diff options
| author | cy <cy@FreeBSD.org> | 2013-07-19 05:41:57 +0000 |
|---|---|---|
| committer | cy <cy@FreeBSD.org> | 2013-07-19 05:41:57 +0000 |
| commit | 672af8808c0e7c15f330b401482f9271c2eb3fa6 (patch) | |
| tree | 225b5acf68c01bc6a260b386c2b2dbf4fa2839e3 /contrib/ipfilter/FWTK/fwtk_transparent.diff | |
| parent | 71e82d94e82560b20789833f60056506de34de8b (diff) | |
| download | FreeBSD-src-672af8808c0e7c15f330b401482f9271c2eb3fa6.zip FreeBSD-src-672af8808c0e7c15f330b401482f9271c2eb3fa6.tar.gz | |
As per the developers handbook (5.3.1 step 1), prepare the vendor trees for
import of new ipfilter vendor sources by flattening them.
To keep the tags consistent with dist, the tags are also flattened.
Approved by: glebius (Mentor)
Diffstat (limited to 'contrib/ipfilter/FWTK/fwtk_transparent.diff')
| -rw-r--r-- | contrib/ipfilter/FWTK/fwtk_transparent.diff | 1025 |
1 files changed, 0 insertions, 1025 deletions
diff --git a/contrib/ipfilter/FWTK/fwtk_transparent.diff b/contrib/ipfilter/FWTK/fwtk_transparent.diff deleted file mode 100644 index a6c21fa..0000000 --- a/contrib/ipfilter/FWTK/fwtk_transparent.diff +++ /dev/null @@ -1,1025 +0,0 @@ -diff -cr ../TIS.orig/fwtk/Makefile.config.linux fwtk/Makefile.config.linux -*** ../TIS.orig/fwtk/Makefile.config.linux Sat Sep 7 05:58:21 1996 ---- fwtk/Makefile.config.linux Sun Feb 2 05:48:01 1997 -*************** -*** 13,19 **** - - - # Your C compiler (eg, "cc" or "gcc") -! CC= cc - - - # program to use for installation -- this may or may not preserve ---- 13,19 ---- - - - # Your C compiler (eg, "cc" or "gcc") -! CC= gcc - - - # program to use for installation -- this may or may not preserve -*************** -*** 24,37 **** - - # Defines for your operating system - # -! DEFINES=-DLINUX - #DEFINES=-DSYSV -DSOLARIS - - # Options for your compiler (eg, "-g" for debugging, "-O" for - # optimizing, or "-g -O" for both under GCC) - #COPT= -g -traditional $(DEFINES) -! COPT= -g $(DEFINES) -! #COPT= -O $(DEFINES) - - # Version of "make" you want to use - #MAKE= gnumake ---- 24,37 ---- - - # Defines for your operating system - # -! DEFINES=-DLINUX -DUSE_IP_FILTER - #DEFINES=-DSYSV -DSOLARIS - - # Options for your compiler (eg, "-g" for debugging, "-O" for - # optimizing, or "-g -O" for both under GCC) - #COPT= -g -traditional $(DEFINES) -! #COPT= -g $(DEFINES) -! COPT= -O $(DEFINES) - - # Version of "make" you want to use - #MAKE= gnumake -*************** -*** 44,50 **** - - - # Destination directory for installation of binaries -! DEST= /usr/local/etc - - - # Destination directory for installation of man pages ---- 44,50 ---- - - - # Destination directory for installation of binaries -! DEST= /usr/local/sbin - - - # Destination directory for installation of man pages -*************** -*** 72,78 **** - # or -Bstatic for static binaries under SunOS 4.1.x) - #LDFL= -Bstatic - #LDFL= -! LDFL= -g - - - # Location of the fwtk sources [For #include by any external tools needing it] ---- 72,79 ---- - # or -Bstatic for static binaries under SunOS 4.1.x) - #LDFL= -Bstatic - #LDFL= -! #LDFL= -g -! LDFL= -O - - - # Location of the fwtk sources [For #include by any external tools needing it] -*************** -*** 81,87 **** - - - # Location of X libraries for X-gw -! XLIBDIR=/usr/X11/lib - #XLIBDIR=/usr/local/X11R5/lib - - # X Libraries ---- 82,88 ---- - - - # Location of X libraries for X-gw -! XLIBDIR=/usr/X11R6/lib - #XLIBDIR=/usr/local/X11R5/lib - - # X Libraries -*************** -*** 96,102 **** - #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 - - # Location of X include files -! XINCLUDE=/usr/X11/include - #XINCLUDE=/usr/local/X11R5/include - - # Objects to include in libfwall for SYSV ---- 97,103 ---- - #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 - - # Location of X include files -! XINCLUDE=/usr/X11R6/include - #XINCLUDE=/usr/local/X11R5/include - - # Objects to include in libfwall for SYSV -diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris -*** ../TIS.orig/fwtk/Makefile.config.solaris Sat Sep 7 06:14:13 1996 ---- fwtk/Makefile.config.solaris Sun Feb 2 06:09:19 1997 -*************** -*** 11,30 **** - # - # RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.2 2001/02/28 09:36:06 darrenr Exp $" - - - # Your C compiler (eg, "cc" or "gcc") -! CC= cc - - - # program to use for installation -- this may or may not preserve - # old versions (or whatever). assumes that it takes parameters: - # copy source dest -! CP= cp - - - # Defines for your operating system - # -! DEFINES=-DSYSV -DSOLARIS - - #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \ - -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \ ---- 11,34 ---- - # - # RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.2 2001/02/28 09:36:06 darrenr Exp $" - -+ # -+ # Path to sources of ip_filter (ip_nat.h required in lib/hnam.c) -+ # -+ IPFPATH=/src/unpacked/firewall/ip_fil3.1.5 - - # Your C compiler (eg, "cc" or "gcc") -! CC= gcc - - - # program to use for installation -- this may or may not preserve - # old versions (or whatever). assumes that it takes parameters: - # copy source dest -! CP= /usr/ucb/install -c -s - - - # Defines for your operating system - # -! DEFINES=-DSYSV -DSOLARIS -DUSE_IP_FILTER -I$(IPFPATH) - - #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \ - -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \ -*************** -*** 45,52 **** - - - # Your ranlib utility (use "touch" if you don't have ranlib) -! RANLIB= ranlib -! #RANLIB= touch - - - # Destination directory for installation of binaries ---- 49,56 ---- - - - # Your ranlib utility (use "touch" if you don't have ranlib) -! # RANLIB= ranlib -! RANLIB= touch - - - # Destination directory for installation of binaries -diff -cr ../TIS.orig/fwtk/firewall.h fwtk/firewall.h -*** ../TIS.orig/fwtk/firewall.h Sun Sep 8 05:55:26 1996 ---- fwtk/firewall.h Sun Feb 2 05:23:33 1997 -*************** -*** 47,53 **** - system. - */ - #ifndef PERMFILE -! #define PERMFILE "/usr/local/etc/netperm-table" - #endif - - /* ---- 47,53 ---- - system. - */ - #ifndef PERMFILE -! #define PERMFILE "/etc/fwtk/netperm-table" - #endif - - /* -*************** -*** 67,73 **** - - /* Choose a system logging facility for the firewall toolkit. */ - #ifndef LFAC -! #define LFAC LOG_DAEMON - #endif - - ---- 67,73 ---- - - /* Choose a system logging facility for the firewall toolkit. */ - #ifndef LFAC -! #define LFAC LOG_LOCAL5 - #endif - - -*************** -*** 215,220 **** - #define PERM_ALLOW 01 - #define PERM_DENY 02 - -! - #define _INCL_FWALL_H - #endif ---- 215,222 ---- - #define PERM_ALLOW 01 - #define PERM_DENY 02 - -! #ifdef USE_IP_FILTER -! extern char *getdsthost(int, int*); -! #endif - #define _INCL_FWALL_H - #endif -diff -cr ../TIS.orig/fwtk/ftp-gw/ftp-gw.c fwtk/ftp-gw/ftp-gw.c -*** ../TIS.orig/fwtk/ftp-gw/ftp-gw.c Fri Sep 6 18:55:05 1996 ---- fwtk/ftp-gw/ftp-gw.c Sat Feb 1 06:49:13 1997 -*************** -*** 50,55 **** ---- 50,59 ---- - #ifndef FTPPORT - #define FTPPORT 21 - #endif -+ #ifdef USE_IP_FILTER -+ static int do_transparent=0; -+ static int connectdest(); -+ #endif - - static Cfg *confp; - static char **validests = (char **)0; -*************** -*** 170,175 **** ---- 174,182 ---- - char xuf[1024]; - char huf[128]; - char *passuser = (char *)0; /* passed user as av */ -+ #ifdef USE_IP_FILTER -+ char *psychic, *hotline; -+ #endif - - #ifndef LOG_DAEMON - openlog("ftp-gw",LOG_PID); -*************** -*** 313,320 **** - } - } else - timeout = 60*60; - -- - /* display a welcome file or message */ - if(passuser == (char *)0) { - if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { ---- 320,330 ---- - } - } else - timeout = 60*60; -+ #ifdef USE_IP_FILTER -+ psychic=getdsthost(0,NULL); -+ if(psychic) { do_transparent++; } -+ #endif - - /* display a welcome file or message */ - if(passuser == (char *)0) { - if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { -*************** -*** 322,327 **** ---- 332,345 ---- - syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); - exit(1); - } -+ #ifdef USE_IP_FILTER -+ if(do_transparent) { -+ if(sayfile2(0,cf->argv[0],220)) { -+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); -+ exit(1); -+ } -+ } else -+ #endif /* USE_IP_FILTER */ - if(sayfile(0,cf->argv[0],220)) { - syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); - exit(1); -*************** -*** 332,338 **** - if(authallflg) - if(say(0,"220-Proxy first requires authentication")) - exit(1); -! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); - if(say(0,xuf)) - exit(1); - } ---- 350,361 ---- - if(authallflg) - if(say(0,"220-Proxy first requires authentication")) - exit(1); -! #ifdef USE_IP_FILTER -! if(do_transparent) -! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); -! else -! #endif -! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); - if(say(0,xuf)) - exit(1); - } -*************** -*** 352,358 **** - if(cmd_user(2,fakav,"user internal")) - exit(1); - } -! - /* main loop */ - while(1) { - FD_ZERO(&rdy); ---- 375,386 ---- - if(cmd_user(2,fakav,"user internal")) - exit(1); - } -! #ifdef USE_IP_FILTER -! if(do_transparent) { -! connectdest(psychic,21); -! } -! #endif -! - /* main loop */ - while(1) { - FD_ZERO(&rdy); -*************** -*** 676,681 **** ---- 704,719 ---- - return(sayn(0,noad,sizeof(noad)-1)); - } - -+ #ifdef USE_IP_FILTER -+ if(do_transparent) { -+ if((rfd==(-1)) && (x=connectdest(dest,port))) return x; -+ sprintf(buf,"USER %s",user); -+ if(say(rfd,buf)) return(1); -+ x=getresp(rfd,buf,sizeof(buf),1); -+ if(sendsaved(0,x)) return(1); -+ return(say(0,buf)); -+ } -+ #endif - if(*dest == '\0') - dest = "localhost"; - -*************** -*** 717,723 **** - char ebuf[512]; - - strcpy(ebuf,buf); -! sprintf(buf,"521 %s: %s",dest,ebuf); - rfd = -1; - return(say(0,buf)); - } ---- 755,766 ---- - char ebuf[512]; - - strcpy(ebuf,buf); -! #ifdef USE_IP_FILTER -! if(do_transparent) { -! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf); -! } else -! #endif -! sprintf(buf,"521 %s: %s",dest,ebuf); - rfd = -1; - return(say(0,buf)); - } -*************** -*** 1874,1876 **** ---- 1917,2036 ---- - dup(nread); - } - #endif -+ -+ #ifdef USE_IP_FILTER -+ static int connectdest(dest, port) -+ char *dest; -+ short port; -+ { -+ char buf[1024], mbuf[512]; -+ int msg_int, x; -+ -+ if(*dest == '\0') -+ dest = "localhost"; -+ -+ if(validests != (char **)0) { -+ char **xp; -+ int x; -+ -+ for(xp = validests; *xp != (char *)0; xp++) { -+ if(**xp == '!' && hostmatch(*xp + 1,dest)) { -+ return(baddest(0,dest)); -+ } else { -+ if(hostmatch(*xp,dest)) -+ break; -+ } -+ } -+ if(*xp == (char *)0) -+ return(baddest(0,dest)); -+ } -+ -+ /* Extended permissions processing goes in here for destination */ -+ if(extendperm) { -+ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0); -+ if(msg_int == 1) { -+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); -+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); -+ say(0,mbuf); -+ return(1); -+ } else { -+ if(msg_int == -1) { -+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); -+ say(0,mbuf); -+ return(1); -+ } -+ } -+ } -+ -+ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest); -+ -+ if((rfd = conn_server(dest,port,0,buf)) < 0) { -+ char ebuf[512]; -+ -+ strcpy(ebuf,buf); -+ sprintf(buf,"521 %s: %s",dest,ebuf); -+ rfd = -1; -+ return(say(0,buf)); -+ } -+ if(!do_transparent) { -+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); -+ saveline(buf); -+ } -+ -+ /* we are now connected and need to try the autologin thing */ -+ x = getresp(rfd,buf,sizeof(buf),1); -+ if(x / 100 != COMPLETE) { -+ sendsaved(0,-1); -+ return(say(0,buf)); -+ } -+ saveline(buf); -+ -+ sendsaved(0,-1); -+ return 0; -+ } -+ -+ -+ /* ok, so i'm in a hurry. english paper due RSN. */ -+ sayfile2(fd,fn,code) -+ int fd; -+ char *fn; -+ int code; -+ { -+ FILE *f; -+ char buf[BUFSIZ]; -+ char yuf[BUFSIZ]; -+ char *c; -+ int x; -+ int saidsomething = 0; -+ -+ if((f = fopen(fn,"r")) == (FILE *)0) -+ return(1); -+ while(fgets(buf,sizeof(buf),f) != (char *)0) { -+ if((c = index(buf,'\n')) != (char *)0) -+ *c = '\0'; -+ x = fgetc(f); -+ if(feof(f)) -+ sprintf(yuf,"%3.3d-%s",code,buf); -+ else { -+ sprintf(yuf,"%3.3d-%s",code,buf); -+ ungetc(x,f); -+ } -+ if(say(fd,yuf)) { -+ fclose(f); -+ return(1); -+ } -+ saidsomething++; -+ } -+ fclose(f); -+ if (!saidsomething) { -+ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code); -+ sprintf(yuf, "%3.3d The file to display is empty",code); -+ if(say(fd,yuf)) { -+ fclose(f); -+ return(1); -+ } -+ } -+ return(0); -+ } -+ -+ #endif /* USE_IP_FILTER */ -diff -cr ../TIS.orig/fwtk/http-gw/http-gw.c fwtk/http-gw/http-gw.c -*** ../TIS.orig/fwtk/http-gw/http-gw.c Mon Sep 9 20:40:53 1996 ---- fwtk/http-gw/http-gw.c Sun Feb 2 06:41:18 1997 -*************** -*** 27,32 **** ---- 27,35 ---- - static char http_buffer[8192]; - static char reason[8192]; - static int checkBrowserType = 1; -+ #ifdef USE_IP_FILTER -+ static int do_transparent=0; -+ #endif - - static void do_logging() - { char *proto = "GOPHER"; -*************** -*** 422,427 **** ---- 425,441 ---- - /*(NOT A SPECIAL FORM)*/ - - if((rem_type & TYPE_LOCAL)== 0){ -+ #ifdef USE_IP_FILTER -+ char *psychic=getdsthost(sockfd,&def_port); -+ if(psychic) { -+ if(strlen(psychic)<=MAXHOSTNAMELEN) { -+ do_transparent++; -+ strncpy(def_httpd,psychic,strlen(psychic)); -+ strncpy(def_server,psychic,strlen(psychic)); -+ } -+ } -+ -+ #endif /* USE_IP_FILTER */ - /* See if it can be forwarded */ - - if( can_forward(buf)){ -*************** -*** 1513,1518 **** ---- 1527,1537 ---- - parse_vec[0], - parse_vec[1], - ourname, ourport); -+ } -+ #ifdef USE_IP_FILTER -+ else if(do_transparent) { -+ sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]); -+ #endif /* USE_IP_FILTER */ - }else{ - sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u", - parse_vec[0], parse_vec[2], -diff -cr ../TIS.orig/fwtk/lib/hnam.c fwtk/lib/hnam.c -*** ../TIS.orig/fwtk/lib/hnam.c Sat Nov 5 00:30:19 1994 ---- fwtk/lib/hnam.c Sat Feb 1 08:17:46 1997 -*************** -*** 20,25 **** ---- 20,37 ---- - - extern char *inet_ntoa(); - -+ #if defined(USE_IP_FILTER) -+ #include <net/if.h> -+ #ifndef LINUX -+ #include "ip_nat.h" -+ #endif -+ #if defined(SOLARIS) -+ #include <sys/stat.h> -+ #include <fcntl.h> -+ #include <unistd.h> -+ #include <sys/ioccom.h> -+ #endif -+ #endif /* IP_FILTER */ - - #include "firewall.h" - -*************** -*** 45,47 **** ---- 57,158 ---- - bcopy(hp->h_addr,&sin.sin_addr,hp->h_length); - return(inet_ntoa(sin.sin_addr)); - } -+ -+ -+ -+ #ifdef USE_IP_FILTER -+ char *getdsthost(fd, ptr) -+ int fd; -+ int *ptr; -+ { -+ struct sockaddr_in sin; -+ struct hostent *hp; -+ int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0; -+ static char buf[255], hostbuf[255]; -+ #if defined(__FreeBSD__) || defined(SOLARIS) -+ struct sockaddr_in rsin; -+ struct natlookup natlookup; -+ int natfd; -+ #endif -+ -+ #ifdef linux -+ /* This should also work for UDP. Unfortunately, it doesn't. -+ Maybe when the Linux UDP proxy code gets a little cleaner. -+ */ -+ if(!(err=getsockname(0,&sin,&sl))) { -+ if(ptr) *ptr=ntohs(sin.sin_port); -+ sprintf(buf,"%s",inet_ntoa(sin.sin_addr)); -+ gethostname(hostbuf,254); -+ hp=gethostbyname(hostbuf); -+ while(hp->h_addr_list[i]) { -+ bzero(&sin,&sl); -+ memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++])); -+ if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++; -+ } -+ if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); } -+ else { return(buf); } -+ } -+ #endif -+ -+ #if defined(__FreeBSD__) -+ /* The basis for this block of code is Darren Reed's -+ patches to the TIS ftwk's ftp-gw. -+ */ -+ bzero((char*)&sin,sizeof(sin)); -+ bzero((char*)&rsin,sizeof(rsin)); -+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) { -+ return NULL; -+ } -+ sl=sizeof(rsin); -+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) { -+ return NULL; -+ } -+ natlookup.nl_inport=sin.sin_port; -+ natlookup.nl_outport=rsin.sin_port; -+ natlookup.nl_inip=sin.sin_addr; -+ natlookup.nl_outip=rsin.sin_addr; -+ if((natfd=open("/dev/ipnat",O_RDONLY))<0) { -+ return(NULL); -+ } -+ if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) { -+ return(NULL); -+ } -+ close(natfd); -+ if(ptr) *ptr=ntohs(natlookup.nl_realport); -+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip)); -+ #endif -+ -+ #if defined(SOLARIS) /* for Solaris */ -+ /* The basis for this block of code is Darren Reed's -+ * patches to the TIS ftwk's ftp-gw. -+ * modified for Solaris from Michael Kutzner, Michael.Kutzner@paderlinx.de -+ */ -+ memset((char*)&sin, 0, sizeof(sin)); -+ memset((char*)&rsin, 0, sizeof(rsin)); -+ -+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) { -+ return NULL; -+ } -+ sl=sizeof(rsin); -+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) { -+ return NULL; -+ } -+ natlookup.nl_inport=sin.sin_port; -+ natlookup.nl_outport=rsin.sin_port; -+ natlookup.nl_inip=sin.sin_addr; -+ natlookup.nl_outip=rsin.sin_addr; -+ if( (natfd=open(IPL_NAT,O_RDONLY)) < 0) { -+ return(NULL); -+ } -+ if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) { -+ return(NULL); -+ } -+ close(natfd); -+ if(ptr) *ptr=ntohs(natlookup.nl_realport); -+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip)); -+ #endif -+ -+ /* No transparent proxy support */ -+ return(NULL); -+ } -+ #endif /* USE_IP_FILTER */ -diff -cr ../TIS.orig/fwtk/plug-gw/plug-gw.c fwtk/plug-gw/plug-gw.c -*** ../TIS.orig/fwtk/plug-gw/plug-gw.c Thu Sep 5 21:36:33 1996 ---- fwtk/plug-gw/plug-gw.c Sun Feb 2 04:50:40 1997 -*************** -*** 38,44 **** - static int timeout = PROXY_TIMEOUT; - static char **validdests = (char **)0; - static Cfg *confp; -! - main(ac,av) - int ac; - char *av[]; ---- 38,46 ---- - static int timeout = PROXY_TIMEOUT; - static char **validdests = (char **)0; - static Cfg *confp; -! #ifdef USE_IP_FILTER -! static int do_transparent=0; -! #endif - main(ac,av) - int ac; - char *av[]; -*************** -*** 189,201 **** - static char buf[1024 * 4]; - void (*op)(); - char *dhost = NULL; - char hostport[1024 * 4]; - char *ptr; - int state = 0; - int ssl_plug = 0; -! - struct timeval timo; - - if(c->flags & PERM_DENY) { - if (p == -1) - syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr); ---- 191,215 ---- - static char buf[1024 * 4]; - void (*op)(); - char *dhost = NULL; -+ char *transhost = NULL; - char hostport[1024 * 4]; - char *ptr; - int state = 0; - int ssl_plug = 0; -! #ifdef USE_IP_FILTER -! int pport; -! #endif - struct timeval timo; - -+ #ifdef USE_IP_FILTER -+ /* Transparent plug-gw is probably a bad idea, but hey .. */ -+ transhost=getdsthost(0,&pport); -+ if(transhost) { -+ do_transparent++; -+ portid=pport; -+ } -+ #endif -+ - if(c->flags & PERM_DENY) { - if (p == -1) - syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr); -*************** -*** 223,229 **** - privport = 1; - continue; - } -! - if (!strcmp(av[x], "-port")) { - if (++x >= ac) { - syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln); ---- 237,248 ---- - privport = 1; - continue; - } -! #ifdef USE_IP_FILTER -! if (!strcmp(av[x],"-all-destinations")) { -! dhost = transhost; -! continue; -! } -! #endif - if (!strcmp(av[x], "-port")) { - if (++x >= ac) { - syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln); -diff -cr ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c fwtk/rlogin-gw/rlogin-gw.c -*** ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c Fri Sep 6 18:56:33 1996 ---- fwtk/rlogin-gw/rlogin-gw.c Sun Feb 2 06:26:04 1997 -*************** -*** 40,46 **** - - extern char *maphostname(); - -! - static int cmd_quit(); - static int cmd_help(); - static int cmd_connect(); ---- 40,48 ---- - - extern char *maphostname(); - -! #ifdef USE_IP_FILTER -! static int do_transparent=0; -! #endif - static int cmd_quit(); - static int cmd_help(); - static int cmd_connect(); -*************** -*** 120,125 **** ---- 122,130 ---- - static char *tokav[56]; - int tokac; - struct timeval timo; -+ #ifdef USE_IP_FILTER -+ char *psychic; -+ #endif - - #ifndef LOG_NDELAY - openlog("rlogin-gw",LOG_PID); -*************** -*** 186,192 **** - } - - -! - if((cf = cfg_get("directory",confp)) != (Cfg *)0) { - if(cf->argc != 1) { - syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln); ---- 191,204 ---- - } - - -! #ifdef USE_IP_FILTER -! psychic=getdsthost(0,NULL); -! if(psychic) { -! do_transparent++; -! strncpy(dest,psychic,511); -! dest[511]='\0'; -! } -! #endif /* USE_IP_FILTER */ - if((cf = cfg_get("directory",confp)) != (Cfg *)0) { - if(cf->argc != 1) { - syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln); -*************** -*** 260,269 **** - } - - /* if present a host name, chop and save username and hostname */ -- dest[0] = '\0'; - if((p = index(rusername,'@')) != (char *)0) { - char *namp; - - *p++ = '\0'; - if(*p == '\0') - p = "localhost"; ---- 272,281 ---- - } - - /* if present a host name, chop and save username and hostname */ - if((p = index(rusername,'@')) != (char *)0) { - char *namp; - -+ dest[0] = '\0'; - *p++ = '\0'; - if(*p == '\0') - p = "localhost"; -*************** -*** 532,539 **** ---- 544,557 ---- - sprintf(ebuf,"Trying %s@%s...",rusername,namp); - else - sprintf(ebuf,"Trying %s...",namp); -+ #ifdef USE_IP_FILTER -+ if(!do_transparent) { -+ #endif - if(say(0,ebuf)) - return(1); -+ #ifdef USE_IP_FILTER -+ } -+ #endif - } else - syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]); - if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) { -diff -cr ../TIS.orig/fwtk/tn-gw/tn-gw.c fwtk/tn-gw/tn-gw.c -*** ../TIS.orig/fwtk/tn-gw/tn-gw.c Fri Sep 6 18:55:48 1996 ---- fwtk/tn-gw/tn-gw.c Sun Feb 2 06:06:33 1997 -*************** -*** 97,102 **** ---- 97,106 ---- - static int timeout = PROXY_TIMEOUT; - static char timed_out_msg[] = "\r\nConnection closed due to inactivity"; - -+ #ifdef USE_IP_FILTER -+ static int do_transparent=0; -+ #endif -+ - typedef struct { - char *name; - char *hmsg; -*************** -*** 140,145 **** ---- 144,153 ---- - char tokbuf[BSIZ]; - char *tokav[56]; - int tokac; -+ #ifdef USE_IP_FILTER -+ int port; -+ char *psychic; -+ #endif - - #ifndef LOG_DAEMON - openlog("tn-gw",LOG_PID); -*************** -*** 307,313 **** - exit(1); - } - } -! - while (argc > 1) { - argc--; - argv++; ---- 315,349 ---- - exit(1); - } - } -! #ifdef USE_IP_FILTER -! psychic=getdsthost(0,&port); -! if(psychic) { -! if((strlen(psychic) + 10) < 510) { -! do_transparent++; -! if(port) -! sprintf(dest,"%s:%d",psychic,port); -! else -! sprintf(dest,"%s",psychic); -! -! -! if(!welcomedone) -! if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { -! if(cf->argc != 1) { -! syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); -! exit(1); -! } -! if(sayfile(0,cf->argv[0])) { -! syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]); -! exit(1); -! } -! welcomedone = 1; -! } -! -! -! } -! } -! -! #endif /* USE_IP_FILTER */ - while (argc > 1) { - argc--; - argv++; -*************** -*** 870,877 **** - - syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); - sprintf(ebuf,"Trying %s port %d...",namp,port); -! if(say(0,ebuf)) -! return(1); - } else - syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); - ---- 906,920 ---- - - syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); - sprintf(ebuf,"Trying %s port %d...",namp,port); -! #ifdef USE_IP_FILTER -! if(!do_transparent) { -! sprintf(ebuf,"Trying %s port %d...",namp,port); -! #endif -! if(say(0,ebuf)) -! return(1); -! #ifdef USE_IP_FILTER -! } -! #endif - } else - syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); - -*************** -*** 903,910 **** - - syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); - strncpy(dest,av[1], 511); -! sprintf(buf, "Connected to %s.", dest); - say(0, buf); - return(2); - } - ---- 946,959 ---- - - syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); - strncpy(dest,av[1], 511); -! #ifdef USE_IP_FILTER -! if(!do_transparent) { -! sprintf(buf, "Connected to %s.", dest); -! say(0, buf); -! } -! #else - say(0, buf); -+ #endif - return(2); - } - -diff -cr ../TIS.orig/fwtk/x-gw/socket.c fwtk/x-gw/socket.c -*** ../TIS.orig/fwtk/x-gw/socket.c Sat Sep 7 05:16:35 1996 ---- fwtk/x-gw/socket.c Sun Feb 2 05:26:44 1997 -*************** -*** 212,218 **** - case AF_UNIX: un_name = (struct sockaddr_un *)addr; - len = sizeof(un_name->sun_family) + - sizeof(un_name->sun_path) -! #ifdef SCM_RIGHTS /* 4.3BSD Reno and later */ - + sizeof(un_name->sun_len) + 1 - #endif - ; ---- 212,218 ---- - case AF_UNIX: un_name = (struct sockaddr_un *)addr; - len = sizeof(un_name->sun_family) + - sizeof(un_name->sun_path) -! #if defined(SCM_RIGHTS) && !defined(LINUX)/* 4.3BSD Reno and later */ - + sizeof(un_name->sun_len) + 1 - #endif - ; -Only in fwtk/x-gw: socket.c.bak |
