-# $OpenBSD: Makefile,v 1.30 2014/04/22 10:21:56 reyk Exp $
+# $OpenBSD: Makefile,v 1.31 2014/07/19 23:50:38 guenther Exp $
#
# Copyright (c) 1990 The Regents of the University of California.
# All rights reserved.
PROG= telnet
-CFLAGS+=-DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DSKEY -Dunix -I${.CURDIR}
-CFLAGS+= -DHAS_CGETENT -Wall -Wno-unused
+CFLAGS+=-DKLUDGELINEMODE -DSKEY -I${.CURDIR}
+CFLAGS+= -Wall -Wno-unused -Werror-implicit-function-declaration
LDADD+= -lcurses
DPADD= ${LIBCURSES}
-SRCS= authenc.c commands.c main.c network.c ring.c sys_bsd.c telnet.c \
- terminal.c tn3270.c utilities.c auth.c encrypt.c genget.c getent.c \
- misc.c
+SRCS= commands.c main.c network.c ring.c sys_bsd.c telnet.c \
+ terminal.c utilities.c genget.c
.include <bsd.prog.mk>
- $OpenBSD: README,v 1.4 2003/11/08 19:17:29 jmc Exp $
-
-This is a distribution of both client and server telnet. These programs
-have been compiled on:
- telnet telnetd
- 4.4 BSD-Lite x x
- 4.3 BSD Reno X X
- UNICOS 9.1 X X
- UNICOS 9.0 X X
- UNICOS 8.0 X X
- BSDI 2.0 X X
- Solaris 2.4 x x (no linemode in server)
- SunOs 4.1.4 X X (no linemode in server)
- Ultrix 4.3 X X (no linemode in server)
- Ultrix 4.1 X X (no linemode in server)
-
-In addition, previous versions have been compiled on the following
-machines, but were not available for testing this version.
- telnet telnetd
- Next1.0 X X
- UNICOS 8.3 X X
- UNICOS 7.C X X
- UNICOS 7.0 X X
- SunOs 4.0.3c X X (no linemode in server)
- 4.3 BSD X X (no linemode in server)
- DYNIX V3.0.12 X X (no linemode in server)
- Ultrix 3.1 X X (no linemode in server)
- Ultrix 4.0 X X (no linemode in server)
- SunOs 3.5 X X (no linemode in server)
- SunOs 4.1.3 X X (no linemode in server)
- Solaris 2.2 x x (no linemode in server)
- Solaris 2.3 x x (no linemode in server)
- BSDI 1.0 X X
- BSDI 1.1 X X
- DYNIX V3.0.17.9 X X (no linemode in server)
- HP-UX 8.0 x x (no linemode in server)
-
-This code should work, but there are no guarantees.
-
-Oct 23, 1995
-
-This is a bugfix release.
-
- The change in the previous release from using makeutx() to
- pututxline() caused problems on SunOS/Solaris. It has been
- changed back to using makeutx(). Symptoms include users
- getting error messages when logging in about not being able
- to open the tty.
-
- Using memmove() instead of memcpy() caused problems under
- SunOS 4.x, since it doesn't have memmove(). Config.generic
- has been modified to include mem.o for SunOS 4.x.
-
- Some new code was added to telnetd to do some enviornment
- variable cleanup before execing login. Thanks to Sam Hartman
- at MIT for pointing this out.
-
- A couple of other minor bugfixes.
-
-May 30, 1995
-
-This release represents what is on the 4.4BSD-Lite2 release, which
-should be the final BSD release. I will continue to support of
-telnet, The code (without encryption) is available via anonymous ftp
-from ftp.cray.com, in src/telnet/telnet.YY.MM.DD.NE.tar.Z, where
-YY.MM.DD is replaced with the year, month and day of the release.
-If you can't find it at one of these places, at some point in the
-near future information about the latest releases should be available
-from ftp.borman.com.
-
-In addition, the version with the encryption code is available via
-ftp from net-dist.mit.edu, in the directory /pub/telnet. There
-is a README file there that gives further information on how
-to get the distribution.
-
-Questions, comments, bug reports and bug fixes can be sent to
-one of these addresses:
- dab@borman.com
- dab@cray.com
- dab@bsdi.com
-
-This release is mainly bug fixes and code cleanup.
-
- Replace all calls to bcopy()/bzero() with calls to
- memmove()/memset() and all calls to index()/rindex()
- with calls to strchr()/strrchr().
-
- Add some missing diagnostics for option tracing
- to telnetd.
-
- Add support for BSDI 2.0 and Solaris 2.4.
-
- Add support for UNICOS 8.0
-
- Get rid of expanded tabs and trailing white spaces.
-
- From Paul Vixie:
- Fix for telnet going into an endless spin
- when the session dies abnormally.
-
- From Jef Poskanzer:
- Changes to allow telnet to compile
- under SunOS 3.5.
-
- From Philip Guenther:
- makeutx() doesn't expand utmpx,
- use pututxline() instead.
-
- From Chris Torek:
- Add a sleep(1) before execing login
- to avoid race condition that can eat
- up the login prompt.
- Use terminal speed directly if it is
- not an encoded value.
-
- From Steve Parker:
- Fix to realloc() call. Fix for execing
- login on solaris with no user name.
-
-January 19, 1994
-
-This is a list of some of the changes since the last tar release
-of telnet/telnetd. There are probably other changes that aren't
-listed here, but this should hit a lot of the main ones.
-
- General:
- Changed #define for AUTHENTICATE to AUTHENTICATION
- Changed #define for ENCRYPT to ENCRYPTION
- Changed #define for DES_ENCRYPT to DES_ENCRYPTION
-
- Added support for SPX authentication: -DSPX
-
- Added support for Kerberos Version 5 authentication: -DKRB5
-
- Added support for ANSI C function prototypes
-
- Added support for the NEW-ENVIRON option (RFC-1572)
- including support for USERVAR.
-
- Made support for the old Environment Option (RFC-1408)
- conditional on -DOLD_ENVIRON
-
- Added #define ENV_HACK - support for RFC 1571
-
- The encryption code is removed from the public distributions.
- Domestic 4.4 BSD distributions contain the encryption code.
-
- ENV_HACK: Code to deal with systems that only implement
- the old ENVIRON option, and have reversed definitions
- of ENV_VAR and ENV_VAL. Also fixes ENV processing in
- client to handle things besides just the default set...
-
- NO_BSD_SETJMP: UNICOS configuration for
- UNICOS 6.1/6.0/5.1/5.0 systems.
-
- STREAMSPTY: Use /dev/ptmx to get a clean pty. This
- is for SVr4 derivatives (Like Solaris)
-
- UTMPX: For systems that have /etc/utmpx. This is for
- SVr4 derivatives (Like Solaris)
-
- Definitions for BSDI 1.0
-
- Definitions for 4.3 Reno and 4.4 BSD.
-
- Definitions for UNICOS 8.0 and UNICOS 7.C
-
- Definitions for Solaris 2.0
-
- Definitions for HP-UX 8.0
-
- Latest Copyright notices from Berkeley.
-
- FLOW-CONTROL: support for RFC-XXXx
-
-
- Client Specific:
-
- Fix the "send" command to not send garbage...
-
- Fix status message for "skiprc"
-
- Make sure to send NAWS after telnet has been suspended
- or an external command has been run, if the window size
- has changed.
-
- sysV88 support.
-
- Server Specific:
-
- Support flowcontrol option in non-linemode servers.
-
- -k Server supports Kludge Linemode, but will default to
- either single character mode or real Linemode support.
- The user will have to explicitly ask to switch into
- kludge linemode. ("stty extproc", or escape back to
- to telnet and say "mode line".)
-
- -u Specify the length of the hostname field in the utmp
- file. Hostname longer than this length will be put
- into the utmp file in dotted decimal notation, rather
- than putting in a truncated hostname.
-
- -U Registered hosts only. If a reverse hostname lookup
- fails, the connection will be refused.
-
- -f/-F
- Allows forwarding of credentials for KRB5.
-
-Februrary 22, 1991:
-
- Features:
-
- This version of telnet/telnetd has support for both
- the AUTHENTICATION and ENCRYPTION options. The
- AUTHENTICATION option is fairly well defined, and
- an option number has been assigned to it. The
- ENCRYPTION option is still in a state of flux; an
- option number has been assigned to, but it is still
- subject to change. The code is provided in this release
- for experimental and testing purposes.
-
- The telnet "send" command can now be used to send
- do/dont/will/wont commands, with any telnet option
- name. The rules for when do/dont/will/wont are sent
- are still followed, so just because the user requests
- that one of these be sent doesn't mean that it will
- be sent...
-
- The telnet "getstatus" command no longer requires
- that option printing be enabled to see the response
- to the "DO STATUS" command.
-
- A -n flag has been added to telnetd to disable
- keepalives.
-
- A new telnet command, "auth" has been added (if
- AUTHENTICATE is defined). It has four sub-commands,
- "status", "disable", "enable" and "help".
-
- A new telnet command, "encrypt" has been added (if
- ENCRYPT is defined). It has many sub-commands:
- "enable", "type", "start", "stop", "input",
- "-input", "output", "-output", "status", and "help".
-
- The LOGOUT option is now supported by both telnet
- and telnetd, a new command, "logout", was added
- to support this.
-
- Several new toggle options were added:
- "autoencrypt", "autodecrypt", "autologin", "authdebug",
- "encdebug", "skiprc", "verbose_encrypt"
-
- An "rlogin" interface has been added. If the program
- is named "rlogin", or the "-r" flag is given, then
- an rlogin type of interface will be used.
- ~. Terminates the session
- ~<susp> Suspend the session
- ~^] Escape to telnet command mode
- ~~ Pass through the ~.
- BUG: If you type the rlogin escape character
- in the middle of a line while in rlogin
- mode, you cannot erase it or any characters
- before it. Hopefully this can be fixed
- in a future release...
-
- General changes:
-
- A "libtelnet.a" has now been created. This libraray
- contains code that is common to both telnet and
- telnetd. This is also where library routines that
- are needed, but are not in the standard C library,
- are placed.
-
- The makefiles have been re-done. All of the site
- specific configuration information has now been put
- into a single "Config.generic" file, in the top level
- directory. Changing this one file will take care of
- all three subdirectories. Also, to add a new/local
- definition, a "Config.local" file may be created
- at the top level; if that file exists, the subdirectories
- will use that file instead of "Config.generic".
-
- Many 1-2 line functions in commands.c have been
- removed, and just inserted in-line, or replaced
- with a macro.
-
- Bug Fixes:
-
- The non-termio code in both telnet and telnetd was
- setting/clearing CTLECH in the sg_flags word. This
- was incorrect, and has been changed to set/clear the
- LCTLECH bit in the local mode word.
-
- The SRCRT #define has been removed. If IP_OPTIONS
- and IPPROTO_IP are defined on the system, then the
- source route code is automatically enabled.
-
- The NO_GETTYTAB #define has been removed; there
- is a compatibility routine that can be built into
- libtelnet to achive the same results.
-
- The server, telnetd, has been switched to use getopt()
- for parsing the argument list.
-
- The code for getting the input/output speeds via
- cfgetispeed()/cfgetospeed() was still not quite
- right in telnet. Posix says if the ispeed is 0,
- then it is really equal to the ospeed.
-
- The suboption processing code in telnet now has
- explicit checks to make sure that we received
- the entire suboption (telnetd was already doing this).
-
- The telnet code for processing the terminal type
- could cause a core dump if an existing connection
- was closed, and a new connection opened without
- exiting telnet.
-
- Telnetd was doing a TCSADRAIN when setting the new
- terminal settings; This is not good, because it means
- that the tcsetattr() will hang waiting for output to
- drain, and telnetd is the only one that will drain
- the output... The fix is to use TCSANOW which does
- not wait.
-
- Telnetd was improperly setting/clearing the ISTRIP
- flag in the c_lflag field, it should be using the
- c_iflag field.
-
- When the child process of telnetd was opening the
- slave side of the pty, it was re-setting the EXTPROC
- bit too early, and some of the other initialization
- code was wiping it out. This would cause telnetd
- to go out of linemode and into single character mode.
-
- One instance of leaving linemode in telnetd forgot
- to send a WILL ECHO to the client, the net result
- would be that the user would see double character
- echo.
-
- If the MODE was being changed several times very
- quickly, telnetd could get out of sync with the
- state changes and the returning acks; and wind up
- being left in the wrong state.
-
-September 14, 1990:
-
- Switch the client to use getopt() for parsing the
- argument list. The 4.3Reno getopt.c is included for
- systems that don't have getopt().
-
- Use the posix _POSIX_VDISABLE value for what value
- to use when disabling special characters. If this
- is undefined, it defaults to 0x3ff.
-
- For non-termio systems, TIOCSETP was being used to
- change the state of the terminal. This causes the
- input queue to be flushed, which we don't want. This
- is now changed to TIOCSETN.
-
- Take out the "#ifdef notdef" around the code in the
- server that generates a "sync" when the pty oputput
- is flushed. The potential problem is that some older
- telnet clients may go into an infinate loop when they
- receive a "sync", if so, the server can be compiled
- with "NO_URGENT" defined.
-
- Fix the client where it was setting/clearing the OPOST
- bit in the c_lflag field, not the c_oflag field.
-
- Fix the client where it was setting/clearing the ISTRIP
- bit in the c_lflag field, not the c_iflag field. (On
- 4.3Reno, this is the ECHOPRT bit in the c_lflag field.)
- The client also had its interpretation of WILL BINARY
- and DO BINARY reversed.
-
- Fix a bug in client that would cause a core dump when
- attempting to remove the last environment variable.
-
- In the client, there were a few places were switch()
- was being passed a character, and if it was a negative
- value, it could get sign extended, and not match
- the 8 bit case statements. The fix is to and the
- switch value with 0xff.
-
- Add a couple more printoption() calls in the client, I
- don't think there are any more places were a telnet
- command can be received and not printed out when
- "options" is on.
-
- A new flag has been added to the client, "-a". Currently,
- this just causes the USER name to be sent across, in
- the future this may be used to signify that automatic
- authentication is requested.
-
- The USER variable is now only sent by the client if
- the "-a" or "-l user" options are explicity used, or
- if the user explicitly asks for the "USER" environment
- variable to be exported. In the server, if it receives
- the "USER" environment variable, it won't print out the
- banner message, so that only "Password:" will be printed.
- This makes the symantics more like rlogin, and should be
- more familiar to the user. (People are not used to
- getting a banner message, and then getting just a
- "Password:" prompt.)
-
- Re-vamp the code for starting up the child login
- process. The code was getting ugly, and it was
- hard to tell what was really going on. What we
- do now is after the fork(), in the child:
- 1) make sure we have no controlling tty
- 2) open and initialize the tty
- 3) do a setsid()/setpgrp()
- 4) makes the tty our controlling tty.
- On some systems, #2 makes the tty our controlling
- tty, and #4 is a no-op. The parent process does
- a gets rid of any controlling tty after the child
- is fork()ed.
-
- Use the strdup() library routine in telnet, instead
- of the local savestr() routine. If you don't have
- strdup(), you need to define NO_STRDUP.
-
- Add support for ^T (SIGINFO/VSTATUS), found in the
- 4.3Reno distribution. This maps to the AYT character.
- You need a 4-line bugfix in the kernel to get this
- to work properly:
-
- > *** tty_pty.c.ORG Tue Sep 11 09:41:53 1990
- > --- tty_pty.c Tue Sep 11 17:48:03 1990
- > ***************
- > *** 609,613 ****
- > if ((tp->t_lflag&NOFLSH) == 0)
- > ttyflush(tp, FREAD|FWRITE);
- > ! pgsignal(tp->t_pgrp, *(unsigned int *)data);
- > return(0);
- > }
- > --- 609,616 ----
- > if ((tp->t_lflag&NOFLSH) == 0)
- > ttyflush(tp, FREAD|FWRITE);
- > ! pgsignal(tp->t_pgrp, *(unsigned int *)data, 1);
- > ! if ((*(unsigned int *)data == SIGINFO) &&
- > ! ((tp->t_lflag&NOKERNINFO) == 0))
- > ! ttyinfo(tp);
- > return(0);
- > }
-
- The client is now smarter when setting the telnet escape
- character; it only sets it to one of VEOL and VEOL2 if
- one of them is undefined, and the other one is not already
- defined to the telnet escape character.
-
- Handle TERMIOS systems that have separate input and output
- line speed settings imbedded in the flags.
-
- Many other minor bug fixes.
-
-June 20, 1990:
- Re-organize makefiles and source tree. The telnet/Source
- directory is now gone, and all the source that was in
- telnet/Source is now just in the telnet directory.
-
- Separate makefile for each system are now gone. There
- are two makefiles, Makefile and Makefile.generic.
- The "Makefile" has the definitions for the various
- system, and "Makefile.generic" does all the work.
- There is a variable called "WHAT" that is used to
- specify what to make. For example, in the telnet
- directory, you might say:
- make 4.4bsd WHAT=clean
- to clean out the directory.
-
- Add support for the ENVIRON and XDISPLOC options.
- In order for the server to work, login has to have
- the "-p" option to preserve environment variables.
-
- Add the SOFT_TAB and LIT_ECHO modes in the LINEMODE support.
-
- Add the "-l user" option to command line and open command
- (This is passed through the ENVIRON option).
-
- Add the "-e" command line option, for setting the escape
- character.
-
- Add the "-D", diagnostic, option to the server. This allows
- the server to print out debug information, which is very
- useful when trying to debug a telnet that doesn't have any
- debugging ability.
-
- Turn off the literal next character when not in LINEMODE.
-
- Don't recognize ^Y locally, just pass it through.
-
- Make minor modifications for Sun4.0 and Sun4.1
-
- Add support for both FORW1 and FORW2 characters. The
- telnet escpape character is set to whichever of the
- two is not being used. If both are in use, the escape
- character is not set, so when in linemode the user will
- have to follow the escape character with a <CR> or <EOF)
- to get it passed through.
-
- Commands can now be put in single and double quotes, and
- a backslash is now an escape character. This is needed
- for allowing arbitrary strings to be assigned to environment
- variables.
-
- Switch telnetd to use macros like telnet for keeping
- track of the state of all the options.
-
- Fix telnetd's processing of options so that we always do
- the right processing of the LINEMODE option, regardless
- of who initiates the request to turn it on. Also, make
- sure that if the other side went "WILL ECHO" in response
- to our "DO ECHO", that we send a "DONT ECHO" to get the
- option turned back off!
-
- Fix the TERMIOS setting of the terminal speed to handle both
- BSD's separate fields, and the SYSV method of CBAUD bits.
-
- Change how we deal with the other side refusing to enable
- an option. The sequence used to be: send DO option; receive
- WONT option; send DONT option. Now, the sequence is: send
- DO option; receive WONT option. Both should be valid
- according to the spec, but there has been at least one
- client implementation of telnet identified that can get
- really confused by this. (The exact sequence, from a trace
- on the server side, is (numbers are number of responses that
- we expect to get after that line...):
-
- send WILL ECHO 1 (initial request)
- send WONT ECHO 2 (server is changing state)
- recv DO ECHO 1 (first reply, ok. expect DONT ECHO next)
- send WILL ECHO 2 (server changes state again)
- recv DONT ECHO 1 (second reply, ok. expect DO ECHO next)
- recv DONT ECHO 0 (third reply, wrong answer. got DONT!!!)
- *** send WONT ECHO (send WONT to acknowledge the DONT)
- send WILL ECHO 1 (ask again to enable option)
- recv DO ECHO 0
-
- recv DONT ECHO 0
- send WONT ECHO 1
- recv DONT ECHO 0
- recv DO ECHO 1
- send WILL ECHO 0
- (and the last 5 lines loop forever)
-
- The line with the "***" is last of the WILL/DONT/WONT sequence.
- The change to the server to not generate that makes this same
- example become:
-
- send will ECHO 1
- send wont ECHO 2
- recv do ECHO 1
- send will ECHO 2
- recv dont ECHO 1
- recv dont ECHO 0
- recv do ECHO 1
- send will ECHO 0
-
- There is other option negotiation going on, and not sending
- the third part changes some of the timings, but this specific
- example no longer gets stuck in a loop. The "telnet.state"
- file has been modified to reflect this change to the algorithm.
-
- A bunch of miscellaneous bug fixes and changes to make
- lint happier.
-
- This version of telnet also has some KERBEROS stuff in
- it. This has not been tested, it uses an un-authorized
- telnet option number, and uses an out-of-date version
- of the (still being defined) AUTHENTICATION option.
- There is no support for this code, do not enable it.
-
-
-March 1, 1990:
-CHANGES/BUGFIXES SINCE LAST RELEASE:
- Some support for IP TOS has been added. Requires that the
- kernel support the IP_TOS socket option (currently this
- is only in UNICOS 6.0).
-
- Both telnet and telnetd now use the cc_t typedef. typedefs are
- included for systems that don't have it (in termios.h).
-
- SLC_SUSP was not supported properly before. It is now.
-
- IAC EOF was not translated properly in telnetd for SYSV_TERMIO
- when not in linemode. It now saves a copy of the VEOF character,
- so that when ICANON is turned off and we can't trust it anymore
- (because it is now the VMIN character) we use the saved value.
-
- There were two missing "break" commands in the linemode
- processing code in telnetd.
-
- Telnetd wasn't setting the kernel window size information
- properly. It was using the rows for both rows and columns...
-
-Questions/comments go to
- David Borman
- Cray Research, Inc.
- 655F Lone Oak Drive
- Eagan, MN 55123
- dab@cray.com.
-
-README: You are reading it.
-
-Config.generic:
- This file contains all the OS specific definitions. It
- has pre-definitions for many common system types, and is
- in standard makefile fromat. See the comments at the top
- of the file for more information.
-
-Config.local:
- This is not part of the distribution, but if this file exists,
- it is used instead of "Config.generic". This allows site
- specific configuration without having to modify the distributed
- "Config.generic" file.
-
-kern.diff:
- This file contains the diffs for the changes needed for the
- kernel to support LINEMODE is the server. These changes are
- for a 4.3BSD system. You may need to make some changes for
- your particular system.
-
- There is a new bit in the terminal state word, TS_EXTPROC.
- When this bit is set, several aspects of the terminal driver
- are disabled. Input line editing, character echo, and
- mapping of signals are all disabled. This allows the telnetd
- to turn of these functions when in linemode, but still keep
- track of what state the user wants the terminal to be in.
-
- New ioctl()s:
-
- TIOCEXT Turn on/off the TS_EXTPROC bit
- TIOCGSTATE Get t_state of tty to look at TS_EXTPROC bit
- TIOCSIG Generate a signal to processes in the
- current process group of the pty.
-
- There is a new mode for packet driver, the TIOCPKT_IOCTL bit.
- When packet mode is turned on in the pty, and the TS_EXTPROC
- bit is set, then whenever the state of the pty is changed, the
- next read on the master side of the pty will have the TIOCPKT_IOCTL
- bit set, and the data will contain the following:
- struct xx {
- struct sgttyb a;
- struct tchars b;
- struct ltchars c;
- int t_state;
- int t_flags;
- }
- This allows the process on the server side of the pty to know
- when the state of the terminal has changed, and what the new
- state is.
-
- However, if you define USE_TERMIO or SYSV_TERMIO, the code will
- expect that the structure returned in the TIOCPKT_IOCTL is
- the termio/termios structure.
-
-stty.diff:
- This file contains the changes needed for the stty(1) program
- to report on the current status of the TS_EXTPROC bit. It also
- allows the user to turn on/off the TS_EXTPROC bit. This is useful
- because it allows the user to say "stty -extproc", and the
- LINEMODE option will be automatically disabled, and saying "stty
- extproc" will re-enable the LINEMODE option.
-
-telnet.state:
- Both the client and server have code in them to deal
- with option negotiation loops. The algorithm that is
- used is described in this file.
-
-telnet:
- This directory contains the client code. No kernel changes are
- needed to use this code.
-
-telnetd:
- This directory contains the server code. If LINEMODE or KLUDGELINEMODE
- are defined, then the kernel modifications listed above are needed.
-
-libtelnet:
- This directory contains code that is common to both the client
- and the server.
-
-arpa:
- This directory has a new <arpa/telnet.h>
-
-libtelnet/Makefile.4.4:
-telnet/Makefile.4.4:
-telnetd/Makefile.4.4:
- These are the makefiles that can be used on a 4.3Reno
- system when this software is installed in /usr/src/lib/libtelnet,
- /usr/src/libexec/telnetd, and /usr/src/usr.bin/telnet.
+ $OpenBSD: README,v 1.5 2014/07/19 23:50:38 guenther Exp $
The following TELNET options are supported:
X-DISPLAY-LOCATION:
This functionality can be done through the ENVIRON
option, it is added here for completeness.
-
- AUTHENTICATION:
- This option is currently being defined by the IETF
- Telnet Working Group, and an RFC has not yet been
- issued. The basic framework is pretty much decided,
- but the definitions for the specific authentication
- schemes is still in a state of flux.
-
- ENCRYPTION:
- This option is currently being defined by the IETF
- Telnet Working Group, and an RFC has not yet been
- issued. The draft RFC is still in a state of flux,
- so this code may change in the future.
+++ /dev/null
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * from: @(#)auth-proto.h 8.1 (Berkeley) 6/4/93
- * $OpenBSD: auth-proto.h,v 1.2 2012/12/05 23:20:26 deraadt Exp $
- * $NetBSD: auth-proto.h,v 1.5 1996/02/24 01:15:16 jtk Exp $
- */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $KTH: auth-proto.h,v 1.10 2000/01/18 03:08:55 assar Exp $ */
-
-#if defined(AUTHENTICATION)
-Authenticator *findauthenticator (int, int);
-
-int auth_wait (char *, size_t);
-void auth_disable_name (char *);
-void auth_finished (Authenticator *, int);
-void auth_gen_printsub (unsigned char *, int, unsigned char *, int);
-void auth_init (const char *, int);
-void auth_is (unsigned char *, int);
-void auth_name (unsigned char*, int);
-void auth_reply (unsigned char *, int);
-void auth_request (void);
-void auth_send (unsigned char *, int);
-void auth_send_retry (void);
-void auth_printsub (unsigned char*, int, unsigned char*, int);
-int getauthmask (char *type, int *maskp);
-int auth_enable (char *type);
-int auth_disable (char *type);
-int auth_onoff (char *type, int on);
-int auth_togdebug (int on);
-int auth_status (void);
-int auth_sendname (unsigned char *cp, int len);
-void auth_debug (int mode);
-void auth_gen_printsub (unsigned char *data, int cnt,
- unsigned char *buf, int buflen);
-
-#ifdef UNSAFE
-int unsafe_init (Authenticator *, int);
-int unsafe_send (Authenticator *);
-void unsafe_is (Authenticator *, unsigned char *, int);
-void unsafe_reply (Authenticator *, unsigned char *, int);
-int unsafe_status (Authenticator *, char *, int);
-void unsafe_printsub (unsigned char *, int, unsigned char *, int);
-#endif
-
-#ifdef SRA
-int sra_init (Authenticator *, int);
-int sra_send (Authenticator *);
-void sra_is (Authenticator *, unsigned char *, int);
-void sra_reply (Authenticator *, unsigned char *, int);
-int sra_status (Authenticator *, char *, int);
-void sra_printsub (unsigned char *, int, unsigned char *, int);
-#endif
-
-#ifdef KRB4
-int kerberos4_init (Authenticator *, int);
-int kerberos4_send_mutual (Authenticator *);
-int kerberos4_send_oneway (Authenticator *);
-void kerberos4_is (Authenticator *, unsigned char *, int);
-void kerberos4_reply (Authenticator *, unsigned char *, int);
-int kerberos4_status (Authenticator *, char *, size_t, int);
-void kerberos4_printsub (unsigned char *, int, unsigned char *, int);
-int kerberos4_forward (Authenticator *ap, void *);
-#endif
-
-#ifdef KRB5
-int kerberos5_init (Authenticator *, int);
-int kerberos5_send_mutual (Authenticator *);
-int kerberos5_send_oneway (Authenticator *);
-void kerberos5_is (Authenticator *, unsigned char *, int);
-void kerberos5_reply (Authenticator *, unsigned char *, int);
-int kerberos5_status (Authenticator *, char *, size_t, int);
-void kerberos5_printsub (unsigned char *, int, unsigned char *, int);
-#endif
-#endif
+++ /dev/null
-/* $OpenBSD: auth.c,v 1.2 2009/10/27 23:59:44 deraadt Exp $ */
-
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* "$KTH: auth.c,v 1.23 2000/01/18 03:09:34 assar Exp $" */
-
-#if defined(AUTHENTICATION)
-#include <stdio.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <signal.h>
-#define AUTH_NAMES
-#include <arpa/telnet.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc-proto.h"
-#include "auth-proto.h"
-
-#define typemask(x) (1<<((x)-1))
-
-#ifdef KRB4_ENCPWD
-extern krb4encpwd_init();
-extern krb4encpwd_send();
-extern krb4encpwd_is();
-extern krb4encpwd_reply();
-extern krb4encpwd_status();
-extern krb4encpwd_printsub();
-#endif
-
-#ifdef RSA_ENCPWD
-extern rsaencpwd_init();
-extern rsaencpwd_send();
-extern rsaencpwd_is();
-extern rsaencpwd_reply();
-extern rsaencpwd_status();
-extern rsaencpwd_printsub();
-#endif
-
-int auth_debug_mode = 0;
-int auth_has_failed = 0;
-int auth_enable_encrypt = 0;
-static const char *Name = "Noname";
-static int Server = 0;
-static Authenticator *authenticated = 0;
-static int authenticating = 0;
-static int validuser = 0;
-static unsigned char _auth_send_data[256];
-static unsigned char *auth_send_data;
-static int auth_send_cnt = 0;
-
-/*
- * Authentication types supported. Plese note that these are stored
- * in priority order, i.e. try the first one first.
- */
-Authenticator authenticators[] = {
-#ifdef UNSAFE
- { AUTHTYPE_UNSAFE, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
- unsafe_init,
- unsafe_send,
- unsafe_is,
- unsafe_reply,
- unsafe_status,
- unsafe_printsub },
-#endif
-#ifdef SRA
- { AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
- sra_init,
- sra_send,
- sra_is,
- sra_reply,
- sra_status,
- sra_printsub },
-#endif
-#ifdef SPX
- { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
- spx_init,
- spx_send,
- spx_is,
- spx_reply,
- spx_status,
- spx_printsub },
- { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
- spx_init,
- spx_send,
- spx_is,
- spx_reply,
- spx_status,
- spx_printsub },
-#endif
-#ifdef KRB5
- { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
- kerberos5_init,
- kerberos5_send_mutual,
- kerberos5_is,
- kerberos5_reply,
- kerberos5_status,
- kerberos5_printsub },
- { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
- kerberos5_init,
- kerberos5_send_oneway,
- kerberos5_is,
- kerberos5_reply,
- kerberos5_status,
- kerberos5_printsub },
-#endif
-#ifdef KRB4
- { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
- kerberos4_init,
- kerberos4_send_mutual,
- kerberos4_is,
- kerberos4_reply,
- kerberos4_status,
- kerberos4_printsub },
- { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
- kerberos4_init,
- kerberos4_send_oneway,
- kerberos4_is,
- kerberos4_reply,
- kerberos4_status,
- kerberos4_printsub },
-#endif
-#ifdef KRB4_ENCPWD
- { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
- krb4encpwd_init,
- krb4encpwd_send,
- krb4encpwd_is,
- krb4encpwd_reply,
- krb4encpwd_status,
- krb4encpwd_printsub },
-#endif
-#ifdef RSA_ENCPWD
- { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
- rsaencpwd_init,
- rsaencpwd_send,
- rsaencpwd_is,
- rsaencpwd_reply,
- rsaencpwd_status,
- rsaencpwd_printsub },
-#endif
- { 0, },
-};
-
-static Authenticator NoAuth = { 0 };
-
-static int i_support = 0;
-static int i_wont_support = 0;
-
-Authenticator *
-findauthenticator(int type, int way)
-{
- Authenticator *ap = authenticators;
-
- while (ap->type && (ap->type != type || ap->way != way))
- ++ap;
- return(ap->type ? ap : 0);
-}
-
-void
-auth_init(const char *name, int server)
-{
- Authenticator *ap = authenticators;
-
- Server = server;
- Name = name;
-
- i_support = 0;
- authenticated = 0;
- authenticating = 0;
- while (ap->type) {
- if (!ap->init || (*ap->init)(ap, server)) {
- i_support |= typemask(ap->type);
- if (auth_debug_mode)
- printf(">>>%s: I support auth type %d %d\r\n",
- Name,
- ap->type, ap->way);
- }
- else if (auth_debug_mode)
- printf(">>>%s: Init failed: auth type %d %d\r\n",
- Name, ap->type, ap->way);
- ++ap;
- }
-}
-
-void
-auth_disable_name(char *name)
-{
- int x;
- for (x = 0; x < AUTHTYPE_CNT; ++x) {
- if (!strcasecmp(name, AUTHTYPE_NAME(x))) {
- i_wont_support |= typemask(x);
- break;
- }
- }
-}
-
-int
-getauthmask(char *type, int *maskp)
-{
- int x;
-
- if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
- *maskp = -1;
- return(1);
- }
-
- for (x = 1; x < AUTHTYPE_CNT; ++x) {
- if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
- *maskp = typemask(x);
- return(1);
- }
- }
- return(0);
-}
-
-int
-auth_enable(char *type)
-{
- return(auth_onoff(type, 1));
-}
-
-int
-auth_disable(char *type)
-{
- return(auth_onoff(type, 0));
-}
-
-int
-auth_onoff(char *type, int on)
-{
- int i, mask = -1;
- Authenticator *ap;
-
- if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
- printf("auth %s 'type'\n", on ? "enable" : "disable");
- printf("Where 'type' is one of:\n");
- printf("\t%s\n", AUTHTYPE_NAME(0));
- mask = 0;
- for (ap = authenticators; ap->type; ap++) {
- if ((mask & (i = typemask(ap->type))) != 0)
- continue;
- mask |= i;
- printf("\t%s\n", AUTHTYPE_NAME(ap->type));
- }
- return(0);
- }
-
- if (!getauthmask(type, &mask)) {
- printf("%s: invalid authentication type\n", type);
- return(0);
- }
- if (on)
- i_wont_support &= ~mask;
- else
- i_wont_support |= mask;
- return(1);
-}
-
-int
-auth_togdebug(int on)
-{
- if (on < 0)
- auth_debug_mode ^= 1;
- else
- auth_debug_mode = on;
- printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
- return(1);
-}
-
-int
-auth_status(void)
-{
- Authenticator *ap;
- int i, mask;
-
- if (i_wont_support == -1)
- printf("Authentication disabled\n");
- else
- printf("Authentication enabled\n");
-
- mask = 0;
- for (ap = authenticators; ap->type; ap++) {
- if ((mask & (i = typemask(ap->type))) != 0)
- continue;
- mask |= i;
- printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
- (i_wont_support & typemask(ap->type)) ?
- "disabled" : "enabled");
- }
- return(1);
-}
-
-/*
- * This routine is called by the server to start authentication
- * negotiation.
- */
-void
-auth_request(void)
-{
- static unsigned char str_request[64] = { IAC, SB,
- TELOPT_AUTHENTICATION,
- TELQUAL_SEND, };
- Authenticator *ap = authenticators;
- unsigned char *e = str_request + 4;
-
- if (!authenticating) {
- authenticating = 1;
- while (ap->type) {
- if (i_support & ~i_wont_support & typemask(ap->type)) {
- if (auth_debug_mode) {
- printf(">>>%s: Sending type %d %d\r\n",
- Name, ap->type, ap->way);
- }
- *e++ = ap->type;
- *e++ = ap->way;
- }
- ++ap;
- }
- *e++ = IAC;
- *e++ = SE;
- telnet_net_write(str_request, e - str_request);
- printsub('>', &str_request[2], e - str_request - 2);
- }
-}
-
-/*
- * This is called when an AUTH SEND is received.
- * It should never arrive on the server side (as only the server can
- * send an AUTH SEND).
- * You should probably respond to it if you can...
- *
- * If you want to respond to the types out of order (i.e. even
- * if he sends LOGIN KERBEROS and you support both, you respond
- * with KERBEROS instead of LOGIN (which is against what the
- * protocol says)) you will have to hack this code...
- */
-void
-auth_send(unsigned char *data, int cnt)
-{
- Authenticator *ap;
- static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
- TELQUAL_IS, AUTHTYPE_NULL, 0,
- IAC, SE };
- if (Server) {
- if (auth_debug_mode) {
- printf(">>>%s: auth_send called!\r\n", Name);
- }
- return;
- }
-
- if (auth_debug_mode) {
- printf(">>>%s: auth_send got:", Name);
- printd(data, cnt); printf("\r\n");
- }
-
- /*
- * Save the data, if it is new, so that we can continue looking
- * at it if the authorization we try doesn't work
- */
- if (data < _auth_send_data ||
- data > _auth_send_data + sizeof(_auth_send_data)) {
- auth_send_cnt = cnt > sizeof(_auth_send_data)
- ? sizeof(_auth_send_data)
- : cnt;
- memmove(_auth_send_data, data, auth_send_cnt);
- auth_send_data = _auth_send_data;
- } else {
- /*
- * This is probably a no-op, but we just make sure
- */
- auth_send_data = data;
- auth_send_cnt = cnt;
- }
- while ((auth_send_cnt -= 2) >= 0) {
- if (auth_debug_mode)
- printf(">>>%s: He supports %d\r\n",
- Name, *auth_send_data);
- if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
- ap = findauthenticator(auth_send_data[0],
- auth_send_data[1]);
- if (ap && ap->send) {
- if (auth_debug_mode)
- printf(">>>%s: Trying %d %d\r\n",
- Name, auth_send_data[0],
- auth_send_data[1]);
- if ((*ap->send)(ap)) {
- /*
- * Okay, we found one we like
- * and did it.
- * we can go home now.
- */
- if (auth_debug_mode)
- printf(">>>%s: Using type %d\r\n",
- Name, *auth_send_data);
- auth_send_data += 2;
- return;
- }
- }
- /* else
- * just continue on and look for the
- * next one if we didn't do anything.
- */
- }
- auth_send_data += 2;
- }
- telnet_net_write(str_none, sizeof(str_none));
- printsub('>', &str_none[2], sizeof(str_none) - 2);
- if (auth_debug_mode)
- printf(">>>%s: Sent failure message\r\n", Name);
- auth_finished(0, AUTH_REJECT);
- auth_has_failed = 1;
-#ifdef KANNAN
- /*
- * We requested strong authentication, however no mechanisms worked.
- * Therefore, exit on client end.
- */
- printf("Unable to securely authenticate user ... exit\n");
- exit(0);
-#endif /* KANNAN */
-}
-
-void
-auth_send_retry(void)
-{
- /*
- * if auth_send_cnt <= 0 then auth_send will end up rejecting
- * the authentication and informing the other side of this.
- */
- auth_send(auth_send_data, auth_send_cnt);
-}
-
-void
-auth_is(unsigned char *data, int cnt)
-{
- Authenticator *ap;
-
- if (cnt < 2)
- return;
-
- if (data[0] == AUTHTYPE_NULL) {
- auth_finished(0, AUTH_REJECT);
- return;
- }
-
- if ((ap = findauthenticator(data[0], data[1]))) {
- if (ap->is)
- (*ap->is)(ap, data+2, cnt-2);
- } else if (auth_debug_mode)
- printf(">>>%s: Invalid authentication in IS: %d\r\n",
- Name, *data);
-}
-
-void
-auth_reply(unsigned char *data, int cnt)
-{
- Authenticator *ap;
-
- if (cnt < 2)
- return;
-
- if ((ap = findauthenticator(data[0], data[1]))) {
- if (ap->reply)
- (*ap->reply)(ap, data+2, cnt-2);
- } else if (auth_debug_mode)
- printf(">>>%s: Invalid authentication in SEND: %d\r\n",
- Name, *data);
-}
-
-void
-auth_name(unsigned char *data, int cnt)
-{
- char savename[256];
-
- if (cnt < 1) {
- if (auth_debug_mode)
- printf(">>>%s: Empty name in NAME\r\n", Name);
- return;
- }
- if (cnt > sizeof(savename) - 1) {
- if (auth_debug_mode)
- printf(">>>%s: Name in NAME (%d) exceeds %lu length\r\n",
- Name, cnt, (unsigned long)(sizeof(savename)-1));
- return;
- }
- memmove(savename, data, cnt);
- savename[cnt] = '\0'; /* Null terminate */
- if (auth_debug_mode)
- printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
- auth_encrypt_user(savename);
-}
-
-int
-auth_sendname(unsigned char *cp, int len)
-{
- static unsigned char str_request[256+6]
- = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
- unsigned char *e = str_request + 4;
- unsigned char *ee = &str_request[sizeof(str_request)-2];
-
- while (--len >= 0) {
- if ((*e++ = *cp++) == IAC)
- *e++ = IAC;
- if (e >= ee)
- return(0);
- }
- *e++ = IAC;
- *e++ = SE;
- telnet_net_write(str_request, e - str_request);
- printsub('>', &str_request[2], e - &str_request[2]);
- return(1);
-}
-
-void
-auth_finished(Authenticator *ap, int result)
-{
- if (!(authenticated = ap))
- authenticated = &NoAuth;
- validuser = result;
-}
-
-/* ARGSUSED */
-static void
-auth_intr(int sig)
-{
- auth_finished(0, AUTH_REJECT);
-}
-
-int
-auth_wait(char *name, size_t name_sz)
-{
- if (auth_debug_mode)
- printf(">>>%s: in auth_wait.\r\n", Name);
-
- if (Server && !authenticating)
- return(0);
-
- signal(SIGALRM, auth_intr);
- alarm(30);
- while (!authenticated)
- if (telnet_spin())
- break;
- alarm(0);
- signal(SIGALRM, SIG_DFL);
-
- /*
- * Now check to see if the user is valid or not
- */
- if (!authenticated || authenticated == &NoAuth)
- return(AUTH_REJECT);
-
- if (validuser == AUTH_VALID)
- validuser = AUTH_USER;
-
- if (authenticated->status)
- validuser = (*authenticated->status)(authenticated,
- name, name_sz,
- validuser);
- return(validuser);
-}
-
-void
-auth_debug(int mode)
-{
- auth_debug_mode = mode;
-}
-
-void
-auth_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
- Authenticator *ap;
-
- if ((ap = findauthenticator(data[1], data[2])) && ap->printsub)
- (*ap->printsub)(data, cnt, buf, buflen);
- else
- auth_gen_printsub(data, cnt, buf, buflen);
-}
-
-void
-auth_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
- unsigned char *cp;
- unsigned char tbuf[16];
-
- cnt -= 3;
- data += 3;
- buf[buflen-1] = '\0';
- buf[buflen-2] = '*';
- buflen -= 2;
- for (; cnt > 0; cnt--, data++) {
- snprintf(tbuf, sizeof(tbuf), " %d", *data);
- for (cp = tbuf; *cp && buflen > 0; --buflen)
- *buf++ = *cp++;
- if (buflen <= 0)
- return;
- }
- *buf = '\0';
-}
-#endif
+++ /dev/null
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * from: @(#)auth.h 8.1 (Berkeley) 6/4/93
- * $OpenBSD: auth.h,v 1.1 2005/05/24 03:41:58 deraadt Exp $
- * $NetBSD: auth.h,v 1.5 1996/02/24 01:15:18 jtk Exp $
- */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $KTH: auth.h,v 1.4 1998/06/09 19:24:41 joda Exp $ */
-
-#ifndef __AUTH__
-#define __AUTH__
-
-#define AUTH_REJECT 0 /* Rejected */
-#define AUTH_UNKNOWN 1 /* We don't know who he is, but he's okay */
-#define AUTH_OTHER 2 /* We know him, but not his name */
-#define AUTH_USER 3 /* We know he name */
-#define AUTH_VALID 4 /* We know him, and he needs no password */
-
-typedef struct XauthP {
- int type;
- int way;
- int (*init) (struct XauthP *, int);
- int (*send) (struct XauthP *);
- void (*is) (struct XauthP *, unsigned char *, int);
- void (*reply) (struct XauthP *, unsigned char *, int);
- int (*status) (struct XauthP *, char *, size_t, int);
- void (*printsub) (unsigned char *, int, unsigned char *, int);
-} Authenticator;
-
-#include "auth-proto.h"
-
-extern int auth_debug_mode;
-#endif
+++ /dev/null
-/* $OpenBSD: authenc.c,v 1.7 2005/02/27 15:46:42 otto Exp $ */
-/* $NetBSD: authenc.c,v 1.5 1996/02/28 21:03:52 thorpej Exp $ */
-
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
-RCSID("$Id: authenc.c,v 1.7 2005/02/27 15:46:42 otto Exp $");
-*/
-
-#include "telnet_locl.h"
-
-#if defined(AUTHENTICATION) || defined(ENCRYPTION)
-
- int
-telnet_net_write(str, len)
- unsigned char *str;
- int len;
-{
- if (NETROOM() > len) {
- ring_supply_data(&netoring, str, len);
- if (str[0] == IAC && str[1] == SE)
- printsub('>', &str[2], len-2);
- return(len);
- }
- return(0);
-}
-
- void
-net_encrypt()
-{
-#if defined(ENCRYPTION)
- if (encrypt_output)
- ring_encrypt(&netoring, encrypt_output);
- else
- ring_clearto(&netoring);
-#endif
-}
-
- int
-telnet_spin()
-{
- extern int scheduler_lockout_tty;
-
- scheduler_lockout_tty = 1;
- Scheduler(0);
- scheduler_lockout_tty = 0;
-
- return 0;
-
-}
-
- char *
-telnet_getenv(val)
- const char *val;
-{
- return((char *)env_getvalue((unsigned char *)val, 0));
-}
-
- char *
-telnet_gets(prompt, result, length, echo)
- char *prompt;
- char *result;
- int length;
- int echo;
-{
- extern char *getpass();
- extern int globalmode;
- int om = globalmode;
- char *res;
-
- TerminalNewMode(-1);
- if (echo) {
- printf("%s", prompt);
- res = fgets(result, length, stdin);
- } else if ((res = getpass(prompt))) {
- strncpy(result, res, length);
- res = result;
- }
- TerminalNewMode(om);
- return(res);
-}
-#endif /* defined(AUTHENTICATION) */
-/* $OpenBSD: commands.c,v 1.55 2013/10/26 21:33:29 sthen Exp $ */
+/* $OpenBSD: commands.c,v 1.56 2014/07/19 23:50:38 guenther Exp $ */
/* $NetBSD: commands.c,v 1.14 1996/03/24 22:03:48 jtk Exp $ */
/*
#include "telnet_locl.h"
#include <err.h>
-#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
-#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
char *hostname;
static int
togdebug()
{
-#ifndef NOT43
if (net > 0 &&
- (SetSockOpt(net, SOL_SOCKET, SO_DEBUG, debug)) < 0) {
+ (setsockopt(net, SOL_SOCKET, SO_DEBUG, &debug, sizeof(debug))) == -1) {
perror("setsockopt (SO_DEBUG)");
}
-#else /* NOT43 */
- if (debug) {
- if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0)
- perror("setsockopt (SO_DEBUG)");
- } else
- printf("Cannot turn off socket debugging\r\n");
-#endif /* NOT43 */
return 1;
}
static int togglehelp(void);
-#if defined(AUTHENTICATION)
-extern int auth_togdebug(int);
-#endif
-#if defined(ENCRYPTION)
-extern int EncryptAutoEnc(int);
-extern int EncryptAutoDec(int);
-extern int EncryptDebug(int);
-extern int EncryptVerbose(int);
-#endif
-
struct togglelist {
char *name; /* name of toggle */
0,
&autosynch,
"send interrupt characters in urgent mode" },
-#if defined(AUTHENTICATION)
{ "autologin",
"automatic sending of login and/or authentication info",
0,
&autologin,
"send login name and/or authentication information" },
- { "authdebug",
- "Toggle authentication debugging",
- auth_togdebug,
- 0,
- "print authentication debugging information" },
-#endif
-#if defined(ENCRYPTION)
- { "autoencrypt",
- "automatic encryption of data stream",
- EncryptAutoEnc,
- 0,
- "automatically encrypt output" },
- { "autodecrypt",
- "automatic decryption of data stream",
- EncryptAutoDec,
- 0,
- "automatically decrypt input" },
- { "verbose_encrypt",
- "Toggle verbose encryption output",
- EncryptVerbose,
- 0,
- "print verbose encryption output" },
- { "encdebug",
- "Toggle encryption debugging",
- EncryptDebug,
- 0,
- "print encryption debugging information" },
-#endif
{ "skiprc",
"don't read ~/.telnetrc file",
0,
&localchars,
"recognize certain control characters" },
{ " ", "", 0, 0 }, /* empty line */
-#if defined(unix) && defined(TN3270)
- { "apitrace",
- "(debugging) toggle tracing of API transactions",
- 0,
- &apitrace,
- "trace API transactions", 0 },
- { "cursesdata",
- "(debugging) toggle printing of hexadecimal curses data",
- 0,
- &cursesdata,
- "print hexadecimal representation of curses data", 0 },
-#endif /* defined(unix) && defined(TN3270) */
{ "debug",
"debugging",
togdebug,
0,
&showoptions,
"show option processing" },
-#if defined(unix)
{ "termdata",
"(debugging) toggle printing of hexadecimal terminal data",
0,
&termdata,
"print hexadecimal representation of terminal traffic" },
-#endif /* defined(unix) */
{ "?",
0,
togglehelp },
* The following perform the "set" command.
*/
-#ifdef USE_TERMIO
struct termios new_tc = { 0 };
-#endif
struct setlist {
char *name; /* name */
}
}
/*@*/optionstatus();
-#if defined(ENCRYPTION)
- EncryptStatus();
-#endif
return 1;
#undef doset
#undef dotog
}
if (arg[0] != '\0')
escape = arg[0];
- if (!In3270) {
- printf("Escape character is '%s'.\r\n", control(escape));
- }
+ printf("Escape character is '%s'.\r\n", control(escape));
(void) fflush(stdout);
return 1;
}
return 1;
}
-#if !defined(TN3270)
/*ARGSUSED*/
int
shell(argc, argv)
}
return 1;
}
-#else /* !defined(TN3270) */
-extern int shell();
-#endif /* !defined(TN3270) */
/*VARARGS*/
static int
(void) NetClose(net);
connected = 0;
resettermname = 1;
-#if defined(AUTHENTICATION) || defined(ENCRYPTION)
- auth_encrypt_connect(connected);
-#endif /* defined(AUTHENTICATION) */
/* reset options */
tninit();
-#if defined(TN3270)
- SetIn3270(); /* Get out of 3270 mode */
-#endif /* defined(TN3270) */
}
if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0)) {
longjmp(toplevel, 1);
{ "send", "Send an environment variable", env_send, 1 },
{ "list", "List the current environment variables",
env_list, 0 },
-#if defined(OLD_ENVIRON) && defined(ENV_HACK)
- { "varval", "Reverse VAR and VALUE (auto, right, wrong, status)",
- env_varval, 1 },
-#endif
{ "help", 0, env_help, 0 },
{ "?", "Print help information", env_help, 0 },
{ 0 },
struct env_lst *ep;
if (my_state_is_wont(TELOPT_NEW_ENVIRON)
-#ifdef OLD_ENVIRON
- && my_state_is_wont(TELOPT_OLD_ENVIRON)
-#endif
) {
fprintf(stderr,
"Cannot send '%s': Telnet ENVIRON option not enabled\r\n",
return(NULL);
}
-#if defined(OLD_ENVIRON) && defined(ENV_HACK)
- void
-env_varval(what)
- unsigned char *what;
-{
- extern int old_env_var, old_env_value, env_auto;
- int len = strlen((char *)what);
-
- if (len == 0)
- goto unknown;
-
- if (strncasecmp((char *)what, "status", len) == 0) {
- if (env_auto)
- printf("%s%s", "VAR and VALUE are/will be ",
- "determined automatically\r\n");
- if (old_env_var == OLD_ENV_VAR)
- printf("VAR and VALUE set to correct definitions\r\n");
- else
- printf("VAR and VALUE definitions are reversed\r\n");
- } else if (strncasecmp((char *)what, "auto", len) == 0) {
- env_auto = 1;
- old_env_var = OLD_ENV_VALUE;
- old_env_value = OLD_ENV_VAR;
- } else if (strncasecmp((char *)what, "right", len) == 0) {
- env_auto = 0;
- old_env_var = OLD_ENV_VAR;
- old_env_value = OLD_ENV_VALUE;
- } else if (strncasecmp((char *)what, "wrong", len) == 0) {
- env_auto = 0;
- old_env_var = OLD_ENV_VALUE;
- old_env_value = OLD_ENV_VAR;
- } else {
-unknown:
- printf("Unknown \"varval\" command. (\"auto\", \"right\", \"wrong\", \"status\")\r\n");
- }
-}
-#endif
-
-#if defined(AUTHENTICATION)
-/*
- * The AUTHENTICATE command.
- */
-
-struct authlist {
- char *name;
- char *help;
- int (*handler)();
- int narg;
-};
-
-static int
- auth_help(void);
-
-struct authlist AuthList[] = {
- { "status", "Display current status of authentication information",
- auth_status, 0 },
- { "disable", "Disable an authentication type ('auth disable ?' for more)",
- auth_disable, 1 },
- { "enable", "Enable an authentication type ('auth enable ?' for more)",
- auth_enable, 1 },
- { "help", 0, auth_help, 0 },
- { "?", "Print help information", auth_help, 0 },
- { 0 },
-};
-
- static int
-auth_help()
-{
- struct authlist *c;
-
- for (c = AuthList; c->name; c++) {
- if (c->help) {
- if (*c->help)
- printf("%-15s %s\r\n", c->name, c->help);
- else
- printf("\r\n");
- }
- }
- return 0;
-}
-
- int
-auth_cmd(argc, argv)
- int argc;
- char *argv[];
-{
- struct authlist *c;
-
- if (argc < 2) {
- fprintf(stderr,
- "Need an argument to 'auth' command. 'auth ?' for help.\r\n");
- return 0;
- }
-
- c = (struct authlist *)
- genget(argv[1], (char **) AuthList, sizeof(struct authlist));
- if (c == 0) {
- fprintf(stderr, "'%s': unknown argument ('auth ?' for help).\r\n",
- argv[1]);
- return 0;
- }
- if (Ambiguous(c)) {
- fprintf(stderr, "'%s': ambiguous argument ('auth ?' for help).\r\n",
- argv[1]);
- return 0;
- }
- if (c->narg + 2 != argc) {
- fprintf(stderr,
- "Need %s%d argument%s to 'auth %s' command. 'auth ?' for help.\r\n",
- c->narg < argc + 2 ? "only " : "",
- c->narg, c->narg == 1 ? "" : "s", c->name);
- return 0;
- }
- return((*c->handler)(argv[2], argv[3]));
-}
-#endif
-
-#if defined(ENCRYPTION)
-/*
- * The ENCRYPT command.
- */
-
-struct encryptlist {
- char *name;
- char *help;
- int (*handler)();
- int needconnect;
- int minarg;
- int maxarg;
-};
-
-static int
- EncryptHelp (void);
-
-struct encryptlist EncryptList[] = {
- { "enable", "Enable encryption. ('encrypt enable ?' for more)",
- EncryptEnable, 1, 1, 2 },
- { "disable", "Disable encryption. ('encrypt enable ?' for more)",
- EncryptDisable, 0, 1, 2 },
- { "type", "Set encryption type. ('encrypt type ?' for more)",
- EncryptType, 0, 1, 1 },
- { "start", "Start encryption. ('encrypt start ?' for more)",
- EncryptStart, 1, 0, 1 },
- { "stop", "Stop encryption. ('encrypt stop ?' for more)",
- EncryptStop, 1, 0, 1 },
- { "input", "Start encrypting the input stream",
- EncryptStartInput, 1, 0, 0 },
- { "-input", "Stop encrypting the input stream",
- EncryptStopInput, 1, 0, 0 },
- { "output", "Start encrypting the output stream",
- EncryptStartOutput, 1, 0, 0 },
- { "-output", "Stop encrypting the output stream",
- EncryptStopOutput, 1, 0, 0 },
-
- { "status", "Display current status of authentication information",
- EncryptStatus, 0, 0, 0 },
- { "help", 0, EncryptHelp, 0, 0, 0 },
- { "?", "Print help information", EncryptHelp, 0, 0, 0 },
- { 0 },
-};
-
-static int
-EncryptHelp()
-{
- struct encryptlist *c;
-
- for (c = EncryptList; c->name; c++) {
- if (c->help) {
- if (*c->help)
- printf("%-15s %s\r\n", c->name, c->help);
- else
- printf("\r\n");
- }
- }
- return 0;
-}
-
-static int
-encrypt_cmd(int argc, char **argv)
-{
- struct encryptlist *c;
-
- if (argc < 2) {
- fprintf(stderr, "Need at least one argument for 'encrypt' command.\n");
- fprintf(stderr, "('encrypt ?' for help)\n");
- return 0;
- }
-
- c = (struct encryptlist *)
- genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist));
- if (c == 0) {
- fprintf(stderr, "'%s': unknown argument ('encrypt ?' for help).\r\n",
- argv[1]);
- return 0;
- }
- if (Ambiguous(c)) {
- fprintf(stderr, "'%s': ambiguous argument ('encrypt ?' for help).\r\n",
- argv[1]);
- return 0;
- }
- argc -= 2;
- if (argc < c->minarg || argc > c->maxarg) {
- if (c->minarg == c->maxarg) {
- fprintf(stderr, "Need %s%d argument%s ",
- c->minarg < argc ? "only " : "", c->minarg,
- c->minarg == 1 ? "" : "s");
- } else {
- fprintf(stderr, "Need %s%d-%d arguments ",
- c->maxarg < argc ? "only " : "", c->minarg, c->maxarg);
- }
- fprintf(stderr, "to 'encrypt %s' command. 'encrypt ?' for help.\r\n",
- c->name);
- return 0;
- }
- if (c->needconnect && !connected) {
- if (!(argc && (isprefix(argv[2], "help") || isprefix(argv[2], "?")))) {
- printf("?Need to be connected first.\r\n");
- return 0;
- }
- }
- return ((*c->handler)(argc > 0 ? argv[2] : 0,
- argc > 1 ? argv[3] : 0,
- argc > 2 ? argv[4] : 0));
-}
-#endif
-
-#if defined(unix) && defined(TN3270)
- static void
-filestuff(fd)
- int fd;
-{
- int res;
-
-#ifdef F_GETOWN
- setconnmode(0);
- res = fcntl(fd, F_GETOWN, 0);
- setcommandmode();
-
- if (res == -1) {
- perror("fcntl");
- return;
- }
- printf("\tOwner is %d.\r\n", res);
-#endif
-
- setconnmode(0);
- res = fcntl(fd, F_GETFL, 0);
- setcommandmode();
-
- if (res == -1) {
- perror("fcntl");
- return;
- }
-#ifdef notdef
- printf("\tFlags are 0x%x: %s\r\n", res, decodeflags(res));
-#endif
-}
-#endif /* defined(unix) && defined(TN3270) */
-
/*
* Print status about the connection.
*/
printf("%s character echo\r\n", (mode&MODE_ECHO) ? "Local" : "Remote");
if (my_want_state_is_will(TELOPT_LFLOW))
printf("%s flow control\r\n", (mode&MODE_FLOW) ? "Local" : "No");
-#if defined(ENCRYPTION)
- encrypt_display();
-#endif
}
} else {
printf("No connection.\r\n");
}
-# if !defined(TN3270)
printf("Escape character is '%s'.\r\n", control(escape));
(void) fflush(stdout);
-# else /* !defined(TN3270) */
- if ((!In3270) && ((argc < 2) || strcmp(argv[1], "notmuch"))) {
- printf("Escape character is '%s'.\r\n", control(escape));
- }
-# if defined(unix)
- if ((argc >= 2) && !strcmp(argv[1], "everything")) {
- printf("SIGIO received %d time%s.\r\n",
- sigiocount, (sigiocount == 1)? "":"s");
- if (In3270) {
- printf("Process ID %ld, process group %ld.\r\n",
- (long)getpid(), (long)getpgrp());
- printf("Terminal input:\r\n");
- filestuff(tin);
- printf("Terminal output:\r\n");
- filestuff(tout);
- printf("Network socket:\r\n");
- filestuff(net);
- }
- }
- if (In3270 && transcom) {
- printf("Transparent mode command is '%s'.\r\n", transcom);
- }
-# endif /* defined(unix) */
- (void) fflush(stdout);
- if (In3270) {
- return 0;
- }
-# endif /* defined(TN3270) */
fflush(stdout);
return 1;
}
struct sockaddr_in sin;
unsigned long temp;
extern char *inet_ntoa();
-#if defined(IP_OPTIONS) && defined(IPPROTO_IP)
char *srp = 0;
int srlen;
-#endif
char *cmd, *hostp = 0, *portp = 0, *user = 0, *aliasp = 0;
int retry;
const int niflags = NI_NUMERICHOST;
continue;
}
usage:
- printf("usage: %s [-l user] [-a] host-name [port]\r\n", cmd);
+ printf("usage: %s [-a] [-b hostalias] [-l user] host-name [port]\r\n", cmd);
return 0;
}
if (hostp == 0)
goto usage;
-#if defined(IP_OPTIONS) && defined(IPPROTO_IP)
if (hostp[0] == '@' || hostp[0] == '!') {
if ((hostname = strrchr(hostp, ':')) == NULL)
hostname = strrchr(hostp, '@');
abort();
}
} else
-#endif
{
hostname = hostp;
memset(&hints, 0, sizeof(hints));
}
freeaddrinfo(ares);
}
-#if defined(IP_OPTIONS) && defined(IPPROTO_IP)
if (srp && res->ai_family == AF_INET
- && setsockopt(net, IPPROTO_IP, IP_OPTIONS, (char *)srp, srlen) < 0)
+ && setsockopt(net, IPPROTO_IP, IP_OPTIONS, srp, srlen) < 0)
perror("setsockopt (IP_OPTIONS)");
-#endif
-#if defined(IPPROTO_IP) && defined(IP_TOS)
if (res->ai_family == AF_INET) {
-# if defined(HAS_GETTOS)
- struct tosent *tp;
- if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
- tos = tp->t_tos;
-# endif
if (tos < 0)
tos = IPTOS_LOWDELAY; /* Low Delay bit */
if (tos
- && (setsockopt(net, IPPROTO_IP, IP_TOS,
- (void *)&tos, sizeof(int)) < 0)
+ && (setsockopt(net, IPPROTO_IP, IP_TOS, &tos, sizeof(int)) < 0)
&& (errno != ENOPROTOOPT))
perror("telnet: setsockopt (IP_TOS) (ignored)");
}
-#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
- if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) {
- perror("setsockopt (SO_DEBUG)");
+ if (debug) {
+ int one = 1;
+
+ if (setsockopt(net, SOL_SOCKET, SO_DEBUG, &one,
+ sizeof(one)) < 0)
+ perror("setsockopt (SO_DEBUG)");
}
if (connect(net, res->ai_addr, res->ai_addrlen) < 0) {
}
connected++;
-#if defined(AUTHENTICATION) || defined(ENCRYPTION)
- auth_encrypt_connect(connected);
-#endif /* defined(AUTHENTICATION) */
break;
}
freeaddrinfo(res0);
togglestring[] ="toggle operating parameters ('toggle ?' for more)",
slchelp[] = "change state of special charaters ('slc ?' for more)",
displayhelp[] = "display operating parameters",
-#if defined(TN3270) && defined(unix)
- transcomhelp[] = "specify Unix command for transparent mode pipe",
-#endif /* defined(TN3270) && defined(unix) */
-#if defined(AUTHENTICATION)
- authhelp[] = "turn on (off) authentication ('auth ?' for more)",
-#endif
-#if defined(ENCRYPTION)
- encrypthelp[] = "turn on (off) encryption ('encrypt ?' for more)",
-#endif
zhelp[] = "suspend telnet",
#ifdef SKEY
skeyhelp[] = "compute response to s/key challenge",
{ "status", statushelp, status, 0 },
{ "toggle", togglestring, toggle, 0 },
{ "slc", slchelp, slccmd, 0 },
-#if defined(TN3270) && defined(unix)
- { "transcom", transcomhelp, settranscom, 0 },
-#endif /* defined(TN3270) && defined(unix) */
-#if defined(AUTHENTICATION)
- { "auth", authhelp, auth_cmd, 0 },
-#endif
-#if defined(ENCRYPTION)
- { "encrypt", encrypthelp, encrypt_cmd, 0 },
-#endif
{ "z", zhelp, telnetsuspend, 0 },
-#if defined(TN3270)
- { "!", shellhelp, shell, 1 },
-#else
{ "!", shellhelp, shell, 0 },
-#endif
{ "environ", envhelp, env_cmd, 0 },
{ "?", helphelp, help, 0 },
#if defined(SKEY)
setcommandmode();
if (!top) {
putchar('\n');
-#if defined(unix)
} else {
(void) signal(SIGINT, SIG_DFL);
(void) signal(SIGQUIT, SIG_DFL);
-#endif /* defined(unix) */
}
for (;;) {
if (rlogin == _POSIX_VDISABLE)
longjmp(toplevel, 1);
/*NOTREACHED*/
}
-#if defined(TN3270)
- if (shell_active == 0) {
- setconnmode(0);
- }
-#else /* defined(TN3270) */
setconnmode(0);
-#endif /* defined(TN3270) */
}
}
\f
return 0;
}
-#if defined(IP_OPTIONS) && defined(IPPROTO_IP)
-
/*
* Source route is handed in as
* [!]@hop1@hop2...[@|:]dst
int *lenp;
{
static char lsr[44];
-#ifdef sysV88
- static IOPTN ipopt;
-#endif
char *cp, *cp2, *lsrp, *lsrep;
int tmp;
struct in_addr sin_addr;
* route or a strict source route, and fill in
* the begining of the option.
*/
-#ifndef sysV88
if (*cp == '!') {
cp++;
*lsrp++ = IPOPT_SSRR;
} else
*lsrp++ = IPOPT_LSRR;
-#else
- if (*cp == '!') {
- cp++;
- ipopt.io_type = IPOPT_SSRR;
- } else
- ipopt.io_type = IPOPT_LSRR;
-#endif
if (*cp != '@')
return((unsigned long)-1);
-#ifndef sysV88
lsrp++; /* skip over length, we'll fill it in later */
*lsrp++ = 4;
-#endif
cp++;
if ((tmp = inet_addr(cp)) != -1) {
sin_addr.s_addr = tmp;
} else if ((host = gethostbyname(cp))) {
-#if defined(h_addr)
memmove((caddr_t)&sin_addr,
host->h_addr_list[0],
sizeof(sin_addr));
-#else
- memmove((caddr_t)&sin_addr, host->h_addr,
- sizeof(sin_addr));
-#endif
} else {
*cpp = cp;
return(0);
if (lsrp + 4 > lsrep)
return((unsigned long)-1);
}
-#ifndef sysV88
if ((*(*cpp+IPOPT_OLEN) = lsrp - *cpp) <= 7) {
*cpp = 0;
*lenp = 0;
}
*lsrp++ = IPOPT_NOP; /* 32 bit word align it */
*lenp = lsrp - *cpp;
-#else
- ipopt.io_len = lsrp - *cpp;
- if (ipopt.io_len <= 5) { /* Is 3 better ? */
- *cpp = 0;
- *lenp = 0;
- return((unsigned long)-1);
- }
- *lenp = sizeof(ipopt);
- *cpp = (char *) &ipopt;
-#endif
return(sin_addr.s_addr);
}
-#endif
-/* $OpenBSD: defines.h,v 1.7 2003/06/11 23:31:51 deraadt Exp $ */
+/* $OpenBSD: defines.h,v 1.8 2014/07/19 23:50:38 guenther Exp $ */
/* $NetBSD: defines.h,v 1.5 1996/02/28 21:03:55 thorpej Exp $ */
/*
* from: @(#)defines.h 8.1 (Berkeley) 6/6/93
*/
-#define settimer(x) clocks.x = clocks.system++
-
-#if !defined(TN3270)
+typedef struct {
+ int
+ system, /* what the current time is */
+ echotoggle, /* last time user entered echo character */
+ modenegotiated; /* last time operating mode negotiated */
+} Clocks;
-#define SetIn3270()
+extern Clocks clocks;
-#endif /* !defined(TN3270) */
+#define settimer(x) clocks.x = clocks.system++
#define NETADD(c) { *netoring.supply = c; ring_supplied(&netoring, 1); }
#define NET2ADD(c1,c2) { NETADD(c1); NETADD(c2); }
#define MODE_OUT8 0x8000 /* binary mode sans -opost */
void upcase(char *);
-
+++ /dev/null
-/*
- * Copyright (c) 1989, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)defs.h 8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Telnet server defines
- */
-
-#ifndef __DEFS_H__
-#define __DEFS_H__
-
-#if defined(PRINTOPTIONS) && defined(DIAGNOSTICS)
-#define TELOPTS
-#define TELCMDS
-#define SLC_NAMES
-#endif
-
-#if !defined(TIOCSCTTY) && defined(TCSETCTTY)
-# define TIOCSCTTY TCSETCTTY
-#endif
-
-#ifndef TIOCPKT_FLUSHWRITE
-#define TIOCPKT_FLUSHWRITE 0x02
-#endif
-
-#ifndef TIOCPKT_NOSTOP
-#define TIOCPKT_NOSTOP 0x10
-#endif
-
-#ifndef TIOCPKT_DOSTOP
-#define TIOCPKT_DOSTOP 0x20
-#endif
-
-/*
- * I/O data buffers defines
- */
-#define NETSLOP 4096
-#ifdef _CRAY
-#undef BUFSIZ
-#define BUFSIZ 2048
-#endif
-
-#define NIACCUM(c) { *netip++ = c; \
- ncc++; \
- }
-
-/* clock manipulations */
-#define settimer(x) (clocks.x = ++clocks.system)
-#define sequenceIs(x,y) (clocks.x < clocks.y)
-
-/*
- * Structures of information for each special character function.
- */
-typedef struct {
- unsigned char flag; /* the flags for this function */
- cc_t val; /* the value of the special character */
-} slcent, *Slcent;
-
-typedef struct {
- slcent defset; /* the default settings */
- slcent current; /* the current settings */
- cc_t *sptr; /* a pointer to the char in */
- /* system data structures */
-} slcfun, *Slcfun;
-
-#ifdef DIAGNOSTICS
-/*
- * Diagnostics capabilities
- */
-#define TD_REPORT 0x01 /* Report operations to client */
-#define TD_EXERCISE 0x02 /* Exercise client's implementation */
-#define TD_NETDATA 0x04 /* Display received data stream */
-#define TD_PTYDATA 0x08 /* Display data passed to pty */
-#define TD_OPTIONS 0x10 /* Report just telnet options */
-#endif /* DIAGNOSTICS */
-
-/*
- * We keep track of each side of the option negotiation.
- */
-
-#define MY_STATE_WILL 0x01
-#define MY_WANT_STATE_WILL 0x02
-#define MY_STATE_DO 0x04
-#define MY_WANT_STATE_DO 0x08
-
-/*
- * Macros to check the current state of things
- */
-
-#define my_state_is_do(opt) (options[opt]&MY_STATE_DO)
-#define my_state_is_will(opt) (options[opt]&MY_STATE_WILL)
-#define my_want_state_is_do(opt) (options[opt]&MY_WANT_STATE_DO)
-#define my_want_state_is_will(opt) (options[opt]&MY_WANT_STATE_WILL)
-
-#define my_state_is_dont(opt) (!my_state_is_do(opt))
-#define my_state_is_wont(opt) (!my_state_is_will(opt))
-#define my_want_state_is_dont(opt) (!my_want_state_is_do(opt))
-#define my_want_state_is_wont(opt) (!my_want_state_is_will(opt))
-
-#define set_my_state_do(opt) (options[opt] |= MY_STATE_DO)
-#define set_my_state_will(opt) (options[opt] |= MY_STATE_WILL)
-#define set_my_want_state_do(opt) (options[opt] |= MY_WANT_STATE_DO)
-#define set_my_want_state_will(opt) (options[opt] |= MY_WANT_STATE_WILL)
-
-#define set_my_state_dont(opt) (options[opt] &= ~MY_STATE_DO)
-#define set_my_state_wont(opt) (options[opt] &= ~MY_STATE_WILL)
-#define set_my_want_state_dont(opt) (options[opt] &= ~MY_WANT_STATE_DO)
-#define set_my_want_state_wont(opt) (options[opt] &= ~MY_WANT_STATE_WILL)
-
-/*
- * Tricky code here. What we want to know is if the MY_STATE_WILL
- * and MY_WANT_STATE_WILL bits have the same value. Since the two
- * bits are adjacent, a little arithmetic will show that by adding
- * in the lower bit, the upper bit will be set if the two bits were
- * different, and clear if they were the same.
- */
-#define my_will_wont_is_changing(opt) \
- ((options[opt]+MY_STATE_WILL) & MY_WANT_STATE_WILL)
-
-#define my_do_dont_is_changing(opt) \
- ((options[opt]+MY_STATE_DO) & MY_WANT_STATE_DO)
-
-/*
- * Make everything symmetrical
- */
-
-#define HIS_STATE_WILL MY_STATE_DO
-#define HIS_WANT_STATE_WILL MY_WANT_STATE_DO
-#define HIS_STATE_DO MY_STATE_WILL
-#define HIS_WANT_STATE_DO MY_WANT_STATE_WILL
-
-#define his_state_is_do my_state_is_will
-#define his_state_is_will my_state_is_do
-#define his_want_state_is_do my_want_state_is_will
-#define his_want_state_is_will my_want_state_is_do
-
-#define his_state_is_dont my_state_is_wont
-#define his_state_is_wont my_state_is_dont
-#define his_want_state_is_dont my_want_state_is_wont
-#define his_want_state_is_wont my_want_state_is_dont
-
-#define set_his_state_do set_my_state_will
-#define set_his_state_will set_my_state_do
-#define set_his_want_state_do set_my_want_state_will
-#define set_his_want_state_will set_my_want_state_do
-
-#define set_his_state_dont set_my_state_wont
-#define set_his_state_wont set_my_state_dont
-#define set_his_want_state_dont set_my_want_state_wont
-#define set_his_want_state_wont set_my_want_state_dont
-
-#define his_will_wont_is_changing my_do_dont_is_changing
-#define his_do_dont_is_changing my_will_wont_is_changing
-
-#endif /* __DEFS_H__ */
+++ /dev/null
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)enc-proto.h 8.1 (Berkeley) 6/4/93
- *
- * @(#)enc-proto.h 5.2 (Berkeley) 3/22/91
- */
-
- /*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $KTH: enc-proto.h,v 1.10.8.1 2002/02/06 03:38:05 assar Exp $ */
-
-#if defined(ENCRYPTION)
-Encryptions *findencryption (int);
-Encryptions *finddecryption(int);
-int EncryptAutoDec(int);
-int EncryptAutoEnc(int);
-int EncryptDebug(int);
-int EncryptDisable(char*, char*);
-int EncryptEnable(char*, char*);
-int EncryptStart(char*);
-int EncryptStartInput(void);
-int EncryptStartOutput(void);
-int EncryptStatus(void);
-int EncryptStop(char*);
-int EncryptStopInput(void);
-int EncryptStopOutput(void);
-int EncryptType(char*, char*);
-int EncryptVerbose(int);
-void decrypt_auto(int);
-void encrypt_auto(int);
-void encrypt_debug(int);
-void encrypt_dec_keyid(unsigned char*, int);
-void encrypt_display(void);
-void encrypt_enc_keyid(unsigned char*, int);
-void encrypt_end(void);
-void encrypt_gen_printsub(unsigned char*, int, unsigned char*, int);
-void encrypt_init(const char*, int);
-void encrypt_is(unsigned char*, int);
-void encrypt_list_types(void);
-void encrypt_not(void);
-void encrypt_printsub(unsigned char*, int, unsigned char*, int);
-void encrypt_reply(unsigned char*, int);
-void encrypt_request_end(void);
-void encrypt_request_start(unsigned char*, int);
-void encrypt_send_end(void);
-void encrypt_send_keyid(int, unsigned char*, int, int);
-void encrypt_send_request_end(void);
-int encrypt_is_encrypting(void);
-void encrypt_send_request_start(void);
-void encrypt_send_support(void);
-void encrypt_session_key(Session_Key*, int);
-void encrypt_start(unsigned char*, int);
-void encrypt_start_output(int);
-void encrypt_support(unsigned char*, int);
-void encrypt_verbose_quiet(int);
-void encrypt_wait(void);
-int encrypt_delay(void);
-
-#ifdef TELENTD
-void encrypt_wait (void);
-#else
-void encrypt_display (void);
-#endif
-
-void cfb64_encrypt (unsigned char *, int);
-int cfb64_decrypt (int);
-void cfb64_init (int);
-int cfb64_start (int, int);
-int cfb64_is (unsigned char *, int);
-int cfb64_reply (unsigned char *, int);
-void cfb64_session (Session_Key *, int);
-int cfb64_keyid (int, unsigned char *, int *);
-void cfb64_printsub (unsigned char *, int, unsigned char *, int);
-
-void ofb64_encrypt (unsigned char *, int);
-int ofb64_decrypt (int);
-void ofb64_init (int);
-int ofb64_start (int, int);
-int ofb64_is (unsigned char *, int);
-int ofb64_reply (unsigned char *, int);
-void ofb64_session (Session_Key *, int);
-int ofb64_keyid (int, unsigned char *, int *);
-void ofb64_printsub (unsigned char *, int, unsigned char *, int);
-
-#endif
-
-#ifdef KRB4
-int check_krb4_tickets();
-#else
-#define check_krb4_tickets() 0
-#endif
-
-#ifdef KRB5
-int check_krb5_tickets();
-#else
-#define check_krb5_tickets() 0
-#endif
+++ /dev/null
-/* $OpenBSD: enc_des.c,v 1.3 2014/04/16 05:49:55 jsg Exp $ */
-
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $KTH: enc_des.c,v 1.16 1998/07/09 23:16:23 assar Exp $ */
-
-#if defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION)
-#include <arpa/telnet.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "encrypt.h"
-#include "misc-proto.h"
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-extern int encrypt_debug_mode;
-
-#define CFB 0
-#define OFB 1
-
-#define NO_SEND_IV 1
-#define NO_RECV_IV 2
-#define NO_KEYID 4
-#define IN_PROGRESS (NO_SEND_IV|NO_RECV_IV|NO_KEYID)
-#define SUCCESS 0
-#define FAILED -1
-
-
-struct stinfo {
- DES_cblock str_output;
- DES_cblock str_feed;
- DES_cblock str_iv;
- DES_cblock str_ikey;
- DES_key_schedule str_sched;
- int str_index;
- int str_flagshift;
-};
-
-struct fb {
- DES_cblock krbdes_key;
- DES_key_schedule krbdes_sched;
- DES_cblock temp_feed;
- unsigned char fb_feed[64];
- int need_start;
- int state[2];
- int keyid[2];
- int once;
- struct stinfo streams[2];
-};
-
-static struct fb fb[2];
-
-struct keyidlist {
- char *keyid;
- int keyidlen;
- char *key;
- int keylen;
- int flags;
-} keyidlist [] = {
- { "\0", 1, 0, 0, 0 }, /* default key of zero */
- { 0, 0, 0, 0, 0 }
-};
-
-#define KEYFLAG_MASK 03
-
-#define KEYFLAG_NOINIT 00
-#define KEYFLAG_INIT 01
-#define KEYFLAG_OK 02
-#define KEYFLAG_BAD 03
-
-#define KEYFLAG_SHIFT 2
-
-#define SHIFT_VAL(a,b) (KEYFLAG_SHIFT*((a)+((b)*2)))
-
-#define FB64_IV 1
-#define FB64_IV_OK 2
-#define FB64_IV_BAD 3
-
-
-void fb64_stream_iv (DES_cblock, struct stinfo *);
-void fb64_init (struct fb *);
-static int fb64_start (struct fb *, int, int);
-int fb64_is (unsigned char *, int, struct fb *);
-int fb64_reply (unsigned char *, int, struct fb *);
-static void fb64_session (Session_Key *, int, struct fb *);
-void fb64_stream_key (DES_cblock, struct stinfo *);
-int fb64_keyid (int, unsigned char *, int *, struct fb *);
-
-void cfb64_init(int server)
-{
- fb64_init(&fb[CFB]);
- fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64;
- fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB);
- fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB);
-}
-
-
-void ofb64_init(int server)
-{
- fb64_init(&fb[OFB]);
- fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64;
- fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB);
- fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB);
-}
-
-void fb64_init(struct fb *fbp)
-{
- memset(fbp,0, sizeof(*fbp));
- fbp->state[0] = fbp->state[1] = FAILED;
- fbp->fb_feed[0] = IAC;
- fbp->fb_feed[1] = SB;
- fbp->fb_feed[2] = TELOPT_ENCRYPT;
- fbp->fb_feed[3] = ENCRYPT_IS;
-}
-
-/*
- * Returns:
- * -1: some error. Negotiation is done, encryption not ready.
- * 0: Successful, initial negotiation all done.
- * 1: successful, negotiation not done yet.
- * 2: Not yet. Other things (like getting the key from
- * Kerberos) have to happen before we can continue.
- */
-int cfb64_start(int dir, int server)
-{
- return(fb64_start(&fb[CFB], dir, server));
-}
-
-int ofb64_start(int dir, int server)
-{
- return(fb64_start(&fb[OFB], dir, server));
-}
-
-static int fb64_start(struct fb *fbp, int dir, int server)
-{
- int x;
- unsigned char *p;
- int state;
-
- switch (dir) {
- case DIR_DECRYPT:
- /*
- * This is simply a request to have the other side
- * start output (our input). He will negotiate an
- * IV so we need not look for it.
- */
- state = fbp->state[dir-1];
- if (state == FAILED)
- state = IN_PROGRESS;
- break;
-
- case DIR_ENCRYPT:
- state = fbp->state[dir-1];
- if (state == FAILED)
- state = IN_PROGRESS;
- else if ((state & NO_SEND_IV) == 0) {
- break;
- }
-
- if (!VALIDKEY(fbp->krbdes_key)) {
- fbp->need_start = 1;
- break;
- }
-
- state &= ~NO_SEND_IV;
- state |= NO_RECV_IV;
- if (encrypt_debug_mode)
- printf("Creating new feed\r\n");
- /*
- * Create a random feed and send it over.
- */
- do {
- if (RAND_bytes(fbp->temp_feed,
- sizeof(*fbp->temp_feed)) != 1)
- abort();
- DES_set_odd_parity(&fbp->temp_feed);
- } while(DES_is_weak_key(&fbp->temp_feed));
-
- DES_ecb_encrypt(&fbp->temp_feed,
- &fbp->temp_feed,
- &fbp->krbdes_sched, 1);
- p = fbp->fb_feed + 3;
- *p++ = ENCRYPT_IS;
- p++;
- *p++ = FB64_IV;
- for (x = 0; x < sizeof(DES_cblock); ++x) {
- if ((*p++ = fbp->temp_feed[x]) == IAC)
- *p++ = IAC;
- }
- *p++ = IAC;
- *p++ = SE;
- printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
- telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
- break;
- default:
- return(FAILED);
- }
- return(fbp->state[dir-1] = state);
-}
-
-/*
- * Returns:
- * -1: some error. Negotiation is done, encryption not ready.
- * 0: Successful, initial negotiation all done.
- * 1: successful, negotiation not done yet.
- */
-
-int cfb64_is(unsigned char *data, int cnt)
-{
- return(fb64_is(data, cnt, &fb[CFB]));
-}
-
-int ofb64_is(unsigned char *data, int cnt)
-{
- return(fb64_is(data, cnt, &fb[OFB]));
-}
-
-
-int fb64_is(unsigned char *data, int cnt, struct fb *fbp)
-{
- unsigned char *p;
- int state = fbp->state[DIR_DECRYPT-1];
-
- if (cnt-- < 1)
- goto failure;
-
- switch (*data++) {
- case FB64_IV:
- if (cnt != sizeof(DES_cblock)) {
- if (encrypt_debug_mode)
- printf("CFB64: initial vector failed on size\r\n");
- state = FAILED;
- goto failure;
- }
-
- if (encrypt_debug_mode)
- printf("CFB64: initial vector received\r\n");
-
- if (encrypt_debug_mode)
- printf("Initializing Decrypt stream\r\n");
-
- fb64_stream_iv(data, &fbp->streams[DIR_DECRYPT-1]);
-
- p = fbp->fb_feed + 3;
- *p++ = ENCRYPT_REPLY;
- p++;
- *p++ = FB64_IV_OK;
- *p++ = IAC;
- *p++ = SE;
- printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
- telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
-
- state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
- break;
-
- default:
- if (encrypt_debug_mode) {
- printf("Unknown option type: %d\r\n", *(data-1));
- printd(data, cnt);
- printf("\r\n");
- }
- /* FALL THROUGH */
- failure:
- /*
- * We failed. Send an FB64_IV_BAD option
- * to the other side so it will know that
- * things failed.
- */
- p = fbp->fb_feed + 3;
- *p++ = ENCRYPT_REPLY;
- p++;
- *p++ = FB64_IV_BAD;
- *p++ = IAC;
- *p++ = SE;
- printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
- telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
-
- break;
- }
- return(fbp->state[DIR_DECRYPT-1] = state);
-}
-
-/*
- * Returns:
- * -1: some error. Negotiation is done, encryption not ready.
- * 0: Successful, initial negotiation all done.
- * 1: successful, negotiation not done yet.
- */
-
-int cfb64_reply(unsigned char *data, int cnt)
-{
- return(fb64_reply(data, cnt, &fb[CFB]));
-}
-
-int ofb64_reply(unsigned char *data, int cnt)
-{
- return(fb64_reply(data, cnt, &fb[OFB]));
-}
-
-
-int fb64_reply(unsigned char *data, int cnt, struct fb *fbp)
-{
- int state = fbp->state[DIR_ENCRYPT-1];
-
- if (cnt-- < 1)
- goto failure;
-
- switch (*data++) {
- case FB64_IV_OK:
- fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
- if (state == FAILED)
- state = IN_PROGRESS;
- state &= ~NO_RECV_IV;
- encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1);
- break;
-
- case FB64_IV_BAD:
- memset(fbp->temp_feed, 0, sizeof(DES_cblock));
- fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
- state = FAILED;
- break;
-
- default:
- if (encrypt_debug_mode) {
- printf("Unknown option type: %d\r\n", data[-1]);
- printd(data, cnt);
- printf("\r\n");
- }
- /* FALL THROUGH */
- failure:
- state = FAILED;
- break;
- }
- return(fbp->state[DIR_ENCRYPT-1] = state);
-}
-
-void cfb64_session(Session_Key *key, int server)
-{
- fb64_session(key, server, &fb[CFB]);
-}
-
-void ofb64_session(Session_Key *key, int server)
-{
- fb64_session(key, server, &fb[OFB]);
-}
-
-static void fb64_session(Session_Key *key, int server, struct fb *fbp)
-{
-
- if (!key || key->type != SK_DES) {
- if (encrypt_debug_mode)
- printf("Can't set krbdes's session key (%d != %d)\r\n",
- key ? key->type : -1, SK_DES);
- return;
- }
- memcpy(fbp->krbdes_key, key->data, sizeof(DES_cblock));
-
- fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
- fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
-
- RAND_seed(key->data, key->length);
-
- DES_set_key_checked((DES_cblock *)&fbp->krbdes_key,
- &fbp->krbdes_sched);
-
- /*
- * Now look to see if krbdes_start() was was waiting for
- * the key to show up. If so, go ahead an call it now
- * that we have the key.
- */
- if (fbp->need_start) {
- fbp->need_start = 0;
- fb64_start(fbp, DIR_ENCRYPT, server);
- }
-}
-
-/*
- * We only accept a keyid of 0. If we get a keyid of
- * 0, then mark the state as SUCCESS.
- */
-
-int cfb64_keyid(int dir, unsigned char *kp, int *lenp)
-{
- return(fb64_keyid(dir, kp, lenp, &fb[CFB]));
-}
-
-int ofb64_keyid(int dir, unsigned char *kp, int *lenp)
-{
- return(fb64_keyid(dir, kp, lenp, &fb[OFB]));
-}
-
-int fb64_keyid(int dir, unsigned char *kp, int *lenp, struct fb *fbp)
-{
- int state = fbp->state[dir-1];
-
- if (*lenp != 1 || (*kp != '\0')) {
- *lenp = 0;
- return(state);
- }
-
- if (state == FAILED)
- state = IN_PROGRESS;
-
- state &= ~NO_KEYID;
-
- return(fbp->state[dir-1] = state);
-}
-
-void fb64_printsub(unsigned char *data, int cnt,
- unsigned char *buf, int buflen, char *type)
-{
- char lbuf[32];
- int i;
- char *cp;
-
- buf[buflen-1] = '\0'; /* make sure it's NULL terminated */
- buflen -= 1;
-
- switch(data[2]) {
- case FB64_IV:
- snprintf(lbuf, sizeof(lbuf), "%s_IV", type);
- cp = lbuf;
- goto common;
-
- case FB64_IV_OK:
- snprintf(lbuf, sizeof(lbuf), "%s_IV_OK", type);
- cp = lbuf;
- goto common;
-
- case FB64_IV_BAD:
- snprintf(lbuf, sizeof(lbuf), "%s_IV_BAD", type);
- cp = lbuf;
- goto common;
-
- default:
- snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[2]);
- cp = lbuf;
- common:
- for (; (buflen > 0) && (*buf = *cp++); buf++)
- buflen--;
- for (i = 3; i < cnt; i++) {
- snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
- for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
- buflen--;
- }
- break;
- }
-}
-
-void cfb64_printsub(unsigned char *data, int cnt,
- unsigned char *buf, int buflen)
-{
- fb64_printsub(data, cnt, buf, buflen, "CFB64");
-}
-
-void ofb64_printsub(unsigned char *data, int cnt,
- unsigned char *buf, int buflen)
-{
- fb64_printsub(data, cnt, buf, buflen, "OFB64");
-}
-
-void fb64_stream_iv(DES_cblock seed, struct stinfo *stp)
-{
-
- memcpy(stp->str_iv, seed,sizeof(DES_cblock));
- memcpy(stp->str_output, seed, sizeof(DES_cblock));
-
- DES_key_sched(&stp->str_ikey, &stp->str_sched);
-
- stp->str_index = sizeof(DES_cblock);
-}
-
-void fb64_stream_key(DES_cblock key, struct stinfo *stp)
-{
- memcpy(stp->str_ikey, key, sizeof(DES_cblock));
- DES_key_sched((DES_cblock*)key, &stp->str_sched);
-
- memcpy(stp->str_output, stp->str_iv, sizeof(DES_cblock));
-
- stp->str_index = sizeof(DES_cblock);
-}
-
-/*
- * DES 64 bit Cipher Feedback
- *
- * key --->+-----+
- * +->| DES |--+
- * | +-----+ |
- * | v
- * INPUT --(--------->(+)+---> DATA
- * | |
- * +-------------+
- *
- *
- * Given:
- * iV: Initial vector, 64 bits (8 bytes) long.
- * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
- * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
- *
- * V0 = DES(iV, key)
- * On = Dn ^ Vn
- * V(n+1) = DES(On, key)
- */
-
-void cfb64_encrypt(unsigned char *s, int c)
-{
- struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1];
- int index;
-
- index = stp->str_index;
- while (c-- > 0) {
- if (index == sizeof(DES_cblock)) {
- DES_cblock b;
- DES_ecb_encrypt(&stp->str_output, &b, &stp->str_sched, 1);
- memcpy(stp->str_feed, b, sizeof(DES_cblock));
- index = 0;
- }
-
- /* On encryption, we store (feed ^ data) which is cypher */
- *s = stp->str_output[index] = (stp->str_feed[index] ^ *s);
- s++;
- index++;
- }
- stp->str_index = index;
-}
-
-int cfb64_decrypt(int data)
-{
- struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1];
- int index;
-
- if (data == -1) {
- /*
- * Back up one byte. It is assumed that we will
- * never back up more than one byte. If we do, this
- * may or may not work.
- */
- if (stp->str_index)
- --stp->str_index;
- return(0);
- }
-
- index = stp->str_index++;
- if (index == sizeof(DES_cblock)) {
- DES_cblock b;
- DES_ecb_encrypt(&stp->str_output,&b, &stp->str_sched, 1);
- memcpy(stp->str_feed, b, sizeof(DES_cblock));
- stp->str_index = 1; /* Next time will be 1 */
- index = 0; /* But now use 0 */
- }
-
- /* On decryption we store (data) which is cypher. */
- stp->str_output[index] = data;
- return(data ^ stp->str_feed[index]);
-}
-
-/*
- * DES 64 bit Output Feedback
- *
- * key --->+-----+
- * +->| DES |--+
- * | +-----+ |
- * +-----------+
- * v
- * INPUT -------->(+) ----> DATA
- *
- * Given:
- * iV: Initial vector, 64 bits (8 bytes) long.
- * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
- * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
- *
- * V0 = DES(iV, key)
- * V(n+1) = DES(Vn, key)
- * On = Dn ^ Vn
- */
-
-void ofb64_encrypt(unsigned char *s, int c)
-{
- struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1];
- int index;
-
- index = stp->str_index;
- while (c-- > 0) {
- if (index == sizeof(DES_cblock)) {
- DES_cblock b;
- DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1);
- memcpy(stp->str_feed, b, sizeof(DES_cblock));
- index = 0;
- }
- *s++ ^= stp->str_feed[index];
- index++;
- }
- stp->str_index = index;
-}
-
-int ofb64_decrypt(int data)
-{
- struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1];
- int index;
-
- if (data == -1) {
- /*
- * Back up one byte. It is assumed that we will
- * never back up more than one byte. If we do, this
- * may or may not work.
- */
- if (stp->str_index)
- --stp->str_index;
- return(0);
- }
-
- index = stp->str_index++;
- if (index == sizeof(DES_cblock)) {
- DES_cblock b;
- DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1);
- memcpy(stp->str_feed, b, sizeof(DES_cblock));
- stp->str_index = 1; /* Next time will be 1 */
- index = 0; /* But now use 0 */
- }
-
- return(data ^ stp->str_feed[index]);
-}
-#endif
-
+++ /dev/null
-/* $OpenBSD: encrypt.c,v 1.4 2011/12/28 21:09:48 jsg Exp $ */
-
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
- /*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/*
-RCSID("$KTH: encrypt.c,v 1.22.8.1 2002/02/06 03:39:13 assar Exp $");
-*/
-
-#if defined(ENCRYPTION)
-
-#define ENCRYPT_NAMES
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <arpa/telnet.h>
-
-#include "encrypt.h"
-#include "misc.h"
-
-
-
-/*
- * These functions pointers point to the current routines
- * for encrypting and decrypting data.
- */
-void (*encrypt_output) (unsigned char *, int);
-int (*decrypt_input) (int);
-char *nclearto;
-
-int encrypt_debug_mode = 0;
-static int decrypt_mode = 0;
-static int encrypt_mode = 0;
-static int encrypt_verbose = 0;
-static int autoencrypt = 0;
-static int autodecrypt = 0;
-static int havesessionkey = 0;
-static int Server = 0;
-static const char *Name = "Noname";
-
-#define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0)
-
-static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
- | typemask(ENCTYPE_DES_OFB64);
- static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
- | typemask(ENCTYPE_DES_OFB64);
- static long i_wont_support_encrypt = 0;
- static long i_wont_support_decrypt = 0;
-#define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt)
-#define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt)
-
- static long remote_supports_encrypt = 0;
- static long remote_supports_decrypt = 0;
-
- static Encryptions encryptions[] = {
-#if defined(DES_ENCRYPTION)
- { "DES_CFB64", ENCTYPE_DES_CFB64,
- cfb64_encrypt,
- cfb64_decrypt,
- cfb64_init,
- cfb64_start,
- cfb64_is,
- cfb64_reply,
- cfb64_session,
- cfb64_keyid,
- cfb64_printsub },
- { "DES_OFB64", ENCTYPE_DES_OFB64,
- ofb64_encrypt,
- ofb64_decrypt,
- ofb64_init,
- ofb64_start,
- ofb64_is,
- ofb64_reply,
- ofb64_session,
- ofb64_keyid,
- ofb64_printsub },
-#endif
- { 0, },
- };
-
-static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
- ENCRYPT_SUPPORT };
-static unsigned char str_suplen = 0;
-static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
-static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
-
-Encryptions *
-findencryption(int type)
-{
- Encryptions *ep = encryptions;
-
- if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
- return(0);
- while (ep->type && ep->type != type)
- ++ep;
- return(ep->type ? ep : 0);
-}
-
-Encryptions *
-finddecryption(int type)
-{
- Encryptions *ep = encryptions;
-
- if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
- return(0);
- while (ep->type && ep->type != type)
- ++ep;
- return(ep->type ? ep : 0);
-}
-
-#define MAXKEYLEN 64
-
-static struct key_info {
- unsigned char keyid[MAXKEYLEN];
- int keylen;
- int dir;
- int *modep;
- Encryptions *(*getcrypt)(int);
-} ki[2] = {
- { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
- { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
-};
-
-void
-encrypt_init(const char *name, int server)
-{
- Encryptions *ep = encryptions;
-
- Name = name;
- Server = server;
- i_support_encrypt = i_support_decrypt = 0;
- remote_supports_encrypt = remote_supports_decrypt = 0;
- encrypt_mode = 0;
- decrypt_mode = 0;
- encrypt_output = 0;
- decrypt_input = 0;
-#ifdef notdef
- encrypt_verbose = !server;
-#endif
-
- str_suplen = 4;
-
- while (ep->type) {
- if (encrypt_debug_mode)
- printf(">>>%s: I will support %s\r\n",
- Name, ENCTYPE_NAME(ep->type));
- i_support_encrypt |= typemask(ep->type);
- i_support_decrypt |= typemask(ep->type);
- if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
- if ((str_send[str_suplen++] = ep->type) == IAC)
- str_send[str_suplen++] = IAC;
- if (ep->init)
- (*ep->init)(Server);
- ++ep;
- }
- str_send[str_suplen++] = IAC;
- str_send[str_suplen++] = SE;
-}
-
-void
-encrypt_list_types(void)
-{
- Encryptions *ep = encryptions;
-
- printf("Valid encryption types:\n");
- while (ep->type) {
- printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
- ++ep;
- }
-}
-
-int
-EncryptEnable(char *type, char *mode)
-{
- if (isprefix(type, "help") || isprefix(type, "?")) {
- printf("Usage: encrypt enable <type> [input|output]\n");
- encrypt_list_types();
- return(0);
- }
- if (EncryptType(type, mode))
- return(EncryptStart(mode));
- return(0);
-}
-
-int
-EncryptDisable(char *type, char *mode)
-{
- Encryptions *ep;
- int ret = 0;
-
- if (isprefix(type, "help") || isprefix(type, "?")) {
- printf("Usage: encrypt disable <type> [input|output]\n");
- encrypt_list_types();
- } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
- sizeof(Encryptions))) == 0) {
- printf("%s: invalid encryption type\n", type);
- } else if (Ambiguous(ep)) {
- printf("Ambiguous type '%s'\n", type);
- } else {
- if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
- if (decrypt_mode == ep->type)
- EncryptStopInput();
- i_wont_support_decrypt |= typemask(ep->type);
- ret = 1;
- }
- if ((mode == 0) || (isprefix(mode, "output"))) {
- if (encrypt_mode == ep->type)
- EncryptStopOutput();
- i_wont_support_encrypt |= typemask(ep->type);
- ret = 1;
- }
- if (ret == 0)
- printf("%s: invalid encryption mode\n", mode);
- }
- return(ret);
-}
-
-int
-EncryptType(char *type, char *mode)
-{
- Encryptions *ep;
- int ret = 0;
-
- if (isprefix(type, "help") || isprefix(type, "?")) {
- printf("Usage: encrypt type <type> [input|output]\n");
- encrypt_list_types();
- } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
- sizeof(Encryptions))) == 0) {
- printf("%s: invalid encryption type\n", type);
- } else if (Ambiguous(ep)) {
- printf("Ambiguous type '%s'\n", type);
- } else {
- if ((mode == 0) || isprefix(mode, "input")) {
- decrypt_mode = ep->type;
- i_wont_support_decrypt &= ~typemask(ep->type);
- ret = 1;
- }
- if ((mode == 0) || isprefix(mode, "output")) {
- encrypt_mode = ep->type;
- i_wont_support_encrypt &= ~typemask(ep->type);
- ret = 1;
- }
- if (ret == 0)
- printf("%s: invalid encryption mode\n", mode);
- }
- return(ret);
-}
-
-int
-EncryptStart(char *mode)
-{
- int ret = 0;
- if (mode) {
- if (isprefix(mode, "input"))
- return(EncryptStartInput());
- if (isprefix(mode, "output"))
- return(EncryptStartOutput());
- if (isprefix(mode, "help") || isprefix(mode, "?")) {
- printf("Usage: encrypt start [input|output]\n");
- return(0);
- }
- printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode);
- return(0);
- }
- ret += EncryptStartInput();
- ret += EncryptStartOutput();
- return(ret);
-}
-
-int
-EncryptStartInput(void)
-{
- if (decrypt_mode) {
- encrypt_send_request_start();
- return(1);
- }
- printf("No previous decryption mode, decryption not enabled\r\n");
- return(0);
-}
-
-int
-EncryptStartOutput(void)
-{
- if (encrypt_mode) {
- encrypt_start_output(encrypt_mode);
- return(1);
- }
- printf("No previous encryption mode, encryption not enabled\r\n");
- return(0);
-}
-
-int
-EncryptStop(char *mode)
-{
- int ret = 0;
- if (mode) {
- if (isprefix(mode, "input"))
- return(EncryptStopInput());
- if (isprefix(mode, "output"))
- return(EncryptStopOutput());
- if (isprefix(mode, "help") || isprefix(mode, "?")) {
- printf("Usage: encrypt stop [input|output]\n");
- return(0);
- }
- printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode);
- return(0);
- }
- ret += EncryptStopInput();
- ret += EncryptStopOutput();
- return(ret);
-}
-
-int
-EncryptStopInput(void)
-{
- encrypt_send_request_end();
- return(1);
-}
-
-int
-EncryptStopOutput(void)
-{
- encrypt_send_end();
- return(1);
-}
-
-void
-encrypt_display(void)
-{
- printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
- autoencrypt?"on":"off", autodecrypt?"on":"off");
-
- if (encrypt_output)
- printf("Currently encrypting output with %s\r\n",
- ENCTYPE_NAME(encrypt_mode));
- else
- printf("Currently not encrypting output\r\n");
-
- if (decrypt_input)
- printf("Currently decrypting input with %s\r\n",
- ENCTYPE_NAME(decrypt_mode));
- else
- printf("Currently not decrypting input\r\n");
-}
-
-int
-EncryptStatus(void)
-{
- printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
- autoencrypt?"on":"off", autodecrypt?"on":"off");
-
- if (encrypt_output)
- printf("Currently encrypting output with %s\r\n",
- ENCTYPE_NAME(encrypt_mode));
- else if (encrypt_mode) {
- printf("Currently output is clear text.\r\n");
- printf("Last encryption mode was %s\r\n",
- ENCTYPE_NAME(encrypt_mode));
- } else
- printf("Currently not encrypting output\r\n");
-
- if (decrypt_input) {
- printf("Currently decrypting input with %s\r\n",
- ENCTYPE_NAME(decrypt_mode));
- } else if (decrypt_mode) {
- printf("Currently input is clear text.\r\n");
- printf("Last decryption mode was %s\r\n",
- ENCTYPE_NAME(decrypt_mode));
- } else
- printf("Currently not decrypting input\r\n");
-
- return 1;
-}
-
-void
-encrypt_send_support(void)
-{
- if (str_suplen) {
- /*
- * If the user has requested that decryption start
- * immediately, then send a "REQUEST START" before
- * we negotiate the type.
- */
- if (!Server && autodecrypt)
- encrypt_send_request_start();
- telnet_net_write(str_send, str_suplen);
- printsub('>', &str_send[2], str_suplen - 2);
- str_suplen = 0;
- }
-}
-
-int
-EncryptDebug(int on)
-{
- if (on < 0)
- encrypt_debug_mode ^= 1;
- else
- encrypt_debug_mode = on;
- printf("Encryption debugging %s\r\n",
- encrypt_debug_mode ? "enabled" : "disabled");
- return(1);
-}
-
-/* turn on verbose encryption, but dont keep telling the whole world
- */
-void encrypt_verbose_quiet(int on)
-{
- if(on < 0)
- encrypt_verbose ^= 1;
- else
- encrypt_verbose = on ? 1 : 0;
-}
-
-int
-EncryptVerbose(int on)
-{
- encrypt_verbose_quiet(on);
- printf("Encryption %s verbose\r\n",
- encrypt_verbose ? "is" : "is not");
- return(1);
-}
-
-int
-EncryptAutoEnc(int on)
-{
- encrypt_auto(on);
- printf("Automatic encryption of output is %s\r\n",
- autoencrypt ? "enabled" : "disabled");
- return(1);
-}
-
-int
-EncryptAutoDec(int on)
-{
- decrypt_auto(on);
- printf("Automatic decryption of input is %s\r\n",
- autodecrypt ? "enabled" : "disabled");
- return(1);
-}
-
-/* Called when we receive a WONT or a DONT ENCRYPT after we sent a DO
- encrypt */
-void
-encrypt_not(void)
-{
- if (encrypt_verbose)
- printf("[ Connection is NOT encrypted ]\r\n");
-}
-
-/*
- * Called when ENCRYPT SUPPORT is received.
- */
-void
-encrypt_support(unsigned char *typelist, int cnt)
-{
- int type, use_type = 0;
- Encryptions *ep;
-
- /*
- * Forget anything the other side has previously told us.
- */
- remote_supports_decrypt = 0;
-
- while (cnt-- > 0) {
- type = *typelist++;
- if (encrypt_debug_mode)
- printf(">>>%s: He is supporting %s (%d)\r\n",
- Name,
- ENCTYPE_NAME(type), type);
- if ((type < ENCTYPE_CNT) &&
- (I_SUPPORT_ENCRYPT & typemask(type))) {
- remote_supports_decrypt |= typemask(type);
- if (use_type == 0)
- use_type = type;
- }
- }
- if (use_type) {
- ep = findencryption(use_type);
- if (!ep)
- return;
- type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
- if (encrypt_debug_mode)
- printf(">>>%s: (*ep->start)() returned %d\r\n",
- Name, type);
- if (type < 0)
- return;
- encrypt_mode = use_type;
- if (type == 0)
- encrypt_start_output(use_type);
- }
-}
-
-void
-encrypt_is(unsigned char *data, int cnt)
-{
- Encryptions *ep;
- int type, ret;
-
- if (--cnt < 0)
- return;
- type = *data++;
- if (type < ENCTYPE_CNT)
- remote_supports_encrypt |= typemask(type);
- if (!(ep = finddecryption(type))) {
- if (encrypt_debug_mode)
- printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
- Name,
- ENCTYPE_NAME_OK(type)
- ? ENCTYPE_NAME(type) : "(unknown)",
- type);
- return;
- }
- if (!ep->is) {
- if (encrypt_debug_mode)
- printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
- Name,
- ENCTYPE_NAME_OK(type)
- ? ENCTYPE_NAME(type) : "(unknown)",
- type);
- ret = 0;
- } else {
- ret = (*ep->is)(data, cnt);
- if (encrypt_debug_mode)
- printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt,
- (ret < 0) ? "FAIL " :
- (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
- }
- if (ret < 0) {
- autodecrypt = 0;
- } else {
- decrypt_mode = type;
- if (ret == 0 && autodecrypt)
- encrypt_send_request_start();
- }
-}
-
-void
-encrypt_reply(unsigned char *data, int cnt)
-{
- Encryptions *ep;
- int ret, type;
-
- if (--cnt < 0)
- return;
- type = *data++;
- if (!(ep = findencryption(type))) {
- if (encrypt_debug_mode)
- printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
- Name,
- ENCTYPE_NAME_OK(type)
- ? ENCTYPE_NAME(type) : "(unknown)",
- type);
- return;
- }
- if (!ep->reply) {
- if (encrypt_debug_mode)
- printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
- Name,
- ENCTYPE_NAME_OK(type)
- ? ENCTYPE_NAME(type) : "(unknown)",
- type);
- ret = 0;
- } else {
- ret = (*ep->reply)(data, cnt);
- if (encrypt_debug_mode)
- printf("(*ep->reply)(%p, %d) returned %s(%d)\n",
- data, cnt,
- (ret < 0) ? "FAIL " :
- (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
- }
- if (encrypt_debug_mode)
- printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
- if (ret < 0) {
- autoencrypt = 0;
- } else {
- encrypt_mode = type;
- if (ret == 0 && autoencrypt)
- encrypt_start_output(type);
- }
-}
-
-/*
- * Called when a ENCRYPT START command is received.
- */
-void
-encrypt_start(unsigned char *data, int cnt)
-{
- Encryptions *ep;
-
- if (!decrypt_mode) {
- /*
- * Something is wrong. We should not get a START
- * command without having already picked our
- * decryption scheme. Send a REQUEST-END to
- * attempt to clear the channel...
- */
- printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name);
- encrypt_send_request_end();
- return;
- }
-
- if ((ep = finddecryption(decrypt_mode))) {
- decrypt_input = ep->input;
- if (encrypt_verbose)
- printf("[ Input is now decrypted with type %s ]\r\n",
- ENCTYPE_NAME(decrypt_mode));
- if (encrypt_debug_mode)
- printf(">>>%s: Start to decrypt input with type %s\r\n",
- Name, ENCTYPE_NAME(decrypt_mode));
- } else {
- printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
- Name,
- ENCTYPE_NAME_OK(decrypt_mode)
- ? ENCTYPE_NAME(decrypt_mode)
- : "(unknown)",
- decrypt_mode);
- encrypt_send_request_end();
- }
-}
-
-void
-encrypt_session_key(Session_Key *key, int server)
-{
- Encryptions *ep = encryptions;
-
- havesessionkey = 1;
-
- while (ep->type) {
- if (ep->session)
- (*ep->session)(key, server);
- ++ep;
- }
-}
-
-/*
- * Called when ENCRYPT END is received.
- */
-void
-encrypt_end(void)
-{
- decrypt_input = 0;
- if (encrypt_debug_mode)
- printf(">>>%s: Input is back to clear text\r\n", Name);
- if (encrypt_verbose)
- printf("[ Input is now clear text ]\r\n");
-}
-
-/*
- * Called when ENCRYPT REQUEST-END is received.
- */
-void
-encrypt_request_end(void)
-{
- encrypt_send_end();
-}
-
-/*
- * Called when ENCRYPT REQUEST-START is received. If we receive
- * this before a type is picked, then that indicates that the
- * other side wants us to start encrypting data as soon as we
- * can.
- */
-void
-encrypt_request_start(unsigned char *data, int cnt)
-{
- if (encrypt_mode == 0) {
- if (Server)
- autoencrypt = 1;
- return;
- }
- encrypt_start_output(encrypt_mode);
-}
-
-static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
-
-static void
-encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len)
-{
- Encryptions *ep;
- int dir = kp->dir;
- int ret = 0;
-
- if (len > MAXKEYLEN)
- len = MAXKEYLEN;
-
- if (!(ep = (*kp->getcrypt)(*kp->modep))) {
- if (len == 0)
- return;
- kp->keylen = 0;
- } else if (len == 0) {
- /*
- * Empty option, indicates a failure.
- */
- if (kp->keylen == 0)
- return;
- kp->keylen = 0;
- if (ep->keyid)
- (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
-
- } else if ((len != kp->keylen) || (memcmp(keyid,kp->keyid,len) != 0)) {
- /*
- * Length or contents are different
- */
- kp->keylen = len;
- memcpy(kp->keyid,keyid, len);
- if (ep->keyid)
- (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
- } else {
- if (ep->keyid)
- ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
- if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
- encrypt_start_output(*kp->modep);
- return;
- }
-
- encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
-}
-
-void encrypt_enc_keyid(unsigned char *keyid, int len)
-{
- encrypt_keyid(&ki[1], keyid, len);
-}
-
-void encrypt_dec_keyid(unsigned char *keyid, int len)
-{
- encrypt_keyid(&ki[0], keyid, len);
-}
-
-
-void encrypt_send_keyid(int dir, unsigned char *keyid, int keylen, int saveit)
-{
- unsigned char *strp;
-
- str_keyid[3] = (dir == DIR_ENCRYPT)
- ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
- if (saveit) {
- struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
- memcpy(kp->keyid,keyid, keylen);
- kp->keylen = keylen;
- }
-
- for (strp = &str_keyid[4]; keylen > 0; --keylen) {
- if ((*strp++ = *keyid++) == IAC)
- *strp++ = IAC;
- }
- *strp++ = IAC;
- *strp++ = SE;
- telnet_net_write(str_keyid, strp - str_keyid);
- printsub('>', &str_keyid[2], strp - str_keyid - 2);
-}
-
-void
-encrypt_auto(int on)
-{
- if (on < 0)
- autoencrypt ^= 1;
- else
- autoencrypt = on ? 1 : 0;
-}
-
-void
-decrypt_auto(int on)
-{
- if (on < 0)
- autodecrypt ^= 1;
- else
- autodecrypt = on ? 1 : 0;
-}
-
-void
-encrypt_start_output(int type)
-{
- Encryptions *ep;
- unsigned char *p;
- int i;
-
- if (!(ep = findencryption(type))) {
- if (encrypt_debug_mode) {
- printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
- Name,
- ENCTYPE_NAME_OK(type)
- ? ENCTYPE_NAME(type) : "(unknown)",
- type);
- }
- return;
- }
- if (ep->start) {
- i = (*ep->start)(DIR_ENCRYPT, Server);
- if (encrypt_debug_mode) {
- printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
- Name,
- (i < 0) ? "failed" :
- "initial negotiation in progress",
- i, ENCTYPE_NAME(type));
- }
- if (i)
- return;
- }
- p = str_start + 3;
- *p++ = ENCRYPT_START;
- for (i = 0; i < ki[0].keylen; ++i) {
- if ((*p++ = ki[0].keyid[i]) == IAC)
- *p++ = IAC;
- }
- *p++ = IAC;
- *p++ = SE;
- telnet_net_write(str_start, p - str_start);
- net_encrypt();
- printsub('>', &str_start[2], p - &str_start[2]);
- /*
- * If we are already encrypting in some mode, then
- * encrypt the ring (which includes our request) in
- * the old mode, mark it all as "clear text" and then
- * switch to the new mode.
- */
- encrypt_output = ep->output;
- encrypt_mode = type;
- if (encrypt_debug_mode)
- printf(">>>%s: Started to encrypt output with type %s\r\n",
- Name, ENCTYPE_NAME(type));
- if (encrypt_verbose)
- printf("[ Output is now encrypted with type %s ]\r\n",
- ENCTYPE_NAME(type));
-}
-
-void
-encrypt_send_end(void)
-{
- if (!encrypt_output)
- return;
-
- str_end[3] = ENCRYPT_END;
- telnet_net_write(str_end, sizeof(str_end));
- net_encrypt();
- printsub('>', &str_end[2], sizeof(str_end) - 2);
- /*
- * Encrypt the output buffer now because it will not be done by
- * netflush...
- */
- encrypt_output = 0;
- if (encrypt_debug_mode)
- printf(">>>%s: Output is back to clear text\r\n", Name);
- if (encrypt_verbose)
- printf("[ Output is now clear text ]\r\n");
-}
-
-void
-encrypt_send_request_start(void)
-{
- unsigned char *p;
- int i;
-
- p = &str_start[3];
- *p++ = ENCRYPT_REQSTART;
- for (i = 0; i < ki[1].keylen; ++i) {
- if ((*p++ = ki[1].keyid[i]) == IAC)
- *p++ = IAC;
- }
- *p++ = IAC;
- *p++ = SE;
- telnet_net_write(str_start, p - str_start);
- printsub('>', &str_start[2], p - &str_start[2]);
- if (encrypt_debug_mode)
- printf(">>>%s: Request input to be encrypted\r\n", Name);
-}
-
-void
-encrypt_send_request_end(void)
-{
- str_end[3] = ENCRYPT_REQEND;
- telnet_net_write(str_end, sizeof(str_end));
- printsub('>', &str_end[2], sizeof(str_end) - 2);
-
- if (encrypt_debug_mode)
- printf(">>>%s: Request input to be clear text\r\n", Name);
-}
-
-
-void encrypt_wait(void)
-{
- if (encrypt_debug_mode)
- printf(">>>%s: in encrypt_wait\r\n", Name);
- if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
- return;
- while (autoencrypt && !encrypt_output)
- if (telnet_spin())
- return;
-}
-
-int
-encrypt_delay(void)
-{
- if(!havesessionkey ||
- (I_SUPPORT_ENCRYPT & remote_supports_decrypt) == 0 ||
- (I_SUPPORT_DECRYPT & remote_supports_encrypt) == 0)
- return 0;
- if(!(encrypt_output && decrypt_input))
- return 1;
- return 0;
-}
-
-int encrypt_is_encrypting()
-{
- if (encrypt_output && decrypt_input)
- return 1;
- return 0;
-}
-
-void
-encrypt_debug(int mode)
-{
- encrypt_debug_mode = mode;
-}
-
-void encrypt_gen_printsub(unsigned char *data, int cnt,
- unsigned char *buf, int buflen)
-{
- char tbuf[16], *cp;
-
- cnt -= 2;
- data += 2;
- buf[buflen-1] = '\0';
- buf[buflen-2] = '*';
- buflen -= 2;
- for (; cnt > 0; cnt--, data++) {
- snprintf(tbuf, sizeof(tbuf), " %d", *data);
- for (cp = tbuf; *cp && buflen > 0; --buflen)
- *buf++ = *cp++;
- if (buflen <= 0)
- return;
- }
- *buf = '\0';
-}
-
-void
-encrypt_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
- Encryptions *ep;
- int type = data[1];
-
- for (ep = encryptions; ep->type && ep->type != type; ep++)
- ;
-
- if (ep->printsub)
- (*ep->printsub)(data, cnt, buf, buflen);
- else
- encrypt_gen_printsub(data, cnt, buf, buflen);
-}
-#endif
+++ /dev/null
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * from: @(#)encrypt.h 8.1 (Berkeley) 6/4/93
- * $OpenBSD: encrypt.h,v 1.1 2005/05/24 03:41:58 deraadt Exp $
- * $NetBSD: encrypt.h,v 1.4 1996/02/24 01:15:20 jtk Exp $
- */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $KTH: encrypt.h,v 1.4 1997/01/24 23:10:56 assar Exp $ */
-
-#ifndef __ENCRYPT__
-#define __ENCRYPT__
-
-#define DIR_DECRYPT 1
-#define DIR_ENCRYPT 2
-
-#define VALIDKEY(key) ( key[0] | key[1] | key[2] | key[3] | \
- key[4] | key[5] | key[6] | key[7])
-
-#define SAMEKEY(k1, k2) (!memcmp(k1, k2, sizeof(des_cblock)))
-
-typedef struct {
- short type;
- int length;
- unsigned char *data;
-} Session_Key;
-
-typedef struct {
- char *name;
- int type;
- void (*output) (unsigned char *, int);
- int (*input) (int);
- void (*init) (int);
- int (*start) (int, int);
- int (*is) (unsigned char *, int);
- int (*reply) (unsigned char *, int);
- void (*session) (Session_Key *, int);
- int (*keyid) (int, unsigned char *, int *);
- void (*printsub) (unsigned char *, int, unsigned char *, int);
-} Encryptions;
-
-#define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */
-
-#include "enc-proto.h"
-
-extern int encrypt_debug_mode;
-extern int (*decrypt_input) (int);
-extern void (*encrypt_output) (unsigned char *, int);
-#endif
+++ /dev/null
-/*
- * Copyright (c) 1989, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)ext.h 8.2 (Berkeley) 12/15/93
- */
-
-/* $KTH: ext.h,v 1.22 2001/04/24 23:12:11 assar Exp $ */
-
-#ifndef __EXT_H__
-#define __EXT_H__
-
-#include <arpa/telnet.h>
-
-/*
- * Telnet server variable declarations
- */
-extern char options[256];
-extern char do_dont_resp[256];
-extern char will_wont_resp[256];
-extern int flowmode; /* current flow control state */
-extern int restartany; /* restart output on any character state */
-#ifdef DIAGNOSTICS
-extern int diagnostic; /* telnet diagnostic capabilities */
-#endif /* DIAGNOSTICS */
-extern int require_otp;
-#ifdef AUTHENTICATION
-extern int auth_level;
-#endif
-extern char *new_login;
-
-extern slcfun slctab[NSLC + 1]; /* slc mapping table */
-
-extern char terminaltype[41];
-
-/*
- * I/O data buffers, pointers, and counters.
- */
-extern char ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
-
-extern char netibuf[BUFSIZ], *netip;
-
-extern char netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
-extern char *neturg; /* one past last bye of urgent data */
-
-extern int pcc, ncc;
-
-extern int ourpty, net;
-extern char *line;
-extern int SYNCHing; /* we are in TELNET SYNCH mode */
-
-int telnet_net_write (unsigned char *str, int len);
-void net_encrypt (void);
-int telnet_spin (void);
-char *telnet_getenv (const char *val);
-char *telnet_gets (char *prompt, char *result, int length, int echo);
-void get_slc_defaults (void);
-void telrcv (void);
-void send_do (int option, int init);
-void willoption (int option);
-void send_dont (int option, int init);
-void wontoption (int option);
-void send_will (int option, int init);
-void dooption (int option);
-void send_wont (int option, int init);
-void dontoption (int option);
-void suboption (void);
-void doclientstat (void);
-void send_status (void);
-void init_termbuf (void);
-void set_termbuf (void);
-int spcset (int func, cc_t *valp, cc_t **valpp);
-void set_utid (void);
-int getpty (int *ptynum);
-int tty_isecho (void);
-int tty_flowmode (void);
-int tty_restartany (void);
-void tty_setecho (int on);
-int tty_israw (void);
-void tty_binaryin (int on);
-void tty_binaryout (int on);
-int tty_isbinaryin (void);
-int tty_isbinaryout (void);
-int tty_issofttab (void);
-void tty_setsofttab (int on);
-int tty_islitecho (void);
-void tty_setlitecho (int on);
-int tty_iscrnl (void);
-void tty_tspeed (int val);
-void tty_rspeed (int val);
-void getptyslave (void);
-int cleanopen (char *line);
-void startslave (const char *host, const char *, int autologin, char *autoname);
-void init_env (void);
-void start_login (const char *host, int autologin, char *name);
-void cleanup (int sig);
-int main (int argc, char **argv);
-int getterminaltype (char *name, size_t);
-void _gettermname (void);
-int terminaltypeok (char *s);
-void my_telnet (int f, int p, const char*, const char *, int, char*);
-void interrupt (void);
-void sendbrk (void);
-void sendsusp (void);
-void recv_ayt (void);
-void doeof (void);
-void flowstat (void);
-void clientstat (int code, int parm1, int parm2);
-int ttloop (void);
-int stilloob (int s);
-void ptyflush (void);
-char *nextitem (char *current);
-void netclear (void);
-void netflush (void);
-void writenet (unsigned char *ptr, int len);
-void fatal (int f, char *msg);
-void fatalperror (int f, const char *msg);
-void fatalperror_errno (int f, const char *msg, int error);
-void edithost (char *pat, char *host);
-void putstr (char *s);
-void putchr (int cc);
-void putf (char *cp, char *where);
-void printoption (char *fmt, int option);
-void printsub (int direction, unsigned char *pointer, int length);
-void printdata (char *tag, char *ptr, int cnt);
-int login_tty(int t);
-
-#ifdef ENCRYPTION
-extern void (*encrypt_output) (unsigned char *, int);
-extern int (*decrypt_input) (int);
-extern char *nclearto;
-#endif
-
-
-/*
- * The following are some clocks used to decide how to interpret
- * the relationship between various variables.
- */
-
-struct clocks_t{
- int
- system, /* what the current time is */
- echotoggle, /* last time user entered echo character */
- modenegotiated, /* last time operating mode negotiated */
- didnetreceive, /* last time we read data from network */
- ttypesubopt, /* ttype subopt is received */
- tspeedsubopt, /* tspeed subopt is received */
- environsubopt, /* environ subopt is received */
- oenvironsubopt, /* old environ subopt is received */
- xdisplocsubopt, /* xdisploc subopt is received */
- baseline, /* time started to do timed action */
- gotDM; /* when did we last see a data mark */
-};
-extern struct clocks_t clocks;
-
-extern int log_unauth;
-extern int no_warn;
-
-#ifdef STREAMSPTY
-extern int really_stream;
-#endif
-
-#ifndef USE_IM
-# ifdef CRAY
-# define USE_IM "Cray UNICOS (%h) (%t)"
-# endif
-# ifdef _AIX
-# define USE_IM "%s %v.%r (%h) (%t)"
-# endif
-# ifndef USE_IM
-# define USE_IM "%s %r (%h) (%t)"
-# endif
-#endif
-
-#define DEFAULT_IM "\r\n\r\n" USE_IM "\r\n\r\n\r\n"
-
-#endif /* __EXT_H__ */
-/* $OpenBSD: externs.h,v 1.17 2013/10/26 21:33:29 sthen Exp $ */
+/* $OpenBSD: externs.h,v 1.18 2014/07/19 23:50:38 guenther Exp $ */
/* $KTH: externs.h,v 1.16 1997/11/29 02:28:35 joda Exp $ */
/*
* @(#)externs.h 8.3 (Berkeley) 5/30/95
*/
-#ifndef BSD
-# define BSD 43
-#endif
-
-#ifndef _POSIX_VDISABLE
-# ifdef sun
-# include <sys/param.h> /* pick up VDISABLE definition, mayby */
-# endif
-# ifdef VDISABLE
-# define _POSIX_VDISABLE VDISABLE
-# else
-# define _POSIX_VDISABLE ((cc_t)'\377')
-# endif
-#endif
-
#define SUBBUFSIZE 256
extern int
connected, /* Are we connected to the other side? */
globalmode, /* Mode tty should be in */
telnetport, /* Are we connected to the telnet port? */
- In3270, /* Are we in 3270 mode? */
localflow, /* Flow control handled locally */
restartany, /* If flow control, restart output on any character */
localchars, /* we recognize interrupt/quit */
crmod,
netdata, /* Print out network data flow */
prettydump, /* Print "netdata" output in user readable format */
-#if defined(TN3270)
- cursesdata, /* Print out curses data flow */
- apitrace, /* Trace API transactions */
-#endif /* defined(TN3270) */
termdata, /* Print out terminal data flow */
debug; /* Debug level */
wont[],
options[], /* All the little options */
*hostname; /* Who are we connected to? */
-#if defined(ENCRYPTION)
-extern void (*encrypt_output) (unsigned char *, int);
-extern int (*decrypt_input) (int);
-#endif
extern int rtableid; /* routing table to use */
peerdied,
toplevel; /* For error conditions. */
-/* authenc.c */
-
-#if defined(AUTHENTICATION) || defined(ENCRYPTION)
-int net_write(unsigned char *str, int len);
-void net_encrypt(void);
-int telnet_spin(void);
-char *telnet_getenv(const char *val);
-char *telnet_gets(char *prompt, char *result, int length, int echo);
-int Scheduler(int block);
-#endif
-
/* commands.c */
struct env_lst *env_define (unsigned char *, unsigned char *);
void set_escape_char(char *s);
unsigned long sourceroute(char *arg, char **cpp, int *lenp);
-#if defined(AUTHENTICATION)
-int auth_enable (char *);
-int auth_disable (char *);
-int auth_status (void);
-#endif
-
-#if defined(ENCRYPTION)
-int EncryptEnable (char *, char *);
-int EncryptDisable (char *, char *);
-int EncryptType (char *, char *);
-int EncryptStart (char *);
-int EncryptStartInput (void);
-int EncryptStartOutput (void);
-int EncryptStop (char *);
-int EncryptStopInput (void);
-int EncryptStopOutput (void);
-int EncryptStatus (void);
-#endif
-
#ifdef SIGINFO
void ayt_status(void);
#endif
void Dump (char, unsigned char *, int);
void printoption (char *, int, int);
-void printsub (int, unsigned char *, int);
void sendnaws (void);
void setconnmode (int);
void setcommandmode (void);
int quit (void);
+/* genget.c */
+
+char **genget(char *name, char **table, int stlen);
+int isprefix(char *s1, char *s2);
+int Ambiguous(void *s);
+
/* terminal.c */
void init_terminal(void);
/* utilities.c */
-int SetSockOpt(int fd, int level, int option, int yesno);
void SetNetTrace(char *file);
void Dump(char direction, unsigned char *buffer, int length);
void printoption(char *direction, int cmd, int option);
netiring,
ttyoring,
ttyiring;
-
-/* Tn3270 section */
-#if defined(TN3270)
-
-extern int
- HaveInput, /* Whether an asynchronous I/O indication came in */
- noasynchtty, /* Don't do signals on I/O (SIGURG, SIGIO) */
- noasynchnet, /* Don't do signals on I/O (SIGURG, SIGIO) */
- sigiocount, /* Count of SIGIO receptions */
- shell_active; /* Subshell is active */
-
-extern char
- *Ibackp, /* Oldest byte of 3270 data */
- Ibuf[], /* 3270 buffer */
- *Ifrontp, /* Where next 3270 byte goes */
- tline[200],
- *transcom; /* Transparent command */
-
-extern int
- settranscom(int, char**);
-
-extern void
- inputAvailable(int);
-#endif /* defined(TN3270) */
-/* $OpenBSD: genget.c,v 1.2 2009/10/27 23:59:44 deraadt Exp $ */
+/* $OpenBSD: genget.c,v 1.3 2014/07/19 23:50:38 guenther Exp $ */
/*-
* Copyright (c) 1991, 1993
/* $KTH: genget.c,v 1.6 1997/05/04 09:01:34 assar Exp $ */
#include <ctype.h>
-#include "misc-proto.h"
+#include "telnet_locl.h"
#define LOWER(x) (isupper((int)x) ? tolower((int)x) : (x))
/*
+++ /dev/null
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdlib.h>
-#include "misc-proto.h"
-
-static char *area;
-
-int gtgetent(char *, char *);
-char *gtgetstr(char *, char **);
-
-/*ARGSUSED*/
-int
-gtgetent(cp, name)
-char *cp, *name;
-{
-#ifdef HAS_CGETENT
- char *dba[2];
-
- dba[0] = "/etc/gettytab";
- dba[1] = 0;
- return((cgetent(&area, dba, name) == 0) ? 1 : 0);
-#else
- return(0);
-#endif
-}
-
-#ifndef SOLARIS
-/*ARGSUSED*/
-char *
-gtgetstr(id, cpp)
-char *id, **cpp;
-{
-# ifdef HAS_CGETENT
- char *answer;
- return((cgetstr(area, id, &answer) > 0) ? answer : 0);
-# else
- return(0);
-# endif
-}
-#endif
+++ /dev/null
-/* $OpenBSD: kerberos5.c,v 1.2 2013/06/21 13:35:26 ajacoutot Exp $ */
-
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $KTH: kerberos5.c,v 1.47 2001/01/09 18:45:33 assar Exp $ */
-
-#ifdef KRB5
-
-#include <arpa/telnet.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <netdb.h>
-#include <ctype.h>
-#include <pwd.h>
-#include <errno.h>
-#define Authenticator k5_Authenticator
-#include <kerberosV/krb5.h>
-#undef Authenticator
-#include <err.h>
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-#if defined(DCE)
-int dfsk5ok = 0;
-int dfspag = 0;
-int dfsfwd = 0;
-#endif
-
-int forward_flags = 0; /* Flags get set in telnet/main.c on -f and -F */
-
-int forward(int);
-int forwardable(int);
-
-/* These values need to be the same as those defined in telnet/main.c. */
-/* Either define them in both places, or put in some common header file. */
-#define OPTS_FORWARD_CREDS 0x00000002
-#define OPTS_FORWARDABLE_CREDS 0x00000001
-
-
-void kerberos5_forward (Authenticator *);
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
- AUTHTYPE_KERBEROS_V5, };
-
-#define KRB_AUTH 0 /* Authentication data follows */
-#define KRB_REJECT 1 /* Rejected (reason might follow) */
-#define KRB_ACCEPT 2 /* Accepted */
-#define KRB_RESPONSE 3 /* Response for mutual auth. */
-
-#define KRB_FORWARD 4 /* Forwarded credentials follow */
-#define KRB_FORWARD_ACCEPT 5 /* Forwarded credentials accepted */
-#define KRB_FORWARD_REJECT 6 /* Forwarded credentials rejected */
-
-static krb5_data auth;
-static krb5_ticket *ticket;
-
-static krb5_context context;
-static krb5_auth_context auth_context;
-
-int
-check_krb5_tickets()
-{
- krb5_error_code ret;
- krb5_context context;
- krb5_ccache ccache;
- krb5_principal principal;
- int retval = 1;
-
- ret = krb5_init_context(&context);
- if(ret)
- errx(1, "krb5_init_context failt: %d", ret);
-
- ret = krb5_cc_default(context, &ccache);
- if(ret)
- errx(1, "krb5_cc_default: %d", ret);
-
- ret = krb5_cc_get_principal (context, ccache, &principal);
- switch(ret) {
- case ENOENT:
- retval = 0;
- goto done;
- case 0:
- retval = 1;
- goto done;
- default:
- errx(1, "krb5_cc_get_principal: %d", ret);
- break;
- }
-
- done:
- krb5_free_context(context);
- return retval;
-}
-
-static int
-Data(Authenticator *ap, int type, void *d, int c)
-{
- unsigned char *p = str_data + 4;
- unsigned char *cd = (unsigned char *)d;
-
- if (c == -1)
- c = strlen(cd);
-
- if (auth_debug_mode) {
- printf("%s:%d: [%d] (%d)",
- str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
- str_data[3],
- type, c);
- printd(d, c);
- printf("\r\n");
- }
- *p++ = ap->type;
- *p++ = ap->way;
- *p++ = type;
- while (c-- > 0) {
- if ((*p++ = *cd++) == IAC)
- *p++ = IAC;
- }
- *p++ = IAC;
- *p++ = SE;
- if (str_data[3] == TELQUAL_IS)
- printsub('>', &str_data[2], p - &str_data[2]);
- return(telnet_net_write(str_data, p - str_data));
-}
-
-int
-kerberos5_init(Authenticator *ap, int server)
-{
- krb5_error_code ret;
-
- ret = krb5_init_context(&context);
- if (ret)
- return 0;
- if (server) {
- krb5_keytab kt;
- krb5_kt_cursor cursor;
-
- ret = krb5_kt_default(context, &kt);
- if (ret)
- return 0;
-
- ret = krb5_kt_start_seq_get (context, kt, &cursor);
- if (ret) {
- krb5_kt_close (context, kt);
- return 0;
- }
- krb5_kt_end_seq_get (context, kt, &cursor);
- krb5_kt_close (context, kt);
-
- str_data[3] = TELQUAL_REPLY;
- } else
- str_data[3] = TELQUAL_IS;
- return(1);
-}
-
-extern int net;
-static int
-kerberos5_send(char *name, Authenticator *ap)
-{
- krb5_error_code ret;
- krb5_ccache ccache;
- int ap_opts;
- krb5_data cksum_data;
- char foo[2];
- const char *s;
-
- if(check_krb5_tickets() != 1)
- return 0;
-
- if (!UserNameRequested) {
- if (auth_debug_mode) {
- printf("Kerberos V5: no user name supplied\r\n");
- }
- return(0);
- }
-
- ret = krb5_cc_default(context, &ccache);
- if (ret) {
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf("Kerberos V5: could not get default ccache: %s\r\n", s);
- krb5_free_error_message(context, s);
- }
- return 0;
- }
-
- if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
- ap_opts = AP_OPTS_MUTUAL_REQUIRED;
- else
- ap_opts = 0;
-
- ap_opts |= AP_OPTS_USE_SUBKEY;
-
- ret = krb5_auth_con_init (context, &auth_context);
- if (ret) {
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", s);
- krb5_free_error_message(context, s);
- }
- return(0);
- }
-
- ret = krb5_auth_con_setaddrs_from_fd (context,
- auth_context,
- &net);
- if (ret) {
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf ("Kerberos V5:"
- " krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", s);
- krb5_free_error_message(context, s);
- }
- return(0);
- }
-
- krb5_auth_con_setkeytype (context, auth_context, KEYTYPE_DES);
-
- foo[0] = ap->type;
- foo[1] = ap->way;
-
- cksum_data.length = sizeof(foo);
- cksum_data.data = foo;
-
-
- {
- krb5_principal service;
- char sname[128];
-
-
- ret = krb5_sname_to_principal (context,
- RemoteHostName,
- NULL,
- KRB5_NT_SRV_HST,
- &service);
- if(ret) {
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf ("Kerberos V5:"
- " krb5_sname_to_principal(%s) failed (%s)\r\n", RemoteHostName, s);
- krb5_free_error_message(context, s);
- }
- return 0;
- }
- ret = krb5_unparse_name_fixed(context, service, sname, sizeof(sname));
- if(ret) {
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf ("Kerberos V5:"
- " krb5_unparse_name_fixed failed (%s)\r\n", s);
- krb5_free_error_message(context, s);
- }
- return 0;
- }
- printf("[ Trying %s (%s)... ]\r\n", name, sname);
- ret = krb5_mk_req_exact(context, &auth_context, ap_opts,
- service,
- &cksum_data, ccache, &auth);
- krb5_free_principal (context, service);
-
- }
- if (ret) {
- if (1 || auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf("Kerberos V5: mk_req failed (%s)\r\n", s);
- krb5_free_error_message(context, s);
- }
- return(0);
- }
-
- if (!auth_sendname((unsigned char *)UserNameRequested,
- strlen(UserNameRequested))) {
- if (auth_debug_mode)
- printf("Not enough room for user name\r\n");
- return(0);
- }
- if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
- if (auth_debug_mode)
- printf("Not enough room for authentication data\r\n");
- return(0);
- }
- if (auth_debug_mode) {
- printf("Sent Kerberos V5 credentials to server\r\n");
- }
- return(1);
-}
-
-int
-kerberos5_send_mutual(Authenticator *ap)
-{
- return kerberos5_send("mutual KERBEROS5", ap);
-}
-
-int
-kerberos5_send_oneway(Authenticator *ap)
-{
- return kerberos5_send("KERBEROS5", ap);
-}
-
-void
-kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
-{
- krb5_error_code ret;
- krb5_data outbuf;
- krb5_keyblock *key_block;
- char *name;
- krb5_principal server;
- int zero = 0;
- const char *s;
-
- if (cnt-- < 1)
- return;
- switch (*data++) {
- case KRB_AUTH:
- auth.data = (char *)data;
- auth.length = cnt;
-
- auth_context = NULL;
-
- ret = krb5_auth_con_init (context, &auth_context);
- if (ret) {
- Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1);
- auth_finished(ap, AUTH_REJECT);
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", s);
- krb5_free_error_message(context, s);
- }
- return;
- }
-
- ret = krb5_auth_con_setaddrs_from_fd (context,
- auth_context,
- &zero);
- if (ret) {
- Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1);
- auth_finished(ap, AUTH_REJECT);
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf("Kerberos V5: "
- "krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", s);
- krb5_free_error_message(context, s);
- }
- return;
- }
-
- ret = krb5_sock_to_principal (context,
- 0,
- "host",
- KRB5_NT_SRV_HST,
- &server);
- if (ret) {
- Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1);
- auth_finished(ap, AUTH_REJECT);
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf("Kerberos V5: "
- "krb5_sock_to_principal failed (%s)\r\n", s);
- krb5_free_error_message(context, s);
- }
- return;
- }
-
- ret = krb5_rd_req(context,
- &auth_context,
- &auth,
- server,
- NULL,
- NULL,
- &ticket);
-
- krb5_free_principal (context, server);
- if (ret) {
- char *errbuf;
- s = krb5_get_error_message(context, ret);
-
- asprintf(&errbuf,
- "Read req failed: %s", s);
- krb5_free_error_message(context, s);
- Data(ap, KRB_REJECT, errbuf, -1);
- if (auth_debug_mode)
- printf("%s\r\n", errbuf);
- free (errbuf);
- return;
- }
-
- {
- char foo[2];
-
- foo[0] = ap->type;
- foo[1] = ap->way;
-
- ret = krb5_verify_authenticator_checksum(context,
- auth_context,
- foo,
- sizeof(foo));
-
- if (ret) {
- char *errbuf;
- s = krb5_get_error_message(context, ret);
- asprintf(&errbuf, "Bad checksum: %s", s);
- krb5_free_error_message(context, s);
- Data(ap, KRB_REJECT, errbuf, -1);
- if (auth_debug_mode)
- printf ("%s\r\n", errbuf);
- free(errbuf);
- return;
- }
- }
- ret = krb5_auth_con_getremotesubkey (context,
- auth_context,
- &key_block);
-
- if (ret) {
- Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1);
- auth_finished(ap, AUTH_REJECT);
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf("Kerberos V5: "
- "krb5_auth_con_getremotesubkey failed (%s)\r\n", s);
- krb5_free_error_message(context, s);
- }
- return;
- }
-
- if (key_block == NULL) {
- ret = krb5_auth_con_getkey(context,
- auth_context,
- &key_block);
- }
- if (ret) {
- Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
- auth_finished(ap, AUTH_REJECT);
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf("Kerberos V5: "
- "krb5_auth_con_getkey failed (%s)\r\n", s);
- krb5_free_error_message(context, s);
- }
- return;
- }
- if (key_block == NULL) {
- Data(ap, KRB_REJECT, "no subkey received", -1);
- auth_finished(ap, AUTH_REJECT);
- if (auth_debug_mode)
- printf("Kerberos V5: "
- "krb5_auth_con_getremotesubkey returned NULL key\r\n");
- return;
- }
-
- if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
- ret = krb5_mk_rep(context, auth_context, &outbuf);
- if (ret) {
- Data(ap, KRB_REJECT,
- "krb5_mk_rep failed", -1);
- auth_finished(ap, AUTH_REJECT);
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf("Kerberos V5: "
- "krb5_mk_rep failed (%s)\r\n", s);
- krb5_free_error_message(context, s);
- }
- return;
- }
- Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
- }
- if (krb5_unparse_name(context, ticket->client, &name))
- name = 0;
-
- if(UserNameRequested && krb5_kuserok(context,
- ticket->client,
- UserNameRequested)) {
- Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
- if (auth_debug_mode) {
- printf("Kerberos5 identifies him as ``%s''\r\n",
- name ? name : "");
- }
-
- if(key_block->keytype == ETYPE_DES_CBC_MD5 ||
- key_block->keytype == ETYPE_DES_CBC_MD4 ||
- key_block->keytype == ETYPE_DES_CBC_CRC) {
- Session_Key skey;
-
- skey.type = SK_DES;
- skey.length = 8;
- skey.data = key_block->keyvalue.data;
- encrypt_session_key(&skey, 0);
- }
-
- } else {
- char *msg;
-
- asprintf (&msg, "user `%s' is not authorized to "
- "login as `%s'",
- name ? name : "<unknown>",
- UserNameRequested ? UserNameRequested : "<nobody>");
- if (msg == NULL)
- Data(ap, KRB_REJECT, NULL, 0);
- else {
- Data(ap, KRB_REJECT, (void *)msg, -1);
- free(msg);
- }
- auth_finished (ap, AUTH_REJECT);
- krb5_free_keyblock_contents(context, key_block);
- break;
- }
- auth_finished(ap, AUTH_USER);
- krb5_free_keyblock_contents(context, key_block);
-
- break;
- case KRB_FORWARD: {
- struct passwd *pwd;
- char ccname[1024]; /* XXX */
- krb5_data inbuf;
- krb5_ccache ccache;
- inbuf.data = (char *)data;
- inbuf.length = cnt;
-
- pwd = getpwnam (UserNameRequested);
- if (pwd == NULL)
- break;
-
- snprintf (ccname, sizeof(ccname),
- "FILE:/tmp/krb5cc_%u", pwd->pw_uid);
-
- ret = krb5_cc_resolve (context, ccname, &ccache);
- if (ret) {
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf ("Kerberos V5: could not get ccache: %s\r\n", s);
- krb5_free_error_message(context, s);
- }
- break;
- }
-
- ret = krb5_cc_initialize (context,
- ccache,
- ticket->client);
- if (ret) {
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf ("Kerberos V5: could not init ccache: %s\r\n", s);
- krb5_free_error_message(context, s);
- }
- break;
- }
-
-#if defined(DCE)
- esetenv("KRB5CCNAME", ccname, 1);
-#endif
- ret = krb5_rd_cred2 (context,
- auth_context,
- ccache,
- &inbuf);
- if(ret) {
- char *errbuf;
- s = krb5_get_error_message(context, ret);
-
- asprintf (&errbuf,
- "Read forwarded creds failed: %s", s);
- krb5_free_error_message(context, s);
- if(errbuf == NULL)
- Data(ap, KRB_FORWARD_REJECT, NULL, 0);
- else
- Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
- if (auth_debug_mode)
- printf("Could not read forwarded credentials: %s\r\n",
- errbuf);
- free (errbuf);
- } else {
- Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
-#if defined(DCE)
- dfsfwd = 1;
-#endif
- }
- chown (ccname + 5, pwd->pw_uid, -1);
- if (auth_debug_mode)
- printf("Forwarded credentials obtained\r\n");
- break;
- }
- default:
- if (auth_debug_mode)
- printf("Unknown Kerberos option %d\r\n", data[-1]);
- Data(ap, KRB_REJECT, 0, 0);
- break;
- }
-}
-
-void
-kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt)
-{
- static int mutual_complete = 0;
- const char *s;
-
- if (cnt-- < 1)
- return;
- switch (*data++) {
- case KRB_REJECT:
- if (cnt > 0) {
- printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n",
- cnt, data);
- } else
- printf("[ Kerberos V5 refuses authentication ]\r\n");
- auth_send_retry();
- return;
- case KRB_ACCEPT: {
- krb5_error_code ret;
- Session_Key skey;
- krb5_keyblock *keyblock;
-
- if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL &&
- !mutual_complete) {
- printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n");
- auth_send_retry();
- return;
- }
- if (cnt)
- printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data);
- else
- printf("[ Kerberos V5 accepts you ]\r\n");
-
- ret = krb5_auth_con_getlocalsubkey (context,
- auth_context,
- &keyblock);
- if (ret)
- ret = krb5_auth_con_getkey (context,
- auth_context,
- &keyblock);
- if(ret) {
- s = krb5_get_error_message(context, ret);
- printf("[ krb5_auth_con_getkey: %s ]\r\n", s);
- krb5_free_error_message(context, s);
- auth_send_retry();
- return;
- }
-
- skey.type = SK_DES;
- skey.length = 8;
- skey.data = keyblock->keyvalue.data;
- encrypt_session_key(&skey, 0);
- krb5_free_keyblock_contents (context, keyblock);
- auth_finished(ap, AUTH_USER);
- if (forward_flags & OPTS_FORWARD_CREDS)
- kerberos5_forward(ap);
- break;
- }
- case KRB_RESPONSE:
- if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
- /* the rest of the reply should contain a krb_ap_rep */
- krb5_ap_rep_enc_part *reply;
- krb5_data inbuf;
- krb5_error_code ret;
-
- inbuf.length = cnt;
- inbuf.data = (char *)data;
-
- ret = krb5_rd_rep(context, auth_context, &inbuf, &reply);
- if (ret) {
- s = krb5_get_error_message(context, ret);
- printf("[ Mutual authentication failed: %s ]\r\n", s);
- krb5_free_error_message(context, s);
- auth_send_retry();
- return;
- }
- krb5_free_ap_rep_enc_part(context, reply);
- mutual_complete = 1;
- }
- return;
- case KRB_FORWARD_ACCEPT:
- printf("[ Kerberos V5 accepted forwarded credentials ]\r\n");
- return;
- case KRB_FORWARD_REJECT:
- printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n",
- cnt, data);
- return;
- default:
- if (auth_debug_mode)
- printf("Unknown Kerberos option %d\r\n", data[-1]);
- return;
- }
-}
-
-int
-kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level)
-{
- if (level < AUTH_USER)
- return(level);
-
- if (UserNameRequested &&
- krb5_kuserok(context,
- ticket->client,
- UserNameRequested))
- {
- strlcpy(name, UserNameRequested, name_sz);
-#if defined(DCE)
- dfsk5ok = 1;
-#endif
- return(AUTH_VALID);
- } else
- return(AUTH_USER);
-}
-
-#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
-#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-void
-kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
- int i;
-
- buf[buflen-1] = '\0'; /* make sure its NULL terminated */
- buflen -= 1;
-
- switch(data[3]) {
- case KRB_REJECT: /* Rejected (reason might follow) */
- strlcpy((char *)buf, " REJECT ", buflen);
- goto common;
-
- case KRB_ACCEPT: /* Accepted (name might follow) */
- strlcpy((char *)buf, " ACCEPT ", buflen);
- common:
- BUMP(buf, buflen);
- if (cnt <= 4)
- break;
- ADDC(buf, buflen, '"');
- for (i = 4; i < cnt; i++)
- ADDC(buf, buflen, data[i]);
- ADDC(buf, buflen, '"');
- ADDC(buf, buflen, '\0');
- break;
-
-
- case KRB_AUTH: /* Authentication data follows */
- strlcpy((char *)buf, " AUTH", buflen);
- goto common2;
-
- case KRB_RESPONSE:
- strlcpy((char *)buf, " RESPONSE", buflen);
- goto common2;
-
- case KRB_FORWARD: /* Forwarded credentials follow */
- strlcpy((char *)buf, " FORWARD", buflen);
- goto common2;
-
- case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */
- strlcpy((char *)buf, " FORWARD_ACCEPT", buflen);
- goto common2;
-
- case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */
- /* (reason might follow) */
- strlcpy((char *)buf, " FORWARD_REJECT", buflen);
- goto common2;
-
- default:
- snprintf(buf, buflen, " %d (unknown)", data[3]);
- common2:
- BUMP(buf, buflen);
- for (i = 4; i < cnt; i++) {
- snprintf(buf, buflen, " %d", data[i]);
- BUMP(buf, buflen);
- }
- break;
- }
-}
-
-void
-kerberos5_forward(Authenticator *ap)
-{
- krb5_error_code ret;
- krb5_ccache ccache;
- krb5_creds creds;
- krb5_kdc_flags flags;
- krb5_data out_data;
- krb5_principal principal;
- const char *s;
-
- ret = krb5_cc_default (context, &ccache);
- if (ret) {
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf ("KerberosV5: could not get default ccache: %s\r\n", s);
- krb5_free_error_message(context, s);
- }
- return;
- }
-
- ret = krb5_cc_get_principal (context, ccache, &principal);
- if (ret) {
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf ("KerberosV5: could not get principal: %s\r\n", s);
- krb5_free_error_message(context, s);
- }
- return;
- }
-
- memset (&creds, 0, sizeof(creds));
-
- creds.client = principal;
-
- ret = krb5_build_principal (context,
- &creds.server,
- strlen(principal->realm),
- principal->realm,
- "krbtgt",
- principal->realm,
- NULL);
-
- if (ret) {
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf ("KerberosV5: could not get principal: %s\r\n", s);
- krb5_free_error_message(context, s);
- }
- return;
- }
-
- creds.times.endtime = 0;
-
- flags.i = 0;
- flags.b.forwarded = 1;
- if (forward_flags & OPTS_FORWARDABLE_CREDS)
- flags.b.forwardable = 1;
-
- ret = krb5_get_forwarded_creds (context,
- auth_context,
- ccache,
- flags.i,
- RemoteHostName,
- &creds,
- &out_data);
- if (ret) {
- if (auth_debug_mode) {
- s = krb5_get_error_message(context, ret);
- printf ("Kerberos V5: error getting forwarded creds: %s\r\n", s);
- krb5_free_error_message(context, s);
- }
- return;
- }
-
- if(!Data(ap, KRB_FORWARD, out_data.data, out_data.length)) {
- if (auth_debug_mode)
- printf("Not enough room for authentication data\r\n");
- } else {
- if (auth_debug_mode)
- printf("Forwarded local Kerberos V5 credentials to server\r\n");
- }
-}
-
-#if defined(DCE)
-/* if this was a K5 authentication try and join a PAG for the user. */
-void
-kerberos5_dfspag(void)
-{
- if (dfsk5ok) {
- dfspag = krb5_dfs_pag(context, dfsfwd, ticket->client,
- UserNameRequested);
- }
-}
-#endif
-
-int
-kerberos5_set_forward(int on)
-{
- if(on == 0)
- forward_flags &= ~OPTS_FORWARD_CREDS;
- if(on == 1)
- forward_flags |= OPTS_FORWARD_CREDS;
- if(on == -1)
- forward_flags ^= OPTS_FORWARD_CREDS;
- return 0;
-}
-
-int
-kerberos5_set_forwardable(int on)
-{
- if(on == 0)
- forward_flags &= ~OPTS_FORWARDABLE_CREDS;
- if(on == 1)
- forward_flags |= OPTS_FORWARDABLE_CREDS;
- if(on == -1)
- forward_flags ^= OPTS_FORWARDABLE_CREDS;
- return 0;
-}
-
-#endif /* KRB5 */
-/* $OpenBSD: main.c,v 1.22 2013/10/26 21:33:29 sthen Exp $ */
+/* $OpenBSD: main.c,v 1.23 2014/07/19 23:50:38 guenther Exp $ */
/* $NetBSD: main.c,v 1.5 1996/02/28 21:04:05 thorpej Exp $ */
/*
#define OPTS_FORWARD_CREDS 0x00000002
#define OPTS_FORWARDABLE_CREDS 0x00000001
-#ifdef KRB5
-#define FORWARD
-/* XXX ugly hack to setup dns-proxy stuff */
-#define Authenticator asn1_Authenticator
-#include <kerberosV/krb5.h>
-#endif
-
-#ifdef KRB4
-#include <kerberosIV/krb.h>
-#endif
-
-#ifdef FORWARD
-int forward_flags;
-static int default_forward=0;
-#endif
-
int family = AF_UNSPEC;
int rtableid = -1;
init_telnet();
init_sys();
-
-#if defined(TN3270)
- init_3270();
-#endif
}
void
extern char *__progname;
(void)fprintf(stderr,
-#if defined(TN3270)
- "usage: %s [-d] [-n filename] [-t commandname] [sysname [port]]\n",
-# else
- "usage: %s [-468acdEFfKLrx] [-b hostalias] [-e escapechar] "
- "[-k realm]\n"
- "\t[-l user] [-n tracefile] [-V rtable] [-X authtype] "
- "[host [port]]\n",
-#endif
+ "usage: %s [-4678acDdEKLr] [-b hostalias] [-e escapechar] "
+ "[-l user]\n"
+ "\t[-n tracefile] [-V rtable] [host [port]]\n",
__progname);
exit(1);
}
-
-#ifdef KRB5
-static void
-krb5_init(void)
-{
- krb5_context context;
- krb5_error_code ret;
-
- ret = krb5_init_context(&context);
- if (ret)
- return;
-
-#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
- if (krb5_config_get_bool (context, NULL,
- "libdefaults", "forward", NULL)) {
- forward_flags |= OPTS_FORWARD_CREDS;
- default_forward=1;
- }
- if (krb5_config_get_bool (context, NULL,
- "libdefaults", "forwardable", NULL)) {
- forward_flags |= OPTS_FORWARDABLE_CREDS;
- default_forward=1;
- }
-#endif
-#ifdef ENCRYPTION
- if (krb5_config_get_bool (context, NULL,
- "libdefaults", "encrypt", NULL)) {
- encrypt_auto(1);
- decrypt_auto(1);
- wantencryption = 1;
- EncryptVerbose(1);
- }
-#endif
-
- krb5_free_context(context);
-}
-#endif
-
/*
* main. Parse arguments, invoke the protocol or command parser.
*/
int ch;
char *user, *alias;
const char *errstr;
-#ifdef FORWARD
- extern int forward_flags;
-#endif /* FORWARD */
-
-#ifdef KRB5
- krb5_init();
-#endif
tninit(); /* Clear out things */
rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
- /*
- * if AUTHENTICATION and ENCRYPTION is set autologin will be
- * set to true after the getopt switch; unless the -K option is
- * passed
- */
autologin = -1;
- while ((ch = getopt(argc, argv, "4678DEKLS:X:ab:cde:fFk:l:n:rt:V:x"))
+ while ((ch = getopt(argc, argv, "4678ab:cDdEe:KLl:n:rV:"))
!= -1) {
switch(ch) {
case '4':
case '6':
family = AF_INET6;
break;
+ case '7':
+ eight = 0;
+ break;
case '8':
eight = 3; /* binary output and input */
break;
- case '7':
- eight = 0;
+ case 'a':
+ autologin = 1;
+ break;
+ case 'b':
+ alias = optarg;
+ break;
+ case 'c':
+ skiprc = 1;
break;
case 'D': {
/* sometimes we don't want a mangled display */
env_define("DISPLAY", (unsigned char*)p);
break;
}
-
+ case 'd':
+ debug = 1;
+ break;
case 'E':
rlogin = escape = _POSIX_VDISABLE;
break;
+ case 'e':
+ set_escape_char(optarg);
+ break;
case 'K':
-#ifdef AUTHENTICATION
autologin = 0;
-#endif
break;
case 'L':
eight |= 2; /* binary output only */
break;
- case 'S':
- {
-#ifdef HAS_GETTOS
- extern int tos;
-
- if ((tos = parsetos(optarg, "tcp")) < 0)
- fprintf(stderr, "%s%s%s%s\n",
- prompt, ": Bad TOS argument '",
- optarg,
- "; will try to use default TOS");
-#else
- fprintf(stderr,
- "%s: Warning: -S ignored, no parsetos() support.\n",
- prompt);
-#endif
- }
- break;
- case 'X':
-#ifdef AUTHENTICATION
- auth_disable_name(optarg);
-#endif
- break;
- case 'a':
- autologin = 1;
- break;
- case 'c':
- skiprc = 1;
- break;
- case 'd':
- debug = 1;
- break;
- case 'e':
- set_escape_char(optarg);
- break;
- case 'f':
-#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
- if ((forward_flags & OPTS_FORWARD_CREDS) &&
- !default_forward) {
- fprintf(stderr,
- "%s: Only one of -f and -F allowed.\n",
- prompt);
- usage();
- }
- forward_flags |= OPTS_FORWARD_CREDS;
-#else
- fprintf(stderr,
- "%s: Warning: -f ignored, no Kerberos V5 support.\n",
- prompt);
-#endif
- break;
- case 'F':
-#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
- if ((forward_flags & OPTS_FORWARD_CREDS) &&
- !default_forward) {
- fprintf(stderr,
- "%s: Only one of -f and -F allowed.\n",
- prompt);
- usage();
- }
- forward_flags |= OPTS_FORWARD_CREDS;
- forward_flags |= OPTS_FORWARDABLE_CREDS;
-#else
- fprintf(stderr,
- "%s: Warning: -F ignored, no Kerberos V5 support.\n",
- prompt);
-#endif
- break;
- case 'k':
-#if defined(AUTHENTICATION) && defined(KRB4)
- {
- extern char *dest_realm, dst_realm_buf[];
- extern int dst_realm_sz;
- dest_realm = dst_realm_buf;
- (void)strncpy(dest_realm, optarg, dst_realm_sz);
- }
-#else
- fprintf(stderr,
- "%s: Warning: -k ignored, no Kerberos V4 support.\n",
- prompt);
-#endif
- break;
case 'l':
autologin = -1;
user = optarg;
break;
- case 'b':
- alias = optarg;
- break;
case 'n':
-#if defined(TN3270) && defined(unix)
- /* distinguish between "-n oasynch" and "-noasynch" */
- if (argv[optind - 1][0] == '-' && argv[optind - 1][1]
- == 'n' && argv[optind - 1][2] == 'o') {
- if (!strcmp(optarg, "oasynch")) {
- noasynchtty = 1;
- noasynchnet = 1;
- } else if (!strcmp(optarg, "oasynchtty"))
- noasynchtty = 1;
- else if (!strcmp(optarg, "oasynchnet"))
- noasynchnet = 1;
- } else
-#endif /* defined(TN3270) && defined(unix) */
- SetNetTrace(optarg);
+ SetNetTrace(optarg);
break;
case 'r':
rlogin = '~';
break;
- case 't':
-#if defined(TN3270) && defined(unix)
- (void)strlcpy(tline, optarg, sizeof tline);
- transcom = tline;
-#else
- fprintf(stderr,
- "%s: Warning: -t ignored, no TN3270 support.\n",
- prompt);
-#endif
- break;
case 'V':
rtableid = (int)strtonum(optarg, 0,
RT_TABLEID_MAX, &errstr);
prompt, errstr, optarg);
}
break;
- case 'x':
-#ifdef ENCRYPTION
- encrypt_auto(1);
- decrypt_auto(1);
- wantencryption = 1;
- EncryptVerbose(1);
-#else
- fprintf(stderr,
- "%s: Warning: -x ignored, no ENCRYPT support.\n",
- prompt);
-#endif
- break;
case '?':
default:
usage();
}
}
- if (autologin == -1) {
-#if defined(AUTHENTICATION)
- if(check_krb4_tickets() || check_krb5_tickets())
- autologin = 1;
-#endif
-#if defined(ENCRYPTION)
- encrypt_auto(1);
- decrypt_auto(1);
-#endif
- }
-
if (autologin == -1)
autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
}
(void)setjmp(toplevel);
for (;;) {
-#ifdef TN3270
- if (shell_active)
- shell_continue();
- else
-#endif
- command(1, 0, 0);
+ command(1, 0, 0);
}
return 0;
}
+++ /dev/null
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * from: @(#)misc-proto.h 8.1 (Berkeley) 6/4/93
- * $OpenBSD: misc-proto.h,v 1.1 2005/05/24 03:41:58 deraadt Exp $
- * $NetBSD: misc-proto.h,v 1.5 1996/02/24 01:15:23 jtk Exp $
- */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $KTH: misc-proto.h,v 1.9 2000/11/15 23:00:21 assar Exp $ */
-
-#ifndef __MISC_PROTO__
-#define __MISC_PROTO__
-
-void auth_encrypt_init (const char *, const char *, const char *, int);
-void auth_encrypt_user(const char *name);
-void auth_encrypt_connect (int);
-void printd (const unsigned char *, int);
-
-char** genget (char *name, char **table, int stlen);
-int isprefix(char *s1, char *s2);
-int Ambiguous(void *s);
-
-/*
- * These functions are imported from the application
- */
-int telnet_net_write (unsigned char *, int);
-void net_encrypt (void);
-int telnet_spin (void);
-char *telnet_getenv (const char *);
-char *telnet_gets (char *, char *, int, int);
-void printsub(int direction, unsigned char *pointer, int length);
-void esetenv(const char *, const char *, int);
-#endif
+++ /dev/null
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $KTH: misc.c,v 1.15 2000/01/25 23:24:58 assar Exp $ */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <err.h>
-#include "misc.h"
-#include "auth.h"
-#include "encrypt.h"
-
-
-const char *RemoteHostName;
-const char *LocalHostName;
-char *UserNameRequested = 0;
-int ConnectedCount = 0;
-
-void
-auth_encrypt_init(const char *local, const char *remote, const char *name,
- int server)
-{
- RemoteHostName = remote;
- LocalHostName = local;
-#ifdef AUTHENTICATION
- auth_init(name, server);
-#endif
-#ifdef ENCRYPTION
- encrypt_init(name, server);
-#endif
- if (UserNameRequested) {
- free(UserNameRequested);
- UserNameRequested = 0;
- }
-}
-
-void
-auth_encrypt_user(const char *name)
-{
- if (UserNameRequested)
- free(UserNameRequested);
- UserNameRequested = name ? strdup(name) : 0;
-}
-
-void
-auth_encrypt_connect(int cnt)
-{
-}
-
-void
-printd(const unsigned char *data, int cnt)
-{
- if (cnt > 16)
- cnt = 16;
- while (cnt-- > 0) {
- printf(" %02x", *data);
- ++data;
- }
-}
-
-/* This is stolen from libroken; it's the only thing actually needed from
- * libroken.
- */
-void
-esetenv(const char *var, const char *val, int rewrite)
-{
- if (setenv ((char *)var, (char *)val, rewrite))
- errx (1, "failed setting environment variable %s", var);
-}
+++ /dev/null
-/*-
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * from: @(#)misc.h 8.1 (Berkeley) 6/4/93
- * $OpenBSD: misc.h,v 1.1 2005/05/24 03:41:58 deraadt Exp $
- * $NetBSD: misc.h,v 1.4 1996/02/24 01:15:27 jtk Exp $
- */
-
-extern char *UserNameRequested;
-extern const char *LocalHostName;
-extern const char *RemoteHostName;
-extern int ConnectedCount;
-extern int ReservedPort;
-
-#include "misc-proto.h"
-/* $OpenBSD: network.c,v 1.9 2013/04/21 09:51:24 millert Exp $ */
+/* $OpenBSD: network.c,v 1.10 2014/07/19 23:50:38 guenther Exp $ */
/* $NetBSD: network.c,v 1.5 1996/02/28 21:04:06 thorpej Exp $ */
/*
{
int n, n1;
-#if defined(ENCRYPTION)
- if (encrypt_output)
- ring_encrypt(&netoring, encrypt_output);
-#endif
if ((n1 = n = ring_full_consecutive(&netoring)) > 0) {
if (!ring_at_mark(&netoring)) {
n = send(net, (char *)netoring.consume, n, 0); /* normal write */
-/* $OpenBSD: ring.c,v 1.5 2003/06/03 02:56:18 millert Exp $ */
+/* $OpenBSD: ring.c,v 1.6 2014/07/19 23:50:38 guenther Exp $ */
/* $NetBSD: ring.c,v 1.7 1996/02/28 21:04:07 thorpej Exp $ */
/*
ring->top = ring->bottom+ring->size;
-#if defined(ENCRYPTION)
- ring->clearto = 0;
-#endif
-
return 1;
}
(ring_subtract(ring, ring->mark, ring->consume) < count)) {
ring->mark = 0;
}
-#if defined(ENCRYPTION)
- if (ring->consume < ring->clearto &&
- ring->clearto <= ring->consume + count)
- ring->clearto = 0;
- else if (ring->consume + count > ring->top &&
- ring->bottom <= ring->clearto &&
- ring->bottom + ((ring->consume + count) - ring->top))
- ring->clearto = 0;
-#endif
ring->consume = ring_increment(ring, ring->consume, count);
ring->consumetime = ++ring_clock;
/*
buffer += i;
}
}
-
-#ifdef notdef
-
-/*
- * Move data from the "consume" portion of the ring buffer
- */
- void
-ring_consume_data(ring, buffer, count)
- Ring *ring;
- unsigned char *buffer;
- int count;
-{
- int i;
-
- while (count) {
- i = MIN(count, ring_full_consecutive(ring));
- memmove(buffer, ring->consume, i);
- ring_consumed(ring, i);
- count -= i;
- buffer += i;
- }
-}
-#endif
-
-#if defined(ENCRYPTION)
-void
-ring_encrypt(Ring *ring, void (*encryptor)())
-{
- unsigned char *s, *c;
-
- if (ring_empty(ring) || ring->clearto == ring->supply)
- return;
-
- if (!(c = ring->clearto))
- c = ring->consume;
-
- s = ring->supply;
-
- if (s <= c) {
- (*encryptor)(c, ring->top - c);
- (*encryptor)(ring->bottom, s - ring->bottom);
- } else
- (*encryptor)(c, s - c);
-
- ring->clearto = ring->supply;
-}
-
-void
-ring_clearto(Ring *ring)
-{
- if (!ring_empty(ring))
- ring->clearto = ring->supply;
- else
- ring->clearto = 0;
-}
-#endif
-
-/* $OpenBSD: ring.h,v 1.6 2003/06/03 02:56:18 millert Exp $ */
+/* $OpenBSD: ring.h,v 1.7 2014/07/19 23:50:38 guenther Exp $ */
/* $NetBSD: ring.h,v 1.5 1996/02/28 21:04:09 thorpej Exp $ */
/*
*bottom, /* lowest address in buffer */
*top, /* highest address+1 in buffer */
*mark; /* marker (user defined) */
-#if defined(ENCRYPTION)
- unsigned char *clearto; /* Data to this point is clear text */
- unsigned char *encryyptedto; /* Data is encrypted to here */
-#endif
int size; /* size in bytes of buffer */
u_long consumetime, /* help us keep straight full, empty, etc. */
supplytime;
/* Data movement routines */
extern void
ring_supply_data(Ring *ring, unsigned char *buffer, int count);
-#ifdef notdef
-extern void
- ring_consume_data(Ring *ring, unsigned char *buffer, int count);
-#endif
/* Buffer state transition routines */
extern void
ring_full_count(Ring *ring),
ring_full_consecutive(Ring *ring);
-#if defined(ENCRYPTION)
-extern void
- ring_encrypt (Ring *ring, void (*func)()),
- ring_clearto (Ring *ring);
-#endif
-
-
extern void
ring_clear_mark(Ring *),
ring_mark(Ring *);
-/* $OpenBSD: sys_bsd.c,v 1.15 2013/04/21 09:51:24 millert Exp $ */
+/* $OpenBSD: sys_bsd.c,v 1.16 2014/07/19 23:50:38 guenther Exp $ */
/* $NetBSD: sys_bsd.c,v 1.11 1996/02/28 21:04:10 thorpej Exp $ */
/*
#define TELNET_FD_NET 2
#define TELNET_FD_NUM 3
-#ifndef USE_TERMIO
-struct tchars otc = { 0 }, ntc = { 0 };
-struct ltchars oltc = { 0 }, nltc = { 0 };
-struct sgttyb ottyb = { 0 }, nttyb = { 0 };
-int olmode = 0;
-# define cfgetispeed(ptr) (ptr)->sg_ispeed
-# define cfgetospeed(ptr) (ptr)->sg_ospeed
-# define old_tc ottyb
-
-#else /* USE_TERMIO */
struct termios old_tc = { 0 };
extern struct termios new_tc;
-# ifndef TCSANOW
-# ifdef TCSETS
-# define TCSANOW TCSETS
-# define TCSADRAIN TCSETSW
-# define tcgetattr(f, t) ioctl(f, TCGETS, (char *)t)
-# else
-# ifdef TCSETA
-# define TCSANOW TCSETA
-# define TCSADRAIN TCSETAW
-# define tcgetattr(f, t) ioctl(f, TCGETA, (char *)t)
-# else
-# define TCSANOW TIOCSETA
-# define TCSADRAIN TIOCSETAW
-# define tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t)
-# endif
-# endif
-# define tcsetattr(f, a, t) ioctl(f, a, (char *)t)
-# define cfgetospeed(ptr) ((ptr)->c_cflag&CBAUD)
-# ifdef CIBAUD
-# define cfgetispeed(ptr) (((ptr)->c_cflag&CIBAUD) >> IBSHIFT)
-# else
-# define cfgetispeed(ptr) cfgetospeed(ptr)
-# endif
-# endif /* TCSANOW */
-# ifdef sysV88
-# define TIOCFLUSH TC_PX_DRAIN
-# endif
-#endif /* USE_TERMIO */
-
void
init_sys()
{
void
TerminalSaveState()
{
-#ifndef USE_TERMIO
- ioctl(0, TIOCGETP, (char *)&ottyb);
- ioctl(0, TIOCGETC, (char *)&otc);
- ioctl(0, TIOCGLTC, (char *)&oltc);
- ioctl(0, TIOCLGET, (char *)&olmode);
-
- ntc = otc;
- nltc = oltc;
- nttyb = ottyb;
-
-#else /* USE_TERMIO */
tcgetattr(0, &old_tc);
new_tc = old_tc;
#ifndef VSTATUS
termAytChar = CONTROL('T');
#endif
-#endif /* USE_TERMIO */
}
cc_t *
case SLC_XON: return(&termStartChar);
case SLC_XOFF: return(&termStopChar);
case SLC_FORW1: return(&termForw1Char);
-#ifdef USE_TERMIO
case SLC_FORW2: return(&termForw2Char);
# ifdef VDISCARD
case SLC_AO: return(&termFlushChar);
# ifdef VSTATUS
case SLC_AYT: return(&termAytChar);
# endif
-#endif
case SLC_SYNCH:
case SLC_BRK:
void
TerminalDefaultChars()
{
-#ifndef USE_TERMIO
- ntc = otc;
- nltc = oltc;
- nttyb.sg_kill = ottyb.sg_kill;
- nttyb.sg_erase = ottyb.sg_erase;
-#else /* USE_TERMIO */
memmove(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc));
# ifndef VDISCARD
termFlushChar = CONTROL('O');
# ifndef VSTATUS
termAytChar = CONTROL('T');
# endif
-#endif /* USE_TERMIO */
}
-#ifdef notdef
-void
-TerminalRestoreState()
-{
-}
-#endif
-
/*
* TerminalNewMode - set up terminal to a specific mode.
* MODE_ECHO: do local terminal echo
int f;
{
static int prevmode = 0;
-#ifndef USE_TERMIO
- struct tchars tc;
- struct ltchars ltc;
- struct sgttyb sb;
- int lmode;
-#else /* USE_TERMIO */
struct termios tmp_tc;
-#endif /* USE_TERMIO */
int onoff;
int old;
cc_t esc;
* left to write out, it returns -1 if it couldn't do
* anything at all, otherwise it returns 1 + the number
* of characters left to write.
-#ifndef USE_TERMIO
- * We would really like ask the kernel to wait for the output
- * to drain, like we can do with the TCSADRAIN, but we don't have
- * that option. The only ioctl that waits for the output to
- * drain, TIOCSETP, also flushes the input queue, which is NOT
- * what we want (TIOCSETP is like TCSADFLUSH).
-#endif
*/
old = ttyflush(SYNCHing|flushout);
if (old < 0 || old > 1) {
-#ifdef USE_TERMIO
tcgetattr(tin, &tmp_tc);
-#endif /* USE_TERMIO */
do {
/*
* Wait for data to drain, then flush again.
*/
-#ifdef USE_TERMIO
tcsetattr(tin, TCSADRAIN, &tmp_tc);
-#endif /* USE_TERMIO */
old = ttyflush(SYNCHing|flushout);
} while (old < 0 || old > 1);
}
old = prevmode;
prevmode = f&~MODE_FORCE;
-#ifndef USE_TERMIO
- sb = nttyb;
- tc = ntc;
- ltc = nltc;
- lmode = olmode;
-#else
tmp_tc = new_tc;
-#endif
if (f&MODE_ECHO) {
-#ifndef USE_TERMIO
- sb.sg_flags |= ECHO;
-#else
tmp_tc.c_lflag |= ECHO;
tmp_tc.c_oflag |= ONLCR;
if (crlf)
tmp_tc.c_iflag |= ICRNL;
-#endif
} else {
-#ifndef USE_TERMIO
- sb.sg_flags &= ~ECHO;
-#else
tmp_tc.c_lflag &= ~ECHO;
tmp_tc.c_oflag &= ~ONLCR;
-# ifdef notdef
- if (crlf)
- tmp_tc.c_iflag &= ~ICRNL;
-# endif
-#endif
}
if ((f&MODE_FLOW) == 0) {
-#ifndef USE_TERMIO
- tc.t_startc = _POSIX_VDISABLE;
- tc.t_stopc = _POSIX_VDISABLE;
-#else
tmp_tc.c_iflag &= ~(IXOFF|IXON); /* Leave the IXANY bit alone */
} else {
if (restartany < 0) {
tmp_tc.c_iflag |= IXOFF|IXON;
tmp_tc.c_iflag &= ~IXANY;
}
-#endif
}
if ((f&MODE_TRAPSIG) == 0) {
-#ifndef USE_TERMIO
- tc.t_intrc = _POSIX_VDISABLE;
- tc.t_quitc = _POSIX_VDISABLE;
- tc.t_eofc = _POSIX_VDISABLE;
- ltc.t_suspc = _POSIX_VDISABLE;
- ltc.t_dsuspc = _POSIX_VDISABLE;
-#else
tmp_tc.c_lflag &= ~ISIG;
-#endif
localchars = 0;
} else {
-#ifdef USE_TERMIO
tmp_tc.c_lflag |= ISIG;
-#endif
localchars = 1;
}
if (f&MODE_EDIT) {
-#ifndef USE_TERMIO
- sb.sg_flags &= ~CBREAK;
- sb.sg_flags |= CRMOD;
-#else
tmp_tc.c_lflag |= ICANON;
-#endif
} else {
-#ifndef USE_TERMIO
- sb.sg_flags |= CBREAK;
- if (f&MODE_ECHO)
- sb.sg_flags |= CRMOD;
- else
- sb.sg_flags &= ~CRMOD;
-#else
tmp_tc.c_lflag &= ~ICANON;
tmp_tc.c_iflag &= ~ICRNL;
tmp_tc.c_cc[VMIN] = 1;
tmp_tc.c_cc[VTIME] = 0;
-#endif
}
if ((f&(MODE_EDIT|MODE_TRAPSIG)) == 0) {
-#ifndef USE_TERMIO
- ltc.t_lnextc = _POSIX_VDISABLE;
-#else
tmp_tc.c_lflag &= ~IEXTEN;
-#endif
}
if (f&MODE_SOFT_TAB) {
-#ifndef USE_TERMIO
- sb.sg_flags |= XTABS;
-#else
# ifdef OXTABS
tmp_tc.c_oflag |= OXTABS;
# endif
tmp_tc.c_oflag &= ~TABDLY;
tmp_tc.c_oflag |= TAB3;
# endif
-#endif
} else {
-#ifndef USE_TERMIO
- sb.sg_flags &= ~XTABS;
-#else
# ifdef OXTABS
tmp_tc.c_oflag &= ~OXTABS;
# endif
# ifdef TABDLY
tmp_tc.c_oflag &= ~TABDLY;
# endif
-#endif
}
if (f&MODE_LIT_ECHO) {
-#ifndef USE_TERMIO
- lmode &= ~LCTLECH;
-#else
# ifdef ECHOCTL
tmp_tc.c_lflag &= ~ECHOCTL;
# endif
-#endif
} else {
-#ifndef USE_TERMIO
- lmode |= LCTLECH;
-#else
# ifdef ECHOCTL
tmp_tc.c_lflag |= ECHOCTL;
# endif
-#endif
}
if (f == -1) {
onoff = 0;
} else {
-#ifndef USE_TERMIO
- if (f & MODE_OUTBIN)
- lmode |= LLITOUT;
- else
- lmode &= ~LLITOUT;
-
- if (f & MODE_INBIN)
- lmode |= LPASS8;
- else
- lmode &= ~LPASS8;
-#else
if (f & MODE_INBIN)
tmp_tc.c_iflag &= ~ISTRIP;
else
tmp_tc.c_cflag |= old_tc.c_cflag & (CSIZE|PARENB);
tmp_tc.c_oflag |= OPOST;
}
-#endif
onoff = 1;
}
#ifdef SIGINFO
(void) signal(SIGINFO, ayt);
#endif
-#if defined(USE_TERMIO) && defined(NOKERNINFO)
+#if defined(NOKERNINFO)
tmp_tc.c_lflag |= NOKERNINFO;
#endif
/*
* to process it because it will be processed when the
* user attempts to read it, not when we send it.
*/
-#ifndef USE_TERMIO
- ltc.t_dsuspc = _POSIX_VDISABLE;
-#else
# ifdef VDSUSP
tmp_tc.c_cc[VDSUSP] = (cc_t)(_POSIX_VDISABLE);
# endif
-#endif
-#ifdef USE_TERMIO
/*
* If the VEOL character is already set, then use VEOL2,
* otherwise use VEOL.
tmp_tc.c_cc[VEOL2] = esc;
# endif
}
-#else
- if (tc.t_brkc == (cc_t)(_POSIX_VDISABLE))
- tc.t_brkc = esc;
-#endif
} else {
#ifdef SIGTSTP
sigset_t mask;
sigaddset(&mask, SIGTSTP);
sigprocmask(SIG_UNBLOCK, &mask, NULL);
#endif /* SIGTSTP */
-#ifndef USE_TERMIO
- ltc = oltc;
- tc = otc;
- sb = ottyb;
- lmode = olmode;
-#else
tmp_tc = old_tc;
-#endif
}
-#ifndef USE_TERMIO
- ioctl(tin, TIOCLSET, (char *)&lmode);
- ioctl(tin, TIOCSLTC, (char *)<c);
- ioctl(tin, TIOCSETC, (char *)&tc);
- ioctl(tin, TIOCSETN, (char *)&sb);
-#else
if (tcsetattr(tin, TCSADRAIN, &tmp_tc) < 0)
tcsetattr(tin, TCSANOW, &tmp_tc);
-#endif
-#if (!defined(TN3270)) || ((!defined(NOT43)) || defined(PUTCHAR))
-# if !defined(sysV88)
ioctl(tin, FIONBIO, (char *)&onoff);
ioctl(tout, FIONBIO, (char *)&onoff);
-# endif
-#endif /* (!defined(TN3270)) || ((!defined(NOT43)) || defined(PUTCHAR)) */
-#if defined(TN3270)
- if (noasynchtty == 0) {
- ioctl(tin, FIOASYNC, (char *)&onoff);
- }
-#endif /* defined(TN3270) */
-
}
/*
ioctl(fd, FIONBIO, (char *)&onoff);
}
-#if defined(TN3270)
- void
-NetSigIO(fd, onoff)
- int fd;
- int onoff;
-{
- ioctl(fd, FIOASYNC, (char *)&onoff); /* hear about input */
-}
-
- void
-NetSetPgrp(fd)
- int fd;
-{
- pid_t myPid;
-
- myPid = getpid();
- fcntl(fd, F_SETOWN, myPid);
-}
-#endif /*defined(TN3270)*/
\f
/*
* Various signal handling routines.
void
sys_telnet_init()
{
+ int one = 1;
+
(void) signal(SIGINT, intr);
(void) signal(SIGQUIT, intr2);
(void) signal(SIGPIPE, deadpeer);
NetNonblockingIO(net, 1);
-#if defined(TN3270)
- if (noasynchnet == 0) { /* DBX can't handle! */
- NetSigIO(net, 1);
- NetSetPgrp(net);
- }
-#endif /* defined(TN3270) */
-
-#if defined(SO_OOBINLINE)
- if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) == -1) {
- perror("SetSockOpt");
+ if (setsockopt(net, SOL_SOCKET, SO_OOBINLINE, &one, sizeof(one)) == -1) {
+ perror("setsockopt");
}
-#endif /* defined(SO_OOBINLINE) */
}
/*
if (errno == EINTR) {
return 0;
}
-# if defined(TN3270)
- /*
- * we can get EBADF if we were in transparent
- * mode, and the transcom process died.
- */
- if (errno == EBADF) {
- return 0;
- }
-# endif /* defined(TN3270) */
/* I don't like this, does it ever happen? */
printf("sleep(5) from telnet, after poll\r\n");
sleep(5);
int canread;
canread = ring_empty_consecutive(&netiring);
-#if !defined(SO_OOBINLINE)
- /*
- * In 4.2 (and some early 4.3) systems, the
- * OOB indication and data handling in the kernel
- * is such that if two separate TCP Urgent requests
- * come in, one byte of TCP data will be overlaid.
- * This is fatal for Telnet, but we try to live
- * with it.
- *
- * In addition, in 4.2 (and...), a special protocol
- * is needed to pick up the TCP Urgent data in
- * the correct sequence.
- *
- * What we do is: if we think we are in urgent
- * mode, we look to see if we are "at the mark".
- * If we are, we do an OOB receive. If we run
- * this twice, we will do the OOB receive twice,
- * but the second will fail, since the second
- * time we were "at the mark", but there wasn't
- * any data there (the kernel doesn't reset
- * "at the mark" until we do a normal read).
- * Once we've read the OOB data, we go ahead
- * and do normal reads.
- *
- * There is also another problem, which is that
- * since the OOB byte we read doesn't put us
- * out of OOB state, and since that byte is most
- * likely the TELNET DM (data mark), we would
- * stay in the TELNET SYNCH (SYNCHing) state.
- * So, clocks to the rescue. If we've "just"
- * received a DM, then we test for the
- * presence of OOB data when the receive OOB
- * fails (and AFTER we did the normal mode read
- * to clear "at the mark").
- */
- if (SYNCHing) {
- int atmark;
- static int bogus_oob = 0, first = 1;
-
- ioctl(net, SIOCATMARK, (char *)&atmark);
- if (atmark) {
- c = recv(net, netiring.supply, canread, MSG_OOB);
- if ((c == -1) && (errno == EINVAL)) {
- c = recv(net, netiring.supply, canread, 0);
- if (clocks.didnetreceive < clocks.gotDM) {
- SYNCHing = stilloob(net);
- }
- } else if (first && c > 0) {
- /*
- * Bogosity check. Systems based on 4.2BSD
- * do not return an error if you do a second
- * recv(MSG_OOB). So, we do one. If it
- * succeeds and returns exactly the same
- * data, then assume that we are running
- * on a broken system and set the bogus_oob
- * flag. (If the data was different, then
- * we probably got some valid new data, so
- * increment the count...)
- */
- int i;
- i = recv(net, netiring.supply + c, canread - c, MSG_OOB);
- if (i == c &&
- memcmp(netiring.supply, netiring.supply + c, i) == 0) {
- bogus_oob = 1;
- first = 0;
- } else if (i < 0) {
- bogus_oob = 0;
- first = 0;
- } else
- c += i;
- }
- if (bogus_oob && c > 0) {
- int i;
- /*
- * Bogosity. We have to do the read
- * to clear the atmark to get out of
- * an infinate loop.
- */
- i = read(net, netiring.supply + c, canread - c);
- if (i > 0)
- c += i;
- }
- } else {
- c = recv(net, netiring.supply, canread, 0);
- }
- } else {
- c = recv(net, netiring.supply, canread, 0);
- }
- settimer(didnetreceive);
-#else /* !defined(SO_OOBINLINE) */
c = recv(net, (char *)netiring.supply, canread, 0);
-#endif /* !defined(SO_OOBINLINE) */
if (c < 0 && errno == EWOULDBLOCK) {
c = 0;
} else if (c <= 0) {
-.\" $OpenBSD: telnet.1,v 1.49 2014/05/09 06:37:38 jmc Exp $
+.\" $OpenBSD: telnet.1,v 1.50 2014/07/19 23:50:38 guenther Exp $
.\" $NetBSD: telnet.1,v 1.5 1996/02/28 21:04:12 thorpej Exp $
.\"
.\" Copyright (c) 1983, 1990, 1993
.\"
.\" from: @(#)telnet.1 8.4 (Berkeley) 2/3/94
.\"
-.Dd $Mdocdate: May 9 2014 $
+.Dd $Mdocdate: July 19 2014 $
.Dt TELNET 1
.Os
.Sh NAME
.Sh SYNOPSIS
.Nm telnet
.Bk -words
-.Op Fl 468acdEFfKLrx
+.Op Fl 4678acDdEKLr
.Op Fl b Ar hostalias
.Op Fl e Ar escapechar
-.Op Fl k Ar realm
.Op Fl l Ar user
.Op Fl n Ar tracefile
.Op Fl V Ar rtable
-.Op Fl X Ar authtype
.Oo
.Ar host
.Op Ar port
Forces
.Nm
to use IPv6 addresses only.
+.It Fl 7
+Specifies a 7-bit data path.
+This attempts to disable the
+.Dv TELNET BINARY
+option on both input and output.
.It Fl 8
Specifies an 8-bit data path.
-This causes an attempt to negotiate the
+This attempts to negotiate the
.Dv TELNET BINARY
option on both input and output.
.It Fl a
(See the
.Ic toggle skiprc
command on this man page.)
+.It Fl D
+Disables rewriting of the
+.Ev DISPLAY
+variable when it starts with
+.Sq :\&
+or
+.Sq unix: .
+By default, these are replaced with the local hostname and a colon.
.It Fl d
Sets the initial value of the
.Ic debug
.Ar escapechar
is omitted, then
there will be no escape character.
-.It Fl F
-If Kerberos authentication is being used, the
-.Fl F
-option allows the local credentials to be forwarded
-to the remote system, including any credentials that
-have already been forwarded into the local environment.
-.It Fl f
-If Kerberos authentication is being used, the
-.Fl f
-option allows the local credentials to be forwarded to the remote system.
.It Fl K
Specifies no automatic login to the remote system.
-.It Fl k Ar realm
-If Kerberos authentication is being used, the
-.Fl k
-option requests that
-.Nm
-obtain tickets for the remote host in
-realm
-.Ar realm
-instead of the remote host's realm.
.It Fl L
Specifies an 8-bit data path on output.
-This causes the BINARY option to be negotiated on output.
+This attempts to negotiate the
+.Dv TELNET BINARY
+option on output.
.It Fl l Ar user
When connecting to the remote system, if the remote system
understands the
option.
.It Fl V Ar rtable
Set the routing table to be used.
-.It Fl X Ar authtype
-Disables the
-.Ar authtype
-type of authentication.
-.It Fl x
-Turn on encryption of the data stream.
-When this option is turned on,
-.Nm
-will exit with an error if authentication cannot be negotiated or if
-encryption cannot be turned on.
.It Ar host
Indicates the official name, an alias, or the Internet address
of a remote host.
.Ic display
commands).
.Bl -tag -width "mode type"
-.It Ic auth Ar argument ...
-The
-.Ic auth
-command manipulates the information sent through the
-.Dv TELNET AUTHENTICATE
-option.
-Valid arguments for the
-.Ic auth
-command are as follows:
-.Bl -tag -width "disable type"
-.It Ic disable Ar type
-Disables the specified
-.Ar type
-of authentication.
-To obtain a list of available types, use the
-.Ic auth disable ?\&
-command.
-.It Ic enable Ar type
-Enables the specified
-.Ar type
-of authentication.
-To obtain a list of available types, use the
-.Ic auth enable ?\&
-command.
-.It Ic status
-Lists the current status of the various types of
-authentication.
-.El
.It Ic close
Close a TELNET session and return to command mode.
.It Ic display Ar argument ...
and
.Ic toggle
values (see below).
-.It Ic encrypt Ar argument ...
-The
-.Ic encrypt
-command manipulates the information sent through the
-.Dv TELNET ENCRYPT
-option that's available when Kerberos is used.
-.Pp
-Valid arguments for the encrypt command are as follows:
-.Bl -tag -width Ar
-.It Ic disable Ar type Ic [input|output]
-Disables the specified
-.Ar type
-of encryption.
-If you omit
-.Ic input
-and
-.Ic output ,
-both input and output
-are disabled.
-To obtain a list of available types, use the
-.Ic encrypt disable ?\&
-command.
-.It Ic enable Ar type Ic [input|output]
-Enables the specified
-.Ar type
-of encryption.
-If you omit
-.Ic input
-and
-.Ic output ,
-both input and output are
-enabled.
-To obtain a list of available types, use the
-.Ic encrypt enable ?\&
-command.
-.It Ic input
-This is the same as the
-.Ic encrypt start input
-command.
-.It Ic -input
-This is the same as the
-.Ic encrypt stop input
-command.
-.It Ic output
-This is the same as the
-.Ic encrypt start output
-command.
-.It Ic -output
-This is the same as the
-.Ic encrypt stop output
-command.
-.It Ic start Ic [input|output]
-Attempts to start encryption.
-If you omit
-.Ic input
-and
-.Ic output ,
-both input and output are enabled.
-To obtain a list of available types, use the
-.Ic encrypt enable ?\&
-command.
-.It Ic status
-Lists the current status of encryption.
-.It Ic stop Ic [input|output]
-Stops encryption.
-If you omit
-.Ic input
-and
-.Ic output ,
-encryption is on both input and output.
-.It Ic type Ar type
-Sets the default type of encryption to be used
-with later
-.Ic encrypt start
-or
-.Ic encrypt stop
-commands.
-.El
.It Ic environ Ar argument ...
The
.Ic environ
.El
.It Xo
.Ic open Ar host
+.Op Fl a
+.Op Fl b hostalias
.Op Fl l Ar user
.Oo Op Fl
.Ar port Oc
or an Internet address specified in the ``dot notation'' (see
.Xr inet_ntop 3 ) .
The
+.Fl a ,
+.Fl b ,
+and
.Fl l
-option may be used to specify the user name
-to be passed to the remote system via the
-.Ev ENVIRON
-option.
+options are equivalent to the identical command line options,
+but only apply to the new telnet connection being opened.
When connecting to a non-standard port,
.Nm
omits any automatic initiation of TELNET options.
command.
Valid arguments are:
.Bl -tag -width Ar
-.It Ic authdebug
-Turns on debugging information for the authentication code.
.It Ic autoflush
If
.Ic autoflush
.Dv FALSE
(see
.Xr stty 1 ) .
-.It Ic autodecrypt
-When the
-.Dv TELNET ENCRYPT
-option is negotiated, by
-default the actual encryption (decryption) of the data
-stream does not start automatically.
-The
-.Ic autoencrypt
-.Pq Ic autodecrypt
-command states that encryption of the
-output (input) stream should be enabled as soon as
-possible.
.It Ic autologin
-If the remote side supports the
-.Dv TELNET AUTHENTICATION
-option TELNET attempts to use it to perform automatic authentication.
-If the
-.Dv AUTHENTICATION
-option is not supported, the user's login
+The user's login
name is propagated through the
.Dv TELNET ENVIRON
option.
Toggles socket level debugging (useful only to the superuser).
The initial value for this toggle is
.Dv FALSE .
-.It Ic encdebug
-Turns on debugging information for the encryption code.
.It Ic localchars
If this is
.Dv TRUE ,
-/* $OpenBSD: telnet.c,v 1.20 2009/04/28 06:46:03 chl Exp $ */
+/* $OpenBSD: telnet.c,v 1.21 2014/07/19 23:50:38 guenther Exp $ */
/* $NetBSD: telnet.c,v 1.7 1996/02/28 21:04:15 thorpej Exp $ */
/*
skiprc = 0,
connected,
showoptions,
- In3270, /* Are we in 3270 mode? */
ISend, /* trying to send network data in */
debug = 0,
crmod,
netdata, /* Print out network data flow */
crlf, /* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
-#if defined(TN3270)
- noasynchtty = 0,/* User specified "-noasynch" on command line */
- noasynchnet = 0,/* User specified "-noasynch" on command line */
- askedSGA = 0, /* We have talked about suppress go ahead */
-#endif /* defined(TN3270) */
telnetport,
wantencryption = 0,
SYNCHing, /* we are in TELNET SYNCH mode */
#define TS_SE 8 /* looking for sub-option end */
static int telrcv_state;
-#ifdef OLD_ENVIRON
-unsigned char telopt_environ = TELOPT_NEW_ENVIRON;
-#else
# define telopt_environ TELOPT_NEW_ENVIRON
-#endif
jmp_buf toplevel = { 0 };
jmp_buf peerdied;
SB_CLEAR();
memset((char *)options, 0, sizeof options);
- connected = In3270 = ISend = localflow = donebinarytoggle = 0;
-#if defined(AUTHENTICATION) || defined(ENCRYPTION)
- auth_encrypt_connect(connected);
-#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */
+ connected = ISend = localflow = donebinarytoggle = 0;
restartany = -1;
SYNCHing = 0;
switch (option) {
case TELOPT_ECHO:
-# if defined(TN3270)
- /*
- * The following is a pain in the rear-end.
- * Various IBM servers (some versions of Wiscnet,
- * possibly Fibronics/Spartacus, and who knows who
- * else) will NOT allow us to send "DO SGA" too early
- * in the setup proceedings. On the other hand,
- * 4.2 servers (telnetd) won't set SGA correctly.
- * So, we are stuck. Empirically (but, based on
- * a VERY small sample), the IBM servers don't send
- * out anything about ECHO, so we postpone our sending
- * "DO SGA" until we see "WILL ECHO" (which 4.2 servers
- * DO send).
- */
- {
- if (askedSGA == 0) {
- askedSGA = 1;
- if (my_want_state_is_dont(TELOPT_SGA))
- send_do(TELOPT_SGA, 1);
- }
- }
- /* Fall through */
- case TELOPT_EOR:
-#endif /* defined(TN3270) */
case TELOPT_BINARY:
case TELOPT_SGA:
settimer(modenegotiated);
/* FALL THROUGH */
case TELOPT_STATUS:
-#if defined(AUTHENTICATION)
- case TELOPT_AUTHENTICATION:
-#endif
-#if defined(ENCRYPTION)
- case TELOPT_ENCRYPT:
-#endif
new_state_ok = 1;
break;
}
}
set_my_state_do(option);
-#if defined(ENCRYPTION)
- if (option == TELOPT_ENCRYPT)
- encrypt_send_support();
-#endif
}
set_my_state_dont(option);
return; /* Never reply to TM will's/wont's */
-#ifdef ENCRYPTION
- case TELOPT_ENCRYPT:
- encrypt_not();
- break;
-#endif
default:
break;
}
set_my_state_wont(TELOPT_TM);
return;
-# if defined(TN3270)
- case TELOPT_EOR: /* end of record */
-# endif /* defined(TN3270) */
case TELOPT_BINARY: /* binary mode */
case TELOPT_NAWS: /* window size */
case TELOPT_TSPEED: /* terminal speed */
case TELOPT_LFLOW: /* local flow control */
case TELOPT_TTYPE: /* terminal type option */
case TELOPT_SGA: /* no big deal */
-#if defined(ENCRYPTION)
- case TELOPT_ENCRYPT: /* encryption variable option */
-#endif
new_state_ok = 1;
break;
case TELOPT_NEW_ENVIRON: /* New environment variable option */
-#ifdef OLD_ENVIRON
- if (my_state_is_will(TELOPT_OLD_ENVIRON))
- send_wont(TELOPT_OLD_ENVIRON, 1); /* turn off the old */
- goto env_common;
- case TELOPT_OLD_ENVIRON: /* Old environment variable option */
- if (my_state_is_will(TELOPT_NEW_ENVIRON))
- break; /* Don't enable if new one is in use! */
- env_common:
- telopt_environ = option;
-#endif
new_state_ok = 1;
break;
-#if defined(AUTHENTICATION)
- case TELOPT_AUTHENTICATION:
- if (autologin)
- new_state_ok = 1;
- break;
-#endif
-
case TELOPT_XDISPLOC: /* X Display location */
if (env_getvalue((unsigned char *)"DISPLAY", 0))
new_state_ok = 1;
case TELOPT_LINEMODE:
linemode = 0; /* put us back to the default state */
break;
-#ifdef OLD_ENVIRON
- case TELOPT_NEW_ENVIRON:
- /*
- * The new environ option wasn't recognized, try
- * the old one.
- */
- send_will(TELOPT_OLD_ENVIRON, 1);
- telopt_environ = TELOPT_OLD_ENVIRON;
- break;
-#endif
}
/* we always accept a DONT */
set_my_want_state_wont(option);
unsigned char temp[50];
int len;
-#if defined(TN3270)
- if (tn3270_ttype()) {
- return;
- }
-#endif /* defined(TN3270) */
name = gettermname();
len = strlen(name) + 4 + 2;
if (len < NETROOM()) {
}
break;
-#ifdef OLD_ENVIRON
- case TELOPT_OLD_ENVIRON:
-#endif
case TELOPT_NEW_ENVIRON:
if (SB_EOF())
return;
}
break;
-#if defined(AUTHENTICATION)
- case TELOPT_AUTHENTICATION: {
- if (!autologin)
- break;
- if (SB_EOF())
- return;
- switch(SB_GET()) {
- case TELQUAL_IS:
- if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
- return;
- auth_is(subpointer, SB_LEN());
- break;
- case TELQUAL_SEND:
- if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
- return;
- auth_send(subpointer, SB_LEN());
- break;
- case TELQUAL_REPLY:
- if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
- return;
- auth_reply(subpointer, SB_LEN());
- break;
- case TELQUAL_NAME:
- if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
- return;
- auth_name(subpointer, SB_LEN());
- break;
- }
- }
- break;
-#endif
-#if defined(ENCRYPTION)
- case TELOPT_ENCRYPT:
- if (SB_EOF())
- return;
- switch(SB_GET()) {
- case ENCRYPT_START:
- if (my_want_state_is_dont(TELOPT_ENCRYPT))
- return;
- encrypt_start(subpointer, SB_LEN());
- break;
- case ENCRYPT_END:
- if (my_want_state_is_dont(TELOPT_ENCRYPT))
- return;
- encrypt_end();
- break;
- case ENCRYPT_SUPPORT:
- if (my_want_state_is_wont(TELOPT_ENCRYPT))
- return;
- encrypt_support(subpointer, SB_LEN());
- break;
- case ENCRYPT_REQSTART:
- if (my_want_state_is_wont(TELOPT_ENCRYPT))
- return;
- encrypt_request_start(subpointer, SB_LEN());
- break;
- case ENCRYPT_REQEND:
- if (my_want_state_is_wont(TELOPT_ENCRYPT))
- return;
- /*
- * We can always send an REQEND so that we cannot
- * get stuck encrypting. We should only get this
- * if we have been able to get in the correct mode
- * anyhow.
- */
- encrypt_request_end();
- break;
- case ENCRYPT_IS:
- if (my_want_state_is_dont(TELOPT_ENCRYPT))
- return;
- encrypt_is(subpointer, SB_LEN());
- break;
- case ENCRYPT_REPLY:
- if (my_want_state_is_wont(TELOPT_ENCRYPT))
- return;
- encrypt_reply(subpointer, SB_LEN());
- break;
- case ENCRYPT_ENC_KEYID:
- if (my_want_state_is_dont(TELOPT_ENCRYPT))
- return;
- encrypt_enc_keyid(subpointer, SB_LEN());
- break;
- case ENCRYPT_DEC_KEYID:
- if (my_want_state_is_wont(TELOPT_ENCRYPT))
- return;
- encrypt_dec_keyid(subpointer, SB_LEN());
- break;
- default:
- break;
- }
- break;
-#endif
default:
break;
}
/* No EOR */
initfunc(SLC_ABORT, SLC_FLUSHIN|SLC_FLUSHOUT);
initfunc(SLC_EOF, 0);
-#ifndef SYSV_TERMIO
initfunc(SLC_SUSP, SLC_FLUSHIN);
-#endif
initfunc(SLC_EC, 0);
initfunc(SLC_EL, 0);
-#ifndef SYSV_TERMIO
initfunc(SLC_EW, 0);
initfunc(SLC_RP, 0);
initfunc(SLC_LNEXT, 0);
-#endif
initfunc(SLC_XON, 0);
initfunc(SLC_XOFF, 0);
-#ifdef SYSV_TERMIO
- spc_data[SLC_XON].mylevel = SLC_CANTCHANGE;
- spc_data[SLC_XOFF].mylevel = SLC_CANTCHANGE;
-#endif
initfunc(SLC_FORW1, 0);
-#ifdef USE_TERMIO
initfunc(SLC_FORW2, 0);
/* No FORW2 */
-#endif
initfunc(SLC_IP, SLC_FLUSHIN|SLC_FLUSHOUT);
#undef initfunc
return(need_update);
}
-#ifdef OLD_ENVIRON
-# ifdef ENV_HACK
-/*
- * Earlier version of telnet/telnetd from the BSD code had
- * the definitions of VALUE and VAR reversed. To ensure
- * maximum interoperability, we assume that the server is
- * an older BSD server, until proven otherwise. The newer
- * BSD servers should be able to handle either definition,
- * so it is better to use the wrong values if we don't
- * know what type of server it is.
- */
-int env_auto = 1;
-int old_env_var = OLD_ENV_VAR;
-int old_env_value = OLD_ENV_VALUE;
-# else
-# define old_env_var OLD_ENV_VAR
-# define old_env_value OLD_ENV_VALUE
-# endif
-#endif
-
void
env_opt(buf, len)
unsigned char *buf;
env_opt_add(NULL);
} else for (i = 1; i < len; i++) {
switch (buf[i]&0xff) {
-#ifdef OLD_ENVIRON
- case OLD_ENV_VAR:
-# ifdef ENV_HACK
- if (telopt_environ == TELOPT_OLD_ENVIRON
- && env_auto) {
- /* Server has the same definitions */
- old_env_var = OLD_ENV_VAR;
- old_env_value = OLD_ENV_VALUE;
- }
- /* FALL THROUGH */
-# endif
- case OLD_ENV_VALUE:
- /*
- * Although OLD_ENV_VALUE is not legal, we will
- * still recognize it, just in case it is an
- * old server that has VAR & VALUE mixed up...
- */
- /* FALL THROUGH */
-#else
case NEW_ENV_VAR:
-#endif
case ENV_USERVAR:
if (ep) {
*epc = 0;
opt_reply = p;
}
if (opt_welldefined((char *)ep))
-#ifdef OLD_ENVIRON
- if (telopt_environ == TELOPT_OLD_ENVIRON)
- opt_add(old_env_var);
- else
-#endif
opt_add(NEW_ENV_VAR);
else
opt_add(ENV_USERVAR);
opt_add(c);
}
if ((ep = vp)) {
-#ifdef OLD_ENVIRON
- if (telopt_environ == TELOPT_OLD_ENVIRON)
- opt_add(old_env_value);
- else
-#endif
opt_add(NEW_ENV_VALUE);
vp = NULL;
} else
}
c = *sbp++ & 0xff, scc--; count++;
-#if defined(ENCRYPTION)
- if (decrypt_input)
- c = (*decrypt_input)(c);
-#endif
switch (telrcv_state) {
telrcv_state = TS_IAC;
break;
}
-# if defined(TN3270)
- if (In3270) {
- *Ifrontp++ = c;
- while (scc > 0) {
- c = *sbp++ & 0377, scc--; count++;
- if (c == IAC) {
- telrcv_state = TS_IAC;
- break;
- }
- *Ifrontp++ = c;
- }
- } else
-# endif /* defined(TN3270) */
/*
* The 'crmod' hack (see following) is needed
* since we can't set CRMOD on output only.
if ((c == '\r') && my_want_state_is_dont(TELOPT_BINARY)) {
if (scc > 0) {
c = *sbp&0xff;
-#if defined(ENCRYPTION)
- if (decrypt_input)
- c = (*decrypt_input)(c);
-#endif
if (c == 0) {
sbp++, scc--; count++;
/* a "true" CR */
sbp++, scc--; count++;
TTYADD('\n');
} else {
-#if defined(ENCRYPTION)
- if (decrypt_input)
- (*decrypt_input)(-1);
-#endif
TTYADD('\r');
if (crmod) {
TTYADD('\n');
SYNCHing = 1;
(void) ttyflush(1);
SYNCHing = stilloob();
- settimer(gotDM);
break;
case SB:
telrcv_state = TS_SB;
continue;
-# if defined(TN3270)
- case EOR:
- if (In3270) {
- if (Ibackp == Ifrontp) {
- Ibackp = Ifrontp = Ibuf;
- ISend = 0; /* should have been! */
- } else {
- Ibackp += DataFromNetwork(Ibackp, Ifrontp-Ibackp, 1);
- ISend = 1;
- }
- }
- printoption("RCVD", IAC, EOR);
- break;
-# endif /* defined(TN3270) */
-
case IAC:
-# if !defined(TN3270)
TTYADD(IAC);
-# else /* !defined(TN3270) */
- if (In3270) {
- *Ifrontp++ = IAC;
- } else {
- TTYADD(IAC);
- }
-# endif /* !defined(TN3270) */
break;
case NOP:
case TS_WILL:
printoption("RCVD", WILL, c);
willoption(c);
- SetIn3270();
telrcv_state = TS_DATA;
continue;
case TS_WONT:
printoption("RCVD", WONT, c);
wontoption(c);
- SetIn3270();
telrcv_state = TS_DATA;
continue;
case TS_DO:
printoption("RCVD", DO, c);
dooption(c);
- SetIn3270();
if (c == TELOPT_NAWS) {
sendnaws();
} else if (c == TELOPT_LFLOW) {
dontoption(c);
flushline = 1;
setconnmode(0); /* set new tty mode (maybe) */
- SetIn3270();
telrcv_state = TS_DATA;
continue;
printoption("In SUBOPTION processing, RCVD", IAC, c);
suboption(); /* handle sub-option */
- SetIn3270();
telrcv_state = TS_IAC;
goto process_iac;
}
subpointer -= 2;
SB_TERM();
suboption(); /* handle sub-option */
- SetIn3270();
telrcv_state = TS_DATA;
}
}
my_want_state_is_will(TELOPT_BINARY));
ttyout = ring_full_count(&ttyoring);
-#if defined(TN3270)
- ttyin = ring_empty_count(&ttyiring) && (clienteof == 0) && (shell_active == 0);
-#else /* defined(TN3270) */
ttyin = ring_empty_count(&ttyiring) && (clienteof == 0);
-#endif /* defined(TN3270) */
-#if defined(TN3270)
- netin = ring_empty_count(&netiring);
-# else /* !defined(TN3270) */
netin = !ISend && ring_empty_count(&netiring);
-# endif /* !defined(TN3270) */
netex = !SYNCHing;
ttyin = ttyout = 0;
}
-# if defined(TN3270) && defined(unix)
- if (HaveInput) {
- HaveInput = 0;
- (void) signal(SIGIO, inputAvailable);
- }
-#endif /* defined(TN3270) && defined(unix) */
-
/* Call to system code to process rings */
returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block);
/* Now, look at the input rings, looking for work to do. */
if (ring_full_count(&ttyiring)) {
-# if defined(TN3270)
- if (In3270) {
- int c;
-
- c = DataFromTerminal(ttyiring.consume,
- ring_full_consecutive(&ttyiring));
- if (c) {
- returnValue = 1;
- ring_consumed(&ttyiring, c);
- }
- } else {
-# endif /* defined(TN3270) */
- returnValue |= telsnd();
-# if defined(TN3270)
- }
-# endif /* defined(TN3270) */
+ returnValue |= telsnd();
}
if (ring_full_count(&netiring)) {
-# if !defined(TN3270)
returnValue |= telrcv();
-# else /* !defined(TN3270) */
- returnValue = Push3270();
-# endif /* !defined(TN3270) */
}
return returnValue;
}
{
sys_telnet_init();
-#if defined(AUTHENTICATION) || defined(ENCRYPTION)
- {
- static char local_host[256] = { 0 };
-
- if (!local_host[0]) {
- gethostname(local_host, sizeof(local_host));
- local_host[sizeof(local_host)-1] = 0;
- }
- auth_encrypt_init(local_host, hostname, "TELNET", 0);
- auth_encrypt_user(user);
- }
-#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */
-# if !defined(TN3270)
if (telnetport) {
-#if defined(AUTHENTICATION)
- if (autologin)
- send_will(TELOPT_AUTHENTICATION, 1);
-#endif
-#if defined(ENCRYPTION)
- send_do(TELOPT_ENCRYPT, 1);
- send_will(TELOPT_ENCRYPT, 1);
-#endif
send_do(TELOPT_SGA, 1);
send_will(TELOPT_TTYPE, 1);
send_will(TELOPT_NAWS, 1);
if (binary)
tel_enter_binary(binary);
}
-# endif /* !defined(TN3270) */
-
-#ifdef ENCRYPTION
- /*
- * Note: we assume a tie to the authentication option here. This
- * is necessary so that authentication fails, we don't spin
- * forever.
- */
- if (wantencryption) {
- extern int auth_has_failed;
- time_t timeout = time(0) + 60;
- int printed_encrypt = 0;
-
- send_do(TELOPT_ENCRYPT, 1);
- send_will(TELOPT_ENCRYPT, 1);
- while (1) {
- if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) {
- if (wantencryption == -1) {
- break;
- } else {
- printf("\nServer refused to negotiate authentication,");
- printf(" which is required for encryption.\n");
- Exit(1);
- }
- }
- if (auth_has_failed) {
- printf("\nAuthentication negotiation has failed,");
- printf(" which is required for encryption.\n");
- Exit(1);
- }
- if (my_want_state_is_dont(TELOPT_ENCRYPT) ||
- my_want_state_is_wont(TELOPT_ENCRYPT)) {
- printf("\nServer refused to negotiate encryption.\n");
- Exit(1);
- }
- if (encrypt_is_encrypting())
- break;
- if (time(0) > timeout) {
- printf("\nEncryption could not be enabled.\n");
- Exit(1);
- }
- if (printed_encrypt == 0) {
- printed_encrypt = 1;
- printf("Waiting for encryption to be negotiated...\n");
- /*
- * Turn on MODE_TRAPSIG and then turn off localchars
- * so that ^C will cause telnet to exit.
- */
- TerminalNewMode(getconnmode()|MODE_TRAPSIG);
- intr_waiting = 1;
- }
- if (intr_happened) {
- printf("\nUser interrupt.\n");
- Exit(1);
- }
- telnet_spin();
- }
- if (printed_encrypt) {
- printf("Encryption negotiated.\n");
- intr_waiting = 0;
- setconnmode(0);
- }
- }
-#endif
-
-# if !defined(TN3270)
+
for (;;) {
int schedValue;
return;
}
}
-# else /* !defined(TN3270) */
- for (;;) {
- int schedValue;
-
- while (!In3270 && !shell_active) {
- if (Scheduler(1) == -1) {
- setcommandmode();
- return;
- }
- }
-
- while ((schedValue = Scheduler(0)) != 0) {
- if (schedValue == -1) {
- setcommandmode();
- return;
- }
- }
- /* If there is data waiting to go out to terminal, don't
- * schedule any more data for the terminal.
- */
- if (ring_full_count(&ttyoring)) {
- schedValue = 1;
- } else {
- if (shell_active) {
- if (shell_continue() == 0) {
- ConnectScreen();
- }
- } else if (In3270) {
- schedValue = DoTerminalOutput();
- }
- }
- if (schedValue && (shell_active == 0)) {
- if (Scheduler(1) == -1) {
- setcommandmode();
- return;
- }
- }
- }
-# endif /* !defined(TN3270) */
}
\f
#if 0 /* XXX - this not being in is a bug */
-/* $OpenBSD: telnet_locl.h,v 1.4 2013/04/21 09:51:24 millert Exp $ */
+/* $OpenBSD: telnet_locl.h,v 1.5 2014/07/19 23:50:38 guenther Exp $ */
/* $KTH: telnet_locl.h,v 1.13 1997/11/03 21:37:55 assar Exp $ */
/*
#include <arpa/telnet.h>
-#if defined(AUTHENTICATION) || defined(ENCRYPTION)
-#include <auth.h>
-#include <encrypt.h>
-#endif
-#include <misc.h>
-#include <misc-proto.h>
-
-#define LINEMODE
-
#include "ring.h"
#include "externs.h"
#include "defines.h"
-#include "types.h"
/* prototypes */
-/* $OpenBSD: terminal.c,v 1.6 2003/06/03 02:56:18 millert Exp $ */
+/* $OpenBSD: terminal.c,v 1.7 2014/07/19 23:50:38 guenther Exp $ */
/* $NetBSD: terminal.c,v 1.5 1996/02/28 21:04:17 thorpej Exp $ */
/*
int termdata; /* Debugging flag */
-#ifdef USE_TERMIO
# ifndef VDISCARD
cc_t termFlushChar;
# endif
# ifndef VSTATUS
cc_t termAytChar;
# endif
-#else
-cc_t termForw2Char;
-cc_t termAytChar;
-#endif
/*
* initialize the terminal data structures.
extern int kludgelinemode;
#endif
- if (In3270)
- return(MODE_FLOW);
-
if (my_want_state_is_dont(TELOPT_ECHO))
mode |= MODE_ECHO;
int force;
{
int newmode;
-#ifdef ENCRYPTION
- static int enc_passwd = 0;
-#endif
newmode = getconnmode()|(force?MODE_FORCE:0);
TerminalNewMode(newmode);
-
-#ifdef ENCRYPTION
- if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) {
- if (my_want_state_is_will(TELOPT_ENCRYPT)
- && (enc_passwd == 0) && !encrypt_output) {
- encrypt_request_start(0, 0);
- enc_passwd = 1;
- }
- } else {
- if (enc_passwd) {
- encrypt_request_end();
- enc_passwd = 0;
- }
- }
-#endif
-
}
+++ /dev/null
-/* $OpenBSD: tn3270.c,v 1.7 2013/04/21 09:51:24 millert Exp $ */
-/* $NetBSD: tn3270.c,v 1.5 1996/02/28 21:04:18 thorpej Exp $ */
-
-/*
- * Copyright (c) 1988, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-#if defined(TN3270)
-
-#include "../ctlr/screen.h"
-#include "../general/globals.h"
-
-#include "../sys_curses/telextrn.h"
-#include "../ctlr/externs.h"
-
-#if defined(unix)
-int
- HaveInput, /* There is input available to scan */
- cursesdata, /* Do we dump curses data? */
- sigiocount; /* Number of times we got a SIGIO */
-
-char tline[200];
-char *transcom = 0; /* transparent mode command (default: none) */
-#endif /* defined(unix) */
-
-char Ibuf[8*BUFSIZ], *Ifrontp, *Ibackp;
-
-static char sb_terminal[] = { IAC, SB,
- TELOPT_TTYPE, TELQUAL_IS,
- 'I', 'B', 'M', '-', '3', '2', '7', '8', '-', '2',
- IAC, SE };
-#define SBTERMMODEL 13
-
-static int
- Sent3270TerminalType; /* Have we said we are a 3270? */
-
-#endif /* defined(TN3270) */
-
-
- void
-init_3270()
-{
-#if defined(TN3270)
-#if defined(unix)
- HaveInput = 0;
- sigiocount = 0;
-#endif /* defined(unix) */
- Sent3270TerminalType = 0;
- Ifrontp = Ibackp = Ibuf;
- init_ctlr(); /* Initialize some things */
- init_keyboard();
- init_screen();
- init_system();
-#endif /* defined(TN3270) */
-}
-
-\f
-#if defined(TN3270)
-
-/*
- * DataToNetwork - queue up some data to go to network. If "done" is set,
- * then when last byte is queued, we add on an IAC EOR sequence (so,
- * don't call us with "done" until you want that done...)
- *
- * We actually do send all the data to the network buffer, since our
- * only client needs for us to do that.
- */
-
- int
-DataToNetwork(buffer, count, done)
- char *buffer; /* where the data is */
- int count; /* how much to send */
- int done; /* is this the last of a logical block */
-{
- int loop, c;
- int origCount;
-
- origCount = count;
-
- while (count) {
- /* If not enough room for EORs, IACs, etc., wait */
- if (NETROOM() < 6) {
- struct pollfd pfd[1];
-
- netflush();
- while (NETROOM() < 6) {
- pfd[0].fd = net;
- pfd[0].events = POLLOUT;
- (void) poll(pfd, 1, -1);
- netflush();
- }
- }
- c = ring_empty_count(&netoring);
- if (c > count) {
- c = count;
- }
- loop = c;
- while (loop) {
- if (((unsigned char)*buffer) == IAC) {
- break;
- }
- buffer++;
- loop--;
- }
- if ((c = c-loop)) {
- ring_supply_data(&netoring, buffer-c, c);
- count -= c;
- }
- if (loop) {
- NET2ADD(IAC, IAC);
- count--;
- buffer++;
- }
- }
-
- if (done) {
- NET2ADD(IAC, EOR);
- netflush(); /* try to move along as quickly as ... */
- }
- return(origCount - count);
-}
-
-
-#if defined(unix)
- void
-inputAvailable(signo)
- int signo;
-{
- HaveInput = 1;
- sigiocount++;
-}
-#endif /* defined(unix) */
-
- void
-outputPurge()
-{
- (void) ttyflush(1);
-}
-
-
-/*
- * The following routines are places where the various tn3270
- * routines make calls into telnet.c.
- */
-
-/*
- * DataToTerminal - queue up some data to go to terminal.
- *
- * Note: there are people who call us and depend on our processing
- * *all* the data at one time (thus the poll).
- */
-
- int
-DataToTerminal(buffer, count)
- char *buffer; /* where the data is */
- int count; /* how much to send */
-{
- int c;
- int origCount;
-
- origCount = count;
-
- while (count) {
- if (TTYROOM() == 0) {
- struct pollfd pfd[1];
-
- (void) ttyflush(0);
- while (TTYROOM() == 0) {
- pfd[0].fd = tout;
- pfd[0].events = POLLOUT;
- (void) poll(pfd, 1, -1);
- (void) ttyflush(0);
- }
- }
- c = TTYROOM();
- if (c > count) {
- c = count;
- }
- ring_supply_data(&ttyoring, buffer, c);
- count -= c;
- buffer += c;
- }
- return(origCount);
-}
-\f
-
-/*
- * Push3270 - Try to send data along the 3270 output (to screen) direction.
- */
-
- int
-Push3270()
-{
- int save = ring_full_count(&netiring);
-
- if (save) {
- if (Ifrontp+save > Ibuf+sizeof Ibuf) {
- if (Ibackp != Ibuf) {
- memmove(Ibuf, Ibackp, Ifrontp-Ibackp);
- Ifrontp -= (Ibackp-Ibuf);
- Ibackp = Ibuf;
- }
- }
- if (Ifrontp+save < Ibuf+sizeof Ibuf) {
- (void)telrcv();
- }
- }
- return save != ring_full_count(&netiring);
-}
-
-
-/*
- * Finish3270 - get the last dregs of 3270 data out to the terminal
- * before quitting.
- */
-
- void
-Finish3270()
-{
- while (Push3270() || !DoTerminalOutput()) {
-#if defined(unix)
- HaveInput = 0;
-#endif /* defined(unix) */
- ;
- }
-}
-
-
-/* StringToTerminal - output a null terminated string to the terminal */
-
- void
-StringToTerminal(s)
- char *s;
-{
- int count;
-
- count = strlen(s);
- if (count) {
- (void) DataToTerminal(s, count); /* we know it always goes... */
- }
-}
-
-
-#if ((!defined(NOT43)) || defined(PUTCHAR))
-/* _putchar - output a single character to the terminal. This name is so that
- * curses(3x) can call us to send out data.
- */
-
- void
-_putchar(c)
- char c;
-{
-#if defined(sun) /* SunOS 4.0 bug */
- c &= 0x7f;
-#endif /* defined(sun) */
- if (cursesdata) {
- Dump('>', &c, 1);
- }
- if (!TTYROOM()) {
- (void) DataToTerminal(&c, 1);
- } else {
- TTYADD(c);
- }
-}
-#endif /* ((!defined(NOT43)) || defined(PUTCHAR)) */
-
- void
-SetIn3270()
-{
- if (Sent3270TerminalType && my_want_state_is_will(TELOPT_BINARY)
- && my_want_state_is_do(TELOPT_BINARY) && !donebinarytoggle) {
- if (!In3270) {
- In3270 = 1;
- Init3270(); /* Initialize 3270 functions */
- /* initialize terminal key mapping */
- InitTerminal(); /* Start terminal going */
- setconnmode(0);
- }
- } else {
- if (In3270) {
- StopScreen(1);
- In3270 = 0;
- Stop3270(); /* Tell 3270 we aren't here anymore */
- setconnmode(0);
- }
- }
-}
-
-/*
- * tn3270_ttype()
- *
- * Send a response to a terminal type negotiation.
- *
- * Return '0' if no more responses to send; '1' if a response sent.
- */
-
- int
-tn3270_ttype()
-{
- /*
- * Try to send a 3270 type terminal name. Decide which one based
- * on the format of our screen, and (in the future) color
- * capaiblities.
- */
- InitTerminal(); /* Sets MaxNumberColumns, MaxNumberLines */
- if ((MaxNumberLines >= 24) && (MaxNumberColumns >= 80)) {
- Sent3270TerminalType = 1;
- if ((MaxNumberLines >= 27) && (MaxNumberColumns >= 132)) {
- MaxNumberLines = 27;
- MaxNumberColumns = 132;
- sb_terminal[SBTERMMODEL] = '5';
- } else if (MaxNumberLines >= 43) {
- MaxNumberLines = 43;
- MaxNumberColumns = 80;
- sb_terminal[SBTERMMODEL] = '4';
- } else if (MaxNumberLines >= 32) {
- MaxNumberLines = 32;
- MaxNumberColumns = 80;
- sb_terminal[SBTERMMODEL] = '3';
- } else {
- MaxNumberLines = 24;
- MaxNumberColumns = 80;
- sb_terminal[SBTERMMODEL] = '2';
- }
- NumberLines = 24; /* before we start out... */
- NumberColumns = 80;
- ScreenSize = NumberLines*NumberColumns;
- if ((MaxNumberLines*MaxNumberColumns) > MAXSCREENSIZE) {
- ExitString("Programming error: MAXSCREENSIZE too small.\n",
- 1);
- /*NOTREACHED*/
- }
- printsub('>', sb_terminal+2, sizeof sb_terminal-2);
- ring_supply_data(&netoring, sb_terminal, sizeof sb_terminal);
- return 1;
- } else {
- return 0;
- }
-}
-
-#if defined(unix)
- int
-settranscom(argc, argv)
- int argc;
- char *argv[];
-{
- int i;
-
- if (argc == 1 && transcom) {
- transcom = 0;
- }
- if (argc == 1) {
- return 1;
- }
- strlcpy(tline, argv[1], sizeof(tline));
- for (i = 2; i < argc; ++i) {
- strlcat(tline, " ", sizeof(tline));
- strlcat(tline, argv[i], sizeof(tline));
- }
- transcom = tline;
- return 1;
-}
-#endif /* defined(unix) */
-
-#endif /* defined(TN3270) */
+++ /dev/null
-/* $OpenBSD: types.h,v 1.3 2003/06/03 02:56:18 millert Exp $ */
-/* $NetBSD: types.h,v 1.5 1996/02/28 21:04:20 thorpej Exp $ */
-
-/*
- * Copyright (c) 1988, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * from: @(#)types.h 8.1 (Berkeley) 6/6/93
- */
-
-typedef struct {
- char *modedescriptions;
- char modetype;
-} Modelist;
-
-extern Modelist modelist[];
-
-typedef struct {
- int
- system, /* what the current time is */
- echotoggle, /* last time user entered echo character */
- modenegotiated, /* last time operating mode negotiated */
- didnetreceive, /* last time we read data from network */
- gotDM; /* when did we last see a data mark */
-} Clocks;
-
-extern Clocks clocks;
-/* $OpenBSD: utilities.c,v 1.11 2013/04/21 09:51:24 millert Exp $ */
+/* $OpenBSD: utilities.c,v 1.12 2014/07/19 23:50:38 guenther Exp $ */
/* $NetBSD: utilities.c,v 1.5 1996/02/28 21:04:21 thorpej Exp $ */
/*
}
}
-/*
- * SetSockOpt()
- *
- * Compensate for differences in 4.2 and 4.3 systems.
- */
-
- int
-SetSockOpt(fd, level, option, yesno)
- int fd, level, option, yesno;
-{
-#ifndef NOT43
- return setsockopt(fd, level, option,
- (void *)&yesno, sizeof yesno);
-#else /* NOT43 */
- if (yesno == 0) { /* Can't do that in 4.2! */
- fprintf(stderr, "Error: attempt to turn off an option 0x%x.\n",
- option);
- return -1;
- }
- return setsockopt(fd, level, option, 0, 0);
-#endif /* NOT43 */
-}
-\f
/*
* The following are routines used to print out debugging information.
*/
int length; /* length of suboption data */
{
int i;
-#if defined(AUTHENTICATION) || defined(ENCRYPTION)
- char buf[512];
-#endif
extern int want_status_response;
if (showoptions || direction == 0 ||
fprintf(NetTrace, " ?%d?", pointer[i]);
break;
-#if defined(AUTHENTICATION)
- case TELOPT_AUTHENTICATION:
- fprintf(NetTrace, "AUTHENTICATION");
- if (length < 2) {
- fprintf(NetTrace, " (empty suboption??\?)");
- break;
- }
- switch (pointer[1]) {
- case TELQUAL_REPLY:
- case TELQUAL_IS:
- fprintf(NetTrace, " %s ", (pointer[1] == TELQUAL_IS) ?
- "IS" : "REPLY");
- if (AUTHTYPE_NAME_OK(pointer[2]))
- fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[2]));
- else
- fprintf(NetTrace, "%d ", pointer[2]);
- if (length < 3) {
- fprintf(NetTrace, "(partial suboption??\?)");
- break;
- }
- fprintf(NetTrace, "%s|%s",
- ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
- "CLIENT" : "SERVER",
- ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
- "MUTUAL" : "ONE-WAY");
-
- auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
- fprintf(NetTrace, "%s", buf);
- break;
-
- case TELQUAL_SEND:
- i = 2;
- fprintf(NetTrace, " SEND ");
- while (i < length) {
- if (AUTHTYPE_NAME_OK(pointer[i]))
- fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[i]));
- else
- fprintf(NetTrace, "%d ", pointer[i]);
- if (++i >= length) {
- fprintf(NetTrace, "(partial suboption??\?)");
- break;
- }
- fprintf(NetTrace, "%s|%s ",
- ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
- "CLIENT" : "SERVER",
- ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
- "MUTUAL" : "ONE-WAY");
- ++i;
- }
- break;
-
- case TELQUAL_NAME:
- i = 2;
- fprintf(NetTrace, " NAME \"");
- while (i < length)
- putc(pointer[i++], NetTrace);
- putc('"', NetTrace);
- break;
-
- default:
- for (i = 2; i < length; i++)
- fprintf(NetTrace, " ?%d?", pointer[i]);
- break;
- }
- break;
-#endif
-
-#if defined(ENCRYPTION)
- case TELOPT_ENCRYPT:
- fprintf(NetTrace, "ENCRYPT");
- if (length < 2) {
- fprintf(NetTrace, " (empty suboption?)");
- break;
- }
- switch (pointer[1]) {
- case ENCRYPT_START:
- fprintf(NetTrace, " START");
- break;
-
- case ENCRYPT_END:
- fprintf(NetTrace, " END");
- break;
-
- case ENCRYPT_REQSTART:
- fprintf(NetTrace, " REQUEST-START");
- break;
-
- case ENCRYPT_REQEND:
- fprintf(NetTrace, " REQUEST-END");
- break;
-
- case ENCRYPT_IS:
- case ENCRYPT_REPLY:
- fprintf(NetTrace, " %s ", (pointer[1] == ENCRYPT_IS) ?
- "IS" : "REPLY");
- if (length < 3) {
- fprintf(NetTrace, " (partial suboption?)");
- break;
- }
- if (ENCTYPE_NAME_OK(pointer[2]))
- fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[2]));
- else
- fprintf(NetTrace, " %d (unknown)", pointer[2]);
-
- encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
- fprintf(NetTrace, "%s", buf);
- break;
-
- case ENCRYPT_SUPPORT:
- i = 2;
- fprintf(NetTrace, " SUPPORT ");
- while (i < length) {
- if (ENCTYPE_NAME_OK(pointer[i]))
- fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[i]));
- else
- fprintf(NetTrace, "%d ", pointer[i]);
- i++;
- }
- break;
-
- case ENCRYPT_ENC_KEYID:
- fprintf(NetTrace, " ENC_KEYID ");
- goto encommon;
-
- case ENCRYPT_DEC_KEYID:
- fprintf(NetTrace, " DEC_KEYID ");
- goto encommon;
-
- default:
- fprintf(NetTrace, " %d (unknown)", pointer[1]);
- encommon:
- for (i = 2; i < length; i++)
- fprintf(NetTrace, " %d", pointer[i]);
- break;
- }
- break;
-#endif
-
-
case TELOPT_LINEMODE:
fprintf(NetTrace, "LINEMODE ");
if (length < 2) {
case TELOPT_NEW_ENVIRON:
fprintf(NetTrace, "NEW-ENVIRON ");
-#ifdef OLD_ENVIRON
- goto env_common1;
- case TELOPT_OLD_ENVIRON:
- fprintf(NetTrace, "OLD-ENVIRON");
- env_common1:
-#endif
switch (pointer[1]) {
case TELQUAL_IS:
fprintf(NetTrace, "IS ");
env_common:
{
int noquote = 2;
-#if defined(ENV_HACK) && defined(OLD_ENVIRON)
- extern int old_env_var, old_env_value;
-#endif
for (i = 2; i < length; i++ ) {
switch (pointer[i]) {
case NEW_ENV_VALUE:
-#ifdef OLD_ENVIRON
- /* case NEW_ENV_OVAR: */
- if (pointer[0] == TELOPT_OLD_ENVIRON) {
-# ifdef ENV_HACK
- if (old_env_var == OLD_ENV_VALUE)
- fprintf(NetTrace, "\" (VALUE) " + noquote);
- else
-# endif
- fprintf(NetTrace, "\" VAR " + noquote);
- } else
-#endif /* OLD_ENVIRON */
fprintf(NetTrace, "\" VALUE " + noquote);
noquote = 2;
break;
case NEW_ENV_VAR:
-#ifdef OLD_ENVIRON
- /* case OLD_ENV_VALUE: */
- if (pointer[0] == TELOPT_OLD_ENVIRON) {
-# ifdef ENV_HACK
- if (old_env_value == OLD_ENV_VAR)
- fprintf(NetTrace, "\" (VAR) " + noquote);
- else
-# endif
- fprintf(NetTrace, "\" VALUE " + noquote);
- } else
-#endif /* OLD_ENVIRON */
fprintf(NetTrace, "\" VAR " + noquote);
noquote = 2;
break;
SetForExit()
{
setconnmode(0);
-#if defined(TN3270)
- if (In3270) {
- Finish3270();
- }
-#else /* defined(TN3270) */
do {
(void)telrcv(); /* Process any incoming data */
EmptyTerminal();
} while (ring_full_count(&netiring)); /* While there is any */
-#endif /* defined(TN3270) */
setcommandmode();
fflush(stdout);
fflush(stderr);
-#if defined(TN3270)
- if (In3270) {
- StopScreen(1);
- }
-#endif /* defined(TN3270) */
setconnmode(0);
EmptyTerminal(); /* Flush the path to the tty */
setcommandmode();
projects / openbsd / commitdiff