Sync usage with man page.
[netbsd-mini2440.git] / dist / ipf / FWTK / fwtk_transparent.diff
blob41e4e2281907c1af5c5f4c2e5d3e213515581d94
1 diff -cr ../TIS.orig/fwtk/Makefile.config.linux fwtk/Makefile.config.linux
2 *** ../TIS.orig/fwtk/Makefile.config.linux Sat Sep 7 05:58:21 1996
3 --- fwtk/Makefile.config.linux Sun Feb 2 05:48:01 1997
4 ***************
5 *** 13,19 ****
8 # Your C compiler (eg, "cc" or "gcc")
9 ! CC= cc
12 # program to use for installation -- this may or may not preserve
13 --- 13,19 ----
16 # Your C compiler (eg, "cc" or "gcc")
17 ! CC= gcc
20 # program to use for installation -- this may or may not preserve
21 ***************
22 *** 24,37 ****
24 # Defines for your operating system
26 ! DEFINES=-DLINUX
27 #DEFINES=-DSYSV -DSOLARIS
29 # Options for your compiler (eg, "-g" for debugging, "-O" for
30 # optimizing, or "-g -O" for both under GCC)
31 #COPT= -g -traditional $(DEFINES)
32 ! COPT= -g $(DEFINES)
33 ! #COPT= -O $(DEFINES)
35 # Version of "make" you want to use
36 #MAKE= gnumake
37 --- 24,37 ----
39 # Defines for your operating system
41 ! DEFINES=-DLINUX -DUSE_IP_FILTER
42 #DEFINES=-DSYSV -DSOLARIS
44 # Options for your compiler (eg, "-g" for debugging, "-O" for
45 # optimizing, or "-g -O" for both under GCC)
46 #COPT= -g -traditional $(DEFINES)
47 ! #COPT= -g $(DEFINES)
48 ! COPT= -O $(DEFINES)
50 # Version of "make" you want to use
51 #MAKE= gnumake
52 ***************
53 *** 44,50 ****
56 # Destination directory for installation of binaries
57 ! DEST= /usr/local/etc
60 # Destination directory for installation of man pages
61 --- 44,50 ----
64 # Destination directory for installation of binaries
65 ! DEST= /usr/local/sbin
68 # Destination directory for installation of man pages
69 ***************
70 *** 72,78 ****
71 # or -Bstatic for static binaries under SunOS 4.1.x)
72 #LDFL= -Bstatic
73 #LDFL=
74 ! LDFL= -g
77 # Location of the fwtk sources [For #include by any external tools needing it]
78 --- 72,79 ----
79 # or -Bstatic for static binaries under SunOS 4.1.x)
80 #LDFL= -Bstatic
81 #LDFL=
82 ! #LDFL= -g
83 ! LDFL= -O
86 # Location of the fwtk sources [For #include by any external tools needing it]
87 ***************
88 *** 81,87 ****
91 # Location of X libraries for X-gw
92 ! XLIBDIR=/usr/X11/lib
93 #XLIBDIR=/usr/local/X11R5/lib
95 # X Libraries
96 --- 82,88 ----
99 # Location of X libraries for X-gw
100 ! XLIBDIR=/usr/X11R6/lib
101 #XLIBDIR=/usr/local/X11R5/lib
103 # X Libraries
104 ***************
105 *** 96,102 ****
106 #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11
108 # Location of X include files
109 ! XINCLUDE=/usr/X11/include
110 #XINCLUDE=/usr/local/X11R5/include
112 # Objects to include in libfwall for SYSV
113 --- 97,103 ----
114 #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11
116 # Location of X include files
117 ! XINCLUDE=/usr/X11R6/include
118 #XINCLUDE=/usr/local/X11R5/include
120 # Objects to include in libfwall for SYSV
121 diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris
122 *** ../TIS.orig/fwtk/Makefile.config.solaris Sat Sep 7 06:14:13 1996
123 --- fwtk/Makefile.config.solaris Sun Feb 2 06:09:19 1997
124 ***************
125 *** 11,30 ****
127 # RcsId: "$Header: /pub/NetBSD/misc/repositories/cvsroot/src/dist/ipf/FWTK/fwtk_transparent.diff,v 1.2 2004/03/28 09:00:54 martti Exp $"
130 # Your C compiler (eg, "cc" or "gcc")
131 ! CC= cc
134 # program to use for installation -- this may or may not preserve
135 # old versions (or whatever). assumes that it takes parameters:
136 # copy source dest
137 ! CP= cp
140 # Defines for your operating system
142 ! DEFINES=-DSYSV -DSOLARIS
144 #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \
145 -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \
146 --- 11,34 ----
148 # RcsId: "$Header: /pub/NetBSD/misc/repositories/cvsroot/src/dist/ipf/FWTK/fwtk_transparent.diff,v 1.2 2004/03/28 09:00:54 martti Exp $"
151 + # Path to sources of ip_filter (ip_nat.h required in lib/hnam.c)
153 + IPFPATH=/src/unpacked/firewall/ip_fil3.1.5
155 # Your C compiler (eg, "cc" or "gcc")
156 ! CC= gcc
159 # program to use for installation -- this may or may not preserve
160 # old versions (or whatever). assumes that it takes parameters:
161 # copy source dest
162 ! CP= /usr/ucb/install -c -s
165 # Defines for your operating system
167 ! DEFINES=-DSYSV -DSOLARIS -DUSE_IP_FILTER -I$(IPFPATH)
169 #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \
170 -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \
171 ***************
172 *** 45,52 ****
175 # Your ranlib utility (use "touch" if you don't have ranlib)
176 ! RANLIB= ranlib
177 ! #RANLIB= touch
180 # Destination directory for installation of binaries
181 --- 49,56 ----
184 # Your ranlib utility (use "touch" if you don't have ranlib)
185 ! # RANLIB= ranlib
186 ! RANLIB= touch
189 # Destination directory for installation of binaries
190 diff -cr ../TIS.orig/fwtk/firewall.h fwtk/firewall.h
191 *** ../TIS.orig/fwtk/firewall.h Sun Sep 8 05:55:26 1996
192 --- fwtk/firewall.h Sun Feb 2 05:23:33 1997
193 ***************
194 *** 47,53 ****
195 system.
197 #ifndef PERMFILE
198 ! #define PERMFILE "/usr/local/etc/netperm-table"
199 #endif
202 --- 47,53 ----
203 system.
205 #ifndef PERMFILE
206 ! #define PERMFILE "/etc/fwtk/netperm-table"
207 #endif
210 ***************
211 *** 67,73 ****
213 /* Choose a system logging facility for the firewall toolkit. */
214 #ifndef LFAC
215 ! #define LFAC LOG_DAEMON
216 #endif
219 --- 67,73 ----
221 /* Choose a system logging facility for the firewall toolkit. */
222 #ifndef LFAC
223 ! #define LFAC LOG_LOCAL5
224 #endif
227 ***************
228 *** 215,220 ****
229 #define PERM_ALLOW 01
230 #define PERM_DENY 02
233 #define _INCL_FWALL_H
234 #endif
235 --- 215,222 ----
236 #define PERM_ALLOW 01
237 #define PERM_DENY 02
239 ! #ifdef USE_IP_FILTER
240 ! extern char *getdsthost(int, int*);
241 ! #endif
242 #define _INCL_FWALL_H
243 #endif
244 diff -cr ../TIS.orig/fwtk/ftp-gw/ftp-gw.c fwtk/ftp-gw/ftp-gw.c
245 *** ../TIS.orig/fwtk/ftp-gw/ftp-gw.c Fri Sep 6 18:55:05 1996
246 --- fwtk/ftp-gw/ftp-gw.c Sat Feb 1 06:49:13 1997
247 ***************
248 *** 50,55 ****
249 --- 50,59 ----
250 #ifndef FTPPORT
251 #define FTPPORT 21
252 #endif
253 + #ifdef USE_IP_FILTER
254 + static int do_transparent=0;
255 + static int connectdest();
256 + #endif
258 static Cfg *confp;
259 static char **validests = (char **)0;
260 ***************
261 *** 170,175 ****
262 --- 174,182 ----
263 char xuf[1024];
264 char huf[128];
265 char *passuser = (char *)0; /* passed user as av */
266 + #ifdef USE_IP_FILTER
267 + char *psychic, *hotline;
268 + #endif
270 #ifndef LOG_DAEMON
271 openlog("ftp-gw",LOG_PID);
272 ***************
273 *** 313,320 ****
275 } else
276 timeout = 60*60;
279 /* display a welcome file or message */
280 if(passuser == (char *)0) {
281 if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
282 --- 320,330 ----
284 } else
285 timeout = 60*60;
286 + #ifdef USE_IP_FILTER
287 + psychic=getdsthost(0,NULL);
288 + if(psychic) { do_transparent++; }
289 + #endif
291 /* display a welcome file or message */
292 if(passuser == (char *)0) {
293 if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
294 ***************
295 *** 322,327 ****
296 --- 332,345 ----
297 syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
298 exit(1);
300 + #ifdef USE_IP_FILTER
301 + if(do_transparent) {
302 + if(sayfile2(0,cf->argv[0],220)) {
303 + syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
304 + exit(1);
306 + } else
307 + #endif /* USE_IP_FILTER */
308 if(sayfile(0,cf->argv[0],220)) {
309 syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
310 exit(1);
311 ***************
312 *** 332,338 ****
313 if(authallflg)
314 if(say(0,"220-Proxy first requires authentication"))
315 exit(1);
316 ! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
317 if(say(0,xuf))
318 exit(1);
320 --- 350,361 ----
321 if(authallflg)
322 if(say(0,"220-Proxy first requires authentication"))
323 exit(1);
324 ! #ifdef USE_IP_FILTER
325 ! if(do_transparent)
326 ! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
327 ! else
328 ! #endif
329 ! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
330 if(say(0,xuf))
331 exit(1);
333 ***************
334 *** 352,358 ****
335 if(cmd_user(2,fakav,"user internal"))
336 exit(1);
339 /* main loop */
340 while(1) {
341 FD_ZERO(&rdy);
342 --- 375,386 ----
343 if(cmd_user(2,fakav,"user internal"))
344 exit(1);
346 ! #ifdef USE_IP_FILTER
347 ! if(do_transparent) {
348 ! connectdest(psychic,21);
350 ! #endif
352 /* main loop */
353 while(1) {
354 FD_ZERO(&rdy);
355 ***************
356 *** 676,681 ****
357 --- 704,719 ----
358 return(sayn(0,noad,sizeof(noad)-1));
361 + #ifdef USE_IP_FILTER
362 + if(do_transparent) {
363 + if((rfd==(-1)) && (x=connectdest(dest,port))) return x;
364 + sprintf(buf,"USER %s",user);
365 + if(say(rfd,buf)) return(1);
366 + x=getresp(rfd,buf,sizeof(buf),1);
367 + if(sendsaved(0,x)) return(1);
368 + return(say(0,buf));
370 + #endif
371 if(*dest == '\0')
372 dest = "localhost";
374 ***************
375 *** 717,723 ****
376 char ebuf[512];
378 strcpy(ebuf,buf);
379 ! sprintf(buf,"521 %s: %s",dest,ebuf);
380 rfd = -1;
381 return(say(0,buf));
383 --- 755,766 ----
384 char ebuf[512];
386 strcpy(ebuf,buf);
387 ! #ifdef USE_IP_FILTER
388 ! if(do_transparent) {
389 ! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
390 ! } else
391 ! #endif
392 ! sprintf(buf,"521 %s: %s",dest,ebuf);
393 rfd = -1;
394 return(say(0,buf));
396 ***************
397 *** 1874,1876 ****
398 --- 1917,2036 ----
399 dup(nread);
401 #endif
403 + #ifdef USE_IP_FILTER
404 + static int connectdest(dest, port)
405 + char *dest;
406 + short port;
408 + char buf[1024], mbuf[512];
409 + int msg_int, x;
411 + if(*dest == '\0')
412 + dest = "localhost";
414 + if(validests != (char **)0) {
415 + char **xp;
416 + int x;
418 + for(xp = validests; *xp != (char *)0; xp++) {
419 + if(**xp == '!' && hostmatch(*xp + 1,dest)) {
420 + return(baddest(0,dest));
421 + } else {
422 + if(hostmatch(*xp,dest))
423 + break;
426 + if(*xp == (char *)0)
427 + return(baddest(0,dest));
430 + /* Extended permissions processing goes in here for destination */
431 + if(extendperm) {
432 + msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0);
433 + if(msg_int == 1) {
434 + sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
435 + syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
436 + say(0,mbuf);
437 + return(1);
438 + } else {
439 + if(msg_int == -1) {
440 + sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
441 + say(0,mbuf);
442 + return(1);
445 + }
447 + syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest);
449 + if((rfd = conn_server(dest,port,0,buf)) < 0) {
450 + char ebuf[512];
452 + strcpy(ebuf,buf);
453 + sprintf(buf,"521 %s: %s",dest,ebuf);
454 + rfd = -1;
455 + return(say(0,buf));
457 + if(!do_transparent) {
458 + sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
459 + saveline(buf);
462 + /* we are now connected and need to try the autologin thing */
463 + x = getresp(rfd,buf,sizeof(buf),1);
464 + if(x / 100 != COMPLETE) {
465 + sendsaved(0,-1);
466 + return(say(0,buf));
468 + saveline(buf);
470 + sendsaved(0,-1);
471 + return 0;
475 + /* ok, so i'm in a hurry. english paper due RSN. */
476 + sayfile2(fd,fn,code)
477 + int fd;
478 + char *fn;
479 + int code;
481 + FILE *f;
482 + char buf[BUFSIZ];
483 + char yuf[BUFSIZ];
484 + char *c;
485 + int x;
486 + int saidsomething = 0;
488 + if((f = fopen(fn,"r")) == (FILE *)0)
489 + return(1);
490 + while(fgets(buf,sizeof(buf),f) != (char *)0) {
491 + if((c = index(buf,'\n')) != (char *)0)
492 + *c = '\0';
493 + x = fgetc(f);
494 + if(feof(f))
495 + sprintf(yuf,"%3.3d-%s",code,buf);
496 + else {
497 + sprintf(yuf,"%3.3d-%s",code,buf);
498 + ungetc(x,f);
500 + if(say(fd,yuf)) {
501 + fclose(f);
502 + return(1);
504 + saidsomething++;
506 + fclose(f);
507 + if (!saidsomething) {
508 + syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code);
509 + sprintf(yuf, "%3.3d The file to display is empty",code);
510 + if(say(fd,yuf)) {
511 + fclose(f);
512 + return(1);
515 + return(0);
518 + #endif /* USE_IP_FILTER */
519 diff -cr ../TIS.orig/fwtk/http-gw/http-gw.c fwtk/http-gw/http-gw.c
520 *** ../TIS.orig/fwtk/http-gw/http-gw.c Mon Sep 9 20:40:53 1996
521 --- fwtk/http-gw/http-gw.c Sun Feb 2 06:41:18 1997
522 ***************
523 *** 27,32 ****
524 --- 27,35 ----
525 static char http_buffer[8192];
526 static char reason[8192];
527 static int checkBrowserType = 1;
528 + #ifdef USE_IP_FILTER
529 + static int do_transparent=0;
530 + #endif
532 static void do_logging()
533 { char *proto = "GOPHER";
534 ***************
535 *** 422,427 ****
536 --- 425,441 ----
537 /*(NOT A SPECIAL FORM)*/
539 if((rem_type & TYPE_LOCAL)== 0){
540 + #ifdef USE_IP_FILTER
541 + char *psychic=getdsthost(sockfd,&def_port);
542 + if(psychic) {
543 + if(strlen(psychic)<=MAXHOSTNAMELEN) {
544 + do_transparent++;
545 + strncpy(def_httpd,psychic,strlen(psychic));
546 + strncpy(def_server,psychic,strlen(psychic));
550 + #endif /* USE_IP_FILTER */
551 /* See if it can be forwarded */
553 if( can_forward(buf)){
554 ***************
555 *** 1513,1518 ****
556 --- 1527,1537 ----
557 parse_vec[0],
558 parse_vec[1],
559 ourname, ourport);
561 + #ifdef USE_IP_FILTER
562 + else if(do_transparent) {
563 + sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]);
564 + #endif /* USE_IP_FILTER */
565 }else{
566 sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
567 parse_vec[0], parse_vec[2],
568 diff -cr ../TIS.orig/fwtk/lib/hnam.c fwtk/lib/hnam.c
569 *** ../TIS.orig/fwtk/lib/hnam.c Sat Nov 5 00:30:19 1994
570 --- fwtk/lib/hnam.c Sat Feb 1 08:17:46 1997
571 ***************
572 *** 20,25 ****
573 --- 20,37 ----
575 extern char *inet_ntoa();
577 + #if defined(USE_IP_FILTER)
578 + #include <net/if.h>
579 + #ifndef LINUX
580 + #include "ip_nat.h"
581 + #endif
582 + #if defined(SOLARIS)
583 + #include <sys/stat.h>
584 + #include <fcntl.h>
585 + #include <unistd.h>
586 + #include <sys/ioccom.h>
587 + #endif
588 + #endif /* IP_FILTER */
590 #include "firewall.h"
592 ***************
593 *** 45,47 ****
594 --- 57,158 ----
595 bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
596 return(inet_ntoa(sin.sin_addr));
601 + #ifdef USE_IP_FILTER
602 + char *getdsthost(fd, ptr)
603 + int fd;
604 + int *ptr;
606 + struct sockaddr_in sin;
607 + struct hostent *hp;
608 + int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0;
609 + static char buf[255], hostbuf[255];
610 + #if defined(__FreeBSD__) || defined(SOLARIS)
611 + struct sockaddr_in rsin;
612 + struct natlookup natlookup;
613 + int natfd;
614 + #endif
616 + #ifdef linux
617 + /* This should also work for UDP. Unfortunately, it doesn't.
618 + Maybe when the Linux UDP proxy code gets a little cleaner.
619 + */
620 + if(!(err=getsockname(0,&sin,&sl))) {
621 + if(ptr) *ptr=ntohs(sin.sin_port);
622 + sprintf(buf,"%s",inet_ntoa(sin.sin_addr));
623 + gethostname(hostbuf,254);
624 + hp=gethostbyname(hostbuf);
625 + while(hp->h_addr_list[i]) {
626 + bzero(&sin,&sl);
627 + memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++]));
628 + if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++;
630 + if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); }
631 + else { return(buf); }
633 + #endif
635 + #if defined(__FreeBSD__)
636 + /* The basis for this block of code is Darren Reed's
637 + patches to the TIS ftwk's ftp-gw.
638 + */
639 + bzero((char*)&sin,sizeof(sin));
640 + bzero((char*)&rsin,sizeof(rsin));
641 + if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
642 + return NULL;
644 + sl=sizeof(rsin);
645 + if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
646 + return NULL;
648 + natlookup.nl_inport=sin.sin_port;
649 + natlookup.nl_outport=rsin.sin_port;
650 + natlookup.nl_inip=sin.sin_addr;
651 + natlookup.nl_outip=rsin.sin_addr;
652 + if((natfd=open("/dev/ipnat",O_RDONLY))<0) {
653 + return(NULL);
655 + if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) {
656 + return(NULL);
658 + close(natfd);
659 + if(ptr) *ptr=ntohs(natlookup.nl_realport);
660 + sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip));
661 + #endif
663 + #if defined(SOLARIS) /* for Solaris */
664 + /* The basis for this block of code is Darren Reed's
665 + * patches to the TIS ftwk's ftp-gw.
666 + * modified for Solaris from Michael Kutzner, Michael.Kutzner@paderlinx.de
667 + */
668 + memset((char*)&sin, 0, sizeof(sin));
669 + memset((char*)&rsin, 0, sizeof(rsin));
671 + if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
672 + return NULL;
674 + sl=sizeof(rsin);
675 + if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
676 + return NULL;
678 + natlookup.nl_inport=sin.sin_port;
679 + natlookup.nl_outport=rsin.sin_port;
680 + natlookup.nl_inip=sin.sin_addr;
681 + natlookup.nl_outip=rsin.sin_addr;
682 + if( (natfd=open(IPL_NAT,O_RDONLY)) < 0) {
683 + return(NULL);
685 + if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) {
686 + return(NULL);
688 + close(natfd);
689 + if(ptr) *ptr=ntohs(natlookup.nl_realport);
690 + sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip));
691 + #endif
693 + /* No transparent proxy support */
694 + return(NULL);
696 + #endif /* USE_IP_FILTER */
697 diff -cr ../TIS.orig/fwtk/plug-gw/plug-gw.c fwtk/plug-gw/plug-gw.c
698 *** ../TIS.orig/fwtk/plug-gw/plug-gw.c Thu Sep 5 21:36:33 1996
699 --- fwtk/plug-gw/plug-gw.c Sun Feb 2 04:50:40 1997
700 ***************
701 *** 38,44 ****
702 static int timeout = PROXY_TIMEOUT;
703 static char **validdests = (char **)0;
704 static Cfg *confp;
706 main(ac,av)
707 int ac;
708 char *av[];
709 --- 38,46 ----
710 static int timeout = PROXY_TIMEOUT;
711 static char **validdests = (char **)0;
712 static Cfg *confp;
713 ! #ifdef USE_IP_FILTER
714 ! static int do_transparent=0;
715 ! #endif
716 main(ac,av)
717 int ac;
718 char *av[];
719 ***************
720 *** 189,201 ****
721 static char buf[1024 * 4];
722 void (*op)();
723 char *dhost = NULL;
724 char hostport[1024 * 4];
725 char *ptr;
726 int state = 0;
727 int ssl_plug = 0;
729 struct timeval timo;
731 if(c->flags & PERM_DENY) {
732 if (p == -1)
733 syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr);
734 --- 191,215 ----
735 static char buf[1024 * 4];
736 void (*op)();
737 char *dhost = NULL;
738 + char *transhost = NULL;
739 char hostport[1024 * 4];
740 char *ptr;
741 int state = 0;
742 int ssl_plug = 0;
743 ! #ifdef USE_IP_FILTER
744 ! int pport;
745 ! #endif
746 struct timeval timo;
748 + #ifdef USE_IP_FILTER
749 + /* Transparent plug-gw is probably a bad idea, but hey .. */
750 + transhost=getdsthost(0,&pport);
751 + if(transhost) {
752 + do_transparent++;
753 + portid=pport;
755 + #endif
757 if(c->flags & PERM_DENY) {
758 if (p == -1)
759 syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr);
760 ***************
761 *** 223,229 ****
762 privport = 1;
763 continue;
766 if (!strcmp(av[x], "-port")) {
767 if (++x >= ac) {
768 syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln);
769 --- 237,248 ----
770 privport = 1;
771 continue;
773 ! #ifdef USE_IP_FILTER
774 ! if (!strcmp(av[x],"-all-destinations")) {
775 ! dhost = transhost;
776 ! continue;
778 ! #endif
779 if (!strcmp(av[x], "-port")) {
780 if (++x >= ac) {
781 syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln);
782 diff -cr ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c fwtk/rlogin-gw/rlogin-gw.c
783 *** ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c Fri Sep 6 18:56:33 1996
784 --- fwtk/rlogin-gw/rlogin-gw.c Sun Feb 2 06:26:04 1997
785 ***************
786 *** 40,46 ****
788 extern char *maphostname();
791 static int cmd_quit();
792 static int cmd_help();
793 static int cmd_connect();
794 --- 40,48 ----
796 extern char *maphostname();
798 ! #ifdef USE_IP_FILTER
799 ! static int do_transparent=0;
800 ! #endif
801 static int cmd_quit();
802 static int cmd_help();
803 static int cmd_connect();
804 ***************
805 *** 120,125 ****
806 --- 122,130 ----
807 static char *tokav[56];
808 int tokac;
809 struct timeval timo;
810 + #ifdef USE_IP_FILTER
811 + char *psychic;
812 + #endif
814 #ifndef LOG_NDELAY
815 openlog("rlogin-gw",LOG_PID);
816 ***************
817 *** 186,192 ****
822 if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
823 if(cf->argc != 1) {
824 syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln);
825 --- 191,204 ----
829 ! #ifdef USE_IP_FILTER
830 ! psychic=getdsthost(0,NULL);
831 ! if(psychic) {
832 ! do_transparent++;
833 ! strncpy(dest,psychic,511);
834 ! dest[511]='\0';
836 ! #endif /* USE_IP_FILTER */
837 if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
838 if(cf->argc != 1) {
839 syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln);
840 ***************
841 *** 260,269 ****
844 /* if present a host name, chop and save username and hostname */
845 - dest[0] = '\0';
846 if((p = index(rusername,'@')) != (char *)0) {
847 char *namp;
849 *p++ = '\0';
850 if(*p == '\0')
851 p = "localhost";
852 --- 272,281 ----
855 /* if present a host name, chop and save username and hostname */
856 if((p = index(rusername,'@')) != (char *)0) {
857 char *namp;
859 + dest[0] = '\0';
860 *p++ = '\0';
861 if(*p == '\0')
862 p = "localhost";
863 ***************
864 *** 532,539 ****
865 --- 544,557 ----
866 sprintf(ebuf,"Trying %s@%s...",rusername,namp);
867 else
868 sprintf(ebuf,"Trying %s...",namp);
869 + #ifdef USE_IP_FILTER
870 + if(!do_transparent) {
871 + #endif
872 if(say(0,ebuf))
873 return(1);
874 + #ifdef USE_IP_FILTER
876 + #endif
877 } else
878 syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]);
879 if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
880 diff -cr ../TIS.orig/fwtk/tn-gw/tn-gw.c fwtk/tn-gw/tn-gw.c
881 *** ../TIS.orig/fwtk/tn-gw/tn-gw.c Fri Sep 6 18:55:48 1996
882 --- fwtk/tn-gw/tn-gw.c Sun Feb 2 06:06:33 1997
883 ***************
884 *** 97,102 ****
885 --- 97,106 ----
886 static int timeout = PROXY_TIMEOUT;
887 static char timed_out_msg[] = "\r\nConnection closed due to inactivity";
889 + #ifdef USE_IP_FILTER
890 + static int do_transparent=0;
891 + #endif
893 typedef struct {
894 char *name;
895 char *hmsg;
896 ***************
897 *** 140,145 ****
898 --- 144,153 ----
899 char tokbuf[BSIZ];
900 char *tokav[56];
901 int tokac;
902 + #ifdef USE_IP_FILTER
903 + int port;
904 + char *psychic;
905 + #endif
907 #ifndef LOG_DAEMON
908 openlog("tn-gw",LOG_PID);
909 ***************
910 *** 307,313 ****
911 exit(1);
915 while (argc > 1) {
916 argc--;
917 argv++;
918 --- 315,349 ----
919 exit(1);
922 ! #ifdef USE_IP_FILTER
923 ! psychic=getdsthost(0,&port);
924 ! if(psychic) {
925 ! if((strlen(psychic) + 10) < 510) {
926 ! do_transparent++;
927 ! if(port)
928 ! sprintf(dest,"%s:%d",psychic,port);
929 ! else
930 ! sprintf(dest,"%s",psychic);
933 ! if(!welcomedone)
934 ! if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
935 ! if(cf->argc != 1) {
936 ! syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
937 ! exit(1);
939 ! if(sayfile(0,cf->argv[0])) {
940 ! syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]);
941 ! exit(1);
943 ! welcomedone = 1;
950 ! #endif /* USE_IP_FILTER */
951 while (argc > 1) {
952 argc--;
953 argv++;
954 ***************
955 *** 870,877 ****
957 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
958 sprintf(ebuf,"Trying %s port %d...",namp,port);
959 ! if(say(0,ebuf))
960 ! return(1);
961 } else
962 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
964 --- 906,920 ----
966 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
967 sprintf(ebuf,"Trying %s port %d...",namp,port);
968 ! #ifdef USE_IP_FILTER
969 ! if(!do_transparent) {
970 ! sprintf(ebuf,"Trying %s port %d...",namp,port);
971 ! #endif
972 ! if(say(0,ebuf))
973 ! return(1);
974 ! #ifdef USE_IP_FILTER
976 ! #endif
977 } else
978 syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
980 ***************
981 *** 903,910 ****
983 syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
984 strncpy(dest,av[1], 511);
985 ! sprintf(buf, "Connected to %s.", dest);
986 say(0, buf);
987 return(2);
990 --- 946,959 ----
992 syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
993 strncpy(dest,av[1], 511);
994 ! #ifdef USE_IP_FILTER
995 ! if(!do_transparent) {
996 ! sprintf(buf, "Connected to %s.", dest);
997 ! say(0, buf);
999 ! #else
1000 say(0, buf);
1001 + #endif
1002 return(2);
1005 diff -cr ../TIS.orig/fwtk/x-gw/socket.c fwtk/x-gw/socket.c
1006 *** ../TIS.orig/fwtk/x-gw/socket.c Sat Sep 7 05:16:35 1996
1007 --- fwtk/x-gw/socket.c Sun Feb 2 05:26:44 1997
1008 ***************
1009 *** 212,218 ****
1010 case AF_UNIX: un_name = (struct sockaddr_un *)addr;
1011 len = sizeof(un_name->sun_family) +
1012 sizeof(un_name->sun_path)
1013 ! #ifdef SCM_RIGHTS /* 4.3BSD Reno and later */
1014 + sizeof(un_name->sun_len) + 1
1015 #endif
1017 --- 212,218 ----
1018 case AF_UNIX: un_name = (struct sockaddr_un *)addr;
1019 len = sizeof(un_name->sun_family) +
1020 sizeof(un_name->sun_path)
1021 ! #if defined(SCM_RIGHTS) && !defined(LINUX)/* 4.3BSD Reno and later */
1022 + sizeof(un_name->sun_len) + 1
1023 #endif
1025 Only in fwtk/x-gw: socket.c.bak