contrib/ipfilter/FWTK/ftp-gw.diff

   1 *** ftp-gw.c.orig       Sun Jun 22 16:27:42 1997
   2 --- ftp-gw.c    Sun Jun 22 17:02:16 1997
   3 ***************
   4 *** 11,31 ****
   5 --- 11,41 ----
   6    */
   7   static        char    RcsId[] = "$Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.1 1999/08/04 17:30:30 darrenr Exp $";
   8
   9 + /*
  10 +  * Patches for IP Filter NAT extensions written by Darren Reed, 7/7/96
  11 +  * darrenr@cyber.com.au
  12 +  */
  13 + static        char    vIpFilter[] = "v3.1.11";
  14
  15   #include      <stdio.h>
  16   #include      <ctype.h>
  17   #include      <syslog.h>
  18 + #include      <unistd.h>
  19 + #include      <fcntl.h>
  20   #include      <sys/signal.h>
  21   #include      <sys/ioctl.h>
  22   #include      <sys/errno.h>
  23   extern        int     errno;
  24 + #ifdef        sun
  25   extern        char    *sys_errlist[];
  26 + #endif
  27   #include      <arpa/ftp.h>
  28   #include      <arpa/telnet.h>
  29   #include      <sys/time.h>
  30   #include      <sys/types.h>
  31   #include      <sys/socket.h>
  32   #include      <netinet/in.h>
  33 + #include      <net/if.h>
  34
  35   extern        char    *rindex();
  36   extern        char    *index();
  37 ***************
  38 *** 36,41 ****
  39 --- 46,54 ----
  40
  41   #include      "firewall.h"
  42
  43 + #include      "ip_compat.h"
  44 + #include      "ip_fil.h"
  45 + #include      "ip_nat.h"
  46
  47   #ifndef       BSIZ
  48   #define       BSIZ    2048
  49 ***************
  50 *** 83,88 ****
  51 --- 96,103 ----
  52   static        int     cmd_noop();
  53   static        int     cmd_abor();
  54   static        int     cmd_passthru();
  55 + static        int     nat_destination();
  56 + static        int     connectdest();
  57   static        void    saveline();
  58   static        void    flushsaved();
  59   static        void    trap_sigurg();
  60 ***************
  61 *** 317,323 ****
  62                         if(authallflg)
  63                                 if(say(0,"220-Proxy first requires authentication"))
  64                                         exit(1);
  65 !                       sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
  66                         if(say(0,xuf))
  67                                 exit(1);
  68                 }
  69 --- 332,341 ----
  70                         if(authallflg)
  71                                 if(say(0,"220-Proxy first requires authentication"))
  72                                         exit(1);
  73 !                       sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
  74 !                       if(say(0,xuf))
  75 !                               exit(1);
  76 !                       sprintf(xuf,"220-%s TIS ftp-gw with IP Filter %s NAT extensions",huf,vIpFilter);
  77                         if(say(0,xuf))
  78                                 exit(1);
  79                 }
  80 ***************
  81 *** 338,343 ****
  82 --- 356,363 ----
  83                                 exit(1);
  84         }
  85
  86 +       nat_destination(0);
  87 +
  88         /* main loop */
  89         while(1) {
  90                 FD_ZERO(&rdy);
  91 ***************
  92 *** 608,619 ****
  93         static char     narg[] = "501 Missing or extra username";
  94         static char     noad[] = "501 Use user@site to connect via proxy";
  95         char            buf[1024];
  96 -       char            mbuf[512];
  97         char            *p;
  98         char            *dest;
  99         char            *user;
 100         int             x;
 101 -       int             msg_int;
 102         short           port = FTPPORT;
 103
 104         /* kludgy but effective. if authorizing everything call auth instead */
 105 --- 628,637 ----
 106 ***************
 107 *** 643,648 ****
 108 --- 661,687 ----
 109                         return(sayn(0,noad,sizeof(noad)));
 110         }
 111
 112 +       if((rfd == -1) && (x = connectdest(dest,port)))
 113 +               return x;
 114 +       sprintf(buf,"USER %s",user);
 115 +       if(say(rfd,buf))
 116 +               return(1);
 117 +       x = getresp(rfd,buf,sizeof(buf),1);
 118 +       if(sendsaved(0,x))
 119 +               return(1);
 120 +       return(say(0,buf));
 121 + }
 122 +
 123 + static int
 124 + connectdest(dest,port)
 125 + char *dest;
 126 + short port;
 127 + {
 128 +       char            buf[1024];
 129 +       char            mbuf[512];
 130 +       int             msg_int;
 131 +       int             x;
 132 +
 133         if(*dest == '\0')
 134                 dest = "localhost";
 135
 136 ***************
 137 *** 685,693 ****
 138                 char    ebuf[512];
 139
 140                 strcpy(ebuf,buf);
 141 !               sprintf(buf,"521 %s: %s",dest,ebuf);
 142                 return(say(0,buf));
 143         }
 144         sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
 145         saveline(buf);
 146
 147 --- 724,733 ----
 148                 char    ebuf[512];
 149
 150                 strcpy(ebuf,buf);
 151 !               sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
 152                 return(say(0,buf));
 153         }
 154 +
 155         sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
 156         saveline(buf);
 157
 158 ***************
 159 *** 698,711 ****
 160                 return(say(0,buf));
 161         }
 162         saveline(buf);
 163 !
 164 !       sprintf(buf,"USER %s",user);
 165 !       if(say(rfd,buf))
 166 !               return(1);
 167 !       x = getresp(rfd,buf,sizeof(buf),1);
 168 !       if(sendsaved(0,x))
 169 !               return(1);
 170 !       return(say(0,buf));
 171   }
 172
 173
 174 --- 738,745 ----
 175                 return(say(0,buf));
 176         }
 177         saveline(buf);
 178 !       sendsaved(0,-1);
 179 !       return 0;
 180   }
 181
 182
 183 ***************
 184 *** 1591,1593 ****
 185 --- 1625,1671 ----
 186         dup(nread);
 187   }
 188   #endif
 189 +
 190 +
 191 + static int
 192 + nat_destination(fd)
 193 + int fd;
 194 + {
 195 +       struct  sockaddr_in     laddr, faddr;
 196 +       struct  natlookup       natlookup;
 197 +       char    *dest;
 198 +       int     slen, natfd;
 199 +
 200 +       bzero((char *)&laddr, sizeof(laddr));
 201 +       bzero((char *)&faddr, sizeof(faddr));
 202 +       slen = sizeof(laddr);
 203 +       if(getsockname(fd,(struct sockaddr *)&laddr,&slen) < 0) {
 204 +               perror("getsockname");
 205 +               exit(1);
 206 +       }
 207 +       slen = sizeof(faddr);
 208 +       if(getpeername(fd,(struct sockaddr *)&faddr,&slen) < 0) {
 209 +               perror("getsockname");
 210 +               exit(1);
 211 +       }
 212 +
 213 +       natlookup.nl_inport = laddr.sin_port;
 214 +       natlookup.nl_outport = faddr.sin_port;
 215 +       natlookup.nl_inip = laddr.sin_addr;
 216 +       natlookup.nl_outip = faddr.sin_addr;
 217 +       natlookup.nl_flags = IPN_TCP;
 218 +       if((natfd = open(IPL_NAT, O_RDONLY)) < 0) {
 219 +               perror("open");
 220 +               exit(1);
 221 +       }
 222 +       if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) {
 223 +               syslog(LOG_ERR, "SIOCGNATL failed: %m\n");
 224 +               close(natfd);
 225 +               if(say(0,"220 Ready"))
 226 +                       exit(1);
 227 +               return 0;
 228 +       }
 229 +       close(natfd);
 230 +       return connectdest(inet_ntoa(natlookup.nl_realip),
 231 +                          ntohs(natlookup.nl_realport));
 232 + }