1 diff -cr ../TIS.orig/fwtk/Makefile.config.linux fwtk/Makefile.config.linux
2 *** ../TIS.orig/fwtk/Makefile.config.linux Sat Sep 7 05:58:21 1996
3 --- fwtk/Makefile.config.linux Sun Feb 2 05:48:01 1997
8 # Your C compiler (eg, "cc" or "gcc")
12 # program to use for installation -- this may or may not preserve
16 # Your C compiler (eg, "cc" or "gcc")
20 # program to use for installation -- this may or may not preserve
24 # Defines for your operating system
27 #DEFINES=-DSYSV -DSOLARIS
29 # Options for your compiler (eg, "-g" for debugging, "-O" for
30 # optimizing, or "-g -O" for both under GCC)
31 #COPT= -g -traditional $(DEFINES)
33 ! #COPT= -O $(DEFINES)
35 # Version of "make" you want to use
39 # Defines for your operating system
41 ! DEFINES=-DLINUX -DUSE_IP_FILTER
42 #DEFINES=-DSYSV -DSOLARIS
44 # Options for your compiler (eg, "-g" for debugging, "-O" for
45 # optimizing, or "-g -O" for both under GCC)
46 #COPT= -g -traditional $(DEFINES)
47 ! #COPT= -g $(DEFINES)
50 # Version of "make" you want to use
56 # Destination directory for installation of binaries
57 ! DEST= /usr/local/etc
60 # Destination directory for installation of man pages
64 # Destination directory for installation of binaries
65 ! DEST= /usr/local/sbin
68 # Destination directory for installation of man pages
71 # or -Bstatic for static binaries under SunOS 4.1.x)
77 # Location of the fwtk sources [For #include by any external tools needing it]
79 # or -Bstatic for static binaries under SunOS 4.1.x)
86 # Location of the fwtk sources [For #include by any external tools needing it]
91 # Location of X libraries for X-gw
92 ! XLIBDIR=/usr/X11/lib
93 #XLIBDIR=/usr/local/X11R5/lib
99 # Location of X libraries for X-gw
100 ! XLIBDIR=/usr/X11R6/lib
101 #XLIBDIR=/usr/local/X11R5/lib
106 #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11
108 # Location of X include files
109 ! XINCLUDE=/usr/X11/include
110 #XINCLUDE=/usr/local/X11R5/include
112 # Objects to include in libfwall for SYSV
114 #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11
116 # Location of X include files
117 ! XINCLUDE=/usr/X11R6/include
118 #XINCLUDE=/usr/local/X11R5/include
120 # Objects to include in libfwall for SYSV
121 diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris
122 *** ../TIS.orig/fwtk/Makefile.config.solaris Sat Sep 7 06:14:13 1996
123 --- fwtk/Makefile.config.solaris Sun Feb 2 06:09:19 1997
127 # RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.1 1999/08/04 17:40:48 darrenr Exp $"
130 # Your C compiler (eg, "cc" or "gcc")
134 # program to use for installation -- this may or may not preserve
135 # old versions (or whatever). assumes that it takes parameters:
140 # Defines for your operating system
142 ! DEFINES=-DSYSV -DSOLARIS
144 #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \
145 -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \
148 # RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.1 1999/08/04 17:40:48 darrenr Exp $"
151 + # Path to sources of ip_filter (ip_nat.h required in lib/hnam.c)
153 + IPFPATH=/src/unpacked/firewall/ip_fil3.1.5
155 # Your C compiler (eg, "cc" or "gcc")
159 # program to use for installation -- this may or may not preserve
160 # old versions (or whatever). assumes that it takes parameters:
162 ! CP= /usr/ucb/install -c -s
165 # Defines for your operating system
167 ! DEFINES=-DSYSV -DSOLARIS -DUSE_IP_FILTER -I$(IPFPATH)
169 #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \
170 -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \
175 # Your ranlib utility (use "touch" if you don't have ranlib)
180 # Destination directory for installation of binaries
184 # Your ranlib utility (use "touch" if you don't have ranlib)
189 # Destination directory for installation of binaries
190 diff -cr ../TIS.orig/fwtk/firewall.h fwtk/firewall.h
191 *** ../TIS.orig/fwtk/firewall.h Sun Sep 8 05:55:26 1996
192 --- fwtk/firewall.h Sun Feb 2 05:23:33 1997
198 ! #define PERMFILE "/usr/local/etc/netperm-table"
206 ! #define PERMFILE "/etc/fwtk/netperm-table"
213 /* Choose a system logging facility for the firewall toolkit. */
215 ! #define LFAC LOG_DAEMON
221 /* Choose a system logging facility for the firewall toolkit. */
223 ! #define LFAC LOG_LOCAL5
229 #define PERM_ALLOW 01
233 #define _INCL_FWALL_H
236 #define PERM_ALLOW 01
239 ! #ifdef USE_IP_FILTER
240 ! extern char *getdsthost(int, int*);
242 #define _INCL_FWALL_H
244 diff -cr ../TIS.orig/fwtk/ftp-gw/ftp-gw.c fwtk/ftp-gw/ftp-gw.c
245 *** ../TIS.orig/fwtk/ftp-gw/ftp-gw.c Fri Sep 6 18:55:05 1996
246 --- fwtk/ftp-gw/ftp-gw.c Sat Feb 1 06:49:13 1997
253 + #ifdef USE_IP_FILTER
254 + static int do_transparent=0;
255 + static int connectdest();
259 static char **validests = (char **)0;
265 char *passuser = (char *)0; /* passed user as av */
266 + #ifdef USE_IP_FILTER
267 + char *psychic, *hotline;
271 openlog("ftp-gw",LOG_PID);
279 /* display a welcome file or message */
280 if(passuser == (char *)0) {
281 if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
286 + #ifdef USE_IP_FILTER
287 + psychic=getdsthost(0,NULL);
288 + if(psychic) { do_transparent++; }
291 /* display a welcome file or message */
292 if(passuser == (char *)0) {
293 if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
297 syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
300 + #ifdef USE_IP_FILTER
301 + if(do_transparent) {
302 + if(sayfile2(0,cf->argv[0],220)) {
303 + syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
307 + #endif /* USE_IP_FILTER */
308 if(sayfile(0,cf->argv[0],220)) {
309 syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
314 if(say(0,"220-Proxy first requires authentication"))
316 ! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
322 if(say(0,"220-Proxy first requires authentication"))
324 ! #ifdef USE_IP_FILTER
326 ! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
329 ! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
335 if(cmd_user(2,fakav,"user internal"))
343 if(cmd_user(2,fakav,"user internal"))
346 ! #ifdef USE_IP_FILTER
347 ! if(do_transparent) {
348 ! connectdest(psychic,21);
358 return(sayn(0,noad,sizeof(noad)-1));
361 + #ifdef USE_IP_FILTER
362 + if(do_transparent) {
363 + if((rfd==(-1)) && (x=connectdest(dest,port))) return x;
364 + sprintf(buf,"USER %s",user);
365 + if(say(rfd,buf)) return(1);
366 + x=getresp(rfd,buf,sizeof(buf),1);
367 + if(sendsaved(0,x)) return(1);
368 + return(say(0,buf));
379 ! sprintf(buf,"521 %s: %s",dest,ebuf);
387 ! #ifdef USE_IP_FILTER
388 ! if(do_transparent) {
389 ! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
392 ! sprintf(buf,"521 %s: %s",dest,ebuf);
403 + #ifdef USE_IP_FILTER
404 + static int connectdest(dest, port)
408 + char buf[1024], mbuf[512];
412 + dest = "localhost";
414 + if(validests != (char **)0) {
418 + for(xp = validests; *xp != (char *)0; xp++) {
419 + if(**xp == '!' && hostmatch(*xp + 1,dest)) {
420 + return(baddest(0,dest));
422 + if(hostmatch(*xp,dest))
426 + if(*xp == (char *)0)
427 + return(baddest(0,dest));
430 + /* Extended permissions processing goes in here for destination */
432 + msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0);
434 + sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
435 + syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
439 + if(msg_int == -1) {
440 + sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
447 + syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest);
449 + if((rfd = conn_server(dest,port,0,buf)) < 0) {
453 + sprintf(buf,"521 %s: %s",dest,ebuf);
455 + return(say(0,buf));
457 + if(!do_transparent) {
458 + sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
462 + /* we are now connected and need to try the autologin thing */
463 + x = getresp(rfd,buf,sizeof(buf),1);
464 + if(x / 100 != COMPLETE) {
466 + return(say(0,buf));
475 + /* ok, so i'm in a hurry. english paper due RSN. */
476 + sayfile2(fd,fn,code)
486 + int saidsomething = 0;
488 + if((f = fopen(fn,"r")) == (FILE *)0)
490 + while(fgets(buf,sizeof(buf),f) != (char *)0) {
491 + if((c = index(buf,'\n')) != (char *)0)
495 + sprintf(yuf,"%3.3d-%s",code,buf);
497 + sprintf(yuf,"%3.3d-%s",code,buf);
507 + if (!saidsomething) {
508 + syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code);
509 + sprintf(yuf, "%3.3d The file to display is empty",code);
518 + #endif /* USE_IP_FILTER */
519 diff -cr ../TIS.orig/fwtk/http-gw/http-gw.c fwtk/http-gw/http-gw.c
520 *** ../TIS.orig/fwtk/http-gw/http-gw.c Mon Sep 9 20:40:53 1996
521 --- fwtk/http-gw/http-gw.c Sun Feb 2 06:41:18 1997
525 static char http_buffer[8192];
526 static char reason[8192];
527 static int checkBrowserType = 1;
528 + #ifdef USE_IP_FILTER
529 + static int do_transparent=0;
532 static void do_logging()
533 { char *proto = "GOPHER";
537 /*(NOT A SPECIAL FORM)*/
539 if((rem_type & TYPE_LOCAL)== 0){
540 + #ifdef USE_IP_FILTER
541 + char *psychic=getdsthost(sockfd,&def_port);
543 + if(strlen(psychic)<=MAXHOSTNAMELEN) {
545 + strncpy(def_httpd,psychic,strlen(psychic));
546 + strncpy(def_server,psychic,strlen(psychic));
550 + #endif /* USE_IP_FILTER */
551 /* See if it can be forwarded */
553 if( can_forward(buf)){
561 + #ifdef USE_IP_FILTER
562 + else if(do_transparent) {
563 + sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]);
564 + #endif /* USE_IP_FILTER */
566 sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
567 parse_vec[0], parse_vec[2],
568 diff -cr ../TIS.orig/fwtk/lib/hnam.c fwtk/lib/hnam.c
569 *** ../TIS.orig/fwtk/lib/hnam.c Sat Nov 5 00:30:19 1994
570 --- fwtk/lib/hnam.c Sat Feb 1 08:17:46 1997
575 extern char *inet_ntoa();
577 + #if defined(USE_IP_FILTER)
578 + #include <net/if.h>
580 + #include "ip_nat.h"
582 + #if defined(SOLARIS)
583 + #include <sys/stat.h>
585 + #include <unistd.h>
586 + #include <sys/ioccom.h>
588 + #endif /* IP_FILTER */
590 #include "firewall.h"
595 bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
596 return(inet_ntoa(sin.sin_addr));
601 + #ifdef USE_IP_FILTER
602 + char *getdsthost(fd, ptr)
606 + struct sockaddr_in sin;
607 + struct hostent *hp;
608 + int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0;
609 + static char buf[255], hostbuf[255];
610 + #if defined(__FreeBSD__) || defined(SOLARIS)
611 + struct sockaddr_in rsin;
612 + struct natlookup natlookup;
617 + /* This should also work for UDP. Unfortunately, it doesn't.
618 + Maybe when the Linux UDP proxy code gets a little cleaner.
620 + if(!(err=getsockname(0,&sin,&sl))) {
621 + if(ptr) *ptr=ntohs(sin.sin_port);
622 + sprintf(buf,"%s",inet_ntoa(sin.sin_addr));
623 + gethostname(hostbuf,254);
624 + hp=gethostbyname(hostbuf);
625 + while(hp->h_addr_list[i]) {
627 + memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++]));
628 + if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++;
630 + if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); }
631 + else { return(buf); }
635 + #if defined(__FreeBSD__)
636 + /* The basis for this block of code is Darren Reed's
637 + patches to the TIS ftwk's ftp-gw.
639 + bzero((char*)&sin,sizeof(sin));
640 + bzero((char*)&rsin,sizeof(rsin));
641 + if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
645 + if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
648 + natlookup.nl_inport=sin.sin_port;
649 + natlookup.nl_outport=rsin.sin_port;
650 + natlookup.nl_inip=sin.sin_addr;
651 + natlookup.nl_outip=rsin.sin_addr;
652 + if((natfd=open("/dev/ipl",O_RDONLY))<0) {
655 + if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) {
659 + if(ptr) *ptr=ntohs(natlookup.nl_inport);
660 + sprintf(buf,"%s",inet_ntoa(natlookup.nl_inip));
663 + #if defined(SOLARIS) /* for Solaris */
664 + /* The basis for this block of code is Darren Reed's
665 + * patches to the TIS ftwk's ftp-gw.
666 + * modified for Solaris from Michael Kutzner, Michael.Kutzner@paderlinx.de
668 + memset((char*)&sin, 0, sizeof(sin));
669 + memset((char*)&rsin, 0, sizeof(rsin));
671 + if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
675 + if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
678 + natlookup.nl_inport=sin.sin_port;
679 + natlookup.nl_outport=rsin.sin_port;
680 + natlookup.nl_inip=sin.sin_addr;
681 + natlookup.nl_outip=rsin.sin_addr;
682 + if( (natfd=open("/dev/ipl",O_RDONLY)) < 0) {
685 + if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) {
689 + if(ptr) *ptr=ntohs(natlookup.nl_inport);
690 + sprintf(buf,"%s",inet_ntoa(natlookup.nl_inip));
693 + /* No transparent proxy support */
696 + #endif /* USE_IP_FILTER */
697 diff -cr ../TIS.orig/fwtk/plug-gw/plug-gw.c fwtk/plug-gw/plug-gw.c
698 *** ../TIS.orig/fwtk/plug-gw/plug-gw.c Thu Sep 5 21:36:33 1996
699 --- fwtk/plug-gw/plug-gw.c Sun Feb 2 04:50:40 1997
702 static int timeout = PROXY_TIMEOUT;
703 static char **validdests = (char **)0;
710 static int timeout = PROXY_TIMEOUT;
711 static char **validdests = (char **)0;
713 ! #ifdef USE_IP_FILTER
714 ! static int do_transparent=0;
721 static char buf[1024 * 4];
724 char hostport[1024 * 4];
731 if(c->flags & PERM_DENY) {
733 syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr);
735 static char buf[1024 * 4];
738 + char *transhost = NULL;
739 char hostport[1024 * 4];
743 ! #ifdef USE_IP_FILTER
748 + #ifdef USE_IP_FILTER
749 + /* Transparent plug-gw is probably a bad idea, but hey .. */
750 + transhost=getdsthost(0,&pport);
757 if(c->flags & PERM_DENY) {
759 syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr);
766 if (!strcmp(av[x], "-port")) {
768 syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln);
773 ! #ifdef USE_IP_FILTER
774 ! if (!strcmp(av[x],"-all-destinations")) {
779 if (!strcmp(av[x], "-port")) {
781 syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln);
782 diff -cr ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c fwtk/rlogin-gw/rlogin-gw.c
783 *** ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c Fri Sep 6 18:56:33 1996
784 --- fwtk/rlogin-gw/rlogin-gw.c Sun Feb 2 06:26:04 1997
788 extern char *maphostname();
791 static int cmd_quit();
792 static int cmd_help();
793 static int cmd_connect();
796 extern char *maphostname();
798 ! #ifdef USE_IP_FILTER
799 ! static int do_transparent=0;
801 static int cmd_quit();
802 static int cmd_help();
803 static int cmd_connect();
807 static char *tokav[56];
810 + #ifdef USE_IP_FILTER
815 openlog("rlogin-gw",LOG_PID);
822 if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
824 syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln);
829 ! #ifdef USE_IP_FILTER
830 ! psychic=getdsthost(0,NULL);
833 ! strncpy(dest,psychic,511);
836 ! #endif /* USE_IP_FILTER */
837 if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
839 syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln);
844 /* if present a host name, chop and save username and hostname */
846 if((p = index(rusername,'@')) != (char *)0) {
855 /* if present a host name, chop and save username and hostname */
856 if((p = index(rusername,'@')) != (char *)0) {
866 sprintf(ebuf,"Trying %s@%s...",rusername,namp);
868 sprintf(ebuf,"Trying %s...",namp);
869 + #ifdef USE_IP_FILTER
870 + if(!do_transparent) {
874 + #ifdef USE_IP_FILTER
878 syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]);
879 if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
880 diff -cr ../TIS.orig/fwtk/tn-gw/tn-gw.c fwtk/tn-gw/tn-gw.c
881 *** ../TIS.orig/fwtk/tn-gw/tn-gw.c Fri Sep 6 18:55:48 1996
882 --- fwtk/tn-gw/tn-gw.c Sun Feb 2 06:06:33 1997
886 static int timeout = PROXY_TIMEOUT;
887 static char timed_out_msg[] = "\r\nConnection closed due to inactivity";
889 + #ifdef USE_IP_FILTER
890 + static int do_transparent=0;
902 + #ifdef USE_IP_FILTER
908 openlog("tn-gw",LOG_PID);
922 ! #ifdef USE_IP_FILTER
923 ! psychic=getdsthost(0,&port);
925 ! if((strlen(psychic) + 10) < 510) {
928 ! sprintf(dest,"%s:%d",psychic,port);
930 ! sprintf(dest,"%s",psychic);
934 ! if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
935 ! if(cf->argc != 1) {
936 ! syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
939 ! if(sayfile(0,cf->argv[0])) {
940 ! syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]);
950 ! #endif /* USE_IP_FILTER */
957 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
958 sprintf(ebuf,"Trying %s port %d...",namp,port);
962 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
966 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
967 sprintf(ebuf,"Trying %s port %d...",namp,port);
968 ! #ifdef USE_IP_FILTER
969 ! if(!do_transparent) {
970 ! sprintf(ebuf,"Trying %s port %d...",namp,port);
974 ! #ifdef USE_IP_FILTER
978 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
983 syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
984 strncpy(dest,av[1], 511);
985 ! sprintf(buf, "Connected to %s.", dest);
992 syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
993 strncpy(dest,av[1], 511);
994 ! #ifdef USE_IP_FILTER
995 ! if(!do_transparent) {
996 ! sprintf(buf, "Connected to %s.", dest);
1005 diff -cr ../TIS.orig/fwtk/x-gw/socket.c fwtk/x-gw/socket.c
1006 *** ../TIS.orig/fwtk/x-gw/socket.c Sat Sep 7 05:16:35 1996
1007 --- fwtk/x-gw/socket.c Sun Feb 2 05:26:44 1997
1010 case AF_UNIX: un_name = (struct sockaddr_un *)addr;
1011 len = sizeof(un_name->sun_family) +
1012 sizeof(un_name->sun_path)
1013 ! #ifdef SCM_RIGHTS /* 4.3BSD Reno and later */
1014 + sizeof(un_name->sun_len) + 1
1018 case AF_UNIX: un_name = (struct sockaddr_un *)addr;
1019 len = sizeof(un_name->sun_family) +
1020 sizeof(un_name->sun_path)
1021 ! #if defined(SCM_RIGHTS) && !defined(LINUX)/* 4.3BSD Reno and later */
1022 + sizeof(un_name->sun_len) + 1
1025 Only in fwtk/x-gw: socket.c.bak
tuxillo's projects / dragonfly.git / blob