summaryrefslogtreecommitdiffstats
path: root/contrib/ipfilter/FWTK
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/ipfilter/FWTK')
-rw-r--r--contrib/ipfilter/FWTK/Index3
-rw-r--r--contrib/ipfilter/FWTK/README18
-rw-r--r--contrib/ipfilter/FWTK/README.ipfilter20
-rw-r--r--contrib/ipfilter/FWTK/ftp-gw.diff232
-rw-r--r--contrib/ipfilter/FWTK/fwtk_transparent.diff1025
-rw-r--r--contrib/ipfilter/FWTK/fwtkp812
6 files changed, 0 insertions, 2110 deletions
diff --git a/contrib/ipfilter/FWTK/Index b/contrib/ipfilter/FWTK/Index
deleted file mode 100644
index f5d7043..0000000
--- a/contrib/ipfilter/FWTK/Index
+++ /dev/null
@@ -1,3 +0,0 @@
-README - Readme for ftp-gw.diff and fwtkp
-README.ipfilter - README for fwtk_transparent.diff
-fwtk_transparent.diff - patches for 2.0beta
diff --git a/contrib/ipfilter/FWTK/README b/contrib/ipfilter/FWTK/README
deleted file mode 100644
index 3ed0e2f..0000000
--- a/contrib/ipfilter/FWTK/README
+++ /dev/null
@@ -1,18 +0,0 @@
-
-There are two patch files in this directory, each allowing for the Firewall
-Toolkit to be used in a transparent proxy configuration.
-
-ftp-gw.diff - A patch written by myself for use only with IP Filter and
- ftp-gw from the Firewall Toolkit. You need to copy ip_nat.h,
- ip_fil.h and ip_compat.h to the ftp-gw directory to compile
- once this patch has been applied.
-
-fwtkp - A set of patches written by James B. Croall (jcroall@foo.org)
- for use with both IP Filter and ipfwadm (for Linux) and more
- of the various FWTK gateway plugins, including:
- ftp-gw http-gw plug-gw rlogin-gw tn-gw
-
-Both patches when applied to the Firewall toolkit require the same
-configuration for IP Filter.
-
-Darren
diff --git a/contrib/ipfilter/FWTK/README.ipfilter b/contrib/ipfilter/FWTK/README.ipfilter
deleted file mode 100644
index fd461cc..0000000
--- a/contrib/ipfilter/FWTK/README.ipfilter
+++ /dev/null
@@ -1,20 +0,0 @@
-
-there was a patch for fwtk with ip_filter 3.1.5 from James B. Croall
-(thanx for his work) which I put onto fwtk 2.0beta.
-
-Now, if you decide to do transparent proxying with ip-filter you
-have to put -DUSE_IP_FILTER to COPTS in Makefile.config.
-With Solaris 2.x you have to correctly replace the path to your
-ip_filter sources. (lib/hnam.c needs ip_nat.h)
-
-I also patched plug-gw to be configured to accept not only one
-destination with the parameter "-all-destinations" in netperm-table.
-Perhaps this is a security hole...
-
-The patched fwtk worked fine for me with linux (kernel 2.0.28 and ipfadm 2.1)
-and Solaris 2.5 (ip_filter 3.1.5).
-
-If you try to enhance the transparent proxy features for other
-architectures, see lib/hnam.c (getdsthost).
-
-Michael Kutzner, Michael.Kutzner@paderlinx.de
diff --git a/contrib/ipfilter/FWTK/ftp-gw.diff b/contrib/ipfilter/FWTK/ftp-gw.diff
deleted file mode 100644
index a47eba0..0000000
--- a/contrib/ipfilter/FWTK/ftp-gw.diff
+++ /dev/null
@@ -1,232 +0,0 @@
-*** ftp-gw.c.orig Sun Jun 22 16:27:42 1997
---- ftp-gw.c Sun Jun 22 17:02:16 1997
-***************
-*** 11,31 ****
---- 11,41 ----
- */
- static char RcsId[] = "$Header$";
-
-+ /*
-+ * Patches for IP Filter NAT extensions written by Darren Reed, 7/7/96
-+ * darrenr@cyber.com.au
-+ */
-+ static char vIpFilter[] = "v3.1.11";
-
- #include <stdio.h>
- #include <ctype.h>
- #include <syslog.h>
-+ #include <unistd.h>
-+ #include <fcntl.h>
- #include <sys/signal.h>
- #include <sys/ioctl.h>
- #include <sys/errno.h>
- extern int errno;
-+ #ifdef sun
- extern char *sys_errlist[];
-+ #endif
- #include <arpa/ftp.h>
- #include <arpa/telnet.h>
- #include <sys/time.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <netinet/in.h>
-+ #include <net/if.h>
-
- extern char *rindex();
- extern char *index();
-***************
-*** 36,41 ****
---- 46,54 ----
-
- #include "firewall.h"
-
-+ #include "ip_compat.h"
-+ #include "ip_fil.h"
-+ #include "ip_nat.h"
-
- #ifndef BSIZ
- #define BSIZ 2048
-***************
-*** 83,88 ****
---- 96,103 ----
- static int cmd_noop();
- static int cmd_abor();
- static int cmd_passthru();
-+ static int nat_destination();
-+ static int connectdest();
- static void saveline();
- static void flushsaved();
- static void trap_sigurg();
-***************
-*** 317,323 ****
- if(authallflg)
- if(say(0,"220-Proxy first requires authentication"))
- exit(1);
-! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
- if(say(0,xuf))
- exit(1);
- }
---- 332,341 ----
- if(authallflg)
- if(say(0,"220-Proxy first requires authentication"))
- exit(1);
-! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
-! if(say(0,xuf))
-! exit(1);
-! sprintf(xuf,"220-%s TIS ftp-gw with IP Filter %s NAT extensions",huf,vIpFilter);
- if(say(0,xuf))
- exit(1);
- }
-***************
-*** 338,343 ****
---- 356,363 ----
- exit(1);
- }
-
-+ nat_destination(0);
-+
- /* main loop */
- while(1) {
- FD_ZERO(&rdy);
-***************
-*** 608,619 ****
- static char narg[] = "501 Missing or extra username";
- static char noad[] = "501 Use user@site to connect via proxy";
- char buf[1024];
-- char mbuf[512];
- char *p;
- char *dest;
- char *user;
- int x;
-- int msg_int;
- short port = FTPPORT;
-
- /* kludgy but effective. if authorizing everything call auth instead */
---- 628,637 ----
-***************
-*** 643,648 ****
---- 661,687 ----
- return(sayn(0,noad,sizeof(noad)));
- }
-
-+ if((rfd == -1) && (x = connectdest(dest,port)))
-+ return x;
-+ sprintf(buf,"USER %s",user);
-+ if(say(rfd,buf))
-+ return(1);
-+ x = getresp(rfd,buf,sizeof(buf),1);
-+ if(sendsaved(0,x))
-+ return(1);
-+ return(say(0,buf));
-+ }
-+
-+ static int
-+ connectdest(dest,port)
-+ char *dest;
-+ short port;
-+ {
-+ char buf[1024];
-+ char mbuf[512];
-+ int msg_int;
-+ int x;
-+
- if(*dest == '\0')
- dest = "localhost";
-
-***************
-*** 685,693 ****
- char ebuf[512];
-
- strcpy(ebuf,buf);
-! sprintf(buf,"521 %s: %s",dest,ebuf);
- return(say(0,buf));
- }
- sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
- saveline(buf);
-
---- 724,733 ----
- char ebuf[512];
-
- strcpy(ebuf,buf);
-! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
- return(say(0,buf));
- }
-+
- sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
- saveline(buf);
-
-***************
-*** 698,711 ****
- return(say(0,buf));
- }
- saveline(buf);
-!
-! sprintf(buf,"USER %s",user);
-! if(say(rfd,buf))
-! return(1);
-! x = getresp(rfd,buf,sizeof(buf),1);
-! if(sendsaved(0,x))
-! return(1);
-! return(say(0,buf));
- }
-
-
---- 738,745 ----
- return(say(0,buf));
- }
- saveline(buf);
-! sendsaved(0,-1);
-! return 0;
- }
-
-
-***************
-*** 1591,1593 ****
---- 1625,1671 ----
- dup(nread);
- }
- #endif
-+
-+
-+ static int
-+ nat_destination(fd)
-+ int fd;
-+ {
-+ struct sockaddr_in laddr, faddr;
-+ struct natlookup natlookup;
-+ char *dest;
-+ int slen, natfd;
-+
-+ bzero((char *)&laddr, sizeof(laddr));
-+ bzero((char *)&faddr, sizeof(faddr));
-+ slen = sizeof(laddr);
-+ if(getsockname(fd,(struct sockaddr *)&laddr,&slen) < 0) {
-+ perror("getsockname");
-+ exit(1);
-+ }
-+ slen = sizeof(faddr);
-+ if(getpeername(fd,(struct sockaddr *)&faddr,&slen) < 0) {
-+ perror("getsockname");
-+ exit(1);
-+ }
-+
-+ natlookup.nl_inport = laddr.sin_port;
-+ natlookup.nl_outport = faddr.sin_port;
-+ natlookup.nl_inip = laddr.sin_addr;
-+ natlookup.nl_outip = faddr.sin_addr;
-+ natlookup.nl_flags = IPN_TCP;
-+ if((natfd = open(IPL_NAT, O_RDONLY)) < 0) {
-+ perror("open");
-+ exit(1);
-+ }
-+ if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) {
-+ syslog(LOG_ERR, "SIOCGNATL failed: %m\n");
-+ close(natfd);
-+ if(say(0,"220 Ready"))
-+ exit(1);
-+ return 0;
-+ }
-+ close(natfd);
-+ return connectdest(inet_ntoa(natlookup.nl_realip),
-+ ntohs(natlookup.nl_realport));
-+ }
diff --git a/contrib/ipfilter/FWTK/fwtk_transparent.diff b/contrib/ipfilter/FWTK/fwtk_transparent.diff
deleted file mode 100644
index 8f0aeb4..0000000
--- a/contrib/ipfilter/FWTK/fwtk_transparent.diff
+++ /dev/null
@@ -1,1025 +0,0 @@
-diff -cr ../TIS.orig/fwtk/Makefile.config.linux fwtk/Makefile.config.linux
-*** ../TIS.orig/fwtk/Makefile.config.linux Sat Sep 7 05:58:21 1996
---- fwtk/Makefile.config.linux Sun Feb 2 05:48:01 1997
-***************
-*** 13,19 ****
-
-
- # Your C compiler (eg, "cc" or "gcc")
-! CC= cc
-
-
- # program to use for installation -- this may or may not preserve
---- 13,19 ----
-
-
- # Your C compiler (eg, "cc" or "gcc")
-! CC= gcc
-
-
- # program to use for installation -- this may or may not preserve
-***************
-*** 24,37 ****
-
- # Defines for your operating system
- #
-! DEFINES=-DLINUX
- #DEFINES=-DSYSV -DSOLARIS
-
- # Options for your compiler (eg, "-g" for debugging, "-O" for
- # optimizing, or "-g -O" for both under GCC)
- #COPT= -g -traditional $(DEFINES)
-! COPT= -g $(DEFINES)
-! #COPT= -O $(DEFINES)
-
- # Version of "make" you want to use
- #MAKE= gnumake
---- 24,37 ----
-
- # Defines for your operating system
- #
-! DEFINES=-DLINUX -DUSE_IP_FILTER
- #DEFINES=-DSYSV -DSOLARIS
-
- # Options for your compiler (eg, "-g" for debugging, "-O" for
- # optimizing, or "-g -O" for both under GCC)
- #COPT= -g -traditional $(DEFINES)
-! #COPT= -g $(DEFINES)
-! COPT= -O $(DEFINES)
-
- # Version of "make" you want to use
- #MAKE= gnumake
-***************
-*** 44,50 ****
-
-
- # Destination directory for installation of binaries
-! DEST= /usr/local/etc
-
-
- # Destination directory for installation of man pages
---- 44,50 ----
-
-
- # Destination directory for installation of binaries
-! DEST= /usr/local/sbin
-
-
- # Destination directory for installation of man pages
-***************
-*** 72,78 ****
- # or -Bstatic for static binaries under SunOS 4.1.x)
- #LDFL= -Bstatic
- #LDFL=
-! LDFL= -g
-
-
- # Location of the fwtk sources [For #include by any external tools needing it]
---- 72,79 ----
- # or -Bstatic for static binaries under SunOS 4.1.x)
- #LDFL= -Bstatic
- #LDFL=
-! #LDFL= -g
-! LDFL= -O
-
-
- # Location of the fwtk sources [For #include by any external tools needing it]
-***************
-*** 81,87 ****
-
-
- # Location of X libraries for X-gw
-! XLIBDIR=/usr/X11/lib
- #XLIBDIR=/usr/local/X11R5/lib
-
- # X Libraries
---- 82,88 ----
-
-
- # Location of X libraries for X-gw
-! XLIBDIR=/usr/X11R6/lib
- #XLIBDIR=/usr/local/X11R5/lib
-
- # X Libraries
-***************
-*** 96,102 ****
- #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11
-
- # Location of X include files
-! XINCLUDE=/usr/X11/include
- #XINCLUDE=/usr/local/X11R5/include
-
- # Objects to include in libfwall for SYSV
---- 97,103 ----
- #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11
-
- # Location of X include files
-! XINCLUDE=/usr/X11R6/include
- #XINCLUDE=/usr/local/X11R5/include
-
- # Objects to include in libfwall for SYSV
-diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris
-*** ../TIS.orig/fwtk/Makefile.config.solaris Sat Sep 7 06:14:13 1996
---- fwtk/Makefile.config.solaris Sun Feb 2 06:09:19 1997
-***************
-*** 11,30 ****
- #
- # RcsId: "$Header$"
-
-
- # Your C compiler (eg, "cc" or "gcc")
-! CC= cc
-
-
- # program to use for installation -- this may or may not preserve
- # old versions (or whatever). assumes that it takes parameters:
- # copy source dest
-! CP= cp
-
-
- # Defines for your operating system
- #
-! DEFINES=-DSYSV -DSOLARIS
-
- #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \
- -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \
---- 11,34 ----
- #
- # RcsId: "$Header$"
-
-+ #
-+ # Path to sources of ip_filter (ip_nat.h required in lib/hnam.c)
-+ #
-+ IPFPATH=/src/unpacked/firewall/ip_fil3.1.5
-
- # Your C compiler (eg, "cc" or "gcc")
-! CC= gcc
-
-
- # program to use for installation -- this may or may not preserve
- # old versions (or whatever). assumes that it takes parameters:
- # copy source dest
-! CP= /usr/ucb/install -c -s
-
-
- # Defines for your operating system
- #
-! DEFINES=-DSYSV -DSOLARIS -DUSE_IP_FILTER -I$(IPFPATH)
-
- #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \
- -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \
-***************
-*** 45,52 ****
-
-
- # Your ranlib utility (use "touch" if you don't have ranlib)
-! RANLIB= ranlib
-! #RANLIB= touch
-
-
- # Destination directory for installation of binaries
---- 49,56 ----
-
-
- # Your ranlib utility (use "touch" if you don't have ranlib)
-! # RANLIB= ranlib
-! RANLIB= touch
-
-
- # Destination directory for installation of binaries
-diff -cr ../TIS.orig/fwtk/firewall.h fwtk/firewall.h
-*** ../TIS.orig/fwtk/firewall.h Sun Sep 8 05:55:26 1996
---- fwtk/firewall.h Sun Feb 2 05:23:33 1997
-***************
-*** 47,53 ****
- system.
- */
- #ifndef PERMFILE
-! #define PERMFILE "/usr/local/etc/netperm-table"
- #endif
-
- /*
---- 47,53 ----
- system.
- */
- #ifndef PERMFILE
-! #define PERMFILE "/etc/fwtk/netperm-table"
- #endif
-
- /*
-***************
-*** 67,73 ****
-
- /* Choose a system logging facility for the firewall toolkit. */
- #ifndef LFAC
-! #define LFAC LOG_DAEMON
- #endif
-
-
---- 67,73 ----
-
- /* Choose a system logging facility for the firewall toolkit. */
- #ifndef LFAC
-! #define LFAC LOG_LOCAL5
- #endif
-
-
-***************
-*** 215,220 ****
- #define PERM_ALLOW 01
- #define PERM_DENY 02
-
-!
- #define _INCL_FWALL_H
- #endif
---- 215,222 ----
- #define PERM_ALLOW 01
- #define PERM_DENY 02
-
-! #ifdef USE_IP_FILTER
-! extern char *getdsthost(int, int*);
-! #endif
- #define _INCL_FWALL_H
- #endif
-diff -cr ../TIS.orig/fwtk/ftp-gw/ftp-gw.c fwtk/ftp-gw/ftp-gw.c
-*** ../TIS.orig/fwtk/ftp-gw/ftp-gw.c Fri Sep 6 18:55:05 1996
---- fwtk/ftp-gw/ftp-gw.c Sat Feb 1 06:49:13 1997
-***************
-*** 50,55 ****
---- 50,59 ----
- #ifndef FTPPORT
- #define FTPPORT 21
- #endif
-+ #ifdef USE_IP_FILTER
-+ static int do_transparent=0;
-+ static int connectdest();
-+ #endif
-
- static Cfg *confp;
- static char **validests = (char **)0;
-***************
-*** 170,175 ****
---- 174,182 ----
- char xuf[1024];
- char huf[128];
- char *passuser = (char *)0; /* passed user as av */
-+ #ifdef USE_IP_FILTER
-+ char *psychic, *hotline;
-+ #endif
-
- #ifndef LOG_DAEMON
- openlog("ftp-gw",LOG_PID);
-***************
-*** 313,320 ****
- }
- } else
- timeout = 60*60;
-
--
- /* display a welcome file or message */
- if(passuser == (char *)0) {
- if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
---- 320,330 ----
- }
- } else
- timeout = 60*60;
-+ #ifdef USE_IP_FILTER
-+ psychic=getdsthost(0,NULL);
-+ if(psychic) { do_transparent++; }
-+ #endif
-
- /* display a welcome file or message */
- if(passuser == (char *)0) {
- if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
-***************
-*** 322,327 ****
---- 332,345 ----
- syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
- exit(1);
- }
-+ #ifdef USE_IP_FILTER
-+ if(do_transparent) {
-+ if(sayfile2(0,cf->argv[0],220)) {
-+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
-+ exit(1);
-+ }
-+ } else
-+ #endif /* USE_IP_FILTER */
- if(sayfile(0,cf->argv[0],220)) {
- syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
- exit(1);
-***************
-*** 332,338 ****
- if(authallflg)
- if(say(0,"220-Proxy first requires authentication"))
- exit(1);
-! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
- if(say(0,xuf))
- exit(1);
- }
---- 350,361 ----
- if(authallflg)
- if(say(0,"220-Proxy first requires authentication"))
- exit(1);
-! #ifdef USE_IP_FILTER
-! if(do_transparent)
-! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
-! else
-! #endif
-! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
- if(say(0,xuf))
- exit(1);
- }
-***************
-*** 352,358 ****
- if(cmd_user(2,fakav,"user internal"))
- exit(1);
- }
-!
- /* main loop */
- while(1) {
- FD_ZERO(&rdy);
---- 375,386 ----
- if(cmd_user(2,fakav,"user internal"))
- exit(1);
- }
-! #ifdef USE_IP_FILTER
-! if(do_transparent) {
-! connectdest(psychic,21);
-! }
-! #endif
-!
- /* main loop */
- while(1) {
- FD_ZERO(&rdy);
-***************
-*** 676,681 ****
---- 704,719 ----
- return(sayn(0,noad,sizeof(noad)-1));
- }
-
-+ #ifdef USE_IP_FILTER
-+ if(do_transparent) {
-+ if((rfd==(-1)) && (x=connectdest(dest,port))) return x;
-+ sprintf(buf,"USER %s",user);
-+ if(say(rfd,buf)) return(1);
-+ x=getresp(rfd,buf,sizeof(buf),1);
-+ if(sendsaved(0,x)) return(1);
-+ return(say(0,buf));
-+ }
-+ #endif
- if(*dest == '\0')
- dest = "localhost";
-
-***************
-*** 717,723 ****
- char ebuf[512];
-
- strcpy(ebuf,buf);
-! sprintf(buf,"521 %s: %s",dest,ebuf);
- rfd = -1;
- return(say(0,buf));
- }
---- 755,766 ----
- char ebuf[512];
-
- strcpy(ebuf,buf);
-! #ifdef USE_IP_FILTER
-! if(do_transparent) {
-! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
-! } else
-! #endif
-! sprintf(buf,"521 %s: %s",dest,ebuf);
- rfd = -1;
- return(say(0,buf));
- }
-***************
-*** 1874,1876 ****
---- 1917,2036 ----
- dup(nread);
- }
- #endif
-+
-+ #ifdef USE_IP_FILTER
-+ static int connectdest(dest, port)
-+ char *dest;
-+ short port;
-+ {
-+ char buf[1024], mbuf[512];
-+ int msg_int, x;
-+
-+ if(*dest == '\0')
-+ dest = "localhost";
-+
-+ if(validests != (char **)0) {
-+ char **xp;
-+ int x;
-+
-+ for(xp = validests; *xp != (char *)0; xp++) {
-+ if(**xp == '!' && hostmatch(*xp + 1,dest)) {
-+ return(baddest(0,dest));
-+ } else {
-+ if(hostmatch(*xp,dest))
-+ break;
-+ }
-+ }
-+ if(*xp == (char *)0)
-+ return(baddest(0,dest));
-+ }
-+
-+ /* Extended permissions processing goes in here for destination */
-+ if(extendperm) {
-+ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0);
-+ if(msg_int == 1) {
-+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
-+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
-+ say(0,mbuf);
-+ return(1);
-+ } else {
-+ if(msg_int == -1) {
-+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
-+ say(0,mbuf);
-+ return(1);
-+ }
-+ }
-+ }
-+
-+ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest);
-+
-+ if((rfd = conn_server(dest,port,0,buf)) < 0) {
-+ char ebuf[512];
-+
-+ strcpy(ebuf,buf);
-+ sprintf(buf,"521 %s: %s",dest,ebuf);
-+ rfd = -1;
-+ return(say(0,buf));
-+ }
-+ if(!do_transparent) {
-+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
-+ saveline(buf);
-+ }
-+
-+ /* we are now connected and need to try the autologin thing */
-+ x = getresp(rfd,buf,sizeof(buf),1);
-+ if(x / 100 != COMPLETE) {
-+ sendsaved(0,-1);
-+ return(say(0,buf));
-+ }
-+ saveline(buf);
-+
-+ sendsaved(0,-1);
-+ return 0;
-+ }
-+
-+
-+ /* ok, so i'm in a hurry. english paper due RSN. */
-+ sayfile2(fd,fn,code)
-+ int fd;
-+ char *fn;
-+ int code;
-+ {
-+ FILE *f;
-+ char buf[BUFSIZ];
-+ char yuf[BUFSIZ];
-+ char *c;
-+ int x;
-+ int saidsomething = 0;
-+
-+ if((f = fopen(fn,"r")) == (FILE *)0)
-+ return(1);
-+ while(fgets(buf,sizeof(buf),f) != (char *)0) {
-+ if((c = index(buf,'\n')) != (char *)0)
-+ *c = '\0';
-+ x = fgetc(f);
-+ if(feof(f))
-+ sprintf(yuf,"%3.3d-%s",code,buf);
-+ else {
-+ sprintf(yuf,"%3.3d-%s",code,buf);
-+ ungetc(x,f);
-+ }
-+ if(say(fd,yuf)) {
-+ fclose(f);
-+ return(1);
-+ }
-+ saidsomething++;
-+ }
-+ fclose(f);
-+ if (!saidsomething) {
-+ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code);
-+ sprintf(yuf, "%3.3d The file to display is empty",code);
-+ if(say(fd,yuf)) {
-+ fclose(f);
-+ return(1);
-+ }
-+ }
-+ return(0);
-+ }
-+
-+ #endif /* USE_IP_FILTER */
-diff -cr ../TIS.orig/fwtk/http-gw/http-gw.c fwtk/http-gw/http-gw.c
-*** ../TIS.orig/fwtk/http-gw/http-gw.c Mon Sep 9 20:40:53 1996
---- fwtk/http-gw/http-gw.c Sun Feb 2 06:41:18 1997
-***************
-*** 27,32 ****
---- 27,35 ----
- static char http_buffer[8192];
- static char reason[8192];
- static int checkBrowserType = 1;
-+ #ifdef USE_IP_FILTER
-+ static int do_transparent=0;
-+ #endif
-
- static void do_logging()
- { char *proto = "GOPHER";
-***************
-*** 422,427 ****
---- 425,441 ----
- /*(NOT A SPECIAL FORM)*/
-
- if((rem_type & TYPE_LOCAL)== 0){
-+ #ifdef USE_IP_FILTER
-+ char *psychic=getdsthost(sockfd,&def_port);
-+ if(psychic) {
-+ if(strlen(psychic)<=MAXHOSTNAMELEN) {
-+ do_transparent++;
-+ strncpy(def_httpd,psychic,strlen(psychic));
-+ strncpy(def_server,psychic,strlen(psychic));
-+ }
-+ }
-+
-+ #endif /* USE_IP_FILTER */
- /* See if it can be forwarded */
-
- if( can_forward(buf)){
-***************
-*** 1513,1518 ****
---- 1527,1537 ----
- parse_vec[0],
- parse_vec[1],
- ourname, ourport);
-+ }
-+ #ifdef USE_IP_FILTER
-+ else if(do_transparent) {
-+ sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]);
-+ #endif /* USE_IP_FILTER */
- }else{
- sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
- parse_vec[0], parse_vec[2],
-diff -cr ../TIS.orig/fwtk/lib/hnam.c fwtk/lib/hnam.c
-*** ../TIS.orig/fwtk/lib/hnam.c Sat Nov 5 00:30:19 1994
---- fwtk/lib/hnam.c Sat Feb 1 08:17:46 1997
-***************
-*** 20,25 ****
---- 20,37 ----
-
- extern char *inet_ntoa();
-
-+ #if defined(USE_IP_FILTER)
-+ #include <net/if.h>
-+ #ifndef LINUX
-+ #include "ip_nat.h"
-+ #endif
-+ #if defined(SOLARIS)
-+ #include <sys/stat.h>
-+ #include <fcntl.h>
-+ #include <unistd.h>
-+ #include <sys/ioccom.h>
-+ #endif
-+ #endif /* IP_FILTER */
-
- #include "firewall.h"
-
-***************
-*** 45,47 ****
---- 57,158 ----
- bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
- return(inet_ntoa(sin.sin_addr));
- }
-+
-+
-+
-+ #ifdef USE_IP_FILTER
-+ char *getdsthost(fd, ptr)
-+ int fd;
-+ int *ptr;
-+ {
-+ struct sockaddr_in sin;
-+ struct hostent *hp;
-+ int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0;
-+ static char buf[255], hostbuf[255];
-+ #if defined(__FreeBSD__) || defined(SOLARIS)
-+ struct sockaddr_in rsin;
-+ struct natlookup natlookup;
-+ int natfd;
-+ #endif
-+
-+ #ifdef linux
-+ /* This should also work for UDP. Unfortunately, it doesn't.
-+ Maybe when the Linux UDP proxy code gets a little cleaner.
-+ */
-+ if(!(err=getsockname(0,&sin,&sl))) {
-+ if(ptr) *ptr=ntohs(sin.sin_port);
-+ sprintf(buf,"%s",inet_ntoa(sin.sin_addr));
-+ gethostname(hostbuf,254);
-+ hp=gethostbyname(hostbuf);
-+ while(hp->h_addr_list[i]) {
-+ bzero(&sin,&sl);
-+ memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++]));
-+ if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++;
-+ }
-+ if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); }
-+ else { return(buf); }
-+ }
-+ #endif
-+
-+ #if defined(__FreeBSD__)
-+ /* The basis for this block of code is Darren Reed's
-+ patches to the TIS ftwk's ftp-gw.
-+ */
-+ bzero((char*)&sin,sizeof(sin));
-+ bzero((char*)&rsin,sizeof(rsin));
-+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
-+ return NULL;
-+ }
-+ sl=sizeof(rsin);
-+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
-+ return NULL;
-+ }
-+ natlookup.nl_inport=sin.sin_port;
-+ natlookup.nl_outport=rsin.sin_port;
-+ natlookup.nl_inip=sin.sin_addr;
-+ natlookup.nl_outip=rsin.sin_addr;
-+ if((natfd=open("/dev/ipnat",O_RDONLY))<0) {
-+ return(NULL);
-+ }
-+ if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) {
-+ return(NULL);
-+ }
-+ close(natfd);
-+ if(ptr) *ptr=ntohs(natlookup.nl_realport);
-+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip));
-+ #endif
-+
-+ #if defined(SOLARIS) /* for Solaris */
-+ /* The basis for this block of code is Darren Reed's
-+ * patches to the TIS ftwk's ftp-gw.
-+ * modified for Solaris from Michael Kutzner, Michael.Kutzner@paderlinx.de
-+ */
-+ memset((char*)&sin, 0, sizeof(sin));
-+ memset((char*)&rsin, 0, sizeof(rsin));
-+
-+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
-+ return NULL;
-+ }
-+ sl=sizeof(rsin);
-+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
-+ return NULL;
-+ }
-+ natlookup.nl_inport=sin.sin_port;
-+ natlookup.nl_outport=rsin.sin_port;
-+ natlookup.nl_inip=sin.sin_addr;
-+ natlookup.nl_outip=rsin.sin_addr;
-+ if( (natfd=open(IPL_NAT,O_RDONLY)) < 0) {
-+ return(NULL);
-+ }
-+ if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) {
-+ return(NULL);
-+ }
-+ close(natfd);
-+ if(ptr) *ptr=ntohs(natlookup.nl_realport);
-+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip));
-+ #endif
-+
-+ /* No transparent proxy support */
-+ return(NULL);
-+ }
-+ #endif /* USE_IP_FILTER */
-diff -cr ../TIS.orig/fwtk/plug-gw/plug-gw.c fwtk/plug-gw/plug-gw.c
-*** ../TIS.orig/fwtk/plug-gw/plug-gw.c Thu Sep 5 21:36:33 1996
---- fwtk/plug-gw/plug-gw.c Sun Feb 2 04:50:40 1997
-***************
-*** 38,44 ****
- static int timeout = PROXY_TIMEOUT;
- static char **validdests = (char **)0;
- static Cfg *confp;
-!
- main(ac,av)
- int ac;
- char *av[];
---- 38,46 ----
- static int timeout = PROXY_TIMEOUT;
- static char **validdests = (char **)0;
- static Cfg *confp;
-! #ifdef USE_IP_FILTER
-! static int do_transparent=0;
-! #endif
- main(ac,av)
- int ac;
- char *av[];
-***************
-*** 189,201 ****
- static char buf[1024 * 4];
- void (*op)();
- char *dhost = NULL;
- char hostport[1024 * 4];
- char *ptr;
- int state = 0;
- int ssl_plug = 0;
-!
- struct timeval timo;
-
- if(c->flags & PERM_DENY) {
- if (p == -1)
- syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr);
---- 191,215 ----
- static char buf[1024 * 4];
- void (*op)();
- char *dhost = NULL;
-+ char *transhost = NULL;
- char hostport[1024 * 4];
- char *ptr;
- int state = 0;
- int ssl_plug = 0;
-! #ifdef USE_IP_FILTER
-! int pport;
-! #endif
- struct timeval timo;
-
-+ #ifdef USE_IP_FILTER
-+ /* Transparent plug-gw is probably a bad idea, but hey .. */
-+ transhost=getdsthost(0,&pport);
-+ if(transhost) {
-+ do_transparent++;
-+ portid=pport;
-+ }
-+ #endif
-+
- if(c->flags & PERM_DENY) {
- if (p == -1)
- syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr);
-***************
-*** 223,229 ****
- privport = 1;
- continue;
- }
-!
- if (!strcmp(av[x], "-port")) {
- if (++x >= ac) {
- syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln);
---- 237,248 ----
- privport = 1;
- continue;
- }
-! #ifdef USE_IP_FILTER
-! if (!strcmp(av[x],"-all-destinations")) {
-! dhost = transhost;
-! continue;
-! }
-! #endif
- if (!strcmp(av[x], "-port")) {
- if (++x >= ac) {
- syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln);
-diff -cr ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c fwtk/rlogin-gw/rlogin-gw.c
-*** ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c Fri Sep 6 18:56:33 1996
---- fwtk/rlogin-gw/rlogin-gw.c Sun Feb 2 06:26:04 1997
-***************
-*** 40,46 ****
-
- extern char *maphostname();
-
-!
- static int cmd_quit();
- static int cmd_help();
- static int cmd_connect();
---- 40,48 ----
-
- extern char *maphostname();
-
-! #ifdef USE_IP_FILTER
-! static int do_transparent=0;
-! #endif
- static int cmd_quit();
- static int cmd_help();
- static int cmd_connect();
-***************
-*** 120,125 ****
---- 122,130 ----
- static char *tokav[56];
- int tokac;
- struct timeval timo;
-+ #ifdef USE_IP_FILTER
-+ char *psychic;
-+ #endif
-
- #ifndef LOG_NDELAY
- openlog("rlogin-gw",LOG_PID);
-***************
-*** 186,192 ****
- }
-
-
-!
- if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
- if(cf->argc != 1) {
- syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln);
---- 191,204 ----
- }
-
-
-! #ifdef USE_IP_FILTER
-! psychic=getdsthost(0,NULL);
-! if(psychic) {
-! do_transparent++;
-! strncpy(dest,psychic,511);
-! dest[511]='\0';
-! }
-! #endif /* USE_IP_FILTER */
- if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
- if(cf->argc != 1) {
- syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln);
-***************
-*** 260,269 ****
- }
-
- /* if present a host name, chop and save username and hostname */
-- dest[0] = '\0';
- if((p = index(rusername,'@')) != (char *)0) {
- char *namp;
-
- *p++ = '\0';
- if(*p == '\0')
- p = "localhost";
---- 272,281 ----
- }
-
- /* if present a host name, chop and save username and hostname */
- if((p = index(rusername,'@')) != (char *)0) {
- char *namp;
-
-+ dest[0] = '\0';
- *p++ = '\0';
- if(*p == '\0')
- p = "localhost";
-***************
-*** 532,539 ****
---- 544,557 ----
- sprintf(ebuf,"Trying %s@%s...",rusername,namp);
- else
- sprintf(ebuf,"Trying %s...",namp);
-+ #ifdef USE_IP_FILTER
-+ if(!do_transparent) {
-+ #endif
- if(say(0,ebuf))
- return(1);
-+ #ifdef USE_IP_FILTER
-+ }
-+ #endif
- } else
- syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]);
- if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
-diff -cr ../TIS.orig/fwtk/tn-gw/tn-gw.c fwtk/tn-gw/tn-gw.c
-*** ../TIS.orig/fwtk/tn-gw/tn-gw.c Fri Sep 6 18:55:48 1996
---- fwtk/tn-gw/tn-gw.c Sun Feb 2 06:06:33 1997
-***************
-*** 97,102 ****
---- 97,106 ----
- static int timeout = PROXY_TIMEOUT;
- static char timed_out_msg[] = "\r\nConnection closed due to inactivity";
-
-+ #ifdef USE_IP_FILTER
-+ static int do_transparent=0;
-+ #endif
-+
- typedef struct {
- char *name;
- char *hmsg;
-***************
-*** 140,145 ****
---- 144,153 ----
- char tokbuf[BSIZ];
- char *tokav[56];
- int tokac;
-+ #ifdef USE_IP_FILTER
-+ int port;
-+ char *psychic;
-+ #endif
-
- #ifndef LOG_DAEMON
- openlog("tn-gw",LOG_PID);
-***************
-*** 307,313 ****
- exit(1);
- }
- }
-!
- while (argc > 1) {
- argc--;
- argv++;
---- 315,349 ----
- exit(1);
- }
- }
-! #ifdef USE_IP_FILTER
-! psychic=getdsthost(0,&port);
-! if(psychic) {
-! if((strlen(psychic) + 10) < 510) {
-! do_transparent++;
-! if(port)
-! sprintf(dest,"%s:%d",psychic,port);
-! else
-! sprintf(dest,"%s",psychic);
-!
-!
-! if(!welcomedone)
-! if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
-! if(cf->argc != 1) {
-! syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
-! exit(1);
-! }
-! if(sayfile(0,cf->argv[0])) {
-! syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]);
-! exit(1);
-! }
-! welcomedone = 1;
-! }
-!
-!
-! }
-! }
-!
-! #endif /* USE_IP_FILTER */
- while (argc > 1) {
- argc--;
- argv++;
-***************
-*** 870,877 ****
-
- syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
- sprintf(ebuf,"Trying %s port %d...",namp,port);
-! if(say(0,ebuf))
-! return(1);
- } else
- syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
-
---- 906,920 ----
-
- syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
- sprintf(ebuf,"Trying %s port %d...",namp,port);
-! #ifdef USE_IP_FILTER
-! if(!do_transparent) {
-! sprintf(ebuf,"Trying %s port %d...",namp,port);
-! #endif
-! if(say(0,ebuf))
-! return(1);
-! #ifdef USE_IP_FILTER
-! }
-! #endif
- } else
- syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
-
-***************
-*** 903,910 ****
-
- syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
- strncpy(dest,av[1], 511);
-! sprintf(buf, "Connected to %s.", dest);
- say(0, buf);
- return(2);
- }
-
---- 946,959 ----
-
- syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
- strncpy(dest,av[1], 511);
-! #ifdef USE_IP_FILTER
-! if(!do_transparent) {
-! sprintf(buf, "Connected to %s.", dest);
-! say(0, buf);
-! }
-! #else
- say(0, buf);
-+ #endif
- return(2);
- }
-
-diff -cr ../TIS.orig/fwtk/x-gw/socket.c fwtk/x-gw/socket.c
-*** ../TIS.orig/fwtk/x-gw/socket.c Sat Sep 7 05:16:35 1996
---- fwtk/x-gw/socket.c Sun Feb 2 05:26:44 1997
-***************
-*** 212,218 ****
- case AF_UNIX: un_name = (struct sockaddr_un *)addr;
- len = sizeof(un_name->sun_family) +
- sizeof(un_name->sun_path)
-! #ifdef SCM_RIGHTS /* 4.3BSD Reno and later */
- + sizeof(un_name->sun_len) + 1
- #endif
- ;
---- 212,218 ----
- case AF_UNIX: un_name = (struct sockaddr_un *)addr;
- len = sizeof(un_name->sun_family) +
- sizeof(un_name->sun_path)
-! #if defined(SCM_RIGHTS) && !defined(LINUX)/* 4.3BSD Reno and later */
- + sizeof(un_name->sun_len) + 1
- #endif
- ;
-Only in fwtk/x-gw: socket.c.bak
diff --git a/contrib/ipfilter/FWTK/fwtkp b/contrib/ipfilter/FWTK/fwtkp
deleted file mode 100644
index aba869d..0000000
--- a/contrib/ipfilter/FWTK/fwtkp
+++ /dev/null
@@ -1,812 +0,0 @@
-diff -c -r ./ftp-gw/ftp-gw.c ../../NEW/fwtk/ftp-gw/ftp-gw.c
-*** ./ftp-gw/ftp-gw.c Fri Sep 6 12:55:05 1996
---- ../../NEW/fwtk/ftp-gw/ftp-gw.c Wed Oct 9 02:51:35 1996
-***************
-*** 40,47 ****
-
- extern char *optarg;
-
-! #include "firewall.h"
-
-
- #ifndef BSIZ
- #define BSIZ 2048
---- 40,48 ----
-
- extern char *optarg;
-
-! char *getdsthost();
-
-+ #include "firewall.h"
-
- #ifndef BSIZ
- #define BSIZ 2048
-***************
-*** 84,89 ****
---- 85,92 ----
- static int cmdcnt = 0;
- static int timeout = PROXY_TIMEOUT;
-
-+ static int do_transparent=0;
-+
-
- static int cmd_user();
- static int cmd_authorize();
-***************
-*** 98,103 ****
---- 101,107 ----
- static void saveline();
- static void flushsaved();
- static void trap_sigurg();
-+ static int connectdest();
-
- #define OP_CONN 001 /* only valid if connected */
- #define OP_WCON 002 /* writethrough if connected */
-***************
-*** 170,175 ****
---- 174,180 ----
- char xuf[1024];
- char huf[128];
- char *passuser = (char *)0; /* passed user as av */
-+ char *psychic, *hotline;
-
- #ifndef LOG_DAEMON
- openlog("ftp-gw",LOG_PID);
-***************
-*** 314,319 ****
---- 319,326 ----
- } else
- timeout = 60*60;
-
-+ psychic=getdsthost(0,NULL);
-+ if(psychic) { do_transparent++; }
-
- /* display a welcome file or message */
- if(passuser == (char *)0) {
-***************
-*** 322,327 ****
---- 329,340 ----
- syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
- exit(1);
- }
-+ if(do_transparent) {
-+ if(sayfile2(0,cf->argv[0],220)) {
-+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
-+ exit(1);
-+ }
-+ } else
- if(sayfile(0,cf->argv[0],220)) {
- syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
- exit(1);
-***************
-*** 332,338 ****
- if(authallflg)
- if(say(0,"220-Proxy first requires authentication"))
- exit(1);
-! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
- if(say(0,xuf))
- exit(1);
- }
---- 345,357 ----
- if(authallflg)
- if(say(0,"220-Proxy first requires authentication"))
- exit(1);
-! /* foo */
-! if(do_transparent)
-! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
-! else
-! sprintf(xuf,"220 %s FTP Proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
-! /* foo */
-!
- if(say(0,xuf))
- exit(1);
- }
-***************
-*** 353,358 ****
---- 372,381 ----
- exit(1);
- }
-
-+ if(do_transparent) {
-+ connectdest(psychic,21);
-+ }
-+
- /* main loop */
- while(1) {
- FD_ZERO(&rdy);
-***************
-*** 676,681 ****
---- 699,713 ----
- return(sayn(0,noad,sizeof(noad)-1));
- }
-
-+ if(do_transparent) {
-+ if((rfd==(-1)) && (x=connectdest(dest,port))) return x;
-+ sprintf(buf,"USER %s",user);
-+ if(say(rfd,buf)) return(1);
-+ x=getresp(rfd,buf,sizeof(buf),1);
-+ if(sendsaved(0,x)) return(1);
-+ return(say(0,buf));
-+ }
-+
- if(*dest == '\0')
- dest = "localhost";
-
-***************
-*** 701,708 ****
- if(msg_int == 1) {
- sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
- syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
-! say(0,mbuf);
-! return(1);
- } else {
- if(msg_int == -1) {
- sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
---- 733,740 ----
- if(msg_int == 1) {
- sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
- syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
-! say(0,mbuf);
-! return(1);
- } else {
- if(msg_int == -1) {
- sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
-***************
-*** 717,723 ****
- char ebuf[512];
-
- strcpy(ebuf,buf);
-! sprintf(buf,"521 %s: %s",dest,ebuf);
- rfd = -1;
- return(say(0,buf));
- }
---- 749,759 ----
- char ebuf[512];
-
- strcpy(ebuf,buf);
-! if(do_transparent) {
-! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
-! } else {
-! sprintf(buf,"521 %s: %s",dest,ebuf);
-! }
- rfd = -1;
- return(say(0,buf));
- }
-***************
-*** 732,737 ****
---- 768,778 ----
- }
- saveline(buf);
-
-+ /* if(do_transparent) {
-+ sendsaved(0,-1);
-+ return(0);
-+ } /* EEEk. I can't remember what this does. */
-+
- sprintf(buf,"USER %s",user);
- if(say(rfd,buf))
- return(1);
-***************
-*** 744,749 ****
---- 785,860 ----
- return 0;
- }
-
-+ static int connectdest(dest, port)
-+ char *dest;
-+ short port;
-+ {
-+ char buf[1024], mbuf[512];
-+ int msg_int, x;
-+
-+ if(*dest == '\0')
-+ dest = "localhost";
-+
-+ if(validests != (char **)0) {
-+ char **xp;
-+ int x;
-+
-+ for(xp = validests; *xp != (char *)0; xp++) {
-+ if(**xp == '!' && hostmatch(*xp + 1,dest)) {
-+ return(baddest(0,dest));
-+ } else {
-+ if(hostmatch(*xp,dest))
-+ break;
-+ }
-+ }
-+ if(*xp == (char *)0)
-+ return(baddest(0,dest));
-+ }
-+
-+ /* Extended permissions processing goes in here for destination */
-+ if(extendperm) {
-+ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0);
-+ if(msg_int == 1) {
-+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
-+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
-+ say(0,mbuf);
-+ return(1);
-+ } else {
-+ if(msg_int == -1) {
-+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
-+ say(0,mbuf);
-+ return(1);
-+ }
-+ }
-+ }
-+
-+ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest);
-+
-+ if((rfd = conn_server(dest,port,0,buf)) < 0) {
-+ char ebuf[512];
-+
-+ strcpy(ebuf,buf);
-+ sprintf(buf,"521 %s: %s",dest,ebuf);
-+ rfd = -1;
-+ return(say(0,buf));
-+ }
-+ if(!do_transparent) {
-+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
-+ saveline(buf);
-+ }
-+
-+ /* we are now connected and need to try the autologin thing */
-+ x = getresp(rfd,buf,sizeof(buf),1);
-+ if(x / 100 != COMPLETE) {
-+ sendsaved(0,-1);
-+ return(say(0,buf));
-+ }
-+ saveline(buf);
-+
-+ sendsaved(0,-1);
-+ return 0;
-+ }
-+
-
-
- static int
-***************
-*** 1053,1058 ****
---- 1164,1171 ----
- static char nprn[] = "500 cannot get peername";
- char buf[512];
-
-+ /* syslog(LLEV,"DEBUG: port cmd"); */
-+
- if(ac < 2)
- return(sayn(0,narg,sizeof(narg)-1));
-
-***************
-*** 1119,1124 ****
---- 1232,1238 ----
- #define UC(c) (((int)c) & 0xff)
- sprintf(buf,"PORT %d,%d,%d,%d,%d,%d\r\n",UC(k[0]),UC(k[1]),UC(k[2]),
- UC(k[3]),UC(l[0]),UC(l[1]));
-+ /* syslog(LLEV,"DEBUG: %s",buf); */
- s = strlen(buf);
- if (write(rfd, buf, s) != s)
- return 1;
-***************
-*** 1330,1335 ****
---- 1444,1450 ----
- callback()
- {
- /* if we haven't gotten a valid PORT scrub the connection */
-+ /* syslog(LLEV,"DEBUG: callback()."); */
- if((outgoing = accept(boundport,(struct sockaddr *)0,(int *)0)) < 0 || clntport.sin_port == 0)
- goto bomb;
- if(pasvport != -1) { /* incoming handled by PASVcallback */
-***************
-*** 1796,1801 ****
---- 1911,1960 ----
- }
- return(0);
- }
-+
-+ /* ok, so i'm in a hurry. english paper due RSN. */
-+ sayfile2(fd,fn,code)
-+ int fd;
-+ char *fn;
-+ int code;
-+ {
-+ FILE *f;
-+ char buf[BUFSIZ];
-+ char yuf[BUFSIZ];
-+ char *c;
-+ int x;
-+ int saidsomething = 0;
-+
-+ if((f = fopen(fn,"r")) == (FILE *)0)
-+ return(1);
-+ while(fgets(buf,sizeof(buf),f) != (char *)0) {
-+ if((c = index(buf,'\n')) != (char *)0)
-+ *c = '\0';
-+ x = fgetc(f);
-+ if(feof(f))
-+ sprintf(yuf,"%3.3d-%s",code,buf);
-+ else {
-+ sprintf(yuf,"%3.3d-%s",code,buf);
-+ ungetc(x,f);
-+ }
-+ if(say(fd,yuf)) {
-+ fclose(f);
-+ return(1);
-+ }
-+ saidsomething++;
-+ }
-+ fclose(f);
-+ if (!saidsomething) {
-+ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code);
-+ sprintf(yuf, "%3.3d The file to display is empty",code);
-+ if(say(fd,yuf)) {
-+ fclose(f);
-+ return(1);
-+ }
-+ }
-+ return(0);
-+ }
-+
-
-
- porttoaddr(s,a)
-diff -c -r ./http-gw/http-gw.c ../../NEW/fwtk/http-gw/http-gw.c
-*** ./http-gw/http-gw.c Mon Sep 9 14:40:53 1996
---- ../../NEW/fwtk/http-gw/http-gw.c Wed Oct 9 02:51:57 1996
-***************
-*** 27,32 ****
---- 27,37 ----
- static char http_buffer[8192];
- static char reason[8192];
- static int checkBrowserType = 1;
-+ /* foo */
-+ static int do_transparent=0;
-+ /* foo */
-+
-+ char *getdsthost();
-
- static void do_logging()
- { char *proto = "GOPHER";
-***************
-*** 422,427 ****
---- 427,443 ----
- /*(NOT A SPECIAL FORM)*/
-
- if((rem_type & TYPE_LOCAL)== 0){
-+ /* foo */
-+ char *psychic=getdsthost(sockfd,&def_port);
-+ if(psychic) {
-+ if(strlen(psychic)<=MAXHOSTNAMELEN) {
-+ do_transparent++;
-+ strncpy(def_httpd,psychic,strlen(psychic));
-+ strncpy(def_server,psychic,strlen(psychic));
-+ }
-+ }
-+
-+ /* foo */
- /* See if it can be forwarded */
-
- if( can_forward(buf)){
-***************
-*** 1513,1519 ****
- parse_vec[0],
- parse_vec[1],
- ourname, ourport);
-! }else{
- sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
- parse_vec[0], parse_vec[2],
- parse_vec[3], chk_type_ch,
---- 1529,1541 ----
- parse_vec[0],
- parse_vec[1],
- ourname, ourport);
-! }
-! /* FOO */
-! else if(do_transparent) {
-! sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]);
-! }
-! /* FOO */
-! else{
- sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
- parse_vec[0], parse_vec[2],
- parse_vec[3], chk_type_ch,
-diff -c -r ./lib/hnam.c ../../NEW/fwtk/lib/hnam.c
-*** ./lib/hnam.c Fri Nov 4 18:30:19 1994
---- ../../NEW/fwtk/lib/hnam.c Wed Oct 9 02:34:13 1996
-***************
-*** 22,27 ****
---- 22,31 ----
-
-
- #include "firewall.h"
-+ #ifdef __FreeBSD__
-+ #include <net/if.h>
-+ #include "ip_nat.h"
-+ #endif /* __FreeBSD__ */
-
-
- char *
-***************
-*** 44,47 ****
---- 48,115 ----
-
- bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
- return(inet_ntoa(sin.sin_addr));
-+ }
-+
-+ char *getdsthost(fd, ptr)
-+ int fd;
-+ int *ptr;
-+ {
-+ struct sockaddr_in sin;
-+ struct hostent *hp;
-+ int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0;
-+ char buf[255], hostbuf[255];
-+ #ifdef __FreeBSD__
-+ struct sockaddr_in rsin;
-+ struct natlookup natlookup;
-+ #endif
-+
-+ #ifdef linux
-+ /* This should also work for UDP. Unfortunately, it doesn't.
-+ Maybe when the Linux UDP proxy code gets a little cleaner.
-+ */
-+ if(!(err=getsockname(0,&sin,&sl))) {
-+ if(ptr) *ptr=ntohs(sin.sin_port);
-+ sprintf(buf,"%s",inet_ntoa(sin.sin_addr));
-+ gethostname(hostbuf,254);
-+ hp=gethostbyname(hostbuf);
-+ while(hp->h_addr_list[i]) {
-+ bzero(&sin,&sl);
-+ memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++]));
-+ if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++;
-+ }
-+ if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); }
-+ else { return(buf); }
-+ }
-+ #endif
-+
-+ #ifdef __FreeBSD__
-+ /* The basis for this block of code is Darren Reed's
-+ patches to the TIS ftwk's ftp-gw.
-+ */
-+ bzero((char*)&sin,sizeof(sin));
-+ bzero((char*)&rsin,sizeof(rsin));
-+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
-+ return NULL;
-+ }
-+ sl=sizeof(rsin);
-+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
-+ return NULL;
-+ }
-+ natlookup.nl_inport=sin.sin_port;
-+ natlookup.nl_outport=rsin.sin_port;
-+ natlookup.nl_inip=sin.sin_addr;
-+ natlookup.nl_outip=rsin.sin_addr;
-+ if((natfd=open(IPL_NAT,O_RDONLY))<0) {
-+ return(NULL);
-+ }
-+ if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) {
-+ return(NULL);
-+ }
-+ close(natfd);
-+ if(ptr) *ptr=ntohs(natlookup.nl_realport);
-+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip));
-+ #endif
-+
-+ /* No transparent proxy support */
-+ return(NULL);
- }
-Only in ./lib: hnam.c.orig
-diff -c -r ./plug-gw/plug-gw.c ../../NEW/fwtk/plug-gw/plug-gw.c
-*** ./plug-gw/plug-gw.c Thu Sep 5 15:36:33 1996
---- ../../NEW/fwtk/plug-gw/plug-gw.c Wed Oct 9 02:46:48 1996
-***************
-*** 39,44 ****
---- 39,48 ----
- static char **validdests = (char **)0;
- static Cfg *confp;
-
-+ int do_transparent=0;
-+
-+ char *getdsthost();
-+
- main(ac,av)
- int ac;
- char *av[];
-***************
-*** 193,201 ****
---- 197,213 ----
- char *ptr;
- int state = 0;
- int ssl_plug = 0;
-+ int pport=0;
-
- struct timeval timo;
-
-+ /* Transparent plug-gw is probably a bad idea, but hey .. */
-+ dhost=getdsthost(0,&pport);
-+ if(dhost) {
-+ do_transparent++;
-+ portid=pport;
-+ }
-+
- if(c->flags & PERM_DENY) {
- if (p == -1)
- syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr);
-***************
-*** 215,221 ****
- syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
- exit (1);
- }
-! dhost = av[x];
- continue;
- }
-
---- 227,234 ----
- syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
- exit (1);
- }
-! if(!dhost) dhost = av[x];
-! /* syslog(LLEV,"DEBUG: dhost now is [%s]",dhost); */
- continue;
- }
-
-diff -c -r ./rlogin-gw/rlogin-gw.c ../../NEW/fwtk/rlogin-gw/rlogin-gw.c
-*** ./rlogin-gw/rlogin-gw.c Fri Sep 6 12:56:33 1996
---- ../../NEW/fwtk/rlogin-gw/rlogin-gw.c Wed Oct 9 02:49:04 1996
-***************
-*** 39,45 ****
---- 39,47 ----
-
-
- extern char *maphostname();
-+ char *getdsthost();
-
-+ int do_transparent=0;
-
- static int cmd_quit();
- static int cmd_help();
-***************
-*** 120,125 ****
---- 122,130 ----
- static char *tokav[56];
- int tokac;
- struct timeval timo;
-+ /* foo */
-+ char *psychic;
-+ /* foo */
-
- #ifndef LOG_NDELAY
- openlog("rlogin-gw",LOG_PID);
-***************
-*** 185,191 ****
- xforwarder = cf->argv[0];
- }
-
-!
-
- if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
- if(cf->argc != 1) {
---- 190,203 ----
- xforwarder = cf->argv[0];
- }
-
-! /* foo */
-! psychic=getdsthost(0,NULL);
-! if(psychic) {
-! do_transparent++;
-! strncpy(dest,psychic,511);
-! dest[511]='\0';
-! }
-! /* foo */
-
- if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
- if(cf->argc != 1) {
-***************
-*** 260,269 ****
- }
-
- /* if present a host name, chop and save username and hostname */
-! dest[0] = '\0';
- if((p = index(rusername,'@')) != (char *)0) {
- char *namp;
-
- *p++ = '\0';
- if(*p == '\0')
- p = "localhost";
---- 272,282 ----
- }
-
- /* if present a host name, chop and save username and hostname */
-! /* dest[0] = '\0'; */
- if((p = index(rusername,'@')) != (char *)0) {
- char *namp;
-
-+ dest[0] = '\0';
- *p++ = '\0';
- if(*p == '\0')
- p = "localhost";
-***************
-*** 293,300 ****
---- 306,326 ----
- goto leave;
- }
-
-+ /* syslog(LLEV,"DEBUG: Uh-oh, $dest = %s\n",dest); */
-+
- if(dest[0] != '\0') {
- /* Setup connection directly to remote machine */
-+ if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
-+ if(cf->argc != 1) {
-+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
-+ exit(1);
-+ }
-+ if(sayfile(0,cf->argv[0])) {
-+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
-+ exit(1);
-+ }
-+ }
-+ /* Does this cmd_connect thing feel like a kludge or what? */
- sprintf(buf,"connect %.1000s",dest);
- tokac = enargv(buf, tokav, 56, tokbuf, sizeof(tokbuf));
- if (cmd_connect(tokac, tokav, buf) != 2)
-***************
-*** 526,539 ****
- char ebuf[512];
-
- syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,namp);
- if(strlen(namp) > 20)
- namp[20] = '\0';
- if(rusername[0] != '\0')
- sprintf(ebuf,"Trying %s@%s...",rusername,namp);
- else
- sprintf(ebuf,"Trying %s...",namp);
-! if(say(0,ebuf))
-! return(1);
- } else
- syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]);
- if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
---- 552,567 ----
- char ebuf[512];
-
- syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,namp);
-+ if(!do_transparent) {
- if(strlen(namp) > 20)
- namp[20] = '\0';
- if(rusername[0] != '\0')
- sprintf(ebuf,"Trying %s@%s...",rusername,namp);
- else
- sprintf(ebuf,"Trying %s...",namp);
-! if(say(0,ebuf))
-! return(1);
-! }
- } else
- syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]);
- if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
-diff -c -r ./tn-gw/tn-gw.c ../../NEW/fwtk/tn-gw/tn-gw.c
-*** ./tn-gw/tn-gw.c Fri Sep 6 12:55:48 1996
---- ../../NEW/fwtk/tn-gw/tn-gw.c Wed Oct 9 02:50:17 1996
-***************
-*** 87,92 ****
---- 87,94 ----
- static int cmd_xforward();
- static int cmd_timeout();
-
-+ char *getdsthost();
-+
- static int tn3270 = 1; /* don't do tn3270 stuff */
- static int doX;
-
-***************
-*** 97,102 ****
---- 99,106 ----
- static int timeout = PROXY_TIMEOUT;
- static char timed_out_msg[] = "\r\nConnection closed due to inactivity";
-
-+ int do_transparent=0;
-+
- typedef struct {
- char *name;
- char *hmsg;
-***************
-*** 140,145 ****
---- 144,151 ----
- char tokbuf[BSIZ];
- char *tokav[56];
- int tokac;
-+ int port;
-+ char *psychic;
-
- #ifndef LOG_DAEMON
- openlog("tn-gw",LOG_PID);
-***************
-*** 308,313 ****
---- 314,346 ----
- }
- }
-
-+ psychic=getdsthost(0,&port);
-+ if(psychic) {
-+ if((strlen(psychic) + 10) < 510) {
-+ do_transparent++;
-+ if(port)
-+ sprintf(dest,"%s:%d",psychic,port);
-+ else
-+ sprintf(dest,"%s",psychic);
-+
-+
-+ if(!welcomedone)
-+ if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
-+ if(cf->argc != 1) {
-+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
-+ exit(1);
-+ }
-+ if(sayfile(0,cf->argv[0])) {
-+ syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]);
-+ exit(1);
-+ }
-+ welcomedone = 1;
-+ }
-+
-+
-+ }
-+ }
-+
- while (argc > 1) {
- argc--;
- argv++;
-***************
-*** 864,877 ****
- }
- }
-
--
- if((namp = maphostname(av[1])) != (char *)0) {
- char ebuf[512];
-
- syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
-! sprintf(ebuf,"Trying %s port %d...",namp,port);
-! if(say(0,ebuf))
-! return(1);
- } else
- syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
-
---- 897,911 ----
- }
- }
-
- if((namp = maphostname(av[1])) != (char *)0) {
- char ebuf[512];
-
- syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
-! if(!do_transparent) {
-! sprintf(ebuf,"Trying %s port %d...",namp,port);
-! if(say(0,ebuf))
-! return(1);
-! }
- } else
- syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
-
-***************
-*** 903,910 ****
-
- syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
- strncpy(dest,av[1], 511);
-! sprintf(buf, "Connected to %s.", dest);
-! say(0, buf);
- return(2);
- }
-
---- 937,946 ----
-
- syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
- strncpy(dest,av[1], 511);
-! if(!do_transparent) {
-! sprintf(buf, "Connected to %s.", dest);
-! say(0, buf);
-! }
- return(2);
- }
-
-
-
OpenPOWER on IntegriCloud