ftp-proxy: Update to OpenBSD 4.1 pf_update_clean
authorJan Lentfer <Jan.Lentfer@web.de>
Sun, 8 Aug 2010 16:47:04 +0000 (18:47 +0200)
committerJan Lentfer <Jan.Lentfer@web.de>
Sun, 8 Aug 2010 19:50:06 +0000 (21:50 +0200)
ftp-proxy has been moved from libexec/ to usr.sbin/

14 files changed:
libexec/Makefile
libexec/ftp-proxy/Makefile [deleted file]
libexec/ftp-proxy/ftp-proxy.8 [deleted file]
libexec/ftp-proxy/ftp-proxy.c [deleted file]
libexec/ftp-proxy/getline.c [deleted file]
libexec/ftp-proxy/util.c [deleted file]
libexec/ftp-proxy/util.h [deleted file]
usr.sbin/Makefile
usr.sbin/ftp-proxy/.depend [new file with mode: 0644]
usr.sbin/ftp-proxy/Makefile [new file with mode: 0644]
usr.sbin/ftp-proxy/filter.c [new file with mode: 0644]
usr.sbin/ftp-proxy/filter.h [new file with mode: 0644]
usr.sbin/ftp-proxy/ftp-proxy.8 [new file with mode: 0644]
usr.sbin/ftp-proxy/ftp-proxy.c [new file with mode: 0644]

index f80668a..9c51627 100644 (file)
@@ -10,7 +10,6 @@ SUBDIR=       atrun \
        dma \
        fingerd \
        ftpd \
-       ftp-proxy \
        getty \
        makekey \
        makewhatis.local \
diff --git a/libexec/ftp-proxy/Makefile b/libexec/ftp-proxy/Makefile
deleted file mode 100644 (file)
index efcaa67..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-#      $OpenBSD: Makefile,v 1.4 2003/11/20 23:23:09 avsm Exp $
-#      @(#)Makefile    8.2 (Berkeley) 4/4/94
-#      $DragonFly: src/libexec/ftp-proxy/Makefile,v 1.1 2004/09/21 21:25:28 joerg Exp $
-
-PROG=  ftp-proxy
-SRCS=  ftp-proxy.c getline.c util.c
-MAN=   ftp-proxy.8
-WARNS?=        6
-
-CFLAGS+= -DLIBWRAP
-LDADD+=        -lwrap
-DPADD+=        ${LIBWRAP}
-
-.include <bsd.prog.mk>
diff --git a/libexec/ftp-proxy/ftp-proxy.8 b/libexec/ftp-proxy/ftp-proxy.8
deleted file mode 100644 (file)
index 52fed26..0000000
+++ /dev/null
@@ -1,293 +0,0 @@
-.\"    $OpenBSD: ftp-proxy.8,v 1.41 2004/07/06 19:49:11 dhartmei Exp $
-.\"    $DragonFly: src/libexec/ftp-proxy/ftp-proxy.8,v 1.5 2007/07/29 17:27:45 swildner Exp $
-.\"
-.\" Copyright (c) 1996-2001
-.\"    Obtuse Systems Corporation, All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY OBTUSE SYSTEMS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL OBTUSE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.Dd August 17, 2001
-.Dt FTP-PROXY 8
-.Os
-.Sh NAME
-.Nm ftp-proxy
-.Nd Internet File Transfer Protocol proxy server
-.Sh SYNOPSIS
-.Nm
-.Bk -words
-.Op Fl AnrVw
-.Op Fl a Ar address
-.Op Fl D Ar debuglevel
-.Op Fl g Ar group
-.Op Fl M Ar maxport
-.Op Fl m Ar minport
-.Op Fl R Ar address[:port]
-.Op Fl S Ar address
-.Op Fl t Ar timeout
-.Op Fl u Ar user
-.Ek
-.Sh DESCRIPTION
-.Nm
-is a proxy for the Internet File Transfer Protocol.
-The proxy uses
-.Xr pf 4
-and expects to have the FTP control connection as described in
-.Xr services 5
-redirected to it via a
-.Xr pf 4
-.Em rdr
-command.
-An example of how to do that is further down in this document.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl A
-Permit only anonymous FTP connections.
-The proxy will allow connections to log in to other sites as the user
-.Qq ftp
-or
-.Qq anonymous
-only.
-Any attempt to log in as another user will be blocked by the proxy.
-.It Fl a Ar address
-Specify the local IP address to use in
-.Xr bind 2
-as the source for connections made by
-.Nm
-when connecting to destination FTP servers.
-This may be necessary if the interface address of
-your default route is not reachable from the destinations
-.Nm
-is attempting connections to, or this address is different from the one
-connections are being NATed to.
-In the usual case this means that
-.Ar address
-should be a publicly visible IP address assigned to one of
-the interfaces on the machine running
-.Nm
-and should be the same address to which you are translating traffic
-if you are using the
-.Fl n
-option.
-.It Fl D Ar debuglevel
-Specify a debug level, where the proxy emits verbose debug output
-into
-.Xr syslogd 8
-at level
-.Dv LOG_DEBUG .
-Meaningful values of debuglevel are 0-3, where 0 is no debug output and
-3 is lots of debug output, the default being 0.
-.It Fl g Ar group
-Specify the named group to drop group privileges to, after doing
-.Xr pf 4
-lookups which require root.
-By default,
-.Nm
-uses the default group of the user it drops privilege to.
-.It Fl M Ar maxport
-Specify the upper end of the port range the proxy will use for the
-data connections it establishes.
-The default is
-.Dv IPPORT_HILASTAUTO
-defined in
-.In netinet/in.h
-as 65535.
-.It Fl m Ar minport
-Specify the lower end of the port range the proxy will use for all
-data connections it establishes.
-The default is
-.Dv IPPORT_HIFIRSTAUTO
-defined in
-.In netinet/in.h
-as 49152.
-.It Fl n
-Activate network address translation
-.Pq NAT
-mode.
-In this mode, the proxy will not attempt to proxy passive mode
-.Pq PASV or EPSV
-data connections.
-In order for this to work, the machine running the proxy will need to
-be forwarding packets and doing network address translation to allow
-the outbound passive connections from the client to reach the server.
-See
-.Xr pf.conf 5
-for more details on NAT.
-The proxy only ignores passive mode data connections when using this flag;
-it will still proxy PORT and EPRT mode data connections.
-Without this flag,
-.Nm
-does not require any IP forwarding or NAT beyond the
-.Em rdr
-necessary to capture the FTP control connection.
-.It Fl R Ar address:[port]
-Reverse proxy mode for FTP servers running behind a NAT gateway.
-In this mode, no redirection is needed.
-The proxy is run from
-.Xr inetd 8
-on the port that external clients connect to (usually 21).
-Control connections and passive data connections are forwarded
-to the server.
-.It Fl r
-Use reverse host
-.Pq reverse DNS
-lookups for logging and libwrap use.
-By default,
-the proxy does not look up hostnames for libwrap or logging purposes.
-.It Fl S Ar address
-Source address to use for data connections made by the proxy.
-Useful when there are multiple addresses (aliases) available
-to the proxy.
-Clients may expect data connections to have the same source
-address as the control connections, and reject or drop other
-connections.
-.It Fl t Ar timeout
-Specifies a timeout, in seconds.
-The proxy will exit and close open connections if it sees no data
-for the duration of the timeout.
-The default is 0, which means the proxy will not time out.
-.It Fl u Ar user
-Specify the named user to drop privilege to, after doing
-.Xr pf 4
-lookups which require root privilege.
-By default,
-.Nm
-drops privilege to the user
-.Em proxy .
-.Pp
-Running as root means that the source of data connections the proxy makes
-for PORT and EPRT will be the RFC mandated port 20.
-When running as a non-root user, the source of the data connections from
-.Nm
-will be chosen randomly from the range
-.Ar minport
-to
-.Ar maxport
-as described above.
-.It Fl V
-Be verbose.
-With this option the proxy logs the control commands
-sent by clients and the replies sent by the servers to
-.Xr syslogd 8 .
-.It Fl w
-Use the tcp wrapper access control library
-.Xr hosts_access 3 ,
-allowing connections to be allowed or denied based on the tcp wrapper's
-.Pa /etc/hosts.allow
-and
-.Pa /etc/hosts.deny
-files.
-The proxy does libwrap operations after determining the destination
-of the captured control connection, so that tcp wrapper rules may
-be written based on the destination as well as the source of FTP connections.
-.El
-.Pp
-.Nm
-is run from
-.Xr inetd 8
-and requires that FTP connections are redirected to it using a
-.Em rdr
-rule.
-A typical way to do this would be to use a
-.Xr pf.conf 5
-rule such as
-.Bd -literal -offset 2n
-int_if = \&"xl0\&"
-rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
-.Ed
-.Pp
-.Xr inetd 8
-must then be configured to run
-.Nm
-on the port from above using
-.Bd -literal -offset 2n
-127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy
-.Ed
-.Pp
-in
-.Xr inetd.conf 5 .
-.Pp
-.Nm
-accepts the redirected control connections and forwards them
-to the server.
-The proxy replaces the address and port number that the client
-sends through the control connection to the server with its own
-address and proxy port, where it listens for the data connection.
-When the server opens the data connection back to this port, the
-proxy forwards it to the client.
-The
-.Xr pf.conf 5
-rules need to let pass connections to these proxy ports
-(see options
-.Fl u , m ,
-and
-.Fl M
-above) in on the external interface.
-The following example allows only ports 49152 to 65535 to pass in
-statefully:
-.Bd -literal -offset indent
-block in on $ext_if proto tcp all
-pass  in on $ext_if inet proto tcp from any to $ext_if \e
-    port > 49151 keep state
-.Ed
-.Pp
-Alternatively, rules can make use of the fact that by default,
-.Nm
-runs as user
-.Qq proxy
-to allow the backchannel connections, as in the following example:
-.Bd -literal -offset indent
-block in on $ext_if proto tcp all
-pass  in on $ext_if inet proto tcp from any to $ext_if \e
-    user proxy keep state
-.Ed
-.Pp
-These examples do not cover the connections from the proxy to the
-foreign FTP server.
-If one does not pass outgoing connections by default additional rules
-are needed.
-.Sh SEE ALSO
-.Xr ftp 1 ,
-.Xr pf 4 ,
-.Xr hosts_access 5 ,
-.Xr inetd.conf 5 ,
-.Xr pf.conf 5 ,
-.Xr inetd 8 ,
-.Xr pfctl 8 ,
-.Xr syslogd 8
-.Sh BUGS
-Extended Passive mode
-.Pq EPSV
-is not supported by the proxy and will not work unless the proxy is run
-in network address translation mode.
-When not in network address translation mode, the proxy returns an error
-to the client, hopefully forcing the client to revert to passive mode
-.Pq PASV
-which is supported.
-EPSV will work in network address translation mode, assuming a
-.Xr pf.conf 5
-setup which allows the EPSV connections through to their destinations.
-.Pp
-IPv6 is not yet supported.
diff --git a/libexec/ftp-proxy/ftp-proxy.c b/libexec/ftp-proxy/ftp-proxy.c
deleted file mode 100644 (file)
index 0cb15c2..0000000
+++ /dev/null
@@ -1,1373 +0,0 @@
-/*     $OpenBSD: ftp-proxy.c,v 1.38 2004/11/19 00:47:23 jmc Exp $ */
-/*     $DragonFly: src/libexec/ftp-proxy/ftp-proxy.c,v 1.3 2007/05/18 17:05:10 dillon Exp $ */
-
-/*
- * Copyright (c) 1996-2001
- *     Obtuse Systems Corporation.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the Obtuse Systems nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY OBTUSE SYSTEMS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL OBTUSE SYSTEMS CORPORATION OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-/*
- * ftp proxy, Originally based on juniper_ftp_proxy from the Obtuse
- * Systems juniper firewall, written by Dan Boulet <danny@obtuse.com>
- * and Bob Beck <beck@obtuse.com>
- *
- * This version basically passes everything through unchanged except
- * for the PORT and the * "227 Entering Passive Mode" reply.
- *
- * A PORT command is handled by noting the IP address and port number
- * specified and then configuring a listen port on some very high port
- * number and telling the server about it using a PORT message.
- * We then watch for an in-bound connection on the port from the server
- * and connect to the client's port when it happens.
- *
- * A "227 Entering Passive Mode" reply is handled by noting the IP address
- * and port number specified and then configuring a listen port on some
- * very high port number and telling the client about it using a
- * "227 Entering Passive Mode" reply.
- * We then watch for an in-bound connection on the port from the client
- * and connect to the server's port when it happens.
- *
- * supports tcp wrapper lookups/access control with the -w flag using
- * the real destination address - the tcp wrapper stuff is done after
- * the real destination address is retrieved from pf
- *
- */
-
-/*
- * TODO:
- * Plenty, this is very basic, with the idea to get it in clean first.
- *
- * - IPv6 and EPASV support
- * - Content filter support
- * - filename filter support
- * - per-user rules perhaps.
- */
-
-#include <sys/param.h>
-#include <sys/time.h>
-#include <sys/socket.h>
-
-#include <net/if.h>
-#include <netinet/in.h>
-
-#include <arpa/inet.h>
-
-#include <ctype.h>
-#include <errno.h>
-#include <grp.h>
-#include <netdb.h>
-#include <pwd.h>
-#include <signal.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sysexits.h>
-#include <syslog.h>
-#include <unistd.h>
-
-#include "util.h"
-
-#ifdef LIBWRAP
-#include <tcpd.h>
-int allow_severity = LOG_INFO;
-int deny_severity = LOG_NOTICE;
-#endif /* LIBWRAP */
-
-int min_port = IPPORT_HIFIRSTAUTO;
-int max_port = IPPORT_HILASTAUTO;
-
-#define STARTBUFSIZE  1024     /* Must be at least 3 */
-
-/*
- * Variables used to support PORT mode connections.
- *
- * This gets a bit complicated.
- *
- * If PORT mode is on then client_listen_sa describes the socket that
- * the real client is listening on and server_listen_sa describes the
- * socket that we are listening on (waiting for the real server to connect
- * with us).
- *
- * If PASV mode is on then client_listen_sa describes the socket that
- * we are listening on (waiting for the real client to connect to us on)
- * and server_listen_sa describes the socket that the real server is
- * listening on.
- *
- * If the socket we are listening on gets a connection then we connect
- * to the other side's socket.  Similarly, if a connected socket is
- * shutdown then we shutdown the other side's socket.
- */
-
-double xfer_start_time;
-
-struct sockaddr_in real_server_sa;
-struct sockaddr_in client_listen_sa;
-struct sockaddr_in server_listen_sa;
-struct sockaddr_in proxy_sa;
-struct in_addr src_addr;
-
-int client_listen_socket = -1; /* Only used in PASV mode */
-int client_data_socket = -1;   /* Connected socket to real client */
-int server_listen_socket = -1; /* Only used in PORT mode */
-int server_data_socket = -1;   /* Connected socket to real server */
-int client_data_bytes, server_data_bytes;
-
-int AnonFtpOnly;
-int Verbose;
-int NatMode;
-int ReverseMode;
-
-char ClientName[NI_MAXHOST];
-char RealServerName[NI_MAXHOST];
-char OurName[NI_MAXHOST];
-
-const char *User = "proxy";
-const char *Group;
-
-extern int Debug_Level;
-extern int Use_Rdns;
-extern in_addr_t Bind_Addr;
-extern char *__progname;
-
-typedef enum {
-       UNKNOWN_MODE,
-       PORT_MODE,
-       PASV_MODE,
-       EPRT_MODE,
-       EPSV_MODE
-} connection_mode_t;
-
-connection_mode_t connection_mode;
-
-extern void    debuglog(int debug_level, const char *fmt, ...);
-double         wallclock_time(void);
-void           show_xfer_stats(void);
-void           log_control_command (char *cmd, int client);
-int            new_dataconn(int server);
-void           do_client_cmd(struct csiob *client, struct csiob *server);
-void           do_server_reply(struct csiob *server, struct csiob *client);
-static void
-usage(void)
-{
-       syslog(LOG_NOTICE,
-           "usage: %s [-AnrVw] [-a address] [-D debuglevel] [-g group]"
-           " [-M maxport] [-m minport] [-R address[:port]] [-S address]"
-           " [-t timeout] [-u user]", __progname);
-       exit(EX_USAGE);
-}
-
-static void
-close_client_data(void)
-{
-       if (client_data_socket >= 0) {
-               shutdown(client_data_socket, SHUT_RDWR);
-               close(client_data_socket);
-               client_data_socket = -1;
-       }
-}
-
-static void
-close_server_data(void)
-{
-       if (server_data_socket >= 0)  {
-               shutdown(server_data_socket, SHUT_RDWR);
-               close(server_data_socket);
-               server_data_socket = -1;
-       }
-}
-
-static void
-drop_privs(void)
-{
-       struct passwd *pw;
-       struct group *gr;
-       uid_t uid = 0;
-       gid_t gid = 0;
-
-       if (User != NULL) {
-               pw = getpwnam(User);
-               if (pw == NULL) {
-                       syslog(LOG_ERR, "cannot find user %s", User);
-                       exit(EX_USAGE);
-               }
-               uid = pw->pw_uid;
-               gid = pw->pw_gid;
-       }
-
-       if (Group != NULL) {
-               gr = getgrnam(Group);
-               if (gr == NULL) {
-                       syslog(LOG_ERR, "cannot find group %s", Group);
-                       exit(EX_USAGE);
-               }
-               gid = gr->gr_gid;
-       }
-
-       if (gid != 0 && (setegid(gid) == -1 || setgid(gid) == -1)) {
-               syslog(LOG_ERR, "cannot drop group privs (%m)");
-               exit(EX_CONFIG);
-       }
-
-       if (uid != 0 && (seteuid(uid) == -1 || setuid(uid) == -1)) {
-               syslog(LOG_ERR, "cannot drop root privs (%m)");
-               exit(EX_CONFIG);
-       }
-}
-
-#ifdef LIBWRAP
-/*
- * Check a connection against the tcpwrapper, log if we're going to
- * reject it, returns: 0 -> reject, 1 -> accept. We add in hostnames
- * if we are set to do reverse DNS, otherwise no.
- */
-static int
-check_host(struct sockaddr_in *client_sin, struct sockaddr_in *server_sin)
-{
-       char cname[NI_MAXHOST];
-       char sname[NI_MAXHOST];
-       struct request_info request;
-       int i;
-
-       request_init(&request, RQ_DAEMON, __progname, RQ_CLIENT_SIN,
-           client_sin, RQ_SERVER_SIN, server_sin, RQ_CLIENT_ADDR,
-           inet_ntoa(client_sin->sin_addr), 0);
-
-       if (Use_Rdns)  {
-               /*
-                * We already looked these up, but we have to do it again
-                * for tcp wrapper, to ensure that we get the DNS name, since
-                * the tcp wrapper cares about these things, and we don't
-                * want to pass in a printed address as a name.
-                */
-               i = getnameinfo((struct sockaddr *) &client_sin->sin_addr,
-                   sizeof(&client_sin->sin_addr), cname, sizeof(cname),
-                   NULL, 0, NI_NAMEREQD);
-
-               if (i != 0 && i != EAI_NONAME && i != EAI_AGAIN)
-                       strlcpy(cname, STRING_UNKNOWN, sizeof(cname));
-
-               i = getnameinfo((struct sockaddr *)&server_sin->sin_addr,
-                   sizeof(&server_sin->sin_addr), sname, sizeof(sname),
-                   NULL, 0, NI_NAMEREQD);
-
-               if (i != 0 && i != EAI_NONAME && i != EAI_AGAIN)
-                       strlcpy(sname, STRING_UNKNOWN, sizeof(sname));
-       } else {
-               /*
-                * ensure the TCP wrapper doesn't start doing
-                * reverse DNS lookups if we aren't supposed to.
-                */
-               strlcpy(cname, STRING_UNKNOWN, sizeof(cname));
-               strlcpy(sname, STRING_UNKNOWN, sizeof(sname));
-       }
-
-       request_set(&request, RQ_SERVER_ADDR, inet_ntoa(server_sin->sin_addr),
-           0);
-       request_set(&request, RQ_CLIENT_NAME, cname, RQ_SERVER_NAME, sname, 0);
-
-       if (!hosts_access(&request)) {
-               syslog(LOG_NOTICE, "tcpwrappers rejected: %s -> %s",
-                   ClientName, RealServerName);
-               return(0);
-       }
-       return(1);
-}
-#endif /* LIBWRAP */
-
-double
-wallclock_time(void)
-{
-       struct timeval tv;
-
-       gettimeofday(&tv, NULL);
-       return(tv.tv_sec + tv.tv_usec / 1e6);
-}
-
-/*
- * Show the stats for this data transfer
- */
-void
-show_xfer_stats(void)
-{
-       char tbuf[1000];
-       double delta;
-       size_t len;
-       int i;
-
-       if (!Verbose)
-               return;
-
-       delta = wallclock_time() - xfer_start_time;
-
-       if (delta < 0.001)
-               delta = 0.001;
-
-       if (client_data_bytes == 0 && server_data_bytes == 0) {
-               syslog(LOG_INFO,
-                 "data transfer complete (no bytes transferred)");
-               return;
-       }
-
-       len = sizeof(tbuf);
-
-       if (delta >= 60) {
-               int idelta;
-
-               idelta = delta + 0.5;
-               if (idelta >= 60*60) {
-                       i = snprintf(tbuf, len,
-                           "data transfer complete (%dh %dm %ds",
-                           idelta / (60*60), (idelta % (60*60)) / 60,
-                           idelta % 60);
-                       if (i >= (int)len)
-                               goto logit;
-                       len -= i;
-               } else {
-                       i = snprintf(tbuf, len,
-                           "data transfer complete (%dm %ds", idelta / 60,
-                           idelta % 60);
-                       if (i >= (int)len)
-                               goto logit;
-                       len -= i;
-               }
-       } else {
-               i = snprintf(tbuf, len, "data transfer complete (%.1fs",
-                   delta);
-               if (i >= (int)len)
-                       goto logit;
-               len -= i;
-       }
-
-       if (client_data_bytes > 0) {
-               i = snprintf(&tbuf[strlen(tbuf)], len,
-                   ", %d bytes to server) (%.1fKB/s", client_data_bytes,
-                   (client_data_bytes / delta) / (double)1024);
-               if (i >= (int)len)
-                       goto logit;
-               len -= i;
-       }
-       if (server_data_bytes > 0) {
-               i = snprintf(&tbuf[strlen(tbuf)], len,
-                   ", %d bytes to client) (%.1fKB/s", server_data_bytes,
-                   (server_data_bytes / delta) / (double)1024);
-               if (i >= (int)len)
-                       goto logit;
-               len -= i;
-       }
-       strlcat(tbuf, ")", sizeof(tbuf));
- logit:
-       syslog(LOG_INFO, "%s", tbuf);
-}
-
-void
-log_control_command (char *cmd, int client)
-{
-       /* log an ftp control command or reply */
-       const char *logstring;
-       int level = LOG_DEBUG;
-
-       if (!Verbose)
-               return;
-
-       /* don't log passwords */
-       if (strncasecmp(cmd, "pass ", 5) == 0)
-               logstring = "PASS XXXX";
-       else
-               logstring = cmd;
-       if (client) {
-               /* log interesting stuff at LOG_INFO, rest at LOG_DEBUG */
-               if ((strncasecmp(cmd, "user ", 5) == 0) ||
-                   (strncasecmp(cmd, "retr ", 5) == 0) ||
-                   (strncasecmp(cmd, "cwd ", 4) == 0) ||
-                   (strncasecmp(cmd, "stor " ,5) == 0))
-                       level = LOG_INFO;
-       }
-       syslog(level, "%s %s", client ? "client:" : " server:",
-           logstring);
-}
-
-/*
- * set ourselves up for a new data connection. Direction is toward client if
- * "server" is 0, towards server otherwise.
- */
-int
-new_dataconn(int server)
-{
-       /*
-        * Close existing data conn.
-        */
-
-       if (client_listen_socket != -1) {
-               close(client_listen_socket);
-               client_listen_socket = -1;
-       }
-       close_client_data();
-
-       if (server_listen_socket != -1) {
-               close(server_listen_socket);
-               server_listen_socket = -1;
-       }
-       close_server_data();
-
-       if (server) {
-               bzero(&server_listen_sa, sizeof(server_listen_sa));
-               server_listen_socket = get_backchannel_socket(SOCK_STREAM,
-                   min_port, max_port, -1, 1, &server_listen_sa);
-
-               if (server_listen_socket == -1) {
-                       syslog(LOG_INFO, "server socket bind() failed (%m)");
-                       exit(EX_OSERR);
-               }
-               if (listen(server_listen_socket, 5) != 0) {
-                       syslog(LOG_INFO, "server socket listen() failed (%m)");
-                       exit(EX_OSERR);
-               }
-       } else {
-               bzero(&client_listen_sa, sizeof(client_listen_sa));
-               client_listen_socket = get_backchannel_socket(SOCK_STREAM,
-                   min_port, max_port, -1, 1, &client_listen_sa);
-
-               if (client_listen_socket == -1) {
-                       syslog(LOG_NOTICE,
-                           "cannot get client listen socket (%m)");
-                       exit(EX_OSERR);
-               }
-               if (listen(client_listen_socket, 5) != 0) {
-                       syslog(LOG_NOTICE,
-                           "cannot listen on client socket (%m)");
-                       exit(EX_OSERR);
-               }
-       }
-       return(0);
-}
-
-static void
-connect_pasv_backchannel(void)
-{
-       struct sockaddr_in listen_sa;
-       socklen_t salen;
-
-       /*
-        * We are about to accept a connection from the client.
-        * This is a PASV data connection.
-        */
-       debuglog(2, "client listen socket ready");
-
-       close_server_data();
-       close_client_data();
-
-       salen = sizeof(listen_sa);
-       client_data_socket = accept(client_listen_socket,
-           (struct sockaddr *)&listen_sa, &salen);
-
-       if (client_data_socket < 0) {
-               syslog(LOG_NOTICE, "accept() failed (%m)");
-               exit(EX_OSERR);
-       }
-       close(client_listen_socket);
-       client_listen_socket = -1;
-       memset(&listen_sa, 0, sizeof(listen_sa));
-
-       server_data_socket = get_backchannel_socket(SOCK_STREAM, min_port,
-           max_port, -1, 1, &listen_sa);
-       if (server_data_socket < 0) {
-               syslog(LOG_NOTICE, "get_backchannel_socket() failed (%m)");
-               exit(EX_OSERR);
-       }
-       if (connect(server_data_socket, (struct sockaddr *) &server_listen_sa,
-           sizeof(server_listen_sa)) != 0) {
-               syslog(LOG_NOTICE, "connect() failed (%m)");
-               exit(EX_NOHOST);
-       }
-       client_data_bytes = 0;
-       server_data_bytes = 0;
-       xfer_start_time = wallclock_time();
-}
-
-static void
-connect_port_backchannel(void)
-{
-       struct sockaddr_in listen_sa;
-       socklen_t salen;
-
-       /*
-        * We are about to accept a connection from the server.
-        * This is a PORT or EPRT data connection.
-        */
-       debuglog(2, "server listen socket ready");
-
-       close_server_data();
-       close_client_data();
-
-       salen = sizeof(listen_sa);
-       server_data_socket = accept(server_listen_socket,
-           (struct sockaddr *)&listen_sa, &salen);
-       if (server_data_socket < 0) {
-               syslog(LOG_NOTICE, "accept() failed (%m)");
-               exit(EX_OSERR);
-       }
-       close(server_listen_socket);
-       server_listen_socket = -1;
-
-       if (getuid() != 0)  {
-               /*
-                * We're not running as root, so we get a backchannel
-                * socket bound in our designated range, instead of
-                * getting one bound to port 20 - This is deliberately
-                * not RFC compliant.
-                */
-               bcopy(&src_addr, &listen_sa.sin_addr, sizeof(struct in_addr));
-               client_data_socket =  get_backchannel_socket(SOCK_STREAM,
-                   min_port, max_port, -1, 1, &listen_sa);
-               if (client_data_socket < 0) {
-                       syslog(LOG_NOTICE,  "get_backchannel_socket() failed (%m)");
-                       exit(EX_OSERR);
-               }
-
-       } else {
-
-               /*
-                * We're root, get our backchannel socket bound to port
-                * 20 here, so we're fully RFC compliant.
-                */
-               client_data_socket = socket(AF_INET, SOCK_STREAM, 0);
-
-               salen = 1;
-               listen_sa.sin_family = AF_INET;
-               bcopy(&src_addr, &listen_sa.sin_addr, sizeof(struct in_addr));
-               listen_sa.sin_port = htons(20);
-
-               if (setsockopt(client_data_socket, SOL_SOCKET, SO_REUSEADDR,
-                   &salen, sizeof(salen)) == -1) {
-                       syslog(LOG_NOTICE, "setsockopt() failed (%m)");
-                       exit(EX_OSERR);
-               }
-
-               if (bind(client_data_socket, (struct sockaddr *)&listen_sa,
-                   sizeof(listen_sa)) == - 1) {
-                       syslog(LOG_NOTICE, "data channel bind() failed (%m)");
-                       exit(EX_OSERR);
-               }
-       }
-
-       if (connect(client_data_socket, (struct sockaddr *) &client_listen_sa,
-           sizeof(client_listen_sa)) != 0) {
-               syslog(LOG_INFO, "cannot connect data channel (%m)");
-               exit(EX_NOHOST);
-       }
-
-       client_data_bytes = 0;
-       server_data_bytes = 0;
-       xfer_start_time = wallclock_time();
-}
-
-void
-do_client_cmd(struct csiob *client, struct csiob *server)
-{
-       int i, j, rv;
-       char tbuf[100];
-       char *sendbuf = NULL;
-
-       log_control_command((char *)client->line_buffer, 1);
-
-       /* client->line_buffer is an ftp control command.
-        * There is no reason for these to be very long.
-        * In the interest of limiting buffer overrun attempts,
-        * we catch them here.
-        */
-       if (strlen((char *)client->line_buffer) > 512) {
-               syslog(LOG_NOTICE, "excessively long control command");
-               exit(EX_DATAERR);
-       }
-
-       /*
-        * Check the client user provided if needed
-        */
-       if (AnonFtpOnly && strncasecmp((char *)client->line_buffer, "user ",
-           strlen("user ")) == 0) {
-               char *cp;
-
-               cp = (char *) client->line_buffer + strlen("user ");
-               if ((strcasecmp(cp, "ftp\r\n") != 0) &&
-                   (strcasecmp(cp, "anonymous\r\n") != 0)) {
-                       /*
-                        * this isn't anonymous - give the client an
-                        * error before they send a password
-                        */
-                       snprintf(tbuf, sizeof(tbuf),
-                           "500 Only anonymous FTP is allowed\r\n");
-                       j = 0;
-                       i = strlen(tbuf);
-                       do {
-                               rv = send(client->fd, tbuf + j, i - j, 0);
-                               if (rv == -1 && errno != EAGAIN &&
-                                   errno != EINTR)
-                                       break;
-                               else if (rv != -1)
-                                       j += rv;
-                       } while (j >= 0 && j < i);
-                       sendbuf = NULL;
-               } else
-                       sendbuf = (char *)client->line_buffer;
-       } else if ((strncasecmp((char *)client->line_buffer, "eprt ",
-           strlen("eprt ")) == 0)) {
-
-               /* Watch out for EPRT commands */
-               char *line = NULL,  *q, *p, *result[3], delim;
-               struct addrinfo hints, *res = NULL;
-               unsigned long proto;
-
-               j = 0;
-               line = strdup((char *)client->line_buffer+strlen("eprt "));
-               if (line == NULL) {
-                       syslog(LOG_ERR, "insufficient memory");
-                       exit(EX_UNAVAILABLE);
-               }
-               p = line;
-               delim = p[0];
-               p++;
-
-               memset(result,0, sizeof(result));
-               for (i = 0; i < 3; i++) {
-                       q = strchr(p, delim);
-                       if (!q || *q != delim)
-                               goto parsefail;
-                       *q++ = '\0';
-                       result[i] = p;
-                       p = q;
-               }
-
-               proto = strtoul(result[0], &p, 10);
-               if (!*result[0] || *p)
-                       goto protounsupp;
-
-               memset(&hints, 0, sizeof(hints));
-               if (proto != 1) /* 1 == AF_INET - all we support for now */
-                       goto protounsupp;
-               hints.ai_family = AF_INET;
-               hints.ai_socktype = SOCK_STREAM;
-               hints.ai_flags = AI_NUMERICHOST;        /*no DNS*/
-               if (getaddrinfo(result[1], result[2], &hints, &res))
-                       goto parsefail;
-               if (res->ai_next)
-                       goto parsefail;
-               if (sizeof(client_listen_sa) < res->ai_addrlen)
-                       goto parsefail;
-               memcpy(&client_listen_sa, res->ai_addr, res->ai_addrlen);
-
-               debuglog(1, "client wants us to use %s:%u",
-                   inet_ntoa(client_listen_sa.sin_addr),
-                   htons(client_listen_sa.sin_port));
-
-               /*
-                * Configure our own listen socket and tell the server about it
-                */
-               new_dataconn(1);
-               connection_mode = EPRT_MODE;
-
-               debuglog(1, "we want server to use %s:%u",
-                   inet_ntoa(server->sa.sin_addr),
-                   ntohs(server_listen_sa.sin_port));
-
-               snprintf(tbuf, sizeof(tbuf), "EPRT |%d|%s|%u|\r\n", 1,
-                   inet_ntoa(server->sa.sin_addr),
-                   ntohs(server_listen_sa.sin_port));
-               debuglog(1, "to server (modified): %s", tbuf);
-               sendbuf = tbuf;
-               goto out;
-parsefail:
-               snprintf(tbuf, sizeof(tbuf),
-                   "500 Invalid argument; rejected\r\n");
-               sendbuf = NULL;
-               goto out;
-protounsupp:
-               /* we only support AF_INET for now */
-               if (proto == 2)
-                       snprintf(tbuf, sizeof(tbuf),
-                           "522 Protocol not supported, use (1)\r\n");
-               else
-                       snprintf(tbuf, sizeof(tbuf),
-                           "501 Protocol not supported\r\n");
-               sendbuf = NULL;
-out:
-               if (line)
-                       free(line);
-               if (res)
-                       freeaddrinfo(res);
-               if (sendbuf == NULL) {
-                       debuglog(1, "to client (modified): %s", tbuf);
-                       i = strlen(tbuf);
-                       do {
-                               rv = send(client->fd, tbuf + j, i - j, 0);
-                               if (rv == -1 && errno != EAGAIN &&
-                                   errno != EINTR)
-                                       break;
-                               else if (rv != -1)
-                                       j += rv;
-                       } while (j >= 0 && j < i);
-               }
-       } else if (!NatMode && (strncasecmp((char *)client->line_buffer,
-           "epsv", strlen("epsv")) == 0)) {
-
-               /*
-                * If we aren't in NAT mode, deal with EPSV.
-                * EPSV is a problem - Unlike PASV, the reply from the
-                * server contains *only* a port, we can't modify the reply
-                * to the client and get the client to connect to us without
-                * resorting to using a dynamic rdr rule we have to add in
-                * for the reply to this connection, and take away afterwards.
-                * so this will wait until we have the right solution for rule
-                * additions/deletions in pf.
-                *
-                * in the meantime we just tell the client we don't do it,
-                * and most clients should fall back to using PASV.
-                */
-
-               snprintf(tbuf, sizeof(tbuf),
-                   "500 EPSV command not understood\r\n");
-               debuglog(1, "to client (modified): %s", tbuf);
-               j = 0;
-               i = strlen(tbuf);
-               do {
-                       rv = send(client->fd, tbuf + j, i - j, 0);
-                       if (rv == -1 && errno != EAGAIN && errno != EINTR)
-                               break;
-                       else if (rv != -1)
-                               j += rv;
-               } while (j >= 0 && j < i);
-               sendbuf = NULL;
-       } else if (strncasecmp((char *)client->line_buffer, "port ",
-           strlen("port ")) == 0) {
-               unsigned int values[6];
-               char *tailptr;
-
-               debuglog(1, "Got a PORT command");
-
-               tailptr = (char *)&client->line_buffer[strlen("port ")];
-               values[0] = 0;
-
-               i = sscanf(tailptr, "%u,%u,%u,%u,%u,%u", &values[0],
-                   &values[1], &values[2], &values[3], &values[4],
-                   &values[5]);
-               if (i != 6) {
-                       syslog(LOG_INFO, "malformed PORT command (%s)",
-                           client->line_buffer);
-                       exit(EX_DATAERR);
-               }
-
-               for (i = 0; i<6; i++) {
-                       if (values[i] > 255) {
-                               syslog(LOG_INFO,
-                                   "malformed PORT command (%s)",
-                                   client->line_buffer);
-                               exit(EX_DATAERR);
-                       }
-               }
-
-               client_listen_sa.sin_family = AF_INET;
-               client_listen_sa.sin_addr.s_addr = htonl((values[0] << 24) |
-                   (values[1] << 16) | (values[2] <<  8) |
-                   (values[3] <<  0));
-
-               client_listen_sa.sin_port = htons((values[4] << 8) |
-                   values[5]);
-               debuglog(1, "client wants us to use %u.%u.%u.%u:%u",
-                   values[0], values[1], values[2], values[3],
-                   (values[4] << 8) | values[5]);
-
-               /*
-                * Configure our own listen socket and tell the server about it
-                */
-               new_dataconn(1);
-               connection_mode = PORT_MODE;
-
-               debuglog(1, "we want server to use %s:%u",
-                   inet_ntoa(server->sa.sin_addr),
-                   ntohs(server_listen_sa.sin_port));
-
-               snprintf(tbuf, sizeof(tbuf), "PORT %u,%u,%u,%u,%u,%u\r\n",
-                   ((u_char *)&server->sa.sin_addr.s_addr)[0],
-                   ((u_char *)&server->sa.sin_addr.s_addr)[1],
-                   ((u_char *)&server->sa.sin_addr.s_addr)[2],
-                   ((u_char *)&server->sa.sin_addr.s_addr)[3],
-                   ((u_char *)&server_listen_sa.sin_port)[0],
-                   ((u_char *)&server_listen_sa.sin_port)[1]);
-
-               debuglog(1, "to server (modified): %s", tbuf);
-
-               sendbuf = tbuf;
-       } else
-               sendbuf = (char *)client->line_buffer;
-
-       /*
-        *send our (possibly modified) control command in sendbuf
-        * on it's way to the server
-        */
-       if (sendbuf != NULL) {
-               j = 0;
-               i = strlen(sendbuf);
-               do {
-                       rv = send(server->fd, sendbuf + j, i - j, 0);
-                       if (rv == -1 && errno != EAGAIN && errno != EINTR)
-                               break;
-                       else if (rv != -1)
-                               j += rv;
-               } while (j >= 0 && j < i);
-       }
-}
-
-void
-do_server_reply(struct csiob *server, struct csiob *client)
-{
-       int code, i, j, rv;
-       struct in_addr *iap;
-       static int continuing = 0;
-       char tbuf[100], *sendbuf, *p;
-
-       log_control_command((char *)server->line_buffer, 0);
-
-       if (strlen((char *)server->line_buffer) > 512) {
-               /*
-                * someone's playing games. Have a cow in the syslogs and
-                * exit - we don't pass this on for fear of hurting
-                * our other end, which might be poorly implemented.
-                */
-               syslog(LOG_NOTICE, "long FTP control reply");
-               exit(EX_DATAERR);
-       }
-
-       /*
-        * Watch out for "227 Entering Passive Mode ..." replies
-        */
-       code = strtol((char *)server->line_buffer, &p, 10);
-       if (isspace(server->line_buffer[0]))
-               code = 0;
-       if (!*(server->line_buffer) || (*p != ' ' && *p != '-')) {
-               if (continuing)
-                       goto sendit;
-               syslog(LOG_INFO, "malformed control reply");
-               exit(EX_DATAERR);
-       }
-       if (code <= 0 || code > 999) {
-               if (continuing)
-                       goto sendit;
-               syslog(LOG_INFO, "invalid server reply code %d", code);
-               exit(EX_DATAERR);
-       }
-       if (*p == '-')
-               continuing = 1;
-       else
-               continuing = 0;
-       if (code == 227 && !NatMode) {
-               unsigned int values[6];
-               char *tailptr;
-
-               debuglog(1, "Got a PASV reply");
-               debuglog(1, "{%s}", (char *)server->line_buffer);
-
-               tailptr = (char *)strchr((char *)server->line_buffer, '(');
-               if (tailptr == NULL) {
-                       tailptr = strrchr((char *)server->line_buffer, ' ');
-                       if (tailptr == NULL) {
-                               syslog(LOG_NOTICE, "malformed 227 reply");
-                               exit(EX_DATAERR);
-                       }
-               }
-               tailptr++; /* skip past space or ( */
-
-               values[0] = 0;
-
-               i = sscanf(tailptr, "%u,%u,%u,%u,%u,%u", &values[0],
-                   &values[1], &values[2], &values[3], &values[4],
-                   &values[5]);
-               if (i != 6) {
-                       syslog(LOG_INFO, "malformed PASV reply (%s)",
-                           client->line_buffer);
-                       exit(EX_DATAERR);
-               }
-               for (i = 0; i<6; i++)
-                       if (values[i] > 255) {
-                               syslog(LOG_INFO, "malformed PASV reply(%s)",
-                                   client->line_buffer);
-                               exit(EX_DATAERR);
-                       }
-
-               server_listen_sa.sin_family = AF_INET;
-               server_listen_sa.sin_addr.s_addr = htonl((values[0] << 24) |
-                   (values[1] << 16) | (values[2] <<  8) | (values[3] <<  0));
-               server_listen_sa.sin_port = htons((values[4] << 8) |
-                   values[5]);
-
-               debuglog(1, "server wants us to use %s:%u",
-                   inet_ntoa(server_listen_sa.sin_addr), (values[4] << 8) |
-                   values[5]);
-
-               new_dataconn(0);
-               connection_mode = PASV_MODE;
-               if (ReverseMode)
-                       iap = &(proxy_sa.sin_addr);
-               else
-                       iap = &(server->sa.sin_addr);
-
-               debuglog(1, "we want client to use %s:%u", inet_ntoa(*iap),
-                   htons(client_listen_sa.sin_port));
-
-               snprintf(tbuf, sizeof(tbuf),
-                   "227 Entering Passive Mode (%u,%u,%u,%u,%u,%u)\r\n",
-                   ((u_char *)iap)[0], ((u_char *)iap)[1],
-                   ((u_char *)iap)[2], ((u_char *)iap)[3],
-                   ((u_char *)&client_listen_sa.sin_port)[0],
-                   ((u_char *)&client_listen_sa.sin_port)[1]);
-               debuglog(1, "to client (modified): %s", tbuf);
-               sendbuf = tbuf;
-       } else {
- sendit:
-               sendbuf = (char *)server->line_buffer;
-       }
-
-       /*
-        * send our (possibly modified) control command in sendbuf
-        * on it's way to the client
-        */
-       j = 0;
-       i = strlen(sendbuf);
-       do {
-               rv = send(client->fd, sendbuf + j, i - j, 0);
-               if (rv == -1 && errno != EAGAIN && errno != EINTR)
-                       break;
-               else if (rv != -1)
-                       j += rv;
-       } while (j >= 0 && j < i);
-
-}
-
-int
-main(int argc, char *argv[])
-{
-       struct csiob client_iob, server_iob;
-       struct sigaction new_sa, old_sa;
-       int sval, ch, flags, i;
-       socklen_t salen;
-       int one = 1;
-       long timeout_seconds = 0;
-       struct timeval tv;
-#ifdef LIBWRAP
-       int use_tcpwrapper = 0;
-#endif /* LIBWRAP */
-
-       while ((ch = getopt(argc, argv, "a:D:g:m:M:R:S:t:u:AnVwr")) != -1) {
-               char *p;
-               switch (ch) {
-               case 'a':
-                       if (!*optarg)
-                               usage();
-                       if ((Bind_Addr = inet_addr(optarg)) == INADDR_NONE) {
-                               syslog(LOG_NOTICE,
-                                       "%s: invalid address", optarg);
-                               usage();
-                       }
-                       break;
-               case 'A':
-                       AnonFtpOnly = 1; /* restrict to anon usernames only */
-                       break;
-               case 'D':
-                       Debug_Level = strtol(optarg, &p, 10);
-                       if (!*optarg || *p)
-                               usage();
-                       break;
-               case 'g':
-                       Group = optarg;
-                       break;
-               case 'm':
-                       min_port = strtol(optarg, &p, 10);
-                       if (!*optarg || *p)
-                               usage();
-                       if (min_port < 0 || min_port > USHRT_MAX)
-                               usage();
-                       break;
-               case 'M':
-                       max_port = strtol(optarg, &p, 10);
-                       if (!*optarg || *p)
-                               usage();
-                       if (max_port < 0 || max_port > USHRT_MAX)
-                               usage();
-                       break;
-               case 'n':
-                       NatMode = 1; /* pass all passives, we're using NAT */
-                       break;
-               case 'r':
-                       Use_Rdns = 1; /* look up hostnames */
-                       break;
-               case 'R': {
-                       char *s, *t;
-
-                       if (!*optarg)
-                               usage();
-                       if ((s = strdup(optarg)) == NULL) {
-                               syslog (LOG_NOTICE,
-                                   "Insufficient memory (malloc failed)");
-                               exit(EX_UNAVAILABLE);
-                       }
-                       memset(&real_server_sa, 0, sizeof(real_server_sa));
-                       real_server_sa.sin_len = sizeof(struct sockaddr_in);
-                       real_server_sa.sin_family = AF_INET;
-                       t = strchr(s, ':');
-                       if (t == NULL)
-                               real_server_sa.sin_port = htons(21);
-                       else {
-                               long port = strtol(t + 1, &p, 10);
-
-                               if (*p || port <= 0 || port > 65535)
-                                       usage();
-                               real_server_sa.sin_port = htons(port);
-                               *t = 0;
-                       }
-                       real_server_sa.sin_addr.s_addr = inet_addr(s);
-                       if (real_server_sa.sin_addr.s_addr == INADDR_NONE)
-                               usage();
-                       free(s);
-                       ReverseMode = 1;
-                       break;
-               }
-               case 'S':
-                       if (!inet_aton(optarg, &src_addr))
-                               usage();
-                       break;
-               case 't':
-                       timeout_seconds = strtol(optarg, &p, 10);
-                       if (!*optarg || *p)
-                               usage();
-                       break;
-               case 'u':
-                       User = optarg;
-                       break;
-               case 'V':
-                       Verbose = 1;
-                       break;
-#ifdef LIBWRAP
-               case 'w':
-                       use_tcpwrapper = 1; /* do the libwrap thing */
-                       break;
-#endif /* LIBWRAP */
-               default:
-                       usage();
-                       /* NOTREACHED */
-               }
-       }
-       argc -= optind;
-       argv += optind;
-
-       if (max_port < min_port)
-               usage();
-
-       openlog(__progname, LOG_NDELAY|LOG_PID, LOG_DAEMON);
-
-       setlinebuf(stdout);
-       setlinebuf(stderr);
-
-       memset(&client_iob, 0, sizeof(client_iob));
-       memset(&server_iob, 0, sizeof(server_iob));
-
-       if (get_proxy_env(0, &real_server_sa, &client_iob.sa,
-           &proxy_sa) == -1)
-               exit(EX_PROTOCOL);
-
-       /*
-        * We may now drop root privs, as we have done our ioctl for
-        * pf. If we do drop root, we can't make backchannel connections
-        * for PORT and EPRT come from port 20, which is not strictly
-        * RFC compliant. This shouldn't cause problems for all but
-        * the stupidest ftp clients and the stupidest packet filters.
-        */
-       drop_privs();
-
-       /*
-        * We check_host after get_proxy_env so that checks are done
-        * against the original destination endpoint, not the endpoint
-        * of our side of the rdr. This allows the use of tcpwrapper
-        * rules to restrict destinations as well as sources of connections
-        * for ftp.
-        */
-       if (Use_Rdns)
-               flags = 0;
-       else
-               flags = NI_NUMERICHOST | NI_NUMERICSERV;
-
-       i = getnameinfo((struct sockaddr *)&client_iob.sa,
-           sizeof(client_iob.sa), ClientName, sizeof(ClientName), NULL, 0,
-           flags);
-
-       if (i != 0 && i != EAI_NONAME && i != EAI_AGAIN) {
-               debuglog(2, "name resolution failure (client)");
-               exit(EX_OSERR);
-       }
-
-       i = getnameinfo((struct sockaddr *)&real_server_sa,
-           sizeof(real_server_sa), RealServerName, sizeof(RealServerName),
-           NULL, 0, flags);
-
-       if (i != 0 && i != EAI_NONAME && i != EAI_AGAIN) {
-               debuglog(2, "name resolution failure (server)");
-               exit(EX_OSERR);
-       }
-
-#ifdef LIBWRAP
-       if (use_tcpwrapper && !check_host(&client_iob.sa, &real_server_sa))
-               exit(EX_NOPERM);
-#endif
-
-       client_iob.fd = 0;
-
-       syslog(LOG_INFO, "accepted connection from %s:%u to %s:%u", ClientName,
-               ntohs(client_iob.sa.sin_port), RealServerName,
-               ntohs(real_server_sa.sin_port));
-
-       server_iob.fd = get_backchannel_socket(SOCK_STREAM, min_port, max_port,
-           -1, 1, &server_iob.sa);
-
-       if (connect(server_iob.fd, (struct sockaddr *)&real_server_sa,
-           sizeof(real_server_sa)) != 0) {
-               syslog(LOG_INFO, "cannot connect to %s:%u (%m)", RealServerName,
-                   ntohs(real_server_sa.sin_port));
-               exit(EX_NOHOST);
-       }
-
-       /*
-        * Now that we are connected to the real server, get the name
-        * of our end of the server socket so we know our IP address
-        * from the real server's perspective.
-        */
-       salen = sizeof(server_iob.sa);
-       getsockname(server_iob.fd, (struct sockaddr *)&server_iob.sa, &salen);
-
-       i = getnameinfo((struct sockaddr *)&server_iob.sa,
-           sizeof(server_iob.sa), OurName, sizeof(OurName), NULL, 0, flags);
-
-       if (i != 0 && i != EAI_NONAME && i != EAI_AGAIN) {
-               debuglog(2, "name resolution failure (local)");
-               exit(EX_OSERR);
-       }
-
-       debuglog(1, "local socket is %s:%u", OurName,
-           ntohs(server_iob.sa.sin_port));
-
-       /* ignore SIGPIPE */
-       bzero(&new_sa, sizeof(new_sa));
-       new_sa.sa_handler = SIG_IGN;
-       (void)sigemptyset(&new_sa.sa_mask);
-       new_sa.sa_flags = SA_RESTART;
-       if (sigaction(SIGPIPE, &new_sa, &old_sa) != 0) {
-               syslog(LOG_ERR, "sigaction() failed (%m)");
-               exit(EX_OSERR);
-       }
-
-       if (setsockopt(client_iob.fd, SOL_SOCKET, SO_OOBINLINE, (char *)&one,
-           sizeof(one)) == -1) {
-               syslog(LOG_NOTICE, "cannot set SO_OOBINLINE (%m)");
-               exit(EX_OSERR);
-       }
-
-       client_iob.line_buffer_size = STARTBUFSIZE;
-       client_iob.line_buffer = malloc(client_iob.line_buffer_size);
-       client_iob.io_buffer_size = STARTBUFSIZE;
-       client_iob.io_buffer = malloc(client_iob.io_buffer_size);
-       client_iob.next_byte = 0;
-       client_iob.io_buffer_len = 0;
-       client_iob.alive = 1;
-       client_iob.who = "client";
-       client_iob.send_oob_flags = 0;
-       client_iob.real_sa = client_iob.sa;
-
-       server_iob.line_buffer_size = STARTBUFSIZE;
-       server_iob.line_buffer = malloc(server_iob.line_buffer_size);
-       server_iob.io_buffer_size = STARTBUFSIZE;
-       server_iob.io_buffer = malloc(server_iob.io_buffer_size);
-       server_iob.next_byte = 0;
-       server_iob.io_buffer_len = 0;
-       server_iob.alive = 1;
-       server_iob.who = "server";
-       server_iob.send_oob_flags = MSG_OOB;
-       server_iob.real_sa = real_server_sa;
-
-       if (client_iob.line_buffer == NULL || client_iob.io_buffer == NULL ||
-           server_iob.line_buffer == NULL || server_iob.io_buffer == NULL) {
-               syslog (LOG_NOTICE, "insufficient memory");
-               exit(EX_UNAVAILABLE);
-       }
-
-       while (client_iob.alive || server_iob.alive) {
-               int maxfd = 0;
-               fd_set *fdsp;
-
-               if (client_iob.fd > maxfd)
-                       maxfd = client_iob.fd;
-               if (client_listen_socket > maxfd)
-                       maxfd = client_listen_socket;
-               if (client_data_socket > maxfd)
-                       maxfd = client_data_socket;
-               if (server_iob.fd > maxfd)
-                       maxfd = server_iob.fd;
-               if (server_listen_socket > maxfd)
-                       maxfd = server_listen_socket;
-               if (server_data_socket > maxfd)
-                       maxfd = server_data_socket;
-
-               debuglog(3, "client is %s; server is %s",
-                   client_iob.alive ? "alive" : "dead",
-                   server_iob.alive ? "alive" : "dead");
-
-               fdsp = (fd_set *)calloc(howmany(maxfd + 1, NFDBITS),
-                   sizeof(fd_mask));
-               if (fdsp == NULL) {
-                       syslog(LOG_NOTICE, "insufficient memory");
-                       exit(EX_UNAVAILABLE);
-               }
-
-               if (client_iob.alive && telnet_getline(&client_iob,
-                   &server_iob)) {
-                       debuglog(3, "client line buffer is \"%s\"",
-                           (char *)client_iob.line_buffer);
-                       if (client_iob.line_buffer[0] != '\0')
-                               do_client_cmd(&client_iob, &server_iob);
-               } else if (server_iob.alive && telnet_getline(&server_iob,
-                   &client_iob)) {
-                       debuglog(3, "server line buffer is \"%s\"",
-                           (char *)server_iob.line_buffer);
-                       if (server_iob.line_buffer[0] != '\0')
-                               do_server_reply(&server_iob, &client_iob);
-               } else {
-                       if (client_iob.alive) {
-                               FD_SET(client_iob.fd, fdsp);
-                               if (client_listen_socket >= 0)
-                                       FD_SET(client_listen_socket, fdsp);
-                               if (client_data_socket >= 0)
-                                       FD_SET(client_data_socket, fdsp);
-                       }
-                       if (server_iob.alive) {
-                               FD_SET(server_iob.fd, fdsp);
-                               if (server_listen_socket >= 0)
-                                       FD_SET(server_listen_socket, fdsp);
-                               if (server_data_socket >= 0)
-                                       FD_SET(server_data_socket, fdsp);
-                       }
-                       tv.tv_sec = timeout_seconds;
-                       tv.tv_usec = 0;
-
-               doselect:
-                       sval = select(maxfd + 1, fdsp, NULL, NULL,
-                           (tv.tv_sec == 0) ? NULL : &tv);
-                       if (sval == 0) {
-                               /*
-                                * This proxy has timed out. Expire it
-                                * quietly with an obituary in the syslogs
-                                * for any passing mourners.
-                                */
-                               syslog(LOG_INFO,
-                                   "timeout: no data for %ld seconds",
-                                   timeout_seconds);
-                               exit(EX_OK);
-                       }
-                       if (sval == -1) {
-                               if (errno == EINTR || errno == EAGAIN)
-                                       goto doselect;
-                               syslog(LOG_NOTICE,
-                                   "select() failed (%m)");
-                               exit(EX_OSERR);
-                       }
-                       if (client_data_socket >= 0 &&
-                           FD_ISSET(client_data_socket, fdsp)) {
-                               int rval;
-
-                               debuglog(3, "transfer: client to server");
-                               rval = xfer_data("client to server",
-                                   client_data_socket,
-                                   server_data_socket,
-                                   client_iob.sa.sin_addr,
-                                   real_server_sa.sin_addr);
-                               if (rval <= 0) {
-                                       close_client_data();
-                                       close_server_data();
-                                       show_xfer_stats();
-                               } else
-                                       client_data_bytes += rval;
-                       }
-                       if (server_data_socket >= 0 &&
-                           FD_ISSET(server_data_socket, fdsp)) {
-                               int rval;
-
-                               debuglog(3, "transfer: server to client");
-                               rval = xfer_data("server to client",
-                                   server_data_socket,
-                                   client_data_socket,
-                                   real_server_sa.sin_addr,
-                                   client_iob.sa.sin_addr);
-                               if (rval <= 0) {
-                                       close_client_data();
-                                       close_server_data();
-                                       show_xfer_stats();
-                               } else
-                                       server_data_bytes += rval;
-                       }
-                       if (server_listen_socket >= 0 &&
-                           FD_ISSET(server_listen_socket, fdsp)) {
-                               connect_port_backchannel();
-                       }
-                       if (client_listen_socket >= 0 &&
-                           FD_ISSET(client_listen_socket, fdsp)) {
-                               connect_pasv_backchannel();
-                       }
-                       if (client_iob.alive &&
-                           FD_ISSET(client_iob.fd, fdsp)) {
-                               client_iob.data_available = 1;
-                       }
-                       if (server_iob.alive &&
-                           FD_ISSET(server_iob.fd, fdsp)) {
-                               server_iob.data_available = 1;
-                       }
-               }
-               free(fdsp);
-               if (client_iob.got_eof) {
-                       shutdown(server_iob.fd, SHUT_WR);
-                       shutdown(client_iob.fd, SHUT_RD);
-                       client_iob.got_eof = 0;
-                       client_iob.alive = 0;
-               }
-               if (server_iob.got_eof) {
-                       shutdown(client_iob.fd, SHUT_WR);
-                       shutdown(server_iob.fd, SHUT_RD);
-                       server_iob.got_eof = 0;
-                       server_iob.alive = 0;
-               }
-       }
-
-       if (Verbose)
-               syslog(LOG_INFO, "session ended");
-
-       exit(EX_OK);
-}
diff --git a/libexec/ftp-proxy/getline.c b/libexec/ftp-proxy/getline.c
deleted file mode 100644 (file)
index 48b8d81..0000000
+++ /dev/null
@@ -1,260 +0,0 @@
-/*     $OpenBSD: getline.c,v 1.15 2003/06/28 01:04:57 deraadt Exp $ */
-/*     $DragonFly: src/libexec/ftp-proxy/getline.c,v 1.2 2005/02/24 15:38:09 joerg Exp $ */
-
-/*
- * Copyright (c) 1985, 1988 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *  @(#)ftpcmd.y    5.24 (Berkeley) 2/25/91
- */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-
-#include <netinet/in.h>
-#include <arpa/telnet.h>
-
-#include <errno.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <sysexits.h>
-#include <syslog.h>
-#include <unistd.h>
-
-#include "util.h"
-
-int            refill_buffer(struct csiob *iobp);
-
-/*
- * Refill the io buffer if we KNOW that data is available
- *
- * Returns 1 if any new data was obtained, 0 otherwise.
- */
-
-int
-refill_buffer(struct csiob *iobp)
-{
-       int rqlen, rlen;
-
-       if (!(iobp->data_available))
-               return(0);
-
-       if (iobp->got_eof)
-               return(0);
-
-       /*
-        * The buffer has been entirely consumed if next_byte == io_buffer_len.
-        * Otherwise, there is some still-to-be-used data in io_buffer.
-        * Shuffle it to the start of the buffer.
-        * Note that next_byte will never exceed io_buffer_len.
-        * Also, note that we MUST use bcopy because the two regions could
-        * overlap (memcpy isn't defined to work properly with overlapping
-        * regions).
-        */
-       if (iobp->next_byte < iobp->io_buffer_len) {
-               int dst_ix = 0;
-               int src_ix = iobp->next_byte;
-               int amount = iobp->io_buffer_len - iobp->next_byte;
-
-               bcopy(&iobp->io_buffer[src_ix], &iobp->io_buffer[dst_ix],
-                   amount);
-               iobp->io_buffer_len = amount;
-       } else if (iobp->next_byte == iobp->io_buffer_len)
-               iobp->io_buffer_len = 0;
-       else {
-               syslog(LOG_ERR, "next_byte(%d) > io_buffer_len(%d)",
-                   iobp->next_byte, iobp->io_buffer_len);
-               exit(EX_OSERR);
-       }
-
-       iobp->next_byte = 0;
-
-       /* don't do tiny reads, grow first if we need to */
-       rqlen = iobp->io_buffer_size - iobp->io_buffer_len;
-       if (rqlen <= 128) {
-               unsigned char *tmp;
-
-               iobp->io_buffer_size += 128;
-               tmp = realloc(iobp->io_buffer, iobp->io_buffer_size);
-               if (tmp == NULL) {
-                       syslog(LOG_INFO, "Insufficient memory");
-                       exit(EX_UNAVAILABLE);
-               }
-               iobp->io_buffer = tmp;
-               rqlen = iobp->io_buffer_size - iobp->io_buffer_len;
-       }
-
-       /*
-        * Always leave an unused byte at the end of the buffer
-        * because the debug output uses that byte from time to time
-        * to ensure that something that is being printed is \0 terminated.
-        */
-       rqlen -= 1;
-
- doread:
-       rlen = read(iobp->fd, &iobp->io_buffer[iobp->io_buffer_len], rqlen);
-       iobp->data_available = 0;
-       switch (rlen) {
-       case -1:
-               if (errno == EAGAIN || errno == EINTR)
-                       goto doread;
-               if (errno != ECONNRESET) {
-                       syslog(LOG_INFO, "read() failed on socket from %s (%m)",
-                           iobp->who);
-                       exit(EX_DATAERR);
-               }
-               /* fall through to EOF case */
-       case 0:
-               iobp->got_eof = 1;
-               return(0);
-               break;
-       default:
-               iobp->io_buffer_len += rlen;
-               break;
-       }
-       return(1);
-}
-
-/*
- * telnet_getline - a hacked up version of fgets to ignore TELNET escape codes.
- *
- * This code is derived from the getline routine found in the UC Berkeley
- * ftpd code.
- *
- */
-
-int
-telnet_getline(struct csiob *iobp, struct csiob *telnet_passthrough)
-{
-       unsigned char ch;
-       int ix;
-       unsigned char tbuf[100];
-
-       iobp->line_buffer[0] = '\0';
-
-       /*
-        * If the buffer is empty then refill it right away.
-        */
-       if (iobp->next_byte == iobp->io_buffer_len)
-               if (!refill_buffer(iobp))
-                       return(0);
-
-       /*
-        * Is there a telnet command in the buffer?
-        */
-       ch = iobp->io_buffer[iobp->next_byte];
-       if (ch == IAC) {
-               /*
-                * Yes - buffer must have at least three bytes in it
-                */
-               if (iobp->io_buffer_len - iobp->next_byte < 3) {
-                       if (!refill_buffer(iobp))
-                               return(0);
-                       if (iobp->io_buffer_len - iobp->next_byte < 3)
-                               return(0);
-               }
-
-               iobp->next_byte++;
-               ch = iobp->io_buffer[iobp->next_byte++];
-
-               switch (ch) {
-               case WILL:
-               case WONT:
-               case DO:
-               case DONT:
-                       tbuf[0] = IAC;
-                       tbuf[1] = ch;
-                       tbuf[2] = iobp->io_buffer[iobp->next_byte++];
-                       (void)send(telnet_passthrough->fd, tbuf, 3,
-                           telnet_passthrough->send_oob_flags);
-                       break;
-               case IAC:
-                       break;
-               default:
-                       break;
-               }
-               return(1);
-       } else {
-               int clen;
-
-               /*
-                * Is there a newline in the buffer?
-                */
-               for (ix = iobp->next_byte; ix < iobp->io_buffer_len;
-                   ix += 1) {
-                       if (iobp->io_buffer[ix] == '\n')
-                               break;
-                       if (iobp->io_buffer[ix] == '\0') {
-                               syslog(LOG_INFO,
-                                   "got NUL byte from %s - bye!",
-                                   iobp->who);
-                               exit(EX_DATAERR);
-                       }
-               }
-
-               if (ix == iobp->io_buffer_len) {
-                       if (!refill_buffer(iobp))
-                               return(0);
-                       /*
-                        * Empty line returned
-                        * will try again soon!
-                        */
-                       return(1);
-               }
-
-               /*
-                * Expand the line buffer if it isn't big enough.  We
-                * use a fudge factor of 5 rather than trying to
-                * figure out exactly how to account for the '\0 \r\n' and
-                * such.  The correct fudge factor is 0, 1 or 2 but
-                * anything higher also works. We also grow it by a
-                * bunch to avoid having to do this often. Yes this is
-                * nasty.
-                */
-               if (ix - iobp->next_byte > iobp->line_buffer_size - 5) {
-                       unsigned char *tmp;
-
-                       iobp->line_buffer_size = 256 + ix - iobp->next_byte;
-                       tmp = realloc(iobp->line_buffer,
-                           iobp->line_buffer_size);
-                       if (tmp == NULL) {
-                               syslog(LOG_INFO, "Insufficient memory");
-                               exit(EX_UNAVAILABLE);
-                       }
-                       iobp->line_buffer = tmp;
-               }
-
-               /* +1 is for the newline */
-               clen = (ix+1) - iobp->next_byte;
-               memcpy(iobp->line_buffer, &iobp->io_buffer[iobp->next_byte],
-                   clen);
-               iobp->next_byte += clen;
-               iobp->line_buffer[clen] = '\0';
-               return(1);
-       }
-}
diff --git a/libexec/ftp-proxy/util.c b/libexec/ftp-proxy/util.c
deleted file mode 100644 (file)
index b53cea5..0000000
+++ /dev/null
@@ -1,307 +0,0 @@
-/*     $OpenBSD: util.c,v 1.18 2004/01/22 16:10:30 beck Exp $ */
-/*     $DragonFly: src/libexec/ftp-proxy/util.c,v 1.2 2005/02/24 15:38:09 joerg Exp $ */
-
-/*
- * Copyright (c) 1996-2001
- *     Obtuse Systems Corporation.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the Obtuse Systems nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE OBTUSE SYSTEMS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL OBTUSE
- * SYSTEMS CORPORATION OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#include <sys/file.h>
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <net/if.h>
-#include <net/pf/pfvar.h>
-
-#include <arpa/inet.h>
-
-#include <ctype.h>
-#include <errno.h>
-#include <netdb.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <sysexits.h>
-#include <syslog.h>
-#include <unistd.h>
-
-#include "util.h"
-
-extern int ReverseMode;
-
-int Debug_Level;
-int Use_Rdns;
-in_addr_t Bind_Addr = INADDR_NONE;
-
-void           debuglog(int debug_level, const char *fmt, ...);
-
-void
-debuglog(int debug_level, const char *fmt, ...)
-{
-       va_list ap;
-       va_start(ap, fmt);
-
-       if (Debug_Level >= debug_level)
-               vsyslog(LOG_DEBUG, fmt, ap);
-       va_end(ap);
-}
-
-int
-get_proxy_env(int connected_fd, struct sockaddr_in *real_server_sa_ptr,
-    struct sockaddr_in *client_sa_ptr, struct sockaddr_in *proxy_sa_ptr)
-{
-       struct pfioc_natlook natlook;
-       socklen_t slen;
-       int fd;
-
-       slen = sizeof(*proxy_sa_ptr);
-       if (getsockname(connected_fd, (struct sockaddr *)proxy_sa_ptr,
-           &slen) != 0) {
-               syslog(LOG_ERR, "getsockname() failed (%m)");
-               return(-1);
-       }
-       slen = sizeof(*client_sa_ptr);
-       if (getpeername(connected_fd, (struct sockaddr *)client_sa_ptr,
-           &slen) != 0) {
-               syslog(LOG_ERR, "getpeername() failed (%m)");
-               return(-1);
-       }
-
-       if (ReverseMode)
-               return(0);
-
-       /*
-        * Build up the pf natlook structure.
-        * Just for IPv4 right now
-        */
-       memset((void *)&natlook, 0, sizeof(natlook));
-       natlook.af = AF_INET;
-       natlook.saddr.addr32[0] = client_sa_ptr->sin_addr.s_addr;
-       natlook.daddr.addr32[0] = proxy_sa_ptr->sin_addr.s_addr;
-       natlook.proto = IPPROTO_TCP;
-       natlook.sport = client_sa_ptr->sin_port;
-       natlook.dport = proxy_sa_ptr->sin_port;
-       natlook.direction = PF_OUT;
-
-       /*
-        * Open the pf device and lookup the mapping pair to find
-        * the original address we were supposed to connect to.
-        */
-       fd = open("/dev/pf", O_RDWR);
-       if (fd == -1) {
-               syslog(LOG_ERR, "cannot open /dev/pf (%m)");
-               exit(EX_UNAVAILABLE);
-       }
-
-       if (ioctl(fd, DIOCNATLOOK, &natlook) == -1) {
-               syslog(LOG_INFO,
-                   "pf nat lookup failed %s:%hu (%m)",
-                   inet_ntoa(client_sa_ptr->sin_addr),
-                   ntohs(client_sa_ptr->sin_port));
-               close(fd);
-               return(-1);
-       }
-       close(fd);
-
-       /*
-        * Now jam the original address and port back into the into
-        * destination sockaddr_in for the proxy to deal with.
-        */
-       memset((void *)real_server_sa_ptr, 0, sizeof(struct sockaddr_in));
-       real_server_sa_ptr->sin_port = natlook.rdport;
-       real_server_sa_ptr->sin_addr.s_addr = natlook.rdaddr.addr32[0];
-       real_server_sa_ptr->sin_len = sizeof(struct sockaddr_in);
-       real_server_sa_ptr->sin_family = AF_INET;
-       return(0);
-}
-
-
-/*
- * Transfer one unit of data across a pair of sockets
- *
- * A unit of data is as much as we get with a single read(2) call.
- */
-int
-xfer_data(const char *what_read,int from_fd, int to_fd,
-         struct in_addr from __unused, struct in_addr to __unused)
-{
-       int rlen, offset, xerrno, mark, flags = 0;
-       char tbuf[4096];
-
-       /*
-        * Are we at the OOB mark?
-        */
-       if (ioctl(from_fd, SIOCATMARK, &mark) < 0) {
-               xerrno = errno;
-               syslog(LOG_ERR, "cannot ioctl(SIOCATMARK) socket from %s (%m)",
-                   what_read);
-               errno = xerrno;
-               return(-1);
-       }
-       if (mark)
-               flags = MSG_OOB;        /* Yes - at the OOB mark */
-
-snarf:
-       rlen = recv(from_fd, tbuf, sizeof(tbuf), flags);
-       if (rlen == -1 && flags == MSG_OOB && errno == EINVAL) {
-               /* OOB didn't work */
-               flags = 0;
-               rlen = recv(from_fd, tbuf, sizeof(tbuf), flags);
-       }
-       if (rlen == 0) {
-               debuglog(3, "EOF on read socket");
-               return(0);
-       } else if (rlen == -1) {
-               if (errno == EAGAIN || errno == EINTR)
-                       goto snarf;
-               xerrno = errno;
-               syslog(LOG_ERR, "xfer_data (%s): failed (%m) with flags 0%o",
-                   what_read, flags);
-               errno = xerrno;
-               return(-1);
-       } else {
-               offset = 0;
-               debuglog(3, "got %d bytes from socket", rlen);
-
-               while (offset < rlen) {
-                       int wlen;
-               fling:
-                       wlen = send(to_fd, &tbuf[offset], rlen - offset,
-                           flags);
-                       if (wlen == 0) {
-                               debuglog(3, "zero-length write");
-                               goto fling;
-                       } else if (wlen == -1) {
-                               if (errno == EAGAIN || errno == EINTR)
-                                       goto fling;
-                               xerrno = errno;
-                               syslog(LOG_INFO, "write failed (%m)");
-                               errno = xerrno;
-                               return(-1);
-                       } else {
-                               debuglog(3, "wrote %d bytes to socket",wlen);
-                               offset += wlen;
-                       }
-               }
-               return(offset);
-       }
-}
-
-/*
- * get_backchannel_socket gets us a socket bound somewhere in a
- * particular range of ports
- */
-int
-get_backchannel_socket(int type, int min_port, int max_port, int start_port,
-    int direction, struct sockaddr_in *sap)
-{
-       int count;
-
-       /*
-        * Make sure that direction is 'defined' and that min_port is not
-        * greater than max_port.
-        */
-       if (direction != -1)
-               direction = 1;
-
-       /* by default we go up by one port until we find one */
-       if (min_port > max_port) {
-               errno = EINVAL;
-               return(-1);
-       }
-
-       count = 1 + max_port - min_port;
-
-       /*
-        * Pick a port we can bind to from within the range we want.
-        * If the caller specifies -1 as the starting port number then
-        * we pick one somewhere in the range to try.
-        * This is an optimization intended to speedup port selection and
-        * has NOTHING to do with security.
-        */
-       if (start_port == -1)
-               start_port = (arc4random() % count) + min_port;
-
-       if (start_port < min_port || start_port > max_port) {
-               errno = EINVAL;
-               return(-1);
-       }
-
-       while (count-- > 0) {
-               struct sockaddr_in sa;
-               int one, fd;
-
-               fd = socket(AF_INET, type, 0);
-
-               bzero(&sa, sizeof sa);
-               sa.sin_family = AF_INET;
-               if (Bind_Addr == INADDR_NONE)
-                       if (sap == NULL)
-                               sa.sin_addr.s_addr = INADDR_ANY;
-                       else
-                               sa.sin_addr.s_addr = sap->sin_addr.s_addr;
-               else
-                       sa.sin_addr.s_addr = Bind_Addr;
-
-               /*
-                * Indicate that we want to reuse a port if it happens that the
-                * port in question was a listen port recently.
-                */
-               one = 1;
-               if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one,
-                   sizeof(one))  == -1)
-                       return(-1);
-
-               sa.sin_port = htons(start_port);
-
-               if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) == 0) {
-                       if (sap != NULL)
-                               *sap = sa;
-                       return(fd);
-               }
-
-               if (errno != EADDRINUSE)
-                       return(-1);
-
-               /* if it's in use, try the next port */
-               close(fd);
-
-               start_port += direction;
-               if (start_port < min_port)
-                       start_port = max_port;
-               else if (start_port > max_port)
-                       start_port = min_port;
-       }
-       errno = EAGAIN;
-       return(-1);
-}
diff --git a/libexec/ftp-proxy/util.h b/libexec/ftp-proxy/util.h
deleted file mode 100644 (file)
index 6cea2f3..0000000
+++ /dev/null
@@ -1,69 +0,0 @@
-/*     $OpenBSD: util.h,v 1.3 2002/05/23 10:22:14 deraadt Exp $ */
-/*     $DragonFly: src/libexec/ftp-proxy/util.h,v 1.2 2005/02/24 15:38:09 joerg Exp $ */
-
-/*
- * Copyright (c) 1996-2001
- *     Obtuse Systems Corporation.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 4. Neither the name of the Obtuse Systems nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL OBTUSE SYSTEMS CORPORATION OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-struct proxy_channel {
-       int pc_to_fd, pc_from_fd;
-       int pc_alive;
-       int pc_nextbyte;
-       int pc_flags;
-       int pc_length;
-       int pc_size;
-       struct sockaddr_in pc_from_sa, pc_to_sa;
-       int (*pc_filter)( void ** databuf, int datalen);
-       char *pc_buffer;
-};
-
-struct csiob {
-       int fd;
-       int line_buffer_size, io_buffer_size, io_buffer_len, next_byte;
-       unsigned char *io_buffer, *line_buffer;
-       struct sockaddr_in sa, real_sa;
-       const char *who;
-       char alive, got_eof, data_available;
-       int send_oob_flags;
-};
-
-extern int telnet_getline(struct csiob *iobp,
-    struct csiob *telnet_passthrough);
-
-extern int get_proxy_env(int fd, struct sockaddr_in *server_sa_ptr,
-    struct sockaddr_in *client_sa_ptr, struct sockaddr_in *proxy_sa_ptr);
-
-extern int get_backchannel_socket(int type, int min_port, int max_port,
-    int start_port, int direction, struct sockaddr_in *sap);
-
-extern int xfer_data(const char *what_read, int from_fd, int to_fd,
-    struct in_addr from, struct in_addr to);
-
-extern char *ProgName;
-
-
index eac5ef3..5b450bc 100644 (file)
@@ -39,6 +39,7 @@ SUBDIR= 802_11 \
        fdcontrol \
        fdformat \
        fdwrite \
+       ftp-proxy \
        fwcontrol \
        gifconfig \
        hotplugd \
diff --git a/usr.sbin/ftp-proxy/.depend b/usr.sbin/ftp-proxy/.depend
new file mode 100644 (file)
index 0000000..3da2fec
--- /dev/null
@@ -0,0 +1,133 @@
+# -I/home/lentferj/repo/src/usr.sbin/ftp-proxy ftp-proxy.c filter.c
+ftp-proxy.o: ftp-proxy.c \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/queue.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/cdefs.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/types.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/stdint.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/stdint.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/stdint.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/int_const.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/int_limits.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/stdarg.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/endian.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/types.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/cpu/types.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/_pthreadtypes.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/fd_set.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/_timeval.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/time.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/_timespec.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/select.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/signal.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/_posix.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/signal.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/trap.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/ucontext.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/ucontext.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/time.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/uvparam.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/_null.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/resource.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/socket.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/_iovec.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/param.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/cpu/param.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/net/if.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/net/pf/pfvar.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/param.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/syslimits.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/limits.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/limits.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/ioccom.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/tree.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/lock.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/net/radix.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/net/if_clone.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/netinet/in.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/netinet6/in6.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/netinet/in_pcb.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/sysctl.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/net/route.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/netinet/tcp_fsm.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/arpa/inet.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/err.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/errno.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/event.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/stdarg.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/fcntl.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/netdb.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/pwd.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/signal.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/stdio.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/stdlib.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/string.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/strings.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/syslog.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/unistd.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/unistd.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/vis.h filter.h
+filter.o: filter.c \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/ioctl.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/ttycom.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/ioccom.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/cdefs.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/filio.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/sockio.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/types.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/stdint.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/stdint.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/stdint.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/int_const.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/int_limits.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/stdarg.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/endian.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/types.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/cpu/types.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/_pthreadtypes.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/fd_set.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/_timeval.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/socket.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/_iovec.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/param.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/cpu/param.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/net/if.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/time.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/_timespec.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/select.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/signal.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/_posix.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/signal.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/trap.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/ucontext.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/ucontext.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/time.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/uvparam.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/_null.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/net/pf/pfvar.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/param.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/syslimits.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/machine/limits.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/limits.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/queue.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/tree.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/lock.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/net/radix.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/net/if_clone.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/netinet/in.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/netinet6/in6.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/netinet/in_pcb.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/sysctl.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/net/route.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/netinet/tcp_fsm.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/netinet/tcp.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/arpa/inet.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/err.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/errno.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/fcntl.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/stdio.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/string.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/strings.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/unistd.h \
+  /usr/obj/home/lentferj/repo/src/world_i386/usr/include/sys/unistd.h \
+  filter.h
+ftp-proxy: /usr/obj/home/lentferj/repo/src/world_i386/usr/lib/libc.a
diff --git a/usr.sbin/ftp-proxy/Makefile b/usr.sbin/ftp-proxy/Makefile
new file mode 100644 (file)
index 0000000..5d85a71
--- /dev/null
@@ -0,0 +1,11 @@
+PROG=  ftp-proxy
+SRCS=  ftp-proxy.c filter.c
+MAN=   ftp-proxy.8
+
+CFLAGS+= -I${.CURDIR}
+LDADD+=        -levent
+DPADD+= ${LIBEVENT}
+
+WARNS?= 2
+
+.include <bsd.prog.mk>
diff --git a/usr.sbin/ftp-proxy/filter.c b/usr.sbin/ftp-proxy/filter.c
new file mode 100644 (file)
index 0000000..4597cd7
--- /dev/null
@@ -0,0 +1,387 @@
+/*     $OpenBSD: filter.c,v 1.5 2006/12/01 07:31:21 camield Exp $ */
+
+/*
+ * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/ioctl.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include <net/if.h>
+#include <net/pf/pfvar.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <arpa/inet.h>
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "filter.h"
+
+/* From netinet/in.h, but only _KERNEL_ gets them. */
+#define satosin(sa)    ((struct sockaddr_in *)(sa))
+#define satosin6(sa)   ((struct sockaddr_in6 *)(sa))
+
+enum { TRANS_FILTER = 0, TRANS_NAT, TRANS_RDR, TRANS_SIZE };
+
+int prepare_rule(u_int32_t, int, struct sockaddr *, struct sockaddr *,
+    u_int16_t);
+int server_lookup4(struct sockaddr_in *, struct sockaddr_in *,
+    struct sockaddr_in *);
+int server_lookup6(struct sockaddr_in6 *, struct sockaddr_in6 *,
+    struct sockaddr_in6 *);
+
+static struct pfioc_pooladdr   pfp;
+static struct pfioc_rule       pfr;
+static struct pfioc_trans      pft;
+static struct pfioc_trans_e    pfte[TRANS_SIZE];
+static int dev, rule_log;
+static char *qname;
+
+int
+add_filter(u_int32_t id, u_int8_t dir, struct sockaddr *src,
+    struct sockaddr *dst, u_int16_t d_port)
+{
+       if (!src || !dst || !d_port) {
+               errno = EINVAL;
+               return (-1);
+       }
+
+       if (prepare_rule(id, PF_RULESET_FILTER, src, dst, d_port) == -1)
+               return (-1);
+
+       pfr.rule.direction = dir;
+       if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+               return (-1);
+
+       return (0);
+}
+
+int
+add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
+    u_int16_t d_port, struct sockaddr *nat, u_int16_t nat_range_low,
+    u_int16_t nat_range_high)
+{
+       if (!src || !dst || !d_port || !nat || !nat_range_low ||
+           (src->sa_family != nat->sa_family)) {
+               errno = EINVAL;
+               return (-1);
+       }
+
+       if (prepare_rule(id, PF_RULESET_NAT, src, dst, d_port) == -1)
+               return (-1);
+
+       if (nat->sa_family == AF_INET) {
+               memcpy(&pfp.addr.addr.v.a.addr.v4,
+                   &satosin(nat)->sin_addr.s_addr, 4);
+               memset(&pfp.addr.addr.v.a.mask.addr8, 255, 4);
+       } else {
+               memcpy(&pfp.addr.addr.v.a.addr.v6,
+                   &satosin6(nat)->sin6_addr.s6_addr, 16);
+               memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
+       }
+       if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
+               return (-1);
+
+       pfr.rule.rpool.proxy_port[0] = nat_range_low;
+       pfr.rule.rpool.proxy_port[1] = nat_range_high;
+       if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+               return (-1);
+
+       return (0);
+}
+
+int
+add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
+    u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port)
+{
+       if (!src || !dst || !d_port || !rdr || !rdr_port ||
+           (src->sa_family != rdr->sa_family)) {
+               errno = EINVAL;
+               return (-1);
+       }
+
+       if (prepare_rule(id, PF_RULESET_RDR, src, dst, d_port) == -1)
+               return (-1);
+
+       if (rdr->sa_family == AF_INET) {
+               memcpy(&pfp.addr.addr.v.a.addr.v4,
+                   &satosin(rdr)->sin_addr.s_addr, 4);
+               memset(&pfp.addr.addr.v.a.mask.addr8, 255, 4);
+       } else {
+               memcpy(&pfp.addr.addr.v.a.addr.v6,
+                   &satosin6(rdr)->sin6_addr.s6_addr, 16);
+               memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
+       }
+       if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
+               return (-1);
+
+       pfr.rule.rpool.proxy_port[0] = rdr_port;
+       if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+               return (-1);
+
+       return (0);
+}
+
+int
+do_commit(void)
+{
+       if (ioctl(dev, DIOCXCOMMIT, &pft) == -1)
+               return (-1);
+
+       return (0);
+}
+
+int
+do_rollback(void)
+{
+       if (ioctl(dev, DIOCXROLLBACK, &pft) == -1)
+               return (-1);
+       
+       return (0);
+}
+
+void
+init_filter(char *opt_qname, int opt_verbose)
+{
+       struct pf_status status;
+
+       qname = opt_qname;
+
+       if (opt_verbose == 1)
+               rule_log = PF_LOG;
+       else if (opt_verbose == 2)
+               rule_log = PF_LOG_ALL;
+
+       dev = open("/dev/pf", O_RDWR);  
+       if (dev == -1)
+               err(1, "/dev/pf");
+       if (ioctl(dev, DIOCGETSTATUS, &status) == -1)
+               err(1, "DIOCGETSTATUS");
+       if (!status.running)
+               errx(1, "pf is disabled");
+}
+
+int
+prepare_commit(u_int32_t id)
+{
+       char an[PF_ANCHOR_NAME_SIZE];
+       int i;
+
+       memset(&pft, 0, sizeof pft);
+       pft.size = TRANS_SIZE;
+       pft.esize = sizeof pfte[0];
+       pft.array = pfte;
+
+       snprintf(an, PF_ANCHOR_NAME_SIZE, "%s/%d.%d", FTP_PROXY_ANCHOR,
+           getpid(), id);
+       for (i = 0; i < TRANS_SIZE; i++) {
+               memset(&pfte[i], 0, sizeof pfte[0]);
+               strlcpy(pfte[i].anchor, an, PF_ANCHOR_NAME_SIZE);
+               switch (i) {
+               case TRANS_FILTER:
+                       pfte[i].rs_num = PF_RULESET_FILTER;
+                       break;
+               case TRANS_NAT:
+                       pfte[i].rs_num = PF_RULESET_NAT;
+                       break;
+               case TRANS_RDR:
+                       pfte[i].rs_num = PF_RULESET_RDR;
+                       break;
+               default:
+                       errno = EINVAL;
+                       return (-1);
+               }
+       }
+
+       if (ioctl(dev, DIOCXBEGIN, &pft) == -1)
+               return (-1);
+
+       return (0);
+}
+       
+int
+prepare_rule(u_int32_t id, int rs_num, struct sockaddr *src,
+    struct sockaddr *dst, u_int16_t d_port)
+{
+       char an[PF_ANCHOR_NAME_SIZE];
+
+       if ((src->sa_family != AF_INET && src->sa_family != AF_INET6) ||
+           (src->sa_family != dst->sa_family)) {
+               errno = EPROTONOSUPPORT;
+               return (-1);
+       }
+
+       memset(&pfp, 0, sizeof pfp);
+       memset(&pfr, 0, sizeof pfr);
+       snprintf(an, PF_ANCHOR_NAME_SIZE, "%s/%d.%d", FTP_PROXY_ANCHOR,
+           getpid(), id);
+       strlcpy(pfp.anchor, an, PF_ANCHOR_NAME_SIZE);
+       strlcpy(pfr.anchor, an, PF_ANCHOR_NAME_SIZE);
+
+       switch (rs_num) {
+       case PF_RULESET_FILTER:
+               pfr.ticket = pfte[TRANS_FILTER].ticket;
+               break;
+       case PF_RULESET_NAT:
+               pfr.ticket = pfte[TRANS_NAT].ticket;
+               break;
+       case PF_RULESET_RDR:
+               pfr.ticket = pfte[TRANS_RDR].ticket;
+               break;
+       default:
+               errno = EINVAL;
+               return (-1);
+       }
+       if (ioctl(dev, DIOCBEGINADDRS, &pfp) == -1)
+               return (-1);
+       pfr.pool_ticket = pfp.ticket;
+
+       /* Generic for all rule types. */
+       pfr.rule.af = src->sa_family;
+       pfr.rule.proto = IPPROTO_TCP;
+       pfr.rule.src.addr.type = PF_ADDR_ADDRMASK;
+       pfr.rule.dst.addr.type = PF_ADDR_ADDRMASK;
+       if (src->sa_family == AF_INET) {
+               memcpy(&pfr.rule.src.addr.v.a.addr.v4,
+                   &satosin(src)->sin_addr.s_addr, 4);
+               memset(&pfr.rule.src.addr.v.a.mask.addr8, 255, 4);
+               memcpy(&pfr.rule.dst.addr.v.a.addr.v4,
+                   &satosin(dst)->sin_addr.s_addr, 4);
+               memset(&pfr.rule.dst.addr.v.a.mask.addr8, 255, 4);
+       } else {
+               memcpy(&pfr.rule.src.addr.v.a.addr.v6,
+                   &satosin6(src)->sin6_addr.s6_addr, 16);
+               memset(&pfr.rule.src.addr.v.a.mask.addr8, 255, 16);
+               memcpy(&pfr.rule.dst.addr.v.a.addr.v6,
+                   &satosin6(dst)->sin6_addr.s6_addr, 16);
+               memset(&pfr.rule.dst.addr.v.a.mask.addr8, 255, 16);
+       }
+       pfr.rule.dst.port_op = PF_OP_EQ;
+       pfr.rule.dst.port[0] = htons(d_port);
+
+       switch (rs_num) {
+       case PF_RULESET_FILTER:
+               /*
+                * pass quick [log] inet[6] proto tcp \
+                *     from $src to $dst port = $d_port flags S/SA keep state
+                *     (max 1) [queue qname]
+                */
+               pfr.rule.action = PF_PASS;
+               pfr.rule.quick = 1;
+               pfr.rule.log = rule_log;
+               pfr.rule.keep_state = 1;
+               pfr.rule.flags = TH_SYN;
+               pfr.rule.flagset = (TH_SYN|TH_ACK);
+               pfr.rule.max_states = 1;
+               if (qname != NULL)
+                       strlcpy(pfr.rule.qname, qname, sizeof pfr.rule.qname);
+               break;
+       case PF_RULESET_NAT:
+               /*
+                * nat inet[6] proto tcp from $src to $dst port $d_port -> $nat
+                */
+               pfr.rule.action = PF_NAT;
+               break;
+       case PF_RULESET_RDR:
+               /*
+                * rdr inet[6] proto tcp from $src to $dst port $d_port -> $rdr
+                */
+               pfr.rule.action = PF_RDR;
+               break;
+       default:
+               errno = EINVAL;
+               return (-1);
+       }
+
+       return (0);
+}
+
+int
+server_lookup(struct sockaddr *client, struct sockaddr *proxy,
+    struct sockaddr *server)
+{
+       if (client->sa_family == AF_INET)
+               return (server_lookup4(satosin(client), satosin(proxy),
+                   satosin(server)));
+       
+       if (client->sa_family == AF_INET6)
+               return (server_lookup6(satosin6(client), satosin6(proxy),
+                   satosin6(server)));
+
+       errno = EPROTONOSUPPORT;
+       return (-1);
+}
+
+int
+server_lookup4(struct sockaddr_in *client, struct sockaddr_in *proxy,
+    struct sockaddr_in *server)
+{
+       struct pfioc_natlook pnl;
+
+       memset(&pnl, 0, sizeof pnl);
+       pnl.direction = PF_OUT;
+       pnl.af = AF_INET;
+       pnl.proto = IPPROTO_TCP;
+       memcpy(&pnl.saddr.v4, &client->sin_addr.s_addr, sizeof pnl.saddr.v4);
+       memcpy(&pnl.daddr.v4, &proxy->sin_addr.s_addr, sizeof pnl.daddr.v4);
+       pnl.sport = client->sin_port;
+       pnl.dport = proxy->sin_port;
+       
+       if (ioctl(dev, DIOCNATLOOK, &pnl) == -1)
+               return (-1);
+
+       memset(server, 0, sizeof(struct sockaddr_in));
+       server->sin_len = sizeof(struct sockaddr_in);
+       server->sin_family = AF_INET;
+       memcpy(&server->sin_addr.s_addr, &pnl.rdaddr.v4,
+           sizeof server->sin_addr.s_addr);
+       server->sin_port = pnl.rdport;
+               
+       return (0);
+}
+
+int
+server_lookup6(struct sockaddr_in6 *client, struct sockaddr_in6 *proxy,
+    struct sockaddr_in6 *server)
+{
+       struct pfioc_natlook pnl;
+
+       memset(&pnl, 0, sizeof pnl);
+       pnl.direction = PF_OUT;
+       pnl.af = AF_INET6;
+       pnl.proto = IPPROTO_TCP;
+       memcpy(&pnl.saddr.v6, &client->sin6_addr.s6_addr, sizeof pnl.saddr.v6);
+       memcpy(&pnl.daddr.v6, &proxy->sin6_addr.s6_addr, sizeof pnl.daddr.v6);
+       pnl.sport = client->sin6_port;
+       pnl.dport = proxy->sin6_port;
+       
+       if (ioctl(dev, DIOCNATLOOK, &pnl) == -1)
+               return (-1);
+
+       memset(server, 0, sizeof(struct sockaddr_in6));
+       server->sin6_len = sizeof(struct sockaddr_in6);
+       server->sin6_family = AF_INET6;
+       memcpy(&server->sin6_addr.s6_addr, &pnl.rdaddr.v6,
+           sizeof server->sin6_addr);
+       server->sin6_port = pnl.rdport;
+
+       return (0);
+}
diff --git a/usr.sbin/ftp-proxy/filter.h b/usr.sbin/ftp-proxy/filter.h
new file mode 100644 (file)
index 0000000..6779c59
--- /dev/null
@@ -0,0 +1,31 @@
+/*     $OpenBSD: filter.h,v 1.3 2005/06/07 14:12:07 camield Exp $ */
+
+/*
+ * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#define        FTP_PROXY_ANCHOR "ftp-proxy"
+
+int add_filter(u_int32_t, u_int8_t, struct sockaddr *, struct sockaddr *,
+    u_int16_t);
+int add_nat(u_int32_t, struct sockaddr *, struct sockaddr *, u_int16_t,
+    struct sockaddr *, u_int16_t, u_int16_t);
+int add_rdr(u_int32_t, struct sockaddr *, struct sockaddr *, u_int16_t,
+    struct sockaddr *, u_int16_t);
+int do_commit(void);
+int do_rollback(void);
+void init_filter(char *, int);
+int prepare_commit(u_int32_t);
+int server_lookup(struct sockaddr *, struct sockaddr *, struct sockaddr *);
diff --git a/usr.sbin/ftp-proxy/ftp-proxy.8 b/usr.sbin/ftp-proxy/ftp-proxy.8
new file mode 100644 (file)
index 0000000..44e6e59
--- /dev/null
@@ -0,0 +1,183 @@
+.\"    $OpenBSD: ftp-proxy.8,v 1.7 2006/12/30 13:01:54 camield Exp $
+.\"
+.\" Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd November 28, 2004
+.Dt FTP-PROXY 8
+.Os
+.Sh NAME
+.Nm ftp-proxy
+.Nd Internet File Transfer Protocol proxy daemon
+.Sh SYNOPSIS
+.Nm ftp-proxy
+.Op Fl 6Adrv
+.Op Fl a Ar address
+.Op Fl b Ar address
+.Op Fl D Ar level
+.Op Fl m Ar maxsessions
+.Op Fl P Ar port
+.Op Fl p Ar port
+.Op Fl q Ar queue
+.Op Fl R Ar address
+.Op Fl t Ar timeout
+.Sh DESCRIPTION
+.Nm
+is a proxy for the Internet File Transfer Protocol.
+FTP control connections should be redirected into the proxy using the
+.Xr pf 4
+.Ar rdr
+command, after which the proxy connects to the server on behalf of
+the client.
+.Pp
+The proxy allows data connections to pass, rewriting and redirecting
+them so that the right addresses are used.
+All connections from the client to the server have their source
+address rewritten so they appear to come from the proxy.
+Consequently, all connections from the server to the proxy have
+their destination address rewritten, so they are redirected to the
+client.
+The proxy uses the
+.Xr pf 4
+.Ar anchor
+facility for this.
+.Pp
+Assuming the FTP control connection is from $client to $server, the
+proxy connected to the server using the $proxy source address, and
+$port is negotiated, then
+.Nm ftp-proxy
+adds the following rules to the various anchors.
+(These example rules use inet, but the proxy also supports inet6.)
+.Pp
+In case of active mode (PORT or EPRT):
+.Bd -literal -offset 2n
+rdr from $server to $proxy port $port -> $client
+pass quick inet proto tcp \e
+    from $server to $client port $port
+.Ed
+.Pp
+In case of passive mode (PASV or EPSV):
+.Bd -literal -offset 2n
+nat from $client to $server port $port -> $proxy
+pass in quick inet proto tcp \e
+    from $client to $server port $port
+pass out quick inet proto tcp \e
+    from $proxy to $server port $port
+.Ed
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl 6
+IPv6 mode.
+The proxy will expect and use IPv6 addresses for all communication.
+Only the extended FTP modes EPSV and EPRT are allowed with IPv6.
+The proxy is in IPv4 mode by default.
+.It Fl A
+Only permit anonymous FTP connections.
+Either user "ftp" or user "anonymous" is allowed.
+.It Fl a Ar address
+The proxy will use this as the source address for the control
+connection to a server.
+.It Fl b Ar address
+Address where the proxy will listen for redirected control connections.
+The default is 127.0.0.1, or ::1 in IPv6 mode.
+.It Fl D Ar level
+Debug level, ranging from 0 to 7.
+Higher is more verbose.
+The default is 5.
+(These levels correspond to the
+.Xr syslog 3
+levels.)
+.It Fl d
+Do not daemonize.
+The process will stay in the foreground, logging to standard error.
+.It Fl m Ar maxsessions
+Maximum number of concurrent FTP sessions.
+When the proxy reaches this limit, new connections are denied.
+The default is 100 sessions.
+The limit can be lowered to a minimum of 1, or raised to a maximum of 500.
+.It Fl P Ar port
+Fixed server port.
+Only used in combination with
+.Fl R .
+The default is port 21.
+.It Fl p Ar port
+Port where the proxy will listen for redirected connections.
+The default is port 8021.
+.It Fl q Ar queue
+Create rules with queue
+.Ar queue
+appended, so that data connections can be queued.
+.It Fl R Ar address
+Fixed server address, also known as reverse mode.
+The proxy will always connect to the same server, regardless of
+where the client wanted to connect to (before it was redirected).
+Use this option to proxy for a server behind NAT, or to forward all
+connections to another proxy.
+.It Fl r
+Rewrite sourceport to 20 in active mode to suit ancient clients that insist
+on this RFC property.
+.It Fl t Ar timeout
+Number of seconds that the control connection can be idle, before the
+proxy will disconnect.
+The maximum is 86400 seconds, which is also the default.
+Do not set this too low, because the control connection is usually
+idle when large data transfers are taking place.
+.It Fl v
+Set the 'log' flag on pf rules committed by
+.Nm .
+Use twice to set the 'log-all' flag.
+The pf rules do not log by default.
+.El
+.Sh CONFIGURATION
+To make use of the proxy,
+.Xr pf.conf 5
+needs the following rules.
+All anchors are mandatory.
+Adjust the rules as needed.
+.Pp
+In the NAT section:
+.Bd -literal -offset 2n
+nat-anchor "ftp-proxy/*"
+rdr-anchor "ftp-proxy/*"
+rdr pass on $int_if proto tcp from $lan to any port 21 -> \e
+    127.0.0.1 port 8021
+.Ed
+.Pp
+In the rule section:
+.Bd -literal -offset 2n
+anchor "ftp-proxy/*"
+pass out proto tcp from $proxy to any port 21
+.Ed
+.Sh SEE ALSO
+.Xr ftp 1 ,
+.Xr pf 4 ,
+.Xr pf.conf 5
+.Sh CAVEATS
+.Xr pf 4
+does not allow the ruleset to be modified if the system is running at a
+.Xr securelevel 7
+higher than 1.
+At that level
+.Nm ftp-proxy
+cannot add rules to the anchors and FTP data connections may get blocked.
+.Pp
+Negotiated data connection ports below 1024 are not allowed.
+.Pp
+The negotiated IP address for active modes is ignored for security
+reasons.
+This makes third party file transfers impossible.
+.Pp
+.Nm ftp-proxy
+chroots to "/var/empty" and changes to user "proxy" to drop privileges.
diff --git a/usr.sbin/ftp-proxy/ftp-proxy.c b/usr.sbin/ftp-proxy/ftp-proxy.c
new file mode 100644 (file)
index 0000000..ab1bde7
--- /dev/null
@@ -0,0 +1,1092 @@
+/*     $OpenBSD: ftp-proxy.c,v 1.13 2006/12/30 13:24:00 camield Exp $ */
+
+/*
+ * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/queue.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <sys/socket.h>
+
+#include <net/if.h>
+#include <net/pf/pfvar.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <err.h>
+#include <errno.h>
+#include <event.h>
+#include <fcntl.h>
+#include <netdb.h>
+#include <pwd.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <vis.h>
+
+#include "filter.h"
+
+#define CONNECT_TIMEOUT        30
+#define MIN_PORT       1024
+#define MAX_LINE       500
+#define MAX_LOGLINE    300
+#define NTOP_BUFS      3
+#define TCP_BACKLOG    10
+
+#define CHROOT_DIR     "/var/empty"
+#define NOPRIV_USER    "proxy"
+
+/* pfctl standard NAT range. */
+#define PF_NAT_PROXY_PORT_LOW  50001
+#define PF_NAT_PROXY_PORT_HIGH 65535
+
+#define        sstosa(ss)      ((struct sockaddr *)(ss))
+
+enum { CMD_NONE = 0, CMD_PORT, CMD_EPRT, CMD_PASV, CMD_EPSV };
+
+struct session {
+       u_int32_t                id;
+       struct sockaddr_storage  client_ss;
+       struct sockaddr_storage  proxy_ss;
+       struct sockaddr_storage  server_ss;
+       struct sockaddr_storage  orig_server_ss;
+       struct bufferevent      *client_bufev;
+       struct bufferevent      *server_bufev;
+       int                      client_fd;
+       int                      server_fd;
+       char                     cbuf[MAX_LINE];
+       size_t                   cbuf_valid;
+       char                     sbuf[MAX_LINE];
+       size_t                   sbuf_valid;
+       int                      cmd;
+       u_int16_t                port;
+       u_int16_t                proxy_port;
+       LIST_ENTRY(session)      entry;
+};
+
+LIST_HEAD(, session) sessions = LIST_HEAD_INITIALIZER(sessions);
+
+void   client_error(struct bufferevent *, short, void *);
+int    client_parse(struct session *s);
+int    client_parse_anon(struct session *s);
+int    client_parse_cmd(struct session *s);
+void   client_read(struct bufferevent *, void *);
+int    drop_privs(void);
+void   end_session(struct session *);
+int    exit_daemon(void);
+int    getline(char *, size_t *);
+void   handle_connection(const int, short, void *);
+void   handle_signal(int, short, void *);
+struct session * init_session(void);
+void   logmsg(int, const char *, ...);
+u_int16_t parse_port(int);
+u_int16_t pick_proxy_port(void);
+void   proxy_reply(int, struct sockaddr *, u_int16_t);
+void   server_error(struct bufferevent *, short, void *);
+int    server_parse(struct session *s);
+void   server_read(struct bufferevent *, void *);
+const char *sock_ntop(struct sockaddr *);
+void   usage(void);
+
+char linebuf[MAX_LINE + 1];
+size_t linelen;
+
+char ntop_buf[NTOP_BUFS][INET6_ADDRSTRLEN];
+
+struct sockaddr_storage fixed_server_ss, fixed_proxy_ss;
+char *fixed_server, *fixed_server_port, *fixed_proxy, *listen_ip, *listen_port,
+    *qname;
+int anonymous_only, daemonize, id_count, ipv6_mode, loglevel, max_sessions,
+    rfc_mode, session_count, timeout, verbose;
+extern char *__progname;
+
+void
+client_error(struct bufferevent *bufev, short what, void *arg)
+{
+       struct session *s = arg;
+
+       if (what & EVBUFFER_EOF)
+               logmsg(LOG_INFO, "#%d client close", s->id);
+       else if (what == (EVBUFFER_ERROR | EVBUFFER_READ))
+               logmsg(LOG_ERR, "#%d client reset connection", s->id);
+       else if (what & EVBUFFER_TIMEOUT)
+               logmsg(LOG_ERR, "#%d client timeout", s->id);
+       else if (what & EVBUFFER_WRITE)
+               logmsg(LOG_ERR, "#%d client write error: %d", s->id, what);
+       else
+               logmsg(LOG_ERR, "#%d abnormal client error: %d", s->id, what);
+
+       end_session(s);
+}
+
+int
+client_parse(struct session *s)
+{
+       /* Reset any previous command. */
+       s->cmd = CMD_NONE;
+       s->port = 0;
+
+       /* Commands we are looking for are at least 4 chars long. */
+       if (linelen < 4)
+               return (1);
+
+       if (linebuf[0] == 'P' || linebuf[0] == 'p' ||
+           linebuf[0] == 'E' || linebuf[0] == 'e')
+               return (client_parse_cmd(s));
+       
+       if (anonymous_only && (linebuf[0] == 'U' || linebuf[0] == 'u'))
+               return (client_parse_anon(s));
+
+       return (1);
+}
+
+int
+client_parse_anon(struct session *s)
+{
+       if (strcasecmp("USER ftp\r\n", linebuf) != 0 &&
+           strcasecmp("USER anonymous\r\n", linebuf) != 0) {
+               snprintf(linebuf, sizeof linebuf,
+                   "500 Only anonymous FTP allowed\r\n");
+               logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);
+
+               /* Talk back to the client ourself. */
+               linelen = strlen(linebuf);
+               bufferevent_write(s->client_bufev, linebuf, linelen);
+
+               /* Clear buffer so it's not sent to the server. */
+               linebuf[0] = '\0';
+               linelen = 0;
+       }
+
+       return (1);
+}
+
+int
+client_parse_cmd(struct session *s)
+{
+       if (strncasecmp("PASV", linebuf, 4) == 0)
+               s->cmd = CMD_PASV;
+       else if (strncasecmp("PORT ", linebuf, 5) == 0)
+               s->cmd = CMD_PORT;
+       else if (strncasecmp("EPSV", linebuf, 4) == 0)
+               s->cmd = CMD_EPSV;
+       else if (strncasecmp("EPRT ", linebuf, 5) == 0)
+               s->cmd = CMD_EPRT;
+       else
+               return (1);
+
+       if (ipv6_mode && (s->cmd == CMD_PASV || s->cmd == CMD_PORT)) {
+               logmsg(LOG_CRIT, "PASV and PORT not allowed with IPv6");
+               return (0);
+       }
+
+       if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT) {
+               s->port = parse_port(s->cmd);
+               if (s->port < MIN_PORT) {
+                       logmsg(LOG_CRIT, "#%d bad port in '%s'", s->id,
+                           linebuf);
+                       return (0);
+               }
+               s->proxy_port = pick_proxy_port();
+               proxy_reply(s->cmd, sstosa(&s->proxy_ss), s->proxy_port);
+               logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);
+       }
+
+       return (1);
+}
+
+void
+client_read(struct bufferevent *bufev, void *arg)
+{
+       struct session  *s = arg;
+       size_t           buf_avail, read;
+       int              n;
+
+       do {
+               buf_avail = sizeof s->cbuf - s->cbuf_valid;
+               read = bufferevent_read(bufev, s->cbuf + s->cbuf_valid,
+                   buf_avail);
+               s->cbuf_valid += read;
+
+               while ((n = getline(s->cbuf, &s->cbuf_valid)) > 0) {
+                       logmsg(LOG_DEBUG, "#%d client: %s", s->id, linebuf);
+                       if (!client_parse(s)) {
+                               end_session(s);
+                               return;
+                       }
+                       bufferevent_write(s->server_bufev, linebuf, linelen);
+               }
+
+               if (n == -1) {
+                       logmsg(LOG_ERR, "#%d client command too long or not"
+                           " clean", s->id);
+                       end_session(s);
+                       return;
+               }
+       } while (read == buf_avail);
+}
+
+int
+drop_privs(void)
+{
+       struct passwd *pw;
+
+       pw = getpwnam(NOPRIV_USER);
+       if (pw == NULL)
+               return (0);
+
+       tzset();
+       if (chroot(CHROOT_DIR) != 0 || chdir("/") != 0 ||
+           setgroups(1, &pw->pw_gid) != 0 ||
+           setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0 ||
+           setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0)
+               return (0);
+
+       return (1);
+}
+
+void
+end_session(struct session *s)
+{
+       int err;
+
+       logmsg(LOG_INFO, "#%d ending session", s->id);
+
+       if (s->client_fd != -1)
+               close(s->client_fd);
+       if (s->server_fd != -1)
+               close(s->server_fd);
+
+       if (s->client_bufev)
+               bufferevent_free(s->client_bufev);
+       if (s->server_bufev)
+               bufferevent_free(s->server_bufev);
+
+       /* Remove rulesets by commiting empty ones. */
+       err = 0;
+       if (prepare_commit(s->id) == -1)
+               err = errno;
+       else if (do_commit() == -1) {
+               err = errno;
+               do_rollback();
+       }
+       if (err)
+               logmsg(LOG_ERR, "#%d pf rule removal failed: %s", s->id,
+                   strerror(err));
+
+       LIST_REMOVE(s, entry);
+       free(s);
+       session_count--;
+}
+
+int
+exit_daemon(void)
+{
+       struct session *s, *tmp;
+
+       LIST_FOREACH_MUTABLE(s, &sessions, entry, tmp) {
+               end_session(s);
+       }
+
+       if (daemonize)
+               closelog();
+
+       exit(0);
+
+       /* NOTREACHED */
+       return (-1);
+}
+
+int
+getline(char *buf, size_t *valid)
+{
+       size_t i;
+
+       if (*valid > MAX_LINE)
+               return (-1);
+
+       /* Copy to linebuf while searching for a newline. */
+       for (i = 0; i < *valid; i++) {
+               linebuf[i] = buf[i];
+               if (buf[i] == '\0')
+                       return (-1);
+               if (buf[i] == '\n')
+                       break;
+       }
+
+       if (i == *valid) {
+               /* No newline found. */
+               linebuf[0] = '\0';
+               linelen = 0;
+               if (i < MAX_LINE)
+                       return (0);
+               return (-1);
+       }
+
+       linelen = i + 1;
+       linebuf[linelen] = '\0';
+       *valid -= linelen;
+       
+       /* Move leftovers to the start. */
+       if (*valid != 0)
+               bcopy(buf + linelen, buf, *valid);
+
+       return ((int)linelen);
+}
+
+void
+handle_connection(const int listen_fd, short event, void *ev)
+{
+       struct sockaddr_storage tmp_ss;
+       struct sockaddr *client_sa, *server_sa, *fixed_server_sa;
+       struct sockaddr *client_to_proxy_sa, *proxy_to_server_sa;
+       struct session *s;
+       socklen_t len;
+       int client_fd, fc, on;
+
+       /*
+        * We _must_ accept the connection, otherwise libevent will keep
+        * coming back, and we will chew up all CPU.
+        */
+       client_sa = sstosa(&tmp_ss);
+       len = sizeof(struct sockaddr_storage);
+       if ((client_fd = accept(listen_fd, client_sa, &len)) < 0) {
+               logmsg(LOG_CRIT, "accept failed: %s", strerror(errno));
+               return;
+       }
+
+       /* Refuse connection if the maximum is reached. */
+       if (session_count >= max_sessions) {
+               logmsg(LOG_ERR, "client limit (%d) reached, refusing "
+                   "connection from %s", max_sessions, sock_ntop(client_sa));
+               close(client_fd);
+               return;
+       }
+
+       /* Allocate session and copy back the info from the accept(). */
+       s = init_session();
+       if (s == NULL) {
+               logmsg(LOG_CRIT, "init_session failed");
+               close(client_fd);
+               return;
+       }
+       s->client_fd = client_fd;
+       memcpy(sstosa(&s->client_ss), client_sa, client_sa->sa_len);
+
+       /* Cast it once, and be done with it. */
+       client_sa = sstosa(&s->client_ss);
+       server_sa = sstosa(&s->server_ss);
+       client_to_proxy_sa = sstosa(&tmp_ss);
+       proxy_to_server_sa = sstosa(&s->proxy_ss);
+       fixed_server_sa = sstosa(&fixed_server_ss);
+
+       /* Log id/client early to ease debugging. */
+       logmsg(LOG_DEBUG, "#%d accepted connection from %s", s->id,
+           sock_ntop(client_sa));
+
+       /*
+        * Find out the real server and port that the client wanted.
+        */
+       len = sizeof(struct sockaddr_storage);
+       if ((getsockname(s->client_fd, client_to_proxy_sa, &len)) < 0) {
+               logmsg(LOG_CRIT, "#%d getsockname failed: %s", s->id,
+                   strerror(errno));
+               goto fail;
+       }
+       if (server_lookup(client_sa, client_to_proxy_sa, server_sa) != 0) {
+               logmsg(LOG_CRIT, "#%d server lookup failed (no rdr?)", s->id);
+               goto fail;
+       }
+       if (fixed_server) {
+               memcpy(sstosa(&s->orig_server_ss), server_sa,
+                   server_sa->sa_len);
+               memcpy(server_sa, fixed_server_sa, fixed_server_sa->sa_len);
+       }
+
+       /* XXX: check we are not connecting to ourself. */
+
+       /*
+        * Setup socket and connect to server.
+        */
+       if ((s->server_fd = socket(server_sa->sa_family, SOCK_STREAM,
+           IPPROTO_TCP)) < 0) {
+               logmsg(LOG_CRIT, "#%d server socket failed: %s", s->id,
+                   strerror(errno));
+               goto fail;
+       }
+       if (fixed_proxy && bind(s->server_fd, sstosa(&fixed_proxy_ss),
+           fixed_proxy_ss.ss_len) != 0) {
+               logmsg(LOG_CRIT, "#%d cannot bind fixed proxy address: %s",
+                   s->id, strerror(errno));
+               goto fail;
+       }
+
+       /* Use non-blocking connect(), see CONNECT_TIMEOUT below. */
+       if ((fc = fcntl(s->server_fd, F_GETFL)) == -1 ||
+           fcntl(s->server_fd, F_SETFL, fc | O_NONBLOCK) == -1) {
+               logmsg(LOG_CRIT, "#%d cannot mark socket non-blocking: %s",
+                   s->id, strerror(errno));
+               goto fail;
+       }
+       if (connect(s->server_fd, server_sa, server_sa->sa_len) < 0 &&
+           errno != EINPROGRESS) {
+               logmsg(LOG_CRIT, "#%d proxy cannot connect to server %s: %s",
+                   s->id, sock_ntop(server_sa), strerror(errno));
+               goto fail;
+       }
+
+       len = sizeof(struct sockaddr_storage);
+       if ((getsockname(s->server_fd, proxy_to_server_sa, &len)) < 0) {
+               logmsg(LOG_CRIT, "#%d getsockname failed: %s", s->id,
+                   strerror(errno));
+               goto fail;
+       }
+
+       logmsg(LOG_INFO, "#%d FTP session %d/%d started: client %s to server "
+           "%s via proxy %s ", s->id, session_count, max_sessions,
+           sock_ntop(client_sa), sock_ntop(server_sa),
+           sock_ntop(proxy_to_server_sa));
+
+       /* Keepalive is nice, but don't care if it fails. */
+       on = 1;
+       setsockopt(s->client_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+           sizeof on);
+       setsockopt(s->server_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+           sizeof on);
+
+       /*
+        * Setup buffered events.
+        */
+       s->client_bufev = bufferevent_new(s->client_fd, &client_read, NULL,
+           &client_error, s);
+       if (s->client_bufev == NULL) {
+               logmsg(LOG_CRIT, "#%d bufferevent_new client failed", s->id);
+               goto fail;
+       }
+       bufferevent_settimeout(s->client_bufev, timeout, 0);
+       bufferevent_enable(s->client_bufev, EV_READ | EV_TIMEOUT);
+
+       s->server_bufev = bufferevent_new(s->server_fd, &server_read, NULL,
+           &server_error, s);
+       if (s->server_bufev == NULL) {
+               logmsg(LOG_CRIT, "#%d bufferevent_new server failed", s->id);
+               goto fail;
+       }
+       bufferevent_settimeout(s->server_bufev, CONNECT_TIMEOUT, 0);
+       bufferevent_enable(s->server_bufev, EV_READ | EV_TIMEOUT);
+
+       return;
+
+ fail:
+       end_session(s);
+}
+
+void
+handle_signal(int sig, short event, void *arg)
+{
+       /*
+        * Signal handler rules don't apply, libevent decouples for us.
+        */
+
+       logmsg(LOG_ERR, "%s exiting on signal %d", __progname, sig);
+
+       exit_daemon();
+}
+       
+
+struct session *
+init_session(void)
+{
+       struct session *s;
+
+       s = calloc(1, sizeof(struct session));
+       if (s == NULL)
+               return (NULL);
+
+       s->id = id_count++;
+       s->client_fd = -1;
+       s->server_fd = -1;
+       s->cbuf[0] = '\0';
+       s->cbuf_valid = 0;
+       s->sbuf[0] = '\0';
+       s->sbuf_valid = 0;
+       s->client_bufev = NULL;
+       s->server_bufev = NULL;
+       s->cmd = CMD_NONE;
+       s->port = 0;
+
+       LIST_INSERT_HEAD(&sessions, s, entry);
+       session_count++;
+
+       return (s);
+}
+
+void
+logmsg(int pri, const char *message, ...)
+{
+       va_list ap;
+
+       if (pri > loglevel)
+               return;
+
+       va_start(ap, message);
+
+       if (daemonize)
+               /* syslog does its own vissing. */
+               vsyslog(pri, message, ap);
+       else {
+               char buf[MAX_LOGLINE];
+               char visbuf[2 * MAX_LOGLINE];
+
+               /* We don't care about truncation. */
+               vsnprintf(buf, sizeof buf, message, ap);
+               strnvis(visbuf, buf, sizeof visbuf, VIS_CSTYLE | VIS_NL);
+               fprintf(stderr, "%s\n", visbuf);
+       }
+
+       va_end(ap);
+}
+
+int
+main(int argc, char *argv[])
+{
+       struct rlimit rlp;
+       struct addrinfo hints, *res;
+       struct event ev, ev_sighup, ev_sigint, ev_sigterm;
+       int ch, error, listenfd, on;
+       const char *errstr;
+
+       /* Defaults. */
+       anonymous_only  = 0;
+       daemonize       = 1;
+       fixed_proxy     = NULL;
+       fixed_server    = NULL;
+       fixed_server_port = "21";
+       ipv6_mode       = 0;
+       listen_ip       = NULL;
+       listen_port     = "8021";
+       loglevel        = LOG_NOTICE;
+       max_sessions    = 100;
+       qname           = NULL;
+       rfc_mode        = 0;
+       timeout         = 24 * 3600;
+       verbose         = 0;
+
+       /* Other initialization. */
+       id_count        = 1;
+       session_count   = 0;
+
+       while ((ch = getopt(argc, argv, "6Aa:b:D:dm:P:p:q:R:rt:v")) != -1) {
+               switch (ch) {
+               case '6':
+                       ipv6_mode = 1;
+                       break;
+               case 'A':
+                       anonymous_only = 1;
+                       break;
+               case 'a':
+                       fixed_proxy = optarg;
+                       break;
+               case 'b':
+                       listen_ip = optarg;
+                       break;
+               case 'D':
+                       loglevel = strtonum(optarg, LOG_EMERG, LOG_DEBUG,
+                           &errstr);
+                       if (errstr)
+                               errx(1, "loglevel %s", errstr);
+                       break;
+               case 'd':
+                       daemonize = 0;
+                       break;
+               case 'm':
+                       max_sessions = strtonum(optarg, 1, 500, &errstr);
+                       if (errstr)
+                               errx(1, "max sessions %s", errstr);
+                       break;
+               case 'P':
+                       fixed_server_port = optarg;
+                       break;
+               case 'p':
+                       listen_port = optarg;
+                       break;
+               case 'q':
+                       if (strlen(optarg) >= PF_QNAME_SIZE)
+                               errx(1, "queuename too long");
+                       qname = optarg;
+                       break;
+               case 'R':
+                       fixed_server = optarg;
+                       break;
+               case 'r':
+                       rfc_mode = 1;
+                       break;
+               case 't':
+                       timeout = strtonum(optarg, 0, 86400, &errstr);
+                       if (errstr)
+                               errx(1, "timeout %s", errstr);
+                       break;
+               case 'v':
+                       verbose++;
+                       if (verbose > 2)
+                               usage();
+                       break;
+               default:
+                       usage();
+               }
+       }
+
+       if (listen_ip == NULL)
+               listen_ip = ipv6_mode ? "::1" : "127.0.0.1";
+
+       /* Check for root to save the user from cryptic failure messages. */
+       if (getuid() != 0)
+               errx(1, "needs to start as root");
+
+       /* Raise max. open files limit to satisfy max. sessions. */
+       rlp.rlim_cur = rlp.rlim_max = (2 * max_sessions) + 10;
+       if (setrlimit(RLIMIT_NOFILE, &rlp) == -1)
+               err(1, "setrlimit");
+
+       if (fixed_proxy) {
+               memset(&hints, 0, sizeof hints);
+               hints.ai_flags = AI_NUMERICHOST;
+               hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET;
+               hints.ai_socktype = SOCK_STREAM;
+               error = getaddrinfo(fixed_proxy, NULL, &hints, &res);
+               if (error)
+                       errx(1, "getaddrinfo fixed proxy address failed: %s",
+                           gai_strerror(error));
+               memcpy(&fixed_proxy_ss, res->ai_addr, res->ai_addrlen);
+               logmsg(LOG_INFO, "using %s to connect to servers",
+                   sock_ntop(sstosa(&fixed_proxy_ss)));
+               freeaddrinfo(res);
+       }
+
+       if (fixed_server) {
+               memset(&hints, 0, sizeof hints);
+               hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET;
+               hints.ai_socktype = SOCK_STREAM;
+               error = getaddrinfo(fixed_server, fixed_server_port, &hints,
+                   &res);
+               if (error)
+                       errx(1, "getaddrinfo fixed server address failed: %s",
+                           gai_strerror(error));
+               memcpy(&fixed_server_ss, res->ai_addr, res->ai_addrlen);
+               logmsg(LOG_INFO, "using fixed server %s",
+                   sock_ntop(sstosa(&fixed_server_ss)));
+               freeaddrinfo(res);
+       }
+
+       /* Setup listener. */
+       memset(&hints, 0, sizeof hints);
+       hints.ai_flags = AI_NUMERICHOST | AI_PASSIVE;
+       hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET;
+       hints.ai_socktype = SOCK_STREAM;
+       error = getaddrinfo(listen_ip, listen_port, &hints, &res);
+       if (error)
+               errx(1, "getaddrinfo listen address failed: %s",
+                   gai_strerror(error));
+       if ((listenfd = socket(res->ai_family, SOCK_STREAM, IPPROTO_TCP)) == -1)
+               errx(1, "socket failed");
+       on = 1;
+       if (setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
+           sizeof on) != 0)
+               err(1, "setsockopt failed");
+       if (bind(listenfd, (struct sockaddr *)res->ai_addr,
+           (socklen_t)res->ai_addrlen) != 0)
+               err(1, "bind failed");
+       if (listen(listenfd, TCP_BACKLOG) != 0)
+               err(1, "listen failed");
+       freeaddrinfo(res);
+
+       /* Initialize pf. */
+       init_filter(qname, verbose);
+
+       if (daemonize) {
+               if (daemon(0, 0) == -1)
+                       err(1, "cannot daemonize");
+               openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+       }
+
+       /* Use logmsg for output from here on. */
+
+       if (!drop_privs()) {
+               logmsg(LOG_ERR, "cannot drop privileges: %s", strerror(errno));
+               exit(1);
+       }
+       
+       event_init();
+
+       /* Setup signal handler. */
+       signal(SIGPIPE, SIG_IGN);
+       signal_set(&ev_sighup, SIGHUP, handle_signal, NULL);
+       signal_set(&ev_sigint, SIGINT, handle_signal, NULL);
+       signal_set(&ev_sigterm, SIGTERM, handle_signal, NULL);
+       signal_add(&ev_sighup, NULL);
+       signal_add(&ev_sigint, NULL);
+       signal_add(&ev_sigterm, NULL);
+
+       event_set(&ev, listenfd, EV_READ | EV_PERSIST, handle_connection, &ev);
+       event_add(&ev, NULL);
+
+       logmsg(LOG_NOTICE, "listening on %s port %s", listen_ip, listen_port);
+
+       /*  Vroom, vroom.  */
+       event_dispatch();
+
+       logmsg(LOG_ERR, "event_dispatch error: %s", strerror(errno));
+       exit_daemon();
+
+       /* NOTREACHED */
+       return (1);
+}
+
+u_int16_t
+parse_port(int mode)
+{
+       unsigned int     port, v[6];
+       int              n;
+       char            *p;
+
+       /* Find the last space or left-parenthesis. */
+       for (p = linebuf + linelen; p > linebuf; p--)
+               if (*p == ' ' || *p == '(')
+                       break;
+       if (p == linebuf)
+               return (0);
+
+       switch (mode) {
+       case CMD_PORT:
+               n = sscanf(p, " %u,%u,%u,%u,%u,%u", &v[0], &v[1], &v[2],
+                   &v[3], &v[4], &v[5]);
+               if (n == 6 && v[0] < 256 && v[1] < 256 && v[2] < 256 &&
+                   v[3] < 256 && v[4] < 256 && v[5] < 256)
+                       return ((v[4] << 8) | v[5]);
+               break;
+       case CMD_PASV:
+               n = sscanf(p, "(%u,%u,%u,%u,%u,%u)", &v[0], &v[1], &v[2],
+                   &v[3], &v[4], &v[5]);
+               if (n == 6 && v[0] < 256 && v[1] < 256 && v[2] < 256 &&
+                   v[3] < 256 && v[4] < 256 && v[5] < 256)
+                       return ((v[4] << 8) | v[5]);
+               break;
+       case CMD_EPSV:
+               n = sscanf(p, "(|||%u|)", &port);
+               if (n == 1 && port < 65536)
+                       return (port);
+               break;
+       case CMD_EPRT:
+               n = sscanf(p, " |1|%u.%u.%u.%u|%u|", &v[0], &v[1], &v[2],
+                   &v[3], &port);
+               if (n == 5 && v[0] < 256 && v[1] < 256 && v[2] < 256 &&
+                   v[3] < 256 && port < 65536)
+                       return (port);
+               n = sscanf(p, " |2|%*[a-fA-F0-9:]|%u|", &port);
+               if (n == 1 && port < 65536)
+                       return (port);
+               break;
+       default:
+               return (0);
+       }
+
+       return (0);
+}
+
+u_int16_t
+pick_proxy_port(void)
+{
+       /* Random should be good enough for avoiding port collisions. */
+       return (IPPORT_HIFIRSTAUTO + (arc4random() %
+           (IPPORT_HILASTAUTO - IPPORT_HIFIRSTAUTO)));
+}
+
+void
+proxy_reply(int cmd, struct sockaddr *sa, u_int16_t port)
+{
+       int i, r;
+
+       switch (cmd) {
+       case CMD_PORT:
+               r = snprintf(linebuf, sizeof linebuf,
+                   "PORT %s,%u,%u\r\n", sock_ntop(sa), port / 256,
+                   port % 256);
+               break;
+       case CMD_PASV:
+               r = snprintf(linebuf, sizeof linebuf,
+                   "227 Entering Passive Mode (%s,%u,%u)\r\n", sock_ntop(sa),
+                       port / 256, port % 256);
+               break;
+       case CMD_EPRT:
+               if (sa->sa_family == AF_INET)
+                       r = snprintf(linebuf, sizeof linebuf,
+                           "EPRT |1|%s|%u|\r\n", sock_ntop(sa), port);
+               else if (sa->sa_family == AF_INET6)
+                       r = snprintf(linebuf, sizeof linebuf,
+                           "EPRT |2|%s|%u|\r\n", sock_ntop(sa), port);
+               break;
+       case CMD_EPSV:
+               r = snprintf(linebuf, sizeof linebuf,
+                   "229 Entering Extended Passive Mode (|||%u|)\r\n", port);
+               break;
+       }
+
+       if (r < 0 || r >= sizeof linebuf) {
+               logmsg(LOG_ERR, "proxy_reply failed: %d", r);
+               linebuf[0] = '\0';
+               linelen = 0;
+               return;
+       }
+       linelen = (size_t)r;
+
+       if (cmd == CMD_PORT || cmd == CMD_PASV) {
+               /* Replace dots in IP address with commas. */
+               for (i = 0; i < linelen; i++)
+                       if (linebuf[i] == '.')
+                               linebuf[i] = ',';
+       }
+}
+
+void
+server_error(struct bufferevent *bufev, short what, void *arg)
+{
+       struct session *s = arg;
+
+       if (what & EVBUFFER_EOF)
+               logmsg(LOG_INFO, "#%d server close", s->id);
+       else if (what == (EVBUFFER_ERROR | EVBUFFER_READ))
+               logmsg(LOG_ERR, "#%d server refused connection", s->id);
+       else if (what & EVBUFFER_WRITE)
+               logmsg(LOG_ERR, "#%d server write error: %d", s->id, what);
+       else if (what & EVBUFFER_TIMEOUT)
+               logmsg(LOG_NOTICE, "#%d server timeout", s->id);
+       else
+               logmsg(LOG_ERR, "#%d abnormal server error: %d", s->id, what);
+
+       end_session(s);
+}
+
+int
+server_parse(struct session *s)
+{
+       struct sockaddr *client_sa, *orig_sa, *proxy_sa, *server_sa;
+       int prepared = 0;
+
+       if (s->cmd == CMD_NONE || linelen < 4 || linebuf[0] != '2')
+               goto out;
+
+       /*
+        * The pf rules below do quite some NAT rewriting, to keep up
+        * appearances.  Points to keep in mind:
+        * 1)  The client must think it's talking to the real server,
+        *     for both control and data connections.  Transparently.
+        * 2)  The server must think that the proxy is the client.
+        * 3)  Source and destination ports are rewritten to minimize
+        *     port collisions, to aid security (some systems pick weak
+        *     ports) or to satisfy RFC requirements (source port 20).
+        */
+       
+       /* Cast this once, to make code below it more readable. */
+       client_sa = sstosa(&s->client_ss);
+       server_sa = sstosa(&s->server_ss);
+       proxy_sa = sstosa(&s->proxy_ss);
+       if (fixed_server)
+               /* Fixed server: data connections must appear to come
+                  from / go to the original server, not the fixed one. */
+               orig_sa = sstosa(&s->orig_server_ss);
+       else
+               /* Server not fixed: orig_server == server. */
+               orig_sa = sstosa(&s->server_ss);
+
+       /* Passive modes. */
+       if ((s->cmd == CMD_PASV && strncmp("227 ", linebuf, 4) == 0) ||
+           (s->cmd == CMD_EPSV && strncmp("229 ", linebuf, 4) == 0)) {
+               s->port = parse_port(s->cmd);
+               if (s->port < MIN_PORT) {
+                       logmsg(LOG_CRIT, "#%d bad port in '%s'", s->id,
+                           linebuf);
+                       return (0);
+               }
+               s->proxy_port = pick_proxy_port();
+               logmsg(LOG_INFO, "#%d passive: client to server port %d"
+                   " via port %d", s->id, s->port, s->proxy_port);
+
+               if (prepare_commit(s->id) == -1)
+                       goto fail;
+               prepared = 1;
+
+               proxy_reply(s->cmd, orig_sa, s->proxy_port);
+               logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);
+
+               /* rdr from $client to $orig_server port $proxy_port -> $server
+                   port $port */
+               if (add_rdr(s->id, client_sa, orig_sa, s->proxy_port,
+                   server_sa, s->port) == -1)
+                       goto fail;
+
+               /* nat from $client to $server port $port -> $proxy */
+               if (add_nat(s->id, client_sa, server_sa, s->port, proxy_sa,
+                   PF_NAT_PROXY_PORT_LOW, PF_NAT_PROXY_PORT_HIGH) == -1)
+                       goto fail;
+
+               /* pass in from $client to $server port $port */
+               if (add_filter(s->id, PF_IN, client_sa, server_sa,
+                   s->port) == -1)
+                       goto fail;
+
+               /* pass out from $proxy to $server port $port */
+               if (add_filter(s->id, PF_OUT, proxy_sa, server_sa,
+                   s->port) == -1)
+                       goto fail;
+       }
+
+       /* Active modes. */
+       if ((s->cmd == CMD_PORT || s->cmd == CMD_EPRT) &&
+           strncmp("200 ", linebuf, 4) == 0) {
+               logmsg(LOG_INFO, "#%d active: server to client port %d"
+                   " via port %d", s->id, s->port, s->proxy_port);
+
+               if (prepare_commit(s->id) == -1)
+                       goto fail;
+               prepared = 1;
+
+               /* rdr from $server to $proxy port $proxy_port -> $client port
+                   $port */
+               if (add_rdr(s->id, server_sa, proxy_sa, s->proxy_port,
+                   client_sa, s->port) == -1)
+                       goto fail;
+
+               /* nat from $server to $client port $port -> $orig_server port
+                   $natport */
+               if (rfc_mode && s->cmd == CMD_PORT) {
+                       /* Rewrite sourceport to RFC mandated 20. */
+                       if (add_nat(s->id, server_sa, client_sa, s->port,
+                           orig_sa, 20, 20) == -1)
+                               goto fail;
+               } else {
+                       /* Let pf pick a source port from the standard range. */
+                       if (add_nat(s->id, server_sa, client_sa, s->port,
+                           orig_sa, PF_NAT_PROXY_PORT_LOW,
+                           PF_NAT_PROXY_PORT_HIGH) == -1)
+                               goto fail;
+               }
+
+               /* pass in from $server to $client port $port */
+               if (add_filter(s->id, PF_IN, server_sa, client_sa, s->port) ==
+                   -1)
+                       goto fail;
+
+               /* pass out from $orig_server to $client port $port */
+               if (add_filter(s->id, PF_OUT, orig_sa, client_sa, s->port) ==
+                   -1)
+                       goto fail;
+       }
+
+       /* Commit rules if they were prepared. */
+       if (prepared && (do_commit() == -1)) {
+               if (errno != EBUSY)
+                       goto fail;
+               /* One more try if busy. */
+               usleep(5000);
+               if (do_commit() == -1)
+                       goto fail;
+       }
+
+ out:
+       s->cmd = CMD_NONE;
+       s->port = 0;
+
+       return (1);
+
+ fail:
+       logmsg(LOG_CRIT, "#%d pf operation failed: %s", s->id, strerror(errno));
+       if (prepared)
+               do_rollback();
+       return (0);
+}
+       
+void
+server_read(struct bufferevent *bufev, void *arg)
+{
+       struct session  *s = arg;
+       size_t           buf_avail, read;
+       int              n;
+
+       bufferevent_settimeout(bufev, timeout, 0);
+
+       do {
+               buf_avail = sizeof s->sbuf - s->sbuf_valid;
+               read = bufferevent_read(bufev, s->sbuf + s->sbuf_valid,
+                   buf_avail);
+               s->sbuf_valid += read;
+
+               while ((n = getline(s->sbuf, &s->sbuf_valid)) > 0) {
+                       logmsg(LOG_DEBUG, "#%d server: %s", s->id, linebuf);
+                       if (!server_parse(s)) {
+                               end_session(s);
+                               return;
+                       }
+                       bufferevent_write(s->client_bufev, linebuf, linelen);
+               }
+
+               if (n == -1) {
+                       logmsg(LOG_ERR, "#%d server reply too long or not"
+                           " clean", s->id);
+                       end_session(s);
+                       return;
+               }
+       } while (read == buf_avail);
+}
+
+const char *
+sock_ntop(struct sockaddr *sa)
+{
+       static int n = 0;
+
+       /* Cycle to next buffer. */
+       n = (n + 1) % NTOP_BUFS;
+       ntop_buf[n][0] = '\0';
+
+       if (sa->sa_family == AF_INET) {
+               struct sockaddr_in *sin = (struct sockaddr_in *)sa;
+
+               return (inet_ntop(AF_INET, &sin->sin_addr, ntop_buf[n],
+                   sizeof ntop_buf[0]));
+       }
+
+       if (sa->sa_family == AF_INET6) {
+               struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+
+               return (inet_ntop(AF_INET6, &sin6->sin6_addr, ntop_buf[n],
+                   sizeof ntop_buf[0]));
+       }
+
+       return (NULL);
+}
+
+void
+usage(void)
+{
+       fprintf(stderr, "usage: %s [-6Adrv] [-a address] [-b address]"
+           " [-D level] [-m maxsessions]\n                 [-P port]"
+           " [-p port] [-q queue] [-R address] [-t timeout]\n", __progname);
+       exit(1);
+}