summaryrefslogtreecommitdiffstats
path: root/abs/core/netkit-telnet-ssl
diff options
context:
space:
mode:
authorJames Meyer <james.meyer@operamail.com>2012-12-01 18:26:09 (GMT)
committerJames Meyer <james.meyer@operamail.com>2012-12-01 18:26:22 (GMT)
commite2c33b0fae1fa4af8bbbfc917eb8e13a3ac0cb37 (patch)
treebee3fe89f2988dd244e11791755e129aa8c03b14 /abs/core/netkit-telnet-ssl
parent8132c218cfc1f1acb1c6d12154e0d4ca075e77f2 (diff)
downloadlinhes_pkgbuild-e2c33b0fae1fa4af8bbbfc917eb8e13a3ac0cb37.zip
linhes_pkgbuild-e2c33b0fae1fa4af8bbbfc917eb8e13a3ac0cb37.tar.gz
linhes_pkgbuild-e2c33b0fae1fa4af8bbbfc917eb8e13a3ac0cb37.tar.bz2
Mass move of uncompiled packages to abs_not_built.
The will sit here for a bit, and then will be removed completely if no one claims them.
Diffstat (limited to 'abs/core/netkit-telnet-ssl')
-rw-r--r--abs/core/netkit-telnet-ssl/PKGBUILD33
-rw-r--r--abs/core/netkit-telnet-ssl/netkit-telnet-ssl-0.17.24+0.1_arch.diff2591
-rw-r--r--abs/core/netkit-telnet-ssl/netkit-telnet-ssl.install5
-rw-r--r--abs/core/netkit-telnet-ssl/telnet.xinetd10
4 files changed, 0 insertions, 2639 deletions
diff --git a/abs/core/netkit-telnet-ssl/PKGBUILD b/abs/core/netkit-telnet-ssl/PKGBUILD
deleted file mode 100644
index 37fb577..0000000
--- a/abs/core/netkit-telnet-ssl/PKGBUILD
+++ /dev/null
@@ -1,33 +0,0 @@
-# Maintainer: <alexandre.becoulet@free.fr>
-# Contributor: <netbug@ftp.uk.linux.org>
-# Contributor: Fluke <fluke.l at gmail.com>
-pkgname=netkit-telnet-ssl
-pkgver=0.17.24+0.1
-pkgrel=2
-pkgdesc="telnet client and server with ssl enabled"
-arch=('i686' 'x86_64')
-license=('BSD')
-url=("http://www.hcs.harvard.edu/~dholland/computers/netkit.html")
-source=(http://ftp.de.debian.org/debian/pool/main/n/${pkgname}/${pkgname}_${pkgver}.orig.tar.gz
- netkit-telnet-ssl-0.17.24+0.1_arch.diff
- telnet.xinetd)
-depends=('glibc' 'openssl' 'ncurses')
-replaces=('netkit-telnet')
-md5sums=('43a402139ed6b86434fdb83256feaad8'
- 'd51bf898269a79a2de77d1134516c209'
- 'ca38af6f1346ae90b2cb1e160858b453')
-install=netkit-telnet-ssl.install
-
-build() {
- cd ${srcdir}/${pkgname}-${pkgver}.orig
- patch -p1 < ../netkit-telnet-ssl-0.17.24+0.1_arch.diff
- ./configure --prefix=/usr --installroot=${pkgdir}
- make || return 1
-}
-package() {
- cd ${srcdir}/${pkgname}-${pkgver}.orig
- mkdir -p ${pkgdir}/usr/{bin,sbin,man/man1,man/man5,man/man8} ${pkgdir}/etc/xinetd.d
-
- make install || return 1
- install -m644 ${srcdir}/telnet.xinetd ${pkgdir}/etc/xinetd.d/telnet-ssl
-}
diff --git a/abs/core/netkit-telnet-ssl/netkit-telnet-ssl-0.17.24+0.1_arch.diff b/abs/core/netkit-telnet-ssl/netkit-telnet-ssl-0.17.24+0.1_arch.diff
deleted file mode 100644
index 17b3c3c..0000000
--- a/abs/core/netkit-telnet-ssl/netkit-telnet-ssl-0.17.24+0.1_arch.diff
+++ /dev/null
@@ -1,2591 +0,0 @@
-Only in netkit-telnet-ssl-0.17.24+0.1: debian
-diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth.c
---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth.c 2004-05-27 11:47:25.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth.c 2010-05-11 13:44:40.190322666 +0200
-@@ -37,6 +37,9 @@
- */
-
- #ifndef lint
-+#ifdef __GNUC__
-+__attribute__ ((unused))
-+#endif /* __GNUC__ */
- static char sccsid[] = "@(#)auth.c 5.2 (Berkeley) 3/22/91";
- #endif /* not lint */
-
-@@ -83,8 +86,11 @@
-
- #define typemask(x) (1<<((x)-1))
-
-+int auth_onoff(const char *type, int on);
-+
-+
- int auth_debug_mode = 0;
--static char *Name = "Noname";
-+static const char *Name = "Noname";
- static int Server = 0;
- static Authenticator *authenticated = 0;
- static int authenticating = 0;
-@@ -170,7 +176,7 @@
-
- void
- auth_init(name, server)
-- char *name;
-+ const char *name;
- int server;
- {
- Authenticator *ap = authenticators;
-@@ -241,7 +247,7 @@
-
- int
- auth_onoff(type, on)
-- char *type;
-+ const char *type;
- int on;
- {
- int i, mask = -1;
-@@ -335,7 +341,7 @@
- }
- *e++ = IAC;
- *e++ = SE;
-- writenet(str_request, e - str_request);
-+ writenet((char *) str_request, e - str_request);
- printsub('>', &str_request[2], e - str_request - 2);
- }
- }
-@@ -424,7 +430,7 @@
- }
- auth_send_data += 2;
- }
-- writenet(str_none, sizeof(str_none));
-+ writenet((char *) str_none, sizeof(str_none));
- printsub('>', &str_none[2], sizeof(str_none) - 2);
- if (auth_debug_mode)
- printf(">>>%s: Sent failure message\r\n", Name);
-@@ -456,7 +462,7 @@
- return;
- }
-
-- if (ap = findauthenticator(data[0], data[1])) {
-+ if ((ap = findauthenticator(data[0], data[1]))) {
- if (ap->is)
- (*ap->is)(ap, data+2, cnt-2);
- } else if (auth_debug_mode)
-@@ -474,7 +480,7 @@
- if (cnt < 2)
- return;
-
-- if (ap = findauthenticator(data[0], data[1])) {
-+ if ((ap = findauthenticator(data[0], data[1]))) {
- if (ap->reply)
- (*ap->reply)(ap, data+2, cnt-2);
- } else if (auth_debug_mode)
-@@ -487,7 +493,7 @@
- unsigned char *data;
- int cnt;
- {
-- Authenticator *ap;
-+ /* Authenticator *ap; */
- unsigned char savename[256];
-
- if (cnt < 1) {
-@@ -505,7 +511,7 @@
- savename[cnt] = '\0'; /* Null terminate */
- if (auth_debug_mode)
- printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
-- auth_encrypt_user(savename);
-+ auth_encrypt_user((char *)savename);
- }
-
- int
-@@ -526,7 +532,7 @@
- }
- *e++ = IAC;
- *e++ = SE;
-- writenet(str_request, e - str_request);
-+ writenet((char *) str_request, e - str_request);
- printsub('>', &str_request[2], e - &str_request[2]);
- return(1);
- }
-@@ -542,6 +548,9 @@
- }
-
- /* ARGSUSED */
-+#ifdef __GNUC__
-+__attribute__ ((used))
-+#endif /* __GNUC__ */
- static void
- auth_intr(sig)
- int sig;
-diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth-proto.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth-proto.h
---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth-proto.h 2004-05-27 11:47:25.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth-proto.h 2010-05-11 13:44:40.183654321 +0200
-@@ -68,7 +68,7 @@
- #if defined(AUTHENTICATE)
- Authenticator *findauthenticator P((int, int));
-
--void auth_init P((char *, int));
-+void auth_init P((const char *, int));
- int auth_cmd P((int, char **));
- void auth_request P((void));
- void auth_send P((unsigned char *, int));
-@@ -123,7 +123,9 @@
- int auth_ssl_status P((Authenticator *, char *, int));
- void auth_ssl_printsub P((unsigned char *, int, unsigned char *, int));
- #endif /* USE_SSL */
--
-+
-+extern void printsub P((char, unsigned char *, int));
-+extern int writenet P((char *, int));
- #endif
- #ifdef __cplusplus
- }
-diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/Makefile
---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/Makefile 2004-05-27 11:47:25.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/Makefile 2010-05-11 13:45:28.073664102 +0200
-@@ -15,5 +15,8 @@
- ranlib lib${LIB}.a; \
- fi;
-
-+install:
-+ @echo "nothing to be installed from libtelnet"
-+
- clean:
- rm -f *.o lib${LIB}.a
-diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc.c
---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc.c 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc.c 2010-05-11 13:44:40.190322666 +0200
-@@ -32,6 +32,9 @@
- */
-
- #ifndef lint
-+#ifdef __GNUC__
-+__attribute__ ((unused))
-+#endif /* __GNUC__ */
- static char sccsid[] = "@(#)misc.c 5.1 (Berkeley) 2/28/91";
- #endif /* not lint */
-
-@@ -54,7 +57,12 @@
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-+#include <stdio.h>
-+#include <stdlib.h>
-+
- #include "misc.h"
-+#include "auth.h"
-+#include "auth-proto.h"
-
- char *RemoteHostName;
- char *LocalHostName;
-@@ -65,7 +73,7 @@
- auth_encrypt_init(local, remote, name, server)
- char *local;
- char *remote;
-- char *name;
-+ const char *name;
- int server;
- {
- RemoteHostName = remote;
-diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc-proto.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc-proto.h
---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc-proto.h 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc-proto.h 2010-05-11 13:44:40.190322666 +0200
-@@ -68,7 +68,7 @@
- extern "C" {
- #endif
-
--void auth_encrypt_init P((char *, char *, char *, int));
-+void auth_encrypt_init P((char *, char *, const char *, int));
- void auth_encrypt_connect P((int));
- void auth_encrypt_user P((const char *name));
- void printd P((unsigned char *, int));
-diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/sslapp.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/sslapp.h
---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/sslapp.h 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/sslapp.h 2010-05-11 13:44:40.200330208 +0200
-@@ -45,6 +45,7 @@
- #include "x509.h"
- #include "ssl.h"
- #define OLDPROTO NOPROTO
-+#undef NOPROTO
- #define NOPROTO
- #include "err.h"
- #undef NOPROTO
-@@ -72,7 +73,7 @@
- /* we hide all the initialisation code in a separate file now */
- extern int do_ssleay_init(int server);
-
--extern int display_connect_details(SSL *ssl_con, int verbose);
-+extern void display_connect_details(SSL *ssl_con, int verbose);
- extern int server_verify_callback();
- extern int client_verify_callback();
-
-diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/ssl.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/ssl.c
---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/ssl.c 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/ssl.c 2010-05-11 13:44:40.200330208 +0200
-@@ -47,6 +47,9 @@
- #include <string.h>
- #endif
-
-+#include <unistd.h>
-+#include <openssl/err.h>
-+
- #include "auth.h"
- #include "misc.h"
-
-@@ -91,11 +94,12 @@
- #define VERIFY_ROOT_OK VERIFY_OK
- #endif
-
-+extern int netflush(void);
-+
- extern int auth_debug_mode;
--static auth_ssl_valid = 0;
-+static int auth_ssl_valid = 0;
- static char *auth_ssl_name = 0; /* this holds the oneline name */
-
--extern BIO *bio_err;
- extern int ssl_only_flag;
- extern int ssl_debug_flag;
- extern int ssl_active_flag;
-@@ -120,6 +124,9 @@
-
- BIO *bio_err=NULL;
-
-+int auth_failed=0;
-+
-+
- /* compile this set to 1 to negotiate SSL but not actually start it */
- static int ssl_dummy_flag=0;
-
-@@ -135,7 +142,7 @@
- * telnet connect if we are talking straight ssl with no telnet
- * protocol --tjh
- */
--int
-+void
- display_connect_details(ssl_con,verbose)
- SSL *ssl_con;
- int verbose;
-@@ -152,7 +159,7 @@
- /* grab the full list of ciphers */
- i=0;
- buf[0]='\0';
-- while((p=SSL_get_cipher_list(ssl_con,i++))!=NULL) {
-+ while((p=(char *)SSL_get_cipher_list(ssl_con,i++))!=NULL) {
- if (i>0)
- strcat(buf,":");
- strcat(buf,p);
-@@ -230,7 +237,7 @@
- *p++ = SE;
- if (str_data[3] == TELQUAL_IS)
- printsub('>', &str_data[2], p - (&str_data[2]));
-- return(writenet(str_data, p - str_data));
-+ return(writenet((char *) str_data, p - str_data));
- }
-
- int auth_ssl_init(ap, server)
-@@ -280,7 +287,7 @@
- unsigned char *data;
- int cnt;
- {
-- int valid;
-+ /* int valid; */
-
- if (cnt-- < 1)
- return;
-@@ -364,7 +371,7 @@
- unsigned char *data;
- int cnt;
- {
-- int i;
-+ /* int i; */
- int status;
-
- if (cnt-- < 1)
-@@ -389,16 +396,13 @@
- SSL_set_verify(ssl_con,ssl_verify_flag,
- client_verify_callback);
- if ((status = SSL_connect(ssl_con)) <= 0) {
-- fprintf(stderr,"[SSL - FAILED (%d)]\r\n", status);
-- fflush(stderr);
--
-- perror("telnet: Unable to ssl_connect to remote host");
-+ auth_finished(0,AUTH_REJECT);
-
-+ fprintf(stderr,"[SSL - FAILED (%d)]\r\n", status);
-+ fprintf(stderr,"telnet: Unable to ssl_connect to remote host\n");
- ERR_print_errors(bio_err);
--
-- /* don't know what I "should" be doing here ... */
--
-- auth_finished(0,AUTH_REJECT);
-+ fflush(stderr);
-+ auth_failed=1;
- return;
- } else {
-
-@@ -452,7 +456,7 @@
- */
- if (ssl_certsok_flag) {
- user_fp = fopen("/etc/ssl.users", "r");
-- if (!auth_ssl_name || !user_fp) {
-+ if (!auth_ssl_name || !user_fp || !UserNameRequested) {
- /* If we haven't received a certificate, then don't
- * return AUTH_VALID.
- */
-@@ -486,7 +490,7 @@
- cp = strchr(n, ',');
- if (cp)
- *cp++ = '\0';
-- if (!UserNameRequested ||
-+ if (UserNameRequested &&
- !strcmp(UserNameRequested, n)) {
- strcpy(name, n);
- fclose(user_fp);
-@@ -543,7 +547,7 @@
- default:
- sprintf(lbuf, " %d (unknown)", data[3]);
- strncpy((char *)buf, lbuf, buflen);
-- common2:
-+/* common2: */
- BUMP(buf, buflen);
- for (i = 4; i < cnt; i++) {
- sprintf(lbuf, " %d", data[i]);
-@@ -568,7 +572,7 @@
- #endif /* SSLEAY8 */
- {
- static char *saved_subject=NULL;
-- X509 *peer;
-+ /* X509 *peer; */
- char *subject, *issuer;
- #ifdef SSLEAY8
- int depth,error;
-@@ -715,8 +719,8 @@
- int depth, error;
- #endif /* SSLEAY8 */
- {
-- X509 *peer;
-- char *subject, *issuer;
-+ /* X509 *peer; */
-+ char *subject, *issuer, *cnsubj;
- #ifdef SSLEAY8
- int depth,error;
- char *xs;
-@@ -727,13 +731,13 @@
-
- #endif /* SSLEAY8 */
-
--#ifdef LOCAL_DEBUG
-- fprintf(stderr,"ssl:client_verify_callback:depth=%d ok=%d err=%d-%s\n",
-- depth,ok,error,X509_cert_verify_error_string(error));
-- fflush(stderr);
--#endif /* LOCAL_DEBUG */
-+ if(ssl_debug_flag && !ok) {
-+ fprintf(stderr,"ssl:client_verify_callback:depth=%d ok=%d err=%d-%s\n",
-+ depth,ok,error,X509_verify_cert_error_string(error));
-+ fflush(stderr);
-+ }
-
-- subject=issuer=NULL;
-+ subject=issuer=cnsubj=NULL;
-
- /* first thing is to have a meaningful name for the current
- * certificate that is being verified ... and if we cannot
-@@ -761,60 +765,77 @@
- fflush(stderr);
- }
-
-- /* if the server is using a self signed certificate then
-- * we need to decide if that is good enough for us to
-- * accept ...
-- */
-- if (error==VERIFY_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) {
-- if (ssl_cert_required) {
-- /* make 100% sure that in secure more we drop the
-- * connection if the server does not have a
-- * real certificate!
-- */
-- fprintf(stderr,"SSL: rejecting connection - server has a self-signed certificate\n");
-- fflush(stderr);
--
-- /* sometimes it is really handy to be able to debug things
-- * and still get a connection!
-- */
-- if (ssl_debug_flag) {
-- fprintf(stderr,"SSL: debug -> ignoring cert required!\n");
-- fflush(stderr);
-- ok=1;
-- } else {
-- ok=0;
-- }
-- goto return_time;
-- } else {
-- ok=1;
-- goto return_time;
-- }
-+ /* verify commonName matches hostname */
-+ if(ssl_cert_required && depth == 0) {
-+ char *cn,*p;
-+
-+ cnsubj=strdup(subject);
-+ if(cnsubj == NULL) {
-+ fprintf(stderr,"SSL: Out of memory.\n");
-+ ok=0;
-+ goto return_time;
-+ }
-+ cn=strstr(cnsubj,"/CN=");
-+ if(cn == NULL) {
-+ fprintf(stderr,"SSL: Cannot extract CN from certificate subject.\n");
-+ ok=0;
-+ goto return_time;
-+ }
-+ cn+=4; /* skip /CN= */
-+ p=strchr(cn,'/');
-+ if(p != NULL) {
-+ *p='\0';
-+ }
-+ if(strcasecmp(cn,RemoteHostName) != 0) {
-+ fprintf(stderr,"SSL: Certificate CN (%s) does not match hostname (%s)\n",
-+ cn,RemoteHostName);
-+ ok=0;
-+ goto return_time;
-+ }
- }
-
-- /* if we have any form of error in secure mode we reject the connection */
-- if (! ((error==VERIFY_OK)||(error==VERIFY_ROOT_OK)) ) {
-- if (ssl_cert_required) {
-- fprintf(stderr,"SSL: rejecting connection - ");
-- if (error==VERIFY_ERR_UNABLE_TO_GET_ISSUER) {
-- fprintf(stderr,"unknown issuer: %s\n",issuer);
-- } else {
-- ERR_print_errors(bio_err);
-- }
-- fflush(stderr);
-- ok=0;
-- goto return_time;
-- } else {
-- /* be nice and display a lot more meaningful stuff
-- * so that we know which issuer is unknown no matter
-- * what the callers options are ...
-- */
-- if (error==VERIFY_ERR_UNABLE_TO_GET_ISSUER) {
-- fprintf(stderr,"SSL: unknown issuer: %s\n",issuer);
-- fflush(stderr);
-- }
-- }
-+ if((error==VERIFY_OK) || (error==VERIFY_ROOT_OK)) {
-+ goto return_time;
- }
-
-+ switch(error) {
-+ case VERIFY_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-+ fprintf(stderr,"SSL: Server has a self-signed certificate\n");
-+ case VERIFY_ERR_UNABLE_TO_GET_ISSUER:
-+ fprintf(stderr,"SSL: unknown issuer: %s\n",issuer);
-+ break;
-+ case X509_V_ERR_CERT_NOT_YET_VALID:
-+ fprintf(stderr,"SSL: Certificate not yet valid\n");
-+ BIO_printf(bio_err,"notBefore=");
-+ ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
-+ BIO_printf(bio_err,"\n");
-+ break;
-+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-+ fprintf(stderr,"SSL: Error in certificate notBefore field\n");
-+ BIO_printf(bio_err,"notBefore=");
-+ ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
-+ BIO_printf(bio_err,"\n");
-+ break;
-+ case X509_V_ERR_CERT_HAS_EXPIRED:
-+ fprintf(stderr,"SSL: Certificate has expired\n");
-+ BIO_printf(bio_err,"notAfter=");
-+ ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
-+ BIO_printf(bio_err,"\n");
-+ break;
-+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-+ fprintf(stderr,"SSL: Error in certificate notAfter field\n");
-+ BIO_printf(bio_err,"notAfter=");
-+ ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
-+ BIO_printf(bio_err,"\n");
-+ break;
-+ default:
-+ fprintf(stderr,"SSL: %s (%d)\n", X509_verify_cert_error_string(error),error);
-+ break;
-+ }
-+
-+ /* If we are here there was an error */
-+ ok=0;
-+
- return_time: ;
-
- /* clean up things */
-@@ -822,7 +843,20 @@
- free(subject);
- if (issuer!=NULL)
- free(issuer);
--
-+ if (cnsubj!=NULL)
-+ free(cnsubj);
-+ if(!ok && ssl_cert_required) {
-+ if(ssl_debug_flag) {
-+ fprintf(stderr,"SSL: debug -> ignoring cert required!\n");
-+ ok=1;
-+ }
-+ else {
-+ fprintf(stderr,"SSL: Rejecting connection\n");
-+ ok=0;
-+ }
-+ }
-+ fflush(stderr);
-+
- return ok;
- }
-
-diff -ur netkit-telnet-ssl-0.17.24+0.1/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/Makefile
---- netkit-telnet-ssl-0.17.24+0.1/Makefile 2004-05-27 11:47:25.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/Makefile 2010-05-11 14:19:36.673445641 +0200
-@@ -1,7 +1,7 @@
- # You can do "make SUB=blah" to make only a few, or edit here, or both
- # You can also run make directly in the subdirs you want.
-
--SUB = telnet telnetd telnetlogin
-+SUB = libtelnet telnet telnetd
-
- %.build:
- (cd $(patsubst %.build, %, $@) && $(MAKE))
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/authenc.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/authenc.cc
---- netkit-telnet-ssl-0.17.24+0.1/telnet/authenc.cc 2000-07-23 05:24:53.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/authenc.cc 2010-05-11 13:44:40.056990450 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)authenc.c 5.1 (Berkeley) 3/1/91
- */
- char au_rcsid[] =
-- "$Id: authenc.cc,v 1.6 2000/07/23 03:24:53 dholland Exp $";
-+ "$Id: authenc.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- #if defined(ENCRYPT) || defined(AUTHENTICATE)
- #include <sys/types.h>
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/commands.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/commands.cc
---- netkit-telnet-ssl-0.17.24+0.1/telnet/commands.cc 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/commands.cc 2010-05-11 13:44:40.060322107 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)commands.c 5.5 (Berkeley) 3/22/91
- */
- char cmd_rcsid[] =
-- "$Id: commands.cc,v 1.34 2000/07/23 04:16:24 dholland Exp $";
-+ "$Id: commands.cc,v 1.13 2007-10-04 21:38:18 ianb Exp $";
-
- #include <string.h>
-
-@@ -653,6 +653,21 @@
- return 1;
- }
-
-+#ifdef AUTHENTICATE
-+
-+static int tog_autologin(int) {
-+ if(autologin == 0) {
-+ autologin=1;
-+ env_export("USER");
-+ }
-+ else {
-+ autologin=0;
-+ env_unexport("USER");
-+ }
-+ return 1;
-+}
-+
-+#endif /* AUTHENTICATE */
-
- static int netdata; /* Print out network data flow */
- static int prettydump; /* Print "netdata" output in user readable format */
-@@ -682,13 +697,13 @@
-
- #if defined(AUTHENTICATE)
- { "autologin", "automatic sending of login and/or authentication info",
-- NULL, &autologin,
-+ tog_autologin, NULL,
- "send login name and/or authentication information" },
- { "authdebug", "Toggle authentication debugging",
- auth_togdebug, NULL,
- "print authentication debugging information" },
- #endif
--#if 0
-+#ifdef ENCRYPT
- { "autoencrypt", "automatic encryption of data stream",
- EncryptAutoEnc, NULL,
- "automatically encrypt output" },
-@@ -701,7 +716,7 @@
- { "encdebug", "Toggle encryption debugging",
- EncryptDebug, NULL,
- "print encryption debugging information" },
--#endif
-+#endif /* ENCRYPT */
-
- { "skiprc", "don't read the telnetrc files",
- NULL, &skiprc,
-@@ -750,7 +765,7 @@
- NULL, &showoptions,
- "show option processing" },
-
-- { "termdata", "(debugging) toggle printing of hexadecimal terminal data",
-+ { "termdata", "toggle printing of hexadecimal terminal data (debugging)",
- NULL, &termdata,
- "print hexadecimal representation of terminal traffic" },
-
-@@ -1357,9 +1372,9 @@
- else
- shellname++;
- if (argc > 1)
-- execl(shellp, shellname, "-c", &saveline[1], 0);
-+ execl(shellp, shellname, "-c", &saveline[1], (char *) NULL);
- else
-- execl(shellp, shellname, 0);
-+ execl(shellp, shellname, (char *) NULL);
- perror("Execl");
- _exit(1);
- }
-@@ -1510,10 +1525,10 @@
-
- #if defined(AUTHENTICATE)
- struct authlist {
-- char *name;
-- char *help;
-- int (*handler)(const char *, const char *);
-- int narg;
-+ const char *name;
-+ const char *help;
-+ int (*handler)(const char *, const char *);
-+ int narg;
- };
-
- static int auth_help (const char *, const char *);
-@@ -1833,8 +1848,22 @@
- if (*portp == '-') {
- portp++;
- telnetport = 1;
-- } else
-+ } else {
- telnetport = 0;
-+ if (*portp >='0' && *portp<='9') {
-+ char *end;
-+ long int p;
-+
-+ p=strtol(portp, &end, 10);
-+ if (ERANGE==errno && (LONG_MIN==p || LONG_MAX==p)) {
-+ fprintf(stderr, "telnet: port %s overflows\n", portp);
-+ return 0;
-+ } else if (p<=0 || p>=65536) {
-+ fprintf(stderr, "telnet: port %s out of range\n", portp);
-+ return 0;
-+ }
-+ }
-+ }
- }
- else {
- portp = "telnet";
-@@ -1860,7 +1889,7 @@
- if (res < 0)
- return 0;
- }
--
-+
- /* Resolve both the host and service simultaneously. */
- res = getaddrinfo(resolv_hostp, portp, &hints, &hostaddr);
- if (res == EAI_NONAME) {
-@@ -1902,6 +1931,16 @@
- NI_NUMERICHOST | NI_NUMERICSERV);
-
- printf("Trying %s...\n", name);
-+
-+ if (tmpaddr->ai_canonname == 0) {
-+ hostname = new char[strlen(hostp)+1];
-+ strcpy(hostname, hostp);
-+ }
-+ else {
-+ hostname = new char[strlen(tmpaddr->ai_canonname)+1];
-+ strcpy(hostname, tmpaddr->ai_canonname);
-+ }
-+
- x = nlink.connect(debug, tmpaddr, srp, srlen, tos);
- if (!x)
- goto err;
-@@ -1909,18 +1948,18 @@
- goto nextaddr;
-
- connected++;
-+
-+#ifdef USE_SSL
-+ if (ssl_secure_flag || (strcmp(hostp, "localhost") != 0)) {
-+ /* autologin = 1; */
-+ use_authentication=1;
-+ }
-+#endif /* USE_SSL */
-+
- #if defined(AUTHENTICATE)
- auth_encrypt_connect(connected);
- #endif
- } while (connected == 0);
-- if (tmpaddr->ai_canonname == 0) {
-- hostname = new char[strlen(hostp)+1];
-- strcpy(hostname, hostp);
-- }
-- else {
-- hostname = new char[strlen(tmpaddr->ai_canonname)+1];
-- strcpy(hostname, tmpaddr->ai_canonname);
-- }
-
- cmdrc(hostp, hostname, portp);
- freeaddrinfo(hostaddr);
-@@ -1966,6 +2005,9 @@
- #if defined(AUTHENTICATE)
- authhelp[] = "turn on (off) authentication ('auth ?' for more)",
- #endif
-+#if defined(USE_SSL)
-+ startsslhelp[] = "switch to telnet-over-ssl (use 'auth' for ssl-over-telnet)",
-+#endif
- zhelp[] = "suspend telnet",
- /* shellhelp[] = "invoke a subshell", */
- envhelp[] = "change environment variables ('environ ?' for more)",
-@@ -1981,6 +2023,34 @@
- return 0;
- }
-
-+#if defined(USE_SSL)
-+static int startssl_cmd(void)
-+{
-+ if(ssl_con == NULL)
-+ {
-+ fprintf(stderr,"telnet: Internal error - ssl_con not initialised.\n");
-+ return 1;
-+ }
-+
-+ if(ssl_active_flag)
-+ {
-+ fprintf(stderr,"telnet: SSL already in use.\n");
-+ return 1;
-+ }
-+
-+ if (SSL_connect(ssl_con) < 1)
-+ {
-+ ERR_print_errors_fp(stderr);
-+ fflush(stderr);
-+ } else {
-+ display_connect_details(ssl_con,ssl_debug_flag);
-+ ssl_active_flag=1;
-+ ssl_only_flag=1;
-+ }
-+ return 1;
-+}
-+#endif /* USE_SSL */
-+
- static int slc_mode_import_0(void) {
- slc_mode_import(0);
- return 1;
-@@ -2028,6 +2098,10 @@
- #endif
- // BIND("encrypt", encrypthelp, encrypt_cmd);
-
-+#if defined(USE_SSL)
-+ BIND("startssl", startsslhelp, startssl_cmd);
-+#endif
-+
- BIND("z", zhelp, suspend);
-
- #if defined(TN3270) /* why?! */
-@@ -2233,22 +2307,18 @@
- }
-
- void cmdrc(const char *m1, const char *m2, const char *port) {
-- static char *rcname = 0;
-- static char rcbuf[128];
-+ char *rcname = NULL;
-
- if (skiprc) return;
-
- readrc(m1, m2, port, "/etc/telnetrc");
-- if (rcname == 0) {
-- rcname = getenv("HOME");
-- if (rcname)
-- strcpy(rcbuf, rcname);
-- else
-- rcbuf[0] = '\0';
-- strcat(rcbuf, "/.telnetrc");
-- rcname = rcbuf;
-- }
-+ if (asprintf (&rcname, "%s/.telnetrc", getenv ("HOME")) == -1)
-+ {
-+ perror ("asprintf");
-+ return;
-+ }
- readrc(m1, m2, port, rcname);
-+ free (rcname);
- }
-
- #if defined(IP_OPTIONS) && defined(HAS_IPPROTO_IP)
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/defines.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/defines.h
---- netkit-telnet-ssl-0.17.24+0.1/telnet/defines.h 2004-05-27 11:47:01.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/defines.h 2010-05-11 13:44:40.063654881 +0200
-@@ -31,7 +31,7 @@
- * SUCH DAMAGE.
- *
- * from: @(#)defines.h 5.1 (Berkeley) 9/14/90
-- * $Id: defines.h,v 1.5 1996/08/04 23:44:43 dholland Exp $
-+ * $Id: defines.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
- */
-
- #define ENV_VAR NEW_ENV_VAR
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/externs.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/externs.h
---- netkit-telnet-ssl-0.17.24+0.1/telnet/externs.h 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/externs.h 2010-05-11 13:44:40.063654881 +0200
-@@ -31,7 +31,7 @@
- * SUCH DAMAGE.
- *
- * from: @(#)externs.h 5.3 (Berkeley) 3/22/91
-- * $Id: externs.h,v 1.20 1999/08/19 09:34:15 dholland Exp $
-+ * $Id: externs.h,v 1.2 2004-11-17 15:28:51 ianb Exp $
- */
-
- #ifndef BSD
-@@ -57,6 +57,7 @@
- #define SUBBUFSIZE 256
-
- extern int autologin; /* Autologin enabled */
-+extern int use_authentication; /* use SSL authentication */
- extern int skiprc; /* Don't process the ~/.telnetrc file */
- extern int eight; /* use eight bit mode (binary in and/or out) */
- extern int binary; /* use binary option (in and/or out) */
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/fdset.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/fdset.h
---- netkit-telnet-ssl-0.17.24+0.1/telnet/fdset.h 1996-07-16 07:17:22.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/fdset.h 2010-05-11 13:44:40.063654881 +0200
-@@ -31,7 +31,7 @@
- * SUCH DAMAGE.
- *
- * from: @(#)fdset.h 5.1 (Berkeley) 9/14/90
-- * $Id: fdset.h,v 1.1 1996/07/16 05:17:22 dholland Exp $
-+ * $Id: fdset.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
- */
-
- /*
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/general.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/general.h
---- netkit-telnet-ssl-0.17.24+0.1/telnet/general.h 1996-07-16 07:17:22.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/general.h 2010-05-11 13:44:40.063654881 +0200
-@@ -31,7 +31,7 @@
- * SUCH DAMAGE.
- *
- * from: @(#)general.h 5.2 (Berkeley) 3/1/91
-- * $Id: general.h,v 1.1 1996/07/16 05:17:22 dholland Exp $
-+ * $Id: general.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
- */
-
- /*
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/genget.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/genget.cc
---- netkit-telnet-ssl-0.17.24+0.1/telnet/genget.cc 1996-07-26 11:54:09.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/genget.cc 2010-05-11 13:44:40.063654881 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)genget.c 5.1 (Berkeley) 2/28/91
- */
- char gg_rcsid[] =
-- "$Id: genget.cc,v 1.3 1996/07/26 09:54:09 dholland Exp $";
-+ "$Id: genget.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- #include <string.h>
- #include <ctype.h>
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/glue.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/glue.cc
---- netkit-telnet-ssl-0.17.24+0.1/telnet/glue.cc 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/glue.cc 2010-05-11 13:44:40.083654043 +0200
-@@ -11,8 +11,9 @@
- printsub_h(direction, pointer, length);
- }
-
--extern "C" void writenet(const char *str, int len) {
-+extern "C" int writenet(const char *str, int len) {
- netoring.write(str, len);
-+ return 1;
- }
-
- extern "C" int telnet_spin() {
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/main.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/main.cc
---- netkit-telnet-ssl-0.17.24+0.1/telnet/main.cc 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/main.cc 2010-05-11 13:44:40.066988214 +0200
-@@ -39,7 +39,7 @@
- * From: @(#)main.c 5.4 (Berkeley) 3/22/91
- */
- char main_rcsid[] =
-- "$Id: main.cc,v 1.14 1999/08/01 05:06:37 dholland Exp $";
-+ "$Id: main.cc,v 1.6 2004-11-22 20:26:37 ianb Exp $";
-
- #include "../version.h"
-
-@@ -86,16 +86,27 @@
- * -X <atype> disable specified auth type
- */
- void usage(void) {
-- fprintf(stderr, "Usage: %s %s%s%s%s\n",
-+ fprintf(stderr, "Usage: %s %s%s%s%s%s\n",
- prompt,
-+#ifdef AUTHENTICATE
-+ "[-4] [-6] [-8] [-E] [-K] [-L] [-X atype] [-a] [-d] [-e char]",
-+ "\n\t[-l user] [-n tracefile] [ -b addr ]",
-+#else
- "[-4] [-6] [-8] [-E] [-L] [-a] [-d] [-e char] [-l user]",
- "\n\t[-n tracefile] [ -b addr ]",
-+#endif
- #ifdef TN3270
- "\n\t"
- "[-noasynch] [-noasynctty] [-noasyncnet] [-r] [-t transcom]\n\t",
- #else
- " [-r] ",
- #endif
-+#ifdef USE_SSL
-+ /* might as well output something useful here ... */
-+ "\n\t[-z ssl] [-z secure] [-z debug] [-z verify=int]\n\t[-z cert=file] [-z key=file]\n\t",
-+#else /* !USE_SSL */
-+ "",
-+#endif /* USE_SSL */
- "[host-name [port]]"
- );
- exit(1);
-@@ -135,8 +146,73 @@
- autologin = -1;
-
- while ((ch = getopt(argc, argv,
-- "4678EKLS:X:ab:de:k:l:n:rt:x")) != EOF) {
-+ "4678EKLS:X:ab:de:k:l:n:rt:xz:")) != EOF) {
- switch(ch) {
-+#ifdef USE_SSL
-+ case 'z':
-+ {
-+ char *origopt;
-+
-+ origopt=strdup(optarg);
-+ optarg=strtok(origopt,",");
-+
-+ while(optarg!=NULL) {
-+
-+ if (strcmp(optarg, "debug") == 0 ) {
-+ ssl_debug_flag=1;
-+ } else if (strcmp(optarg, "authdebug") == 0 ) {
-+ auth_debug_mode=1;
-+ } else if (strcmp(optarg, "ssl") == 0 ) {
-+ ssl_only_flag=1;
-+ } else if ( (strcmp(optarg, "!ssl") == 0) ||
-+ (strcmp(optarg, "nossl") == 0) ) {
-+ /* we may want to switch SSL negotiation off
-+ * for testing or other reasons
-+ */
-+ ssl_disabled_flag=1;
-+ } else if (strcmp(optarg, "certrequired") == 0 ) {
-+ ssl_cert_required=1;
-+ } else if (strcmp(optarg, "secure") == 0 ) {
-+ ssl_secure_flag=1;
-+ } else if (strcmp(optarg, "verbose") == 0 ) {
-+ ssl_verbose_flag=1;
-+ } else if (strncmp(optarg, "verify=",
-+ strlen("verify=")) == 0 ) {
-+ ssl_verify_flag=atoi(optarg+strlen("verify="));
-+ } else if (strncmp(optarg, "cert=",
-+ strlen("cert=")) == 0 ) {
-+ ssl_cert_file= optarg + strlen("cert=");
-+ } else if (strncmp(optarg, "key=",
-+ strlen("key=")) == 0 ) {
-+ ssl_key_file= optarg + strlen("key=");
-+ } else if (strncmp(optarg,"cipher=",
-+ strlen("cipher="))==0) {
-+ ssl_cipher_list=optarg+strlen("cipher=");
-+ } else {
-+ /* report when we are given rubbish so that
-+ * if the user makes a mistake they have to
-+ * correct it!
-+ */
-+ fprintf(stderr,"Unknown SSL option %s\n",optarg);
-+ fflush(stderr);
-+ exit(1);
-+ }
-+
-+ /* get the next one ... */
-+ optarg=strtok(NULL,",");
-+
-+ }
-+
-+ /*
-+ if (origopt!=NULL)
-+ free(origopt);
-+ */
-+
-+ }
-+
-+ break;
-+#endif /* USE_SSL */
-+
- case '4':
- family = AF_INET;
- break;
-@@ -257,14 +333,25 @@
- autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
-
- #ifdef USE_SSL
-+ if((ssl_cert_file != NULL) || (ssl_key_file != NULL)) {
-+ autologin = 1;
-+ }
-+
- if (ssl_secure_flag||ssl_cert_required) {
- /* in secure mode we *must* switch on the base level
- * verify checking otherwise we cannot abort connections
- * at the right place!
- */
- if (ssl_verify_flag == 0)
-- ssl_verify_flag = 1;
-+ ssl_verify_flag = SSL_VERIFY_PEER;;
- }
-+
-+ /* client mode ignores SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-+ so simulate it using certrequired */
-+ if(ssl_verify_flag & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
-+ ssl_cert_required=1;
-+ }
-+
- #endif /* USE_SSL */
-
- argc -= optind;
-@@ -289,11 +376,6 @@
- *argp++ = family == AF_INET ? "-4" : "-6";
- }
- *argp++ = argv[0]; /* host */
--#ifdef USE_SSL
-- if (strcmp(argv[0], "localhost") != 0) {
-- autologin = 1;
-- }
--#endif /* USE_SSL */
- if (argc > 1)
- *argp++ = argv[1]; /* port */
- *argp = 0;
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnet/Makefile
---- netkit-telnet-ssl-0.17.24+0.1/telnet/Makefile 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/Makefile 2010-05-11 13:44:40.056990450 +0200
-@@ -6,15 +6,18 @@
- #CXXFLAGS:=$(patsubst -O2, -g, $(CXXFLAGS))
-
- # -DAUTHENTICATE
--CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE
--LIBS = $(LIBTERMCAP)
-+CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE -DAUTHENTICATE -DUSE_SSL \
-+ -I/usr/include/openssl -I../
-+LIBTELNET = ../libtelnet/libtelnet.a
-+LIBS += $(LIBTERMCAP) $(LIBTELNET) -lssl -lcrypto
-
- SRCS = commands.cc main.cc network.cc ring.cc sys_bsd.cc telnet.cc \
-- terminal.cc tn3270.cc utilities.cc genget.cc environ.cc netlink.cc
-+ terminal.cc tn3270.cc utilities.cc genget.cc environ.cc netlink.cc \
-+ glue.cc glue2.cc
-
- OBJS = $(patsubst %.cc, %.o, $(SRCS))
-
--telnet: $(OBJS)
-+telnet: $(OBJS) $(LIBTELNET)
- $(CXX) $(LDFLAGS) $^ $(LIBS) -o $@
-
- include depend.mk
-@@ -22,7 +25,7 @@
- $(CXX) $(CXXFLAGS) -MM $(SRCS) >depend.mk
-
- install: telnet
-- install -s -m$(BINMODE) telnet $(INSTALLROOT)$(BINDIR)/telnet-ssl
-+ install -m$(BINMODE) telnet $(INSTALLROOT)$(BINDIR)/telnet-ssl
- install -m$(MANMODE) telnet.1 $(INSTALLROOT)$(MANDIR)/man1/telnet-ssl.1
-
- clean:
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/netlink.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/netlink.cc
---- netkit-telnet-ssl-0.17.24+0.1/telnet/netlink.cc 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/netlink.cc 2010-05-11 13:44:40.066988214 +0200
-@@ -12,12 +12,27 @@
- #include "proto.h"
- #include "ring.h"
- #include <libtelnet/sslapp.h>
-+#include <libtelnet/misc-proto.h>
-
- /* In Linux, this is an enum */
- #if defined(__linux__) || defined(IPPROTO_IP)
- #define HAS_IPPROTO_IP
- #endif
-
-+/* code from Peter 'Luna' Runestig <peter@runestig.com> */
-+static int select_read(int rfd)
-+/* timeout = 20 seconds */
-+{
-+ fd_set rfds;
-+ struct timeval tv;
-+
-+ FD_ZERO(&rfds);
-+ FD_SET(rfd, &rfds);
-+ tv.tv_sec = 20;
-+ tv.tv_usec = 0;
-+ return select(rfd + 1, &rfds, NULL, NULL, &tv);
-+}
-+
- netlink nlink;
-
- class netchannel : public ringbuf::source {
-@@ -26,12 +41,23 @@
- int net = nlink.getfd();
- int l;
- #ifdef USE_SSL
-- if (ssl_active_flag)
-- l = SSL_read(ssl_con, buf, maxlen);
-- else
-+ if (ssl_active_flag) {
-+ do {
-+ l = SSL_read(ssl_con, buf, maxlen);
-+ /*
-+ * SSL_ERROR_WANT_READ may occur if an SSL/TLS rehandshake occurs.
-+ * This means that data was available at the socket, but all was
-+ * consumed by SSL itself, so we select (w/20s timeout) and retry.
-+ */
-+ } while (l<0 &&
-+ (SSL_ERROR_WANT_READ == SSL_get_error(ssl_con, l)) &&
-+ (select_read(net) > 0));
-+ } else
- #endif /* USE_SSL */
-- l = recv(net, buf, maxlen, 0);
-- if (l<0 && errno == EWOULDBLOCK) l = 0;
-+ {
-+ l = recv(net, buf, maxlen, 0);
-+ if (l<0 && errno == EWOULDBLOCK) l = 0;
-+ }
- return l;
- }
- };
-@@ -70,11 +96,11 @@
-
-
- netlink::netlink() { net = -1; }
--netlink::~netlink() { ::close(net); }
-+netlink::~netlink() { if (net >= 0) ::close(net); }
-
-
- int netlink::setdebug(int debug) {
-- if (net > 0 &&
-+ if (net >= 0 &&
- (setsockopt(net, SOL_SOCKET, SO_DEBUG, &debug, sizeof(debug))) < 0) {
- perror("setsockopt (SO_DEBUG)");
- }
-@@ -95,7 +121,8 @@
- ssl_active_flag=0;
- }
- #endif /* USE_SSL */
-- ::close(net);
-+ if (net >= 0)
-+ ::close(net);
- net = -1;
- }
-
-@@ -142,7 +169,8 @@
- {
- int on=1;
- int res;
--
-+ extern char *hostname;
-+
- res = socket(addr->ai_family);
- if (res < 2)
- return res;
-@@ -192,10 +220,24 @@
- /* bind in the network descriptor */
- SSL_set_fd(ssl_con,net);
-
-+#if defined(AUTHENTICATE)
-+ /* moved from telnet() so client_verify_callback knows RemoteHostName -ianb */
-+ {
-+ static char local_host[256] = { 0 };
-+ int len = sizeof(local_host);
-+
-+ if (!local_host[0]) {
-+ gethostname(local_host, len); /* WAS &len!!! */
-+ local_host[sizeof(local_host)-1] = 0;
-+ }
-+ auth_encrypt_init(local_host, hostname, "TELNET", 0);
-+ }
-+#endif
-+
- /* if we are doing raw SSL then start it now ... */
- if (ssl_only_flag) {
- if (!SSL_connect(ssl_con)) {
-- static char errbuf[1024];
-+ /* static char errbuf[1024]; */
-
- ERR_print_errors_fp(stderr);
- perror("SSL_connect");
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/network.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/network.cc
---- netkit-telnet-ssl-0.17.24+0.1/telnet/network.cc 2004-05-27 11:47:01.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/network.cc 2010-05-11 13:44:40.066988214 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)network.c 5.2 (Berkeley) 3/1/91
- */
- char net_rcsid[] =
-- "$Id: network.cc,v 1.15 1996/08/13 08:09:58 dholland Exp $";
-+ "$Id: network.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- #include <sys/types.h>
- #include <sys/socket.h>
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/proto.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/proto.h
---- netkit-telnet-ssl-0.17.24+0.1/telnet/proto.h 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/proto.h 2010-05-11 13:44:40.070321269 +0200
-@@ -10,9 +10,11 @@
- int TerminalSpecialChars(int);
- void TerminalSpeeds(long *ispeed, long *ospeed);
- int TerminalWindowSize(long *rows, long *cols);
-+#if 0
- void auth_encrypt_user(char *);
- void auth_name(unsigned char *, int);
- void auth_printsub(unsigned char *, int, unsigned char *, int);
-+#endif
- void cmdrc(const char *, const char *, const char *);
- void env_init(void);
- int getconnmode(void);
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/ring.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.cc
---- netkit-telnet-ssl-0.17.24+0.1/telnet/ring.cc 2004-05-27 11:47:01.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.cc 2010-05-11 13:44:40.070321269 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)ring.c 5.2 (Berkeley) 3/1/91
- */
- char ring_rcsid[] =
-- "$Id: ring.cc,v 1.23 2000/07/23 03:25:09 dholland Exp $";
-+ "$Id: ring.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- /*
- * This defines a structure for a ring buffer.
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/ring.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.h
---- netkit-telnet-ssl-0.17.24+0.1/telnet/ring.h 2004-05-27 11:47:01.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.h 2010-05-11 13:44:40.070321269 +0200
-@@ -31,7 +31,7 @@
- * SUCH DAMAGE.
- *
- * from: @(#)ring.h 5.2 (Berkeley) 3/1/91
-- * $Id: ring.h,v 1.13 1996/08/13 08:43:28 dholland Exp $
-+ * $Id: ring.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
- */
-
- class datasink {
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/sys_bsd.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/sys_bsd.cc
---- netkit-telnet-ssl-0.17.24+0.1/telnet/sys_bsd.cc 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/sys_bsd.cc 2010-05-11 13:44:40.070321269 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)sys_bsd.c 5.2 (Berkeley) 3/1/91
- */
- char bsd_rcsid[] =
-- "$Id: sys_bsd.cc,v 1.24 1999/09/28 16:29:24 dholland Exp $";
-+ "$Id: sys_bsd.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- /*
- * The following routines try to encapsulate what is system dependent
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.1 netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.1
---- netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.1 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.1 2010-05-11 13:44:40.073654603 +0200
-@@ -30,7 +30,7 @@
- .\" SUCH DAMAGE.
- .\"
- .\" from: @(#)telnet.1 6.16 (Berkeley) 7/27/91
--.\" $Id: telnet.1,v 1.15 2000/07/30 23:57:08 dholland Exp $
-+.\" $Id: telnet.1,v 1.5 2006-09-24 00:48:31 ianb Exp $
- .\"
- .Dd August 15, 1999
- .Dt TELNET 1
-@@ -42,12 +42,14 @@
- protocol
- .Sh SYNOPSIS
- .Nm telnet
--.Op Fl 468ELadr
-+.Op Fl 468EKLadr
- .Op Fl S Ar tos
-+.Op Fl X Ar authtype
- .Op Fl b Ar address
- .Op Fl e Ar escapechar
- .Op Fl l Ar user
- .Op Fl n Ar tracefile
-+.Op Fl z Ar option
- .Oo
- .Ar host
- .Op Ar port
-@@ -152,44 +154,47 @@
- command below.
- .It Fl z Ar option
- Set SSL (Secure Socket Layer) parameters. The default is to negotiate
--via telnet protocoll if SSL is availlable at server side and then to
-+via telnet protocol if SSL is available at server side and then to
- switch it on. In this mode you can connect to both conventional and
--SSL enhanced telnetd's.
-+SSL enhanced telnetd's. If the connection is made to localhost and
-+.Ic -z secure
-+is not set, then
-+SSL is not enabled.
- .Pp
- The SSL parameters are:
- .Bl -tag -width Fl
--.It Ic Ar debug
-+.It Ic debug
- Send SSL related debugging information to stderr.
--.It Ic Ar authdebug
-+.It Ic authdebug
- Enable authentication debugging.
--.It Ic Ar ssl
-+.It Ic ssl
- Negotiate SSL at first, then use telnet protocol. In this mode you can
- connect to any server supporting directly SSL like Apache-SSL. Use
- .Ic telnet -z ssl ssl3.netscape.com https
- for example. telnet protocol negotiation goes encrypted.
--.It Ic Ar nossl, Ar !ssl
--switch of SSL negotiation
--.It Ic Ar certrequired
--client certificate is mandatory
--.It Ic Ar secure
-+.It Ic nossl, Ic !ssl
-+switch off SSL negotiation
-+.It Ic certrequired
-+server certificate is mandatory
-+.It Ic secure
- Don't switch back to unencrypted mode (no SSL) if SSL is not available.
--.It Ic Ar verbose
-+.It Ic verbose
- Be verbose about certificates etc.
--.It Ic Ar verify=int
-+.It Ic verify= Ns Ar int
- .\" TODO
- Set the SSL verify flags (SSL_VERIFY_* in
- .Ar ssl/ssl.h
- ).
- .\" TODO
--.It Ic Ar cert=cert_file
-+.It Ic cert= Ns Ar cert_file
- .\" TODO
- Use the certificate(s) in
- .Ar cert_file .
--.It Ic Ar key=key_file
-+.It Ic key= Ns Ar key_file
- .\" TODO
- Use the key(s) in
- .Ar key_file .
--.It Ic Ar cipher=ciph_list
-+.It Ic cipher= Ns Ar ciph_list
- .\" TODO
- Set the preferred ciphers to
- .Ar ciph_list .
-@@ -319,10 +324,6 @@
- List the current status of the various types of
- authentication.
- .El
--.Pp
--Note that the current version of
--.Nm telnet
--does not support authentication.
- .It Ic close
- Close the connection to the remote host, if any, and return to command
- mode.
-@@ -332,49 +333,49 @@
- and
- .Ic toggle
- values (see below).
--.It Ic encrypt Ar argument ...
--The encrypt command controls the
--.Dv TELNET ENCRYPT
--protocol option. If
--.Nm telnet
--was compiled without encryption, the
--.Ic encrypt
--command will not be supported.
--.Pp
--Valid arguments are as follows:
--.Bl -tag -width Ar
--.It Ic disable Ar type Ic [input|output]
--Disable the specified type of encryption. If you do not specify input
--or output, encryption of both is disabled. To obtain a list of
--available types, use ``encrypt disable \&?''.
--.It Ic enable Ar type Ic [input|output]
--Enable the specified type of encryption. If you do not specify input
--or output, encryption of both is enabled. To obtain a list of
--available types, use ``encrypt enable \&?''.
--.It Ic input
--This is the same as ``encrypt start input''.
--.It Ic -input
--This is the same as ``encrypt stop input''.
--.It Ic output
--This is the same as ``encrypt start output''.
--.It Ic -output
--This is the same as ``encrypt stop output''.
--.It Ic start Ic [input|output]
--Attempt to begin encrypting. If you do not specify input or output,
--encryption of both input and output is started.
--.It Ic status
--Display the current status of the encryption module.
--.It Ic stop Ic [input|output]
--Stop encrypting. If you do not specify input or output, encryption of
--both is stopped.
--.It Ic type Ar type
--Sets the default type of encryption to be used with later ``encrypt start''
--or ``encrypt stop'' commands.
--.El
--.Pp
--Note that the current version of
--.Nm telnet
--does not support encryption.
-+.\" .It Ic encrypt Ar argument ...
-+.\" The encrypt command controls the
-+.\" .Dv TELNET ENCRYPT
-+.\" protocol option. If
-+.\" .Nm telnet
-+.\" was compiled without encryption, the
-+.\" .Ic encrypt
-+.\" command will not be supported.
-+.\" .Pp
-+.\" Valid arguments are as follows:
-+.\" .Bl -tag -width Ar
-+.\" .It Ic disable Ar type Ic [input|output]
-+.\" Disable the specified type of encryption. If you do not specify input
-+.\" or output, encryption of both is disabled. To obtain a list of
-+.\" available types, use ``encrypt disable \&?''.
-+.\" .It Ic enable Ar type Ic [input|output]
-+.\" Enable the specified type of encryption. If you do not specify input
-+.\" or output, encryption of both is enabled. To obtain a list of
-+.\" available types, use ``encrypt enable \&?''.
-+.\" .It Ic input
-+.\" This is the same as ``encrypt start input''.
-+.\" .It Ic -input
-+.\" This is the same as ``encrypt stop input''.
-+.\" .It Ic output
-+.\" This is the same as ``encrypt start output''.
-+.\" .It Ic -output
-+.\" This is the same as ``encrypt stop output''.
-+.\" .It Ic start Ic [input|output]
-+.\" Attempt to begin encrypting. If you do not specify input or output,
-+.\" encryption of both input and output is started.
-+.\" .It Ic status
-+.\" Display the current status of the encryption module.
-+.\" .It Ic stop Ic [input|output]
-+.\" Stop encrypting. If you do not specify input or output, encryption of
-+.\" both is stopped.
-+.\" .It Ic type Ar type
-+.\" Sets the default type of encryption to be used with later ``encrypt start''
-+.\" or ``encrypt stop'' commands.
-+.\" .El
-+.\" .Pp
-+.\" Note that the current version of
-+.\" .Nm telnet
-+.\" does not support encryption.
- .It Ic environ Ar arguments...
- The
- .Ic environ
-@@ -1017,6 +1018,16 @@
- .Ic slc
- command.
- .El
-+.It Ic startssl
-+Attempt to negotiate telnet-over-SSL (as with the
-+.Ic -z ssl
-+option). This is useful when connecting to non-telnetds such
-+as imapd (with the
-+.Ic STARTTLS
-+command). To control SSL when connecting to a SSL-enabled
-+telnetd, use the
-+.Ic auth
-+command instead.
- .It Ic status
- Show the current status of
- .Nm telnet .
-@@ -1079,17 +1090,17 @@
- .Dv FALSE
- (see
- .Xr stty 1 ) .
--.It Ic autodecrypt
--When the
--.Dv TELNET ENCRYPT
--option is negotiated, by
--default the actual encryption (decryption) of the data
--stream does not start automatically. The autoencrypt
--(autodecrypt) command states that encryption of the
--output (input) stream should be enabled as soon as
--possible.
--.Pp
--Note that this flag exists only if encryption support is enabled.
-+.\" .It Ic autodecrypt
-+.\" When the
-+.\" .Dv TELNET ENCRYPT
-+.\" option is negotiated, by
-+.\" default the actual encryption (decryption) of the data
-+.\" stream does not start automatically. The autoencrypt
-+.\" (autodecrypt) command states that encryption of the
-+.\" output (input) stream should be enabled as soon as
-+.\" possible.
-+.\" .Pp
-+.\" Note that this flag exists only if encryption support is enabled.
- .It Ic autologin
- If the remote side supports the
- .Dv TELNET AUTHENTICATION
-@@ -1174,9 +1185,9 @@
- .Ic super user ) .
- The initial value for this toggle is
- .Dv FALSE .
--.It Ic encdebug
--Turns on debugging information for the encryption code.
--Note that this flag only exists if encryption support is available.
-+.\" .It Ic encdebug
-+.\" Turns on debugging information for the encryption code.
-+.\" Note that this flag only exists if encryption support is available.
- .It Ic localchars
- If this is
- .Dv TRUE ,
-@@ -1221,8 +1232,9 @@
- is sent as
- .Ic abort ,
- and
--.Ic eof and
--.B suspend
-+.Ic eof
-+and
-+.Ic suspend
- are sent as
- .Ic eof and
- .Ic susp ,
-@@ -1263,16 +1275,16 @@
- Toggles the display of all terminal data (in hexadecimal format).
- The initial value for this toggle is
- .Dv FALSE .
--.It Ic verbose_encrypt
--When the
--.Ic verbose_encrypt
--toggle is
--.Dv TRUE ,
--.Tn TELNET
--prints out a message each time encryption is enabled or
--disabled. The initial value for this toggle is
--.Dv FALSE.
--This flag only exists if encryption support is available.
-+.\" .It Ic verbose_encrypt
-+.\" When the
-+.\" .Ic verbose_encrypt
-+.\" toggle is
-+.\" .Dv TRUE ,
-+.\" .Tn TELNET
-+.\" prints out a message each time encryption is enabled or
-+.\" disabled. The initial value for this toggle is
-+.\" .Dv FALSE.
-+.\" This flag only exists if encryption support is available.
- .It Ic \&?
- Displays the legal
- .Ic toggle
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.cc
---- netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.cc 2004-05-27 11:47:26.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.cc 2010-05-11 13:44:40.076987936 +0200
-@@ -47,7 +47,7 @@
- * From: @(#)telnet.c 5.53 (Berkeley) 3/22/91
- */
- char telnet_rcsid[] =
--"$Id: telnet.cc,v 1.36 2000/07/23 03:24:53 dholland Exp $";
-+"$Id: telnet.cc,v 1.8 2005-04-14 15:26:27 ianb Exp $";
-
- #include <string.h>
- #include <sys/types.h>
-@@ -107,6 +107,7 @@
- eight = 3,
- binary = 0,
- autologin = 0, /* Autologin anyone? */
-+ use_authentication = 0,
- skiprc = 0,
- connected,
- showoptions,
-@@ -495,7 +496,8 @@
- break;
- #if defined(AUTHENTICATE)
- case TELOPT_AUTHENTICATION:
-- if (autologin)
-+ /* if (autologin) */
-+ if (use_authentication)
- new_state_ok = 1;
- break;
- #endif
-@@ -722,6 +724,7 @@
- */
-
- static void suboption(void) {
-+ extern int auth_failed;
- printsub('<', subbuffer, SB_LEN()+2);
- switch (SB_GET()) {
- case TELOPT_TTYPE:
-@@ -845,7 +848,8 @@
-
- #if defined(AUTHENTICATE)
- case TELOPT_AUTHENTICATION: {
-- if (!autologin)
-+ /* if (!autologin) */
-+ if (!use_authentication)
- break;
- if (SB_EOF())
- return;
-@@ -864,6 +868,10 @@
- if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
- return;
- auth_reply(subpointer, SB_LEN());
-+ if(auth_failed) {
-+ /* auth rejected, quit */
-+ quit();
-+ }
- break;
- case TELQUAL_NAME:
- if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
-@@ -1140,6 +1148,7 @@
-
-
- unsigned char slc_reply[128];
-+unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)];
- unsigned char *slc_replyp;
-
- void slc_start_reply(void) {
-@@ -1151,6 +1160,14 @@
- }
-
- void slc_add_reply(int func, int flags, int value) {
-+ /* A sequence of up to 6 bytes my be written for this member of the SLC
-+ * suboption list by this function. The end of negotiation command,
-+ * which is written by slc_end_reply(), will require 2 additional
-+ * bytes. Do not proceed unless there is sufficient space for these
-+ * items.
-+ */
-+ if (&slc_replyp[6+2] > slc_reply_eom)
-+ return;
- if ((*slc_replyp++ = func) == IAC)
- *slc_replyp++ = IAC;
- if ((*slc_replyp++ = flags) == IAC)
-@@ -1819,25 +1836,19 @@
- */
- void telnet(const char *user) {
- sys_telnet_init();
--
--#if defined(AUTHENTICATE)
-- {
-- static char local_host[256] = { 0 };
-- int len = sizeof(local_host);
--
-- if (!local_host[0]) {
-- gethostname(local_host, len); /* WAS &len!!! */
-- local_host[sizeof(local_host)-1] = 0;
-- }
-- auth_encrypt_init(local_host, hostname, "TELNET", 0);
-- auth_encrypt_user(user);
-- }
-+
-+#ifdef AUTHENTICATE
-+ auth_encrypt_user(user);
- #endif
--
-+
- #if !defined(TN3270)
- if (telnetport) {
-+
-+ send_will(TELOPT_ENVIRON, 1);
-+
- #if defined(AUTHENTICATE)
-- if (autologin)
-+ /* if (autologin) */
-+ if (use_authentication)
- send_will(TELOPT_AUTHENTICATION, 1);
- #endif
- send_do(TELOPT_SGA, 1);
-@@ -1846,7 +1857,6 @@
- send_will(TELOPT_TSPEED, 1);
- send_will(TELOPT_LFLOW, 1);
- send_will(TELOPT_LINEMODE, 1);
-- send_will(TELOPT_ENVIRON, 1);
- send_do(TELOPT_STATUS, 1);
- if (env_getvalue("DISPLAY", 0))
- send_will(TELOPT_XDISPLOC, 1);
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/terminal.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/terminal.cc
---- netkit-telnet-ssl-0.17.24+0.1/telnet/terminal.cc 2004-05-27 11:47:01.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/terminal.cc 2010-05-11 13:44:40.080321548 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)terminal.c 5.3 (Berkeley) 3/22/91
- */
- char terminal_rcsid[] =
-- "$Id: terminal.cc,v 1.25 1999/12/12 19:48:05 dholland Exp $";
-+ "$Id: terminal.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- #include <arpa/telnet.h>
- #include <sys/types.h>
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/tn3270.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/tn3270.cc
---- netkit-telnet-ssl-0.17.24+0.1/telnet/tn3270.cc 1996-08-13 11:08:34.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/tn3270.cc 2010-05-11 13:44:40.080321548 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)tn3270.c 5.2 (Berkeley) 3/1/91
- */
- char tn3270_rcsid[] =
-- "$Id: tn3270.cc,v 1.9 1996/08/13 09:08:34 dholland Exp $";
-+ "$Id: tn3270.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- #include <sys/types.h>
- #include <arpa/telnet.h>
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/types.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/types.h
---- netkit-telnet-ssl-0.17.24+0.1/telnet/types.h 1996-07-27 02:45:54.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/types.h 2010-05-11 13:44:40.083654043 +0200
-@@ -31,7 +31,7 @@
- * SUCH DAMAGE.
- *
- * from: @(#)types.h 5.1 (Berkeley) 9/14/90
-- * $Id: types.h,v 1.2 1996/07/27 00:45:54 dholland Exp $
-+ * $Id: types.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
- */
-
- typedef struct {
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/utilities.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/utilities.cc
---- netkit-telnet-ssl-0.17.24+0.1/telnet/utilities.cc 2004-05-27 11:47:27.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/utilities.cc 2010-05-11 13:44:40.083654043 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)utilities.c 5.3 (Berkeley) 3/22/91
- */
- char util_rcsid[] =
-- "$Id: utilities.cc,v 1.19 1999/12/12 15:33:40 dholland Exp $";
-+ "$Id: utilities.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- #define TELOPTS
- #define TELCMDS
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/authenc.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/authenc.c
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/authenc.c 2004-05-27 11:47:01.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/authenc.c 2010-05-11 13:44:40.086987376 +0200
-@@ -23,7 +23,7 @@
- * From: @(#)authenc.c 5.1 (Berkeley) 3/1/91
- */
- char authenc_rcsid[] =
-- "$Id: authenc.c,v 1.5 1999/12/12 14:59:44 dholland Exp $";
-+ "$Id: authenc.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- #if defined(ENCRYPT) || defined(AUTHENTICATE)
- #include "telnetd.h"
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/defs.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/defs.h
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/defs.h 2004-05-27 11:47:01.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/defs.h 2010-05-11 13:44:40.086987376 +0200
-@@ -31,7 +31,7 @@
- * SUCH DAMAGE.
- *
- * from: @(#)defs.h 5.10 (Berkeley) 3/1/91
-- * $Id: defs.h,v 1.7 1999/08/02 03:14:03 dholland Exp $
-+ * $Id: defs.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
- */
-
- /*
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/ext.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/ext.h
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/ext.h 2004-05-27 11:47:27.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/ext.h 2010-05-11 13:44:40.086987376 +0200
-@@ -31,7 +31,7 @@
- * SUCH DAMAGE.
- *
- * from: @(#)ext.h 5.7 (Berkeley) 3/1/91
-- * $Id: ext.h,v 1.9 1999/12/12 14:59:44 dholland Exp $
-+ * $Id: ext.h,v 1.2 2004-11-21 12:53:12 ianb Exp $
- */
-
- /*
-@@ -113,7 +113,7 @@
- void interrupt(void);
- void localstat(void);
- void netclear(void);
--void netflush(void);
-+int netflush(void);
- size_t netbuflen(int);
- void sendurg(const char *, size_t);
-
-@@ -183,7 +183,8 @@
- void tty_tspeed(int);
- void willoption(int);
- void wontoption(int);
--#define writenet(b, l) fwrite(b, 1, l, netfile)
-+int writenet(char *, int);
-+/*#define writenet(b, l) fwrite(b, 1, l, netfile)*/
- void netopen(void);
-
- #if defined(ENCRYPT)
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/getent.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/getent.c
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/getent.c 1996-08-15 08:23:28.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/getent.c 2010-05-11 13:44:40.086987376 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)getent.c 5.1 (Berkeley) 2/28/91
- */
- char ge_rcsid[] =
-- "$Id: getent.c,v 1.3 1996/08/15 06:23:28 dholland Exp $";
-+ "$Id: getent.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- /*
- * Copyright (c) 1991 Regents of the University of California.
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/global.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/global.c
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/global.c 2004-05-27 11:47:01.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/global.c 2010-05-11 13:44:40.090341661 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)global.c 5.2 (Berkeley) 6/1/90
- */
- char global_rcsid[] =
-- "$Id: global.c,v 1.4 1999/12/12 14:59:44 dholland Exp $";
-+ "$Id: global.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- /*
- * Allocate global variables.
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/issue.net.5 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/issue.net.5
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/issue.net.5 2004-05-27 11:47:01.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/issue.net.5 2010-05-11 13:44:40.090341661 +0200
-@@ -15,26 +15,26 @@
- .Pa /etc/issue.net
- is a text file which contains a message or system identification to be
- printed before the login prompt of a telnet session. It may contain
--various `%-char' sequences. The following sequences are supported by
-+various `%\&\-char' sequences. The following sequences are supported by
- .Ic telnetd :
- .Bl -tag -offset indent -compact -width "abcde"
--.It %t
-+.It %\&t
- - show the current tty
--.It %h
-+.It %\&h
- - show the system node name (FQDN)
--.It %D
-+.It %\&D
- - show the name of the NIS domain
--.It %d
-+.It %\&d
- - show the current time and date
--.It %s
-+.It %\&s
- - show the name of the operating system
--.It %m
-+.It %\&m
- - show the machine (hardware) type
--.It %r
-+.It %\&r
- - show the operating system release
--.It %v
-+.It %\&v
- - show the operating system version
--.It %%
-+.It %\&%
- - display a single '%' character
- .El
- .Sh FILES
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/Makefile
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/Makefile 2004-05-27 11:47:27.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/Makefile 2010-05-11 14:12:59.493485309 +0200
-@@ -9,9 +9,11 @@
- # take out -DPARANOID_TTYS.
-
- CFLAGS += '-DISSUE_FILE="/etc/issue.net"' -DPARANOID_TTYS \
-- -DNO_REVOKE -DKLUDGELINEMODE -DDIAGNOSTICS \
-- -DLOGIN_WRAPPER=\"/usr/lib/telnetlogin\"
--# LIBS += $(LIBTERMCAP)
-+ -DNO_REVOKE -DKLUDGELINEMODE -DDIAGNOSTICS -DAUTHENTICATE \
-+ -DLOGIN_WRAPPER=\"/usr/lib/telnetlogin\" \
-+ -DUSE_SSL -I/usr/include/openssl -I..
-+LIBTELNET = ../libtelnet/libtelnet.a
-+LIBS += $(LIBTERMCAP) $(LIBTELNET) -lssl -lcrypto
-
- OBJS = telnetd.o state.o termstat.o slc.o sys_term.o utility.o \
- global.o setproctitle.o
-@@ -28,10 +30,10 @@
- telnetd.o: ../version.h
-
- install: telnetd
-- install -s -m$(DAEMONMODE) telnetd $(INSTALLROOT)$(SBINDIR)/in.telnetd
-- install -m$(MANMODE) issue.net.5 $(INSTALLROOT)$(MANDIR)/man5/
-- install -m$(MANMODE) telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/in.telnetd.8
-- ln -sf in.telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/telnetd.8
-+ install -m$(DAEMONMODE) telnetd $(INSTALLROOT)$(SBINDIR)/in.telnetd-ssl
-+# install -m$(MANMODE) issue.net.5 $(INSTALLROOT)$(MANDIR)/man5/
-+ install -m$(MANMODE) telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/in.telnetd-ssl.8
-+ ln -sf in.telnetd-ssl.8 $(INSTALLROOT)$(MANDIR)/man8/telnetd-ssl.8
-
- clean:
- rm -f *.o telnetd
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/pathnames.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/pathnames.h
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/pathnames.h 1996-08-30 00:31:24.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/pathnames.h 2010-05-11 13:44:40.090341661 +0200
-@@ -31,7 +31,7 @@
- * SUCH DAMAGE.
- *
- * from: @(#)pathnames.h 5.5 (Berkeley) 6/28/90
-- * $Id: pathnames.h,v 1.3 1996/08/29 22:31:24 dholland Exp $
-+ * $Id: pathnames.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
- */
-
- #include <paths.h>
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.3 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.3
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.3 2000-07-31 01:57:09.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.3 2010-05-11 13:44:40.090341661 +0200
-@@ -1,5 +1,5 @@
- .\" OpenBSD: setproctitle.3,v 1.4 1996/10/08 01:20:08 michaels Exp
--.\" $Id: setproctitle.3,v 1.13 2000/07/30 23:57:09 dholland Exp $
-+.\" $Id: setproctitle.3,v 1.1 2004-10-14 13:19:53 ianb Exp $
- .\"
- .\" Copyright (c) 1994, 1995 Christopher G. Demetriou
- .\" All rights reserved.
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.c
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.c 2004-05-27 11:47:01.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.c 2010-05-11 13:44:40.090341661 +0200
-@@ -39,7 +39,7 @@
- * From: @(#)conf.c 8.243 (Berkeley) 11/20/95
- */
- char setproctitle_rcsid[] =
-- "$Id: setproctitle.c,v 1.3 1999/12/10 23:06:39 bryce Exp $";
-+ "$Id: setproctitle.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- #include <stdlib.h>
- #include <string.h>
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/slc.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/slc.c
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/slc.c 1999-12-12 15:59:44.000000000 +0100
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/slc.c 2010-05-11 13:44:40.096989611 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)slc.c 5.7 (Berkeley) 3/1/91
- */
- char slc_rcsid[] =
-- "$Id: slc.c,v 1.5 1999/12/12 14:59:44 dholland Exp $";
-+ "$Id: slc.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- #include "telnetd.h"
-
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/state.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/state.c
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/state.c 2004-05-27 11:47:27.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/state.c 2010-05-11 13:44:40.100321827 +0200
-@@ -35,11 +35,12 @@
- * From: @(#)state.c 5.10 (Berkeley) 3/22/91
- */
- char state_rcsid[] =
-- "$Id: state.c,v 1.12 1999/12/12 19:41:44 dholland Exp $";
-+ "$Id: state.c,v 1.5 2005-07-07 21:53:00 ianb Exp $";
-
- #include "telnetd.h"
- #if defined(AUTHENTICATE)
- #include <libtelnet/auth.h>
-+extern char *UserNameRequested;
- #endif
-
- int not42 = 1;
-@@ -1161,7 +1162,7 @@
-
- case TELOPT_ENVIRON: {
- register int c;
-- register char *cp, *varp, *valp;
-+ register unsigned char *cp, *varp, *valp;
-
- if (SB_EOF())
- return;
-@@ -1177,25 +1178,41 @@
- if (SB_EOF())
- return;
-
-- cp = varp = (char *)subpointer;
-+ cp = varp = (unsigned char *)subpointer;
- valp = 0;
-
- while (!SB_EOF()) {
- switch (c = SB_GET()) {
- case ENV_VALUE:
- *cp = '\0';
-- cp = valp = (char *)subpointer;
-+ cp = valp = (unsigned char *)subpointer;
- break;
-
- case ENV_VAR:
- *cp = '\0';
-- if (envvarok(varp)) {
-- if (valp)
-- (void)setenv(varp, valp, 1);
-- else
-- unsetenv(varp);
-+ if (envvarok((char *)varp)) {
-+ if (valp) {
-+ (void)setenv((char *)varp, (char *)valp, 1);
-+#ifdef AUTHENTICATE
-+ if (strcmp((char *)varp,"USER") == 0) {
-+ if (UserNameRequested)
-+ free(UserNameRequested);
-+ UserNameRequested=strdup((char *)valp);
-+ }
-+#endif /* AUTHENTICATE */
-+ }
-+ else {
-+ unsetenv((char *)varp);
-+#ifdef AUTHENTICATE
-+ if (strcmp((char *)varp,"USER") == 0) {
-+ if (UserNameRequested)
-+ free(UserNameRequested);
-+ UserNameRequested=NULL;
-+ }
-+#endif /* AUTHENTICATE */
-+ }
- }
-- cp = varp = (char *)subpointer;
-+ cp = varp = (unsigned char *)subpointer;
- valp = 0;
- break;
-
-@@ -1211,11 +1228,27 @@
- }
- }
- *cp = '\0';
-- if (envvarok(varp)) {
-- if (valp)
-- (void)setenv(varp, valp, 1);
-- else
-- unsetenv(varp);
-+ if (envvarok((char *)varp)) {
-+ if (valp) {
-+ (void)setenv((char *)varp, (char *)valp, 1);
-+#ifdef AUTHENTICATE
-+ if (strcmp((char *)varp,"USER") == 0) {
-+ if (UserNameRequested)
-+ free(UserNameRequested);
-+ UserNameRequested=strdup((char *)valp);
-+ }
-+#endif /* AUTHENTICATE */
-+ }
-+ else {
-+ unsetenv((char *)varp);
-+#ifdef AUTHENTICATE
-+ if (strcmp((char *)varp,"USER") == 0) {
-+ if (UserNameRequested)
-+ free(UserNameRequested);
-+ UserNameRequested=NULL;
-+ }
-+#endif /* AUTHENTICATE */
-+ }
- }
- break;
- } /* end of case TELOPT_ENVIRON */
-@@ -1367,7 +1400,7 @@
- ADD(IAC);
- ADD(SE);
-
-- writenet(statusbuf, ncp - statusbuf);
-+ writenet((char *)statusbuf, ncp - statusbuf);
- netflush(); /* Send it on its way */
-
- DIAG(TD_OPTIONS, {printsub('>', statusbuf, ncp - statusbuf); netflush();});
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/sys_term.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/sys_term.c
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/sys_term.c 2004-05-27 11:47:27.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/sys_term.c 2010-05-11 13:44:40.106987377 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)sys_term.c 5.16 (Berkeley) 3/22/91
- */
- char st_rcsid[] =
-- "$Id: sys_term.c,v 1.17 1999/12/17 14:28:47 dholland Exp $";
-+ "$Id: sys_term.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- #include <utmp.h>
-
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.8 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.8
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.8 2004-05-27 11:47:27.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.8 2010-05-11 13:44:40.106987377 +0200
-@@ -30,7 +30,7 @@
- .\" SUCH DAMAGE.
- .\"
- .\" from: @(#)telnetd.8 6.8 (Berkeley) 4/20/91
--.\" $Id: telnetd.8,v 1.18 2000/07/30 23:57:10 dholland Exp $
-+.\" $Id: telnetd.8,v 1.5 2006-09-24 00:48:31 ianb Exp $
- .\"
- .Dd December 29, 1996
- .Dt TELNETD 8
-@@ -42,7 +42,7 @@
- protocol server
- .Sh SYNOPSIS
- .Nm /usr/sbin/in.telnetd
--.Op Fl hns
-+.Op Fl hnNs
- .Op Fl a Ar authmode
- .Op Fl D Ar debugmode
- .Op Fl L Ar loginprg
-@@ -50,6 +50,7 @@
- .Op Fl X Ar authtype
- .Op Fl edebug
- .Op Fl debug Ar port
-+.Op Fl z Ar sslopt
- .Sh DESCRIPTION
- The
- .Nm telnetd
-@@ -175,6 +176,9 @@
- if the client is still there, so that idle connections
- from machines that have crashed or can no longer
- be reached may be cleaned up.
-+.It Fl N
-+Disable reverse DNS lookups and use the numeric IP address in logs
-+and REMOTEHOST environment variable.
- .It Fl s
- This option is only enabled if
- .Nm telnetd
-@@ -219,12 +223,16 @@
- only accepts connections from SSL enhanced telnet with option
- .Ic -z ssl
- .It Ic nossl, !ssl
--switch of SSL negotiation
-+switch off SSL negotiation
- .It Ic certsok
- Look username up in /etc/ssl.users. The format of this file is lines
- of this form:
- .Ar user1,user2:/C=US/.....
--where user1 and user2 are usernames. If client certificate is valid,
-+where user1 and user2 are usernames and /C=US/... is the subject name of
-+the certificate. Use
-+.Ar openssl x509 -subject -noout
-+to extract the subject name.
-+If client certificate is valid,
- authenticate without password.
- .It Ic certrequired
- client certificate is mandatory
-@@ -451,7 +459,6 @@
- is compiled with support for data encryption, and
- indicates a willingness to decrypt
- the data stream.
--.Xr issue.net 5 ) .
- .El
- .Sh FILES
- .Pa /etc/services ,
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.c
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.c 2004-05-27 11:47:27.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.c 2010-05-11 13:44:40.113654043 +0200
-@@ -39,7 +39,7 @@
- * From: @(#)telnetd.c 5.48 (Berkeley) 3/1/91
- */
- char telnetd_rcsid[] =
-- "$Id: telnetd.c,v 1.24 2000/04/12 21:36:12 dholland Exp $";
-+ "$Id: telnetd.c,v 1.7 2006-06-16 13:29:00 ianb Exp $";
-
- #include "../version.h"
-
-@@ -90,6 +90,7 @@
-
- int debug = 0;
- int keepalive = 1;
-+int numeric_hosts = 0;
- #ifdef LOGIN_WRAPPER
- char *loginprg = LOGIN_WRAPPER;
- #else
-@@ -222,13 +223,12 @@
- * certificate that we will be running with as we cannot
- * be sure of the cwd when we are launched
- */
-- sprintf(cert_filepath,"%s/%s",X509_get_default_cert_dir(),
-- "telnetd.pem");
-+ strcpy(cert_filepath, "/etc/telnetd-ssl/telnetd.pem");
- ssl_cert_file=cert_filepath;
- ssl_key_file=NULL;
- #endif /* USE_SSL */
-
-- while ((ch = getopt(argc, argv, "d:a:e:lhnr:I:D:B:sS:a:X:L:z:")) != EOF) {
-+ while ((ch = getopt(argc, argv, "d:a:e:lhnNr:I:D:B:sS:a:X:L:z:")) != EOF) {
- switch(ch) {
-
- #ifdef USE_SSL
-@@ -389,6 +389,10 @@
- keepalive = 0;
- break;
-
-+ case 'N':
-+ numeric_hosts = 1;
-+ break;
-+
- #ifdef SecurID
- case 's':
- /* SecurID required */
-@@ -427,7 +431,7 @@
-
- #ifdef USE_SSL
-
-- if (ssl_secure_flag || ssl_cert_required) {
-+ if (ssl_secure_flag || ssl_cert_required || ssl_certsok_flag) {
- /* in secure mode we *must* switch on the base level
- * verify checking otherwise we cannot abort connections
- * at the right place!
-@@ -520,9 +524,9 @@
- sprintf(errbuf,"SSL_accept error %s\n",
- ERR_error_string(ERR_get_error(),NULL));
-
-- syslog(LOG_WARNING, errbuf);
-+ syslog(LOG_WARNING, "%s", errbuf);
-
-- BIO_printf(bio_err,errbuf);
-+ BIO_printf(bio_err,"%s",errbuf);
-
- /* go to sleep to make sure we are noticed */
- sleep(10);
-@@ -571,6 +575,11 @@
- #ifdef AUTHENTICATE
- fprintf(stderr, " [-X auth-type]");
- #endif
-+#ifdef USE_SSL
-+ /* might as well output something useful here ... */
-+ fprintf(stderr, "\n\t [-z ssl] [-z secure] [-z debug] [-z verify=int]\n\t");
-+ fprintf(stderr, " [-z cert=file] [-z key=file]\n\t");
-+#endif /* USE_SSL */
- fprintf(stderr, "\n");
- exit(1);
- }
-@@ -596,6 +605,18 @@
- /*
- * Handle the Authentication option before we do anything else.
- */
-+ send_do(TELOPT_ENVIRON, 1);
-+ while (his_will_wont_is_changing(TELOPT_ENVIRON)) {
-+ ttloop();
-+ }
-+
-+ if (his_state_is_will(TELOPT_ENVIRON)) {
-+ netoprintf("%c%c%c%c%c%c",
-+ IAC, SB, TELOPT_ENVIRON, TELQUAL_SEND, IAC, SE);
-+ while (sequenceIs(environsubopt, baseline))
-+ ttloop();
-+ }
-+
- send_do(TELOPT_AUTHENTICATION, 1);
- while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
- ttloop();
-@@ -654,7 +675,6 @@
- send_do(TELOPT_TTYPE, 1);
- send_do(TELOPT_TSPEED, 1);
- send_do(TELOPT_XDISPLOC, 1);
-- send_do(TELOPT_ENVIRON, 1);
- while (
- #if defined(ENCRYPT)
- his_do_dont_is_changing(TELOPT_ENCRYPT) ||
-@@ -698,10 +718,6 @@
- while (sequenceIs(xdisplocsubopt, baseline))
- ttloop();
- }
-- if (his_state_is_will(TELOPT_ENVIRON)) {
-- while (sequenceIs(environsubopt, baseline))
-- ttloop();
-- }
- if (his_state_is_will(TELOPT_TTYPE)) {
- char first[256], last[256];
-
-@@ -852,7 +868,7 @@
- static void
- doit(struct sockaddr *who, socklen_t who_len)
- {
-- const char *host;
-+ char *host;
- int level;
- char user_name[256];
- int i;
-@@ -867,7 +883,8 @@
-
- /* get name of connected client */
- if (getnameinfo(who, who_len, remote_host_name,
-- sizeof(remote_host_name), 0, 0, 0)) {
-+ sizeof(remote_host_name), 0, 0,
-+ numeric_hosts ? NI_NUMERICHOST : 0)) {
- syslog(LOG_ERR, "doit: getnameinfo: %m");
- *remote_host_name = 0;
- }
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.h
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.h 1999-03-27 08:46:21.000000000 +0100
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.h 2010-05-11 13:44:40.113654043 +0200
-@@ -31,7 +31,7 @@
- * SUCH DAMAGE.
- *
- * from: @(#)telnetd.h 5.3 (Berkeley) 3/1/91
-- * $Id: telnetd.h,v 1.2 1999/03/27 07:46:21 dholland Exp $
-+ * $Id: telnetd.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
- */
-
-
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/termstat.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/termstat.c
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/termstat.c 1999-12-12 15:59:45.000000000 +0100
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/termstat.c 2010-05-11 13:44:40.113654043 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)termstat.c 5.10 (Berkeley) 3/22/91
- */
- char termstat_rcsid[] =
-- "$Id: termstat.c,v 1.6 1999/12/12 14:59:45 dholland Exp $";
-+ "$Id: termstat.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
-
- #include "telnetd.h"
-
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/utility.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/utility.c
---- netkit-telnet-ssl-0.17.24+0.1/telnetd/utility.c 2004-05-27 11:47:27.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/utility.c 2010-05-11 13:45:21.990318196 +0200
-@@ -35,7 +35,7 @@
- * From: @(#)utility.c 5.8 (Berkeley) 3/22/91
- */
- char util_rcsid[] =
-- "$Id: utility.c,v 1.11 1999/12/12 14:59:45 dholland Exp $";
-+ "$Id: utility.c,v 1.8 2006-09-24 00:48:31 ianb Exp $";
-
- #define PRINTOPTIONS
-
-@@ -49,6 +49,15 @@
-
- #include "telnetd.h"
-
-+/* patched by fluke.l at gmail.com , im not sure it's gonna work or not */
-+typedef struct {
-+ int (*read) (void *, char *, int);
-+ int (*write) (void *, char const *, int);
-+ fpos_t (*seek) (void *, fpos_t, int);
-+ int (*close) (void *);
-+} cookie_io_functions_t;
-+/* end patch */
-+
- struct buflist {
- struct buflist *next;
- char *buf;
-@@ -86,6 +95,11 @@
- DIAG(TD_REPORT, netoprintf("td: ttloop\r\n"););
-
- netflush();
-+#ifdef USE_SSL
-+ if (ssl_active_flag)
-+ ncc = SSL_read(ssl_con, netibuf, sizeof netibuf);
-+ else
-+#endif /* USE_SSL */
- ncc = read(net, netibuf, sizeof(netibuf));
- if (ncc < 0) {
- syslog(LOG_INFO, "ttloop: read: %m\n");
-@@ -216,7 +230,7 @@
- }
-
- out:
-- return next ? next + (current - end) : current;
-+ return (const char *) (next ? (next + (current - end)) : current );
- } /* end of nextitem */
-
-
-@@ -243,6 +257,29 @@
- doclear--;
- } /* end of netclear */
-
-+#ifdef USE_SSL
-+static int
-+SSL_writev(SSL *ssl_con,const struct iovec *vector,int num)
-+{
-+ const struct iovec *v = vector;
-+
-+ int ret;
-+ int len = 0;
-+
-+ while (num > 0) {
-+ ret = SSL_write(ssl_con, v->iov_base, v->iov_len);
-+ if (ret < 0)
-+ return ret;
-+ if (ret != v->iov_len)
-+ syslog(LOG_NOTICE, "SSL_writev: short write\n");
-+ num -= v->iov_len;
-+ len += ret;
-+ v++;
-+ }
-+ return len;
-+}
-+#endif /* USE_SSL */
-+
- static void
- netwritebuf(void)
- {
-@@ -253,6 +290,9 @@
- size_t len;
- int ltrailing = trailing;
-
-+ if (!listlen)
-+ return;
-+
- vector = malloc(listlen * sizeof(struct iovec));
- if (!vector) {
- return;
-@@ -265,6 +305,11 @@
- if (lp == urg) {
- len = v - vector;
- if (!len) {
-+#ifdef USE_SSL
-+ if (ssl_active_flag)
-+ n = SSL_write(ssl_con, lp->buf, 1);
-+ else
-+#endif /* USE_SSL */
- n = send(net, lp->buf, 1, MSG_OOB);
- if (n > 0) {
- urg = 0;
-@@ -282,15 +327,25 @@
- vector->iov_base = (char *)vector->iov_base + skip;
- vector->iov_len -= skip;
-
-- n = writev(net, vector, len);
-+ if(vector->iov_len == 0 ) {
-+ n=0;
-+ } else {
-+
-+#ifdef USE_SSL
-+ if (ssl_active_flag)
-+ n = SSL_writev(ssl_con, vector, len); /* normal write */
-+ else
-+#endif /* USE_SSL */
-+ n = writev(net, vector, len);
-
- epi:
-- free(vector);
-+ free(vector);
-
-- if (n < 0) {
-+ if (n < 0) {
- if (errno != EWOULDBLOCK && errno != EINTR)
-- cleanup(0);
-+ cleanup(0);
- return;
-+ }
- }
-
- len = n + skip;
-@@ -315,6 +370,10 @@
- }
- }
-
-+ if(ltrailing && (len==0)) {
-+ ltrailing=trailing=0;
-+ }
-+
- skip = len;
- }
-
-@@ -323,16 +382,22 @@
- * Send as much data as possible to the network,
- * handling requests for urgent data.
- */
--void
-+int
- netflush(void)
- {
- if (fflush(netfile)) {
- /* out of memory? */
- cleanup(0);
-+ return 0;
- }
-- if (listlen) {
-- netwritebuf();
-- }
-+ netwritebuf();
-+ return 1;
-+}
-+
-+int
-+writenet(char *b , int l)
-+{
-+ return(fwrite(b, 1, l, netfile));
- }
-
-
-@@ -983,7 +1048,7 @@
- ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
- "MUTUAL" : "ONE-WAY");
-
-- auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-+ auth_printsub(&pointer[1], length - 1, (unsigned char *) buf, sizeof(buf));
- netoprintf("%s", buf);
- break;
-
-@@ -1191,7 +1256,15 @@
- size_t l;
- size_t m = tail->len;
-
-- p = nextitem(tail->buf, tail->buf + tail->len, buf, end);
-+ if((tail->buf == NULL) || (tail->len==0))
-+ {
-+ p = nextitem((unsigned char *) buf, (unsigned char *) end,0,0);
-+ }
-+ else
-+ {
-+ p = nextitem((unsigned char *) tail->buf, (unsigned char *) (tail->buf + tail->len),
-+ (unsigned char *) buf, (unsigned char *) end);
-+ }
- ltrailing = !p;
- if (ltrailing) {
- p = end;
-@@ -1245,7 +1318,7 @@
- const char *p;
- size_t l;
-
-- p = nextitem(buf, end, 0, 0);
-+ p = nextitem((unsigned char *) buf, (unsigned char *) end, 0, 0);
- ltrailing = !p;
- if (ltrailing) {
- p = end;
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/Makefile
---- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/Makefile 2000-04-13 03:07:22.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/Makefile 2010-05-11 13:46:19.023660189 +0200
-@@ -11,7 +11,7 @@
- $(OBJS): ../version.h
-
- install: telnetlogin
-- install -s -m4750 -oroot -gtelnetd telnetlogin $(INSTALLROOT)$(SBINDIR)
-+ install -m$(BINMODE) telnetlogin $(INSTALLROOT)$(SBINDIR)
- install -m$(MANMODE) telnetlogin.8 $(INSTALLROOT)$(MANDIR)/man8
-
- clean:
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.8 netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.8
---- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.8 2004-05-27 11:47:02.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.8 2010-05-11 13:44:40.123659071 +0200
-@@ -28,7 +28,7 @@
- .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- .\" SUCH DAMAGE.
- .\"
--.\" $Id: telnetlogin.8,v 1.4 2000/07/30 23:57:10 dholland Exp $
-+.\" $Id: telnetlogin.8,v 1.2 2004-11-07 15:47:43 ianb Exp $
- .\"
- .Dd April 12, 2000
- .Dt TELNETLOGIN 8
-@@ -40,6 +40,7 @@
- .Nm telnetlogin
- .Op Fl h Ar host
- .Op Fl p
-+.Op Fl f Ar username
- .Op Ar username
- .Sh DESCRIPTION
- .Nm telnetlogin
-@@ -79,11 +80,6 @@
- .Xr inetd 8 ,
- .Xr telnetd 8
- .Sh RESTRICTIONS
--.Nm telnetlogin
--does not permit the
--.Fl f
--option to login, so will not
--work with telnetds that perform authentication via Kerberos or SSL.
- .Pp
- THIS IS PRESENTLY EXPERIMENTAL CODE; USE WITH CAUTION.
- .Sh HISTORY
-diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.c
---- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.c 2004-05-27 11:47:02.000000000 +0200
-+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.c 2010-05-11 13:44:40.123659071 +0200
-@@ -35,7 +35,7 @@
- "All rights reserved.\n";
-
- char rcsid[] =
-- "$Id: telnetlogin.c,v 1.1 2000/04/13 01:07:22 dholland Exp $";
-+ "$Id: telnetlogin.c,v 1.2 2004-11-07 15:47:43 ianb Exp $";
- #include "../version.h"
-
- #include <sys/types.h>
-@@ -76,7 +76,16 @@
- int i=0;
- /* should we check length? */
- for (i=0; hname[i]; i++) {
-- if (hname[i]<=32 && hname[i]>126) return -1;
-+ if ((hname[i]<=32) || (hname[i]>126)) return -1;
-+ }
-+ return 0;
-+}
-+
-+static int check_username(char *username) {
-+ int i;
-+ if (strlen(username) > 32) return -1;
-+ for (i=0; username[i]; i++) {
-+ if ((username[i]<=32) || (username[i]>126)) return -1;
- }
- return 0;
- }
-@@ -158,6 +167,12 @@
- if (argn < argc && !strcmp(argv[argn], "-p")) {
- argn++;
- }
-+ if (argn < argc && !strcmp(argv[argn], "-f")) {
-+ argn++;
-+ if (argn==argc) die("Illegal args: -f requires argument");
-+ if (check_username(argv[argn])) die("Illegal remote username specified");
-+ argn++;
-+ }
- if (argn < argc && argv[argn][0] != '-') {
- argn++;
- }
diff --git a/abs/core/netkit-telnet-ssl/netkit-telnet-ssl.install b/abs/core/netkit-telnet-ssl/netkit-telnet-ssl.install
deleted file mode 100644
index 25a4b28..0000000
--- a/abs/core/netkit-telnet-ssl/netkit-telnet-ssl.install
+++ /dev/null
@@ -1,5 +0,0 @@
-
-post_install() {
- groupadd telnetd
-}
-
diff --git a/abs/core/netkit-telnet-ssl/telnet.xinetd b/abs/core/netkit-telnet-ssl/telnet.xinetd
deleted file mode 100644
index f4ef4c0..0000000
--- a/abs/core/netkit-telnet-ssl/telnet.xinetd
+++ /dev/null
@@ -1,10 +0,0 @@
-service telnet-ssl
-{
- flags = REUSE
- socket_type = stream
- wait = no
- user = root
- server = /usr/sbin/in.telnetd-ssl
- log_on_failure += USERID
- disable = yes
-}