search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
remove gcc34
[dragonfly.git] / crypto / heimdal-0.6.3 / appl / telnet / telnetd / telnetd.c
blobe57eed7169a99345039faa13734bc8e6e5076266
1 /*
2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "telnetd.h"
35
36 RCSID("$Id: telnetd.c,v 1.69.6.1 2004/03/22 18:17:25 lha Exp $");
37
38 #ifdef _SC_CRAY_SECURE_SYS
39 #include <sys/sysv.h>
40 #include <sys/secdev.h>
41 #include <sys/secparm.h>
42 #include <sys/usrv.h>
43 int secflag;
44 char tty_dev[16];
45 struct secdev dv;
46 struct sysv sysv;
47 struct socksec ss;
48 #endif /* _SC_CRAY_SECURE_SYS */
49
50 #ifdef AUTHENTICATION
51 int auth_level = 0;
52 #endif
53
54 extern int utmp_len;
55 int registerd_host_only = 0;
56
57 #undef NOERROR
58
59 #ifdef STREAMSPTY
60 # include <stropts.h>
61 # include <termios.h>
62 #ifdef HAVE_SYS_UIO_H
63 #include <sys/uio.h>
64 #endif /* HAVE_SYS_UIO_H */
65 #ifdef HAVE_SYS_STREAM_H
66 #include <sys/stream.h>
67 #endif
68
69 #ifdef _AIX
70 #include <sys/termio.h>
71 #endif
72 # ifdef HAVE_SYS_STRTTY_H
73 # include <sys/strtty.h>
74 # endif
75 # ifdef HAVE_SYS_STR_TTY_H
76 # include <sys/str_tty.h>
77 # endif
78 /* make sure we don't get the bsd version */
79 /* what is this here for? solaris? /joda */
80 # ifdef HAVE_SYS_TTY_H
81 # include "/usr/include/sys/tty.h"
82 # endif
83 # ifdef HAVE_SYS_PTYVAR_H
84 # include <sys/ptyvar.h>
85 # endif
86
87 /*
88 * Because of the way ptyibuf is used with streams messages, we need
89 * ptyibuf+1 to be on a full-word boundary. The following wierdness
90 * is simply to make that happen.
91 */
92 long ptyibufbuf[BUFSIZ/sizeof(long)+1];
93 char *ptyibuf = ((char *)&ptyibufbuf[1])-1;
94 char *ptyip = ((char *)&ptyibufbuf[1])-1;
95 char ptyibuf2[BUFSIZ];
96 unsigned char ctlbuf[BUFSIZ];
97 struct strbuf strbufc, strbufd;
98
99 int readstream(int, char*, int);
100
101 #else /* ! STREAMPTY */
102
103 /*
104 * I/O data buffers,
105 * pointers, and counters.
106 */
107 char ptyibuf[BUFSIZ], *ptyip = ptyibuf;
108 char ptyibuf2[BUFSIZ];
109
110 #endif /* ! STREAMPTY */
111
112 int hostinfo = 1; /* do we print login banner? */
113
114 #ifdef _CRAY
115 extern int newmap; /* nonzero if \n maps to ^M^J */
116 int lowpty = 0, highpty; /* low, high pty numbers */
117 #endif /* CRAY */
118
119 int debug = 0;
120 int keepalive = 1;
121 char *progname;
122
123 static void usage (void);
124
125 /*
126 * The string to pass to getopt(). We do it this way so
127 * that only the actual options that we support will be
128 * passed off to getopt().
129 */
130 char valid_opts[] = "Bd:hklnS:u:UL:y"
131 #ifdef AUTHENTICATION
132 "a:X:z"
133 #endif
134 #ifdef DIAGNOSTICS
135 "D:"
136 #endif
137 #ifdef _CRAY
138 "r:"
139 #endif
140 ;
141
142 static void doit(struct sockaddr*, int);
143
144 #ifdef ENCRYPTION
145 extern int des_check_key;
146 #endif
147
148 int
149 main(int argc, char **argv)
150 {
151 struct sockaddr_storage __ss;
152 struct sockaddr *sa = (struct sockaddr *)&__ss;
153 int on = 1;
154 socklen_t sa_size;
155 int ch;
156 #if defined(IPPROTO_IP) && defined(IP_TOS)
157 int tos = -1;
158 #endif
159 #ifdef ENCRYPTION
160 des_check_key = 1; /* Kludge for Mac NCSA telnet 2.6 /bg */
161 #endif
162 pfrontp = pbackp = ptyobuf;
163 netip = netibuf;
164 nfrontp = nbackp = netobuf;
165
166 setprogname(argv[0]);
167
168 progname = *argv;
169 #ifdef ENCRYPTION
170 nclearto = 0;
171 #endif
172
173 #ifdef _CRAY
174 /*
175 * Get number of pty's before trying to process options,
176 * which may include changing pty range.
177 */
178 highpty = getnpty();
179 #endif /* CRAY */
180
181 if (argc == 2 && strcmp(argv[1], "--version") == 0) {
182 print_version(NULL);
183 exit(0);
184 }
185
186 while ((ch = getopt(argc, argv, valid_opts)) != -1) {
187 switch(ch) {
188
189 #ifdef AUTHENTICATION
190 case 'a':
191 /*
192 * Check for required authentication level
193 */
194 if (strcmp(optarg, "debug") == 0) {
195 auth_debug_mode = 1;
196 } else if (strcasecmp(optarg, "none") == 0) {
197 auth_level = 0;
198 } else if (strcasecmp(optarg, "otp") == 0) {
199 auth_level = 0;
200 require_otp = 1;
201 } else if (strcasecmp(optarg, "other") == 0) {
202 auth_level = AUTH_OTHER;
203 } else if (strcasecmp(optarg, "user") == 0) {
204 auth_level = AUTH_USER;
205 } else if (strcasecmp(optarg, "valid") == 0) {
206 auth_level = AUTH_VALID;
207 } else if (strcasecmp(optarg, "off") == 0) {
208 /*
209 * This hack turns off authentication
210 */
211 auth_level = -1;
212 } else {
213 fprintf(stderr,
214 "telnetd: unknown authorization level for -a\n");
215 }
216 break;
217 #endif /* AUTHENTICATION */
218
219 case 'B': /* BFTP mode is not supported any more */
220 break;
221 case 'd':
222 if (strcmp(optarg, "ebug") == 0) {
223 debug++;
224 break;
225 }
226 usage();
227 /* NOTREACHED */
228 break;
229
230 #ifdef DIAGNOSTICS
231 case 'D':
232 /*
233 * Check for desired diagnostics capabilities.
234 */
235 if (!strcmp(optarg, "report")) {
236 diagnostic |= TD_REPORT|TD_OPTIONS;
237 } else if (!strcmp(optarg, "exercise")) {
238 diagnostic |= TD_EXERCISE;
239 } else if (!strcmp(optarg, "netdata")) {
240 diagnostic |= TD_NETDATA;
241 } else if (!strcmp(optarg, "ptydata")) {
242 diagnostic |= TD_PTYDATA;
243 } else if (!strcmp(optarg, "options")) {
244 diagnostic |= TD_OPTIONS;
245 } else {
246 usage();
247 /* NOT REACHED */
248 }
249 break;
250 #endif /* DIAGNOSTICS */
251
252
253 case 'h':
254 hostinfo = 0;
255 break;
256
257 case 'k': /* Linemode is not supported any more */
258 case 'l':
259 break;
260
261 case 'n':
262 keepalive = 0;
263 break;
264
265 #ifdef _CRAY
266 case 'r':
267 {
268 char *strchr();
269 char *c;
270
271 /*
272 * Allow the specification of alterations
273 * to the pty search range. It is legal to
274 * specify only one, and not change the
275 * other from its default.
276 */
277 c = strchr(optarg, '-');
278 if (c) {
279 *c++ = '\0';
280 highpty = atoi(c);
281 }
282 if (*optarg != '\0')
283 lowpty = atoi(optarg);
284 if ((lowpty > highpty) || (lowpty < 0) ||
285 (highpty > 32767)) {
286 usage();
287 /* NOT REACHED */
288 }
289 break;
290 }
291 #endif /* CRAY */
292
293 case 'S':
294 #ifdef HAVE_PARSETOS
295 if ((tos = parsetos(optarg, "tcp")) < 0)
296 fprintf(stderr, "%s%s%s\n",
297 "telnetd: Bad TOS argument '", optarg,
298 "'; will try to use default TOS");
299 #else
300 fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
301 "-S flag not supported\n");
302 #endif
303 break;
304
305 case 'u': {
306 char *eptr;
307
308 utmp_len = strtol(optarg, &eptr, 0);
309 if (optarg == eptr)
310 fprintf(stderr, "telnetd: unknown utmp len (%s)\n", optarg);
311 break;
312 }
313
314 case 'U':
315 registerd_host_only = 1;
316 break;
317
318 #ifdef AUTHENTICATION
319 case 'X':
320 /*
321 * Check for invalid authentication types
322 */
323 auth_disable_name(optarg);
324 break;
325 #endif
326 case 'y':
327 no_warn = 1;
328 break;
329 #ifdef AUTHENTICATION
330 case 'z':
331 log_unauth = 1;
332 break;
333
334 #endif /* AUTHENTICATION */
335
336 case 'L':
337 new_login = optarg;
338 break;
339
340 default:
341 fprintf(stderr, "telnetd: %c: unknown option\n", ch);
342 /* FALLTHROUGH */
343 case '?':
344 usage();
345 /* NOTREACHED */
346 }
347 }
348
349 argc -= optind;
350 argv += optind;
351
352 if (debug) {
353 int port = 0;
354 struct servent *sp;
355
356 if (argc > 1) {
357 usage ();
358 } else if (argc == 1) {
359 sp = roken_getservbyname (*argv, "tcp");
360 if (sp)
361 port = sp->s_port;
362 else
363 port = htons(atoi(*argv));
364 } else {
365 #ifdef KRB5
366 port = krb5_getportbyname (NULL, "telnet", "tcp", 23);
367 #else
368 port = k_getportbyname("telnet", "tcp", htons(23));
369 #endif
370 }
371 mini_inetd (port);
372 } else if (argc > 0) {
373 usage();
374 /* NOT REACHED */
375 }
376
377 #ifdef _SC_CRAY_SECURE_SYS
378 secflag = sysconf(_SC_CRAY_SECURE_SYS);
379
380 /*
381 * Get socket's security label
382 */
383 if (secflag) {
384 socklen_t szss = sizeof(ss);
385 int sock_multi;
386 socklen_t szi = sizeof(int);
387
388 memset(&dv, 0, sizeof(dv));
389
390 if (getsysv(&sysv, sizeof(struct sysv)) != 0)
391 fatalperror(net, "getsysv");
392
393 /*
394 * Get socket security label and set device values
395 * {security label to be set on ttyp device}
396 */
397 #ifdef SO_SEC_MULTI /* 8.0 code */
398 if ((getsockopt(0, SOL_SOCKET, SO_SECURITY,
399 (void *)&ss, &szss) < 0) ||
400 (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI,
401 (void *)&sock_multi, &szi) < 0))
402 fatalperror(net, "getsockopt");
403 else {
404 dv.dv_actlvl = ss.ss_actlabel.lt_level;
405 dv.dv_actcmp = ss.ss_actlabel.lt_compart;
406 if (!sock_multi) {
407 dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl;
408 dv.dv_valcmp = dv.dv_actcmp;
409 } else {
410 dv.dv_minlvl = ss.ss_minlabel.lt_level;
411 dv.dv_maxlvl = ss.ss_maxlabel.lt_level;
412 dv.dv_valcmp = ss.ss_maxlabel.lt_compart;
413 }
414 dv.dv_devflg = 0;
415 }
416 #else /* SO_SEC_MULTI */ /* 7.0 code */
417 if (getsockopt(0, SOL_SOCKET, SO_SECURITY,
418 (void *)&ss, &szss) >= 0) {
419 dv.dv_actlvl = ss.ss_slevel;
420 dv.dv_actcmp = ss.ss_compart;
421 dv.dv_minlvl = ss.ss_minlvl;
422 dv.dv_maxlvl = ss.ss_maxlvl;
423 dv.dv_valcmp = ss.ss_maxcmp;
424 }
425 #endif /* SO_SEC_MULTI */
426 }
427 #endif /* _SC_CRAY_SECURE_SYS */
428
429 roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
430 sa_size = sizeof (__ss);
431 if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) {
432 fprintf(stderr, "%s: ", progname);
433 perror("getpeername");
434 _exit(1);
435 }
436 if (keepalive &&
437 setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE,
438 (void *)&on, sizeof (on)) < 0) {
439 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
440 }
441
442 #if defined(IPPROTO_IP) && defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
443 {
444 # ifdef HAVE_GETTOSBYNAME
445 struct tosent *tp;
446 if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
447 tos = tp->t_tos;
448 # endif
449 if (tos < 0)
450 tos = 020; /* Low Delay bit */
451 if (tos
452 && sa->sa_family == AF_INET
453 && (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
454 (void *)&tos, sizeof(tos)) < 0)
455 && (errno != ENOPROTOOPT) )
456 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
457 }
458 #endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
459 net = STDIN_FILENO;
460 doit(sa, sa_size);
461 /* NOTREACHED */
462 return 0;
463 } /* end of main */
464
465 static void
466 usage(void)
467 {
468 fprintf(stderr, "Usage: telnetd");
469 #ifdef AUTHENTICATION
470 fprintf(stderr, " [-a (debug|other|otp|user|valid|off|none)]\n\t");
471 #endif
472 fprintf(stderr, " [-debug]");
473 #ifdef DIAGNOSTICS
474 fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t");
475 #endif
476 #ifdef AUTHENTICATION
477 fprintf(stderr, " [-edebug]");
478 #endif
479 fprintf(stderr, " [-h]");
480 fprintf(stderr, " [-L login]");
481 fprintf(stderr, " [-n]");
482 #ifdef _CRAY
483 fprintf(stderr, " [-r[lowpty]-[highpty]]");
484 #endif
485 fprintf(stderr, "\n\t");
486 #ifdef HAVE_GETTOSBYNAME
487 fprintf(stderr, " [-S tos]");
488 #endif
489 #ifdef AUTHENTICATION
490 fprintf(stderr, " [-X auth-type] [-y] [-z]");
491 #endif
492 fprintf(stderr, " [-u utmp_hostname_length] [-U]");
493 fprintf(stderr, " [port]\n");
494 exit(1);
495 }
496
497 /*
498 * getterminaltype
499 *
500 * Ask the other end to send along its terminal type and speed.
501 * Output is the variable terminaltype filled in.
502 */
503 static unsigned char ttytype_sbbuf[] = {
504 IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE
505 };
506
507 int
508 getterminaltype(char *name, size_t name_sz)
509 {
510 int retval = -1;
511
512 settimer(baseline);
513 #ifdef AUTHENTICATION
514 /*
515 * Handle the Authentication option before we do anything else.
516 */
517 send_do(TELOPT_AUTHENTICATION, 1);
518 while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
519 ttloop();
520 if (his_state_is_will(TELOPT_AUTHENTICATION)) {
521 retval = auth_wait(name, name_sz);
522 }
523 #endif
524
525 #ifdef ENCRYPTION
526 send_will(TELOPT_ENCRYPT, 1);
527 send_do(TELOPT_ENCRYPT, 1); /* esc@magic.fi */
528 #endif
529 send_do(TELOPT_TTYPE, 1);
530 send_do(TELOPT_TSPEED, 1);
531 send_do(TELOPT_XDISPLOC, 1);
532 send_do(TELOPT_NEW_ENVIRON, 1);
533 send_do(TELOPT_OLD_ENVIRON, 1);
534 while (
535 #ifdef ENCRYPTION
536 his_do_dont_is_changing(TELOPT_ENCRYPT) ||
537 #endif
538 his_will_wont_is_changing(TELOPT_TTYPE) ||
539 his_will_wont_is_changing(TELOPT_TSPEED) ||
540 his_will_wont_is_changing(TELOPT_XDISPLOC) ||
541 his_will_wont_is_changing(TELOPT_NEW_ENVIRON) ||
542 his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) {
543 ttloop();
544 }
545 #ifdef ENCRYPTION
546 /*
547 * Wait for the negotiation of what type of encryption we can
548 * send with. If autoencrypt is not set, this will just return.
549 */
550 if (his_state_is_will(TELOPT_ENCRYPT)) {
551 encrypt_wait();
552 }
553 #endif
554 if (his_state_is_will(TELOPT_TSPEED)) {
555 static unsigned char sb[] =
556 { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
557
558 telnet_net_write (sb, sizeof sb);
559 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
560 }
561 if (his_state_is_will(TELOPT_XDISPLOC)) {
562 static unsigned char sb[] =
563 { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
564
565 telnet_net_write (sb, sizeof sb);
566 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
567 }
568 if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
569 static unsigned char sb[] =
570 { IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
571
572 telnet_net_write (sb, sizeof sb);
573 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
574 }
575 else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
576 static unsigned char sb[] =
577 { IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
578
579 telnet_net_write (sb, sizeof sb);
580 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
581 }
582 if (his_state_is_will(TELOPT_TTYPE)) {
583
584 telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf);
585 DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
586 sizeof ttytype_sbbuf - 2););
587 }
588 if (his_state_is_will(TELOPT_TSPEED)) {
589 while (sequenceIs(tspeedsubopt, baseline))
590 ttloop();
591 }
592 if (his_state_is_will(TELOPT_XDISPLOC)) {
593 while (sequenceIs(xdisplocsubopt, baseline))
594 ttloop();
595 }
596 if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
597 while (sequenceIs(environsubopt, baseline))
598 ttloop();
599 }
600 if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
601 while (sequenceIs(oenvironsubopt, baseline))
602 ttloop();
603 }
604 if (his_state_is_will(TELOPT_TTYPE)) {
605 char first[256], last[256];
606
607 while (sequenceIs(ttypesubopt, baseline))
608 ttloop();
609
610 /*
611 * If the other side has already disabled the option, then
612 * we have to just go with what we (might) have already gotten.
613 */
614 if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
615 strlcpy(first, terminaltype, sizeof(first));
616 for(;;) {
617 /*
618 * Save the unknown name, and request the next name.
619 */
620 strlcpy(last, terminaltype, sizeof(last));
621 _gettermname();
622 if (terminaltypeok(terminaltype))
623 break;
624 if ((strncmp(last, terminaltype, sizeof(last)) == 0) ||
625 his_state_is_wont(TELOPT_TTYPE)) {
626 /*
627 * We've hit the end. If this is the same as
628 * the first name, just go with it.
629 */
630 if (strncmp(first, terminaltype, sizeof(first)) == 0)
631 break;
632 /*
633 * Get the terminal name one more time, so that
634 * RFC1091 compliant telnets will cycle back to
635 * the start of the list.
636 */
637 _gettermname();
638 if (strncmp(first, terminaltype, sizeof(first)) != 0)
639 strcpy(terminaltype, first);
640 break;
641 }
642 }
643 }
644 }
645 return(retval);
646 } /* end of getterminaltype */
647
648 void
649 _gettermname(void)
650 {
651 /*
652 * If the client turned off the option,
653 * we can't send another request, so we
654 * just return.
655 */
656 if (his_state_is_wont(TELOPT_TTYPE))
657 return;
658 settimer(baseline);
659 telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf);
660 DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
661 sizeof ttytype_sbbuf - 2););
662 while (sequenceIs(ttypesubopt, baseline))
663 ttloop();
664 }
665
666 int
667 terminaltypeok(char *s)
668 {
669 return 1;
670 }
671
672
673 char host_name[MaxHostNameLen];
674 char remote_host_name[MaxHostNameLen];
675 char remote_utmp_name[MaxHostNameLen];
676
677 /*
678 * Get a pty, scan input lines.
679 */
680 static void
681 doit(struct sockaddr *who, int who_len)
682 {
683 int level;
684 int ptynum;
685 char user_name[256];
686 int error;
687
688 /*
689 * Find an available pty to use.
690 */
691 ourpty = getpty(&ptynum);
692 if (ourpty < 0)
693 fatal(net, "All network ports in use");
694
695 #ifdef _SC_CRAY_SECURE_SYS
696 /*
697 * set ttyp line security label
698 */
699 if (secflag) {
700 char slave_dev[16];
701
702 snprintf(tty_dev, sizeof(tty_dev), "/dev/pty/%03d", ptynum);
703 if (setdevs(tty_dev, &dv) < 0)
704 fatal(net, "cannot set pty security");
705 snprintf(slave_dev, sizeof(slave_dev), "/dev/ttyp%03d", ptynum);
706 if (setdevs(slave_dev, &dv) < 0)
707 fatal(net, "cannot set tty security");
708 }
709 #endif /* _SC_CRAY_SECURE_SYS */
710
711 error = getnameinfo_verified (who, who_len,
712 remote_host_name,
713 sizeof(remote_host_name),
714 NULL, 0,
715 registerd_host_only ? NI_NAMEREQD : 0);
716 if (error)
717 fatal(net, "Couldn't resolve your address into a host name.\r\n\
718 Please contact your net administrator");
719
720 gethostname(host_name, sizeof (host_name));
721
722 strlcpy (remote_utmp_name, remote_host_name, sizeof(remote_utmp_name));
723
724 /* Only trim if too long (and possible) */
725 if (strlen(remote_utmp_name) > utmp_len) {
726 char *domain = strchr(host_name, '.');
727 char *p = strchr(remote_utmp_name, '.');
728 if (domain != NULL && p != NULL && (strcmp(p, domain) == 0))
729 *p = '\0'; /* remove domain part */
730 }
731
732 /*
733 * If hostname still doesn't fit utmp, use ipaddr.
734 */
735 if (strlen(remote_utmp_name) > utmp_len) {
736 error = getnameinfo (who, who_len,
737 remote_utmp_name,
738 sizeof(remote_utmp_name),
739 NULL, 0,
740 NI_NUMERICHOST);
741 if (error)
742 fatal(net, "Couldn't get numeric address\r\n");
743 }
744
745 #ifdef AUTHENTICATION
746 auth_encrypt_init(host_name, remote_host_name, "TELNETD", 1);
747 #endif
748
749 init_env();
750 /*
751 * get terminal type.
752 */
753 *user_name = 0;
754 level = getterminaltype(user_name, sizeof(user_name));
755 esetenv("TERM", terminaltype ? terminaltype : "network", 1);
756
757 #ifdef _SC_CRAY_SECURE_SYS
758 if (secflag) {
759 if (setulvl(dv.dv_actlvl) < 0)
760 fatal(net,"cannot setulvl()");
761 if (setucmp(dv.dv_actcmp) < 0)
762 fatal(net, "cannot setucmp()");
763 }
764 #endif /* _SC_CRAY_SECURE_SYS */
765
766 /* begin server processing */
767 my_telnet(net, ourpty, remote_host_name, remote_utmp_name,
768 level, user_name);
769 /*NOTREACHED*/
770 } /* end of doit */
771
772 /* output contents of /etc/issue.net, or /etc/issue */
773 static void
774 show_issue(void)
775 {
776 FILE *f;
777 char buf[128];
778 f = fopen(SYSCONFDIR "/issue.net", "r");
779 if(f == NULL)
780 f = fopen(SYSCONFDIR "/issue", "r");
781 if(f){
782 while(fgets(buf, sizeof(buf)-2, f)){
783 strcpy(buf + strcspn(buf, "\r\n"), "\r\n");
784 writenet((unsigned char*)buf, strlen(buf));
785 }
786 fclose(f);
787 }
788 }
789
790 /*
791 * Main loop. Select from pty and network, and
792 * hand data to telnet receiver finite state machine.
793 */
794 void
795 my_telnet(int f, int p, const char *host, const char *utmp_host,
796 int level, char *autoname)
797 {
798 int on = 1;
799 char *he;
800 char *IM;
801 int nfd;
802 int startslave_called = 0;
803 time_t timeout;
804
805 /*
806 * Initialize the slc mapping table.
807 */
808 get_slc_defaults();
809
810 /*
811 * Do some tests where it is desireable to wait for a response.
812 * Rather than doing them slowly, one at a time, do them all
813 * at once.
814 */
815 if (my_state_is_wont(TELOPT_SGA))
816 send_will(TELOPT_SGA, 1);
817 /*
818 * Is the client side a 4.2 (NOT 4.3) system? We need to know this
819 * because 4.2 clients are unable to deal with TCP urgent data.
820 *
821 * To find out, we send out a "DO ECHO". If the remote system
822 * answers "WILL ECHO" it is probably a 4.2 client, and we note
823 * that fact ("WILL ECHO" ==> that the client will echo what
824 * WE, the server, sends it; it does NOT mean that the client will
825 * echo the terminal input).
826 */
827 send_do(TELOPT_ECHO, 1);
828
829 /*
830 * Send along a couple of other options that we wish to negotiate.
831 */
832 send_do(TELOPT_NAWS, 1);
833 send_will(TELOPT_STATUS, 1);
834 flowmode = 1; /* default flow control state */
835 restartany = -1; /* uninitialized... */
836 send_do(TELOPT_LFLOW, 1);
837
838 /*
839 * Spin, waiting for a response from the DO ECHO. However,
840 * some REALLY DUMB telnets out there might not respond
841 * to the DO ECHO. So, we spin looking for NAWS, (most dumb
842 * telnets so far seem to respond with WONT for a DO that
843 * they don't understand...) because by the time we get the
844 * response, it will already have processed the DO ECHO.
845 * Kludge upon kludge.
846 */
847 while (his_will_wont_is_changing(TELOPT_NAWS))
848 ttloop();
849
850 /*
851 * But...
852 * The client might have sent a WILL NAWS as part of its
853 * startup code; if so, we'll be here before we get the
854 * response to the DO ECHO. We'll make the assumption
855 * that any implementation that understands about NAWS
856 * is a modern enough implementation that it will respond
857 * to our DO ECHO request; hence we'll do another spin
858 * waiting for the ECHO option to settle down, which is
859 * what we wanted to do in the first place...
860 */
861 if (his_want_state_is_will(TELOPT_ECHO) &&
862 his_state_is_will(TELOPT_NAWS)) {
863 while (his_will_wont_is_changing(TELOPT_ECHO))
864 ttloop();
865 }
866 /*
867 * On the off chance that the telnet client is broken and does not
868 * respond to the DO ECHO we sent, (after all, we did send the
869 * DO NAWS negotiation after the DO ECHO, and we won't get here
870 * until a response to the DO NAWS comes back) simulate the
871 * receipt of a will echo. This will also send a WONT ECHO
872 * to the client, since we assume that the client failed to
873 * respond because it believes that it is already in DO ECHO
874 * mode, which we do not want.
875 */
876 if (his_want_state_is_will(TELOPT_ECHO)) {
877 DIAG(TD_OPTIONS,
878 {output_data("td: simulating recv\r\n");
879 });
880 willoption(TELOPT_ECHO);
881 }
882
883 /*
884 * Finally, to clean things up, we turn on our echo. This
885 * will break stupid 4.2 telnets out of local terminal echo.
886 */
887
888 if (my_state_is_wont(TELOPT_ECHO))
889 send_will(TELOPT_ECHO, 1);
890
891 #ifdef TIOCPKT
892 #ifdef STREAMSPTY
893 if (!really_stream)
894 #endif
895 /*
896 * Turn on packet mode
897 */
898 ioctl(p, TIOCPKT, (char *)&on);
899 #endif
900
901
902 /*
903 * Call telrcv() once to pick up anything received during
904 * terminal type negotiation, 4.2/4.3 determination, and
905 * linemode negotiation.
906 */
907 telrcv();
908
909 ioctl(f, FIONBIO, (char *)&on);
910 ioctl(p, FIONBIO, (char *)&on);
911
912 #if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
913 setsockopt(net, SOL_SOCKET, SO_OOBINLINE,
914 (void *)&on, sizeof on);
915 #endif /* defined(SO_OOBINLINE) */
916
917 #ifdef SIGTSTP
918 signal(SIGTSTP, SIG_IGN);
919 #endif
920 #ifdef SIGTTOU
921 /*
922 * Ignoring SIGTTOU keeps the kernel from blocking us
923 * in ttioct() in /sys/tty.c.
924 */
925 signal(SIGTTOU, SIG_IGN);
926 #endif
927
928 signal(SIGCHLD, cleanup);
929
930 #ifdef TIOCNOTTY
931 {
932 int t;
933 t = open(_PATH_TTY, O_RDWR);
934 if (t >= 0) {
935 ioctl(t, TIOCNOTTY, (char *)0);
936 close(t);
937 }
938 }
939 #endif
940
941 show_issue();
942 /*
943 * Show banner that getty never gave.
944 *
945 * We put the banner in the pty input buffer. This way, it
946 * gets carriage return null processing, etc., just like all
947 * other pty --> client data.
948 */
949
950 if (getenv("USER"))
951 hostinfo = 0;
952
953 IM = DEFAULT_IM;
954 he = 0;
955 edithost(he, host_name);
956 if (hostinfo && *IM)
957 putf(IM, ptyibuf2);
958
959 if (pcc)
960 strncat(ptyibuf2, ptyip, pcc+1);
961 ptyip = ptyibuf2;
962 pcc = strlen(ptyip);
963
964 DIAG(TD_REPORT, {
965 output_data("td: Entering processing loop\r\n");
966 });
967
968
969 nfd = ((f > p) ? f : p) + 1;
970 timeout = time(NULL) + 5;
971 for (;;) {
972 fd_set ibits, obits, xbits;
973 int c;
974
975 /* wait for encryption to be turned on, but don't wait
976 indefinitely */
977 if(!startslave_called && (!encrypt_delay() || timeout > time(NULL))){
978 startslave_called = 1;
979 startslave(host, utmp_host, level, autoname);
980 }
981
982 if (ncc < 0 && pcc < 0)
983 break;
984
985 FD_ZERO(&ibits);
986 FD_ZERO(&obits);
987 FD_ZERO(&xbits);
988
989 if (f >= FD_SETSIZE
990 || p >= FD_SETSIZE)
991 fatal(net, "fd too large");
992
993 /*
994 * Never look for input if there's still
995 * stuff in the corresponding output buffer
996 */
997 if (nfrontp - nbackp || pcc > 0) {
998 FD_SET(f, &obits);
999 } else {
1000 FD_SET(p, &ibits);
1001 }
1002 if (pfrontp - pbackp || ncc > 0) {
1003 FD_SET(p, &obits);
1004 } else {
1005 FD_SET(f, &ibits);
1006 }
1007 if (!SYNCHing) {
1008 FD_SET(f, &xbits);
1009 }
1010 if ((c = select(nfd, &ibits, &obits, &xbits,
1011 (struct timeval *)0)) < 1) {
1012 if (c == -1) {
1013 if (errno == EINTR) {
1014 continue;
1015 }
1016 }
1017 sleep(5);
1018 continue;
1019 }
1020
1021 /*
1022 * Any urgent data?
1023 */
1024 if (FD_ISSET(net, &xbits)) {
1025 SYNCHing = 1;
1026 }
1027
1028 /*
1029 * Something to read from the network...
1030 */
1031 if (FD_ISSET(net, &ibits)) {
1032 #ifndef SO_OOBINLINE
1033 /*
1034 * In 4.2 (and 4.3 beta) systems, the
1035 * OOB indication and data handling in the kernel
1036 * is such that if two separate TCP Urgent requests
1037 * come in, one byte of TCP data will be overlaid.
1038 * This is fatal for Telnet, but we try to live
1039 * with it.
1040 *
1041 * In addition, in 4.2 (and...), a special protocol
1042 * is needed to pick up the TCP Urgent data in
1043 * the correct sequence.
1044 *
1045 * What we do is: if we think we are in urgent
1046 * mode, we look to see if we are "at the mark".
1047 * If we are, we do an OOB receive. If we run
1048 * this twice, we will do the OOB receive twice,
1049 * but the second will fail, since the second
1050 * time we were "at the mark", but there wasn't
1051 * any data there (the kernel doesn't reset
1052 * "at the mark" until we do a normal read).
1053 * Once we've read the OOB data, we go ahead
1054 * and do normal reads.
1055 *
1056 * There is also another problem, which is that
1057 * since the OOB byte we read doesn't put us
1058 * out of OOB state, and since that byte is most
1059 * likely the TELNET DM (data mark), we would
1060 * stay in the TELNET SYNCH (SYNCHing) state.
1061 * So, clocks to the rescue. If we've "just"
1062 * received a DM, then we test for the
1063 * presence of OOB data when the receive OOB
1064 * fails (and AFTER we did the normal mode read
1065 * to clear "at the mark").
1066 */
1067 if (SYNCHing) {
1068 int atmark;
1069
1070 ioctl(net, SIOCATMARK, (char *)&atmark);
1071 if (atmark) {
1072 ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB);
1073 if ((ncc == -1) && (errno == EINVAL)) {
1074 ncc = read(net, netibuf, sizeof (netibuf));
1075 if (sequenceIs(didnetreceive, gotDM)) {
1076 SYNCHing = stilloob(net);
1077 }
1078 }
1079 } else {
1080 ncc = read(net, netibuf, sizeof (netibuf));
1081 }
1082 } else {
1083 ncc = read(net, netibuf, sizeof (netibuf));
1084 }
1085 settimer(didnetreceive);
1086 #else /* !defined(SO_OOBINLINE)) */
1087 ncc = read(net, netibuf, sizeof (netibuf));
1088 #endif /* !defined(SO_OOBINLINE)) */
1089 if (ncc < 0 && errno == EWOULDBLOCK)
1090 ncc = 0;
1091 else {
1092 if (ncc <= 0) {
1093 break;
1094 }
1095 netip = netibuf;
1096 }
1097 DIAG((TD_REPORT | TD_NETDATA), {
1098 output_data("td: netread %d chars\r\n", ncc);
1099 });
1100 DIAG(TD_NETDATA, printdata("nd", netip, ncc));
1101 }
1102
1103 /*
1104 * Something to read from the pty...
1105 */
1106 if (FD_ISSET(p, &ibits)) {
1107 #ifdef STREAMSPTY
1108 if (really_stream)
1109 pcc = readstream(p, ptyibuf, BUFSIZ);
1110 else
1111 #endif
1112 pcc = read(p, ptyibuf, BUFSIZ);
1113
1114 /*
1115 * On some systems, if we try to read something
1116 * off the master side before the slave side is
1117 * opened, we get EIO.
1118 */
1119 if (pcc < 0 && (errno == EWOULDBLOCK ||
1120 #ifdef EAGAIN
1121 errno == EAGAIN ||
1122 #endif
1123 errno == EIO)) {
1124 pcc = 0;
1125 } else {
1126 if (pcc <= 0)
1127 break;
1128 if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) {
1129 netclear(); /* clear buffer back */
1130 #ifndef NO_URGENT
1131 /*
1132 * There are client telnets on some
1133 * operating systems get screwed up
1134 * royally if we send them urgent
1135 * mode data.
1136 */
1137 output_data ("%c%c", IAC, DM);
1138
1139 neturg = nfrontp-1; /* off by one XXX */
1140 DIAG(TD_OPTIONS,
1141 printoption("td: send IAC", DM));
1142
1143 #endif
1144 }
1145 if (his_state_is_will(TELOPT_LFLOW) &&
1146 (ptyibuf[0] &
1147 (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) {
1148 int newflow =
1149 ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
1150 if (newflow != flowmode) {
1151 flowmode = newflow;
1152 output_data("%c%c%c%c%c%c",
1153 IAC, SB, TELOPT_LFLOW,
1154 flowmode ? LFLOW_ON
1155 : LFLOW_OFF,
1156 IAC, SE);
1157 DIAG(TD_OPTIONS, printsub('>',
1158 (unsigned char *)nfrontp-4,
1159 4););
1160 }
1161 }
1162 pcc--;
1163 ptyip = ptyibuf+1;
1164 }
1165 }
1166
1167 while (pcc > 0) {
1168 if ((&netobuf[BUFSIZ] - nfrontp) < 3)
1169 break;
1170 c = *ptyip++ & 0377, pcc--;
1171 if (c == IAC)
1172 *nfrontp++ = c;
1173 *nfrontp++ = c;
1174 if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
1175 if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
1176 *nfrontp++ = *ptyip++ & 0377;
1177 pcc--;
1178 } else
1179 *nfrontp++ = '\0';
1180 }
1181 }
1182
1183 if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0)
1184 netflush();
1185 if (ncc > 0)
1186 telrcv();
1187 if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0)
1188 ptyflush();
1189 }
1190 cleanup(0);
1191 }
1192
1193 #ifndef TCSIG
1194 # ifdef TIOCSIG
1195 # define TCSIG TIOCSIG
1196 # endif
1197 #endif
1198
1199 #ifdef STREAMSPTY
1200
1201 int flowison = -1; /* current state of flow: -1 is unknown */
1202
1203 int
1204 readstream(int p, char *ibuf, int bufsize)
1205 {
1206 int flags = 0;
1207 int ret = 0;
1208 struct termios *tsp;
1209 #if 0
1210 struct termio *tp;
1211 #endif
1212 struct iocblk *ip;
1213 char vstop, vstart;
1214 int ixon;
1215 int newflow;
1216
1217 strbufc.maxlen = BUFSIZ;
1218 strbufc.buf = (char *)ctlbuf;
1219 strbufd.maxlen = bufsize-1;
1220 strbufd.len = 0;
1221 strbufd.buf = ibuf+1;
1222 ibuf[0] = 0;
1223
1224 ret = getmsg(p, &strbufc, &strbufd, &flags);
1225 if (ret < 0) /* error of some sort -- probably EAGAIN */
1226 return(-1);
1227
1228 if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
1229 /* data message */
1230 if (strbufd.len > 0) { /* real data */
1231 return(strbufd.len + 1); /* count header char */
1232 } else {
1233 /* nothing there */
1234 errno = EAGAIN;
1235 return(-1);
1236 }
1237 }
1238
1239 /*
1240 * It's a control message. Return 1, to look at the flag we set
1241 */
1242
1243 switch (ctlbuf[0]) {
1244 case M_FLUSH:
1245 if (ibuf[1] & FLUSHW)
1246 ibuf[0] = TIOCPKT_FLUSHWRITE;
1247 return(1);
1248
1249 case M_IOCTL:
1250 ip = (struct iocblk *) (ibuf+1);
1251
1252 switch (ip->ioc_cmd) {
1253 #ifdef TCSETS
1254 case TCSETS:
1255 case TCSETSW:
1256 case TCSETSF:
1257 tsp = (struct termios *)
1258 (ibuf+1 + sizeof(struct iocblk));
1259 vstop = tsp->c_cc[VSTOP];
1260 vstart = tsp->c_cc[VSTART];
1261 ixon = tsp->c_iflag & IXON;
1262 break;
1263 #endif
1264 #if 0
1265 case TCSETA:
1266 case TCSETAW:
1267 case TCSETAF:
1268 tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk));
1269 vstop = tp->c_cc[VSTOP];
1270 vstart = tp->c_cc[VSTART];
1271 ixon = tp->c_iflag & IXON;
1272 break;
1273 #endif
1274 default:
1275 errno = EAGAIN;
1276 return(-1);
1277 }
1278
1279 newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
1280 if (newflow != flowison) { /* it's a change */
1281 flowison = newflow;
1282 ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
1283 return(1);
1284 }
1285 }
1286
1287 /* nothing worth doing anything about */
1288 errno = EAGAIN;
1289 return(-1);
1290 }
1291 #endif /* STREAMSPTY */
1292
1293 /*
1294 * Send interrupt to process on other side of pty.
1295 * If it is in raw mode, just write NULL;
1296 * otherwise, write intr char.
1297 */
1298 void
1299 interrupt()
1300 {
1301 ptyflush(); /* half-hearted */
1302
1303 #if defined(STREAMSPTY) && defined(TIOCSIGNAL)
1304 /* Streams PTY style ioctl to post a signal */
1305 if (really_stream)
1306 {
1307 int sig = SIGINT;
1308 ioctl(ourpty, TIOCSIGNAL, &sig);
1309 ioctl(ourpty, I_FLUSH, FLUSHR);
1310 }
1311 #else
1312 #ifdef TCSIG
1313 ioctl(ourpty, TCSIG, (char *)SIGINT);
1314 #else /* TCSIG */
1315 init_termbuf();
1316 *pfrontp++ = slctab[SLC_IP].sptr ?
1317 (unsigned char)*slctab[SLC_IP].sptr : '\177';
1318 #endif /* TCSIG */
1319 #endif
1320 }
1321
1322 /*
1323 * Send quit to process on other side of pty.
1324 * If it is in raw mode, just write NULL;
1325 * otherwise, write quit char.
1326 */
1327 void
1328 sendbrk()
1329 {
1330 ptyflush(); /* half-hearted */
1331 #ifdef TCSIG
1332 ioctl(ourpty, TCSIG, (char *)SIGQUIT);
1333 #else /* TCSIG */
1334 init_termbuf();
1335 *pfrontp++ = slctab[SLC_ABORT].sptr ?
1336 (unsigned char)*slctab[SLC_ABORT].sptr : '\034';
1337 #endif /* TCSIG */
1338 }
1339
1340 void
1341 sendsusp()
1342 {
1343 #ifdef SIGTSTP
1344 ptyflush(); /* half-hearted */
1345 # ifdef TCSIG
1346 ioctl(ourpty, TCSIG, (char *)SIGTSTP);
1347 # else /* TCSIG */
1348 *pfrontp++ = slctab[SLC_SUSP].sptr ?
1349 (unsigned char)*slctab[SLC_SUSP].sptr : '\032';
1350 # endif /* TCSIG */
1351 #endif /* SIGTSTP */
1352 }
1353
1354 /*
1355 * When we get an AYT, if ^T is enabled, use that. Otherwise,
1356 * just send back "[Yes]".
1357 */
1358 void
1359 recv_ayt()
1360 {
1361 #if defined(SIGINFO) && defined(TCSIG)
1362 if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) {
1363 ioctl(ourpty, TCSIG, (char *)SIGINFO);
1364 return;
1365 }
1366 #endif
1367 output_data("\r\n[Yes]\r\n");
1368 }
1369
1370 void
1371 doeof()
1372 {
1373 init_termbuf();
1374
1375 *pfrontp++ = slctab[SLC_EOF].sptr ?
1376 (unsigned char)*slctab[SLC_EOF].sptr : '\004';
1377 }
DragonFly BSD