1 /* 2 * Copyright (c) 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "telnetd.h" 35 36 RCSID("$Id: telnetd.c,v 1.60 1999/12/05 10:59:52 assar Exp $"); 37 38 #ifdef _SC_CRAY_SECURE_SYS 39 #include <sys/sysv.h> 40 #include <sys/secdev.h> 41 #include <sys/secparm.h> 42 #include <sys/usrv.h> 43 int secflag; 44 char tty_dev[16]; 45 struct secdev dv; 46 struct sysv sysv; 47 struct socksec ss; 48 #endif /* _SC_CRAY_SECURE_SYS */ 49 50 #ifdef AUTHENTICATION 51 int auth_level = 0; 52 #endif 53 54 extern int utmp_len; 55 int registerd_host_only = 0; 56 57 #ifdef STREAMSPTY 58 # include <stropts.h> 59 # include <termios.h> 60 #ifdef HAVE_SYS_UIO_H 61 #include <sys/uio.h> 62 #endif /* HAVE_SYS_UIO_H */ 63 #ifdef HAVE_SYS_STREAM_H 64 #include <sys/stream.h> 65 #endif 66 #ifdef _AIX 67 #include <sys/termio.h> 68 #endif 69 # ifdef HAVE_SYS_STRTTY_H 70 # include <sys/strtty.h> 71 # endif 72 # ifdef HAVE_SYS_STR_TTY_H 73 # include <sys/str_tty.h> 74 # endif 75 /* make sure we don't get the bsd version */ 76 /* what is this here for? solaris? /joda */ 77 # ifdef HAVE_SYS_TTY_H 78 # include "/usr/include/sys/tty.h" 79 # endif 80 # ifdef HAVE_SYS_PTYVAR_H 81 # include <sys/ptyvar.h> 82 # endif 83 84 /* 85 * Because of the way ptyibuf is used with streams messages, we need 86 * ptyibuf+1 to be on a full-word boundary. The following wierdness 87 * is simply to make that happen. 88 */ 89 long ptyibufbuf[BUFSIZ/sizeof(long)+1]; 90 char *ptyibuf = ((char *)&ptyibufbuf[1])-1; 91 char *ptyip = ((char *)&ptyibufbuf[1])-1; 92 char ptyibuf2[BUFSIZ]; 93 unsigned char ctlbuf[BUFSIZ]; 94 struct strbuf strbufc, strbufd; 95 96 int readstream(int, char*, int); 97 98 #else /* ! STREAMPTY */ 99 100 /* 101 * I/O data buffers, 102 * pointers, and counters. 103 */ 104 char ptyibuf[BUFSIZ], *ptyip = ptyibuf; 105 char ptyibuf2[BUFSIZ]; 106 107 #endif /* ! STREAMPTY */ 108 109 int hostinfo = 1; /* do we print login banner? */ 110 111 #ifdef _CRAY 112 extern int newmap; /* nonzero if \n maps to ^M^J */ 113 int lowpty = 0, highpty; /* low, high pty numbers */ 114 #endif /* CRAY */ 115 116 int debug = 0; 117 int keepalive = 1; 118 char *progname; 119 120 static void usage (void); 121 122 /* 123 * The string to pass to getopt(). We do it this way so 124 * that only the actual options that we support will be 125 * passed off to getopt(). 126 */ 127 char valid_opts[] = "Bd:hklnS:u:UL:y" 128 #ifdef AUTHENTICATION 129 "a:X:z" 130 #endif 131 #ifdef DIAGNOSTICS 132 "D:" 133 #endif 134 #ifdef _CRAY 135 "r:" 136 #endif 137 ; 138 139 static void doit(struct sockaddr*, int); 140 141 int 142 main(int argc, char **argv) 143 { 144 struct sockaddr_storage __ss; 145 struct sockaddr *sa = (struct sockaddr *)&__ss; 146 int on = 1, sa_size; 147 int ch; 148 #if defined(IPPROTO_IP) && defined(IP_TOS) 149 int tos = -1; 150 #endif 151 #ifdef ENCRYPTION 152 extern int des_check_key; 153 des_check_key = 1; /* Kludge for Mac NCSA telnet 2.6 /bg */ 154 #endif 155 pfrontp = pbackp = ptyobuf; 156 netip = netibuf; 157 nfrontp = nbackp = netobuf; 158 159 progname = *argv; 160 #ifdef ENCRYPTION 161 nclearto = 0; 162 #endif 163 164 #ifdef _CRAY 165 /* 166 * Get number of pty's before trying to process options, 167 * which may include changing pty range. 168 */ 169 highpty = getnpty(); 170 #endif /* CRAY */ 171 172 while ((ch = getopt(argc, argv, valid_opts)) != -1) { 173 switch(ch) { 174 175 #ifdef AUTHENTICATION 176 case 'a': 177 /* 178 * Check for required authentication level 179 */ 180 if (strcmp(optarg, "debug") == 0) { 181 auth_debug_mode = 1; 182 } else if (strcasecmp(optarg, "none") == 0) { 183 auth_level = 0; 184 } else if (strcasecmp(optarg, "otp") == 0) { 185 auth_level = 0; 186 require_otp = 1; 187 } else if (strcasecmp(optarg, "other") == 0) { 188 auth_level = AUTH_OTHER; 189 } else if (strcasecmp(optarg, "user") == 0) { 190 auth_level = AUTH_USER; 191 } else if (strcasecmp(optarg, "valid") == 0) { 192 auth_level = AUTH_VALID; 193 } else if (strcasecmp(optarg, "off") == 0) { 194 /* 195 * This hack turns off authentication 196 */ 197 auth_level = -1; 198 } else { 199 fprintf(stderr, 200 "telnetd: unknown authorization level for -a\n"); 201 } 202 break; 203 #endif /* AUTHENTICATION */ 204 205 case 'B': /* BFTP mode is not supported any more */ 206 break; 207 case 'd': 208 if (strcmp(optarg, "ebug") == 0) { 209 debug++; 210 break; 211 } 212 usage(); 213 /* NOTREACHED */ 214 break; 215 216 #ifdef DIAGNOSTICS 217 case 'D': 218 /* 219 * Check for desired diagnostics capabilities. 220 */ 221 if (!strcmp(optarg, "report")) { 222 diagnostic |= TD_REPORT|TD_OPTIONS; 223 } else if (!strcmp(optarg, "exercise")) { 224 diagnostic |= TD_EXERCISE; 225 } else if (!strcmp(optarg, "netdata")) { 226 diagnostic |= TD_NETDATA; 227 } else if (!strcmp(optarg, "ptydata")) { 228 diagnostic |= TD_PTYDATA; 229 } else if (!strcmp(optarg, "options")) { 230 diagnostic |= TD_OPTIONS; 231 } else { 232 usage(); 233 /* NOT REACHED */ 234 } 235 break; 236 #endif /* DIAGNOSTICS */ 237 238 239 case 'h': 240 hostinfo = 0; 241 break; 242 243 case 'k': /* Linemode is not supported any more */ 244 case 'l': 245 break; 246 247 case 'n': 248 keepalive = 0; 249 break; 250 251 #ifdef _CRAY 252 case 'r': 253 { 254 char *strchr(); 255 char *c; 256 257 /* 258 * Allow the specification of alterations 259 * to the pty search range. It is legal to 260 * specify only one, and not change the 261 * other from its default. 262 */ 263 c = strchr(optarg, '-'); 264 if (c) { 265 *c++ = '\0'; 266 highpty = atoi(c); 267 } 268 if (*optarg != '\0') 269 lowpty = atoi(optarg); 270 if ((lowpty > highpty) || (lowpty < 0) || 271 (highpty > 32767)) { 272 usage(); 273 /* NOT REACHED */ 274 } 275 break; 276 } 277 #endif /* CRAY */ 278 279 case 'S': 280 #ifdef HAVE_PARSETOS 281 if ((tos = parsetos(optarg, "tcp")) < 0) 282 fprintf(stderr, "%s%s%s\n", 283 "telnetd: Bad TOS argument '", optarg, 284 "'; will try to use default TOS"); 285 #else 286 fprintf(stderr, "%s%s\n", "TOS option unavailable; ", 287 "-S flag not supported\n"); 288 #endif 289 break; 290 291 case 'u': 292 utmp_len = atoi(optarg); 293 break; 294 295 case 'U': 296 registerd_host_only = 1; 297 break; 298 299 #ifdef AUTHENTICATION 300 case 'X': 301 /* 302 * Check for invalid authentication types 303 */ 304 auth_disable_name(optarg); 305 break; 306 #endif 307 case 'y': 308 no_warn = 1; 309 break; 310 #ifdef AUTHENTICATION 311 case 'z': 312 log_unauth = 1; 313 break; 314 315 #endif /* AUTHENTICATION */ 316 317 case 'L': 318 new_login = optarg; 319 break; 320 321 default: 322 fprintf(stderr, "telnetd: %c: unknown option\n", ch); 323 /* FALLTHROUGH */ 324 case '?': 325 usage(); 326 /* NOTREACHED */ 327 } 328 } 329 330 argc -= optind; 331 argv += optind; 332 333 if (debug) { 334 int port = 0; 335 struct servent *sp; 336 337 if (argc > 1) { 338 usage (); 339 } else if (argc == 1) { 340 sp = roken_getservbyname (*argv, "tcp"); 341 if (sp) 342 port = sp->s_port; 343 else 344 port = htons(atoi(*argv)); 345 } else { 346 #ifdef KRB5 347 port = krb5_getportbyname (NULL, "telnet", "tcp", 23); 348 #else 349 port = k_getportbyname("telnet", "tcp", htons(23)); 350 #endif 351 } 352 mini_inetd (port); 353 } else if (argc > 0) { 354 usage(); 355 /* NOT REACHED */ 356 } 357 358 #ifdef _SC_CRAY_SECURE_SYS 359 secflag = sysconf(_SC_CRAY_SECURE_SYS); 360 361 /* 362 * Get socket's security label 363 */ 364 if (secflag) { 365 int szss = sizeof(ss); 366 int sock_multi; 367 int szi = sizeof(int); 368 369 memset(&dv, 0, sizeof(dv)); 370 371 if (getsysv(&sysv, sizeof(struct sysv)) != 0) 372 fatalperror(net, "getsysv"); 373 374 /* 375 * Get socket security label and set device values 376 * {security label to be set on ttyp device} 377 */ 378 #ifdef SO_SEC_MULTI /* 8.0 code */ 379 if ((getsockopt(0, SOL_SOCKET, SO_SECURITY, 380 (void *)&ss, &szss) < 0) || 381 (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI, 382 (void *)&sock_multi, &szi) < 0)) 383 fatalperror(net, "getsockopt"); 384 else { 385 dv.dv_actlvl = ss.ss_actlabel.lt_level; 386 dv.dv_actcmp = ss.ss_actlabel.lt_compart; 387 if (!sock_multi) { 388 dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl; 389 dv.dv_valcmp = dv.dv_actcmp; 390 } else { 391 dv.dv_minlvl = ss.ss_minlabel.lt_level; 392 dv.dv_maxlvl = ss.ss_maxlabel.lt_level; 393 dv.dv_valcmp = ss.ss_maxlabel.lt_compart; 394 } 395 dv.dv_devflg = 0; 396 } 397 #else /* SO_SEC_MULTI */ /* 7.0 code */ 398 if (getsockopt(0, SOL_SOCKET, SO_SECURITY, 399 (void *)&ss, &szss) >= 0) { 400 dv.dv_actlvl = ss.ss_slevel; 401 dv.dv_actcmp = ss.ss_compart; 402 dv.dv_minlvl = ss.ss_minlvl; 403 dv.dv_maxlvl = ss.ss_maxlvl; 404 dv.dv_valcmp = ss.ss_maxcmp; 405 } 406 #endif /* SO_SEC_MULTI */ 407 } 408 #endif /* _SC_CRAY_SECURE_SYS */ 409 410 roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON); 411 sa_size = sizeof (__ss); 412 if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) { 413 fprintf(stderr, "%s: ", progname); 414 perror("getpeername"); 415 _exit(1); 416 } 417 if (keepalive && 418 setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE, 419 (void *)&on, sizeof (on)) < 0) { 420 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); 421 } 422 423 #if defined(IPPROTO_IP) && defined(IP_TOS) && defined(HAVE_SETSOCKOPT) 424 { 425 # ifdef HAVE_GETTOSBYNAME 426 struct tosent *tp; 427 if (tos < 0 && (tp = gettosbyname("telnet", "tcp"))) 428 tos = tp->t_tos; 429 # endif 430 if (tos < 0) 431 tos = 020; /* Low Delay bit */ 432 if (tos 433 && sa->sa_family == AF_INET 434 && (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS, 435 (void *)&tos, sizeof(tos)) < 0) 436 && (errno != ENOPROTOOPT) ) 437 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); 438 } 439 #endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ 440 net = STDIN_FILENO; 441 doit(sa, sa_size); 442 /* NOTREACHED */ 443 return 0; 444 } /* end of main */ 445 446 static void 447 usage(void) 448 { 449 fprintf(stderr, "Usage: telnetd"); 450 #ifdef AUTHENTICATION 451 fprintf(stderr, " [-a (debug|other|otp|user|valid|off|none)]\n\t"); 452 #endif 453 fprintf(stderr, " [-debug]"); 454 #ifdef DIAGNOSTICS 455 fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t"); 456 #endif 457 #ifdef AUTHENTICATION 458 fprintf(stderr, " [-edebug]"); 459 #endif 460 fprintf(stderr, " [-h]"); 461 fprintf(stderr, " [-L login]"); 462 fprintf(stderr, " [-n]"); 463 #ifdef _CRAY 464 fprintf(stderr, " [-r[lowpty]-[highpty]]"); 465 #endif 466 fprintf(stderr, "\n\t"); 467 #ifdef HAVE_GETTOSBYNAME 468 fprintf(stderr, " [-S tos]"); 469 #endif 470 #ifdef AUTHENTICATION 471 fprintf(stderr, " [-X auth-type] [-y] [-z]"); 472 #endif 473 fprintf(stderr, " [-u utmp_hostname_length] [-U]"); 474 fprintf(stderr, " [port]\n"); 475 exit(1); 476 } 477 478 /* 479 * getterminaltype 480 * 481 * Ask the other end to send along its terminal type and speed. 482 * Output is the variable terminaltype filled in. 483 */ 484 static unsigned char ttytype_sbbuf[] = { 485 IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE 486 }; 487 488 int 489 getterminaltype(char *name, size_t name_sz) 490 { 491 int retval = -1; 492 void _gettermname(); 493 494 settimer(baseline); 495 #ifdef AUTHENTICATION 496 /* 497 * Handle the Authentication option before we do anything else. 498 */ 499 send_do(TELOPT_AUTHENTICATION, 1); 500 while (his_will_wont_is_changing(TELOPT_AUTHENTICATION)) 501 ttloop(); 502 if (his_state_is_will(TELOPT_AUTHENTICATION)) { 503 retval = auth_wait(name, name_sz); 504 } 505 #endif 506 507 #ifdef ENCRYPTION 508 send_will(TELOPT_ENCRYPT, 1); 509 send_do(TELOPT_ENCRYPT, 1); /* esc@magic.fi */ 510 #endif 511 send_do(TELOPT_TTYPE, 1); 512 send_do(TELOPT_TSPEED, 1); 513 send_do(TELOPT_XDISPLOC, 1); 514 send_do(TELOPT_NEW_ENVIRON, 1); 515 send_do(TELOPT_OLD_ENVIRON, 1); 516 while ( 517 #ifdef ENCRYPTION 518 his_do_dont_is_changing(TELOPT_ENCRYPT) || 519 #endif 520 his_will_wont_is_changing(TELOPT_TTYPE) || 521 his_will_wont_is_changing(TELOPT_TSPEED) || 522 his_will_wont_is_changing(TELOPT_XDISPLOC) || 523 his_will_wont_is_changing(TELOPT_NEW_ENVIRON) || 524 his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) { 525 ttloop(); 526 } 527 #ifdef ENCRYPTION 528 /* 529 * Wait for the negotiation of what type of encryption we can 530 * send with. If autoencrypt is not set, this will just return. 531 */ 532 if (his_state_is_will(TELOPT_ENCRYPT)) { 533 encrypt_wait(); 534 } 535 #endif 536 if (his_state_is_will(TELOPT_TSPEED)) { 537 static unsigned char sb[] = 538 { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE }; 539 540 telnet_net_write (sb, sizeof sb); 541 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); 542 } 543 if (his_state_is_will(TELOPT_XDISPLOC)) { 544 static unsigned char sb[] = 545 { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE }; 546 547 telnet_net_write (sb, sizeof sb); 548 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); 549 } 550 if (his_state_is_will(TELOPT_NEW_ENVIRON)) { 551 static unsigned char sb[] = 552 { IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE }; 553 554 telnet_net_write (sb, sizeof sb); 555 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); 556 } 557 else if (his_state_is_will(TELOPT_OLD_ENVIRON)) { 558 static unsigned char sb[] = 559 { IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE }; 560 561 telnet_net_write (sb, sizeof sb); 562 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); 563 } 564 if (his_state_is_will(TELOPT_TTYPE)) { 565 566 telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf); 567 DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2, 568 sizeof ttytype_sbbuf - 2);); 569 } 570 if (his_state_is_will(TELOPT_TSPEED)) { 571 while (sequenceIs(tspeedsubopt, baseline)) 572 ttloop(); 573 } 574 if (his_state_is_will(TELOPT_XDISPLOC)) { 575 while (sequenceIs(xdisplocsubopt, baseline)) 576 ttloop(); 577 } 578 if (his_state_is_will(TELOPT_NEW_ENVIRON)) { 579 while (sequenceIs(environsubopt, baseline)) 580 ttloop(); 581 } 582 if (his_state_is_will(TELOPT_OLD_ENVIRON)) { 583 while (sequenceIs(oenvironsubopt, baseline)) 584 ttloop(); 585 } 586 if (his_state_is_will(TELOPT_TTYPE)) { 587 char first[256], last[256]; 588 589 while (sequenceIs(ttypesubopt, baseline)) 590 ttloop(); 591 592 /* 593 * If the other side has already disabled the option, then 594 * we have to just go with what we (might) have already gotten. 595 */ 596 if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) { 597 strlcpy(first, terminaltype, sizeof(first)); 598 for(;;) { 599 /* 600 * Save the unknown name, and request the next name. 601 */ 602 strlcpy(last, terminaltype, sizeof(last)); 603 _gettermname(); 604 if (terminaltypeok(terminaltype)) 605 break; 606 if ((strncmp(last, terminaltype, sizeof(last)) == 0) || 607 his_state_is_wont(TELOPT_TTYPE)) { 608 /* 609 * We've hit the end. If this is the same as 610 * the first name, just go with it. 611 */ 612 if (strncmp(first, terminaltype, sizeof(first)) == 0) 613 break; 614 /* 615 * Get the terminal name one more time, so that 616 * RFC1091 compliant telnets will cycle back to 617 * the start of the list. 618 */ 619 _gettermname(); 620 if (strncmp(first, terminaltype, sizeof(first)) != 0) 621 strcpy(terminaltype, first); 622 break; 623 } 624 } 625 } 626 } 627 return(retval); 628 } /* end of getterminaltype */ 629 630 void 631 _gettermname() 632 { 633 /* 634 * If the client turned off the option, 635 * we can't send another request, so we 636 * just return. 637 */ 638 if (his_state_is_wont(TELOPT_TTYPE)) 639 return; 640 settimer(baseline); 641 telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf); 642 DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2, 643 sizeof ttytype_sbbuf - 2);); 644 while (sequenceIs(ttypesubopt, baseline)) 645 ttloop(); 646 } 647 648 int 649 terminaltypeok(char *s) 650 { 651 return 1; 652 } 653 654 655 char *hostname; 656 char host_name[MaxHostNameLen]; 657 char remote_host_name[MaxHostNameLen]; 658 659 /* 660 * Get a pty, scan input lines. 661 */ 662 static void 663 doit(struct sockaddr *who, int who_len) 664 { 665 char *host = NULL; 666 int level; 667 int ptynum; 668 char user_name[256]; 669 int error; 670 char host_addr[256]; 671 672 /* 673 * Find an available pty to use. 674 */ 675 ourpty = getpty(&ptynum); 676 if (ourpty < 0) 677 fatal(net, "All network ports in use"); 678 679 #ifdef _SC_CRAY_SECURE_SYS 680 /* 681 * set ttyp line security label 682 */ 683 if (secflag) { 684 char slave_dev[16]; 685 686 snprintf(tty_dev, sizeof(tty_dev), "/dev/pty/%03d", ptynum); 687 if (setdevs(tty_dev, &dv) < 0) 688 fatal(net, "cannot set pty security"); 689 snprintf(slave_dev, sizeof(slave_dev), "/dev/ttyp%03d", ptynum); 690 if (setdevs(slave_dev, &dv) < 0) 691 fatal(net, "cannot set tty security"); 692 } 693 #endif /* _SC_CRAY_SECURE_SYS */ 694 695 error = getnameinfo_verified (who, who_len, host_addr, sizeof(host_addr), 696 NULL, 0, 697 registerd_host_only ? NI_NAMEREQD : 0); 698 if (error) 699 fatal(net, "Couldn't resolve your address into a host name.\r\n\ 700 Please contact your net administrator"); 701 702 /* 703 * We must make a copy because Kerberos is probably going 704 * to also do a gethost* and overwrite the static data... 705 */ 706 strlcpy(remote_host_name, host_addr, sizeof(remote_host_name)); 707 host = remote_host_name; 708 709 /* XXX - should be k_gethostname? */ 710 gethostname(host_name, sizeof (host_name)); 711 hostname = host_name; 712 713 /* Only trim if too long (and possible) */ 714 if (strlen(remote_host_name) > abs(utmp_len)) { 715 char *domain = strchr(host_name, '.'); 716 char *p = strchr(remote_host_name, '.'); 717 if (domain && p && (strcmp(p, domain) == 0)) 718 *p = 0; /* remove domain part */ 719 } 720 721 722 /* 723 * If hostname still doesn't fit utmp, use ipaddr. 724 */ 725 if (strlen(remote_host_name) > abs(utmp_len)) 726 strlcpy(remote_host_name, 727 host_addr, 728 sizeof(remote_host_name)); 729 730 #ifdef AUTHENTICATION 731 auth_encrypt_init(hostname, host, "TELNETD", 1); 732 #endif 733 734 init_env(); 735 /* 736 * get terminal type. 737 */ 738 *user_name = 0; 739 level = getterminaltype(user_name, sizeof(user_name)); 740 setenv("TERM", terminaltype ? terminaltype : "network", 1); 741 742 #ifdef _SC_CRAY_SECURE_SYS 743 if (secflag) { 744 if (setulvl(dv.dv_actlvl) < 0) 745 fatal(net,"cannot setulvl()"); 746 if (setucmp(dv.dv_actcmp) < 0) 747 fatal(net, "cannot setucmp()"); 748 } 749 #endif /* _SC_CRAY_SECURE_SYS */ 750 751 /* begin server processing */ 752 my_telnet(net, ourpty, host, level, user_name); 753 /*NOTREACHED*/ 754 } /* end of doit */ 755 756 /* output contents of /etc/issue.net, or /etc/issue */ 757 static void 758 show_issue(void) 759 { 760 FILE *f; 761 char buf[128]; 762 f = fopen("/etc/issue.net", "r"); 763 if(f == NULL) 764 f = fopen("/etc/issue", "r"); 765 if(f){ 766 while(fgets(buf, sizeof(buf)-2, f)){ 767 strcpy(buf + strcspn(buf, "\r\n"), "\r\n"); 768 writenet((unsigned char*)buf, strlen(buf)); 769 } 770 fclose(f); 771 } 772 } 773 774 /* 775 * Main loop. Select from pty and network, and 776 * hand data to telnet receiver finite state machine. 777 */ 778 void 779 my_telnet(int f, int p, char *host, int level, char *autoname) 780 { 781 int on = 1; 782 char *he; 783 char *IM; 784 int nfd; 785 int startslave_called = 0; 786 time_t timeout; 787 788 /* 789 * Initialize the slc mapping table. 790 */ 791 get_slc_defaults(); 792 793 /* 794 * Do some tests where it is desireable to wait for a response. 795 * Rather than doing them slowly, one at a time, do them all 796 * at once. 797 */ 798 if (my_state_is_wont(TELOPT_SGA)) 799 send_will(TELOPT_SGA, 1); 800 /* 801 * Is the client side a 4.2 (NOT 4.3) system? We need to know this 802 * because 4.2 clients are unable to deal with TCP urgent data. 803 * 804 * To find out, we send out a "DO ECHO". If the remote system 805 * answers "WILL ECHO" it is probably a 4.2 client, and we note 806 * that fact ("WILL ECHO" ==> that the client will echo what 807 * WE, the server, sends it; it does NOT mean that the client will 808 * echo the terminal input). 809 */ 810 send_do(TELOPT_ECHO, 1); 811 812 /* 813 * Send along a couple of other options that we wish to negotiate. 814 */ 815 send_do(TELOPT_NAWS, 1); 816 send_will(TELOPT_STATUS, 1); 817 flowmode = 1; /* default flow control state */ 818 restartany = -1; /* uninitialized... */ 819 send_do(TELOPT_LFLOW, 1); 820 821 /* 822 * Spin, waiting for a response from the DO ECHO. However, 823 * some REALLY DUMB telnets out there might not respond 824 * to the DO ECHO. So, we spin looking for NAWS, (most dumb 825 * telnets so far seem to respond with WONT for a DO that 826 * they don't understand...) because by the time we get the 827 * response, it will already have processed the DO ECHO. 828 * Kludge upon kludge. 829 */ 830 while (his_will_wont_is_changing(TELOPT_NAWS)) 831 ttloop(); 832 833 /* 834 * But... 835 * The client might have sent a WILL NAWS as part of its 836 * startup code; if so, we'll be here before we get the 837 * response to the DO ECHO. We'll make the assumption 838 * that any implementation that understands about NAWS 839 * is a modern enough implementation that it will respond 840 * to our DO ECHO request; hence we'll do another spin 841 * waiting for the ECHO option to settle down, which is 842 * what we wanted to do in the first place... 843 */ 844 if (his_want_state_is_will(TELOPT_ECHO) && 845 his_state_is_will(TELOPT_NAWS)) { 846 while (his_will_wont_is_changing(TELOPT_ECHO)) 847 ttloop(); 848 } 849 /* 850 * On the off chance that the telnet client is broken and does not 851 * respond to the DO ECHO we sent, (after all, we did send the 852 * DO NAWS negotiation after the DO ECHO, and we won't get here 853 * until a response to the DO NAWS comes back) simulate the 854 * receipt of a will echo. This will also send a WONT ECHO 855 * to the client, since we assume that the client failed to 856 * respond because it believes that it is already in DO ECHO 857 * mode, which we do not want. 858 */ 859 if (his_want_state_is_will(TELOPT_ECHO)) { 860 DIAG(TD_OPTIONS, 861 {output_data("td: simulating recv\r\n"); 862 }); 863 willoption(TELOPT_ECHO); 864 } 865 866 /* 867 * Finally, to clean things up, we turn on our echo. This 868 * will break stupid 4.2 telnets out of local terminal echo. 869 */ 870 871 if (my_state_is_wont(TELOPT_ECHO)) 872 send_will(TELOPT_ECHO, 1); 873 874 #ifdef TIOCPKT 875 #ifdef STREAMSPTY 876 if (!really_stream) 877 #endif 878 /* 879 * Turn on packet mode 880 */ 881 ioctl(p, TIOCPKT, (char *)&on); 882 #endif 883 884 885 /* 886 * Call telrcv() once to pick up anything received during 887 * terminal type negotiation, 4.2/4.3 determination, and 888 * linemode negotiation. 889 */ 890 telrcv(); 891 892 ioctl(f, FIONBIO, (char *)&on); 893 ioctl(p, FIONBIO, (char *)&on); 894 895 #if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT) 896 setsockopt(net, SOL_SOCKET, SO_OOBINLINE, 897 (void *)&on, sizeof on); 898 #endif /* defined(SO_OOBINLINE) */ 899 900 #ifdef SIGTSTP 901 signal(SIGTSTP, SIG_IGN); 902 #endif 903 #ifdef SIGTTOU 904 /* 905 * Ignoring SIGTTOU keeps the kernel from blocking us 906 * in ttioct() in /sys/tty.c. 907 */ 908 signal(SIGTTOU, SIG_IGN); 909 #endif 910 911 signal(SIGCHLD, cleanup); 912 913 #ifdef TIOCNOTTY 914 { 915 int t; 916 t = open(_PATH_TTY, O_RDWR); 917 if (t >= 0) { 918 ioctl(t, TIOCNOTTY, (char *)0); 919 close(t); 920 } 921 } 922 #endif 923 924 show_issue(); 925 /* 926 * Show banner that getty never gave. 927 * 928 * We put the banner in the pty input buffer. This way, it 929 * gets carriage return null processing, etc., just like all 930 * other pty --> client data. 931 */ 932 933 if (getenv("USER")) 934 hostinfo = 0; 935 936 IM = DEFAULT_IM; 937 he = 0; 938 edithost(he, host_name); 939 if (hostinfo && *IM) 940 putf(IM, ptyibuf2); 941 942 if (pcc) 943 strncat(ptyibuf2, ptyip, pcc+1); 944 ptyip = ptyibuf2; 945 pcc = strlen(ptyip); 946 947 DIAG(TD_REPORT, { 948 output_data("td: Entering processing loop\r\n"); 949 }); 950 951 952 nfd = ((f > p) ? f : p) + 1; 953 timeout = time(NULL) + 5; 954 for (;;) { 955 fd_set ibits, obits, xbits; 956 int c; 957 958 /* wait for encryption to be turned on, but don't wait 959 indefinitely */ 960 if(!startslave_called && (!encrypt_delay() || timeout > time(NULL))){ 961 startslave_called = 1; 962 startslave(host, level, autoname); 963 } 964 965 if (ncc < 0 && pcc < 0) 966 break; 967 968 FD_ZERO(&ibits); 969 FD_ZERO(&obits); 970 FD_ZERO(&xbits); 971 /* 972 * Never look for input if there's still 973 * stuff in the corresponding output buffer 974 */ 975 if (nfrontp - nbackp || pcc > 0) { 976 FD_SET(f, &obits); 977 } else { 978 FD_SET(p, &ibits); 979 } 980 if (pfrontp - pbackp || ncc > 0) { 981 FD_SET(p, &obits); 982 } else { 983 FD_SET(f, &ibits); 984 } 985 if (!SYNCHing) { 986 FD_SET(f, &xbits); 987 } 988 if ((c = select(nfd, &ibits, &obits, &xbits, 989 (struct timeval *)0)) < 1) { 990 if (c == -1) { 991 if (errno == EINTR) { 992 continue; 993 } 994 } 995 sleep(5); 996 continue; 997 } 998 999 /* 1000 * Any urgent data? 1001 */ 1002 if (FD_ISSET(net, &xbits)) { 1003 SYNCHing = 1; 1004 } 1005 1006 /* 1007 * Something to read from the network... 1008 */ 1009 if (FD_ISSET(net, &ibits)) { 1010 #ifndef SO_OOBINLINE 1011 /* 1012 * In 4.2 (and 4.3 beta) systems, the 1013 * OOB indication and data handling in the kernel 1014 * is such that if two separate TCP Urgent requests 1015 * come in, one byte of TCP data will be overlaid. 1016 * This is fatal for Telnet, but we try to live 1017 * with it. 1018 * 1019 * In addition, in 4.2 (and...), a special protocol 1020 * is needed to pick up the TCP Urgent data in 1021 * the correct sequence. 1022 * 1023 * What we do is: if we think we are in urgent 1024 * mode, we look to see if we are "at the mark". 1025 * If we are, we do an OOB receive. If we run 1026 * this twice, we will do the OOB receive twice, 1027 * but the second will fail, since the second 1028 * time we were "at the mark", but there wasn't 1029 * any data there (the kernel doesn't reset 1030 * "at the mark" until we do a normal read). 1031 * Once we've read the OOB data, we go ahead 1032 * and do normal reads. 1033 * 1034 * There is also another problem, which is that 1035 * since the OOB byte we read doesn't put us 1036 * out of OOB state, and since that byte is most 1037 * likely the TELNET DM (data mark), we would 1038 * stay in the TELNET SYNCH (SYNCHing) state. 1039 * So, clocks to the rescue. If we've "just" 1040 * received a DM, then we test for the 1041 * presence of OOB data when the receive OOB 1042 * fails (and AFTER we did the normal mode read 1043 * to clear "at the mark"). 1044 */ 1045 if (SYNCHing) { 1046 int atmark; 1047 1048 ioctl(net, SIOCATMARK, (char *)&atmark); 1049 if (atmark) { 1050 ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB); 1051 if ((ncc == -1) && (errno == EINVAL)) { 1052 ncc = read(net, netibuf, sizeof (netibuf)); 1053 if (sequenceIs(didnetreceive, gotDM)) { 1054 SYNCHing = stilloob(net); 1055 } 1056 } 1057 } else { 1058 ncc = read(net, netibuf, sizeof (netibuf)); 1059 } 1060 } else { 1061 ncc = read(net, netibuf, sizeof (netibuf)); 1062 } 1063 settimer(didnetreceive); 1064 #else /* !defined(SO_OOBINLINE)) */ 1065 ncc = read(net, netibuf, sizeof (netibuf)); 1066 #endif /* !defined(SO_OOBINLINE)) */ 1067 if (ncc < 0 && errno == EWOULDBLOCK) 1068 ncc = 0; 1069 else { 1070 if (ncc <= 0) { 1071 break; 1072 } 1073 netip = netibuf; 1074 } 1075 DIAG((TD_REPORT | TD_NETDATA), { 1076 output_data("td: netread %d chars\r\n", ncc); 1077 }); 1078 DIAG(TD_NETDATA, printdata("nd", netip, ncc)); 1079 } 1080 1081 /* 1082 * Something to read from the pty... 1083 */ 1084 if (FD_ISSET(p, &ibits)) { 1085 #ifdef STREAMSPTY 1086 if (really_stream) 1087 pcc = readstream(p, ptyibuf, BUFSIZ); 1088 else 1089 #endif 1090 pcc = read(p, ptyibuf, BUFSIZ); 1091 1092 /* 1093 * On some systems, if we try to read something 1094 * off the master side before the slave side is 1095 * opened, we get EIO. 1096 */ 1097 if (pcc < 0 && (errno == EWOULDBLOCK || 1098 #ifdef EAGAIN 1099 errno == EAGAIN || 1100 #endif 1101 errno == EIO)) { 1102 pcc = 0; 1103 } else { 1104 if (pcc <= 0) 1105 break; 1106 if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) { 1107 netclear(); /* clear buffer back */ 1108 #ifndef NO_URGENT 1109 /* 1110 * There are client telnets on some 1111 * operating systems get screwed up 1112 * royally if we send them urgent 1113 * mode data. 1114 */ 1115 output_data ("%c%c", IAC, DM); 1116 1117 neturg = nfrontp-1; /* off by one XXX */ 1118 DIAG(TD_OPTIONS, 1119 printoption("td: send IAC", DM)); 1120 1121 #endif 1122 } 1123 if (his_state_is_will(TELOPT_LFLOW) && 1124 (ptyibuf[0] & 1125 (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) { 1126 int newflow = 1127 ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0; 1128 if (newflow != flowmode) { 1129 flowmode = newflow; 1130 output_data("%c%c%c%c%c%c", 1131 IAC, SB, TELOPT_LFLOW, 1132 flowmode ? LFLOW_ON 1133 : LFLOW_OFF, 1134 IAC, SE); 1135 DIAG(TD_OPTIONS, printsub('>', 1136 (unsigned char *)nfrontp-4, 1137 4);); 1138 } 1139 } 1140 pcc--; 1141 ptyip = ptyibuf+1; 1142 } 1143 } 1144 1145 while (pcc > 0) { 1146 if ((&netobuf[BUFSIZ] - nfrontp) < 3) 1147 break; 1148 c = *ptyip++ & 0377, pcc--; 1149 if (c == IAC) 1150 *nfrontp++ = c; 1151 *nfrontp++ = c; 1152 if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) { 1153 if (pcc > 0 && ((*ptyip & 0377) == '\n')) { 1154 *nfrontp++ = *ptyip++ & 0377; 1155 pcc--; 1156 } else 1157 *nfrontp++ = '\0'; 1158 } 1159 } 1160 1161 if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0) 1162 netflush(); 1163 if (ncc > 0) 1164 telrcv(); 1165 if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0) 1166 ptyflush(); 1167 } 1168 cleanup(0); 1169 } 1170 1171 #ifndef TCSIG 1172 # ifdef TIOCSIG 1173 # define TCSIG TIOCSIG 1174 # endif 1175 #endif 1176 1177 #ifdef STREAMSPTY 1178 1179 int flowison = -1; /* current state of flow: -1 is unknown */ 1180 1181 int 1182 readstream(int p, char *ibuf, int bufsize) 1183 { 1184 int flags = 0; 1185 int ret = 0; 1186 struct termios *tsp; 1187 #if 0 1188 struct termio *tp; 1189 #endif 1190 struct iocblk *ip; 1191 char vstop, vstart; 1192 int ixon; 1193 int newflow; 1194 1195 strbufc.maxlen = BUFSIZ; 1196 strbufc.buf = (char *)ctlbuf; 1197 strbufd.maxlen = bufsize-1; 1198 strbufd.len = 0; 1199 strbufd.buf = ibuf+1; 1200 ibuf[0] = 0; 1201 1202 ret = getmsg(p, &strbufc, &strbufd, &flags); 1203 if (ret < 0) /* error of some sort -- probably EAGAIN */ 1204 return(-1); 1205 1206 if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) { 1207 /* data message */ 1208 if (strbufd.len > 0) { /* real data */ 1209 return(strbufd.len + 1); /* count header char */ 1210 } else { 1211 /* nothing there */ 1212 errno = EAGAIN; 1213 return(-1); 1214 } 1215 } 1216 1217 /* 1218 * It's a control message. Return 1, to look at the flag we set 1219 */ 1220 1221 switch (ctlbuf[0]) { 1222 case M_FLUSH: 1223 if (ibuf[1] & FLUSHW) 1224 ibuf[0] = TIOCPKT_FLUSHWRITE; 1225 return(1); 1226 1227 case M_IOCTL: 1228 ip = (struct iocblk *) (ibuf+1); 1229 1230 switch (ip->ioc_cmd) { 1231 #ifdef TCSETS 1232 case TCSETS: 1233 case TCSETSW: 1234 case TCSETSF: 1235 tsp = (struct termios *) 1236 (ibuf+1 + sizeof(struct iocblk)); 1237 vstop = tsp->c_cc[VSTOP]; 1238 vstart = tsp->c_cc[VSTART]; 1239 ixon = tsp->c_iflag & IXON; 1240 break; 1241 #endif 1242 #if 0 1243 case TCSETA: 1244 case TCSETAW: 1245 case TCSETAF: 1246 tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk)); 1247 vstop = tp->c_cc[VSTOP]; 1248 vstart = tp->c_cc[VSTART]; 1249 ixon = tp->c_iflag & IXON; 1250 break; 1251 #endif 1252 default: 1253 errno = EAGAIN; 1254 return(-1); 1255 } 1256 1257 newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0; 1258 if (newflow != flowison) { /* it's a change */ 1259 flowison = newflow; 1260 ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP; 1261 return(1); 1262 } 1263 } 1264 1265 /* nothing worth doing anything about */ 1266 errno = EAGAIN; 1267 return(-1); 1268 } 1269 #endif /* STREAMSPTY */ 1270 1271 /* 1272 * Send interrupt to process on other side of pty. 1273 * If it is in raw mode, just write NULL; 1274 * otherwise, write intr char. 1275 */ 1276 void 1277 interrupt() 1278 { 1279 ptyflush(); /* half-hearted */ 1280 1281 #if defined(STREAMSPTY) && defined(TIOCSIGNAL) 1282 /* Streams PTY style ioctl to post a signal */ 1283 if (really_stream) 1284 { 1285 int sig = SIGINT; 1286 ioctl(ourpty, TIOCSIGNAL, &sig); 1287 ioctl(ourpty, I_FLUSH, FLUSHR); 1288 } 1289 #else 1290 #ifdef TCSIG 1291 ioctl(ourpty, TCSIG, (char *)SIGINT); 1292 #else /* TCSIG */ 1293 init_termbuf(); 1294 *pfrontp++ = slctab[SLC_IP].sptr ? 1295 (unsigned char)*slctab[SLC_IP].sptr : '\177'; 1296 #endif /* TCSIG */ 1297 #endif 1298 } 1299 1300 /* 1301 * Send quit to process on other side of pty. 1302 * If it is in raw mode, just write NULL; 1303 * otherwise, write quit char. 1304 */ 1305 void 1306 sendbrk() 1307 { 1308 ptyflush(); /* half-hearted */ 1309 #ifdef TCSIG 1310 ioctl(ourpty, TCSIG, (char *)SIGQUIT); 1311 #else /* TCSIG */ 1312 init_termbuf(); 1313 *pfrontp++ = slctab[SLC_ABORT].sptr ? 1314 (unsigned char)*slctab[SLC_ABORT].sptr : '\034'; 1315 #endif /* TCSIG */ 1316 } 1317 1318 void 1319 sendsusp() 1320 { 1321 #ifdef SIGTSTP 1322 ptyflush(); /* half-hearted */ 1323 # ifdef TCSIG 1324 ioctl(ourpty, TCSIG, (char *)SIGTSTP); 1325 # else /* TCSIG */ 1326 *pfrontp++ = slctab[SLC_SUSP].sptr ? 1327 (unsigned char)*slctab[SLC_SUSP].sptr : '\032'; 1328 # endif /* TCSIG */ 1329 #endif /* SIGTSTP */ 1330 } 1331 1332 /* 1333 * When we get an AYT, if ^T is enabled, use that. Otherwise, 1334 * just send back "[Yes]". 1335 */ 1336 void 1337 recv_ayt() 1338 { 1339 #if defined(SIGINFO) && defined(TCSIG) 1340 if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) { 1341 ioctl(ourpty, TCSIG, (char *)SIGINFO); 1342 return; 1343 } 1344 #endif 1345 output_data("\r\n[Yes]\r\n"); 1346 } 1347 1348 void 1349 doeof() 1350 { 1351 init_termbuf(); 1352 1353 *pfrontp++ = slctab[SLC_EOF].sptr ? 1354 (unsigned char)*slctab[SLC_EOF].sptr : '\004'; 1355 } 1356