diff --git a/contrib/telnet/libtelnet/auth.c b/contrib/telnet/libtelnet/auth.c index 3488edd84b1c..fa1cfdc52869 100644 --- a/contrib/telnet/libtelnet/auth.c +++ b/contrib/telnet/libtelnet/auth.c @@ -1,619 +1,616 @@ /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #if 0 #ifndef lint static const char sccsid[] = "@(#)auth.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ #endif -#include -__FBSDID("$FreeBSD$"); - /* * Copyright (C) 1990 by the Massachusetts Institute of Technology * * Export of this software from the United States of America is assumed * to require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. */ #ifdef AUTHENTICATION #define AUTH_NAMES #include #include #include #include #include #include #include #include "encrypt.h" #include "auth.h" #include "misc-proto.h" #include "auth-proto.h" #define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) #ifdef KRB4_ENCPWD extern krb4encpwd_init(); extern krb4encpwd_send(); extern krb4encpwd_is(); extern krb4encpwd_reply(); extern krb4encpwd_status(); extern krb4encpwd_printsub(); #endif #ifdef RSA_ENCPWD extern rsaencpwd_init(); extern rsaencpwd_send(); extern rsaencpwd_is(); extern rsaencpwd_reply(); extern rsaencpwd_status(); extern rsaencpwd_printsub(); #endif int auth_debug_mode = 0; static const char *Name = "Noname"; static int Server = 0; static Authenticator *authenticated = 0; static int authenticating = 0; static int validuser = 0; static unsigned char _auth_send_data[256]; static unsigned char *auth_send_data; static int auth_send_cnt = 0; int auth_onoff(char *type, int on); void auth_encrypt_user(char *name); /* * Authentication types supported. Plese note that these are stored * in priority order, i.e. try the first one first. */ Authenticator authenticators[] = { #ifdef KRB5 # ifdef ENCRYPTION { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, kerberos5_init, kerberos5_send_mutual, kerberos5_is, kerberos5_reply, kerberos5_status, kerberos5_printsub }, # endif /* ENCRYPTION */ { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, kerberos5_init, kerberos5_send_oneway, kerberos5_is, kerberos5_reply, kerberos5_status, kerberos5_printsub }, #endif #ifdef KRB4 # ifdef ENCRYPTION { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, kerberos4_init, kerberos4_send, kerberos4_is, kerberos4_reply, kerberos4_status, kerberos4_printsub }, # endif /* ENCRYPTION */ { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, kerberos4_init, kerberos4_send, kerberos4_is, kerberos4_reply, kerberos4_status, kerberos4_printsub }, #endif #ifdef KRB4_ENCPWD { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, krb4encpwd_init, krb4encpwd_send, krb4encpwd_is, krb4encpwd_reply, krb4encpwd_status, krb4encpwd_printsub }, #endif #ifdef RSA_ENCPWD { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, rsaencpwd_init, rsaencpwd_send, rsaencpwd_is, rsaencpwd_reply, rsaencpwd_status, rsaencpwd_printsub }, #endif #ifdef SRA { AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, sra_init, sra_send, sra_is, sra_reply, sra_status, sra_printsub }, #endif { 0, 0, 0, 0, 0, 0, 0, 0 }, }; static Authenticator NoAuth = { 0, 0, 0, 0, 0, 0, 0, 0 }; static int i_support = 0; static int i_wont_support = 0; Authenticator * findauthenticator(int type, int way) { Authenticator *ap = authenticators; while (ap->type && (ap->type != type || ap->way != way)) ++ap; return(ap->type ? ap : 0); } void auth_init(const char *name, int server) { Authenticator *ap = authenticators; Server = server; Name = name; i_support = 0; authenticated = 0; authenticating = 0; while (ap->type) { if (!ap->init || (*ap->init)(ap, server)) { i_support |= typemask(ap->type); if (auth_debug_mode) printf(">>>%s: I support auth type %d %d\r\n", Name, ap->type, ap->way); } else if (auth_debug_mode) printf(">>>%s: Init failed: auth type %d %d\r\n", Name, ap->type, ap->way); ++ap; } } void auth_disable_name(char *name) { int x; for (x = 0; x < AUTHTYPE_CNT; ++x) { if (AUTHTYPE_NAME(x) && !strcasecmp(name, AUTHTYPE_NAME(x))) { i_wont_support |= typemask(x); break; } } } int getauthmask(char *type, int *maskp) { int x; if (AUTHTYPE_NAME(0) && !strcasecmp(type, AUTHTYPE_NAME(0))) { *maskp = -1; return(1); } for (x = 1; x < AUTHTYPE_CNT; ++x) { if (AUTHTYPE_NAME(x) && !strcasecmp(type, AUTHTYPE_NAME(x))) { *maskp = typemask(x); return(1); } } return(0); } int auth_enable(char *type) { return(auth_onoff(type, 1)); } int auth_disable(char *type) { return(auth_onoff(type, 0)); } int auth_onoff(char *type, int on) { int i, mask = -1; Authenticator *ap; if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) { printf("auth %s 'type'\n", on ? "enable" : "disable"); printf("Where 'type' is one of:\n"); printf("\t%s\n", AUTHTYPE_NAME(0)); mask = 0; for (ap = authenticators; ap->type; ap++) { if ((mask & (i = typemask(ap->type))) != 0) continue; mask |= i; printf("\t%s\n", AUTHTYPE_NAME(ap->type)); } return(0); } if (!getauthmask(type, &mask)) { printf("%s: invalid authentication type\n", type); return(0); } if (on) i_wont_support &= ~mask; else i_wont_support |= mask; return(1); } int auth_togdebug(int on) { if (on < 0) auth_debug_mode ^= 1; else auth_debug_mode = on; printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled"); return(1); } int auth_status(void) { Authenticator *ap; int i, mask; if (i_wont_support == -1) printf("Authentication disabled\n"); else printf("Authentication enabled\n"); mask = 0; for (ap = authenticators; ap->type; ap++) { if ((mask & (i = typemask(ap->type))) != 0) continue; mask |= i; printf("%s: %s\n", AUTHTYPE_NAME(ap->type), (i_wont_support & typemask(ap->type)) ? "disabled" : "enabled"); } return(1); } /* * This routine is called by the server to start authentication * negotiation. */ void auth_request(void) { static unsigned char str_request[64] = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_SEND, }; Authenticator *ap = authenticators; unsigned char *e = str_request + 4; if (!authenticating) { authenticating = 1; while (ap->type) { if (i_support & ~i_wont_support & typemask(ap->type)) { if (auth_debug_mode) { printf(">>>%s: Sending type %d %d\r\n", Name, ap->type, ap->way); } *e++ = ap->type; *e++ = ap->way; } ++ap; } *e++ = IAC; *e++ = SE; net_write(str_request, e - str_request); printsub('>', &str_request[2], e - str_request - 2); } } /* * This is called when an AUTH SEND is received. * It should never arrive on the server side (as only the server can * send an AUTH SEND). * You should probably respond to it if you can... * * If you want to respond to the types out of order (i.e. even * if he sends LOGIN KERBEROS and you support both, you respond * with KERBEROS instead of LOGIN (which is against what the * protocol says)) you will have to hack this code... */ void auth_send(unsigned char *data, int cnt) { Authenticator *ap; static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_IS, AUTHTYPE_NULL, 0, IAC, SE }; if (Server) { if (auth_debug_mode) { printf(">>>%s: auth_send called!\r\n", Name); } return; } if (auth_debug_mode) { printf(">>>%s: auth_send got:", Name); printd(data, cnt); printf("\r\n"); } /* * Save the data, if it is new, so that we can continue looking * at it if the authorization we try doesn't work */ if (data < _auth_send_data || data > _auth_send_data + sizeof(_auth_send_data)) { auth_send_cnt = (size_t)cnt > sizeof(_auth_send_data) ? sizeof(_auth_send_data) : cnt; memmove((void *)_auth_send_data, (void *)data, auth_send_cnt); auth_send_data = _auth_send_data; } else { /* * This is probably a no-op, but we just make sure */ auth_send_data = data; auth_send_cnt = cnt; } while ((auth_send_cnt -= 2) >= 0) { if (auth_debug_mode) printf(">>>%s: He supports %d\r\n", Name, *auth_send_data); if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) { ap = findauthenticator(auth_send_data[0], auth_send_data[1]); if (ap && ap->send) { if (auth_debug_mode) printf(">>>%s: Trying %d %d\r\n", Name, auth_send_data[0], auth_send_data[1]); if ((*ap->send)(ap)) { /* * Okay, we found one we like * and did it. * we can go home now. */ if (auth_debug_mode) printf(">>>%s: Using type %d\r\n", Name, *auth_send_data); auth_send_data += 2; return; } } /* else * just continue on and look for the * next one if we didn't do anything. */ } auth_send_data += 2; } net_write(str_none, sizeof(str_none)); printsub('>', &str_none[2], sizeof(str_none) - 2); if (auth_debug_mode) printf(">>>%s: Sent failure message\r\n", Name); auth_finished(0, AUTH_REJECT); } void auth_send_retry(void) { /* * if auth_send_cnt <= 0 then auth_send will end up rejecting * the authentication and informing the other side of this. */ auth_send(auth_send_data, auth_send_cnt); } void auth_is(unsigned char *data, int cnt) { Authenticator *ap; if (cnt < 2) return; if (data[0] == AUTHTYPE_NULL) { auth_finished(0, AUTH_REJECT); return; } if ((ap = findauthenticator(data[0], data[1]))) { if (ap->is) (*ap->is)(ap, data+2, cnt-2); } else if (auth_debug_mode) printf(">>>%s: Invalid authentication in IS: %d\r\n", Name, *data); } void auth_reply(unsigned char *data, int cnt) { Authenticator *ap; if (cnt < 2) return; if ((ap = findauthenticator(data[0], data[1]))) { if (ap->reply) (*ap->reply)(ap, data+2, cnt-2); } else if (auth_debug_mode) printf(">>>%s: Invalid authentication in SEND: %d\r\n", Name, *data); } void auth_name(unsigned char *data, int cnt) { unsigned char savename[256]; if (cnt < 1) { if (auth_debug_mode) printf(">>>%s: Empty name in NAME\r\n", Name); return; } if ((size_t)cnt > sizeof(savename) - 1) { if (auth_debug_mode) printf(">>>%s: Name in NAME (%d) exceeds %d length\r\n", Name, cnt, (u_int)sizeof(savename)-1); return; } memmove((void *)savename, (void *)data, cnt); savename[cnt] = '\0'; /* Null terminate */ if (auth_debug_mode) printf(">>>%s: Got NAME [%s]\r\n", Name, savename); auth_encrypt_user(savename); } int auth_sendname(unsigned char *cp, int len) { static unsigned char str_request[256+6] = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, }; unsigned char *e = str_request + 4; unsigned char *ee = &str_request[sizeof(str_request)-2]; while (--len >= 0) { if ((*e++ = *cp++) == IAC) *e++ = IAC; if (e >= ee) return(0); } *e++ = IAC; *e++ = SE; net_write(str_request, e - str_request); printsub('>', &str_request[2], e - &str_request[2]); return(1); } void auth_finished(Authenticator *ap, int result) { if (!(authenticated = ap)) authenticated = &NoAuth; validuser = result; } /* ARGSUSED */ static void auth_intr(int sig __unused) { auth_finished(0, AUTH_REJECT); } int auth_wait(char *name) { if (auth_debug_mode) printf(">>>%s: in auth_wait.\r\n", Name); if (Server && !authenticating) return(0); (void) signal(SIGALRM, auth_intr); alarm(30); while (!authenticated) if (telnet_spin()) break; alarm(0); (void) signal(SIGALRM, SIG_DFL); /* * Now check to see if the user is valid or not */ if (!authenticated || authenticated == &NoAuth) return(AUTH_REJECT); if (validuser == AUTH_VALID) validuser = AUTH_USER; if (authenticated->status) validuser = (*authenticated->status)(authenticated, name, validuser); return(validuser); } void auth_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { Authenticator *ap; if ((ap = findauthenticator(data[1], data[2])) && ap->printsub) (*ap->printsub)(data, cnt, buf, buflen); else auth_gen_printsub(data, cnt, buf, buflen); } void auth_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { unsigned char *cp; unsigned char tbuf[16]; cnt -= 3; data += 3; buf[buflen-1] = '\0'; buf[buflen-2] = '*'; buflen -= 2; for (; cnt > 0; cnt--, data++) { sprintf((char *)tbuf, " %d", *data); for (cp = tbuf; *cp && buflen > 0; --buflen) *buf++ = *cp++; if (buflen <= 0) return; } *buf = '\0'; } #endif diff --git a/contrib/telnet/libtelnet/enc_des.c b/contrib/telnet/libtelnet/enc_des.c index 2c12ad5e0cf2..0cd9cb44ce05 100644 --- a/contrib/telnet/libtelnet/enc_des.c +++ b/contrib/telnet/libtelnet/enc_des.c @@ -1,658 +1,656 @@ /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if 0 #ifndef lint static const char sccsid[] = "@(#)enc_des.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ #endif -#include -__FBSDID("$FreeBSD$"); #ifdef ENCRYPTION # ifdef AUTHENTICATION #include #include #include #include #include #include "encrypt.h" #include "key-proto.h" #include "misc-proto.h" extern int encrypt_debug_mode; #define CFB 0 #define OFB 1 #define NO_SEND_IV 1 #define NO_RECV_IV 2 #define NO_KEYID 4 #define IN_PROGRESS (NO_SEND_IV|NO_RECV_IV|NO_KEYID) #define SUCCESS 0 #define FAILED -1 struct fb { Block krbdes_key; Schedule krbdes_sched; Block temp_feed; unsigned char fb_feed[64]; int need_start; int state[2]; int keyid[2]; struct stinfo { Block str_output; Block str_feed; Block str_iv; Block str_ikey; Schedule str_sched; int str_index; int str_flagshift; } streams[2]; }; static struct fb fb[2]; struct keyidlist { const char *keyid; int keyidlen; char *key; int keylen; int flags; } keyidlist [] = { { "\0", 1, 0, 0, 0 }, /* default key of zero */ { 0, 0, 0, 0, 0 } }; #define KEYFLAG_MASK 03 #define KEYFLAG_NOINIT 00 #define KEYFLAG_INIT 01 #define KEYFLAG_OK 02 #define KEYFLAG_BAD 03 #define KEYFLAG_SHIFT 2 #define SHIFT_VAL(a,b) (KEYFLAG_SHIFT*((a)+((b)*2))) #define FB64_IV 1 #define FB64_IV_OK 2 #define FB64_IV_BAD 3 void fb64_stream_iv(Block, struct stinfo *); void fb64_init(struct fb *); static int fb64_start(struct fb *, int, int); int fb64_is(unsigned char *, int, struct fb *); int fb64_reply(unsigned char *, int, struct fb *); static void fb64_session(Session_Key *, int, struct fb *); void fb64_stream_key(Block, struct stinfo *); int fb64_keyid(int, unsigned char *, int *, struct fb *); void cfb64_init(int server __unused) { fb64_init(&fb[CFB]); fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64; fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB); fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB); } void ofb64_init(int server __unused) { fb64_init(&fb[OFB]); fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64; fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB); fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB); } void fb64_init(struct fb *fbp) { memset((void *)fbp, 0, sizeof(*fbp)); fbp->state[0] = fbp->state[1] = FAILED; fbp->fb_feed[0] = IAC; fbp->fb_feed[1] = SB; fbp->fb_feed[2] = TELOPT_ENCRYPT; fbp->fb_feed[3] = ENCRYPT_IS; } /* * Returns: * -1: some error. Negotiation is done, encryption not ready. * 0: Successful, initial negotiation all done. * 1: successful, negotiation not done yet. * 2: Not yet. Other things (like getting the key from * Kerberos) have to happen before we can continue. */ int cfb64_start(int dir, int server) { return(fb64_start(&fb[CFB], dir, server)); } int ofb64_start(int dir, int server) { return(fb64_start(&fb[OFB], dir, server)); } static int fb64_start(struct fb *fbp, int dir, int server __unused) { size_t x; unsigned char *p; int state; switch (dir) { case DIR_DECRYPT: /* * This is simply a request to have the other side * start output (our input). He will negotiate an * IV so we need not look for it. */ state = fbp->state[dir-1]; if (state == FAILED) state = IN_PROGRESS; break; case DIR_ENCRYPT: state = fbp->state[dir-1]; if (state == FAILED) state = IN_PROGRESS; else if ((state & NO_SEND_IV) == 0) break; if (!VALIDKEY(fbp->krbdes_key)) { fbp->need_start = 1; break; } state &= ~NO_SEND_IV; state |= NO_RECV_IV; if (encrypt_debug_mode) printf("Creating new feed\r\n"); /* * Create a random feed and send it over. */ DES_random_key((Block *)fbp->temp_feed); DES_ecb_encrypt((Block *)fbp->temp_feed, (Block *)fbp->temp_feed, &fbp->krbdes_sched, 1); p = fbp->fb_feed + 3; *p++ = ENCRYPT_IS; p++; *p++ = FB64_IV; for (x = 0; x < sizeof(Block); ++x) { if ((*p++ = fbp->temp_feed[x]) == IAC) *p++ = IAC; } *p++ = IAC; *p++ = SE; printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); net_write(fbp->fb_feed, p - fbp->fb_feed); break; default: return(FAILED); } return(fbp->state[dir-1] = state); } /* * Returns: * -1: some error. Negotiation is done, encryption not ready. * 0: Successful, initial negotiation all done. * 1: successful, negotiation not done yet. */ int cfb64_is(unsigned char *data, int cnt) { return(fb64_is(data, cnt, &fb[CFB])); } int ofb64_is(unsigned char *data, int cnt) { return(fb64_is(data, cnt, &fb[OFB])); } int fb64_is(unsigned char *data, int cnt, struct fb *fbp) { unsigned char *p; int state = fbp->state[DIR_DECRYPT-1]; if (cnt-- < 1) goto failure; switch (*data++) { case FB64_IV: if (cnt != sizeof(Block)) { if (encrypt_debug_mode) printf("CFB64: initial vector failed on size\r\n"); state = FAILED; goto failure; } if (encrypt_debug_mode) printf("CFB64: initial vector received\r\n"); if (encrypt_debug_mode) printf("Initializing Decrypt stream\r\n"); fb64_stream_iv((void *)data, &fbp->streams[DIR_DECRYPT-1]); p = fbp->fb_feed + 3; *p++ = ENCRYPT_REPLY; p++; *p++ = FB64_IV_OK; *p++ = IAC; *p++ = SE; printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); net_write(fbp->fb_feed, p - fbp->fb_feed); state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS; break; default: if (encrypt_debug_mode) { printf("Unknown option type: %d\r\n", *(data-1)); printd(data, cnt); printf("\r\n"); } /* FALL THROUGH */ failure: /* * We failed. Send an FB64_IV_BAD option * to the other side so it will know that * things failed. */ p = fbp->fb_feed + 3; *p++ = ENCRYPT_REPLY; p++; *p++ = FB64_IV_BAD; *p++ = IAC; *p++ = SE; printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); net_write(fbp->fb_feed, p - fbp->fb_feed); break; } return(fbp->state[DIR_DECRYPT-1] = state); } /* * Returns: * -1: some error. Negotiation is done, encryption not ready. * 0: Successful, initial negotiation all done. * 1: successful, negotiation not done yet. */ int cfb64_reply(unsigned char *data, int cnt) { return(fb64_reply(data, cnt, &fb[CFB])); } int ofb64_reply(unsigned char *data, int cnt) { return(fb64_reply(data, cnt, &fb[OFB])); } int fb64_reply(unsigned char *data, int cnt, struct fb *fbp) { int state = fbp->state[DIR_ENCRYPT-1]; if (cnt-- < 1) goto failure; switch (*data++) { case FB64_IV_OK: fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]); if (state == FAILED) state = IN_PROGRESS; state &= ~NO_RECV_IV; encrypt_send_keyid(DIR_ENCRYPT, "\0", 1, 1); break; case FB64_IV_BAD: memset(fbp->temp_feed, 0, sizeof(Block)); fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]); state = FAILED; break; default: if (encrypt_debug_mode) { printf("Unknown option type: %d\r\n", data[-1]); printd(data, cnt); printf("\r\n"); } /* FALL THROUGH */ failure: state = FAILED; break; } return(fbp->state[DIR_ENCRYPT-1] = state); } void cfb64_session(Session_Key *key, int server) { fb64_session(key, server, &fb[CFB]); } void ofb64_session(Session_Key *key, int server) { fb64_session(key, server, &fb[OFB]); } static void fb64_session(Session_Key *key, int server, struct fb *fbp) { if (!key || key->type != SK_DES) { if (encrypt_debug_mode) printf("Can't set krbdes's session key (%d != %d)\r\n", key ? key->type : -1, SK_DES); return; } memmove((void *)fbp->krbdes_key, (void *)key->data, sizeof(Block)); fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]); fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]); DES_key_sched((Block *)fbp->krbdes_key, &fbp->krbdes_sched); /* * Now look to see if krbdes_start() was was waiting for * the key to show up. If so, go ahead an call it now * that we have the key. */ if (fbp->need_start) { fbp->need_start = 0; fb64_start(fbp, DIR_ENCRYPT, server); } } /* * We only accept a keyid of 0. If we get a keyid of * 0, then mark the state as SUCCESS. */ int cfb64_keyid(int dir, unsigned char *kp, int *lenp) { return(fb64_keyid(dir, kp, lenp, &fb[CFB])); } int ofb64_keyid(int dir, unsigned char *kp, int *lenp) { return(fb64_keyid(dir, kp, lenp, &fb[OFB])); } int fb64_keyid(int dir, unsigned char *kp, int *lenp, struct fb *fbp) { int state = fbp->state[dir-1]; if (*lenp != 1 || (*kp != '\0')) { *lenp = 0; return(state); } if (state == FAILED) state = IN_PROGRESS; state &= ~NO_KEYID; return(fbp->state[dir-1] = state); } void fb64_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen, const char *type) { char lbuf[32]; int i; char *cp; buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ buflen -= 1; switch(data[2]) { case FB64_IV: sprintf(lbuf, "%s_IV", type); cp = lbuf; goto common; case FB64_IV_OK: sprintf(lbuf, "%s_IV_OK", type); cp = lbuf; goto common; case FB64_IV_BAD: sprintf(lbuf, "%s_IV_BAD", type); cp = lbuf; goto common; default: sprintf(lbuf, " %d (unknown)", data[2]); cp = lbuf; common: for (; (buflen > 0) && (*buf = *cp++); buf++) buflen--; for (i = 3; i < cnt; i++) { sprintf(lbuf, " %d", data[i]); for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++) buflen--; } break; } } void cfb64_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { fb64_printsub(data, cnt, buf, buflen, "CFB64"); } void ofb64_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { fb64_printsub(data, cnt, buf, buflen, "OFB64"); } void fb64_stream_iv(Block seed, struct stinfo *stp) { memmove((void *)stp->str_iv, (void *)seed, sizeof(Block)); memmove((void *)stp->str_output, (void *)seed, sizeof(Block)); DES_key_sched((Block *)stp->str_ikey, &stp->str_sched); stp->str_index = sizeof(Block); } void fb64_stream_key(Block key, struct stinfo *stp) { memmove((void *)stp->str_ikey, (void *)key, sizeof(Block)); DES_key_sched((Block *)key, &stp->str_sched); memmove((void *)stp->str_output, (void *)stp->str_iv, sizeof(Block)); stp->str_index = sizeof(Block); } /* * DES 64 bit Cipher Feedback * * key --->+-----+ * +->| DES |--+ * | +-----+ | * | v * INPUT --(--------->(+)+---> DATA * | | * +-------------+ * * * Given: * iV: Initial vector, 64 bits (8 bytes) long. * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt). * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output. * * V0 = DES(iV, key) * On = Dn ^ Vn * V(n+1) = DES(On, key) */ void cfb64_encrypt(unsigned char *s, int c) { struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1]; int idx; idx = stp->str_index; while (c-- > 0) { if (idx == sizeof(Block)) { Block b; DES_ecb_encrypt((Block *)stp->str_output, (Block *)b, &stp->str_sched, 1); memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); idx = 0; } /* On encryption, we store (feed ^ data) which is cypher */ *s = stp->str_output[idx] = (stp->str_feed[idx] ^ *s); s++; idx++; } stp->str_index = idx; } int cfb64_decrypt(int data) { struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1]; int idx; if (data == -1) { /* * Back up one byte. It is assumed that we will * never back up more than one byte. If we do, this * may or may not work. */ if (stp->str_index) --stp->str_index; return(0); } idx = stp->str_index++; if (idx == sizeof(Block)) { Block b; DES_ecb_encrypt((Block *)stp->str_output, (Block *)b, &stp->str_sched, 1); memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); stp->str_index = 1; /* Next time will be 1 */ idx = 0; /* But now use 0 */ } /* On decryption we store (data) which is cypher. */ stp->str_output[idx] = data; return(data ^ stp->str_feed[idx]); } /* * DES 64 bit Output Feedback * * key --->+-----+ * +->| DES |--+ * | +-----+ | * +-----------+ * v * INPUT -------->(+) ----> DATA * * Given: * iV: Initial vector, 64 bits (8 bytes) long. * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt). * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output. * * V0 = DES(iV, key) * V(n+1) = DES(Vn, key) * On = Dn ^ Vn */ void ofb64_encrypt(unsigned char *s, int c) { struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1]; int idx; idx = stp->str_index; while (c-- > 0) { if (idx == sizeof(Block)) { Block b; DES_ecb_encrypt((Block *)stp->str_feed, (Block *)b, &stp->str_sched, 1); memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); idx = 0; } *s++ ^= stp->str_feed[idx]; idx++; } stp->str_index = idx; } int ofb64_decrypt(int data) { struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1]; int idx; if (data == -1) { /* * Back up one byte. It is assumed that we will * never back up more than one byte. If we do, this * may or may not work. */ if (stp->str_index) --stp->str_index; return(0); } idx = stp->str_index++; if (idx == sizeof(Block)) { Block b; DES_ecb_encrypt((Block *)stp->str_feed, (Block *)b, &stp->str_sched, 1); memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); stp->str_index = 1; /* Next time will be 1 */ idx = 0; /* But now use 0 */ } return(data ^ stp->str_feed[idx]); } # endif /* AUTHENTICATION */ #endif /* ENCRYPTION */ diff --git a/contrib/telnet/libtelnet/encrypt.c b/contrib/telnet/libtelnet/encrypt.c index 398c7321510c..3c4a2ab1abc1 100644 --- a/contrib/telnet/libtelnet/encrypt.c +++ b/contrib/telnet/libtelnet/encrypt.c @@ -1,952 +1,948 @@ /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#include - -__FBSDID("$FreeBSD$"); - #ifndef lint #if 0 static const char sccsid[] = "@(#)encrypt.c 8.2 (Berkeley) 5/30/95"; #endif #endif /* not lint */ /* * Copyright (C) 1990 by the Massachusetts Institute of Technology * * Export of this software from the United States of America is assumed * to require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. */ #ifdef ENCRYPTION #include #define ENCRYPT_NAMES #include #include #include #include #include "encrypt.h" #include "misc.h" /* * These functions pointers point to the current routines * for encrypting and decrypting data. */ void (*encrypt_output)(unsigned char *, int); int (*decrypt_input)(int); int EncryptType(char *type, char *mode); int EncryptStart(char *mode); int EncryptStop(char *mode); int EncryptStartInput(void); int EncryptStartOutput(void); int EncryptStopInput(void); int EncryptStopOutput(void); int encrypt_debug_mode = 0; static int decrypt_mode = 0; static int encrypt_mode = 0; static int encrypt_verbose = 0; static int autoencrypt = 0; static int autodecrypt = 0; static int havesessionkey = 0; static int Server = 0; static const char *Name = "Noname"; #define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) static u_long i_support_encrypt = 0 | typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64) |0; static u_long i_support_decrypt = 0 | typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64) |0; static u_long i_wont_support_encrypt = 0; static u_long i_wont_support_decrypt = 0; #define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt) #define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt) static u_long remote_supports_encrypt = 0; static u_long remote_supports_decrypt = 0; static Encryptions encryptions[] = { { "DES_CFB64", ENCTYPE_DES_CFB64, cfb64_encrypt, cfb64_decrypt, cfb64_init, cfb64_start, cfb64_is, cfb64_reply, cfb64_session, cfb64_keyid, cfb64_printsub }, { "DES_OFB64", ENCTYPE_DES_OFB64, ofb64_encrypt, ofb64_decrypt, ofb64_init, ofb64_start, ofb64_is, ofb64_reply, ofb64_session, ofb64_keyid, ofb64_printsub }, { NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, }; static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT, ENCRYPT_SUPPORT }; static unsigned char str_suplen = 0; static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT }; static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE }; Encryptions * findencryption(int type) { Encryptions *ep = encryptions; if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & (unsigned)typemask(type))) return(0); while (ep->type && ep->type != type) ++ep; return(ep->type ? ep : 0); } static Encryptions * finddecryption(int type) { Encryptions *ep = encryptions; if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & (unsigned)typemask(type))) return(0); while (ep->type && ep->type != type) ++ep; return(ep->type ? ep : 0); } #define MAXKEYLEN 64 static struct key_info { unsigned char keyid[MAXKEYLEN]; int keylen; int dir; int *modep; Encryptions *(*getcrypt)(int); } ki[2] = { { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption }, { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption }, }; static void encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len); void encrypt_init(const char *name, int server) { Encryptions *ep = encryptions; Name = name; Server = server; i_support_encrypt = i_support_decrypt = 0; remote_supports_encrypt = remote_supports_decrypt = 0; encrypt_mode = 0; decrypt_mode = 0; encrypt_output = 0; decrypt_input = 0; str_suplen = 4; while (ep->type) { if (encrypt_debug_mode) printf(">>>%s: I will support %s\r\n", Name, ENCTYPE_NAME(ep->type)); i_support_encrypt |= typemask(ep->type); i_support_decrypt |= typemask(ep->type); if ((i_wont_support_decrypt & typemask(ep->type)) == 0) if ((str_send[str_suplen++] = ep->type) == IAC) str_send[str_suplen++] = IAC; if (ep->init) (*ep->init)(Server); ++ep; } str_send[str_suplen++] = IAC; str_send[str_suplen++] = SE; } static void encrypt_list_types(void) { Encryptions *ep = encryptions; printf("Valid encryption types:\n"); while (ep->type) { printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type); ++ep; } } int EncryptEnable(char *type, char *mode) { if (isprefix(type, "help") || isprefix(type, "?")) { printf("Usage: encrypt enable [input|output]\n"); encrypt_list_types(); return(0); } if (EncryptType(type, mode)) return(EncryptStart(mode)); return(0); } int EncryptDisable(char *type, char *mode) { Encryptions *ep; int ret = 0; if (isprefix(type, "help") || isprefix(type, "?")) { printf("Usage: encrypt disable [input|output]\n"); encrypt_list_types(); } else if ((ep = (Encryptions *)genget(type, (char **)encryptions, sizeof(Encryptions))) == 0) { printf("%s: invalid encryption type\n", type); } else if (Ambiguous((char **)ep)) { printf("Ambiguous type '%s'\n", type); } else { if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) { if (decrypt_mode == ep->type) EncryptStopInput(); i_wont_support_decrypt |= typemask(ep->type); ret = 1; } if ((mode == 0) || (isprefix(mode, "output"))) { if (encrypt_mode == ep->type) EncryptStopOutput(); i_wont_support_encrypt |= typemask(ep->type); ret = 1; } if (ret == 0) printf("%s: invalid encryption mode\n", mode); } return(ret); } int EncryptType(char *type, char *mode) { Encryptions *ep; int ret = 0; if (isprefix(type, "help") || isprefix(type, "?")) { printf("Usage: encrypt type [input|output]\n"); encrypt_list_types(); } else if ((ep = (Encryptions *)genget(type, (char **)encryptions, sizeof(Encryptions))) == 0) { printf("%s: invalid encryption type\n", type); } else if (Ambiguous((char **)ep)) { printf("Ambiguous type '%s'\n", type); } else { if ((mode == 0) || isprefix(mode, "input")) { decrypt_mode = ep->type; i_wont_support_decrypt &= ~typemask(ep->type); ret = 1; } if ((mode == 0) || isprefix(mode, "output")) { encrypt_mode = ep->type; i_wont_support_encrypt &= ~typemask(ep->type); ret = 1; } if (ret == 0) printf("%s: invalid encryption mode\n", mode); } return(ret); } int EncryptStart(char *mode) { int ret = 0; if (mode) { if (isprefix(mode, "input")) return(EncryptStartInput()); if (isprefix(mode, "output")) return(EncryptStartOutput()); if (isprefix(mode, "help") || isprefix(mode, "?")) { printf("Usage: encrypt start [input|output]\n"); return(0); } printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode); return(0); } ret += EncryptStartInput(); ret += EncryptStartOutput(); return(ret); } int EncryptStartInput(void) { if (decrypt_mode) { encrypt_send_request_start(); return(1); } printf("No previous decryption mode, decryption not enabled\r\n"); return(0); } int EncryptStartOutput(void) { if (encrypt_mode) { encrypt_start_output(encrypt_mode); return(1); } printf("No previous encryption mode, encryption not enabled\r\n"); return(0); } int EncryptStop(char *mode) { int ret = 0; if (mode) { if (isprefix(mode, "input")) return(EncryptStopInput()); if (isprefix(mode, "output")) return(EncryptStopOutput()); if (isprefix(mode, "help") || isprefix(mode, "?")) { printf("Usage: encrypt stop [input|output]\n"); return(0); } printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode); return(0); } ret += EncryptStopInput(); ret += EncryptStopOutput(); return(ret); } int EncryptStopInput(void) { encrypt_send_request_end(); return(1); } int EncryptStopOutput(void) { encrypt_send_end(); return(1); } void encrypt_display(void) { if (encrypt_output) printf("Currently encrypting output with %s\r\n", ENCTYPE_NAME(encrypt_mode)); if (decrypt_input) printf("Currently decrypting input with %s\r\n", ENCTYPE_NAME(decrypt_mode)); } int EncryptStatus(void) { if (encrypt_output) printf("Currently encrypting output with %s\r\n", ENCTYPE_NAME(encrypt_mode)); else if (encrypt_mode) { printf("Currently output is clear text.\r\n"); printf("Last encryption mode was %s\r\n", ENCTYPE_NAME(encrypt_mode)); } if (decrypt_input) { printf("Currently decrypting input with %s\r\n", ENCTYPE_NAME(decrypt_mode)); } else if (decrypt_mode) { printf("Currently input is clear text.\r\n"); printf("Last decryption mode was %s\r\n", ENCTYPE_NAME(decrypt_mode)); } return 1; } void encrypt_send_support(void) { if (str_suplen) { /* * If the user has requested that decryption start * immediatly, then send a "REQUEST START" before * we negotiate the type. */ if (!Server && autodecrypt) encrypt_send_request_start(); net_write(str_send, str_suplen); printsub('>', &str_send[2], str_suplen - 2); str_suplen = 0; } } int EncryptDebug(int on) { if (on < 0) encrypt_debug_mode ^= 1; else encrypt_debug_mode = on; printf("Encryption debugging %s\r\n", encrypt_debug_mode ? "enabled" : "disabled"); return(1); } int EncryptVerbose(int on) { if (on < 0) encrypt_verbose ^= 1; else encrypt_verbose = on; printf("Encryption %s verbose\r\n", encrypt_verbose ? "is" : "is not"); return(1); } int EncryptAutoEnc(int on) { encrypt_auto(on); printf("Automatic encryption of output is %s\r\n", autoencrypt ? "enabled" : "disabled"); return(1); } int EncryptAutoDec(int on) { decrypt_auto(on); printf("Automatic decryption of input is %s\r\n", autodecrypt ? "enabled" : "disabled"); return(1); } /* * Called when ENCRYPT SUPPORT is received. */ void encrypt_support(unsigned char *typelist, int cnt) { int type, use_type = 0; Encryptions *ep; /* * Forget anything the other side has previously told us. */ remote_supports_decrypt = 0; while (cnt-- > 0) { type = *typelist++; if (encrypt_debug_mode) printf(">>>%s: He is supporting %s (%d)\r\n", Name, ENCTYPE_NAME(type), type); if ((type < ENCTYPE_CNT) && (I_SUPPORT_ENCRYPT & typemask(type))) { remote_supports_decrypt |= typemask(type); if (use_type == 0) use_type = type; } } if (use_type) { ep = findencryption(use_type); if (!ep) return; type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0; if (encrypt_debug_mode) printf(">>>%s: (*ep->start)() returned %d\r\n", Name, type); if (type < 0) return; encrypt_mode = use_type; if (type == 0) encrypt_start_output(use_type); } } void encrypt_is(unsigned char *data, int cnt) { Encryptions *ep; int type, ret; if (--cnt < 0) return; type = *data++; if (type < ENCTYPE_CNT) remote_supports_encrypt |= typemask(type); if (!(ep = finddecryption(type))) { if (encrypt_debug_mode) printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", Name, ENCTYPE_NAME_OK(type) ? ENCTYPE_NAME(type) : "(unknown)", type); return; } if (!ep->is) { if (encrypt_debug_mode) printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", Name, ENCTYPE_NAME_OK(type) ? ENCTYPE_NAME(type) : "(unknown)", type); ret = 0; } else { ret = (*ep->is)(data, cnt); if (encrypt_debug_mode) printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt, (ret < 0) ? "FAIL " : (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); } if (ret < 0) { autodecrypt = 0; } else { decrypt_mode = type; if (ret == 0 && autodecrypt) encrypt_send_request_start(); } } void encrypt_reply(unsigned char *data, int cnt) { Encryptions *ep; int ret, type; if (--cnt < 0) return; type = *data++; if (!(ep = findencryption(type))) { if (encrypt_debug_mode) printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", Name, ENCTYPE_NAME_OK(type) ? ENCTYPE_NAME(type) : "(unknown)", type); return; } if (!ep->reply) { if (encrypt_debug_mode) printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", Name, ENCTYPE_NAME_OK(type) ? ENCTYPE_NAME(type) : "(unknown)", type); ret = 0; } else { ret = (*ep->reply)(data, cnt); if (encrypt_debug_mode) printf("(*ep->reply)(%p, %d) returned %s(%d)\n", data, cnt, (ret < 0) ? "FAIL " : (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); } if (encrypt_debug_mode) printf(">>>%s: encrypt_reply returned %d\n", Name, ret); if (ret < 0) { autoencrypt = 0; } else { encrypt_mode = type; if (ret == 0 && autoencrypt) encrypt_start_output(type); } } /* * Called when a ENCRYPT START command is received. */ void encrypt_start(unsigned char *data __unused, int cnt __unused) { Encryptions *ep; if (!decrypt_mode) { /* * Something is wrong. We should not get a START * command without having already picked our * decryption scheme. Send a REQUEST-END to * attempt to clear the channel... */ printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name); encrypt_send_request_end(); return; } if ((ep = finddecryption(decrypt_mode))) { decrypt_input = ep->input; if (encrypt_verbose) printf("[ Input is now decrypted with type %s ]\r\n", ENCTYPE_NAME(decrypt_mode)); if (encrypt_debug_mode) printf(">>>%s: Start to decrypt input with type %s\r\n", Name, ENCTYPE_NAME(decrypt_mode)); } else { printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n", Name, ENCTYPE_NAME_OK(decrypt_mode) ? ENCTYPE_NAME(decrypt_mode) : "(unknown)", decrypt_mode); encrypt_send_request_end(); } } void encrypt_session_key( Session_Key *key, int server) { Encryptions *ep = encryptions; havesessionkey = 1; while (ep->type) { if (ep->session) (*ep->session)(key, server); ++ep; } } /* * Called when ENCRYPT END is received. */ void encrypt_end(void) { decrypt_input = 0; if (encrypt_debug_mode) printf(">>>%s: Input is back to clear text\r\n", Name); if (encrypt_verbose) printf("[ Input is now clear text ]\r\n"); } /* * Called when ENCRYPT REQUEST-END is received. */ void encrypt_request_end(void) { encrypt_send_end(); } /* * Called when ENCRYPT REQUEST-START is received. If we receive * this before a type is picked, then that indicates that the * other side wants us to start encrypting data as soon as we * can. */ void encrypt_request_start(unsigned char *data __unused, int cnt __unused) { if (encrypt_mode == 0) { if (Server) autoencrypt = 1; return; } encrypt_start_output(encrypt_mode); } static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT }; void encrypt_enc_keyid(unsigned char *keyid, int len) { encrypt_keyid(&ki[1], keyid, len); } void encrypt_dec_keyid(unsigned char *keyid, int len) { encrypt_keyid(&ki[0], keyid, len); } void encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len) { Encryptions *ep; int dir = kp->dir; int ret = 0; if (len > MAXKEYLEN) len = MAXKEYLEN; if (!(ep = (*kp->getcrypt)(*kp->modep))) { if (len == 0) return; kp->keylen = 0; } else if (len == 0) { /* * Empty option, indicates a failure. */ if (kp->keylen == 0) return; kp->keylen = 0; if (ep->keyid) (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); } else if ((len != kp->keylen) || (memcmp(keyid, kp->keyid, len) != 0)) { /* * Length or contents are different */ kp->keylen = len; memmove(kp->keyid, keyid, len); if (ep->keyid) (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); } else { if (ep->keyid) ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen); if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt) encrypt_start_output(*kp->modep); return; } encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0); } void encrypt_send_keyid(int dir, const char *keyid, int keylen, int saveit) { unsigned char *strp; str_keyid[3] = (dir == DIR_ENCRYPT) ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID; if (saveit) { struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1]; memmove(kp->keyid, keyid, keylen); kp->keylen = keylen; } for (strp = &str_keyid[4]; keylen > 0; --keylen) { if ((*strp++ = *keyid++) == IAC) *strp++ = IAC; } *strp++ = IAC; *strp++ = SE; net_write(str_keyid, strp - str_keyid); printsub('>', &str_keyid[2], strp - str_keyid - 2); } void encrypt_auto(int on) { if (on < 0) autoencrypt ^= 1; else autoencrypt = on ? 1 : 0; } void decrypt_auto(int on) { if (on < 0) autodecrypt ^= 1; else autodecrypt = on ? 1 : 0; } void encrypt_start_output(int type) { Encryptions *ep; unsigned char *p; int i; if (!(ep = findencryption(type))) { if (encrypt_debug_mode) { printf(">>>%s: Can't encrypt with type %s (%d)\r\n", Name, ENCTYPE_NAME_OK(type) ? ENCTYPE_NAME(type) : "(unknown)", type); } return; } if (ep->start) { i = (*ep->start)(DIR_ENCRYPT, Server); if (encrypt_debug_mode) { printf(">>>%s: Encrypt start: %s (%d) %s\r\n", Name, (i < 0) ? "failed" : "initial negotiation in progress", i, ENCTYPE_NAME(type)); } if (i) return; } p = str_start + 3; *p++ = ENCRYPT_START; for (i = 0; i < ki[0].keylen; ++i) { if ((*p++ = ki[0].keyid[i]) == IAC) *p++ = IAC; } *p++ = IAC; *p++ = SE; net_write(str_start, p - str_start); net_encrypt(); printsub('>', &str_start[2], p - &str_start[2]); /* * If we are already encrypting in some mode, then * encrypt the ring (which includes our request) in * the old mode, mark it all as "clear text" and then * switch to the new mode. */ encrypt_output = ep->output; encrypt_mode = type; if (encrypt_debug_mode) printf(">>>%s: Started to encrypt output with type %s\r\n", Name, ENCTYPE_NAME(type)); if (encrypt_verbose) printf("[ Output is now encrypted with type %s ]\r\n", ENCTYPE_NAME(type)); } void encrypt_send_end(void) { if (!encrypt_output) return; str_end[3] = ENCRYPT_END; net_write(str_end, sizeof(str_end)); net_encrypt(); printsub('>', &str_end[2], sizeof(str_end) - 2); /* * Encrypt the output buffer now because it will not be done by * netflush... */ encrypt_output = 0; if (encrypt_debug_mode) printf(">>>%s: Output is back to clear text\r\n", Name); if (encrypt_verbose) printf("[ Output is now clear text ]\r\n"); } void encrypt_send_request_start(void) { unsigned char *p; int i; p = &str_start[3]; *p++ = ENCRYPT_REQSTART; for (i = 0; i < ki[1].keylen; ++i) { if ((*p++ = ki[1].keyid[i]) == IAC) *p++ = IAC; } *p++ = IAC; *p++ = SE; net_write(str_start, p - str_start); printsub('>', &str_start[2], p - &str_start[2]); if (encrypt_debug_mode) printf(">>>%s: Request input to be encrypted\r\n", Name); } void encrypt_send_request_end(void) { str_end[3] = ENCRYPT_REQEND; net_write(str_end, sizeof(str_end)); printsub('>', &str_end[2], sizeof(str_end) - 2); if (encrypt_debug_mode) printf(">>>%s: Request input to be clear text\r\n", Name); } void encrypt_wait(void) { if (encrypt_debug_mode) printf(">>>%s: in encrypt_wait\r\n", Name); if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt)) return; while (autoencrypt && !encrypt_output) if (telnet_spin()) return; } void encrypt_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { char tbuf[16], *cp; cnt -= 2; data += 2; buf[buflen-1] = '\0'; buf[buflen-2] = '*'; buflen -= 2;; for (; cnt > 0; cnt--, data++) { sprintf(tbuf, " %d", *data); for (cp = tbuf; *cp && buflen > 0; --buflen) *buf++ = *cp++; if (buflen <= 0) return; } *buf = '\0'; } void encrypt_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { Encryptions *ep; int type = data[1]; for (ep = encryptions; ep->type && ep->type != type; ep++) ; if (ep->printsub) (*ep->printsub)(data, cnt, buf, buflen); else encrypt_gen_printsub(data, cnt, buf, buflen); } #endif /* ENCRYPTION */ diff --git a/contrib/telnet/libtelnet/genget.c b/contrib/telnet/libtelnet/genget.c index e7b48f6b2af0..4bb119315746 100644 --- a/contrib/telnet/libtelnet/genget.c +++ b/contrib/telnet/libtelnet/genget.c @@ -1,103 +1,99 @@ /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#include - -__FBSDID("$FreeBSD$"); - #ifndef lint #if 0 static const char sccsid[] = "@(#)genget.c 8.2 (Berkeley) 5/30/95"; #endif #endif /* not lint */ #include #include "misc-proto.h" #define LOWER(x) (isupper(x) ? tolower(x) : (x)) /* * The prefix function returns 0 if *s1 is not a prefix * of *s2. If *s1 exactly matches *s2, the negative of * the length is returned. If *s1 is a prefix of *s2, * the length of *s1 is returned. */ int isprefix(char *s1, const char *s2) { char *os1; char c1, c2; if (*s1 == '\0') return(-1); os1 = s1; c1 = *s1; c2 = *s2; while (LOWER(c1) == LOWER(c2)) { if (c1 == '\0') break; c1 = *++s1; c2 = *++s2; } return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1))); } static char *ambiguous; /* special return value for command routines */ char ** genget(char *name, char **table, int stlen) { char **c, **found; int n; if (name == 0) return 0; found = 0; for (c = table; *c != 0; c = (char **)((char *)c + stlen)) { if ((n = isprefix(name, *c)) == 0) continue; if (n < 0) /* exact match */ return(c); if (found) return(&ambiguous); found = c; } return(found); } /* * Function call version of Ambiguous() */ int Ambiguous(char **s) { return(s == &ambiguous); } diff --git a/contrib/telnet/libtelnet/getent.c b/contrib/telnet/libtelnet/getent.c index 3df81409a7d8..3be745e96c0b 100644 --- a/contrib/telnet/libtelnet/getent.c +++ b/contrib/telnet/libtelnet/getent.c @@ -1,72 +1,68 @@ /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#include - -__FBSDID("$FreeBSD$"); - #ifndef lint #if 0 static char sccsid[] = "@(#)getent.c 8.2 (Berkeley) 12/15/93"; #endif #endif /* not lint */ #include #include #include "misc-proto.h" static char *area; static char gettytab[] = "/etc/gettytab"; /*ARGSUSED*/ int getent(char *cp __unused, const char *name) { int retval; char *tempnam, *dba[2] = { gettytab, NULL }; tempnam = strdup(name); retval = cgetent(&area, dba, tempnam) == 0 ? 1 : 0; free(tempnam); return(retval); } /*ARGSUSED*/ char * Getstr(const char *id, char **cpp __unused) { int retval; char *answer, *tempid; tempid = strdup(id); retval = cgetstr(area, tempid, &answer); free(tempid); return((retval > 0) ? answer : NULL); } diff --git a/contrib/telnet/libtelnet/kerberos.c b/contrib/telnet/libtelnet/kerberos.c index 5f00fd40187f..a5dc774d54ca 100644 --- a/contrib/telnet/libtelnet/kerberos.c +++ b/contrib/telnet/libtelnet/kerberos.c @@ -1,502 +1,498 @@ /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#include - -__FBSDID("$FreeBSD$"); - #ifndef lint static const char sccsid[] = "@(#)kerberos.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ /* * Copyright (C) 1990 by the Massachusetts Institute of Technology * * Export of this software from the United States of America is assumed * to require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. */ #ifdef KRB4 #include #include #include /* BSD wont include this in krb.h, so we do it here */ #include #include #include #include #include "encrypt.h" #include "auth.h" #include "misc.h" int kerberos4_cksum(unsigned char *, int); int kuserok(AUTH_DAT *, char *); extern int auth_debug_mode; static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, AUTHTYPE_KERBEROS_V4, }; #define KRB_AUTH 0 /* Authentication data follows */ #define KRB_REJECT 1 /* Rejected (reason might follow) */ #define KRB_ACCEPT 2 /* Accepted */ #define KRB_CHALLENGE 3 /* Challenge for mutual auth. */ #define KRB_RESPONSE 4 /* Response for mutual auth. */ static KTEXT_ST auth; static char name[ANAME_SZ]; static AUTH_DAT adat = { 0, "", "", "", 0, {}, 0, 0, 0, { 0, "", 0 } }; #ifdef ENCRYPTION static Block session_key = { 0 }; static DES_key_schedule sched; static Block challenge = { 0 }; #endif /* ENCRYPTION */ static char krb_service_name[] = "rcmd"; static char empty[] = ""; static int Data(Authenticator *ap, int type, const unsigned char *d, int c) { unsigned char *p = str_data + 4; const unsigned char *cd = d; if (c == -1) c = strlen(cd); if (auth_debug_mode) { printf("%s:%d: [%d] (%d)", str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", str_data[3], type, c); printd(d, c); printf("\r\n"); } *p++ = ap->type; *p++ = ap->way; *p++ = type; while (c-- > 0) { if ((*p++ = *cd++) == IAC) *p++ = IAC; } *p++ = IAC; *p++ = SE; if (str_data[3] == TELQUAL_IS) printsub('>', &str_data[2], p - (&str_data[2])); return(net_write(str_data, p - str_data)); } int kerberos4_init(Authenticator *ap __unused, int server) { FILE *fp; if (server) { str_data[3] = TELQUAL_REPLY; if ((fp = fopen(KEYFILE, "r")) == NULL) return(0); fclose(fp); } else { str_data[3] = TELQUAL_IS; } return(1); } char dst_realm_buf[REALM_SZ], *dest_realm = NULL; int dst_realm_sz = REALM_SZ; int kerberos4_send(Authenticator *ap) { KTEXT_ST lauth; char instance[INST_SZ]; char *realm; CREDENTIALS cred; int r; printf("[ Trying KERBEROS4 ... ]\n"); if (!UserNameRequested) { if (auth_debug_mode) { printf("Kerberos V4: no user name supplied\r\n"); } return(0); } memset(instance, 0, sizeof(instance)); if ((realm = krb_get_phost(RemoteHostName))) strncpy(instance, realm, sizeof(instance)); instance[sizeof(instance)-1] = '\0'; realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName); if (!realm) { printf("Kerberos V4: no realm for %s\r\n", RemoteHostName); return(0); } if ((r = krb_mk_req(&lauth, krb_service_name, instance, realm, 0L))) { printf("mk_req failed: %s\r\n", krb_err_txt[r]); return(0); } if ((r = krb_get_cred(krb_service_name, instance, realm, &cred))) { printf("get_cred failed: %s\r\n", krb_err_txt[r]); return(0); } if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { if (auth_debug_mode) printf("Not enough room for user name\r\n"); return(0); } if (auth_debug_mode) printf("Sent %d bytes of authentication data\r\n", lauth.length); if (!Data(ap, KRB_AUTH, (void *)lauth.dat, lauth.length)) { if (auth_debug_mode) printf("Not enough room for authentication data\r\n"); return(0); } #ifdef ENCRYPTION /* * If we are doing mutual authentication, get set up to send * the challenge, and verify it when the response comes back. */ if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { register int i; DES_key_sched(&cred.session, sched); DES_random_key(&session_key); DES_ecb_encrypt(&session_key, &session_key, sched, 0); DES_ecb_encrypt(&session_key, &challenge, sched, 0); /* * Increment the challenge by 1, and encrypt it for * later comparison. */ for (i = 7; i >= 0; --i) { register int x; x = (unsigned int)challenge[i] + 1; challenge[i] = x; /* ignore overflow */ if (x < 256) /* if no overflow, all done */ break; } DES_ecb_encrypt(&challenge, &challenge, sched, 1); } #endif /* ENCRYPTION */ if (auth_debug_mode) { printf("CK: %d:", kerberos4_cksum(lauth.dat, lauth.length)); printd(lauth.dat, lauth.length); printf("\r\n"); printf("Sent Kerberos V4 credentials to server\r\n"); } return(1); } void kerberos4_is(Authenticator *ap, unsigned char *data, int cnt) { #ifdef ENCRYPTION Session_Key skey; Block datablock; #endif /* ENCRYPTION */ char realm[REALM_SZ]; char instance[INST_SZ]; int r; if (cnt-- < 1) return; switch (*data++) { case KRB_AUTH: if (krb_get_lrealm(realm, 1) != KSUCCESS) { Data(ap, KRB_REJECT, "No local V4 Realm.", -1); auth_finished(ap, AUTH_REJECT); if (auth_debug_mode) printf("No local realm\r\n"); return; } memmove((void *)auth.dat, (void *)data, auth.length = cnt); if (auth_debug_mode) { printf("Got %d bytes of authentication data\r\n", cnt); printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length)); printd(auth.dat, auth.length); printf("\r\n"); } instance[0] = '*'; instance[1] = 0; if ((r = krb_rd_req(&auth, krb_service_name, instance, 0, &adat, empty))) { if (auth_debug_mode) printf("Kerberos failed him as %s\r\n", name); Data(ap, KRB_REJECT, krb_err_txt[r], -1); auth_finished(ap, AUTH_REJECT); return; } #ifdef ENCRYPTION memmove((void *)session_key, (void *)adat.session, sizeof(Block)); #endif /* ENCRYPTION */ krb_kntoln(&adat, name); if (UserNameRequested && !kuserok(&adat, UserNameRequested)) Data(ap, KRB_ACCEPT, NULL, 0); else Data(ap, KRB_REJECT, "user is not authorized", -1); auth_finished(ap, AUTH_USER); break; case KRB_CHALLENGE: #ifndef ENCRYPTION Data(ap, KRB_RESPONSE, NULL, 0); #else /* ENCRYPTION */ if (!VALIDKEY(session_key)) { /* * We don't have a valid session key, so just * send back a response with an empty session * key. */ Data(ap, KRB_RESPONSE, NULL, 0); break; } DES_key_sched(&session_key, sched); memmove((void *)datablock, (void *)data, sizeof(Block)); /* * Take the received encrypted challenge, and encrypt * it again to get a unique session_key for the * ENCRYPT option. */ DES_ecb_encrypt(&datablock, &session_key, sched, 1); skey.type = SK_DES; skey.length = 8; skey.data = session_key; encrypt_session_key(&skey, 1); /* * Now decrypt the received encrypted challenge, * increment by one, re-encrypt it and send it back. */ DES_ecb_encrypt(&datablock, &challenge, sched, 0); for (r = 7; r >= 0; r--) { register int t; t = (unsigned int)challenge[r] + 1; challenge[r] = t; /* ignore overflow */ if (t < 256) /* if no overflow, all done */ break; } DES_ecb_encrypt(&challenge, &challenge, sched, 1); Data(ap, KRB_RESPONSE, challenge, sizeof(challenge)); #endif /* ENCRYPTION */ break; default: if (auth_debug_mode) printf("Unknown Kerberos option %d\r\n", data[-1]); Data(ap, KRB_REJECT, NULL, 0); break; } } void kerberos4_reply(Authenticator *ap, unsigned char *data, int cnt) { #ifdef ENCRYPTION Session_Key skey; #endif /* ENCRYPTION */ if (cnt-- < 1) return; switch (*data++) { case KRB_REJECT: if (cnt > 0) { printf("[ Kerberos V4 refuses authentication because %.*s ]\r\n", cnt, data); } else printf("[ Kerberos V4 refuses authentication ]\r\n"); auth_send_retry(); return; case KRB_ACCEPT: printf("[ Kerberos V4 accepts you ]\n"); if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { /* * Send over the encrypted challenge. */ #ifndef ENCRYPTION Data(ap, KRB_CHALLENGE, NULL, 0); #else /* ENCRYPTION */ Data(ap, KRB_CHALLENGE, session_key, sizeof(session_key)); DES_ecb_encrypt(&session_key, &session_key, sched, 1); skey.type = SK_DES; skey.length = 8; skey.data = session_key; encrypt_session_key(&skey, 0); #endif /* ENCRYPTION */ return; } auth_finished(ap, AUTH_USER); return; case KRB_RESPONSE: #ifdef ENCRYPTION /* * Verify that the response to the challenge is correct. */ if ((cnt != sizeof(Block)) || (0 != memcmp((void *)data, (void *)challenge, sizeof(challenge)))) { #endif /* ENCRYPTION */ printf("[ Kerberos V4 challenge failed!!! ]\r\n"); auth_send_retry(); return; #ifdef ENCRYPTION } printf("[ Kerberos V4 challenge successful ]\r\n"); auth_finished(ap, AUTH_USER); #endif /* ENCRYPTION */ break; default: if (auth_debug_mode) printf("Unknown Kerberos option %d\r\n", data[-1]); return; } } int kerberos4_status(Authenticator *ap __unused, char *nam, int level) { if (level < AUTH_USER) return(level); if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { strcpy(nam, UserNameRequested); return(AUTH_VALID); } else return(AUTH_USER); } #define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} void kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { char lbuf[32]; register int i; buf[buflen-1] = '\0'; /* make sure its NULL terminated */ buflen -= 1; switch(data[3]) { case KRB_REJECT: /* Rejected (reason might follow) */ strncpy((char *)buf, " REJECT ", buflen); goto common; case KRB_ACCEPT: /* Accepted (name might follow) */ strncpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) break; ADDC(buf, buflen, '"'); for (i = 4; i < cnt; i++) ADDC(buf, buflen, data[i]); ADDC(buf, buflen, '"'); ADDC(buf, buflen, '\0'); break; case KRB_AUTH: /* Authentication data follows */ strncpy((char *)buf, " AUTH", buflen); goto common2; case KRB_CHALLENGE: strncpy((char *)buf, " CHALLENGE", buflen); goto common2; case KRB_RESPONSE: strncpy((char *)buf, " RESPONSE", buflen); goto common2; default: sprintf(lbuf, " %d (unknown)", data[3]); strncpy((char *)buf, lbuf, buflen); common2: BUMP(buf, buflen); for (i = 4; i < cnt; i++) { sprintf(lbuf, " %d", data[i]); strncpy((char *)buf, lbuf, buflen); BUMP(buf, buflen); } break; } } int kerberos4_cksum(unsigned char *d, int n) { int ck = 0; /* * A comment is probably needed here for those not * well versed in the "C" language. Yes, this is * supposed to be a "switch" with the body of the * "switch" being a "while" statement. The whole * purpose of the switch is to allow us to jump into * the middle of the while() loop, and then not have * to do any more switch()s. * * Some compilers will spit out a warning message * about the loop not being entered at the top. */ switch (n&03) while (n > 0) { case 0: ck ^= (int)*d++ << 24; --n; case 3: ck ^= (int)*d++ << 16; --n; case 2: ck ^= (int)*d++ << 8; --n; case 1: ck ^= (int)*d++; --n; } return(ck); } #endif diff --git a/contrib/telnet/libtelnet/kerberos5.c b/contrib/telnet/libtelnet/kerberos5.c index 63f515310f9b..bc90ec9cfa6a 100644 --- a/contrib/telnet/libtelnet/kerberos5.c +++ b/contrib/telnet/libtelnet/kerberos5.c @@ -1,823 +1,819 @@ /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright (C) 1990 by the Massachusetts Institute of Technology * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. */ -#include - -__FBSDID("$FreeBSD$"); - #ifdef KRB5 #include #include #include #include #include #include #include #include #define Authenticator k5_Authenticator #include #undef Authenticator #include "encrypt.h" #include "auth.h" #include "misc.h" int forward_flags = 0; /* Flags get set in telnet/main.c on -f and -F */ /* These values need to be the same as those defined in telnet/main.c. */ /* Either define them in both places, or put in some common header file. */ #define OPTS_FORWARD_CREDS 0x00000002 #define OPTS_FORWARDABLE_CREDS 0x00000001 void kerberos5_forward (Authenticator *); static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, AUTHTYPE_KERBEROS_V5, }; #define KRB_AUTH 0 /* Authentication data follows */ #define KRB_REJECT 1 /* Rejected (reason might follow) */ #define KRB_ACCEPT 2 /* Accepted */ #define KRB_RESPONSE 3 /* Response for mutual auth. */ #define KRB_FORWARD 4 /* Forwarded credentials follow */ #define KRB_FORWARD_ACCEPT 5 /* Forwarded credentials accepted */ #define KRB_FORWARD_REJECT 6 /* Forwarded credentials rejected */ static krb5_data auth; static krb5_ticket *ticket; static krb5_context context; static krb5_auth_context auth_context; static void print_krb5_error(krb5_context context, krb5_error_code code, const char *msg) { const char *error_message; error_message = krb5_get_error_message(context, code); printf(msg, error_message); krb5_free_error_message(context, error_message); } static int Data(Authenticator *ap, int type, const char *d, int c) { unsigned char *p = str_data + 4; const unsigned char *cd = d; if (c == -1) c = strlen(cd); if (auth_debug_mode) { printf("%s:%d: [%d] (%d)", str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", str_data[3], type, c); printd(d, c); printf("\r\n"); } *p++ = ap->type; *p++ = ap->way; *p++ = type; while (c-- > 0) { if ((*p++ = *cd++) == IAC) *p++ = IAC; } *p++ = IAC; *p++ = SE; if (str_data[3] == TELQUAL_IS) printsub('>', &str_data[2], p - &str_data[2]); return(net_write(str_data, p - str_data)); } int kerberos5_init(Authenticator *ap __unused, int server) { krb5_error_code ret; ret = krb5_init_context(&context); if (ret) return 0; if (server) { krb5_keytab kt; krb5_kt_cursor cursor; ret = krb5_kt_default(context, &kt); if (ret) return 0; ret = krb5_kt_start_seq_get (context, kt, &cursor); if (ret) { krb5_kt_close (context, kt); return 0; } krb5_kt_end_seq_get (context, kt, &cursor); krb5_kt_close (context, kt); str_data[3] = TELQUAL_REPLY; } else str_data[3] = TELQUAL_IS; return(1); } extern int net; static int kerberos5_send(const char *name, Authenticator *ap) { krb5_error_code ret; krb5_ccache ccache; int ap_opts; krb5_data cksum_data; char foo[2]; if (!UserNameRequested) { if (auth_debug_mode) { printf("Kerberos V5: no user name supplied\r\n"); } return(0); } ret = krb5_cc_default(context, &ccache); if (ret) { if (auth_debug_mode) { print_krb5_error(context, ret, "Kerberos V5: could not get default ccache: %s\r\n"); } return 0; } if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ap_opts = AP_OPTS_MUTUAL_REQUIRED; else ap_opts = 0; ap_opts |= AP_OPTS_USE_SUBKEY; ret = krb5_auth_con_init (context, &auth_context); if (ret) { if (auth_debug_mode) { print_krb5_error(context, ret, "Kerberos V5: krb5_auth_con_init failed (%s)\r\n"); } return(0); } ret = krb5_auth_con_setaddrs_from_fd (context, auth_context, &net); if (ret) { if (auth_debug_mode) { print_krb5_error(context, ret, "Kerberos V5:" " krb5_auth_con_setaddrs_from_fd failed (%s)\r\n"); } return(0); } krb5_auth_con_setkeytype (context, auth_context, KEYTYPE_DES); foo[0] = ap->type; foo[1] = ap->way; cksum_data.length = sizeof(foo); cksum_data.data = foo; { krb5_principal service; char sname[128]; ret = krb5_sname_to_principal (context, RemoteHostName, NULL, KRB5_NT_SRV_HST, &service); if(ret) { if (auth_debug_mode) { const char *err_str; err_str = krb5_get_error_message(context, ret); printf("Kerberosr V5:" " krb5_sname_to_principal(%s) failed (%s)\r\n", RemoteHostName, err_str); krb5_free_error_message(context, err_str); } return 0; } ret = krb5_unparse_name_fixed(context, service, sname, sizeof(sname)); if(ret) { if (auth_debug_mode) { print_krb5_error(context, ret, "Kerberos V5:" " krb5_unparse_name_fixed failed (%s)\r\n"); } return 0; } printf("[ Trying %s (%s)... ]\r\n", name, sname); ret = krb5_mk_req_exact(context, &auth_context, ap_opts, service, &cksum_data, ccache, &auth); krb5_free_principal (context, service); } if (ret) { if (1 || auth_debug_mode) { print_krb5_error(context, ret, "Kerberos V5: mk_req failed (%s)\r\n"); } return(0); } if (!auth_sendname((unsigned char *)UserNameRequested, strlen(UserNameRequested))) { if (auth_debug_mode) printf("Not enough room for user name\r\n"); return(0); } if (!Data(ap, KRB_AUTH, auth.data, auth.length)) { if (auth_debug_mode) printf("Not enough room for authentication data\r\n"); return(0); } if (auth_debug_mode) { printf("Sent Kerberos V5 credentials to server\r\n"); } return(1); } int kerberos5_send_mutual(Authenticator *ap) { return kerberos5_send("mutual KERBEROS5", ap); } int kerberos5_send_oneway(Authenticator *ap) { return kerberos5_send("KERBEROS5", ap); } void kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) { krb5_error_code ret; krb5_data outbuf; krb5_keyblock *key_block; char *name; krb5_principal server; int zero = 0; if (cnt-- < 1) return; switch (*data++) { case KRB_AUTH: auth.data = (char *)data; auth.length = cnt; auth_context = NULL; ret = krb5_auth_con_init (context, &auth_context); if (ret) { Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1); auth_finished(ap, AUTH_REJECT); if (auth_debug_mode) print_krb5_error(context, ret, "Kerberos V5: krb5_auth_con_init failed (%s)\r\n"); return; } ret = krb5_auth_con_setaddrs_from_fd (context, auth_context, &zero); if (ret) { Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1); auth_finished(ap, AUTH_REJECT); if (auth_debug_mode) print_krb5_error(context, ret, "Kerberos V5: " "krb5_auth_con_setaddrs_from_fd failed (%s)\r\n"); return; } ret = krb5_sock_to_principal (context, 0, "host", KRB5_NT_SRV_HST, &server); if (ret) { Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1); auth_finished(ap, AUTH_REJECT); if (auth_debug_mode) print_krb5_error(context, ret, "Kerberos V5: " "krb5_sock_to_principal failed (%s)\r\n"); return; } ret = krb5_rd_req(context, &auth_context, &auth, server, NULL, NULL, &ticket); krb5_free_principal (context, server); if (ret) { char *errbuf; const char *err_str; err_str = krb5_get_error_message(context, ret); asprintf(&errbuf, "Read req failed: %s", err_str); krb5_free_error_message(context, err_str); Data(ap, KRB_REJECT, errbuf, -1); if (auth_debug_mode) printf("%s\r\n", errbuf); free (errbuf); return; } { char foo[2]; foo[0] = ap->type; foo[1] = ap->way; ret = krb5_verify_authenticator_checksum(context, auth_context, foo, sizeof(foo)); if (ret) { char *errbuf; const char *err_str; err_str = krb5_get_error_message(context, ret); asprintf(&errbuf, "Bad checksum: %s", err_str); krb5_free_error_message(context, err_str); Data(ap, KRB_REJECT, errbuf, -1); if (auth_debug_mode) printf ("%s\r\n", errbuf); free(errbuf); return; } } ret = krb5_auth_con_getremotesubkey (context, auth_context, &key_block); if (ret) { Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1); auth_finished(ap, AUTH_REJECT); if (auth_debug_mode) print_krb5_error(context, ret, "Kerberos V5: " "krb5_auth_con_getremotesubkey failed (%s)\r\n"); return; } if (key_block == NULL) { ret = krb5_auth_con_getkey(context, auth_context, &key_block); } if (ret) { Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1); auth_finished(ap, AUTH_REJECT); if (auth_debug_mode) print_krb5_error(context, ret, "Kerberos V5: " "krb5_auth_con_getkey failed (%s)\r\n"); return; } if (key_block == NULL) { Data(ap, KRB_REJECT, "no subkey received", -1); auth_finished(ap, AUTH_REJECT); if (auth_debug_mode) printf("Kerberos V5: " "krb5_auth_con_getremotesubkey returned NULL key\r\n"); return; } if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { ret = krb5_mk_rep(context, auth_context, &outbuf); if (ret) { Data(ap, KRB_REJECT, "krb5_mk_rep failed", -1); auth_finished(ap, AUTH_REJECT); if (auth_debug_mode) print_krb5_error(context, ret, "Kerberos V5: " "krb5_mk_rep failed (%s)\r\n"); return; } Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length); } if (krb5_unparse_name(context, ticket->client, &name)) name = 0; if(UserNameRequested && krb5_kuserok(context, ticket->client, UserNameRequested)) { Data(ap, KRB_ACCEPT, name, name ? -1 : 0); if (auth_debug_mode) { printf("Kerberos5 identifies him as ``%s''\r\n", name ? name : ""); } if(key_block->keytype == ETYPE_DES_CBC_MD5 || key_block->keytype == ETYPE_DES_CBC_MD4 || key_block->keytype == ETYPE_DES_CBC_CRC) { Session_Key skey; skey.type = SK_DES; skey.length = 8; skey.data = key_block->keyvalue.data; encrypt_session_key(&skey, 0); } } else { char *msg; asprintf (&msg, "user `%s' is not authorized to " "login as `%s'", name ? name : "", UserNameRequested ? UserNameRequested : ""); if (msg == NULL) Data(ap, KRB_REJECT, NULL, 0); else { Data(ap, KRB_REJECT, (void *)msg, -1); free(msg); } auth_finished (ap, AUTH_REJECT); krb5_free_keyblock_contents(context, key_block); break; } auth_finished(ap, AUTH_USER); krb5_free_keyblock_contents(context, key_block); break; case KRB_FORWARD: { struct passwd *pwd; char ccname[1024]; /* XXX */ krb5_data inbuf; krb5_ccache ccache; inbuf.data = (char *)data; inbuf.length = cnt; pwd = getpwnam (UserNameRequested); if (pwd == NULL) break; snprintf (ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%u", pwd->pw_uid); ret = krb5_cc_resolve (context, ccname, &ccache); if (ret) { if (auth_debug_mode) print_krb5_error(context, ret, "Kerberos V5: could not get ccache: %s\r\n"); break; } ret = krb5_cc_initialize (context, ccache, ticket->client); if (ret) { if (auth_debug_mode) print_krb5_error(context, ret, "Kerberos V5: could not init ccache: %s\r\n"); break; } #if defined(DCE) esetenv("KRB5CCNAME", ccname, 1); #endif ret = krb5_rd_cred2 (context, auth_context, ccache, &inbuf); if(ret) { char *errbuf; const char *err_str; err_str = krb5_get_error_message(context, ret); asprintf (&errbuf, "Read forwarded creds failed: %s", err_str); krb5_free_error_message(context, err_str); if(errbuf == NULL) Data(ap, KRB_FORWARD_REJECT, NULL, 0); else Data(ap, KRB_FORWARD_REJECT, errbuf, -1); if (auth_debug_mode) printf("Could not read forwarded credentials: %s\r\n", errbuf); free (errbuf); } else { Data(ap, KRB_FORWARD_ACCEPT, 0, 0); #if defined(DCE) dfsfwd = 1; #endif } chown (ccname + 5, pwd->pw_uid, -1); if (auth_debug_mode) printf("Forwarded credentials obtained\r\n"); break; } default: if (auth_debug_mode) printf("Unknown Kerberos option %d\r\n", data[-1]); Data(ap, KRB_REJECT, 0, 0); break; } } void kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) { static int mutual_complete = 0; if (cnt-- < 1) return; switch (*data++) { case KRB_REJECT: if (cnt > 0) { printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n", cnt, data); } else printf("[ Kerberos V5 refuses authentication ]\r\n"); auth_send_retry(); return; case KRB_ACCEPT: { krb5_error_code ret; Session_Key skey; krb5_keyblock *keyblock; if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL && !mutual_complete) { printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n"); auth_send_retry(); return; } if (cnt) printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data); else printf("[ Kerberos V5 accepts you ]\r\n"); ret = krb5_auth_con_getlocalsubkey (context, auth_context, &keyblock); if (ret) ret = krb5_auth_con_getkey (context, auth_context, &keyblock); if(ret) { print_krb5_error(context, ret, "[ krb5_auth_con_getkey: %s ]\r\n"); auth_send_retry(); return; } skey.type = SK_DES; skey.length = 8; skey.data = keyblock->keyvalue.data; encrypt_session_key(&skey, 0); krb5_free_keyblock_contents (context, keyblock); auth_finished(ap, AUTH_USER); if (forward_flags & OPTS_FORWARD_CREDS) kerberos5_forward(ap); break; } case KRB_RESPONSE: if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { /* the rest of the reply should contain a krb_ap_rep */ krb5_ap_rep_enc_part *reply; krb5_data inbuf; krb5_error_code ret; inbuf.length = cnt; inbuf.data = (char *)data; ret = krb5_rd_rep(context, auth_context, &inbuf, &reply); if (ret) { print_krb5_error(context, ret, "[ Mutual authentication failed: %s ]\r\n"); auth_send_retry(); return; } krb5_free_ap_rep_enc_part(context, reply); mutual_complete = 1; } return; case KRB_FORWARD_ACCEPT: printf("[ Kerberos V5 accepted forwarded credentials ]\r\n"); return; case KRB_FORWARD_REJECT: printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n", cnt, data); return; default: if (auth_debug_mode) printf("Unknown Kerberos option %d\r\n", data[-1]); return; } } int kerberos5_status(Authenticator *ap __unused, char *name, int level) { if (level < AUTH_USER) return(level); if (UserNameRequested && krb5_kuserok(context, ticket->client, UserNameRequested)) { strcpy(name, UserNameRequested); return(AUTH_VALID); } else return(AUTH_USER); } #define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} void kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { int i; buf[buflen-1] = '\0'; /* make sure its NULL terminated */ buflen -= 1; switch(data[3]) { case KRB_REJECT: /* Rejected (reason might follow) */ strlcpy((char *)buf, " REJECT ", buflen); goto common; case KRB_ACCEPT: /* Accepted (name might follow) */ strlcpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) break; ADDC(buf, buflen, '"'); for (i = 4; i < cnt; i++) ADDC(buf, buflen, data[i]); ADDC(buf, buflen, '"'); ADDC(buf, buflen, '\0'); break; case KRB_AUTH: /* Authentication data follows */ strlcpy((char *)buf, " AUTH", buflen); goto common2; case KRB_RESPONSE: strlcpy((char *)buf, " RESPONSE", buflen); goto common2; case KRB_FORWARD: /* Forwarded credentials follow */ strlcpy((char *)buf, " FORWARD", buflen); goto common2; case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */ strlcpy((char *)buf, " FORWARD_ACCEPT", buflen); goto common2; case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */ /* (reason might follow) */ strlcpy((char *)buf, " FORWARD_REJECT", buflen); goto common2; default: snprintf(buf, buflen, " %d (unknown)", data[3]); common2: BUMP(buf, buflen); for (i = 4; i < cnt; i++) { snprintf(buf, buflen, " %d", data[i]); BUMP(buf, buflen); } break; } } void kerberos5_forward(Authenticator *ap) { krb5_error_code ret; krb5_ccache ccache; krb5_creds creds; krb5_kdc_flags flags; krb5_data out_data; krb5_principal principal; ret = krb5_cc_default (context, &ccache); if (ret) { if (auth_debug_mode) print_krb5_error(context, ret, "KerberosV5: could not get default ccache: %s\r\n"); return; } ret = krb5_cc_get_principal (context, ccache, &principal); if (ret) { if (auth_debug_mode) print_krb5_error(context, ret, "KerberosV5: could not get principal: %s\r\n"); return; } memset (&creds, 0, sizeof(creds)); creds.client = principal; ret = krb5_build_principal (context, &creds.server, strlen(principal->realm), principal->realm, "krbtgt", principal->realm, NULL); if (ret) { if (auth_debug_mode) print_krb5_error(context, ret, "KerberosV5: could not get principal: %s\r\n"); return; } creds.times.endtime = 0; flags.i = 0; flags.b.forwarded = 1; if (forward_flags & OPTS_FORWARDABLE_CREDS) flags.b.forwardable = 1; ret = krb5_get_forwarded_creds (context, auth_context, ccache, flags.i, RemoteHostName, &creds, &out_data); if (ret) { if (auth_debug_mode) print_krb5_error(context, ret, "Kerberos V5: error getting forwarded creds: %s\r\n"); return; } if(!Data(ap, KRB_FORWARD, out_data.data, out_data.length)) { if (auth_debug_mode) printf("Not enough room for authentication data\r\n"); } else { if (auth_debug_mode) printf("Forwarded local Kerberos V5 credentials to server\r\n"); } } #if defined(DCE) /* if this was a K5 authentication try and join a PAG for the user. */ void kerberos5_dfspag(void) { if (dfsk5ok) { dfspag = krb5_dfs_pag(context, dfsfwd, ticket->client, UserNameRequested); } } #endif #endif /* KRB5 */ diff --git a/contrib/telnet/libtelnet/krb4encpwd.c b/contrib/telnet/libtelnet/krb4encpwd.c index e87b5c41272e..345e24317228 100644 --- a/contrib/telnet/libtelnet/krb4encpwd.c +++ b/contrib/telnet/libtelnet/krb4encpwd.c @@ -1,424 +1,420 @@ /*- * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#include - -__FBSDID("$FreeBSD$"); - #ifndef lint static char sccsid[] = "@(#)krb4encpwd.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ #ifdef KRB4_ENCPWD /* * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION * ALL RIGHTS RESERVED * * "Digital Equipment Corporation authorizes the reproduction, * distribution and modification of this software subject to the following * restrictions: * * 1. Any partial or whole copy of this software, or any modification * thereof, must include this copyright notice in its entirety. * * 2. This software is supplied "as is" with no warranty of any kind, * expressed or implied, for any purpose, including any warranty of fitness * or merchantibility. DIGITAL assumes no responsibility for the use or * reliability of this software, nor promises to provide any form of * support for it on any basis. * * 3. Distribution of this software is authorized only if no profit or * remuneration of any kind is received in exchange for such distribution. * * 4. This software produces public key authentication certificates * bearing an expiration date established by DIGITAL and RSA Data * Security, Inc. It may cease to generate certificates after the expiration * date. Any modification of this software that changes or defeats * the expiration date or its effect is unauthorized. * * 5. Software that will renew or extend the expiration date of * authentication certificates produced by this software may be obtained * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA * 94065, (415)595-8782, or from DIGITAL" * */ #include #include #include #include #include #include #include #include #include "encrypt.h" #include "auth.h" #include "misc.h" int krb_mk_encpwd_req(KTEXT, char *, char *, char *, char *, char *, char *); int krb_rd_encpwd_req(KTEXT, char *, char *, u_long, AUTH_DAT *, char *, char *, char *, char *); extern auth_debug_mode; static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, AUTHTYPE_KRB4_ENCPWD, }; static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, }; #define KRB4_ENCPWD_AUTH 0 /* Authentication data follows */ #define KRB4_ENCPWD_REJECT 1 /* Rejected (reason might follow) */ #define KRB4_ENCPWD_ACCEPT 2 /* Accepted */ #define KRB4_ENCPWD_CHALLENGE 3 /* Challenge for mutual auth. */ #define KRB4_ENCPWD_ACK 4 /* Acknowledge */ #define KRB_SERVICE_NAME "rcmd" static KTEXT_ST auth; static char name[ANAME_SZ]; static char user_passwd[ANAME_SZ]; static AUTH_DAT adat = { 0 }; #ifdef ENCRYPTION static Block session_key = { 0 }; #endif /* ENCRYPTION */ static char challenge[REALM_SZ]; static int Data(ap, type, d, c) Authenticator *ap; int type; void *d; int c; { unsigned char *p = str_data + 4; unsigned char *cd = (unsigned char *)d; if (c == -1) c = strlen((char *)cd); if (0) { printf("%s:%d: [%d] (%d)", str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", str_data[3], type, c); printd(d, c); printf("\r\n"); } *p++ = ap->type; *p++ = ap->way; *p++ = type; while (c-- > 0) { if ((*p++ = *cd++) == IAC) *p++ = IAC; } *p++ = IAC; *p++ = SE; if (str_data[3] == TELQUAL_IS) printsub('>', &str_data[2], p - (&str_data[2])); return(net_write(str_data, p - str_data)); } int krb4encpwd_init(ap, server) Authenticator *ap; int server; { char hostname[80], *cp, *realm; C_Block skey; if (server) { str_data[3] = TELQUAL_REPLY; } else { str_data[3] = TELQUAL_IS; gethostname(hostname, sizeof(hostname)); realm = krb_realmofhost(hostname); cp = strchr(hostname, '.'); if (*cp != NULL) *cp = NULL; if (read_service_key(KRB_SERVICE_NAME, hostname, realm, 0, KEYFILE, (char *)skey)) { return(0); } } return(1); } int krb4encpwd_send(ap) Authenticator *ap; { printf("[ Trying KRB4ENCPWD ... ]\n"); if (!UserNameRequested) { return(0); } if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { return(0); } if (!Data(ap, KRB4_ENCPWD_ACK, (void *)NULL, 0)) { return(0); } return(1); } void krb4encpwd_is(ap, data, cnt) Authenticator *ap; unsigned char *data; int cnt; { Session_Key skey; Block datablock; char r_passwd[ANAME_SZ], r_user[ANAME_SZ]; char lhostname[ANAME_SZ], *cp; int r; time_t now; if (cnt-- < 1) return; switch (*data++) { case KRB4_ENCPWD_AUTH: memmove((void *)auth.dat, (void *)data, auth.length = cnt); gethostname(lhostname, sizeof(lhostname)); if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0'; if (r = krb_rd_encpwd_req(&auth, KRB_SERVICE_NAME, lhostname, 0, &adat, NULL, challenge, r_user, r_passwd)) { Data(ap, KRB4_ENCPWD_REJECT, (void *)"Auth failed", -1); auth_finished(ap, AUTH_REJECT); return; } auth_encrypt_userpwd(r_passwd); if (passwdok(UserNameRequested, UserPassword) == 0) { /* * illegal username and password */ Data(ap, KRB4_ENCPWD_REJECT, (void *)"Illegal password", -1); auth_finished(ap, AUTH_REJECT); return; } memmove((void *)session_key, (void *)adat.session, sizeof(Block)); Data(ap, KRB4_ENCPWD_ACCEPT, (void *)0, 0); auth_finished(ap, AUTH_USER); break; case KRB4_ENCPWD_CHALLENGE: /* * Take the received random challenge text and save * for future authentication. */ memmove((void *)challenge, (void *)data, sizeof(Block)); break; case KRB4_ENCPWD_ACK: /* * Receive ack, if mutual then send random challenge */ /* * If we are doing mutual authentication, get set up to send * the challenge, and verify it when the response comes back. */ if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { register int i; time(&now); sprintf(challenge, "%x", now); Data(ap, KRB4_ENCPWD_CHALLENGE, (void *)challenge, strlen(challenge)); } break; default: Data(ap, KRB4_ENCPWD_REJECT, 0, 0); break; } } void krb4encpwd_reply(ap, data, cnt) Authenticator *ap; unsigned char *data; int cnt; { Session_Key skey; KTEXT_ST krb_token; Block enckey; CREDENTIALS cred; int r; char randchal[REALM_SZ], instance[ANAME_SZ], *cp; char hostname[80], *realm; if (cnt-- < 1) return; switch (*data++) { case KRB4_ENCPWD_REJECT: if (cnt > 0) { printf("[ KRB4_ENCPWD refuses authentication because %.*s ]\r\n", cnt, data); } else printf("[ KRB4_ENCPWD refuses authentication ]\r\n"); auth_send_retry(); return; case KRB4_ENCPWD_ACCEPT: printf("[ KRB4_ENCPWD accepts you ]\n"); auth_finished(ap, AUTH_USER); return; case KRB4_ENCPWD_CHALLENGE: /* * Verify that the response to the challenge is correct. */ gethostname(hostname, sizeof(hostname)); realm = krb_realmofhost(hostname); memmove((void *)challenge, (void *)data, cnt); memset(user_passwd, 0, sizeof(user_passwd)); local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0); UserPassword = user_passwd; Challenge = challenge; strcpy(instance, RemoteHostName); if ((cp = strchr(instance, '.')) != 0) *cp = '\0'; if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) { krb_token.length = 0; } if (!Data(ap, KRB4_ENCPWD_AUTH, (void *)krb_token.dat, krb_token.length)) { return; } break; default: return; } } int krb4encpwd_status(ap, name, level) Authenticator *ap; char *name; int level; { if (level < AUTH_USER) return(level); if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) { strcpy(name, UserNameRequested); return(AUTH_VALID); } else { return(AUTH_USER); } } #define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} void krb4encpwd_printsub(data, cnt, buf, buflen) unsigned char *data, *buf; int cnt, buflen; { char lbuf[32]; register int i; buf[buflen-1] = '\0'; /* make sure its NULL terminated */ buflen -= 1; switch(data[3]) { case KRB4_ENCPWD_REJECT: /* Rejected (reason might follow) */ strncpy((char *)buf, " REJECT ", buflen); goto common; case KRB4_ENCPWD_ACCEPT: /* Accepted (name might follow) */ strncpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) break; ADDC(buf, buflen, '"'); for (i = 4; i < cnt; i++) ADDC(buf, buflen, data[i]); ADDC(buf, buflen, '"'); ADDC(buf, buflen, '\0'); break; case KRB4_ENCPWD_AUTH: /* Authentication data follows */ strncpy((char *)buf, " AUTH", buflen); goto common2; case KRB4_ENCPWD_CHALLENGE: strncpy((char *)buf, " CHALLENGE", buflen); goto common2; case KRB4_ENCPWD_ACK: strncpy((char *)buf, " ACK", buflen); goto common2; default: sprintf(lbuf, " %d (unknown)", data[3]); strncpy((char *)buf, lbuf, buflen); common2: BUMP(buf, buflen); for (i = 4; i < cnt; i++) { sprintf(lbuf, " %d", data[i]); strncpy((char *)buf, lbuf, buflen); BUMP(buf, buflen); } break; } } int passwdok(name, passwd) char *name, *passwd; { char *crypt(); char *salt, *p; struct passwd *pwd; int passwdok_status = 0; if (pwd = getpwnam(name)) salt = pwd->pw_passwd; else salt = "xx"; p = crypt(passwd, salt); if (pwd && !strcmp(p, pwd->pw_passwd)) { passwdok_status = 1; } else passwdok_status = 0; return(passwdok_status); } #endif diff --git a/contrib/telnet/libtelnet/misc.c b/contrib/telnet/libtelnet/misc.c index ef5de4ee45e7..a514376e2b69 100644 --- a/contrib/telnet/libtelnet/misc.c +++ b/contrib/telnet/libtelnet/misc.c @@ -1,105 +1,101 @@ /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#include - -__FBSDID("$FreeBSD$"); - #ifndef lint #if 0 static const char sccsid[] = "@(#)misc.c 8.1 (Berkeley) 6/4/93"; #endif #endif /* not lint */ #include #include #include #include "misc.h" #ifdef AUTHENTICATION #include "auth.h" #endif #ifdef ENCRYPTION #include "encrypt.h" #endif /* ENCRYPTION */ char *RemoteHostName; char *LocalHostName; char *UserNameRequested = 0; int ConnectedCount = 0; #ifndef AUTHENTICATION #define undef1 __unused #else #define undef1 #endif void auth_encrypt_init(char *local, char *remote, const char *name undef1, int server undef1) { RemoteHostName = remote; LocalHostName = local; #ifdef AUTHENTICATION auth_init(name, server); #endif #ifdef ENCRYPTION encrypt_init(name, server); #endif /* ENCRYPTION */ if (UserNameRequested) { free(UserNameRequested); UserNameRequested = 0; } } #ifdef ENCRYPTION void auth_encrypt_user(char *name) { if (UserNameRequested) free(UserNameRequested); UserNameRequested = name ? strdup(name) : 0; } /* ARGSUSED */ void auth_encrypt_connect(int cnt __unused) { } #endif /* ENCRYPTION */ void printd(const unsigned char *data, int cnt) { if (cnt > 16) cnt = 16; while (cnt-- > 0) { printf(" %02x", *data); ++data; } } diff --git a/contrib/telnet/libtelnet/pk.c b/contrib/telnet/libtelnet/pk.c index a3d17f396c64..a36733c4e73d 100644 --- a/contrib/telnet/libtelnet/pk.c +++ b/contrib/telnet/libtelnet/pk.c @@ -1,260 +1,256 @@ /*- * Copyright (c) 1991, 1993 * Dave Safford. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ -#include - -__FBSDID("$FreeBSD$"); - /* public key routines */ /* functions: genkeys(char *public, char *secret) common_key(char *secret, char *public, desData *deskey) pk_encode(char *in, *out, DesData *deskey); pk_decode(char *in, *out, DesData *deskey); where char public[HEXKEYBYTES + 1]; char secret[HEXKEYBYTES + 1]; */ #include #include #include #include #include #include #include "mp.h" #include "pk.h" static void adjust(char keyout[HEXKEYBYTES+1], char *keyin); /* * Choose top 128 bits of the common key to use as our idea key. */ static void extractideakey(MINT *ck, IdeaData *ideakey) { MINT *a; MINT *z; short r; int i; short base = (1 << 8); char *k; z = mp_itom(0); a = mp_itom(0); mp_madd(ck, z, a); for (i = 0; i < ((KEYSIZE - 128) / 8); i++) { mp_sdiv(a, base, a, &r); } k = (char *)ideakey; for (i = 0; i < 16; i++) { mp_sdiv(a, base, a, &r); *k++ = r; } mp_mfree(z); mp_mfree(a); } /* * Choose middle 64 bits of the common key to use as our des key, possibly * overwriting the lower order bits by setting parity. */ static void extractdeskey(MINT *ck, DesData *deskey) { MINT *a; MINT *z; short r; int i; short base = (1 << 8); char *k; z = mp_itom(0); a = mp_itom(0); mp_madd(ck, z, a); for (i = 0; i < ((KEYSIZE - 64) / 2) / 8; i++) { mp_sdiv(a, base, a, &r); } k = (char *)deskey; for (i = 0; i < 8; i++) { mp_sdiv(a, base, a, &r); *k++ = r; } mp_mfree(z); mp_mfree(a); } /* * get common key from my secret key and his public key */ void common_key(char *xsecret, char *xpublic, IdeaData *ideakey, DesData *deskey) { MINT *public; MINT *secret; MINT *common; MINT *modulus = mp_xtom(HEXMODULUS); public = mp_xtom(xpublic); secret = mp_xtom(xsecret); common = mp_itom(0); mp_pow(public, secret, modulus, common); extractdeskey(common, deskey); extractideakey(common, ideakey); DES_set_odd_parity(deskey); mp_mfree(common); mp_mfree(secret); mp_mfree(public); mp_mfree(modulus); } /* * Generate a seed */ static void getseed(char *seed, int seedsize) { arc4random_buf(seed, seedsize); } /* * Generate a random public/secret key pair */ void genkeys(char *public, char *secret) { size_t i; # define BASEBITS (8*sizeof(short) - 1) # define BASE (1 << BASEBITS) MINT *pk = mp_itom(0); MINT *sk = mp_itom(0); MINT *tmp; MINT *base = mp_itom((short)BASE); MINT *root = mp_itom(PROOT); MINT *modulus = mp_xtom(HEXMODULUS); short r; unsigned short seed[KEYSIZE/BASEBITS + 1]; char *xkey; getseed((char *)seed, sizeof(seed)); for (i = 0; i < KEYSIZE/BASEBITS + 1; i++) { r = seed[i] % BASE; tmp = mp_itom(r); mp_mult(sk, base, sk); mp_madd(sk, tmp, sk); mp_mfree(tmp); } tmp = mp_itom(0); mp_mdiv(sk, modulus, tmp, sk); mp_mfree(tmp); mp_pow(root, sk, modulus, pk); xkey = mp_mtox(sk); adjust(secret, xkey); xkey = mp_mtox(pk); adjust(public, xkey); mp_mfree(sk); mp_mfree(base); mp_mfree(pk); mp_mfree(root); mp_mfree(modulus); } /* * Adjust the input key so that it is 0-filled on the left */ static void adjust(char keyout[HEXKEYBYTES+1], char *keyin) { char *p; char *s; for (p = keyin; *p; p++) ; for (s = keyout + HEXKEYBYTES; p >= keyin; p--, s--) { *s = *p; } while (s >= keyout) { *s-- = '0'; } } static char hextab[17] = "0123456789ABCDEF"; /* given a DES key, cbc encrypt and translate input to terminated hex */ void pk_encode(char *in, char *out, DesData *key) { char buf[256]; DesData i; DES_key_schedule k; int l,op,deslen; memset(&i,0,sizeof(i)); memset(buf,0,sizeof(buf)); deslen = ((strlen(in) + 7)/8)*8; DES_key_sched(key, &k); DES_cbc_encrypt(in, buf, deslen, &k, &i, DES_ENCRYPT); for (l=0,op=0;l> 4]; out[op++] = hextab[(buf[l] & 0x0f)]; } out[op] = '\0'; } /* given a DES key, translate input from hex and decrypt */ void pk_decode(char *in, char *out, DesData *key) { char buf[256]; DesData i; DES_key_schedule k; int n1,n2,op; size_t l; memset(&i,0,sizeof(i)); memset(buf,0,sizeof(buf)); for (l=0,op=0;l '9') n1 = in[op] - 'A' + 10; else n1 = in[op] - '0'; if (in[op+1] > '9') n2 = in[op+1] - 'A' + 10; else n2 = in[op+1] - '0'; buf[l] = n1*16 +n2; } DES_key_sched(key, &k); DES_cbc_encrypt(buf, out, strlen(in) / 2, &k, &i, DES_DECRYPT); out[strlen(in)/2] = '\0'; } diff --git a/contrib/telnet/libtelnet/read_password.c b/contrib/telnet/libtelnet/read_password.c index 0faaa09c57d5..37baf92e288d 100644 --- a/contrib/telnet/libtelnet/read_password.c +++ b/contrib/telnet/libtelnet/read_password.c @@ -1,147 +1,143 @@ /*- * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#include - -__FBSDID("$FreeBSD$"); - #ifndef lint #if 0 static char sccsid[] = "@(#)read_password.c 8.3 (Berkeley) 5/30/95"; #endif #endif /* not lint */ /* * $Source: /mit/kerberos/src/lib/des/RCS/read_password.c,v $ * $Author: jon $ * * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute * of Technology. * * For copying and distribution information, please see the file * . * * This routine prints the supplied string to standard * output as a prompt, and reads a password string without * echoing. */ #if defined(RSA_ENCPWD) || defined(KRB4_ENCPWD) #include #include #include #include #include static jmp_buf env; /*** Routines ****************************************************** */ /* * This version just returns the string, doesn't map to key. * * Returns 0 on success, non-zero on failure. */ int local_des_read_pw_string(s,max,prompt,verify) char *s; int max; char *prompt; int verify; { int ok = 0; char *ptr; jmp_buf old_env; struct sgttyb tty_state; char key_string[BUFSIZ]; if (max > BUFSIZ) { return -1; } /* XXX assume jmp_buf is typedef'ed to an array */ memmove((char *)env, (char *)old_env, sizeof(env)); if (setjmp(env)) goto lose; /* save terminal state*/ if (ioctl(0,TIOCGETP,(char *)&tty_state) == -1) return -1; /* push_signals(); */ /* Turn off echo */ tty_state.sg_flags &= ~ECHO; if (ioctl(0,TIOCSETP,(char *)&tty_state) == -1) return -1; while (!ok) { (void) printf("%s", prompt); (void) fflush(stdout); while (!fgets(s, max, stdin)); if ((ptr = strchr(s, '\n'))) *ptr = '\0'; if (verify) { printf("\nVerifying, please re-enter %s",prompt); (void) fflush(stdout); if (!fgets(key_string, sizeof(key_string), stdin)) { clearerr(stdin); continue; } if ((ptr = strchr(key_string, '\n'))) *ptr = '\0'; if (strcmp(s,key_string)) { printf("\n\07\07Mismatch - try again\n"); (void) fflush(stdout); continue; } } ok = 1; } lose: if (!ok) memset(s, 0, max); printf("\n"); /* turn echo back on */ tty_state.sg_flags |= ECHO; if (ioctl(0,TIOCSETP,(char *)&tty_state)) ok = 0; /* pop_signals(); */ memmove((char *)old_env, (char *)env, sizeof(env)); if (verify) memset(key_string, 0, sizeof (key_string)); s[max-1] = 0; /* force termination */ return !ok; /* return nonzero if not okay */ } #endif /* defined(RSA_ENCPWD) || defined(KRB4_ENCPWD) */ diff --git a/contrib/telnet/libtelnet/rsaencpwd.c b/contrib/telnet/libtelnet/rsaencpwd.c index 9dcf4a658cf6..10225ac0070b 100644 --- a/contrib/telnet/libtelnet/rsaencpwd.c +++ b/contrib/telnet/libtelnet/rsaencpwd.c @@ -1,471 +1,467 @@ /*- * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#include - -__FBSDID("$FreeBSD$"); - #ifndef lint static char sccsid[] = "@(#)rsaencpwd.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ #ifdef RSA_ENCPWD /* * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION * ALL RIGHTS RESERVED * * "Digital Equipment Corporation authorizes the reproduction, * distribution and modification of this software subject to the following * restrictions: * * 1. Any partial or whole copy of this software, or any modification * thereof, must include this copyright notice in its entirety. * * 2. This software is supplied "as is" with no warranty of any kind, * expressed or implied, for any purpose, including any warranty of fitness * or merchantibility. DIGITAL assumes no responsibility for the use or * reliability of this software, nor promises to provide any form of * support for it on any basis. * * 3. Distribution of this software is authorized only if no profit or * remuneration of any kind is received in exchange for such distribution. * * 4. This software produces public key authentication certificates * bearing an expiration date established by DIGITAL and RSA Data * Security, Inc. It may cease to generate certificates after the expiration * date. Any modification of this software that changes or defeats * the expiration date or its effect is unauthorized. * * 5. Software that will renew or extend the expiration date of * authentication certificates produced by this software may be obtained * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA * 94065, (415)595-8782, or from DIGITAL" * */ #include #include #include #include #include #include #include "encrypt.h" #include "auth.h" #include "misc.h" #include "cdc.h" extern auth_debug_mode; static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, AUTHTYPE_RSA_ENCPWD, }; static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, }; #define RSA_ENCPWD_AUTH 0 /* Authentication data follows */ #define RSA_ENCPWD_REJECT 1 /* Rejected (reason might follow) */ #define RSA_ENCPWD_ACCEPT 2 /* Accepted */ #define RSA_ENCPWD_CHALLENGEKEY 3 /* Challenge and public key */ #define NAME_SZ 40 #define CHAL_SZ 20 #define PWD_SZ 40 static KTEXT_ST auth; static char name[NAME_SZ]; static char user_passwd[PWD_SZ]; static char key_file[2*NAME_SZ]; static char lhostname[NAME_SZ]; static char challenge[CHAL_SZ]; static int challenge_len; static int Data(ap, type, d, c) Authenticator *ap; int type; void *d; int c; { unsigned char *p = str_data + 4; unsigned char *cd = (unsigned char *)d; if (c == -1) c = strlen((char *)cd); if (0) { printf("%s:%d: [%d] (%d)", str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", str_data[3], type, c); printd(d, c); printf("\r\n"); } *p++ = ap->type; *p++ = ap->way; if (type != NULL) *p++ = type; while (c-- > 0) { if ((*p++ = *cd++) == IAC) *p++ = IAC; } *p++ = IAC; *p++ = SE; if (str_data[3] == TELQUAL_IS) printsub('>', &str_data[2], p - (&str_data[2])); return(net_write(str_data, p - str_data)); } int rsaencpwd_init(ap, server) Authenticator *ap; int server; { char *cp; FILE *fp; if (server) { str_data[3] = TELQUAL_REPLY; memset(key_file, 0, sizeof(key_file)); gethostname(lhostname, sizeof(lhostname)); if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0'; strcpy(key_file, "/etc/."); strcat(key_file, lhostname); strcat(key_file, "_privkey"); if ((fp=fopen(key_file, "r"))==NULL) return(0); fclose(fp); } else { str_data[3] = TELQUAL_IS; } return(1); } int rsaencpwd_send(ap) Authenticator *ap; { printf("[ Trying RSAENCPWD ... ]\n"); if (!UserNameRequested) { return(0); } if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { return(0); } if (!Data(ap, NULL, (void *)NULL, 0)) { return(0); } return(1); } void rsaencpwd_is(ap, data, cnt) Authenticator *ap; unsigned char *data; int cnt; { Session_Key skey; Block datablock; char r_passwd[PWD_SZ], r_user[NAME_SZ]; char *cp, key[160]; char chalkey[160], *ptr; FILE *fp; int r, i, j, chalkey_len, len; time_t now; cnt--; switch (*data++) { case RSA_ENCPWD_AUTH: memmove((void *)auth.dat, (void *)data, auth.length = cnt); if ((fp=fopen(key_file, "r"))==NULL) { Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1); auth_finished(ap, AUTH_REJECT); return; } /* * get privkey */ fscanf(fp, "%x;", &len); for (i=0;iway & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) { register int i; time(&now); if ((now % 2) == 0) { sprintf(challenge, "%x", now); challenge_len = strlen(challenge); } else { strcpy(challenge, "randchal"); challenge_len = 8; } if ((fp=fopen(key_file, "r"))==NULL) { Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1); auth_finished(ap, AUTH_REJECT); return; } /* * skip privkey */ fscanf(fp, "%x;", &len); for (i=0;i 0) { printf("[ RSA_ENCPWD refuses authentication because %.*s ]\r\n", cnt, data); } else printf("[ RSA_ENCPWD refuses authentication ]\r\n"); auth_send_retry(); return; case RSA_ENCPWD_ACCEPT: printf("[ RSA_ENCPWD accepts you ]\n"); auth_finished(ap, AUTH_USER); return; case RSA_ENCPWD_CHALLENGEKEY: /* * Verify that the response to the challenge is correct. */ memmove((void *)chalkey, (void *)data, cnt); ptr = (char *) &chalkey[0]; ptr += DecodeHeaderLength(chalkey); if (*ptr != 0x04) { return; } *ptr++; challenge_len = DecodeValueLength(ptr); ptr += NumEncodeLengthOctets(challenge_len); memmove(challenge, ptr, challenge_len); ptr += challenge_len; if (*ptr != 0x04) { return; } *ptr++; pubkey_len = DecodeValueLength(ptr); ptr += NumEncodeLengthOctets(pubkey_len); memmove(pubkey, ptr, pubkey_len); memset(user_passwd, 0, sizeof(user_passwd)); local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0); UserPassword = user_passwd; Challenge = challenge; r = init_rsa_encpwd(&token, user_passwd, challenge, challenge_len, pubkey); if (r < 0) { token.length = 1; } if (!Data(ap, RSA_ENCPWD_AUTH, (void *)token.dat, token.length)) { return; } break; default: return; } } int rsaencpwd_status(ap, name, level) Authenticator *ap; char *name; int level; { if (level < AUTH_USER) return(level); if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) { strcpy(name, UserNameRequested); return(AUTH_VALID); } else { return(AUTH_USER); } } #define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} void rsaencpwd_printsub(data, cnt, buf, buflen) unsigned char *data, *buf; int cnt, buflen; { char lbuf[32]; register int i; buf[buflen-1] = '\0'; /* make sure its NULL terminated */ buflen -= 1; switch(data[3]) { case RSA_ENCPWD_REJECT: /* Rejected (reason might follow) */ strncpy((char *)buf, " REJECT ", buflen); goto common; case RSA_ENCPWD_ACCEPT: /* Accepted (name might follow) */ strncpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) break; ADDC(buf, buflen, '"'); for (i = 4; i < cnt; i++) ADDC(buf, buflen, data[i]); ADDC(buf, buflen, '"'); ADDC(buf, buflen, '\0'); break; case RSA_ENCPWD_AUTH: /* Authentication data follows */ strncpy((char *)buf, " AUTH", buflen); goto common2; case RSA_ENCPWD_CHALLENGEKEY: strncpy((char *)buf, " CHALLENGEKEY", buflen); goto common2; default: sprintf(lbuf, " %d (unknown)", data[3]); strncpy((char *)buf, lbuf, buflen); common2: BUMP(buf, buflen); for (i = 4; i < cnt; i++) { sprintf(lbuf, " %d", data[i]); strncpy((char *)buf, lbuf, buflen); BUMP(buf, buflen); } break; } } int rsaencpwd_passwdok(name, passwd) char *name, *passwd; { char *crypt(); char *salt, *p; struct passwd *pwd; int passwdok_status = 0; if (pwd = getpwnam(name)) salt = pwd->pw_passwd; else salt = "xx"; p = crypt(passwd, salt); if (pwd && !strcmp(p, pwd->pw_passwd)) { passwdok_status = 1; } else passwdok_status = 0; return(passwdok_status); } #endif diff --git a/contrib/telnet/libtelnet/sra.c b/contrib/telnet/libtelnet/sra.c index 4a759685ca42..abacda12b495 100644 --- a/contrib/telnet/libtelnet/sra.c +++ b/contrib/telnet/libtelnet/sra.c @@ -1,602 +1,598 @@ /*- * Copyright (c) 1991, 1993 * Dave Safford. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ -#include - -__FBSDID("$FreeBSD$"); - #ifdef SRA #ifdef ENCRYPTION #include #include #include #include #include #include #include #include #ifndef NOPAM #include #else #include #endif #include "auth.h" #include "misc.h" #include "encrypt.h" #include "pk.h" char pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1]; char *user, *pass, *xuser, *xpass; DesData ck; IdeaData ik; extern int auth_debug_mode; extern char line[]; static int sra_valid = 0; static int passwd_sent = 0; static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, AUTHTYPE_SRA, }; #define SRA_KEY 0 #define SRA_USER 1 #define SRA_CONTINUE 2 #define SRA_PASS 3 #define SRA_ACCEPT 4 #define SRA_REJECT 5 static int check_user(char *, char *); /* support routine to send out authentication message */ static int Data(Authenticator *ap, int type, void *d, int c) { unsigned char *p = str_data + 4; unsigned char *cd = (unsigned char *)d; if (c == -1) c = strlen((char *)cd); if (auth_debug_mode) { printf("%s:%d: [%d] (%d)", str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", str_data[3], type, c); printd(d, c); printf("\r\n"); } *p++ = ap->type; *p++ = ap->way; *p++ = type; while (c-- > 0) { if ((*p++ = *cd++) == IAC) *p++ = IAC; } *p++ = IAC; *p++ = SE; if (str_data[3] == TELQUAL_IS) printsub('>', &str_data[2], p - (&str_data[2])); return(net_write(str_data, p - str_data)); } int sra_init(Authenticator *ap __unused, int server) { if (server) str_data[3] = TELQUAL_REPLY; else str_data[3] = TELQUAL_IS; user = (char *)malloc(256); xuser = (char *)malloc(513); pass = (char *)malloc(256); xpass = (char *)malloc(513); if (user == NULL || xuser == NULL || pass == NULL || xpass == NULL) return 0; /* malloc failed */ passwd_sent = 0; genkeys(pka,ska); return(1); } /* client received a go-ahead for sra */ int sra_send(Authenticator *ap) { /* send PKA */ if (auth_debug_mode) printf("Sent PKA to server.\r\n" ); printf("Trying SRA secure login:\r\n"); if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) { if (auth_debug_mode) printf("Not enough room for authentication data\r\n"); return(0); } return(1); } /* server received an IS -- could be SRA KEY, USER, or PASS */ void sra_is(Authenticator *ap, unsigned char *data, int cnt) { int valid; Session_Key skey; if (cnt-- < 1) goto bad; switch (*data++) { case SRA_KEY: if (cnt < HEXKEYBYTES) { Data(ap, SRA_REJECT, (void *)0, 0); auth_finished(ap, AUTH_USER); if (auth_debug_mode) { printf("SRA user rejected for bad PKB\r\n"); } return; } if (auth_debug_mode) printf("Sent pka\r\n"); if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) { if (auth_debug_mode) printf("Not enough room\r\n"); return; } memcpy(pkb,data,HEXKEYBYTES); pkb[HEXKEYBYTES] = '\0'; common_key(ska,pkb,&ik,&ck); return; case SRA_USER: /* decode KAB(u) */ if (cnt > 512) /* Attempted buffer overflow */ break; memcpy(xuser,data,cnt); xuser[cnt] = '\0'; pk_decode(xuser,user,&ck); auth_encrypt_user(user); Data(ap, SRA_CONTINUE, (void *)0, 0); return; case SRA_PASS: if (cnt > 512) /* Attempted buffer overflow */ break; /* decode KAB(P) */ memcpy(xpass,data,cnt); xpass[cnt] = '\0'; pk_decode(xpass,pass,&ck); /* check user's password */ valid = check_user(user,pass); if(valid) { Data(ap, SRA_ACCEPT, (void *)0, 0); skey.data = ck; skey.type = SK_DES; skey.length = 8; encrypt_session_key(&skey, 1); sra_valid = 1; auth_finished(ap, AUTH_VALID); if (auth_debug_mode) { printf("SRA user accepted\r\n"); } } else { Data(ap, SRA_CONTINUE, (void *)0, 0); /* Data(ap, SRA_REJECT, (void *)0, 0); sra_valid = 0; auth_finished(ap, AUTH_REJECT); */ if (auth_debug_mode) { printf("SRA user failed\r\n"); } } return; default: if (auth_debug_mode) printf("Unknown SRA option %d\r\n", data[-1]); } bad: Data(ap, SRA_REJECT, 0, 0); sra_valid = 0; auth_finished(ap, AUTH_REJECT); } /* client received REPLY -- could be SRA KEY, CONTINUE, ACCEPT, or REJECT */ void sra_reply(Authenticator *ap, unsigned char *data, int cnt) { char uprompt[256],tuser[256]; Session_Key skey; size_t i; if (cnt-- < 1) return; switch (*data++) { case SRA_KEY: /* calculate common key */ if (cnt < HEXKEYBYTES) { if (auth_debug_mode) { printf("SRA user rejected for bad PKB\r\n"); } return; } memcpy(pkb,data,HEXKEYBYTES); pkb[HEXKEYBYTES] = '\0'; common_key(ska,pkb,&ik,&ck); enc_user: /* encode user */ memset(tuser,0,sizeof(tuser)); sprintf(uprompt,"User (%s): ",UserNameRequested); telnet_gets(uprompt,tuser,255,1); if (tuser[0] == '\n' || tuser[0] == '\r' ) strcpy(user,UserNameRequested); else { /* telnet_gets leaves the newline on */ for(i=0;i 0) {*(buf)++ = (c); --(len);} void sra_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { char lbuf[32]; int i; buf[buflen-1] = '\0'; /* make sure its NULL terminated */ buflen -= 1; switch(data[3]) { case SRA_CONTINUE: strncpy((char *)buf, " CONTINUE ", buflen); goto common; case SRA_REJECT: /* Rejected (reason might follow) */ strncpy((char *)buf, " REJECT ", buflen); goto common; case SRA_ACCEPT: /* Accepted (name might follow) */ strncpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) break; ADDC(buf, buflen, '"'); for (i = 4; i < cnt; i++) ADDC(buf, buflen, data[i]); ADDC(buf, buflen, '"'); ADDC(buf, buflen, '\0'); break; case SRA_KEY: /* Authentication data follows */ strncpy((char *)buf, " KEY ", buflen); goto common2; case SRA_USER: strncpy((char *)buf, " USER ", buflen); goto common2; case SRA_PASS: strncpy((char *)buf, " PASS ", buflen); goto common2; default: sprintf(lbuf, " %d (unknown)", data[3]); strncpy((char *)buf, lbuf, buflen); common2: BUMP(buf, buflen); for (i = 4; i < cnt; i++) { sprintf(lbuf, " %d", data[i]); strncpy((char *)buf, lbuf, buflen); BUMP(buf, buflen); } break; } } static int isroot(const char *usr) { struct passwd *pwd; if ((pwd=getpwnam(usr))==NULL) return 0; return (!pwd->pw_uid); } static int rootterm(char *ttyn) { struct ttyent *t; return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE); } #ifdef NOPAM static int check_user(char *name, char *cred) { char *cp; char *xpasswd, *salt; if (isroot(name) && !rootterm(line)) { crypt("AA","*"); /* Waste some time to simulate success */ return(0); } if (pw = sgetpwnam(name)) { if (pw->pw_shell == NULL) { pw = (struct passwd *) NULL; return(0); } salt = pw->pw_passwd; xpasswd = crypt(cred, salt); /* The strcmp does not catch null passwords! */ if (pw == NULL || *pw->pw_passwd == '\0' || strcmp(xpasswd, pw->pw_passwd)) { pw = (struct passwd *) NULL; return(0); } return(1); } return(0); } #else /* * The following is stolen from ftpd, which stole it from the imap-uw * PAM module and login.c. It is needed because we can't really * "converse" with the user, having already gone to the trouble of * getting their username and password through an encrypted channel. */ #define COPY_STRING(s) (s ? strdup(s):NULL) struct cred_t { const char *uname; const char *pass; }; typedef struct cred_t cred_t; static int auth_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata) { int i; cred_t *cred = (cred_t *) appdata; struct pam_response *reply = malloc(sizeof(struct pam_response) * num_msg); if (reply == NULL) return PAM_BUF_ERR; for (i = 0; i < num_msg; i++) { switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_ON: /* assume want user name */ reply[i].resp_retcode = PAM_SUCCESS; reply[i].resp = COPY_STRING(cred->uname); /* PAM frees resp. */ break; case PAM_PROMPT_ECHO_OFF: /* assume want password */ reply[i].resp_retcode = PAM_SUCCESS; reply[i].resp = COPY_STRING(cred->pass); /* PAM frees resp. */ break; case PAM_TEXT_INFO: case PAM_ERROR_MSG: reply[i].resp_retcode = PAM_SUCCESS; reply[i].resp = NULL; break; default: /* unknown message style */ free(reply); return PAM_CONV_ERR; } } *resp = reply; return PAM_SUCCESS; } /* * The PAM version as a side effect may put a new username in *name. */ static int check_user(char *name, char *cred) { pam_handle_t *pamh = NULL; const void *item; int rval; int e; cred_t auth_cred = { name, cred }; struct pam_conv conv = { &auth_conv, &auth_cred }; e = pam_start("telnetd", name, &conv, &pamh); if (e != PAM_SUCCESS) { syslog(LOG_ERR, "pam_start: %s", pam_strerror(pamh, e)); return 0; } #if 0 /* Where can we find this value? */ e = pam_set_item(pamh, PAM_RHOST, remotehost); if (e != PAM_SUCCESS) { syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s", pam_strerror(pamh, e)); return 0; } #endif e = pam_authenticate(pamh, 0); switch (e) { case PAM_SUCCESS: /* * With PAM we support the concept of a "template" * user. The user enters a login name which is * authenticated by PAM, usually via a remote service * such as RADIUS or TACACS+. If authentication * succeeds, a different but related "template" name * is used for setting the credentials, shell, and * home directory. The name the user enters need only * exist on the remote authentication server, but the * template name must be present in the local password * database. * * This is supported by two various mechanisms in the * individual modules. However, from the application's * point of view, the template user is always passed * back as a changed value of the PAM_USER item. */ if ((e = pam_get_item(pamh, PAM_USER, &item)) == PAM_SUCCESS) { strcpy(name, item); } else syslog(LOG_ERR, "Couldn't get PAM_USER: %s", pam_strerror(pamh, e)); if (isroot(name) && !rootterm(line)) rval = 0; else rval = 1; break; case PAM_AUTH_ERR: case PAM_USER_UNKNOWN: case PAM_MAXTRIES: rval = 0; break; default: syslog(LOG_ERR, "auth_pam: %s", pam_strerror(pamh, e)); rval = 0; break; } if ((e = pam_end(pamh, e)) != PAM_SUCCESS) { syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); rval = 0; } return rval; } #endif #endif /* ENCRYPTION */ #endif /* SRA */ diff --git a/contrib/telnet/telnet/authenc.c b/contrib/telnet/telnet/authenc.c index 593d061d125d..6fd4b9f4dd85 100644 --- a/contrib/telnet/telnet/authenc.c +++ b/contrib/telnet/telnet/authenc.c @@ -1,107 +1,105 @@ /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if 0 #ifndef lint static const char sccsid[] = "@(#)authenc.c 8.1 (Berkeley) 6/6/93"; #endif #endif -#include -__FBSDID("$FreeBSD$"); #ifdef AUTHENTICATION #ifdef ENCRYPTION #include #include #include #include #include #include #include "general.h" #include "ring.h" #include "externs.h" #include "defines.h" #include "types.h" int net_write(unsigned char *str, int len) { if (NETROOM() > len) { ring_supply_data(&netoring, str, len); if (str[0] == IAC && str[1] == SE) printsub('>', &str[2], len-2); return(len); } return(0); } void net_encrypt(void) { #ifdef ENCRYPTION if (encrypt_output) ring_encrypt(&netoring, encrypt_output); else ring_clearto(&netoring); #endif /* ENCRYPTION */ } int telnet_spin(void) { return(-1); } char * telnet_getenv(char *val) { return((char *)env_getvalue((unsigned char *)val)); } char * telnet_gets(const char *prom, char *result, int length, int echo) { extern int globalmode; int om = globalmode; char *res; TerminalNewMode(-1); if (echo) { printf("%s", prom); res = fgets(result, length, stdin); } else if ((res = getpass(prom))) { strncpy(result, res, length); res = result; } TerminalNewMode(om); return(res); } #endif /* ENCRYPTION */ #endif /* AUTHENTICATION */ diff --git a/contrib/telnet/telnet/commands.c b/contrib/telnet/telnet/commands.c index dbc06a10b9c6..ca3460e455ad 100644 --- a/contrib/telnet/telnet/commands.c +++ b/contrib/telnet/telnet/commands.c @@ -1,3016 +1,3014 @@ /* * Copyright (c) 1988, 1990, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if 0 #ifndef lint static const char sccsid[] = "@(#)commands.c 8.4 (Berkeley) 5/30/95"; #endif #endif -#include -__FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "general.h" #include "ring.h" #include "externs.h" #include "defines.h" #include "types.h" #include "misc.h" #ifdef AUTHENTICATION #include #endif #ifdef ENCRYPTION #include #endif #include #include #include #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 256 #endif typedef int (*intrtn_t)(int, char **); #ifdef AUTHENTICATION extern int auth_togdebug(int); #endif #ifdef ENCRYPTION extern int EncryptAutoEnc(int); extern int EncryptAutoDec(int); extern int EncryptDebug(int); extern int EncryptVerbose(int); #endif /* ENCRYPTION */ #if defined(IPPROTO_IP) && defined(IP_TOS) int tos = -1; #endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ char *hostname; static char _hostname[MAXHOSTNAMELEN]; static int help(int, char **); static int call(intrtn_t, ...); static void cmdrc(char *, char *); #ifdef INET6 static int switch_af(struct addrinfo **); #endif static int togglehelp(void); static int send_tncmd(void (*)(int, int), const char *, char *); static int setmod(int); static int clearmode(int); static int modehelp(void); static int sourceroute(struct addrinfo *, char *, unsigned char **, int *, int *, int *); typedef struct { const char *name; /* command name */ const char *help; /* help string (NULL for no help) */ int (*handler)(int, char **); /* routine which executes command */ int needconnect; /* Do we need to be connected to execute? */ } Command; static char line[256]; static char saveline[256]; static int margc; static char *margv[20]; int quiet_mode; #ifdef OPIE #include #define PATH_OPIEKEY "/usr/bin/opiekey" static int opie_calc(int argc, char *argv[]) { int status; if(argc != 3) { printf("%s sequence challenge\n", argv[0]); return (0); } switch(fork()) { case 0: execv(PATH_OPIEKEY, argv); exit (1); case -1: perror("fork"); break; default: (void) wait(&status); if (WIFEXITED(status)) return (WEXITSTATUS(status)); } return (0); } #endif static void makeargv(void) { char *cp, *cp2, c; char **argp = margv; margc = 0; cp = line; if (*cp == '!') { /* Special case shell escape */ strcpy(saveline, line); /* save for shell command */ *argp++ = strdup("!"); /* No room in string to get this */ margc++; cp++; } while ((c = *cp)) { int inquote = 0; while (isspace(c)) c = *++cp; if (c == '\0') break; *argp++ = cp; margc += 1; for (cp2 = cp; c != '\0'; c = *++cp) { if (inquote) { if (c == inquote) { inquote = 0; continue; } } else { if (c == '\\') { if ((c = *++cp) == '\0') break; } else if (c == '"') { inquote = '"'; continue; } else if (c == '\'') { inquote = '\''; continue; } else if (isspace(c)) break; } *cp2++ = c; } *cp2 = '\0'; if (c == '\0') break; cp++; } *argp++ = 0; } /* * Make a character string into a number. * * Todo: 1. Could take random integers (12, 0x12, 012, 0b1). */ static int special(char *s) { char c; char b; switch (*s) { case '^': b = *++s; if (b == '?') { c = b | 0x40; /* DEL */ } else { c = b & 0x1f; } break; default: c = *s; break; } return c; } /* * Construct a control character sequence * for a special character. */ static const char * control(cc_t c) { static char buf[5]; /* * The only way I could get the Sun 3.5 compiler * to shut up about * if ((unsigned int)c >= 0x80) * was to assign "c" to an unsigned int variable... * Arggg.... */ unsigned int uic = (unsigned int)c; if (uic == 0x7f) return ("^?"); if (c == (cc_t)_POSIX_VDISABLE) { return "off"; } if (uic >= 0x80) { buf[0] = '\\'; buf[1] = ((c>>6)&07) + '0'; buf[2] = ((c>>3)&07) + '0'; buf[3] = (c&07) + '0'; buf[4] = 0; } else if (uic >= 0x20) { buf[0] = c; buf[1] = 0; } else { buf[0] = '^'; buf[1] = '@'+c; buf[2] = 0; } return (buf); } /* * The following are data structures and routines for * the "send" command. * */ struct sendlist { const char *name; /* How user refers to it (case independent) */ const char *help; /* Help information (0 ==> no help) */ int needconnect; /* Need to be connected */ int narg; /* Number of arguments */ int (*handler)(char *, ...); /* Routine to perform (for special ops) */ int nbyte; /* Number of bytes to send this command */ int what; /* Character to be sent (<0 ==> special) */ }; static int send_esc(void), send_help(void), send_docmd(char *), send_dontcmd(char *), send_willcmd(char *), send_wontcmd(char *); static struct sendlist Sendlist[] = { { "ao", "Send Telnet Abort output", 1, 0, NULL, 2, AO }, { "ayt", "Send Telnet 'Are You There'", 1, 0, NULL, 2, AYT }, { "brk", "Send Telnet Break", 1, 0, NULL, 2, BREAK }, { "break", NULL, 1, 0, NULL, 2, BREAK }, { "ec", "Send Telnet Erase Character", 1, 0, NULL, 2, EC }, { "el", "Send Telnet Erase Line", 1, 0, NULL, 2, EL }, { "escape", "Send current escape character",1, 0, (int (*)(char *, ...))send_esc, 1, 0 }, { "ga", "Send Telnet 'Go Ahead' sequence", 1, 0, NULL, 2, GA }, { "ip", "Send Telnet Interrupt Process",1, 0, NULL, 2, IP }, { "intp", NULL, 1, 0, NULL, 2, IP }, { "interrupt", NULL, 1, 0, NULL, 2, IP }, { "intr", NULL, 1, 0, NULL, 2, IP }, { "nop", "Send Telnet 'No operation'", 1, 0, NULL, 2, NOP }, { "eor", "Send Telnet 'End of Record'", 1, 0, NULL, 2, EOR }, { "abort", "Send Telnet 'Abort Process'", 1, 0, NULL, 2, ABORT }, { "susp", "Send Telnet 'Suspend Process'",1, 0, NULL, 2, SUSP }, { "eof", "Send Telnet End of File Character", 1, 0, NULL, 2, xEOF }, { "synch", "Perform Telnet 'Synch operation'", 1, 0, (int (*)(char *, ...))dosynch, 2, 0 }, { "getstatus", "Send request for STATUS", 1, 0, (int (*)(char *, ...))get_status, 6, 0 }, { "?", "Display send options", 0, 0, (int (*)(char *, ...))send_help, 0, 0 }, { "help", NULL, 0, 0, (int (*)(char *, ...))send_help, 0, 0 }, { "do", NULL, 0, 1, (int (*)(char *, ...))send_docmd, 3, 0 }, { "dont", NULL, 0, 1, (int (*)(char *, ...))send_dontcmd, 3, 0 }, { "will", NULL, 0, 1, (int (*)(char *, ...))send_willcmd, 3, 0 }, { "wont", NULL, 0, 1, (int (*)(char *, ...))send_wontcmd, 3, 0 }, { NULL, NULL, 0, 0, NULL, 0, 0 } }; #define GETSEND(name) ((struct sendlist *) genget(name, (char **) Sendlist, \ sizeof(struct sendlist))) static int sendcmd(int argc, char *argv[]) { int count; /* how many bytes we are going to need to send */ int i; struct sendlist *s; /* pointer to current command */ int success = 0; int needconnect = 0; if (argc < 2) { printf("need at least one argument for 'send' command\n"); printf("'send ?' for help\n"); return 0; } /* * First, validate all the send arguments. * In addition, we see how much space we are going to need, and * whether or not we will be doing a "SYNCH" operation (which * flushes the network queue). */ count = 0; for (i = 1; i < argc; i++) { s = GETSEND(argv[i]); if (s == 0) { printf("Unknown send argument '%s'\n'send ?' for help.\n", argv[i]); return 0; } else if (Ambiguous((void *)s)) { printf("Ambiguous send argument '%s'\n'send ?' for help.\n", argv[i]); return 0; } if (i + s->narg >= argc) { fprintf(stderr, "Need %d argument%s to 'send %s' command. 'send %s ?' for help.\n", s->narg, s->narg == 1 ? "" : "s", s->name, s->name); return 0; } count += s->nbyte; if ((void *)s->handler == (void *)send_help) { send_help(); return 0; } i += s->narg; needconnect += s->needconnect; } if (!connected && needconnect) { printf("?Need to be connected first.\n"); printf("'send ?' for help\n"); return 0; } /* Now, do we have enough room? */ if (NETROOM() < count) { printf("There is not enough room in the buffer TO the network\n"); printf("to process your request. Nothing will be done.\n"); printf("('send synch' will throw away most data in the network\n"); printf("buffer, if this might help.)\n"); return 0; } /* OK, they are all OK, now go through again and actually send */ count = 0; for (i = 1; i < argc; i++) { if ((s = GETSEND(argv[i])) == 0) { fprintf(stderr, "Telnet 'send' error - argument disappeared!\n"); quit(); /*NOTREACHED*/ } if (s->handler) { count++; success += (*s->handler)((s->narg > 0) ? argv[i+1] : 0, (s->narg > 1) ? argv[i+2] : 0); i += s->narg; } else { NET2ADD(IAC, s->what); printoption("SENT", IAC, s->what); } } return (count == success); } static int send_esc(void) { NETADD(escape); return 1; } static int send_docmd(char *name) { return(send_tncmd(send_do, "do", name)); } static int send_dontcmd(char *name) { return(send_tncmd(send_dont, "dont", name)); } static int send_willcmd(char *name) { return(send_tncmd(send_will, "will", name)); } static int send_wontcmd(char *name) { return(send_tncmd(send_wont, "wont", name)); } static int send_tncmd(void (*func)(int, int), const char *cmd, char *name) { char **cpp; extern char *telopts[]; int val = 0; if (isprefix(name, "help") || isprefix(name, "?")) { int col, len; printf("usage: send %s \n", cmd); printf("\"value\" must be from 0 to 255\n"); printf("Valid options are:\n\t"); col = 8; for (cpp = telopts; *cpp; cpp++) { len = strlen(*cpp) + 3; if (col + len > 65) { printf("\n\t"); col = 8; } printf(" \"%s\"", *cpp); col += len; } printf("\n"); return 0; } cpp = (char **)genget(name, telopts, sizeof(char *)); if (Ambiguous(cpp)) { fprintf(stderr,"'%s': ambiguous argument ('send %s ?' for help).\n", name, cmd); return 0; } if (cpp) { val = cpp - telopts; } else { char *cp = name; while (*cp >= '0' && *cp <= '9') { val *= 10; val += *cp - '0'; cp++; } if (*cp != 0) { fprintf(stderr, "'%s': unknown argument ('send %s ?' for help).\n", name, cmd); return 0; } else if (val < 0 || val > 255) { fprintf(stderr, "'%s': bad value ('send %s ?' for help).\n", name, cmd); return 0; } } if (!connected) { printf("?Need to be connected first.\n"); return 0; } (*func)(val, 1); return 1; } static int send_help(void) { struct sendlist *s; /* pointer to current command */ for (s = Sendlist; s->name; s++) { if (s->help) printf("%-15s %s\n", s->name, s->help); } return(0); } /* * The following are the routines and data structures referred * to by the arguments to the "toggle" command. */ static int lclchars(void) { donelclchars = 1; return 1; } static int togdebug(void) { #ifndef NOT43 if (net > 0 && (SetSockOpt(net, SOL_SOCKET, SO_DEBUG, telnet_debug)) < 0) { perror("setsockopt (SO_DEBUG)"); } #else /* NOT43 */ if (telnet_debug) { if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) perror("setsockopt (SO_DEBUG)"); } else printf("Cannot turn off socket debugging\n"); #endif /* NOT43 */ return 1; } static int togcrlf(void) { if (crlf) { printf("Will send carriage returns as telnet .\n"); } else { printf("Will send carriage returns as telnet .\n"); } return 1; } int binmode; static int togbinary(int val) { donebinarytoggle = 1; if (val >= 0) { binmode = val; } else { if (my_want_state_is_will(TELOPT_BINARY) && my_want_state_is_do(TELOPT_BINARY)) { binmode = 1; } else if (my_want_state_is_wont(TELOPT_BINARY) && my_want_state_is_dont(TELOPT_BINARY)) { binmode = 0; } val = binmode ? 0 : 1; } if (val == 1) { if (my_want_state_is_will(TELOPT_BINARY) && my_want_state_is_do(TELOPT_BINARY)) { printf("Already operating in binary mode with remote host.\n"); } else { printf("Negotiating binary mode with remote host.\n"); tel_enter_binary(3); } } else { if (my_want_state_is_wont(TELOPT_BINARY) && my_want_state_is_dont(TELOPT_BINARY)) { printf("Already in network ascii mode with remote host.\n"); } else { printf("Negotiating network ascii mode with remote host.\n"); tel_leave_binary(3); } } return 1; } static int togrbinary(int val) { donebinarytoggle = 1; if (val == -1) val = my_want_state_is_do(TELOPT_BINARY) ? 0 : 1; if (val == 1) { if (my_want_state_is_do(TELOPT_BINARY)) { printf("Already receiving in binary mode.\n"); } else { printf("Negotiating binary mode on input.\n"); tel_enter_binary(1); } } else { if (my_want_state_is_dont(TELOPT_BINARY)) { printf("Already receiving in network ascii mode.\n"); } else { printf("Negotiating network ascii mode on input.\n"); tel_leave_binary(1); } } return 1; } static int togxbinary(int val) { donebinarytoggle = 1; if (val == -1) val = my_want_state_is_will(TELOPT_BINARY) ? 0 : 1; if (val == 1) { if (my_want_state_is_will(TELOPT_BINARY)) { printf("Already transmitting in binary mode.\n"); } else { printf("Negotiating binary mode on output.\n"); tel_enter_binary(2); } } else { if (my_want_state_is_wont(TELOPT_BINARY)) { printf("Already transmitting in network ascii mode.\n"); } else { printf("Negotiating network ascii mode on output.\n"); tel_leave_binary(2); } } return 1; } struct togglelist { const char *name; /* name of toggle */ const char *help; /* help message */ int (*handler)(int); /* routine to do actual setting */ int *variable; const char *actionexplanation; }; static struct togglelist Togglelist[] = { { "autoflush", "flushing of output when sending interrupt characters", 0, &autoflush, "flush output when sending interrupt characters" }, { "autosynch", "automatic sending of interrupt characters in urgent mode", 0, &autosynch, "send interrupt characters in urgent mode" }, #ifdef AUTHENTICATION { "autologin", "automatic sending of login and/or authentication info", 0, &autologin, "send login name and/or authentication information" }, { "authdebug", "Toggle authentication debugging", auth_togdebug, 0, "print authentication debugging information" }, #endif #ifdef ENCRYPTION { "autoencrypt", "automatic encryption of data stream", EncryptAutoEnc, 0, "automatically encrypt output" }, { "autodecrypt", "automatic decryption of data stream", EncryptAutoDec, 0, "automatically decrypt input" }, { "verbose_encrypt", "Toggle verbose encryption output", EncryptVerbose, 0, "print verbose encryption output" }, { "encdebug", "Toggle encryption debugging", EncryptDebug, 0, "print encryption debugging information" }, #endif /* ENCRYPTION */ { "skiprc", "don't read ~/.telnetrc file", 0, &skiprc, "skip reading of ~/.telnetrc file" }, { "binary", "sending and receiving of binary data", togbinary, 0, 0 }, { "inbinary", "receiving of binary data", togrbinary, 0, 0 }, { "outbinary", "sending of binary data", togxbinary, 0, 0 }, { "crlf", "sending carriage returns as telnet ", (int (*)(int))togcrlf, &crlf, 0 }, { "crmod", "mapping of received carriage returns", 0, &crmod, "map carriage return on output" }, { "localchars", "local recognition of certain control characters", (int (*)(int))lclchars, &localchars, "recognize certain control characters" }, { " ", "", NULL, NULL, NULL }, /* empty line */ { "debug", "debugging", (int (*)(int))togdebug, &telnet_debug, "turn on socket level debugging" }, { "netdata", "printing of hexadecimal network data (debugging)", 0, &netdata, "print hexadecimal representation of network traffic" }, { "prettydump", "output of \"netdata\" to user readable format (debugging)", 0, &prettydump, "print user readable output for \"netdata\"" }, { "options", "viewing of options processing (debugging)", 0, &showoptions, "show option processing" }, { "termdata", "(debugging) toggle printing of hexadecimal terminal data", 0, &termdata, "print hexadecimal representation of terminal traffic" }, { "?", NULL, (int (*)(int))togglehelp, NULL, NULL }, { NULL, NULL, NULL, NULL, NULL }, { "help", NULL, (int (*)(int))togglehelp, NULL, NULL }, { NULL, NULL, NULL, NULL, NULL } }; static int togglehelp(void) { struct togglelist *c; for (c = Togglelist; c->name; c++) { if (c->help) { if (*c->help) printf("%-15s toggle %s\n", c->name, c->help); else printf("\n"); } } printf("\n"); printf("%-15s %s\n", "?", "display help information"); return 0; } static void settogglehelp(int set) { struct togglelist *c; for (c = Togglelist; c->name; c++) { if (c->help) { if (*c->help) printf("%-15s %s %s\n", c->name, set ? "enable" : "disable", c->help); else printf("\n"); } } } #define GETTOGGLE(name) (struct togglelist *) \ genget(name, (char **) Togglelist, sizeof(struct togglelist)) static int toggle(int argc, char *argv[]) { int retval = 1; char *name; struct togglelist *c; if (argc < 2) { fprintf(stderr, "Need an argument to 'toggle' command. 'toggle ?' for help.\n"); return 0; } argc--; argv++; while (argc--) { name = *argv++; c = GETTOGGLE(name); if (Ambiguous((void *)c)) { fprintf(stderr, "'%s': ambiguous argument ('toggle ?' for help).\n", name); return 0; } else if (c == 0) { fprintf(stderr, "'%s': unknown argument ('toggle ?' for help).\n", name); return 0; } else { if (c->variable) { *c->variable = !*c->variable; /* invert it */ if (c->actionexplanation) { printf("%s %s.\n", *c->variable? "Will" : "Won't", c->actionexplanation); } } if (c->handler) { retval &= (*c->handler)(-1); } } } return retval; } /* * The following perform the "set" command. */ #ifdef USE_TERMIO struct termio new_tc = { 0, 0, 0, 0, {}, 0, 0 }; #endif struct setlist { const char *name; /* name */ const char *help; /* help information */ void (*handler)(char *); cc_t *charp; /* where it is located at */ }; static struct setlist Setlist[] = { #ifdef KLUDGELINEMODE { "echo", "character to toggle local echoing on/off", NULL, &echoc }, #endif { "escape", "character to escape back to telnet command mode", NULL, &escape }, { "rlogin", "rlogin escape character", 0, &rlogin }, { "tracefile", "file to write trace information to", SetNetTrace, (cc_t *)NetTraceFile}, { " ", "", NULL, NULL }, { " ", "The following need 'localchars' to be toggled true", NULL, NULL }, { "flushoutput", "character to cause an Abort Output", NULL, termFlushCharp }, { "interrupt", "character to cause an Interrupt Process", NULL, termIntCharp }, { "quit", "character to cause an Abort process", NULL, termQuitCharp }, { "eof", "character to cause an EOF ", NULL, termEofCharp }, { " ", "", NULL, NULL }, { " ", "The following are for local editing in linemode", NULL, NULL }, { "erase", "character to use to erase a character", NULL, termEraseCharp }, { "kill", "character to use to erase a line", NULL, termKillCharp }, { "lnext", "character to use for literal next", NULL, termLiteralNextCharp }, { "susp", "character to cause a Suspend Process", NULL, termSuspCharp }, { "reprint", "character to use for line reprint", NULL, termRprntCharp }, { "worderase", "character to use to erase a word", NULL, termWerasCharp }, { "start", "character to use for XON", NULL, termStartCharp }, { "stop", "character to use for XOFF", NULL, termStopCharp }, { "forw1", "alternate end of line character", NULL, termForw1Charp }, { "forw2", "alternate end of line character", NULL, termForw2Charp }, { "ayt", "alternate AYT character", NULL, termAytCharp }, { "baudrate", "set remote baud rate", DoBaudRate, ComPortBaudRate }, { NULL, NULL, NULL, NULL } }; static struct setlist * getset(char *name) { return (struct setlist *) genget(name, (char **) Setlist, sizeof(struct setlist)); } void set_escape_char(char *s) { if (rlogin != _POSIX_VDISABLE) { rlogin = (s && *s) ? special(s) : _POSIX_VDISABLE; printf("Telnet rlogin escape character is '%s'.\n", control(rlogin)); } else { escape = (s && *s) ? special(s) : _POSIX_VDISABLE; printf("Telnet escape character is '%s'.\n", control(escape)); } } static int setcmd(int argc, char *argv[]) { int value; struct setlist *ct; struct togglelist *c; if (argc < 2 || argc > 3) { printf("Format is 'set Name Value'\n'set ?' for help.\n"); return 0; } if ((argc == 2) && (isprefix(argv[1], "?") || isprefix(argv[1], "help"))) { for (ct = Setlist; ct->name; ct++) printf("%-15s %s\n", ct->name, ct->help); printf("\n"); settogglehelp(1); printf("%-15s %s\n", "?", "display help information"); return 0; } ct = getset(argv[1]); if (ct == 0 || !(ct->name && ct->name[0] != ' ')) { c = GETTOGGLE(argv[1]); if (c == 0) { fprintf(stderr, "'%s': unknown argument ('set ?' for help).\n", argv[1]); return 0; } else if (Ambiguous((void *)c)) { fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\n", argv[1]); return 0; } if (c->variable) { if ((argc == 2) || (strcmp("on", argv[2]) == 0)) *c->variable = 1; else if (strcmp("off", argv[2]) == 0) *c->variable = 0; else { printf("Format is 'set togglename [on|off]'\n'set ?' for help.\n"); return 0; } if (c->actionexplanation) { printf("%s %s.\n", *c->variable? "Will" : "Won't", c->actionexplanation); } } if (c->handler) (*c->handler)(1); } else if (argc != 3) { printf("Format is 'set Name Value'\n'set ?' for help.\n"); return 0; } else if (Ambiguous((void *)ct)) { fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\n", argv[1]); return 0; } else if (ct->handler) { (*ct->handler)(argv[2]); printf("%s set to \"%s\".\n", ct->name, (char *)ct->charp); } else { if (strcmp("off", argv[2])) { value = special(argv[2]); } else { value = _POSIX_VDISABLE; } *(ct->charp) = (cc_t)value; printf("%s character is '%s'.\n", ct->name, control(*(ct->charp))); } slc_check(); return 1; } static int unsetcmd(int argc, char *argv[]) { struct setlist *ct; struct togglelist *c; char *name; if (argc < 2) { fprintf(stderr, "Need an argument to 'unset' command. 'unset ?' for help.\n"); return 0; } if (isprefix(argv[1], "?") || isprefix(argv[1], "help")) { for (ct = Setlist; ct->name; ct++) printf("%-15s %s\n", ct->name, ct->help); printf("\n"); settogglehelp(0); printf("%-15s %s\n", "?", "display help information"); return 0; } argc--; argv++; while (argc--) { name = *argv++; ct = getset(name); if (ct == 0 || !(ct->name && ct->name[0] != ' ')) { c = GETTOGGLE(name); if (c == 0) { fprintf(stderr, "'%s': unknown argument ('unset ?' for help).\n", name); return 0; } else if (Ambiguous((void *)c)) { fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\n", name); return 0; } if (c->variable) { *c->variable = 0; if (c->actionexplanation) { printf("%s %s.\n", *c->variable? "Will" : "Won't", c->actionexplanation); } } if (c->handler) (*c->handler)(0); } else if (Ambiguous((void *)ct)) { fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\n", name); return 0; } else if (ct->handler) { (*ct->handler)(0); printf("%s reset to \"%s\".\n", ct->name, (char *)ct->charp); } else { *(ct->charp) = _POSIX_VDISABLE; printf("%s character is '%s'.\n", ct->name, control(*(ct->charp))); } } return 1; } /* * The following are the data structures and routines for the * 'mode' command. */ #ifdef KLUDGELINEMODE extern int kludgelinemode; static int dokludgemode(void) { kludgelinemode = 1; send_wont(TELOPT_LINEMODE, 1); send_dont(TELOPT_SGA, 1); send_dont(TELOPT_ECHO, 1); return 1; } #endif static int dolinemode(void) { #ifdef KLUDGELINEMODE if (kludgelinemode) send_dont(TELOPT_SGA, 1); #endif send_will(TELOPT_LINEMODE, 1); send_dont(TELOPT_ECHO, 1); return 1; } static int docharmode(void) { #ifdef KLUDGELINEMODE if (kludgelinemode) send_do(TELOPT_SGA, 1); else #endif send_wont(TELOPT_LINEMODE, 1); send_do(TELOPT_ECHO, 1); return 1; } static int dolmmode(int bit, int on) { unsigned char c; extern int linemode; if (my_want_state_is_wont(TELOPT_LINEMODE)) { printf("?Need to have LINEMODE option enabled first.\n"); printf("'mode ?' for help.\n"); return 0; } if (on) c = (linemode | bit); else c = (linemode & ~bit); lm_mode(&c, 1, 1); return 1; } static int setmod(int bit) { return dolmmode(bit, 1); } static int clearmode(int bit) { return dolmmode(bit, 0); } struct modelist { const char *name; /* command name */ const char *help; /* help string */ int (*handler)(int);/* routine which executes command */ int needconnect; /* Do we need to be connected to execute? */ int arg1; }; static struct modelist ModeList[] = { { "character", "Disable LINEMODE option", (int (*)(int))docharmode, 1, 0 }, #ifdef KLUDGELINEMODE { "", "(or disable obsolete line-by-line mode)", NULL, 0, 0 }, #endif { "line", "Enable LINEMODE option", (int (*)(int))dolinemode, 1, 0 }, #ifdef KLUDGELINEMODE { "", "(or enable obsolete line-by-line mode)", NULL, 0, 0 }, #endif { "", "", NULL, 0, 0 }, { "", "These require the LINEMODE option to be enabled", NULL, 0, 0 }, { "isig", "Enable signal trapping", setmod, 1, MODE_TRAPSIG }, { "+isig", 0, setmod, 1, MODE_TRAPSIG }, { "-isig", "Disable signal trapping", clearmode, 1, MODE_TRAPSIG }, { "edit", "Enable character editing", setmod, 1, MODE_EDIT }, { "+edit", 0, setmod, 1, MODE_EDIT }, { "-edit", "Disable character editing", clearmode, 1, MODE_EDIT }, { "softtabs", "Enable tab expansion", setmod, 1, MODE_SOFT_TAB }, { "+softtabs", 0, setmod, 1, MODE_SOFT_TAB }, { "-softtabs", "Disable character editing", clearmode, 1, MODE_SOFT_TAB }, { "litecho", "Enable literal character echo", setmod, 1, MODE_LIT_ECHO }, { "+litecho", 0, setmod, 1, MODE_LIT_ECHO }, { "-litecho", "Disable literal character echo", clearmode, 1, MODE_LIT_ECHO }, { "help", 0, (int (*)(int))modehelp, 0, 0 }, #ifdef KLUDGELINEMODE { "kludgeline", 0, (int (*)(int))dokludgemode, 1, 0 }, #endif { "", "", NULL, 0, 0 }, { "?", "Print help information", (int (*)(int))modehelp, 0, 0 }, { NULL, NULL, NULL, 0, 0 }, }; static int modehelp(void) { struct modelist *mt; printf("format is: 'mode Mode', where 'Mode' is one of:\n\n"); for (mt = ModeList; mt->name; mt++) { if (mt->help) { if (*mt->help) printf("%-15s %s\n", mt->name, mt->help); else printf("\n"); } } return 0; } #define GETMODECMD(name) (struct modelist *) \ genget(name, (char **) ModeList, sizeof(struct modelist)) static int modecmd(int argc, char *argv[]) { struct modelist *mt; if (argc != 2) { printf("'mode' command requires an argument\n"); printf("'mode ?' for help.\n"); } else if ((mt = GETMODECMD(argv[1])) == 0) { fprintf(stderr, "Unknown mode '%s' ('mode ?' for help).\n", argv[1]); } else if (Ambiguous((void *)mt)) { fprintf(stderr, "Ambiguous mode '%s' ('mode ?' for help).\n", argv[1]); } else if (mt->needconnect && !connected) { printf("?Need to be connected first.\n"); printf("'mode ?' for help.\n"); } else if (mt->handler) { return (*mt->handler)(mt->arg1); } return 0; } /* * The following data structures and routines implement the * "display" command. */ static int display(int argc, char *argv[]) { struct togglelist *tl; struct setlist *sl; #define dotog(tl) if (tl->variable && tl->actionexplanation) { \ if (*tl->variable) { \ printf("will"); \ } else { \ printf("won't"); \ } \ printf(" %s.\n", tl->actionexplanation); \ } #define doset(sl) if (sl->name && *sl->name != ' ') { \ if (sl->handler == 0) \ printf("%-15s [%s]\n", sl->name, control(*sl->charp)); \ else \ printf("%-15s \"%s\"\n", sl->name, (char *)sl->charp); \ } if (argc == 1) { for (tl = Togglelist; tl->name; tl++) { dotog(tl); } printf("\n"); for (sl = Setlist; sl->name; sl++) { doset(sl); } } else { int i; for (i = 1; i < argc; i++) { sl = getset(argv[i]); tl = GETTOGGLE(argv[i]); if (Ambiguous((void *)sl) || Ambiguous((void *)tl)) { printf("?Ambiguous argument '%s'.\n", argv[i]); return 0; } else if (!sl && !tl) { printf("?Unknown argument '%s'.\n", argv[i]); return 0; } else { if (tl) { dotog(tl); } if (sl) { doset(sl); } } } } /*@*/optionstatus(); #ifdef ENCRYPTION EncryptStatus(); #endif /* ENCRYPTION */ return 1; #undef doset #undef dotog } /* * The following are the data structures, and many of the routines, * relating to command processing. */ /* * Set the escape character. */ static int setescape(int argc, char *argv[]) { char *arg; char buf[50]; printf( "Deprecated usage - please use 'set escape%s%s' in the future.\n", (argc > 2)? " ":"", (argc > 2)? argv[1]: ""); if (argc > 2) arg = argv[1]; else { printf("new escape character: "); (void) fgets(buf, sizeof(buf), stdin); arg = buf; } if (arg[0] != '\0') escape = arg[0]; (void) fflush(stdout); return 1; } static int togcrmod(void) { crmod = !crmod; printf("Deprecated usage - please use 'toggle crmod' in the future.\n"); printf("%s map carriage return on output.\n", crmod ? "Will" : "Won't"); (void) fflush(stdout); return 1; } static int suspend(void) { #ifdef SIGTSTP setcommandmode(); { long oldrows, oldcols, newrows, newcols, err_; err_ = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0; (void) kill(0, SIGTSTP); /* * If we didn't get the window size before the SUSPEND, but we * can get them now (?), then send the NAWS to make sure that * we are set up for the right window size. */ if (TerminalWindowSize(&newrows, &newcols) && connected && (err_ || ((oldrows != newrows) || (oldcols != newcols)))) { sendnaws(); } } /* reget parameters in case they were changed */ TerminalSaveState(); setconnmode(0); #else printf("Suspend is not supported. Try the '!' command instead\n"); #endif return 1; } static int shell(int argc, char *argv[] __unused) { long oldrows, oldcols, newrows, newcols, err_; setcommandmode(); err_ = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0; switch(vfork()) { case -1: perror("Fork failed\n"); break; case 0: { /* * Fire up the shell in the child. */ const char *shellp, *shellname; shellp = getenv("SHELL"); if (shellp == NULL) shellp = "/bin/sh"; if ((shellname = strrchr(shellp, '/')) == 0) shellname = shellp; else shellname++; if (argc > 1) execl(shellp, shellname, "-c", &saveline[1], (char *)0); else execl(shellp, shellname, (char *)0); perror("Execl"); _exit(1); } default: (void)wait((int *)0); /* Wait for the shell to complete */ if (TerminalWindowSize(&newrows, &newcols) && connected && (err_ || ((oldrows != newrows) || (oldcols != newcols)))) { sendnaws(); } break; } return 1; } static int bye(int argc, char *argv[]) { extern int resettermname; if (connected) { (void) shutdown(net, 2); printf("Connection closed.\n"); (void) NetClose(net); connected = 0; resettermname = 1; #ifdef AUTHENTICATION #ifdef ENCRYPTION auth_encrypt_connect(connected); #endif #endif /* reset options */ tninit(); } if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0)) { longjmp(toplevel, 1); /* NOTREACHED */ } return 1; /* Keep lint, etc., happy */ } void quit(void) { (void) call(bye, "bye", "fromquit", 0); Exit(0); } static int logout(void) { send_do(TELOPT_LOGOUT, 1); (void) netflush(); return 1; } /* * The SLC command. */ struct slclist { const char *name; const char *help; void (*handler)(int); int arg; }; static void slc_help(void); struct slclist SlcList[] = { { "export", "Use local special character definitions", (void (*)(int))slc_mode_export, 0 }, { "import", "Use remote special character definitions", slc_mode_import, 1 }, { "check", "Verify remote special character definitions", slc_mode_import, 0 }, { "help", NULL, (void (*)(int))slc_help, 0 }, { "?", "Print help information", (void (*)(int))slc_help, 0 }, { NULL, NULL, NULL, 0 }, }; static void slc_help(void) { struct slclist *c; for (c = SlcList; c->name; c++) { if (c->help) { if (*c->help) printf("%-15s %s\n", c->name, c->help); else printf("\n"); } } } static struct slclist * getslc(char *name) { return (struct slclist *) genget(name, (char **) SlcList, sizeof(struct slclist)); } static int slccmd(int argc, char *argv[]) { struct slclist *c; if (argc != 2) { fprintf(stderr, "Need an argument to 'slc' command. 'slc ?' for help.\n"); return 0; } c = getslc(argv[1]); if (c == 0) { fprintf(stderr, "'%s': unknown argument ('slc ?' for help).\n", argv[1]); return 0; } if (Ambiguous((void *)c)) { fprintf(stderr, "'%s': ambiguous argument ('slc ?' for help).\n", argv[1]); return 0; } (*c->handler)(c->arg); slcstate(); return 1; } /* * The ENVIRON command. */ struct envlist { const char *name; const char *help; void (*handler)(unsigned char *, unsigned char *); int narg; }; extern struct env_lst * env_define(const unsigned char *, unsigned char *); extern void env_undefine(unsigned char *), env_export(const unsigned char *), env_unexport(const unsigned char *), env_send(unsigned char *), #if defined(OLD_ENVIRON) && defined(ENV_HACK) env_varval(unsigned char *), #endif env_list(void); static void env_help(void); struct envlist EnvList[] = { { "define", "Define an environment variable", (void (*)(unsigned char *, unsigned char *))env_define, 2 }, { "undefine", "Undefine an environment variable", (void (*)(unsigned char *, unsigned char *))env_undefine, 1 }, { "export", "Mark an environment variable for automatic export", (void (*)(unsigned char *, unsigned char *))env_export, 1 }, { "unexport", "Don't mark an environment variable for automatic export", (void (*)(unsigned char *, unsigned char *))env_unexport, 1 }, { "send", "Send an environment variable", (void (*)(unsigned char *, unsigned char *))env_send, 1 }, { "list", "List the current environment variables", (void (*)(unsigned char *, unsigned char *))env_list, 0 }, #if defined(OLD_ENVIRON) && defined(ENV_HACK) { "varval", "Reverse VAR and VALUE (auto, right, wrong, status)", (void (*)(unsigned char *, unsigned char *))env_varval, 1 }, #endif { "help", NULL, (void (*)(unsigned char *, unsigned char *))env_help, 0 }, { "?", "Print help information", (void (*)(unsigned char *, unsigned char *))env_help, 0 }, { NULL, NULL, NULL, 0 }, }; static void env_help(void) { struct envlist *c; for (c = EnvList; c->name; c++) { if (c->help) { if (*c->help) printf("%-15s %s\n", c->name, c->help); else printf("\n"); } } } static struct envlist * getenvcmd(char *name) { return (struct envlist *) genget(name, (char **) EnvList, sizeof(struct envlist)); } static int env_cmd(int argc, char *argv[]) { struct envlist *c; if (argc < 2) { fprintf(stderr, "Need an argument to 'environ' command. 'environ ?' for help.\n"); return 0; } c = getenvcmd(argv[1]); if (c == 0) { fprintf(stderr, "'%s': unknown argument ('environ ?' for help).\n", argv[1]); return 0; } if (Ambiguous((void *)c)) { fprintf(stderr, "'%s': ambiguous argument ('environ ?' for help).\n", argv[1]); return 0; } if (c->narg + 2 != argc) { fprintf(stderr, "Need %s%d argument%s to 'environ %s' command. 'environ ?' for help.\n", c->narg < argc + 2 ? "only " : "", c->narg, c->narg == 1 ? "" : "s", c->name); return 0; } (*c->handler)(argv[2], argv[3]); return 1; } struct env_lst { struct env_lst *next; /* pointer to next structure */ struct env_lst *prev; /* pointer to previous structure */ unsigned char *var; /* pointer to variable name */ unsigned char *value; /* pointer to variable value */ int export; /* 1 -> export with default list of variables */ int welldefined; /* A well defined variable */ }; struct env_lst envlisthead; static struct env_lst * env_find(const unsigned char *var) { struct env_lst *ep; for (ep = envlisthead.next; ep; ep = ep->next) { if (strcmp(ep->var, var) == 0) return(ep); } return(NULL); } void env_init(void) { extern char **environ; char **epp, *cp; struct env_lst *ep; for (epp = environ; *epp; epp++) { if ((cp = strchr(*epp, '='))) { *cp = '\0'; ep = env_define((unsigned char *)*epp, (unsigned char *)cp+1); ep->export = 0; *cp = '='; } } /* * Special case for DISPLAY variable. If it is ":0.0" or * "unix:0.0", we have to get rid of "unix" and insert our * hostname. */ if ((ep = env_find("DISPLAY")) && ((*ep->value == ':') || (strncmp((char *)ep->value, "unix:", 5) == 0))) { char hbuf[256+1]; char *cp2 = strchr((char *)ep->value, ':'); gethostname(hbuf, sizeof(hbuf)); hbuf[sizeof(hbuf)-1] = '\0'; asprintf(&cp, "%s%s", hbuf, cp2); assert(cp != NULL); free(ep->value); ep->value = (unsigned char *)cp; } /* * If USER is not defined, but LOGNAME is, then add * USER with the value from LOGNAME. By default, we * don't export the USER variable. */ if ((env_find("USER") == NULL) && (ep = env_find("LOGNAME"))) { env_define("USER", ep->value); env_unexport("USER"); } env_export("DISPLAY"); env_export("PRINTER"); } struct env_lst * env_define(const unsigned char *var, unsigned char *value) { struct env_lst *ep; if ((ep = env_find(var))) { if (ep->var) free(ep->var); if (ep->value) free(ep->value); } else { ep = (struct env_lst *)malloc(sizeof(struct env_lst)); ep->next = envlisthead.next; envlisthead.next = ep; ep->prev = &envlisthead; if (ep->next) ep->next->prev = ep; } ep->welldefined = opt_welldefined(var); ep->export = 1; ep->var = strdup(var); ep->value = strdup(value); return(ep); } void env_undefine(unsigned char *var) { struct env_lst *ep; if ((ep = env_find(var))) { ep->prev->next = ep->next; if (ep->next) ep->next->prev = ep->prev; if (ep->var) free(ep->var); if (ep->value) free(ep->value); free(ep); } } void env_export(const unsigned char *var) { struct env_lst *ep; if ((ep = env_find(var))) ep->export = 1; } void env_unexport(const unsigned char *var) { struct env_lst *ep; if ((ep = env_find(var))) ep->export = 0; } void env_send(unsigned char *var) { struct env_lst *ep; if (my_state_is_wont(TELOPT_NEW_ENVIRON) #ifdef OLD_ENVIRON && my_state_is_wont(TELOPT_OLD_ENVIRON) #endif ) { fprintf(stderr, "Cannot send '%s': Telnet ENVIRON option not enabled\n", var); return; } ep = env_find(var); if (ep == 0) { fprintf(stderr, "Cannot send '%s': variable not defined\n", var); return; } env_opt_start_info(); env_opt_add(ep->var); env_opt_end(0); } void env_list(void) { struct env_lst *ep; for (ep = envlisthead.next; ep; ep = ep->next) { printf("%c %-20s %s\n", ep->export ? '*' : ' ', ep->var, ep->value); } } unsigned char * env_default(int init, int welldefined) { static struct env_lst *nep = NULL; if (init) { nep = &envlisthead; return(NULL); } if (nep) { while ((nep = nep->next)) { if (nep->export && (nep->welldefined == welldefined)) return(nep->var); } } return(NULL); } unsigned char * env_getvalue(const unsigned char *var) { struct env_lst *ep; if ((ep = env_find(var))) return(ep->value); return(NULL); } #if defined(OLD_ENVIRON) && defined(ENV_HACK) void env_varval(unsigned char *what) { extern int old_env_var, old_env_value, env_auto; int len = strlen((char *)what); if (len == 0) goto unknown; if (strncasecmp((char *)what, "status", len) == 0) { if (env_auto) printf("%s%s", "VAR and VALUE are/will be ", "determined automatically\n"); if (old_env_var == OLD_ENV_VAR) printf("VAR and VALUE set to correct definitions\n"); else printf("VAR and VALUE definitions are reversed\n"); } else if (strncasecmp((char *)what, "auto", len) == 0) { env_auto = 1; old_env_var = OLD_ENV_VALUE; old_env_value = OLD_ENV_VAR; } else if (strncasecmp((char *)what, "right", len) == 0) { env_auto = 0; old_env_var = OLD_ENV_VAR; old_env_value = OLD_ENV_VALUE; } else if (strncasecmp((char *)what, "wrong", len) == 0) { env_auto = 0; old_env_var = OLD_ENV_VALUE; old_env_value = OLD_ENV_VAR; } else { unknown: printf("Unknown \"varval\" command. (\"auto\", \"right\", \"wrong\", \"status\")\n"); } } #endif #ifdef AUTHENTICATION /* * The AUTHENTICATE command. */ struct authlist { const char *name; const char *help; int (*handler)(char *); int narg; }; extern int auth_enable(char *), auth_disable(char *), auth_status(void); static int auth_help(void); struct authlist AuthList[] = { { "status", "Display current status of authentication information", (int (*)(char *))auth_status, 0 }, { "disable", "Disable an authentication type ('auth disable ?' for more)", auth_disable, 1 }, { "enable", "Enable an authentication type ('auth enable ?' for more)", auth_enable, 1 }, { "help", NULL, (int (*)(char *))auth_help, 0 }, { "?", "Print help information", (int (*)(char *))auth_help, 0 }, { NULL, NULL, NULL, 0 }, }; static int auth_help(void) { struct authlist *c; for (c = AuthList; c->name; c++) { if (c->help) { if (*c->help) printf("%-15s %s\n", c->name, c->help); else printf("\n"); } } return 0; } int auth_cmd(int argc, char *argv[]) { struct authlist *c; if (argc < 2) { fprintf(stderr, "Need an argument to 'auth' command. 'auth ?' for help.\n"); return 0; } c = (struct authlist *) genget(argv[1], (char **) AuthList, sizeof(struct authlist)); if (c == 0) { fprintf(stderr, "'%s': unknown argument ('auth ?' for help).\n", argv[1]); return 0; } if (Ambiguous((void *)c)) { fprintf(stderr, "'%s': ambiguous argument ('auth ?' for help).\n", argv[1]); return 0; } if (c->narg + 2 != argc) { fprintf(stderr, "Need %s%d argument%s to 'auth %s' command. 'auth ?' for help.\n", c->narg < argc + 2 ? "only " : "", c->narg, c->narg == 1 ? "" : "s", c->name); return 0; } return((*c->handler)(argv[2])); } #endif #ifdef ENCRYPTION /* * The ENCRYPT command. */ struct encryptlist { const char *name; const char *help; int (*handler)(char *, char *); int needconnect; int minarg; int maxarg; }; extern int EncryptEnable(char *, char *), EncryptDisable(char *, char *), EncryptType(char *, char *), EncryptStart(char *), EncryptStartInput(void), EncryptStartOutput(void), EncryptStop(char *), EncryptStopInput(void), EncryptStopOutput(void), EncryptStatus(void); static int EncryptHelp(void); struct encryptlist EncryptList[] = { { "enable", "Enable encryption. ('encrypt enable ?' for more)", EncryptEnable, 1, 1, 2 }, { "disable", "Disable encryption. ('encrypt enable ?' for more)", EncryptDisable, 0, 1, 2 }, { "type", "Set encryption type. ('encrypt type ?' for more)", EncryptType, 0, 1, 1 }, { "start", "Start encryption. ('encrypt start ?' for more)", (int (*)(char *, char *))EncryptStart, 1, 0, 1 }, { "stop", "Stop encryption. ('encrypt stop ?' for more)", (int (*)(char *, char *))EncryptStop, 1, 0, 1 }, { "input", "Start encrypting the input stream", (int (*)(char *, char *))EncryptStartInput, 1, 0, 0 }, { "-input", "Stop encrypting the input stream", (int (*)(char *, char *))EncryptStopInput, 1, 0, 0 }, { "output", "Start encrypting the output stream", (int (*)(char *, char *))EncryptStartOutput, 1, 0, 0 }, { "-output", "Stop encrypting the output stream", (int (*)(char *, char *))EncryptStopOutput, 1, 0, 0 }, { "status", "Display current status of authentication information", (int (*)(char *, char *))EncryptStatus, 0, 0, 0 }, { "help", NULL, (int (*)(char *, char *))EncryptHelp, 0, 0, 0 }, { "?", "Print help information", (int (*)(char *, char *))EncryptHelp, 0, 0, 0 }, { NULL, NULL, NULL, 0, 0, 0 }, }; static int EncryptHelp(void) { struct encryptlist *c; for (c = EncryptList; c->name; c++) { if (c->help) { if (*c->help) printf("%-15s %s\n", c->name, c->help); else printf("\n"); } } return 0; } static int encrypt_cmd(int argc, char *argv[]) { struct encryptlist *c; if (argc < 2) { fprintf(stderr, "Need an argument to 'encrypt' command. 'encrypt ?' for help.\n"); return 0; } c = (struct encryptlist *) genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist)); if (c == 0) { fprintf(stderr, "'%s': unknown argument ('encrypt ?' for help).\n", argv[1]); return 0; } if (Ambiguous((void *)c)) { fprintf(stderr, "'%s': ambiguous argument ('encrypt ?' for help).\n", argv[1]); return 0; } argc -= 2; if (argc < c->minarg || argc > c->maxarg) { if (c->minarg == c->maxarg) { fprintf(stderr, "Need %s%d argument%s ", c->minarg < argc ? "only " : "", c->minarg, c->minarg == 1 ? "" : "s"); } else { fprintf(stderr, "Need %s%d-%d arguments ", c->maxarg < argc ? "only " : "", c->minarg, c->maxarg); } fprintf(stderr, "to 'encrypt %s' command. 'encrypt ?' for help.\n", c->name); return 0; } if (c->needconnect && !connected) { if (!(argc && (isprefix(argv[2], "help") || isprefix(argv[2], "?")))) { printf("?Need to be connected first.\n"); return 0; } } return ((*c->handler)(argc > 0 ? argv[2] : 0, argc > 1 ? argv[3] : 0)); } #endif /* ENCRYPTION */ /* * Print status about the connection. */ /*ARGSUSED*/ static int status(int argc, char *argv[]) { if (connected) { if (!quiet_mode) printf("Connected to %s.\n", hostname); if ((argc < 2) || strcmp(argv[1], "notmuch")) { int mode = getconnmode(); if (my_want_state_is_will(TELOPT_LINEMODE)) { printf("Operating with LINEMODE option\n"); printf("%s line editing\n", (mode&MODE_EDIT) ? "Local" : "No"); printf("%s catching of signals\n", (mode&MODE_TRAPSIG) ? "Local" : "No"); slcstate(); #ifdef KLUDGELINEMODE } else if (kludgelinemode && my_want_state_is_dont(TELOPT_SGA)) { printf("Operating in obsolete linemode\n"); #endif } else { printf("Operating in single character mode\n"); if (localchars) printf("Catching signals locally\n"); } printf("%s character echo\n", (mode&MODE_ECHO) ? "Local" : "Remote"); if (my_want_state_is_will(TELOPT_LFLOW)) printf("%s flow control\n", (mode&MODE_FLOW) ? "Local" : "No"); #ifdef ENCRYPTION encrypt_display(); #endif /* ENCRYPTION */ } } else { printf("No connection.\n"); } if (!quiet_mode) printf("Escape character is '%s'.\n", control(escape)); (void) fflush(stdout); return 1; } #ifdef SIGINFO /* * Function that gets called when SIGINFO is received. */ void ayt_status(void) { (void) call(status, "status", "notmuch", 0); } #endif static const char * sockaddr_ntop(struct sockaddr *sa) { void *addr; static char addrbuf[INET6_ADDRSTRLEN]; switch (sa->sa_family) { case AF_INET: addr = &((struct sockaddr_in *)sa)->sin_addr; break; case AF_UNIX: addr = &((struct sockaddr_un *)sa)->sun_path; break; #ifdef INET6 case AF_INET6: addr = &((struct sockaddr_in6 *)sa)->sin6_addr; break; #endif default: return NULL; } inet_ntop(sa->sa_family, addr, addrbuf, sizeof(addrbuf)); return addrbuf; } #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) static int setpolicy(int lnet, struct addrinfo *res, char *policy) { char *buf; int level; int optname; if (policy == NULL) return 0; buf = ipsec_set_policy(policy, strlen(policy)); if (buf == NULL) { printf("%s\n", ipsec_strerror()); return -1; } level = res->ai_family == AF_INET ? IPPROTO_IP : IPPROTO_IPV6; optname = res->ai_family == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY; if (setsockopt(lnet, level, optname, buf, ipsec_get_policylen(buf)) < 0){ perror("setsockopt"); return -1; } free(buf); return 0; } #endif #ifdef INET6 /* * When an Address Family related error happend, check if retry with * another AF is possible or not. * Return 1, if retry with another af is OK. Else, return 0. */ static int switch_af(struct addrinfo **aip) { int nextaf; struct addrinfo *ai; ai = *aip; nextaf = (ai->ai_family == AF_INET) ? AF_INET6 : AF_INET; do ai=ai->ai_next; while (ai != NULL && ai->ai_family != nextaf); *aip = ai; if (*aip != NULL) { return 1; } return 0; } #endif int tn(int argc, char *argv[]) { unsigned char *srp = 0; int proto, opt; int srlen; int srcroute = 0, result; char *cmd, *hostp = 0, *portp = 0, *user = 0; char *src_addr = NULL; struct addrinfo hints, *res, *res0 = NULL, *src_res, *src_res0 = NULL; int error = 0, af_error = 0; if (connected) { printf("?Already connected to %s\n", hostname); setuid(getuid()); return 0; } if (argc < 2) { (void) strcpy(line, "open "); printf("(to) "); (void) fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin); makeargv(); argc = margc; argv = margv; } cmd = *argv; --argc; ++argv; while (argc) { if (strcmp(*argv, "help") == 0 || isprefix(*argv, "?")) goto usage; if (strcmp(*argv, "-l") == 0) { --argc; ++argv; if (argc == 0) goto usage; user = *argv++; --argc; continue; } if (strcmp(*argv, "-a") == 0) { --argc; ++argv; autologin = 1; continue; } if (strcmp(*argv, "-s") == 0) { --argc; ++argv; if (argc == 0) goto usage; src_addr = *argv++; --argc; continue; } if (hostp == 0) { hostp = *argv++; --argc; continue; } if (portp == 0) { portp = *argv++; --argc; continue; } usage: printf("usage: %s [-l user] [-a] [-s src_addr] host-name [port]\n", cmd); setuid(getuid()); return 0; } if (hostp == 0) goto usage; if (src_addr != NULL) { memset(&hints, 0, sizeof(hints)); hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; error = getaddrinfo(src_addr, 0, &hints, &src_res); if (error == EAI_NONAME) { hints.ai_flags = 0; error = getaddrinfo(src_addr, 0, &hints, &src_res); } if (error != 0) { fprintf(stderr, "%s: %s\n", src_addr, gai_strerror(error)); if (error == EAI_SYSTEM) fprintf(stderr, "%s: %s\n", src_addr, strerror(errno)); setuid(getuid()); return 0; } src_res0 = src_res; } if (hostp[0] == '/') { struct sockaddr_un su; if (strlen(hostp) >= sizeof(su.sun_path)) { fprintf(stderr, "hostname too long for unix domain socket: %s", hostp); goto fail; } hostname = hostp; memset(&su, 0, sizeof su); su.sun_family = AF_UNIX; strncpy(su.sun_path, hostp, sizeof su.sun_path); if (!quiet_mode) printf("Trying %s...\n", hostp); net = socket(PF_UNIX, SOCK_STREAM, 0); if ( net < 0) { perror("socket"); goto fail; } if (connect(net, (struct sockaddr *)&su, sizeof su) == -1) { perror(su.sun_path); (void) NetClose(net); goto fail; } goto af_unix; } else if (hostp[0] == '@' || hostp[0] == '!') { if ( #ifdef INET6 family == AF_INET6 || #endif (hostname = strrchr(hostp, ':')) == NULL) hostname = strrchr(hostp, '@'); if (hostname == NULL) { hostname = hostp; } else { hostname++; srcroute = 1; } } else hostname = hostp; if (!portp) { telnetport = 1; portp = strdup("telnet"); } else if (*portp == '-') { portp++; telnetport = 1; } else if (*portp == '+') { portp++; telnetport = -1; } else telnetport = 0; memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_NUMERICHOST; hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; error = getaddrinfo(hostname, portp, &hints, &res); if (error) { hints.ai_flags = AI_CANONNAME; error = getaddrinfo(hostname, portp, &hints, &res); } if (error != 0) { fprintf(stderr, "%s: %s\n", hostname, gai_strerror(error)); if (error == EAI_SYSTEM) fprintf(stderr, "%s: %s\n", hostname, strerror(errno)); setuid(getuid()); goto fail; } if (hints.ai_flags == AI_NUMERICHOST) { /* hostname has numeric */ int gni_err = 1; if (doaddrlookup) gni_err = getnameinfo(res->ai_addr, res->ai_addr->sa_len, _hostname, sizeof(_hostname) - 1, NULL, 0, NI_NAMEREQD); if (gni_err != 0) (void) strncpy(_hostname, hostp, sizeof(_hostname) - 1); _hostname[sizeof(_hostname)-1] = '\0'; hostname = _hostname; } else { /* hostname has FQDN */ if (srcroute != 0) (void) strncpy(_hostname, hostname, sizeof(_hostname) - 1); else if (res->ai_canonname != NULL) strcpy(_hostname, res->ai_canonname); else (void) strncpy(_hostname, hostp, sizeof(_hostname) - 1); _hostname[sizeof(_hostname)-1] = '\0'; hostname = _hostname; } res0 = res; #ifdef INET6 af_again: #endif if (srcroute != 0) { static char hostbuf[BUFSIZ]; if (af_error == 0) { /* save intermediate hostnames for retry */ strncpy(hostbuf, hostp, BUFSIZ - 1); hostbuf[BUFSIZ - 1] = '\0'; } else hostp = hostbuf; srp = 0; result = sourceroute(res, hostp, &srp, &srlen, &proto, &opt); if (result == 0) { #ifdef INET6 if (family == AF_UNSPEC && af_error == 0 && switch_af(&res) == 1) { af_error = 1; goto af_again; } #endif setuid(getuid()); goto fail; } else if (result == -1) { printf("Bad source route option: %s\n", hostp); setuid(getuid()); goto fail; } } do { if (!quiet_mode) printf("Trying %s...\n", sockaddr_ntop(res->ai_addr)); net = socket(res->ai_family, res->ai_socktype, res->ai_protocol); setuid(getuid()); if (net < 0) { #ifdef INET6 if (family == AF_UNSPEC && af_error == 0 && switch_af(&res) == 1) { af_error = 1; goto af_again; } #endif perror("telnet: socket"); goto fail; } if (srp && setsockopt(net, proto, opt, (char *)srp, srlen) < 0) perror("setsockopt (source route)"); #if defined(IPPROTO_IP) && defined(IP_TOS) if (res->ai_family == PF_INET) { # if defined(HAS_GETTOS) struct tosent *tp; if (tos < 0 && (tp = gettosbyname("telnet", "tcp"))) tos = tp->t_tos; # endif if (tos < 0) tos = IPTOS_LOWDELAY; if (tos && (setsockopt(net, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0) && (errno != ENOPROTOOPT)) perror("telnet: setsockopt (IP_TOS) (ignored)"); } #endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ if (telnet_debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) { perror("setsockopt (SO_DEBUG)"); } if (src_addr != NULL) { for (src_res = src_res0; src_res != 0; src_res = src_res->ai_next) if (src_res->ai_family == res->ai_family) break; if (src_res == NULL) src_res = src_res0; if (bind(net, src_res->ai_addr, src_res->ai_addrlen) == -1) { #ifdef INET6 if (family == AF_UNSPEC && af_error == 0 && switch_af(&res) == 1) { af_error = 1; (void) NetClose(net); goto af_again; } #endif perror("bind"); (void) NetClose(net); goto fail; } } #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) if (setpolicy(net, res, ipsec_policy_in) < 0) { (void) NetClose(net); goto fail; } if (setpolicy(net, res, ipsec_policy_out) < 0) { (void) NetClose(net); goto fail; } #endif if (connect(net, res->ai_addr, res->ai_addrlen) < 0) { struct addrinfo *next; next = res->ai_next; /* If already an af failed, only try same af. */ if (af_error != 0) while (next != NULL && next->ai_family != res->ai_family) next = next->ai_next; warn("connect to address %s", sockaddr_ntop(res->ai_addr)); if (next != NULL) { res = next; (void) NetClose(net); continue; } warnx("Unable to connect to remote host"); (void) NetClose(net); goto fail; } connected++; #ifdef AUTHENTICATION #ifdef ENCRYPTION auth_encrypt_connect(connected); #endif #endif } while (connected == 0); freeaddrinfo(res0); if (src_res0 != NULL) freeaddrinfo(src_res0); cmdrc(hostp, hostname); af_unix: connected = 1; if (autologin && user == NULL) { struct passwd *pw; user = getenv("USER"); if (user == NULL || ((pw = getpwnam(user)) && pw->pw_uid != getuid())) { if ((pw = getpwuid(getuid()))) user = pw->pw_name; else user = NULL; } } if (user) { env_define("USER", user); env_export("USER"); } (void) call(status, "status", "notmuch", 0); telnet(user); (void) NetClose(net); if (quiet_mode) ExitString("",1); else ExitString("Connection closed by foreign host.\n",1); /*NOTREACHED*/ fail: if (res0 != NULL) freeaddrinfo(res0); if (src_res0 != NULL) freeaddrinfo(src_res0); return 0; } #define HELPINDENT (sizeof ("connect")) static char openhelp[] = "connect to a site", closehelp[] = "close current connection", logouthelp[] = "forcibly logout remote user and close the connection", quithelp[] = "exit telnet", statushelp[] = "print status information", helphelp[] = "print help information", sendhelp[] = "transmit special characters ('send ?' for more)", sethelp[] = "set operating parameters ('set ?' for more)", unsethelp[] = "unset operating parameters ('unset ?' for more)", togglestring[] ="toggle operating parameters ('toggle ?' for more)", slchelp[] = "change state of special charaters ('slc ?' for more)", displayhelp[] = "display operating parameters", #ifdef AUTHENTICATION authhelp[] = "turn on (off) authentication ('auth ?' for more)", #endif #ifdef ENCRYPTION encrypthelp[] = "turn on (off) encryption ('encrypt ?' for more)", #endif /* ENCRYPTION */ zhelp[] = "suspend telnet", #ifdef OPIE opiehelp[] = "compute response to OPIE challenge", #endif shellhelp[] = "invoke a subshell", envhelp[] = "change environment variables ('environ ?' for more)", modestring[] = "try to enter line or character mode ('mode ?' for more)"; static Command cmdtab[] = { { "close", closehelp, bye, 1 }, { "logout", logouthelp, (int (*)(int, char **))logout, 1 }, { "display", displayhelp, display, 0 }, { "mode", modestring, modecmd, 0 }, { "telnet", openhelp, tn, 0 }, { "open", openhelp, tn, 0 }, { "quit", quithelp, (int (*)(int, char **))quit, 0 }, { "send", sendhelp, sendcmd, 0 }, { "set", sethelp, setcmd, 0 }, { "unset", unsethelp, unsetcmd, 0 }, { "status", statushelp, status, 0 }, { "toggle", togglestring, toggle, 0 }, { "slc", slchelp, slccmd, 0 }, #ifdef AUTHENTICATION { "auth", authhelp, auth_cmd, 0 }, #endif #ifdef ENCRYPTION { "encrypt", encrypthelp, encrypt_cmd, 0 }, #endif /* ENCRYPTION */ { "z", zhelp, (int (*)(int, char **))suspend, 0 }, { "!", shellhelp, shell, 1 }, { "environ", envhelp, env_cmd, 0 }, { "?", helphelp, help, 0 }, #ifdef OPIE { "opie", opiehelp, opie_calc, 0 }, #endif { NULL, NULL, NULL, 0 } }; static char crmodhelp[] = "deprecated command -- use 'toggle crmod' instead"; static char escapehelp[] = "deprecated command -- use 'set escape' instead"; static Command cmdtab2[] = { { "help", 0, help, 0 }, { "escape", escapehelp, setescape, 0 }, { "crmod", crmodhelp, (int (*)(int, char **))togcrmod, 0 }, { NULL, NULL, NULL, 0 } }; /* * Call routine with argc, argv set from args (terminated by 0). */ static int call(intrtn_t routine, ...) { va_list ap; char *args[100]; int argno = 0; va_start(ap, routine); while ((args[argno++] = va_arg(ap, char *)) != 0); va_end(ap); return (*routine)(argno-1, args); } static Command * getcmd(char *name) { Command *cm; if ((cm = (Command *) genget(name, (char **) cmdtab, sizeof(Command)))) return cm; return (Command *) genget(name, (char **) cmdtab2, sizeof(Command)); } void command(int top, const char *tbuf, int cnt) { Command *c; setcommandmode(); if (!top) { putchar('\n'); } else { (void) signal(SIGINT, SIG_DFL); (void) signal(SIGQUIT, SIG_DFL); } for (;;) { if (rlogin == _POSIX_VDISABLE) printf("%s> ", prompt); if (tbuf) { char *cp; cp = line; while (cnt > 0 && (*cp++ = *tbuf++) != '\n') cnt--; tbuf = 0; if (cp == line || *--cp != '\n' || cp == line) goto getline; *cp = '\0'; if (rlogin == _POSIX_VDISABLE) printf("%s\n", line); } else { getline: if (rlogin != _POSIX_VDISABLE) printf("%s> ", prompt); if (fgets(line, sizeof(line), stdin) == NULL) { if (feof(stdin) || ferror(stdin)) { (void) quit(); /*NOTREACHED*/ } break; } } if (line[0] == 0) break; makeargv(); if (margv[0] == 0) { break; } c = getcmd(margv[0]); if (Ambiguous((void *)c)) { printf("?Ambiguous command\n"); continue; } if (c == 0) { printf("?Invalid command\n"); continue; } if (c->needconnect && !connected) { printf("?Need to be connected first.\n"); continue; } if ((*c->handler)(margc, margv)) { break; } } if (!top) { if (!connected) { longjmp(toplevel, 1); /*NOTREACHED*/ } setconnmode(0); } } /* * Help command. */ static int help(int argc, char *argv[]) { Command *c; if (argc == 1) { printf("Commands may be abbreviated. Commands are:\n\n"); for (c = cmdtab; c->name; c++) if (c->help) { printf("%-*s\t%s\n", (int)HELPINDENT, c->name, c->help); } return 0; } else while (--argc > 0) { char *arg; arg = *++argv; c = getcmd(arg); if (Ambiguous((void *)c)) printf("?Ambiguous help command %s\n", arg); else if (c == (Command *)0) printf("?Invalid help command %s\n", arg); else if (c->help) printf("%s\n", c->help); } return 0; } static char *rcname = 0; static char rcbuf[128]; void cmdrc(char *m1, char *m2) { Command *c; FILE *rcfile; int gotmachine = 0; int l1 = strlen(m1); int l2 = strlen(m2); char m1save[MAXHOSTNAMELEN]; if (skiprc) return; strlcpy(m1save, m1, sizeof(m1save)); m1 = m1save; if (rcname == 0) { rcname = getenv("HOME"); if (rcname && (strlen(rcname) + 10) < sizeof(rcbuf)) strcpy(rcbuf, rcname); else rcbuf[0] = '\0'; strcat(rcbuf, "/.telnetrc"); rcname = rcbuf; } if ((rcfile = fopen(rcname, "r")) == 0) { return; } for (;;) { if (fgets(line, sizeof(line), rcfile) == NULL) break; if (line[0] == 0) break; if (line[0] == '#') continue; if (gotmachine) { if (!isspace(line[0])) gotmachine = 0; } if (gotmachine == 0) { if (isspace(line[0])) continue; if (strncasecmp(line, m1, l1) == 0) strncpy(line, &line[l1], sizeof(line) - l1); else if (strncasecmp(line, m2, l2) == 0) strncpy(line, &line[l2], sizeof(line) - l2); else if (strncasecmp(line, "DEFAULT", 7) == 0) strncpy(line, &line[7], sizeof(line) - 7); else continue; if (line[0] != ' ' && line[0] != '\t' && line[0] != '\n') continue; gotmachine = 1; } makeargv(); if (margv[0] == 0) continue; c = getcmd(margv[0]); if (Ambiguous((void *)c)) { printf("?Ambiguous command: %s\n", margv[0]); continue; } if (c == 0) { printf("?Invalid command: %s\n", margv[0]); continue; } /* * This should never happen... */ if (c->needconnect && !connected) { printf("?Need to be connected first for %s.\n", margv[0]); continue; } (*c->handler)(margc, margv); } fclose(rcfile); } /* * Source route is handed in as * [!]@hop1@hop2...[@|:]dst * If the leading ! is present, it is a * strict source route, otherwise it is * assmed to be a loose source route. * * We fill in the source route option as * hop1,hop2,hop3...dest * and return a pointer to hop1, which will * be the address to connect() to. * * Arguments: * * res: ponter to addrinfo structure which contains sockaddr to * the host to connect to. * * arg: pointer to route list to decipher * * cpp: If *cpp is not equal to NULL, this is a * pointer to a pointer to a character array * that should be filled in with the option. * * lenp: pointer to an integer that contains the * length of *cpp if *cpp != NULL. * * protop: pointer to an integer that should be filled in with * appropriate protocol for setsockopt, as socket * protocol family. * * optp: pointer to an integer that should be filled in with * appropriate option for setsockopt, as socket protocol * family. * * Return values: * * If the return value is 1, then all operations are * successful. If the * return value is -1, there was a syntax error in the * option, either unknown characters, or too many hosts. * If the return value is 0, one of the hostnames in the * path is unknown, and *cpp is set to point to the bad * hostname. * * *cpp: If *cpp was equal to NULL, it will be filled * in with a pointer to our static area that has * the option filled in. This will be 32bit aligned. * * *lenp: This will be filled in with how long the option * pointed to by *cpp is. * * *protop: This will be filled in with appropriate protocol for * setsockopt, as socket protocol family. * * *optp: This will be filled in with appropriate option for * setsockopt, as socket protocol family. */ static int sourceroute(struct addrinfo *ai, char *arg, unsigned char **cpp, int *lenp, int *protop, int *optp) { static char buf[1024 + ALIGNBYTES]; /*XXX*/ unsigned char *cp, *cp2, *lsrp, *ep; struct sockaddr_in *_sin; #ifdef INET6 struct sockaddr_in6 *sin6; struct ip6_rthdr *rth; #endif struct addrinfo hints, *res; int error; char c; /* * Verify the arguments, and make sure we have * at least 7 bytes for the option. */ if (cpp == NULL || lenp == NULL) return -1; if (*cpp != NULL) { switch (res->ai_family) { case AF_INET: if (*lenp < 7) return -1; break; #ifdef INET6 case AF_INET6: if (*lenp < (int)CMSG_SPACE(sizeof(struct ip6_rthdr) + sizeof(struct in6_addr))) return -1; break; #endif } } /* * Decide whether we have a buffer passed to us, * or if we need to use our own static buffer. */ if (*cpp) { lsrp = *cpp; ep = lsrp + *lenp; } else { *cpp = lsrp = (char *)ALIGN(buf); ep = lsrp + 1024; } cp = arg; #ifdef INET6 if (ai->ai_family == AF_INET6) { if ((rth = inet6_rth_init((void *)*cpp, sizeof(buf), IPV6_RTHDR_TYPE_0, 0)) == NULL) return -1; if (*cp != '@') return -1; *protop = IPPROTO_IPV6; *optp = IPV6_RTHDR; } else #endif { /* * Next, decide whether we have a loose source * route or a strict source route, and fill in * the begining of the option. */ if (*cp == '!') { cp++; *lsrp++ = IPOPT_SSRR; } else *lsrp++ = IPOPT_LSRR; if (*cp != '@') return -1; lsrp++; /* skip over length, we'll fill it in later */ *lsrp++ = 4; *protop = IPPROTO_IP; *optp = IP_OPTIONS; } cp++; memset(&hints, 0, sizeof(hints)); hints.ai_family = ai->ai_family; hints.ai_socktype = SOCK_STREAM; for (c = 0;;) { if ( #ifdef INET6 ai->ai_family != AF_INET6 && #endif c == ':') cp2 = 0; else for (cp2 = cp; (c = *cp2); cp2++) { if (c == ',') { *cp2++ = '\0'; if (*cp2 == '@') cp2++; } else if (c == '@') { *cp2++ = '\0'; } else if ( #ifdef INET6 ai->ai_family != AF_INET6 && #endif c == ':') { *cp2++ = '\0'; } else continue; break; } if (!c) cp2 = 0; hints.ai_flags = AI_NUMERICHOST; error = getaddrinfo(cp, NULL, &hints, &res); if (error == EAI_NONAME) { hints.ai_flags = 0; error = getaddrinfo(cp, NULL, &hints, &res); } if (error != 0) { fprintf(stderr, "%s: %s\n", cp, gai_strerror(error)); if (error == EAI_SYSTEM) fprintf(stderr, "%s: %s\n", cp, strerror(errno)); *cpp = cp; return(0); } #ifdef INET6 if (res->ai_family == AF_INET6) { sin6 = (struct sockaddr_in6 *)res->ai_addr; if (inet6_rth_add((void *)rth, &sin6->sin6_addr) == -1) return(0); } else #endif { _sin = (struct sockaddr_in *)res->ai_addr; memcpy(lsrp, (char *)&_sin->sin_addr, 4); lsrp += 4; } if (cp2) cp = cp2; else break; /* * Check to make sure there is space for next address */ if (lsrp + 4 > ep) return -1; freeaddrinfo(res); } #ifdef INET6 if (res->ai_family == AF_INET6) { rth->ip6r_len = rth->ip6r_segleft * 2; *lenp = (rth->ip6r_len + 1) << 3; } else #endif { if ((*(*cpp+IPOPT_OLEN) = lsrp - *cpp) <= 7) { *cpp = 0; *lenp = 0; return -1; } *lsrp++ = IPOPT_NOP; /* 32 bit word align it */ *lenp = lsrp - *cpp; } freeaddrinfo(res); return 1; } diff --git a/contrib/telnet/telnet/main.c b/contrib/telnet/telnet/main.c index 8ebcc0a86259..973e2b09a58f 100644 --- a/contrib/telnet/telnet/main.c +++ b/contrib/telnet/telnet/main.c @@ -1,384 +1,382 @@ /* * Copyright (c) 1988, 1990, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if 0 #ifndef lint static const char sccsid[] = "@(#)main.c 8.3 (Berkeley) 5/30/95"; #endif #endif -#include -__FBSDID("$FreeBSD$"); #include #include #include #include #include #include "ring.h" #include "externs.h" #include "defines.h" #ifdef AUTHENTICATION #include #endif #ifdef ENCRYPTION #include #endif /* These values need to be the same as defined in libtelnet/kerberos5.c */ /* Either define them in both places, or put in some common header file. */ #define OPTS_FORWARD_CREDS 0x00000002 #define OPTS_FORWARDABLE_CREDS 0x00000001 #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) char *ipsec_policy_in = NULL; char *ipsec_policy_out = NULL; #endif extern int tos; extern int quiet_mode; int family = AF_UNSPEC; /* * Initialize variables. */ void tninit(void) { init_terminal(); init_network(); init_telnet(); init_sys(); } static void usage(void) { fprintf(stderr, "usage: %s %s%s%s%s\n", prompt, #ifdef AUTHENTICATION "[-4] [-6] [-8] [-B baudrate] [-E] [-K] [-L] [-N] [-S tos] [-X atype]", "\n\t[-c] [-d] [-e char] [-k realm] [-l user] [-f/-F] [-n tracefile] ", #else "[-4] [-6] [-8] [-B baudrate] [-E] [-L] [-N] [-S tos] [-c] [-d]", "\n\t[-e char] [-l user] [-n tracefile] ", #endif "[-r] [-s src_addr] [-u] ", #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) "[-P policy] " #endif #ifdef ENCRYPTION "[-y] [host-name [port]]" #else /* ENCRYPTION */ "[host-name [port]]" #endif /* ENCRYPTION */ ); exit(1); } /* * main. Parse arguments, invoke the protocol or command parser. */ int main(int argc, char *argv[]) { u_long ultmp; int ch; char *ep, *user; char *src_addr = NULL; #ifdef FORWARD extern int forward_flags; #endif /* FORWARD */ setbuf(stdout, NULL); setbuf(stderr, NULL); tninit(); /* Clear out things */ TerminalSaveState(); if ((prompt = strrchr(argv[0], '/'))) ++prompt; else prompt = argv[0]; user = NULL; rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE; #ifdef AUTHENTICATION autologin = 1; #else autologin = -1; #endif #ifdef ENCRYPTION encrypt_auto(1); decrypt_auto(1); #endif #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) #define IPSECOPT "P:" #else #define IPSECOPT #endif while ((ch = getopt(argc, argv, "468B:EKLNQS:X:acde:fFk:l:n:rs:uxy" IPSECOPT)) != -1) #undef IPSECOPT { switch(ch) { case '4': family = AF_INET; break; #ifdef INET6 case '6': family = AF_INET6; break; #endif case '8': eight = 3; /* binary output and input */ break; case 'B': DoBaudRate(optarg); break; case 'E': rlogin = escape = _POSIX_VDISABLE; break; case 'K': #ifdef AUTHENTICATION autologin = 0; #endif break; case 'L': eight |= 2; /* binary output only */ break; case 'N': doaddrlookup = 0; break; case 'Q': quiet_mode = 1; break; case 'S': #ifdef HAS_GETTOS if ((tos = parsetos(optarg, "tcp")) < 0) fprintf(stderr, "%s%s%s%s\n", prompt, ": Bad TOS argument '", optarg, "; will try to use default TOS"); #else #define MAXTOS 255 ultmp = strtoul(optarg, &ep, 0); if (*ep || ep == optarg || ultmp > MAXTOS) fprintf(stderr, "%s%s%s%s\n", prompt, ": Bad TOS argument '", optarg, "; will try to use default TOS"); else tos = ultmp; #endif break; case 'X': #ifdef AUTHENTICATION auth_disable_name(optarg); #endif break; case 'a': #ifdef AUTHENTICATION /* It's the default now, so ignore */ #else autologin = 1; #endif break; case 'c': skiprc = 1; break; case 'd': telnet_debug = 1; break; case 'e': set_escape_char(optarg); break; case 'f': #ifdef AUTHENTICATION #if defined(KRB5) && defined(FORWARD) if (forward_flags & OPTS_FORWARD_CREDS) { fprintf(stderr, "%s: Only one of -f and -F allowed.\n", prompt); usage(); } forward_flags |= OPTS_FORWARD_CREDS; #else fprintf(stderr, "%s: Warning: -f ignored, no Kerberos V5 support.\n", prompt); #endif #else fprintf(stderr, "%s: Warning: -f ignored, no Kerberos V5 support.\n", prompt); #endif break; case 'F': #ifdef AUTHENTICATION #if defined(KRB5) && defined(FORWARD) if (forward_flags & OPTS_FORWARD_CREDS) { fprintf(stderr, "%s: Only one of -f and -F allowed.\n", prompt); usage(); } forward_flags |= OPTS_FORWARD_CREDS; forward_flags |= OPTS_FORWARDABLE_CREDS; #else fprintf(stderr, "%s: Warning: -F ignored, no Kerberos V5 support.\n", prompt); #endif #else fprintf(stderr, "%s: Warning: -F ignored, no Kerberos V5 support.\n", prompt); #endif break; case 'k': #ifdef AUTHENTICATION #if defined(KRB4) { extern char *dest_realm, dst_realm_buf[], dst_realm_sz; dest_realm = dst_realm_buf; (void)strncpy(dest_realm, optarg, dst_realm_sz); } #else fprintf(stderr, "%s: Warning: -k ignored, no Kerberos V4 support.\n", prompt); #endif #else fprintf(stderr, "%s: Warning: -k ignored, no Kerberos V4 support.\n", prompt); #endif break; case 'l': #ifdef AUTHENTICATION /* This is the default now, so ignore it */ #else autologin = 1; #endif user = optarg; break; case 'n': SetNetTrace(optarg); break; case 'r': rlogin = '~'; break; case 's': src_addr = optarg; break; case 'u': family = AF_UNIX; break; case 'x': #ifndef ENCRYPTION fprintf(stderr, "%s: Warning: -x ignored, no ENCRYPT support.\n", prompt); #endif /* ENCRYPTION */ break; case 'y': #ifdef ENCRYPTION encrypt_auto(0); decrypt_auto(0); #else fprintf(stderr, "%s: Warning: -y ignored, no ENCRYPT support.\n", prompt); #endif /* ENCRYPTION */ break; #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) case 'P': if (!strncmp("in", optarg, 2)) ipsec_policy_in = strdup(optarg); else if (!strncmp("out", optarg, 3)) ipsec_policy_out = strdup(optarg); else usage(); break; #endif case '?': default: usage(); /* NOTREACHED */ } } if (autologin == -1) autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1; argc -= optind; argv += optind; if (argc) { char *args[9], **argp = args; if (argc > 2) usage(); *argp++ = prompt; if (user) { *argp++ = strdup("-l"); *argp++ = user; } if (src_addr) { *argp++ = strdup("-s"); *argp++ = src_addr; } *argp++ = argv[0]; /* host */ if (argc > 1) *argp++ = argv[1]; /* port */ *argp = 0; if (setjmp(toplevel) != 0) Exit(0); if (tn(argp - args, args) == 1) return (0); else return (1); } (void)setjmp(toplevel); for (;;) { command(1, 0, 0); } return 0; } diff --git a/contrib/telnet/telnet/network.c b/contrib/telnet/telnet/network.c index 9a62e8a94fab..438673ce3e0e 100644 --- a/contrib/telnet/telnet/network.c +++ b/contrib/telnet/telnet/network.c @@ -1,178 +1,176 @@ /* * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if 0 #ifndef lint static const char sccsid[] = "@(#)network.c 8.2 (Berkeley) 12/15/93"; #endif #endif -#include -__FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include "ring.h" #include "defines.h" #include "externs.h" #include "fdset.h" Ring netoring, netiring; unsigned char netobuf[2*BUFSIZ], netibuf[BUFSIZ]; /* * Initialize internal network data structures. */ void init_network(void) { if (ring_init(&netoring, netobuf, sizeof netobuf) != 1) { exit(1); } if (ring_init(&netiring, netibuf, sizeof netibuf) != 1) { exit(1); } NetTrace = stdout; } /* * Check to see if any out-of-band data exists on a socket (for * Telnet "synch" processing). */ int stilloob(void) { static struct timeval timeout = { 0, 0 }; fd_set excepts; int value; do { FD_ZERO(&excepts); FD_SET(net, &excepts); value = select(net+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout); } while ((value == -1) && (errno == EINTR)); if (value < 0) { perror("select"); (void) quit(); /* NOTREACHED */ } if (FD_ISSET(net, &excepts)) { return 1; } else { return 0; } } /* * setneturg() * * Sets "neturg" to the current location. */ void setneturg(void) { ring_mark(&netoring); } /* * netflush * Send as much data as possible to the network, * handling requests for urgent data. * * The return value indicates whether we did any * useful work. */ int netflush(void) { int n, n1; #ifdef ENCRYPTION if (encrypt_output) ring_encrypt(&netoring, encrypt_output); #endif /* ENCRYPTION */ if ((n1 = n = ring_full_consecutive(&netoring)) > 0) { if (!ring_at_mark(&netoring)) { n = send(net, (char *)netoring.consume, n, 0); /* normal write */ } else { /* * In 4.2 (and 4.3) systems, there is some question about * what byte in a sendOOB operation is the "OOB" data. * To make ourselves compatible, we only send ONE byte * out of band, the one WE THINK should be OOB (though * we really have more the TCP philosophy of urgent data * rather than the Unix philosophy of OOB data). */ n = send(net, (char *)netoring.consume, 1, MSG_OOB);/* URGENT data */ } } if (n < 0) { if (errno != ENOBUFS && errno != EWOULDBLOCK) { setcommandmode(); perror(hostname); (void)NetClose(net); ring_clear_mark(&netoring); ExitString("Connection closed by foreign host.\n", 1); /*NOTREACHED*/ } n = 0; } if (netdata && n) { Dump('>', netoring.consume, n); } if (n) { ring_consumed(&netoring, n); /* * If we sent all, and more to send, then recurse to pick * up the other half. */ if ((n1 == n) && ring_full_consecutive(&netoring)) { (void) netflush(); } return 1; } else { return 0; } } diff --git a/contrib/telnet/telnet/ring.c b/contrib/telnet/telnet/ring.c index 138e3c661045..d0e194c7d413 100644 --- a/contrib/telnet/telnet/ring.c +++ b/contrib/telnet/telnet/ring.c @@ -1,317 +1,315 @@ /* * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if 0 #ifndef lint static const char sccsid[] = "@(#)ring.c 8.2 (Berkeley) 5/30/95"; #endif #endif -#include -__FBSDID("$FreeBSD$"); /* * This defines a structure for a ring buffer. * * The circular buffer has two parts: *((( * full: [consume, supply) * empty: [supply, consume) *]]] * */ #include #include #include #ifdef size_t #undef size_t #endif #include #ifndef FILIO_H #include #endif #include #include "ring.h" #include "general.h" /* Internal macros */ #if !defined(MIN) #define MIN(a,b) (((a)<(b))? (a):(b)) #endif /* !defined(MIN) */ #define ring_subtract(d,a,b) (((a)-(b) >= 0)? \ (a)-(b): (((a)-(b))+(d)->size)) #define ring_increment(d,a,c) (((a)+(c) < (d)->top)? \ (a)+(c) : (((a)+(c))-(d)->size)) #define ring_decrement(d,a,c) (((a)-(c) >= (d)->bottom)? \ (a)-(c) : (((a)-(c))-(d)->size)) /* * The following is a clock, used to determine full, empty, etc. * * There is some trickiness here. Since the ring buffers are initialized * to ZERO on allocation, we need to make sure, when interpreting the * clock, that when the times are EQUAL, then the buffer is FULL. */ static u_long ring_clock = 0; #define ring_empty(d) (((d)->consume == (d)->supply) && \ ((d)->consumetime >= (d)->supplytime)) #define ring_full(d) (((d)->supply == (d)->consume) && \ ((d)->supplytime > (d)->consumetime)) /* Buffer state transition routines */ int ring_init(Ring *ring, unsigned char *buffer, int count) { memset((char *)ring, 0, sizeof *ring); ring->size = count; ring->supply = ring->consume = ring->bottom = buffer; ring->top = ring->bottom+ring->size; #ifdef ENCRYPTION ring->clearto = 0; #endif /* ENCRYPTION */ return 1; } /* Mark routines */ /* * Mark the most recently supplied byte. */ void ring_mark(Ring *ring) { ring->mark = ring_decrement(ring, ring->supply, 1); } /* * Is the ring pointing to the mark? */ int ring_at_mark(Ring *ring) { if (ring->mark == ring->consume) { return 1; } else { return 0; } } /* * Clear any mark set on the ring. */ void ring_clear_mark(Ring *ring) { ring->mark = 0; } /* * Add characters from current segment to ring buffer. */ void ring_supplied(Ring *ring, int count) { ring->supply = ring_increment(ring, ring->supply, count); ring->supplytime = ++ring_clock; } /* * We have just consumed "c" bytes. */ void ring_consumed(Ring *ring, int count) { if (count == 0) /* don't update anything */ return; if (ring->mark && (ring_subtract(ring, ring->mark, ring->consume) < count)) { ring->mark = 0; } #ifdef ENCRYPTION if (ring->consume < ring->clearto && ring->clearto <= ring->consume + count) ring->clearto = 0; else if (ring->consume + count > ring->top && ring->bottom <= ring->clearto && ring->bottom + ((ring->consume + count) - ring->top)) ring->clearto = 0; #endif /* ENCRYPTION */ ring->consume = ring_increment(ring, ring->consume, count); ring->consumetime = ++ring_clock; /* * Try to encourage "ring_empty_consecutive()" to be large. */ if (ring_empty(ring)) { ring->consume = ring->supply = ring->bottom; } } /* Buffer state query routines */ /* Number of bytes that may be supplied */ int ring_empty_count(Ring *ring) { if (ring_empty(ring)) { /* if empty */ return ring->size; } else { return ring_subtract(ring, ring->consume, ring->supply); } } /* number of CONSECUTIVE bytes that may be supplied */ int ring_empty_consecutive(Ring *ring) { if ((ring->consume < ring->supply) || ring_empty(ring)) { /* * if consume is "below" supply, or empty, then * return distance to the top */ return ring_subtract(ring, ring->top, ring->supply); } else { /* * else, return what we may. */ return ring_subtract(ring, ring->consume, ring->supply); } } /* Return the number of bytes that are available for consuming * (but don't give more than enough to get to cross over set mark) */ int ring_full_count(Ring *ring) { if ((ring->mark == 0) || (ring->mark == ring->consume)) { if (ring_full(ring)) { return ring->size; /* nothing consumed, but full */ } else { return ring_subtract(ring, ring->supply, ring->consume); } } else { return ring_subtract(ring, ring->mark, ring->consume); } } /* * Return the number of CONSECUTIVE bytes available for consuming. * However, don't return more than enough to cross over set mark. */ int ring_full_consecutive(Ring *ring) { if ((ring->mark == 0) || (ring->mark == ring->consume)) { if ((ring->supply < ring->consume) || ring_full(ring)) { return ring_subtract(ring, ring->top, ring->consume); } else { return ring_subtract(ring, ring->supply, ring->consume); } } else { if (ring->mark < ring->consume) { return ring_subtract(ring, ring->top, ring->consume); } else { /* Else, distance to mark */ return ring_subtract(ring, ring->mark, ring->consume); } } } /* * Move data into the "supply" portion of of the ring buffer. */ void ring_supply_data(Ring *ring, unsigned char *buffer, int count) { int i; while (count) { i = MIN(count, ring_empty_consecutive(ring)); memcpy(ring->supply, buffer, i); ring_supplied(ring, i); count -= i; buffer += i; } } #ifdef ENCRYPTION void ring_encrypt(Ring *ring, void (*encryptor)(unsigned char *, int)) { unsigned char *s, *c; if (ring_empty(ring) || ring->clearto == ring->supply) return; if (!(c = ring->clearto)) c = ring->consume; s = ring->supply; if (s <= c) { (*encryptor)(c, ring->top - c); (*encryptor)(ring->bottom, s - ring->bottom); } else (*encryptor)(c, s - c); ring->clearto = ring->supply; } void ring_clearto(Ring *ring) { if (!ring_empty(ring)) ring->clearto = ring->supply; else ring->clearto = 0; } #endif /* ENCRYPTION */ diff --git a/contrib/telnet/telnet/sys_bsd.c b/contrib/telnet/telnet/sys_bsd.c index fd57df7a88a3..01209782cdbb 100644 --- a/contrib/telnet/telnet/sys_bsd.c +++ b/contrib/telnet/telnet/sys_bsd.c @@ -1,1069 +1,1067 @@ /* * Copyright (c) 1988, 1990, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if 0 #ifndef lint static const char sccsid[] = "@(#)sys_bsd.c 8.4 (Berkeley) 5/30/95"; #endif #endif -#include -__FBSDID("$FreeBSD$"); /* * The following routines try to encapsulate what is system dependent * (at least between 4.x and dos) which is used in telnet.c. */ #include #include #include #include #include #include #include #include #include #include #include "ring.h" #include "fdset.h" #include "defines.h" #include "externs.h" #include "types.h" #include "baud.h" int tout, /* Output file descriptor */ tin, /* Input file descriptor */ net; #ifndef USE_TERMIO struct tchars otc = { 0 }, ntc = { 0 }; struct ltchars oltc = { 0 }, nltc = { 0 }; struct sgttyb ottyb = { 0 }, nttyb = { 0 }; int olmode = 0; # define cfgetispeed(ptr) (ptr)->sg_ispeed # define cfgetospeed(ptr) (ptr)->sg_ospeed # define old_tc ottyb #else /* USE_TERMIO */ struct termio old_tc = { 0, 0, 0, 0, {}, 0, 0 }; # ifndef TCSANOW # ifdef TCSETS # define TCSANOW TCSETS # define TCSADRAIN TCSETSW # define tcgetattr(f, t) ioctl(f, TCGETS, (char *)t) # else # ifdef TCSETA # define TCSANOW TCSETA # define TCSADRAIN TCSETAW # define tcgetattr(f, t) ioctl(f, TCGETA, (char *)t) # else # define TCSANOW TIOCSETA # define TCSADRAIN TIOCSETAW # define tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t) # endif # endif # define tcsetattr(f, a, t) ioctl(f, a, (char *)t) # define cfgetospeed(ptr) ((ptr)->c_cflag&CBAUD) # ifdef CIBAUD # define cfgetispeed(ptr) (((ptr)->c_cflag&CIBAUD) >> IBSHIFT) # else # define cfgetispeed(ptr) cfgetospeed(ptr) # endif # endif /* TCSANOW */ # ifdef sysV88 # define TIOCFLUSH TC_PX_DRAIN # endif #endif /* USE_TERMIO */ static fd_set *ibitsp, *obitsp, *xbitsp; int fdsn; #ifdef SIGINT static SIG_FUNC_RET intr(int); #endif /* SIGINT */ #ifdef SIGQUIT static SIG_FUNC_RET intr2(int); #endif /* SIGQUIT */ #ifdef SIGTSTP static SIG_FUNC_RET susp(int); #endif /* SIGTSTP */ #ifdef SIGINFO static SIG_FUNC_RET ayt(int); #endif void init_sys(void) { tout = fileno(stdout); tin = fileno(stdin); errno = 0; } int TerminalWrite(char *buf, int n) { return write(tout, buf, n); } int TerminalRead(char *buf, int n) { return read(tin, buf, n); } /* * */ int TerminalAutoFlush(void) { #if defined(LNOFLSH) int flush; ioctl(0, TIOCLGET, (char *)&flush); return !(flush&LNOFLSH); /* if LNOFLSH, no autoflush */ #else /* LNOFLSH */ return 1; #endif /* LNOFLSH */ } #ifdef KLUDGELINEMODE extern int kludgelinemode; #endif /* * TerminalSpecialChars() * * Look at an input character to see if it is a special character * and decide what to do. * * Output: * * 0 Don't add this character. * 1 Do add this character */ int TerminalSpecialChars(int c) { if (c == termIntChar) { intp(); return 0; } else if (c == termQuitChar) { #ifdef KLUDGELINEMODE if (kludgelinemode) sendbrk(); else #endif sendabort(); return 0; } else if (c == termEofChar) { if (my_want_state_is_will(TELOPT_LINEMODE)) { sendeof(); return 0; } return 1; } else if (c == termSuspChar) { sendsusp(); return(0); } else if (c == termFlushChar) { xmitAO(); /* Transmit Abort Output */ return 0; } else if (!MODE_LOCAL_CHARS(globalmode)) { if (c == termKillChar) { xmitEL(); return 0; } else if (c == termEraseChar) { xmitEC(); /* Transmit Erase Character */ return 0; } } return 1; } /* * Flush output to the terminal */ void TerminalFlushOutput(void) { #ifdef TIOCFLUSH (void) ioctl(fileno(stdout), TIOCFLUSH, (char *) 0); #else (void) ioctl(fileno(stdout), TCFLSH, (char *) 0); #endif } void TerminalSaveState(void) { #ifndef USE_TERMIO ioctl(0, TIOCGETP, (char *)&ottyb); ioctl(0, TIOCGETC, (char *)&otc); ioctl(0, TIOCGLTC, (char *)&oltc); ioctl(0, TIOCLGET, (char *)&olmode); ntc = otc; nltc = oltc; nttyb = ottyb; #else /* USE_TERMIO */ tcgetattr(0, &old_tc); new_tc = old_tc; #ifndef VDISCARD termFlushChar = CONTROL('O'); #endif #ifndef VWERASE termWerasChar = CONTROL('W'); #endif #ifndef VREPRINT termRprntChar = CONTROL('R'); #endif #ifndef VLNEXT termLiteralNextChar = CONTROL('V'); #endif #ifndef VSTART termStartChar = CONTROL('Q'); #endif #ifndef VSTOP termStopChar = CONTROL('S'); #endif #ifndef VSTATUS termAytChar = CONTROL('T'); #endif #endif /* USE_TERMIO */ } cc_t * tcval(int func) { switch(func) { case SLC_IP: return(&termIntChar); case SLC_ABORT: return(&termQuitChar); case SLC_EOF: return(&termEofChar); case SLC_EC: return(&termEraseChar); case SLC_EL: return(&termKillChar); case SLC_XON: return(&termStartChar); case SLC_XOFF: return(&termStopChar); case SLC_FORW1: return(&termForw1Char); #ifdef USE_TERMIO case SLC_FORW2: return(&termForw2Char); # ifdef VDISCARD case SLC_AO: return(&termFlushChar); # endif # ifdef VSUSP case SLC_SUSP: return(&termSuspChar); # endif # ifdef VWERASE case SLC_EW: return(&termWerasChar); # endif # ifdef VREPRINT case SLC_RP: return(&termRprntChar); # endif # ifdef VLNEXT case SLC_LNEXT: return(&termLiteralNextChar); # endif # ifdef VSTATUS case SLC_AYT: return(&termAytChar); # endif #endif case SLC_SYNCH: case SLC_BRK: case SLC_EOR: default: return((cc_t *)0); } } void TerminalDefaultChars(void) { #ifndef USE_TERMIO ntc = otc; nltc = oltc; nttyb.sg_kill = ottyb.sg_kill; nttyb.sg_erase = ottyb.sg_erase; #else /* USE_TERMIO */ memcpy(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc)); # ifndef VDISCARD termFlushChar = CONTROL('O'); # endif # ifndef VWERASE termWerasChar = CONTROL('W'); # endif # ifndef VREPRINT termRprntChar = CONTROL('R'); # endif # ifndef VLNEXT termLiteralNextChar = CONTROL('V'); # endif # ifndef VSTART termStartChar = CONTROL('Q'); # endif # ifndef VSTOP termStopChar = CONTROL('S'); # endif # ifndef VSTATUS termAytChar = CONTROL('T'); # endif #endif /* USE_TERMIO */ } /* * TerminalNewMode - set up terminal to a specific mode. * MODE_ECHO: do local terminal echo * MODE_FLOW: do local flow control * MODE_TRAPSIG: do local mapping to TELNET IAC sequences * MODE_EDIT: do local line editing * * Command mode: * MODE_ECHO|MODE_EDIT|MODE_FLOW|MODE_TRAPSIG * local echo * local editing * local xon/xoff * local signal mapping * * Linemode: * local/no editing * Both Linemode and Single Character mode: * local/remote echo * local/no xon/xoff * local/no signal mapping */ void TerminalNewMode(int f) { static int prevmode = 0; #ifndef USE_TERMIO struct tchars tc; struct ltchars ltc; struct sgttyb sb; int lmode; #else /* USE_TERMIO */ struct termio tmp_tc; #endif /* USE_TERMIO */ int onoff; int old; cc_t esc; globalmode = f&~MODE_FORCE; if (prevmode == f) return; /* * Write any outstanding data before switching modes * ttyflush() returns 0 only when there is no more data * left to write out, it returns -1 if it couldn't do * anything at all, otherwise it returns 1 + the number * of characters left to write. #ifndef USE_TERMIO * We would really like ask the kernel to wait for the output * to drain, like we can do with the TCSADRAIN, but we don't have * that option. The only ioctl that waits for the output to * drain, TIOCSETP, also flushes the input queue, which is NOT * what we want (TIOCSETP is like TCSADFLUSH). #endif */ old = ttyflush(SYNCHing|flushout); if (old < 0 || old > 1) { #ifdef USE_TERMIO tcgetattr(tin, &tmp_tc); #endif /* USE_TERMIO */ do { /* * Wait for data to drain, then flush again. */ #ifdef USE_TERMIO tcsetattr(tin, TCSADRAIN, &tmp_tc); #endif /* USE_TERMIO */ old = ttyflush(SYNCHing|flushout); } while (old < 0 || old > 1); } old = prevmode; prevmode = f&~MODE_FORCE; #ifndef USE_TERMIO sb = nttyb; tc = ntc; ltc = nltc; lmode = olmode; #else tmp_tc = new_tc; #endif if (f&MODE_ECHO) { #ifndef USE_TERMIO sb.sg_flags |= ECHO; #else tmp_tc.c_lflag |= ECHO; tmp_tc.c_oflag |= ONLCR; if (crlf) tmp_tc.c_iflag |= ICRNL; #endif } else { #ifndef USE_TERMIO sb.sg_flags &= ~ECHO; #else tmp_tc.c_lflag &= ~ECHO; tmp_tc.c_oflag &= ~ONLCR; #endif } if ((f&MODE_FLOW) == 0) { #ifndef USE_TERMIO tc.t_startc = _POSIX_VDISABLE; tc.t_stopc = _POSIX_VDISABLE; #else tmp_tc.c_iflag &= ~(IXOFF|IXON); /* Leave the IXANY bit alone */ } else { if (restartany < 0) { tmp_tc.c_iflag |= IXOFF|IXON; /* Leave the IXANY bit alone */ } else if (restartany > 0) { tmp_tc.c_iflag |= IXOFF|IXON|IXANY; } else { tmp_tc.c_iflag |= IXOFF|IXON; tmp_tc.c_iflag &= ~IXANY; } #endif } if ((f&MODE_TRAPSIG) == 0) { #ifndef USE_TERMIO tc.t_intrc = _POSIX_VDISABLE; tc.t_quitc = _POSIX_VDISABLE; tc.t_eofc = _POSIX_VDISABLE; ltc.t_suspc = _POSIX_VDISABLE; ltc.t_dsuspc = _POSIX_VDISABLE; #else tmp_tc.c_lflag &= ~ISIG; #endif localchars = 0; } else { #ifdef USE_TERMIO tmp_tc.c_lflag |= ISIG; #endif localchars = 1; } if (f&MODE_EDIT) { #ifndef USE_TERMIO sb.sg_flags &= ~CBREAK; sb.sg_flags |= CRMOD; #else tmp_tc.c_lflag |= ICANON; #endif } else { #ifndef USE_TERMIO sb.sg_flags |= CBREAK; if (f&MODE_ECHO) sb.sg_flags |= CRMOD; else sb.sg_flags &= ~CRMOD; #else tmp_tc.c_lflag &= ~ICANON; tmp_tc.c_iflag &= ~ICRNL; tmp_tc.c_cc[VMIN] = 1; tmp_tc.c_cc[VTIME] = 0; #endif } if ((f&(MODE_EDIT|MODE_TRAPSIG)) == 0) { #ifndef USE_TERMIO ltc.t_lnextc = _POSIX_VDISABLE; #else # ifdef VLNEXT tmp_tc.c_cc[VLNEXT] = (cc_t)(_POSIX_VDISABLE); # endif #endif } if (f&MODE_SOFT_TAB) { #ifndef USE_TERMIO sb.sg_flags |= XTABS; #else # ifdef OXTABS tmp_tc.c_oflag |= OXTABS; # endif # ifdef TABDLY tmp_tc.c_oflag &= ~TABDLY; tmp_tc.c_oflag |= TAB3; # endif #endif } else { #ifndef USE_TERMIO sb.sg_flags &= ~XTABS; #else # ifdef OXTABS tmp_tc.c_oflag &= ~OXTABS; # endif # ifdef TABDLY tmp_tc.c_oflag &= ~TABDLY; # endif #endif } if (f&MODE_LIT_ECHO) { #ifndef USE_TERMIO lmode &= ~LCTLECH; #else # ifdef ECHOCTL tmp_tc.c_lflag &= ~ECHOCTL; # endif #endif } else { #ifndef USE_TERMIO lmode |= LCTLECH; #else # ifdef ECHOCTL tmp_tc.c_lflag |= ECHOCTL; # endif #endif } if (f == -1) { onoff = 0; } else { #ifndef USE_TERMIO if (f & MODE_OUTBIN) lmode |= LLITOUT; else lmode &= ~LLITOUT; if (f & MODE_INBIN) lmode |= LPASS8; else lmode &= ~LPASS8; #else if (f & MODE_INBIN) tmp_tc.c_iflag &= ~ISTRIP; else tmp_tc.c_iflag |= ISTRIP; if (f & MODE_OUTBIN) { tmp_tc.c_cflag &= ~(CSIZE|PARENB); tmp_tc.c_cflag |= CS8; tmp_tc.c_oflag &= ~OPOST; } else { tmp_tc.c_cflag &= ~(CSIZE|PARENB); tmp_tc.c_cflag |= old_tc.c_cflag & (CSIZE|PARENB); tmp_tc.c_oflag |= OPOST; } #endif onoff = 1; } if (f != -1) { #ifdef SIGINT (void) signal(SIGINT, intr); #endif #ifdef SIGQUIT (void) signal(SIGQUIT, intr2); #endif #ifdef SIGTSTP (void) signal(SIGTSTP, susp); #endif /* SIGTSTP */ #ifdef SIGINFO (void) signal(SIGINFO, ayt); #endif #if defined(USE_TERMIO) && defined(NOKERNINFO) tmp_tc.c_lflag |= NOKERNINFO; #endif /* * We don't want to process ^Y here. It's just another * character that we'll pass on to the back end. It has * to process it because it will be processed when the * user attempts to read it, not when we send it. */ #ifndef USE_TERMIO ltc.t_dsuspc = _POSIX_VDISABLE; #else # ifdef VDSUSP tmp_tc.c_cc[VDSUSP] = (cc_t)(_POSIX_VDISABLE); # endif #endif #ifdef USE_TERMIO /* * If the VEOL character is already set, then use VEOL2, * otherwise use VEOL. */ esc = (rlogin != _POSIX_VDISABLE) ? rlogin : escape; if ((tmp_tc.c_cc[VEOL] != esc) # ifdef VEOL2 && (tmp_tc.c_cc[VEOL2] != esc) # endif ) { if (tmp_tc.c_cc[VEOL] == (cc_t)(_POSIX_VDISABLE)) tmp_tc.c_cc[VEOL] = esc; # ifdef VEOL2 else if (tmp_tc.c_cc[VEOL2] == (cc_t)(_POSIX_VDISABLE)) tmp_tc.c_cc[VEOL2] = esc; # endif } #else if (tc.t_brkc == (cc_t)(_POSIX_VDISABLE)) tc.t_brkc = esc; #endif } else { #ifdef SIGINFO (void) signal(SIGINFO, (void (*)(int))ayt_status); #endif #ifdef SIGINT (void) signal(SIGINT, SIG_DFL); #endif #ifdef SIGQUIT (void) signal(SIGQUIT, SIG_DFL); #endif #ifdef SIGTSTP (void) signal(SIGTSTP, SIG_DFL); # ifndef SOLARIS (void) sigsetmask(sigblock(0) & ~(1<<(SIGTSTP-1))); # else /* SOLARIS */ (void) sigrelse(SIGTSTP); # endif /* SOLARIS */ #endif /* SIGTSTP */ #ifndef USE_TERMIO ltc = oltc; tc = otc; sb = ottyb; lmode = olmode; #else tmp_tc = old_tc; #endif } #ifndef USE_TERMIO ioctl(tin, TIOCLSET, (char *)&lmode); ioctl(tin, TIOCSLTC, (char *)<c); ioctl(tin, TIOCSETC, (char *)&tc); ioctl(tin, TIOCSETN, (char *)&sb); #else if (tcsetattr(tin, TCSADRAIN, &tmp_tc) < 0) tcsetattr(tin, TCSANOW, &tmp_tc); #endif ioctl(tin, FIONBIO, (char *)&onoff); ioctl(tout, FIONBIO, (char *)&onoff); } void TerminalSpeeds(long *ispeed, long *ospeed) { #ifdef DECODE_BAUD struct termspeeds *tp; #endif /* DECODE_BAUD */ long in, out; out = cfgetospeed(&old_tc); in = cfgetispeed(&old_tc); if (in == 0) in = out; #ifdef DECODE_BAUD tp = termspeeds; while ((tp->speed != -1) && (tp->value < in)) tp++; *ispeed = tp->speed; tp = termspeeds; while ((tp->speed != -1) && (tp->value < out)) tp++; *ospeed = tp->speed; #else /* DECODE_BAUD */ *ispeed = in; *ospeed = out; #endif /* DECODE_BAUD */ } int TerminalWindowSize(long *rows, long *cols) { #ifdef TIOCGWINSZ struct winsize ws; if (ioctl(fileno(stdin), TIOCGWINSZ, (char *)&ws) >= 0) { *rows = ws.ws_row; *cols = ws.ws_col; return 1; } #endif /* TIOCGWINSZ */ return 0; } int NetClose(int fd) { return close(fd); } static void NetNonblockingIO(int fd, int onoff) { ioctl(fd, FIONBIO, (char *)&onoff); } /* * Various signal handling routines. */ /* ARGSUSED */ SIG_FUNC_RET intr(int sig __unused) { if (localchars) { intp(); return; } setcommandmode(); longjmp(toplevel, -1); } /* ARGSUSED */ SIG_FUNC_RET intr2(int sig __unused) { if (localchars) { #ifdef KLUDGELINEMODE if (kludgelinemode) sendbrk(); else #endif sendabort(); return; } } #ifdef SIGTSTP /* ARGSUSED */ SIG_FUNC_RET susp(int sig __unused) { if ((rlogin != _POSIX_VDISABLE) && rlogin_susp()) return; if (localchars) sendsusp(); } #endif #ifdef SIGWINCH /* ARGSUSED */ static SIG_FUNC_RET sendwin(int sig __unused) { if (connected) { sendnaws(); } } #endif #ifdef SIGINFO /* ARGSUSED */ SIG_FUNC_RET ayt(int sig __unused) { if (connected) sendayt(); else ayt_status(); } #endif void sys_telnet_init(void) { (void) signal(SIGINT, intr); (void) signal(SIGQUIT, intr2); (void) signal(SIGPIPE, SIG_IGN); #ifdef SIGWINCH (void) signal(SIGWINCH, sendwin); #endif #ifdef SIGTSTP (void) signal(SIGTSTP, susp); #endif #ifdef SIGINFO (void) signal(SIGINFO, ayt); #endif setconnmode(0); NetNonblockingIO(net, 1); #if defined(SO_OOBINLINE) if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) == -1) { perror("SetSockOpt"); } #endif /* defined(SO_OOBINLINE) */ } /* * Process rings - * * This routine tries to fill up/empty our various rings. * * The parameter specifies whether this is a poll operation, * or a block-until-something-happens operation. * * The return value is 1 if something happened, 0 if not. */ int process_rings(int netin, int netout, int netex, int ttyin, int ttyout, int poll) { int c; int returnValue = 0; static struct timeval TimeValue = { 0, 0 }; int maxfd = -1; int tmp; if ((netout || netin || netex) && net > maxfd) maxfd = net; if (ttyout && tout > maxfd) maxfd = tout; if (ttyin && tin > maxfd) maxfd = tin; tmp = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask); if (tmp > fdsn) { if (ibitsp) free(ibitsp); if (obitsp) free(obitsp); if (xbitsp) free(xbitsp); fdsn = tmp; if ((ibitsp = (fd_set *)malloc(fdsn)) == NULL) err(1, "malloc"); if ((obitsp = (fd_set *)malloc(fdsn)) == NULL) err(1, "malloc"); if ((xbitsp = (fd_set *)malloc(fdsn)) == NULL) err(1, "malloc"); memset(ibitsp, 0, fdsn); memset(obitsp, 0, fdsn); memset(xbitsp, 0, fdsn); } if (netout) FD_SET(net, obitsp); if (ttyout) FD_SET(tout, obitsp); if (ttyin) FD_SET(tin, ibitsp); if (netin) FD_SET(net, ibitsp); if (netex) FD_SET(net, xbitsp); if ((c = select(maxfd + 1, ibitsp, obitsp, xbitsp, (poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) { if (c == -1) { /* * we can get EINTR if we are in line mode, * and the user does an escape (TSTP), or * some other signal generator. */ if (errno == EINTR) { return 0; } /* I don't like this, does it ever happen? */ printf("sleep(5) from telnet, after select: %s\r\n", strerror(errno)); sleep(5); } return 0; } /* * Any urgent data? */ if (FD_ISSET(net, xbitsp)) { FD_CLR(net, xbitsp); SYNCHing = 1; (void) ttyflush(1); /* flush already enqueued data */ } /* * Something to read from the network... */ if (FD_ISSET(net, ibitsp)) { int canread; FD_CLR(net, ibitsp); canread = ring_empty_consecutive(&netiring); #if !defined(SO_OOBINLINE) /* * In 4.2 (and some early 4.3) systems, the * OOB indication and data handling in the kernel * is such that if two separate TCP Urgent requests * come in, one byte of TCP data will be overlaid. * This is fatal for Telnet, but we try to live * with it. * * In addition, in 4.2 (and...), a special protocol * is needed to pick up the TCP Urgent data in * the correct sequence. * * What we do is: if we think we are in urgent * mode, we look to see if we are "at the mark". * If we are, we do an OOB receive. If we run * this twice, we will do the OOB receive twice, * but the second will fail, since the second * time we were "at the mark", but there wasn't * any data there (the kernel doesn't reset * "at the mark" until we do a normal read). * Once we've read the OOB data, we go ahead * and do normal reads. * * There is also another problem, which is that * since the OOB byte we read doesn't put us * out of OOB state, and since that byte is most * likely the TELNET DM (data mark), we would * stay in the TELNET SYNCH (SYNCHing) state. * So, clocks to the rescue. If we've "just" * received a DM, then we test for the * presence of OOB data when the receive OOB * fails (and AFTER we did the normal mode read * to clear "at the mark"). */ if (SYNCHing) { int atmark; static int bogus_oob = 0, first = 1; ioctl(net, SIOCATMARK, (char *)&atmark); if (atmark) { c = recv(net, netiring.supply, canread, MSG_OOB); if ((c == -1) && (errno == EINVAL)) { c = recv(net, netiring.supply, canread, 0); if (clocks.didnetreceive < clocks.gotDM) { SYNCHing = stilloob(net); } } else if (first && c > 0) { /* * Bogosity check. Systems based on 4.2BSD * do not return an error if you do a second * recv(MSG_OOB). So, we do one. If it * succeeds and returns exactly the same * data, then assume that we are running * on a broken system and set the bogus_oob * flag. (If the data was different, then * we probably got some valid new data, so * increment the count...) */ int i; i = recv(net, netiring.supply + c, canread - c, MSG_OOB); if (i == c && memcmp(netiring.supply, netiring.supply + c, i) == 0) { bogus_oob = 1; first = 0; } else if (i < 0) { bogus_oob = 0; first = 0; } else c += i; } if (bogus_oob && c > 0) { int i; /* * Bogosity. We have to do the read * to clear the atmark to get out of * an infinate loop. */ i = read(net, netiring.supply + c, canread - c); if (i > 0) c += i; } } else { c = recv(net, netiring.supply, canread, 0); } } else { c = recv(net, netiring.supply, canread, 0); } settimer(didnetreceive); #else /* !defined(SO_OOBINLINE) */ c = recv(net, (char *)netiring.supply, canread, 0); #endif /* !defined(SO_OOBINLINE) */ if (c < 0 && errno == EWOULDBLOCK) { c = 0; } else if (c <= 0) { return -1; } if (netdata) { Dump('<', netiring.supply, c); } if (c) ring_supplied(&netiring, c); returnValue = 1; } /* * Something to read from the tty... */ if (FD_ISSET(tin, ibitsp)) { FD_CLR(tin, ibitsp); c = TerminalRead(ttyiring.supply, ring_empty_consecutive(&ttyiring)); if (c < 0 && errno == EIO) c = 0; if (c < 0 && errno == EWOULDBLOCK) { c = 0; } else { /* EOF detection for line mode!!!! */ if ((c == 0) && MODE_LOCAL_CHARS(globalmode) && isatty(tin)) { /* must be an EOF... */ *ttyiring.supply = termEofChar; c = 1; } if (c <= 0) { return -1; } if (termdata) { Dump('<', ttyiring.supply, c); } ring_supplied(&ttyiring, c); } returnValue = 1; /* did something useful */ } if (FD_ISSET(net, obitsp)) { FD_CLR(net, obitsp); returnValue |= netflush(); } if (FD_ISSET(tout, obitsp)) { FD_CLR(tout, obitsp); returnValue |= (ttyflush(SYNCHing|flushout) > 0); } return returnValue; } diff --git a/contrib/telnet/telnet/telnet.c b/contrib/telnet/telnet/telnet.c index b6b2432ef3ec..a35ea40c4cd8 100644 --- a/contrib/telnet/telnet/telnet.c +++ b/contrib/telnet/telnet/telnet.c @@ -1,2436 +1,2434 @@ /* * Copyright (c) 1988, 1990, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if 0 #ifndef lint static const char sccsid[] = "@(#)telnet.c 8.4 (Berkeley) 5/30/95"; #endif #endif -#include -__FBSDID("$FreeBSD$"); #include /* By the way, we need to include curses.h before telnet.h since, * among other things, telnet.h #defines 'DO', which is a variable * declared in curses.h. */ #include #include #include #include #include #include #include #include #include "ring.h" #include "defines.h" #include "externs.h" #include "types.h" #include "general.h" #ifdef AUTHENTICATION #include #endif #ifdef ENCRYPTION #include #endif #include #define strip(x) ((my_want_state_is_wont(TELOPT_BINARY)) ? ((x)&0x7f) : (x)) static unsigned char subbuffer[SUBBUFSIZE], *subpointer, *subend; /* buffer for sub-options */ #define SB_CLEAR() subpointer = subbuffer; #define SB_TERM() { subend = subpointer; SB_CLEAR(); } #define SB_ACCUM(c) if (subpointer < (subbuffer+sizeof subbuffer)) { \ *subpointer++ = (c); \ } #define SB_GET() ((*subpointer++)&0xff) #define SB_PEEK() ((*subpointer)&0xff) #define SB_EOF() (subpointer >= subend) #define SB_LEN() (subend - subpointer) char options[256]; /* The combined options */ char do_dont_resp[256]; char will_wont_resp[256]; int eight = 0, autologin = 0, /* Autologin anyone? */ skiprc = 0, connected, showoptions, ISend, /* trying to send network data in */ telnet_debug = 0, crmod, netdata, /* Print out network data flow */ crlf, /* Should '\r' be mapped to (or )? */ telnetport, SYNCHing, /* we are in TELNET SYNCH mode */ flushout, /* flush output */ autoflush = 0, /* flush output when interrupting? */ autosynch, /* send interrupt characters with SYNCH? */ localflow, /* we handle flow control locally */ restartany, /* if flow control enabled, restart on any character */ localchars, /* we recognize interrupt/quit */ donelclchars, /* the user has set "localchars" */ donebinarytoggle, /* the user has put us in binary */ dontlecho, /* do we suppress local echoing right now? */ globalmode, doaddrlookup = 1, /* do a reverse address lookup? */ clienteof = 0; char *prompt = 0; #ifdef ENCRYPTION char *line; /* hack around breakage in sra.c :-( !! */ #endif cc_t escape; cc_t rlogin; #ifdef KLUDGELINEMODE cc_t echoc; #endif /* * Telnet receiver states for fsm */ #define TS_DATA 0 #define TS_IAC 1 #define TS_WILL 2 #define TS_WONT 3 #define TS_DO 4 #define TS_DONT 5 #define TS_CR 6 #define TS_SB 7 /* sub-option collection */ #define TS_SE 8 /* looking for sub-option end */ static int telrcv_state; #ifdef OLD_ENVIRON unsigned char telopt_environ = TELOPT_NEW_ENVIRON; #else # define telopt_environ TELOPT_NEW_ENVIRON #endif jmp_buf toplevel; int flushline; int linemode; #ifdef KLUDGELINEMODE int kludgelinemode = 1; #endif static int is_unique(char *, char **, char **); /* * The following are some clocks used to decide how to interpret * the relationship between various variables. */ Clocks clocks; /* * Initialize telnet environment. */ void init_telnet(void) { env_init(); SB_CLEAR(); ClearArray(options); connected = ISend = localflow = donebinarytoggle = 0; #ifdef AUTHENTICATION #ifdef ENCRYPTION auth_encrypt_connect(connected); #endif #endif restartany = -1; SYNCHing = 0; /* Don't change NetTrace */ escape = CONTROL(']'); rlogin = _POSIX_VDISABLE; #ifdef KLUDGELINEMODE echoc = CONTROL('E'); #endif flushline = 1; telrcv_state = TS_DATA; } /* * These routines are in charge of sending option negotiations * to the other side. * * The basic idea is that we send the negotiation if either side * is in disagreement as to what the current state should be. */ unsigned char ComPortBaudRate[256]; void DoBaudRate(char *arg) { char *temp, temp2[10]; int i; uint32_t baudrate; errno = 0; baudrate = (uint32_t)strtol(arg, &temp, 10); if (temp[0] != '\0' || (baudrate == 0 && errno != 0)) ExitString("Invalid baud rate provided.\n", 1); for (i = 1; termspeeds[i].speed != -1; i++) if (baudrate == termspeeds[i].speed) break; if (termspeeds[i].speed == -1) ExitString("Invalid baud rate provided.\n", 1); strlcpy(ComPortBaudRate, arg, sizeof(ComPortBaudRate)); if (NETROOM() < sizeof(temp2)) { ExitString("No room in buffer for baud rate.\n", 1); /* NOTREACHED */ } snprintf(temp2, sizeof(temp2), "%c%c%c%c....%c%c", IAC, SB, TELOPT_COMPORT, COMPORT_SET_BAUDRATE, IAC, SE); baudrate = htonl(baudrate); memcpy(&temp2[4], &baudrate, sizeof(baudrate)); ring_supply_data(&netoring, temp2, sizeof(temp2)); printsub('>', &temp[2], sizeof(temp2) - 2); } void send_do(int c, int init) { if (init) { if (((do_dont_resp[c] == 0) && my_state_is_do(c)) || my_want_state_is_do(c)) return; set_my_want_state_do(c); do_dont_resp[c]++; } if (telnetport < 0) return; NET2ADD(IAC, DO); NETADD(c); printoption("SENT", DO, c); } void send_dont(int c, int init) { if (init) { if (((do_dont_resp[c] == 0) && my_state_is_dont(c)) || my_want_state_is_dont(c)) return; set_my_want_state_dont(c); do_dont_resp[c]++; } if (telnetport < 0) return; NET2ADD(IAC, DONT); NETADD(c); printoption("SENT", DONT, c); } void send_will(int c, int init) { if (init) { if (((will_wont_resp[c] == 0) && my_state_is_will(c)) || my_want_state_is_will(c)) return; set_my_want_state_will(c); will_wont_resp[c]++; } if (telnetport < 0) return; NET2ADD(IAC, WILL); NETADD(c); printoption("SENT", WILL, c); } void send_wont(int c, int init) { if (init) { if (((will_wont_resp[c] == 0) && my_state_is_wont(c)) || my_want_state_is_wont(c)) return; set_my_want_state_wont(c); will_wont_resp[c]++; } if (telnetport < 0) return; NET2ADD(IAC, WONT); NETADD(c); printoption("SENT", WONT, c); } void willoption(int option) { int new_state_ok = 0; if (do_dont_resp[option]) { --do_dont_resp[option]; if (do_dont_resp[option] && my_state_is_do(option)) --do_dont_resp[option]; } if ((do_dont_resp[option] == 0) && my_want_state_is_dont(option)) { switch (option) { case TELOPT_ECHO: case TELOPT_BINARY: case TELOPT_SGA: settimer(modenegotiated); /* FALLTHROUGH */ case TELOPT_STATUS: #ifdef AUTHENTICATION case TELOPT_AUTHENTICATION: #endif #ifdef ENCRYPTION case TELOPT_ENCRYPT: #endif /* ENCRYPTION */ new_state_ok = 1; break; case TELOPT_TM: if (flushout) flushout = 0; /* * Special case for TM. If we get back a WILL, * pretend we got back a WONT. */ set_my_want_state_dont(option); set_my_state_dont(option); return; /* Never reply to TM will's/wont's */ case TELOPT_LINEMODE: default: break; } if (new_state_ok) { set_my_want_state_do(option); send_do(option, 0); setconnmode(0); /* possibly set new tty mode */ } else { do_dont_resp[option]++; send_dont(option, 0); } } set_my_state_do(option); #ifdef ENCRYPTION if (option == TELOPT_ENCRYPT) encrypt_send_support(); #endif /* ENCRYPTION */ } void wontoption(int option) { if (do_dont_resp[option]) { --do_dont_resp[option]; if (do_dont_resp[option] && my_state_is_dont(option)) --do_dont_resp[option]; } if ((do_dont_resp[option] == 0) && my_want_state_is_do(option)) { switch (option) { #ifdef KLUDGELINEMODE case TELOPT_SGA: if (!kludgelinemode) break; /* FALLTHROUGH */ #endif case TELOPT_ECHO: settimer(modenegotiated); break; case TELOPT_TM: if (flushout) flushout = 0; set_my_want_state_dont(option); set_my_state_dont(option); return; /* Never reply to TM will's/wont's */ default: break; } set_my_want_state_dont(option); if (my_state_is_do(option)) send_dont(option, 0); setconnmode(0); /* Set new tty mode */ } else if (option == TELOPT_TM) { /* * Special case for TM. */ if (flushout) flushout = 0; set_my_want_state_dont(option); } set_my_state_dont(option); } static void dooption(int option) { int new_state_ok = 0; if (will_wont_resp[option]) { --will_wont_resp[option]; if (will_wont_resp[option] && my_state_is_will(option)) --will_wont_resp[option]; } if (will_wont_resp[option] == 0) { if (my_want_state_is_wont(option)) { switch (option) { case TELOPT_TM: /* * Special case for TM. We send a WILL, but pretend * we sent WONT. */ send_will(option, 0); set_my_want_state_wont(TELOPT_TM); set_my_state_wont(TELOPT_TM); return; case TELOPT_BINARY: /* binary mode */ case TELOPT_NAWS: /* window size */ case TELOPT_TSPEED: /* terminal speed */ case TELOPT_LFLOW: /* local flow control */ case TELOPT_TTYPE: /* terminal type option */ case TELOPT_SGA: /* no big deal */ #ifdef ENCRYPTION case TELOPT_ENCRYPT: /* encryption variable option */ #endif /* ENCRYPTION */ new_state_ok = 1; break; case TELOPT_NEW_ENVIRON: /* New environment variable option */ #ifdef OLD_ENVIRON if (my_state_is_will(TELOPT_OLD_ENVIRON)) send_wont(TELOPT_OLD_ENVIRON, 1); /* turn off the old */ goto env_common; case TELOPT_OLD_ENVIRON: /* Old environment variable option */ if (my_state_is_will(TELOPT_NEW_ENVIRON)) break; /* Don't enable if new one is in use! */ env_common: telopt_environ = option; #endif new_state_ok = 1; break; #ifdef AUTHENTICATION case TELOPT_AUTHENTICATION: if (autologin) new_state_ok = 1; break; #endif case TELOPT_XDISPLOC: /* X Display location */ if (env_getvalue("DISPLAY")) new_state_ok = 1; break; case TELOPT_LINEMODE: #ifdef KLUDGELINEMODE kludgelinemode = 0; send_do(TELOPT_SGA, 1); #endif set_my_want_state_will(TELOPT_LINEMODE); send_will(option, 0); set_my_state_will(TELOPT_LINEMODE); slc_init(); return; case TELOPT_ECHO: /* We're never going to echo... */ default: break; } if (new_state_ok) { set_my_want_state_will(option); send_will(option, 0); setconnmode(0); /* Set new tty mode */ } else { will_wont_resp[option]++; send_wont(option, 0); } } else { /* * Handle options that need more things done after the * other side has acknowledged the option. */ switch (option) { case TELOPT_LINEMODE: #ifdef KLUDGELINEMODE kludgelinemode = 0; send_do(TELOPT_SGA, 1); #endif set_my_state_will(option); slc_init(); send_do(TELOPT_SGA, 0); return; } } } set_my_state_will(option); } static void dontoption(int option) { if (will_wont_resp[option]) { --will_wont_resp[option]; if (will_wont_resp[option] && my_state_is_wont(option)) --will_wont_resp[option]; } if ((will_wont_resp[option] == 0) && my_want_state_is_will(option)) { switch (option) { case TELOPT_LINEMODE: linemode = 0; /* put us back to the default state */ break; #ifdef OLD_ENVIRON case TELOPT_NEW_ENVIRON: /* * The new environ option wasn't recognized, try * the old one. */ send_will(TELOPT_OLD_ENVIRON, 1); telopt_environ = TELOPT_OLD_ENVIRON; break; #endif } /* we always accept a DONT */ set_my_want_state_wont(option); if (my_state_is_will(option)) send_wont(option, 0); setconnmode(0); /* Set new tty mode */ } set_my_state_wont(option); } /* * Given a buffer returned by tgetent(), this routine will turn * the pipe separated list of names in the buffer into an array * of pointers to null terminated names. We toss out any bad, * duplicate, or verbose names (names with spaces). */ static const char *name_unknown = "UNKNOWN"; static const char *unknown[] = { NULL, NULL }; static const char ** mklist(char *buf, char *name) { int n; char c, *cp, **argvp, *cp2, **argv, **avt; if (name) { if (strlen(name) > 40) { name = 0; unknown[0] = name_unknown; } else { unknown[0] = name; upcase(name); } } else unknown[0] = name_unknown; /* * Count up the number of names. */ for (n = 1, cp = buf; *cp && *cp != ':'; cp++) { if (*cp == '|') n++; } /* * Allocate an array to put the name pointers into */ argv = (char **)malloc((n+3)*sizeof(char *)); if (argv == 0) return(unknown); /* * Fill up the array of pointers to names. */ *argv = 0; argvp = argv+1; n = 0; for (cp = cp2 = buf; (c = *cp); cp++) { if (c == '|' || c == ':') { *cp++ = '\0'; /* * Skip entries that have spaces or are over 40 * characters long. If this is our environment * name, then put it up front. Otherwise, as * long as this is not a duplicate name (case * insensitive) add it to the list. */ if (n || (cp - cp2 > 41)) ; else if (name && (strncasecmp(name, cp2, cp-cp2) == 0)) *argv = cp2; else if (is_unique(cp2, argv+1, argvp)) *argvp++ = cp2; if (c == ':') break; /* * Skip multiple delimiters. Reset cp2 to * the beginning of the next name. Reset n, * the flag for names with spaces. */ while ((c = *cp) == '|') cp++; cp2 = cp; n = 0; } /* * Skip entries with spaces or non-ascii values. * Convert lower case letters to upper case. */ if ((c == ' ') || !isascii(c)) n = 1; else if (islower(c)) *cp = toupper(c); } /* * Check for an old V6 2 character name. If the second * name points to the beginning of the buffer, and is * only 2 characters long, move it to the end of the array. */ if ((argv[1] == buf) && (strlen(argv[1]) == 2)) { --argvp; for (avt = &argv[1]; avt < argvp; avt++) *avt = *(avt+1); *argvp++ = buf; } /* * Duplicate last name, for TTYPE option, and null * terminate the array. If we didn't find a match on * our terminal name, put that name at the beginning. */ cp = *(argvp-1); *argvp++ = cp; *argvp = 0; if (*argv == 0) { if (name) *argv = name; else { --argvp; for (avt = argv; avt < argvp; avt++) *avt = *(avt+1); } } if (*argv) return((const char **)argv); else return(unknown); } static int is_unique(char *name, char **as, char **ae) { char **ap; int n; n = strlen(name) + 1; for (ap = as; ap < ae; ap++) if (strncasecmp(*ap, name, n) == 0) return(0); return (1); } #ifdef TERMCAP char termbuf[1024]; /*ARGSUSED*/ static int setupterm(char *tname, int fd, int *errp) { if (tgetent(termbuf, tname) == 1) { termbuf[1023] = '\0'; if (errp) *errp = 1; return(0); } if (errp) *errp = 0; return(-1); } #else #define termbuf ttytype extern char ttytype[]; #endif int resettermname = 1; static const char * gettermname(void) { char *tname; static const char **tnamep = 0; static const char **next; int err; if (resettermname) { resettermname = 0; if (tnamep && tnamep != unknown) free(tnamep); if ((tname = env_getvalue("TERM")) && (setupterm(tname, 1, &err) == 0)) { tnamep = mklist(termbuf, tname); } else { if (tname && (strlen(tname) <= 40)) { unknown[0] = tname; upcase(tname); } else unknown[0] = name_unknown; tnamep = unknown; } next = tnamep; } if (*next == 0) next = tnamep; return(*next++); } /* * suboption() * * Look at the sub-option buffer, and try to be helpful to the other * side. * * Currently we recognize: * * Terminal type, send request. * Terminal speed (send request). * Local flow control (is request). * Linemode */ static void suboption(void) { unsigned char subchar; printsub('<', subbuffer, SB_LEN()+2); switch (subchar = SB_GET()) { case TELOPT_TTYPE: if (my_want_state_is_wont(TELOPT_TTYPE)) return; if (SB_EOF() || SB_GET() != TELQUAL_SEND) { return; } else { const char *name; unsigned char temp[50]; int len; name = gettermname(); len = strlen(name) + 4 + 2; if (len < NETROOM()) { snprintf(temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE, TELQUAL_IS, name, IAC, SE); ring_supply_data(&netoring, temp, len); printsub('>', &temp[2], len-2); } else { ExitString("No room in buffer for terminal type.\n", 1); /*NOTREACHED*/ } } break; case TELOPT_TSPEED: if (my_want_state_is_wont(TELOPT_TSPEED)) return; if (SB_EOF()) return; if (SB_GET() == TELQUAL_SEND) { long ospeed, ispeed; unsigned char temp[50]; int len; TerminalSpeeds(&ispeed, &ospeed); snprintf((char *)temp, sizeof(temp), "%c%c%c%c%ld,%ld%c%c", IAC, SB, TELOPT_TSPEED, TELQUAL_IS, ospeed, ispeed, IAC, SE); len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */ if (len < NETROOM()) { ring_supply_data(&netoring, temp, len); printsub('>', temp+2, len - 2); } /*@*/ else printf("lm_will: not enough room in buffer\n"); } break; case TELOPT_LFLOW: if (my_want_state_is_wont(TELOPT_LFLOW)) return; if (SB_EOF()) return; switch(SB_GET()) { case LFLOW_RESTART_ANY: restartany = 1; break; case LFLOW_RESTART_XON: restartany = 0; break; case LFLOW_ON: localflow = 1; break; case LFLOW_OFF: localflow = 0; break; default: return; } setcommandmode(); setconnmode(0); break; case TELOPT_LINEMODE: if (my_want_state_is_wont(TELOPT_LINEMODE)) return; if (SB_EOF()) return; switch (SB_GET()) { case WILL: lm_will(subpointer, SB_LEN()); break; case WONT: lm_wont(subpointer, SB_LEN()); break; case DO: lm_do(subpointer, SB_LEN()); break; case DONT: lm_dont(subpointer, SB_LEN()); break; case LM_SLC: slc(subpointer, SB_LEN()); break; case LM_MODE: lm_mode(subpointer, SB_LEN(), 0); break; default: break; } break; #ifdef OLD_ENVIRON case TELOPT_OLD_ENVIRON: #endif case TELOPT_NEW_ENVIRON: if (SB_EOF()) return; switch(SB_PEEK()) { case TELQUAL_IS: case TELQUAL_INFO: if (my_want_state_is_dont(subchar)) return; break; case TELQUAL_SEND: if (my_want_state_is_wont(subchar)) { return; } break; default: return; } env_opt(subpointer, SB_LEN()); break; case TELOPT_XDISPLOC: if (my_want_state_is_wont(TELOPT_XDISPLOC)) return; if (SB_EOF()) return; if (SB_GET() == TELQUAL_SEND) { unsigned char temp[50], *dp; int len; if ((dp = env_getvalue("DISPLAY")) == NULL || strlen(dp) > sizeof(temp) - 7) { /* * Something happened, we no longer have a DISPLAY * variable. Or it is too long. So, turn off the option. */ send_wont(TELOPT_XDISPLOC, 1); break; } snprintf(temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC, TELQUAL_IS, dp, IAC, SE); len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */ if (len < NETROOM()) { ring_supply_data(&netoring, temp, len); printsub('>', temp+2, len - 2); } /*@*/ else printf("lm_will: not enough room in buffer\n"); } break; #ifdef AUTHENTICATION case TELOPT_AUTHENTICATION: { if (!autologin) break; if (SB_EOF()) return; switch(SB_GET()) { case TELQUAL_IS: if (my_want_state_is_dont(TELOPT_AUTHENTICATION)) return; auth_is(subpointer, SB_LEN()); break; case TELQUAL_SEND: if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) return; auth_send(subpointer, SB_LEN()); break; case TELQUAL_REPLY: if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) return; auth_reply(subpointer, SB_LEN()); break; case TELQUAL_NAME: if (my_want_state_is_dont(TELOPT_AUTHENTICATION)) return; auth_name(subpointer, SB_LEN()); break; } } break; #endif #ifdef ENCRYPTION case TELOPT_ENCRYPT: if (SB_EOF()) return; switch(SB_GET()) { case ENCRYPT_START: if (my_want_state_is_dont(TELOPT_ENCRYPT)) return; encrypt_start(subpointer, SB_LEN()); break; case ENCRYPT_END: if (my_want_state_is_dont(TELOPT_ENCRYPT)) return; encrypt_end(); break; case ENCRYPT_SUPPORT: if (my_want_state_is_wont(TELOPT_ENCRYPT)) return; encrypt_support(subpointer, SB_LEN()); break; case ENCRYPT_REQSTART: if (my_want_state_is_wont(TELOPT_ENCRYPT)) return; encrypt_request_start(subpointer, SB_LEN()); break; case ENCRYPT_REQEND: if (my_want_state_is_wont(TELOPT_ENCRYPT)) return; /* * We can always send an REQEND so that we cannot * get stuck encrypting. We should only get this * if we have been able to get in the correct mode * anyhow. */ encrypt_request_end(); break; case ENCRYPT_IS: if (my_want_state_is_dont(TELOPT_ENCRYPT)) return; encrypt_is(subpointer, SB_LEN()); break; case ENCRYPT_REPLY: if (my_want_state_is_wont(TELOPT_ENCRYPT)) return; encrypt_reply(subpointer, SB_LEN()); break; case ENCRYPT_ENC_KEYID: if (my_want_state_is_dont(TELOPT_ENCRYPT)) return; encrypt_enc_keyid(subpointer, SB_LEN()); break; case ENCRYPT_DEC_KEYID: if (my_want_state_is_wont(TELOPT_ENCRYPT)) return; encrypt_dec_keyid(subpointer, SB_LEN()); break; default: break; } break; #endif /* ENCRYPTION */ default: break; } } static unsigned char str_lm[] = { IAC, SB, TELOPT_LINEMODE, 0, 0, IAC, SE }; void lm_will(unsigned char *cmd, int len) { if (len < 1) { /*@*/ printf("lm_will: no command!!!\n"); /* Should not happen... */ return; } switch(cmd[0]) { case LM_FORWARDMASK: /* We shouldn't ever get this... */ default: str_lm[3] = DONT; str_lm[4] = cmd[0]; if (NETROOM() > (int)sizeof(str_lm)) { ring_supply_data(&netoring, str_lm, sizeof(str_lm)); printsub('>', &str_lm[2], sizeof(str_lm)-2); } /*@*/ else printf("lm_will: not enough room in buffer\n"); break; } } void lm_wont(unsigned char *cmd, int len) { if (len < 1) { /*@*/ printf("lm_wont: no command!!!\n"); /* Should not happen... */ return; } switch(cmd[0]) { case LM_FORWARDMASK: /* We shouldn't ever get this... */ default: /* We are always DONT, so don't respond */ return; } } void lm_do(unsigned char *cmd, int len) { if (len < 1) { /*@*/ printf("lm_do: no command!!!\n"); /* Should not happen... */ return; } switch(cmd[0]) { case LM_FORWARDMASK: default: str_lm[3] = WONT; str_lm[4] = cmd[0]; if (NETROOM() > (int)sizeof(str_lm)) { ring_supply_data(&netoring, str_lm, sizeof(str_lm)); printsub('>', &str_lm[2], sizeof(str_lm)-2); } /*@*/ else printf("lm_do: not enough room in buffer\n"); break; } } void lm_dont(unsigned char *cmd, int len) { if (len < 1) { /*@*/ printf("lm_dont: no command!!!\n"); /* Should not happen... */ return; } switch(cmd[0]) { case LM_FORWARDMASK: default: /* we are always WONT, so don't respond */ break; } } static unsigned char str_lm_mode[] = { IAC, SB, TELOPT_LINEMODE, LM_MODE, 0, IAC, SE }; void lm_mode(unsigned char *cmd, int len, int init) { if (len != 1) return; if ((linemode&MODE_MASK&~MODE_ACK) == *cmd) return; if (*cmd&MODE_ACK) return; linemode = *cmd&(MODE_MASK&~MODE_ACK); str_lm_mode[4] = linemode; if (!init) str_lm_mode[4] |= MODE_ACK; if (NETROOM() > (int)sizeof(str_lm_mode)) { ring_supply_data(&netoring, str_lm_mode, sizeof(str_lm_mode)); printsub('>', &str_lm_mode[2], sizeof(str_lm_mode)-2); } /*@*/ else printf("lm_mode: not enough room in buffer\n"); setconnmode(0); /* set changed mode */ } /* * slc() * Handle special character suboption of LINEMODE. */ struct spc { cc_t val; cc_t *valp; char flags; /* Current flags & level */ char mylevel; /* Maximum level & flags */ } spc_data[NSLC+1]; #define SLC_IMPORT 0 #define SLC_EXPORT 1 #define SLC_RVALUE 2 static int slc_mode = SLC_EXPORT; void slc_init(void) { struct spc *spcp; localchars = 1; for (spcp = spc_data; spcp < &spc_data[NSLC+1]; spcp++) { spcp->val = 0; spcp->valp = 0; spcp->flags = spcp->mylevel = SLC_NOSUPPORT; } #define initfunc(func, flags) { \ spcp = &spc_data[func]; \ if ((spcp->valp = tcval(func))) { \ spcp->val = *spcp->valp; \ spcp->mylevel = SLC_VARIABLE|flags; \ } else { \ spcp->val = 0; \ spcp->mylevel = SLC_DEFAULT; \ } \ } initfunc(SLC_SYNCH, 0); /* No BRK */ initfunc(SLC_AO, 0); initfunc(SLC_AYT, 0); /* No EOR */ initfunc(SLC_ABORT, SLC_FLUSHIN|SLC_FLUSHOUT); initfunc(SLC_EOF, 0); #ifndef SYSV_TERMIO initfunc(SLC_SUSP, SLC_FLUSHIN); #endif initfunc(SLC_EC, 0); initfunc(SLC_EL, 0); #ifndef SYSV_TERMIO initfunc(SLC_EW, 0); initfunc(SLC_RP, 0); initfunc(SLC_LNEXT, 0); #endif initfunc(SLC_XON, 0); initfunc(SLC_XOFF, 0); #ifdef SYSV_TERMIO spc_data[SLC_XON].mylevel = SLC_CANTCHANGE; spc_data[SLC_XOFF].mylevel = SLC_CANTCHANGE; #endif initfunc(SLC_FORW1, 0); #ifdef USE_TERMIO initfunc(SLC_FORW2, 0); /* No FORW2 */ #endif initfunc(SLC_IP, SLC_FLUSHIN|SLC_FLUSHOUT); #undef initfunc if (slc_mode == SLC_EXPORT) slc_export(); else slc_import(1); } void slcstate(void) { printf("Special characters are %s values\n", slc_mode == SLC_IMPORT ? "remote default" : slc_mode == SLC_EXPORT ? "local" : "remote"); } void slc_mode_export(void) { slc_mode = SLC_EXPORT; if (my_state_is_will(TELOPT_LINEMODE)) slc_export(); } void slc_mode_import(int def) { slc_mode = def ? SLC_IMPORT : SLC_RVALUE; if (my_state_is_will(TELOPT_LINEMODE)) slc_import(def); } unsigned char slc_import_val[] = { IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_VARIABLE, 0, IAC, SE }; unsigned char slc_import_def[] = { IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_DEFAULT, 0, IAC, SE }; void slc_import(int def) { if (NETROOM() > (int)sizeof(slc_import_val)) { if (def) { ring_supply_data(&netoring, slc_import_def, sizeof(slc_import_def)); printsub('>', &slc_import_def[2], sizeof(slc_import_def)-2); } else { ring_supply_data(&netoring, slc_import_val, sizeof(slc_import_val)); printsub('>', &slc_import_val[2], sizeof(slc_import_val)-2); } } /*@*/ else printf("slc_import: not enough room\n"); } void slc_export(void) { struct spc *spcp; TerminalDefaultChars(); slc_start_reply(); for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) { if (spcp->mylevel != SLC_NOSUPPORT) { if (spcp->val == (cc_t)(_POSIX_VDISABLE)) spcp->flags = SLC_NOSUPPORT; else spcp->flags = spcp->mylevel; if (spcp->valp) spcp->val = *spcp->valp; slc_add_reply(spcp - spc_data, spcp->flags, spcp->val); } } slc_end_reply(); (void)slc_update(); setconnmode(1); /* Make sure the character values are set */ } void slc(unsigned char *cp, int len) { struct spc *spcp; int func,level; slc_start_reply(); for (; len >= 3; len -=3, cp +=3) { func = cp[SLC_FUNC]; if (func == 0) { /* * Client side: always ignore 0 function. */ continue; } if (func > NSLC) { if ((cp[SLC_FLAGS] & SLC_LEVELBITS) != SLC_NOSUPPORT) slc_add_reply(func, SLC_NOSUPPORT, 0); continue; } spcp = &spc_data[func]; level = cp[SLC_FLAGS]&(SLC_LEVELBITS|SLC_ACK); if ((cp[SLC_VALUE] == (unsigned char)spcp->val) && ((level&SLC_LEVELBITS) == (spcp->flags&SLC_LEVELBITS))) { continue; } if (level == (SLC_DEFAULT|SLC_ACK)) { /* * This is an error condition, the SLC_ACK * bit should never be set for the SLC_DEFAULT * level. Our best guess to recover is to * ignore the SLC_ACK bit. */ cp[SLC_FLAGS] &= ~SLC_ACK; } if (level == ((spcp->flags&SLC_LEVELBITS)|SLC_ACK)) { spcp->val = (cc_t)cp[SLC_VALUE]; spcp->flags = cp[SLC_FLAGS]; /* include SLC_ACK */ continue; } level &= ~SLC_ACK; if (level <= (spcp->mylevel&SLC_LEVELBITS)) { spcp->flags = cp[SLC_FLAGS]|SLC_ACK; spcp->val = (cc_t)cp[SLC_VALUE]; } if (level == SLC_DEFAULT) { if ((spcp->mylevel&SLC_LEVELBITS) != SLC_DEFAULT) spcp->flags = spcp->mylevel; else spcp->flags = SLC_NOSUPPORT; } slc_add_reply(func, spcp->flags, spcp->val); } slc_end_reply(); if (slc_update()) setconnmode(1); /* set the new character values */ } void slc_check(void) { struct spc *spcp; slc_start_reply(); for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) { if (spcp->valp && spcp->val != *spcp->valp) { spcp->val = *spcp->valp; if (spcp->val == (cc_t)(_POSIX_VDISABLE)) spcp->flags = SLC_NOSUPPORT; else spcp->flags = spcp->mylevel; slc_add_reply(spcp - spc_data, spcp->flags, spcp->val); } } slc_end_reply(); setconnmode(1); } unsigned char slc_reply[128]; unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)]; unsigned char *slc_replyp; void slc_start_reply(void) { slc_replyp = slc_reply; *slc_replyp++ = IAC; *slc_replyp++ = SB; *slc_replyp++ = TELOPT_LINEMODE; *slc_replyp++ = LM_SLC; } void slc_add_reply(unsigned char func, unsigned char flags, cc_t value) { /* A sequence of up to 6 bytes my be written for this member of the SLC * suboption list by this function. The end of negotiation command, * which is written by slc_end_reply(), will require 2 additional * bytes. Do not proceed unless there is sufficient space for these * items. */ if (&slc_replyp[6+2] > slc_reply_eom) return; if ((*slc_replyp++ = func) == IAC) *slc_replyp++ = IAC; if ((*slc_replyp++ = flags) == IAC) *slc_replyp++ = IAC; if ((*slc_replyp++ = (unsigned char)value) == IAC) *slc_replyp++ = IAC; } void slc_end_reply(void) { int len; /* The end of negotiation command requires 2 bytes. */ if (&slc_replyp[2] > slc_reply_eom) return; *slc_replyp++ = IAC; *slc_replyp++ = SE; len = slc_replyp - slc_reply; if (len <= 6) return; if (NETROOM() > len) { ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply); printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2); } /*@*/else printf("slc_end_reply: not enough room\n"); } int slc_update(void) { struct spc *spcp; int need_update = 0; for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) { if (!(spcp->flags&SLC_ACK)) continue; spcp->flags &= ~SLC_ACK; if (spcp->valp && (*spcp->valp != spcp->val)) { *spcp->valp = spcp->val; need_update = 1; } } return(need_update); } #ifdef OLD_ENVIRON # ifdef ENV_HACK /* * Earlier version of telnet/telnetd from the BSD code had * the definitions of VALUE and VAR reversed. To ensure * maximum interoperability, we assume that the server is * an older BSD server, until proven otherwise. The newer * BSD servers should be able to handle either definition, * so it is better to use the wrong values if we don't * know what type of server it is. */ int env_auto = 1; int old_env_var = OLD_ENV_VAR; int old_env_value = OLD_ENV_VALUE; # else # define old_env_var OLD_ENV_VAR # define old_env_value OLD_ENV_VALUE # endif #endif void env_opt(unsigned char *buf, int len) { unsigned char *ep = 0, *epc = 0; int i; switch(buf[0]&0xff) { case TELQUAL_SEND: env_opt_start(); if (len == 1) { env_opt_add(NULL); } else for (i = 1; i < len; i++) { switch (buf[i]&0xff) { #ifdef OLD_ENVIRON case OLD_ENV_VAR: # ifdef ENV_HACK if (telopt_environ == TELOPT_OLD_ENVIRON && env_auto) { /* Server has the same definitions */ old_env_var = OLD_ENV_VAR; old_env_value = OLD_ENV_VALUE; } /* FALLTHROUGH */ # endif case OLD_ENV_VALUE: /* * Although OLD_ENV_VALUE is not legal, we will * still recognize it, just in case it is an * old server that has VAR & VALUE mixed up... */ /* FALLTHROUGH */ #else case NEW_ENV_VAR: #endif case ENV_USERVAR: if (ep) { *epc = 0; env_opt_add(ep); } ep = epc = &buf[i+1]; break; case ENV_ESC: i++; /*FALLTHROUGH*/ default: if (epc) *epc++ = buf[i]; break; } } if (ep) { *epc = 0; env_opt_add(ep); } env_opt_end(1); break; case TELQUAL_IS: case TELQUAL_INFO: /* Ignore for now. We shouldn't get it anyway. */ break; default: break; } } #define OPT_REPLY_SIZE (2 * SUBBUFSIZE) unsigned char *opt_reply = NULL; unsigned char *opt_replyp; unsigned char *opt_replyend; void env_opt_start(void) { if (opt_reply) opt_reply = (unsigned char *)realloc(opt_reply, OPT_REPLY_SIZE); else opt_reply = (unsigned char *)malloc(OPT_REPLY_SIZE); if (opt_reply == NULL) { /*@*/ printf("env_opt_start: malloc()/realloc() failed!!!\n"); opt_reply = opt_replyp = opt_replyend = NULL; return; } opt_replyp = opt_reply; opt_replyend = opt_reply + OPT_REPLY_SIZE; *opt_replyp++ = IAC; *opt_replyp++ = SB; *opt_replyp++ = telopt_environ; *opt_replyp++ = TELQUAL_IS; } void env_opt_start_info(void) { env_opt_start(); if (opt_replyp) opt_replyp[-1] = TELQUAL_INFO; } void env_opt_add(unsigned char *ep) { unsigned char *vp, c; if (opt_reply == NULL) /*XXX*/ return; /*XXX*/ if (ep == NULL || *ep == '\0') { /* Send user defined variables first. */ env_default(1, 0); while ((ep = env_default(0, 0))) env_opt_add(ep); /* Now add the list of well know variables. */ env_default(1, 1); while ((ep = env_default(0, 1))) env_opt_add(ep); return; } vp = env_getvalue(ep); if (opt_replyp + (vp ? 2 * strlen((char *)vp) : 0) + 2 * strlen((char *)ep) + 6 > opt_replyend) { int len; opt_replyend += OPT_REPLY_SIZE; len = opt_replyend - opt_reply; opt_reply = (unsigned char *)realloc(opt_reply, len); if (opt_reply == NULL) { /*@*/ printf("env_opt_add: realloc() failed!!!\n"); opt_reply = opt_replyp = opt_replyend = NULL; return; } opt_replyp = opt_reply + len - (opt_replyend - opt_replyp); opt_replyend = opt_reply + len; } if (opt_welldefined(ep)) #ifdef OLD_ENVIRON if (telopt_environ == TELOPT_OLD_ENVIRON) *opt_replyp++ = old_env_var; else #endif *opt_replyp++ = NEW_ENV_VAR; else *opt_replyp++ = ENV_USERVAR; for (;;) { while ((c = *ep++)) { if (opt_replyp + (2 + 2) > opt_replyend) return; switch(c&0xff) { case IAC: *opt_replyp++ = IAC; break; case NEW_ENV_VAR: case NEW_ENV_VALUE: case ENV_ESC: case ENV_USERVAR: *opt_replyp++ = ENV_ESC; break; } *opt_replyp++ = c; } if ((ep = vp)) { if (opt_replyp + (1 + 2 + 2) > opt_replyend) return; #ifdef OLD_ENVIRON if (telopt_environ == TELOPT_OLD_ENVIRON) *opt_replyp++ = old_env_value; else #endif *opt_replyp++ = NEW_ENV_VALUE; vp = NULL; } else break; } } int opt_welldefined(const char *ep) { if ((strcmp(ep, "USER") == 0) || (strcmp(ep, "DISPLAY") == 0) || (strcmp(ep, "PRINTER") == 0) || (strcmp(ep, "SYSTEMTYPE") == 0) || (strcmp(ep, "JOB") == 0) || (strcmp(ep, "ACCT") == 0)) return(1); return(0); } void env_opt_end(int emptyok) { int len; if (opt_replyp + 2 > opt_replyend) return; len = opt_replyp + 2 - opt_reply; if (emptyok || len > 6) { *opt_replyp++ = IAC; *opt_replyp++ = SE; if (NETROOM() > len) { ring_supply_data(&netoring, opt_reply, len); printsub('>', &opt_reply[2], len - 2); } /*@*/ else printf("slc_end_reply: not enough room\n"); } if (opt_reply) { free(opt_reply); opt_reply = opt_replyp = opt_replyend = NULL; } } int telrcv(void) { int c; int scc; unsigned char *sbp; int count; int returnValue = 0; scc = 0; count = 0; while (TTYROOM() > 2) { if (scc == 0) { if (count) { ring_consumed(&netiring, count); returnValue = 1; count = 0; } sbp = netiring.consume; scc = ring_full_consecutive(&netiring); if (scc == 0) { /* No more data coming in */ break; } } c = *sbp++ & 0xff, scc--; count++; #ifdef ENCRYPTION if (decrypt_input) c = (*decrypt_input)(c); #endif /* ENCRYPTION */ switch (telrcv_state) { case TS_CR: telrcv_state = TS_DATA; if (c == '\0') { break; /* Ignore \0 after CR */ } else if ((c == '\n') && my_want_state_is_dont(TELOPT_ECHO) && !crmod) { TTYADD(c); break; } /* FALLTHROUGH */ case TS_DATA: if (c == IAC && telnetport >= 0) { telrcv_state = TS_IAC; break; } /* * The 'crmod' hack (see following) is needed * since we can't * set CRMOD on output only. * Machines like MULTICS like to send \r without * \n; since we must turn off CRMOD to get proper * input, the mapping is done here (sigh). */ if ((c == '\r') && my_want_state_is_dont(TELOPT_BINARY)) { if (scc > 0) { c = *sbp&0xff; #ifdef ENCRYPTION if (decrypt_input) c = (*decrypt_input)(c); #endif /* ENCRYPTION */ if (c == 0) { sbp++, scc--; count++; /* a "true" CR */ TTYADD('\r'); } else if (my_want_state_is_dont(TELOPT_ECHO) && (c == '\n')) { sbp++, scc--; count++; TTYADD('\n'); } else { #ifdef ENCRYPTION if (decrypt_input) (*decrypt_input)(-1); #endif /* ENCRYPTION */ TTYADD('\r'); if (crmod) { TTYADD('\n'); } } } else { telrcv_state = TS_CR; TTYADD('\r'); if (crmod) { TTYADD('\n'); } } } else { TTYADD(c); } continue; case TS_IAC: process_iac: switch (c) { case WILL: telrcv_state = TS_WILL; continue; case WONT: telrcv_state = TS_WONT; continue; case DO: telrcv_state = TS_DO; continue; case DONT: telrcv_state = TS_DONT; continue; case DM: /* * We may have missed an urgent notification, * so make sure we flush whatever is in the * buffer currently. */ printoption("RCVD", IAC, DM); SYNCHing = 1; (void) ttyflush(1); SYNCHing = stilloob(); settimer(gotDM); break; case SB: SB_CLEAR(); telrcv_state = TS_SB; continue; case IAC: TTYADD(IAC); break; case NOP: case GA: default: printoption("RCVD", IAC, c); break; } telrcv_state = TS_DATA; continue; case TS_WILL: printoption("RCVD", WILL, c); willoption(c); telrcv_state = TS_DATA; continue; case TS_WONT: printoption("RCVD", WONT, c); wontoption(c); telrcv_state = TS_DATA; continue; case TS_DO: printoption("RCVD", DO, c); dooption(c); if (c == TELOPT_NAWS) { sendnaws(); } else if (c == TELOPT_LFLOW) { localflow = 1; setcommandmode(); setconnmode(0); } telrcv_state = TS_DATA; continue; case TS_DONT: printoption("RCVD", DONT, c); dontoption(c); flushline = 1; setconnmode(0); /* set new tty mode (maybe) */ telrcv_state = TS_DATA; continue; case TS_SB: if (c == IAC) { telrcv_state = TS_SE; } else { SB_ACCUM(c); } continue; case TS_SE: if (c != SE) { if (c != IAC) { /* * This is an error. We only expect to get * "IAC IAC" or "IAC SE". Several things may * have happend. An IAC was not doubled, the * IAC SE was left off, or another option got * inserted into the suboption are all possibilities. * If we assume that the IAC was not doubled, * and really the IAC SE was left off, we could * get into an infinate loop here. So, instead, * we terminate the suboption, and process the * partial suboption if we can. */ SB_ACCUM(IAC); SB_ACCUM(c); subpointer -= 2; SB_TERM(); printoption("In SUBOPTION processing, RCVD", IAC, c); suboption(); /* handle sub-option */ telrcv_state = TS_IAC; goto process_iac; } SB_ACCUM(c); telrcv_state = TS_SB; } else { SB_ACCUM(IAC); SB_ACCUM(SE); subpointer -= 2; SB_TERM(); suboption(); /* handle sub-option */ telrcv_state = TS_DATA; } } } if (count) ring_consumed(&netiring, count); return returnValue||count; } static int bol = 1, local = 0; int rlogin_susp(void) { if (local) { local = 0; bol = 1; command(0, "z\n", 2); return(1); } return(0); } static int telsnd(void) { int tcc; int count; int returnValue = 0; unsigned char *tbp; tcc = 0; count = 0; while (NETROOM() > 2) { int sc; int c; if (tcc == 0) { if (count) { ring_consumed(&ttyiring, count); returnValue = 1; count = 0; } tbp = ttyiring.consume; tcc = ring_full_consecutive(&ttyiring); if (tcc == 0) { break; } } c = *tbp++ & 0xff, sc = strip(c), tcc--; count++; if (rlogin != _POSIX_VDISABLE) { if (bol) { bol = 0; if (sc == rlogin) { local = 1; continue; } } else if (local) { local = 0; if (sc == '.' || c == termEofChar) { bol = 1; command(0, "close\n", 6); continue; } if (sc == termSuspChar) { bol = 1; command(0, "z\n", 2); continue; } if (sc == escape) { command(0, tbp, tcc); bol = 1; count += tcc; tcc = 0; flushline = 1; break; } if (sc != rlogin) { ++tcc; --tbp; --count; c = sc = rlogin; } } if ((sc == '\n') || (sc == '\r')) bol = 1; } else if (escape != _POSIX_VDISABLE && sc == escape) { /* * Double escape is a pass through of a single escape character. */ if (tcc && strip(*tbp) == escape) { tbp++; tcc--; count++; bol = 0; } else { command(0, (char *)tbp, tcc); bol = 1; count += tcc; tcc = 0; flushline = 1; break; } } else bol = 0; #ifdef KLUDGELINEMODE if (kludgelinemode && (globalmode&MODE_EDIT) && (sc == echoc)) { if (tcc > 0 && strip(*tbp) == echoc) { tcc--; tbp++; count++; } else { dontlecho = !dontlecho; settimer(echotoggle); setconnmode(0); flushline = 1; break; } } #endif if (MODE_LOCAL_CHARS(globalmode)) { if (TerminalSpecialChars(sc) == 0) { bol = 1; break; } } if (my_want_state_is_wont(TELOPT_BINARY)) { switch (c) { case '\n': /* * If we are in CRMOD mode (\r ==> \n) * on our local machine, then probably * a newline (unix) is CRLF (TELNET). */ if (MODE_LOCAL_CHARS(globalmode)) { NETADD('\r'); } NETADD('\n'); bol = flushline = 1; break; case '\r': if (!crlf) { NET2ADD('\r', '\0'); } else { NET2ADD('\r', '\n'); } bol = flushline = 1; break; case IAC: NET2ADD(IAC, IAC); break; default: NETADD(c); break; } } else if (c == IAC) { NET2ADD(IAC, IAC); } else { NETADD(c); } } if (count) ring_consumed(&ttyiring, count); return returnValue||count; /* Non-zero if we did anything */ } /* * Scheduler() * * Try to do something. * * If we do something useful, return 1; else return 0. * */ static int Scheduler(int block) { /* One wants to be a bit careful about setting returnValue * to one, since a one implies we did some useful work, * and therefore probably won't be called to block next */ int returnValue; int netin, netout, netex, ttyin, ttyout; /* Decide which rings should be processed */ netout = ring_full_count(&netoring) && (flushline || (my_want_state_is_wont(TELOPT_LINEMODE) #ifdef KLUDGELINEMODE && (!kludgelinemode || my_want_state_is_do(TELOPT_SGA)) #endif ) || my_want_state_is_will(TELOPT_BINARY)); ttyout = ring_full_count(&ttyoring); ttyin = ring_empty_count(&ttyiring) && (clienteof == 0); netin = !ISend && ring_empty_count(&netiring); netex = !SYNCHing; /* Call to system code to process rings */ returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block); /* Now, look at the input rings, looking for work to do. */ if (ring_full_count(&ttyiring)) { returnValue |= telsnd(); } if (ring_full_count(&netiring)) { returnValue |= telrcv(); } return returnValue; } #ifdef AUTHENTICATION #define __unusedhere #else #define __unusedhere __unused #endif /* * Select from tty and network... */ void telnet(char *user __unusedhere) { sys_telnet_init(); #ifdef AUTHENTICATION #ifdef ENCRYPTION { static char local_host[256] = { 0 }; if (!local_host[0]) { gethostname(local_host, sizeof(local_host)); local_host[sizeof(local_host)-1] = 0; } auth_encrypt_init(local_host, hostname, "TELNET", 0); auth_encrypt_user(user); } #endif #endif if (telnetport > 0) { #ifdef AUTHENTICATION if (autologin) send_will(TELOPT_AUTHENTICATION, 1); #endif #ifdef ENCRYPTION send_do(TELOPT_ENCRYPT, 1); send_will(TELOPT_ENCRYPT, 1); #endif /* ENCRYPTION */ send_do(TELOPT_SGA, 1); send_will(TELOPT_TTYPE, 1); send_will(TELOPT_NAWS, 1); send_will(TELOPT_TSPEED, 1); send_will(TELOPT_LFLOW, 1); send_will(TELOPT_LINEMODE, 1); send_will(TELOPT_NEW_ENVIRON, 1); send_do(TELOPT_STATUS, 1); if (env_getvalue("DISPLAY")) send_will(TELOPT_XDISPLOC, 1); if (eight) tel_enter_binary(eight); } for (;;) { int schedValue; while ((schedValue = Scheduler(0)) != 0) { if (schedValue == -1) { setcommandmode(); return; } } if (Scheduler(1) == -1) { setcommandmode(); return; } } } #if 0 /* XXX - this not being in is a bug */ /* * nextitem() * * Return the address of the next "item" in the TELNET data * stream. This will be the address of the next character if * the current address is a user data character, or it will * be the address of the character following the TELNET command * if the current address is a TELNET IAC ("I Am a Command") * character. */ static char * nextitem(char *current) { if ((*current&0xff) != IAC) { return current+1; } switch (*(current+1)&0xff) { case DO: case DONT: case WILL: case WONT: return current+3; case SB: /* loop forever looking for the SE */ { char *look = current+2; for (;;) { if ((*look++&0xff) == IAC) { if ((*look++&0xff) == SE) { return look; } } } } default: return current+2; } } #endif /* 0 */ /* * netclear() * * We are about to do a TELNET SYNCH operation. Clear * the path to the network. * * Things are a bit tricky since we may have sent the first * byte or so of a previous TELNET command into the network. * So, we have to scan the network buffer from the beginning * until we are up to where we want to be. * * A side effect of what we do, just to keep things * simple, is to clear the urgent data pointer. The principal * caller should be setting the urgent data pointer AFTER calling * us in any case. */ static void netclear(void) { /* Deleted */ } /* * These routines add various telnet commands to the data stream. */ static void doflush(void) { NET2ADD(IAC, DO); NETADD(TELOPT_TM); flushline = 1; flushout = 1; (void) ttyflush(1); /* Flush/drop output */ /* do printoption AFTER flush, otherwise the output gets tossed... */ printoption("SENT", DO, TELOPT_TM); } void xmitAO(void) { NET2ADD(IAC, AO); printoption("SENT", IAC, AO); if (autoflush) { doflush(); } } void xmitEL(void) { NET2ADD(IAC, EL); printoption("SENT", IAC, EL); } void xmitEC(void) { NET2ADD(IAC, EC); printoption("SENT", IAC, EC); } int dosynch(char *ch __unused) { netclear(); /* clear the path to the network */ NETADD(IAC); setneturg(); NETADD(DM); printoption("SENT", IAC, DM); return 1; } int want_status_response = 0; int get_status(char *ch __unused) { unsigned char tmp[16]; unsigned char *cp; if (my_want_state_is_dont(TELOPT_STATUS)) { printf("Remote side does not support STATUS option\n"); return 0; } cp = tmp; *cp++ = IAC; *cp++ = SB; *cp++ = TELOPT_STATUS; *cp++ = TELQUAL_SEND; *cp++ = IAC; *cp++ = SE; if (NETROOM() >= cp - tmp) { ring_supply_data(&netoring, tmp, cp-tmp); printsub('>', tmp+2, cp - tmp - 2); } ++want_status_response; return 1; } void intp(void) { NET2ADD(IAC, IP); printoption("SENT", IAC, IP); flushline = 1; if (autoflush) { doflush(); } if (autosynch) { dosynch(NULL); } } void sendbrk(void) { NET2ADD(IAC, BREAK); printoption("SENT", IAC, BREAK); flushline = 1; if (autoflush) { doflush(); } if (autosynch) { dosynch(NULL); } } void sendabort(void) { NET2ADD(IAC, ABORT); printoption("SENT", IAC, ABORT); flushline = 1; if (autoflush) { doflush(); } if (autosynch) { dosynch(NULL); } } void sendsusp(void) { NET2ADD(IAC, SUSP); printoption("SENT", IAC, SUSP); flushline = 1; if (autoflush) { doflush(); } if (autosynch) { dosynch(NULL); } } void sendeof(void) { NET2ADD(IAC, xEOF); printoption("SENT", IAC, xEOF); } void sendayt(void) { NET2ADD(IAC, AYT); printoption("SENT", IAC, AYT); } /* * Send a window size update to the remote system. */ void sendnaws(void) { long rows, cols; unsigned char tmp[16]; unsigned char *cp; if (my_state_is_wont(TELOPT_NAWS)) return; #define PUTSHORT(cp, x) { if ((*cp++ = ((x)>>8)&0xff) == IAC) *cp++ = IAC; \ if ((*cp++ = ((x))&0xff) == IAC) *cp++ = IAC; } if (TerminalWindowSize(&rows, &cols) == 0) { /* Failed */ return; } cp = tmp; *cp++ = IAC; *cp++ = SB; *cp++ = TELOPT_NAWS; PUTSHORT(cp, cols); PUTSHORT(cp, rows); *cp++ = IAC; *cp++ = SE; if (NETROOM() >= cp - tmp) { ring_supply_data(&netoring, tmp, cp-tmp); printsub('>', tmp+2, cp - tmp - 2); } } void tel_enter_binary(int rw) { if (rw&1) send_do(TELOPT_BINARY, 1); if (rw&2) send_will(TELOPT_BINARY, 1); } void tel_leave_binary(int rw) { if (rw&1) send_dont(TELOPT_BINARY, 1); if (rw&2) send_wont(TELOPT_BINARY, 1); } diff --git a/contrib/telnet/telnet/terminal.c b/contrib/telnet/telnet/terminal.c index b42f861c6f30..dccfab410998 100644 --- a/contrib/telnet/telnet/terminal.c +++ b/contrib/telnet/telnet/terminal.c @@ -1,250 +1,248 @@ /* * Copyright (c) 1988, 1990, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if 0 #ifndef lint static const char sccsid[] = "@(#)terminal.c 8.2 (Berkeley) 2/16/95"; #endif #endif -#include -__FBSDID("$FreeBSD$"); #include #include #include #include "ring.h" #include "externs.h" #include "types.h" #ifdef ENCRYPTION #include #endif Ring ttyoring, ttyiring; unsigned char ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ]; int termdata; /* Debugging flag */ #ifdef USE_TERMIO # ifndef VDISCARD cc_t termFlushChar; # endif # ifndef VLNEXT cc_t termLiteralNextChar; # endif # ifndef VSUSP cc_t termSuspChar; # endif # ifndef VWERASE cc_t termWerasChar; # endif # ifndef VREPRINT cc_t termRprntChar; # endif # ifndef VSTART cc_t termStartChar; # endif # ifndef VSTOP cc_t termStopChar; # endif # ifndef VEOL cc_t termForw1Char; # endif # ifndef VEOL2 cc_t termForw2Char; # endif # ifndef VSTATUS cc_t termAytChar; # endif #else cc_t termForw2Char; cc_t termAytChar; #endif /* * initialize the terminal data structures. */ void init_terminal(void) { if (ring_init(&ttyoring, ttyobuf, sizeof ttyobuf) != 1) { exit(1); } if (ring_init(&ttyiring, ttyibuf, sizeof ttyibuf) != 1) { exit(1); } autoflush = TerminalAutoFlush(); } /* * Send as much data as possible to the terminal, else exits if * it encounters a permanent failure when writing to the tty. * * Return value: * -1: No useful work done, data waiting to go out. * 0: No data was waiting, so nothing was done. * 1: All waiting data was written out. * n: All data - n was written out. */ int ttyflush(int drop) { int n, n0, n1; n0 = ring_full_count(&ttyoring); if ((n1 = n = ring_full_consecutive(&ttyoring)) > 0) { if (drop) { TerminalFlushOutput(); /* we leave 'n' alone! */ } else { n = TerminalWrite(ttyoring.consume, n); } } if (n > 0) { if (termdata && n) { Dump('>', ttyoring.consume, n); } /* * If we wrote everything, and the full count is * larger than what we wrote, then write the * rest of the buffer. */ if (n1 == n && n0 > n) { n1 = n0 - n; if (!drop) n1 = TerminalWrite(ttyoring.bottom, n1); if (n1 > 0) n += n1; } ring_consumed(&ttyoring, n); } if (n < 0) { if (errno == EAGAIN || errno == EINTR) { return -1; } else { ring_consumed(&ttyoring, ring_full_count(&ttyoring)); setconnmode(0); setcommandmode(); NetClose(net); fprintf(stderr, "Write error on local output.\n"); exit(1); } return -1; } if (n == n0) { if (n0) return -1; return 0; } return n0 - n + 1; } /* * These routines decides on what the mode should be (based on the values * of various global variables). */ int getconnmode(void) { extern int linemode; int mode = 0; #ifdef KLUDGELINEMODE extern int kludgelinemode; #endif if (my_want_state_is_dont(TELOPT_ECHO)) mode |= MODE_ECHO; if (localflow) mode |= MODE_FLOW; if (my_want_state_is_will(TELOPT_BINARY)) mode |= MODE_INBIN; if (his_want_state_is_will(TELOPT_BINARY)) mode |= MODE_OUTBIN; #ifdef KLUDGELINEMODE if (kludgelinemode) { if (my_want_state_is_dont(TELOPT_SGA)) { mode |= (MODE_TRAPSIG|MODE_EDIT); if (dontlecho && (clocks.echotoggle > clocks.modenegotiated)) { mode &= ~MODE_ECHO; } } return(mode); } #endif if (my_want_state_is_will(TELOPT_LINEMODE)) mode |= linemode; return(mode); } void setconnmode(int force) { #ifdef ENCRYPTION static int enc_passwd = 0; #endif /* ENCRYPTION */ int newmode; newmode = getconnmode()|(force?MODE_FORCE:0); TerminalNewMode(newmode); #ifdef ENCRYPTION if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) { if (my_want_state_is_will(TELOPT_ENCRYPT) && (enc_passwd == 0) && !encrypt_output) { encrypt_request_start(0, 0); enc_passwd = 1; } } else { if (enc_passwd) { encrypt_request_end(); enc_passwd = 0; } } #endif /* ENCRYPTION */ } void setcommandmode(void) { TerminalNewMode(-1); } diff --git a/contrib/telnet/telnet/utilities.c b/contrib/telnet/telnet/utilities.c index 36432e6a32f0..516c1e5e538a 100644 --- a/contrib/telnet/telnet/utilities.c +++ b/contrib/telnet/telnet/utilities.c @@ -1,908 +1,906 @@ /* * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if 0 #ifndef lint static const char sccsid[] = "@(#)utilities.c 8.3 (Berkeley) 5/30/95"; #endif #endif -#include -__FBSDID("$FreeBSD$"); #define TELOPTS #define TELCMDS #define SLC_NAMES #include #include #include #include #include #include #include #include "general.h" #include "fdset.h" #include "ring.h" #include "defines.h" #include "externs.h" #ifdef AUTHENTICATION #include #endif #ifdef ENCRYPTION #include #endif FILE *NetTrace = 0; /* Not in bss, since needs to stay */ int prettydump; /* * upcase() * * Upcase (in place) the argument. */ void upcase(char *argument) { int c; while ((c = *argument) != 0) { if (islower(c)) { *argument = toupper(c); } argument++; } } /* * SetSockOpt() * * Compensate for differences in 4.2 and 4.3 systems. */ int SetSockOpt(int fd, int level, int option, int yesno) { return setsockopt(fd, level, option, (char *)&yesno, sizeof yesno); } /* * The following are routines used to print out debugging information. */ unsigned char NetTraceFile[256] = "(standard output)"; void SetNetTrace(char *file) { if (NetTrace && NetTrace != stdout) fclose(NetTrace); if (file && (strcmp(file, "-") != 0)) { NetTrace = fopen(file, "w"); if (NetTrace) { strcpy((char *)NetTraceFile, file); return; } fprintf(stderr, "Cannot open %s.\n", file); } NetTrace = stdout; strcpy((char *)NetTraceFile, "(standard output)"); } void Dump(char direction, unsigned char *buffer, int length) { # define BYTES_PER_LINE 32 # define min(x,y) ((x= 3) { int j; i = pointer[length-2]; j = pointer[length-1]; if (i != IAC || j != SE) { fprintf(NetTrace, "(terminated by "); if (TELOPT_OK(i)) fprintf(NetTrace, "%s ", TELOPT(i)); else if (TELCMD_OK(i)) fprintf(NetTrace, "%s ", TELCMD(i)); else fprintf(NetTrace, "%d ", i); if (TELOPT_OK(j)) fprintf(NetTrace, "%s", TELOPT(j)); else if (TELCMD_OK(j)) fprintf(NetTrace, "%s", TELCMD(j)); else fprintf(NetTrace, "%d", j); fprintf(NetTrace, ", not IAC SE!) "); } } length -= 2; } if (length < 1) { fprintf(NetTrace, "(Empty suboption??\?)"); if (NetTrace == stdout) fflush(NetTrace); return; } switch (pointer[0]) { case TELOPT_TTYPE: fprintf(NetTrace, "TERMINAL-TYPE "); switch (pointer[1]) { case TELQUAL_IS: fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2); break; case TELQUAL_SEND: fprintf(NetTrace, "SEND"); break; default: fprintf(NetTrace, "- unknown qualifier %d (0x%x).", pointer[1], pointer[1]); } break; case TELOPT_TSPEED: fprintf(NetTrace, "TERMINAL-SPEED"); if (length < 2) { fprintf(NetTrace, " (empty suboption??\?)"); break; } switch (pointer[1]) { case TELQUAL_IS: fprintf(NetTrace, " IS "); fprintf(NetTrace, "%.*s", length-2, (char *)pointer+2); break; default: if (pointer[1] == 1) fprintf(NetTrace, " SEND"); else fprintf(NetTrace, " %d (unknown)", pointer[1]); for (i = 2; i < length; i++) fprintf(NetTrace, " ?%d?", pointer[i]); break; } break; case TELOPT_LFLOW: fprintf(NetTrace, "TOGGLE-FLOW-CONTROL"); if (length < 2) { fprintf(NetTrace, " (empty suboption??\?)"); break; } switch (pointer[1]) { case LFLOW_OFF: fprintf(NetTrace, " OFF"); break; case LFLOW_ON: fprintf(NetTrace, " ON"); break; case LFLOW_RESTART_ANY: fprintf(NetTrace, " RESTART-ANY"); break; case LFLOW_RESTART_XON: fprintf(NetTrace, " RESTART-XON"); break; default: fprintf(NetTrace, " %d (unknown)", pointer[1]); } for (i = 2; i < length; i++) fprintf(NetTrace, " ?%d?", pointer[i]); break; case TELOPT_NAWS: fprintf(NetTrace, "NAWS"); if (length < 2) { fprintf(NetTrace, " (empty suboption??\?)"); break; } if (length == 2) { fprintf(NetTrace, " ?%d?", pointer[1]); break; } fprintf(NetTrace, " %d %d (%d)", pointer[1], pointer[2], (int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2]))); if (length == 4) { fprintf(NetTrace, " ?%d?", pointer[3]); break; } fprintf(NetTrace, " %d %d (%d)", pointer[3], pointer[4], (int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4]))); for (i = 5; i < length; i++) fprintf(NetTrace, " ?%d?", pointer[i]); break; #ifdef AUTHENTICATION case TELOPT_AUTHENTICATION: fprintf(NetTrace, "AUTHENTICATION"); if (length < 2) { fprintf(NetTrace, " (empty suboption??\?)"); break; } switch (pointer[1]) { case TELQUAL_REPLY: case TELQUAL_IS: fprintf(NetTrace, " %s ", (pointer[1] == TELQUAL_IS) ? "IS" : "REPLY"); if (AUTHTYPE_NAME_OK(pointer[2])) fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[2])); else fprintf(NetTrace, "%d ", pointer[2]); if (length < 3) { fprintf(NetTrace, "(partial suboption??\?)"); break; } fprintf(NetTrace, "%s|%s", ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? "CLIENT" : "SERVER", ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? "MUTUAL" : "ONE-WAY"); auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); fprintf(NetTrace, "%s", buf); break; case TELQUAL_SEND: i = 2; fprintf(NetTrace, " SEND "); while (i < length) { if (AUTHTYPE_NAME_OK(pointer[i])) fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[i])); else fprintf(NetTrace, "%d ", pointer[i]); if (++i >= length) { fprintf(NetTrace, "(partial suboption??\?)"); break; } fprintf(NetTrace, "%s|%s ", ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? "CLIENT" : "SERVER", ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? "MUTUAL" : "ONE-WAY"); ++i; } break; case TELQUAL_NAME: i = 2; fprintf(NetTrace, " NAME \""); while (i < length) putc(pointer[i++], NetTrace); putc('"', NetTrace); break; default: for (i = 2; i < length; i++) fprintf(NetTrace, " ?%d?", pointer[i]); break; } break; #endif #ifdef ENCRYPTION case TELOPT_ENCRYPT: fprintf(NetTrace, "ENCRYPT"); if (length < 2) { fprintf(NetTrace, " (empty suboption??\?)"); break; } switch (pointer[1]) { case ENCRYPT_START: fprintf(NetTrace, " START"); break; case ENCRYPT_END: fprintf(NetTrace, " END"); break; case ENCRYPT_REQSTART: fprintf(NetTrace, " REQUEST-START"); break; case ENCRYPT_REQEND: fprintf(NetTrace, " REQUEST-END"); break; case ENCRYPT_IS: case ENCRYPT_REPLY: fprintf(NetTrace, " %s ", (pointer[1] == ENCRYPT_IS) ? "IS" : "REPLY"); if (length < 3) { fprintf(NetTrace, " (partial suboption??\?)"); break; } if (ENCTYPE_NAME_OK(pointer[2])) fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[2])); else fprintf(NetTrace, " %d (unknown)", pointer[2]); encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf)); fprintf(NetTrace, "%s", buf); break; case ENCRYPT_SUPPORT: i = 2; fprintf(NetTrace, " SUPPORT "); while (i < length) { if (ENCTYPE_NAME_OK(pointer[i])) fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[i])); else fprintf(NetTrace, "%d ", pointer[i]); i++; } break; case ENCRYPT_ENC_KEYID: fprintf(NetTrace, " ENC_KEYID "); goto encommon; case ENCRYPT_DEC_KEYID: fprintf(NetTrace, " DEC_KEYID "); goto encommon; default: fprintf(NetTrace, " %d (unknown)", pointer[1]); encommon: for (i = 2; i < length; i++) fprintf(NetTrace, " %d", pointer[i]); break; } break; #endif /* ENCRYPTION */ case TELOPT_LINEMODE: fprintf(NetTrace, "LINEMODE "); if (length < 2) { fprintf(NetTrace, " (empty suboption??\?)"); break; } switch (pointer[1]) { case WILL: fprintf(NetTrace, "WILL "); goto common; case WONT: fprintf(NetTrace, "WONT "); goto common; case DO: fprintf(NetTrace, "DO "); goto common; case DONT: fprintf(NetTrace, "DONT "); common: if (length < 3) { fprintf(NetTrace, "(no option??\?)"); break; } switch (pointer[2]) { case LM_FORWARDMASK: fprintf(NetTrace, "Forward Mask"); for (i = 3; i < length; i++) fprintf(NetTrace, " %x", pointer[i]); break; default: fprintf(NetTrace, "%d (unknown)", pointer[2]); for (i = 3; i < length; i++) fprintf(NetTrace, " %d", pointer[i]); break; } break; case LM_SLC: fprintf(NetTrace, "SLC"); for (i = 2; i < length - 2; i += 3) { if (SLC_NAME_OK(pointer[i+SLC_FUNC])) fprintf(NetTrace, " %s", SLC_NAME(pointer[i+SLC_FUNC])); else fprintf(NetTrace, " %d", pointer[i+SLC_FUNC]); switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) { case SLC_NOSUPPORT: fprintf(NetTrace, " NOSUPPORT"); break; case SLC_CANTCHANGE: fprintf(NetTrace, " CANTCHANGE"); break; case SLC_VARIABLE: fprintf(NetTrace, " VARIABLE"); break; case SLC_DEFAULT: fprintf(NetTrace, " DEFAULT"); break; } fprintf(NetTrace, "%s%s%s", pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "", pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "", pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : ""); if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN| SLC_FLUSHOUT| SLC_LEVELBITS)) fprintf(NetTrace, "(0x%x)", pointer[i+SLC_FLAGS]); fprintf(NetTrace, " %d;", pointer[i+SLC_VALUE]); if ((pointer[i+SLC_VALUE] == IAC) && (pointer[i+SLC_VALUE+1] == IAC)) i++; } for (; i < length; i++) fprintf(NetTrace, " ?%d?", pointer[i]); break; case LM_MODE: fprintf(NetTrace, "MODE "); if (length < 3) { fprintf(NetTrace, "(no mode??\?)"); break; } { char tbuf[64]; snprintf(tbuf, sizeof(tbuf), "%s%s%s%s%s", pointer[2]&MODE_EDIT ? "|EDIT" : "", pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "", pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "", pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "", pointer[2]&MODE_ACK ? "|ACK" : ""); fprintf(NetTrace, "%s", tbuf[1] ? &tbuf[1] : "0"); } if (pointer[2]&~(MODE_MASK)) fprintf(NetTrace, " (0x%x)", pointer[2]); for (i = 3; i < length; i++) fprintf(NetTrace, " ?0x%x?", pointer[i]); break; default: fprintf(NetTrace, "%d (unknown)", pointer[1]); for (i = 2; i < length; i++) fprintf(NetTrace, " %d", pointer[i]); } break; case TELOPT_STATUS: { const char *cp; int j, k; fprintf(NetTrace, "STATUS"); switch (pointer[1]) { default: if (pointer[1] == TELQUAL_SEND) fprintf(NetTrace, " SEND"); else fprintf(NetTrace, " %d (unknown)", pointer[1]); for (i = 2; i < length; i++) fprintf(NetTrace, " ?%d?", pointer[i]); break; case TELQUAL_IS: if (--want_status_response < 0) want_status_response = 0; if (NetTrace == stdout) fprintf(NetTrace, " IS\r\n"); else fprintf(NetTrace, " IS\n"); for (i = 2; i < length; i++) { switch(pointer[i]) { case DO: cp = "DO"; goto common2; case DONT: cp = "DONT"; goto common2; case WILL: cp = "WILL"; goto common2; case WONT: cp = "WONT"; goto common2; common2: i++; if (TELOPT_OK((int)pointer[i])) fprintf(NetTrace, " %s %s", cp, TELOPT(pointer[i])); else fprintf(NetTrace, " %s %d", cp, pointer[i]); if (NetTrace == stdout) fprintf(NetTrace, "\r\n"); else fprintf(NetTrace, "\n"); break; case SB: fprintf(NetTrace, " SB "); i++; j = k = i; while (j < length) { if (pointer[j] == SE) { if (j+1 == length) break; if (pointer[j+1] == SE) j++; else break; } pointer[k++] = pointer[j++]; } printsub(0, &pointer[i], k - i); if (i < length) { fprintf(NetTrace, " SE"); i = j; } else i = j - 1; if (NetTrace == stdout) fprintf(NetTrace, "\r\n"); else fprintf(NetTrace, "\n"); break; default: fprintf(NetTrace, " %d", pointer[i]); break; } } break; } break; } case TELOPT_XDISPLOC: fprintf(NetTrace, "X-DISPLAY-LOCATION "); switch (pointer[1]) { case TELQUAL_IS: fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2); break; case TELQUAL_SEND: fprintf(NetTrace, "SEND"); break; default: fprintf(NetTrace, "- unknown qualifier %d (0x%x).", pointer[1], pointer[1]); } break; case TELOPT_NEW_ENVIRON: fprintf(NetTrace, "NEW-ENVIRON "); #ifdef OLD_ENVIRON goto env_common1; case TELOPT_OLD_ENVIRON: fprintf(NetTrace, "OLD-ENVIRON"); env_common1: #endif switch (pointer[1]) { case TELQUAL_IS: fprintf(NetTrace, "IS "); goto env_common; case TELQUAL_SEND: fprintf(NetTrace, "SEND "); goto env_common; case TELQUAL_INFO: fprintf(NetTrace, "INFO "); env_common: { int noquote = 2; #if defined(ENV_HACK) && defined(OLD_ENVIRON) extern int old_env_var, old_env_value; #endif for (i = 2; i < length; i++ ) { switch (pointer[i]) { case NEW_ENV_VALUE: #ifdef OLD_ENVIRON /* case NEW_ENV_OVAR: */ if (pointer[0] == TELOPT_OLD_ENVIRON) { # ifdef ENV_HACK if (old_env_var == OLD_ENV_VALUE) fprintf(NetTrace, "\" (VALUE) " + noquote); else # endif fprintf(NetTrace, "\" VAR " + noquote); } else #endif /* OLD_ENVIRON */ fprintf(NetTrace, "%s", "\" VALUE " + noquote); noquote = 2; break; case NEW_ENV_VAR: #ifdef OLD_ENVIRON /* case OLD_ENV_VALUE: */ if (pointer[0] == TELOPT_OLD_ENVIRON) { # ifdef ENV_HACK if (old_env_value == OLD_ENV_VAR) fprintf(NetTrace, "\" (VAR) " + noquote); else # endif fprintf(NetTrace, "\" VALUE " + noquote); } else #endif /* OLD_ENVIRON */ fprintf(NetTrace, "%s", "\" VAR " + noquote); noquote = 2; break; case ENV_ESC: fprintf(NetTrace, "%s", "\" ESC " + noquote); noquote = 2; break; case ENV_USERVAR: fprintf(NetTrace, "%s", "\" USERVAR " + noquote); noquote = 2; break; default: if (isprint(pointer[i]) && pointer[i] != '"') { if (noquote) { putc('"', NetTrace); noquote = 0; } putc(pointer[i], NetTrace); } else { fprintf(NetTrace, "\" %03o " + noquote, pointer[i]); noquote = 2; } break; } } if (!noquote) putc('"', NetTrace); break; } } break; default: if (TELOPT_OK(pointer[0])) fprintf(NetTrace, "%s (unknown)", TELOPT(pointer[0])); else fprintf(NetTrace, "%d (unknown)", pointer[0]); for (i = 1; i < length; i++) fprintf(NetTrace, " %d", pointer[i]); break; } if (direction) { if (NetTrace == stdout) fprintf(NetTrace, "\r\n"); else fprintf(NetTrace, "\n"); } if (NetTrace == stdout) fflush(NetTrace); } } /* EmptyTerminal - called to make sure that the terminal buffer is empty. * Note that we consider the buffer to run all the * way to the kernel (thus the select). */ static void EmptyTerminal(void) { fd_set o; FD_ZERO(&o); if (TTYBYTES() == 0) { FD_SET(tout, &o); (void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0, (struct timeval *) 0); /* wait for TTLOWAT */ } else { while (TTYBYTES()) { (void) ttyflush(0); FD_SET(tout, &o); (void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0, (struct timeval *) 0); /* wait for TTLOWAT */ } } } static void SetForExit(void) { setconnmode(0); do { (void)telrcv(); /* Process any incoming data */ EmptyTerminal(); } while (ring_full_count(&netiring)); /* While there is any */ setcommandmode(); fflush(stdout); fflush(stderr); setconnmode(0); EmptyTerminal(); /* Flush the path to the tty */ setcommandmode(); } void Exit(int returnCode) { SetForExit(); exit(returnCode); } void ExitString(const char *string, int returnCode) { SetForExit(); fwrite(string, 1, strlen(string), stderr); exit(returnCode); }