diff options
author | Michael Hanson <hansonorders@verizon.net> | 2010-12-08 21:04:21 (GMT) |
---|---|---|
committer | Michael Hanson <hansonorders@verizon.net> | 2010-12-08 21:04:21 (GMT) |
commit | 8084aca8649eb7e20f638bfe2ba683647cea3141 (patch) | |
tree | 71d012ba2261fab33e45b59d641712ea1eeea68b /abs/core/netkit-telnet-ssl | |
parent | 95deb5093af2b3f89d83a7a9ecc4a0811db8eadc (diff) | |
download | linhes_pkgbuild-8084aca8649eb7e20f638bfe2ba683647cea3141.zip linhes_pkgbuild-8084aca8649eb7e20f638bfe2ba683647cea3141.tar.gz linhes_pkgbuild-8084aca8649eb7e20f638bfe2ba683647cea3141.tar.bz2 |
netkit-telnet-ssl: formerly netkit-telnet, upgrade
Diffstat (limited to 'abs/core/netkit-telnet-ssl')
-rw-r--r-- | abs/core/netkit-telnet-ssl/PKGBUILD | 33 | ||||
-rw-r--r-- | abs/core/netkit-telnet-ssl/netkit-telnet-ssl-0.17.24+0.1_arch.diff | 2591 | ||||
-rw-r--r-- | abs/core/netkit-telnet-ssl/netkit-telnet-ssl.install | 5 | ||||
-rw-r--r-- | abs/core/netkit-telnet-ssl/telnet.xinetd | 10 |
4 files changed, 2639 insertions, 0 deletions
diff --git a/abs/core/netkit-telnet-ssl/PKGBUILD b/abs/core/netkit-telnet-ssl/PKGBUILD new file mode 100644 index 0000000..37fb577 --- /dev/null +++ b/abs/core/netkit-telnet-ssl/PKGBUILD @@ -0,0 +1,33 @@ +# Maintainer: <alexandre.becoulet@free.fr> +# Contributor: <netbug@ftp.uk.linux.org> +# Contributor: Fluke <fluke.l at gmail.com> +pkgname=netkit-telnet-ssl +pkgver=0.17.24+0.1 +pkgrel=2 +pkgdesc="telnet client and server with ssl enabled" +arch=('i686' 'x86_64') +license=('BSD') +url=("http://www.hcs.harvard.edu/~dholland/computers/netkit.html") +source=(http://ftp.de.debian.org/debian/pool/main/n/${pkgname}/${pkgname}_${pkgver}.orig.tar.gz + netkit-telnet-ssl-0.17.24+0.1_arch.diff + telnet.xinetd) +depends=('glibc' 'openssl' 'ncurses') +replaces=('netkit-telnet') +md5sums=('43a402139ed6b86434fdb83256feaad8' + 'd51bf898269a79a2de77d1134516c209' + 'ca38af6f1346ae90b2cb1e160858b453') +install=netkit-telnet-ssl.install + +build() { + cd ${srcdir}/${pkgname}-${pkgver}.orig + patch -p1 < ../netkit-telnet-ssl-0.17.24+0.1_arch.diff + ./configure --prefix=/usr --installroot=${pkgdir} + make || return 1 +} +package() { + cd ${srcdir}/${pkgname}-${pkgver}.orig + mkdir -p ${pkgdir}/usr/{bin,sbin,man/man1,man/man5,man/man8} ${pkgdir}/etc/xinetd.d + + make install || return 1 + install -m644 ${srcdir}/telnet.xinetd ${pkgdir}/etc/xinetd.d/telnet-ssl +} diff --git a/abs/core/netkit-telnet-ssl/netkit-telnet-ssl-0.17.24+0.1_arch.diff b/abs/core/netkit-telnet-ssl/netkit-telnet-ssl-0.17.24+0.1_arch.diff new file mode 100644 index 0000000..17b3c3c --- /dev/null +++ b/abs/core/netkit-telnet-ssl/netkit-telnet-ssl-0.17.24+0.1_arch.diff @@ -0,0 +1,2591 @@ +Only in netkit-telnet-ssl-0.17.24+0.1: debian +diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth.c +--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth.c 2004-05-27 11:47:25.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth.c 2010-05-11 13:44:40.190322666 +0200 +@@ -37,6 +37,9 @@ + */ + + #ifndef lint ++#ifdef __GNUC__ ++__attribute__ ((unused)) ++#endif /* __GNUC__ */ + static char sccsid[] = "@(#)auth.c 5.2 (Berkeley) 3/22/91"; + #endif /* not lint */ + +@@ -83,8 +86,11 @@ + + #define typemask(x) (1<<((x)-1)) + ++int auth_onoff(const char *type, int on); ++ ++ + int auth_debug_mode = 0; +-static char *Name = "Noname"; ++static const char *Name = "Noname"; + static int Server = 0; + static Authenticator *authenticated = 0; + static int authenticating = 0; +@@ -170,7 +176,7 @@ + + void + auth_init(name, server) +- char *name; ++ const char *name; + int server; + { + Authenticator *ap = authenticators; +@@ -241,7 +247,7 @@ + + int + auth_onoff(type, on) +- char *type; ++ const char *type; + int on; + { + int i, mask = -1; +@@ -335,7 +341,7 @@ + } + *e++ = IAC; + *e++ = SE; +- writenet(str_request, e - str_request); ++ writenet((char *) str_request, e - str_request); + printsub('>', &str_request[2], e - str_request - 2); + } + } +@@ -424,7 +430,7 @@ + } + auth_send_data += 2; + } +- writenet(str_none, sizeof(str_none)); ++ writenet((char *) str_none, sizeof(str_none)); + printsub('>', &str_none[2], sizeof(str_none) - 2); + if (auth_debug_mode) + printf(">>>%s: Sent failure message\r\n", Name); +@@ -456,7 +462,7 @@ + return; + } + +- if (ap = findauthenticator(data[0], data[1])) { ++ if ((ap = findauthenticator(data[0], data[1]))) { + if (ap->is) + (*ap->is)(ap, data+2, cnt-2); + } else if (auth_debug_mode) +@@ -474,7 +480,7 @@ + if (cnt < 2) + return; + +- if (ap = findauthenticator(data[0], data[1])) { ++ if ((ap = findauthenticator(data[0], data[1]))) { + if (ap->reply) + (*ap->reply)(ap, data+2, cnt-2); + } else if (auth_debug_mode) +@@ -487,7 +493,7 @@ + unsigned char *data; + int cnt; + { +- Authenticator *ap; ++ /* Authenticator *ap; */ + unsigned char savename[256]; + + if (cnt < 1) { +@@ -505,7 +511,7 @@ + savename[cnt] = '\0'; /* Null terminate */ + if (auth_debug_mode) + printf(">>>%s: Got NAME [%s]\r\n", Name, savename); +- auth_encrypt_user(savename); ++ auth_encrypt_user((char *)savename); + } + + int +@@ -526,7 +532,7 @@ + } + *e++ = IAC; + *e++ = SE; +- writenet(str_request, e - str_request); ++ writenet((char *) str_request, e - str_request); + printsub('>', &str_request[2], e - &str_request[2]); + return(1); + } +@@ -542,6 +548,9 @@ + } + + /* ARGSUSED */ ++#ifdef __GNUC__ ++__attribute__ ((used)) ++#endif /* __GNUC__ */ + static void + auth_intr(sig) + int sig; +diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth-proto.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth-proto.h +--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth-proto.h 2004-05-27 11:47:25.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth-proto.h 2010-05-11 13:44:40.183654321 +0200 +@@ -68,7 +68,7 @@ + #if defined(AUTHENTICATE) + Authenticator *findauthenticator P((int, int)); + +-void auth_init P((char *, int)); ++void auth_init P((const char *, int)); + int auth_cmd P((int, char **)); + void auth_request P((void)); + void auth_send P((unsigned char *, int)); +@@ -123,7 +123,9 @@ + int auth_ssl_status P((Authenticator *, char *, int)); + void auth_ssl_printsub P((unsigned char *, int, unsigned char *, int)); + #endif /* USE_SSL */ +- ++ ++extern void printsub P((char, unsigned char *, int)); ++extern int writenet P((char *, int)); + #endif + #ifdef __cplusplus + } +diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/Makefile +--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/Makefile 2004-05-27 11:47:25.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/Makefile 2010-05-11 13:45:28.073664102 +0200 +@@ -15,5 +15,8 @@ + ranlib lib${LIB}.a; \ + fi; + ++install: ++ @echo "nothing to be installed from libtelnet" ++ + clean: + rm -f *.o lib${LIB}.a +diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc.c +--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc.c 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc.c 2010-05-11 13:44:40.190322666 +0200 +@@ -32,6 +32,9 @@ + */ + + #ifndef lint ++#ifdef __GNUC__ ++__attribute__ ((unused)) ++#endif /* __GNUC__ */ + static char sccsid[] = "@(#)misc.c 5.1 (Berkeley) 2/28/91"; + #endif /* not lint */ + +@@ -54,7 +57,12 @@ + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + ++#include <stdio.h> ++#include <stdlib.h> ++ + #include "misc.h" ++#include "auth.h" ++#include "auth-proto.h" + + char *RemoteHostName; + char *LocalHostName; +@@ -65,7 +73,7 @@ + auth_encrypt_init(local, remote, name, server) + char *local; + char *remote; +- char *name; ++ const char *name; + int server; + { + RemoteHostName = remote; +diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc-proto.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc-proto.h +--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc-proto.h 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc-proto.h 2010-05-11 13:44:40.190322666 +0200 +@@ -68,7 +68,7 @@ + extern "C" { + #endif + +-void auth_encrypt_init P((char *, char *, char *, int)); ++void auth_encrypt_init P((char *, char *, const char *, int)); + void auth_encrypt_connect P((int)); + void auth_encrypt_user P((const char *name)); + void printd P((unsigned char *, int)); +diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/sslapp.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/sslapp.h +--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/sslapp.h 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/sslapp.h 2010-05-11 13:44:40.200330208 +0200 +@@ -45,6 +45,7 @@ + #include "x509.h" + #include "ssl.h" + #define OLDPROTO NOPROTO ++#undef NOPROTO + #define NOPROTO + #include "err.h" + #undef NOPROTO +@@ -72,7 +73,7 @@ + /* we hide all the initialisation code in a separate file now */ + extern int do_ssleay_init(int server); + +-extern int display_connect_details(SSL *ssl_con, int verbose); ++extern void display_connect_details(SSL *ssl_con, int verbose); + extern int server_verify_callback(); + extern int client_verify_callback(); + +diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/ssl.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/ssl.c +--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/ssl.c 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/ssl.c 2010-05-11 13:44:40.200330208 +0200 +@@ -47,6 +47,9 @@ + #include <string.h> + #endif + ++#include <unistd.h> ++#include <openssl/err.h> ++ + #include "auth.h" + #include "misc.h" + +@@ -91,11 +94,12 @@ + #define VERIFY_ROOT_OK VERIFY_OK + #endif + ++extern int netflush(void); ++ + extern int auth_debug_mode; +-static auth_ssl_valid = 0; ++static int auth_ssl_valid = 0; + static char *auth_ssl_name = 0; /* this holds the oneline name */ + +-extern BIO *bio_err; + extern int ssl_only_flag; + extern int ssl_debug_flag; + extern int ssl_active_flag; +@@ -120,6 +124,9 @@ + + BIO *bio_err=NULL; + ++int auth_failed=0; ++ ++ + /* compile this set to 1 to negotiate SSL but not actually start it */ + static int ssl_dummy_flag=0; + +@@ -135,7 +142,7 @@ + * telnet connect if we are talking straight ssl with no telnet + * protocol --tjh + */ +-int ++void + display_connect_details(ssl_con,verbose) + SSL *ssl_con; + int verbose; +@@ -152,7 +159,7 @@ + /* grab the full list of ciphers */ + i=0; + buf[0]='\0'; +- while((p=SSL_get_cipher_list(ssl_con,i++))!=NULL) { ++ while((p=(char *)SSL_get_cipher_list(ssl_con,i++))!=NULL) { + if (i>0) + strcat(buf,":"); + strcat(buf,p); +@@ -230,7 +237,7 @@ + *p++ = SE; + if (str_data[3] == TELQUAL_IS) + printsub('>', &str_data[2], p - (&str_data[2])); +- return(writenet(str_data, p - str_data)); ++ return(writenet((char *) str_data, p - str_data)); + } + + int auth_ssl_init(ap, server) +@@ -280,7 +287,7 @@ + unsigned char *data; + int cnt; + { +- int valid; ++ /* int valid; */ + + if (cnt-- < 1) + return; +@@ -364,7 +371,7 @@ + unsigned char *data; + int cnt; + { +- int i; ++ /* int i; */ + int status; + + if (cnt-- < 1) +@@ -389,16 +396,13 @@ + SSL_set_verify(ssl_con,ssl_verify_flag, + client_verify_callback); + if ((status = SSL_connect(ssl_con)) <= 0) { +- fprintf(stderr,"[SSL - FAILED (%d)]\r\n", status); +- fflush(stderr); +- +- perror("telnet: Unable to ssl_connect to remote host"); ++ auth_finished(0,AUTH_REJECT); + ++ fprintf(stderr,"[SSL - FAILED (%d)]\r\n", status); ++ fprintf(stderr,"telnet: Unable to ssl_connect to remote host\n"); + ERR_print_errors(bio_err); +- +- /* don't know what I "should" be doing here ... */ +- +- auth_finished(0,AUTH_REJECT); ++ fflush(stderr); ++ auth_failed=1; + return; + } else { + +@@ -452,7 +456,7 @@ + */ + if (ssl_certsok_flag) { + user_fp = fopen("/etc/ssl.users", "r"); +- if (!auth_ssl_name || !user_fp) { ++ if (!auth_ssl_name || !user_fp || !UserNameRequested) { + /* If we haven't received a certificate, then don't + * return AUTH_VALID. + */ +@@ -486,7 +490,7 @@ + cp = strchr(n, ','); + if (cp) + *cp++ = '\0'; +- if (!UserNameRequested || ++ if (UserNameRequested && + !strcmp(UserNameRequested, n)) { + strcpy(name, n); + fclose(user_fp); +@@ -543,7 +547,7 @@ + default: + sprintf(lbuf, " %d (unknown)", data[3]); + strncpy((char *)buf, lbuf, buflen); +- common2: ++/* common2: */ + BUMP(buf, buflen); + for (i = 4; i < cnt; i++) { + sprintf(lbuf, " %d", data[i]); +@@ -568,7 +572,7 @@ + #endif /* SSLEAY8 */ + { + static char *saved_subject=NULL; +- X509 *peer; ++ /* X509 *peer; */ + char *subject, *issuer; + #ifdef SSLEAY8 + int depth,error; +@@ -715,8 +719,8 @@ + int depth, error; + #endif /* SSLEAY8 */ + { +- X509 *peer; +- char *subject, *issuer; ++ /* X509 *peer; */ ++ char *subject, *issuer, *cnsubj; + #ifdef SSLEAY8 + int depth,error; + char *xs; +@@ -727,13 +731,13 @@ + + #endif /* SSLEAY8 */ + +-#ifdef LOCAL_DEBUG +- fprintf(stderr,"ssl:client_verify_callback:depth=%d ok=%d err=%d-%s\n", +- depth,ok,error,X509_cert_verify_error_string(error)); +- fflush(stderr); +-#endif /* LOCAL_DEBUG */ ++ if(ssl_debug_flag && !ok) { ++ fprintf(stderr,"ssl:client_verify_callback:depth=%d ok=%d err=%d-%s\n", ++ depth,ok,error,X509_verify_cert_error_string(error)); ++ fflush(stderr); ++ } + +- subject=issuer=NULL; ++ subject=issuer=cnsubj=NULL; + + /* first thing is to have a meaningful name for the current + * certificate that is being verified ... and if we cannot +@@ -761,60 +765,77 @@ + fflush(stderr); + } + +- /* if the server is using a self signed certificate then +- * we need to decide if that is good enough for us to +- * accept ... +- */ +- if (error==VERIFY_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) { +- if (ssl_cert_required) { +- /* make 100% sure that in secure more we drop the +- * connection if the server does not have a +- * real certificate! +- */ +- fprintf(stderr,"SSL: rejecting connection - server has a self-signed certificate\n"); +- fflush(stderr); +- +- /* sometimes it is really handy to be able to debug things +- * and still get a connection! +- */ +- if (ssl_debug_flag) { +- fprintf(stderr,"SSL: debug -> ignoring cert required!\n"); +- fflush(stderr); +- ok=1; +- } else { +- ok=0; +- } +- goto return_time; +- } else { +- ok=1; +- goto return_time; +- } ++ /* verify commonName matches hostname */ ++ if(ssl_cert_required && depth == 0) { ++ char *cn,*p; ++ ++ cnsubj=strdup(subject); ++ if(cnsubj == NULL) { ++ fprintf(stderr,"SSL: Out of memory.\n"); ++ ok=0; ++ goto return_time; ++ } ++ cn=strstr(cnsubj,"/CN="); ++ if(cn == NULL) { ++ fprintf(stderr,"SSL: Cannot extract CN from certificate subject.\n"); ++ ok=0; ++ goto return_time; ++ } ++ cn+=4; /* skip /CN= */ ++ p=strchr(cn,'/'); ++ if(p != NULL) { ++ *p='\0'; ++ } ++ if(strcasecmp(cn,RemoteHostName) != 0) { ++ fprintf(stderr,"SSL: Certificate CN (%s) does not match hostname (%s)\n", ++ cn,RemoteHostName); ++ ok=0; ++ goto return_time; ++ } + } + +- /* if we have any form of error in secure mode we reject the connection */ +- if (! ((error==VERIFY_OK)||(error==VERIFY_ROOT_OK)) ) { +- if (ssl_cert_required) { +- fprintf(stderr,"SSL: rejecting connection - "); +- if (error==VERIFY_ERR_UNABLE_TO_GET_ISSUER) { +- fprintf(stderr,"unknown issuer: %s\n",issuer); +- } else { +- ERR_print_errors(bio_err); +- } +- fflush(stderr); +- ok=0; +- goto return_time; +- } else { +- /* be nice and display a lot more meaningful stuff +- * so that we know which issuer is unknown no matter +- * what the callers options are ... +- */ +- if (error==VERIFY_ERR_UNABLE_TO_GET_ISSUER) { +- fprintf(stderr,"SSL: unknown issuer: %s\n",issuer); +- fflush(stderr); +- } +- } ++ if((error==VERIFY_OK) || (error==VERIFY_ROOT_OK)) { ++ goto return_time; + } + ++ switch(error) { ++ case VERIFY_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: ++ fprintf(stderr,"SSL: Server has a self-signed certificate\n"); ++ case VERIFY_ERR_UNABLE_TO_GET_ISSUER: ++ fprintf(stderr,"SSL: unknown issuer: %s\n",issuer); ++ break; ++ case X509_V_ERR_CERT_NOT_YET_VALID: ++ fprintf(stderr,"SSL: Certificate not yet valid\n"); ++ BIO_printf(bio_err,"notBefore="); ++ ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); ++ BIO_printf(bio_err,"\n"); ++ break; ++ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: ++ fprintf(stderr,"SSL: Error in certificate notBefore field\n"); ++ BIO_printf(bio_err,"notBefore="); ++ ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); ++ BIO_printf(bio_err,"\n"); ++ break; ++ case X509_V_ERR_CERT_HAS_EXPIRED: ++ fprintf(stderr,"SSL: Certificate has expired\n"); ++ BIO_printf(bio_err,"notAfter="); ++ ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); ++ BIO_printf(bio_err,"\n"); ++ break; ++ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: ++ fprintf(stderr,"SSL: Error in certificate notAfter field\n"); ++ BIO_printf(bio_err,"notAfter="); ++ ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); ++ BIO_printf(bio_err,"\n"); ++ break; ++ default: ++ fprintf(stderr,"SSL: %s (%d)\n", X509_verify_cert_error_string(error),error); ++ break; ++ } ++ ++ /* If we are here there was an error */ ++ ok=0; ++ + return_time: ; + + /* clean up things */ +@@ -822,7 +843,20 @@ + free(subject); + if (issuer!=NULL) + free(issuer); +- ++ if (cnsubj!=NULL) ++ free(cnsubj); ++ if(!ok && ssl_cert_required) { ++ if(ssl_debug_flag) { ++ fprintf(stderr,"SSL: debug -> ignoring cert required!\n"); ++ ok=1; ++ } ++ else { ++ fprintf(stderr,"SSL: Rejecting connection\n"); ++ ok=0; ++ } ++ } ++ fflush(stderr); ++ + return ok; + } + +diff -ur netkit-telnet-ssl-0.17.24+0.1/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/Makefile +--- netkit-telnet-ssl-0.17.24+0.1/Makefile 2004-05-27 11:47:25.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/Makefile 2010-05-11 14:19:36.673445641 +0200 +@@ -1,7 +1,7 @@ + # You can do "make SUB=blah" to make only a few, or edit here, or both + # You can also run make directly in the subdirs you want. + +-SUB = telnet telnetd telnetlogin ++SUB = libtelnet telnet telnetd + + %.build: + (cd $(patsubst %.build, %, $@) && $(MAKE)) +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/authenc.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/authenc.cc +--- netkit-telnet-ssl-0.17.24+0.1/telnet/authenc.cc 2000-07-23 05:24:53.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/authenc.cc 2010-05-11 13:44:40.056990450 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)authenc.c 5.1 (Berkeley) 3/1/91 + */ + char au_rcsid[] = +- "$Id: authenc.cc,v 1.6 2000/07/23 03:24:53 dholland Exp $"; ++ "$Id: authenc.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + #if defined(ENCRYPT) || defined(AUTHENTICATE) + #include <sys/types.h> +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/commands.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/commands.cc +--- netkit-telnet-ssl-0.17.24+0.1/telnet/commands.cc 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/commands.cc 2010-05-11 13:44:40.060322107 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)commands.c 5.5 (Berkeley) 3/22/91 + */ + char cmd_rcsid[] = +- "$Id: commands.cc,v 1.34 2000/07/23 04:16:24 dholland Exp $"; ++ "$Id: commands.cc,v 1.13 2007-10-04 21:38:18 ianb Exp $"; + + #include <string.h> + +@@ -653,6 +653,21 @@ + return 1; + } + ++#ifdef AUTHENTICATE ++ ++static int tog_autologin(int) { ++ if(autologin == 0) { ++ autologin=1; ++ env_export("USER"); ++ } ++ else { ++ autologin=0; ++ env_unexport("USER"); ++ } ++ return 1; ++} ++ ++#endif /* AUTHENTICATE */ + + static int netdata; /* Print out network data flow */ + static int prettydump; /* Print "netdata" output in user readable format */ +@@ -682,13 +697,13 @@ + + #if defined(AUTHENTICATE) + { "autologin", "automatic sending of login and/or authentication info", +- NULL, &autologin, ++ tog_autologin, NULL, + "send login name and/or authentication information" }, + { "authdebug", "Toggle authentication debugging", + auth_togdebug, NULL, + "print authentication debugging information" }, + #endif +-#if 0 ++#ifdef ENCRYPT + { "autoencrypt", "automatic encryption of data stream", + EncryptAutoEnc, NULL, + "automatically encrypt output" }, +@@ -701,7 +716,7 @@ + { "encdebug", "Toggle encryption debugging", + EncryptDebug, NULL, + "print encryption debugging information" }, +-#endif ++#endif /* ENCRYPT */ + + { "skiprc", "don't read the telnetrc files", + NULL, &skiprc, +@@ -750,7 +765,7 @@ + NULL, &showoptions, + "show option processing" }, + +- { "termdata", "(debugging) toggle printing of hexadecimal terminal data", ++ { "termdata", "toggle printing of hexadecimal terminal data (debugging)", + NULL, &termdata, + "print hexadecimal representation of terminal traffic" }, + +@@ -1357,9 +1372,9 @@ + else + shellname++; + if (argc > 1) +- execl(shellp, shellname, "-c", &saveline[1], 0); ++ execl(shellp, shellname, "-c", &saveline[1], (char *) NULL); + else +- execl(shellp, shellname, 0); ++ execl(shellp, shellname, (char *) NULL); + perror("Execl"); + _exit(1); + } +@@ -1510,10 +1525,10 @@ + + #if defined(AUTHENTICATE) + struct authlist { +- char *name; +- char *help; +- int (*handler)(const char *, const char *); +- int narg; ++ const char *name; ++ const char *help; ++ int (*handler)(const char *, const char *); ++ int narg; + }; + + static int auth_help (const char *, const char *); +@@ -1833,8 +1848,22 @@ + if (*portp == '-') { + portp++; + telnetport = 1; +- } else ++ } else { + telnetport = 0; ++ if (*portp >='0' && *portp<='9') { ++ char *end; ++ long int p; ++ ++ p=strtol(portp, &end, 10); ++ if (ERANGE==errno && (LONG_MIN==p || LONG_MAX==p)) { ++ fprintf(stderr, "telnet: port %s overflows\n", portp); ++ return 0; ++ } else if (p<=0 || p>=65536) { ++ fprintf(stderr, "telnet: port %s out of range\n", portp); ++ return 0; ++ } ++ } ++ } + } + else { + portp = "telnet"; +@@ -1860,7 +1889,7 @@ + if (res < 0) + return 0; + } +- ++ + /* Resolve both the host and service simultaneously. */ + res = getaddrinfo(resolv_hostp, portp, &hints, &hostaddr); + if (res == EAI_NONAME) { +@@ -1902,6 +1931,16 @@ + NI_NUMERICHOST | NI_NUMERICSERV); + + printf("Trying %s...\n", name); ++ ++ if (tmpaddr->ai_canonname == 0) { ++ hostname = new char[strlen(hostp)+1]; ++ strcpy(hostname, hostp); ++ } ++ else { ++ hostname = new char[strlen(tmpaddr->ai_canonname)+1]; ++ strcpy(hostname, tmpaddr->ai_canonname); ++ } ++ + x = nlink.connect(debug, tmpaddr, srp, srlen, tos); + if (!x) + goto err; +@@ -1909,18 +1948,18 @@ + goto nextaddr; + + connected++; ++ ++#ifdef USE_SSL ++ if (ssl_secure_flag || (strcmp(hostp, "localhost") != 0)) { ++ /* autologin = 1; */ ++ use_authentication=1; ++ } ++#endif /* USE_SSL */ ++ + #if defined(AUTHENTICATE) + auth_encrypt_connect(connected); + #endif + } while (connected == 0); +- if (tmpaddr->ai_canonname == 0) { +- hostname = new char[strlen(hostp)+1]; +- strcpy(hostname, hostp); +- } +- else { +- hostname = new char[strlen(tmpaddr->ai_canonname)+1]; +- strcpy(hostname, tmpaddr->ai_canonname); +- } + + cmdrc(hostp, hostname, portp); + freeaddrinfo(hostaddr); +@@ -1966,6 +2005,9 @@ + #if defined(AUTHENTICATE) + authhelp[] = "turn on (off) authentication ('auth ?' for more)", + #endif ++#if defined(USE_SSL) ++ startsslhelp[] = "switch to telnet-over-ssl (use 'auth' for ssl-over-telnet)", ++#endif + zhelp[] = "suspend telnet", + /* shellhelp[] = "invoke a subshell", */ + envhelp[] = "change environment variables ('environ ?' for more)", +@@ -1981,6 +2023,34 @@ + return 0; + } + ++#if defined(USE_SSL) ++static int startssl_cmd(void) ++{ ++ if(ssl_con == NULL) ++ { ++ fprintf(stderr,"telnet: Internal error - ssl_con not initialised.\n"); ++ return 1; ++ } ++ ++ if(ssl_active_flag) ++ { ++ fprintf(stderr,"telnet: SSL already in use.\n"); ++ return 1; ++ } ++ ++ if (SSL_connect(ssl_con) < 1) ++ { ++ ERR_print_errors_fp(stderr); ++ fflush(stderr); ++ } else { ++ display_connect_details(ssl_con,ssl_debug_flag); ++ ssl_active_flag=1; ++ ssl_only_flag=1; ++ } ++ return 1; ++} ++#endif /* USE_SSL */ ++ + static int slc_mode_import_0(void) { + slc_mode_import(0); + return 1; +@@ -2028,6 +2098,10 @@ + #endif + // BIND("encrypt", encrypthelp, encrypt_cmd); + ++#if defined(USE_SSL) ++ BIND("startssl", startsslhelp, startssl_cmd); ++#endif ++ + BIND("z", zhelp, suspend); + + #if defined(TN3270) /* why?! */ +@@ -2233,22 +2307,18 @@ + } + + void cmdrc(const char *m1, const char *m2, const char *port) { +- static char *rcname = 0; +- static char rcbuf[128]; ++ char *rcname = NULL; + + if (skiprc) return; + + readrc(m1, m2, port, "/etc/telnetrc"); +- if (rcname == 0) { +- rcname = getenv("HOME"); +- if (rcname) +- strcpy(rcbuf, rcname); +- else +- rcbuf[0] = '\0'; +- strcat(rcbuf, "/.telnetrc"); +- rcname = rcbuf; +- } ++ if (asprintf (&rcname, "%s/.telnetrc", getenv ("HOME")) == -1) ++ { ++ perror ("asprintf"); ++ return; ++ } + readrc(m1, m2, port, rcname); ++ free (rcname); + } + + #if defined(IP_OPTIONS) && defined(HAS_IPPROTO_IP) +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/defines.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/defines.h +--- netkit-telnet-ssl-0.17.24+0.1/telnet/defines.h 2004-05-27 11:47:01.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/defines.h 2010-05-11 13:44:40.063654881 +0200 +@@ -31,7 +31,7 @@ + * SUCH DAMAGE. + * + * from: @(#)defines.h 5.1 (Berkeley) 9/14/90 +- * $Id: defines.h,v 1.5 1996/08/04 23:44:43 dholland Exp $ ++ * $Id: defines.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ + */ + + #define ENV_VAR NEW_ENV_VAR +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/externs.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/externs.h +--- netkit-telnet-ssl-0.17.24+0.1/telnet/externs.h 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/externs.h 2010-05-11 13:44:40.063654881 +0200 +@@ -31,7 +31,7 @@ + * SUCH DAMAGE. + * + * from: @(#)externs.h 5.3 (Berkeley) 3/22/91 +- * $Id: externs.h,v 1.20 1999/08/19 09:34:15 dholland Exp $ ++ * $Id: externs.h,v 1.2 2004-11-17 15:28:51 ianb Exp $ + */ + + #ifndef BSD +@@ -57,6 +57,7 @@ + #define SUBBUFSIZE 256 + + extern int autologin; /* Autologin enabled */ ++extern int use_authentication; /* use SSL authentication */ + extern int skiprc; /* Don't process the ~/.telnetrc file */ + extern int eight; /* use eight bit mode (binary in and/or out) */ + extern int binary; /* use binary option (in and/or out) */ +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/fdset.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/fdset.h +--- netkit-telnet-ssl-0.17.24+0.1/telnet/fdset.h 1996-07-16 07:17:22.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/fdset.h 2010-05-11 13:44:40.063654881 +0200 +@@ -31,7 +31,7 @@ + * SUCH DAMAGE. + * + * from: @(#)fdset.h 5.1 (Berkeley) 9/14/90 +- * $Id: fdset.h,v 1.1 1996/07/16 05:17:22 dholland Exp $ ++ * $Id: fdset.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ + */ + + /* +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/general.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/general.h +--- netkit-telnet-ssl-0.17.24+0.1/telnet/general.h 1996-07-16 07:17:22.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/general.h 2010-05-11 13:44:40.063654881 +0200 +@@ -31,7 +31,7 @@ + * SUCH DAMAGE. + * + * from: @(#)general.h 5.2 (Berkeley) 3/1/91 +- * $Id: general.h,v 1.1 1996/07/16 05:17:22 dholland Exp $ ++ * $Id: general.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ + */ + + /* +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/genget.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/genget.cc +--- netkit-telnet-ssl-0.17.24+0.1/telnet/genget.cc 1996-07-26 11:54:09.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/genget.cc 2010-05-11 13:44:40.063654881 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)genget.c 5.1 (Berkeley) 2/28/91 + */ + char gg_rcsid[] = +- "$Id: genget.cc,v 1.3 1996/07/26 09:54:09 dholland Exp $"; ++ "$Id: genget.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + #include <string.h> + #include <ctype.h> +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/glue.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/glue.cc +--- netkit-telnet-ssl-0.17.24+0.1/telnet/glue.cc 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/glue.cc 2010-05-11 13:44:40.083654043 +0200 +@@ -11,8 +11,9 @@ + printsub_h(direction, pointer, length); + } + +-extern "C" void writenet(const char *str, int len) { ++extern "C" int writenet(const char *str, int len) { + netoring.write(str, len); ++ return 1; + } + + extern "C" int telnet_spin() { +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/main.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/main.cc +--- netkit-telnet-ssl-0.17.24+0.1/telnet/main.cc 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/main.cc 2010-05-11 13:44:40.066988214 +0200 +@@ -39,7 +39,7 @@ + * From: @(#)main.c 5.4 (Berkeley) 3/22/91 + */ + char main_rcsid[] = +- "$Id: main.cc,v 1.14 1999/08/01 05:06:37 dholland Exp $"; ++ "$Id: main.cc,v 1.6 2004-11-22 20:26:37 ianb Exp $"; + + #include "../version.h" + +@@ -86,16 +86,27 @@ + * -X <atype> disable specified auth type + */ + void usage(void) { +- fprintf(stderr, "Usage: %s %s%s%s%s\n", ++ fprintf(stderr, "Usage: %s %s%s%s%s%s\n", + prompt, ++#ifdef AUTHENTICATE ++ "[-4] [-6] [-8] [-E] [-K] [-L] [-X atype] [-a] [-d] [-e char]", ++ "\n\t[-l user] [-n tracefile] [ -b addr ]", ++#else + "[-4] [-6] [-8] [-E] [-L] [-a] [-d] [-e char] [-l user]", + "\n\t[-n tracefile] [ -b addr ]", ++#endif + #ifdef TN3270 + "\n\t" + "[-noasynch] [-noasynctty] [-noasyncnet] [-r] [-t transcom]\n\t", + #else + " [-r] ", + #endif ++#ifdef USE_SSL ++ /* might as well output something useful here ... */ ++ "\n\t[-z ssl] [-z secure] [-z debug] [-z verify=int]\n\t[-z cert=file] [-z key=file]\n\t", ++#else /* !USE_SSL */ ++ "", ++#endif /* USE_SSL */ + "[host-name [port]]" + ); + exit(1); +@@ -135,8 +146,73 @@ + autologin = -1; + + while ((ch = getopt(argc, argv, +- "4678EKLS:X:ab:de:k:l:n:rt:x")) != EOF) { ++ "4678EKLS:X:ab:de:k:l:n:rt:xz:")) != EOF) { + switch(ch) { ++#ifdef USE_SSL ++ case 'z': ++ { ++ char *origopt; ++ ++ origopt=strdup(optarg); ++ optarg=strtok(origopt,","); ++ ++ while(optarg!=NULL) { ++ ++ if (strcmp(optarg, "debug") == 0 ) { ++ ssl_debug_flag=1; ++ } else if (strcmp(optarg, "authdebug") == 0 ) { ++ auth_debug_mode=1; ++ } else if (strcmp(optarg, "ssl") == 0 ) { ++ ssl_only_flag=1; ++ } else if ( (strcmp(optarg, "!ssl") == 0) || ++ (strcmp(optarg, "nossl") == 0) ) { ++ /* we may want to switch SSL negotiation off ++ * for testing or other reasons ++ */ ++ ssl_disabled_flag=1; ++ } else if (strcmp(optarg, "certrequired") == 0 ) { ++ ssl_cert_required=1; ++ } else if (strcmp(optarg, "secure") == 0 ) { ++ ssl_secure_flag=1; ++ } else if (strcmp(optarg, "verbose") == 0 ) { ++ ssl_verbose_flag=1; ++ } else if (strncmp(optarg, "verify=", ++ strlen("verify=")) == 0 ) { ++ ssl_verify_flag=atoi(optarg+strlen("verify=")); ++ } else if (strncmp(optarg, "cert=", ++ strlen("cert=")) == 0 ) { ++ ssl_cert_file= optarg + strlen("cert="); ++ } else if (strncmp(optarg, "key=", ++ strlen("key=")) == 0 ) { ++ ssl_key_file= optarg + strlen("key="); ++ } else if (strncmp(optarg,"cipher=", ++ strlen("cipher="))==0) { ++ ssl_cipher_list=optarg+strlen("cipher="); ++ } else { ++ /* report when we are given rubbish so that ++ * if the user makes a mistake they have to ++ * correct it! ++ */ ++ fprintf(stderr,"Unknown SSL option %s\n",optarg); ++ fflush(stderr); ++ exit(1); ++ } ++ ++ /* get the next one ... */ ++ optarg=strtok(NULL,","); ++ ++ } ++ ++ /* ++ if (origopt!=NULL) ++ free(origopt); ++ */ ++ ++ } ++ ++ break; ++#endif /* USE_SSL */ ++ + case '4': + family = AF_INET; + break; +@@ -257,14 +333,25 @@ + autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1; + + #ifdef USE_SSL ++ if((ssl_cert_file != NULL) || (ssl_key_file != NULL)) { ++ autologin = 1; ++ } ++ + if (ssl_secure_flag||ssl_cert_required) { + /* in secure mode we *must* switch on the base level + * verify checking otherwise we cannot abort connections + * at the right place! + */ + if (ssl_verify_flag == 0) +- ssl_verify_flag = 1; ++ ssl_verify_flag = SSL_VERIFY_PEER;; + } ++ ++ /* client mode ignores SSL_VERIFY_FAIL_IF_NO_PEER_CERT, ++ so simulate it using certrequired */ ++ if(ssl_verify_flag & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { ++ ssl_cert_required=1; ++ } ++ + #endif /* USE_SSL */ + + argc -= optind; +@@ -289,11 +376,6 @@ + *argp++ = family == AF_INET ? "-4" : "-6"; + } + *argp++ = argv[0]; /* host */ +-#ifdef USE_SSL +- if (strcmp(argv[0], "localhost") != 0) { +- autologin = 1; +- } +-#endif /* USE_SSL */ + if (argc > 1) + *argp++ = argv[1]; /* port */ + *argp = 0; +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnet/Makefile +--- netkit-telnet-ssl-0.17.24+0.1/telnet/Makefile 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/Makefile 2010-05-11 13:44:40.056990450 +0200 +@@ -6,15 +6,18 @@ + #CXXFLAGS:=$(patsubst -O2, -g, $(CXXFLAGS)) + + # -DAUTHENTICATE +-CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE +-LIBS = $(LIBTERMCAP) ++CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE -DAUTHENTICATE -DUSE_SSL \ ++ -I/usr/include/openssl -I../ ++LIBTELNET = ../libtelnet/libtelnet.a ++LIBS += $(LIBTERMCAP) $(LIBTELNET) -lssl -lcrypto + + SRCS = commands.cc main.cc network.cc ring.cc sys_bsd.cc telnet.cc \ +- terminal.cc tn3270.cc utilities.cc genget.cc environ.cc netlink.cc ++ terminal.cc tn3270.cc utilities.cc genget.cc environ.cc netlink.cc \ ++ glue.cc glue2.cc + + OBJS = $(patsubst %.cc, %.o, $(SRCS)) + +-telnet: $(OBJS) ++telnet: $(OBJS) $(LIBTELNET) + $(CXX) $(LDFLAGS) $^ $(LIBS) -o $@ + + include depend.mk +@@ -22,7 +25,7 @@ + $(CXX) $(CXXFLAGS) -MM $(SRCS) >depend.mk + + install: telnet +- install -s -m$(BINMODE) telnet $(INSTALLROOT)$(BINDIR)/telnet-ssl ++ install -m$(BINMODE) telnet $(INSTALLROOT)$(BINDIR)/telnet-ssl + install -m$(MANMODE) telnet.1 $(INSTALLROOT)$(MANDIR)/man1/telnet-ssl.1 + + clean: +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/netlink.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/netlink.cc +--- netkit-telnet-ssl-0.17.24+0.1/telnet/netlink.cc 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/netlink.cc 2010-05-11 13:44:40.066988214 +0200 +@@ -12,12 +12,27 @@ + #include "proto.h" + #include "ring.h" + #include <libtelnet/sslapp.h> ++#include <libtelnet/misc-proto.h> + + /* In Linux, this is an enum */ + #if defined(__linux__) || defined(IPPROTO_IP) + #define HAS_IPPROTO_IP + #endif + ++/* code from Peter 'Luna' Runestig <peter@runestig.com> */ ++static int select_read(int rfd) ++/* timeout = 20 seconds */ ++{ ++ fd_set rfds; ++ struct timeval tv; ++ ++ FD_ZERO(&rfds); ++ FD_SET(rfd, &rfds); ++ tv.tv_sec = 20; ++ tv.tv_usec = 0; ++ return select(rfd + 1, &rfds, NULL, NULL, &tv); ++} ++ + netlink nlink; + + class netchannel : public ringbuf::source { +@@ -26,12 +41,23 @@ + int net = nlink.getfd(); + int l; + #ifdef USE_SSL +- if (ssl_active_flag) +- l = SSL_read(ssl_con, buf, maxlen); +- else ++ if (ssl_active_flag) { ++ do { ++ l = SSL_read(ssl_con, buf, maxlen); ++ /* ++ * SSL_ERROR_WANT_READ may occur if an SSL/TLS rehandshake occurs. ++ * This means that data was available at the socket, but all was ++ * consumed by SSL itself, so we select (w/20s timeout) and retry. ++ */ ++ } while (l<0 && ++ (SSL_ERROR_WANT_READ == SSL_get_error(ssl_con, l)) && ++ (select_read(net) > 0)); ++ } else + #endif /* USE_SSL */ +- l = recv(net, buf, maxlen, 0); +- if (l<0 && errno == EWOULDBLOCK) l = 0; ++ { ++ l = recv(net, buf, maxlen, 0); ++ if (l<0 && errno == EWOULDBLOCK) l = 0; ++ } + return l; + } + }; +@@ -70,11 +96,11 @@ + + + netlink::netlink() { net = -1; } +-netlink::~netlink() { ::close(net); } ++netlink::~netlink() { if (net >= 0) ::close(net); } + + + int netlink::setdebug(int debug) { +- if (net > 0 && ++ if (net >= 0 && + (setsockopt(net, SOL_SOCKET, SO_DEBUG, &debug, sizeof(debug))) < 0) { + perror("setsockopt (SO_DEBUG)"); + } +@@ -95,7 +121,8 @@ + ssl_active_flag=0; + } + #endif /* USE_SSL */ +- ::close(net); ++ if (net >= 0) ++ ::close(net); + net = -1; + } + +@@ -142,7 +169,8 @@ + { + int on=1; + int res; +- ++ extern char *hostname; ++ + res = socket(addr->ai_family); + if (res < 2) + return res; +@@ -192,10 +220,24 @@ + /* bind in the network descriptor */ + SSL_set_fd(ssl_con,net); + ++#if defined(AUTHENTICATE) ++ /* moved from telnet() so client_verify_callback knows RemoteHostName -ianb */ ++ { ++ static char local_host[256] = { 0 }; ++ int len = sizeof(local_host); ++ ++ if (!local_host[0]) { ++ gethostname(local_host, len); /* WAS &len!!! */ ++ local_host[sizeof(local_host)-1] = 0; ++ } ++ auth_encrypt_init(local_host, hostname, "TELNET", 0); ++ } ++#endif ++ + /* if we are doing raw SSL then start it now ... */ + if (ssl_only_flag) { + if (!SSL_connect(ssl_con)) { +- static char errbuf[1024]; ++ /* static char errbuf[1024]; */ + + ERR_print_errors_fp(stderr); + perror("SSL_connect"); +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/network.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/network.cc +--- netkit-telnet-ssl-0.17.24+0.1/telnet/network.cc 2004-05-27 11:47:01.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/network.cc 2010-05-11 13:44:40.066988214 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)network.c 5.2 (Berkeley) 3/1/91 + */ + char net_rcsid[] = +- "$Id: network.cc,v 1.15 1996/08/13 08:09:58 dholland Exp $"; ++ "$Id: network.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + #include <sys/types.h> + #include <sys/socket.h> +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/proto.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/proto.h +--- netkit-telnet-ssl-0.17.24+0.1/telnet/proto.h 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/proto.h 2010-05-11 13:44:40.070321269 +0200 +@@ -10,9 +10,11 @@ + int TerminalSpecialChars(int); + void TerminalSpeeds(long *ispeed, long *ospeed); + int TerminalWindowSize(long *rows, long *cols); ++#if 0 + void auth_encrypt_user(char *); + void auth_name(unsigned char *, int); + void auth_printsub(unsigned char *, int, unsigned char *, int); ++#endif + void cmdrc(const char *, const char *, const char *); + void env_init(void); + int getconnmode(void); +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/ring.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.cc +--- netkit-telnet-ssl-0.17.24+0.1/telnet/ring.cc 2004-05-27 11:47:01.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.cc 2010-05-11 13:44:40.070321269 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)ring.c 5.2 (Berkeley) 3/1/91 + */ + char ring_rcsid[] = +- "$Id: ring.cc,v 1.23 2000/07/23 03:25:09 dholland Exp $"; ++ "$Id: ring.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + /* + * This defines a structure for a ring buffer. +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/ring.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.h +--- netkit-telnet-ssl-0.17.24+0.1/telnet/ring.h 2004-05-27 11:47:01.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.h 2010-05-11 13:44:40.070321269 +0200 +@@ -31,7 +31,7 @@ + * SUCH DAMAGE. + * + * from: @(#)ring.h 5.2 (Berkeley) 3/1/91 +- * $Id: ring.h,v 1.13 1996/08/13 08:43:28 dholland Exp $ ++ * $Id: ring.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ + */ + + class datasink { +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/sys_bsd.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/sys_bsd.cc +--- netkit-telnet-ssl-0.17.24+0.1/telnet/sys_bsd.cc 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/sys_bsd.cc 2010-05-11 13:44:40.070321269 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)sys_bsd.c 5.2 (Berkeley) 3/1/91 + */ + char bsd_rcsid[] = +- "$Id: sys_bsd.cc,v 1.24 1999/09/28 16:29:24 dholland Exp $"; ++ "$Id: sys_bsd.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + /* + * The following routines try to encapsulate what is system dependent +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.1 netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.1 +--- netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.1 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.1 2010-05-11 13:44:40.073654603 +0200 +@@ -30,7 +30,7 @@ + .\" SUCH DAMAGE. + .\" + .\" from: @(#)telnet.1 6.16 (Berkeley) 7/27/91 +-.\" $Id: telnet.1,v 1.15 2000/07/30 23:57:08 dholland Exp $ ++.\" $Id: telnet.1,v 1.5 2006-09-24 00:48:31 ianb Exp $ + .\" + .Dd August 15, 1999 + .Dt TELNET 1 +@@ -42,12 +42,14 @@ + protocol + .Sh SYNOPSIS + .Nm telnet +-.Op Fl 468ELadr ++.Op Fl 468EKLadr + .Op Fl S Ar tos ++.Op Fl X Ar authtype + .Op Fl b Ar address + .Op Fl e Ar escapechar + .Op Fl l Ar user + .Op Fl n Ar tracefile ++.Op Fl z Ar option + .Oo + .Ar host + .Op Ar port +@@ -152,44 +154,47 @@ + command below. + .It Fl z Ar option + Set SSL (Secure Socket Layer) parameters. The default is to negotiate +-via telnet protocoll if SSL is availlable at server side and then to ++via telnet protocol if SSL is available at server side and then to + switch it on. In this mode you can connect to both conventional and +-SSL enhanced telnetd's. ++SSL enhanced telnetd's. If the connection is made to localhost and ++.Ic -z secure ++is not set, then ++SSL is not enabled. + .Pp + The SSL parameters are: + .Bl -tag -width Fl +-.It Ic Ar debug ++.It Ic debug + Send SSL related debugging information to stderr. +-.It Ic Ar authdebug ++.It Ic authdebug + Enable authentication debugging. +-.It Ic Ar ssl ++.It Ic ssl + Negotiate SSL at first, then use telnet protocol. In this mode you can + connect to any server supporting directly SSL like Apache-SSL. Use + .Ic telnet -z ssl ssl3.netscape.com https + for example. telnet protocol negotiation goes encrypted. +-.It Ic Ar nossl, Ar !ssl +-switch of SSL negotiation +-.It Ic Ar certrequired +-client certificate is mandatory +-.It Ic Ar secure ++.It Ic nossl, Ic !ssl ++switch off SSL negotiation ++.It Ic certrequired ++server certificate is mandatory ++.It Ic secure + Don't switch back to unencrypted mode (no SSL) if SSL is not available. +-.It Ic Ar verbose ++.It Ic verbose + Be verbose about certificates etc. +-.It Ic Ar verify=int ++.It Ic verify= Ns Ar int + .\" TODO + Set the SSL verify flags (SSL_VERIFY_* in + .Ar ssl/ssl.h + ). + .\" TODO +-.It Ic Ar cert=cert_file ++.It Ic cert= Ns Ar cert_file + .\" TODO + Use the certificate(s) in + .Ar cert_file . +-.It Ic Ar key=key_file ++.It Ic key= Ns Ar key_file + .\" TODO + Use the key(s) in + .Ar key_file . +-.It Ic Ar cipher=ciph_list ++.It Ic cipher= Ns Ar ciph_list + .\" TODO + Set the preferred ciphers to + .Ar ciph_list . +@@ -319,10 +324,6 @@ + List the current status of the various types of + authentication. + .El +-.Pp +-Note that the current version of +-.Nm telnet +-does not support authentication. + .It Ic close + Close the connection to the remote host, if any, and return to command + mode. +@@ -332,49 +333,49 @@ + and + .Ic toggle + values (see below). +-.It Ic encrypt Ar argument ... +-The encrypt command controls the +-.Dv TELNET ENCRYPT +-protocol option. If +-.Nm telnet +-was compiled without encryption, the +-.Ic encrypt +-command will not be supported. +-.Pp +-Valid arguments are as follows: +-.Bl -tag -width Ar +-.It Ic disable Ar type Ic [input|output] +-Disable the specified type of encryption. If you do not specify input +-or output, encryption of both is disabled. To obtain a list of +-available types, use ``encrypt disable \&?''. +-.It Ic enable Ar type Ic [input|output] +-Enable the specified type of encryption. If you do not specify input +-or output, encryption of both is enabled. To obtain a list of +-available types, use ``encrypt enable \&?''. +-.It Ic input +-This is the same as ``encrypt start input''. +-.It Ic -input +-This is the same as ``encrypt stop input''. +-.It Ic output +-This is the same as ``encrypt start output''. +-.It Ic -output +-This is the same as ``encrypt stop output''. +-.It Ic start Ic [input|output] +-Attempt to begin encrypting. If you do not specify input or output, +-encryption of both input and output is started. +-.It Ic status +-Display the current status of the encryption module. +-.It Ic stop Ic [input|output] +-Stop encrypting. If you do not specify input or output, encryption of +-both is stopped. +-.It Ic type Ar type +-Sets the default type of encryption to be used with later ``encrypt start'' +-or ``encrypt stop'' commands. +-.El +-.Pp +-Note that the current version of +-.Nm telnet +-does not support encryption. ++.\" .It Ic encrypt Ar argument ... ++.\" The encrypt command controls the ++.\" .Dv TELNET ENCRYPT ++.\" protocol option. If ++.\" .Nm telnet ++.\" was compiled without encryption, the ++.\" .Ic encrypt ++.\" command will not be supported. ++.\" .Pp ++.\" Valid arguments are as follows: ++.\" .Bl -tag -width Ar ++.\" .It Ic disable Ar type Ic [input|output] ++.\" Disable the specified type of encryption. If you do not specify input ++.\" or output, encryption of both is disabled. To obtain a list of ++.\" available types, use ``encrypt disable \&?''. ++.\" .It Ic enable Ar type Ic [input|output] ++.\" Enable the specified type of encryption. If you do not specify input ++.\" or output, encryption of both is enabled. To obtain a list of ++.\" available types, use ``encrypt enable \&?''. ++.\" .It Ic input ++.\" This is the same as ``encrypt start input''. ++.\" .It Ic -input ++.\" This is the same as ``encrypt stop input''. ++.\" .It Ic output ++.\" This is the same as ``encrypt start output''. ++.\" .It Ic -output ++.\" This is the same as ``encrypt stop output''. ++.\" .It Ic start Ic [input|output] ++.\" Attempt to begin encrypting. If you do not specify input or output, ++.\" encryption of both input and output is started. ++.\" .It Ic status ++.\" Display the current status of the encryption module. ++.\" .It Ic stop Ic [input|output] ++.\" Stop encrypting. If you do not specify input or output, encryption of ++.\" both is stopped. ++.\" .It Ic type Ar type ++.\" Sets the default type of encryption to be used with later ``encrypt start'' ++.\" or ``encrypt stop'' commands. ++.\" .El ++.\" .Pp ++.\" Note that the current version of ++.\" .Nm telnet ++.\" does not support encryption. + .It Ic environ Ar arguments... + The + .Ic environ +@@ -1017,6 +1018,16 @@ + .Ic slc + command. + .El ++.It Ic startssl ++Attempt to negotiate telnet-over-SSL (as with the ++.Ic -z ssl ++option). This is useful when connecting to non-telnetds such ++as imapd (with the ++.Ic STARTTLS ++command). To control SSL when connecting to a SSL-enabled ++telnetd, use the ++.Ic auth ++command instead. + .It Ic status + Show the current status of + .Nm telnet . +@@ -1079,17 +1090,17 @@ + .Dv FALSE + (see + .Xr stty 1 ) . +-.It Ic autodecrypt +-When the +-.Dv TELNET ENCRYPT +-option is negotiated, by +-default the actual encryption (decryption) of the data +-stream does not start automatically. The autoencrypt +-(autodecrypt) command states that encryption of the +-output (input) stream should be enabled as soon as +-possible. +-.Pp +-Note that this flag exists only if encryption support is enabled. ++.\" .It Ic autodecrypt ++.\" When the ++.\" .Dv TELNET ENCRYPT ++.\" option is negotiated, by ++.\" default the actual encryption (decryption) of the data ++.\" stream does not start automatically. The autoencrypt ++.\" (autodecrypt) command states that encryption of the ++.\" output (input) stream should be enabled as soon as ++.\" possible. ++.\" .Pp ++.\" Note that this flag exists only if encryption support is enabled. + .It Ic autologin + If the remote side supports the + .Dv TELNET AUTHENTICATION +@@ -1174,9 +1185,9 @@ + .Ic super user ) . + The initial value for this toggle is + .Dv FALSE . +-.It Ic encdebug +-Turns on debugging information for the encryption code. +-Note that this flag only exists if encryption support is available. ++.\" .It Ic encdebug ++.\" Turns on debugging information for the encryption code. ++.\" Note that this flag only exists if encryption support is available. + .It Ic localchars + If this is + .Dv TRUE , +@@ -1221,8 +1232,9 @@ + is sent as + .Ic abort , + and +-.Ic eof and +-.B suspend ++.Ic eof ++and ++.Ic suspend + are sent as + .Ic eof and + .Ic susp , +@@ -1263,16 +1275,16 @@ + Toggles the display of all terminal data (in hexadecimal format). + The initial value for this toggle is + .Dv FALSE . +-.It Ic verbose_encrypt +-When the +-.Ic verbose_encrypt +-toggle is +-.Dv TRUE , +-.Tn TELNET +-prints out a message each time encryption is enabled or +-disabled. The initial value for this toggle is +-.Dv FALSE. +-This flag only exists if encryption support is available. ++.\" .It Ic verbose_encrypt ++.\" When the ++.\" .Ic verbose_encrypt ++.\" toggle is ++.\" .Dv TRUE , ++.\" .Tn TELNET ++.\" prints out a message each time encryption is enabled or ++.\" disabled. The initial value for this toggle is ++.\" .Dv FALSE. ++.\" This flag only exists if encryption support is available. + .It Ic \&? + Displays the legal + .Ic toggle +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.cc +--- netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.cc 2004-05-27 11:47:26.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.cc 2010-05-11 13:44:40.076987936 +0200 +@@ -47,7 +47,7 @@ + * From: @(#)telnet.c 5.53 (Berkeley) 3/22/91 + */ + char telnet_rcsid[] = +-"$Id: telnet.cc,v 1.36 2000/07/23 03:24:53 dholland Exp $"; ++"$Id: telnet.cc,v 1.8 2005-04-14 15:26:27 ianb Exp $"; + + #include <string.h> + #include <sys/types.h> +@@ -107,6 +107,7 @@ + eight = 3, + binary = 0, + autologin = 0, /* Autologin anyone? */ ++ use_authentication = 0, + skiprc = 0, + connected, + showoptions, +@@ -495,7 +496,8 @@ + break; + #if defined(AUTHENTICATE) + case TELOPT_AUTHENTICATION: +- if (autologin) ++ /* if (autologin) */ ++ if (use_authentication) + new_state_ok = 1; + break; + #endif +@@ -722,6 +724,7 @@ + */ + + static void suboption(void) { ++ extern int auth_failed; + printsub('<', subbuffer, SB_LEN()+2); + switch (SB_GET()) { + case TELOPT_TTYPE: +@@ -845,7 +848,8 @@ + + #if defined(AUTHENTICATE) + case TELOPT_AUTHENTICATION: { +- if (!autologin) ++ /* if (!autologin) */ ++ if (!use_authentication) + break; + if (SB_EOF()) + return; +@@ -864,6 +868,10 @@ + if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) + return; + auth_reply(subpointer, SB_LEN()); ++ if(auth_failed) { ++ /* auth rejected, quit */ ++ quit(); ++ } + break; + case TELQUAL_NAME: + if (my_want_state_is_dont(TELOPT_AUTHENTICATION)) +@@ -1140,6 +1148,7 @@ + + + unsigned char slc_reply[128]; ++unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)]; + unsigned char *slc_replyp; + + void slc_start_reply(void) { +@@ -1151,6 +1160,14 @@ + } + + void slc_add_reply(int func, int flags, int value) { ++ /* A sequence of up to 6 bytes my be written for this member of the SLC ++ * suboption list by this function. The end of negotiation command, ++ * which is written by slc_end_reply(), will require 2 additional ++ * bytes. Do not proceed unless there is sufficient space for these ++ * items. ++ */ ++ if (&slc_replyp[6+2] > slc_reply_eom) ++ return; + if ((*slc_replyp++ = func) == IAC) + *slc_replyp++ = IAC; + if ((*slc_replyp++ = flags) == IAC) +@@ -1819,25 +1836,19 @@ + */ + void telnet(const char *user) { + sys_telnet_init(); +- +-#if defined(AUTHENTICATE) +- { +- static char local_host[256] = { 0 }; +- int len = sizeof(local_host); +- +- if (!local_host[0]) { +- gethostname(local_host, len); /* WAS &len!!! */ +- local_host[sizeof(local_host)-1] = 0; +- } +- auth_encrypt_init(local_host, hostname, "TELNET", 0); +- auth_encrypt_user(user); +- } ++ ++#ifdef AUTHENTICATE ++ auth_encrypt_user(user); + #endif +- ++ + #if !defined(TN3270) + if (telnetport) { ++ ++ send_will(TELOPT_ENVIRON, 1); ++ + #if defined(AUTHENTICATE) +- if (autologin) ++ /* if (autologin) */ ++ if (use_authentication) + send_will(TELOPT_AUTHENTICATION, 1); + #endif + send_do(TELOPT_SGA, 1); +@@ -1846,7 +1857,6 @@ + send_will(TELOPT_TSPEED, 1); + send_will(TELOPT_LFLOW, 1); + send_will(TELOPT_LINEMODE, 1); +- send_will(TELOPT_ENVIRON, 1); + send_do(TELOPT_STATUS, 1); + if (env_getvalue("DISPLAY", 0)) + send_will(TELOPT_XDISPLOC, 1); +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/terminal.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/terminal.cc +--- netkit-telnet-ssl-0.17.24+0.1/telnet/terminal.cc 2004-05-27 11:47:01.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/terminal.cc 2010-05-11 13:44:40.080321548 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)terminal.c 5.3 (Berkeley) 3/22/91 + */ + char terminal_rcsid[] = +- "$Id: terminal.cc,v 1.25 1999/12/12 19:48:05 dholland Exp $"; ++ "$Id: terminal.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + #include <arpa/telnet.h> + #include <sys/types.h> +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/tn3270.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/tn3270.cc +--- netkit-telnet-ssl-0.17.24+0.1/telnet/tn3270.cc 1996-08-13 11:08:34.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/tn3270.cc 2010-05-11 13:44:40.080321548 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)tn3270.c 5.2 (Berkeley) 3/1/91 + */ + char tn3270_rcsid[] = +- "$Id: tn3270.cc,v 1.9 1996/08/13 09:08:34 dholland Exp $"; ++ "$Id: tn3270.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + #include <sys/types.h> + #include <arpa/telnet.h> +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/types.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/types.h +--- netkit-telnet-ssl-0.17.24+0.1/telnet/types.h 1996-07-27 02:45:54.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/types.h 2010-05-11 13:44:40.083654043 +0200 +@@ -31,7 +31,7 @@ + * SUCH DAMAGE. + * + * from: @(#)types.h 5.1 (Berkeley) 9/14/90 +- * $Id: types.h,v 1.2 1996/07/27 00:45:54 dholland Exp $ ++ * $Id: types.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ + */ + + typedef struct { +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/utilities.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/utilities.cc +--- netkit-telnet-ssl-0.17.24+0.1/telnet/utilities.cc 2004-05-27 11:47:27.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/utilities.cc 2010-05-11 13:44:40.083654043 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)utilities.c 5.3 (Berkeley) 3/22/91 + */ + char util_rcsid[] = +- "$Id: utilities.cc,v 1.19 1999/12/12 15:33:40 dholland Exp $"; ++ "$Id: utilities.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + #define TELOPTS + #define TELCMDS +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/authenc.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/authenc.c +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/authenc.c 2004-05-27 11:47:01.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/authenc.c 2010-05-11 13:44:40.086987376 +0200 +@@ -23,7 +23,7 @@ + * From: @(#)authenc.c 5.1 (Berkeley) 3/1/91 + */ + char authenc_rcsid[] = +- "$Id: authenc.c,v 1.5 1999/12/12 14:59:44 dholland Exp $"; ++ "$Id: authenc.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + #if defined(ENCRYPT) || defined(AUTHENTICATE) + #include "telnetd.h" +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/defs.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/defs.h +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/defs.h 2004-05-27 11:47:01.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/defs.h 2010-05-11 13:44:40.086987376 +0200 +@@ -31,7 +31,7 @@ + * SUCH DAMAGE. + * + * from: @(#)defs.h 5.10 (Berkeley) 3/1/91 +- * $Id: defs.h,v 1.7 1999/08/02 03:14:03 dholland Exp $ ++ * $Id: defs.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ + */ + + /* +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/ext.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/ext.h +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/ext.h 2004-05-27 11:47:27.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/ext.h 2010-05-11 13:44:40.086987376 +0200 +@@ -31,7 +31,7 @@ + * SUCH DAMAGE. + * + * from: @(#)ext.h 5.7 (Berkeley) 3/1/91 +- * $Id: ext.h,v 1.9 1999/12/12 14:59:44 dholland Exp $ ++ * $Id: ext.h,v 1.2 2004-11-21 12:53:12 ianb Exp $ + */ + + /* +@@ -113,7 +113,7 @@ + void interrupt(void); + void localstat(void); + void netclear(void); +-void netflush(void); ++int netflush(void); + size_t netbuflen(int); + void sendurg(const char *, size_t); + +@@ -183,7 +183,8 @@ + void tty_tspeed(int); + void willoption(int); + void wontoption(int); +-#define writenet(b, l) fwrite(b, 1, l, netfile) ++int writenet(char *, int); ++/*#define writenet(b, l) fwrite(b, 1, l, netfile)*/ + void netopen(void); + + #if defined(ENCRYPT) +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/getent.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/getent.c +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/getent.c 1996-08-15 08:23:28.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/getent.c 2010-05-11 13:44:40.086987376 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)getent.c 5.1 (Berkeley) 2/28/91 + */ + char ge_rcsid[] = +- "$Id: getent.c,v 1.3 1996/08/15 06:23:28 dholland Exp $"; ++ "$Id: getent.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + /* + * Copyright (c) 1991 Regents of the University of California. +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/global.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/global.c +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/global.c 2004-05-27 11:47:01.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/global.c 2010-05-11 13:44:40.090341661 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)global.c 5.2 (Berkeley) 6/1/90 + */ + char global_rcsid[] = +- "$Id: global.c,v 1.4 1999/12/12 14:59:44 dholland Exp $"; ++ "$Id: global.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + /* + * Allocate global variables. +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/issue.net.5 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/issue.net.5 +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/issue.net.5 2004-05-27 11:47:01.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/issue.net.5 2010-05-11 13:44:40.090341661 +0200 +@@ -15,26 +15,26 @@ + .Pa /etc/issue.net + is a text file which contains a message or system identification to be + printed before the login prompt of a telnet session. It may contain +-various `%-char' sequences. The following sequences are supported by ++various `%\&\-char' sequences. The following sequences are supported by + .Ic telnetd : + .Bl -tag -offset indent -compact -width "abcde" +-.It %t ++.It %\&t + - show the current tty +-.It %h ++.It %\&h + - show the system node name (FQDN) +-.It %D ++.It %\&D + - show the name of the NIS domain +-.It %d ++.It %\&d + - show the current time and date +-.It %s ++.It %\&s + - show the name of the operating system +-.It %m ++.It %\&m + - show the machine (hardware) type +-.It %r ++.It %\&r + - show the operating system release +-.It %v ++.It %\&v + - show the operating system version +-.It %% ++.It %\&% + - display a single '%' character + .El + .Sh FILES +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/Makefile +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/Makefile 2004-05-27 11:47:27.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/Makefile 2010-05-11 14:12:59.493485309 +0200 +@@ -9,9 +9,11 @@ + # take out -DPARANOID_TTYS. + + CFLAGS += '-DISSUE_FILE="/etc/issue.net"' -DPARANOID_TTYS \ +- -DNO_REVOKE -DKLUDGELINEMODE -DDIAGNOSTICS \ +- -DLOGIN_WRAPPER=\"/usr/lib/telnetlogin\" +-# LIBS += $(LIBTERMCAP) ++ -DNO_REVOKE -DKLUDGELINEMODE -DDIAGNOSTICS -DAUTHENTICATE \ ++ -DLOGIN_WRAPPER=\"/usr/lib/telnetlogin\" \ ++ -DUSE_SSL -I/usr/include/openssl -I.. ++LIBTELNET = ../libtelnet/libtelnet.a ++LIBS += $(LIBTERMCAP) $(LIBTELNET) -lssl -lcrypto + + OBJS = telnetd.o state.o termstat.o slc.o sys_term.o utility.o \ + global.o setproctitle.o +@@ -28,10 +30,10 @@ + telnetd.o: ../version.h + + install: telnetd +- install -s -m$(DAEMONMODE) telnetd $(INSTALLROOT)$(SBINDIR)/in.telnetd +- install -m$(MANMODE) issue.net.5 $(INSTALLROOT)$(MANDIR)/man5/ +- install -m$(MANMODE) telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/in.telnetd.8 +- ln -sf in.telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/telnetd.8 ++ install -m$(DAEMONMODE) telnetd $(INSTALLROOT)$(SBINDIR)/in.telnetd-ssl ++# install -m$(MANMODE) issue.net.5 $(INSTALLROOT)$(MANDIR)/man5/ ++ install -m$(MANMODE) telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/in.telnetd-ssl.8 ++ ln -sf in.telnetd-ssl.8 $(INSTALLROOT)$(MANDIR)/man8/telnetd-ssl.8 + + clean: + rm -f *.o telnetd +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/pathnames.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/pathnames.h +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/pathnames.h 1996-08-30 00:31:24.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/pathnames.h 2010-05-11 13:44:40.090341661 +0200 +@@ -31,7 +31,7 @@ + * SUCH DAMAGE. + * + * from: @(#)pathnames.h 5.5 (Berkeley) 6/28/90 +- * $Id: pathnames.h,v 1.3 1996/08/29 22:31:24 dholland Exp $ ++ * $Id: pathnames.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ + */ + + #include <paths.h> +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.3 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.3 +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.3 2000-07-31 01:57:09.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.3 2010-05-11 13:44:40.090341661 +0200 +@@ -1,5 +1,5 @@ + .\" OpenBSD: setproctitle.3,v 1.4 1996/10/08 01:20:08 michaels Exp +-.\" $Id: setproctitle.3,v 1.13 2000/07/30 23:57:09 dholland Exp $ ++.\" $Id: setproctitle.3,v 1.1 2004-10-14 13:19:53 ianb Exp $ + .\" + .\" Copyright (c) 1994, 1995 Christopher G. Demetriou + .\" All rights reserved. +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.c +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.c 2004-05-27 11:47:01.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.c 2010-05-11 13:44:40.090341661 +0200 +@@ -39,7 +39,7 @@ + * From: @(#)conf.c 8.243 (Berkeley) 11/20/95 + */ + char setproctitle_rcsid[] = +- "$Id: setproctitle.c,v 1.3 1999/12/10 23:06:39 bryce Exp $"; ++ "$Id: setproctitle.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + #include <stdlib.h> + #include <string.h> +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/slc.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/slc.c +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/slc.c 1999-12-12 15:59:44.000000000 +0100 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/slc.c 2010-05-11 13:44:40.096989611 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)slc.c 5.7 (Berkeley) 3/1/91 + */ + char slc_rcsid[] = +- "$Id: slc.c,v 1.5 1999/12/12 14:59:44 dholland Exp $"; ++ "$Id: slc.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + #include "telnetd.h" + +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/state.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/state.c +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/state.c 2004-05-27 11:47:27.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/state.c 2010-05-11 13:44:40.100321827 +0200 +@@ -35,11 +35,12 @@ + * From: @(#)state.c 5.10 (Berkeley) 3/22/91 + */ + char state_rcsid[] = +- "$Id: state.c,v 1.12 1999/12/12 19:41:44 dholland Exp $"; ++ "$Id: state.c,v 1.5 2005-07-07 21:53:00 ianb Exp $"; + + #include "telnetd.h" + #if defined(AUTHENTICATE) + #include <libtelnet/auth.h> ++extern char *UserNameRequested; + #endif + + int not42 = 1; +@@ -1161,7 +1162,7 @@ + + case TELOPT_ENVIRON: { + register int c; +- register char *cp, *varp, *valp; ++ register unsigned char *cp, *varp, *valp; + + if (SB_EOF()) + return; +@@ -1177,25 +1178,41 @@ + if (SB_EOF()) + return; + +- cp = varp = (char *)subpointer; ++ cp = varp = (unsigned char *)subpointer; + valp = 0; + + while (!SB_EOF()) { + switch (c = SB_GET()) { + case ENV_VALUE: + *cp = '\0'; +- cp = valp = (char *)subpointer; ++ cp = valp = (unsigned char *)subpointer; + break; + + case ENV_VAR: + *cp = '\0'; +- if (envvarok(varp)) { +- if (valp) +- (void)setenv(varp, valp, 1); +- else +- unsetenv(varp); ++ if (envvarok((char *)varp)) { ++ if (valp) { ++ (void)setenv((char *)varp, (char *)valp, 1); ++#ifdef AUTHENTICATE ++ if (strcmp((char *)varp,"USER") == 0) { ++ if (UserNameRequested) ++ free(UserNameRequested); ++ UserNameRequested=strdup((char *)valp); ++ } ++#endif /* AUTHENTICATE */ ++ } ++ else { ++ unsetenv((char *)varp); ++#ifdef AUTHENTICATE ++ if (strcmp((char *)varp,"USER") == 0) { ++ if (UserNameRequested) ++ free(UserNameRequested); ++ UserNameRequested=NULL; ++ } ++#endif /* AUTHENTICATE */ ++ } + } +- cp = varp = (char *)subpointer; ++ cp = varp = (unsigned char *)subpointer; + valp = 0; + break; + +@@ -1211,11 +1228,27 @@ + } + } + *cp = '\0'; +- if (envvarok(varp)) { +- if (valp) +- (void)setenv(varp, valp, 1); +- else +- unsetenv(varp); ++ if (envvarok((char *)varp)) { ++ if (valp) { ++ (void)setenv((char *)varp, (char *)valp, 1); ++#ifdef AUTHENTICATE ++ if (strcmp((char *)varp,"USER") == 0) { ++ if (UserNameRequested) ++ free(UserNameRequested); ++ UserNameRequested=strdup((char *)valp); ++ } ++#endif /* AUTHENTICATE */ ++ } ++ else { ++ unsetenv((char *)varp); ++#ifdef AUTHENTICATE ++ if (strcmp((char *)varp,"USER") == 0) { ++ if (UserNameRequested) ++ free(UserNameRequested); ++ UserNameRequested=NULL; ++ } ++#endif /* AUTHENTICATE */ ++ } + } + break; + } /* end of case TELOPT_ENVIRON */ +@@ -1367,7 +1400,7 @@ + ADD(IAC); + ADD(SE); + +- writenet(statusbuf, ncp - statusbuf); ++ writenet((char *)statusbuf, ncp - statusbuf); + netflush(); /* Send it on its way */ + + DIAG(TD_OPTIONS, {printsub('>', statusbuf, ncp - statusbuf); netflush();}); +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/sys_term.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/sys_term.c +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/sys_term.c 2004-05-27 11:47:27.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/sys_term.c 2010-05-11 13:44:40.106987377 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)sys_term.c 5.16 (Berkeley) 3/22/91 + */ + char st_rcsid[] = +- "$Id: sys_term.c,v 1.17 1999/12/17 14:28:47 dholland Exp $"; ++ "$Id: sys_term.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + #include <utmp.h> + +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.8 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.8 +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.8 2004-05-27 11:47:27.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.8 2010-05-11 13:44:40.106987377 +0200 +@@ -30,7 +30,7 @@ + .\" SUCH DAMAGE. + .\" + .\" from: @(#)telnetd.8 6.8 (Berkeley) 4/20/91 +-.\" $Id: telnetd.8,v 1.18 2000/07/30 23:57:10 dholland Exp $ ++.\" $Id: telnetd.8,v 1.5 2006-09-24 00:48:31 ianb Exp $ + .\" + .Dd December 29, 1996 + .Dt TELNETD 8 +@@ -42,7 +42,7 @@ + protocol server + .Sh SYNOPSIS + .Nm /usr/sbin/in.telnetd +-.Op Fl hns ++.Op Fl hnNs + .Op Fl a Ar authmode + .Op Fl D Ar debugmode + .Op Fl L Ar loginprg +@@ -50,6 +50,7 @@ + .Op Fl X Ar authtype + .Op Fl edebug + .Op Fl debug Ar port ++.Op Fl z Ar sslopt + .Sh DESCRIPTION + The + .Nm telnetd +@@ -175,6 +176,9 @@ + if the client is still there, so that idle connections + from machines that have crashed or can no longer + be reached may be cleaned up. ++.It Fl N ++Disable reverse DNS lookups and use the numeric IP address in logs ++and REMOTEHOST environment variable. + .It Fl s + This option is only enabled if + .Nm telnetd +@@ -219,12 +223,16 @@ + only accepts connections from SSL enhanced telnet with option + .Ic -z ssl + .It Ic nossl, !ssl +-switch of SSL negotiation ++switch off SSL negotiation + .It Ic certsok + Look username up in /etc/ssl.users. The format of this file is lines + of this form: + .Ar user1,user2:/C=US/..... +-where user1 and user2 are usernames. If client certificate is valid, ++where user1 and user2 are usernames and /C=US/... is the subject name of ++the certificate. Use ++.Ar openssl x509 -subject -noout ++to extract the subject name. ++If client certificate is valid, + authenticate without password. + .It Ic certrequired + client certificate is mandatory +@@ -451,7 +459,6 @@ + is compiled with support for data encryption, and + indicates a willingness to decrypt + the data stream. +-.Xr issue.net 5 ) . + .El + .Sh FILES + .Pa /etc/services , +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.c +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.c 2004-05-27 11:47:27.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.c 2010-05-11 13:44:40.113654043 +0200 +@@ -39,7 +39,7 @@ + * From: @(#)telnetd.c 5.48 (Berkeley) 3/1/91 + */ + char telnetd_rcsid[] = +- "$Id: telnetd.c,v 1.24 2000/04/12 21:36:12 dholland Exp $"; ++ "$Id: telnetd.c,v 1.7 2006-06-16 13:29:00 ianb Exp $"; + + #include "../version.h" + +@@ -90,6 +90,7 @@ + + int debug = 0; + int keepalive = 1; ++int numeric_hosts = 0; + #ifdef LOGIN_WRAPPER + char *loginprg = LOGIN_WRAPPER; + #else +@@ -222,13 +223,12 @@ + * certificate that we will be running with as we cannot + * be sure of the cwd when we are launched + */ +- sprintf(cert_filepath,"%s/%s",X509_get_default_cert_dir(), +- "telnetd.pem"); ++ strcpy(cert_filepath, "/etc/telnetd-ssl/telnetd.pem"); + ssl_cert_file=cert_filepath; + ssl_key_file=NULL; + #endif /* USE_SSL */ + +- while ((ch = getopt(argc, argv, "d:a:e:lhnr:I:D:B:sS:a:X:L:z:")) != EOF) { ++ while ((ch = getopt(argc, argv, "d:a:e:lhnNr:I:D:B:sS:a:X:L:z:")) != EOF) { + switch(ch) { + + #ifdef USE_SSL +@@ -389,6 +389,10 @@ + keepalive = 0; + break; + ++ case 'N': ++ numeric_hosts = 1; ++ break; ++ + #ifdef SecurID + case 's': + /* SecurID required */ +@@ -427,7 +431,7 @@ + + #ifdef USE_SSL + +- if (ssl_secure_flag || ssl_cert_required) { ++ if (ssl_secure_flag || ssl_cert_required || ssl_certsok_flag) { + /* in secure mode we *must* switch on the base level + * verify checking otherwise we cannot abort connections + * at the right place! +@@ -520,9 +524,9 @@ + sprintf(errbuf,"SSL_accept error %s\n", + ERR_error_string(ERR_get_error(),NULL)); + +- syslog(LOG_WARNING, errbuf); ++ syslog(LOG_WARNING, "%s", errbuf); + +- BIO_printf(bio_err,errbuf); ++ BIO_printf(bio_err,"%s",errbuf); + + /* go to sleep to make sure we are noticed */ + sleep(10); +@@ -571,6 +575,11 @@ + #ifdef AUTHENTICATE + fprintf(stderr, " [-X auth-type]"); + #endif ++#ifdef USE_SSL ++ /* might as well output something useful here ... */ ++ fprintf(stderr, "\n\t [-z ssl] [-z secure] [-z debug] [-z verify=int]\n\t"); ++ fprintf(stderr, " [-z cert=file] [-z key=file]\n\t"); ++#endif /* USE_SSL */ + fprintf(stderr, "\n"); + exit(1); + } +@@ -596,6 +605,18 @@ + /* + * Handle the Authentication option before we do anything else. + */ ++ send_do(TELOPT_ENVIRON, 1); ++ while (his_will_wont_is_changing(TELOPT_ENVIRON)) { ++ ttloop(); ++ } ++ ++ if (his_state_is_will(TELOPT_ENVIRON)) { ++ netoprintf("%c%c%c%c%c%c", ++ IAC, SB, TELOPT_ENVIRON, TELQUAL_SEND, IAC, SE); ++ while (sequenceIs(environsubopt, baseline)) ++ ttloop(); ++ } ++ + send_do(TELOPT_AUTHENTICATION, 1); + while (his_will_wont_is_changing(TELOPT_AUTHENTICATION)) + ttloop(); +@@ -654,7 +675,6 @@ + send_do(TELOPT_TTYPE, 1); + send_do(TELOPT_TSPEED, 1); + send_do(TELOPT_XDISPLOC, 1); +- send_do(TELOPT_ENVIRON, 1); + while ( + #if defined(ENCRYPT) + his_do_dont_is_changing(TELOPT_ENCRYPT) || +@@ -698,10 +718,6 @@ + while (sequenceIs(xdisplocsubopt, baseline)) + ttloop(); + } +- if (his_state_is_will(TELOPT_ENVIRON)) { +- while (sequenceIs(environsubopt, baseline)) +- ttloop(); +- } + if (his_state_is_will(TELOPT_TTYPE)) { + char first[256], last[256]; + +@@ -852,7 +868,7 @@ + static void + doit(struct sockaddr *who, socklen_t who_len) + { +- const char *host; ++ char *host; + int level; + char user_name[256]; + int i; +@@ -867,7 +883,8 @@ + + /* get name of connected client */ + if (getnameinfo(who, who_len, remote_host_name, +- sizeof(remote_host_name), 0, 0, 0)) { ++ sizeof(remote_host_name), 0, 0, ++ numeric_hosts ? NI_NUMERICHOST : 0)) { + syslog(LOG_ERR, "doit: getnameinfo: %m"); + *remote_host_name = 0; + } +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.h +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.h 1999-03-27 08:46:21.000000000 +0100 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.h 2010-05-11 13:44:40.113654043 +0200 +@@ -31,7 +31,7 @@ + * SUCH DAMAGE. + * + * from: @(#)telnetd.h 5.3 (Berkeley) 3/1/91 +- * $Id: telnetd.h,v 1.2 1999/03/27 07:46:21 dholland Exp $ ++ * $Id: telnetd.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ + */ + + +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/termstat.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/termstat.c +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/termstat.c 1999-12-12 15:59:45.000000000 +0100 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/termstat.c 2010-05-11 13:44:40.113654043 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)termstat.c 5.10 (Berkeley) 3/22/91 + */ + char termstat_rcsid[] = +- "$Id: termstat.c,v 1.6 1999/12/12 14:59:45 dholland Exp $"; ++ "$Id: termstat.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; + + #include "telnetd.h" + +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/utility.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/utility.c +--- netkit-telnet-ssl-0.17.24+0.1/telnetd/utility.c 2004-05-27 11:47:27.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/utility.c 2010-05-11 13:45:21.990318196 +0200 +@@ -35,7 +35,7 @@ + * From: @(#)utility.c 5.8 (Berkeley) 3/22/91 + */ + char util_rcsid[] = +- "$Id: utility.c,v 1.11 1999/12/12 14:59:45 dholland Exp $"; ++ "$Id: utility.c,v 1.8 2006-09-24 00:48:31 ianb Exp $"; + + #define PRINTOPTIONS + +@@ -49,6 +49,15 @@ + + #include "telnetd.h" + ++/* patched by fluke.l at gmail.com , im not sure it's gonna work or not */ ++typedef struct { ++ int (*read) (void *, char *, int); ++ int (*write) (void *, char const *, int); ++ fpos_t (*seek) (void *, fpos_t, int); ++ int (*close) (void *); ++} cookie_io_functions_t; ++/* end patch */ ++ + struct buflist { + struct buflist *next; + char *buf; +@@ -86,6 +95,11 @@ + DIAG(TD_REPORT, netoprintf("td: ttloop\r\n");); + + netflush(); ++#ifdef USE_SSL ++ if (ssl_active_flag) ++ ncc = SSL_read(ssl_con, netibuf, sizeof netibuf); ++ else ++#endif /* USE_SSL */ + ncc = read(net, netibuf, sizeof(netibuf)); + if (ncc < 0) { + syslog(LOG_INFO, "ttloop: read: %m\n"); +@@ -216,7 +230,7 @@ + } + + out: +- return next ? next + (current - end) : current; ++ return (const char *) (next ? (next + (current - end)) : current ); + } /* end of nextitem */ + + +@@ -243,6 +257,29 @@ + doclear--; + } /* end of netclear */ + ++#ifdef USE_SSL ++static int ++SSL_writev(SSL *ssl_con,const struct iovec *vector,int num) ++{ ++ const struct iovec *v = vector; ++ ++ int ret; ++ int len = 0; ++ ++ while (num > 0) { ++ ret = SSL_write(ssl_con, v->iov_base, v->iov_len); ++ if (ret < 0) ++ return ret; ++ if (ret != v->iov_len) ++ syslog(LOG_NOTICE, "SSL_writev: short write\n"); ++ num -= v->iov_len; ++ len += ret; ++ v++; ++ } ++ return len; ++} ++#endif /* USE_SSL */ ++ + static void + netwritebuf(void) + { +@@ -253,6 +290,9 @@ + size_t len; + int ltrailing = trailing; + ++ if (!listlen) ++ return; ++ + vector = malloc(listlen * sizeof(struct iovec)); + if (!vector) { + return; +@@ -265,6 +305,11 @@ + if (lp == urg) { + len = v - vector; + if (!len) { ++#ifdef USE_SSL ++ if (ssl_active_flag) ++ n = SSL_write(ssl_con, lp->buf, 1); ++ else ++#endif /* USE_SSL */ + n = send(net, lp->buf, 1, MSG_OOB); + if (n > 0) { + urg = 0; +@@ -282,15 +327,25 @@ + vector->iov_base = (char *)vector->iov_base + skip; + vector->iov_len -= skip; + +- n = writev(net, vector, len); ++ if(vector->iov_len == 0 ) { ++ n=0; ++ } else { ++ ++#ifdef USE_SSL ++ if (ssl_active_flag) ++ n = SSL_writev(ssl_con, vector, len); /* normal write */ ++ else ++#endif /* USE_SSL */ ++ n = writev(net, vector, len); + + epi: +- free(vector); ++ free(vector); + +- if (n < 0) { ++ if (n < 0) { + if (errno != EWOULDBLOCK && errno != EINTR) +- cleanup(0); ++ cleanup(0); + return; ++ } + } + + len = n + skip; +@@ -315,6 +370,10 @@ + } + } + ++ if(ltrailing && (len==0)) { ++ ltrailing=trailing=0; ++ } ++ + skip = len; + } + +@@ -323,16 +382,22 @@ + * Send as much data as possible to the network, + * handling requests for urgent data. + */ +-void ++int + netflush(void) + { + if (fflush(netfile)) { + /* out of memory? */ + cleanup(0); ++ return 0; + } +- if (listlen) { +- netwritebuf(); +- } ++ netwritebuf(); ++ return 1; ++} ++ ++int ++writenet(char *b , int l) ++{ ++ return(fwrite(b, 1, l, netfile)); + } + + +@@ -983,7 +1048,7 @@ + ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? + "MUTUAL" : "ONE-WAY"); + +- auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); ++ auth_printsub(&pointer[1], length - 1, (unsigned char *) buf, sizeof(buf)); + netoprintf("%s", buf); + break; + +@@ -1191,7 +1256,15 @@ + size_t l; + size_t m = tail->len; + +- p = nextitem(tail->buf, tail->buf + tail->len, buf, end); ++ if((tail->buf == NULL) || (tail->len==0)) ++ { ++ p = nextitem((unsigned char *) buf, (unsigned char *) end,0,0); ++ } ++ else ++ { ++ p = nextitem((unsigned char *) tail->buf, (unsigned char *) (tail->buf + tail->len), ++ (unsigned char *) buf, (unsigned char *) end); ++ } + ltrailing = !p; + if (ltrailing) { + p = end; +@@ -1245,7 +1318,7 @@ + const char *p; + size_t l; + +- p = nextitem(buf, end, 0, 0); ++ p = nextitem((unsigned char *) buf, (unsigned char *) end, 0, 0); + ltrailing = !p; + if (ltrailing) { + p = end; +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/Makefile +--- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/Makefile 2000-04-13 03:07:22.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/Makefile 2010-05-11 13:46:19.023660189 +0200 +@@ -11,7 +11,7 @@ + $(OBJS): ../version.h + + install: telnetlogin +- install -s -m4750 -oroot -gtelnetd telnetlogin $(INSTALLROOT)$(SBINDIR) ++ install -m$(BINMODE) telnetlogin $(INSTALLROOT)$(SBINDIR) + install -m$(MANMODE) telnetlogin.8 $(INSTALLROOT)$(MANDIR)/man8 + + clean: +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.8 netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.8 +--- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.8 2004-05-27 11:47:02.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.8 2010-05-11 13:44:40.123659071 +0200 +@@ -28,7 +28,7 @@ + .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + .\" SUCH DAMAGE. + .\" +-.\" $Id: telnetlogin.8,v 1.4 2000/07/30 23:57:10 dholland Exp $ ++.\" $Id: telnetlogin.8,v 1.2 2004-11-07 15:47:43 ianb Exp $ + .\" + .Dd April 12, 2000 + .Dt TELNETLOGIN 8 +@@ -40,6 +40,7 @@ + .Nm telnetlogin + .Op Fl h Ar host + .Op Fl p ++.Op Fl f Ar username + .Op Ar username + .Sh DESCRIPTION + .Nm telnetlogin +@@ -79,11 +80,6 @@ + .Xr inetd 8 , + .Xr telnetd 8 + .Sh RESTRICTIONS +-.Nm telnetlogin +-does not permit the +-.Fl f +-option to login, so will not +-work with telnetds that perform authentication via Kerberos or SSL. + .Pp + THIS IS PRESENTLY EXPERIMENTAL CODE; USE WITH CAUTION. + .Sh HISTORY +diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.c +--- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.c 2004-05-27 11:47:02.000000000 +0200 ++++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.c 2010-05-11 13:44:40.123659071 +0200 +@@ -35,7 +35,7 @@ + "All rights reserved.\n"; + + char rcsid[] = +- "$Id: telnetlogin.c,v 1.1 2000/04/13 01:07:22 dholland Exp $"; ++ "$Id: telnetlogin.c,v 1.2 2004-11-07 15:47:43 ianb Exp $"; + #include "../version.h" + + #include <sys/types.h> +@@ -76,7 +76,16 @@ + int i=0; + /* should we check length? */ + for (i=0; hname[i]; i++) { +- if (hname[i]<=32 && hname[i]>126) return -1; ++ if ((hname[i]<=32) || (hname[i]>126)) return -1; ++ } ++ return 0; ++} ++ ++static int check_username(char *username) { ++ int i; ++ if (strlen(username) > 32) return -1; ++ for (i=0; username[i]; i++) { ++ if ((username[i]<=32) || (username[i]>126)) return -1; + } + return 0; + } +@@ -158,6 +167,12 @@ + if (argn < argc && !strcmp(argv[argn], "-p")) { + argn++; + } ++ if (argn < argc && !strcmp(argv[argn], "-f")) { ++ argn++; ++ if (argn==argc) die("Illegal args: -f requires argument"); ++ if (check_username(argv[argn])) die("Illegal remote username specified"); ++ argn++; ++ } + if (argn < argc && argv[argn][0] != '-') { + argn++; + } diff --git a/abs/core/netkit-telnet-ssl/netkit-telnet-ssl.install b/abs/core/netkit-telnet-ssl/netkit-telnet-ssl.install new file mode 100644 index 0000000..25a4b28 --- /dev/null +++ b/abs/core/netkit-telnet-ssl/netkit-telnet-ssl.install @@ -0,0 +1,5 @@ + +post_install() { + groupadd telnetd +} + diff --git a/abs/core/netkit-telnet-ssl/telnet.xinetd b/abs/core/netkit-telnet-ssl/telnet.xinetd new file mode 100644 index 0000000..f4ef4c0 --- /dev/null +++ b/abs/core/netkit-telnet-ssl/telnet.xinetd @@ -0,0 +1,10 @@ +service telnet-ssl +{ + flags = REUSE + socket_type = stream + wait = no + user = root + server = /usr/sbin/in.telnetd-ssl + log_on_failure += USERID + disable = yes +} |