Article delegate-en/854 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A849@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Antivirus + Delegate: How to filter ftp dtp connection?
03 Jul 2000 07:31:29 GMT ysato@etl.go.jp (Yutaka Sato)


Hi,

On 06/27/00(19:36) you "Juri Hoerner" <pkabqbdyi-bfkmicdyir3r.ml@ml.delegate.org> wrote
in <_A849@delegate-en.ML_>
 |previous question is already clear, it works.
 |Next question. I try to integrate an antivirus program and have to be able
 |to check downloaded files. How can I get access to DTP connection with
 |CFI interface (or something else). All what I have now, is a control
 |connection dialog.

You can apply a filter program to each data connection by specifying
a CFI script with FTOCL (or FTOSV for upload) parameter.

But the specified filter is applied both to the control connection
and data connections; there was no way to apply a filter only to
data connections.  Thus I introduced a directive of CFI-script like
  Server-Protocol: ftp-data
which make the CFI-rule be applied only to data connection.
With enclosed patch applied to DeleGate/6.1.16, you can use it as
follows for example:

  #!cfi
  Server-Protocol: ftp-data
  Filter: yourFilterCommand

Cheers,
Yutaka
--
Yutaka Sato <ysato@etl.go.jp> http://www.etl.go.jp/~ysato/   @ @ 
Computer Science Division, Electrotechnical Laboratory      ( - )
1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan            _<   >_


diff -cr 6116/filters/cfi.c ./filters/cfi.c
*** 6116/filters/cfi.c	Tue Apr 25 14:48:16 2000
--- ./filters/cfi.c	Mon Jul  3 15:23:20 2000
***************
*** 156,161 ****
--- 156,162 ----
  	char orequest[2048],iourl[2048];
  	char rver[256],rstat[256];
  	char clhost[256],svhost[256];
+ 	char clproto[256],svproto[256];
  	int top;
  	char *spec1,*np;
  
***************
*** 173,179 ****
--- 174,182 ----
  	getFV(head,"Content-Type",ictype);
  	getFV(head,"Content-Encoding",iencode);
  	getFV(conninfo,"Client-Host",clhost);
+ 	getFV(conninfo,"Client-Protocol",clproto);
  	getFV(conninfo,"Server-Host",svhost);
+ 	getFV(conninfo,"Server-Protocol",svproto);
  
  	getFV(head,"From",from);
  	
***************
*** 216,222 ****
--- 219,227 ----
  		if( !matchFields(spec1,"Res-Version",rver) ) continue;
  		if( !matchFields(spec1,"Res-Status",rstat) ) continue;
  		if( !matchFields(spec1,"Client-Host",clhost) ) continue;
+ 		if( !matchFields(spec1,"Client-Protocol",clproto) ) continue;
  		if( !matchFields(spec1,"Server-Host",svhost) ) continue;
+ 		if( !matchFields(spec1,"Server-Protocol",svproto) ) continue;
  		if( !matchFields(spec1,"From",from) ) continue;
  
  		sv1vlog("///////// MATCHED //////////\n");
diff -cr 6116/src/conf.c ./src/conf.c
*** 6116/src/conf.c	Tue Jun 27 13:26:46 2000
--- ./src/conf.c	Mon Jul  3 15:20:33 2000
***************
*** 555,560 ****
--- 555,561 ----
  	sp = conninfo;
  	proto = DFLT_PROTO;
  	sp = Sprintf(sp,"Client-Protocol: %s\n",proto);
+ 	sp = Sprintf(sp,"Server-Protocol: %s\n",REAL_PROTO);
  
  	sp = strfConn(Conn,"Client-User-Ident: %u\n",sp);
  	sp = strfConn(Conn,"Client-Host: %h\n",sp);
diff -cr 6116/src/filter.c ./src/filter.c
*** 6116/src/filter.c	Fri Jun 23 13:37:28 2000
--- ./src/filter.c	Mon Jul  3 16:13:23 2000
***************
*** 576,581 ****
--- 576,582 ----
  	char *what,*pathcom;
  {	char execpath[1024],*av[128],argb[1024];
  	char *command;
+ 	int ac;
  
  	/*
  	 * if in "[execpath]command" but with some shell syntax in command,
***************
*** 589,594 ****
--- 590,614 ----
  	if( command == 0 )
  		command = pathcom;
  
+ 	ac = decomp_args(av,128,command,argb);
+ 	if( streq(what,"XCOM") ){
+ 		if( strcaseeq(av[0],"-dping") ){
+ 			dping_main(ac,av);
+ 			Finish(0);
+ 		}
+ 		if( !INHERENT_fork() ){
+ 			if( *pathcom == '[' )
+ 				scanComArg(pathcom,execpath,av,128,argb);
+ 			else	strcpy(execpath,av[0]);
+ 
+ 			/* use spawn to inherit socket descriptors ... */
+ 			setclientsock(1);
+ 			SpawnvpDirenv(what,execpath,av);
+ 			wait(0);
+ 			Finish(0);
+ 		}
+ 	}
+ 
  	if( strpbrk(command,"\r\n|()[]<>{}:;") )
  		Finish(system(command));
  	else
***************
*** 1388,1399 ****
  		command = xcommand;
  
  	fflush(out);
! 	if( ready_cc(in) <= 0 ){
  		sv1log("systemFilter: %s\n",command);
! 		fdi = dup(fileno(in));
! 		fdo = dup(fileno(out));
! 		fd0 = dup(0); dup2(fdi,0); close(fdi);
! 		fd1 = dup(1); dup2(fdo,1); close(fdo);
  		code = system(command);
  		dup2(fd0,0); close(fd0);
  		dup2(fd1,1); close(fd1);
--- 1408,1418 ----
  		command = xcommand;
  
  	fflush(out);
! 	if( ready_cc(in) <= 0 )
! 	if( setCloseOnExec(fileno(out)) == 0 ){
  		sv1log("systemFilter: %s\n",command);
! 		fd0 = dup(0); dup2(fileno(in),0);
! 		fd1 = dup(1); dup2(fileno(out),1);
  		code = system(command);
  		dup2(fd0,0); close(fd0);
  		dup2(fd1,1); close(fd1);
diff -cr 6116/src/ftp.c ./src/ftp.c
*** 6116/src/ftp.c	Wed Jun 28 11:57:35 2000
--- ./src/ftp.c	Mon Jul  3 15:19:56 2000
***************
*** 2303,2308 ****
--- 2303,2309 ----
  	char *reason;
  	extern int IO_TIMEOUT;
  	int fromcache;
+ 	char xproto[64];
  
  	size = sizeof(buff);
  
***************
*** 2318,2329 ****
--- 2319,2333 ----
  	xc = 0;
  	Verbose("FTP data-relay(%d,%d): bufsize=%d\n",src,dst,size);
  
+ 	strcpy(xproto,REAL_PROTO);
+ 	strcpy(REAL_PROTO,"ftp-data");
  	odst = dst;
  	if( tosv != 0 && filter_withCFI(Conn,XF_FTOSV) )
  		dst = insertFTOSV(Conn,dst,src,NULL);
  	else
  	if( tosv == 0 && filter_withCFI(Conn,XF_FTOCL) )
  		dst = insertFTOCL(Conn,dst,src,NULL);
+ 	strcpy(REAL_PROTO,xproto);
  
  	Start = Time();
  	niced = 0;

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V