Well, here it is, a nice secure proxy program for fingering through a firewall.
You see, most clients don't like the finger @
host@gateway syntax, at least
sun's clients don't. This one takes input as "finger user%hostname .
foo @
gateway"
----
General release info: I'll give limited support on this. It's for the TIS firewall
package, and it gets called from netacl / inetd.
Distribution: Imagine it's a GNU utility with a catch: You can't make money off this
code. Don't distribute it for cash. Information wants to be free, and your site wnats
to be secure.
----
***
finger-gw.c
#include <stdio.h>
/* Finger Client Proxy,
*
* %A% %G% %T% J. Adams
*
* John Adams, jna @
concorde .
com
*
* This is a proxy for performing outgoing fingers. It was written mostly
* out of frustration in that 90% of finger clients don't support the
* user @
host@firewall syntax.
*
* See the 'Configuration' Section before you compile this program.
*
*--------------------------------------------------------------------------
* Add the lines below to your /etc/netperm-table file to enable this proxy.
* replace <your_net> with your net's IP address.
*--------------------------------------------------------------------------*/
/*
# Locals get the proxy
netacl-in.fingerd: permit-hosts <your_net> -exec /home/fwtk-1.3/bin/finger-gw
# Send a nasty note to outsiders
netacl-in.fingerd: permit-hosts * -exec /bin/cat /home/fwtk-1.3/txt/finger.txt
*/
/*--------------------------------------------------------------------------
* Users can use this gateway in the form of
* finger user%host@<firewall>
* -or- finger %host@<firewall>
*--------------------------------------------------------------------------*/
/*------------------------------*/
/* Configuration */
/*------------------------------*/
/* the name of your firewall machine */
#define FIREWALL "stargate.concorde.com"
/* Where finger really is (a client on the firewall, not the daemon) */
/* you must put the program name at the end. it's mandatory for execl() */
#define FINGER_DIR "/usr/ucb/finger"
/* The name of the finger program */
#define FINGER_PGM "finger"
/* we don't let people finger out with these characters, they might be
* hack attempts to gain a shell on the firewall. Add more if you like.
*/
const char badchars[] = "*()!\"\'^`";
/*------Okay, the rest is up to the program. Enjoy...----------------------*/
void main()
{
/* permitting hosts and everything else should be provided for in
* the netperm-table by using netacl.
*
*/
char input[255];
int i,x;
int state = 0; /* 1 = got a good address, 0 = did not. */
/* the site gets one chance to give us some information. anything else
* and it's probably an annoying user trying to hack the port
*/
gets(&input);
if (input[0] == EOF)
exit(0);
/* chop wierd characters off the end and change % to @ */
for (i = strlen(input)-1; i != -1; i--)
{
if (input[i] == '\n' || input[i] == '\r')
{
input[i] = '\0';
}
for (x = strlen(badchars)-1 ; x != -1; x--)
{
if (input[i] == badchars[x])
{
printf("\n\rInvalid characters in finger request. Try again...\n\r");
exit(0);
}
}
if (input[i] == '%')
{
state = 1;
input[i] = '@';
}
}
if (state == 0)
{
fprintf(stdout,"finger_gw: Invalid Usage.\r\n\r\n");
fprintf(stdout," To finger hosts outside of our firewall, please type:\r\n\r\n");
fprintf(stdout," finger <username>%%<outside machine>@%s\r\n\r\n",FIREWALL);
fprintf(stdout,"For Example: finger user%%host .
com @
%s\r\n");
fprintf(stdout," -or- finger %%host .
com @
%s\r\n\r\n",FIREWALL,FIREWALL);
/* abandon ship */
fflush(stdout);
sleep(1);
exit(0);
}
/* say hello */
fprintf(stdout,"[Proxy Gateway opening for 'finger %s']\n\r",input);
fflush(stdout);
sleep(1);
/* Run Finger */
(void) execl(FINGER_DIR,FINGER_PGM, input, (char *) 0);
};
Follow-Ups:
|
|
