1*bc4097aaSchristosdiff -c -r ./ftp-gw/ftp-gw.c ../../NEW/fwtk/ftp-gw/ftp-gw.c 2*bc4097aaSchristos*** ./ftp-gw/ftp-gw.c Fri Sep 6 12:55:05 1996 3*bc4097aaSchristos--- ../../NEW/fwtk/ftp-gw/ftp-gw.c Wed Oct 9 02:51:35 1996 4*bc4097aaSchristos*************** 5*bc4097aaSchristos*** 40,47 **** 6*bc4097aaSchristos 7*bc4097aaSchristos extern char *optarg; 8*bc4097aaSchristos 9*bc4097aaSchristos! #include "firewall.h" 10*bc4097aaSchristos 11*bc4097aaSchristos 12*bc4097aaSchristos #ifndef BSIZ 13*bc4097aaSchristos #define BSIZ 2048 14*bc4097aaSchristos--- 40,48 ---- 15*bc4097aaSchristos 16*bc4097aaSchristos extern char *optarg; 17*bc4097aaSchristos 18*bc4097aaSchristos! char *getdsthost(); 19*bc4097aaSchristos 20*bc4097aaSchristos+ #include "firewall.h" 21*bc4097aaSchristos 22*bc4097aaSchristos #ifndef BSIZ 23*bc4097aaSchristos #define BSIZ 2048 24*bc4097aaSchristos*************** 25*bc4097aaSchristos*** 84,89 **** 26*bc4097aaSchristos--- 85,92 ---- 27*bc4097aaSchristos static int cmdcnt = 0; 28*bc4097aaSchristos static int timeout = PROXY_TIMEOUT; 29*bc4097aaSchristos 30*bc4097aaSchristos+ static int do_transparent=0; 31*bc4097aaSchristos+ 32*bc4097aaSchristos 33*bc4097aaSchristos static int cmd_user(); 34*bc4097aaSchristos static int cmd_authorize(); 35*bc4097aaSchristos*************** 36*bc4097aaSchristos*** 98,103 **** 37*bc4097aaSchristos--- 101,107 ---- 38*bc4097aaSchristos static void saveline(); 39*bc4097aaSchristos static void flushsaved(); 40*bc4097aaSchristos static void trap_sigurg(); 41*bc4097aaSchristos+ static int connectdest(); 42*bc4097aaSchristos 43*bc4097aaSchristos #define OP_CONN 001 /* only valid if connected */ 44*bc4097aaSchristos #define OP_WCON 002 /* writethrough if connected */ 45*bc4097aaSchristos*************** 46*bc4097aaSchristos*** 170,175 **** 47*bc4097aaSchristos--- 174,180 ---- 48*bc4097aaSchristos char xuf[1024]; 49*bc4097aaSchristos char huf[128]; 50*bc4097aaSchristos char *passuser = (char *)0; /* passed user as av */ 51*bc4097aaSchristos+ char *psychic, *hotline; 52*bc4097aaSchristos 53*bc4097aaSchristos #ifndef LOG_DAEMON 54*bc4097aaSchristos openlog("ftp-gw",LOG_PID); 55*bc4097aaSchristos*************** 56*bc4097aaSchristos*** 314,319 **** 57*bc4097aaSchristos--- 319,326 ---- 58*bc4097aaSchristos } else 59*bc4097aaSchristos timeout = 60*60; 60*bc4097aaSchristos 61*bc4097aaSchristos+ psychic=getdsthost(0,NULL); 62*bc4097aaSchristos+ if(psychic) { do_transparent++; } 63*bc4097aaSchristos 64*bc4097aaSchristos /* display a welcome file or message */ 65*bc4097aaSchristos if(passuser == (char *)0) { 66*bc4097aaSchristos*************** 67*bc4097aaSchristos*** 322,327 **** 68*bc4097aaSchristos--- 329,340 ---- 69*bc4097aaSchristos syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); 70*bc4097aaSchristos exit(1); 71*bc4097aaSchristos } 72*bc4097aaSchristos+ if(do_transparent) { 73*bc4097aaSchristos+ if(sayfile2(0,cf->argv[0],220)) { 74*bc4097aaSchristos+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); 75*bc4097aaSchristos+ exit(1); 76*bc4097aaSchristos+ } 77*bc4097aaSchristos+ } else 78*bc4097aaSchristos if(sayfile(0,cf->argv[0],220)) { 79*bc4097aaSchristos syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); 80*bc4097aaSchristos exit(1); 81*bc4097aaSchristos*************** 82*bc4097aaSchristos*** 332,338 **** 83*bc4097aaSchristos if(authallflg) 84*bc4097aaSchristos if(say(0,"220-Proxy first requires authentication")) 85*bc4097aaSchristos exit(1); 86*bc4097aaSchristos! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); 87*bc4097aaSchristos if(say(0,xuf)) 88*bc4097aaSchristos exit(1); 89*bc4097aaSchristos } 90*bc4097aaSchristos--- 345,357 ---- 91*bc4097aaSchristos if(authallflg) 92*bc4097aaSchristos if(say(0,"220-Proxy first requires authentication")) 93*bc4097aaSchristos exit(1); 94*bc4097aaSchristos! /* foo */ 95*bc4097aaSchristos! if(do_transparent) 96*bc4097aaSchristos! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); 97*bc4097aaSchristos! else 98*bc4097aaSchristos! sprintf(xuf,"220 %s FTP Proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); 99*bc4097aaSchristos! /* foo */ 100*bc4097aaSchristos! 101*bc4097aaSchristos if(say(0,xuf)) 102*bc4097aaSchristos exit(1); 103*bc4097aaSchristos } 104*bc4097aaSchristos*************** 105*bc4097aaSchristos*** 353,358 **** 106*bc4097aaSchristos--- 372,381 ---- 107*bc4097aaSchristos exit(1); 108*bc4097aaSchristos } 109*bc4097aaSchristos 110*bc4097aaSchristos+ if(do_transparent) { 111*bc4097aaSchristos+ connectdest(psychic,21); 112*bc4097aaSchristos+ } 113*bc4097aaSchristos+ 114*bc4097aaSchristos /* main loop */ 115*bc4097aaSchristos while(1) { 116*bc4097aaSchristos FD_ZERO(&rdy); 117*bc4097aaSchristos*************** 118*bc4097aaSchristos*** 676,681 **** 119*bc4097aaSchristos--- 699,713 ---- 120*bc4097aaSchristos return(sayn(0,noad,sizeof(noad)-1)); 121*bc4097aaSchristos } 122*bc4097aaSchristos 123*bc4097aaSchristos+ if(do_transparent) { 124*bc4097aaSchristos+ if((rfd==(-1)) && (x=connectdest(dest,port))) return x; 125*bc4097aaSchristos+ sprintf(buf,"USER %s",user); 126*bc4097aaSchristos+ if(say(rfd,buf)) return(1); 127*bc4097aaSchristos+ x=getresp(rfd,buf,sizeof(buf),1); 128*bc4097aaSchristos+ if(sendsaved(0,x)) return(1); 129*bc4097aaSchristos+ return(say(0,buf)); 130*bc4097aaSchristos+ } 131*bc4097aaSchristos+ 132*bc4097aaSchristos if(*dest == '\0') 133*bc4097aaSchristos dest = "localhost"; 134*bc4097aaSchristos 135*bc4097aaSchristos*************** 136*bc4097aaSchristos*** 701,708 **** 137*bc4097aaSchristos if(msg_int == 1) { 138*bc4097aaSchristos sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); 139*bc4097aaSchristos syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); 140*bc4097aaSchristos! say(0,mbuf); 141*bc4097aaSchristos! return(1); 142*bc4097aaSchristos } else { 143*bc4097aaSchristos if(msg_int == -1) { 144*bc4097aaSchristos sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); 145*bc4097aaSchristos--- 733,740 ---- 146*bc4097aaSchristos if(msg_int == 1) { 147*bc4097aaSchristos sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); 148*bc4097aaSchristos syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); 149*bc4097aaSchristos! say(0,mbuf); 150*bc4097aaSchristos! return(1); 151*bc4097aaSchristos } else { 152*bc4097aaSchristos if(msg_int == -1) { 153*bc4097aaSchristos sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); 154*bc4097aaSchristos*************** 155*bc4097aaSchristos*** 717,723 **** 156*bc4097aaSchristos char ebuf[512]; 157*bc4097aaSchristos 158*bc4097aaSchristos strcpy(ebuf,buf); 159*bc4097aaSchristos! sprintf(buf,"521 %s: %s",dest,ebuf); 160*bc4097aaSchristos rfd = -1; 161*bc4097aaSchristos return(say(0,buf)); 162*bc4097aaSchristos } 163*bc4097aaSchristos--- 749,759 ---- 164*bc4097aaSchristos char ebuf[512]; 165*bc4097aaSchristos 166*bc4097aaSchristos strcpy(ebuf,buf); 167*bc4097aaSchristos! if(do_transparent) { 168*bc4097aaSchristos! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf); 169*bc4097aaSchristos! } else { 170*bc4097aaSchristos! sprintf(buf,"521 %s: %s",dest,ebuf); 171*bc4097aaSchristos! } 172*bc4097aaSchristos rfd = -1; 173*bc4097aaSchristos return(say(0,buf)); 174*bc4097aaSchristos } 175*bc4097aaSchristos*************** 176*bc4097aaSchristos*** 732,737 **** 177*bc4097aaSchristos--- 768,778 ---- 178*bc4097aaSchristos } 179*bc4097aaSchristos saveline(buf); 180*bc4097aaSchristos 181*bc4097aaSchristos+ /* if(do_transparent) { 182*bc4097aaSchristos+ sendsaved(0,-1); 183*bc4097aaSchristos+ return(0); 184*bc4097aaSchristos+ } /* EEEk. I can't remember what this does. */ 185*bc4097aaSchristos+ 186*bc4097aaSchristos sprintf(buf,"USER %s",user); 187*bc4097aaSchristos if(say(rfd,buf)) 188*bc4097aaSchristos return(1); 189*bc4097aaSchristos*************** 190*bc4097aaSchristos*** 744,749 **** 191*bc4097aaSchristos--- 785,860 ---- 192*bc4097aaSchristos return 0; 193*bc4097aaSchristos } 194*bc4097aaSchristos 195*bc4097aaSchristos+ static int connectdest(dest, port) 196*bc4097aaSchristos+ char *dest; 197*bc4097aaSchristos+ short port; 198*bc4097aaSchristos+ { 199*bc4097aaSchristos+ char buf[1024], mbuf[512]; 200*bc4097aaSchristos+ int msg_int, x; 201*bc4097aaSchristos+ 202*bc4097aaSchristos+ if(*dest == '\0') 203*bc4097aaSchristos+ dest = "localhost"; 204*bc4097aaSchristos+ 205*bc4097aaSchristos+ if(validests != (char **)0) { 206*bc4097aaSchristos+ char **xp; 207*bc4097aaSchristos+ int x; 208*bc4097aaSchristos+ 209*bc4097aaSchristos+ for(xp = validests; *xp != (char *)0; xp++) { 210*bc4097aaSchristos+ if(**xp == '!' && hostmatch(*xp + 1,dest)) { 211*bc4097aaSchristos+ return(baddest(0,dest)); 212*bc4097aaSchristos+ } else { 213*bc4097aaSchristos+ if(hostmatch(*xp,dest)) 214*bc4097aaSchristos+ break; 215*bc4097aaSchristos+ } 216*bc4097aaSchristos+ } 217*bc4097aaSchristos+ if(*xp == (char *)0) 218*bc4097aaSchristos+ return(baddest(0,dest)); 219*bc4097aaSchristos+ } 220*bc4097aaSchristos+ 221*bc4097aaSchristos+ /* Extended permissions processing goes in here for destination */ 222*bc4097aaSchristos+ if(extendperm) { 223*bc4097aaSchristos+ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0); 224*bc4097aaSchristos+ if(msg_int == 1) { 225*bc4097aaSchristos+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); 226*bc4097aaSchristos+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); 227*bc4097aaSchristos+ say(0,mbuf); 228*bc4097aaSchristos+ return(1); 229*bc4097aaSchristos+ } else { 230*bc4097aaSchristos+ if(msg_int == -1) { 231*bc4097aaSchristos+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); 232*bc4097aaSchristos+ say(0,mbuf); 233*bc4097aaSchristos+ return(1); 234*bc4097aaSchristos+ } 235*bc4097aaSchristos+ } 236*bc4097aaSchristos+ } 237*bc4097aaSchristos+ 238*bc4097aaSchristos+ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest); 239*bc4097aaSchristos+ 240*bc4097aaSchristos+ if((rfd = conn_server(dest,port,0,buf)) < 0) { 241*bc4097aaSchristos+ char ebuf[512]; 242*bc4097aaSchristos+ 243*bc4097aaSchristos+ strcpy(ebuf,buf); 244*bc4097aaSchristos+ sprintf(buf,"521 %s: %s",dest,ebuf); 245*bc4097aaSchristos+ rfd = -1; 246*bc4097aaSchristos+ return(say(0,buf)); 247*bc4097aaSchristos+ } 248*bc4097aaSchristos+ if(!do_transparent) { 249*bc4097aaSchristos+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); 250*bc4097aaSchristos+ saveline(buf); 251*bc4097aaSchristos+ } 252*bc4097aaSchristos+ 253*bc4097aaSchristos+ /* we are now connected and need to try the autologin thing */ 254*bc4097aaSchristos+ x = getresp(rfd,buf,sizeof(buf),1); 255*bc4097aaSchristos+ if(x / 100 != COMPLETE) { 256*bc4097aaSchristos+ sendsaved(0,-1); 257*bc4097aaSchristos+ return(say(0,buf)); 258*bc4097aaSchristos+ } 259*bc4097aaSchristos+ saveline(buf); 260*bc4097aaSchristos+ 261*bc4097aaSchristos+ sendsaved(0,-1); 262*bc4097aaSchristos+ return 0; 263*bc4097aaSchristos+ } 264*bc4097aaSchristos+ 265*bc4097aaSchristos 266*bc4097aaSchristos 267*bc4097aaSchristos static int 268*bc4097aaSchristos*************** 269*bc4097aaSchristos*** 1053,1058 **** 270*bc4097aaSchristos--- 1164,1171 ---- 271*bc4097aaSchristos static char nprn[] = "500 cannot get peername"; 272*bc4097aaSchristos char buf[512]; 273*bc4097aaSchristos 274*bc4097aaSchristos+ /* syslog(LLEV,"DEBUG: port cmd"); */ 275*bc4097aaSchristos+ 276*bc4097aaSchristos if(ac < 2) 277*bc4097aaSchristos return(sayn(0,narg,sizeof(narg)-1)); 278*bc4097aaSchristos 279*bc4097aaSchristos*************** 280*bc4097aaSchristos*** 1119,1124 **** 281*bc4097aaSchristos--- 1232,1238 ---- 282*bc4097aaSchristos #define UC(c) (((int)c) & 0xff) 283*bc4097aaSchristos sprintf(buf,"PORT %d,%d,%d,%d,%d,%d\r\n",UC(k[0]),UC(k[1]),UC(k[2]), 284*bc4097aaSchristos UC(k[3]),UC(l[0]),UC(l[1])); 285*bc4097aaSchristos+ /* syslog(LLEV,"DEBUG: %s",buf); */ 286*bc4097aaSchristos s = strlen(buf); 287*bc4097aaSchristos if (write(rfd, buf, s) != s) 288*bc4097aaSchristos return 1; 289*bc4097aaSchristos*************** 290*bc4097aaSchristos*** 1330,1335 **** 291*bc4097aaSchristos--- 1444,1450 ---- 292*bc4097aaSchristos callback() 293*bc4097aaSchristos { 294*bc4097aaSchristos /* if we haven't gotten a valid PORT scrub the connection */ 295*bc4097aaSchristos+ /* syslog(LLEV,"DEBUG: callback()."); */ 296*bc4097aaSchristos if((outgoing = accept(boundport,(struct sockaddr *)0,(int *)0)) < 0 || clntport.sin_port == 0) 297*bc4097aaSchristos goto bomb; 298*bc4097aaSchristos if(pasvport != -1) { /* incoming handled by PASVcallback */ 299*bc4097aaSchristos*************** 300*bc4097aaSchristos*** 1796,1801 **** 301*bc4097aaSchristos--- 1911,1960 ---- 302*bc4097aaSchristos } 303*bc4097aaSchristos return(0); 304*bc4097aaSchristos } 305*bc4097aaSchristos+ 306*bc4097aaSchristos+ /* ok, so i'm in a hurry. english paper due RSN. */ 307*bc4097aaSchristos+ sayfile2(fd,fn,code) 308*bc4097aaSchristos+ int fd; 309*bc4097aaSchristos+ char *fn; 310*bc4097aaSchristos+ int code; 311*bc4097aaSchristos+ { 312*bc4097aaSchristos+ FILE *f; 313*bc4097aaSchristos+ char buf[BUFSIZ]; 314*bc4097aaSchristos+ char yuf[BUFSIZ]; 315*bc4097aaSchristos+ char *c; 316*bc4097aaSchristos+ int x; 317*bc4097aaSchristos+ int saidsomething = 0; 318*bc4097aaSchristos+ 319*bc4097aaSchristos+ if((f = fopen(fn,"r")) == (FILE *)0) 320*bc4097aaSchristos+ return(1); 321*bc4097aaSchristos+ while(fgets(buf,sizeof(buf),f) != (char *)0) { 322*bc4097aaSchristos+ if((c = index(buf,'\n')) != (char *)0) 323*bc4097aaSchristos+ *c = '\0'; 324*bc4097aaSchristos+ x = fgetc(f); 325*bc4097aaSchristos+ if(feof(f)) 326*bc4097aaSchristos+ sprintf(yuf,"%3.3d-%s",code,buf); 327*bc4097aaSchristos+ else { 328*bc4097aaSchristos+ sprintf(yuf,"%3.3d-%s",code,buf); 329*bc4097aaSchristos+ ungetc(x,f); 330*bc4097aaSchristos+ } 331*bc4097aaSchristos+ if(say(fd,yuf)) { 332*bc4097aaSchristos+ fclose(f); 333*bc4097aaSchristos+ return(1); 334*bc4097aaSchristos+ } 335*bc4097aaSchristos+ saidsomething++; 336*bc4097aaSchristos+ } 337*bc4097aaSchristos+ fclose(f); 338*bc4097aaSchristos+ if (!saidsomething) { 339*bc4097aaSchristos+ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code); 340*bc4097aaSchristos+ sprintf(yuf, "%3.3d The file to display is empty",code); 341*bc4097aaSchristos+ if(say(fd,yuf)) { 342*bc4097aaSchristos+ fclose(f); 343*bc4097aaSchristos+ return(1); 344*bc4097aaSchristos+ } 345*bc4097aaSchristos+ } 346*bc4097aaSchristos+ return(0); 347*bc4097aaSchristos+ } 348*bc4097aaSchristos+ 349*bc4097aaSchristos 350*bc4097aaSchristos 351*bc4097aaSchristos porttoaddr(s,a) 352*bc4097aaSchristosdiff -c -r ./http-gw/http-gw.c ../../NEW/fwtk/http-gw/http-gw.c 353*bc4097aaSchristos*** ./http-gw/http-gw.c Mon Sep 9 14:40:53 1996 354*bc4097aaSchristos--- ../../NEW/fwtk/http-gw/http-gw.c Wed Oct 9 02:51:57 1996 355*bc4097aaSchristos*************** 356*bc4097aaSchristos*** 27,32 **** 357*bc4097aaSchristos--- 27,37 ---- 358*bc4097aaSchristos static char http_buffer[8192]; 359*bc4097aaSchristos static char reason[8192]; 360*bc4097aaSchristos static int checkBrowserType = 1; 361*bc4097aaSchristos+ /* foo */ 362*bc4097aaSchristos+ static int do_transparent=0; 363*bc4097aaSchristos+ /* foo */ 364*bc4097aaSchristos+ 365*bc4097aaSchristos+ char *getdsthost(); 366*bc4097aaSchristos 367*bc4097aaSchristos static void do_logging() 368*bc4097aaSchristos { char *proto = "GOPHER"; 369*bc4097aaSchristos*************** 370*bc4097aaSchristos*** 422,427 **** 371*bc4097aaSchristos--- 427,443 ---- 372*bc4097aaSchristos /*(NOT A SPECIAL FORM)*/ 373*bc4097aaSchristos 374*bc4097aaSchristos if((rem_type & TYPE_LOCAL)== 0){ 375*bc4097aaSchristos+ /* foo */ 376*bc4097aaSchristos+ char *psychic=getdsthost(sockfd,&def_port); 377*bc4097aaSchristos+ if(psychic) { 378*bc4097aaSchristos+ if(strlen(psychic)<=MAXHOSTNAMELEN) { 379*bc4097aaSchristos+ do_transparent++; 380*bc4097aaSchristos+ strncpy(def_httpd,psychic,strlen(psychic)); 381*bc4097aaSchristos+ strncpy(def_server,psychic,strlen(psychic)); 382*bc4097aaSchristos+ } 383*bc4097aaSchristos+ } 384*bc4097aaSchristos+ 385*bc4097aaSchristos+ /* foo */ 386*bc4097aaSchristos /* See if it can be forwarded */ 387*bc4097aaSchristos 388*bc4097aaSchristos if( can_forward(buf)){ 389*bc4097aaSchristos*************** 390*bc4097aaSchristos*** 1513,1519 **** 391*bc4097aaSchristos parse_vec[0], 392*bc4097aaSchristos parse_vec[1], 393*bc4097aaSchristos ourname, ourport); 394*bc4097aaSchristos! }else{ 395*bc4097aaSchristos sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u", 396*bc4097aaSchristos parse_vec[0], parse_vec[2], 397*bc4097aaSchristos parse_vec[3], chk_type_ch, 398*bc4097aaSchristos--- 1529,1541 ---- 399*bc4097aaSchristos parse_vec[0], 400*bc4097aaSchristos parse_vec[1], 401*bc4097aaSchristos ourname, ourport); 402*bc4097aaSchristos! } 403*bc4097aaSchristos! /* FOO */ 404*bc4097aaSchristos! else if(do_transparent) { 405*bc4097aaSchristos! sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]); 406*bc4097aaSchristos! } 407*bc4097aaSchristos! /* FOO */ 408*bc4097aaSchristos! else{ 409*bc4097aaSchristos sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u", 410*bc4097aaSchristos parse_vec[0], parse_vec[2], 411*bc4097aaSchristos parse_vec[3], chk_type_ch, 412*bc4097aaSchristosdiff -c -r ./lib/hnam.c ../../NEW/fwtk/lib/hnam.c 413*bc4097aaSchristos*** ./lib/hnam.c Fri Nov 4 18:30:19 1994 414*bc4097aaSchristos--- ../../NEW/fwtk/lib/hnam.c Wed Oct 9 02:34:13 1996 415*bc4097aaSchristos*************** 416*bc4097aaSchristos*** 22,27 **** 417*bc4097aaSchristos--- 22,31 ---- 418*bc4097aaSchristos 419*bc4097aaSchristos 420*bc4097aaSchristos #include "firewall.h" 421*bc4097aaSchristos+ #ifdef __FreeBSD__ 422*bc4097aaSchristos+ #include <net/if.h> 423*bc4097aaSchristos+ #include "ip_nat.h" 424*bc4097aaSchristos+ #endif /* __FreeBSD__ */ 425*bc4097aaSchristos 426*bc4097aaSchristos 427*bc4097aaSchristos char * 428*bc4097aaSchristos*************** 429*bc4097aaSchristos*** 44,47 **** 430*bc4097aaSchristos--- 48,115 ---- 431*bc4097aaSchristos 432*bc4097aaSchristos bcopy(hp->h_addr,&sin.sin_addr,hp->h_length); 433*bc4097aaSchristos return(inet_ntoa(sin.sin_addr)); 434*bc4097aaSchristos+ } 435*bc4097aaSchristos+ 436*bc4097aaSchristos+ char *getdsthost(fd, ptr) 437*bc4097aaSchristos+ int fd; 438*bc4097aaSchristos+ int *ptr; 439*bc4097aaSchristos+ { 440*bc4097aaSchristos+ struct sockaddr_in sin; 441*bc4097aaSchristos+ struct hostent *hp; 442*bc4097aaSchristos+ int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0; 443*bc4097aaSchristos+ char buf[255], hostbuf[255]; 444*bc4097aaSchristos+ #ifdef __FreeBSD__ 445*bc4097aaSchristos+ struct sockaddr_in rsin; 446*bc4097aaSchristos+ struct natlookup natlookup; 447*bc4097aaSchristos+ #endif 448*bc4097aaSchristos+ 449*bc4097aaSchristos+ #ifdef linux 450*bc4097aaSchristos+ /* This should also work for UDP. Unfortunately, it doesn't. 451*bc4097aaSchristos+ Maybe when the Linux UDP proxy code gets a little cleaner. 452*bc4097aaSchristos+ */ 453*bc4097aaSchristos+ if(!(err=getsockname(0,&sin,&sl))) { 454*bc4097aaSchristos+ if(ptr) *ptr=ntohs(sin.sin_port); 455*bc4097aaSchristos+ sprintf(buf,"%s",inet_ntoa(sin.sin_addr)); 456*bc4097aaSchristos+ gethostname(hostbuf,254); 457*bc4097aaSchristos+ hp=gethostbyname(hostbuf); 458*bc4097aaSchristos+ while(hp->h_addr_list[i]) { 459*bc4097aaSchristos+ bzero(&sin,&sl); 460*bc4097aaSchristos+ memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++])); 461*bc4097aaSchristos+ if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++; 462*bc4097aaSchristos+ } 463*bc4097aaSchristos+ if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); } 464*bc4097aaSchristos+ else { return(buf); } 465*bc4097aaSchristos+ } 466*bc4097aaSchristos+ #endif 467*bc4097aaSchristos+ 468*bc4097aaSchristos+ #ifdef __FreeBSD__ 469*bc4097aaSchristos+ /* The basis for this block of code is Darren Reed's 470*bc4097aaSchristos+ patches to the TIS ftwk's ftp-gw. 471*bc4097aaSchristos+ */ 472*bc4097aaSchristos+ bzero((char*)&sin,sizeof(sin)); 473*bc4097aaSchristos+ bzero((char*)&rsin,sizeof(rsin)); 474*bc4097aaSchristos+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) { 475*bc4097aaSchristos+ return NULL; 476*bc4097aaSchristos+ } 477*bc4097aaSchristos+ sl=sizeof(rsin); 478*bc4097aaSchristos+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) { 479*bc4097aaSchristos+ return NULL; 480*bc4097aaSchristos+ } 481*bc4097aaSchristos+ natlookup.nl_inport=sin.sin_port; 482*bc4097aaSchristos+ natlookup.nl_outport=rsin.sin_port; 483*bc4097aaSchristos+ natlookup.nl_inip=sin.sin_addr; 484*bc4097aaSchristos+ natlookup.nl_outip=rsin.sin_addr; 485*bc4097aaSchristos+ if((natfd=open(IPL_NAT,O_RDONLY))<0) { 486*bc4097aaSchristos+ return(NULL); 487*bc4097aaSchristos+ } 488*bc4097aaSchristos+ if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) { 489*bc4097aaSchristos+ return(NULL); 490*bc4097aaSchristos+ } 491*bc4097aaSchristos+ close(natfd); 492*bc4097aaSchristos+ if(ptr) *ptr=ntohs(natlookup.nl_realport); 493*bc4097aaSchristos+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip)); 494*bc4097aaSchristos+ #endif 495*bc4097aaSchristos+ 496*bc4097aaSchristos+ /* No transparent proxy support */ 497*bc4097aaSchristos+ return(NULL); 498*bc4097aaSchristos } 499*bc4097aaSchristosOnly in ./lib: hnam.c.orig 500*bc4097aaSchristosdiff -c -r ./plug-gw/plug-gw.c ../../NEW/fwtk/plug-gw/plug-gw.c 501*bc4097aaSchristos*** ./plug-gw/plug-gw.c Thu Sep 5 15:36:33 1996 502*bc4097aaSchristos--- ../../NEW/fwtk/plug-gw/plug-gw.c Wed Oct 9 02:46:48 1996 503*bc4097aaSchristos*************** 504*bc4097aaSchristos*** 39,44 **** 505*bc4097aaSchristos--- 39,48 ---- 506*bc4097aaSchristos static char **validdests = (char **)0; 507*bc4097aaSchristos static Cfg *confp; 508*bc4097aaSchristos 509*bc4097aaSchristos+ int do_transparent=0; 510*bc4097aaSchristos+ 511*bc4097aaSchristos+ char *getdsthost(); 512*bc4097aaSchristos+ 513*bc4097aaSchristos main(ac,av) 514*bc4097aaSchristos int ac; 515*bc4097aaSchristos char *av[]; 516*bc4097aaSchristos*************** 517*bc4097aaSchristos*** 193,201 **** 518*bc4097aaSchristos--- 197,213 ---- 519*bc4097aaSchristos char *ptr; 520*bc4097aaSchristos int state = 0; 521*bc4097aaSchristos int ssl_plug = 0; 522*bc4097aaSchristos+ int pport=0; 523*bc4097aaSchristos 524*bc4097aaSchristos struct timeval timo; 525*bc4097aaSchristos 526*bc4097aaSchristos+ /* Transparent plug-gw is probably a bad idea, but hey .. */ 527*bc4097aaSchristos+ dhost=getdsthost(0,&pport); 528*bc4097aaSchristos+ if(dhost) { 529*bc4097aaSchristos+ do_transparent++; 530*bc4097aaSchristos+ portid=pport; 531*bc4097aaSchristos+ } 532*bc4097aaSchristos+ 533*bc4097aaSchristos if(c->flags & PERM_DENY) { 534*bc4097aaSchristos if (p == -1) 535*bc4097aaSchristos syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr); 536*bc4097aaSchristos*************** 537*bc4097aaSchristos*** 215,221 **** 538*bc4097aaSchristos syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln); 539*bc4097aaSchristos exit (1); 540*bc4097aaSchristos } 541*bc4097aaSchristos! dhost = av[x]; 542*bc4097aaSchristos continue; 543*bc4097aaSchristos } 544*bc4097aaSchristos 545*bc4097aaSchristos--- 227,234 ---- 546*bc4097aaSchristos syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln); 547*bc4097aaSchristos exit (1); 548*bc4097aaSchristos } 549*bc4097aaSchristos! if(!dhost) dhost = av[x]; 550*bc4097aaSchristos! /* syslog(LLEV,"DEBUG: dhost now is [%s]",dhost); */ 551*bc4097aaSchristos continue; 552*bc4097aaSchristos } 553*bc4097aaSchristos 554*bc4097aaSchristosdiff -c -r ./rlogin-gw/rlogin-gw.c ../../NEW/fwtk/rlogin-gw/rlogin-gw.c 555*bc4097aaSchristos*** ./rlogin-gw/rlogin-gw.c Fri Sep 6 12:56:33 1996 556*bc4097aaSchristos--- ../../NEW/fwtk/rlogin-gw/rlogin-gw.c Wed Oct 9 02:49:04 1996 557*bc4097aaSchristos*************** 558*bc4097aaSchristos*** 39,45 **** 559*bc4097aaSchristos--- 39,47 ---- 560*bc4097aaSchristos 561*bc4097aaSchristos 562*bc4097aaSchristos extern char *maphostname(); 563*bc4097aaSchristos+ char *getdsthost(); 564*bc4097aaSchristos 565*bc4097aaSchristos+ int do_transparent=0; 566*bc4097aaSchristos 567*bc4097aaSchristos static int cmd_quit(); 568*bc4097aaSchristos static int cmd_help(); 569*bc4097aaSchristos*************** 570*bc4097aaSchristos*** 120,125 **** 571*bc4097aaSchristos--- 122,130 ---- 572*bc4097aaSchristos static char *tokav[56]; 573*bc4097aaSchristos int tokac; 574*bc4097aaSchristos struct timeval timo; 575*bc4097aaSchristos+ /* foo */ 576*bc4097aaSchristos+ char *psychic; 577*bc4097aaSchristos+ /* foo */ 578*bc4097aaSchristos 579*bc4097aaSchristos #ifndef LOG_NDELAY 580*bc4097aaSchristos openlog("rlogin-gw",LOG_PID); 581*bc4097aaSchristos*************** 582*bc4097aaSchristos*** 185,191 **** 583*bc4097aaSchristos xforwarder = cf->argv[0]; 584*bc4097aaSchristos } 585*bc4097aaSchristos 586*bc4097aaSchristos! 587*bc4097aaSchristos 588*bc4097aaSchristos if((cf = cfg_get("directory",confp)) != (Cfg *)0) { 589*bc4097aaSchristos if(cf->argc != 1) { 590*bc4097aaSchristos--- 190,203 ---- 591*bc4097aaSchristos xforwarder = cf->argv[0]; 592*bc4097aaSchristos } 593*bc4097aaSchristos 594*bc4097aaSchristos! /* foo */ 595*bc4097aaSchristos! psychic=getdsthost(0,NULL); 596*bc4097aaSchristos! if(psychic) { 597*bc4097aaSchristos! do_transparent++; 598*bc4097aaSchristos! strncpy(dest,psychic,511); 599*bc4097aaSchristos! dest[511]='\0'; 600*bc4097aaSchristos! } 601*bc4097aaSchristos! /* foo */ 602*bc4097aaSchristos 603*bc4097aaSchristos if((cf = cfg_get("directory",confp)) != (Cfg *)0) { 604*bc4097aaSchristos if(cf->argc != 1) { 605*bc4097aaSchristos*************** 606*bc4097aaSchristos*** 260,269 **** 607*bc4097aaSchristos } 608*bc4097aaSchristos 609*bc4097aaSchristos /* if present a host name, chop and save username and hostname */ 610*bc4097aaSchristos! dest[0] = '\0'; 611*bc4097aaSchristos if((p = index(rusername,'@')) != (char *)0) { 612*bc4097aaSchristos char *namp; 613*bc4097aaSchristos 614*bc4097aaSchristos *p++ = '\0'; 615*bc4097aaSchristos if(*p == '\0') 616*bc4097aaSchristos p = "localhost"; 617*bc4097aaSchristos--- 272,282 ---- 618*bc4097aaSchristos } 619*bc4097aaSchristos 620*bc4097aaSchristos /* if present a host name, chop and save username and hostname */ 621*bc4097aaSchristos! /* dest[0] = '\0'; */ 622*bc4097aaSchristos if((p = index(rusername,'@')) != (char *)0) { 623*bc4097aaSchristos char *namp; 624*bc4097aaSchristos 625*bc4097aaSchristos+ dest[0] = '\0'; 626*bc4097aaSchristos *p++ = '\0'; 627*bc4097aaSchristos if(*p == '\0') 628*bc4097aaSchristos p = "localhost"; 629*bc4097aaSchristos*************** 630*bc4097aaSchristos*** 293,300 **** 631*bc4097aaSchristos--- 306,326 ---- 632*bc4097aaSchristos goto leave; 633*bc4097aaSchristos } 634*bc4097aaSchristos 635*bc4097aaSchristos+ /* syslog(LLEV,"DEBUG: Uh-oh, $dest = %s\n",dest); */ 636*bc4097aaSchristos+ 637*bc4097aaSchristos if(dest[0] != '\0') { 638*bc4097aaSchristos /* Setup connection directly to remote machine */ 639*bc4097aaSchristos+ if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { 640*bc4097aaSchristos+ if(cf->argc != 1) { 641*bc4097aaSchristos+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); 642*bc4097aaSchristos+ exit(1); 643*bc4097aaSchristos+ } 644*bc4097aaSchristos+ if(sayfile(0,cf->argv[0])) { 645*bc4097aaSchristos+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); 646*bc4097aaSchristos+ exit(1); 647*bc4097aaSchristos+ } 648*bc4097aaSchristos+ } 649*bc4097aaSchristos+ /* Does this cmd_connect thing feel like a kludge or what? */ 650*bc4097aaSchristos sprintf(buf,"connect %.1000s",dest); 651*bc4097aaSchristos tokac = enargv(buf, tokav, 56, tokbuf, sizeof(tokbuf)); 652*bc4097aaSchristos if (cmd_connect(tokac, tokav, buf) != 2) 653*bc4097aaSchristos*************** 654*bc4097aaSchristos*** 526,539 **** 655*bc4097aaSchristos char ebuf[512]; 656*bc4097aaSchristos 657*bc4097aaSchristos syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,namp); 658*bc4097aaSchristos if(strlen(namp) > 20) 659*bc4097aaSchristos namp[20] = '\0'; 660*bc4097aaSchristos if(rusername[0] != '\0') 661*bc4097aaSchristos sprintf(ebuf,"Trying %s@%s...",rusername,namp); 662*bc4097aaSchristos else 663*bc4097aaSchristos sprintf(ebuf,"Trying %s...",namp); 664*bc4097aaSchristos! if(say(0,ebuf)) 665*bc4097aaSchristos! return(1); 666*bc4097aaSchristos } else 667*bc4097aaSchristos syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]); 668*bc4097aaSchristos if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) { 669*bc4097aaSchristos--- 552,567 ---- 670*bc4097aaSchristos char ebuf[512]; 671*bc4097aaSchristos 672*bc4097aaSchristos syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,namp); 673*bc4097aaSchristos+ if(!do_transparent) { 674*bc4097aaSchristos if(strlen(namp) > 20) 675*bc4097aaSchristos namp[20] = '\0'; 676*bc4097aaSchristos if(rusername[0] != '\0') 677*bc4097aaSchristos sprintf(ebuf,"Trying %s@%s...",rusername,namp); 678*bc4097aaSchristos else 679*bc4097aaSchristos sprintf(ebuf,"Trying %s...",namp); 680*bc4097aaSchristos! if(say(0,ebuf)) 681*bc4097aaSchristos! return(1); 682*bc4097aaSchristos! } 683*bc4097aaSchristos } else 684*bc4097aaSchristos syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]); 685*bc4097aaSchristos if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) { 686*bc4097aaSchristosdiff -c -r ./tn-gw/tn-gw.c ../../NEW/fwtk/tn-gw/tn-gw.c 687*bc4097aaSchristos*** ./tn-gw/tn-gw.c Fri Sep 6 12:55:48 1996 688*bc4097aaSchristos--- ../../NEW/fwtk/tn-gw/tn-gw.c Wed Oct 9 02:50:17 1996 689*bc4097aaSchristos*************** 690*bc4097aaSchristos*** 87,92 **** 691*bc4097aaSchristos--- 87,94 ---- 692*bc4097aaSchristos static int cmd_xforward(); 693*bc4097aaSchristos static int cmd_timeout(); 694*bc4097aaSchristos 695*bc4097aaSchristos+ char *getdsthost(); 696*bc4097aaSchristos+ 697*bc4097aaSchristos static int tn3270 = 1; /* don't do tn3270 stuff */ 698*bc4097aaSchristos static int doX; 699*bc4097aaSchristos 700*bc4097aaSchristos*************** 701*bc4097aaSchristos*** 97,102 **** 702*bc4097aaSchristos--- 99,106 ---- 703*bc4097aaSchristos static int timeout = PROXY_TIMEOUT; 704*bc4097aaSchristos static char timed_out_msg[] = "\r\nConnection closed due to inactivity"; 705*bc4097aaSchristos 706*bc4097aaSchristos+ int do_transparent=0; 707*bc4097aaSchristos+ 708*bc4097aaSchristos typedef struct { 709*bc4097aaSchristos char *name; 710*bc4097aaSchristos char *hmsg; 711*bc4097aaSchristos*************** 712*bc4097aaSchristos*** 140,145 **** 713*bc4097aaSchristos--- 144,151 ---- 714*bc4097aaSchristos char tokbuf[BSIZ]; 715*bc4097aaSchristos char *tokav[56]; 716*bc4097aaSchristos int tokac; 717*bc4097aaSchristos+ int port; 718*bc4097aaSchristos+ char *psychic; 719*bc4097aaSchristos 720*bc4097aaSchristos #ifndef LOG_DAEMON 721*bc4097aaSchristos openlog("tn-gw",LOG_PID); 722*bc4097aaSchristos*************** 723*bc4097aaSchristos*** 308,313 **** 724*bc4097aaSchristos--- 314,346 ---- 725*bc4097aaSchristos } 726*bc4097aaSchristos } 727*bc4097aaSchristos 728*bc4097aaSchristos+ psychic=getdsthost(0,&port); 729*bc4097aaSchristos+ if(psychic) { 730*bc4097aaSchristos+ if((strlen(psychic) + 10) < 510) { 731*bc4097aaSchristos+ do_transparent++; 732*bc4097aaSchristos+ if(port) 733*bc4097aaSchristos+ sprintf(dest,"%s:%d",psychic,port); 734*bc4097aaSchristos+ else 735*bc4097aaSchristos+ sprintf(dest,"%s",psychic); 736*bc4097aaSchristos+ 737*bc4097aaSchristos+ 738*bc4097aaSchristos+ if(!welcomedone) 739*bc4097aaSchristos+ if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { 740*bc4097aaSchristos+ if(cf->argc != 1) { 741*bc4097aaSchristos+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); 742*bc4097aaSchristos+ exit(1); 743*bc4097aaSchristos+ } 744*bc4097aaSchristos+ if(sayfile(0,cf->argv[0])) { 745*bc4097aaSchristos+ syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]); 746*bc4097aaSchristos+ exit(1); 747*bc4097aaSchristos+ } 748*bc4097aaSchristos+ welcomedone = 1; 749*bc4097aaSchristos+ } 750*bc4097aaSchristos+ 751*bc4097aaSchristos+ 752*bc4097aaSchristos+ } 753*bc4097aaSchristos+ } 754*bc4097aaSchristos+ 755*bc4097aaSchristos while (argc > 1) { 756*bc4097aaSchristos argc--; 757*bc4097aaSchristos argv++; 758*bc4097aaSchristos*************** 759*bc4097aaSchristos*** 864,877 **** 760*bc4097aaSchristos } 761*bc4097aaSchristos } 762*bc4097aaSchristos 763*bc4097aaSchristos- 764*bc4097aaSchristos if((namp = maphostname(av[1])) != (char *)0) { 765*bc4097aaSchristos char ebuf[512]; 766*bc4097aaSchristos 767*bc4097aaSchristos syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); 768*bc4097aaSchristos! sprintf(ebuf,"Trying %s port %d...",namp,port); 769*bc4097aaSchristos! if(say(0,ebuf)) 770*bc4097aaSchristos! return(1); 771*bc4097aaSchristos } else 772*bc4097aaSchristos syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); 773*bc4097aaSchristos 774*bc4097aaSchristos--- 897,911 ---- 775*bc4097aaSchristos } 776*bc4097aaSchristos } 777*bc4097aaSchristos 778*bc4097aaSchristos if((namp = maphostname(av[1])) != (char *)0) { 779*bc4097aaSchristos char ebuf[512]; 780*bc4097aaSchristos 781*bc4097aaSchristos syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); 782*bc4097aaSchristos! if(!do_transparent) { 783*bc4097aaSchristos! sprintf(ebuf,"Trying %s port %d...",namp,port); 784*bc4097aaSchristos! if(say(0,ebuf)) 785*bc4097aaSchristos! return(1); 786*bc4097aaSchristos! } 787*bc4097aaSchristos } else 788*bc4097aaSchristos syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); 789*bc4097aaSchristos 790*bc4097aaSchristos*************** 791*bc4097aaSchristos*** 903,910 **** 792*bc4097aaSchristos 793*bc4097aaSchristos syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); 794*bc4097aaSchristos strncpy(dest,av[1], 511); 795*bc4097aaSchristos! sprintf(buf, "Connected to %s.", dest); 796*bc4097aaSchristos! say(0, buf); 797*bc4097aaSchristos return(2); 798*bc4097aaSchristos } 799*bc4097aaSchristos 800*bc4097aaSchristos--- 937,946 ---- 801*bc4097aaSchristos 802*bc4097aaSchristos syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); 803*bc4097aaSchristos strncpy(dest,av[1], 511); 804*bc4097aaSchristos! if(!do_transparent) { 805*bc4097aaSchristos! sprintf(buf, "Connected to %s.", dest); 806*bc4097aaSchristos! say(0, buf); 807*bc4097aaSchristos! } 808*bc4097aaSchristos return(2); 809*bc4097aaSchristos } 810*bc4097aaSchristos 811*bc4097aaSchristos 812*bc4097aaSchristos 813