diff options
Diffstat (limited to 'FWTK/ftp-gw.diff')
-rw-r--r-- | FWTK/ftp-gw.diff | 232 |
1 files changed, 232 insertions, 0 deletions
diff --git a/FWTK/ftp-gw.diff b/FWTK/ftp-gw.diff new file mode 100644 index 0000000..be61342 --- /dev/null +++ b/FWTK/ftp-gw.diff @@ -0,0 +1,232 @@ +*** ftp-gw.c.orig Sun Jun 22 16:27:42 1997 +--- ftp-gw.c Sun Jun 22 17:02:16 1997 +*************** +*** 11,31 **** +--- 11,41 ---- + */ + static char RcsId[] = "$Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.1 1999/08/04 17:30:30 darrenr Exp $"; + ++ /* ++ * Patches for IP Filter NAT extensions written by Darren Reed, 7/7/96 ++ * darrenr@cyber.com.au ++ */ ++ static char vIpFilter[] = "v3.1.11"; + + #include <stdio.h> + #include <ctype.h> + #include <syslog.h> ++ #include <unistd.h> ++ #include <fcntl.h> + #include <sys/signal.h> + #include <sys/ioctl.h> + #include <sys/errno.h> + extern int errno; ++ #ifdef sun + extern char *sys_errlist[]; ++ #endif + #include <arpa/ftp.h> + #include <arpa/telnet.h> + #include <sys/time.h> + #include <sys/types.h> + #include <sys/socket.h> + #include <netinet/in.h> ++ #include <net/if.h> + + extern char *rindex(); + extern char *index(); +*************** +*** 36,41 **** +--- 46,54 ---- + + #include "firewall.h" + ++ #include "ip_compat.h" ++ #include "ip_fil.h" ++ #include "ip_nat.h" + + #ifndef BSIZ + #define BSIZ 2048 +*************** +*** 83,88 **** +--- 96,103 ---- + static int cmd_noop(); + static int cmd_abor(); + static int cmd_passthru(); ++ static int nat_destination(); ++ static int connectdest(); + static void saveline(); + static void flushsaved(); + static void trap_sigurg(); +*************** +*** 317,323 **** + if(authallflg) + if(say(0,"220-Proxy first requires authentication")) + exit(1); +! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); + if(say(0,xuf)) + exit(1); + } +--- 332,341 ---- + if(authallflg) + if(say(0,"220-Proxy first requires authentication")) + exit(1); +! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); +! if(say(0,xuf)) +! exit(1); +! sprintf(xuf,"220-%s TIS ftp-gw with IP Filter %s NAT extensions",huf,vIpFilter); + if(say(0,xuf)) + exit(1); + } +*************** +*** 338,343 **** +--- 356,363 ---- + exit(1); + } + ++ nat_destination(0); ++ + /* main loop */ + while(1) { + FD_ZERO(&rdy); +*************** +*** 608,619 **** + static char narg[] = "501 Missing or extra username"; + static char noad[] = "501 Use user@site to connect via proxy"; + char buf[1024]; +- char mbuf[512]; + char *p; + char *dest; + char *user; + int x; +- int msg_int; + short port = FTPPORT; + + /* kludgy but effective. if authorizing everything call auth instead */ +--- 628,637 ---- +*************** +*** 643,648 **** +--- 661,687 ---- + return(sayn(0,noad,sizeof(noad))); + } + ++ if((rfd == -1) && (x = connectdest(dest,port))) ++ return x; ++ sprintf(buf,"USER %s",user); ++ if(say(rfd,buf)) ++ return(1); ++ x = getresp(rfd,buf,sizeof(buf),1); ++ if(sendsaved(0,x)) ++ return(1); ++ return(say(0,buf)); ++ } ++ ++ static int ++ connectdest(dest,port) ++ char *dest; ++ short port; ++ { ++ char buf[1024]; ++ char mbuf[512]; ++ int msg_int; ++ int x; ++ + if(*dest == '\0') + dest = "localhost"; + +*************** +*** 685,693 **** + char ebuf[512]; + + strcpy(ebuf,buf); +! sprintf(buf,"521 %s: %s",dest,ebuf); + return(say(0,buf)); + } + sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); + saveline(buf); + +--- 724,733 ---- + char ebuf[512]; + + strcpy(ebuf,buf); +! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf); + return(say(0,buf)); + } ++ + sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); + saveline(buf); + +*************** +*** 698,711 **** + return(say(0,buf)); + } + saveline(buf); +! +! sprintf(buf,"USER %s",user); +! if(say(rfd,buf)) +! return(1); +! x = getresp(rfd,buf,sizeof(buf),1); +! if(sendsaved(0,x)) +! return(1); +! return(say(0,buf)); + } + + +--- 738,745 ---- + return(say(0,buf)); + } + saveline(buf); +! sendsaved(0,-1); +! return 0; + } + + +*************** +*** 1591,1593 **** +--- 1625,1671 ---- + dup(nread); + } + #endif ++ ++ ++ static int ++ nat_destination(fd) ++ int fd; ++ { ++ struct sockaddr_in laddr, faddr; ++ struct natlookup natlookup; ++ char *dest; ++ int slen, natfd; ++ ++ bzero((char *)&laddr, sizeof(laddr)); ++ bzero((char *)&faddr, sizeof(faddr)); ++ slen = sizeof(laddr); ++ if(getsockname(fd,(struct sockaddr *)&laddr,&slen) < 0) { ++ perror("getsockname"); ++ exit(1); ++ } ++ slen = sizeof(faddr); ++ if(getpeername(fd,(struct sockaddr *)&faddr,&slen) < 0) { ++ perror("getsockname"); ++ exit(1); ++ } ++ ++ natlookup.nl_inport = laddr.sin_port; ++ natlookup.nl_outport = faddr.sin_port; ++ natlookup.nl_inip = laddr.sin_addr; ++ natlookup.nl_outip = faddr.sin_addr; ++ natlookup.nl_flags = IPN_TCP; ++ if((natfd = open(IPL_NAT, O_RDONLY)) < 0) { ++ perror("open"); ++ exit(1); ++ } ++ if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) { ++ syslog(LOG_ERR, "SIOCGNATL failed: %m\n"); ++ close(natfd); ++ if(say(0,"220 Ready")) ++ exit(1); ++ return 0; ++ } ++ close(natfd); ++ return connectdest(inet_ntoa(natlookup.nl_realip), ++ ntohs(natlookup.nl_realport)); ++ } |