summaryrefslogtreecommitdiffstats
path: root/contrib/ipfilter/FWTK
diff options
context:
space:
mode:
authordarrenr <darrenr@FreeBSD.org>1997-02-09 22:50:16 +0000
committerdarrenr <darrenr@FreeBSD.org>1997-02-09 22:50:16 +0000
commitcb8d46a179f2d30ac1cd0a01eb156e1a4c08d717 (patch)
tree93c7db298b1fd70f9e27663b3fd527da063d0008 /contrib/ipfilter/FWTK
downloadFreeBSD-src-cb8d46a179f2d30ac1cd0a01eb156e1a4c08d717.zip
FreeBSD-src-cb8d46a179f2d30ac1cd0a01eb156e1a4c08d717.tar.gz
Import IP Filter v3.1.7 into FreeBSD tree
Diffstat (limited to 'contrib/ipfilter/FWTK')
-rw-r--r--contrib/ipfilter/FWTK/README16
-rw-r--r--contrib/ipfilter/FWTK/ftp-gw.diff237
-rw-r--r--contrib/ipfilter/FWTK/fwtkp812
3 files changed, 1065 insertions, 0 deletions
diff --git a/contrib/ipfilter/FWTK/README b/contrib/ipfilter/FWTK/README
new file mode 100644
index 0000000..216d205
--- /dev/null
+++ b/contrib/ipfilter/FWTK/README
@@ -0,0 +1,16 @@
+
+There are two patch files in this directory, each allowing for the Firewall
+Toolkit to be used in a transparent proxy configuration.
+
+ftp-gw.diff - A patch written by myself for use only with IP Filter and
+ ftp-gw from the Firewall Toolkit.
+
+fwtkp - A set of patches written by James B. Croall (jcroall@foo.org)
+ for use with both IP Filter and ipfwadm (for Linux) and more
+ of the various FWTK gateway plugins, including:
+ ftp-gw http-gw plug-gw rlogin-gw tn-gw
+
+Both patches when applied to the Firewall toolkit require the same
+configuration for IP Filter.
+
+Darren
diff --git a/contrib/ipfilter/FWTK/ftp-gw.diff b/contrib/ipfilter/FWTK/ftp-gw.diff
new file mode 100644
index 0000000..075e6eb
--- /dev/null
+++ b/contrib/ipfilter/FWTK/ftp-gw.diff
@@ -0,0 +1,237 @@
+*** ftp-gw.c.orig Sat Nov 5 10:30:16 1994
+--- ftp-gw.c Sun Jul 7 12:25:15 1996
+***************
+*** 11,31 ****
+ */
+ static char RcsId[] = "$Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.0.1.1 1997/01/09 15:14:46 darrenr Exp $";
+
+
+ #include <stdio.h>
+ #include <ctype.h>
+ #include <syslog.h>
+ #include <sys/signal.h>
+ #include <sys/ioctl.h>
+ #include <sys/errno.h>
+- extern int errno;
+- extern char *sys_errlist[];
+ #include <arpa/ftp.h>
+ #include <arpa/telnet.h>
+ #include <sys/time.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+
+ extern char *rindex();
+ extern char *index();
+--- 11,37 ----
+ */
+ static char RcsId[] = "$Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.0.1.1 1997/01/09 15:14:46 darrenr Exp $";
+
++ /*
++ * Patches for IP Filter NAT extensions written by Darren Reed, 7/7/96
++ * darrenr@cyber.com.au
++ */
++ static char vIpFilter[] = "v3.1.0";
+
+ #include <stdio.h>
+ #include <ctype.h>
+ #include <syslog.h>
++ #include <unistd.h>
++ #include <fcntl.h>
+ #include <sys/signal.h>
+ #include <sys/ioctl.h>
+ #include <sys/errno.h>
+ #include <arpa/ftp.h>
+ #include <arpa/telnet.h>
+ #include <sys/time.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <netinet/in.h>
++ #include <net/if.h>
+
+ extern char *rindex();
+ extern char *index();
+***************
+*** 36,41 ****
+--- 42,48 ----
+
+ #include "firewall.h"
+
++ #include "ip_nat.h"
+
+ #ifndef BSIZ
+ #define BSIZ 2048
+***************
+*** 83,88 ****
+--- 90,97 ----
+ static int cmd_noop();
+ static int cmd_abor();
+ static int cmd_passthru();
++ static int nat_destination();
++ static int connectdest();
+ static void saveline();
+ static void flushsaved();
+ static void trap_sigurg();
+***************
+*** 317,323 ****
+ if(authallflg)
+ if(say(0,"220-Proxy first requires authentication"))
+ exit(1);
+! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
+ if(say(0,xuf))
+ exit(1);
+ }
+--- 326,335 ----
+ if(authallflg)
+ if(say(0,"220-Proxy first requires authentication"))
+ exit(1);
+! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
+! if(say(0,xuf))
+! exit(1);
+! sprintf(xuf,"220-%s TIS ftp-gw with IP Filter %s NAT extensions",huf,vIpFilter);
+ if(say(0,xuf))
+ exit(1);
+ }
+***************
+*** 338,343 ****
+--- 350,357 ----
+ exit(1);
+ }
+
++ nat_destination(0);
++
+ /* main loop */
+ while(1) {
+ FD_ZERO(&rdy);
+***************
+*** 608,619 ****
+ static char narg[] = "501 Missing or extra username";
+ static char noad[] = "501 Use user@site to connect via proxy";
+ char buf[1024];
+- char mbuf[512];
+ char *p;
+ char *dest;
+ char *user;
+ int x;
+- int msg_int;
+ short port = FTPPORT;
+
+ /* kludgy but effective. if authorizing everything call auth instead */
+--- 622,631 ----
+***************
+*** 643,648 ****
+--- 655,681 ----
+ return(sayn(0,noad,sizeof(noad)));
+ }
+
++ if((rfd == -1) && (x = connectdest(dest,port)))
++ return x;
++ sprintf(buf,"USER %s",user);
++ if(say(rfd,buf))
++ return(1);
++ x = getresp(rfd,buf,sizeof(buf),1);
++ if(sendsaved(0,x))
++ return(1);
++ return(say(0,buf));
++ }
++
++ static int
++ connectdest(dest,port)
++ char *dest;
++ short port;
++ {
++ char buf[1024];
++ char mbuf[512];
++ int msg_int;
++ int x;
++
+ if(*dest == '\0')
+ dest = "localhost";
+
+***************
+*** 685,691 ****
+ char ebuf[512];
+
+ strcpy(ebuf,buf);
+! sprintf(buf,"521 %s: %s",dest,ebuf);
+ return(say(0,buf));
+ }
+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
+--- 718,724 ----
+ char ebuf[512];
+
+ strcpy(ebuf,buf);
+! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
+ return(say(0,buf));
+ }
+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
+***************
+*** 698,711 ****
+ return(say(0,buf));
+ }
+ saveline(buf);
+!
+! sprintf(buf,"USER %s",user);
+! if(say(rfd,buf))
+! return(1);
+! x = getresp(rfd,buf,sizeof(buf),1);
+! if(sendsaved(0,x))
+! return(1);
+! return(say(0,buf));
+ }
+
+
+--- 731,738 ----
+ return(say(0,buf));
+ }
+ saveline(buf);
+! sendsaved(0,-1);
+! return 0;
+ }
+
+
+***************
+*** 1591,1593 ****
+--- 1618,1659 ----
+ dup(nread);
+ }
+ #endif
++
++
++ static int
++ nat_destination(fd)
++ int fd;
++ {
++ struct sockaddr_in laddr, faddr;
++ struct natlookup natlookup;
++ char *dest;
++ int slen, natfd;
++
++ bzero((char *)&laddr, sizeof(laddr));
++ bzero((char *)&faddr, sizeof(faddr));
++ slen = sizeof(laddr);
++ if(getsockname(fd,(struct sockaddr *)&laddr,&slen) < 0) {
++ perror("getsockname");
++ exit(1);
++ }
++ slen = sizeof(faddr);
++ if(getpeername(fd,(struct sockaddr *)&faddr,&slen) < 0) {
++ perror("getsockname");
++ exit(1);
++ }
++
++ natlookup.nl_inport = laddr.sin_port;
++ natlookup.nl_outport = faddr.sin_port;
++ natlookup.nl_inip = laddr.sin_addr;
++ natlookup.nl_outip = faddr.sin_addr;
++ if((natfd = open("/dev/ipl", O_RDONLY)) < 0) {
++ perror("open");
++ exit(1);
++ }
++ if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) {
++ perror("ioctl");
++ exit(1);
++ }
++ close(natfd);
++ return connectdest(inet_ntoa(natlookup.nl_inip),ntohs(natlookup.nl_inport));
++ }
diff --git a/contrib/ipfilter/FWTK/fwtkp b/contrib/ipfilter/FWTK/fwtkp
new file mode 100644
index 0000000..8f4819a
--- /dev/null
+++ b/contrib/ipfilter/FWTK/fwtkp
@@ -0,0 +1,812 @@
+diff -c -r ./ftp-gw/ftp-gw.c ../../NEW/fwtk/ftp-gw/ftp-gw.c
+*** ./ftp-gw/ftp-gw.c Fri Sep 6 12:55:05 1996
+--- ../../NEW/fwtk/ftp-gw/ftp-gw.c Wed Oct 9 02:51:35 1996
+***************
+*** 40,47 ****
+
+ extern char *optarg;
+
+! #include "firewall.h"
+
+
+ #ifndef BSIZ
+ #define BSIZ 2048
+--- 40,48 ----
+
+ extern char *optarg;
+
+! char *getdsthost();
+
++ #include "firewall.h"
+
+ #ifndef BSIZ
+ #define BSIZ 2048
+***************
+*** 84,89 ****
+--- 85,92 ----
+ static int cmdcnt = 0;
+ static int timeout = PROXY_TIMEOUT;
+
++ static int do_transparent=0;
++
+
+ static int cmd_user();
+ static int cmd_authorize();
+***************
+*** 98,103 ****
+--- 101,107 ----
+ static void saveline();
+ static void flushsaved();
+ static void trap_sigurg();
++ static int connectdest();
+
+ #define OP_CONN 001 /* only valid if connected */
+ #define OP_WCON 002 /* writethrough if connected */
+***************
+*** 170,175 ****
+--- 174,180 ----
+ char xuf[1024];
+ char huf[128];
+ char *passuser = (char *)0; /* passed user as av */
++ char *psychic, *hotline;
+
+ #ifndef LOG_DAEMON
+ openlog("ftp-gw",LOG_PID);
+***************
+*** 314,319 ****
+--- 319,326 ----
+ } else
+ timeout = 60*60;
+
++ psychic=getdsthost(0,NULL);
++ if(psychic) { do_transparent++; }
+
+ /* display a welcome file or message */
+ if(passuser == (char *)0) {
+***************
+*** 322,327 ****
+--- 329,340 ----
+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
+ exit(1);
+ }
++ if(do_transparent) {
++ if(sayfile2(0,cf->argv[0],220)) {
++ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
++ exit(1);
++ }
++ } else
+ if(sayfile(0,cf->argv[0],220)) {
+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
+ exit(1);
+***************
+*** 332,338 ****
+ if(authallflg)
+ if(say(0,"220-Proxy first requires authentication"))
+ exit(1);
+! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
+ if(say(0,xuf))
+ exit(1);
+ }
+--- 345,357 ----
+ if(authallflg)
+ if(say(0,"220-Proxy first requires authentication"))
+ exit(1);
+! /* foo */
+! if(do_transparent)
+! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
+! else
+! sprintf(xuf,"220 %s FTP Proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
+! /* foo */
+!
+ if(say(0,xuf))
+ exit(1);
+ }
+***************
+*** 353,358 ****
+--- 372,381 ----
+ exit(1);
+ }
+
++ if(do_transparent) {
++ connectdest(psychic,21);
++ }
++
+ /* main loop */
+ while(1) {
+ FD_ZERO(&rdy);
+***************
+*** 676,681 ****
+--- 699,713 ----
+ return(sayn(0,noad,sizeof(noad)-1));
+ }
+
++ if(do_transparent) {
++ if((rfd==(-1)) && (x=connectdest(dest,port))) return x;
++ sprintf(buf,"USER %s",user);
++ if(say(rfd,buf)) return(1);
++ x=getresp(rfd,buf,sizeof(buf),1);
++ if(sendsaved(0,x)) return(1);
++ return(say(0,buf));
++ }
++
+ if(*dest == '\0')
+ dest = "localhost";
+
+***************
+*** 701,708 ****
+ if(msg_int == 1) {
+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
+! say(0,mbuf);
+! return(1);
+ } else {
+ if(msg_int == -1) {
+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
+--- 733,740 ----
+ if(msg_int == 1) {
+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
+! say(0,mbuf);
+! return(1);
+ } else {
+ if(msg_int == -1) {
+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
+***************
+*** 717,723 ****
+ char ebuf[512];
+
+ strcpy(ebuf,buf);
+! sprintf(buf,"521 %s: %s",dest,ebuf);
+ rfd = -1;
+ return(say(0,buf));
+ }
+--- 749,759 ----
+ char ebuf[512];
+
+ strcpy(ebuf,buf);
+! if(do_transparent) {
+! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
+! } else {
+! sprintf(buf,"521 %s: %s",dest,ebuf);
+! }
+ rfd = -1;
+ return(say(0,buf));
+ }
+***************
+*** 732,737 ****
+--- 768,778 ----
+ }
+ saveline(buf);
+
++ /* if(do_transparent) {
++ sendsaved(0,-1);
++ return(0);
++ } /* EEEk. I can't remember what this does. */
++
+ sprintf(buf,"USER %s",user);
+ if(say(rfd,buf))
+ return(1);
+***************
+*** 744,749 ****
+--- 785,860 ----
+ return 0;
+ }
+
++ static int connectdest(dest, port)
++ char *dest;
++ short port;
++ {
++ char buf[1024], mbuf[512];
++ int msg_int, x;
++
++ if(*dest == '\0')
++ dest = "localhost";
++
++ if(validests != (char **)0) {
++ char **xp;
++ int x;
++
++ for(xp = validests; *xp != (char *)0; xp++) {
++ if(**xp == '!' && hostmatch(*xp + 1,dest)) {
++ return(baddest(0,dest));
++ } else {
++ if(hostmatch(*xp,dest))
++ break;
++ }
++ }
++ if(*xp == (char *)0)
++ return(baddest(0,dest));
++ }
++
++ /* Extended permissions processing goes in here for destination */
++ if(extendperm) {
++ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0);
++ if(msg_int == 1) {
++ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
++ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
++ say(0,mbuf);
++ return(1);
++ } else {
++ if(msg_int == -1) {
++ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
++ say(0,mbuf);
++ return(1);
++ }
++ }
++ }
++
++ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest);
++
++ if((rfd = conn_server(dest,port,0,buf)) < 0) {
++ char ebuf[512];
++
++ strcpy(ebuf,buf);
++ sprintf(buf,"521 %s: %s",dest,ebuf);
++ rfd = -1;
++ return(say(0,buf));
++ }
++ if(!do_transparent) {
++ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
++ saveline(buf);
++ }
++
++ /* we are now connected and need to try the autologin thing */
++ x = getresp(rfd,buf,sizeof(buf),1);
++ if(x / 100 != COMPLETE) {
++ sendsaved(0,-1);
++ return(say(0,buf));
++ }
++ saveline(buf);
++
++ sendsaved(0,-1);
++ return 0;
++ }
++
+
+
+ static int
+***************
+*** 1053,1058 ****
+--- 1164,1171 ----
+ static char nprn[] = "500 cannot get peername";
+ char buf[512];
+
++ /* syslog(LLEV,"DEBUG: port cmd"); */
++
+ if(ac < 2)
+ return(sayn(0,narg,sizeof(narg)-1));
+
+***************
+*** 1119,1124 ****
+--- 1232,1238 ----
+ #define UC(c) (((int)c) & 0xff)
+ sprintf(buf,"PORT %d,%d,%d,%d,%d,%d\r\n",UC(k[0]),UC(k[1]),UC(k[2]),
+ UC(k[3]),UC(l[0]),UC(l[1]));
++ /* syslog(LLEV,"DEBUG: %s",buf); */
+ s = strlen(buf);
+ if (write(rfd, buf, s) != s)
+ return 1;
+***************
+*** 1330,1335 ****
+--- 1444,1450 ----
+ callback()
+ {
+ /* if we haven't gotten a valid PORT scrub the connection */
++ /* syslog(LLEV,"DEBUG: callback()."); */
+ if((outgoing = accept(boundport,(struct sockaddr *)0,(int *)0)) < 0 || clntport.sin_port == 0)
+ goto bomb;
+ if(pasvport != -1) { /* incoming handled by PASVcallback */
+***************
+*** 1796,1801 ****
+--- 1911,1960 ----
+ }
+ return(0);
+ }
++
++ /* ok, so i'm in a hurry. english paper due RSN. */
++ sayfile2(fd,fn,code)
++ int fd;
++ char *fn;
++ int code;
++ {
++ FILE *f;
++ char buf[BUFSIZ];
++ char yuf[BUFSIZ];
++ char *c;
++ int x;
++ int saidsomething = 0;
++
++ if((f = fopen(fn,"r")) == (FILE *)0)
++ return(1);
++ while(fgets(buf,sizeof(buf),f) != (char *)0) {
++ if((c = index(buf,'\n')) != (char *)0)
++ *c = '\0';
++ x = fgetc(f);
++ if(feof(f))
++ sprintf(yuf,"%3.3d-%s",code,buf);
++ else {
++ sprintf(yuf,"%3.3d-%s",code,buf);
++ ungetc(x,f);
++ }
++ if(say(fd,yuf)) {
++ fclose(f);
++ return(1);
++ }
++ saidsomething++;
++ }
++ fclose(f);
++ if (!saidsomething) {
++ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code);
++ sprintf(yuf, "%3.3d The file to display is empty",code);
++ if(say(fd,yuf)) {
++ fclose(f);
++ return(1);
++ }
++ }
++ return(0);
++ }
++
+
+
+ porttoaddr(s,a)
+diff -c -r ./http-gw/http-gw.c ../../NEW/fwtk/http-gw/http-gw.c
+*** ./http-gw/http-gw.c Mon Sep 9 14:40:53 1996
+--- ../../NEW/fwtk/http-gw/http-gw.c Wed Oct 9 02:51:57 1996
+***************
+*** 27,32 ****
+--- 27,37 ----
+ static char http_buffer[8192];
+ static char reason[8192];
+ static int checkBrowserType = 1;
++ /* foo */
++ static int do_transparent=0;
++ /* foo */
++
++ char *getdsthost();
+
+ static void do_logging()
+ { char *proto = "GOPHER";
+***************
+*** 422,427 ****
+--- 427,443 ----
+ /*(NOT A SPECIAL FORM)*/
+
+ if((rem_type & TYPE_LOCAL)== 0){
++ /* foo */
++ char *psychic=getdsthost(sockfd,&def_port);
++ if(psychic) {
++ if(strlen(psychic)<=MAXHOSTNAMELEN) {
++ do_transparent++;
++ strncpy(def_httpd,psychic,strlen(psychic));
++ strncpy(def_server,psychic,strlen(psychic));
++ }
++ }
++
++ /* foo */
+ /* See if it can be forwarded */
+
+ if( can_forward(buf)){
+***************
+*** 1513,1519 ****
+ parse_vec[0],
+ parse_vec[1],
+ ourname, ourport);
+! }else{
+ sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
+ parse_vec[0], parse_vec[2],
+ parse_vec[3], chk_type_ch,
+--- 1529,1541 ----
+ parse_vec[0],
+ parse_vec[1],
+ ourname, ourport);
+! }
+! /* FOO */
+! else if(do_transparent) {
+! sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]);
+! }
+! /* FOO */
+! else{
+ sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
+ parse_vec[0], parse_vec[2],
+ parse_vec[3], chk_type_ch,
+diff -c -r ./lib/hnam.c ../../NEW/fwtk/lib/hnam.c
+*** ./lib/hnam.c Fri Nov 4 18:30:19 1994
+--- ../../NEW/fwtk/lib/hnam.c Wed Oct 9 02:34:13 1996
+***************
+*** 22,27 ****
+--- 22,31 ----
+
+
+ #include "firewall.h"
++ #ifdef __FreeBSD__
++ #include <net/if.h>
++ #include "ip_nat.h"
++ #endif /* __FreeBSD__ */
+
+
+ char *
+***************
+*** 44,47 ****
+--- 48,115 ----
+
+ bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
+ return(inet_ntoa(sin.sin_addr));
++ }
++
++ char *getdsthost(fd, ptr)
++ int fd;
++ int *ptr;
++ {
++ struct sockaddr_in sin;
++ struct hostent *hp;
++ int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0;
++ char buf[255], hostbuf[255];
++ #ifdef __FreeBSD__
++ struct sockaddr_in rsin;
++ struct natlookup natlookup;
++ #endif
++
++ #ifdef linux
++ /* This should also work for UDP. Unfortunately, it doesn't.
++ Maybe when the Linux UDP proxy code gets a little cleaner.
++ */
++ if(!(err=getsockname(0,&sin,&sl))) {
++ if(ptr) *ptr=ntohs(sin.sin_port);
++ sprintf(buf,"%s",inet_ntoa(sin.sin_addr));
++ gethostname(hostbuf,254);
++ hp=gethostbyname(hostbuf);
++ while(hp->h_addr_list[i]) {
++ bzero(&sin,&sl);
++ memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++]));
++ if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++;
++ }
++ if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); }
++ else { return(buf); }
++ }
++ #endif
++
++ #ifdef __FreeBSD__
++ /* The basis for this block of code is Darren Reed's
++ patches to the TIS ftwk's ftp-gw.
++ */
++ bzero((char*)&sin,sizeof(sin));
++ bzero((char*)&rsin,sizeof(rsin));
++ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
++ return NULL;
++ }
++ sl=sizeof(rsin);
++ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
++ return NULL;
++ }
++ natlookup.nl_inport=sin.sin_port;
++ natlookup.nl_outport=rsin.sin_port;
++ natlookup.nl_inip=sin.sin_addr;
++ natlookup.nl_outip=rsin.sin_addr;
++ if((natfd=open("/dev/ipl",O_RDONLY))<0) {
++ return(NULL);
++ }
++ if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) {
++ return(NULL);
++ }
++ close(natfd);
++ if(ptr) *ptr=ntohs(natlookup.nl_inport);
++ sprintf(buf,"%s",inet_ntoa(natlookup.nl_inip));
++ #endif
++
++ /* No transparent proxy support */
++ return(NULL);
+ }
+Only in ./lib: hnam.c.orig
+diff -c -r ./plug-gw/plug-gw.c ../../NEW/fwtk/plug-gw/plug-gw.c
+*** ./plug-gw/plug-gw.c Thu Sep 5 15:36:33 1996
+--- ../../NEW/fwtk/plug-gw/plug-gw.c Wed Oct 9 02:46:48 1996
+***************
+*** 39,44 ****
+--- 39,48 ----
+ static char **validdests = (char **)0;
+ static Cfg *confp;
+
++ int do_transparent=0;
++
++ char *getdsthost();
++
+ main(ac,av)
+ int ac;
+ char *av[];
+***************
+*** 193,201 ****
+--- 197,213 ----
+ char *ptr;
+ int state = 0;
+ int ssl_plug = 0;
++ int pport=0;
+
+ struct timeval timo;
+
++ /* Transparent plug-gw is probably a bad idea, but hey .. */
++ dhost=getdsthost(0,&pport);
++ if(dhost) {
++ do_transparent++;
++ portid=pport;
++ }
++
+ if(c->flags & PERM_DENY) {
+ if (p == -1)
+ syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr);
+***************
+*** 215,221 ****
+ syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
+ exit (1);
+ }
+! dhost = av[x];
+ continue;
+ }
+
+--- 227,234 ----
+ syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
+ exit (1);
+ }
+! if(!dhost) dhost = av[x];
+! /* syslog(LLEV,"DEBUG: dhost now is [%s]",dhost); */
+ continue;
+ }
+
+diff -c -r ./rlogin-gw/rlogin-gw.c ../../NEW/fwtk/rlogin-gw/rlogin-gw.c
+*** ./rlogin-gw/rlogin-gw.c Fri Sep 6 12:56:33 1996
+--- ../../NEW/fwtk/rlogin-gw/rlogin-gw.c Wed Oct 9 02:49:04 1996
+***************
+*** 39,45 ****
+--- 39,47 ----
+
+
+ extern char *maphostname();
++ char *getdsthost();
+
++ int do_transparent=0;
+
+ static int cmd_quit();
+ static int cmd_help();
+***************
+*** 120,125 ****
+--- 122,130 ----
+ static char *tokav[56];
+ int tokac;
+ struct timeval timo;
++ /* foo */
++ char *psychic;
++ /* foo */
+
+ #ifndef LOG_NDELAY
+ openlog("rlogin-gw",LOG_PID);
+***************
+*** 185,191 ****
+ xforwarder = cf->argv[0];
+ }
+
+!
+
+ if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
+ if(cf->argc != 1) {
+--- 190,203 ----
+ xforwarder = cf->argv[0];
+ }
+
+! /* foo */
+! psychic=getdsthost(0,NULL);
+! if(psychic) {
+! do_transparent++;
+! strncpy(dest,psychic,511);
+! dest[511]='\0';
+! }
+! /* foo */
+
+ if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
+ if(cf->argc != 1) {
+***************
+*** 260,269 ****
+ }
+
+ /* if present a host name, chop and save username and hostname */
+! dest[0] = '\0';
+ if((p = index(rusername,'@')) != (char *)0) {
+ char *namp;
+
+ *p++ = '\0';
+ if(*p == '\0')
+ p = "localhost";
+--- 272,282 ----
+ }
+
+ /* if present a host name, chop and save username and hostname */
+! /* dest[0] = '\0'; */
+ if((p = index(rusername,'@')) != (char *)0) {
+ char *namp;
+
++ dest[0] = '\0';
+ *p++ = '\0';
+ if(*p == '\0')
+ p = "localhost";
+***************
+*** 293,300 ****
+--- 306,326 ----
+ goto leave;
+ }
+
++ /* syslog(LLEV,"DEBUG: Uh-oh, $dest = %s\n",dest); */
++
+ if(dest[0] != '\0') {
+ /* Setup connection directly to remote machine */
++ if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
++ if(cf->argc != 1) {
++ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
++ exit(1);
++ }
++ if(sayfile(0,cf->argv[0])) {
++ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
++ exit(1);
++ }
++ }
++ /* Does this cmd_connect thing feel like a kludge or what? */
+ sprintf(buf,"connect %.1000s",dest);
+ tokac = enargv(buf, tokav, 56, tokbuf, sizeof(tokbuf));
+ if (cmd_connect(tokac, tokav, buf) != 2)
+***************
+*** 526,539 ****
+ char ebuf[512];
+
+ syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,namp);
+ if(strlen(namp) > 20)
+ namp[20] = '\0';
+ if(rusername[0] != '\0')
+ sprintf(ebuf,"Trying %s@%s...",rusername,namp);
+ else
+ sprintf(ebuf,"Trying %s...",namp);
+! if(say(0,ebuf))
+! return(1);
+ } else
+ syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]);
+ if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
+--- 552,567 ----
+ char ebuf[512];
+
+ syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,namp);
++ if(!do_transparent) {
+ if(strlen(namp) > 20)
+ namp[20] = '\0';
+ if(rusername[0] != '\0')
+ sprintf(ebuf,"Trying %s@%s...",rusername,namp);
+ else
+ sprintf(ebuf,"Trying %s...",namp);
+! if(say(0,ebuf))
+! return(1);
+! }
+ } else
+ syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]);
+ if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
+diff -c -r ./tn-gw/tn-gw.c ../../NEW/fwtk/tn-gw/tn-gw.c
+*** ./tn-gw/tn-gw.c Fri Sep 6 12:55:48 1996
+--- ../../NEW/fwtk/tn-gw/tn-gw.c Wed Oct 9 02:50:17 1996
+***************
+*** 87,92 ****
+--- 87,94 ----
+ static int cmd_xforward();
+ static int cmd_timeout();
+
++ char *getdsthost();
++
+ static int tn3270 = 1; /* don't do tn3270 stuff */
+ static int doX;
+
+***************
+*** 97,102 ****
+--- 99,106 ----
+ static int timeout = PROXY_TIMEOUT;
+ static char timed_out_msg[] = "\r\nConnection closed due to inactivity";
+
++ int do_transparent=0;
++
+ typedef struct {
+ char *name;
+ char *hmsg;
+***************
+*** 140,145 ****
+--- 144,151 ----
+ char tokbuf[BSIZ];
+ char *tokav[56];
+ int tokac;
++ int port;
++ char *psychic;
+
+ #ifndef LOG_DAEMON
+ openlog("tn-gw",LOG_PID);
+***************
+*** 308,313 ****
+--- 314,346 ----
+ }
+ }
+
++ psychic=getdsthost(0,&port);
++ if(psychic) {
++ if((strlen(psychic) + 10) < 510) {
++ do_transparent++;
++ if(port)
++ sprintf(dest,"%s:%d",psychic,port);
++ else
++ sprintf(dest,"%s",psychic);
++
++
++ if(!welcomedone)
++ if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
++ if(cf->argc != 1) {
++ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
++ exit(1);
++ }
++ if(sayfile(0,cf->argv[0])) {
++ syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]);
++ exit(1);
++ }
++ welcomedone = 1;
++ }
++
++
++ }
++ }
++
+ while (argc > 1) {
+ argc--;
+ argv++;
+***************
+*** 864,877 ****
+ }
+ }
+
+-
+ if((namp = maphostname(av[1])) != (char *)0) {
+ char ebuf[512];
+
+ syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
+! sprintf(ebuf,"Trying %s port %d...",namp,port);
+! if(say(0,ebuf))
+! return(1);
+ } else
+ syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
+
+--- 897,911 ----
+ }
+ }
+
+ if((namp = maphostname(av[1])) != (char *)0) {
+ char ebuf[512];
+
+ syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
+! if(!do_transparent) {
+! sprintf(ebuf,"Trying %s port %d...",namp,port);
+! if(say(0,ebuf))
+! return(1);
+! }
+ } else
+ syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
+
+***************
+*** 903,910 ****
+
+ syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
+ strncpy(dest,av[1], 511);
+! sprintf(buf, "Connected to %s.", dest);
+! say(0, buf);
+ return(2);
+ }
+
+--- 937,946 ----
+
+ syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
+ strncpy(dest,av[1], 511);
+! if(!do_transparent) {
+! sprintf(buf, "Connected to %s.", dest);
+! say(0, buf);
+! }
+ return(2);
+ }
+
+
+
OpenPOWER on IntegriCloud