Brief history of changes made to this software: Feb 21 - Nov 5, 1994 - Fixes to V1.2 ------------------------------------- Added DISCLAIMER -- READ it. Added much better header parsing code to smapd (by Wietse Venema) Added http proxy Added X-windows gateway, and x-gw option in tn-gw and rlogin-gw Took out the "loghost" option in syslog.c Modified smapd to do more sensible things with its queue. It will now keep a limited number of children going at a time, and will not completely bury the system on startup after a delay. Fixed netperm-table reading code to handle all blank lines. Fixed timeout code in ftp-gw to be more forgiving of systems that decrement the passed timeout value. Revamping of Makefiles to include a master Makefile.config. Please see comments in Makefile.config. Added ip-options detection based on 4.4bsd sources for rlogind. Moved the "struct direct" configuration option for smapd into firewall.h -- see the comments near where it says DIRECT_STRUCT Added improved(I hope!) options negotiation that works better with TN3270 and other telnet clients. Added checksum printing code to snkkey.c Moved the smapd compile directive to scan for bad addresses to firewall.h -- see the comments near where it says SMAPD_SCANBADADDR Clarifications: system log entries now are tagged with relevance strings for sorting and searching. If the system log entry contains the word: "securityalert" -- it's probably something you want to know about "fwtkcfgerr" -- a firewall toolkit component thinks it is misconfiged "fwtksyserr" -- something in how the fwtk uses the O/S failed in a mission-critical way Using facilities and levels would be easier but this guarantees that other system alerts won't clash with toolkit notices. Changed Makefiles to rely on top-level FLAGS and AUXLIBS parameters. This makes it easier to add global system libraries such as -lresolv or -lsocket, etc. Updated README Fixed ordering bug in search for permitted destinations in cmd_passthrough() of ftp-gw Fixed byte count not getting updated by tn-gw when in raw mode Fix to reset curbytes and currecip in smap upon start of new message body (DATA command) Added FWTK_VERSION string to firewall.h and included a reference to it in lib/config.c, which is linked into just about all components of the toolkit. Do a: strings file | grep -i toolkit to extract it Fixed minor pointer problem with "localhost" mapping in ftp-gw Added deny connect logging to tn/rlogin/ftpgw Added ftp-gw summarizer Fixed minor problem in auth/db.c where it failed to check for an already closed db in authload Added authdump and authload to "make install" target for auth Fixed loop drop-out in tn-gw where it failed to let you change your s/key password [Remy.Giraud@meteo.fr] Modified ftp-gw to exit and log an error if given improper configuration options. Made authsrv log at LFAC instead of LOG_USER S/key challenge now uses spaces instead of quotes, for termkey users. (nmh@thumper.bellcore.com) Revampment of reporting scripts in tools/admin/reporting Oct 29, 1993 - Feb 17, 1994 - Fixes to V1.1 ------------------------------------------- Added a general purpose routine for setting out of band signalling (HP/UX and SunOs do it differently). See firewall.h *updated* user's guide, admin guide, and overview slightly. Support rand() interface for systems too crippled to use random() Changed mapu() to better named mapuid() and added ability to set group values as well. Included AIX authentication module to talk to auth server. (Morten.Hermanrud@ibmuio.uio.no) Added support for Enigma Logics Silver Card. (AUTHPROTO_ENIGMA) Updated version numbers in rlogin-gw, smap, tn-gw, ftp-gw. Changed smapd to fopen() files with "r+" -- System V file locking requires [at least on SCO] seekability on the file. smap does not share this problem if using the provided version on mkstemp(). Removed unnecessary berklisms (fchmod and ftruncate) from smap in an attempt to make it more agreeable to sysV machines. Fixed minor oversight in options processing in oktotalkto() in tn-gw Fixed array offset bug in stash_option in tn-gw Fixed "password" length compares in source and docs Added update to securid client side to work with latest ACE software Fixed ftpd to not permit users without password entries to attempt to login Added hook into ftp-gw to check for command argument to treat as a username. This, combined with an ftpd that supports it permits ftpd to exec the ftp-gw if it finds an '@' in the user name. Added changes to the user() command in the ftpd in tools/server/ftpd Added "user@" through proxy to explicitly mean "localhost" Added logic to strip first null byte if first byte is null going through telnet proxy. This appears to be a bug in some versions of telnet, but the exact nature of it remains unknown. The null byte was confusing to some telnet servers, so this appears to be an effective, inexpensive, though somewhat ad hoc patch. Fixed login-sh to set $SHELL environment variable Removed truncation bug in tn-gw that chopped long destination names at 20 chars Fixed an exit(1) in login-sh that should have been return(1) Added welcome banner to rlogin-gw Oct 22-29, 1993 - Fixes to V1.0 ------------------------------- Fixed synchronization problem with how FTP proxy talks to the authentication server. Changed all proxies that use authentication (rlogin-gw, tn-gw, ftp-gw) to exit if they have an incorrectly configured option. This was deemed proper, since if someone wants to configure authentication, and doesn't get the syntax correct, the proxy should fail to work at all, rather than working without using authentication. Changed rlogin-gw to reset local user identity to whomever the user authenticated as, if using authentication server. Fixed local/global declaration of confp in crypto/cliio.c Re-arranged parameter order for password command in authsrv to match order of other commands. Somewhat beefed up diagnostic messages. Major revamping of how tn-gw lies to the client. No more timers and all that stuff. I don't know why I didn't think of doing it this way before. Works lots better. Made the FTP proxy a little more flexible in its handling of responses to challenges. It turns out that challenges with whitespace in them make some FTP clients unhappy, which raised all manner of quoting issues. Made FTP proxy handle "USER" command more sensibly with authentication, to replace the somewhat awkward "quote auth user" approach. Updated docs. Added words on rlogin proxy to user's guide. Adjusted man pages. Removed logentry and logfile options from smap and netacl. Everything should use one logging mechanism: syslog. Fixed return() that should have been continue; in login-sh, which caused it to exit on comments. Fixed handling of "baddir" in smapd. Changed auth server issuance of bogus challenge to be optional. This means that the auth server protocol now must recognize that the responses to an "authenticate username" may now be: password challenge challengestring Where the other text is some form of error message. This change was reflected in tn-gw, rlogin-gw, ftp-gw, ftpd, and login-sh as well as the documentation. Added comment to auth protocol, to permit proxies to give better logging information to the server. Now all proxies send: "authorize username 'comment'" which is logged. This entailed changes to authsrv and all clients. Change is backwards compatible with existing code. Added out of band signal support to rlogin-gw so that window size changes now propagate correctly. Note that some systems without fcntl F_SETOWN will now have to adapt code. Added hooks to drop tn-gw into a "raw" mode when talking to non-telnet ports through the proxy. This works OK with many versions of telnet but some do not function properly because they are broken in the first place (Sun's PC-NFS telnet client doesn't map cr/lf right) smapd's notion of where the sendmail executable resides is now configurable. Fixed offset bug in -dest !hosts in tn/ftp/rlogin-gw and documented the '!' hosts feature (which was present but broken and undocumented in V1.0) Added more sample config files to config, including some samples from TIS' bastion host. Changed smap/smapd to no longer operate on publicly readable files. Added a sleep timeout to authentication failures (see "badsleep" in the man page for authsrv. Instead of locking a user account permanently, by configuring badsleep, you can disable account locking, or set it to a 5 minute (or whatever) lockout. Added "SCANBADADDR" option to smapd. If this is configured in the smapd makefile, it will perform a draconian translation of all '|' characters found in the message envelope (not header) to '#' characters. Fixed a bug in how "unknown" was processed. Fixed conn.c to check rbuf != null, which caused a core dump. :(