From cb8d46a179f2d30ac1cd0a01eb156e1a4c08d717 Mon Sep 17 00:00:00 2001 From: darrenr Date: Sun, 9 Feb 1997 22:50:16 +0000 Subject: Import IP Filter v3.1.7 into FreeBSD tree --- contrib/ipfilter/FWTK/README | 16 + contrib/ipfilter/FWTK/ftp-gw.diff | 237 +++++++++++ contrib/ipfilter/FWTK/fwtkp | 812 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 1065 insertions(+) create mode 100644 contrib/ipfilter/FWTK/README create mode 100644 contrib/ipfilter/FWTK/ftp-gw.diff create mode 100644 contrib/ipfilter/FWTK/fwtkp (limited to 'contrib/ipfilter/FWTK') diff --git a/contrib/ipfilter/FWTK/README b/contrib/ipfilter/FWTK/README new file mode 100644 index 0000000..216d205 --- /dev/null +++ b/contrib/ipfilter/FWTK/README @@ -0,0 +1,16 @@ + +There are two patch files in this directory, each allowing for the Firewall +Toolkit to be used in a transparent proxy configuration. + +ftp-gw.diff - A patch written by myself for use only with IP Filter and + ftp-gw from the Firewall Toolkit. + +fwtkp - A set of patches written by James B. Croall (jcroall@foo.org) + for use with both IP Filter and ipfwadm (for Linux) and more + of the various FWTK gateway plugins, including: + ftp-gw http-gw plug-gw rlogin-gw tn-gw + +Both patches when applied to the Firewall toolkit require the same +configuration for IP Filter. + +Darren diff --git a/contrib/ipfilter/FWTK/ftp-gw.diff b/contrib/ipfilter/FWTK/ftp-gw.diff new file mode 100644 index 0000000..075e6eb --- /dev/null +++ b/contrib/ipfilter/FWTK/ftp-gw.diff @@ -0,0 +1,237 @@ +*** ftp-gw.c.orig Sat Nov 5 10:30:16 1994 +--- ftp-gw.c Sun Jul 7 12:25:15 1996 +*************** +*** 11,31 **** + */ + static char RcsId[] = "$Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.0.1.1 1997/01/09 15:14:46 darrenr Exp $"; + + + #include + #include + #include + #include + #include + #include +- extern int errno; +- extern char *sys_errlist[]; + #include + #include + #include + #include + #include + #include + + extern char *rindex(); + extern char *index(); +--- 11,37 ---- + */ + static char RcsId[] = "$Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.0.1.1 1997/01/09 15:14:46 darrenr Exp $"; + ++ /* ++ * Patches for IP Filter NAT extensions written by Darren Reed, 7/7/96 ++ * darrenr@cyber.com.au ++ */ ++ static char vIpFilter[] = "v3.1.0"; + + #include + #include + #include ++ #include ++ #include + #include + #include + #include + #include + #include + #include + #include + #include + #include ++ #include + + extern char *rindex(); + extern char *index(); +*************** +*** 36,41 **** +--- 42,48 ---- + + #include "firewall.h" + ++ #include "ip_nat.h" + + #ifndef BSIZ + #define BSIZ 2048 +*************** +*** 83,88 **** +--- 90,97 ---- + static int cmd_noop(); + static int cmd_abor(); + static int cmd_passthru(); ++ static int nat_destination(); ++ static int connectdest(); + static void saveline(); + static void flushsaved(); + static void trap_sigurg(); +*************** +*** 317,323 **** + if(authallflg) + if(say(0,"220-Proxy first requires authentication")) + exit(1); +! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); + if(say(0,xuf)) + exit(1); + } +--- 326,335 ---- + if(authallflg) + if(say(0,"220-Proxy first requires authentication")) + exit(1); +! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); +! if(say(0,xuf)) +! exit(1); +! sprintf(xuf,"220-%s TIS ftp-gw with IP Filter %s NAT extensions",huf,vIpFilter); + if(say(0,xuf)) + exit(1); + } +*************** +*** 338,343 **** +--- 350,357 ---- + exit(1); + } + ++ nat_destination(0); ++ + /* main loop */ + while(1) { + FD_ZERO(&rdy); +*************** +*** 608,619 **** + static char narg[] = "501 Missing or extra username"; + static char noad[] = "501 Use user@site to connect via proxy"; + char buf[1024]; +- char mbuf[512]; + char *p; + char *dest; + char *user; + int x; +- int msg_int; + short port = FTPPORT; + + /* kludgy but effective. if authorizing everything call auth instead */ +--- 622,631 ---- +*************** +*** 643,648 **** +--- 655,681 ---- + return(sayn(0,noad,sizeof(noad))); + } + ++ if((rfd == -1) && (x = connectdest(dest,port))) ++ return x; ++ sprintf(buf,"USER %s",user); ++ if(say(rfd,buf)) ++ return(1); ++ x = getresp(rfd,buf,sizeof(buf),1); ++ if(sendsaved(0,x)) ++ return(1); ++ return(say(0,buf)); ++ } ++ ++ static int ++ connectdest(dest,port) ++ char *dest; ++ short port; ++ { ++ char buf[1024]; ++ char mbuf[512]; ++ int msg_int; ++ int x; ++ + if(*dest == '\0') + dest = "localhost"; + +*************** +*** 685,691 **** + char ebuf[512]; + + strcpy(ebuf,buf); +! sprintf(buf,"521 %s: %s",dest,ebuf); + return(say(0,buf)); + } + sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); +--- 718,724 ---- + char ebuf[512]; + + strcpy(ebuf,buf); +! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf); + return(say(0,buf)); + } + sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); +*************** +*** 698,711 **** + return(say(0,buf)); + } + saveline(buf); +! +! sprintf(buf,"USER %s",user); +! if(say(rfd,buf)) +! return(1); +! x = getresp(rfd,buf,sizeof(buf),1); +! if(sendsaved(0,x)) +! return(1); +! return(say(0,buf)); + } + + +--- 731,738 ---- + return(say(0,buf)); + } + saveline(buf); +! sendsaved(0,-1); +! return 0; + } + + +*************** +*** 1591,1593 **** +--- 1618,1659 ---- + dup(nread); + } + #endif ++ ++ ++ static int ++ nat_destination(fd) ++ int fd; ++ { ++ struct sockaddr_in laddr, faddr; ++ struct natlookup natlookup; ++ char *dest; ++ int slen, natfd; ++ ++ bzero((char *)&laddr, sizeof(laddr)); ++ bzero((char *)&faddr, sizeof(faddr)); ++ slen = sizeof(laddr); ++ if(getsockname(fd,(struct sockaddr *)&laddr,&slen) < 0) { ++ perror("getsockname"); ++ exit(1); ++ } ++ slen = sizeof(faddr); ++ if(getpeername(fd,(struct sockaddr *)&faddr,&slen) < 0) { ++ perror("getsockname"); ++ exit(1); ++ } ++ ++ natlookup.nl_inport = laddr.sin_port; ++ natlookup.nl_outport = faddr.sin_port; ++ natlookup.nl_inip = laddr.sin_addr; ++ natlookup.nl_outip = faddr.sin_addr; ++ if((natfd = open("/dev/ipl", O_RDONLY)) < 0) { ++ perror("open"); ++ exit(1); ++ } ++ if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) { ++ perror("ioctl"); ++ exit(1); ++ } ++ close(natfd); ++ return connectdest(inet_ntoa(natlookup.nl_inip),ntohs(natlookup.nl_inport)); ++ } diff --git a/contrib/ipfilter/FWTK/fwtkp b/contrib/ipfilter/FWTK/fwtkp new file mode 100644 index 0000000..8f4819a --- /dev/null +++ b/contrib/ipfilter/FWTK/fwtkp @@ -0,0 +1,812 @@ +diff -c -r ./ftp-gw/ftp-gw.c ../../NEW/fwtk/ftp-gw/ftp-gw.c +*** ./ftp-gw/ftp-gw.c Fri Sep 6 12:55:05 1996 +--- ../../NEW/fwtk/ftp-gw/ftp-gw.c Wed Oct 9 02:51:35 1996 +*************** +*** 40,47 **** + + extern char *optarg; + +! #include "firewall.h" + + + #ifndef BSIZ + #define BSIZ 2048 +--- 40,48 ---- + + extern char *optarg; + +! char *getdsthost(); + ++ #include "firewall.h" + + #ifndef BSIZ + #define BSIZ 2048 +*************** +*** 84,89 **** +--- 85,92 ---- + static int cmdcnt = 0; + static int timeout = PROXY_TIMEOUT; + ++ static int do_transparent=0; ++ + + static int cmd_user(); + static int cmd_authorize(); +*************** +*** 98,103 **** +--- 101,107 ---- + static void saveline(); + static void flushsaved(); + static void trap_sigurg(); ++ static int connectdest(); + + #define OP_CONN 001 /* only valid if connected */ + #define OP_WCON 002 /* writethrough if connected */ +*************** +*** 170,175 **** +--- 174,180 ---- + char xuf[1024]; + char huf[128]; + char *passuser = (char *)0; /* passed user as av */ ++ char *psychic, *hotline; + + #ifndef LOG_DAEMON + openlog("ftp-gw",LOG_PID); +*************** +*** 314,319 **** +--- 319,326 ---- + } else + timeout = 60*60; + ++ psychic=getdsthost(0,NULL); ++ if(psychic) { do_transparent++; } + + /* display a welcome file or message */ + if(passuser == (char *)0) { +*************** +*** 322,327 **** +--- 329,340 ---- + syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); + exit(1); + } ++ if(do_transparent) { ++ if(sayfile2(0,cf->argv[0],220)) { ++ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); ++ exit(1); ++ } ++ } else + if(sayfile(0,cf->argv[0],220)) { + syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); + exit(1); +*************** +*** 332,338 **** + if(authallflg) + if(say(0,"220-Proxy first requires authentication")) + exit(1); +! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); + if(say(0,xuf)) + exit(1); + } +--- 345,357 ---- + if(authallflg) + if(say(0,"220-Proxy first requires authentication")) + exit(1); +! /* foo */ +! if(do_transparent) +! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); +! else +! sprintf(xuf,"220 %s FTP Proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); +! /* foo */ +! + if(say(0,xuf)) + exit(1); + } +*************** +*** 353,358 **** +--- 372,381 ---- + exit(1); + } + ++ if(do_transparent) { ++ connectdest(psychic,21); ++ } ++ + /* main loop */ + while(1) { + FD_ZERO(&rdy); +*************** +*** 676,681 **** +--- 699,713 ---- + return(sayn(0,noad,sizeof(noad)-1)); + } + ++ if(do_transparent) { ++ if((rfd==(-1)) && (x=connectdest(dest,port))) return x; ++ sprintf(buf,"USER %s",user); ++ if(say(rfd,buf)) return(1); ++ x=getresp(rfd,buf,sizeof(buf),1); ++ if(sendsaved(0,x)) return(1); ++ return(say(0,buf)); ++ } ++ + if(*dest == '\0') + dest = "localhost"; + +*************** +*** 701,708 **** + if(msg_int == 1) { + sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); + syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); +! say(0,mbuf); +! return(1); + } else { + if(msg_int == -1) { + sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); +--- 733,740 ---- + if(msg_int == 1) { + sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); + syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); +! say(0,mbuf); +! return(1); + } else { + if(msg_int == -1) { + sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); +*************** +*** 717,723 **** + char ebuf[512]; + + strcpy(ebuf,buf); +! sprintf(buf,"521 %s: %s",dest,ebuf); + rfd = -1; + return(say(0,buf)); + } +--- 749,759 ---- + char ebuf[512]; + + strcpy(ebuf,buf); +! if(do_transparent) { +! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf); +! } else { +! sprintf(buf,"521 %s: %s",dest,ebuf); +! } + rfd = -1; + return(say(0,buf)); + } +*************** +*** 732,737 **** +--- 768,778 ---- + } + saveline(buf); + ++ /* if(do_transparent) { ++ sendsaved(0,-1); ++ return(0); ++ } /* EEEk. I can't remember what this does. */ ++ + sprintf(buf,"USER %s",user); + if(say(rfd,buf)) + return(1); +*************** +*** 744,749 **** +--- 785,860 ---- + return 0; + } + ++ static int connectdest(dest, port) ++ char *dest; ++ short port; ++ { ++ char buf[1024], mbuf[512]; ++ int msg_int, x; ++ ++ if(*dest == '\0') ++ dest = "localhost"; ++ ++ if(validests != (char **)0) { ++ char **xp; ++ int x; ++ ++ for(xp = validests; *xp != (char *)0; xp++) { ++ if(**xp == '!' && hostmatch(*xp + 1,dest)) { ++ return(baddest(0,dest)); ++ } else { ++ if(hostmatch(*xp,dest)) ++ break; ++ } ++ } ++ if(*xp == (char *)0) ++ return(baddest(0,dest)); ++ } ++ ++ /* Extended permissions processing goes in here for destination */ ++ if(extendperm) { ++ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0); ++ if(msg_int == 1) { ++ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); ++ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); ++ say(0,mbuf); ++ return(1); ++ } else { ++ if(msg_int == -1) { ++ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); ++ say(0,mbuf); ++ return(1); ++ } ++ } ++ } ++ ++ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest); ++ ++ if((rfd = conn_server(dest,port,0,buf)) < 0) { ++ char ebuf[512]; ++ ++ strcpy(ebuf,buf); ++ sprintf(buf,"521 %s: %s",dest,ebuf); ++ rfd = -1; ++ return(say(0,buf)); ++ } ++ if(!do_transparent) { ++ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); ++ saveline(buf); ++ } ++ ++ /* we are now connected and need to try the autologin thing */ ++ x = getresp(rfd,buf,sizeof(buf),1); ++ if(x / 100 != COMPLETE) { ++ sendsaved(0,-1); ++ return(say(0,buf)); ++ } ++ saveline(buf); ++ ++ sendsaved(0,-1); ++ return 0; ++ } ++ + + + static int +*************** +*** 1053,1058 **** +--- 1164,1171 ---- + static char nprn[] = "500 cannot get peername"; + char buf[512]; + ++ /* syslog(LLEV,"DEBUG: port cmd"); */ ++ + if(ac < 2) + return(sayn(0,narg,sizeof(narg)-1)); + +*************** +*** 1119,1124 **** +--- 1232,1238 ---- + #define UC(c) (((int)c) & 0xff) + sprintf(buf,"PORT %d,%d,%d,%d,%d,%d\r\n",UC(k[0]),UC(k[1]),UC(k[2]), + UC(k[3]),UC(l[0]),UC(l[1])); ++ /* syslog(LLEV,"DEBUG: %s",buf); */ + s = strlen(buf); + if (write(rfd, buf, s) != s) + return 1; +*************** +*** 1330,1335 **** +--- 1444,1450 ---- + callback() + { + /* if we haven't gotten a valid PORT scrub the connection */ ++ /* syslog(LLEV,"DEBUG: callback()."); */ + if((outgoing = accept(boundport,(struct sockaddr *)0,(int *)0)) < 0 || clntport.sin_port == 0) + goto bomb; + if(pasvport != -1) { /* incoming handled by PASVcallback */ +*************** +*** 1796,1801 **** +--- 1911,1960 ---- + } + return(0); + } ++ ++ /* ok, so i'm in a hurry. english paper due RSN. */ ++ sayfile2(fd,fn,code) ++ int fd; ++ char *fn; ++ int code; ++ { ++ FILE *f; ++ char buf[BUFSIZ]; ++ char yuf[BUFSIZ]; ++ char *c; ++ int x; ++ int saidsomething = 0; ++ ++ if((f = fopen(fn,"r")) == (FILE *)0) ++ return(1); ++ while(fgets(buf,sizeof(buf),f) != (char *)0) { ++ if((c = index(buf,'\n')) != (char *)0) ++ *c = '\0'; ++ x = fgetc(f); ++ if(feof(f)) ++ sprintf(yuf,"%3.3d-%s",code,buf); ++ else { ++ sprintf(yuf,"%3.3d-%s",code,buf); ++ ungetc(x,f); ++ } ++ if(say(fd,yuf)) { ++ fclose(f); ++ return(1); ++ } ++ saidsomething++; ++ } ++ fclose(f); ++ if (!saidsomething) { ++ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code); ++ sprintf(yuf, "%3.3d The file to display is empty",code); ++ if(say(fd,yuf)) { ++ fclose(f); ++ return(1); ++ } ++ } ++ return(0); ++ } ++ + + + porttoaddr(s,a) +diff -c -r ./http-gw/http-gw.c ../../NEW/fwtk/http-gw/http-gw.c +*** ./http-gw/http-gw.c Mon Sep 9 14:40:53 1996 +--- ../../NEW/fwtk/http-gw/http-gw.c Wed Oct 9 02:51:57 1996 +*************** +*** 27,32 **** +--- 27,37 ---- + static char http_buffer[8192]; + static char reason[8192]; + static int checkBrowserType = 1; ++ /* foo */ ++ static int do_transparent=0; ++ /* foo */ ++ ++ char *getdsthost(); + + static void do_logging() + { char *proto = "GOPHER"; +*************** +*** 422,427 **** +--- 427,443 ---- + /*(NOT A SPECIAL FORM)*/ + + if((rem_type & TYPE_LOCAL)== 0){ ++ /* foo */ ++ char *psychic=getdsthost(sockfd,&def_port); ++ if(psychic) { ++ if(strlen(psychic)<=MAXHOSTNAMELEN) { ++ do_transparent++; ++ strncpy(def_httpd,psychic,strlen(psychic)); ++ strncpy(def_server,psychic,strlen(psychic)); ++ } ++ } ++ ++ /* foo */ + /* See if it can be forwarded */ + + if( can_forward(buf)){ +*************** +*** 1513,1519 **** + parse_vec[0], + parse_vec[1], + ourname, ourport); +! }else{ + sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u", + parse_vec[0], parse_vec[2], + parse_vec[3], chk_type_ch, +--- 1529,1541 ---- + parse_vec[0], + parse_vec[1], + ourname, ourport); +! } +! /* FOO */ +! else if(do_transparent) { +! sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]); +! } +! /* FOO */ +! else{ + sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u", + parse_vec[0], parse_vec[2], + parse_vec[3], chk_type_ch, +diff -c -r ./lib/hnam.c ../../NEW/fwtk/lib/hnam.c +*** ./lib/hnam.c Fri Nov 4 18:30:19 1994 +--- ../../NEW/fwtk/lib/hnam.c Wed Oct 9 02:34:13 1996 +*************** +*** 22,27 **** +--- 22,31 ---- + + + #include "firewall.h" ++ #ifdef __FreeBSD__ ++ #include ++ #include "ip_nat.h" ++ #endif /* __FreeBSD__ */ + + + char * +*************** +*** 44,47 **** +--- 48,115 ---- + + bcopy(hp->h_addr,&sin.sin_addr,hp->h_length); + return(inet_ntoa(sin.sin_addr)); ++ } ++ ++ char *getdsthost(fd, ptr) ++ int fd; ++ int *ptr; ++ { ++ struct sockaddr_in sin; ++ struct hostent *hp; ++ int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0; ++ char buf[255], hostbuf[255]; ++ #ifdef __FreeBSD__ ++ struct sockaddr_in rsin; ++ struct natlookup natlookup; ++ #endif ++ ++ #ifdef linux ++ /* This should also work for UDP. Unfortunately, it doesn't. ++ Maybe when the Linux UDP proxy code gets a little cleaner. ++ */ ++ if(!(err=getsockname(0,&sin,&sl))) { ++ if(ptr) *ptr=ntohs(sin.sin_port); ++ sprintf(buf,"%s",inet_ntoa(sin.sin_addr)); ++ gethostname(hostbuf,254); ++ hp=gethostbyname(hostbuf); ++ while(hp->h_addr_list[i]) { ++ bzero(&sin,&sl); ++ memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++])); ++ if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++; ++ } ++ if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); } ++ else { return(buf); } ++ } ++ #endif ++ ++ #ifdef __FreeBSD__ ++ /* The basis for this block of code is Darren Reed's ++ patches to the TIS ftwk's ftp-gw. ++ */ ++ bzero((char*)&sin,sizeof(sin)); ++ bzero((char*)&rsin,sizeof(rsin)); ++ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) { ++ return NULL; ++ } ++ sl=sizeof(rsin); ++ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) { ++ return NULL; ++ } ++ natlookup.nl_inport=sin.sin_port; ++ natlookup.nl_outport=rsin.sin_port; ++ natlookup.nl_inip=sin.sin_addr; ++ natlookup.nl_outip=rsin.sin_addr; ++ if((natfd=open("/dev/ipl",O_RDONLY))<0) { ++ return(NULL); ++ } ++ if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) { ++ return(NULL); ++ } ++ close(natfd); ++ if(ptr) *ptr=ntohs(natlookup.nl_inport); ++ sprintf(buf,"%s",inet_ntoa(natlookup.nl_inip)); ++ #endif ++ ++ /* No transparent proxy support */ ++ return(NULL); + } +Only in ./lib: hnam.c.orig +diff -c -r ./plug-gw/plug-gw.c ../../NEW/fwtk/plug-gw/plug-gw.c +*** ./plug-gw/plug-gw.c Thu Sep 5 15:36:33 1996 +--- ../../NEW/fwtk/plug-gw/plug-gw.c Wed Oct 9 02:46:48 1996 +*************** +*** 39,44 **** +--- 39,48 ---- + static char **validdests = (char **)0; + static Cfg *confp; + ++ int do_transparent=0; ++ ++ char *getdsthost(); ++ + main(ac,av) + int ac; + char *av[]; +*************** +*** 193,201 **** +--- 197,213 ---- + char *ptr; + int state = 0; + int ssl_plug = 0; ++ int pport=0; + + struct timeval timo; + ++ /* Transparent plug-gw is probably a bad idea, but hey .. */ ++ dhost=getdsthost(0,&pport); ++ if(dhost) { ++ do_transparent++; ++ portid=pport; ++ } ++ + if(c->flags & PERM_DENY) { + if (p == -1) + syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr); +*************** +*** 215,221 **** + syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln); + exit (1); + } +! dhost = av[x]; + continue; + } + +--- 227,234 ---- + syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln); + exit (1); + } +! if(!dhost) dhost = av[x]; +! /* syslog(LLEV,"DEBUG: dhost now is [%s]",dhost); */ + continue; + } + +diff -c -r ./rlogin-gw/rlogin-gw.c ../../NEW/fwtk/rlogin-gw/rlogin-gw.c +*** ./rlogin-gw/rlogin-gw.c Fri Sep 6 12:56:33 1996 +--- ../../NEW/fwtk/rlogin-gw/rlogin-gw.c Wed Oct 9 02:49:04 1996 +*************** +*** 39,45 **** +--- 39,47 ---- + + + extern char *maphostname(); ++ char *getdsthost(); + ++ int do_transparent=0; + + static int cmd_quit(); + static int cmd_help(); +*************** +*** 120,125 **** +--- 122,130 ---- + static char *tokav[56]; + int tokac; + struct timeval timo; ++ /* foo */ ++ char *psychic; ++ /* foo */ + + #ifndef LOG_NDELAY + openlog("rlogin-gw",LOG_PID); +*************** +*** 185,191 **** + xforwarder = cf->argv[0]; + } + +! + + if((cf = cfg_get("directory",confp)) != (Cfg *)0) { + if(cf->argc != 1) { +--- 190,203 ---- + xforwarder = cf->argv[0]; + } + +! /* foo */ +! psychic=getdsthost(0,NULL); +! if(psychic) { +! do_transparent++; +! strncpy(dest,psychic,511); +! dest[511]='\0'; +! } +! /* foo */ + + if((cf = cfg_get("directory",confp)) != (Cfg *)0) { + if(cf->argc != 1) { +*************** +*** 260,269 **** + } + + /* if present a host name, chop and save username and hostname */ +! dest[0] = '\0'; + if((p = index(rusername,'@')) != (char *)0) { + char *namp; + + *p++ = '\0'; + if(*p == '\0') + p = "localhost"; +--- 272,282 ---- + } + + /* if present a host name, chop and save username and hostname */ +! /* dest[0] = '\0'; */ + if((p = index(rusername,'@')) != (char *)0) { + char *namp; + ++ dest[0] = '\0'; + *p++ = '\0'; + if(*p == '\0') + p = "localhost"; +*************** +*** 293,300 **** +--- 306,326 ---- + goto leave; + } + ++ /* syslog(LLEV,"DEBUG: Uh-oh, $dest = %s\n",dest); */ ++ + if(dest[0] != '\0') { + /* Setup connection directly to remote machine */ ++ if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { ++ if(cf->argc != 1) { ++ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); ++ exit(1); ++ } ++ if(sayfile(0,cf->argv[0])) { ++ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); ++ exit(1); ++ } ++ } ++ /* Does this cmd_connect thing feel like a kludge or what? */ + sprintf(buf,"connect %.1000s",dest); + tokac = enargv(buf, tokav, 56, tokbuf, sizeof(tokbuf)); + if (cmd_connect(tokac, tokav, buf) != 2) +*************** +*** 526,539 **** + char ebuf[512]; + + syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,namp); + if(strlen(namp) > 20) + namp[20] = '\0'; + if(rusername[0] != '\0') + sprintf(ebuf,"Trying %s@%s...",rusername,namp); + else + sprintf(ebuf,"Trying %s...",namp); +! if(say(0,ebuf)) +! return(1); + } else + syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]); + if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) { +--- 552,567 ---- + char ebuf[512]; + + syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,namp); ++ if(!do_transparent) { + if(strlen(namp) > 20) + namp[20] = '\0'; + if(rusername[0] != '\0') + sprintf(ebuf,"Trying %s@%s...",rusername,namp); + else + sprintf(ebuf,"Trying %s...",namp); +! if(say(0,ebuf)) +! return(1); +! } + } else + syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]); + if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) { +diff -c -r ./tn-gw/tn-gw.c ../../NEW/fwtk/tn-gw/tn-gw.c +*** ./tn-gw/tn-gw.c Fri Sep 6 12:55:48 1996 +--- ../../NEW/fwtk/tn-gw/tn-gw.c Wed Oct 9 02:50:17 1996 +*************** +*** 87,92 **** +--- 87,94 ---- + static int cmd_xforward(); + static int cmd_timeout(); + ++ char *getdsthost(); ++ + static int tn3270 = 1; /* don't do tn3270 stuff */ + static int doX; + +*************** +*** 97,102 **** +--- 99,106 ---- + static int timeout = PROXY_TIMEOUT; + static char timed_out_msg[] = "\r\nConnection closed due to inactivity"; + ++ int do_transparent=0; ++ + typedef struct { + char *name; + char *hmsg; +*************** +*** 140,145 **** +--- 144,151 ---- + char tokbuf[BSIZ]; + char *tokav[56]; + int tokac; ++ int port; ++ char *psychic; + + #ifndef LOG_DAEMON + openlog("tn-gw",LOG_PID); +*************** +*** 308,313 **** +--- 314,346 ---- + } + } + ++ psychic=getdsthost(0,&port); ++ if(psychic) { ++ if((strlen(psychic) + 10) < 510) { ++ do_transparent++; ++ if(port) ++ sprintf(dest,"%s:%d",psychic,port); ++ else ++ sprintf(dest,"%s",psychic); ++ ++ ++ if(!welcomedone) ++ if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { ++ if(cf->argc != 1) { ++ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); ++ exit(1); ++ } ++ if(sayfile(0,cf->argv[0])) { ++ syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]); ++ exit(1); ++ } ++ welcomedone = 1; ++ } ++ ++ ++ } ++ } ++ + while (argc > 1) { + argc--; + argv++; +*************** +*** 864,877 **** + } + } + +- + if((namp = maphostname(av[1])) != (char *)0) { + char ebuf[512]; + + syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); +! sprintf(ebuf,"Trying %s port %d...",namp,port); +! if(say(0,ebuf)) +! return(1); + } else + syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); + +--- 897,911 ---- + } + } + + if((namp = maphostname(av[1])) != (char *)0) { + char ebuf[512]; + + syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); +! if(!do_transparent) { +! sprintf(ebuf,"Trying %s port %d...",namp,port); +! if(say(0,ebuf)) +! return(1); +! } + } else + syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); + +*************** +*** 903,910 **** + + syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); + strncpy(dest,av[1], 511); +! sprintf(buf, "Connected to %s.", dest); +! say(0, buf); + return(2); + } + +--- 937,946 ---- + + syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); + strncpy(dest,av[1], 511); +! if(!do_transparent) { +! sprintf(buf, "Connected to %s.", dest); +! say(0, buf); +! } + return(2); + } + + + -- cgit v1.1