1 /* 2 * Copyright (c) 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "telnetd.h" 35 36 RCSID("$Id: telnetd.c,v 1.69.6.1 2004/03/22 18:17:25 lha Exp $"); 37 38 #ifdef _SC_CRAY_SECURE_SYS 39 #include <sys/sysv.h> 40 #include <sys/secdev.h> 41 #include <sys/secparm.h> 42 #include <sys/usrv.h> 43 int secflag; 44 char tty_dev[16]; 45 struct secdev dv; 46 struct sysv sysv; 47 struct socksec ss; 48 #endif /* _SC_CRAY_SECURE_SYS */ 49 50 #ifdef AUTHENTICATION 51 int auth_level = 0; 52 #endif 53 54 extern int utmp_len; 55 int registerd_host_only = 0; 56 57 #undef NOERROR 58 59 #ifdef STREAMSPTY 60 # include <stropts.h> 61 # include <termios.h> 62 #ifdef HAVE_SYS_UIO_H 63 #include <sys/uio.h> 64 #endif /* HAVE_SYS_UIO_H */ 65 #ifdef HAVE_SYS_STREAM_H 66 #include <sys/stream.h> 67 #endif 68 69 #ifdef _AIX 70 #include <sys/termio.h> 71 #endif 72 # ifdef HAVE_SYS_STRTTY_H 73 # include <sys/strtty.h> 74 # endif 75 # ifdef HAVE_SYS_STR_TTY_H 76 # include <sys/str_tty.h> 77 # endif 78 /* make sure we don't get the bsd version */ 79 /* what is this here for? solaris? /joda */ 80 # ifdef HAVE_SYS_TTY_H 81 # include "/usr/include/sys/tty.h" 82 # endif 83 # ifdef HAVE_SYS_PTYVAR_H 84 # include <sys/ptyvar.h> 85 # endif 86 87 /* 88 * Because of the way ptyibuf is used with streams messages, we need 89 * ptyibuf+1 to be on a full-word boundary. The following wierdness 90 * is simply to make that happen. 91 */ 92 long ptyibufbuf[BUFSIZ/sizeof(long)+1]; 93 char *ptyibuf = ((char *)&ptyibufbuf[1])-1; 94 char *ptyip = ((char *)&ptyibufbuf[1])-1; 95 char ptyibuf2[BUFSIZ]; 96 unsigned char ctlbuf[BUFSIZ]; 97 struct strbuf strbufc, strbufd; 98 99 int readstream(int, char*, int); 100 101 #else /* ! STREAMPTY */ 102 103 /* 104 * I/O data buffers, 105 * pointers, and counters. 106 */ 107 char ptyibuf[BUFSIZ], *ptyip = ptyibuf; 108 char ptyibuf2[BUFSIZ]; 109 110 #endif /* ! STREAMPTY */ 111 112 int hostinfo = 1; /* do we print login banner? */ 113 114 #ifdef _CRAY 115 extern int newmap; /* nonzero if \n maps to ^M^J */ 116 int lowpty = 0, highpty; /* low, high pty numbers */ 117 #endif /* CRAY */ 118 119 int debug = 0; 120 int keepalive = 1; 121 char *progname; 122 123 static void usage (void); 124 125 /* 126 * The string to pass to getopt(). We do it this way so 127 * that only the actual options that we support will be 128 * passed off to getopt(). 129 */ 130 char valid_opts[] = "Bd:hklnS:u:UL:y" 131 #ifdef AUTHENTICATION 132 "a:X:z" 133 #endif 134 #ifdef DIAGNOSTICS 135 "D:" 136 #endif 137 #ifdef _CRAY 138 "r:" 139 #endif 140 ; 141 142 static void doit(struct sockaddr*, int); 143 144 #ifdef ENCRYPTION 145 extern int des_check_key; 146 #endif 147 148 int 149 main(int argc, char **argv) 150 { 151 struct sockaddr_storage __ss; 152 struct sockaddr *sa = (struct sockaddr *)&__ss; 153 int on = 1; 154 socklen_t sa_size; 155 int ch; 156 #if defined(IPPROTO_IP) && defined(IP_TOS) 157 int tos = -1; 158 #endif 159 #ifdef ENCRYPTION 160 des_check_key = 1; /* Kludge for Mac NCSA telnet 2.6 /bg */ 161 #endif 162 pfrontp = pbackp = ptyobuf; 163 netip = netibuf; 164 nfrontp = nbackp = netobuf; 165 166 setprogname(argv[0]); 167 168 progname = *argv; 169 #ifdef ENCRYPTION 170 nclearto = 0; 171 #endif 172 173 #ifdef _CRAY 174 /* 175 * Get number of pty's before trying to process options, 176 * which may include changing pty range. 177 */ 178 highpty = getnpty(); 179 #endif /* CRAY */ 180 181 if (argc == 2 && strcmp(argv[1], "--version") == 0) { 182 print_version(NULL); 183 exit(0); 184 } 185 186 while ((ch = getopt(argc, argv, valid_opts)) != -1) { 187 switch(ch) { 188 189 #ifdef AUTHENTICATION 190 case 'a': 191 /* 192 * Check for required authentication level 193 */ 194 if (strcmp(optarg, "debug") == 0) { 195 auth_debug_mode = 1; 196 } else if (strcasecmp(optarg, "none") == 0) { 197 auth_level = 0; 198 } else if (strcasecmp(optarg, "otp") == 0) { 199 auth_level = 0; 200 require_otp = 1; 201 } else if (strcasecmp(optarg, "other") == 0) { 202 auth_level = AUTH_OTHER; 203 } else if (strcasecmp(optarg, "user") == 0) { 204 auth_level = AUTH_USER; 205 } else if (strcasecmp(optarg, "valid") == 0) { 206 auth_level = AUTH_VALID; 207 } else if (strcasecmp(optarg, "off") == 0) { 208 /* 209 * This hack turns off authentication 210 */ 211 auth_level = -1; 212 } else { 213 fprintf(stderr, 214 "telnetd: unknown authorization level for -a\n"); 215 } 216 break; 217 #endif /* AUTHENTICATION */ 218 219 case 'B': /* BFTP mode is not supported any more */ 220 break; 221 case 'd': 222 if (strcmp(optarg, "ebug") == 0) { 223 debug++; 224 break; 225 } 226 usage(); 227 /* NOTREACHED */ 228 break; 229 230 #ifdef DIAGNOSTICS 231 case 'D': 232 /* 233 * Check for desired diagnostics capabilities. 234 */ 235 if (!strcmp(optarg, "report")) { 236 diagnostic |= TD_REPORT|TD_OPTIONS; 237 } else if (!strcmp(optarg, "exercise")) { 238 diagnostic |= TD_EXERCISE; 239 } else if (!strcmp(optarg, "netdata")) { 240 diagnostic |= TD_NETDATA; 241 } else if (!strcmp(optarg, "ptydata")) { 242 diagnostic |= TD_PTYDATA; 243 } else if (!strcmp(optarg, "options")) { 244 diagnostic |= TD_OPTIONS; 245 } else { 246 usage(); 247 /* NOT REACHED */ 248 } 249 break; 250 #endif /* DIAGNOSTICS */ 251 252 253 case 'h': 254 hostinfo = 0; 255 break; 256 257 case 'k': /* Linemode is not supported any more */ 258 case 'l': 259 break; 260 261 case 'n': 262 keepalive = 0; 263 break; 264 265 #ifdef _CRAY 266 case 'r': 267 { 268 char *strchr(); 269 char *c; 270 271 /* 272 * Allow the specification of alterations 273 * to the pty search range. It is legal to 274 * specify only one, and not change the 275 * other from its default. 276 */ 277 c = strchr(optarg, '-'); 278 if (c) { 279 *c++ = '\0'; 280 highpty = atoi(c); 281 } 282 if (*optarg != '\0') 283 lowpty = atoi(optarg); 284 if ((lowpty > highpty) || (lowpty < 0) || 285 (highpty > 32767)) { 286 usage(); 287 /* NOT REACHED */ 288 } 289 break; 290 } 291 #endif /* CRAY */ 292 293 case 'S': 294 #ifdef HAVE_PARSETOS 295 if ((tos = parsetos(optarg, "tcp")) < 0) 296 fprintf(stderr, "%s%s%s\n", 297 "telnetd: Bad TOS argument '", optarg, 298 "'; will try to use default TOS"); 299 #else 300 fprintf(stderr, "%s%s\n", "TOS option unavailable; ", 301 "-S flag not supported\n"); 302 #endif 303 break; 304 305 case 'u': { 306 char *eptr; 307 308 utmp_len = strtol(optarg, &eptr, 0); 309 if (optarg == eptr) 310 fprintf(stderr, "telnetd: unknown utmp len (%s)\n", optarg); 311 break; 312 } 313 314 case 'U': 315 registerd_host_only = 1; 316 break; 317 318 #ifdef AUTHENTICATION 319 case 'X': 320 /* 321 * Check for invalid authentication types 322 */ 323 auth_disable_name(optarg); 324 break; 325 #endif 326 case 'y': 327 no_warn = 1; 328 break; 329 #ifdef AUTHENTICATION 330 case 'z': 331 log_unauth = 1; 332 break; 333 334 #endif /* AUTHENTICATION */ 335 336 case 'L': 337 new_login = optarg; 338 break; 339 340 default: 341 fprintf(stderr, "telnetd: %c: unknown option\n", ch); 342 /* FALLTHROUGH */ 343 case '?': 344 usage(); 345 /* NOTREACHED */ 346 } 347 } 348 349 argc -= optind; 350 argv += optind; 351 352 if (debug) { 353 int port = 0; 354 struct servent *sp; 355 356 if (argc > 1) { 357 usage (); 358 } else if (argc == 1) { 359 sp = roken_getservbyname (*argv, "tcp"); 360 if (sp) 361 port = sp->s_port; 362 else 363 port = htons(atoi(*argv)); 364 } else { 365 #ifdef KRB5 366 port = krb5_getportbyname (NULL, "telnet", "tcp", 23); 367 #else 368 port = k_getportbyname("telnet", "tcp", htons(23)); 369 #endif 370 } 371 mini_inetd (port); 372 } else if (argc > 0) { 373 usage(); 374 /* NOT REACHED */ 375 } 376 377 #ifdef _SC_CRAY_SECURE_SYS 378 secflag = sysconf(_SC_CRAY_SECURE_SYS); 379 380 /* 381 * Get socket's security label 382 */ 383 if (secflag) { 384 socklen_t szss = sizeof(ss); 385 int sock_multi; 386 socklen_t szi = sizeof(int); 387 388 memset(&dv, 0, sizeof(dv)); 389 390 if (getsysv(&sysv, sizeof(struct sysv)) != 0) 391 fatalperror(net, "getsysv"); 392 393 /* 394 * Get socket security label and set device values 395 * {security label to be set on ttyp device} 396 */ 397 #ifdef SO_SEC_MULTI /* 8.0 code */ 398 if ((getsockopt(0, SOL_SOCKET, SO_SECURITY, 399 (void *)&ss, &szss) < 0) || 400 (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI, 401 (void *)&sock_multi, &szi) < 0)) 402 fatalperror(net, "getsockopt"); 403 else { 404 dv.dv_actlvl = ss.ss_actlabel.lt_level; 405 dv.dv_actcmp = ss.ss_actlabel.lt_compart; 406 if (!sock_multi) { 407 dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl; 408 dv.dv_valcmp = dv.dv_actcmp; 409 } else { 410 dv.dv_minlvl = ss.ss_minlabel.lt_level; 411 dv.dv_maxlvl = ss.ss_maxlabel.lt_level; 412 dv.dv_valcmp = ss.ss_maxlabel.lt_compart; 413 } 414 dv.dv_devflg = 0; 415 } 416 #else /* SO_SEC_MULTI */ /* 7.0 code */ 417 if (getsockopt(0, SOL_SOCKET, SO_SECURITY, 418 (void *)&ss, &szss) >= 0) { 419 dv.dv_actlvl = ss.ss_slevel; 420 dv.dv_actcmp = ss.ss_compart; 421 dv.dv_minlvl = ss.ss_minlvl; 422 dv.dv_maxlvl = ss.ss_maxlvl; 423 dv.dv_valcmp = ss.ss_maxcmp; 424 } 425 #endif /* SO_SEC_MULTI */ 426 } 427 #endif /* _SC_CRAY_SECURE_SYS */ 428 429 roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON); 430 sa_size = sizeof (__ss); 431 if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) { 432 fprintf(stderr, "%s: ", progname); 433 perror("getpeername"); 434 _exit(1); 435 } 436 if (keepalive && 437 setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE, 438 (void *)&on, sizeof (on)) < 0) { 439 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); 440 } 441 442 #if defined(IPPROTO_IP) && defined(IP_TOS) && defined(HAVE_SETSOCKOPT) 443 { 444 # ifdef HAVE_GETTOSBYNAME 445 struct tosent *tp; 446 if (tos < 0 && (tp = gettosbyname("telnet", "tcp"))) 447 tos = tp->t_tos; 448 # endif 449 if (tos < 0) 450 tos = 020; /* Low Delay bit */ 451 if (tos 452 && sa->sa_family == AF_INET 453 && (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS, 454 (void *)&tos, sizeof(tos)) < 0) 455 && (errno != ENOPROTOOPT) ) 456 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); 457 } 458 #endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ 459 net = STDIN_FILENO; 460 doit(sa, sa_size); 461 /* NOTREACHED */ 462 return 0; 463 } /* end of main */ 464 465 static void 466 usage(void) 467 { 468 fprintf(stderr, "Usage: telnetd"); 469 #ifdef AUTHENTICATION 470 fprintf(stderr, " [-a (debug|other|otp|user|valid|off|none)]\n\t"); 471 #endif 472 fprintf(stderr, " [-debug]"); 473 #ifdef DIAGNOSTICS 474 fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t"); 475 #endif 476 #ifdef AUTHENTICATION 477 fprintf(stderr, " [-edebug]"); 478 #endif 479 fprintf(stderr, " [-h]"); 480 fprintf(stderr, " [-L login]"); 481 fprintf(stderr, " [-n]"); 482 #ifdef _CRAY 483 fprintf(stderr, " [-r[lowpty]-[highpty]]"); 484 #endif 485 fprintf(stderr, "\n\t"); 486 #ifdef HAVE_GETTOSBYNAME 487 fprintf(stderr, " [-S tos]"); 488 #endif 489 #ifdef AUTHENTICATION 490 fprintf(stderr, " [-X auth-type] [-y] [-z]"); 491 #endif 492 fprintf(stderr, " [-u utmp_hostname_length] [-U]"); 493 fprintf(stderr, " [port]\n"); 494 exit(1); 495 } 496 497 /* 498 * getterminaltype 499 * 500 * Ask the other end to send along its terminal type and speed. 501 * Output is the variable terminaltype filled in. 502 */ 503 static unsigned char ttytype_sbbuf[] = { 504 IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE 505 }; 506 507 int 508 getterminaltype(char *name, size_t name_sz) 509 { 510 int retval = -1; 511 512 settimer(baseline); 513 #ifdef AUTHENTICATION 514 /* 515 * Handle the Authentication option before we do anything else. 516 */ 517 send_do(TELOPT_AUTHENTICATION, 1); 518 while (his_will_wont_is_changing(TELOPT_AUTHENTICATION)) 519 ttloop(); 520 if (his_state_is_will(TELOPT_AUTHENTICATION)) { 521 retval = auth_wait(name, name_sz); 522 } 523 #endif 524 525 #ifdef ENCRYPTION 526 send_will(TELOPT_ENCRYPT, 1); 527 send_do(TELOPT_ENCRYPT, 1); /* esc@magic.fi */ 528 #endif 529 send_do(TELOPT_TTYPE, 1); 530 send_do(TELOPT_TSPEED, 1); 531 send_do(TELOPT_XDISPLOC, 1); 532 send_do(TELOPT_NEW_ENVIRON, 1); 533 send_do(TELOPT_OLD_ENVIRON, 1); 534 while ( 535 #ifdef ENCRYPTION 536 his_do_dont_is_changing(TELOPT_ENCRYPT) || 537 #endif 538 his_will_wont_is_changing(TELOPT_TTYPE) || 539 his_will_wont_is_changing(TELOPT_TSPEED) || 540 his_will_wont_is_changing(TELOPT_XDISPLOC) || 541 his_will_wont_is_changing(TELOPT_NEW_ENVIRON) || 542 his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) { 543 ttloop(); 544 } 545 #ifdef ENCRYPTION 546 /* 547 * Wait for the negotiation of what type of encryption we can 548 * send with. If autoencrypt is not set, this will just return. 549 */ 550 if (his_state_is_will(TELOPT_ENCRYPT)) { 551 encrypt_wait(); 552 } 553 #endif 554 if (his_state_is_will(TELOPT_TSPEED)) { 555 static unsigned char sb[] = 556 { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE }; 557 558 telnet_net_write (sb, sizeof sb); 559 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); 560 } 561 if (his_state_is_will(TELOPT_XDISPLOC)) { 562 static unsigned char sb[] = 563 { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE }; 564 565 telnet_net_write (sb, sizeof sb); 566 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); 567 } 568 if (his_state_is_will(TELOPT_NEW_ENVIRON)) { 569 static unsigned char sb[] = 570 { IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE }; 571 572 telnet_net_write (sb, sizeof sb); 573 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); 574 } 575 else if (his_state_is_will(TELOPT_OLD_ENVIRON)) { 576 static unsigned char sb[] = 577 { IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE }; 578 579 telnet_net_write (sb, sizeof sb); 580 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); 581 } 582 if (his_state_is_will(TELOPT_TTYPE)) { 583 584 telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf); 585 DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2, 586 sizeof ttytype_sbbuf - 2);); 587 } 588 if (his_state_is_will(TELOPT_TSPEED)) { 589 while (sequenceIs(tspeedsubopt, baseline)) 590 ttloop(); 591 } 592 if (his_state_is_will(TELOPT_XDISPLOC)) { 593 while (sequenceIs(xdisplocsubopt, baseline)) 594 ttloop(); 595 } 596 if (his_state_is_will(TELOPT_NEW_ENVIRON)) { 597 while (sequenceIs(environsubopt, baseline)) 598 ttloop(); 599 } 600 if (his_state_is_will(TELOPT_OLD_ENVIRON)) { 601 while (sequenceIs(oenvironsubopt, baseline)) 602 ttloop(); 603 } 604 if (his_state_is_will(TELOPT_TTYPE)) { 605 char first[256], last[256]; 606 607 while (sequenceIs(ttypesubopt, baseline)) 608 ttloop(); 609 610 /* 611 * If the other side has already disabled the option, then 612 * we have to just go with what we (might) have already gotten. 613 */ 614 if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) { 615 strlcpy(first, terminaltype, sizeof(first)); 616 for(;;) { 617 /* 618 * Save the unknown name, and request the next name. 619 */ 620 strlcpy(last, terminaltype, sizeof(last)); 621 _gettermname(); 622 if (terminaltypeok(terminaltype)) 623 break; 624 if ((strncmp(last, terminaltype, sizeof(last)) == 0) || 625 his_state_is_wont(TELOPT_TTYPE)) { 626 /* 627 * We've hit the end. If this is the same as 628 * the first name, just go with it. 629 */ 630 if (strncmp(first, terminaltype, sizeof(first)) == 0) 631 break; 632 /* 633 * Get the terminal name one more time, so that 634 * RFC1091 compliant telnets will cycle back to 635 * the start of the list. 636 */ 637 _gettermname(); 638 if (strncmp(first, terminaltype, sizeof(first)) != 0) 639 strcpy(terminaltype, first); 640 break; 641 } 642 } 643 } 644 } 645 return(retval); 646 } /* end of getterminaltype */ 647 648 void 649 _gettermname(void) 650 { 651 /* 652 * If the client turned off the option, 653 * we can't send another request, so we 654 * just return. 655 */ 656 if (his_state_is_wont(TELOPT_TTYPE)) 657 return; 658 settimer(baseline); 659 telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf); 660 DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2, 661 sizeof ttytype_sbbuf - 2);); 662 while (sequenceIs(ttypesubopt, baseline)) 663 ttloop(); 664 } 665 666 int 667 terminaltypeok(char *s) 668 { 669 return 1; 670 } 671 672 673 char host_name[MaxHostNameLen]; 674 char remote_host_name[MaxHostNameLen]; 675 char remote_utmp_name[MaxHostNameLen]; 676 677 /* 678 * Get a pty, scan input lines. 679 */ 680 static void 681 doit(struct sockaddr *who, int who_len) 682 { 683 int level; 684 int ptynum; 685 char user_name[256]; 686 int error; 687 688 /* 689 * Find an available pty to use. 690 */ 691 ourpty = getpty(&ptynum); 692 if (ourpty < 0) 693 fatal(net, "All network ports in use"); 694 695 #ifdef _SC_CRAY_SECURE_SYS 696 /* 697 * set ttyp line security label 698 */ 699 if (secflag) { 700 char slave_dev[16]; 701 702 snprintf(tty_dev, sizeof(tty_dev), "/dev/pty/%03d", ptynum); 703 if (setdevs(tty_dev, &dv) < 0) 704 fatal(net, "cannot set pty security"); 705 snprintf(slave_dev, sizeof(slave_dev), "/dev/ttyp%03d", ptynum); 706 if (setdevs(slave_dev, &dv) < 0) 707 fatal(net, "cannot set tty security"); 708 } 709 #endif /* _SC_CRAY_SECURE_SYS */ 710 711 error = getnameinfo_verified (who, who_len, 712 remote_host_name, 713 sizeof(remote_host_name), 714 NULL, 0, 715 registerd_host_only ? NI_NAMEREQD : 0); 716 if (error) 717 fatal(net, "Couldn't resolve your address into a host name.\r\n\ 718 Please contact your net administrator"); 719 720 gethostname(host_name, sizeof (host_name)); 721 722 strlcpy (remote_utmp_name, remote_host_name, sizeof(remote_utmp_name)); 723 724 /* Only trim if too long (and possible) */ 725 if (strlen(remote_utmp_name) > utmp_len) { 726 char *domain = strchr(host_name, '.'); 727 char *p = strchr(remote_utmp_name, '.'); 728 if (domain != NULL && p != NULL && (strcmp(p, domain) == 0)) 729 *p = '\0'; /* remove domain part */ 730 } 731 732 /* 733 * If hostname still doesn't fit utmp, use ipaddr. 734 */ 735 if (strlen(remote_utmp_name) > utmp_len) { 736 error = getnameinfo (who, who_len, 737 remote_utmp_name, 738 sizeof(remote_utmp_name), 739 NULL, 0, 740 NI_NUMERICHOST); 741 if (error) 742 fatal(net, "Couldn't get numeric address\r\n"); 743 } 744 745 #ifdef AUTHENTICATION 746 auth_encrypt_init(host_name, remote_host_name, "TELNETD", 1); 747 #endif 748 749 init_env(); 750 /* 751 * get terminal type. 752 */ 753 *user_name = 0; 754 level = getterminaltype(user_name, sizeof(user_name)); 755 esetenv("TERM", terminaltype ? terminaltype : "network", 1); 756 757 #ifdef _SC_CRAY_SECURE_SYS 758 if (secflag) { 759 if (setulvl(dv.dv_actlvl) < 0) 760 fatal(net,"cannot setulvl()"); 761 if (setucmp(dv.dv_actcmp) < 0) 762 fatal(net, "cannot setucmp()"); 763 } 764 #endif /* _SC_CRAY_SECURE_SYS */ 765 766 /* begin server processing */ 767 my_telnet(net, ourpty, remote_host_name, remote_utmp_name, 768 level, user_name); 769 /*NOTREACHED*/ 770 } /* end of doit */ 771 772 /* output contents of /etc/issue.net, or /etc/issue */ 773 static void 774 show_issue(void) 775 { 776 FILE *f; 777 char buf[128]; 778 f = fopen(SYSCONFDIR "/issue.net", "r"); 779 if(f == NULL) 780 f = fopen(SYSCONFDIR "/issue", "r"); 781 if(f){ 782 while(fgets(buf, sizeof(buf)-2, f)){ 783 strcpy(buf + strcspn(buf, "\r\n"), "\r\n"); 784 writenet((unsigned char*)buf, strlen(buf)); 785 } 786 fclose(f); 787 } 788 } 789 790 /* 791 * Main loop. Select from pty and network, and 792 * hand data to telnet receiver finite state machine. 793 */ 794 void 795 my_telnet(int f, int p, const char *host, const char *utmp_host, 796 int level, char *autoname) 797 { 798 int on = 1; 799 char *he; 800 char *IM; 801 int nfd; 802 int startslave_called = 0; 803 time_t timeout; 804 805 /* 806 * Initialize the slc mapping table. 807 */ 808 get_slc_defaults(); 809 810 /* 811 * Do some tests where it is desireable to wait for a response. 812 * Rather than doing them slowly, one at a time, do them all 813 * at once. 814 */ 815 if (my_state_is_wont(TELOPT_SGA)) 816 send_will(TELOPT_SGA, 1); 817 /* 818 * Is the client side a 4.2 (NOT 4.3) system? We need to know this 819 * because 4.2 clients are unable to deal with TCP urgent data. 820 * 821 * To find out, we send out a "DO ECHO". If the remote system 822 * answers "WILL ECHO" it is probably a 4.2 client, and we note 823 * that fact ("WILL ECHO" ==> that the client will echo what 824 * WE, the server, sends it; it does NOT mean that the client will 825 * echo the terminal input). 826 */ 827 send_do(TELOPT_ECHO, 1); 828 829 /* 830 * Send along a couple of other options that we wish to negotiate. 831 */ 832 send_do(TELOPT_NAWS, 1); 833 send_will(TELOPT_STATUS, 1); 834 flowmode = 1; /* default flow control state */ 835 restartany = -1; /* uninitialized... */ 836 send_do(TELOPT_LFLOW, 1); 837 838 /* 839 * Spin, waiting for a response from the DO ECHO. However, 840 * some REALLY DUMB telnets out there might not respond 841 * to the DO ECHO. So, we spin looking for NAWS, (most dumb 842 * telnets so far seem to respond with WONT for a DO that 843 * they don't understand...) because by the time we get the 844 * response, it will already have processed the DO ECHO. 845 * Kludge upon kludge. 846 */ 847 while (his_will_wont_is_changing(TELOPT_NAWS)) 848 ttloop(); 849 850 /* 851 * But... 852 * The client might have sent a WILL NAWS as part of its 853 * startup code; if so, we'll be here before we get the 854 * response to the DO ECHO. We'll make the assumption 855 * that any implementation that understands about NAWS 856 * is a modern enough implementation that it will respond 857 * to our DO ECHO request; hence we'll do another spin 858 * waiting for the ECHO option to settle down, which is 859 * what we wanted to do in the first place... 860 */ 861 if (his_want_state_is_will(TELOPT_ECHO) && 862 his_state_is_will(TELOPT_NAWS)) { 863 while (his_will_wont_is_changing(TELOPT_ECHO)) 864 ttloop(); 865 } 866 /* 867 * On the off chance that the telnet client is broken and does not 868 * respond to the DO ECHO we sent, (after all, we did send the 869 * DO NAWS negotiation after the DO ECHO, and we won't get here 870 * until a response to the DO NAWS comes back) simulate the 871 * receipt of a will echo. This will also send a WONT ECHO 872 * to the client, since we assume that the client failed to 873 * respond because it believes that it is already in DO ECHO 874 * mode, which we do not want. 875 */ 876 if (his_want_state_is_will(TELOPT_ECHO)) { 877 DIAG(TD_OPTIONS, 878 {output_data("td: simulating recv\r\n"); 879 }); 880 willoption(TELOPT_ECHO); 881 } 882 883 /* 884 * Finally, to clean things up, we turn on our echo. This 885 * will break stupid 4.2 telnets out of local terminal echo. 886 */ 887 888 if (my_state_is_wont(TELOPT_ECHO)) 889 send_will(TELOPT_ECHO, 1); 890 891 #ifdef TIOCPKT 892 #ifdef STREAMSPTY 893 if (!really_stream) 894 #endif 895 /* 896 * Turn on packet mode 897 */ 898 ioctl(p, TIOCPKT, (char *)&on); 899 #endif 900 901 902 /* 903 * Call telrcv() once to pick up anything received during 904 * terminal type negotiation, 4.2/4.3 determination, and 905 * linemode negotiation. 906 */ 907 telrcv(); 908 909 ioctl(f, FIONBIO, (char *)&on); 910 ioctl(p, FIONBIO, (char *)&on); 911 912 #if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT) 913 setsockopt(net, SOL_SOCKET, SO_OOBINLINE, 914 (void *)&on, sizeof on); 915 #endif /* defined(SO_OOBINLINE) */ 916 917 #ifdef SIGTSTP 918 signal(SIGTSTP, SIG_IGN); 919 #endif 920 #ifdef SIGTTOU 921 /* 922 * Ignoring SIGTTOU keeps the kernel from blocking us 923 * in ttioct() in /sys/tty.c. 924 */ 925 signal(SIGTTOU, SIG_IGN); 926 #endif 927 928 signal(SIGCHLD, cleanup); 929 930 #ifdef TIOCNOTTY 931 { 932 int t; 933 t = open(_PATH_TTY, O_RDWR); 934 if (t >= 0) { 935 ioctl(t, TIOCNOTTY, (char *)0); 936 close(t); 937 } 938 } 939 #endif 940 941 show_issue(); 942 /* 943 * Show banner that getty never gave. 944 * 945 * We put the banner in the pty input buffer. This way, it 946 * gets carriage return null processing, etc., just like all 947 * other pty --> client data. 948 */ 949 950 if (getenv("USER")) 951 hostinfo = 0; 952 953 IM = DEFAULT_IM; 954 he = 0; 955 edithost(he, host_name); 956 if (hostinfo && *IM) 957 putf(IM, ptyibuf2); 958 959 if (pcc) 960 strncat(ptyibuf2, ptyip, pcc+1); 961 ptyip = ptyibuf2; 962 pcc = strlen(ptyip); 963 964 DIAG(TD_REPORT, { 965 output_data("td: Entering processing loop\r\n"); 966 }); 967 968 969 nfd = ((f > p) ? f : p) + 1; 970 timeout = time(NULL) + 5; 971 for (;;) { 972 fd_set ibits, obits, xbits; 973 int c; 974 975 /* wait for encryption to be turned on, but don't wait 976 indefinitely */ 977 if(!startslave_called && (!encrypt_delay() || timeout > time(NULL))){ 978 startslave_called = 1; 979 startslave(host, utmp_host, level, autoname); 980 } 981 982 if (ncc < 0 && pcc < 0) 983 break; 984 985 FD_ZERO(&ibits); 986 FD_ZERO(&obits); 987 FD_ZERO(&xbits); 988 989 if (f >= FD_SETSIZE 990 || p >= FD_SETSIZE) 991 fatal(net, "fd too large"); 992 993 /* 994 * Never look for input if there's still 995 * stuff in the corresponding output buffer 996 */ 997 if (nfrontp - nbackp || pcc > 0) { 998 FD_SET(f, &obits); 999 } else { 1000 FD_SET(p, &ibits); 1001 } 1002 if (pfrontp - pbackp || ncc > 0) { 1003 FD_SET(p, &obits); 1004 } else { 1005 FD_SET(f, &ibits); 1006 } 1007 if (!SYNCHing) { 1008 FD_SET(f, &xbits); 1009 } 1010 if ((c = select(nfd, &ibits, &obits, &xbits, 1011 (struct timeval *)0)) < 1) { 1012 if (c == -1) { 1013 if (errno == EINTR) { 1014 continue; 1015 } 1016 } 1017 sleep(5); 1018 continue; 1019 } 1020 1021 /* 1022 * Any urgent data? 1023 */ 1024 if (FD_ISSET(net, &xbits)) { 1025 SYNCHing = 1; 1026 } 1027 1028 /* 1029 * Something to read from the network... 1030 */ 1031 if (FD_ISSET(net, &ibits)) { 1032 #ifndef SO_OOBINLINE 1033 /* 1034 * In 4.2 (and 4.3 beta) systems, the 1035 * OOB indication and data handling in the kernel 1036 * is such that if two separate TCP Urgent requests 1037 * come in, one byte of TCP data will be overlaid. 1038 * This is fatal for Telnet, but we try to live 1039 * with it. 1040 * 1041 * In addition, in 4.2 (and...), a special protocol 1042 * is needed to pick up the TCP Urgent data in 1043 * the correct sequence. 1044 * 1045 * What we do is: if we think we are in urgent 1046 * mode, we look to see if we are "at the mark". 1047 * If we are, we do an OOB receive. If we run 1048 * this twice, we will do the OOB receive twice, 1049 * but the second will fail, since the second 1050 * time we were "at the mark", but there wasn't 1051 * any data there (the kernel doesn't reset 1052 * "at the mark" until we do a normal read). 1053 * Once we've read the OOB data, we go ahead 1054 * and do normal reads. 1055 * 1056 * There is also another problem, which is that 1057 * since the OOB byte we read doesn't put us 1058 * out of OOB state, and since that byte is most 1059 * likely the TELNET DM (data mark), we would 1060 * stay in the TELNET SYNCH (SYNCHing) state. 1061 * So, clocks to the rescue. If we've "just" 1062 * received a DM, then we test for the 1063 * presence of OOB data when the receive OOB 1064 * fails (and AFTER we did the normal mode read 1065 * to clear "at the mark"). 1066 */ 1067 if (SYNCHing) { 1068 int atmark; 1069 1070 ioctl(net, SIOCATMARK, (char *)&atmark); 1071 if (atmark) { 1072 ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB); 1073 if ((ncc == -1) && (errno == EINVAL)) { 1074 ncc = read(net, netibuf, sizeof (netibuf)); 1075 if (sequenceIs(didnetreceive, gotDM)) { 1076 SYNCHing = stilloob(net); 1077 } 1078 } 1079 } else { 1080 ncc = read(net, netibuf, sizeof (netibuf)); 1081 } 1082 } else { 1083 ncc = read(net, netibuf, sizeof (netibuf)); 1084 } 1085 settimer(didnetreceive); 1086 #else /* !defined(SO_OOBINLINE)) */ 1087 ncc = read(net, netibuf, sizeof (netibuf)); 1088 #endif /* !defined(SO_OOBINLINE)) */ 1089 if (ncc < 0 && errno == EWOULDBLOCK) 1090 ncc = 0; 1091 else { 1092 if (ncc <= 0) { 1093 break; 1094 } 1095 netip = netibuf; 1096 } 1097 DIAG((TD_REPORT | TD_NETDATA), { 1098 output_data("td: netread %d chars\r\n", ncc); 1099 }); 1100 DIAG(TD_NETDATA, printdata("nd", netip, ncc)); 1101 } 1102 1103 /* 1104 * Something to read from the pty... 1105 */ 1106 if (FD_ISSET(p, &ibits)) { 1107 #ifdef STREAMSPTY 1108 if (really_stream) 1109 pcc = readstream(p, ptyibuf, BUFSIZ); 1110 else 1111 #endif 1112 pcc = read(p, ptyibuf, BUFSIZ); 1113 1114 /* 1115 * On some systems, if we try to read something 1116 * off the master side before the slave side is 1117 * opened, we get EIO. 1118 */ 1119 if (pcc < 0 && (errno == EWOULDBLOCK || 1120 #ifdef EAGAIN 1121 errno == EAGAIN || 1122 #endif 1123 errno == EIO)) { 1124 pcc = 0; 1125 } else { 1126 if (pcc <= 0) 1127 break; 1128 if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) { 1129 netclear(); /* clear buffer back */ 1130 #ifndef NO_URGENT 1131 /* 1132 * There are client telnets on some 1133 * operating systems get screwed up 1134 * royally if we send them urgent 1135 * mode data. 1136 */ 1137 output_data ("%c%c", IAC, DM); 1138 1139 neturg = nfrontp-1; /* off by one XXX */ 1140 DIAG(TD_OPTIONS, 1141 printoption("td: send IAC", DM)); 1142 1143 #endif 1144 } 1145 if (his_state_is_will(TELOPT_LFLOW) && 1146 (ptyibuf[0] & 1147 (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) { 1148 int newflow = 1149 ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0; 1150 if (newflow != flowmode) { 1151 flowmode = newflow; 1152 output_data("%c%c%c%c%c%c", 1153 IAC, SB, TELOPT_LFLOW, 1154 flowmode ? LFLOW_ON 1155 : LFLOW_OFF, 1156 IAC, SE); 1157 DIAG(TD_OPTIONS, printsub('>', 1158 (unsigned char *)nfrontp-4, 1159 4);); 1160 } 1161 } 1162 pcc--; 1163 ptyip = ptyibuf+1; 1164 } 1165 } 1166 1167 while (pcc > 0) { 1168 if ((&netobuf[BUFSIZ] - nfrontp) < 3) 1169 break; 1170 c = *ptyip++ & 0377, pcc--; 1171 if (c == IAC) 1172 *nfrontp++ = c; 1173 *nfrontp++ = c; 1174 if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) { 1175 if (pcc > 0 && ((*ptyip & 0377) == '\n')) { 1176 *nfrontp++ = *ptyip++ & 0377; 1177 pcc--; 1178 } else 1179 *nfrontp++ = '\0'; 1180 } 1181 } 1182 1183 if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0) 1184 netflush(); 1185 if (ncc > 0) 1186 telrcv(); 1187 if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0) 1188 ptyflush(); 1189 } 1190 cleanup(0); 1191 } 1192 1193 #ifndef TCSIG 1194 # ifdef TIOCSIG 1195 # define TCSIG TIOCSIG 1196 # endif 1197 #endif 1198 1199 #ifdef STREAMSPTY 1200 1201 int flowison = -1; /* current state of flow: -1 is unknown */ 1202 1203 int 1204 readstream(int p, char *ibuf, int bufsize) 1205 { 1206 int flags = 0; 1207 int ret = 0; 1208 struct termios *tsp; 1209 #if 0 1210 struct termio *tp; 1211 #endif 1212 struct iocblk *ip; 1213 char vstop, vstart; 1214 int ixon; 1215 int newflow; 1216 1217 strbufc.maxlen = BUFSIZ; 1218 strbufc.buf = (char *)ctlbuf; 1219 strbufd.maxlen = bufsize-1; 1220 strbufd.len = 0; 1221 strbufd.buf = ibuf+1; 1222 ibuf[0] = 0; 1223 1224 ret = getmsg(p, &strbufc, &strbufd, &flags); 1225 if (ret < 0) /* error of some sort -- probably EAGAIN */ 1226 return(-1); 1227 1228 if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) { 1229 /* data message */ 1230 if (strbufd.len > 0) { /* real data */ 1231 return(strbufd.len + 1); /* count header char */ 1232 } else { 1233 /* nothing there */ 1234 errno = EAGAIN; 1235 return(-1); 1236 } 1237 } 1238 1239 /* 1240 * It's a control message. Return 1, to look at the flag we set 1241 */ 1242 1243 switch (ctlbuf[0]) { 1244 case M_FLUSH: 1245 if (ibuf[1] & FLUSHW) 1246 ibuf[0] = TIOCPKT_FLUSHWRITE; 1247 return(1); 1248 1249 case M_IOCTL: 1250 ip = (struct iocblk *) (ibuf+1); 1251 1252 switch (ip->ioc_cmd) { 1253 #ifdef TCSETS 1254 case TCSETS: 1255 case TCSETSW: 1256 case TCSETSF: 1257 tsp = (struct termios *) 1258 (ibuf+1 + sizeof(struct iocblk)); 1259 vstop = tsp->c_cc[VSTOP]; 1260 vstart = tsp->c_cc[VSTART]; 1261 ixon = tsp->c_iflag & IXON; 1262 break; 1263 #endif 1264 #if 0 1265 case TCSETA: 1266 case TCSETAW: 1267 case TCSETAF: 1268 tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk)); 1269 vstop = tp->c_cc[VSTOP]; 1270 vstart = tp->c_cc[VSTART]; 1271 ixon = tp->c_iflag & IXON; 1272 break; 1273 #endif 1274 default: 1275 errno = EAGAIN; 1276 return(-1); 1277 } 1278 1279 newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0; 1280 if (newflow != flowison) { /* it's a change */ 1281 flowison = newflow; 1282 ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP; 1283 return(1); 1284 } 1285 } 1286 1287 /* nothing worth doing anything about */ 1288 errno = EAGAIN; 1289 return(-1); 1290 } 1291 #endif /* STREAMSPTY */ 1292 1293 /* 1294 * Send interrupt to process on other side of pty. 1295 * If it is in raw mode, just write NULL; 1296 * otherwise, write intr char. 1297 */ 1298 void 1299 interrupt() 1300 { 1301 ptyflush(); /* half-hearted */ 1302 1303 #if defined(STREAMSPTY) && defined(TIOCSIGNAL) 1304 /* Streams PTY style ioctl to post a signal */ 1305 if (really_stream) 1306 { 1307 int sig = SIGINT; 1308 ioctl(ourpty, TIOCSIGNAL, &sig); 1309 ioctl(ourpty, I_FLUSH, FLUSHR); 1310 } 1311 #else 1312 #ifdef TCSIG 1313 ioctl(ourpty, TCSIG, (char *)SIGINT); 1314 #else /* TCSIG */ 1315 init_termbuf(); 1316 *pfrontp++ = slctab[SLC_IP].sptr ? 1317 (unsigned char)*slctab[SLC_IP].sptr : '\177'; 1318 #endif /* TCSIG */ 1319 #endif 1320 } 1321 1322 /* 1323 * Send quit to process on other side of pty. 1324 * If it is in raw mode, just write NULL; 1325 * otherwise, write quit char. 1326 */ 1327 void 1328 sendbrk() 1329 { 1330 ptyflush(); /* half-hearted */ 1331 #ifdef TCSIG 1332 ioctl(ourpty, TCSIG, (char *)SIGQUIT); 1333 #else /* TCSIG */ 1334 init_termbuf(); 1335 *pfrontp++ = slctab[SLC_ABORT].sptr ? 1336 (unsigned char)*slctab[SLC_ABORT].sptr : '\034'; 1337 #endif /* TCSIG */ 1338 } 1339 1340 void 1341 sendsusp() 1342 { 1343 #ifdef SIGTSTP 1344 ptyflush(); /* half-hearted */ 1345 # ifdef TCSIG 1346 ioctl(ourpty, TCSIG, (char *)SIGTSTP); 1347 # else /* TCSIG */ 1348 *pfrontp++ = slctab[SLC_SUSP].sptr ? 1349 (unsigned char)*slctab[SLC_SUSP].sptr : '\032'; 1350 # endif /* TCSIG */ 1351 #endif /* SIGTSTP */ 1352 } 1353 1354 /* 1355 * When we get an AYT, if ^T is enabled, use that. Otherwise, 1356 * just send back "[Yes]". 1357 */ 1358 void 1359 recv_ayt() 1360 { 1361 #if defined(SIGINFO) && defined(TCSIG) 1362 if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) { 1363 ioctl(ourpty, TCSIG, (char *)SIGINFO); 1364 return; 1365 } 1366 #endif 1367 output_data("\r\n[Yes]\r\n"); 1368 } 1369 1370 void 1371 doeof() 1372 { 1373 init_termbuf(); 1374 1375 *pfrontp++ = slctab[SLC_EOF].sptr ? 1376 (unsigned char)*slctab[SLC_EOF].sptr : '\004'; 1377 } 1378