for(xp = validests; *xp != (char *)0; xp++) { 419+ if(**xp == '!' && hostmatch(*xp + 1,dest)) { 420+ return(baddest(0,dest)); 421+ } else { 422+ if(hostmatch(*xp,dest)) 423+ break; 424+ } 425+ } 426+ if(*xp == (char *)0) 427+ return(baddest(0,dest)); 428+ } 429+ 430+ /* Extended permissions processing goes in here for destination */ 431+ if(extendperm) { 432+ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0); 433+ if(msg_int == 1) { 434+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); 435+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); 436+ say(0,mbuf); 437+ return(1); 438+ } else { 439+ if(msg_int == -1) { 440+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); 441+ say(0,mbuf); 442+ return(1); 443+ } 444+ } 445+ } 446+ 447+ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest); 448+ 449+ if((rfd = conn_server(dest,port,0,buf)) < 0) { 450+ char ebuf[512]; 451+ 452+ strcpy(ebuf,buf); 453+ sprintf(buf,"521 %s: %s",dest,ebuf); 454+ rfd = -1; 455+ return(say(0,buf)); 456+ } 457+ if(!do_transparent) { 458+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); 459+ saveline(buf); 460+ } 461+ 462+ /* we are now connected and need to try the autologin thing */ 463+ x = getresp(rfd,buf,sizeof(buf),1); 464+ if(x / 100 != COMPLETE) { 465+ sendsaved(0,-1); 466+ return(say(0,buf)); 467+ } 468+ saveline(buf); 469+ 470+ sendsaved(0,-1); 471+ return 0; 472+ } 473+ 474+ 475+ /* ok, so i'm in a hurry. english paper due RSN. */ 476+ sayfile2(fd,fn,code) 477+ int fd; 478+ char *fn; 479+ int code; 480+ { 481+ FILE *f; 482+ char buf[BUFSIZ]; 483+ char yuf[BUFSIZ]; 484+ char *c; 485+ int x; 486+ int saidsomething = 0; 487+ 488+ if((f = fopen(fn,"r")) == (FILE *)0) 489+ return(1); 490+ while(fgets(buf,sizeof(buf),f) != (char *)0) { 491+ if((c = index(buf,'\n')) != (char *)0) 492+ *c = '\0'; 493+ x = fgetc(f); 494+ if(feof(f)) 495+ sprintf(yuf,"%3.3d-%s",code,buf); 496+ else { 497+ sprintf(yuf,"%3.3d-%s",code,buf); 498+ ungetc(x,f); 499+ } 500+ if(say(fd,yuf)) { 501+ fclose(f); 502+ return(1); 503+ } 504+ saidsomething++; 505+ } 506+ fclose(f); 507+ if (!saidsomething) { 508+ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code); 509+ sprintf(yuf, "%3.3d The file to display is empty",code); 510+ if(say(fd,yuf)) { 511+ fclose(f); 512+ return(1); 513+ } 514+ } 515+ return(0); 516+ } 517+ 518+ #endif /* USE_IP_FILTER */ 519diff -cr ../TIS.orig/fwtk/http-gw/http-gw.c fwtk/http-gw/http-gw.c 520*** ../TIS.orig/fwtk/http-gw/http-gw.c Mon Sep 9 20:40:53 1996 521--- fwtk/http-gw/http-gw.c Sun Feb 2 06:41:18 1997 522*************** 523*** 27,32 **** 524--- 27,35 ---- 525 static char http_buffer[8192]; 526 static char reason[8192]; 527 static int checkBrowserType = 1; 528+ #ifdef USE_IP_FILTER 529+ static int do_transparent=0; 530+ #endif 531 532 static void do_logging() 533 { char *proto = "GOPHER"; 534*************** 535*** 422,427 **** 536--- 425,441 ---- 537 /*(NOT A SPECIAL FORM)*/ 538 539 if((rem_type & TYPE_LOCAL)== 0){ 540+ #ifdef USE_IP_FILTER 541+ char *psychic=getdsthost(sockfd,&def_port); 542+ if(psychic) { 543+ if(strlen(psychic)<=MAXHOSTNAMELEN) { 544+ do_transparent++; 545+ strncpy(def_httpd,psychic,strlen(psychic)); 546+ strncpy(def_server,psychic,strlen(psychic)); 547+ } 548+ } 549+ 550+ #endif /* USE_IP_FILTER */ 551 /* See if it can be forwarded */ 552 553 if( can_forward(buf)){ 554*************** 555*** 1513,1518 **** 556--- 1527,1537 ---- 557 parse_vec[0], 558 parse_vec[1], 559 ourname, ourport); 560+ } 561+ #ifdef USE_IP_FILTER 562+ else if(do_transparent) { 563+ sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]); 564+ #endif /* USE_IP_FILTER */ 565 }else{ 566 sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u", 567 parse_vec[0], parse_vec[2], 568diff -cr ../TIS.orig/fwtk/lib/hnam.c fwtk/lib/hnam.c 569*** ../TIS.orig/fwtk/lib/hnam.c Sat Nov 5 00:30:19 1994 570--- fwtk/lib/hnam.c Sat Feb 1 08:17:46 1997 571*************** 572*** 20,25 **** 573--- 20,37 ---- 574 575 extern char *inet_ntoa(); 576 577+ #if defined(USE_IP_FILTER) 578+ #include <net/if.h> 579+ #ifndef LINUX 580+ #include "ip_nat.h" 581+ #endif 582+ #if defined(SOLARIS) 583+ #include <sys/stat.h> 584+ #include <fcntl.h> 585+ #include <unistd.h> 586+ #include <sys/ioccom.h> 587+ #endif 588+ #endif /* IP_FILTER */ 589 590 #include "firewall.h" 591 592*************** 593*** 45,47 **** 594--- 57,158 ---- 595 bcopy(hp->h_addr,&sin.sin_addr,hp->h_length); 596 return(inet_ntoa(sin.sin_addr)); 597 } 598+ 599+ 600+ 601+ #ifdef USE_IP_FILTER 602+ char *getdsthost(fd, ptr) 603+ int fd; 604+ int *ptr; 605+ { 606+ struct sockaddr_in sin; 607+ struct hostent *hp; 608+ int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0; 609+ static char buf[255], hostbuf[255]; 610+ #if defined(__FreeBSD__) || defined(SOLARIS) 611+ struct sockaddr_in rsin; 612+ struct natlookup natlookup; 613+ int natfd; 614+ #endif 615+ 616+ #ifdef linux 617+ /* This should also work for UDP. Unfortunately, it doesn't. 618+ Maybe when the Linux UDP proxy code gets a little cleaner. 619+ */ 620+ if(!(err=getsockname(0,&sin,&sl))) { 621+ if(ptr) *ptr=ntohs(sin.sin_port); 622+ sprintf(buf,"%s",inet_ntoa(sin.sin_addr)); 623+ gethostname(hostbuf,254); 624+ hp=gethostbyname(hostbuf); 625+ while(hp->h_addr_list[i]) { 626+ bzero(&sin,&sl); 627+ memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++])); 628+ if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++; 629+ } 630+ if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); } 631+ else { return(buf); } 632+ } 633+ #endif 634+ 635+ #if defined(__FreeBSD__) 636+ /* The basis for this block of code is Darren Reed's 637+ patches to the TIS ftwk's ftp-gw. 638+ */ 639+ bzero((char*)&sin,sizeof(sin)); 640+ bzero((char*)&rsin,sizeof(rsin)); 641+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) { 642+ return NULL; 643+ } 644+ sl=sizeof(rsin); 645+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) { 646+ return NULL; 647+ } 648+ natlookup.nl_inport=sin.sin_port; 649+ natlookup.nl_outport=rsin.sin_port; 650+ natlookup.nl_inip=sin.sin_addr; 651+ natlookup.nl_outip=rsin.sin_addr; 652+ if((natfd=open("/dev/ipnat",O_RDONLY))<0) { 653+ return(NULL); 654+ } 655+ if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) { 656+ return(NULL); 657+ } 658+ close(natfd); 659+ if(ptr) *ptr=ntohs(natlookup.nl_realport); 660+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip)); 661+ #endif 662+ 663+ #if defined(SOLARIS) /* for Solaris */ 664+ /* The basis for this block of code is Darren Reed's 665+ * patches to the TIS ftwk's ftp-gw. 666+ * modified for Solaris from Michael Kutzner, Michael.Kutzner@paderlinx.de 667+ */ 668+ memset((char*)&sin, 0, sizeof(sin)); 669+ memset((char*)&rsin, 0, sizeof(rsin)); 670+ 671+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) { 672+ return NULL; 673+ } 674+ sl=sizeof(rsin); 675+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) { 676+ return NULL; 677+ } 678+ natlookup.nl_inport=sin.sin_port; 679+ natlookup.nl_outport=rsin.sin_port; 680+ natlookup.nl_inip=sin.sin_addr; 681+ natlookup.nl_outip=rsin.sin_addr; 682+ if( (natfd=open(IPL_NAT,O_RDONLY)) < 0) { 683+ return(NULL); 684+ } 685+ if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) { 686+ return(NULL); 687+ } 688+ close(natfd); 689+ if(ptr) *ptr=ntohs(natlookup.nl_realport); 690+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip)); 691+ #endif 692+ 693+ /* No transparent proxy support */ 694+ return(NULL); 695+ } 696+ #endif /* USE_IP_FILTER */ 697diff -cr ../TIS.orig/fwtk/plug-gw/plug-gw.c fwtk/plug-gw/plug-gw.c 698*** ../TIS.orig/fwtk/plug-gw/plug-gw.c Thu Sep 5 21:36:33 1996 699--- fwtk/plug-gw/plug-gw.c Sun Feb 2 04:50:40 1997 700*************** 701*** 38,44 **** 702 static int timeout = PROXY_TIMEOUT; 703 static char **validdests = (char **)0; 704 static Cfg *confp; 705! 706 main(ac,av) 707 int ac; 708 char *av[]; 709--- 38,46 ---- 710 static int timeout = PROXY_TIMEOUT; 711 static char **validdests = (char **)0; 712 static Cfg *confp; 713! #ifdef USE_IP_FILTER 714! static int do_transparent=0; 715! #endif 716 main(ac,av) 717 int ac; 718 char *av[]; 719*************** 720*** 189,201 **** 721 static char buf[1024 * 4]; 722 void (*op)(); 723 char *dhost = NULL; 724 char hostport[1024 * 4]; 725 char *ptr; 726 int state = 0; 727 int ssl_plug = 0; 728! 729 struct timeval timo; 730 731 if(c->flags & PERM_DENY) { 732 if (p == -1) 733 syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr); 734--- 191,215 ---- 735 static char buf[1024 * 4]; 736 void (*op)(); 737 char *dhost = NULL; 738+ char *transhost = NULL; 739 char hostport[1024 * 4]; 740 char *ptr; 741 int state = 0; 742 int ssl_plug = 0; 743! #ifdef USE_IP_FILTER 744! int pport; 745! #endif 746 struct timeval timo; 747 748+ #ifdef USE_IP_FILTER 749+ /* Transparent plug-gw is probably a bad idea, but hey .. */ 750+ transhost=getdsthost(0,&pport); 751+ if(transhost) { 752+ do_transparent++; 753+ portid=pport; 754+ } 755+ #endif 756+ 757 if(c->flags & PERM_DENY) { 758 if (p == -1) 759 syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr); 760*************** 761*** 223,229 **** 762 privport = 1; 763 continue; 764 } 765! 766 if (!strcmp(av[x], "-port")) { 767 if (++x >= ac) { 768 syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln); 769--- 237,248 ---- 770 privport = 1; 771 continue; 772 } 773! #ifdef USE_IP_FILTER 774! if (!strcmp(av[x],"-all-destinations")) { 775! dhost = transhost; 776! continue; 777! } 778! #endif 779 if (!strcmp(av[x], "-port")) { 780 if (++x >= ac) { 781 syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln); 782diff -cr ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c fwtk/rlogin-gw/rlogin-gw.c 783*** ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c Fri Sep 6 18:56:33 1996 784--- fwtk/rlogin-gw/rlogin-gw.c Sun Feb 2 06:26:04 1997 785*************** 786*** 40,46 **** 787 788 extern char *maphostname(); 789 790! 791 static int cmd_quit(); 792 static int cmd_help(); 793 static int cmd_connect(); 794--- 40,48 ---- 795 796 extern char *maphostname(); 797 798! #ifdef USE_IP_FILTER 799! static int do_transparent=0; 800! #endif 801 static int cmd_quit(); 802 static int cmd_help(); 803 static int cmd_connect(); 804*************** 805*** 120,125 **** 806--- 122,130 ---- 807 static char *tokav[56]; 808 int tokac; 809 struct timeval timo; 810+ #ifdef USE_IP_FILTER 811+ char *psychic; 812+ #endif 813 814 #ifndef LOG_NDELAY 815 openlog("rlogin-gw",LOG_PID); 816*************** 817*** 186,192 **** 818 } 819 820 821! 822 if((cf = cfg_get("directory",confp)) != (Cfg *)0) { 823 if(cf->argc != 1) { 824 syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln); 825--- 191,204 ---- 826 } 827 828 829! #ifdef USE_IP_FILTER 830! psychic=getdsthost(0,NULL); 831! if(psychic) { 832! do_transparent++; 833! strncpy(dest,psychic,511); 834! dest[511]='\0'; 835! } 836! #endif /* USE_IP_FILTER */ 837 if((cf = cfg_get("directory",confp)) != (Cfg *)0) { 838 if(cf->argc != 1) { 839 syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln); 840*************** 841*** 260,269 **** 842 } 843 844 /* if present a host name, chop and save username and hostname */ 845- dest[0] = '\0'; 846 if((p = index(rusername,'@')) != (char *)0) { 847 char *namp; 848 849 *p++ = '\0'; 850 if(*p == '\0') 851 p = "localhost"; 852--- 272,281 ---- 853 } 854 855 /* if present a host name, chop and save username and hostname */ 856 if((p = index(rusername,'@')) != (char *)0) { 857 char *namp; 858 859+ dest[0] = '\0'; 860 *p++ = '\0'; 861 if(*p == '\0') 862 p = "localhost"; 863*************** 864*** 532,539 **** 865--- 544,557 ---- 866 sprintf(ebuf,"Trying %s@%s...",rusername,namp); 867 else 868 sprintf(ebuf,"Trying %s...",namp); 869+ #ifdef USE_IP_FILTER 870+ if(!do_transparent) { 871+ #endif 872 if(say(0,ebuf)) 873 return(1); 874+ #ifdef USE_IP_FILTER 875+ } 876+ #endif 877 } else 878 syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]); 879 if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) { 880diff -cr ../TIS.orig/fwtk/tn-gw/tn-gw.c fwtk/tn-gw/tn-gw.c 881*** ../TIS.orig/fwtk/tn-gw/tn-gw.c Fri Sep 6 18:55:48 1996 882--- fwtk/tn-gw/tn-gw.c Sun Feb 2 06:06:33 1997 883*************** 884*** 97,102 **** 885--- 97,106 ---- 886 static int timeout = PROXY_TIMEOUT; 887 static char timed_out_msg[] = "\r\nConnection closed due to inactivity"; 888 889+ #ifdef USE_IP_FILTER 890+ static int do_transparent=0; 891+ #endif 892+ 893 typedef struct { 894 char *name; 895 char *hmsg; 896*************** 897*** 140,145 **** 898--- 144,153 ---- 899 char tokbuf[BSIZ]; 900 char *tokav[56]; 901 int tokac; 902+ #ifdef USE_IP_FILTER 903+ int port; 904+ char *psychic; 905+ #endif 906 907 #ifndef LOG_DAEMON 908 openlog("tn-gw",LOG_PID); 909*************** 910*** 307,313 **** 911 exit(1); 912 } 913 } 914! 915 while (argc > 1) { 916 argc--; 917 argv++; 918--- 315,349 ---- 919 exit(1); 920 } 921 } 922! #ifdef USE_IP_FILTER 923! psychic=getdsthost(0,&port); 924! if(psychic) { 925! if((strlen(psychic) + 10) < 510) { 926! do_transparent++; 927! if(port) 928! sprintf(dest,"%s:%d",psychic,port); 929! else 930! sprintf(dest,"%s",psychic); 931! 932! 933! if(!welcomedone) 934! if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { 935! if(cf->argc != 1) { 936! syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); 937! exit(1); 938! } 939! if(sayfile(0,cf->argv[0])) { 940! syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]); 941! exit(1); 942! } 943! welcomedone = 1; 944! } 945! 946! 947! } 948! } 949! 950! #endif /* USE_IP_FILTER */ 951 while (argc > 1) { 952 argc--; 953 argv++; 954*************** 955*** 870,877 **** 956 957 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); 958 sprintf(ebuf,"Trying %s port %d...",namp,port); 959! if(say(0,ebuf)) 960! return(1); 961 } else 962 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); 963 964--- 906,920 ---- 965 966 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); 967 sprintf(ebuf,"Trying %s port %d...",namp,port); 968! #ifdef USE_IP_FILTER 969! if(!do_transparent) { 970! sprintf(ebuf,"Trying %s port %d...",namp,port); 971! #endif 972! if(say(0,ebuf)) 973! return(1); 974! #ifdef USE_IP_FILTER 975! } 976! #endif 977 } else 978 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); 979 980*************** 981*** 903,910 **** 982 983 syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); 984 strncpy(dest,av[1], 511); 985! sprintf(buf, "Connected to %s.", dest); 986 say(0, buf); 987 return(2); 988 } 989 990--- 946,959 ---- 991 992 syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); 993 strncpy(dest,av[1], 511); 994! #ifdef USE_IP_FILTER 995! if(!do_transparent) { 996! sprintf(buf, "Connected to %s.", dest); 997! say(0, buf); 998! } 999! #else 1000 say(0, buf); 1001+ #endif 1002 return(2); 1003 } 1004 1005diff -cr ../TIS.orig/fwtk/x-gw/socket.c fwtk/x-gw/socket.c 1006*** ../TIS.orig/fwtk/x-gw/socket.c Sat Sep 7 05:16:35 1996 1007--- fwtk/x-gw/socket.c Sun Feb 2 05:26:44 1997 1008*************** 1009*** 212,218 **** 1010 case AF_UNIX: un_name = (struct sockaddr_un *)addr; 1011 len = sizeof(un_name->sun_family) + 1012 sizeof(un_name->sun_path) 1013! #ifdef SCM_RIGHTS /* 4.3BSD Reno and later */ 1014 + sizeof(un_name->sun_len) + 1 1015 #endif 1016 ; 1017--- 212,218 ---- 1018 case AF_UNIX: un_name = (struct sockaddr_un *)addr; 1019 len = sizeof(un_name->sun_family) + 1020 sizeof(un_name->sun_path) 1021! #if defined(SCM_RIGHTS) && !defined(LINUX)/* 4.3BSD Reno and later */ 1022 + sizeof(un_name->sun_len) + 1 1023 #endif 1024 ; 1025Only in fwtk/x-gw: socket.c.bak 1026