| blob | 6fd043b5069b77c7c47f266b762385b72375041b |
1 *** ftp-gw.c.orig Sun Jun 22 16:27:42 1997
2 --- ftp-gw.c Sun Jun 22 17:02:16 1997
3 ***************
4 *** 11,31 ****
5 --- 11,41 ----
6 */
7 static char RcsId[] = "Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.1 1999/08/04 17:30:30 darrenr Exp";
9 + /*
10 + * Patches for IP Filter NAT extensions written by Darren Reed, 7/7/96
11 + * darrenr@cyber.com.au
12 + */
13 + static char vIpFilter[] = "v3.1.11";
15 #include <stdio.h>
16 #include <ctype.h>
17 #include <syslog.h>
18 + #include <unistd.h>
19 + #include <fcntl.h>
20 #include <sys/signal.h>
21 #include <sys/ioctl.h>
22 #include <sys/errno.h>
23 extern int errno;
24 + #ifdef sun
25 extern char *sys_errlist[];
26 + #endif
27 #include <arpa/ftp.h>
28 #include <arpa/telnet.h>
29 #include <sys/time.h>
30 #include <sys/types.h>
31 #include <sys/socket.h>
32 #include <netinet/in.h>
33 + #include <net/if.h>
35 extern char *rindex();
36 extern char *index();
37 ***************
38 *** 36,41 ****
39 --- 46,54 ----
41 #include "firewall.h"
43 + #include "ip_compat.h"
44 + #include "ip_fil.h"
45 + #include "ip_nat.h"
47 #ifndef BSIZ
48 #define BSIZ 2048
49 ***************
50 *** 83,88 ****
51 --- 96,103 ----
52 static int cmd_noop();
53 static int cmd_abor();
54 static int cmd_passthru();
55 + static int nat_destination();
56 + static int connectdest();
57 static void saveline();
58 static void flushsaved();
59 static void trap_sigurg();
60 ***************
61 *** 317,323 ****
62 if(authallflg)
63 if(say(0,"220-Proxy first requires authentication"))
64 exit(1);
65 ! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
66 if(say(0,xuf))
67 exit(1);
68 }
69 --- 332,341 ----
70 if(authallflg)
71 if(say(0,"220-Proxy first requires authentication"))
72 exit(1);
73 ! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
74 ! if(say(0,xuf))
75 ! exit(1);
76 ! sprintf(xuf,"220-%s TIS ftp-gw with IP Filter %s NAT extensions",huf,vIpFilter);
77 if(say(0,xuf))
78 exit(1);
79 }
80 ***************
81 *** 338,343 ****
82 --- 356,363 ----
83 exit(1);
84 }
86 + nat_destination(0);
87 +
88 /* main loop */
89 while(1) {
90 FD_ZERO(&rdy);
91 ***************
92 *** 608,619 ****
93 static char narg[] = "501 Missing or extra username";
94 static char noad[] = "501 Use user@site to connect via proxy";
95 char buf[1024];
96 - char mbuf[512];
97 char *p;
98 char *dest;
99 char *user;
100 int x;
101 - int msg_int;
102 short port = FTPPORT;
104 /* kludgy but effective. if authorizing everything call auth instead */
105 --- 628,637 ----
106 ***************
107 *** 643,648 ****
108 --- 661,687 ----
109 return(sayn(0,noad,sizeof(noad)));
110 }
112 + if((rfd == -1) && (x = connectdest(dest,port)))
113 + return x;
114 + sprintf(buf,"USER %s",user);
115 + if(say(rfd,buf))
116 + return(1);
117 + x = getresp(rfd,buf,sizeof(buf),1);
118 + if(sendsaved(0,x))
119 + return(1);
120 + return(say(0,buf));
121 + }
122 +
123 + static int
124 + connectdest(dest,port)
125 + char *dest;
126 + short port;
127 + {
128 + char buf[1024];
129 + char mbuf[512];
130 + int msg_int;
131 + int x;
132 +
133 if(*dest == '\0')
134 dest = "localhost";
136 ***************
137 *** 685,693 ****
138 char ebuf[512];
140 strcpy(ebuf,buf);
141 ! sprintf(buf,"521 %s: %s",dest,ebuf);
142 return(say(0,buf));
143 }
144 sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
145 saveline(buf);
147 --- 724,733 ----
148 char ebuf[512];
150 strcpy(ebuf,buf);
151 ! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
152 return(say(0,buf));
153 }
154 +
155 sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
156 saveline(buf);
158 ***************
159 *** 698,711 ****
160 return(say(0,buf));
161 }
162 saveline(buf);
163 !
164 ! sprintf(buf,"USER %s",user);
165 ! if(say(rfd,buf))
166 ! return(1);
167 ! x = getresp(rfd,buf,sizeof(buf),1);
168 ! if(sendsaved(0,x))
169 ! return(1);
170 ! return(say(0,buf));
171 }
174 --- 738,745 ----
175 return(say(0,buf));
176 }
177 saveline(buf);
178 ! sendsaved(0,-1);
179 ! return 0;
180 }
183 ***************
184 *** 1591,1593 ****
185 --- 1625,1671 ----
186 dup(nread);
187 }
188 #endif
189 +
190 +
191 + static int
192 + nat_destination(fd)
193 + int fd;
194 + {
195 + struct sockaddr_in laddr, faddr;
196 + struct natlookup natlookup;
197 + char *dest;
198 + int slen, natfd;
199 +
200 + bzero((char *)&laddr, sizeof(laddr));
201 + bzero((char *)&faddr, sizeof(faddr));
202 + slen = sizeof(laddr);
203 + if(getsockname(fd,(struct sockaddr *)&laddr,&slen) < 0) {
204 + perror("getsockname");
205 + exit(1);
206 + }
207 + slen = sizeof(faddr);
208 + if(getpeername(fd,(struct sockaddr *)&faddr,&slen) < 0) {
209 + perror("getsockname");
210 + exit(1);
211 + }
212 +
213 + natlookup.nl_inport = laddr.sin_port;
214 + natlookup.nl_outport = faddr.sin_port;
215 + natlookup.nl_inip = laddr.sin_addr;
216 + natlookup.nl_outip = faddr.sin_addr;
217 + natlookup.nl_flags = IPN_TCP;
218 + if((natfd = open(IPL_NAT, O_RDONLY)) < 0) {
219 + perror("open");
220 + exit(1);
221 + }
222 + if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) {
223 + syslog(LOG_ERR, "SIOCGNATL failed: %m\n");
224 + close(natfd);
225 + if(say(0,"220 Ready"))
226 + exit(1);
227 + return 0;
228 + }
229 + close(natfd);
230 + return connectdest(inet_ntoa(natlookup.nl_realip),
231 + ntohs(natlookup.nl_realport));
232 + }