1 diff -c -r ./ftp-gw/ftp-gw.c ../../NEW/fwtk/ftp-gw/ftp-gw.c
2 *** ./ftp-gw/ftp-gw.c Fri Sep 6 12:55:05 1996
3 --- ../../NEW/fwtk/ftp-gw/ftp-gw.c Wed Oct 9 02:51:35 1996
9 ! #include "firewall.h"
20 + #include "firewall.h"
27 static int cmdcnt = 0;
28 static int timeout = PROXY_TIMEOUT;
30 + static int do_transparent=0;
33 static int cmd_user();
34 static int cmd_authorize();
38 static void saveline();
39 static void flushsaved();
40 static void trap_sigurg();
41 + static int connectdest();
43 #define OP_CONN 001 /* only valid if connected */
44 #define OP_WCON 002 /* writethrough if connected */
50 char *passuser = (char *)0; /* passed user as av */
51 + char *psychic, *hotline;
54 openlog("ftp-gw",LOG_PID);
61 + psychic=getdsthost(0,NULL);
62 + if(psychic) { do_transparent++; }
64 /* display a welcome file or message */
65 if(passuser == (char *)0) {
69 syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
72 + if(do_transparent) {
73 + if(sayfile2(0,cf->argv[0],220)) {
74 + syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
78 if(sayfile(0,cf->argv[0],220)) {
79 syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
84 if(say(0,"220-Proxy first requires authentication"))
86 ! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
92 if(say(0,"220-Proxy first requires authentication"))
96 ! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
98 ! sprintf(xuf,"220 %s FTP Proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
110 + if(do_transparent) {
111 + connectdest(psychic,21);
120 return(sayn(0,noad,sizeof(noad)-1));
123 + if(do_transparent) {
124 + if((rfd==(-1)) && (x=connectdest(dest,port))) return x;
125 + sprintf(buf,"USER %s",user);
126 + if(say(rfd,buf)) return(1);
127 + x=getresp(rfd,buf,sizeof(buf),1);
128 + if(sendsaved(0,x)) return(1);
129 + return(say(0,buf));
138 sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
139 syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
144 sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
147 sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
148 syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
153 sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
159 ! sprintf(buf,"521 %s: %s",dest,ebuf);
167 ! if(do_transparent) {
168 ! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
170 ! sprintf(buf,"521 %s: %s",dest,ebuf);
181 + /* if(do_transparent) {
184 + } /* EEEk. I can't remember what this does. */
186 sprintf(buf,"USER %s",user);
195 + static int connectdest(dest, port)
199 + char buf[1024], mbuf[512];
203 + dest = "localhost";
205 + if(validests != (char **)0) {
209 + for(xp = validests; *xp != (char *)0; xp++) {
210 + if(**xp == '!' && hostmatch(*xp + 1,dest)) {
211 + return(baddest(0,dest));
213 + if(hostmatch(*xp,dest))
217 + if(*xp == (char *)0)
218 + return(baddest(0,dest));
221 + /* Extended permissions processing goes in here for destination */
223 + msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0);
225 + sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
226 + syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
230 + if(msg_int == -1) {
231 + sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
238 + syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest);
240 + if((rfd = conn_server(dest,port,0,buf)) < 0) {
244 + sprintf(buf,"521 %s: %s",dest,ebuf);
246 + return(say(0,buf));
248 + if(!do_transparent) {
249 + sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
253 + /* we are now connected and need to try the autologin thing */
254 + x = getresp(rfd,buf,sizeof(buf),1);
255 + if(x / 100 != COMPLETE) {
257 + return(say(0,buf));
271 static char nprn[] = "500 cannot get peername";
274 + /* syslog(LLEV,"DEBUG: port cmd"); */
277 return(sayn(0,narg,sizeof(narg)-1));
282 #define UC(c) (((int)c) & 0xff)
283 sprintf(buf,"PORT %d,%d,%d,%d,%d,%d\r\n",UC(k[0]),UC(k[1]),UC(k[2]),
284 UC(k[3]),UC(l[0]),UC(l[1]));
285 + /* syslog(LLEV,"DEBUG: %s",buf); */
287 if (write(rfd, buf, s) != s)
294 /* if we haven't gotten a valid PORT scrub the connection */
295 + /* syslog(LLEV,"DEBUG: callback()."); */
296 if((outgoing = accept(boundport,(struct sockaddr *)0,(int *)0)) < 0 || clntport.sin_port == 0)
298 if(pasvport != -1) { /* incoming handled by PASVcallback */
306 + /* ok, so i'm in a hurry. english paper due RSN. */
307 + sayfile2(fd,fn,code)
317 + int saidsomething = 0;
319 + if((f = fopen(fn,"r")) == (FILE *)0)
321 + while(fgets(buf,sizeof(buf),f) != (char *)0) {
322 + if((c = index(buf,'\n')) != (char *)0)
326 + sprintf(yuf,"%3.3d-%s",code,buf);
328 + sprintf(yuf,"%3.3d-%s",code,buf);
338 + if (!saidsomething) {
339 + syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code);
340 + sprintf(yuf, "%3.3d The file to display is empty",code);
352 diff -c -r ./http-gw/http-gw.c ../../NEW/fwtk/http-gw/http-gw.c
353 *** ./http-gw/http-gw.c Mon Sep 9 14:40:53 1996
354 --- ../../NEW/fwtk/http-gw/http-gw.c Wed Oct 9 02:51:57 1996
358 static char http_buffer[8192];
359 static char reason[8192];
360 static int checkBrowserType = 1;
362 + static int do_transparent=0;
365 + char *getdsthost();
367 static void do_logging()
368 { char *proto = "GOPHER";
372 /*(NOT A SPECIAL FORM)*/
374 if((rem_type & TYPE_LOCAL)== 0){
376 + char *psychic=getdsthost(sockfd,&def_port);
378 + if(strlen(psychic)<=MAXHOSTNAMELEN) {
380 + strncpy(def_httpd,psychic,strlen(psychic));
381 + strncpy(def_server,psychic,strlen(psychic));
386 /* See if it can be forwarded */
388 if( can_forward(buf)){
395 sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
396 parse_vec[0], parse_vec[2],
397 parse_vec[3], chk_type_ch,
404 ! else if(do_transparent) {
405 ! sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]);
409 sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
410 parse_vec[0], parse_vec[2],
411 parse_vec[3], chk_type_ch,
412 diff -c -r ./lib/hnam.c ../../NEW/fwtk/lib/hnam.c
413 *** ./lib/hnam.c Fri Nov 4 18:30:19 1994
414 --- ../../NEW/fwtk/lib/hnam.c Wed Oct 9 02:34:13 1996
420 #include "firewall.h"
422 + #include <net/if.h>
423 + #include "ip_nat.h"
424 + #endif /* __FreeBSD__ */
432 bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
433 return(inet_ntoa(sin.sin_addr));
436 + char *getdsthost(fd, ptr)
440 + struct sockaddr_in sin;
441 + struct hostent *hp;
442 + int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0;
443 + char buf[255], hostbuf[255];
445 + struct sockaddr_in rsin;
446 + struct natlookup natlookup;
450 + /* This should also work for UDP. Unfortunately, it doesn't.
451 + Maybe when the Linux UDP proxy code gets a little cleaner.
453 + if(!(err=getsockname(0,&sin,&sl))) {
454 + if(ptr) *ptr=ntohs(sin.sin_port);
455 + sprintf(buf,"%s",inet_ntoa(sin.sin_addr));
456 + gethostname(hostbuf,254);
457 + hp=gethostbyname(hostbuf);
458 + while(hp->h_addr_list[i]) {
460 + memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++]));
461 + if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++;
463 + if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); }
464 + else { return(buf); }
469 + /* The basis for this block of code is Darren Reed's
470 + patches to the TIS ftwk's ftp-gw.
472 + bzero((char*)&sin,sizeof(sin));
473 + bzero((char*)&rsin,sizeof(rsin));
474 + if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
478 + if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
481 + natlookup.nl_inport=sin.sin_port;
482 + natlookup.nl_outport=rsin.sin_port;
483 + natlookup.nl_inip=sin.sin_addr;
484 + natlookup.nl_outip=rsin.sin_addr;
485 + if((natfd=open("/dev/ipl",O_RDONLY))<0) {
488 + if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) {
492 + if(ptr) *ptr=ntohs(natlookup.nl_inport);
493 + sprintf(buf,"%s",inet_ntoa(natlookup.nl_inip));
496 + /* No transparent proxy support */
499 Only in ./lib: hnam.c.orig
500 diff -c -r ./plug-gw/plug-gw.c ../../NEW/fwtk/plug-gw/plug-gw.c
501 *** ./plug-gw/plug-gw.c Thu Sep 5 15:36:33 1996
502 --- ../../NEW/fwtk/plug-gw/plug-gw.c Wed Oct 9 02:46:48 1996
506 static char **validdests = (char **)0;
509 + int do_transparent=0;
511 + char *getdsthost();
526 + /* Transparent plug-gw is probably a bad idea, but hey .. */
527 + dhost=getdsthost(0,&pport);
533 if(c->flags & PERM_DENY) {
535 syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr);
538 syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
546 syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
549 ! if(!dhost) dhost = av[x];
550 ! /* syslog(LLEV,"DEBUG: dhost now is [%s]",dhost); */
554 diff -c -r ./rlogin-gw/rlogin-gw.c ../../NEW/fwtk/rlogin-gw/rlogin-gw.c
555 *** ./rlogin-gw/rlogin-gw.c Fri Sep 6 12:56:33 1996
556 --- ../../NEW/fwtk/rlogin-gw/rlogin-gw.c Wed Oct 9 02:49:04 1996
562 extern char *maphostname();
563 + char *getdsthost();
565 + int do_transparent=0;
567 static int cmd_quit();
568 static int cmd_help();
572 static char *tokav[56];
580 openlog("rlogin-gw",LOG_PID);
583 xforwarder = cf->argv[0];
588 if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
591 xforwarder = cf->argv[0];
595 ! psychic=getdsthost(0,NULL);
598 ! strncpy(dest,psychic,511);
603 if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
609 /* if present a host name, chop and save username and hostname */
611 if((p = index(rusername,'@')) != (char *)0) {
620 /* if present a host name, chop and save username and hostname */
621 ! /* dest[0] = '\0'; */
622 if((p = index(rusername,'@')) != (char *)0) {
635 + /* syslog(LLEV,"DEBUG: Uh-oh, $dest = %s\n",dest); */
637 if(dest[0] != '\0') {
638 /* Setup connection directly to remote machine */
639 + if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
640 + if(cf->argc != 1) {
641 + syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
644 + if(sayfile(0,cf->argv[0])) {
645 + syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
649 + /* Does this cmd_connect thing feel like a kludge or what? */
650 sprintf(buf,"connect %.1000s",dest);
651 tokac = enargv(buf, tokav, 56, tokbuf, sizeof(tokbuf));
652 if (cmd_connect(tokac, tokav, buf) != 2)
657 syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,namp);
658 if(strlen(namp) > 20)
660 if(rusername[0] != '\0')
661 sprintf(ebuf,"Trying %s@%s...",rusername,namp);
663 sprintf(ebuf,"Trying %s...",namp);
667 syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]);
668 if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
672 syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,namp);
673 + if(!do_transparent) {
674 if(strlen(namp) > 20)
676 if(rusername[0] != '\0')
677 sprintf(ebuf,"Trying %s@%s...",rusername,namp);
679 sprintf(ebuf,"Trying %s...",namp);
684 syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]);
685 if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
686 diff -c -r ./tn-gw/tn-gw.c ../../NEW/fwtk/tn-gw/tn-gw.c
687 *** ./tn-gw/tn-gw.c Fri Sep 6 12:55:48 1996
688 --- ../../NEW/fwtk/tn-gw/tn-gw.c Wed Oct 9 02:50:17 1996
692 static int cmd_xforward();
693 static int cmd_timeout();
695 + char *getdsthost();
697 static int tn3270 = 1; /* don't do tn3270 stuff */
703 static int timeout = PROXY_TIMEOUT;
704 static char timed_out_msg[] = "\r\nConnection closed due to inactivity";
706 + int do_transparent=0;
721 openlog("tn-gw",LOG_PID);
728 + psychic=getdsthost(0,&port);
730 + if((strlen(psychic) + 10) < 510) {
733 + sprintf(dest,"%s:%d",psychic,port);
735 + sprintf(dest,"%s",psychic);
739 + if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
740 + if(cf->argc != 1) {
741 + syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
744 + if(sayfile(0,cf->argv[0])) {
745 + syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]);
764 if((namp = maphostname(av[1])) != (char *)0) {
767 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
768 ! sprintf(ebuf,"Trying %s port %d...",namp,port);
772 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
778 if((namp = maphostname(av[1])) != (char *)0) {
781 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
782 ! if(!do_transparent) {
783 ! sprintf(ebuf,"Trying %s port %d...",namp,port);
788 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
793 syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
794 strncpy(dest,av[1], 511);
795 ! sprintf(buf, "Connected to %s.", dest);
802 syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
803 strncpy(dest,av[1], 511);
804 ! if(!do_transparent) {
805 ! sprintf(buf, "Connected to %s.", dest);
tuxillo's projects / dragonfly.git / blob