xref: /netbsd-src/external/bsd/ipf/dist/FWTK/ftp-gw.diff (revision c9d5dc6c77aa32fd07899a7a63638e95ffa433dd) 
1*** ftp-gw.c.orig	Sun Jun 22 16:27:42 1997
2--- ftp-gw.c	Sun Jun 22 17:02:16 1997
3***************
4*** 11,31 ****
5--- 11,41 ----
6   */
7  static	char	RcsId[] = "$Header: /cvsroot/src/external/bsd/ipf/dist/FWTK/ftp-gw.diff,v 1.1.1.2 2012/07/22 13:44:27 darrenr Exp $";
8
9+ /*
10+  * Patches for IP Filter NAT extensions written by Darren Reed, 7/7/96
11+  * darrenr@cyber.com.au
12+  */
13+ static	char	vIpFilter[] = "v3.1.11";
14
15  #include	<stdio.h>
16  #include	<ctype.h>
17  #include	<syslog.h>
18+ #include	<unistd.h>
19+ #include	<fcntl.h>
20  #include	<sys/signal.h>
21  #include	<sys/ioctl.h>
22  #include	<sys/errno.h>
23  extern	int	errno;
24+ #ifdef	sun
25  extern	char	*sys_errlist[];
26+ #endif
27  #include	<arpa/ftp.h>
28  #include	<arpa/telnet.h>
29  #include	<sys/time.h>
30  #include	<sys/types.h>
31  #include	<sys/socket.h>
32  #include	<netinet/in.h>
33+ #include	<net/if.h>
34
35  extern	char	*rindex();
36  extern	char	*index();
37***************
38*** 36,41 ****
39--- 46,54 ----
40
41  #include	"firewall.h"
42
43+ #include	"ip_compat.h"
44+ #include	"ip_fil.h"
45+ #include	"ip_nat.h"
46
47  #ifndef	BSIZ
48  #define	BSIZ	2048
49***************
50*** 83,88 ****
51--- 96,103 ----
52  static	int	cmd_noop();
53  static	int	cmd_abor();
54  static	int	cmd_passthru();
55+ static	int	nat_destination();
56+ static	int	connectdest();
57  static	void	saveline();
58  static	void	flushsaved();
59  static	void	trap_sigurg();
60***************
61*** 317,323 ****
62  			if(authallflg)
63  				if(say(0,"220-Proxy first requires authentication"))
64  					exit(1);
65! 			sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
66  			if(say(0,xuf))
67  				exit(1);
68  		}
69--- 332,341 ----
70  			if(authallflg)
71  				if(say(0,"220-Proxy first requires authentication"))
72  					exit(1);
73! 			sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
74! 			if(say(0,xuf))
75! 				exit(1);
76! 			sprintf(xuf,"220-%s TIS ftp-gw with IP Filter %s NAT extensions",huf,vIpFilter);
77  			if(say(0,xuf))
78  				exit(1);
79  		}
80***************
81*** 338,343 ****
82--- 356,363 ----
83  				exit(1);
84  	}
85
86+ 	nat_destination(0);
87+
88  	/* main loop */
89  	while(1) {
90  		FD_ZERO(&rdy);
91***************
92*** 608,619 ****
93  	static char	narg[] = "501 Missing or extra username";
94  	static char	noad[] = "501 Use user@site to connect via proxy";
95  	char		buf[1024];
96- 	char 		mbuf[512];
97  	char		*p;
98  	char		*dest;
99  	char		*user;
100  	int		x;
101- 	int		msg_int;
102  	short		port = FTPPORT;
103
104  	/* kludgy but effective. if authorizing everything call auth instead */
105--- 628,637 ----
106***************
107*** 643,648 ****
108--- 661,687 ----
109  			return(sayn(0,noad,sizeof(noad)));
110  	}
111
112+ 	if((rfd == -1) && (x = connectdest(dest,port)))
113+ 		return x;
114+ 	sprintf(buf,"USER %s",user);
115+ 	if(say(rfd,buf))
116+ 		return(1);
117+ 	x = getresp(rfd,buf,sizeof(buf),1);
118+ 	if(sendsaved(0,x))
119+ 		return(1);
120+ 	return(say(0,buf));
121+ }
122+
123+ static int
124+ connectdest(dest,port)
125+ char *dest;
126+ short port;
127+ {
128+ 	char		buf[1024];
129+ 	char 		mbuf[512];
130+ 	int		msg_int;
131+ 	int		x;
132+
133  	if(*dest == '\0')
134  		dest = "localhost";
135
136***************
137*** 685,693 ****
138  		char	ebuf[512];
139
140  		strcpy(ebuf,buf);
141! 		sprintf(buf,"521 %s: %s",dest,ebuf);
142  		return(say(0,buf));
143  	}
144  	sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
145  	saveline(buf);
146
147--- 724,733 ----
148  		char	ebuf[512];
149
150  		strcpy(ebuf,buf);
151! 		sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
152  		return(say(0,buf));
153  	}
154+
155  	sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
156  	saveline(buf);
157
158***************
159*** 698,711 ****
160  		return(say(0,buf));
161  	}
162  	saveline(buf);
163!
164! 	sprintf(buf,"USER %s",user);
165! 	if(say(rfd,buf))
166! 		return(1);
167! 	x = getresp(rfd,buf,sizeof(buf),1);
168! 	if(sendsaved(0,x))
169! 		return(1);
170! 	return(say(0,buf));
171  }
172
173
174--- 738,745 ----
175  		return(say(0,buf));
176  	}
177  	saveline(buf);
178! 	sendsaved(0,-1);
179! 	return 0;
180  }
181
182
183***************
184*** 1591,1593 ****
185--- 1625,1671 ----
186  	dup(nread);
187  }
188  #endif
189+
190+
191+ static int
192+ nat_destination(fd)
193+ int fd;
194+ {
195+ 	struct	sockaddr_in	laddr, faddr;
196+ 	struct	natlookup	natlookup;
197+ 	char	*dest;
198+ 	int	slen, natfd;
199+
200+ 	bzero((char *)&laddr, sizeof(laddr));
201+ 	bzero((char *)&faddr, sizeof(faddr));
202+ 	slen = sizeof(laddr);
203+ 	if(getsockname(fd,(struct sockaddr *)&laddr,&slen) < 0) {
204+ 		perror("getsockname");
205+ 		exit(1);
206+ 	}
207+ 	slen = sizeof(faddr);
208+ 	if(getpeername(fd,(struct sockaddr *)&faddr,&slen) < 0) {
209+ 		perror("getsockname");
210+ 		exit(1);
211+ 	}
212+
213+ 	natlookup.nl_inport = laddr.sin_port;
214+ 	natlookup.nl_outport = faddr.sin_port;
215+ 	natlookup.nl_inip = laddr.sin_addr;
216+ 	natlookup.nl_outip = faddr.sin_addr;
217+ 	natlookup.nl_flags = IPN_TCP;
218+ 	if((natfd = open(IPL_NAT, O_RDONLY)) < 0) {
219+ 		perror("open");
220+ 		exit(1);
221+ 	}
222+ 	if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) {
223+ 		syslog(LOG_ERR, "SIOCGNATL failed: %m\n");
224+ 		close(natfd);
225+ 		if(say(0,"220 Ready"))
226+ 			exit(1);
227+ 		return 0;
228+ 	}
229+ 	close(natfd);
230+ 	return connectdest(inet_ntoa(natlookup.nl_realip),
231+ 			   ntohs(natlookup.nl_realport));
232+ }
233