| blob | 2e719383f32be01012329a65c26216b68a014966 |
1 diff -c -r ./ftp-gw/ftp-gw.c ../../fwtk-2.1-violated/fwtk/ftp-gw/ftp-gw.c
2 *** ./ftp-gw/ftp-gw.c Thu Feb 5 19:05:43 1998
3 --- ../../fwtk-2.1-violated/fwtk/ftp-gw/ftp-gw.c Thu May 21 17:36:09 1998
4 ***************
5 *** 44,49 ****
6 --- 44,51 ----
8 extern char *optarg;
10 + char *getdsthost();
11 +
12 #include "firewall.h"
15 ***************
16 *** 88,93 ****
17 --- 90,97 ----
18 static int cmdcnt = 0;
19 static int timeout = PROXY_TIMEOUT;
21 + static int do_transparent = 0;
22 +
24 static int cmd_user();
25 static int cmd_authorize();
26 ***************
27 *** 101,106 ****
28 --- 105,111 ----
29 static int cmd_passthru();
30 static void saveline();
31 static void flushsaved();
32 + static int connectdest();
34 #define OP_CONN 001 /* only valid if connected */
35 #define OP_WCON 002 /* writethrough if connected */
36 ***************
37 *** 173,178 ****
38 --- 178,184 ----
39 char xuf[1024];
40 char huf[512];
41 char *passuser = (char *)0; /* passed user as av */
42 + char *psychic, *hotline;
44 #ifndef LOG_DAEMON
45 openlog("ftp-gw",LOG_PID);
46 ***************
47 *** 317,322 ****
48 --- 323,332 ----
49 } else
50 timeout = PROXY_TIMEOUT;
52 + psychic = getdsthost(0, NULL);
53 + if (psychic)
54 + do_transparent++;
55 +
56 /* display a welcome file or message */
57 if(passuser == (char *)0) {
58 if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
59 ***************
60 *** 324,329 ****
61 --- 334,345 ----
62 syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
63 exit(1);
64 }
65 + if (do_transparent) {
66 + if (sayfile2(0, cf->argv[0], 220)) {
67 + syslog(LLEV,"fwtksyserr: cannot display welcome %.512s: %m",cf->argv[0]);
68 + exit(1);
69 + }
70 + } else
71 if(sayfile(0,cf->argv[0],220)) {
72 syslog(LLEV,"fwtksyserr: cannot display welcome %.512s: %m",cf->argv[0]);
73 exit(1);
74 ***************
75 *** 336,341 ****
76 --- 352,360 ----
77 if(say(0,"220-Proxy first requires authentication"))
78 exit(1);
80 + if (do_transparent)
81 + sprintf(xuf, "220-%s FTP proxy (Version %s) ready.",huf, FWTK_VERSION_MINOR);
82 + else
83 sprintf(xuf, "220 %s FTP proxy (Version %s) ready.",huf, FWTK_VERSION_MINOR);
84 if(say(0,xuf))
85 exit(1);
86 ***************
87 *** 357,362 ****
88 --- 376,384 ----
89 exit(1);
90 }
92 + if (do_transparent)
93 + connectdest(psychic, 21);
94 +
95 /* main loop */
96 while(1) {
97 FD_ZERO(&rdy);
98 ***************
99 *** 653,658 ****
100 --- 675,696 ----
101 return(sayn(0,noad,sizeof(noad)-1));
102 }
104 + if (do_transparent) {
105 + if((rfd == (-1)) && (x = connectdest(dest,port)))
106 + return x;
107 +
108 + sprintf(buf,"USER %s",user);
109 +
110 + if (say(rfd, buf))
111 + return(1);
112 +
113 + x = getresp(rfd, buf, sizeof(buf), 1);
114 + if (sendsaved(0, x))
115 + return(1);
116 +
117 + return(say(0, buf));
118 + }
119 +
120 if(*dest == '\0')
121 dest = "localhost";
123 ***************
124 *** 694,705 ****
125 char ebuf[512];
127 strcpy(ebuf,buf);
128 ! sprintf(buf,"521 %s: %s",dest,ebuf);
129 rfd = -1;
130 return(say(0,buf));
131 }
132 ! sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
133 ! saveline(buf);
135 /* we are now connected and need to try the autologin thing */
136 x = getresp(rfd,buf,sizeof(buf),1);
137 --- 732,748 ----
138 char ebuf[512];
140 strcpy(ebuf,buf);
141 ! if (do_transparent)
142 ! sprintf(buf, "521 %s,%d: %s", dest, ntohs(port), ebuf);
143 ! else
144 ! sprintf(buf,"521 %s: %s",dest,ebuf);
145 rfd = -1;
146 return(say(0,buf));
147 }
148 ! if (!do_transparent) {
149 ! sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
150 ! saveline(buf);
151 ! }
153 /* we are now connected and need to try the autologin thing */
154 x = getresp(rfd,buf,sizeof(buf),1);
155 ***************
156 *** 1889,1891 ****
157 --- 1932,2050 ----
158 dup(nread);
159 }
160 #endif
161 +
162 + static int connectdest(dest, port)
163 + char *dest;
164 + short port;
165 + {
166 + char buf[1024], mbuf[512];
167 + int msg_int, x;
168 +
169 + if(*dest == '\0')
170 + dest = "localhost";
171 +
172 + if(validests != (char **)0) {
173 + char **xp;
174 + int x;
175 +
176 + for(xp = validests; *xp != (char *)0; xp++) {
177 + if(**xp == '!' && hostmatch(*xp + 1,dest)) {
178 + return(baddest(0,dest));
179 + } else {
180 + if(hostmatch(*xp,dest))
181 + break;
182 + }
183 + }
184 + if(*xp == (char *)0)
185 + return(baddest(0,dest));
186 + }
187 +
188 + /* Extended permissions processing goes in here for destination */
189 + if(extendperm) {
190 + msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0);
191 + if(msg_int == 1) {
192 + sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
193 + syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
194 + say(0,mbuf);
195 + return(1);
196 + } else {
197 + if(msg_int == -1) {
198 + sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
199 + say(0,mbuf);
200 + return(1);
201 + }
202 + }
203 + }
204 +
205 + syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest);
206 +
207 + if((rfd = conn_server(dest,port,0,buf)) < 0) {
208 + char ebuf[512];
209 +
210 + strcpy(ebuf,buf);
211 + if (do_transparent)
212 + sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
213 + else
214 + sprintf(buf,"521 %s: %s",dest,ebuf);
215 + rfd = -1;
216 + return(say(0,buf));
217 + }
218 + if (!do_transparent) {
219 + sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
220 + saveline(buf);
221 + }
222 +
223 + /* we are now connected and need to try the autologin thing */
224 + x = getresp(rfd,buf,sizeof(buf),1);
225 + if(x / 100 != COMPLETE) {
226 + sendsaved(0,-1);
227 + return(say(0,buf));
228 + }
229 + saveline(buf);
230 +
231 + sendsaved(0,-1);
232 + return 0;
233 + }
234 +
235 + /* quick hack */
236 + sayfile2(fd,fn,code)
237 + int fd;
238 + char *fn;
239 + int code;
240 + {
241 + FILE *f;
242 + char buf[BUFSIZ];
243 + char yuf[BUFSIZ];
244 + char *c;
245 + int x;
246 + int saidsomething = 0;
247 +
248 + if((f = fopen(fn,"r")) == (FILE *)0)
249 + return(1);
250 + while(fgets(buf,sizeof(buf),f) != (char *)0) {
251 + if((c = index(buf,'\n')) != (char *)0)
252 + *c = '\0';
253 + x = fgetc(f);
254 + if(feof(f))
255 + sprintf(yuf,"%3.3d-%s",code,buf);
256 + else {
257 + sprintf(yuf,"%3.3d-%s",code,buf);
258 + ungetc(x,f);
259 + }
260 + if(say(fd,yuf)) {
261 + fclose(f);
262 + return(1);
263 + }
264 + saidsomething++;
265 + }
266 + fclose(f);
267 + if (!saidsomething) {
268 + syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code);
269 + sprintf(yuf, "%3.3d The file to display is empty",code);
270 + if(say(fd,yuf)) {
271 + fclose(f);
272 + return(1);
273 + }
274 + }
275 + return(0);
276 + }
277 diff -c -r ./http-gw/http-gw.c ../../fwtk-2.1-violated/fwtk/http-gw/http-gw.c
278 *** ./http-gw/http-gw.c Fri Feb 6 18:32:25 1998
279 --- ../../fwtk-2.1-violated/fwtk/http-gw/http-gw.c Thu May 21 17:00:47 1998
280 ***************
281 *** 27,32 ****
282 --- 27,35 ----
283 static char http_buffer[8192];
284 static char reason[8192];
285 static int checkBrowserType = 1;
286 + static int do_transparent = 0;
287 +
288 + char * getdsthost();
290 static void do_logging()
291 { char *proto = "GOPHER";
292 ***************
293 *** 473,478 ****
294 --- 476,490 ----
295 /*(NOT A SPECIAL FORM)*/
297 if((rem_type & TYPE_LOCAL)== 0){
298 + char * psychic = getdsthost(sockfd, &def_port);
299 + if (psychic) {
300 + if (strlen(psychic) <= MAXHOSTNAMELEN) {
301 + do_transparent ++;
302 + strncpy(def_httpd, psychic, strlen(psychic));
303 + strncpy(def_server, psychic, strlen(psychic));
304 + }
305 + }
306 +
307 /* See if it can be forwarded */
309 if( can_forward(buf)){
310 ***************
311 *** 1564,1570 ****
312 parse_vec[0],
313 parse_vec[1],
314 ourname, ourport);
315 ! }else{
316 sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
317 parse_vec[0], parse_vec[2],
318 parse_vec[3], chk_type_ch,
319 --- 1576,1589 ----
320 parse_vec[0],
321 parse_vec[1],
322 ourname, ourport);
323 ! }
324 ! else
325 ! if (do_transparent) {
326 ! sprintf(new_reply, "%s\t%s\t%s\t%s",
327 ! parse_vec[0], parse_vec[1],
328 ! parse_vec[2],parse_vec[3]);
329 ! }
330 ! else {
331 sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
332 parse_vec[0], parse_vec[2],
333 parse_vec[3], chk_type_ch,
334 diff -c -r ./lib/hnam.c ../../fwtk-2.1-violated/fwtk/lib/hnam.c
335 *** ./lib/hnam.c Tue Dec 10 13:08:48 1996
336 --- ../../fwtk-2.1-violated/fwtk/lib/hnam.c Thu May 21 17:10:00 1998
337 ***************
338 *** 23,28 ****
339 --- 23,33 ----
341 #include "firewall.h"
343 + #ifdef __FreeBSD__ /* or OpenBSD, NetBSD, BSDI, etc. Fix this for your system. */
344 + #include <net/if.h>
345 + #include "ip_nat.h"
346 + #endif /* __FreeBSD__ */
347 +
349 char *
350 maphostname(name)
351 ***************
352 *** 49,52 ****
353 --- 54,132 ----
354 }
355 bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
356 return(inet_ntoa(sin.sin_addr));
357 + }
358 +
359 + char *getdsthost(fd, ptr)
360 + int fd;
361 + int *ptr;
362 + {
363 + struct sockaddr_in sin;
364 + struct hostent * hp;
365 + int sl = sizeof(struct sockaddr_in), err = 0, local_h = 0, i = 0;
366 + char buf[255], hostbuf[255];
367 + #ifdef __FreeBSD__
368 + struct sockaddr_in rsin;
369 + struct natlookup natlookup;
370 + #endif
371 +
372 + #ifdef linux
373 + if (!(err = getsockname(0, &sin, &sl))) {
374 + if(ptr)
375 + * ptr = ntohs(sin.sin_port);
376 +
377 + sprintf(buf, "%s", inet_ntoa(sin.sin_addr));
378 + gethostname(hostbuf, 254);
379 + hp = gethostbyname(hostbuf);
380 + while (hp->h_addr_list[i]) {
381 + bzero(&sin, &sl);
382 + memcpy(&sin.sin_addr, hp->h_addr_list[i++],
383 + sizeof(hp->h_addr_list[i++]));
384 +
385 + if (!strcmp(buf, inet_ntoa(sin.sin_addr)))
386 + local_h++;
387 + }
388 +
389 + if(local_h)
390 + return(NULL);
391 + else
392 + return(buf);
393 + }
394 + #endif
395 +
396 + #ifdef __FreeBSD__
397 + /* The basis for this block of code is Darren Reed's
398 + * patches to the TIS ftwk's ftp-gw.
399 + */
400 + bzero((char*)&sin, sizeof(sin));
401 + bzero((char*)&rsin, sizeof(rsin));
402 +
403 + if (getsockname(fd, (struct sockaddr*)&sin, &sl) < 0)
404 + return NULL;
405 +
406 + sl = sizeof(rsin);
407 +
408 + if(getpeername(fd, (struct sockaddr*)&rsin, &sl) < 0)
409 + return NULL;
410 +
411 + natlookup.nl_inport=sin.sin_port;
412 + natlookup.nl_outport=rsin.sin_port;
413 + natlookup.nl_inip=sin.sin_addr;
414 + natlookup.nl_outip=rsin.sin_addr;
415 +
416 + if ((natfd = open("/dev/ipl",O_RDONLY)) < 0)
417 + return NULL;
418 +
419 + if (ioctl(natfd, SIOCGNATL,&natlookup) == (-1))
420 + return NULL;
421 +
422 + close(natfd);
423 +
424 + if (ptr)
425 + *ptr = ntohs(natlookup.nl_inport);
426 +
427 + sprintf(buf, "%s", inet_ntoa(natlookup.nl_inip));
428 + #endif
429 +
430 + /* No transparent proxy support */
431 + return(NULL);
432 }
433 diff -c -r ./plug-gw/plug-gw.c ../../fwtk-2.1-violated/fwtk/plug-gw/plug-gw.c
434 *** ./plug-gw/plug-gw.c Thu Feb 5 19:07:35 1998
435 --- ../../fwtk-2.1-violated/fwtk/plug-gw/plug-gw.c Thu May 21 17:29:01 1998
436 ***************
437 *** 43,48 ****
438 --- 43,50 ----
439 static char **validdests = (char **)0;
440 static int net_write();
442 + static int do_transparent = 0;
443 +
444 main(ac,av)
445 int ac;
446 char *av[];
447 ***************
448 *** 198,206 ****
449 --- 200,220 ----
450 char *ptr;
451 int state = 0;
452 int ssl_plug = 0;
453 + char * getdsthost();
454 + int pport = 0;
456 struct timeval timo;
458 + /* Transparent plug-gw is probably a bad idea, but then, plug-gw is a bad
459 + * idea ..
460 + */
461 + dhost = getdsthost(0, &pport);
462 + if (dhost) {
463 + do_transparent++;
464 + portid = pport;
465 + }
466 +
467 +
468 if(c->flags & PERM_DENY) {
469 if (p == -1)
470 syslog(LLEV,"deny host=%.512s/%.20s port=any",rhost,raddr);
471 ***************
472 *** 220,226 ****
473 syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
474 exit (1);
475 }
476 ! dhost = av[x];
477 continue;
478 }
480 --- 234,241 ----
481 syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
482 exit (1);
483 }
484 ! if (!dhost)
485 ! dhost = av[x];
486 continue;
487 }
489 diff -c -r ./rlogin-gw/rlogin-gw.c ../../fwtk-2.1-violated/fwtk/rlogin-gw/rlogin-gw.c
490 *** ./rlogin-gw/rlogin-gw.c Thu Feb 5 19:08:38 1998
491 --- ../../fwtk-2.1-violated/fwtk/rlogin-gw/rlogin-gw.c Thu May 21 17:20:25 1998
492 ***************
493 *** 103,108 ****
494 --- 103,111 ----
495 static int trusted = 0;
496 static int doX = 0;
497 static char *prompt;
498 + static int do_transparent = 0;
499 +
500 + char * getdsthost();
502 main(ac,av)
503 int ac;
504 ***************
505 *** 123,128 ****
506 --- 126,132 ----
507 static char *tokav[56];
508 int tokac;
509 struct timeval timo;
510 + char * psychic;
512 #ifndef LOG_NDELAY
513 openlog("rlogin-gw",LOG_PID);
514 ***************
515 *** 188,194 ****
516 xforwarder = cf->argv[0];
517 }
519 !
521 if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
522 if(cf->argc != 1) {
523 --- 192,203 ----
524 xforwarder = cf->argv[0];
525 }
527 ! psychic = getdsthost(0, NULL);
528 ! if (psychic) {
529 ! do_transparent++;
530 ! strncpy(dest, psychic, 511);
531 ! dest[511] = '\0';
532 ! }
534 if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
535 if(cf->argc != 1) {
536 ***************
537 *** 266,271 ****
538 --- 275,281 ----
539 if((p = index(rusername,'@')) != (char *)0) {
540 char *namp;
542 + dest[0] = '\0';
543 *p++ = '\0';
544 if(*p == '\0')
545 p = "localhost";
546 ***************
547 *** 297,302 ****
548 --- 307,326 ----
550 if(dest[0] != '\0') {
551 /* Setup connection directly to remote machine */
552 + if ((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
553 + if (cf->argc != 1) {
554 + syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
555 + exit(1);
556 + }
557 +
558 + if (sayfile(0, cf->argv[0])) {
559 + syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
560 + exit(1);
561 + }
562 + }
563 +
564 + /* Hey fwtk developer people -- this connect_dest thing is *nasty!* */
565 +
566 sprintf(buf,"connect %.1000s",dest);
567 tokac = enargv(buf, tokav, 56, tokbuf, sizeof(tokbuf));
568 if (cmd_connect(tokac, tokav, buf) != 2)
569 ***************
570 *** 535,548 ****
571 char ebuf[512];
573 syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,namp);
574 ! if(strlen(namp) > 20)
575 ! namp[20] = '\0';
576 ! if(rusername[0] != '\0')
577 ! sprintf(ebuf,"Trying %s@%s...",rusername,namp);
578 ! else
579 ! sprintf(ebuf,"Trying %s...",namp);
580 ! if(say(0,ebuf))
581 ! return(1);
582 } else
583 syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,av[1]);
584 if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
585 --- 559,574 ----
586 char ebuf[512];
588 syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,namp);
589 ! if (!do_transparent) {
590 ! if(strlen(namp) > 20)
591 ! namp[20] = '\0';
592 ! if(rusername[0] != '\0')
593 ! sprintf(ebuf,"Trying %s@%s...",rusername,namp);
594 ! else
595 ! sprintf(ebuf,"Trying %s...",namp);
596 ! if(say(0,ebuf))
597 ! return(1);
598 ! }
599 } else
600 syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,av[1]);
601 if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
602 diff -c -r ./tn-gw/tn-gw.c ../../fwtk-2.1-violated/fwtk/tn-gw/tn-gw.c
603 *** ./tn-gw/tn-gw.c Thu Feb 5 19:11:36 1998
604 --- ../../fwtk-2.1-violated/fwtk/tn-gw/tn-gw.c Thu May 21 17:25:06 1998
605 ***************
606 *** 91,96 ****
607 --- 91,100 ----
608 static int cmd_xforward();
609 static int cmd_timeout();
611 + char * getdsthost();
612 +
613 + static int do_transparent = 0;
614 +
615 static int tn3270 = 1; /* don't do tn3270 stuff */
616 static int doX;
618 ***************
619 *** 144,149 ****
620 --- 148,155 ----
621 char tokbuf[BSIZ];
622 char *tokav[56];
623 int tokac;
624 + int port;
625 + char * psychic;
627 #ifndef LOG_DAEMON
628 openlog("tn-gw",LOG_PID);
629 ***************
630 *** 325,330 ****
631 --- 331,362 ----
632 }
633 }
635 + psychic = getdsthost(0, &port);
636 + if (psychic) {
637 + if ((strlen(psychic) + 10) < 510) {
638 + do_transparent++;
639 + if (port)
640 + sprintf(dest, "%s:%d", psychic, port);
641 + else
642 + sprintf(dest, "%s", psychic);
643 +
644 + if (!welcomedone)
645 + if ((cf = cfg_get("welcome-msg", confp)) != (Cfg *)0) {
646 + if (cf->argc != 1) {
647 + syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
648 + exit(1);
649 + }
650 +
651 + if (sayfile(0, cf->argv[0])) {
652 + syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]);
653 + exit(1);
654 + }
655 +
656 + welcomedone = 1;
657 + }
658 + }
659 + }
660 +
661 while (argc > 1) {
662 argc--;
663 argv++;
664 ***************
665 *** 947,955 ****
666 char ebuf[512];
668 syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,namp);
669 ! sprintf(ebuf,"Trying %.100s port %d...",namp,port);
670 ! if(say(0,ebuf))
671 ! return(1);
672 } else
673 syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
675 --- 979,989 ----
676 char ebuf[512];
678 syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,namp);
679 ! if (!do_transparent) {
680 ! sprintf(ebuf,"Trying %.100s port %d...",namp,port);
681 ! if(say(0,ebuf))
682 ! return(1);
683 ! }
684 } else
685 syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
687 ***************
688 *** 991,998 ****
690 syslog(LLEV,"connected host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
691 strncpy(dest,av[1], 511);
692 ! sprintf(buf, "Connected to %.512s.", dest);
693 ! say(0, buf);
694 return(2);
695 }
697 --- 1025,1034 ----
699 syslog(LLEV,"connected host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
700 strncpy(dest,av[1], 511);
701 ! if (!do_transparent) {
702 ! sprintf(buf, "Connected to %.512s.", dest);
703 ! say(0, buf);
704 ! }
705 return(2);
706 }