git: ee680288bc87 - stable/13 - ipfilter: MSN RPC proxy is not complete
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 21 Dec 2021 23:35:29 UTC
The branch stable/13 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=ee680288bc879fad0ef261430dc8518b0a9eccba commit ee680288bc879fad0ef261430dc8518b0a9eccba Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2021-12-16 00:08:11 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2021-12-21 23:34:41 +0000 ipfilter: MSN RPC proxy is not complete The MSN RPC proxy is incomplete and does not do any address translation. Remove it. (cherry picked from commit c610426c4deeaa80ad86d8177e7c0b7680104dc7) --- contrib/ipfilter/ip_msnrpc_pxy.c | 328 --------------------------------------- 1 file changed, 328 deletions(-) diff --git a/contrib/ipfilter/ip_msnrpc_pxy.c b/contrib/ipfilter/ip_msnrpc_pxy.c deleted file mode 100644 index 9cddd398edde..000000000000 --- a/contrib/ipfilter/ip_msnrpc_pxy.c +++ /dev/null @@ -1,328 +0,0 @@ -/* $FreeBSD$ */ - -/* - * Copyright (C) 2000-2003 by Darren Reed - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * Simple DCE transparent proxy for MSN RPC. - * - * ******* NOTE: THIS PROXY DOES NOT DO ADDRESS TRANSLATION ******** - * - * Id: ip_msnrpc_pxy.c,v 2.17.2.1 2005/02/04 10:22:55 darrenr Exp - */ - -#define IPF_MSNRPC_PROXY - -#define IPF_MINMSNRPCLEN 24 -#define IPF_MSNRPCSKIP (2 + 19 + 2 + 2 + 2 + 19 + 2 + 2) - - -typedef struct msnrpchdr { - u_char mrh_major; /* major # == 5 */ - u_char mrh_minor; /* minor # == 0 */ - u_char mrh_type; - u_char mrh_flags; - u_32_t mrh_endian; - u_short mrh_dlen; /* data size */ - u_short mrh_alen; /* authentication length */ - u_32_t mrh_cid; /* call identifier */ - u_32_t mrh_hint; /* allocation hint */ - u_short mrh_ctxt; /* presentation context hint */ - u_char mrh_ccnt; /* cancel count */ - u_char mrh_ans; -} msnrpchdr_t; - -int ippr_msnrpc_init(void); -void ippr_msnrpc_fini(void); -int ippr_msnrpc_new(fr_info_t *, ap_session_t *, nat_t *); -int ippr_msnrpc_out(fr_info_t *, ap_session_t *, nat_t *); -int ippr_msnrpc_in(fr_info_t *, ap_session_t *, nat_t *); -int ippr_msnrpc_check(ip_t *, msnrpchdr_t *); - -static frentry_t msnfr; - -int msn_proxy_init = 0; - -/* - * Initialize local structures. - */ -int ippr_msnrpc_init() -{ - bzero((char *)&msnfr, sizeof(msnfr)); - msnfr.fr_ref = 1; - msnfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE; - MUTEX_INIT(&msnfr.fr_lock, "MSN RPC proxy rule lock"); - msn_proxy_init = 1; - - return 0; -} - - -void ippr_msnrpc_fini() -{ - if (msn_proxy_init == 1) { - MUTEX_DESTROY(&msnfr.fr_lock); - msn_proxy_init = 0; - } -} - - -int ippr_msnrpc_new(fin, aps, nat) -fr_info_t *fin; -ap_session_t *aps; -nat_t *nat; -{ - msnrpcinfo_t *mri; - - KMALLOC(mri, msnrpcinfo_t *); - if (mri == NULL) - return -1; - aps->aps_data = mri; - aps->aps_psiz = sizeof(msnrpcinfo_t); - - bzero((char *)mri, sizeof(*mri)); - mri->mri_cmd[0] = 0xff; - mri->mri_cmd[1] = 0xff; - return 0; -} - - -int ippr_msnrpc_check(ip, mrh) -ip_t *ip; -msnrpchdr_t *mrh; -{ - if (mrh->mrh_major != 5) - return -1; - if (mrh->mrh_minor != 0) - return -1; - if (mrh->mrh_alen != 0) - return -1; - if (mrh->mrh_endian == 0x10) { - /* Both gateway and packet match endian */ - if (mrh->mrh_dlen > ip->ip_len) - return -1; - if (mrh->mrh_type == 0 || mrh->mrh_type == 2) - if (mrh->mrh_hint > ip->ip_len) - return -1; - } else if (mrh->mrh_endian == 0x10000000) { - /* XXX - Endian mismatch - should be swapping! */ - return -1; - } else { - return -1; - } - return 0; -} - - -int ippr_msnrpc_out(fin, ip, aps, nat) -fr_info_t *fin; -ip_t *ip; -ap_session_t *aps; -nat_t *nat; -{ - msnrpcinfo_t *mri; - msnrpchdr_t *mrh; - tcphdr_t *tcp; - int dlen; - - mri = aps->aps_data; - if (mri == NULL) - return 0; - - tcp = (tcphdr_t *)fin->fin_dp; - dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2); - if (dlen < IPF_MINMSNRPCLEN) - return 0; - - mrh = (msnrpchdr_t *)((char *)tcp + (TCP_OFF(tcp) << 2)); - if (ippr_msnrpc_check(ip, mrh)) - return 0; - - mri->mri_valid++; - - switch (mrh->mrh_type) - { - case 0x0b : /* BIND */ - case 0x00 : /* REQUEST */ - break; - case 0x0c : /* BIND ACK */ - case 0x02 : /* RESPONSE */ - default: - return 0; - } - mri->mri_cmd[1] = mrh->mrh_type; - return 0; -} - - -int ippr_msnrpc_in(fin, ip, aps, nat) -fr_info_t *fin; -ip_t *ip; -ap_session_t *aps; -nat_t *nat; -{ - tcphdr_t *tcp, tcph, *tcp2 = &tcph; - int dlen, sz, sz2, i; - msnrpcinfo_t *mri; - msnrpchdr_t *mrh; - fr_info_t fi; - u_short len; - char *s; - - mri = aps->aps_data; - if (mri == NULL) - return 0; - tcp = (tcphdr_t *)fin->fin_dp; - dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2); - if (dlen < IPF_MINMSNRPCLEN) - return 0; - - mrh = (msnrpchdr_t *)((char *)tcp + (TCP_OFF(tcp) << 2)); - if (ippr_msnrpc_check(ip, mrh)) - return 0; - - mri->mri_valid++; - - switch (mrh->mrh_type) - { - case 0x0c : /* BIND ACK */ - if (mri->mri_cmd[1] != 0x0b) - return 0; - break; - case 0x02 : /* RESPONSE */ - if (mri->mri_cmd[1] != 0x00) - return 0; - break; - case 0x0b : /* BIND */ - case 0x00 : /* REQUEST */ - default: - return 0; - } - mri->mri_cmd[0] = mrh->mrh_type; - dlen -= sizeof(*mrh); - - /* - * Only processes RESPONSE's - */ - if (mrh->mrh_type != 0x02) - return 0; - - /* - * Skip over some bytes...what are these really ? - */ - if (dlen <= 44) - return 0; - s = (char *)(mrh + 1) + 20; - dlen -= 20; - bcopy(s, (char *)&len, sizeof(len)); - if (len == 1) { - s += 20; - dlen -= 20; - } else if (len == 2) { - s += 24; - dlen -= 24; - } else - return 0; - - if (dlen <= 10) - return 0; - dlen -= 10; - bcopy(s, (char *)&sz, sizeof(sz)); - s += sizeof(sz); - bcopy(s, (char *)&sz2, sizeof(sz2)); - s += sizeof(sz2); - if (sz2 != sz) - return 0; - if (sz > dlen) - return 0; - if (*s++ != 5) - return 0; - if (*s++ != 0) - return 0; - sz -= IPF_MSNRPCSKIP; - s += IPF_MSNRPCSKIP; - dlen -= IPF_MSNRPCSKIP; - - do { - if (sz < 7 || dlen < 7) - break; - bcopy(s, (char *)&len, sizeof(len)); - if (dlen < len) - break; - if (sz < len) - break; - - if (len != 1) - break; - sz -= 3; - i = *(s + 2); - s += 3; - dlen -= 3; - - bcopy(s, (char *)&len, sizeof(len)); - if (dlen < len) - break; - if (sz < len) - break; - s += sizeof(len); - - switch (i) - { - case 7 : - if (len == 2) { - bcopy(s, (char *)&mri->mri_rport, 2); - mri->mri_flags |= 1; - } - break; - case 9 : - if (len == 4) { - bcopy(s, (char *)&mri->mri_raddr, 4); - mri->mri_flags |= 2; - } - break; - default : - break; - } - sz -= len; - s += len; - dlen -= len; - } while (sz > 0); - - if (mri->mri_flags == 3) { - int slen; - - bcopy((char *)fin, (char *)&fi, sizeof(fi)); - bzero((char *)tcp2, sizeof(*tcp2)); - - slen = ip->ip_len; - ip->ip_len = fin->fin_hlen + sizeof(*tcp2); - bcopy((char *)fin, (char *)&fi, sizeof(fi)); - bzero((char *)tcp2, sizeof(*tcp2)); - tcp2->th_win = htons(8192); - TCP_OFF_A(tcp2, 5); - fi.fin_data[0] = htons(mri->mri_rport); - tcp2->th_sport = mri->mri_rport; - fi.fin_data[1] = 0; - tcp2->th_dport = 0; - fi.fin_state = NULL; - fi.fin_nat = NULL; - fi.fin_dlen = sizeof(*tcp2); - fi.fin_plen = fi.fin_hlen + sizeof(*tcp2); - fi.fin_dp = (char *)tcp2; - fi.fin_fi.fi_daddr = ip->ip_dst.s_addr; - fi.fin_fi.fi_saddr = mri->mri_raddr.s_addr; - if (!fi.fin_fr) - fi.fin_fr = &msnfr; - if (fr_stlookup(&fi, NULL, NULL)) { - RWLOCK_EXIT(&ipf_state); - } else { - (void) fr_addstate(&fi, NULL, SI_W_DPORT|SI_CLONE); - if (fi.fin_state != NULL) - fr_statederef(&fi, (ipstate_t **)&fi.fin_state); - } - ip->ip_len = slen; - } - mri->mri_flags = 0; - return 0; -}