search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ugensa(4): Fix handling of Huawei modems.
[dragonfly.git] / libexec / telnetd / state.c
blobd4547fa3f1a272bd0d7c599188abc34949b01820
1 /*
2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 * @(#)state.c 8.5 (Berkeley) 5/30/95
34 * $FreeBSD: src/libexec/telnetd/state.c,v 1.9.2.4 2002/04/13 11:07:12 markm Exp $
35 * $DragonFly: src/libexec/telnetd/state.c,v 1.3 2006/01/12 13:43:10 corecode Exp $
36 */
37
38 #include <stdarg.h>
39 #include "telnetd.h"
40
41 static int envvarok(char *);
42
43 unsigned char doopt[] = { IAC, DO, '%', 'c', 0 };
44 unsigned char dont[] = { IAC, DONT, '%', 'c', 0 };
45 unsigned char will[] = { IAC, WILL, '%', 'c', 0 };
46 unsigned char wont[] = { IAC, WONT, '%', 'c', 0 };
47 int not42 = 1;
48
49 /*
50 * Buffer for sub-options, and macros
51 * for suboptions buffer manipulations
52 */
53 unsigned char subbuffer[512], *subpointer= subbuffer, *subend= subbuffer;
54
55 #define SB_CLEAR() subpointer = subbuffer
56 #define SB_TERM() { subend = subpointer; SB_CLEAR(); }
57 #define SB_ACCUM(c) if (subpointer < (subbuffer+sizeof subbuffer)) { \
58 *subpointer++ = (c); \
59 }
60 #define SB_GET() ((*subpointer++)&0xff)
61 #define SB_EOF() (subpointer >= subend)
62 #define SB_LEN() (subend - subpointer)
63
64 #ifdef ENV_HACK
65 unsigned char *subsave;
66 #define SB_SAVE() subsave = subpointer;
67 #define SB_RESTORE() subpointer = subsave;
68 #endif
69
70
71 /*
72 * State for recv fsm
73 */
74 #define TS_DATA 0 /* base state */
75 #define TS_IAC 1 /* look for double IAC's */
76 #define TS_CR 2 /* CR-LF ->'s CR */
77 #define TS_SB 3 /* throw away begin's... */
78 #define TS_SE 4 /* ...end's (suboption negotiation) */
79 #define TS_WILL 5 /* will option negotiation */
80 #define TS_WONT 6 /* wont " */
81 #define TS_DO 7 /* do " */
82 #define TS_DONT 8 /* dont " */
83
84 static void doclientstat(void);
85
86 void
87 telrcv(void)
88 {
89 int c;
90 static int state = TS_DATA;
91
92 while (ncc > 0) {
93 if ((&ptyobuf[BUFSIZ] - pfrontp) < 2)
94 break;
95 c = *netip++ & 0377, ncc--;
96 switch (state) {
97
98 case TS_CR:
99 state = TS_DATA;
100 /* Strip off \n or \0 after a \r */
101 if ((c == 0) || (c == '\n')) {
102 break;
103 }
104 /* FALL THROUGH */
105
106 case TS_DATA:
107 if (c == IAC) {
108 state = TS_IAC;
109 break;
110 }
111 /*
112 * We now map \r\n ==> \r for pragmatic reasons.
113 * Many client implementations send \r\n when
114 * the user hits the CarriageReturn key.
115 *
116 * We USED to map \r\n ==> \n, since \r\n says
117 * that we want to be in column 1 of the next
118 * printable line, and \n is the standard
119 * unix way of saying that (\r is only good
120 * if CRMOD is set, which it normally is).
121 */
122 if ((c == '\r') && his_state_is_wont(TELOPT_BINARY)) {
123 int nc = *netip;
124 #ifdef LINEMODE
125 /*
126 * If we are operating in linemode,
127 * convert to local end-of-line.
128 */
129 if (linemode && (ncc > 0) && (('\n' == nc) ||
130 ((0 == nc) && tty_iscrnl())) ) {
131 netip++; ncc--;
132 c = '\n';
133 } else
134 #endif
135 {
136 state = TS_CR;
137 }
138 }
139 *pfrontp++ = c;
140 break;
141
142 case TS_IAC:
143 gotiac: switch (c) {
144
145 /*
146 * Send the process on the pty side an
147 * interrupt. Do this with a NULL or
148 * interrupt char; depending on the tty mode.
149 */
150 case IP:
151 DIAG(TD_OPTIONS,
152 printoption("td: recv IAC", c));
153 interrupt();
154 break;
155
156 case BREAK:
157 DIAG(TD_OPTIONS,
158 printoption("td: recv IAC", c));
159 sendbrk();
160 break;
161
162 /*
163 * Are You There?
164 */
165 case AYT:
166 DIAG(TD_OPTIONS,
167 printoption("td: recv IAC", c));
168 recv_ayt();
169 break;
170
171 /*
172 * Abort Output
173 */
174 case AO:
175 {
176 DIAG(TD_OPTIONS,
177 printoption("td: recv IAC", c));
178 ptyflush(); /* half-hearted */
179 init_termbuf();
180
181 if (slctab[SLC_AO].sptr &&
182 *slctab[SLC_AO].sptr != (cc_t)(_POSIX_VDISABLE)) {
183 *pfrontp++ =
184 (unsigned char)*slctab[SLC_AO].sptr;
185 }
186
187 netclear(); /* clear buffer back */
188 output_data("%c%c", IAC, DM);
189 neturg = nfrontp-1; /* off by one XXX */
190 DIAG(TD_OPTIONS,
191 printoption("td: send IAC", DM));
192 break;
193 }
194
195 /*
196 * Erase Character and
197 * Erase Line
198 */
199 case EC:
200 case EL:
201 {
202 cc_t ch;
203
204 DIAG(TD_OPTIONS,
205 printoption("td: recv IAC", c));
206 ptyflush(); /* half-hearted */
207 init_termbuf();
208 if (c == EC)
209 ch = *slctab[SLC_EC].sptr;
210 else
211 ch = *slctab[SLC_EL].sptr;
212 if (ch != (cc_t)(_POSIX_VDISABLE))
213 *pfrontp++ = (unsigned char)ch;
214 break;
215 }
216
217 /*
218 * Check for urgent data...
219 */
220 case DM:
221 DIAG(TD_OPTIONS,
222 printoption("td: recv IAC", c));
223 SYNCHing = stilloob(net);
224 settimer(gotDM);
225 break;
226
227
228 /*
229 * Begin option subnegotiation...
230 */
231 case SB:
232 state = TS_SB;
233 SB_CLEAR();
234 continue;
235
236 case WILL:
237 state = TS_WILL;
238 continue;
239
240 case WONT:
241 state = TS_WONT;
242 continue;
243
244 case DO:
245 state = TS_DO;
246 continue;
247
248 case DONT:
249 state = TS_DONT;
250 continue;
251 case EOR:
252 if (his_state_is_will(TELOPT_EOR))
253 doeof();
254 break;
255
256 /*
257 * Handle RFC 10xx Telnet linemode option additions
258 * to command stream (EOF, SUSP, ABORT).
259 */
260 case xEOF:
261 doeof();
262 break;
263
264 case SUSP:
265 sendsusp();
266 break;
267
268 case ABORT:
269 sendbrk();
270 break;
271
272 case IAC:
273 *pfrontp++ = c;
274 break;
275 }
276 state = TS_DATA;
277 break;
278
279 case TS_SB:
280 if (c == IAC) {
281 state = TS_SE;
282 } else {
283 SB_ACCUM(c);
284 }
285 break;
286
287 case TS_SE:
288 if (c != SE) {
289 if (c != IAC) {
290 /*
291 * bad form of suboption negotiation.
292 * handle it in such a way as to avoid
293 * damage to local state. Parse
294 * suboption buffer found so far,
295 * then treat remaining stream as
296 * another command sequence.
297 */
298
299 /* for DIAGNOSTICS */
300 SB_ACCUM(IAC);
301 SB_ACCUM(c);
302 subpointer -= 2;
303
304 SB_TERM();
305 suboption();
306 state = TS_IAC;
307 goto gotiac;
308 }
309 SB_ACCUM(c);
310 state = TS_SB;
311 } else {
312 /* for DIAGNOSTICS */
313 SB_ACCUM(IAC);
314 SB_ACCUM(SE);
315 subpointer -= 2;
316
317 SB_TERM();
318 suboption(); /* handle sub-option */
319 state = TS_DATA;
320 }
321 break;
322
323 case TS_WILL:
324 willoption(c);
325 state = TS_DATA;
326 continue;
327
328 case TS_WONT:
329 wontoption(c);
330 state = TS_DATA;
331 continue;
332
333 case TS_DO:
334 dooption(c);
335 state = TS_DATA;
336 continue;
337
338 case TS_DONT:
339 dontoption(c);
340 state = TS_DATA;
341 continue;
342
343 default:
344 syslog(LOG_ERR, "panic state=%d", state);
345 printf("telnetd: panic state=%d\n", state);
346 exit(1);
347 }
348 }
349 } /* end of telrcv */
350
351 /*
352 * The will/wont/do/dont state machines are based on Dave Borman's
353 * Telnet option processing state machine.
354 *
355 * These correspond to the following states:
356 * my_state = the last negotiated state
357 * want_state = what I want the state to go to
358 * want_resp = how many requests I have sent
359 * All state defaults are negative, and resp defaults to 0.
360 *
361 * When initiating a request to change state to new_state:
362 *
363 * if ((want_resp == 0 && new_state == my_state) || want_state == new_state) {
364 * do nothing;
365 * } else {
366 * want_state = new_state;
367 * send new_state;
368 * want_resp++;
369 * }
370 *
371 * When receiving new_state:
372 *
373 * if (want_resp) {
374 * want_resp--;
375 * if (want_resp && (new_state == my_state))
376 * want_resp--;
377 * }
378 * if ((want_resp == 0) && (new_state != want_state)) {
379 * if (ok_to_switch_to new_state)
380 * want_state = new_state;
381 * else
382 * want_resp++;
383 * send want_state;
384 * }
385 * my_state = new_state;
386 *
387 * Note that new_state is implied in these functions by the function itself.
388 * will and do imply positive new_state, wont and dont imply negative.
389 *
390 * Finally, there is one catch. If we send a negative response to a
391 * positive request, my_state will be the positive while want_state will
392 * remain negative. my_state will revert to negative when the negative
393 * acknowlegment arrives from the peer. Thus, my_state generally tells
394 * us not only the last negotiated state, but also tells us what the peer
395 * wants to be doing as well. It is important to understand this difference
396 * as we may wish to be processing data streams based on our desired state
397 * (want_state) or based on what the peer thinks the state is (my_state).
398 *
399 * This all works fine because if the peer sends a positive request, the data
400 * that we receive prior to negative acknowlegment will probably be affected
401 * by the positive state, and we can process it as such (if we can; if we
402 * can't then it really doesn't matter). If it is that important, then the
403 * peer probably should be buffering until this option state negotiation
404 * is complete.
405 *
406 */
407 void
408 send_do(int option, int init)
409 {
410 if (init) {
411 if ((do_dont_resp[option] == 0 && his_state_is_will(option)) ||
412 his_want_state_is_will(option))
413 return;
414 /*
415 * Special case for TELOPT_TM: We send a DO, but pretend
416 * that we sent a DONT, so that we can send more DOs if
417 * we want to.
418 */
419 if (option == TELOPT_TM)
420 set_his_want_state_wont(option);
421 else
422 set_his_want_state_will(option);
423 do_dont_resp[option]++;
424 }
425 output_data((const char *)doopt, option);
426
427 DIAG(TD_OPTIONS, printoption("td: send do", option));
428 }
429
430 void
431 willoption(int option)
432 {
433 int changeok = 0;
434 void (*func)(void) = 0;
435
436 /*
437 * process input from peer.
438 */
439
440 DIAG(TD_OPTIONS, printoption("td: recv will", option));
441
442 if (do_dont_resp[option]) {
443 do_dont_resp[option]--;
444 if (do_dont_resp[option] && his_state_is_will(option))
445 do_dont_resp[option]--;
446 }
447 if (do_dont_resp[option] == 0) {
448 if (his_want_state_is_wont(option)) {
449 switch (option) {
450
451 case TELOPT_BINARY:
452 init_termbuf();
453 tty_binaryin(1);
454 set_termbuf();
455 changeok++;
456 break;
457
458 case TELOPT_ECHO:
459 /*
460 * See comments below for more info.
461 */
462 not42 = 0; /* looks like a 4.2 system */
463 break;
464
465 case TELOPT_TM:
466 #if defined(LINEMODE) && defined(KLUDGELINEMODE)
467 /*
468 * This telnetd implementation does not really
469 * support timing marks, it just uses them to
470 * support the kludge linemode stuff. If we
471 * receive a will or wont TM in response to our
472 * do TM request that may have been sent to
473 * determine kludge linemode support, process
474 * it, otherwise TM should get a negative
475 * response back.
476 */
477 /*
478 * Handle the linemode kludge stuff.
479 * If we are not currently supporting any
480 * linemode at all, then we assume that this
481 * is the client telling us to use kludge
482 * linemode in response to our query. Set the
483 * linemode type that is to be supported, note
484 * that the client wishes to use linemode, and
485 * eat the will TM as though it never arrived.
486 */
487 if (lmodetype < KLUDGE_LINEMODE) {
488 lmodetype = KLUDGE_LINEMODE;
489 clientstat(TELOPT_LINEMODE, WILL, 0);
490 send_wont(TELOPT_SGA, 1);
491 } else if (lmodetype == NO_AUTOKLUDGE) {
492 lmodetype = KLUDGE_OK;
493 }
494 #endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */
495 /*
496 * We never respond to a WILL TM, and
497 * we leave the state WONT.
498 */
499 return;
500
501 case TELOPT_LFLOW:
502 /*
503 * If we are going to support flow control
504 * option, then don't worry peer that we can't
505 * change the flow control characters.
506 */
507 slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
508 slctab[SLC_XON].defset.flag |= SLC_DEFAULT;
509 slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
510 slctab[SLC_XOFF].defset.flag |= SLC_DEFAULT;
511 case TELOPT_TTYPE:
512 case TELOPT_SGA:
513 case TELOPT_NAWS:
514 case TELOPT_TSPEED:
515 case TELOPT_XDISPLOC:
516 case TELOPT_NEW_ENVIRON:
517 case TELOPT_OLD_ENVIRON:
518 changeok++;
519 break;
520
521 #ifdef LINEMODE
522 case TELOPT_LINEMODE:
523 # ifdef KLUDGELINEMODE
524 /*
525 * Note client's desire to use linemode.
526 */
527 lmodetype = REAL_LINEMODE;
528 # endif /* KLUDGELINEMODE */
529 func = doclientstat;
530 changeok++;
531 break;
532 #endif /* LINEMODE */
533
534
535
536 default:
537 break;
538 }
539 if (changeok) {
540 set_his_want_state_will(option);
541 send_do(option, 0);
542 } else {
543 do_dont_resp[option]++;
544 send_dont(option, 0);
545 }
546 } else {
547 /*
548 * Option processing that should happen when
549 * we receive conformation of a change in
550 * state that we had requested.
551 */
552 switch (option) {
553 case TELOPT_ECHO:
554 not42 = 0; /* looks like a 4.2 system */
555 /*
556 * Egads, he responded "WILL ECHO". Turn
557 * it off right now!
558 */
559 send_dont(option, 1);
560 /*
561 * "WILL ECHO". Kludge upon kludge!
562 * A 4.2 client is now echoing user input at
563 * the tty. This is probably undesireable and
564 * it should be stopped. The client will
565 * respond WONT TM to the DO TM that we send to
566 * check for kludge linemode. When the WONT TM
567 * arrives, linemode will be turned off and a
568 * change propogated to the pty. This change
569 * will cause us to process the new pty state
570 * in localstat(), which will notice that
571 * linemode is off and send a WILL ECHO
572 * so that we are properly in character mode and
573 * all is well.
574 */
575 break;
576 #ifdef LINEMODE
577 case TELOPT_LINEMODE:
578 # ifdef KLUDGELINEMODE
579 /*
580 * Note client's desire to use linemode.
581 */
582 lmodetype = REAL_LINEMODE;
583 # endif /* KLUDGELINEMODE */
584 func = doclientstat;
585 break;
586 #endif /* LINEMODE */
587
588
589 case TELOPT_LFLOW:
590 func = flowstat;
591 break;
592 }
593 }
594 }
595 set_his_state_will(option);
596 if (func)
597 (*func)();
598 } /* end of willoption */
599
600 void
601 send_dont(int option, int init)
602 {
603 if (init) {
604 if ((do_dont_resp[option] == 0 && his_state_is_wont(option)) ||
605 his_want_state_is_wont(option))
606 return;
607 set_his_want_state_wont(option);
608 do_dont_resp[option]++;
609 }
610 output_data((const char *)dont, option);
611
612 DIAG(TD_OPTIONS, printoption("td: send dont", option));
613 }
614
615 void
616 wontoption(int option)
617 {
618 /*
619 * Process client input.
620 */
621
622 DIAG(TD_OPTIONS, printoption("td: recv wont", option));
623
624 if (do_dont_resp[option]) {
625 do_dont_resp[option]--;
626 if (do_dont_resp[option] && his_state_is_wont(option))
627 do_dont_resp[option]--;
628 }
629 if (do_dont_resp[option] == 0) {
630 if (his_want_state_is_will(option)) {
631 /* it is always ok to change to negative state */
632 switch (option) {
633 case TELOPT_ECHO:
634 not42 = 1; /* doesn't seem to be a 4.2 system */
635 break;
636
637 case TELOPT_BINARY:
638 init_termbuf();
639 tty_binaryin(0);
640 set_termbuf();
641 break;
642
643 #ifdef LINEMODE
644 case TELOPT_LINEMODE:
645 # ifdef KLUDGELINEMODE
646 /*
647 * If real linemode is supported, then client is
648 * asking to turn linemode off.
649 */
650 if (lmodetype != REAL_LINEMODE)
651 break;
652 lmodetype = KLUDGE_LINEMODE;
653 # endif /* KLUDGELINEMODE */
654 clientstat(TELOPT_LINEMODE, WONT, 0);
655 break;
656 #endif /* LINEMODE */
657
658 case TELOPT_TM:
659 /*
660 * If we get a WONT TM, and had sent a DO TM,
661 * don't respond with a DONT TM, just leave it
662 * as is. Short circut the state machine to
663 * achive this.
664 */
665 set_his_want_state_wont(TELOPT_TM);
666 return;
667
668 case TELOPT_LFLOW:
669 /*
670 * If we are not going to support flow control
671 * option, then let peer know that we can't
672 * change the flow control characters.
673 */
674 slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
675 slctab[SLC_XON].defset.flag |= SLC_CANTCHANGE;
676 slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
677 slctab[SLC_XOFF].defset.flag |= SLC_CANTCHANGE;
678 break;
679
680
681 /*
682 * For options that we might spin waiting for
683 * sub-negotiation, if the client turns off the
684 * option rather than responding to the request,
685 * we have to treat it here as if we got a response
686 * to the sub-negotiation, (by updating the timers)
687 * so that we'll break out of the loop.
688 */
689 case TELOPT_TTYPE:
690 settimer(ttypesubopt);
691 break;
692
693 case TELOPT_TSPEED:
694 settimer(tspeedsubopt);
695 break;
696
697 case TELOPT_XDISPLOC:
698 settimer(xdisplocsubopt);
699 break;
700
701 case TELOPT_OLD_ENVIRON:
702 settimer(oenvironsubopt);
703 break;
704
705 case TELOPT_NEW_ENVIRON:
706 settimer(environsubopt);
707 break;
708
709 default:
710 break;
711 }
712 set_his_want_state_wont(option);
713 if (his_state_is_will(option))
714 send_dont(option, 0);
715 } else {
716 switch (option) {
717 case TELOPT_TM:
718 #if defined(LINEMODE) && defined(KLUDGELINEMODE)
719 if (lmodetype < NO_AUTOKLUDGE) {
720 lmodetype = NO_LINEMODE;
721 clientstat(TELOPT_LINEMODE, WONT, 0);
722 send_will(TELOPT_SGA, 1);
723 send_will(TELOPT_ECHO, 1);
724 }
725 #endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */
726 break;
727
728 default:
729 break;
730 }
731 }
732 }
733 set_his_state_wont(option);
734
735 } /* end of wontoption */
736
737 void
738 send_will(int option, int init)
739 {
740 if (init) {
741 if ((will_wont_resp[option] == 0 && my_state_is_will(option))||
742 my_want_state_is_will(option))
743 return;
744 set_my_want_state_will(option);
745 will_wont_resp[option]++;
746 }
747 output_data((const char *)will, option);
748
749 DIAG(TD_OPTIONS, printoption("td: send will", option));
750 }
751
752 #if !defined(LINEMODE) || !defined(KLUDGELINEMODE)
753 /*
754 * When we get a DONT SGA, we will try once to turn it
755 * back on. If the other side responds DONT SGA, we
756 * leave it at that. This is so that when we talk to
757 * clients that understand KLUDGELINEMODE but not LINEMODE,
758 * we'll keep them in char-at-a-time mode.
759 */
760 int turn_on_sga = 0;
761 #endif
762
763 void
764 dooption(int option)
765 {
766 int changeok = 0;
767
768 /*
769 * Process client input.
770 */
771
772 DIAG(TD_OPTIONS, printoption("td: recv do", option));
773
774 if (will_wont_resp[option]) {
775 will_wont_resp[option]--;
776 if (will_wont_resp[option] && my_state_is_will(option))
777 will_wont_resp[option]--;
778 }
779 if ((will_wont_resp[option] == 0) && (my_want_state_is_wont(option))) {
780 switch (option) {
781 case TELOPT_ECHO:
782 #ifdef LINEMODE
783 # ifdef KLUDGELINEMODE
784 if (lmodetype == NO_LINEMODE)
785 # else
786 if (his_state_is_wont(TELOPT_LINEMODE))
787 # endif
788 #endif
789 {
790 init_termbuf();
791 tty_setecho(1);
792 set_termbuf();
793 }
794 changeok++;
795 break;
796
797 case TELOPT_BINARY:
798 init_termbuf();
799 tty_binaryout(1);
800 set_termbuf();
801 changeok++;
802 break;
803
804 case TELOPT_SGA:
805 #if defined(LINEMODE) && defined(KLUDGELINEMODE)
806 /*
807 * If kludge linemode is in use, then we must
808 * process an incoming do SGA for linemode
809 * purposes.
810 */
811 if (lmodetype == KLUDGE_LINEMODE) {
812 /*
813 * Receipt of "do SGA" in kludge
814 * linemode is the peer asking us to
815 * turn off linemode. Make note of
816 * the request.
817 */
818 clientstat(TELOPT_LINEMODE, WONT, 0);
819 /*
820 * If linemode did not get turned off
821 * then don't tell peer that we did.
822 * Breaking here forces a wont SGA to
823 * be returned.
824 */
825 if (linemode)
826 break;
827 }
828 #else
829 turn_on_sga = 0;
830 #endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */
831 changeok++;
832 break;
833
834 case TELOPT_STATUS:
835 changeok++;
836 break;
837
838 case TELOPT_TM:
839 /*
840 * Special case for TM. We send a WILL, but
841 * pretend we sent a WONT.
842 */
843 send_will(option, 0);
844 set_my_want_state_wont(option);
845 set_my_state_wont(option);
846 return;
847
848 case TELOPT_LOGOUT:
849 /*
850 * When we get a LOGOUT option, respond
851 * with a WILL LOGOUT, make sure that
852 * it gets written out to the network,
853 * and then just go away...
854 */
855 set_my_want_state_will(TELOPT_LOGOUT);
856 send_will(TELOPT_LOGOUT, 0);
857 set_my_state_will(TELOPT_LOGOUT);
858 (void)netflush();
859 cleanup(0);
860 /* NOT REACHED */
861 break;
862
863 case TELOPT_LINEMODE:
864 case TELOPT_TTYPE:
865 case TELOPT_NAWS:
866 case TELOPT_TSPEED:
867 case TELOPT_LFLOW:
868 case TELOPT_XDISPLOC:
869 #ifdef TELOPT_ENVIRON
870 case TELOPT_NEW_ENVIRON:
871 #endif
872 case TELOPT_OLD_ENVIRON:
873 default:
874 break;
875 }
876 if (changeok) {
877 set_my_want_state_will(option);
878 send_will(option, 0);
879 } else {
880 will_wont_resp[option]++;
881 send_wont(option, 0);
882 }
883 }
884 set_my_state_will(option);
885
886 } /* end of dooption */
887
888 void
889 send_wont(int option, int init)
890 {
891 if (init) {
892 if ((will_wont_resp[option] == 0 && my_state_is_wont(option)) ||
893 my_want_state_is_wont(option))
894 return;
895 set_my_want_state_wont(option);
896 will_wont_resp[option]++;
897 }
898 output_data((const char *)wont, option);
899
900 DIAG(TD_OPTIONS, printoption("td: send wont", option));
901 }
902
903 void
904 dontoption(int option)
905 {
906 /*
907 * Process client input.
908 */
909
910
911 DIAG(TD_OPTIONS, printoption("td: recv dont", option));
912
913 if (will_wont_resp[option]) {
914 will_wont_resp[option]--;
915 if (will_wont_resp[option] && my_state_is_wont(option))
916 will_wont_resp[option]--;
917 }
918 if ((will_wont_resp[option] == 0) && (my_want_state_is_will(option))) {
919 switch (option) {
920 case TELOPT_BINARY:
921 init_termbuf();
922 tty_binaryout(0);
923 set_termbuf();
924 break;
925
926 case TELOPT_ECHO: /* we should stop echoing */
927 #ifdef LINEMODE
928 # ifdef KLUDGELINEMODE
929 if ((lmodetype != REAL_LINEMODE) &&
930 (lmodetype != KLUDGE_LINEMODE))
931 # else
932 if (his_state_is_wont(TELOPT_LINEMODE))
933 # endif
934 #endif
935 {
936 init_termbuf();
937 tty_setecho(0);
938 set_termbuf();
939 }
940 break;
941
942 case TELOPT_SGA:
943 #if defined(LINEMODE) && defined(KLUDGELINEMODE)
944 /*
945 * If kludge linemode is in use, then we
946 * must process an incoming do SGA for
947 * linemode purposes.
948 */
949 if ((lmodetype == KLUDGE_LINEMODE) ||
950 (lmodetype == KLUDGE_OK)) {
951 /*
952 * The client is asking us to turn
953 * linemode on.
954 */
955 lmodetype = KLUDGE_LINEMODE;
956 clientstat(TELOPT_LINEMODE, WILL, 0);
957 /*
958 * If we did not turn line mode on,
959 * then what do we say? Will SGA?
960 * This violates design of telnet.
961 * Gross. Very Gross.
962 */
963 }
964 break;
965 #else
966 set_my_want_state_wont(option);
967 if (my_state_is_will(option))
968 send_wont(option, 0);
969 set_my_state_wont(option);
970 if (turn_on_sga ^= 1)
971 send_will(option, 1);
972 return;
973 #endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */
974
975 default:
976 break;
977 }
978
979 set_my_want_state_wont(option);
980 if (my_state_is_will(option))
981 send_wont(option, 0);
982 }
983 set_my_state_wont(option);
984
985 } /* end of dontoption */
986
987 #ifdef ENV_HACK
988 int env_ovar = -1;
989 int env_ovalue = -1;
990 #else /* ENV_HACK */
991 # define env_ovar OLD_ENV_VAR
992 # define env_ovalue OLD_ENV_VALUE
993 #endif /* ENV_HACK */
994
995 /* envvarok(char*) */
996 /* check that variable is safe to pass to login or shell */
997 static int
998 envvarok(char *varp)
999 {
1000
1001 if (strcmp(varp, "TERMCAP") && /* to prevent a security hole */
1002 strcmp(varp, "TERMINFO") && /* with tgetent */
1003 strcmp(varp, "TERMPATH") &&
1004 strcmp(varp, "HOME") && /* to prevent the tegetent bug */
1005 strncmp(varp, "LD_", strlen("LD_")) && /* most systems */
1006 strncmp(varp, "_RLD_", strlen("_RLD_")) && /* IRIX */
1007 strcmp(varp, "LIBPATH") && /* AIX */
1008 strcmp(varp, "ENV") &&
1009 strcmp(varp, "BASH_ENV") &&
1010 strcmp(varp, "IFS") &&
1011 strncmp(varp, "KRB5", strlen("KRB5")) && /* Krb5 */
1012 /*
1013 * The above case is a catch-all for now. Here are some of
1014 * the specific ones we must avoid passing, at least until
1015 * we can prove it can be done safely. Keep this list
1016 * around un case someone wants to remove the catch-all.
1017 */
1018 strcmp(varp, "KRB5_CONFIG") && /* Krb5 */
1019 strcmp(varp, "KRB5CCNAME") && /* Krb5 */
1020 strcmp(varp, "KRB5_KTNAME") && /* Krb5 */
1021 strcmp(varp, "KRBTKFILE") && /* Krb4 */
1022 strcmp(varp, "KRB_CONF") && /* CNS 4 */
1023 strcmp(varp, "KRB_REALMS") && /* CNS 4 */
1024 strcmp(varp, "RESOLV_HOST_CONF")) /* Linux */
1025 return (1);
1026 else {
1027 syslog(LOG_INFO, "Rejected the attempt to modify the "
1028 "environment variable \"%s\"", varp);
1029 return (0);
1030 }
1031 }
1032
1033 /*
1034 * suboption()
1035 *
1036 * Look at the sub-option buffer, and try to be helpful to the other
1037 * side.
1038 *
1039 * Currently we recognize:
1040 *
1041 * Terminal type is
1042 * Linemode
1043 * Window size
1044 * Terminal speed
1045 */
1046 void
1047 suboption(void)
1048 {
1049 int subchar;
1050
1051 DIAG(TD_OPTIONS, {netflush(); printsub('<', subpointer, SB_LEN()+2);});
1052
1053 subchar = SB_GET();
1054 switch (subchar) {
1055 case TELOPT_TSPEED: {
1056 int xspeed, rspeed;
1057
1058 if (his_state_is_wont(TELOPT_TSPEED)) /* Ignore if option disabled */
1059 break;
1060
1061 settimer(tspeedsubopt);
1062
1063 if (SB_EOF() || SB_GET() != TELQUAL_IS)
1064 return;
1065
1066 xspeed = atoi((char *)subpointer);
1067
1068 while (SB_GET() != ',' && !SB_EOF());
1069 if (SB_EOF())
1070 return;
1071
1072 rspeed = atoi((char *)subpointer);
1073 clientstat(TELOPT_TSPEED, xspeed, rspeed);
1074
1075 break;
1076
1077 } /* end of case TELOPT_TSPEED */
1078
1079 case TELOPT_TTYPE: { /* Yaaaay! */
1080 static char terminalname[41];
1081
1082 if (his_state_is_wont(TELOPT_TTYPE)) /* Ignore if option disabled */
1083 break;
1084 settimer(ttypesubopt);
1085
1086 if (SB_EOF() || SB_GET() != TELQUAL_IS) {
1087 return; /* ??? XXX but, this is the most robust */
1088 }
1089
1090 terminaltype = terminalname;
1091
1092 while ((terminaltype < (terminalname + sizeof terminalname-1)) &&
1093 !SB_EOF()) {
1094 int c;
1095
1096 c = SB_GET();
1097 if (isupper(c)) {
1098 c = tolower(c);
1099 }
1100 *terminaltype++ = c; /* accumulate name */
1101 }
1102 *terminaltype = 0;
1103 terminaltype = terminalname;
1104 break;
1105 } /* end of case TELOPT_TTYPE */
1106
1107 case TELOPT_NAWS: {
1108 int xwinsize, ywinsize;
1109
1110 if (his_state_is_wont(TELOPT_NAWS)) /* Ignore if option disabled */
1111 break;
1112
1113 if (SB_EOF())
1114 return;
1115 xwinsize = SB_GET() << 8;
1116 if (SB_EOF())
1117 return;
1118 xwinsize |= SB_GET();
1119 if (SB_EOF())
1120 return;
1121 ywinsize = SB_GET() << 8;
1122 if (SB_EOF())
1123 return;
1124 ywinsize |= SB_GET();
1125 clientstat(TELOPT_NAWS, xwinsize, ywinsize);
1126
1127 break;
1128
1129 } /* end of case TELOPT_NAWS */
1130
1131 #ifdef LINEMODE
1132 case TELOPT_LINEMODE: {
1133 int request;
1134
1135 if (his_state_is_wont(TELOPT_LINEMODE)) /* Ignore if option disabled */
1136 break;
1137 /*
1138 * Process linemode suboptions.
1139 */
1140 if (SB_EOF())
1141 break; /* garbage was sent */
1142 request = SB_GET(); /* get will/wont */
1143
1144 if (SB_EOF())
1145 break; /* another garbage check */
1146
1147 if (request == LM_SLC) { /* SLC is not preceeded by WILL or WONT */
1148 /*
1149 * Process suboption buffer of slc's
1150 */
1151 start_slc(1);
1152 do_opt_slc(subpointer, subend - subpointer);
1153 (void) end_slc(0);
1154 break;
1155 } else if (request == LM_MODE) {
1156 if (SB_EOF())
1157 return;
1158 useeditmode = SB_GET(); /* get mode flag */
1159 clientstat(LM_MODE, 0, 0);
1160 break;
1161 }
1162
1163 if (SB_EOF())
1164 break;
1165 switch (SB_GET()) { /* what suboption? */
1166 case LM_FORWARDMASK:
1167 /*
1168 * According to spec, only server can send request for
1169 * forwardmask, and client can only return a positive response.
1170 * So don't worry about it.
1171 */
1172
1173 default:
1174 break;
1175 }
1176 break;
1177 } /* end of case TELOPT_LINEMODE */
1178 #endif
1179 case TELOPT_STATUS: {
1180 int mode;
1181
1182 if (SB_EOF())
1183 break;
1184 mode = SB_GET();
1185 switch (mode) {
1186 case TELQUAL_SEND:
1187 if (my_state_is_will(TELOPT_STATUS))
1188 send_status();
1189 break;
1190
1191 case TELQUAL_IS:
1192 break;
1193
1194 default:
1195 break;
1196 }
1197 break;
1198 } /* end of case TELOPT_STATUS */
1199
1200 case TELOPT_XDISPLOC: {
1201 if (SB_EOF() || SB_GET() != TELQUAL_IS)
1202 return;
1203 settimer(xdisplocsubopt);
1204 subpointer[SB_LEN()] = '\0';
1205 if (setenv("DISPLAY", (char *)subpointer, 1) == -1)
1206 syslog(LOG_ERR, "setenv: cannot set DISPLAY=%s: %m", (char *)subpointer);
1207 break;
1208 } /* end of case TELOPT_XDISPLOC */
1209
1210 #ifdef TELOPT_NEW_ENVIRON
1211 case TELOPT_NEW_ENVIRON:
1212 #endif
1213 case TELOPT_OLD_ENVIRON: {
1214 int c;
1215 char *cp, *varp, *valp;
1216
1217 if (SB_EOF())
1218 return;
1219 c = SB_GET();
1220 if (c == TELQUAL_IS) {
1221 if (subchar == TELOPT_OLD_ENVIRON)
1222 settimer(oenvironsubopt);
1223 else
1224 settimer(environsubopt);
1225 } else if (c != TELQUAL_INFO) {
1226 return;
1227 }
1228
1229 #ifdef TELOPT_NEW_ENVIRON
1230 if (subchar == TELOPT_NEW_ENVIRON) {
1231 while (!SB_EOF()) {
1232 c = SB_GET();
1233 if ((c == NEW_ENV_VAR) || (c == ENV_USERVAR))
1234 break;
1235 }
1236 } else
1237 #endif
1238 {
1239 #ifdef ENV_HACK
1240 /*
1241 * We only want to do this if we haven't already decided
1242 * whether or not the other side has its VALUE and VAR
1243 * reversed.
1244 */
1245 if (env_ovar < 0) {
1246 int last = -1; /* invalid value */
1247 int empty = 0;
1248 int got_var = 0, got_value = 0, got_uservar = 0;
1249
1250 /*
1251 * The other side might have its VALUE and VAR values
1252 * reversed. To be interoperable, we need to determine
1253 * which way it is. If the first recognized character
1254 * is a VAR or VALUE, then that will tell us what
1255 * type of client it is. If the fist recognized
1256 * character is a USERVAR, then we continue scanning
1257 * the suboption looking for two consecutive
1258 * VAR or VALUE fields. We should not get two
1259 * consecutive VALUE fields, so finding two
1260 * consecutive VALUE or VAR fields will tell us
1261 * what the client is.
1262 */
1263 SB_SAVE();
1264 while (!SB_EOF()) {
1265 c = SB_GET();
1266 switch(c) {
1267 case OLD_ENV_VAR:
1268 if (last < 0 || last == OLD_ENV_VAR
1269 || (empty && (last == OLD_ENV_VALUE)))
1270 goto env_ovar_ok;
1271 got_var++;
1272 last = OLD_ENV_VAR;
1273 break;
1274 case OLD_ENV_VALUE:
1275 if (last < 0 || last == OLD_ENV_VALUE
1276 || (empty && (last == OLD_ENV_VAR)))
1277 goto env_ovar_wrong;
1278 got_value++;
1279 last = OLD_ENV_VALUE;
1280 break;
1281 case ENV_USERVAR:
1282 /* count strings of USERVAR as one */
1283 if (last != ENV_USERVAR)
1284 got_uservar++;
1285 if (empty) {
1286 if (last == OLD_ENV_VALUE)
1287 goto env_ovar_ok;
1288 if (last == OLD_ENV_VAR)
1289 goto env_ovar_wrong;
1290 }
1291 last = ENV_USERVAR;
1292 break;
1293 case ENV_ESC:
1294 if (!SB_EOF())
1295 c = SB_GET();
1296 /* FALL THROUGH */
1297 default:
1298 empty = 0;
1299 continue;
1300 }
1301 empty = 1;
1302 }
1303 if (empty) {
1304 if (last == OLD_ENV_VALUE)
1305 goto env_ovar_ok;
1306 if (last == OLD_ENV_VAR)
1307 goto env_ovar_wrong;
1308 }
1309 /*
1310 * Ok, the first thing was a USERVAR, and there
1311 * are not two consecutive VAR or VALUE commands,
1312 * and none of the VAR or VALUE commands are empty.
1313 * If the client has sent us a well-formed option,
1314 * then the number of VALUEs received should always
1315 * be less than or equal to the number of VARs and
1316 * USERVARs received.
1317 *
1318 * If we got exactly as many VALUEs as VARs and
1319 * USERVARs, the client has the same definitions.
1320 *
1321 * If we got exactly as many VARs as VALUEs and
1322 * USERVARS, the client has reversed definitions.
1323 */
1324 if (got_uservar + got_var == got_value) {
1325 env_ovar_ok:
1326 env_ovar = OLD_ENV_VAR;
1327 env_ovalue = OLD_ENV_VALUE;
1328 } else if (got_uservar + got_value == got_var) {
1329 env_ovar_wrong:
1330 env_ovar = OLD_ENV_VALUE;
1331 env_ovalue = OLD_ENV_VAR;
1332 DIAG(TD_OPTIONS,
1333 output_data("ENVIRON VALUE and VAR are reversed!\r\n"));
1334
1335 }
1336 }
1337 SB_RESTORE();
1338 #endif
1339
1340 while (!SB_EOF()) {
1341 c = SB_GET();
1342 if ((c == env_ovar) || (c == ENV_USERVAR))
1343 break;
1344 }
1345 }
1346
1347 if (SB_EOF())
1348 return;
1349
1350 cp = varp = (char *)subpointer;
1351 valp = 0;
1352
1353 while (!SB_EOF()) {
1354 c = SB_GET();
1355 if (subchar == TELOPT_OLD_ENVIRON) {
1356 if (c == env_ovar)
1357 c = NEW_ENV_VAR;
1358 else if (c == env_ovalue)
1359 c = NEW_ENV_VALUE;
1360 }
1361 switch (c) {
1362
1363 case NEW_ENV_VALUE:
1364 *cp = '\0';
1365 cp = valp = (char *)subpointer;
1366 break;
1367
1368 case NEW_ENV_VAR:
1369 case ENV_USERVAR:
1370 *cp = '\0';
1371 if (envvarok(varp)) {
1372 if (valp) {
1373 if (setenv(varp, valp, 1) == -1)
1374 syslog(LOG_ERR, "setenv: cannot set %s=%s: %m", varp, valp);
1375 }
1376 else
1377 unsetenv(varp);
1378 }
1379 cp = varp = (char *)subpointer;
1380 valp = 0;
1381 break;
1382
1383 case ENV_ESC:
1384 if (SB_EOF())
1385 break;
1386 c = SB_GET();
1387 /* FALL THROUGH */
1388 default:
1389 *cp++ = c;
1390 break;
1391 }
1392 }
1393 *cp = '\0';
1394 if (envvarok(varp)) {
1395 if (valp) {
1396 if (setenv(varp, valp, 1) == -1)
1397 syslog(LOG_ERR, "setenv: cannot set %s=%s: %m", varp, valp);
1398 }
1399 else
1400 unsetenv(varp);
1401 }
1402 break;
1403 } /* end of case TELOPT_NEW_ENVIRON */
1404
1405 default:
1406 break;
1407 } /* end of switch */
1408
1409 } /* end of suboption */
1410
1411 static void
1412 doclientstat(void)
1413 {
1414 clientstat(TELOPT_LINEMODE, WILL, 0);
1415 }
1416
1417 #define ADD(c) *ncp++ = c
1418 #define ADD_DATA(c) { *ncp++ = c; if (c == SE || c == IAC) *ncp++ = c; }
1419 void
1420 send_status(void)
1421 {
1422 unsigned char statusbuf[256];
1423 unsigned char *ncp;
1424 unsigned char i;
1425
1426 ncp = statusbuf;
1427
1428 netflush(); /* get rid of anything waiting to go out */
1429
1430 ADD(IAC);
1431 ADD(SB);
1432 ADD(TELOPT_STATUS);
1433 ADD(TELQUAL_IS);
1434
1435 /*
1436 * We check the want_state rather than the current state,
1437 * because if we received a DO/WILL for an option that we
1438 * don't support, and the other side didn't send a DONT/WONT
1439 * in response to our WONT/DONT, then the "state" will be
1440 * WILL/DO, and the "want_state" will be WONT/DONT. We
1441 * need to go by the latter.
1442 */
1443 for (i = 0; i < (unsigned char)NTELOPTS; i++) {
1444 if (my_want_state_is_will(i)) {
1445 ADD(WILL);
1446 ADD_DATA(i);
1447 if (i == IAC)
1448 ADD(IAC);
1449 }
1450 if (his_want_state_is_will(i)) {
1451 ADD(DO);
1452 ADD_DATA(i);
1453 if (i == IAC)
1454 ADD(IAC);
1455 }
1456 }
1457
1458 if (his_want_state_is_will(TELOPT_LFLOW)) {
1459 ADD(SB);
1460 ADD(TELOPT_LFLOW);
1461 if (flowmode) {
1462 ADD(LFLOW_ON);
1463 } else {
1464 ADD(LFLOW_OFF);
1465 }
1466 ADD(SE);
1467
1468 if (restartany >= 0) {
1469 ADD(SB);
1470 ADD(TELOPT_LFLOW);
1471 if (restartany) {
1472 ADD(LFLOW_RESTART_ANY);
1473 } else {
1474 ADD(LFLOW_RESTART_XON);
1475 }
1476 ADD(SE);
1477 }
1478 }
1479
1480 #ifdef LINEMODE
1481 if (his_want_state_is_will(TELOPT_LINEMODE)) {
1482 unsigned char *cp, *cpe;
1483 int len;
1484
1485 ADD(SB);
1486 ADD(TELOPT_LINEMODE);
1487 ADD(LM_MODE);
1488 ADD_DATA(editmode);
1489 ADD(SE);
1490
1491 ADD(SB);
1492 ADD(TELOPT_LINEMODE);
1493 ADD(LM_SLC);
1494 start_slc(0);
1495 send_slc();
1496 len = end_slc(&cp);
1497 for (cpe = cp + len; cp < cpe; cp++)
1498 ADD_DATA(*cp);
1499 ADD(SE);
1500 }
1501 #endif /* LINEMODE */
1502
1503 ADD(IAC);
1504 ADD(SE);
1505
1506 output_datalen(statusbuf, ncp - statusbuf);
1507 netflush(); /* Send it on its way */
1508
1509 DIAG(TD_OPTIONS,
1510 {printsub('>', statusbuf, ncp - statusbuf); netflush();});
1511 }
1512
1513 /*
1514 * This function appends data to nfrontp and advances nfrontp.
1515 * Returns the number of characters written altogether (the
1516 * buffer may have been flushed in the process).
1517 */
1518
1519 int
1520 output_data(const char *format, ...)
1521 {
1522 va_list args;
1523 int len;
1524 char *buf;
1525
1526 va_start(args, format);
1527 if ((len = vasprintf(&buf, format, args)) == -1)
1528 return -1;
1529 output_datalen(buf, len);
1530 va_end(args);
1531 free(buf);
1532 return (len);
1533 }
1534
1535 void
1536 output_datalen(const char *buf, int len)
1537 {
1538 int remaining, copied;
1539
1540 remaining = BUFSIZ - (nfrontp - netobuf);
1541 while (len > 0) {
1542 /* Free up enough space if the room is too low*/
1543 if ((len > BUFSIZ ? BUFSIZ : len) > remaining) {
1544 netflush();
1545 remaining = BUFSIZ - (nfrontp - netobuf);
1546 }
1547
1548 /* Copy out as much as will fit */
1549 copied = remaining > len ? len : remaining;
1550 memmove(nfrontp, buf, copied);
1551 nfrontp += copied;
1552 len -= copied;
1553 remaining -= copied;
1554 buf += copied;
1555 }
1556 return;
1557 }
DragonFly BSD