mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-10-19 02:29:40 +00:00
Code Issues Releases Activity
f27f47054d
freebsd/FWTK/fwtk_transparent.diff
Cy Schubert f27f47054d As per the developers handbook (5.3.1 step 1), prepare the vendor trees for 
import of new ipfilter vendor sources by flattening them.

To keep the tags consistent with dist, the tags are also flattened.

Approved by:	glebius (Mentor)
2013-07-19 05:41:57 +00:00

1026 lines
26 KiB
Diff
Raw Blame History

diff -cr ../TIS.orig/fwtk/Makefile.config.linux fwtk/Makefile.config.linux
*** ../TIS.orig/fwtk/Makefile.config.linux Sat Sep 7 05:58:21 1996
--- fwtk/Makefile.config.linux Sun Feb 2 05:48:01 1997
***************
*** 13,19 ****
# Your C compiler (eg, "cc" or "gcc")
! CC= cc
# program to use for installation -- this may or may not preserve
--- 13,19 ----
# Your C compiler (eg, "cc" or "gcc")
! CC= gcc
# program to use for installation -- this may or may not preserve
***************
*** 24,37 ****
# Defines for your operating system
#
! DEFINES=-DLINUX
#DEFINES=-DSYSV -DSOLARIS
# Options for your compiler (eg, "-g" for debugging, "-O" for
# optimizing, or "-g -O" for both under GCC)
#COPT= -g -traditional $(DEFINES)
! COPT= -g $(DEFINES)
! #COPT= -O $(DEFINES)
# Version of "make" you want to use
#MAKE= gnumake
--- 24,37 ----
# Defines for your operating system
#
! DEFINES=-DLINUX -DUSE_IP_FILTER
#DEFINES=-DSYSV -DSOLARIS
# Options for your compiler (eg, "-g" for debugging, "-O" for
# optimizing, or "-g -O" for both under GCC)
#COPT= -g -traditional $(DEFINES)
! #COPT= -g $(DEFINES)
! COPT= -O $(DEFINES)
# Version of "make" you want to use
#MAKE= gnumake
***************
*** 44,50 ****
# Destination directory for installation of binaries
! DEST= /usr/local/etc
# Destination directory for installation of man pages
--- 44,50 ----
# Destination directory for installation of binaries
! DEST= /usr/local/sbin
# Destination directory for installation of man pages
***************
*** 72,78 ****
# or -Bstatic for static binaries under SunOS 4.1.x)
#LDFL= -Bstatic
#LDFL=
! LDFL= -g
# Location of the fwtk sources [For #include by any external tools needing it]
--- 72,79 ----
# or -Bstatic for static binaries under SunOS 4.1.x)
#LDFL= -Bstatic
#LDFL=
! #LDFL= -g
! LDFL= -O
# Location of the fwtk sources [For #include by any external tools needing it]
***************
*** 81,87 ****
# Location of X libraries for X-gw
! XLIBDIR=/usr/X11/lib
#XLIBDIR=/usr/local/X11R5/lib
# X Libraries
--- 82,88 ----
# Location of X libraries for X-gw
! XLIBDIR=/usr/X11R6/lib
#XLIBDIR=/usr/local/X11R5/lib
# X Libraries
***************
*** 96,102 ****
#XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11
# Location of X include files
! XINCLUDE=/usr/X11/include
#XINCLUDE=/usr/local/X11R5/include
# Objects to include in libfwall for SYSV
--- 97,103 ----
#XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11
# Location of X include files
! XINCLUDE=/usr/X11R6/include
#XINCLUDE=/usr/local/X11R5/include
# Objects to include in libfwall for SYSV
diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris
*** ../TIS.orig/fwtk/Makefile.config.solaris Sat Sep 7 06:14:13 1996
--- fwtk/Makefile.config.solaris Sun Feb 2 06:09:19 1997
***************
*** 11,30 ****
#
# RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.2 2001/02/28 09:36:06 darrenr Exp $"
# Your C compiler (eg, "cc" or "gcc")
! CC= cc
# program to use for installation -- this may or may not preserve
# old versions (or whatever). assumes that it takes parameters:
# copy source dest
! CP= cp
# Defines for your operating system
#
! DEFINES=-DSYSV -DSOLARIS
#DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \
-Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \
--- 11,34 ----
#
# RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.2 2001/02/28 09:36:06 darrenr Exp $"
+ #
+ # Path to sources of ip_filter (ip_nat.h required in lib/hnam.c)
+ #
+ IPFPATH=/src/unpacked/firewall/ip_fil3.1.5
# Your C compiler (eg, "cc" or "gcc")
! CC= gcc
# program to use for installation -- this may or may not preserve
# old versions (or whatever). assumes that it takes parameters:
# copy source dest
! CP= /usr/ucb/install -c -s
# Defines for your operating system
#
! DEFINES=-DSYSV -DSOLARIS -DUSE_IP_FILTER -I$(IPFPATH)
#DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \
-Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \
***************
*** 45,52 ****
# Your ranlib utility (use "touch" if you don't have ranlib)
! RANLIB= ranlib
! #RANLIB= touch
# Destination directory for installation of binaries
--- 49,56 ----
# Your ranlib utility (use "touch" if you don't have ranlib)
! # RANLIB= ranlib
! RANLIB= touch
# Destination directory for installation of binaries
diff -cr ../TIS.orig/fwtk/firewall.h fwtk/firewall.h
*** ../TIS.orig/fwtk/firewall.h Sun Sep 8 05:55:26 1996
--- fwtk/firewall.h Sun Feb 2 05:23:33 1997
***************
*** 47,53 ****
system.
*/
#ifndef PERMFILE
! #define PERMFILE "/usr/local/etc/netperm-table"
#endif
/*
--- 47,53 ----
system.
*/
#ifndef PERMFILE
! #define PERMFILE "/etc/fwtk/netperm-table"
#endif
/*
***************
*** 67,73 ****
/* Choose a system logging facility for the firewall toolkit. */
#ifndef LFAC
! #define LFAC LOG_DAEMON
#endif
--- 67,73 ----
/* Choose a system logging facility for the firewall toolkit. */
#ifndef LFAC
! #define LFAC LOG_LOCAL5
#endif
***************
*** 215,220 ****
#define PERM_ALLOW 01
#define PERM_DENY 02
!
#define _INCL_FWALL_H
#endif
--- 215,222 ----
#define PERM_ALLOW 01
#define PERM_DENY 02
! #ifdef USE_IP_FILTER
! extern char *getdsthost(int, int*);
! #endif
#define _INCL_FWALL_H
#endif
diff -cr ../TIS.orig/fwtk/ftp-gw/ftp-gw.c fwtk/ftp-gw/ftp-gw.c
*** ../TIS.orig/fwtk/ftp-gw/ftp-gw.c Fri Sep 6 18:55:05 1996
--- fwtk/ftp-gw/ftp-gw.c Sat Feb 1 06:49:13 1997
***************
*** 50,55 ****
--- 50,59 ----
#ifndef FTPPORT
#define FTPPORT 21
#endif
+ #ifdef USE_IP_FILTER
+ static int do_transparent=0;
+ static int connectdest();
+ #endif
static Cfg *confp;
static char **validests = (char **)0;
***************
*** 170,175 ****
--- 174,182 ----
char xuf[1024];
char huf[128];
char *passuser = (char *)0; /* passed user as av */
+ #ifdef USE_IP_FILTER
+ char *psychic, *hotline;
+ #endif
#ifndef LOG_DAEMON
openlog("ftp-gw",LOG_PID);
***************
*** 313,320 ****
}
} else
timeout = 60*60;
-
/* display a welcome file or message */
if(passuser == (char *)0) {
if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
--- 320,330 ----
}
} else
timeout = 60*60;
+ #ifdef USE_IP_FILTER
+ psychic=getdsthost(0,NULL);
+ if(psychic) { do_transparent++; }
+ #endif
/* display a welcome file or message */
if(passuser == (char *)0) {
if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
***************
*** 322,327 ****
--- 332,345 ----
syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
exit(1);
}
+ #ifdef USE_IP_FILTER
+ if(do_transparent) {
+ if(sayfile2(0,cf->argv[0],220)) {
+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
+ exit(1);
+ }
+ } else
+ #endif /* USE_IP_FILTER */
if(sayfile(0,cf->argv[0],220)) {
syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
exit(1);
***************
*** 332,338 ****
if(authallflg)
if(say(0,"220-Proxy first requires authentication"))
exit(1);
! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
if(say(0,xuf))
exit(1);
}
--- 350,361 ----
if(authallflg)
if(say(0,"220-Proxy first requires authentication"))
exit(1);
! #ifdef USE_IP_FILTER
! if(do_transparent)
! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
! else
! #endif
! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR);
if(say(0,xuf))
exit(1);
}
***************
*** 352,358 ****
if(cmd_user(2,fakav,"user internal"))
exit(1);
}
!
/* main loop */
while(1) {
FD_ZERO(&rdy);
--- 375,386 ----
if(cmd_user(2,fakav,"user internal"))
exit(1);
}
! #ifdef USE_IP_FILTER
! if(do_transparent) {
! connectdest(psychic,21);
! }
! #endif
!
/* main loop */
while(1) {
FD_ZERO(&rdy);
***************
*** 676,681 ****
--- 704,719 ----
return(sayn(0,noad,sizeof(noad)-1));
}
+ #ifdef USE_IP_FILTER
+ if(do_transparent) {
+ if((rfd==(-1)) && (x=connectdest(dest,port))) return x;
+ sprintf(buf,"USER %s",user);
+ if(say(rfd,buf)) return(1);
+ x=getresp(rfd,buf,sizeof(buf),1);
+ if(sendsaved(0,x)) return(1);
+ return(say(0,buf));
+ }
+ #endif
if(*dest == '\0')
dest = "localhost";
***************
*** 717,723 ****
char ebuf[512];
strcpy(ebuf,buf);
! sprintf(buf,"521 %s: %s",dest,ebuf);
rfd = -1;
return(say(0,buf));
}
--- 755,766 ----
char ebuf[512];
strcpy(ebuf,buf);
! #ifdef USE_IP_FILTER
! if(do_transparent) {
! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
! } else
! #endif
! sprintf(buf,"521 %s: %s",dest,ebuf);
rfd = -1;
return(say(0,buf));
}
***************
*** 1874,1876 ****
--- 1917,2036 ----
dup(nread);
}
#endif
+
+ #ifdef USE_IP_FILTER
+ static int connectdest(dest, port)
+ char *dest;
+ short port;
+ {
+ char buf[1024], mbuf[512];
+ int msg_int, x;
+
+ if(*dest == '\0')
+ dest = "localhost";
+
+ if(validests != (char **)0) {
+ char **xp;
+ int x;
+
+ for(xp = validests; *xp != (char *)0; xp++) {
+ if(**xp == '!' && hostmatch(*xp + 1,dest)) {
+ return(baddest(0,dest));
+ } else {
+ if(hostmatch(*xp,dest))
+ break;
+ }
+ }
+ if(*xp == (char *)0)
+ return(baddest(0,dest));
+ }
+
+ /* Extended permissions processing goes in here for destination */
+ if(extendperm) {
+ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0);
+ if(msg_int == 1) {
+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
+ say(0,mbuf);
+ return(1);
+ } else {
+ if(msg_int == -1) {
+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
+ say(0,mbuf);
+ return(1);
+ }
+ }
+ }
+
+ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest);
+
+ if((rfd = conn_server(dest,port,0,buf)) < 0) {
+ char ebuf[512];
+
+ strcpy(ebuf,buf);
+ sprintf(buf,"521 %s: %s",dest,ebuf);
+ rfd = -1;
+ return(say(0,buf));
+ }
+ if(!do_transparent) {
+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
+ saveline(buf);
+ }
+
+ /* we are now connected and need to try the autologin thing */
+ x = getresp(rfd,buf,sizeof(buf),1);
+ if(x / 100 != COMPLETE) {
+ sendsaved(0,-1);
+ return(say(0,buf));
+ }
+ saveline(buf);
+
+ sendsaved(0,-1);
+ return 0;
+ }
+
+
+ /* ok, so i'm in a hurry. english paper due RSN. */
+ sayfile2(fd,fn,code)
+ int fd;
+ char *fn;
+ int code;
+ {
+ FILE *f;
+ char buf[BUFSIZ];
+ char yuf[BUFSIZ];
+ char *c;
+ int x;
+ int saidsomething = 0;
+
+ if((f = fopen(fn,"r")) == (FILE *)0)
+ return(1);
+ while(fgets(buf,sizeof(buf),f) != (char *)0) {
+ if((c = index(buf,'\n')) != (char *)0)
+ *c = '\0';
+ x = fgetc(f);
+ if(feof(f))
+ sprintf(yuf,"%3.3d-%s",code,buf);
+ else {
+ sprintf(yuf,"%3.3d-%s",code,buf);
+ ungetc(x,f);
+ }
+ if(say(fd,yuf)) {
+ fclose(f);
+ return(1);
+ }
+ saidsomething++;
+ }
+ fclose(f);
+ if (!saidsomething) {
+ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code);
+ sprintf(yuf, "%3.3d The file to display is empty",code);
+ if(say(fd,yuf)) {
+ fclose(f);
+ return(1);
+ }
+ }
+ return(0);
+ }
+
+ #endif /* USE_IP_FILTER */
diff -cr ../TIS.orig/fwtk/http-gw/http-gw.c fwtk/http-gw/http-gw.c
*** ../TIS.orig/fwtk/http-gw/http-gw.c Mon Sep 9 20:40:53 1996
--- fwtk/http-gw/http-gw.c Sun Feb 2 06:41:18 1997
***************
*** 27,32 ****
--- 27,35 ----
static char http_buffer[8192];
static char reason[8192];
static int checkBrowserType = 1;
+ #ifdef USE_IP_FILTER
+ static int do_transparent=0;
+ #endif
static void do_logging()
{ char *proto = "GOPHER";
***************
*** 422,427 ****
--- 425,441 ----
/*(NOT A SPECIAL FORM)*/
if((rem_type & TYPE_LOCAL)== 0){
+ #ifdef USE_IP_FILTER
+ char *psychic=getdsthost(sockfd,&def_port);
+ if(psychic) {
+ if(strlen(psychic)<=MAXHOSTNAMELEN) {
+ do_transparent++;
+ strncpy(def_httpd,psychic,strlen(psychic));
+ strncpy(def_server,psychic,strlen(psychic));
+ }
+ }
+
+ #endif /* USE_IP_FILTER */
/* See if it can be forwarded */
if( can_forward(buf)){
***************
*** 1513,1518 ****
--- 1527,1537 ----
parse_vec[0],
parse_vec[1],
ourname, ourport);
+ }
+ #ifdef USE_IP_FILTER
+ else if(do_transparent) {
+ sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]);
+ #endif /* USE_IP_FILTER */
}else{
sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
parse_vec[0], parse_vec[2],
diff -cr ../TIS.orig/fwtk/lib/hnam.c fwtk/lib/hnam.c
*** ../TIS.orig/fwtk/lib/hnam.c Sat Nov 5 00:30:19 1994
--- fwtk/lib/hnam.c Sat Feb 1 08:17:46 1997
***************
*** 20,25 ****
--- 20,37 ----
extern char *inet_ntoa();
+ #if defined(USE_IP_FILTER)
+ #include <net/if.h>
+ #ifndef LINUX
+ #include "ip_nat.h"
+ #endif
+ #if defined(SOLARIS)
+ #include <sys/stat.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+ #include <sys/ioccom.h>
+ #endif
+ #endif /* IP_FILTER */
#include "firewall.h"
***************
*** 45,47 ****
--- 57,158 ----
bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
return(inet_ntoa(sin.sin_addr));
}
+
+
+
+ #ifdef USE_IP_FILTER
+ char *getdsthost(fd, ptr)
+ int fd;
+ int *ptr;
+ {
+ struct sockaddr_in sin;
+ struct hostent *hp;
+ int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0;
+ static char buf[255], hostbuf[255];
+ #if defined(__FreeBSD__) || defined(SOLARIS)
+ struct sockaddr_in rsin;
+ struct natlookup natlookup;
+ int natfd;
+ #endif
+
+ #ifdef linux
+ /* This should also work for UDP. Unfortunately, it doesn't.
+ Maybe when the Linux UDP proxy code gets a little cleaner.
+ */
+ if(!(err=getsockname(0,&sin,&sl))) {
+ if(ptr) *ptr=ntohs(sin.sin_port);
+ sprintf(buf,"%s",inet_ntoa(sin.sin_addr));
+ gethostname(hostbuf,254);
+ hp=gethostbyname(hostbuf);
+ while(hp->h_addr_list[i]) {
+ bzero(&sin,&sl);
+ memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++]));
+ if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++;
+ }
+ if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); }
+ else { return(buf); }
+ }
+ #endif
+
+ #if defined(__FreeBSD__)
+ /* The basis for this block of code is Darren Reed's
+ patches to the TIS ftwk's ftp-gw.
+ */
+ bzero((char*)&sin,sizeof(sin));
+ bzero((char*)&rsin,sizeof(rsin));
+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
+ return NULL;
+ }
+ sl=sizeof(rsin);
+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
+ return NULL;
+ }
+ natlookup.nl_inport=sin.sin_port;
+ natlookup.nl_outport=rsin.sin_port;
+ natlookup.nl_inip=sin.sin_addr;
+ natlookup.nl_outip=rsin.sin_addr;
+ if((natfd=open("/dev/ipnat",O_RDONLY))<0) {
+ return(NULL);
+ }
+ if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) {
+ return(NULL);
+ }
+ close(natfd);
+ if(ptr) *ptr=ntohs(natlookup.nl_realport);
+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip));
+ #endif
+
+ #if defined(SOLARIS) /* for Solaris */
+ /* The basis for this block of code is Darren Reed's
+ * patches to the TIS ftwk's ftp-gw.
+ * modified for Solaris from Michael Kutzner, Michael.Kutzner@paderlinx.de
+ */
+ memset((char*)&sin, 0, sizeof(sin));
+ memset((char*)&rsin, 0, sizeof(rsin));
+
+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
+ return NULL;
+ }
+ sl=sizeof(rsin);
+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
+ return NULL;
+ }
+ natlookup.nl_inport=sin.sin_port;
+ natlookup.nl_outport=rsin.sin_port;
+ natlookup.nl_inip=sin.sin_addr;
+ natlookup.nl_outip=rsin.sin_addr;
+ if( (natfd=open(IPL_NAT,O_RDONLY)) < 0) {
+ return(NULL);
+ }
+ if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) {
+ return(NULL);
+ }
+ close(natfd);
+ if(ptr) *ptr=ntohs(natlookup.nl_realport);
+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip));
+ #endif
+
+ /* No transparent proxy support */
+ return(NULL);
+ }
+ #endif /* USE_IP_FILTER */
diff -cr ../TIS.orig/fwtk/plug-gw/plug-gw.c fwtk/plug-gw/plug-gw.c
*** ../TIS.orig/fwtk/plug-gw/plug-gw.c Thu Sep 5 21:36:33 1996
--- fwtk/plug-gw/plug-gw.c Sun Feb 2 04:50:40 1997
***************
*** 38,44 ****
static int timeout = PROXY_TIMEOUT;
static char **validdests = (char **)0;
static Cfg *confp;
!
main(ac,av)
int ac;
char *av[];
--- 38,46 ----
static int timeout = PROXY_TIMEOUT;
static char **validdests = (char **)0;
static Cfg *confp;
! #ifdef USE_IP_FILTER
! static int do_transparent=0;
! #endif
main(ac,av)
int ac;
char *av[];
***************
*** 189,201 ****
static char buf[1024 * 4];
void (*op)();
char *dhost = NULL;
char hostport[1024 * 4];
char *ptr;
int state = 0;
int ssl_plug = 0;
!
struct timeval timo;
if(c->flags & PERM_DENY) {
if (p == -1)
syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr);
--- 191,215 ----
static char buf[1024 * 4];
void (*op)();
char *dhost = NULL;
+ char *transhost = NULL;
char hostport[1024 * 4];
char *ptr;
int state = 0;
int ssl_plug = 0;
! #ifdef USE_IP_FILTER
! int pport;
! #endif
struct timeval timo;
+ #ifdef USE_IP_FILTER
+ /* Transparent plug-gw is probably a bad idea, but hey .. */
+ transhost=getdsthost(0,&pport);
+ if(transhost) {
+ do_transparent++;
+ portid=pport;
+ }
+ #endif
+
if(c->flags & PERM_DENY) {
if (p == -1)
syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr);
***************
*** 223,229 ****
privport = 1;
continue;
}
!
if (!strcmp(av[x], "-port")) {
if (++x >= ac) {
syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln);
--- 237,248 ----
privport = 1;
continue;
}
! #ifdef USE_IP_FILTER
! if (!strcmp(av[x],"-all-destinations")) {
! dhost = transhost;
! continue;
! }
! #endif
if (!strcmp(av[x], "-port")) {
if (++x >= ac) {
syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln);
diff -cr ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c fwtk/rlogin-gw/rlogin-gw.c
*** ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c Fri Sep 6 18:56:33 1996
--- fwtk/rlogin-gw/rlogin-gw.c Sun Feb 2 06:26:04 1997
***************
*** 40,46 ****
extern char *maphostname();
!
static int cmd_quit();
static int cmd_help();
static int cmd_connect();
--- 40,48 ----
extern char *maphostname();
! #ifdef USE_IP_FILTER
! static int do_transparent=0;
! #endif
static int cmd_quit();
static int cmd_help();
static int cmd_connect();
***************
*** 120,125 ****
--- 122,130 ----
static char *tokav[56];
int tokac;
struct timeval timo;
+ #ifdef USE_IP_FILTER
+ char *psychic;
+ #endif
#ifndef LOG_NDELAY
openlog("rlogin-gw",LOG_PID);
***************
*** 186,192 ****
}
!
if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
if(cf->argc != 1) {
syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln);
--- 191,204 ----
}
! #ifdef USE_IP_FILTER
! psychic=getdsthost(0,NULL);
! if(psychic) {
! do_transparent++;
! strncpy(dest,psychic,511);
! dest[511]='\0';
! }
! #endif /* USE_IP_FILTER */
if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
if(cf->argc != 1) {
syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln);
***************
*** 260,269 ****
}
/* if present a host name, chop and save username and hostname */
- dest[0] = '\0';
if((p = index(rusername,'@')) != (char *)0) {
char *namp;
*p++ = '\0';
if(*p == '\0')
p = "localhost";
--- 272,281 ----
}
/* if present a host name, chop and save username and hostname */
if((p = index(rusername,'@')) != (char *)0) {
char *namp;
+ dest[0] = '\0';
*p++ = '\0';
if(*p == '\0')
p = "localhost";
***************
*** 532,539 ****
--- 544,557 ----
sprintf(ebuf,"Trying %s@%s...",rusername,namp);
else
sprintf(ebuf,"Trying %s...",namp);
+ #ifdef USE_IP_FILTER
+ if(!do_transparent) {
+ #endif
if(say(0,ebuf))
return(1);
+ #ifdef USE_IP_FILTER
+ }
+ #endif
} else
syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]);
if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
diff -cr ../TIS.orig/fwtk/tn-gw/tn-gw.c fwtk/tn-gw/tn-gw.c
*** ../TIS.orig/fwtk/tn-gw/tn-gw.c Fri Sep 6 18:55:48 1996
--- fwtk/tn-gw/tn-gw.c Sun Feb 2 06:06:33 1997
***************
*** 97,102 ****
--- 97,106 ----
static int timeout = PROXY_TIMEOUT;
static char timed_out_msg[] = "\r\nConnection closed due to inactivity";
+ #ifdef USE_IP_FILTER
+ static int do_transparent=0;
+ #endif
+
typedef struct {
char *name;
char *hmsg;
***************
*** 140,145 ****
--- 144,153 ----
char tokbuf[BSIZ];
char *tokav[56];
int tokac;
+ #ifdef USE_IP_FILTER
+ int port;
+ char *psychic;
+ #endif
#ifndef LOG_DAEMON
openlog("tn-gw",LOG_PID);
***************
*** 307,313 ****
exit(1);
}
}
!
while (argc > 1) {
argc--;
argv++;
--- 315,349 ----
exit(1);
}
}
! #ifdef USE_IP_FILTER
! psychic=getdsthost(0,&port);
! if(psychic) {
! if((strlen(psychic) + 10) < 510) {
! do_transparent++;
! if(port)
! sprintf(dest,"%s:%d",psychic,port);
! else
! sprintf(dest,"%s",psychic);
!
!
! if(!welcomedone)
! if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
! if(cf->argc != 1) {
! syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
! exit(1);
! }
! if(sayfile(0,cf->argv[0])) {
! syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]);
! exit(1);
! }
! welcomedone = 1;
! }
!
!
! }
! }
!
! #endif /* USE_IP_FILTER */
while (argc > 1) {
argc--;
argv++;
***************
*** 870,877 ****
syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
sprintf(ebuf,"Trying %s port %d...",namp,port);
! if(say(0,ebuf))
! return(1);
} else
syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
--- 906,920 ----
syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp);
sprintf(ebuf,"Trying %s port %d...",namp,port);
! #ifdef USE_IP_FILTER
! if(!do_transparent) {
! sprintf(ebuf,"Trying %s port %d...",namp,port);
! #endif
! if(say(0,ebuf))
! return(1);
! #ifdef USE_IP_FILTER
! }
! #endif
} else
syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]);
***************
*** 903,910 ****
syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
strncpy(dest,av[1], 511);
! sprintf(buf, "Connected to %s.", dest);
say(0, buf);
return(2);
}
--- 946,959 ----
syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]);
strncpy(dest,av[1], 511);
! #ifdef USE_IP_FILTER
! if(!do_transparent) {
! sprintf(buf, "Connected to %s.", dest);
! say(0, buf);
! }
! #else
say(0, buf);
+ #endif
return(2);
}
diff -cr ../TIS.orig/fwtk/x-gw/socket.c fwtk/x-gw/socket.c
*** ../TIS.orig/fwtk/x-gw/socket.c Sat Sep 7 05:16:35 1996
--- fwtk/x-gw/socket.c Sun Feb 2 05:26:44 1997
***************
*** 212,218 ****
case AF_UNIX: un_name = (struct sockaddr_un *)addr;
len = sizeof(un_name->sun_family) +
sizeof(un_name->sun_path)
! #ifdef SCM_RIGHTS /* 4.3BSD Reno and later */
+ sizeof(un_name->sun_len) + 1
#endif
;
--- 212,218 ----
case AF_UNIX: un_name = (struct sockaddr_un *)addr;
len = sizeof(un_name->sun_family) +
sizeof(un_name->sun_path)
! #if defined(SCM_RIGHTS) && !defined(LINUX)/* 4.3BSD Reno and later */
+ sizeof(un_name->sun_len) + 1
#endif
;
Only in fwtk/x-gw: socket.c.bak
Reference in New Issue View Git Blame Copy Permalink