1 diff -c -r ./ftp-gw/ftp-gw.c ../../fwtk-2.1-violated/fwtk/ftp-gw/ftp-gw.c
2 *** ./ftp-gw/ftp-gw.c Thu Feb 5 19:05:43 1998
3 --- ../../fwtk-2.1-violated/fwtk/ftp-gw/ftp-gw.c Thu May 21 17:36:09 1998
18 static int cmdcnt = 0;
19 static int timeout = PROXY_TIMEOUT;
21 + static int do_transparent = 0;
24 static int cmd_user();
25 static int cmd_authorize();
29 static int cmd_passthru();
30 static void saveline();
31 static void flushsaved();
32 + static int connectdest();
34 #define OP_CONN 001 /* only valid if connected */
35 #define OP_WCON 002 /* writethrough if connected */
41 char *passuser = (char *)0; /* passed user as av */
42 + char *psychic, *hotline;
45 openlog("ftp-gw",LOG_PID);
50 timeout = PROXY_TIMEOUT;
52 + psychic = getdsthost(0, NULL);
56 /* display a welcome file or message */
57 if(passuser == (char *)0) {
58 if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
62 syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
65 + if (do_transparent) {
66 + if (sayfile2(0, cf->argv[0], 220)) {
67 + syslog(LLEV,"fwtksyserr: cannot display welcome %.512s: %m",cf->argv[0]);
71 if(sayfile(0,cf->argv[0],220)) {
72 syslog(LLEV,"fwtksyserr: cannot display welcome %.512s: %m",cf->argv[0]);
77 if(say(0,"220-Proxy first requires authentication"))
81 + sprintf(xuf, "220-%s FTP proxy (Version %s) ready.",huf, FWTK_VERSION_MINOR);
83 sprintf(xuf, "220 %s FTP proxy (Version %s) ready.",huf, FWTK_VERSION_MINOR);
93 + connectdest(psychic, 21);
101 return(sayn(0,noad,sizeof(noad)-1));
104 + if (do_transparent) {
105 + if((rfd == (-1)) && (x = connectdest(dest,port)))
108 + sprintf(buf,"USER %s",user);
113 + x = getresp(rfd, buf, sizeof(buf), 1);
114 + if (sendsaved(0, x))
117 + return(say(0, buf));
128 ! sprintf(buf,"521 %s: %s",dest,ebuf);
132 ! sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
135 /* we are now connected and need to try the autologin thing */
136 x = getresp(rfd,buf,sizeof(buf),1);
141 ! if (do_transparent)
142 ! sprintf(buf, "521 %s,%d: %s", dest, ntohs(port), ebuf);
144 ! sprintf(buf,"521 %s: %s",dest,ebuf);
148 ! if (!do_transparent) {
149 ! sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
153 /* we are now connected and need to try the autologin thing */
154 x = getresp(rfd,buf,sizeof(buf),1);
162 + static int connectdest(dest, port)
166 + char buf[1024], mbuf[512];
170 + dest = "localhost";
172 + if(validests != (char **)0) {
176 + for(xp = validests; *xp != (char *)0; xp++) {
177 + if(**xp == '!' && hostmatch(*xp + 1,dest)) {
178 + return(baddest(0,dest));
180 + if(hostmatch(*xp,dest))
184 + if(*xp == (char *)0)
185 + return(baddest(0,dest));
188 + /* Extended permissions processing goes in here for destination */
190 + msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0);
192 + sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
193 + syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
197 + if(msg_int == -1) {
198 + sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
205 + syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest);
207 + if((rfd = conn_server(dest,port,0,buf)) < 0) {
211 + if (do_transparent)
212 + sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
214 + sprintf(buf,"521 %s: %s",dest,ebuf);
216 + return(say(0,buf));
218 + if (!do_transparent) {
219 + sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
223 + /* we are now connected and need to try the autologin thing */
224 + x = getresp(rfd,buf,sizeof(buf),1);
225 + if(x / 100 != COMPLETE) {
227 + return(say(0,buf));
236 + sayfile2(fd,fn,code)
246 + int saidsomething = 0;
248 + if((f = fopen(fn,"r")) == (FILE *)0)
250 + while(fgets(buf,sizeof(buf),f) != (char *)0) {
251 + if((c = index(buf,'\n')) != (char *)0)
255 + sprintf(yuf,"%3.3d-%s",code,buf);
257 + sprintf(yuf,"%3.3d-%s",code,buf);
267 + if (!saidsomething) {
268 + syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code);
269 + sprintf(yuf, "%3.3d The file to display is empty",code);
277 diff -c -r ./http-gw/http-gw.c ../../fwtk-2.1-violated/fwtk/http-gw/http-gw.c
278 *** ./http-gw/http-gw.c Fri Feb 6 18:32:25 1998
279 --- ../../fwtk-2.1-violated/fwtk/http-gw/http-gw.c Thu May 21 17:00:47 1998
283 static char http_buffer[8192];
284 static char reason[8192];
285 static int checkBrowserType = 1;
286 + static int do_transparent = 0;
288 + char * getdsthost();
290 static void do_logging()
291 { char *proto = "GOPHER";
295 /*(NOT A SPECIAL FORM)*/
297 if((rem_type & TYPE_LOCAL)== 0){
298 + char * psychic = getdsthost(sockfd, &def_port);
300 + if (strlen(psychic) <= MAXHOSTNAMELEN) {
302 + strncpy(def_httpd, psychic, strlen(psychic));
303 + strncpy(def_server, psychic, strlen(psychic));
307 /* See if it can be forwarded */
309 if( can_forward(buf)){
316 sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
317 parse_vec[0], parse_vec[2],
318 parse_vec[3], chk_type_ch,
325 ! if (do_transparent) {
326 ! sprintf(new_reply, "%s\t%s\t%s\t%s",
327 ! parse_vec[0], parse_vec[1],
328 ! parse_vec[2],parse_vec[3]);
331 sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
332 parse_vec[0], parse_vec[2],
333 parse_vec[3], chk_type_ch,
334 diff -c -r ./lib/hnam.c ../../fwtk-2.1-violated/fwtk/lib/hnam.c
335 *** ./lib/hnam.c Tue Dec 10 13:08:48 1996
336 --- ../../fwtk-2.1-violated/fwtk/lib/hnam.c Thu May 21 17:10:00 1998
341 #include "firewall.h"
343 + #ifdef __FreeBSD__ /* or OpenBSD, NetBSD, BSDI, etc. Fix this for your system. */
344 + #include <net/if.h>
345 + #include "ip_nat.h"
346 + #endif /* __FreeBSD__ */
355 bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
356 return(inet_ntoa(sin.sin_addr));
359 + char *getdsthost(fd, ptr)
363 + struct sockaddr_in sin;
364 + struct hostent * hp;
365 + int sl = sizeof(struct sockaddr_in), err = 0, local_h = 0, i = 0;
366 + char buf[255], hostbuf[255];
368 + struct sockaddr_in rsin;
369 + struct natlookup natlookup;
373 + if (!(err = getsockname(0, &sin, &sl))) {
375 + * ptr = ntohs(sin.sin_port);
377 + sprintf(buf, "%s", inet_ntoa(sin.sin_addr));
378 + gethostname(hostbuf, 254);
379 + hp = gethostbyname(hostbuf);
380 + while (hp->h_addr_list[i]) {
382 + memcpy(&sin.sin_addr, hp->h_addr_list[i++],
383 + sizeof(hp->h_addr_list[i++]));
385 + if (!strcmp(buf, inet_ntoa(sin.sin_addr)))
397 + /* The basis for this block of code is Darren Reed's
398 + * patches to the TIS ftwk's ftp-gw.
400 + bzero((char*)&sin, sizeof(sin));
401 + bzero((char*)&rsin, sizeof(rsin));
403 + if (getsockname(fd, (struct sockaddr*)&sin, &sl) < 0)
408 + if(getpeername(fd, (struct sockaddr*)&rsin, &sl) < 0)
411 + natlookup.nl_inport=sin.sin_port;
412 + natlookup.nl_outport=rsin.sin_port;
413 + natlookup.nl_inip=sin.sin_addr;
414 + natlookup.nl_outip=rsin.sin_addr;
416 + if ((natfd = open("/dev/ipl",O_RDONLY)) < 0)
419 + if (ioctl(natfd, SIOCGNATL,&natlookup) == (-1))
425 + *ptr = ntohs(natlookup.nl_inport);
427 + sprintf(buf, "%s", inet_ntoa(natlookup.nl_inip));
430 + /* No transparent proxy support */
433 diff -c -r ./plug-gw/plug-gw.c ../../fwtk-2.1-violated/fwtk/plug-gw/plug-gw.c
434 *** ./plug-gw/plug-gw.c Thu Feb 5 19:07:35 1998
435 --- ../../fwtk-2.1-violated/fwtk/plug-gw/plug-gw.c Thu May 21 17:29:01 1998
439 static char **validdests = (char **)0;
440 static int net_write();
442 + static int do_transparent = 0;
453 + char * getdsthost();
458 + /* Transparent plug-gw is probably a bad idea, but then, plug-gw is a bad
461 + dhost = getdsthost(0, &pport);
468 if(c->flags & PERM_DENY) {
470 syslog(LLEV,"deny host=%.512s/%.20s port=any",rhost,raddr);
473 syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
481 syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
489 diff -c -r ./rlogin-gw/rlogin-gw.c ../../fwtk-2.1-violated/fwtk/rlogin-gw/rlogin-gw.c
490 *** ./rlogin-gw/rlogin-gw.c Thu Feb 5 19:08:38 1998
491 --- ../../fwtk-2.1-violated/fwtk/rlogin-gw/rlogin-gw.c Thu May 21 17:20:25 1998
495 static int trusted = 0;
498 + static int do_transparent = 0;
500 + char * getdsthost();
507 static char *tokav[56];
513 openlog("rlogin-gw",LOG_PID);
516 xforwarder = cf->argv[0];
521 if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
524 xforwarder = cf->argv[0];
527 ! psychic = getdsthost(0, NULL);
530 ! strncpy(dest, psychic, 511);
534 if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
539 if((p = index(rusername,'@')) != (char *)0) {
550 if(dest[0] != '\0') {
551 /* Setup connection directly to remote machine */
552 + if ((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
553 + if (cf->argc != 1) {
554 + syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
558 + if (sayfile(0, cf->argv[0])) {
559 + syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
564 + /* Hey fwtk developer people -- this connect_dest thing is *nasty!* */
566 sprintf(buf,"connect %.1000s",dest);
567 tokac = enargv(buf, tokav, 56, tokbuf, sizeof(tokbuf));
568 if (cmd_connect(tokac, tokav, buf) != 2)
573 syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,namp);
574 ! if(strlen(namp) > 20)
576 ! if(rusername[0] != '\0')
577 ! sprintf(ebuf,"Trying %s@%s...",rusername,namp);
579 ! sprintf(ebuf,"Trying %s...",namp);
583 syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,av[1]);
584 if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
588 syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,namp);
589 ! if (!do_transparent) {
590 ! if(strlen(namp) > 20)
592 ! if(rusername[0] != '\0')
593 ! sprintf(ebuf,"Trying %s@%s...",rusername,namp);
595 ! sprintf(ebuf,"Trying %s...",namp);
600 syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,av[1]);
601 if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
602 diff -c -r ./tn-gw/tn-gw.c ../../fwtk-2.1-violated/fwtk/tn-gw/tn-gw.c
603 *** ./tn-gw/tn-gw.c Thu Feb 5 19:11:36 1998
604 --- ../../fwtk-2.1-violated/fwtk/tn-gw/tn-gw.c Thu May 21 17:25:06 1998
608 static int cmd_xforward();
609 static int cmd_timeout();
611 + char * getdsthost();
613 + static int do_transparent = 0;
615 static int tn3270 = 1; /* don't do tn3270 stuff */
628 openlog("tn-gw",LOG_PID);
635 + psychic = getdsthost(0, &port);
637 + if ((strlen(psychic) + 10) < 510) {
640 + sprintf(dest, "%s:%d", psychic, port);
642 + sprintf(dest, "%s", psychic);
645 + if ((cf = cfg_get("welcome-msg", confp)) != (Cfg *)0) {
646 + if (cf->argc != 1) {
647 + syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
651 + if (sayfile(0, cf->argv[0])) {
652 + syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]);
668 syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,namp);
669 ! sprintf(ebuf,"Trying %.100s port %d...",namp,port);
673 syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
678 syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,namp);
679 ! if (!do_transparent) {
680 ! sprintf(ebuf,"Trying %.100s port %d...",namp,port);
685 syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
690 syslog(LLEV,"connected host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
691 strncpy(dest,av[1], 511);
692 ! sprintf(buf, "Connected to %.512s.", dest);
699 syslog(LLEV,"connected host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
700 strncpy(dest,av[1], 511);
701 ! if (!do_transparent) {
702 ! sprintf(buf, "Connected to %.512s.", dest);
tuxillo's projects / dragonfly.git / blob