summaryrefslogtreecommitdiffstats
path: root/contrib/pf/ftp-proxy
diff options
context:
space:
mode:
authormlaier <mlaier@FreeBSD.org>2007-07-03 12:22:02 +0000
committermlaier <mlaier@FreeBSD.org>2007-07-03 12:22:02 +0000
commit95015692958ba836f46bad24f9e0e593f1a50520 (patch)
tree02a49070663d642b663044908c899617f0fd7bf0 /contrib/pf/ftp-proxy
parent511d1c13c361b4534ed4c6f973fd891d95055cab (diff)
downloadFreeBSD-src-95015692958ba836f46bad24f9e0e593f1a50520.zip
FreeBSD-src-95015692958ba836f46bad24f9e0e593f1a50520.tar.gz
Import pf userland from OpenBSD 4.1 and (for ftp-proxy) libevent 1.3b as
a local lib.
Diffstat (limited to 'contrib/pf/ftp-proxy')
-rw-r--r--contrib/pf/ftp-proxy/filter.c387
-rw-r--r--contrib/pf/ftp-proxy/filter.h31
-rw-r--r--contrib/pf/ftp-proxy/ftp-proxy.8404
-rw-r--r--contrib/pf/ftp-proxy/ftp-proxy.c2108
4 files changed, 1479 insertions, 1451 deletions
diff --git a/contrib/pf/ftp-proxy/filter.c b/contrib/pf/ftp-proxy/filter.c
new file mode 100644
index 0000000..f86429d
--- /dev/null
+++ b/contrib/pf/ftp-proxy/filter.c
@@ -0,0 +1,387 @@
+/* $OpenBSD: filter.c,v 1.5 2006/12/01 07:31:21 camield Exp $ */
+
+/*
+ * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/ioctl.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include <net/if.h>
+#include <net/pfvar.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <arpa/inet.h>
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "filter.h"
+
+/* From netinet/in.h, but only _KERNEL_ gets them. */
+#define satosin(sa) ((struct sockaddr_in *)(sa))
+#define satosin6(sa) ((struct sockaddr_in6 *)(sa))
+
+enum { TRANS_FILTER = 0, TRANS_NAT, TRANS_RDR, TRANS_SIZE };
+
+int prepare_rule(u_int32_t, int, struct sockaddr *, struct sockaddr *,
+ u_int16_t);
+int server_lookup4(struct sockaddr_in *, struct sockaddr_in *,
+ struct sockaddr_in *);
+int server_lookup6(struct sockaddr_in6 *, struct sockaddr_in6 *,
+ struct sockaddr_in6 *);
+
+static struct pfioc_pooladdr pfp;
+static struct pfioc_rule pfr;
+static struct pfioc_trans pft;
+static struct pfioc_trans_e pfte[TRANS_SIZE];
+static int dev, rule_log;
+static char *qname;
+
+int
+add_filter(u_int32_t id, u_int8_t dir, struct sockaddr *src,
+ struct sockaddr *dst, u_int16_t d_port)
+{
+ if (!src || !dst || !d_port) {
+ errno = EINVAL;
+ return (-1);
+ }
+
+ if (prepare_rule(id, PF_RULESET_FILTER, src, dst, d_port) == -1)
+ return (-1);
+
+ pfr.rule.direction = dir;
+ if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+ return (-1);
+
+ return (0);
+}
+
+int
+add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
+ u_int16_t d_port, struct sockaddr *nat, u_int16_t nat_range_low,
+ u_int16_t nat_range_high)
+{
+ if (!src || !dst || !d_port || !nat || !nat_range_low ||
+ (src->sa_family != nat->sa_family)) {
+ errno = EINVAL;
+ return (-1);
+ }
+
+ if (prepare_rule(id, PF_RULESET_NAT, src, dst, d_port) == -1)
+ return (-1);
+
+ if (nat->sa_family == AF_INET) {
+ memcpy(&pfp.addr.addr.v.a.addr.v4,
+ &satosin(nat)->sin_addr.s_addr, 4);
+ memset(&pfp.addr.addr.v.a.mask.addr8, 255, 4);
+ } else {
+ memcpy(&pfp.addr.addr.v.a.addr.v6,
+ &satosin6(nat)->sin6_addr.s6_addr, 16);
+ memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
+ }
+ if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
+ return (-1);
+
+ pfr.rule.rpool.proxy_port[0] = nat_range_low;
+ pfr.rule.rpool.proxy_port[1] = nat_range_high;
+ if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+ return (-1);
+
+ return (0);
+}
+
+int
+add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
+ u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port)
+{
+ if (!src || !dst || !d_port || !rdr || !rdr_port ||
+ (src->sa_family != rdr->sa_family)) {
+ errno = EINVAL;
+ return (-1);
+ }
+
+ if (prepare_rule(id, PF_RULESET_RDR, src, dst, d_port) == -1)
+ return (-1);
+
+ if (rdr->sa_family == AF_INET) {
+ memcpy(&pfp.addr.addr.v.a.addr.v4,
+ &satosin(rdr)->sin_addr.s_addr, 4);
+ memset(&pfp.addr.addr.v.a.mask.addr8, 255, 4);
+ } else {
+ memcpy(&pfp.addr.addr.v.a.addr.v6,
+ &satosin6(rdr)->sin6_addr.s6_addr, 16);
+ memset(&pfp.addr.addr.v.a.mask.addr8, 255, 16);
+ }
+ if (ioctl(dev, DIOCADDADDR, &pfp) == -1)
+ return (-1);
+
+ pfr.rule.rpool.proxy_port[0] = rdr_port;
+ if (ioctl(dev, DIOCADDRULE, &pfr) == -1)
+ return (-1);
+
+ return (0);
+}
+
+int
+do_commit(void)
+{
+ if (ioctl(dev, DIOCXCOMMIT, &pft) == -1)
+ return (-1);
+
+ return (0);
+}
+
+int
+do_rollback(void)
+{
+ if (ioctl(dev, DIOCXROLLBACK, &pft) == -1)
+ return (-1);
+
+ return (0);
+}
+
+void
+init_filter(char *opt_qname, int opt_verbose)
+{
+ struct pf_status status;
+
+ qname = opt_qname;
+
+ if (opt_verbose == 1)
+ rule_log = PF_LOG;
+ else if (opt_verbose == 2)
+ rule_log = PF_LOG_ALL;
+
+ dev = open("/dev/pf", O_RDWR);
+ if (dev == -1)
+ err(1, "/dev/pf");
+ if (ioctl(dev, DIOCGETSTATUS, &status) == -1)
+ err(1, "DIOCGETSTATUS");
+ if (!status.running)
+ errx(1, "pf is disabled");
+}
+
+int
+prepare_commit(u_int32_t id)
+{
+ char an[PF_ANCHOR_NAME_SIZE];
+ int i;
+
+ memset(&pft, 0, sizeof pft);
+ pft.size = TRANS_SIZE;
+ pft.esize = sizeof pfte[0];
+ pft.array = pfte;
+
+ snprintf(an, PF_ANCHOR_NAME_SIZE, "%s/%d.%d", FTP_PROXY_ANCHOR,
+ getpid(), id);
+ for (i = 0; i < TRANS_SIZE; i++) {
+ memset(&pfte[i], 0, sizeof pfte[0]);
+ strlcpy(pfte[i].anchor, an, PF_ANCHOR_NAME_SIZE);
+ switch (i) {
+ case TRANS_FILTER:
+ pfte[i].rs_num = PF_RULESET_FILTER;
+ break;
+ case TRANS_NAT:
+ pfte[i].rs_num = PF_RULESET_NAT;
+ break;
+ case TRANS_RDR:
+ pfte[i].rs_num = PF_RULESET_RDR;
+ break;
+ default:
+ errno = EINVAL;
+ return (-1);
+ }
+ }
+
+ if (ioctl(dev, DIOCXBEGIN, &pft) == -1)
+ return (-1);
+
+ return (0);
+}
+
+int
+prepare_rule(u_int32_t id, int rs_num, struct sockaddr *src,
+ struct sockaddr *dst, u_int16_t d_port)
+{
+ char an[PF_ANCHOR_NAME_SIZE];
+
+ if ((src->sa_family != AF_INET && src->sa_family != AF_INET6) ||
+ (src->sa_family != dst->sa_family)) {
+ errno = EPROTONOSUPPORT;
+ return (-1);
+ }
+
+ memset(&pfp, 0, sizeof pfp);
+ memset(&pfr, 0, sizeof pfr);
+ snprintf(an, PF_ANCHOR_NAME_SIZE, "%s/%d.%d", FTP_PROXY_ANCHOR,
+ getpid(), id);
+ strlcpy(pfp.anchor, an, PF_ANCHOR_NAME_SIZE);
+ strlcpy(pfr.anchor, an, PF_ANCHOR_NAME_SIZE);
+
+ switch (rs_num) {
+ case PF_RULESET_FILTER:
+ pfr.ticket = pfte[TRANS_FILTER].ticket;
+ break;
+ case PF_RULESET_NAT:
+ pfr.ticket = pfte[TRANS_NAT].ticket;
+ break;
+ case PF_RULESET_RDR:
+ pfr.ticket = pfte[TRANS_RDR].ticket;
+ break;
+ default:
+ errno = EINVAL;
+ return (-1);
+ }
+ if (ioctl(dev, DIOCBEGINADDRS, &pfp) == -1)
+ return (-1);
+ pfr.pool_ticket = pfp.ticket;
+
+ /* Generic for all rule types. */
+ pfr.rule.af = src->sa_family;
+ pfr.rule.proto = IPPROTO_TCP;
+ pfr.rule.src.addr.type = PF_ADDR_ADDRMASK;
+ pfr.rule.dst.addr.type = PF_ADDR_ADDRMASK;
+ if (src->sa_family == AF_INET) {
+ memcpy(&pfr.rule.src.addr.v.a.addr.v4,
+ &satosin(src)->sin_addr.s_addr, 4);
+ memset(&pfr.rule.src.addr.v.a.mask.addr8, 255, 4);
+ memcpy(&pfr.rule.dst.addr.v.a.addr.v4,
+ &satosin(dst)->sin_addr.s_addr, 4);
+ memset(&pfr.rule.dst.addr.v.a.mask.addr8, 255, 4);
+ } else {
+ memcpy(&pfr.rule.src.addr.v.a.addr.v6,
+ &satosin6(src)->sin6_addr.s6_addr, 16);
+ memset(&pfr.rule.src.addr.v.a.mask.addr8, 255, 16);
+ memcpy(&pfr.rule.dst.addr.v.a.addr.v6,
+ &satosin6(dst)->sin6_addr.s6_addr, 16);
+ memset(&pfr.rule.dst.addr.v.a.mask.addr8, 255, 16);
+ }
+ pfr.rule.dst.port_op = PF_OP_EQ;
+ pfr.rule.dst.port[0] = htons(d_port);
+
+ switch (rs_num) {
+ case PF_RULESET_FILTER:
+ /*
+ * pass quick [log] inet[6] proto tcp \
+ * from $src to $dst port = $d_port flags S/SA keep state
+ * (max 1) [queue qname]
+ */
+ pfr.rule.action = PF_PASS;
+ pfr.rule.quick = 1;
+ pfr.rule.log = rule_log;
+ pfr.rule.keep_state = 1;
+ pfr.rule.flags = TH_SYN;
+ pfr.rule.flagset = (TH_SYN|TH_ACK);
+ pfr.rule.max_states = 1;
+ if (qname != NULL)
+ strlcpy(pfr.rule.qname, qname, sizeof pfr.rule.qname);
+ break;
+ case PF_RULESET_NAT:
+ /*
+ * nat inet[6] proto tcp from $src to $dst port $d_port -> $nat
+ */
+ pfr.rule.action = PF_NAT;
+ break;
+ case PF_RULESET_RDR:
+ /*
+ * rdr inet[6] proto tcp from $src to $dst port $d_port -> $rdr
+ */
+ pfr.rule.action = PF_RDR;
+ break;
+ default:
+ errno = EINVAL;
+ return (-1);
+ }
+
+ return (0);
+}
+
+int
+server_lookup(struct sockaddr *client, struct sockaddr *proxy,
+ struct sockaddr *server)
+{
+ if (client->sa_family == AF_INET)
+ return (server_lookup4(satosin(client), satosin(proxy),
+ satosin(server)));
+
+ if (client->sa_family == AF_INET6)
+ return (server_lookup6(satosin6(client), satosin6(proxy),
+ satosin6(server)));
+
+ errno = EPROTONOSUPPORT;
+ return (-1);
+}
+
+int
+server_lookup4(struct sockaddr_in *client, struct sockaddr_in *proxy,
+ struct sockaddr_in *server)
+{
+ struct pfioc_natlook pnl;
+
+ memset(&pnl, 0, sizeof pnl);
+ pnl.direction = PF_OUT;
+ pnl.af = AF_INET;
+ pnl.proto = IPPROTO_TCP;
+ memcpy(&pnl.saddr.v4, &client->sin_addr.s_addr, sizeof pnl.saddr.v4);
+ memcpy(&pnl.daddr.v4, &proxy->sin_addr.s_addr, sizeof pnl.daddr.v4);
+ pnl.sport = client->sin_port;
+ pnl.dport = proxy->sin_port;
+
+ if (ioctl(dev, DIOCNATLOOK, &pnl) == -1)
+ return (-1);
+
+ memset(server, 0, sizeof(struct sockaddr_in));
+ server->sin_len = sizeof(struct sockaddr_in);
+ server->sin_family = AF_INET;
+ memcpy(&server->sin_addr.s_addr, &pnl.rdaddr.v4,
+ sizeof server->sin_addr.s_addr);
+ server->sin_port = pnl.rdport;
+
+ return (0);
+}
+
+int
+server_lookup6(struct sockaddr_in6 *client, struct sockaddr_in6 *proxy,
+ struct sockaddr_in6 *server)
+{
+ struct pfioc_natlook pnl;
+
+ memset(&pnl, 0, sizeof pnl);
+ pnl.direction = PF_OUT;
+ pnl.af = AF_INET6;
+ pnl.proto = IPPROTO_TCP;
+ memcpy(&pnl.saddr.v6, &client->sin6_addr.s6_addr, sizeof pnl.saddr.v6);
+ memcpy(&pnl.daddr.v6, &proxy->sin6_addr.s6_addr, sizeof pnl.daddr.v6);
+ pnl.sport = client->sin6_port;
+ pnl.dport = proxy->sin6_port;
+
+ if (ioctl(dev, DIOCNATLOOK, &pnl) == -1)
+ return (-1);
+
+ memset(server, 0, sizeof(struct sockaddr_in6));
+ server->sin6_len = sizeof(struct sockaddr_in6);
+ server->sin6_family = AF_INET6;
+ memcpy(&server->sin6_addr.s6_addr, &pnl.rdaddr.v6,
+ sizeof server->sin6_addr);
+ server->sin6_port = pnl.rdport;
+
+ return (0);
+}
diff --git a/contrib/pf/ftp-proxy/filter.h b/contrib/pf/ftp-proxy/filter.h
new file mode 100644
index 0000000..6779c59
--- /dev/null
+++ b/contrib/pf/ftp-proxy/filter.h
@@ -0,0 +1,31 @@
+/* $OpenBSD: filter.h,v 1.3 2005/06/07 14:12:07 camield Exp $ */
+
+/*
+ * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#define FTP_PROXY_ANCHOR "ftp-proxy"
+
+int add_filter(u_int32_t, u_int8_t, struct sockaddr *, struct sockaddr *,
+ u_int16_t);
+int add_nat(u_int32_t, struct sockaddr *, struct sockaddr *, u_int16_t,
+ struct sockaddr *, u_int16_t, u_int16_t);
+int add_rdr(u_int32_t, struct sockaddr *, struct sockaddr *, u_int16_t,
+ struct sockaddr *, u_int16_t);
+int do_commit(void);
+int do_rollback(void);
+void init_filter(char *, int);
+int prepare_commit(u_int32_t);
+int server_lookup(struct sockaddr *, struct sockaddr *, struct sockaddr *);
diff --git a/contrib/pf/ftp-proxy/ftp-proxy.8 b/contrib/pf/ftp-proxy/ftp-proxy.8
index e128136..44e6e59 100644
--- a/contrib/pf/ftp-proxy/ftp-proxy.8
+++ b/contrib/pf/ftp-proxy/ftp-proxy.8
@@ -1,293 +1,183 @@
-.\" $OpenBSD: ftp-proxy.8,v 1.42 2004/11/19 00:47:23 jmc Exp $
+.\" $OpenBSD: ftp-proxy.8,v 1.7 2006/12/30 13:01:54 camield Exp $
.\"
-.\" Copyright (c) 1996-2001
-.\" Obtuse Systems Corporation, All rights reserved.
+.\" Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
.\"
-.\" THIS SOFTWARE IS PROVIDED BY OBTUSE SYSTEMS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL OBTUSE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd August 17, 2001
+.Dd November 28, 2004
.Dt FTP-PROXY 8
.Os
.Sh NAME
.Nm ftp-proxy
-.Nd Internet File Transfer Protocol proxy server
+.Nd Internet File Transfer Protocol proxy daemon
.Sh SYNOPSIS
.Nm ftp-proxy
-.Bk -words
-.Op Fl AnrVw
+.Op Fl 6Adrv
.Op Fl a Ar address
-.Op Fl D Ar debuglevel
-.Op Fl g Ar group
-.Op Fl M Ar maxport
-.Op Fl m Ar minport
-.Op Fl R Ar address[:port]
-.Op Fl S Ar address
+.Op Fl b Ar address
+.Op Fl D Ar level
+.Op Fl m Ar maxsessions
+.Op Fl P Ar port
+.Op Fl p Ar port
+.Op Fl q Ar queue
+.Op Fl R Ar address
.Op Fl t Ar timeout
-.Op Fl u Ar user
-.Ek
.Sh DESCRIPTION
.Nm
is a proxy for the Internet File Transfer Protocol.
-The proxy uses
+FTP control connections should be redirected into the proxy using the
.Xr pf 4
-and expects to have the FTP control connection as described in
-.Xr services 5
-redirected to it via a
+.Ar rdr
+command, after which the proxy connects to the server on behalf of
+the client.
+.Pp
+The proxy allows data connections to pass, rewriting and redirecting
+them so that the right addresses are used.
+All connections from the client to the server have their source
+address rewritten so they appear to come from the proxy.
+Consequently, all connections from the server to the proxy have
+their destination address rewritten, so they are redirected to the
+client.
+The proxy uses the
.Xr pf 4
-.Em rdr
-command.
-An example of how to do that is further down in this document.
+.Ar anchor
+facility for this.
+.Pp
+Assuming the FTP control connection is from $client to $server, the
+proxy connected to the server using the $proxy source address, and
+$port is negotiated, then
+.Nm ftp-proxy
+adds the following rules to the various anchors.
+(These example rules use inet, but the proxy also supports inet6.)
+.Pp
+In case of active mode (PORT or EPRT):
+.Bd -literal -offset 2n
+rdr from $server to $proxy port $port -> $client
+pass quick inet proto tcp \e
+ from $server to $client port $port
+.Ed
+.Pp
+In case of passive mode (PASV or EPSV):
+.Bd -literal -offset 2n
+nat from $client to $server port $port -> $proxy
+pass in quick inet proto tcp \e
+ from $client to $server port $port
+pass out quick inet proto tcp \e
+ from $proxy to $server port $port
+.Ed
.Pp
The options are as follows:
.Bl -tag -width Ds
+.It Fl 6
+IPv6 mode.
+The proxy will expect and use IPv6 addresses for all communication.
+Only the extended FTP modes EPSV and EPRT are allowed with IPv6.
+The proxy is in IPv4 mode by default.
.It Fl A
-Permit only anonymous FTP connections.
-The proxy will allow connections to log in to other sites as the user
-.Qq ftp
-or
-.Qq anonymous
-only.
-Any attempt to log in as another user will be blocked by the proxy.
+Only permit anonymous FTP connections.
+Either user "ftp" or user "anonymous" is allowed.
.It Fl a Ar address
-Specify the local IP address to use in
-.Xr bind 2
-as the source for connections made by
-.Nm ftp-proxy
-when connecting to destination FTP servers.
-This may be necessary if the interface address of
-your default route is not reachable from the destinations
-.Nm
-is attempting connections to, or this address is different from the one
-connections are being NATed to.
-In the usual case this means that
-.Ar address
-should be a publicly visible IP address assigned to one of
-the interfaces on the machine running
-.Nm
-and should be the same address to which you are translating traffic
-if you are using the
-.Fl n
-option.
-.It Fl D Ar debuglevel
-Specify a debug level, where the proxy emits verbose debug output
-into
-.Xr syslogd 8
-at level
-.Dv LOG_DEBUG .
-Meaningful values of debuglevel are 0-3, where 0 is no debug output and
-3 is lots of debug output, the default being 0.
-.It Fl g Ar group
-Specify the named group to drop group privileges to, after doing
-.Xr pf 4
-lookups which require root.
-By default,
-.Nm
-uses the default group of the user it drops privilege to.
-.It Fl M Ar maxport
-Specify the upper end of the port range the proxy will use for the
-data connections it establishes.
-The default is
-.Dv IPPORT_HILASTAUTO
-defined in
-.Aq Pa netinet/in.h
-as 65535.
-.It Fl m Ar minport
-Specify the lower end of the port range the proxy will use for all
-data connections it establishes.
-The default is
-.Dv IPPORT_HIFIRSTAUTO
-defined in
-.Aq Pa netinet/in.h
-as 49152.
-.It Fl n
-Activate network address translation
-.Pq NAT
-mode.
-In this mode, the proxy will not attempt to proxy passive mode
-.Pq PASV or EPSV
-data connections.
-In order for this to work, the machine running the proxy will need to
-be forwarding packets and doing network address translation to allow
-the outbound passive connections from the client to reach the server.
-See
-.Xr pf.conf 5
-for more details on NAT.
-The proxy only ignores passive mode data connections when using this flag;
-it will still proxy PORT and EPRT mode data connections.
-Without this flag,
-.Nm
-does not require any IP forwarding or NAT beyond the
-.Em rdr
-necessary to capture the FTP control connection.
-.It Fl R Ar address:[port]
-Reverse proxy mode for FTP servers running behind a NAT gateway.
-In this mode, no redirection is needed.
-The proxy is run from
-.Xr inetd 8
-on the port that external clients connect to (usually 21).
-Control connections and passive data connections are forwarded
-to the server.
+The proxy will use this as the source address for the control
+connection to a server.
+.It Fl b Ar address
+Address where the proxy will listen for redirected control connections.
+The default is 127.0.0.1, or ::1 in IPv6 mode.
+.It Fl D Ar level
+Debug level, ranging from 0 to 7.
+Higher is more verbose.
+The default is 5.
+(These levels correspond to the
+.Xr syslog 3
+levels.)
+.It Fl d
+Do not daemonize.
+The process will stay in the foreground, logging to standard error.
+.It Fl m Ar maxsessions
+Maximum number of concurrent FTP sessions.
+When the proxy reaches this limit, new connections are denied.
+The default is 100 sessions.
+The limit can be lowered to a minimum of 1, or raised to a maximum of 500.
+.It Fl P Ar port
+Fixed server port.
+Only used in combination with
+.Fl R .
+The default is port 21.
+.It Fl p Ar port
+Port where the proxy will listen for redirected connections.
+The default is port 8021.
+.It Fl q Ar queue
+Create rules with queue
+.Ar queue
+appended, so that data connections can be queued.
+.It Fl R Ar address
+Fixed server address, also known as reverse mode.
+The proxy will always connect to the same server, regardless of
+where the client wanted to connect to (before it was redirected).
+Use this option to proxy for a server behind NAT, or to forward all
+connections to another proxy.
.It Fl r
-Use reverse host
-.Pq reverse DNS
-lookups for logging and libwrap use.
-By default,
-the proxy does not look up hostnames for libwrap or logging purposes.
-.It Fl S Ar address
-Source address to use for data connections made by the proxy.
-Useful when there are multiple addresses (aliases) available
-to the proxy.
-Clients may expect data connections to have the same source
-address as the control connections, and reject or drop other
-connections.
+Rewrite sourceport to 20 in active mode to suit ancient clients that insist
+on this RFC property.
.It Fl t Ar timeout
-Specifies a timeout, in seconds.
-The proxy will exit and close open connections if it sees no data
-for the duration of the timeout.
-The default is 0, which means the proxy will not time out.
-.It Fl u Ar user
-Specify the named user to drop privilege to, after doing
-.Xr pf 4
-lookups which require root privilege.
-By default,
-.Nm
-drops privilege to the user
-.Em proxy .
-.Pp
-Running as root means that the source of data connections the proxy makes
-for PORT and EPRT will be the RFC mandated port 20.
-When running as a non-root user, the source of the data connections from
-.Nm
-will be chosen randomly from the range
-.Ar minport
-to
-.Ar maxport
-as described above.
-.It Fl V
-Be verbose.
-With this option the proxy logs the control commands
-sent by clients and the replies sent by the servers to
-.Xr syslogd 8 .
-.It Fl w
-Use the tcp wrapper access control library
-.Xr hosts_access 3 ,
-allowing connections to be allowed or denied based on the tcp wrapper's
-.Xr hosts.allow 5
-and
-.Xr hosts.deny 5
-files.
-The proxy does libwrap operations after determining the destination
-of the captured control connection, so that tcp wrapper rules may
-be written based on the destination as well as the source of FTP connections.
+Number of seconds that the control connection can be idle, before the
+proxy will disconnect.
+The maximum is 86400 seconds, which is also the default.
+Do not set this too low, because the control connection is usually
+idle when large data transfers are taking place.
+.It Fl v
+Set the 'log' flag on pf rules committed by
+.Nm .
+Use twice to set the 'log-all' flag.
+The pf rules do not log by default.
.El
-.Pp
-.Nm ftp-proxy
-is run from
-.Xr inetd 8
-and requires that FTP connections are redirected to it using a
-.Em rdr
-rule.
-A typical way to do this would be to use a
+.Sh CONFIGURATION
+To make use of the proxy,
.Xr pf.conf 5
-rule such as
-.Bd -literal -offset 2n
-int_if = \&"xl0\&"
-rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
-.Ed
+needs the following rules.
+All anchors are mandatory.
+Adjust the rules as needed.
.Pp
-.Xr inetd 8
-must then be configured to run
-.Nm
-on the port from above using
+In the NAT section:
.Bd -literal -offset 2n
-127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy
+nat-anchor "ftp-proxy/*"
+rdr-anchor "ftp-proxy/*"
+rdr pass on $int_if proto tcp from $lan to any port 21 -> \e
+ 127.0.0.1 port 8021
.Ed
.Pp
-in
-.Xr inetd.conf 5 .
-.Pp
-.Nm
-accepts the redirected control connections and forwards them
-to the server.
-The proxy replaces the address and port number that the client
-sends through the control connection to the server with its own
-address and proxy port, where it listens for the data connection.
-When the server opens the data connection back to this port, the
-proxy forwards it to the client.
-The
-.Xr pf.conf 5
-rules need to let pass connections to these proxy ports
-(see options
-.Fl u , m ,
-and
-.Fl M
-above) in on the external interface.
-The following example allows only ports 49152 to 65535 to pass in
-statefully:
-.Bd -literal -offset indent
-block in on $ext_if proto tcp all
-pass in on $ext_if inet proto tcp from any to $ext_if \e
- port > 49151 keep state
-.Ed
-.Pp
-Alternatively, rules can make use of the fact that by default,
-.Nm
-runs as user
-.Qq proxy
-to allow the backchannel connections, as in the following example:
-.Bd -literal -offset indent
-block in on $ext_if proto tcp all
-pass in on $ext_if inet proto tcp from any to $ext_if \e
- user proxy keep state
+In the rule section:
+.Bd -literal -offset 2n
+anchor "ftp-proxy/*"
+pass out proto tcp from $proxy to any port 21
.Ed
-.Pp
-These examples do not cover the connections from the proxy to the
-foreign FTP server.
-If one does not pass outgoing connections by default additional rules
-are needed.
.Sh SEE ALSO
.Xr ftp 1 ,
.Xr pf 4 ,
-.Xr hosts.allow 5 ,
-.Xr hosts.deny 5 ,
-.Xr inetd.conf 5 ,
-.Xr pf.conf 5 ,
-.Xr inetd 8 ,
-.Xr pfctl 8 ,
-.Xr syslogd 8
-.Sh BUGS
-Extended Passive mode
-.Pq EPSV
-is not supported by the proxy and will not work unless the proxy is run
-in network address translation mode.
-When not in network address translation mode, the proxy returns an error
-to the client, hopefully forcing the client to revert to passive mode
-.Pq PASV
-which is supported.
-EPSV will work in network address translation mode, assuming a
.Xr pf.conf 5
-setup which allows the EPSV connections through to their destinations.
+.Sh CAVEATS
+.Xr pf 4
+does not allow the ruleset to be modified if the system is running at a
+.Xr securelevel 7
+higher than 1.
+At that level
+.Nm ftp-proxy
+cannot add rules to the anchors and FTP data connections may get blocked.
+.Pp
+Negotiated data connection ports below 1024 are not allowed.
.Pp
-IPv6 is not yet supported.
+The negotiated IP address for active modes is ignored for security
+reasons.
+This makes third party file transfers impossible.
+.Pp
+.Nm ftp-proxy
+chroots to "/var/empty" and changes to user "proxy" to drop privileges.
diff --git a/contrib/pf/ftp-proxy/ftp-proxy.c b/contrib/pf/ftp-proxy/ftp-proxy.c
index dd0c654..99e4174 100644
--- a/contrib/pf/ftp-proxy/ftp-proxy.c
+++ b/contrib/pf/ftp-proxy/ftp-proxy.c
@@ -1,84 +1,36 @@
-/* $OpenBSD: ftp-proxy.c,v 1.41 2005/03/05 23:11:19 cloder Exp $ */
+/* $OpenBSD: ftp-proxy.c,v 1.13 2006/12/30 13:24:00 camield Exp $ */
/*
- * Copyright (c) 1996-2001
- * Obtuse Systems Corporation. All rights reserved.
+ * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the Obtuse Systems nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY OBTUSE SYSTEMS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL OBTUSE SYSTEMS CORPORATION OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-/*
- * ftp proxy, Originally based on juniper_ftp_proxy from the Obtuse
- * Systems juniper firewall, written by Dan Boulet <danny@obtuse.com>
- * and Bob Beck <beck@obtuse.com>
- *
- * This version basically passes everything through unchanged except
- * for the PORT and the * "227 Entering Passive Mode" reply.
- *
- * A PORT command is handled by noting the IP address and port number
- * specified and then configuring a listen port on some very high port
- * number and telling the server about it using a PORT message.
- * We then watch for an in-bound connection on the port from the server
- * and connect to the client's port when it happens.
- *
- * A "227 Entering Passive Mode" reply is handled by noting the IP address
- * and port number specified and then configuring a listen port on some
- * very high port number and telling the client about it using a
- * "227 Entering Passive Mode" reply.
- * We then watch for an in-bound connection on the port from the client
- * and connect to the server's port when it happens.
- *
- * supports tcp wrapper lookups/access control with the -w flag using
- * the real destination address - the tcp wrapper stuff is done after
- * the real destination address is retrieved from pf
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
*
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/*
- * TODO:
- * Plenty, this is very basic, with the idea to get it in clean first.
- *
- * - IPv6 and EPASV support
- * - Content filter support
- * - filename filter support
- * - per-user rules perhaps.
- */
-
-#include <sys/param.h>
+#include <sys/queue.h>
+#include <sys/types.h>
#include <sys/time.h>
+#include <sys/resource.h>
#include <sys/socket.h>
#include <net/if.h>
+#include <net/pfvar.h>
#include <netinet/in.h>
-
#include <arpa/inet.h>
-#include <ctype.h>
+#include <err.h>
#include <errno.h>
-#include <grp.h>
+#include <event.h>
+#include <fcntl.h>
#include <netdb.h>
#include <pwd.h>
#include <signal.h>
@@ -86,1288 +38,1056 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <sysexits.h>
#include <syslog.h>
#include <unistd.h>
-
-#include "util.h"
-
-#ifdef LIBWRAP
-#include <tcpd.h>
-int allow_severity = LOG_INFO;
-int deny_severity = LOG_NOTICE;
-#endif /* LIBWRAP */
-
-int min_port = IPPORT_HIFIRSTAUTO;
-int max_port = IPPORT_HILASTAUTO;
-
-#define STARTBUFSIZE 1024 /* Must be at least 3 */
-
-/*
- * Variables used to support PORT mode connections.
- *
- * This gets a bit complicated.
- *
- * If PORT mode is on then client_listen_sa describes the socket that
- * the real client is listening on and server_listen_sa describes the
- * socket that we are listening on (waiting for the real server to connect
- * with us).
- *
- * If PASV mode is on then client_listen_sa describes the socket that
- * we are listening on (waiting for the real client to connect to us on)
- * and server_listen_sa describes the socket that the real server is
- * listening on.
- *
- * If the socket we are listening on gets a connection then we connect
- * to the other side's socket. Similarly, if a connected socket is
- * shutdown then we shutdown the other side's socket.
- */
-
-double xfer_start_time;
-
-struct sockaddr_in real_server_sa;
-struct sockaddr_in client_listen_sa;
-struct sockaddr_in server_listen_sa;
-struct sockaddr_in proxy_sa;
-struct in_addr src_addr;
-
-int client_listen_socket = -1; /* Only used in PASV mode */
-int client_data_socket = -1; /* Connected socket to real client */
-int server_listen_socket = -1; /* Only used in PORT mode */
-int server_data_socket = -1; /* Connected socket to real server */
-int client_data_bytes, server_data_bytes;
-
-int AnonFtpOnly;
-int Verbose;
-int NatMode;
-int ReverseMode;
-
-char ClientName[NI_MAXHOST];
-char RealServerName[NI_MAXHOST];
-char OurName[NI_MAXHOST];
-
-const char *User = "proxy";
-const char *Group;
-
-extern int Debug_Level;
-extern int Use_Rdns;
-extern in_addr_t Bind_Addr;
+#include <vis.h>
+
+#include "filter.h"
+
+#define CONNECT_TIMEOUT 30
+#define MIN_PORT 1024
+#define MAX_LINE 500
+#define MAX_LOGLINE 300
+#define NTOP_BUFS 3
+#define TCP_BACKLOG 10
+
+#define CHROOT_DIR "/var/empty"
+#define NOPRIV_USER "proxy"
+
+/* pfctl standard NAT range. */
+#define PF_NAT_PROXY_PORT_LOW 50001
+#define PF_NAT_PROXY_PORT_HIGH 65535
+
+#define sstosa(ss) ((struct sockaddr *)(ss))
+
+enum { CMD_NONE = 0, CMD_PORT, CMD_EPRT, CMD_PASV, CMD_EPSV };
+
+struct session {
+ u_int32_t id;
+ struct sockaddr_storage client_ss;
+ struct sockaddr_storage proxy_ss;
+ struct sockaddr_storage server_ss;
+ struct sockaddr_storage orig_server_ss;
+ struct bufferevent *client_bufev;
+ struct bufferevent *server_bufev;
+ int client_fd;
+ int server_fd;
+ char cbuf[MAX_LINE];
+ size_t cbuf_valid;
+ char sbuf[MAX_LINE];
+ size_t sbuf_valid;
+ int cmd;
+ u_int16_t port;
+ u_int16_t proxy_port;
+ LIST_ENTRY(session) entry;
+};
+
+LIST_HEAD(, session) sessions = LIST_HEAD_INITIALIZER(sessions);
+
+void client_error(struct bufferevent *, short, void *);
+int client_parse(struct session *s);
+int client_parse_anon(struct session *s);
+int client_parse_cmd(struct session *s);
+void client_read(struct bufferevent *, void *);
+int drop_privs(void);
+void end_session(struct session *);
+int exit_daemon(void);
+int getline(char *, size_t *);
+void handle_connection(const int, short, void *);
+void handle_signal(int, short, void *);
+struct session * init_session(void);
+void logmsg(int, const char *, ...);
+u_int16_t parse_port(int);
+u_int16_t pick_proxy_port(void);
+void proxy_reply(int, struct sockaddr *, u_int16_t);
+void server_error(struct bufferevent *, short, void *);
+int server_parse(struct session *s);
+void server_read(struct bufferevent *, void *);
+const char *sock_ntop(struct sockaddr *);
+void usage(void);
+
+char linebuf[MAX_LINE + 1];
+size_t linelen;
+
+char ntop_buf[NTOP_BUFS][INET6_ADDRSTRLEN];
+
+struct sockaddr_storage fixed_server_ss, fixed_proxy_ss;
+char *fixed_server, *fixed_server_port, *fixed_proxy, *listen_ip, *listen_port,
+ *qname;
+int anonymous_only, daemonize, id_count, ipv6_mode, loglevel, max_sessions,
+ rfc_mode, session_count, timeout, verbose;
extern char *__progname;
-typedef enum {
- UNKNOWN_MODE,
- PORT_MODE,
- PASV_MODE,
- EPRT_MODE,
- EPSV_MODE
-} connection_mode_t;
-
-connection_mode_t connection_mode;
-
-extern void debuglog(int debug_level, const char *fmt, ...);
-double wallclock_time(void);
-void show_xfer_stats(void);
-void log_control_command (char *cmd, int client);
-int new_dataconn(int server);
-void do_client_cmd(struct csiob *client, struct csiob *server);
-void do_server_reply(struct csiob *server, struct csiob *client);
-static void
-usage(void)
+void
+client_error(struct bufferevent *bufev, short what, void *arg)
{
- syslog(LOG_NOTICE,
- "usage: %s [-AnrVw] [-a address] [-D debuglevel] [-g group]"
- " [-M maxport] [-m minport] [-R address[:port]] [-S address]"
- " [-t timeout] [-u user]", __progname);
- exit(EX_USAGE);
+ struct session *s = arg;
+
+ if (what & EVBUFFER_EOF)
+ logmsg(LOG_INFO, "#%d client close", s->id);
+ else if (what == (EVBUFFER_ERROR | EVBUFFER_READ))
+ logmsg(LOG_ERR, "#%d client reset connection", s->id);
+ else if (what & EVBUFFER_TIMEOUT)
+ logmsg(LOG_ERR, "#%d client timeout", s->id);
+ else if (what & EVBUFFER_WRITE)
+ logmsg(LOG_ERR, "#%d client write error: %d", s->id, what);
+ else
+ logmsg(LOG_ERR, "#%d abnormal client error: %d", s->id, what);
+
+ end_session(s);
}
-static void
-close_client_data(void)
+int
+client_parse(struct session *s)
{
- if (client_data_socket >= 0) {
- shutdown(client_data_socket, 2);
- close(client_data_socket);
- client_data_socket = -1;
- }
+ /* Reset any previous command. */
+ s->cmd = CMD_NONE;
+ s->port = 0;
+
+ /* Commands we are looking for are at least 4 chars long. */
+ if (linelen < 4)
+ return (1);
+
+ if (linebuf[0] == 'P' || linebuf[0] == 'p' ||
+ linebuf[0] == 'E' || linebuf[0] == 'e')
+ return (client_parse_cmd(s));
+
+ if (anonymous_only && (linebuf[0] == 'U' || linebuf[0] == 'u'))
+ return (client_parse_anon(s));
+
+ return (1);
}
-static void
-close_server_data(void)
+int
+client_parse_anon(struct session *s)
{
- if (server_data_socket >= 0) {
- shutdown(server_data_socket, 2);
- close(server_data_socket);
- server_data_socket = -1;
+ if (strcasecmp("USER ftp\r\n", linebuf) != 0 &&
+ strcasecmp("USER anonymous\r\n", linebuf) != 0) {
+ snprintf(linebuf, sizeof linebuf,
+ "500 Only anonymous FTP allowed\r\n");
+ logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);
+
+ /* Talk back to the client ourself. */
+ linelen = strlen(linebuf);
+ bufferevent_write(s->client_bufev, linebuf, linelen);
+
+ /* Clear buffer so it's not sent to the server. */
+ linebuf[0] = '\0';
+ linelen = 0;
}
+
+ return (1);
}
-static void
-drop_privs(void)
+int
+client_parse_cmd(struct session *s)
{
- struct passwd *pw;
- struct group *gr;
- uid_t uid = 0;
- gid_t gid = 0;
-
- if (User != NULL) {
- pw = getpwnam(User);
- if (pw == NULL) {
- syslog(LOG_ERR, "cannot find user %s", User);
- exit(EX_USAGE);
- }
- uid = pw->pw_uid;
- gid = pw->pw_gid;
- }
+ if (strncasecmp("PASV", linebuf, 4) == 0)
+ s->cmd = CMD_PASV;
+ else if (strncasecmp("PORT ", linebuf, 5) == 0)
+ s->cmd = CMD_PORT;
+ else if (strncasecmp("EPSV", linebuf, 4) == 0)
+ s->cmd = CMD_EPSV;
+ else if (strncasecmp("EPRT ", linebuf, 5) == 0)
+ s->cmd = CMD_EPRT;
+ else
+ return (1);
- if (Group != NULL) {
- gr = getgrnam(Group);
- if (gr == NULL) {
- syslog(LOG_ERR, "cannot find group %s", Group);
- exit(EX_USAGE);
- }
- gid = gr->gr_gid;
+ if (ipv6_mode && (s->cmd == CMD_PASV || s->cmd == CMD_PORT)) {
+ logmsg(LOG_CRIT, "PASV and PORT not allowed with IPv6");
+ return (0);
}
- if (gid != 0 && (setegid(gid) == -1 || setgid(gid) == -1)) {
- syslog(LOG_ERR, "cannot drop group privs (%m)");
- exit(EX_CONFIG);
+ if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT) {
+ s->port = parse_port(s->cmd);
+ if (s->port < MIN_PORT) {
+ logmsg(LOG_CRIT, "#%d bad port in '%s'", s->id,
+ linebuf);
+ return (0);
+ }
+ s->proxy_port = pick_proxy_port();
+ proxy_reply(s->cmd, sstosa(&s->proxy_ss), s->proxy_port);
+ logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);
}
- if (uid != 0 && (seteuid(uid) == -1 || setuid(uid) == -1)) {
- syslog(LOG_ERR, "cannot drop root privs (%m)");
- exit(EX_CONFIG);
- }
+ return (1);
}
-#ifdef LIBWRAP
-/*
- * Check a connection against the tcpwrapper, log if we're going to
- * reject it, returns: 0 -> reject, 1 -> accept. We add in hostnames
- * if we are set to do reverse DNS, otherwise no.
- */
-static int
-check_host(struct sockaddr_in *client_sin, struct sockaddr_in *server_sin)
+void
+client_read(struct bufferevent *bufev, void *arg)
{
- char cname[NI_MAXHOST];
- char sname[NI_MAXHOST];
- struct request_info request;
- int i;
-
- request_init(&request, RQ_DAEMON, __progname, RQ_CLIENT_SIN,
- client_sin, RQ_SERVER_SIN, server_sin, RQ_CLIENT_ADDR,
- inet_ntoa(client_sin->sin_addr), 0);
-
- if (Use_Rdns) {
- /*
- * We already looked these up, but we have to do it again
- * for tcp wrapper, to ensure that we get the DNS name, since
- * the tcp wrapper cares about these things, and we don't
- * want to pass in a printed address as a name.
- */
- i = getnameinfo((struct sockaddr *) &client_sin->sin_addr,
- sizeof(&client_sin->sin_addr), cname, sizeof(cname),
- NULL, 0, NI_NAMEREQD);
-
- if (i != 0 && i != EAI_NONAME && i != EAI_AGAIN)
- strlcpy(cname, STRING_UNKNOWN, sizeof(cname));
-
- i = getnameinfo((struct sockaddr *)&server_sin->sin_addr,
- sizeof(&server_sin->sin_addr), sname, sizeof(sname),
- NULL, 0, NI_NAMEREQD);
-
- if (i != 0 && i != EAI_NONAME && i != EAI_AGAIN)
- strlcpy(sname, STRING_UNKNOWN, sizeof(sname));
- } else {
- /*
- * ensure the TCP wrapper doesn't start doing
- * reverse DNS lookups if we aren't supposed to.
- */
- strlcpy(cname, STRING_UNKNOWN, sizeof(cname));
- strlcpy(sname, STRING_UNKNOWN, sizeof(sname));
- }
+ struct session *s = arg;
+ size_t buf_avail, read;
+ int n;
- request_set(&request, RQ_SERVER_ADDR, inet_ntoa(server_sin->sin_addr),
- 0);
- request_set(&request, RQ_CLIENT_NAME, cname, RQ_SERVER_NAME, sname, 0);
+ do {
+ buf_avail = sizeof s->cbuf - s->cbuf_valid;
+ read = bufferevent_read(bufev, s->cbuf + s->cbuf_valid,
+ buf_avail);
+ s->cbuf_valid += read;
+
+ while ((n = getline(s->cbuf, &s->cbuf_valid)) > 0) {
+ logmsg(LOG_DEBUG, "#%d client: %s", s->id, linebuf);
+ if (!client_parse(s)) {
+ end_session(s);
+ return;
+ }
+ bufferevent_write(s->server_bufev, linebuf, linelen);
+ }
- if (!hosts_access(&request)) {
- syslog(LOG_NOTICE, "tcpwrappers rejected: %s -> %s",
- ClientName, RealServerName);
- return(0);
- }
- return(1);
+ if (n == -1) {
+ logmsg(LOG_ERR, "#%d client command too long or not"
+ " clean", s->id);
+ end_session(s);
+ return;
+ }
+ } while (read == buf_avail);
}
-#endif /* LIBWRAP */
-double
-wallclock_time(void)
+int
+drop_privs(void)
{
- struct timeval tv;
+ struct passwd *pw;
+
+ pw = getpwnam(NOPRIV_USER);
+ if (pw == NULL)
+ return (0);
- gettimeofday(&tv, NULL);
- return(tv.tv_sec + tv.tv_usec / 1e6);
+ tzset();
+ if (chroot(CHROOT_DIR) != 0 || chdir("/") != 0 ||
+ setgroups(1, &pw->pw_gid) != 0 ||
+ setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0 ||
+ setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0)
+ return (0);
+
+ return (1);
}
-/*
- * Show the stats for this data transfer
- */
void
-show_xfer_stats(void)
+end_session(struct session *s)
{
- char tbuf[1000];
- double delta;
- size_t len;
- int i = -1;
-
- if (!Verbose)
- return;
-
- delta = wallclock_time() - xfer_start_time;
-
- if (delta < 0.001)
- delta = 0.001;
-
- if (client_data_bytes == 0 && server_data_bytes == 0) {
- syslog(LOG_INFO,
- "data transfer complete (no bytes transferred)");
- return;
+ int err;
+
+ logmsg(LOG_INFO, "#%d ending session", s->id);
+
+ if (s->client_fd != -1)
+ close(s->client_fd);
+ if (s->server_fd != -1)
+ close(s->server_fd);
+
+ if (s->client_bufev)
+ bufferevent_free(s->client_bufev);
+ if (s->server_bufev)
+ bufferevent_free(s->server_bufev);
+
+ /* Remove rulesets by commiting empty ones. */
+ err = 0;
+ if (prepare_commit(s->id) == -1)
+ err = errno;
+ else if (do_commit() == -1) {
+ err = errno;
+ do_rollback();
}
+ if (err)
+ logmsg(LOG_ERR, "#%d pf rule removal failed: %s", s->id,
+ strerror(err));
- len = sizeof(tbuf);
-
- if (delta >= 60) {
- int idelta;
+ LIST_REMOVE(s, entry);
+ free(s);
+ session_count--;
+}
- idelta = delta + 0.5;
- if (idelta >= 60*60) {
- i = snprintf(tbuf, len,
- "data transfer complete (%dh %dm %ds",
- idelta / (60*60), (idelta % (60*60)) / 60,
- idelta % 60);
- if (i == -1 || i >= len)
- goto logit;
- len -= i;
- } else {
- i = snprintf(tbuf, len,
- "data transfer complete (%dm %ds", idelta / 60,
- idelta % 60);
- if (i == -1 || i >= len)
- goto logit;
- len -= i;
- }
- } else {
- i = snprintf(tbuf, len, "data transfer complete (%.1fs",
- delta);
- if (i == -1 || i >= len)
- goto logit;
- len -= i;
- }
+int
+exit_daemon(void)
+{
+ struct session *s, *next;
- if (client_data_bytes > 0) {
- i = snprintf(&tbuf[strlen(tbuf)], len,
- ", %d bytes to server) (%.1fKB/s", client_data_bytes,
- (client_data_bytes / delta) / (double)1024);
- if (i == -1 || i >= len)
- goto logit;
- len -= i;
- }
- if (server_data_bytes > 0) {
- i = snprintf(&tbuf[strlen(tbuf)], len,
- ", %d bytes to client) (%.1fKB/s", server_data_bytes,
- (server_data_bytes / delta) / (double)1024);
- if (i == -1 || i >= len)
- goto logit;
- len -= i;
+ for (s = LIST_FIRST(&sessions); s != LIST_END(&sessions); s = next) {
+ next = LIST_NEXT(s, entry);
+ end_session(s);
}
- strlcat(tbuf, ")", sizeof(tbuf));
- logit:
- if (i != -1)
- syslog(LOG_INFO, "%s", tbuf);
-}
-void
-log_control_command (char *cmd, int client)
-{
- /* log an ftp control command or reply */
- const char *logstring;
- int level = LOG_DEBUG;
+ if (daemonize)
+ closelog();
- if (!Verbose)
- return;
+ exit(0);
- /* don't log passwords */
- if (strncasecmp(cmd, "pass ", 5) == 0)
- logstring = "PASS XXXX";
- else
- logstring = cmd;
- if (client) {
- /* log interesting stuff at LOG_INFO, rest at LOG_DEBUG */
- if ((strncasecmp(cmd, "user ", 5) == 0) ||
- (strncasecmp(cmd, "retr ", 5) == 0) ||
- (strncasecmp(cmd, "cwd ", 4) == 0) ||
- (strncasecmp(cmd, "stor " ,5) == 0))
- level = LOG_INFO;
- }
- syslog(level, "%s %s", client ? "client:" : " server:",
- logstring);
+ /* NOTREACHED */
+ return (-1);
}
-/*
- * set ourselves up for a new data connection. Direction is toward client if
- * "server" is 0, towards server otherwise.
- */
int
-new_dataconn(int server)
+getline(char *buf, size_t *valid)
{
- /*
- * Close existing data conn.
- */
+ size_t i;
- if (client_listen_socket != -1) {
- close(client_listen_socket);
- client_listen_socket = -1;
+ if (*valid > MAX_LINE)
+ return (-1);
+
+ /* Copy to linebuf while searching for a newline. */
+ for (i = 0; i < *valid; i++) {
+ linebuf[i] = buf[i];
+ if (buf[i] == '\0')
+ return (-1);
+ if (buf[i] == '\n')
+ break;
}
- close_client_data();
- if (server_listen_socket != -1) {
- close(server_listen_socket);
- server_listen_socket = -1;
+ if (i == *valid) {
+ /* No newline found. */
+ linebuf[0] = '\0';
+ linelen = 0;
+ if (i < MAX_LINE)
+ return (0);
+ return (-1);
}
- close_server_data();
- if (server) {
- bzero(&server_listen_sa, sizeof(server_listen_sa));
- server_listen_socket = get_backchannel_socket(SOCK_STREAM,
- min_port, max_port, -1, 1, &server_listen_sa);
+ linelen = i + 1;
+ linebuf[linelen] = '\0';
+ *valid -= linelen;
+
+ /* Move leftovers to the start. */
+ if (*valid != 0)
+ bcopy(buf + linelen, buf, *valid);
- if (server_listen_socket == -1) {
- syslog(LOG_INFO, "server socket bind() failed (%m)");
- exit(EX_OSERR);
- }
- if (listen(server_listen_socket, 5) != 0) {
- syslog(LOG_INFO, "server socket listen() failed (%m)");
- exit(EX_OSERR);
- }
- } else {
- bzero(&client_listen_sa, sizeof(client_listen_sa));
- client_listen_socket = get_backchannel_socket(SOCK_STREAM,
- min_port, max_port, -1, 1, &client_listen_sa);
-
- if (client_listen_socket == -1) {
- syslog(LOG_NOTICE,
- "cannot get client listen socket (%m)");
- exit(EX_OSERR);
- }
- if (listen(client_listen_socket, 5) != 0) {
- syslog(LOG_NOTICE,
- "cannot listen on client socket (%m)");
- exit(EX_OSERR);
- }
- }
- return(0);
+ return ((int)linelen);
}
-static void
-connect_pasv_backchannel(void)
+void
+handle_connection(const int listen_fd, short event, void *ev)
{
- struct sockaddr_in listen_sa;
- socklen_t salen;
+ struct sockaddr_storage tmp_ss;
+ struct sockaddr *client_sa, *server_sa, *fixed_server_sa;
+ struct sockaddr *client_to_proxy_sa, *proxy_to_server_sa;
+ struct session *s;
+ socklen_t len;
+ int client_fd, fc, on;
/*
- * We are about to accept a connection from the client.
- * This is a PASV data connection.
+ * We _must_ accept the connection, otherwise libevent will keep
+ * coming back, and we will chew up all CPU.
*/
- debuglog(2, "client listen socket ready");
+ client_sa = sstosa(&tmp_ss);
+ len = sizeof(struct sockaddr_storage);
+ if ((client_fd = accept(listen_fd, client_sa, &len)) < 0) {
+ logmsg(LOG_CRIT, "accept failed: %s", strerror(errno));
+ return;
+ }
- close_server_data();
- close_client_data();
+ /* Refuse connection if the maximum is reached. */
+ if (session_count >= max_sessions) {
+ logmsg(LOG_ERR, "client limit (%d) reached, refusing "
+ "connection from %s", max_sessions, sock_ntop(client_sa));
+ close(client_fd);
+ return;
+ }
+
+ /* Allocate session and copy back the info from the accept(). */
+ s = init_session();
+ if (s == NULL) {
+ logmsg(LOG_CRIT, "init_session failed");
+ close(client_fd);
+ return;
+ }
+ s->client_fd = client_fd;
+ memcpy(sstosa(&s->client_ss), client_sa, client_sa->sa_len);
- salen = sizeof(listen_sa);
- client_data_socket = accept(client_listen_socket,
- (struct sockaddr *)&listen_sa, &salen);
+ /* Cast it once, and be done with it. */
+ client_sa = sstosa(&s->client_ss);
+ server_sa = sstosa(&s->server_ss);
+ client_to_proxy_sa = sstosa(&tmp_ss);
+ proxy_to_server_sa = sstosa(&s->proxy_ss);
+ fixed_server_sa = sstosa(&fixed_server_ss);
- if (client_data_socket < 0) {
- syslog(LOG_NOTICE, "accept() failed (%m)");
- exit(EX_OSERR);
+ /* Log id/client early to ease debugging. */
+ logmsg(LOG_DEBUG, "#%d accepted connection from %s", s->id,
+ sock_ntop(client_sa));
+
+ /*
+ * Find out the real server and port that the client wanted.
+ */
+ len = sizeof(struct sockaddr_storage);
+ if ((getsockname(s->client_fd, client_to_proxy_sa, &len)) < 0) {
+ logmsg(LOG_CRIT, "#%d getsockname failed: %s", s->id,
+ strerror(errno));
+ goto fail;
}
- close(client_listen_socket);
- client_listen_socket = -1;
- memset(&listen_sa, 0, sizeof(listen_sa));
-
- server_data_socket = get_backchannel_socket(SOCK_STREAM, min_port,
- max_port, -1, 1, &listen_sa);
- if (server_data_socket < 0) {
- syslog(LOG_NOTICE, "get_backchannel_socket() failed (%m)");
- exit(EX_OSERR);
+ if (server_lookup(client_sa, client_to_proxy_sa, server_sa) != 0) {
+ logmsg(LOG_CRIT, "#%d server lookup failed (no rdr?)", s->id);
+ goto fail;
}
- if (connect(server_data_socket, (struct sockaddr *) &server_listen_sa,
- sizeof(server_listen_sa)) != 0) {
- syslog(LOG_NOTICE, "connect() failed (%m)");
- exit(EX_NOHOST);
+ if (fixed_server) {
+ memcpy(sstosa(&s->orig_server_ss), server_sa,
+ server_sa->sa_len);
+ memcpy(server_sa, fixed_server_sa, fixed_server_sa->sa_len);
}
- client_data_bytes = 0;
- server_data_bytes = 0;
- xfer_start_time = wallclock_time();
-}
-static void
-connect_port_backchannel(void)
-{
- struct sockaddr_in listen_sa;
- socklen_t salen;
+ /* XXX: check we are not connecting to ourself. */
/*
- * We are about to accept a connection from the server.
- * This is a PORT or EPRT data connection.
+ * Setup socket and connect to server.
*/
- debuglog(2, "server listen socket ready");
-
- close_server_data();
- close_client_data();
+ if ((s->server_fd = socket(server_sa->sa_family, SOCK_STREAM,
+ IPPROTO_TCP)) < 0) {
+ logmsg(LOG_CRIT, "#%d server socket failed: %s", s->id,
+ strerror(errno));
+ goto fail;
+ }
+ if (fixed_proxy && bind(s->server_fd, sstosa(&fixed_proxy_ss),
+ fixed_proxy_ss.ss_len) != 0) {
+ logmsg(LOG_CRIT, "#%d cannot bind fixed proxy address: %s",
+ s->id, strerror(errno));
+ goto fail;
+ }
- salen = sizeof(listen_sa);
- server_data_socket = accept(server_listen_socket,
- (struct sockaddr *)&listen_sa, &salen);
- if (server_data_socket < 0) {
- syslog(LOG_NOTICE, "accept() failed (%m)");
- exit(EX_OSERR);
+ /* Use non-blocking connect(), see CONNECT_TIMEOUT below. */
+ if ((fc = fcntl(s->server_fd, F_GETFL)) == -1 ||
+ fcntl(s->server_fd, F_SETFL, fc | O_NONBLOCK) == -1) {
+ logmsg(LOG_CRIT, "#%d cannot mark socket non-blocking: %s",
+ s->id, strerror(errno));
+ goto fail;
+ }
+ if (connect(s->server_fd, server_sa, server_sa->sa_len) < 0 &&
+ errno != EINPROGRESS) {
+ logmsg(LOG_CRIT, "#%d proxy cannot connect to server %s: %s",
+ s->id, sock_ntop(server_sa), strerror(errno));
+ goto fail;
}
- close(server_listen_socket);
- server_listen_socket = -1;
-
- if (getuid() != 0) {
- /*
- * We're not running as root, so we get a backchannel
- * socket bound in our designated range, instead of
- * getting one bound to port 20 - This is deliberately
- * not RFC compliant.
- */
- bcopy(&src_addr, &listen_sa.sin_addr, sizeof(struct in_addr));
- client_data_socket = get_backchannel_socket(SOCK_STREAM,
- min_port, max_port, -1, 1, &listen_sa);
- if (client_data_socket < 0) {
- syslog(LOG_NOTICE, "get_backchannel_socket() failed (%m)");
- exit(EX_OSERR);
- }
- } else {
+ len = sizeof(struct sockaddr_storage);
+ if ((getsockname(s->server_fd, proxy_to_server_sa, &len)) < 0) {
+ logmsg(LOG_CRIT, "#%d getsockname failed: %s", s->id,
+ strerror(errno));
+ goto fail;
+ }
- /*
- * We're root, get our backchannel socket bound to port
- * 20 here, so we're fully RFC compliant.
- */
- client_data_socket = socket(AF_INET, SOCK_STREAM, 0);
+ logmsg(LOG_INFO, "#%d FTP session %d/%d started: client %s to server "
+ "%s via proxy %s ", s->id, session_count, max_sessions,
+ sock_ntop(client_sa), sock_ntop(server_sa),
+ sock_ntop(proxy_to_server_sa));
- salen = 1;
- listen_sa.sin_family = AF_INET;
- bcopy(&src_addr, &listen_sa.sin_addr, sizeof(struct in_addr));
- listen_sa.sin_port = htons(20);
+ /* Keepalive is nice, but don't care if it fails. */
+ on = 1;
+ setsockopt(s->client_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+ sizeof on);
+ setsockopt(s->server_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+ sizeof on);
- if (setsockopt(client_data_socket, SOL_SOCKET, SO_REUSEADDR,
- &salen, sizeof(salen)) == -1) {
- syslog(LOG_NOTICE, "setsockopt() failed (%m)");
- exit(EX_OSERR);
- }
-
- if (bind(client_data_socket, (struct sockaddr *)&listen_sa,
- sizeof(listen_sa)) == - 1) {
- syslog(LOG_NOTICE, "data channel bind() failed (%m)");
- exit(EX_OSERR);
- }
+ /*
+ * Setup buffered events.
+ */
+ s->client_bufev = bufferevent_new(s->client_fd, &client_read, NULL,
+ &client_error, s);
+ if (s->client_bufev == NULL) {
+ logmsg(LOG_CRIT, "#%d bufferevent_new client failed", s->id);
+ goto fail;
}
-
- if (connect(client_data_socket, (struct sockaddr *) &client_listen_sa,
- sizeof(client_listen_sa)) != 0) {
- syslog(LOG_INFO, "cannot connect data channel (%m)");
- exit(EX_NOHOST);
+ bufferevent_settimeout(s->client_bufev, timeout, 0);
+ bufferevent_enable(s->client_bufev, EV_READ | EV_TIMEOUT);
+
+ s->server_bufev = bufferevent_new(s->server_fd, &server_read, NULL,
+ &server_error, s);
+ if (s->server_bufev == NULL) {
+ logmsg(LOG_CRIT, "#%d bufferevent_new server failed", s->id);
+ goto fail;
}
+ bufferevent_settimeout(s->server_bufev, CONNECT_TIMEOUT, 0);
+ bufferevent_enable(s->server_bufev, EV_READ | EV_TIMEOUT);
+
+ return;
- client_data_bytes = 0;
- server_data_bytes = 0;
- xfer_start_time = wallclock_time();
+ fail:
+ end_session(s);
}
void
-do_client_cmd(struct csiob *client, struct csiob *server)
+handle_signal(int sig, short event, void *arg)
{
- int i, j, rv;
- char tbuf[100];
- char *sendbuf = NULL;
-
- log_control_command((char *)client->line_buffer, 1);
-
- /* client->line_buffer is an ftp control command.
- * There is no reason for these to be very long.
- * In the interest of limiting buffer overrun attempts,
- * we catch them here.
- */
- if (strlen((char *)client->line_buffer) > 512) {
- syslog(LOG_NOTICE, "excessively long control command");
- exit(EX_DATAERR);
- }
-
/*
- * Check the client user provided if needed
+ * Signal handler rules don't apply, libevent decouples for us.
*/
- if (AnonFtpOnly && strncasecmp((char *)client->line_buffer, "user ",
- strlen("user ")) == 0) {
- char *cp;
-
- cp = (char *) client->line_buffer + strlen("user ");
- if ((strcasecmp(cp, "ftp\r\n") != 0) &&
- (strcasecmp(cp, "anonymous\r\n") != 0)) {
- /*
- * this isn't anonymous - give the client an
- * error before they send a password
- */
- snprintf(tbuf, sizeof(tbuf),
- "500 Only anonymous FTP is allowed\r\n");
- j = 0;
- i = strlen(tbuf);
- do {
- rv = send(client->fd, tbuf + j, i - j, 0);
- if (rv == -1 && errno != EAGAIN &&
- errno != EINTR)
- break;
- else if (rv != -1)
- j += rv;
- } while (j >= 0 && j < i);
- sendbuf = NULL;
- } else
- sendbuf = (char *)client->line_buffer;
- } else if ((strncasecmp((char *)client->line_buffer, "eprt ",
- strlen("eprt ")) == 0)) {
-
- /* Watch out for EPRT commands */
- char *line = NULL, *q, *p, *result[3], delim;
- struct addrinfo hints, *res = NULL;
- unsigned long proto;
-
- j = 0;
- line = strdup((char *)client->line_buffer+strlen("eprt "));
- if (line == NULL) {
- syslog(LOG_ERR, "insufficient memory");
- exit(EX_UNAVAILABLE);
- }
- p = line;
- delim = p[0];
- p++;
-
- memset(result,0, sizeof(result));
- for (i = 0; i < 3; i++) {
- q = strchr(p, delim);
- if (!q || *q != delim)
- goto parsefail;
- *q++ = '\0';
- result[i] = p;
- p = q;
- }
- proto = strtoul(result[0], &p, 10);
- if (!*result[0] || *p)
- goto protounsupp;
+ logmsg(LOG_ERR, "%s exiting on signal %d", __progname, sig);
- memset(&hints, 0, sizeof(hints));
- if (proto != 1) /* 1 == AF_INET - all we support for now */
- goto protounsupp;
- hints.ai_family = AF_INET;
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_flags = AI_NUMERICHOST; /*no DNS*/
- if (getaddrinfo(result[1], result[2], &hints, &res))
- goto parsefail;
- if (res->ai_next)
- goto parsefail;
- if (sizeof(client_listen_sa) < res->ai_addrlen)
- goto parsefail;
- memcpy(&client_listen_sa, res->ai_addr, res->ai_addrlen);
-
- debuglog(1, "client wants us to use %s:%u",
- inet_ntoa(client_listen_sa.sin_addr),
- htons(client_listen_sa.sin_port));
-
- /*
- * Configure our own listen socket and tell the server about it
- */
- new_dataconn(1);
- connection_mode = EPRT_MODE;
-
- debuglog(1, "we want server to use %s:%u",
- inet_ntoa(server->sa.sin_addr),
- ntohs(server_listen_sa.sin_port));
-
- snprintf(tbuf, sizeof(tbuf), "EPRT |%d|%s|%u|\r\n", 1,
- inet_ntoa(server->sa.sin_addr),
- ntohs(server_listen_sa.sin_port));
- debuglog(1, "to server (modified): %s", tbuf);
- sendbuf = tbuf;
- goto out;
-parsefail:
- snprintf(tbuf, sizeof(tbuf),
- "500 Invalid argument; rejected\r\n");
- sendbuf = NULL;
- goto out;
-protounsupp:
- /* we only support AF_INET for now */
- if (proto == 2)
- snprintf(tbuf, sizeof(tbuf),
- "522 Protocol not supported, use (1)\r\n");
- else
- snprintf(tbuf, sizeof(tbuf),
- "501 Protocol not supported\r\n");
- sendbuf = NULL;
-out:
- if (line)
- free(line);
- if (res)
- freeaddrinfo(res);
- if (sendbuf == NULL) {
- debuglog(1, "to client (modified): %s", tbuf);
- i = strlen(tbuf);
- do {
- rv = send(client->fd, tbuf + j, i - j, 0);
- if (rv == -1 && errno != EAGAIN &&
- errno != EINTR)
- break;
- else if (rv != -1)
- j += rv;
- } while (j >= 0 && j < i);
- }
- } else if (!NatMode && (strncasecmp((char *)client->line_buffer,
- "epsv", strlen("epsv")) == 0)) {
-
- /*
- * If we aren't in NAT mode, deal with EPSV.
- * EPSV is a problem - Unlike PASV, the reply from the
- * server contains *only* a port, we can't modify the reply
- * to the client and get the client to connect to us without
- * resorting to using a dynamic rdr rule we have to add in
- * for the reply to this connection, and take away afterwards.
- * so this will wait until we have the right solution for rule
- * additions/deletions in pf.
- *
- * in the meantime we just tell the client we don't do it,
- * and most clients should fall back to using PASV.
- */
-
- snprintf(tbuf, sizeof(tbuf),
- "500 EPSV command not understood\r\n");
- debuglog(1, "to client (modified): %s", tbuf);
- j = 0;
- i = strlen(tbuf);
- do {
- rv = send(client->fd, tbuf + j, i - j, 0);
- if (rv == -1 && errno != EAGAIN && errno != EINTR)
- break;
- else if (rv != -1)
- j += rv;
- } while (j >= 0 && j < i);
- sendbuf = NULL;
- } else if (strncasecmp((char *)client->line_buffer, "port ",
- strlen("port ")) == 0) {
- unsigned int values[6];
- char *tailptr;
-
- debuglog(1, "Got a PORT command");
-
- tailptr = (char *)&client->line_buffer[strlen("port ")];
- values[0] = 0;
-
- i = sscanf(tailptr, "%u,%u,%u,%u,%u,%u", &values[0],
- &values[1], &values[2], &values[3], &values[4],
- &values[5]);
- if (i != 6) {
- syslog(LOG_INFO, "malformed PORT command (%s)",
- client->line_buffer);
- exit(EX_DATAERR);
- }
-
- for (i = 0; i<6; i++) {
- if (values[i] > 255) {
- syslog(LOG_INFO,
- "malformed PORT command (%s)",
- client->line_buffer);
- exit(EX_DATAERR);
- }
- }
-
- client_listen_sa.sin_family = AF_INET;
- client_listen_sa.sin_addr.s_addr = htonl((values[0] << 24) |
- (values[1] << 16) | (values[2] << 8) |
- (values[3] << 0));
-
- client_listen_sa.sin_port = htons((values[4] << 8) |
- values[5]);
- debuglog(1, "client wants us to use %u.%u.%u.%u:%u",
- values[0], values[1], values[2], values[3],
- (values[4] << 8) | values[5]);
-
- /*
- * Configure our own listen socket and tell the server about it
- */
- new_dataconn(1);
- connection_mode = PORT_MODE;
-
- debuglog(1, "we want server to use %s:%u",
- inet_ntoa(server->sa.sin_addr),
- ntohs(server_listen_sa.sin_port));
-
- snprintf(tbuf, sizeof(tbuf), "PORT %u,%u,%u,%u,%u,%u\r\n",
- ((u_char *)&server->sa.sin_addr.s_addr)[0],
- ((u_char *)&server->sa.sin_addr.s_addr)[1],
- ((u_char *)&server->sa.sin_addr.s_addr)[2],
- ((u_char *)&server->sa.sin_addr.s_addr)[3],
- ((u_char *)&server_listen_sa.sin_port)[0],
- ((u_char *)&server_listen_sa.sin_port)[1]);
-
- debuglog(1, "to server (modified): %s", tbuf);
-
- sendbuf = tbuf;
- } else
- sendbuf = (char *)client->line_buffer;
+ exit_daemon();
+}
+
- /*
- *send our (possibly modified) control command in sendbuf
- * on it's way to the server
- */
- if (sendbuf != NULL) {
- j = 0;
- i = strlen(sendbuf);
- do {
- rv = send(server->fd, sendbuf + j, i - j, 0);
- if (rv == -1 && errno != EAGAIN && errno != EINTR)
- break;
- else if (rv != -1)
- j += rv;
- } while (j >= 0 && j < i);
- }
+struct session *
+init_session(void)
+{
+ struct session *s;
+
+ s = calloc(1, sizeof(struct session));
+ if (s == NULL)
+ return (NULL);
+
+ s->id = id_count++;
+ s->client_fd = -1;
+ s->server_fd = -1;
+ s->cbuf[0] = '\0';
+ s->cbuf_valid = 0;
+ s->sbuf[0] = '\0';
+ s->sbuf_valid = 0;
+ s->client_bufev = NULL;
+ s->server_bufev = NULL;
+ s->cmd = CMD_NONE;
+ s->port = 0;
+
+ LIST_INSERT_HEAD(&sessions, s, entry);
+ session_count++;
+
+ return (s);
}
void
-do_server_reply(struct csiob *server, struct csiob *client)
+logmsg(int pri, const char *message, ...)
{
- int code, i, j, rv;
- struct in_addr *iap;
- static int continuing = 0;
- char tbuf[100], *sendbuf, *p;
-
- log_control_command((char *)server->line_buffer, 0);
-
- if (strlen((char *)server->line_buffer) > 512) {
- /*
- * someone's playing games. Have a cow in the syslogs and
- * exit - we don't pass this on for fear of hurting
- * our other end, which might be poorly implemented.
- */
- syslog(LOG_NOTICE, "long FTP control reply");
- exit(EX_DATAERR);
- }
+ va_list ap;
- /*
- * Watch out for "227 Entering Passive Mode ..." replies
- */
- code = strtol((char *)server->line_buffer, &p, 10);
- if (isspace(server->line_buffer[0]))
- code = 0;
- if (!*(server->line_buffer) || (*p != ' ' && *p != '-')) {
- if (continuing)
- goto sendit;
- syslog(LOG_INFO, "malformed control reply");
- exit(EX_DATAERR);
- }
- if (code <= 0 || code > 999) {
- if (continuing)
- goto sendit;
- syslog(LOG_INFO, "invalid server reply code %d", code);
- exit(EX_DATAERR);
- }
- if (*p == '-')
- continuing = 1;
- else
- continuing = 0;
- if (code == 227 && !NatMode) {
- unsigned int values[6];
- char *tailptr;
-
- debuglog(1, "Got a PASV reply");
- debuglog(1, "{%s}", (char *)server->line_buffer);
-
- tailptr = (char *)strchr((char *)server->line_buffer, '(');
- if (tailptr == NULL) {
- tailptr = strrchr((char *)server->line_buffer, ' ');
- if (tailptr == NULL) {
- syslog(LOG_NOTICE, "malformed 227 reply");
- exit(EX_DATAERR);
- }
- }
- tailptr++; /* skip past space or ( */
+ if (pri > loglevel)
+ return;
- values[0] = 0;
+ va_start(ap, message);
- i = sscanf(tailptr, "%u,%u,%u,%u,%u,%u", &values[0],
- &values[1], &values[2], &values[3], &values[4],
- &values[5]);
- if (i != 6) {
- syslog(LOG_INFO, "malformed PASV reply (%s)",
- client->line_buffer);
- exit(EX_DATAERR);
- }
- for (i = 0; i<6; i++)
- if (values[i] > 255) {
- syslog(LOG_INFO, "malformed PASV reply(%s)",
- client->line_buffer);
- exit(EX_DATAERR);
- }
+ if (daemonize)
+ /* syslog does its own vissing. */
+ vsyslog(pri, message, ap);
+ else {
+ char buf[MAX_LOGLINE];
+ char visbuf[2 * MAX_LOGLINE];
- server_listen_sa.sin_family = AF_INET;
- server_listen_sa.sin_addr.s_addr = htonl((values[0] << 24) |
- (values[1] << 16) | (values[2] << 8) | (values[3] << 0));
- server_listen_sa.sin_port = htons((values[4] << 8) |
- values[5]);
-
- debuglog(1, "server wants us to use %s:%u",
- inet_ntoa(server_listen_sa.sin_addr), (values[4] << 8) |
- values[5]);
-
- new_dataconn(0);
- connection_mode = PASV_MODE;
- if (ReverseMode)
- iap = &(proxy_sa.sin_addr);
- else
- iap = &(server->sa.sin_addr);
-
- debuglog(1, "we want client to use %s:%u", inet_ntoa(*iap),
- htons(client_listen_sa.sin_port));
-
- snprintf(tbuf, sizeof(tbuf),
- "227 Entering Passive Mode (%u,%u,%u,%u,%u,%u)\r\n",
- ((u_char *)iap)[0], ((u_char *)iap)[1],
- ((u_char *)iap)[2], ((u_char *)iap)[3],
- ((u_char *)&client_listen_sa.sin_port)[0],
- ((u_char *)&client_listen_sa.sin_port)[1]);
- debuglog(1, "to client (modified): %s", tbuf);
- sendbuf = tbuf;
- } else {
- sendit:
- sendbuf = (char *)server->line_buffer;
+ /* We don't care about truncation. */
+ vsnprintf(buf, sizeof buf, message, ap);
+ strnvis(visbuf, buf, sizeof visbuf, VIS_CSTYLE | VIS_NL);
+ fprintf(stderr, "%s\n", visbuf);
}
- /*
- * send our (possibly modified) control command in sendbuf
- * on it's way to the client
- */
- j = 0;
- i = strlen(sendbuf);
- do {
- rv = send(client->fd, sendbuf + j, i - j, 0);
- if (rv == -1 && errno != EAGAIN && errno != EINTR)
- break;
- else if (rv != -1)
- j += rv;
- } while (j >= 0 && j < i);
-
+ va_end(ap);
}
int
main(int argc, char *argv[])
{
- struct csiob client_iob, server_iob;
- struct sigaction new_sa, old_sa;
- int sval, ch, flags, i;
- socklen_t salen;
- int one = 1;
- long timeout_seconds = 0;
- struct timeval tv;
-#ifdef LIBWRAP
- int use_tcpwrapper = 0;
-#endif /* LIBWRAP */
-
- while ((ch = getopt(argc, argv, "a:D:g:m:M:R:S:t:u:AnVwr")) != -1) {
- char *p;
+ struct rlimit rlp;
+ struct addrinfo hints, *res;
+ struct event ev, ev_sighup, ev_sigint, ev_sigterm;
+ int ch, error, listenfd, on;
+ const char *errstr;
+
+ /* Defaults. */
+ anonymous_only = 0;
+ daemonize = 1;
+ fixed_proxy = NULL;
+ fixed_server = NULL;
+ fixed_server_port = "21";
+ ipv6_mode = 0;
+ listen_ip = NULL;
+ listen_port = "8021";
+ loglevel = LOG_NOTICE;
+ max_sessions = 100;
+ qname = NULL;
+ rfc_mode = 0;
+ timeout = 24 * 3600;
+ verbose = 0;
+
+ /* Other initialization. */
+ id_count = 1;
+ session_count = 0;
+
+ while ((ch = getopt(argc, argv, "6Aa:b:D:dm:P:p:q:R:rt:v")) != -1) {
switch (ch) {
- case 'a':
- if (!*optarg)
- usage();
- if ((Bind_Addr = inet_addr(optarg)) == INADDR_NONE) {
- syslog(LOG_NOTICE,
- "%s: invalid address", optarg);
- usage();
- }
+ case '6':
+ ipv6_mode = 1;
break;
case 'A':
- AnonFtpOnly = 1; /* restrict to anon usernames only */
+ anonymous_only = 1;
+ break;
+ case 'a':
+ fixed_proxy = optarg;
+ break;
+ case 'b':
+ listen_ip = optarg;
break;
case 'D':
- Debug_Level = strtol(optarg, &p, 10);
- if (!*optarg || *p)
- usage();
+ loglevel = strtonum(optarg, LOG_EMERG, LOG_DEBUG,
+ &errstr);
+ if (errstr)
+ errx(1, "loglevel %s", errstr);
break;
- case 'g':
- Group = optarg;
+ case 'd':
+ daemonize = 0;
break;
case 'm':
- min_port = strtol(optarg, &p, 10);
- if (!*optarg || *p)
- usage();
- if (min_port < 0 || min_port > USHRT_MAX)
- usage();
+ max_sessions = strtonum(optarg, 1, 500, &errstr);
+ if (errstr)
+ errx(1, "max sessions %s", errstr);
break;
- case 'M':
- max_port = strtol(optarg, &p, 10);
- if (!*optarg || *p)
- usage();
- if (max_port < 0 || max_port > USHRT_MAX)
- usage();
+ case 'P':
+ fixed_server_port = optarg;
break;
- case 'n':
- NatMode = 1; /* pass all passives, we're using NAT */
+ case 'p':
+ listen_port = optarg;
break;
- case 'r':
- Use_Rdns = 1; /* look up hostnames */
+ case 'q':
+ if (strlen(optarg) >= PF_QNAME_SIZE)
+ errx(1, "queuename too long");
+ qname = optarg;
break;
- case 'R': {
- char *s, *t;
-
- if (!*optarg)
- usage();
- if ((s = strdup(optarg)) == NULL) {
- syslog (LOG_NOTICE,
- "Insufficient memory (malloc failed)");
- exit(EX_UNAVAILABLE);
- }
- memset(&real_server_sa, 0, sizeof(real_server_sa));
- real_server_sa.sin_len = sizeof(struct sockaddr_in);
- real_server_sa.sin_family = AF_INET;
- t = strchr(s, ':');
- if (t == NULL)
- real_server_sa.sin_port = htons(21);
- else {
- long port = strtol(t + 1, &p, 10);
-
- if (*p || port <= 0 || port > 65535)
- usage();
- real_server_sa.sin_port = htons(port);
- *t = 0;
- }
- real_server_sa.sin_addr.s_addr = inet_addr(s);
- if (real_server_sa.sin_addr.s_addr == INADDR_NONE)
- usage();
- free(s);
- ReverseMode = 1;
+ case 'R':
+ fixed_server = optarg;
break;
- }
- case 'S':
- if (!inet_aton(optarg, &src_addr))
- usage();
+ case 'r':
+ rfc_mode = 1;
break;
case 't':
- timeout_seconds = strtol(optarg, &p, 10);
- if (!*optarg || *p)
- usage();
- break;
- case 'u':
- User = optarg;
+ timeout = strtonum(optarg, 0, 86400, &errstr);
+ if (errstr)
+ errx(1, "timeout %s", errstr);
break;
- case 'V':
- Verbose = 1;
- break;
-#ifdef LIBWRAP
- case 'w':
- use_tcpwrapper = 1; /* do the libwrap thing */
+ case 'v':
+ verbose++;
+ if (verbose > 2)
+ usage();
break;
-#endif /* LIBWRAP */
default:
usage();
- /* NOTREACHED */
}
}
- argc -= optind;
- argv += optind;
- if (max_port < min_port)
- usage();
+ if (listen_ip == NULL)
+ listen_ip = ipv6_mode ? "::1" : "127.0.0.1";
- openlog(__progname, LOG_NDELAY|LOG_PID, LOG_DAEMON);
+ /* Check for root to save the user from cryptic failure messages. */
+ if (getuid() != 0)
+ errx(1, "needs to start as root");
- setlinebuf(stdout);
- setlinebuf(stderr);
+ /* Raise max. open files limit to satisfy max. sessions. */
+ rlp.rlim_cur = rlp.rlim_max = (2 * max_sessions) + 10;
+ if (setrlimit(RLIMIT_NOFILE, &rlp) == -1)
+ err(1, "setrlimit");
- memset(&client_iob, 0, sizeof(client_iob));
- memset(&server_iob, 0, sizeof(server_iob));
-
- if (get_proxy_env(0, &real_server_sa, &client_iob.sa,
- &proxy_sa) == -1)
- exit(EX_PROTOCOL);
+ if (fixed_proxy) {
+ memset(&hints, 0, sizeof hints);
+ hints.ai_flags = AI_NUMERICHOST;
+ hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET;
+ hints.ai_socktype = SOCK_STREAM;
+ error = getaddrinfo(fixed_proxy, NULL, &hints, &res);
+ if (error)
+ errx(1, "getaddrinfo fixed proxy address failed: %s",
+ gai_strerror(error));
+ memcpy(&fixed_proxy_ss, res->ai_addr, res->ai_addrlen);
+ logmsg(LOG_INFO, "using %s to connect to servers",
+ sock_ntop(sstosa(&fixed_proxy_ss)));
+ freeaddrinfo(res);
+ }
- /*
- * We may now drop root privs, as we have done our ioctl for
- * pf. If we do drop root, we can't make backchannel connections
- * for PORT and EPRT come from port 20, which is not strictly
- * RFC compliant. This shouldn't cause problems for all but
- * the stupidest ftp clients and the stupidest packet filters.
- */
- drop_privs();
+ if (fixed_server) {
+ memset(&hints, 0, sizeof hints);
+ hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET;
+ hints.ai_socktype = SOCK_STREAM;
+ error = getaddrinfo(fixed_server, fixed_server_port, &hints,
+ &res);
+ if (error)
+ errx(1, "getaddrinfo fixed server address failed: %s",
+ gai_strerror(error));
+ memcpy(&fixed_server_ss, res->ai_addr, res->ai_addrlen);
+ logmsg(LOG_INFO, "using fixed server %s",
+ sock_ntop(sstosa(&fixed_server_ss)));
+ freeaddrinfo(res);
+ }
- /*
- * We check_host after get_proxy_env so that checks are done
- * against the original destination endpoint, not the endpoint
- * of our side of the rdr. This allows the use of tcpwrapper
- * rules to restrict destinations as well as sources of connections
- * for ftp.
- */
- if (Use_Rdns)
- flags = 0;
- else
- flags = NI_NUMERICHOST | NI_NUMERICSERV;
+ /* Setup listener. */
+ memset(&hints, 0, sizeof hints);
+ hints.ai_flags = AI_NUMERICHOST | AI_PASSIVE;
+ hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET;
+ hints.ai_socktype = SOCK_STREAM;
+ error = getaddrinfo(listen_ip, listen_port, &hints, &res);
+ if (error)
+ errx(1, "getaddrinfo listen address failed: %s",
+ gai_strerror(error));
+ if ((listenfd = socket(res->ai_family, SOCK_STREAM, IPPROTO_TCP)) == -1)
+ errx(1, "socket failed");
+ on = 1;
+ if (setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
+ sizeof on) != 0)
+ err(1, "setsockopt failed");
+ if (bind(listenfd, (struct sockaddr *)res->ai_addr,
+ (socklen_t)res->ai_addrlen) != 0)
+ err(1, "bind failed");
+ if (listen(listenfd, TCP_BACKLOG) != 0)
+ err(1, "listen failed");
+ freeaddrinfo(res);
+
+ /* Initialize pf. */
+ init_filter(qname, verbose);
+
+ if (daemonize) {
+ if (daemon(0, 0) == -1)
+ err(1, "cannot daemonize");
+ openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
+ }
- i = getnameinfo((struct sockaddr *)&client_iob.sa,
- sizeof(client_iob.sa), ClientName, sizeof(ClientName), NULL, 0,
- flags);
+ /* Use logmsg for output from here on. */
- if (i != 0 && i != EAI_NONAME && i != EAI_AGAIN) {
- debuglog(2, "name resolution failure (client)");
- exit(EX_OSERR);
+ if (!drop_privs()) {
+ logmsg(LOG_ERR, "cannot drop privileges: %s", strerror(errno));
+ exit(1);
}
+
+ event_init();
- i = getnameinfo((struct sockaddr *)&real_server_sa,
- sizeof(real_server_sa), RealServerName, sizeof(RealServerName),
- NULL, 0, flags);
+ /* Setup signal handler. */
+ signal(SIGPIPE, SIG_IGN);
+ signal_set(&ev_sighup, SIGHUP, handle_signal, NULL);
+ signal_set(&ev_sigint, SIGINT, handle_signal, NULL);
+ signal_set(&ev_sigterm, SIGTERM, handle_signal, NULL);
+ signal_add(&ev_sighup, NULL);
+ signal_add(&ev_sigint, NULL);
+ signal_add(&ev_sigterm, NULL);
- if (i != 0 && i != EAI_NONAME && i != EAI_AGAIN) {
- debuglog(2, "name resolution failure (server)");
- exit(EX_OSERR);
- }
+ event_set(&ev, listenfd, EV_READ | EV_PERSIST, handle_connection, &ev);
+ event_add(&ev, NULL);
-#ifdef LIBWRAP
- if (use_tcpwrapper && !check_host(&client_iob.sa, &real_server_sa))
- exit(EX_NOPERM);
-#endif
+ logmsg(LOG_NOTICE, "listening on %s port %s", listen_ip, listen_port);
- client_iob.fd = 0;
+ /* Vroom, vroom. */
+ event_dispatch();
- syslog(LOG_INFO, "accepted connection from %s:%u to %s:%u", ClientName,
- ntohs(client_iob.sa.sin_port), RealServerName,
- ntohs(real_server_sa.sin_port));
+ logmsg(LOG_ERR, "event_dispatch error: %s", strerror(errno));
+ exit_daemon();
- server_iob.fd = get_backchannel_socket(SOCK_STREAM, min_port, max_port,
- -1, 1, &server_iob.sa);
+ /* NOTREACHED */
+ return (1);
+}
- if (connect(server_iob.fd, (struct sockaddr *)&real_server_sa,
- sizeof(real_server_sa)) != 0) {
- syslog(LOG_INFO, "cannot connect to %s:%u (%m)", RealServerName,
- ntohs(real_server_sa.sin_port));
- exit(EX_NOHOST);
+u_int16_t
+parse_port(int mode)
+{
+ unsigned int port, v[6];
+ int n;
+ char *p;
+
+ /* Find the last space or left-parenthesis. */
+ for (p = linebuf + linelen; p > linebuf; p--)
+ if (*p == ' ' || *p == '(')
+ break;
+ if (p == linebuf)
+ return (0);
+
+ switch (mode) {
+ case CMD_PORT:
+ n = sscanf(p, " %u,%u,%u,%u,%u,%u", &v[0], &v[1], &v[2],
+ &v[3], &v[4], &v[5]);
+ if (n == 6 && v[0] < 256 && v[1] < 256 && v[2] < 256 &&
+ v[3] < 256 && v[4] < 256 && v[5] < 256)
+ return ((v[4] << 8) | v[5]);
+ break;
+ case CMD_PASV:
+ n = sscanf(p, "(%u,%u,%u,%u,%u,%u)", &v[0], &v[1], &v[2],
+ &v[3], &v[4], &v[5]);
+ if (n == 6 && v[0] < 256 && v[1] < 256 && v[2] < 256 &&
+ v[3] < 256 && v[4] < 256 && v[5] < 256)
+ return ((v[4] << 8) | v[5]);
+ break;
+ case CMD_EPSV:
+ n = sscanf(p, "(|||%u|)", &port);
+ if (n == 1 && port < 65536)
+ return (port);
+ break;
+ case CMD_EPRT:
+ n = sscanf(p, " |1|%u.%u.%u.%u|%u|", &v[0], &v[1], &v[2],
+ &v[3], &port);
+ if (n == 5 && v[0] < 256 && v[1] < 256 && v[2] < 256 &&
+ v[3] < 256 && port < 65536)
+ return (port);
+ n = sscanf(p, " |2|%*[a-fA-F0-9:]|%u|", &port);
+ if (n == 1 && port < 65536)
+ return (port);
+ break;
+ default:
+ return (0);
}
- /*
- * Now that we are connected to the real server, get the name
- * of our end of the server socket so we know our IP address
- * from the real server's perspective.
- */
- salen = sizeof(server_iob.sa);
- getsockname(server_iob.fd, (struct sockaddr *)&server_iob.sa, &salen);
+ return (0);
+}
- i = getnameinfo((struct sockaddr *)&server_iob.sa,
- sizeof(server_iob.sa), OurName, sizeof(OurName), NULL, 0, flags);
+u_int16_t
+pick_proxy_port(void)
+{
+ /* Random should be good enough for avoiding port collisions. */
+ return (IPPORT_HIFIRSTAUTO + (arc4random() %
+ (IPPORT_HILASTAUTO - IPPORT_HIFIRSTAUTO)));
+}
- if (i != 0 && i != EAI_NONAME && i != EAI_AGAIN) {
- debuglog(2, "name resolution failure (local)");
- exit(EX_OSERR);
+void
+proxy_reply(int cmd, struct sockaddr *sa, u_int16_t port)
+{
+ int i, r;
+
+ switch (cmd) {
+ case CMD_PORT:
+ r = snprintf(linebuf, sizeof linebuf,
+ "PORT %s,%u,%u\r\n", sock_ntop(sa), port / 256,
+ port % 256);
+ break;
+ case CMD_PASV:
+ r = snprintf(linebuf, sizeof linebuf,
+ "227 Entering Passive Mode (%s,%u,%u)\r\n", sock_ntop(sa),
+ port / 256, port % 256);
+ break;
+ case CMD_EPRT:
+ if (sa->sa_family == AF_INET)
+ r = snprintf(linebuf, sizeof linebuf,
+ "EPRT |1|%s|%u|\r\n", sock_ntop(sa), port);
+ else if (sa->sa_family == AF_INET6)
+ r = snprintf(linebuf, sizeof linebuf,
+ "EPRT |2|%s|%u|\r\n", sock_ntop(sa), port);
+ break;
+ case CMD_EPSV:
+ r = snprintf(linebuf, sizeof linebuf,
+ "229 Entering Extended Passive Mode (|||%u|)\r\n", port);
+ break;
}
- debuglog(1, "local socket is %s:%u", OurName,
- ntohs(server_iob.sa.sin_port));
-
- /* ignore SIGPIPE */
- bzero(&new_sa, sizeof(new_sa));
- new_sa.sa_handler = SIG_IGN;
- (void)sigemptyset(&new_sa.sa_mask);
- new_sa.sa_flags = SA_RESTART;
- if (sigaction(SIGPIPE, &new_sa, &old_sa) != 0) {
- syslog(LOG_ERR, "sigaction() failed (%m)");
- exit(EX_OSERR);
+ if (r < 0 || r >= sizeof linebuf) {
+ logmsg(LOG_ERR, "proxy_reply failed: %d", r);
+ linebuf[0] = '\0';
+ linelen = 0;
+ return;
}
+ linelen = (size_t)r;
- if (setsockopt(client_iob.fd, SOL_SOCKET, SO_OOBINLINE, (char *)&one,
- sizeof(one)) == -1) {
- syslog(LOG_NOTICE, "cannot set SO_OOBINLINE (%m)");
- exit(EX_OSERR);
+ if (cmd == CMD_PORT || cmd == CMD_PASV) {
+ /* Replace dots in IP address with commas. */
+ for (i = 0; i < linelen; i++)
+ if (linebuf[i] == '.')
+ linebuf[i] = ',';
}
+}
- client_iob.line_buffer_size = STARTBUFSIZE;
- client_iob.line_buffer = malloc(client_iob.line_buffer_size);
- client_iob.io_buffer_size = STARTBUFSIZE;
- client_iob.io_buffer = malloc(client_iob.io_buffer_size);
- client_iob.next_byte = 0;
- client_iob.io_buffer_len = 0;
- client_iob.alive = 1;
- client_iob.who = "client";
- client_iob.send_oob_flags = 0;
- client_iob.real_sa = client_iob.sa;
-
- server_iob.line_buffer_size = STARTBUFSIZE;
- server_iob.line_buffer = malloc(server_iob.line_buffer_size);
- server_iob.io_buffer_size = STARTBUFSIZE;
- server_iob.io_buffer = malloc(server_iob.io_buffer_size);
- server_iob.next_byte = 0;
- server_iob.io_buffer_len = 0;
- server_iob.alive = 1;
- server_iob.who = "server";
- server_iob.send_oob_flags = MSG_OOB;
- server_iob.real_sa = real_server_sa;
-
- if (client_iob.line_buffer == NULL || client_iob.io_buffer == NULL ||
- server_iob.line_buffer == NULL || server_iob.io_buffer == NULL) {
- syslog (LOG_NOTICE, "insufficient memory");
- exit(EX_UNAVAILABLE);
- }
+void
+server_error(struct bufferevent *bufev, short what, void *arg)
+{
+ struct session *s = arg;
+
+ if (what & EVBUFFER_EOF)
+ logmsg(LOG_INFO, "#%d server close", s->id);
+ else if (what == (EVBUFFER_ERROR | EVBUFFER_READ))
+ logmsg(LOG_ERR, "#%d server refused connection", s->id);
+ else if (what & EVBUFFER_WRITE)
+ logmsg(LOG_ERR, "#%d server write error: %d", s->id, what);
+ else if (what & EVBUFFER_TIMEOUT)
+ logmsg(LOG_NOTICE, "#%d server timeout", s->id);
+ else
+ logmsg(LOG_ERR, "#%d abnormal server error: %d", s->id, what);
+
+ end_session(s);
+}
- while (client_iob.alive || server_iob.alive) {
- int maxfd = 0;
- fd_set *fdsp;
-
- if (client_iob.fd > maxfd)
- maxfd = client_iob.fd;
- if (client_listen_socket > maxfd)
- maxfd = client_listen_socket;
- if (client_data_socket > maxfd)
- maxfd = client_data_socket;
- if (server_iob.fd > maxfd)
- maxfd = server_iob.fd;
- if (server_listen_socket > maxfd)
- maxfd = server_listen_socket;
- if (server_data_socket > maxfd)
- maxfd = server_data_socket;
-
- debuglog(3, "client is %s; server is %s",
- client_iob.alive ? "alive" : "dead",
- server_iob.alive ? "alive" : "dead");
-
- fdsp = (fd_set *)calloc(howmany(maxfd + 1, NFDBITS),
- sizeof(fd_mask));
- if (fdsp == NULL) {
- syslog(LOG_NOTICE, "insufficient memory");
- exit(EX_UNAVAILABLE);
+int
+server_parse(struct session *s)
+{
+ struct sockaddr *client_sa, *orig_sa, *proxy_sa, *server_sa;
+ int prepared = 0;
+
+ if (s->cmd == CMD_NONE || linelen < 4 || linebuf[0] != '2')
+ goto out;
+
+ /*
+ * The pf rules below do quite some NAT rewriting, to keep up
+ * appearances. Points to keep in mind:
+ * 1) The client must think it's talking to the real server,
+ * for both control and data connections. Transparently.
+ * 2) The server must think that the proxy is the client.
+ * 3) Source and destination ports are rewritten to minimize
+ * port collisions, to aid security (some systems pick weak
+ * ports) or to satisfy RFC requirements (source port 20).
+ */
+
+ /* Cast this once, to make code below it more readable. */
+ client_sa = sstosa(&s->client_ss);
+ server_sa = sstosa(&s->server_ss);
+ proxy_sa = sstosa(&s->proxy_ss);
+ if (fixed_server)
+ /* Fixed server: data connections must appear to come
+ from / go to the original server, not the fixed one. */
+ orig_sa = sstosa(&s->orig_server_ss);
+ else
+ /* Server not fixed: orig_server == server. */
+ orig_sa = sstosa(&s->server_ss);
+
+ /* Passive modes. */
+ if ((s->cmd == CMD_PASV && strncmp("227 ", linebuf, 4) == 0) ||
+ (s->cmd == CMD_EPSV && strncmp("229 ", linebuf, 4) == 0)) {
+ s->port = parse_port(s->cmd);
+ if (s->port < MIN_PORT) {
+ logmsg(LOG_CRIT, "#%d bad port in '%s'", s->id,
+ linebuf);
+ return (0);
}
+ s->proxy_port = pick_proxy_port();
+ logmsg(LOG_INFO, "#%d passive: client to server port %d"
+ " via port %d", s->id, s->port, s->proxy_port);
+
+ if (prepare_commit(s->id) == -1)
+ goto fail;
+ prepared = 1;
+
+ proxy_reply(s->cmd, orig_sa, s->proxy_port);
+ logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);
+
+ /* rdr from $client to $orig_server port $proxy_port -> $server
+ port $port */
+ if (add_rdr(s->id, client_sa, orig_sa, s->proxy_port,
+ server_sa, s->port) == -1)
+ goto fail;
+
+ /* nat from $client to $server port $port -> $proxy */
+ if (add_nat(s->id, client_sa, server_sa, s->port, proxy_sa,
+ PF_NAT_PROXY_PORT_LOW, PF_NAT_PROXY_PORT_HIGH) == -1)
+ goto fail;
+
+ /* pass in from $client to $server port $port */
+ if (add_filter(s->id, PF_IN, client_sa, server_sa,
+ s->port) == -1)
+ goto fail;
+
+ /* pass out from $proxy to $server port $port */
+ if (add_filter(s->id, PF_OUT, proxy_sa, server_sa,
+ s->port) == -1)
+ goto fail;
+ }
- if (client_iob.alive && telnet_getline(&client_iob,
- &server_iob)) {
- debuglog(3, "client line buffer is \"%s\"",
- (char *)client_iob.line_buffer);
- if (client_iob.line_buffer[0] != '\0')
- do_client_cmd(&client_iob, &server_iob);
- } else if (server_iob.alive && telnet_getline(&server_iob,
- &client_iob)) {
- debuglog(3, "server line buffer is \"%s\"",
- (char *)server_iob.line_buffer);
- if (server_iob.line_buffer[0] != '\0')
- do_server_reply(&server_iob, &client_iob);
+ /* Active modes. */
+ if ((s->cmd == CMD_PORT || s->cmd == CMD_EPRT) &&
+ strncmp("200 ", linebuf, 4) == 0) {
+ logmsg(LOG_INFO, "#%d active: server to client port %d"
+ " via port %d", s->id, s->port, s->proxy_port);
+
+ if (prepare_commit(s->id) == -1)
+ goto fail;
+ prepared = 1;
+
+ /* rdr from $server to $proxy port $proxy_port -> $client port
+ $port */
+ if (add_rdr(s->id, server_sa, proxy_sa, s->proxy_port,
+ client_sa, s->port) == -1)
+ goto fail;
+
+ /* nat from $server to $client port $port -> $orig_server port
+ $natport */
+ if (rfc_mode && s->cmd == CMD_PORT) {
+ /* Rewrite sourceport to RFC mandated 20. */
+ if (add_nat(s->id, server_sa, client_sa, s->port,
+ orig_sa, 20, 20) == -1)
+ goto fail;
} else {
- if (client_iob.alive) {
- FD_SET(client_iob.fd, fdsp);
- if (client_listen_socket >= 0)
- FD_SET(client_listen_socket, fdsp);
- if (client_data_socket >= 0)
- FD_SET(client_data_socket, fdsp);
- }
- if (server_iob.alive) {
- FD_SET(server_iob.fd, fdsp);
- if (server_listen_socket >= 0)
- FD_SET(server_listen_socket, fdsp);
- if (server_data_socket >= 0)
- FD_SET(server_data_socket, fdsp);
- }
- tv.tv_sec = timeout_seconds;
- tv.tv_usec = 0;
-
- doselect:
- sval = select(maxfd + 1, fdsp, NULL, NULL,
- (tv.tv_sec == 0) ? NULL : &tv);
- if (sval == 0) {
- /*
- * This proxy has timed out. Expire it
- * quietly with an obituary in the syslogs
- * for any passing mourners.
- */
- syslog(LOG_INFO,
- "timeout: no data for %ld seconds",
- timeout_seconds);
- exit(EX_OK);
- }
- if (sval == -1) {
- if (errno == EINTR || errno == EAGAIN)
- goto doselect;
- syslog(LOG_NOTICE,
- "select() failed (%m)");
- exit(EX_OSERR);
- }
- if (client_data_socket >= 0 &&
- FD_ISSET(client_data_socket, fdsp)) {
- int rval;
-
- debuglog(3, "transfer: client to server");
- rval = xfer_data("client to server",
- client_data_socket,
- server_data_socket,
- client_iob.sa.sin_addr,
- real_server_sa.sin_addr);
- if (rval <= 0) {
- close_client_data();
- close_server_data();
- show_xfer_stats();
- } else
- client_data_bytes += rval;
- }
- if (server_data_socket >= 0 &&
- FD_ISSET(server_data_socket, fdsp)) {
- int rval;
-
- debuglog(3, "transfer: server to client");
- rval = xfer_data("server to client",
- server_data_socket,
- client_data_socket,
- real_server_sa.sin_addr,
- client_iob.sa.sin_addr);
- if (rval <= 0) {
- close_client_data();
- close_server_data();
- show_xfer_stats();
- } else
- server_data_bytes += rval;
- }
- if (server_listen_socket >= 0 &&
- FD_ISSET(server_listen_socket, fdsp)) {
- connect_port_backchannel();
- }
- if (client_listen_socket >= 0 &&
- FD_ISSET(client_listen_socket, fdsp)) {
- connect_pasv_backchannel();
- }
- if (client_iob.alive &&
- FD_ISSET(client_iob.fd, fdsp)) {
- client_iob.data_available = 1;
- }
- if (server_iob.alive &&
- FD_ISSET(server_iob.fd, fdsp)) {
- server_iob.data_available = 1;
- }
+ /* Let pf pick a source port from the standard range. */
+ if (add_nat(s->id, server_sa, client_sa, s->port,
+ orig_sa, PF_NAT_PROXY_PORT_LOW,
+ PF_NAT_PROXY_PORT_HIGH) == -1)
+ goto fail;
}
- free(fdsp);
- if (client_iob.got_eof) {
- shutdown(server_iob.fd, 1);
- shutdown(client_iob.fd, 0);
- client_iob.got_eof = 0;
- client_iob.alive = 0;
+
+ /* pass in from $server to $client port $port */
+ if (add_filter(s->id, PF_IN, server_sa, client_sa, s->port) ==
+ -1)
+ goto fail;
+
+ /* pass out from $orig_server to $client port $port */
+ if (add_filter(s->id, PF_OUT, orig_sa, client_sa, s->port) ==
+ -1)
+ goto fail;
+ }
+
+ /* Commit rules if they were prepared. */
+ if (prepared && (do_commit() == -1)) {
+ if (errno != EBUSY)
+ goto fail;
+ /* One more try if busy. */
+ usleep(5000);
+ if (do_commit() == -1)
+ goto fail;
+ }
+
+ out:
+ s->cmd = CMD_NONE;
+ s->port = 0;
+
+ return (1);
+
+ fail:
+ logmsg(LOG_CRIT, "#%d pf operation failed: %s", s->id, strerror(errno));
+ if (prepared)
+ do_rollback();
+ return (0);
+}
+
+void
+server_read(struct bufferevent *bufev, void *arg)
+{
+ struct session *s = arg;
+ size_t buf_avail, read;
+ int n;
+
+ bufferevent_settimeout(bufev, timeout, 0);
+
+ do {
+ buf_avail = sizeof s->sbuf - s->sbuf_valid;
+ read = bufferevent_read(bufev, s->sbuf + s->sbuf_valid,
+ buf_avail);
+ s->sbuf_valid += read;
+
+ while ((n = getline(s->sbuf, &s->sbuf_valid)) > 0) {
+ logmsg(LOG_DEBUG, "#%d server: %s", s->id, linebuf);
+ if (!server_parse(s)) {
+ end_session(s);
+ return;
+ }
+ bufferevent_write(s->client_bufev, linebuf, linelen);
}
- if (server_iob.got_eof) {
- shutdown(client_iob.fd, 1);
- shutdown(server_iob.fd, 0);
- server_iob.got_eof = 0;
- server_iob.alive = 0;
+
+ if (n == -1) {
+ logmsg(LOG_ERR, "#%d server reply too long or not"
+ " clean", s->id);
+ end_session(s);
+ return;
}
+ } while (read == buf_avail);
+}
+
+const char *
+sock_ntop(struct sockaddr *sa)
+{
+ static int n = 0;
+
+ /* Cycle to next buffer. */
+ n = (n + 1) % NTOP_BUFS;
+ ntop_buf[n][0] = '\0';
+
+ if (sa->sa_family == AF_INET) {
+ struct sockaddr_in *sin = (struct sockaddr_in *)sa;
+
+ return (inet_ntop(AF_INET, &sin->sin_addr, ntop_buf[n],
+ sizeof ntop_buf[0]));
+ }
+
+ if (sa->sa_family == AF_INET6) {
+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+
+ return (inet_ntop(AF_INET6, &sin6->sin6_addr, ntop_buf[n],
+ sizeof ntop_buf[0]));
}
- if (Verbose)
- syslog(LOG_INFO, "session ended");
+ return (NULL);
+}
- exit(EX_OK);
+void
+usage(void)
+{
+ fprintf(stderr, "usage: %s [-6Adrv] [-a address] [-b address]"
+ " [-D level] [-m maxsessions]\n [-P port]"
+ " [-p port] [-q queue] [-R address] [-t timeout]\n", __progname);
+ exit(1);
}
OpenPOWER on IntegriCloud