telnetd.c revision 82497
1/* 2 * Copyright (c) 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#ifndef lint 35static const char copyright[] = 36"@(#) Copyright (c) 1989, 1993\n\ 37 The Regents of the University of California. All rights reserved.\n"; 38#endif /* not lint */ 39 40#ifndef lint 41#if 0 42static const char sccsid[] = "@(#)telnetd.c 8.4 (Berkeley) 5/30/95"; 43#endif 44static const char rcsid[] = 45 "$FreeBSD: head/contrib/telnet/telnetd/telnetd.c 82497 2001-08-29 14:16:17Z markm $"; 46#endif /* not lint */ 47 48#include "telnetd.h" 49#include "pathnames.h" 50 51#include <err.h> 52#include <arpa/inet.h> 53 54#include <sys/mman.h> 55#include <libutil.h> 56#include <paths.h> 57#include <utmp.h> 58 59#if defined(AUTHENTICATION) 60#include <libtelnet/auth.h> 61int auth_level = 0; 62#endif 63#if defined(ENCRYPTION) 64#include <libtelnet/encrypt.h> 65#endif 66#include <libtelnet/misc.h> 67#if defined(SecurID) 68int require_SecurID = 0; 69#endif 70 71char remote_hostname[MAXHOSTNAMELEN]; 72int utmp_len = sizeof(remote_hostname) - 1; 73int registerd_host_only = 0; 74 75#ifdef STREAMSPTY 76# include <stropts.h> 77# include <termio.h> 78/* make sure we don't get the bsd version */ 79# include "/usr/include/sys/tty.h" 80# include <sys/ptyvar.h> 81 82/* 83 * Because of the way ptyibuf is used with streams messages, we need 84 * ptyibuf+1 to be on a full-word boundary. The following weirdness 85 * is simply to make that happen. 86 */ 87long ptyibufbuf[BUFSIZ/sizeof(long)+1]; 88char *ptyibuf = ((char *)&ptyibufbuf[1])-1; 89char *ptyip = ((char *)&ptyibufbuf[1])-1; 90char ptyibuf2[BUFSIZ]; 91unsigned char ctlbuf[BUFSIZ]; 92struct strbuf strbufc, strbufd; 93 94#else /* ! STREAMPTY */ 95 96/* 97 * I/O data buffers, 98 * pointers, and counters. 99 */ 100char ptyibuf[BUFSIZ], *ptyip = ptyibuf; 101char ptyibuf2[BUFSIZ]; 102 103# include <termcap.h> 104 105int readstream(int p, char *ibuf, int bufsize); 106void doit(struct sockaddr *who); 107int terminaltypeok(char *s); 108void startslave(char *host, int autologin, char *autoname); 109 110#endif /* ! STREAMPTY */ 111 112int hostinfo = 1; /* do we print login banner? */ 113 114int debug = 0; 115int keepalive = 1; 116char *altlogin; 117 118void doit __P((struct sockaddr *)); 119int terminaltypeok __P((char *)); 120void startslave __P((char *, int, char *)); 121extern void usage P((void)); 122 123/* 124 * The string to pass to getopt(). We do it this way so 125 * that only the actual options that we support will be 126 * passed off to getopt(). 127 */ 128char valid_opts[] = { 129 'd', ':', 'h', 'k', 'n', 'p', ':', 'S', ':', 'u', ':', 'U', 130 '4', '6', 131#ifdef AUTHENTICATION 132 'a', ':', 'X', ':', 133#endif 134#ifdef BFTPDAEMON 135 'B', 136#endif 137#ifdef DIAGNOSTICS 138 'D', ':', 139#endif 140#ifdef ENCRYPTION 141 'e', ':', 142#endif 143#ifdef LINEMODE 144 'l', 145#endif 146#ifdef SecurID 147 's', 148#endif 149 '\0' 150}; 151 152int family = AF_INET; 153 154int 155main(argc, argv) 156 char *argv[]; 157{ 158 struct sockaddr_storage from; 159 int on = 1, fromlen; 160 register int ch; 161#if defined(IPPROTO_IP) && defined(IP_TOS) 162 int tos = -1; 163#endif 164 165 pfrontp = pbackp = ptyobuf; 166 netip = netibuf; 167 nfrontp = nbackp = netobuf; 168#ifdef ENCRYPTION 169 nclearto = 0; 170#endif /* ENCRYPTION */ 171 172 /* 173 * This initialization causes linemode to default to a configuration 174 * that works on all telnet clients, including the FreeBSD client. 175 * This is not quite the same as the telnet client issuing a "mode 176 * character" command, but has most of the same benefits, and is 177 * preferable since some clients (like usofts) don't have the 178 * mode character command anyway and linemode breaks things. 179 * The most notable symptom of fix is that csh "set filec" operations 180 * like <ESC> (filename completion) and ^D (choices) keys now work 181 * in telnet sessions and can be used more than once on the same line. 182 * CR/LF handling is also corrected in some termio modes. This 183 * change resolves problem reports bin/771 and bin/1037. 184 */ 185 186 linemode=1; /*Default to mode that works on bulk of clients*/ 187 188 while ((ch = getopt(argc, argv, valid_opts)) != -1) { 189 switch(ch) { 190 191#ifdef AUTHENTICATION 192 case 'a': 193 /* 194 * Check for required authentication level 195 */ 196 if (strcmp(optarg, "debug") == 0) { 197 extern int auth_debug_mode; 198 auth_debug_mode = 1; 199 } else if (strcasecmp(optarg, "none") == 0) { 200 auth_level = 0; 201 } else if (strcasecmp(optarg, "other") == 0) { 202 auth_level = AUTH_OTHER; 203 } else if (strcasecmp(optarg, "user") == 0) { 204 auth_level = AUTH_USER; 205 } else if (strcasecmp(optarg, "valid") == 0) { 206 auth_level = AUTH_VALID; 207 } else if (strcasecmp(optarg, "off") == 0) { 208 /* 209 * This hack turns off authentication 210 */ 211 auth_level = -1; 212 } else { 213 warnx("unknown authorization level for -a"); 214 } 215 break; 216#endif /* AUTHENTICATION */ 217 218#ifdef BFTPDAEMON 219 case 'B': 220 bftpd++; 221 break; 222#endif /* BFTPDAEMON */ 223 224 case 'd': 225 if (strcmp(optarg, "ebug") == 0) { 226 debug++; 227 break; 228 } 229 usage(); 230 /* NOTREACHED */ 231 break; 232 233#ifdef DIAGNOSTICS 234 case 'D': 235 /* 236 * Check for desired diagnostics capabilities. 237 */ 238 if (!strcmp(optarg, "report")) { 239 diagnostic |= TD_REPORT|TD_OPTIONS; 240 } else if (!strcmp(optarg, "exercise")) { 241 diagnostic |= TD_EXERCISE; 242 } else if (!strcmp(optarg, "netdata")) { 243 diagnostic |= TD_NETDATA; 244 } else if (!strcmp(optarg, "ptydata")) { 245 diagnostic |= TD_PTYDATA; 246 } else if (!strcmp(optarg, "options")) { 247 diagnostic |= TD_OPTIONS; 248 } else { 249 usage(); 250 /* NOT REACHED */ 251 } 252 break; 253#endif /* DIAGNOSTICS */ 254 255#ifdef ENCRYPTION 256 case 'e': 257 if (strcmp(optarg, "debug") == 0) { 258 extern int encrypt_debug_mode; 259 encrypt_debug_mode = 1; 260 break; 261 } 262 usage(); 263 /* NOTREACHED */ 264 break; 265#endif /* ENCRYPTION */ 266 267 case 'h': 268 hostinfo = 0; 269 break; 270 271#ifdef LINEMODE 272 case 'l': 273 alwayslinemode = 1; 274 break; 275#endif /* LINEMODE */ 276 277 case 'k': 278#if defined(LINEMODE) && defined(KLUDGELINEMODE) 279 lmodetype = NO_AUTOKLUDGE; 280#else 281 /* ignore -k option if built without kludge linemode */ 282#endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */ 283 break; 284 285 case 'n': 286 keepalive = 0; 287 break; 288 289 case 'p': 290 altlogin = optarg; 291 break; 292 293#ifdef SecurID 294 case 's': 295 /* SecurID required */ 296 require_SecurID = 1; 297 break; 298#endif /* SecurID */ 299 case 'S': 300#ifdef HAS_GETTOS 301 if ((tos = parsetos(optarg, "tcp")) < 0) 302 warnx("%s%s%s", 303 "bad TOS argument '", optarg, 304 "'; will try to use default TOS"); 305#else 306 warnx("TOS option unavailable; -S flag not supported"); 307#endif 308 break; 309 310 case 'u': 311 utmp_len = atoi(optarg); 312 if (utmp_len < 0) 313 utmp_len = -utmp_len; 314 if (utmp_len >= sizeof(remote_hostname)) 315 utmp_len = sizeof(remote_hostname) - 1; 316 break; 317 318 case 'U': 319 registerd_host_only = 1; 320 break; 321 322#ifdef AUTHENTICATION 323 case 'X': 324 /* 325 * Check for invalid authentication types 326 */ 327 auth_disable_name(optarg); 328 break; 329#endif /* AUTHENTICATION */ 330 331 case '4': 332 family = AF_INET; 333 break; 334 335#ifdef INET6 336 case '6': 337 family = AF_INET6; 338 break; 339#endif 340 341 default: 342 warnx("%c: unknown option", ch); 343 /* FALLTHROUGH */ 344 case '?': 345 usage(); 346 /* NOTREACHED */ 347 } 348 } 349 350 argc -= optind; 351 argv += optind; 352 353 if (debug) { 354 int s, ns, foo, error; 355 char *service = "telnet"; 356 struct addrinfo hints, *res; 357 358 if (argc > 1) { 359 usage(); 360 /* NOT REACHED */ 361 } else if (argc == 1) 362 service = *argv; 363 364 memset(&hints, 0, sizeof(hints)); 365 hints.ai_flags = AI_PASSIVE; 366 hints.ai_family = family; 367 hints.ai_socktype = SOCK_STREAM; 368 hints.ai_protocol = 0; 369 error = getaddrinfo(NULL, service, &hints, &res); 370 371 if (error) { 372 errx(1, "tcp/%s: %s\n", service, gai_strerror(error)); 373 if (error == EAI_SYSTEM) 374 errx(1, "tcp/%s: %s\n", service, strerror(errno)); 375 usage(); 376 } 377 378 s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); 379 if (s < 0) 380 err(1, "socket"); 381 (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, 382 (char *)&on, sizeof(on)); 383 if (bind(s, res->ai_addr, res->ai_addrlen) < 0) 384 err(1, "bind"); 385 if (listen(s, 1) < 0) 386 err(1, "listen"); 387 foo = res->ai_addrlen; 388 ns = accept(s, res->ai_addr, &foo); 389 if (ns < 0) 390 err(1, "accept"); 391 (void) dup2(ns, 0); 392 (void) close(ns); 393 (void) close(s); 394#ifdef convex 395 } else if (argc == 1) { 396 ; /* VOID*/ /* Just ignore the host/port name */ 397#endif 398 } else if (argc > 0) { 399 usage(); 400 /* NOT REACHED */ 401 } 402 403 openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON); 404 fromlen = sizeof (from); 405 if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { 406 warn("getpeername"); 407 _exit(1); 408 } 409 if (keepalive && 410 setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, 411 (char *)&on, sizeof (on)) < 0) { 412 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); 413 } 414 415#if defined(IPPROTO_IP) && defined(IP_TOS) 416 if (from.ss_family == AF_INET) { 417# if defined(HAS_GETTOS) 418 struct tosent *tp; 419 if (tos < 0 && (tp = gettosbyname("telnet", "tcp"))) 420 tos = tp->t_tos; 421# endif 422 if (tos < 0) 423 tos = 020; /* Low Delay bit */ 424 if (tos 425 && (setsockopt(0, IPPROTO_IP, IP_TOS, 426 (char *)&tos, sizeof(tos)) < 0) 427 && (errno != ENOPROTOOPT) ) 428 syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); 429 } 430#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ 431 net = 0; 432 doit((struct sockaddr *)&from); 433 /* NOTREACHED */ 434 return(0); 435} /* end of main */ 436 437 void 438usage() 439{ 440 fprintf(stderr, "usage: telnetd"); 441#ifdef AUTHENTICATION 442 fprintf(stderr, " [-a (debug|other|user|valid|off|none)]\n\t"); 443#endif 444#ifdef BFTPDAEMON 445 fprintf(stderr, " [-B]"); 446#endif 447 fprintf(stderr, " [-debug]"); 448#ifdef DIAGNOSTICS 449 fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t"); 450#endif 451#ifdef AUTHENTICATION 452 fprintf(stderr, " [-edebug]"); 453#endif 454 fprintf(stderr, " [-h]"); 455#if defined(LINEMODE) && defined(KLUDGELINEMODE) 456 fprintf(stderr, " [-k]"); 457#endif 458#ifdef LINEMODE 459 fprintf(stderr, " [-l]"); 460#endif 461 fprintf(stderr, " [-n]"); 462 fprintf(stderr, "\n\t"); 463#ifdef SecurID 464 fprintf(stderr, " [-s]"); 465#endif 466#ifdef HAS_GETTOS 467 fprintf(stderr, " [-S tos]"); 468#endif 469#ifdef AUTHENTICATION 470 fprintf(stderr, " [-X auth-type]"); 471#endif 472 fprintf(stderr, " [-u utmp_hostname_length] [-U]"); 473 fprintf(stderr, " [port]\n"); 474 exit(1); 475} 476 477/* 478 * getterminaltype 479 * 480 * Ask the other end to send along its terminal type and speed. 481 * Output is the variable terminaltype filled in. 482 */ 483static unsigned char ttytype_sbbuf[] = { 484 IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE 485}; 486 487 int 488getterminaltype(name) 489 char *name; 490{ 491 int retval = -1; 492 void _gettermname(); 493 494 settimer(baseline); 495#if defined(AUTHENTICATION) 496 /* 497 * Handle the Authentication option before we do anything else. 498 */ 499 send_do(TELOPT_AUTHENTICATION, 1); 500 while (his_will_wont_is_changing(TELOPT_AUTHENTICATION)) 501 ttloop(); 502 if (his_state_is_will(TELOPT_AUTHENTICATION)) { 503 retval = auth_wait(name); 504 } 505#endif 506 507#ifdef ENCRYPTION 508 send_will(TELOPT_ENCRYPT, 1); 509#endif /* ENCRYPTION */ 510 send_do(TELOPT_TTYPE, 1); 511 send_do(TELOPT_TSPEED, 1); 512 send_do(TELOPT_XDISPLOC, 1); 513 send_do(TELOPT_NEW_ENVIRON, 1); 514 send_do(TELOPT_OLD_ENVIRON, 1); 515 while ( 516#ifdef ENCRYPTION 517 his_do_dont_is_changing(TELOPT_ENCRYPT) || 518#endif /* ENCRYPTION */ 519 his_will_wont_is_changing(TELOPT_TTYPE) || 520 his_will_wont_is_changing(TELOPT_TSPEED) || 521 his_will_wont_is_changing(TELOPT_XDISPLOC) || 522 his_will_wont_is_changing(TELOPT_NEW_ENVIRON) || 523 his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) { 524 ttloop(); 525 } 526#ifdef ENCRYPTION 527 /* 528 * Wait for the negotiation of what type of encryption we can 529 * send with. If autoencrypt is not set, this will just return. 530 */ 531 if (his_state_is_will(TELOPT_ENCRYPT)) { 532 encrypt_wait(); 533 } 534#endif /* ENCRYPTION */ 535 if (his_state_is_will(TELOPT_TSPEED)) { 536 static unsigned char sb[] = 537 { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE }; 538 539 output_datalen(sb, sizeof sb); 540 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); 541 } 542 if (his_state_is_will(TELOPT_XDISPLOC)) { 543 static unsigned char sb[] = 544 { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE }; 545 546 output_datalen(sb, sizeof sb); 547 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); 548 } 549 if (his_state_is_will(TELOPT_NEW_ENVIRON)) { 550 static unsigned char sb[] = 551 { IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE }; 552 553 output_datalen(sb, sizeof sb); 554 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); 555 } 556 else if (his_state_is_will(TELOPT_OLD_ENVIRON)) { 557 static unsigned char sb[] = 558 { IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE }; 559 560 output_datalen(sb, sizeof sb); 561 DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); 562 } 563 if (his_state_is_will(TELOPT_TTYPE)) { 564 565 output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf); 566 DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2, 567 sizeof ttytype_sbbuf - 2);); 568 } 569 if (his_state_is_will(TELOPT_TSPEED)) { 570 while (sequenceIs(tspeedsubopt, baseline)) 571 ttloop(); 572 } 573 if (his_state_is_will(TELOPT_XDISPLOC)) { 574 while (sequenceIs(xdisplocsubopt, baseline)) 575 ttloop(); 576 } 577 if (his_state_is_will(TELOPT_NEW_ENVIRON)) { 578 while (sequenceIs(environsubopt, baseline)) 579 ttloop(); 580 } 581 if (his_state_is_will(TELOPT_OLD_ENVIRON)) { 582 while (sequenceIs(oenvironsubopt, baseline)) 583 ttloop(); 584 } 585 if (his_state_is_will(TELOPT_TTYPE)) { 586 char first[256], last[256]; 587 588 while (sequenceIs(ttypesubopt, baseline)) 589 ttloop(); 590 591 /* 592 * If the other side has already disabled the option, then 593 * we have to just go with what we (might) have already gotten. 594 */ 595 if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) { 596 (void) strncpy(first, terminaltype, sizeof(first)-1); 597 first[sizeof(first)-1] = '\0'; 598 for(;;) { 599 /* 600 * Save the unknown name, and request the next name. 601 */ 602 (void) strncpy(last, terminaltype, sizeof(last)-1); 603 last[sizeof(last)-1] = '\0'; 604 _gettermname(); 605 if (terminaltypeok(terminaltype)) 606 break; 607 if ((strncmp(last, terminaltype, sizeof(last)) == 0) || 608 his_state_is_wont(TELOPT_TTYPE)) { 609 /* 610 * We've hit the end. If this is the same as 611 * the first name, just go with it. 612 */ 613 if (strncmp(first, terminaltype, sizeof(first)) == 0) 614 break; 615 /* 616 * Get the terminal name one more time, so that 617 * RFC1091 compliant telnets will cycle back to 618 * the start of the list. 619 */ 620 _gettermname(); 621 if (strncmp(first, terminaltype, sizeof(first)) != 0) { 622 (void) strncpy(terminaltype, first, sizeof(terminaltype)-1); 623 terminaltype[sizeof(terminaltype)-1] = '\0'; 624 } 625 break; 626 } 627 } 628 } 629 } 630 return(retval); 631} /* end of getterminaltype */ 632 633 void 634_gettermname() 635{ 636 /* 637 * If the client turned off the option, 638 * we can't send another request, so we 639 * just return. 640 */ 641 if (his_state_is_wont(TELOPT_TTYPE)) 642 return; 643 settimer(baseline); 644 output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf); 645 DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2, 646 sizeof ttytype_sbbuf - 2);); 647 while (sequenceIs(ttypesubopt, baseline)) 648 ttloop(); 649} 650 651 int 652terminaltypeok(s) 653 char *s; 654{ 655 char buf[1024]; 656 657 if (terminaltype == NULL) 658 return(1); 659 660 /* 661 * tgetent() will return 1 if the type is known, and 662 * 0 if it is not known. If it returns -1, it couldn't 663 * open the database. But if we can't open the database, 664 * it won't help to say we failed, because we won't be 665 * able to verify anything else. So, we treat -1 like 1. 666 */ 667 if (tgetent(buf, s) == 0) 668 return(0); 669 return(1); 670} 671 672#ifndef MAXHOSTNAMELEN 673#define MAXHOSTNAMELEN 256 674#endif /* MAXHOSTNAMELEN */ 675 676char *hostname; 677char host_name[MAXHOSTNAMELEN]; 678 679extern void telnet P((int, int, char *)); 680 681int level; 682char user_name[256]; 683/* 684 * Get a pty, scan input lines. 685 */ 686 void 687doit(who) 688 struct sockaddr *who; 689{ 690 int err; 691 int ptynum; 692 693 /* 694 * Find an available pty to use. 695 */ 696#ifndef convex 697 pty = getpty(&ptynum); 698 if (pty < 0) 699 fatal(net, "All network ports in use"); 700#else 701 for (;;) { 702 char *lp; 703 704 if ((lp = getpty()) == NULL) 705 fatal(net, "Out of ptys"); 706 707 if ((pty = open(lp, 2)) >= 0) { 708 strlcpy(line,lp,sizeof(line)); 709 line[5] = 't'; 710 break; 711 } 712 } 713#endif 714 715 /* get name of connected client */ 716 if (realhostname_sa(remote_hostname, sizeof(remote_hostname) - 1, 717 who, who->sa_len) == HOSTNAME_INVALIDADDR && registerd_host_only) 718 fatal(net, "Couldn't resolve your address into a host name.\r\n\ 719 Please contact your net administrator"); 720 remote_hostname[sizeof(remote_hostname) - 1] = '\0'; 721 722 trimdomain(remote_hostname, UT_HOSTSIZE); 723 if (!isdigit(remote_hostname[0]) && strlen(remote_hostname) > utmp_len) 724 err = getnameinfo(who, who->sa_len, remote_hostname, 725 sizeof(remote_hostname), NULL, 0, 726 NI_NUMERICHOST|NI_WITHSCOPEID); 727 /* XXX: do 'err' check */ 728 729 (void) gethostname(host_name, sizeof(host_name) - 1); 730 host_name[sizeof(host_name) - 1] = '\0'; 731 hostname = host_name; 732 733#if defined(AUTHENTICATION) || defined(ENCRYPTION) 734 auth_encrypt_init(hostname, remote_hostname, "TELNETD", 1); 735#endif 736 737 init_env(); 738 /* 739 * get terminal type. 740 */ 741 *user_name = 0; 742 level = getterminaltype(user_name); 743 setenv("TERM", terminaltype ? terminaltype : "network", 1); 744 745 telnet(net, pty, remote_hostname); /* begin server process */ 746 747 /*NOTREACHED*/ 748} /* end of doit */ 749 750/* 751 * Main loop. Select from pty and network, and 752 * hand data to telnet receiver finite state machine. 753 */ 754 void 755telnet(f, p, host) 756 int f, p; 757 char *host; 758{ 759 int on = 1; 760#define TABBUFSIZ 512 761 char defent[TABBUFSIZ]; 762 char defstrs[TABBUFSIZ]; 763#undef TABBUFSIZ 764 char *HE; 765 char *HN; 766 char *IM; 767 int nfd; 768 769 /* 770 * Initialize the slc mapping table. 771 */ 772 get_slc_defaults(); 773 774 /* 775 * Do some tests where it is desireable to wait for a response. 776 * Rather than doing them slowly, one at a time, do them all 777 * at once. 778 */ 779 if (my_state_is_wont(TELOPT_SGA)) 780 send_will(TELOPT_SGA, 1); 781 /* 782 * Is the client side a 4.2 (NOT 4.3) system? We need to know this 783 * because 4.2 clients are unable to deal with TCP urgent data. 784 * 785 * To find out, we send out a "DO ECHO". If the remote system 786 * answers "WILL ECHO" it is probably a 4.2 client, and we note 787 * that fact ("WILL ECHO" ==> that the client will echo what 788 * WE, the server, sends it; it does NOT mean that the client will 789 * echo the terminal input). 790 */ 791 send_do(TELOPT_ECHO, 1); 792 793#ifdef LINEMODE 794 if (his_state_is_wont(TELOPT_LINEMODE)) { 795 /* Query the peer for linemode support by trying to negotiate 796 * the linemode option. 797 */ 798 linemode = 0; 799 editmode = 0; 800 send_do(TELOPT_LINEMODE, 1); /* send do linemode */ 801 } 802#endif /* LINEMODE */ 803 804 /* 805 * Send along a couple of other options that we wish to negotiate. 806 */ 807 send_do(TELOPT_NAWS, 1); 808 send_will(TELOPT_STATUS, 1); 809 flowmode = 1; /* default flow control state */ 810 restartany = -1; /* uninitialized... */ 811 send_do(TELOPT_LFLOW, 1); 812 813 /* 814 * Spin, waiting for a response from the DO ECHO. However, 815 * some REALLY DUMB telnets out there might not respond 816 * to the DO ECHO. So, we spin looking for NAWS, (most dumb 817 * telnets so far seem to respond with WONT for a DO that 818 * they don't understand...) because by the time we get the 819 * response, it will already have processed the DO ECHO. 820 * Kludge upon kludge. 821 */ 822 while (his_will_wont_is_changing(TELOPT_NAWS)) 823 ttloop(); 824 825 /* 826 * But... 827 * The client might have sent a WILL NAWS as part of its 828 * startup code; if so, we'll be here before we get the 829 * response to the DO ECHO. We'll make the assumption 830 * that any implementation that understands about NAWS 831 * is a modern enough implementation that it will respond 832 * to our DO ECHO request; hence we'll do another spin 833 * waiting for the ECHO option to settle down, which is 834 * what we wanted to do in the first place... 835 */ 836 if (his_want_state_is_will(TELOPT_ECHO) && 837 his_state_is_will(TELOPT_NAWS)) { 838 while (his_will_wont_is_changing(TELOPT_ECHO)) 839 ttloop(); 840 } 841 /* 842 * On the off chance that the telnet client is broken and does not 843 * respond to the DO ECHO we sent, (after all, we did send the 844 * DO NAWS negotiation after the DO ECHO, and we won't get here 845 * until a response to the DO NAWS comes back) simulate the 846 * receipt of a will echo. This will also send a WONT ECHO 847 * to the client, since we assume that the client failed to 848 * respond because it believes that it is already in DO ECHO 849 * mode, which we do not want. 850 */ 851 if (his_want_state_is_will(TELOPT_ECHO)) { 852 DIAG(TD_OPTIONS, output_data("td: simulating recv\r\n")); 853 willoption(TELOPT_ECHO); 854 } 855 856 /* 857 * Finally, to clean things up, we turn on our echo. This 858 * will break stupid 4.2 telnets out of local terminal echo. 859 */ 860 861 if (my_state_is_wont(TELOPT_ECHO)) 862 send_will(TELOPT_ECHO, 1); 863 864#ifndef STREAMSPTY 865 /* 866 * Turn on packet mode 867 */ 868 (void) ioctl(p, TIOCPKT, (char *)&on); 869#endif 870 871#if defined(LINEMODE) && defined(KLUDGELINEMODE) 872 /* 873 * Continuing line mode support. If client does not support 874 * real linemode, attempt to negotiate kludge linemode by sending 875 * the do timing mark sequence. 876 */ 877 if (lmodetype < REAL_LINEMODE) 878 send_do(TELOPT_TM, 1); 879#endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */ 880 881 /* 882 * Call telrcv() once to pick up anything received during 883 * terminal type negotiation, 4.2/4.3 determination, and 884 * linemode negotiation. 885 */ 886 telrcv(); 887 888 (void) ioctl(f, FIONBIO, (char *)&on); 889 (void) ioctl(p, FIONBIO, (char *)&on); 890 891#if defined(SO_OOBINLINE) 892 (void) setsockopt(net, SOL_SOCKET, SO_OOBINLINE, 893 (char *)&on, sizeof on); 894#endif /* defined(SO_OOBINLINE) */ 895 896#ifdef SIGTSTP 897 (void) signal(SIGTSTP, SIG_IGN); 898#endif 899#ifdef SIGTTOU 900 /* 901 * Ignoring SIGTTOU keeps the kernel from blocking us 902 * in ttioct() in /sys/tty.c. 903 */ 904 (void) signal(SIGTTOU, SIG_IGN); 905#endif 906 907 (void) signal(SIGCHLD, cleanup); 908 909#ifdef TIOCNOTTY 910 { 911 register int t; 912 t = open(_PATH_TTY, O_RDWR); 913 if (t >= 0) { 914 (void) ioctl(t, TIOCNOTTY, (char *)0); 915 (void) close(t); 916 } 917 } 918#endif 919 920 /* 921 * Show banner that getty never gave. 922 * 923 * We put the banner in the pty input buffer. This way, it 924 * gets carriage return null processing, etc., just like all 925 * other pty --> client data. 926 */ 927 928 if (getent(defent, "default") == 1) { 929 char *Getstr(); 930 char *cp=defstrs; 931 932 HE = Getstr("he", &cp); 933 HN = Getstr("hn", &cp); 934 IM = Getstr("im", &cp); 935 if (HN && *HN) 936 (void) strlcpy(host_name, HN, sizeof(host_name)); 937 if (IM == 0) 938 IM = ""; 939 } else { 940 IM = DEFAULT_IM; 941 HE = 0; 942 } 943 edithost(HE, host_name); 944 if (hostinfo && *IM) 945 putf(IM, ptyibuf2); 946 947 if (pcc) 948 (void) strncat(ptyibuf2, ptyip, pcc+1); 949 ptyip = ptyibuf2; 950 pcc = strlen(ptyip); 951#ifdef LINEMODE 952 /* 953 * Last check to make sure all our states are correct. 954 */ 955 init_termbuf(); 956 localstat(); 957#endif /* LINEMODE */ 958 959 DIAG(TD_REPORT, output_data("td: Entering processing loop\r\n")); 960 961 /* 962 * Startup the login process on the slave side of the terminal 963 * now. We delay this until here to insure option negotiation 964 * is complete. 965 */ 966 startslave(host, level, user_name); 967 968 nfd = ((f > p) ? f : p) + 1; 969 for (;;) { 970 fd_set ibits, obits, xbits; 971 register int c; 972 973 if (ncc < 0 && pcc < 0) 974 break; 975 976 FD_ZERO(&ibits); 977 FD_ZERO(&obits); 978 FD_ZERO(&xbits); 979 /* 980 * Never look for input if there's still 981 * stuff in the corresponding output buffer 982 */ 983 if (nfrontp - nbackp || pcc > 0) { 984 FD_SET(f, &obits); 985 } else { 986 FD_SET(p, &ibits); 987 } 988 if (pfrontp - pbackp || ncc > 0) { 989 FD_SET(p, &obits); 990 } else { 991 FD_SET(f, &ibits); 992 } 993 if (!SYNCHing) { 994 FD_SET(f, &xbits); 995 } 996 if ((c = select(nfd, &ibits, &obits, &xbits, 997 (struct timeval *)0)) < 1) { 998 if (c == -1) { 999 if (errno == EINTR) { 1000 continue; 1001 } 1002 } 1003 sleep(5); 1004 continue; 1005 } 1006 1007 /* 1008 * Any urgent data? 1009 */ 1010 if (FD_ISSET(net, &xbits)) { 1011 SYNCHing = 1; 1012 } 1013 1014 /* 1015 * Something to read from the network... 1016 */ 1017 if (FD_ISSET(net, &ibits)) { 1018#if !defined(SO_OOBINLINE) 1019 /* 1020 * In 4.2 (and 4.3 beta) systems, the 1021 * OOB indication and data handling in the kernel 1022 * is such that if two separate TCP Urgent requests 1023 * come in, one byte of TCP data will be overlaid. 1024 * This is fatal for Telnet, but we try to live 1025 * with it. 1026 * 1027 * In addition, in 4.2 (and...), a special protocol 1028 * is needed to pick up the TCP Urgent data in 1029 * the correct sequence. 1030 * 1031 * What we do is: if we think we are in urgent 1032 * mode, we look to see if we are "at the mark". 1033 * If we are, we do an OOB receive. If we run 1034 * this twice, we will do the OOB receive twice, 1035 * but the second will fail, since the second 1036 * time we were "at the mark", but there wasn't 1037 * any data there (the kernel doesn't reset 1038 * "at the mark" until we do a normal read). 1039 * Once we've read the OOB data, we go ahead 1040 * and do normal reads. 1041 * 1042 * There is also another problem, which is that 1043 * since the OOB byte we read doesn't put us 1044 * out of OOB state, and since that byte is most 1045 * likely the TELNET DM (data mark), we would 1046 * stay in the TELNET SYNCH (SYNCHing) state. 1047 * So, clocks to the rescue. If we've "just" 1048 * received a DM, then we test for the 1049 * presence of OOB data when the receive OOB 1050 * fails (and AFTER we did the normal mode read 1051 * to clear "at the mark"). 1052 */ 1053 if (SYNCHing) { 1054 int atmark; 1055 1056 (void) ioctl(net, SIOCATMARK, (char *)&atmark); 1057 if (atmark) { 1058 ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB); 1059 if ((ncc == -1) && (errno == EINVAL)) { 1060 ncc = read(net, netibuf, sizeof (netibuf)); 1061 if (sequenceIs(didnetreceive, gotDM)) { 1062 SYNCHing = stilloob(net); 1063 } 1064 } 1065 } else { 1066 ncc = read(net, netibuf, sizeof (netibuf)); 1067 } 1068 } else { 1069 ncc = read(net, netibuf, sizeof (netibuf)); 1070 } 1071 settimer(didnetreceive); 1072#else /* !defined(SO_OOBINLINE)) */ 1073 ncc = read(net, netibuf, sizeof (netibuf)); 1074#endif /* !defined(SO_OOBINLINE)) */ 1075 if (ncc < 0 && errno == EWOULDBLOCK) 1076 ncc = 0; 1077 else { 1078 if (ncc <= 0) { 1079 break; 1080 } 1081 netip = netibuf; 1082 } 1083 DIAG((TD_REPORT | TD_NETDATA), 1084 output_data("td: netread %d chars\r\n", ncc)); 1085 DIAG(TD_NETDATA, printdata("nd", netip, ncc)); 1086 } 1087 1088 /* 1089 * Something to read from the pty... 1090 */ 1091 if (FD_ISSET(p, &ibits)) { 1092#ifndef STREAMSPTY 1093 pcc = read(p, ptyibuf, BUFSIZ); 1094#else 1095 pcc = readstream(p, ptyibuf, BUFSIZ); 1096#endif 1097 /* 1098 * On some systems, if we try to read something 1099 * off the master side before the slave side is 1100 * opened, we get EIO. 1101 */ 1102 if (pcc < 0 && (errno == EWOULDBLOCK || 1103#ifdef EAGAIN 1104 errno == EAGAIN || 1105#endif 1106 errno == EIO)) { 1107 pcc = 0; 1108 } else { 1109 if (pcc <= 0) 1110 break; 1111#ifdef LINEMODE 1112 /* 1113 * If ioctl from pty, pass it through net 1114 */ 1115 if (ptyibuf[0] & TIOCPKT_IOCTL) { 1116 copy_termbuf(ptyibuf+1, pcc-1); 1117 localstat(); 1118 pcc = 1; 1119 } 1120#endif /* LINEMODE */ 1121 if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) { 1122 netclear(); /* clear buffer back */ 1123#ifndef NO_URGENT 1124 /* 1125 * There are client telnets on some 1126 * operating systems get screwed up 1127 * royally if we send them urgent 1128 * mode data. 1129 */ 1130 output_data("%c%c", IAC, DM); 1131 neturg = nfrontp-1; /* off by one XXX */ 1132 DIAG(TD_OPTIONS, 1133 printoption("td: send IAC", DM)); 1134 1135#endif 1136 } 1137 if (his_state_is_will(TELOPT_LFLOW) && 1138 (ptyibuf[0] & 1139 (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) { 1140 int newflow = 1141 ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0; 1142 if (newflow != flowmode) { 1143 flowmode = newflow; 1144 output_data("%c%c%c%c%c%c", 1145 IAC, SB, TELOPT_LFLOW, 1146 flowmode ? LFLOW_ON 1147 : LFLOW_OFF, 1148 IAC, SE); 1149 DIAG(TD_OPTIONS, printsub('>', 1150 (unsigned char *)nfrontp-4, 1151 4);); 1152 } 1153 } 1154 pcc--; 1155 ptyip = ptyibuf+1; 1156 } 1157 } 1158 1159 while (pcc > 0) { 1160 if ((&netobuf[BUFSIZ] - nfrontp) < 2) 1161 break; 1162 c = *ptyip++ & 0377, pcc--; 1163 if (c == IAC) 1164 output_data("%c", c); 1165 output_data("%c", c); 1166 if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) { 1167 if (pcc > 0 && ((*ptyip & 0377) == '\n')) { 1168 output_data("%c", *ptyip++ & 0377); 1169 pcc--; 1170 } else 1171 output_data("%c", '\0'); 1172 } 1173 } 1174 1175 if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0) 1176 netflush(); 1177 if (ncc > 0) 1178 telrcv(); 1179 if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0) 1180 ptyflush(); 1181 } 1182 cleanup(0); 1183} /* end of telnet */ 1184 1185#ifndef TCSIG 1186# ifdef TIOCSIG 1187# define TCSIG TIOCSIG 1188# endif 1189#endif 1190 1191#ifdef STREAMSPTY 1192 1193int flowison = -1; /* current state of flow: -1 is unknown */ 1194 1195int readstream(p, ibuf, bufsize) 1196 int p; 1197 char *ibuf; 1198 int bufsize; 1199{ 1200 int flags = 0; 1201 int ret = 0; 1202 struct termios *tsp; 1203 struct termio *tp; 1204 struct iocblk *ip; 1205 char vstop, vstart; 1206 int ixon; 1207 int newflow; 1208 1209 strbufc.maxlen = BUFSIZ; 1210 strbufc.buf = (char *)ctlbuf; 1211 strbufd.maxlen = bufsize-1; 1212 strbufd.len = 0; 1213 strbufd.buf = ibuf+1; 1214 ibuf[0] = 0; 1215 1216 ret = getmsg(p, &strbufc, &strbufd, &flags); 1217 if (ret < 0) /* error of some sort -- probably EAGAIN */ 1218 return(-1); 1219 1220 if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) { 1221 /* data message */ 1222 if (strbufd.len > 0) { /* real data */ 1223 return(strbufd.len + 1); /* count header char */ 1224 } else { 1225 /* nothing there */ 1226 errno = EAGAIN; 1227 return(-1); 1228 } 1229 } 1230 1231 /* 1232 * It's a control message. Return 1, to look at the flag we set 1233 */ 1234 1235 switch (ctlbuf[0]) { 1236 case M_FLUSH: 1237 if (ibuf[1] & FLUSHW) 1238 ibuf[0] = TIOCPKT_FLUSHWRITE; 1239 return(1); 1240 1241 case M_IOCTL: 1242 ip = (struct iocblk *) (ibuf+1); 1243 1244 switch (ip->ioc_cmd) { 1245 case TCSETS: 1246 case TCSETSW: 1247 case TCSETSF: 1248 tsp = (struct termios *) 1249 (ibuf+1 + sizeof(struct iocblk)); 1250 vstop = tsp->c_cc[VSTOP]; 1251 vstart = tsp->c_cc[VSTART]; 1252 ixon = tsp->c_iflag & IXON; 1253 break; 1254 case TCSETA: 1255 case TCSETAW: 1256 case TCSETAF: 1257 tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk)); 1258 vstop = tp->c_cc[VSTOP]; 1259 vstart = tp->c_cc[VSTART]; 1260 ixon = tp->c_iflag & IXON; 1261 break; 1262 default: 1263 errno = EAGAIN; 1264 return(-1); 1265 } 1266 1267 newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0; 1268 if (newflow != flowison) { /* it's a change */ 1269 flowison = newflow; 1270 ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP; 1271 return(1); 1272 } 1273 } 1274 1275 /* nothing worth doing anything about */ 1276 errno = EAGAIN; 1277 return(-1); 1278} 1279#endif /* STREAMSPTY */ 1280 1281/* 1282 * Send interrupt to process on other side of pty. 1283 * If it is in raw mode, just write NULL; 1284 * otherwise, write intr char. 1285 */ 1286 void 1287interrupt() 1288{ 1289 ptyflush(); /* half-hearted */ 1290 1291#if defined(STREAMSPTY) && defined(TIOCSIGNAL) 1292 /* Streams PTY style ioctl to post a signal */ 1293 { 1294 int sig = SIGINT; 1295 (void) ioctl(pty, TIOCSIGNAL, &sig); 1296 (void) ioctl(pty, I_FLUSH, FLUSHR); 1297 } 1298#else 1299#ifdef TCSIG 1300 (void) ioctl(pty, TCSIG, (char *)SIGINT); 1301#else /* TCSIG */ 1302 init_termbuf(); 1303 *pfrontp++ = slctab[SLC_IP].sptr ? 1304 (unsigned char)*slctab[SLC_IP].sptr : '\177'; 1305#endif /* TCSIG */ 1306#endif 1307} 1308 1309/* 1310 * Send quit to process on other side of pty. 1311 * If it is in raw mode, just write NULL; 1312 * otherwise, write quit char. 1313 */ 1314 void 1315sendbrk() 1316{ 1317 ptyflush(); /* half-hearted */ 1318#ifdef TCSIG 1319 (void) ioctl(pty, TCSIG, (char *)SIGQUIT); 1320#else /* TCSIG */ 1321 init_termbuf(); 1322 *pfrontp++ = slctab[SLC_ABORT].sptr ? 1323 (unsigned char)*slctab[SLC_ABORT].sptr : '\034'; 1324#endif /* TCSIG */ 1325} 1326 1327 void 1328sendsusp() 1329{ 1330#ifdef SIGTSTP 1331 ptyflush(); /* half-hearted */ 1332# ifdef TCSIG 1333 (void) ioctl(pty, TCSIG, (char *)SIGTSTP); 1334# else /* TCSIG */ 1335 *pfrontp++ = slctab[SLC_SUSP].sptr ? 1336 (unsigned char)*slctab[SLC_SUSP].sptr : '\032'; 1337# endif /* TCSIG */ 1338#endif /* SIGTSTP */ 1339} 1340 1341/* 1342 * When we get an AYT, if ^T is enabled, use that. Otherwise, 1343 * just send back "[Yes]". 1344 */ 1345 void 1346recv_ayt() 1347{ 1348#if defined(SIGINFO) && defined(TCSIG) 1349 if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) { 1350 (void) ioctl(pty, TCSIG, (char *)SIGINFO); 1351 return; 1352 } 1353#endif 1354 output_data("\r\n[Yes]\r\n"); 1355} 1356 1357 void 1358doeof() 1359{ 1360 init_termbuf(); 1361 1362#if defined(LINEMODE) && defined(USE_TERMIO) && (VEOF == VMIN) 1363 if (!tty_isediting()) { 1364 extern char oldeofc; 1365 *pfrontp++ = oldeofc; 1366 return; 1367 } 1368#endif 1369 *pfrontp++ = slctab[SLC_EOF].sptr ? 1370 (unsigned char)*slctab[SLC_EOF].sptr : '\004'; 1371} 1372