NetBSD-5.0.2/dist/ipf/FWTK/fwtk_transparent.diff
diff -cr ../TIS.orig/fwtk/Makefile.config.linux fwtk/Makefile.config.linux
*** ../TIS.orig/fwtk/Makefile.config.linux Sat Sep 7 05:58:21 1996
--- fwtk/Makefile.config.linux Sun Feb 2 05:48:01 1997
***************
*** 13,19 ****
# Your C compiler (eg, "cc" or "gcc")
! CC= cc
# program to use for installation -- this may or may not preserve
--- 13,19 ----
# Your C compiler (eg, "cc" or "gcc")
! CC= gcc
# program to use for installation -- this may or may not preserve
***************
*** 24,37 ****
# Defines for your operating system
#
! DEFINES=-DLINUX
#DEFINES=-DSYSV -DSOLARIS
# Options for your compiler (eg, "-g" for debugging, "-O" for
# optimizing, or "-g -O" for both under GCC)
#COPT= -g -traditional $(DEFINES)
! COPT= -g $(DEFINES)
! #COPT= -O $(DEFINES)
# Version of "make" you want to use
#MAKE= gnumake
--- 24,37 ----
# Defines for your operating system
#
! DEFINES=-DLINUX -DUSE_IP_FILTER
#DEFINES=-DSYSV -DSOLARIS
# Options for your compiler (eg, "-g" for debugging, "-O" for
# optimizing, or "-g -O" for both under GCC)
#COPT= -g -traditional $(DEFINES)
! #COPT= -g $(DEFINES)
! COPT= -O $(DEFINES)
# Version of "make" you want to use
#MAKE= gnumake
***************
*** 44,50 ****
# Destination directory for installation of binaries
! DEST= /usr/local/etc
# Destination directory for installation of man pages
--- 44,50 ----
# Destination directory for installation of binaries
! DEST= /usr/local/sbin
# Destination directory for installation of man pages
***************
*** 72,78 ****
# or -Bstatic for static binaries under SunOS 4.1.x)
#LDFL= -Bstatic
#LDFL=
! LDFL= -g
# Location of the fwtk sources [For #include by any external tools needing it]
--- 72,79 ----
# or -Bstatic for static binaries under SunOS 4.1.x)
#LDFL= -Bstatic
#LDFL=
! #LDFL= -g
! LDFL= -O
# Location of the fwtk sources [For #include by any external tools needing it]
***************
*** 81,87 ****
# Location of X libraries for X-gw
! XLIBDIR=/usr/X11/lib
#XLIBDIR=/usr/local/X11R5/lib
# X Libraries
--- 82,88 ----
# Location of X libraries for X-gw
! XLIBDIR=/usr/X11R6/lib
#XLIBDIR=/usr/local/X11R5/lib
# X Libraries
***************
*** 96,102 ****
#XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11
# Location of X include files
! XINCLUDE=/usr/X11/include
#XINCLUDE=/usr/local/X11R5/include
# Objects to include in libfwall for SYSV
--- 97,103 ----
#XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11
# Location of X include files
! XINCLUDE=/usr/X11R6/include
#XINCLUDE=/usr/local/X11R5/include
# Objects to include in libfwall for SYSV
diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris
*** ../TIS.orig/fwtk/Makefile.config.solaris Sat Sep 7 06:14:13 1996
--- fwtk/Makefile.config.solaris Sun Feb 2 06:09:19 1997
***************
*** 11,30 ****
#
# RcsId: "$Header: /cvsroot/src/dist/ipf/FWTK/fwtk_transparent.diff,v 1.2 2004/03/28 09:00:54 martti Exp $"
# Your C compiler (eg, "cc" or "gcc")
! CC= cc
# program to use for installation -- this may or may not preserve
# old versions (or whatever). assumes that it takes parameters:
# copy source dest
! CP= cp
# Defines for your operating system
#
! DEFINES=-DSYSV -DSOLARIS
#DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \
-Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \
--- 11,34 ----
#
# RcsId: "$Header: /cvsroot/src/dist/ipf/FWTK/fwtk_transparent.diff,v 1.2 2004/03/28 09:00:54 martti Exp $"
+ #
+ # Path to sources of ip_filter (ip_nat.h required in lib/hnam.c)
+ #
+ IPFPATH=/src/unpacked/firewall/ip_fil3.1.5
# Your C compiler (eg, "cc" or "gcc")
! CC= gcc
# program to use for installation -- this may or may not preserve
# old versions (or whatever). assumes that it takes parameters:
# copy source dest
! CP= /usr/ucb/install -c -s
# Defines for your operating system
#
! DEFINES=-DSYSV -DSOLARIS -DUSE_IP_FILTER -I$(IPFPATH)
#DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \
-Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \
***************
*** 45,52 ****
# Your ranlib utility (use "touch" if you don't have ranlib)
! RANLIB= ranlib
! #RANLIB= touch
# Destination directory for installation of binaries
--- 49,56 ----
# Your ranlib utility (use "touch" if you don't have ranlib)
! # RANLIB= ranlib
! RANLIB= touch
# Destination directory for installation of binaries
diff -cr ../TIS.orig/fwtk/firewall.h fwtk/firewall.h
*** ../TIS.orig/fwtk/firewall.h Sun Sep 8 05:55:26 1996
--- fwtk/firewall.h Sun Feb 2 05:23:33 1997
***************
*** 47,53 ****
system.
*/
#ifndef PERMFILE
! #define PERMFILE "/usr/local/etc/netperm-table"
#endif
/*
--- 47,53 ----
system.
*/
#ifndef PERMFILE
! #define PERMFILE "/etc/fwtk/netperm-table"
#endif
/*
***************
*** 67,73 ****
/* Choose a system logging facility for the firewall toolkit. */
#ifndef LFAC
! #define LFAC LOG_DAEMON
#endif
--- 67,73 ----
/* Choose a system logging facility for the firewall toolkit. */
#ifndef LFAC
! #define LFAC LOG_LOCAL5
#endif
***************
*** 215,220 ****
#define PERM_ALLOW 01
#define PERM_DENY 02
!
#define _INCL_FWALL_H
#endif
--- 215,222 ----
#define PERM_ALLOW 01
#define PERM_DENY 02
! #ifdef USE_IP_FILTER
! extern char *getdsthost(int, int*);
! #endif
#define _INCL_FWALL_H
#endif
diff -cr ../TIS.orig/fwtk/ftp-gw/ftp-gw.c fwtk/ftp-gw/ftp-gw.c
*** ../TIS.orig/fwtk/ftp-gw/ftp-gw.c Fri Sep 6 18:55:05 1996
--- fwtk/ftp-gw/ftp-gw.c Sat Feb 1 06:49:13 1997
***************
*** 50,55 ****
--- 50,59 ----
#ifndef FTPPORT
#define FTPPORT 21
#endif
+ #ifdef USE_IP_FILTER
+ static int do_transparent=0;
+ static int connectdest();
+ #endif
static Cfg *confp;
static char **validests = (char **)0;
***************
*** 170,175 ****
--- 174,182 ----
char xuf[1024];
char huf[128];
char *passuser = (char *)0; /* passed user as av */
+ #ifdef USE_IP_FILTER
+ char *psychic, *hotline;
+ #endif
#ifndef LOG_DAEMON
openlog("ftp-gw",LOG_PID);
***************
*** 313,320 ****
}
} else
timeout = 60*60;
-
/* display a welcome file or message */
if(passuser == (char *)0) {
if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
--- 320,330 ----
}
} else
timeout = 60*60;
+ #ifdef USE_IP_FILTER
+ psychic=getdsthost(0,NULL);
+ if(psychic) { do_transparent++; }
+ #endif
/* display a welcome file or message */
if(passuser == (char *)0) {
if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
***************
*** 322,327 ****
--- 332,345 ----
syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
exit(1);
}
+ #ifdef USE_IP_FILTER
+ if(do_transparent) {
+ if(sayfile2(0,cf->argv[0],220)) {
+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
+ exit(1);
+ }
+ } else
+ #endif /* USE_IP_FILTER */
if(sayfile(0,cf->argv[0],220)) {
syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
exit(1);
***************
*** 332,338 ****
if(authallflg)
if(say(0,"220-Proxy first requires authentication"))
exit(1);
! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
if(say(0,xuf))
exit(1);
}
--- 350,361 ----
if(authallflg)
if(say(0,"220-Proxy first requires authentication"))
exit(1);
! #ifdef USE_IP_FILTER
! if(do_transparent)
! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
! else
! #endif
! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
if(say(0,xuf))
exit(1);
}
***************
*** 352,358 ****
if(cmd_user(2,fakav,"user internal"))
exit(1);
}
!
/* main loop */
while(1) {
FD_ZERO(&rdy);
--- 375,386 ----
if(cmd_user(2,fakav,"user internal"))
exit(1);
}
! #ifdef USE_IP_FILTER
! if(do_transparent) {
! connectdest(psychic,21);
! }
! #endif
!
/* main loop */
while(1) {
FD_ZERO(&rdy);
***************
*** 676,681 ****
--- 704,719 ----
return(sayn(0,noad,sizeof(noad)-1));
}
+ #ifdef USE_IP_FILTER
+ if(do_transparent) {
+ if((rfd==(-1)) && (x=connectdest(dest,port))) return x;
+ sprintf(buf,"USER %s",user);
+ if(say(rfd,buf)) return(1);
+ x=getresp(rfd,buf,sizeof(buf),1);
+ if(sendsaved(0,x)) return(1);
+ return(say(0,buf));
+ }
+ #endif
if(*dest == '\0')
dest = "localhost";
***************
*** 717,723 ****
char ebuf[512];
strcpy(ebuf,buf);
! sprintf(buf,"521 %s: %s",dest,ebuf);
rfd = -1;
return(say(0,buf));
}
--- 755,766 ----
char ebuf[512];
strcpy(ebuf,buf);
! #ifdef USE_IP_FILTER
! if(do_transparent) {
! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
! } else
! #endif
! sprintf(buf,"521 %s: %s",dest,ebuf);
rfd = -1;
return(say(0,buf));
}
***************
*** 1874,1876 ****
--- 1917,2036 ----
dup(nread);
}
#endif
+
+ #ifdef USE_IP_FILTER
+ static int connectdest(dest, port)
+ char *dest;
+ short port;
+ {
+ char buf[1024], mbuf[512];
+ int msg_int, x;
+
+ if(*dest == '\0')
+ dest = "localhost";
+
+ if(validests != (char **)0) {
+ char **xp;
+ int x;
+
+ for(xp = validests; *xp != (char *)0; xp++) {
+ if(**xp == '!' && hostmatch(*xp + 1,dest)) {
+ return(baddest(0,dest));
+ } else {
+ if(hostmatch(*xp,dest))
+ break;
+ }
+ }
+ if(*xp == (char *)0)
+ return(baddest(0,dest));
+ }
+
+ /* Extended permissions processing goes in here for destination */
+ if(extendperm) {
+ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0);
+ if(msg_int == 1) {
+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
+ say(0,mbuf);
+ return(1);
+ } else {
+ if(msg_int == -1) {
+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
+ say(0,mbuf);
+ return(1);
+ }
+ }
+ }
+
+ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest);
+
+ if((rfd = conn_server(dest,port,0,buf)) < 0) {
+ char ebuf[512];
+
+ strcpy(ebuf,buf);
+ sprintf(buf,"521 %s: %s",dest,ebuf);
+ rfd = -1;
+ return(say(0,buf));
+ }
+ if(!do_transparent) {
+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
+ saveline(buf);
+ }
+
+ /* we are now connected and need to try the autologin thing */
+ x = getresp(rfd,buf,sizeof(buf),1);
+ if(x / 100 != COMPLETE) {
+ sendsaved(0,-1);
+ return(say(0,buf));
+ }
+ saveline(buf);
+
+ sendsaved(0,-1);
+ return 0;
+ }
+
+
+ /* ok, so i'm in a hurry. english paper due RSN. */
+ sayfile2(fd,fn,code)
+ int fd;
+ char *fn;
+ int code;
+ {
+ FILE *f;
+ char buf[BUFSIZ];
+ char yuf[BUFSIZ];
+ char *c;
+ int x;
+ int saidsomething = 0;
+
+ if((f = fopen(fn,"r")) == (FILE *)0)
+ return(1);
+ while(fgets(buf,sizeof(buf),f) != (char *)0) {
+ if((c = index(buf,'\n')) != (char *)0)
+ *c = '\0';
+ x = fgetc(f);
+ if(feof(f))
+ sprintf(yuf,"%3.3d-%s",code,buf);
+ else {
+ sprintf(yuf,"%3.3d-%s",code,buf);
+ ungetc(x,f);
+ }
+ if(say(fd,yuf)) {
+ fclose(f);
+ return(1);
+ }
+ saidsomething++;
+ }
+ fclose(f);
+ if (!saidsomething) {
+ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code);
+ sprintf(yuf, "%3.3d The file to display is empty",code);
+ if(say(fd,yuf)) {
+ fclose(f);
+ return(1);
+ }
+ }
+ return(0);
+ }
+
+ #endif /* USE_IP_FILTER */
diff -cr ../TIS.orig/fwtk/http-gw/http-gw.c fwtk/http-gw/http-gw.c
*** ../TIS.orig/fwtk/http-gw/http-gw.c Mon Sep 9 20:40:53 1996
--- fwtk/http-gw/http-gw.c Sun Feb 2 06:41:18 1997
***************
*** 27,32 ****
--- 27,35 ----
static char http_buffer[8192];
static char reason[8192];
static int checkBrowserType = 1;
+ #ifdef USE_IP_FILTER
+ static int do_transparent=0;
+ #endif
static void do_logging()
{ char *proto = "GOPHER";
***************
*** 422,427 ****
--- 425,441 ----
/*(NOT A SPECIAL FORM)*/
if((rem_type & TYPE_LOCAL)== 0){
+ #ifdef USE_IP_FILTER
+ char *psychic=getdsthost(sockfd,&def_port);
+ if(psychic) {
+ if(strlen(psychic)<=MAXHOSTNAMELEN) {
+ do_transparent++;
+ strncpy(def_httpd,psychic,strlen(psychic));
+ strncpy(def_server,psychic,strlen(psychic));
+ }
+ }
+
+ #endif /* USE_IP_FILTER */
/* See if it can be forwarded */
if( can_forward(buf)){
***************
*** 1513,1518 ****
--- 1527,1537 ----
parse_vec[0],
parse_vec[1],
ourname, ourport);
+ }
+ #ifdef USE_IP_FILTER
+ else if(do_transparent) {
+ sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]);
+ #endif /* USE_IP_FILTER */
}else{
sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
parse_vec[0], parse_vec[2],
diff -cr ../TIS.orig/fwtk/lib/hnam.c fwtk/lib/hnam.c
*** ../TIS.orig/fwtk/lib/hnam.c Sat Nov 5 00:30:19 1994
--- fwtk/lib/hnam.c Sat Feb 1 08:17:46 1997
***************
*** 20,25 ****
--- 20,37 ----
extern char *inet_ntoa();
+ #if defined(USE_IP_FILTER)
+ #include <net/if.h>
+ #ifndef LINUX
+ #include "ip_nat.h"
+ #endif
+ #if defined(SOLARIS)
+ #include <sys/stat.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+ #include <sys/ioccom.h>
+ #endif
+ #endif /* IP_FILTER */
#include "firewall.h"
***************
*** 45,47 ****
--- 57,158 ----
bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
return(inet_ntoa(sin.sin_addr));
}
+
+
+
+ #ifdef USE_IP_FILTER
+ char *getdsthost(fd, ptr)
+ int fd;
+ int *ptr;
+ {
+ struct sockaddr_in sin;
+ struct hostent *hp;
+ int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0;
+ static char buf[255], hostbuf[255];
+ #if defined(__FreeBSD__) || defined(SOLARIS)
+ struct sockaddr_in rsin;
+ struct natlookup natlookup;
+ int natfd;
+ #endif
+
+ #ifdef linux
+ /* This should also work for UDP. Unfortunately, it doesn't.
+ Maybe when the Linux UDP proxy code gets a little cleaner.
+ */
+ if(!(err=getsockname(0,&sin,&sl))) {
+ if(ptr) *ptr=ntohs(sin.sin_port);
+ sprintf(buf,"%s",inet_ntoa(sin.sin_addr));
+ gethostname(hostbuf,254);
+ hp=gethostbyname(hostbuf);
+ while(hp->h_addr_list[i]) {
+ bzero(&sin,&sl);
+ memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++]));
+ if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++;
+ }
+ if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); }
+ else { return(buf); }
+ }
+ #endif
+
+ #if defined(__FreeBSD__)
+ /* The basis for this block of code is Darren Reed's
+ patches to the TIS ftwk's ftp-gw.
+ */
+ bzero((char*)&sin,sizeof(sin));
+ bzero((char*)&rsin,sizeof(rsin));
+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
+ return NULL;
+ }
+ sl=sizeof(rsin);
+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
+ return NULL;
+ }
+ natlookup.nl_inport=sin.sin_port;
+ natlookup.nl_outport=rsin.sin_port;
+ natlookup.nl_inip=sin.sin_addr;
+ natlookup.nl_outip=rsin.sin_addr;
+ if((natfd=open("/dev/ipnat",O_RDONLY))<0) {
+ return(NULL);
+ }
+ if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) {
+ return(NULL);
+ }
+ close(natfd);
+ if(ptr) *ptr=ntohs(natlookup.nl_realport);
+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip));
+ #endif
+
+ #if defined(SOLARIS) /* for Solaris */
+ /* The basis for this block of code is Darren Reed's
+ * patches to the TIS ftwk's ftp-gw.
+ * modified for Solaris from Michael Kutzner, Michael.Kutzner@paderlinx.de
+ */
+ memset((char*)&sin, 0, sizeof(sin));
+ memset((char*)&rsin, 0, sizeof(rsin));
+
+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
+ return NULL;
+ }
+ sl=sizeof(rsin);
+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
+ return NULL;
+ }
+ natlookup.nl_inport=sin.sin_port;
+ natlookup.nl_outport=rsin.sin_port;
+ natlookup.nl_inip=sin.sin_addr;
+ natlookup.nl_outip=rsin.sin_addr;
+ if( (natfd=open(IPL_NAT,O_RDONLY)) < 0) {
+ return(NULL);
+ }
+ if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) {
+ return(NULL);
+ }
+ close(natfd);
+ if(ptr) *ptr=ntohs(natlookup.nl_realport);
+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip));
+ #endif
+
+ /* No transparent proxy support */
+ return(NULL);
+ }
+ #endif /* USE_IP_FILTER */
diff -cr ../TIS.orig/fwtk/plug-gw/plug-gw.c fwtk/plug-gw/plug-gw.c
*** ../TIS.orig/fwtk/plug-gw/plug-gw.c Thu Sep 5 21:36:33 1996
--- fwtk/plug-gw/plug-gw.c Sun Feb 2 04:50:40 1997
***************
*** 38,44 ****
static int timeout = PROXY_TIMEOUT;
static char **validdests = (char **)0;
static Cfg *confp;
!
main(ac,av)
int ac;
char *av[];
--- 38,46 ----
static int timeout = PROXY_TIMEOUT;
static char **validdests = (char **)0;
static Cfg *confp;
! #ifdef USE_IP_FILTER
! static int do_transparent=0;
! #endif
main(ac,av)
int ac;
char *av[];
***************
*** 189,201 ****
static char buf[1024 * 4];
void (*op)();
char *dhost = NULL;
char hostport[1024 * 4];
char *ptr;
int state = 0;
int ssl_plug = 0;
!
struct timeval timo;
if(c->flags & PERM_DENY) {
if (p == -1)
syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr);
--- 191,215 ----
static char buf[1024 * 4];
void (*op)();
char *dhost = NULL;
+ char *transhost = NULL;
char hostport[1024 * 4];
char *ptr;
int state = 0;
int ssl_plug = 0;
! #ifdef USE_IP_FILTER
! int pport;
! #endif
struct timeval timo;
+ #ifdef USE_IP_FILTER
+ /* Transparent plug-gw is probably a bad idea, but hey .. */
+ transhost=getdsthost(0,&pport);
+ if(transhost) {
+ do_transparent++;
+ portid=pport;
+ }
+ #endif
+
if(c->flags & PERM_DENY) {
if (p == -1)
syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr);
***************
*** 223,229 ****
privport = 1;
continue;
}
!
if (!strcmp(av[x], "-port")) {
if (++x >= ac) {
syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln);
--- 237,248 ----
privport = 1;
continue;
}
! #ifdef USE_IP_FILTER
! if (!strcmp(av[x],"-all-destinations")) {
! dhost = transhost;
! continue;
! }
! #endif
if (!strcmp(av[x], "-port")) {
if (++x >= ac) {
syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln);
diff -cr ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c fwtk/rlogin-gw/rlogin-gw.c
*** ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c Fri Sep 6 18:56:33 1996
--- fwtk/rlogin-gw/rlogin-gw.c Sun Feb 2 06:26:04 1997
***************
*** 40,46 ****
extern char *maphostname();
!
static int cmd_quit();
static int cmd_help();
static int cmd_connect();
--- 40,48 ----
extern char *maphostname();
! #ifdef USE_IP_FILTER
! static int do_transparent=0;
! #endif
static int cmd_quit();
static int cmd_help();
static int cmd_connect();
***************
*** 120,125 ****
--- 122,130 ----
static char *tokav[56];
int tokac;
struct timeval timo;
+ #ifdef USE_IP_FILTER
+ char *psychic;
+ #endif
#ifndef LOG_NDELAY
openlog("rlogin-gw",LOG_PID);
***************
*** 186,192 ****
}
!
if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
if(cf->argc != 1) {
syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln);
--- 191,204 ----
}
! #ifdef USE_IP_FILTER
! psychic=getdsthost(0,NULL);
! if(psychic) {
! do_transparent++;
! strncpy(dest,psychic,511);
! dest[511]='\0';
! }
! #endif /* USE_IP_FILTER */
if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
if(cf->argc != 1) {
syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln);
***************
*** 260,269 ****
}
/* if present a host name, chop and save username and hostname */
- dest[0] = '\0';
if((p = index(rusername,'@')) != (char *)0) {
char *namp;
*p++ = '\0';
if(*p == '\0')
p = "localhost";
--- 272,281 ----
}
/* if present a host name, chop and save username and hostname */
if((p = index(rusername,'@')) != (char *)0) {
char *namp;
+ dest[0] = '\0';
*p++ = '\0';
if(*p == '\0')
p = "localhost";
***************
*** 532,539 ****
--- 544,557 ----
sprintf(ebuf,"Trying %s@%s...",rusername,namp);
else
sprintf(ebuf,"Trying %s...",namp);
+ #ifdef USE_IP_FILTER
+ if(!do_transparent) {
+ #endif
if(say(0,ebuf))
return(1);
+ #ifdef USE_IP_FILTER
+ }
+ #endif
} else
syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]);
if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
diff -cr ../TIS.orig/fwtk/tn-gw/tn-gw.c fwtk/tn-gw/tn-gw.c
*** ../TIS.orig/fwtk/tn-gw/tn-gw.c Fri Sep 6 18:55:48 1996
--- fwtk/tn-gw/tn-gw.c Sun Feb 2 06:06:33 1997
***************
*** 97,102 ****
--- 97,106 ----
static int timeout = PROXY_TIMEOUT;
static char timed_out_msg[] = "\r\nConnection closed due to inactivity";
+ #ifdef USE_IP_FILTER
+ static int do_transparent=0;
+ #endif
+
typedef struct {
char *name;
char *hmsg;
***************
*** 140,145 ****
--- 144,153 ----
char tokbuf[BSIZ];
char *tokav[56];
int tokac;
+ #ifdef USE_IP_FILTER
+ int port;
+ char *psychic;
+ #endif
#ifndef LOG_DAEMON
openlog("tn-gw",LOG_PID);
***************
*** 307,313 ****
exit(1);
}
}
!
while (argc > 1) {
argc--;
argv++;
--- 315,349 ----
exit(1);
}
}
! #ifdef USE_IP_FILTER
! psychic=getdsthost(0,&port);
! if(psychic) {
! if((strlen(psychic) + 10) < 510) {
! do_transparent++;
! if(port)
! sprintf(dest,"%s:%d",psychic,port);
! else
! sprintf(dest,"%s",psychic);
!
!
! if(!welcomedone)
! if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
! if(cf->argc != 1) {
! syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
! exit(1);
! }
! if(sayfile(0,cf->argv[0])) {
! syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]);
! exit(1);
! }
! welcomedone = 1;
! }
!
!
! }
! }
!
! #endif /* USE_IP_FILTER */
while (argc > 1) {
argc--;
argv++;
***************
*** 870,877 ****
syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
sprintf(ebuf,"Trying %s port %d...",namp,port);
! if(say(0,ebuf))
! return(1);
} else
syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
--- 906,920 ----
syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
sprintf(ebuf,"Trying %s port %d...",namp,port);
! #ifdef USE_IP_FILTER
! if(!do_transparent) {
! sprintf(ebuf,"Trying %s port %d...",namp,port);
! #endif
! if(say(0,ebuf))
! return(1);
! #ifdef USE_IP_FILTER
! }
! #endif
} else
syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
***************
*** 903,910 ****
syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
strncpy(dest,av[1], 511);
! sprintf(buf, "Connected to %s.", dest);
say(0, buf);
return(2);
}
--- 946,959 ----
syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
strncpy(dest,av[1], 511);
! #ifdef USE_IP_FILTER
! if(!do_transparent) {
! sprintf(buf, "Connected to %s.", dest);
! say(0, buf);
! }
! #else
say(0, buf);
+ #endif
return(2);
}
diff -cr ../TIS.orig/fwtk/x-gw/socket.c fwtk/x-gw/socket.c
*** ../TIS.orig/fwtk/x-gw/socket.c Sat Sep 7 05:16:35 1996
--- fwtk/x-gw/socket.c Sun Feb 2 05:26:44 1997
***************
*** 212,218 ****
case AF_UNIX: un_name = (struct sockaddr_un *)addr;
len = sizeof(un_name->sun_family) +
sizeof(un_name->sun_path)
! #ifdef SCM_RIGHTS /* 4.3BSD Reno and later */
+ sizeof(un_name->sun_len) + 1
#endif
;
--- 212,218 ----
case AF_UNIX: un_name = (struct sockaddr_un *)addr;
len = sizeof(un_name->sun_family) +
sizeof(un_name->sun_path)
! #if defined(SCM_RIGHTS) && !defined(LINUX)/* 4.3BSD Reno and later */
+ sizeof(un_name->sun_len) + 1
#endif
;
Only in fwtk/x-gw: socket.c.bak