diff options
| author | James Meyer <james.meyer@operamail.com> | 2013-02-19 21:10:18 (GMT) |
|---|---|---|
| committer | James Meyer <james.meyer@operamail.com> | 2013-02-19 21:10:18 (GMT) |
| commit | 2648e999d277eac5c3d331a3609bcc73fafbea71 (patch) | |
| tree | 40951fb8e7fdbe28a0baa324ae615055203f1e2e /abs/core/netkit-telnet-ssl | |
| parent | c759b5e0c4aa6fc37412b4dee2cf9ad993fd376d (diff) | |
| parent | 7e6f7ca174e1af67178dc5293a312a4a733eb095 (diff) | |
| download | linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.zip linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.tar.gz linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.tar.bz2 | |
Merge branch 'testing'
# By James Meyer (1091) and others
# Via James Meyer (5) and others
* testing: (1148 commits)
LinHES-config: during install don't kill off lirc. This keeps the remote active all the way to the finish
Change version numbers to 8.0 to match the release number. LinHES-conifg LinHES-system mythdb-initial runit-scripts supplemental-web
LinHES-conifig: mv_install.py for the last partition don't go all the way to the end. Gotta leave room for gpt tables.
xf86-video-ati: xorg ati driver.
LinHES-config: timezip.py add syncing up of parental lvl passwords and starting level with MBE.
LinHES-system: correct the logic for breaking out of the wmctrl loop. As written it would break out of the inner loop..but not the 60 iteration loop.
e16_theme_settings: remove slide-in prop for new windows. For whatever reason this was preventing mplayer from being positioned correctly for appletrailers.
LinHES-config, mythinstall: change case of hd_pvr and serial to all lower refs #902
zilog-firmware: firmware for TX support of the hdpvr and pvr-150 In general I can't recommend anybody using these transmitters but including the firmware just in case someone really wants to
linhes-udev-rules: added hdprv_lirc rule. All of these lirc rules are limited to exactly one device. If more then one device is present then only the last device in init will get the symlink
runit-scripts: fix logging for igdeamon, add support to remote init script so that the blaster is always the first device in the chain. added support specificly for hd_pvr
LinHES-system: add lh_system_restore and lh_system_backup. These scripts are called from the mythmenu. refs #900
iguanair: rebuild with python 2.7
LinHES-system: msg_daemon.py fix init and nasty bug related to timeout. In a nutshell timeout wouldn't work unless a msg without a timeout was called first.
linhes-udev-rules: add rules for mce,streamzap,serial lirc devices.
mythinstall: recompile for matching libs
mythtv: latest .25-fixes and change mythbackup/restore call lh_system_$op to replace mythbackup/mythrestore. mythbackup no longer works correctly with the new windowmanager
linhes-scripts: myth2mp3, myth2x264, myth2xvid: use mythutil to get cutlist
LinHES-config, supplimental-web: Fix proxy numbering for Ceton infiniTV
linhes-system: add additional stuff to the system backup and also introduced an exclude file. The exclude/include files are locate in /home/mythtv/backup_config/
...
Diffstat (limited to 'abs/core/netkit-telnet-ssl')
| -rw-r--r-- | abs/core/netkit-telnet-ssl/PKGBUILD | 33 | ||||
| -rw-r--r-- | abs/core/netkit-telnet-ssl/netkit-telnet-ssl-0.17.24+0.1_arch.diff | 2591 | ||||
| -rw-r--r-- | abs/core/netkit-telnet-ssl/netkit-telnet-ssl.install | 5 | ||||
| -rw-r--r-- | abs/core/netkit-telnet-ssl/telnet.xinetd | 10 |
4 files changed, 0 insertions, 2639 deletions
diff --git a/abs/core/netkit-telnet-ssl/PKGBUILD b/abs/core/netkit-telnet-ssl/PKGBUILD deleted file mode 100644 index 37fb577..0000000 --- a/abs/core/netkit-telnet-ssl/PKGBUILD +++ /dev/null @@ -1,33 +0,0 @@ -# Maintainer: <alexandre.becoulet@free.fr> -# Contributor: <netbug@ftp.uk.linux.org> -# Contributor: Fluke <fluke.l at gmail.com> -pkgname=netkit-telnet-ssl -pkgver=0.17.24+0.1 -pkgrel=2 -pkgdesc="telnet client and server with ssl enabled" -arch=('i686' 'x86_64') -license=('BSD') -url=("http://www.hcs.harvard.edu/~dholland/computers/netkit.html") -source=(http://ftp.de.debian.org/debian/pool/main/n/${pkgname}/${pkgname}_${pkgver}.orig.tar.gz - netkit-telnet-ssl-0.17.24+0.1_arch.diff - telnet.xinetd) -depends=('glibc' 'openssl' 'ncurses') -replaces=('netkit-telnet') -md5sums=('43a402139ed6b86434fdb83256feaad8' - 'd51bf898269a79a2de77d1134516c209' - 'ca38af6f1346ae90b2cb1e160858b453') -install=netkit-telnet-ssl.install - -build() { - cd ${srcdir}/${pkgname}-${pkgver}.orig - patch -p1 < ../netkit-telnet-ssl-0.17.24+0.1_arch.diff - ./configure --prefix=/usr --installroot=${pkgdir} - make || return 1 -} -package() { - cd ${srcdir}/${pkgname}-${pkgver}.orig - mkdir -p ${pkgdir}/usr/{bin,sbin,man/man1,man/man5,man/man8} ${pkgdir}/etc/xinetd.d - - make install || return 1 - install -m644 ${srcdir}/telnet.xinetd ${pkgdir}/etc/xinetd.d/telnet-ssl -} diff --git a/abs/core/netkit-telnet-ssl/netkit-telnet-ssl-0.17.24+0.1_arch.diff b/abs/core/netkit-telnet-ssl/netkit-telnet-ssl-0.17.24+0.1_arch.diff deleted file mode 100644 index 17b3c3c..0000000 --- a/abs/core/netkit-telnet-ssl/netkit-telnet-ssl-0.17.24+0.1_arch.diff +++ /dev/null @@ -1,2591 +0,0 @@ -Only in netkit-telnet-ssl-0.17.24+0.1: debian -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth.c ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth.c 2004-05-27 11:47:25.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth.c 2010-05-11 13:44:40.190322666 +0200 -@@ -37,6 +37,9 @@ - */ - - #ifndef lint -+#ifdef __GNUC__ -+__attribute__ ((unused)) -+#endif /* __GNUC__ */ - static char sccsid[] = "@(#)auth.c 5.2 (Berkeley) 3/22/91"; - #endif /* not lint */ - -@@ -83,8 +86,11 @@ - - #define typemask(x) (1<<((x)-1)) - -+int auth_onoff(const char *type, int on); -+ -+ - int auth_debug_mode = 0; --static char *Name = "Noname"; -+static const char *Name = "Noname"; - static int Server = 0; - static Authenticator *authenticated = 0; - static int authenticating = 0; -@@ -170,7 +176,7 @@ - - void - auth_init(name, server) -- char *name; -+ const char *name; - int server; - { - Authenticator *ap = authenticators; -@@ -241,7 +247,7 @@ - - int - auth_onoff(type, on) -- char *type; -+ const char *type; - int on; - { - int i, mask = -1; -@@ -335,7 +341,7 @@ - } - *e++ = IAC; - *e++ = SE; -- writenet(str_request, e - str_request); -+ writenet((char *) str_request, e - str_request); - printsub('>', &str_request[2], e - str_request - 2); - } - } -@@ -424,7 +430,7 @@ - } - auth_send_data += 2; - } -- writenet(str_none, sizeof(str_none)); -+ writenet((char *) str_none, sizeof(str_none)); - printsub('>', &str_none[2], sizeof(str_none) - 2); - if (auth_debug_mode) - printf(">>>%s: Sent failure message\r\n", Name); -@@ -456,7 +462,7 @@ - return; - } - -- if (ap = findauthenticator(data[0], data[1])) { -+ if ((ap = findauthenticator(data[0], data[1]))) { - if (ap->is) - (*ap->is)(ap, data+2, cnt-2); - } else if (auth_debug_mode) -@@ -474,7 +480,7 @@ - if (cnt < 2) - return; - -- if (ap = findauthenticator(data[0], data[1])) { -+ if ((ap = findauthenticator(data[0], data[1]))) { - if (ap->reply) - (*ap->reply)(ap, data+2, cnt-2); - } else if (auth_debug_mode) -@@ -487,7 +493,7 @@ - unsigned char *data; - int cnt; - { -- Authenticator *ap; -+ /* Authenticator *ap; */ - unsigned char savename[256]; - - if (cnt < 1) { -@@ -505,7 +511,7 @@ - savename[cnt] = '\0'; /* Null terminate */ - if (auth_debug_mode) - printf(">>>%s: Got NAME [%s]\r\n", Name, savename); -- auth_encrypt_user(savename); -+ auth_encrypt_user((char *)savename); - } - - int -@@ -526,7 +532,7 @@ - } - *e++ = IAC; - *e++ = SE; -- writenet(str_request, e - str_request); -+ writenet((char *) str_request, e - str_request); - printsub('>', &str_request[2], e - &str_request[2]); - return(1); - } -@@ -542,6 +548,9 @@ - } - - /* ARGSUSED */ -+#ifdef __GNUC__ -+__attribute__ ((used)) -+#endif /* __GNUC__ */ - static void - auth_intr(sig) - int sig; -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth-proto.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth-proto.h ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth-proto.h 2004-05-27 11:47:25.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth-proto.h 2010-05-11 13:44:40.183654321 +0200 -@@ -68,7 +68,7 @@ - #if defined(AUTHENTICATE) - Authenticator *findauthenticator P((int, int)); - --void auth_init P((char *, int)); -+void auth_init P((const char *, int)); - int auth_cmd P((int, char **)); - void auth_request P((void)); - void auth_send P((unsigned char *, int)); -@@ -123,7 +123,9 @@ - int auth_ssl_status P((Authenticator *, char *, int)); - void auth_ssl_printsub P((unsigned char *, int, unsigned char *, int)); - #endif /* USE_SSL */ -- -+ -+extern void printsub P((char, unsigned char *, int)); -+extern int writenet P((char *, int)); - #endif - #ifdef __cplusplus - } -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/Makefile ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/Makefile 2004-05-27 11:47:25.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/Makefile 2010-05-11 13:45:28.073664102 +0200 -@@ -15,5 +15,8 @@ - ranlib lib${LIB}.a; \ - fi; - -+install: -+ @echo "nothing to be installed from libtelnet" -+ - clean: - rm -f *.o lib${LIB}.a -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc.c ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc.c 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc.c 2010-05-11 13:44:40.190322666 +0200 -@@ -32,6 +32,9 @@ - */ - - #ifndef lint -+#ifdef __GNUC__ -+__attribute__ ((unused)) -+#endif /* __GNUC__ */ - static char sccsid[] = "@(#)misc.c 5.1 (Berkeley) 2/28/91"; - #endif /* not lint */ - -@@ -54,7 +57,12 @@ - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -+#include <stdio.h> -+#include <stdlib.h> -+ - #include "misc.h" -+#include "auth.h" -+#include "auth-proto.h" - - char *RemoteHostName; - char *LocalHostName; -@@ -65,7 +73,7 @@ - auth_encrypt_init(local, remote, name, server) - char *local; - char *remote; -- char *name; -+ const char *name; - int server; - { - RemoteHostName = remote; -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc-proto.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc-proto.h ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc-proto.h 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc-proto.h 2010-05-11 13:44:40.190322666 +0200 -@@ -68,7 +68,7 @@ - extern "C" { - #endif - --void auth_encrypt_init P((char *, char *, char *, int)); -+void auth_encrypt_init P((char *, char *, const char *, int)); - void auth_encrypt_connect P((int)); - void auth_encrypt_user P((const char *name)); - void printd P((unsigned char *, int)); -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/sslapp.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/sslapp.h ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/sslapp.h 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/sslapp.h 2010-05-11 13:44:40.200330208 +0200 -@@ -45,6 +45,7 @@ - #include "x509.h" - #include "ssl.h" - #define OLDPROTO NOPROTO -+#undef NOPROTO - #define NOPROTO - #include "err.h" - #undef NOPROTO -@@ -72,7 +73,7 @@ - /* we hide all the initialisation code in a separate file now */ - extern int do_ssleay_init(int server); - --extern int display_connect_details(SSL *ssl_con, int verbose); -+extern void display_connect_details(SSL *ssl_con, int verbose); - extern int server_verify_callback(); - extern int client_verify_callback(); - -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/ssl.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/ssl.c ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/ssl.c 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/ssl.c 2010-05-11 13:44:40.200330208 +0200 -@@ -47,6 +47,9 @@ - #include <string.h> - #endif - -+#include <unistd.h> -+#include <openssl/err.h> -+ - #include "auth.h" - #include "misc.h" - -@@ -91,11 +94,12 @@ - #define VERIFY_ROOT_OK VERIFY_OK - #endif - -+extern int netflush(void); -+ - extern int auth_debug_mode; --static auth_ssl_valid = 0; -+static int auth_ssl_valid = 0; - static char *auth_ssl_name = 0; /* this holds the oneline name */ - --extern BIO *bio_err; - extern int ssl_only_flag; - extern int ssl_debug_flag; - extern int ssl_active_flag; -@@ -120,6 +124,9 @@ - - BIO *bio_err=NULL; - -+int auth_failed=0; -+ -+ - /* compile this set to 1 to negotiate SSL but not actually start it */ - static int ssl_dummy_flag=0; - -@@ -135,7 +142,7 @@ - * telnet connect if we are talking straight ssl with no telnet - * protocol --tjh - */ --int -+void - display_connect_details(ssl_con,verbose) - SSL *ssl_con; - int verbose; -@@ -152,7 +159,7 @@ - /* grab the full list of ciphers */ - i=0; - buf[0]='\0'; -- while((p=SSL_get_cipher_list(ssl_con,i++))!=NULL) { -+ while((p=(char *)SSL_get_cipher_list(ssl_con,i++))!=NULL) { - if (i>0) - strcat(buf,":"); - strcat(buf,p); -@@ -230,7 +237,7 @@ - *p++ = SE; - if (str_data[3] == TELQUAL_IS) - printsub('>', &str_data[2], p - (&str_data[2])); -- return(writenet(str_data, p - str_data)); -+ return(writenet((char *) str_data, p - str_data)); - } - - int auth_ssl_init(ap, server) -@@ -280,7 +287,7 @@ - unsigned char *data; - int cnt; - { -- int valid; -+ /* int valid; */ - - if (cnt-- < 1) - return; -@@ -364,7 +371,7 @@ - unsigned char *data; - int cnt; - { -- int i; -+ /* int i; */ - int status; - - if (cnt-- < 1) -@@ -389,16 +396,13 @@ - SSL_set_verify(ssl_con,ssl_verify_flag, - client_verify_callback); - if ((status = SSL_connect(ssl_con)) <= 0) { -- fprintf(stderr,"[SSL - FAILED (%d)]\r\n", status); -- fflush(stderr); -- -- perror("telnet: Unable to ssl_connect to remote host"); -+ auth_finished(0,AUTH_REJECT); - -+ fprintf(stderr,"[SSL - FAILED (%d)]\r\n", status); -+ fprintf(stderr,"telnet: Unable to ssl_connect to remote host\n"); - ERR_print_errors(bio_err); -- -- /* don't know what I "should" be doing here ... */ -- -- auth_finished(0,AUTH_REJECT); -+ fflush(stderr); -+ auth_failed=1; - return; - } else { - -@@ -452,7 +456,7 @@ - */ - if (ssl_certsok_flag) { - user_fp = fopen("/etc/ssl.users", "r"); -- if (!auth_ssl_name || !user_fp) { -+ if (!auth_ssl_name || !user_fp || !UserNameRequested) { - /* If we haven't received a certificate, then don't - * return AUTH_VALID. - */ -@@ -486,7 +490,7 @@ - cp = strchr(n, ','); - if (cp) - *cp++ = '\0'; -- if (!UserNameRequested || -+ if (UserNameRequested && - !strcmp(UserNameRequested, n)) { - strcpy(name, n); - fclose(user_fp); -@@ -543,7 +547,7 @@ - default: - sprintf(lbuf, " %d (unknown)", data[3]); - strncpy((char *)buf, lbuf, buflen); -- common2: -+/* common2: */ - BUMP(buf, buflen); - for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); -@@ -568,7 +572,7 @@ - #endif /* SSLEAY8 */ - { - static char *saved_subject=NULL; -- X509 *peer; -+ /* X509 *peer; */ - char *subject, *issuer; - #ifdef SSLEAY8 - int depth,error; -@@ -715,8 +719,8 @@ - int depth, error; - #endif /* SSLEAY8 */ - { -- X509 *peer; -- char *subject, *issuer; -+ /* X509 *peer; */ -+ char *subject, *issuer, *cnsubj; - #ifdef SSLEAY8 - int depth,error; - char *xs; -@@ -727,13 +731,13 @@ - - #endif /* SSLEAY8 */ - --#ifdef LOCAL_DEBUG -- fprintf(stderr,"ssl:client_verify_callback:depth=%d ok=%d err=%d-%s\n", -- depth,ok,error,X509_cert_verify_error_string(error)); -- fflush(stderr); --#endif /* LOCAL_DEBUG */ -+ if(ssl_debug_flag && !ok) { -+ fprintf(stderr,"ssl:client_verify_callback:depth=%d ok=%d err=%d-%s\n", -+ depth,ok,error,X509_verify_cert_error_string(error)); -+ fflush(stderr); -+ } - -- subject=issuer=NULL; -+ subject=issuer=cnsubj=NULL; - - /* first thing is to have a meaningful name for the current - * certificate that is being verified ... and if we cannot -@@ -761,60 +765,77 @@ - fflush(stderr); - } - -- /* if the server is using a self signed certificate then -- * we need to decide if that is good enough for us to -- * accept ... -- */ -- if (error==VERIFY_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) { -- if (ssl_cert_required) { -- /* make 100% sure that in secure more we drop the -- * connection if the server does not have a -- * real certificate! -- */ -- fprintf(stderr,"SSL: rejecting connection - server has a self-signed certificate\n"); -- fflush(stderr); -- -- /* sometimes it is really handy to be able to debug things -- * and still get a connection! -- */ -- if (ssl_debug_flag) { -- fprintf(stderr,"SSL: debug -> ignoring cert required!\n"); -- fflush(stderr); -- ok=1; -- } else { -- ok=0; -- } -- goto return_time; -- } else { -- ok=1; -- goto return_time; -- } -+ /* verify commonName matches hostname */ -+ if(ssl_cert_required && depth == 0) { -+ char *cn,*p; -+ -+ cnsubj=strdup(subject); -+ if(cnsubj == NULL) { -+ fprintf(stderr,"SSL: Out of memory.\n"); -+ ok=0; -+ goto return_time; -+ } -+ cn=strstr(cnsubj,"/CN="); -+ if(cn == NULL) { -+ fprintf(stderr,"SSL: Cannot extract CN from certificate subject.\n"); -+ ok=0; -+ goto return_time; -+ } -+ cn+=4; /* skip /CN= */ -+ p=strchr(cn,'/'); -+ if(p != NULL) { -+ *p='\0'; -+ } -+ if(strcasecmp(cn,RemoteHostName) != 0) { -+ fprintf(stderr,"SSL: Certificate CN (%s) does not match hostname (%s)\n", -+ cn,RemoteHostName); -+ ok=0; -+ goto return_time; -+ } - } - -- /* if we have any form of error in secure mode we reject the connection */ -- if (! ((error==VERIFY_OK)||(error==VERIFY_ROOT_OK)) ) { -- if (ssl_cert_required) { -- fprintf(stderr,"SSL: rejecting connection - "); -- if (error==VERIFY_ERR_UNABLE_TO_GET_ISSUER) { -- fprintf(stderr,"unknown issuer: %s\n",issuer); -- } else { -- ERR_print_errors(bio_err); -- } -- fflush(stderr); -- ok=0; -- goto return_time; -- } else { -- /* be nice and display a lot more meaningful stuff -- * so that we know which issuer is unknown no matter -- * what the callers options are ... -- */ -- if (error==VERIFY_ERR_UNABLE_TO_GET_ISSUER) { -- fprintf(stderr,"SSL: unknown issuer: %s\n",issuer); -- fflush(stderr); -- } -- } -+ if((error==VERIFY_OK) || (error==VERIFY_ROOT_OK)) { -+ goto return_time; - } - -+ switch(error) { -+ case VERIFY_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: -+ fprintf(stderr,"SSL: Server has a self-signed certificate\n"); -+ case VERIFY_ERR_UNABLE_TO_GET_ISSUER: -+ fprintf(stderr,"SSL: unknown issuer: %s\n",issuer); -+ break; -+ case X509_V_ERR_CERT_NOT_YET_VALID: -+ fprintf(stderr,"SSL: Certificate not yet valid\n"); -+ BIO_printf(bio_err,"notBefore="); -+ ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); -+ BIO_printf(bio_err,"\n"); -+ break; -+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: -+ fprintf(stderr,"SSL: Error in certificate notBefore field\n"); -+ BIO_printf(bio_err,"notBefore="); -+ ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); -+ BIO_printf(bio_err,"\n"); -+ break; -+ case X509_V_ERR_CERT_HAS_EXPIRED: -+ fprintf(stderr,"SSL: Certificate has expired\n"); -+ BIO_printf(bio_err,"notAfter="); -+ ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); -+ BIO_printf(bio_err,"\n"); -+ break; -+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: -+ fprintf(stderr,"SSL: Error in certificate notAfter field\n"); -+ BIO_printf(bio_err,"notAfter="); -+ ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); -+ BIO_printf(bio_err,"\n"); -+ break; -+ default: -+ fprintf(stderr,"SSL: %s (%d)\n", X509_verify_cert_error_string(error),error); -+ break; -+ } -+ -+ /* If we are here there was an error */ -+ ok=0; -+ - return_time: ; - - /* clean up things */ -@@ -822,7 +843,20 @@ - free(subject); - if (issuer!=NULL) - free(issuer); -- -+ if (cnsubj!=NULL) -+ free(cnsubj); -+ if(!ok && ssl_cert_required) { -+ if(ssl_debug_flag) { -+ fprintf(stderr,"SSL: debug -> ignoring cert required!\n"); -+ ok=1; -+ } -+ else { -+ fprintf(stderr,"SSL: Rejecting connection\n"); -+ ok=0; -+ } -+ } -+ fflush(stderr); -+ - return ok; - } - -diff -ur netkit-telnet-ssl-0.17.24+0.1/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/Makefile ---- netkit-telnet-ssl-0.17.24+0.1/Makefile 2004-05-27 11:47:25.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/Makefile 2010-05-11 14:19:36.673445641 +0200 -@@ -1,7 +1,7 @@ - # You can do "make SUB=blah" to make only a few, or edit here, or both - # You can also run make directly in the subdirs you want. - --SUB = telnet telnetd telnetlogin -+SUB = libtelnet telnet telnetd - - %.build: - (cd $(patsubst %.build, %, $@) && $(MAKE)) -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/authenc.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/authenc.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/authenc.cc 2000-07-23 05:24:53.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/authenc.cc 2010-05-11 13:44:40.056990450 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)authenc.c 5.1 (Berkeley) 3/1/91 - */ - char au_rcsid[] = -- "$Id: authenc.cc,v 1.6 2000/07/23 03:24:53 dholland Exp $"; -+ "$Id: authenc.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #if defined(ENCRYPT) || defined(AUTHENTICATE) - #include <sys/types.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/commands.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/commands.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/commands.cc 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/commands.cc 2010-05-11 13:44:40.060322107 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)commands.c 5.5 (Berkeley) 3/22/91 - */ - char cmd_rcsid[] = -- "$Id: commands.cc,v 1.34 2000/07/23 04:16:24 dholland Exp $"; -+ "$Id: commands.cc,v 1.13 2007-10-04 21:38:18 ianb Exp $"; - - #include <string.h> - -@@ -653,6 +653,21 @@ - return 1; - } - -+#ifdef AUTHENTICATE -+ -+static int tog_autologin(int) { -+ if(autologin == 0) { -+ autologin=1; -+ env_export("USER"); -+ } -+ else { -+ autologin=0; -+ env_unexport("USER"); -+ } -+ return 1; -+} -+ -+#endif /* AUTHENTICATE */ - - static int netdata; /* Print out network data flow */ - static int prettydump; /* Print "netdata" output in user readable format */ -@@ -682,13 +697,13 @@ - - #if defined(AUTHENTICATE) - { "autologin", "automatic sending of login and/or authentication info", -- NULL, &autologin, -+ tog_autologin, NULL, - "send login name and/or authentication information" }, - { "authdebug", "Toggle authentication debugging", - auth_togdebug, NULL, - "print authentication debugging information" }, - #endif --#if 0 -+#ifdef ENCRYPT - { "autoencrypt", "automatic encryption of data stream", - EncryptAutoEnc, NULL, - "automatically encrypt output" }, -@@ -701,7 +716,7 @@ - { "encdebug", "Toggle encryption debugging", - EncryptDebug, NULL, - "print encryption debugging information" }, --#endif -+#endif /* ENCRYPT */ - - { "skiprc", "don't read the telnetrc files", - NULL, &skiprc, -@@ -750,7 +765,7 @@ - NULL, &showoptions, - "show option processing" }, - -- { "termdata", "(debugging) toggle printing of hexadecimal terminal data", -+ { "termdata", "toggle printing of hexadecimal terminal data (debugging)", - NULL, &termdata, - "print hexadecimal representation of terminal traffic" }, - -@@ -1357,9 +1372,9 @@ - else - shellname++; - if (argc > 1) -- execl(shellp, shellname, "-c", &saveline[1], 0); -+ execl(shellp, shellname, "-c", &saveline[1], (char *) NULL); - else -- execl(shellp, shellname, 0); -+ execl(shellp, shellname, (char *) NULL); - perror("Execl"); - _exit(1); - } -@@ -1510,10 +1525,10 @@ - - #if defined(AUTHENTICATE) - struct authlist { -- char *name; -- char *help; -- int (*handler)(const char *, const char *); -- int narg; -+ const char *name; -+ const char *help; -+ int (*handler)(const char *, const char *); -+ int narg; - }; - - static int auth_help (const char *, const char *); -@@ -1833,8 +1848,22 @@ - if (*portp == '-') { - portp++; - telnetport = 1; -- } else -+ } else { - telnetport = 0; -+ if (*portp >='0' && *portp<='9') { -+ char *end; -+ long int p; -+ -+ p=strtol(portp, &end, 10); -+ if (ERANGE==errno && (LONG_MIN==p || LONG_MAX==p)) { -+ fprintf(stderr, "telnet: port %s overflows\n", portp); -+ return 0; -+ } else if (p<=0 || p>=65536) { -+ fprintf(stderr, "telnet: port %s out of range\n", portp); -+ return 0; -+ } -+ } -+ } - } - else { - portp = "telnet"; -@@ -1860,7 +1889,7 @@ - if (res < 0) - return 0; - } -- -+ - /* Resolve both the host and service simultaneously. */ - res = getaddrinfo(resolv_hostp, portp, &hints, &hostaddr); - if (res == EAI_NONAME) { -@@ -1902,6 +1931,16 @@ - NI_NUMERICHOST | NI_NUMERICSERV); - - printf("Trying %s...\n", name); -+ -+ if (tmpaddr->ai_canonname == 0) { -+ hostname = new char[strlen(hostp)+1]; -+ strcpy(hostname, hostp); -+ } -+ else { -+ hostname = new char[strlen(tmpaddr->ai_canonname)+1]; -+ strcpy(hostname, tmpaddr->ai_canonname); -+ } -+ - x = nlink.connect(debug, tmpaddr, srp, srlen, tos); - if (!x) - goto err; -@@ -1909,18 +1948,18 @@ - goto nextaddr; - - connected++; -+ -+#ifdef USE_SSL -+ if (ssl_secure_flag || (strcmp(hostp, "localhost") != 0)) { -+ /* autologin = 1; */ -+ use_authentication=1; -+ } -+#endif /* USE_SSL */ -+ - #if defined(AUTHENTICATE) - auth_encrypt_connect(connected); - #endif - } while (connected == 0); -- if (tmpaddr->ai_canonname == 0) { -- hostname = new char[strlen(hostp)+1]; -- strcpy(hostname, hostp); -- } -- else { -- hostname = new char[strlen(tmpaddr->ai_canonname)+1]; -- strcpy(hostname, tmpaddr->ai_canonname); -- } - - cmdrc(hostp, hostname, portp); - freeaddrinfo(hostaddr); -@@ -1966,6 +2005,9 @@ - #if defined(AUTHENTICATE) - authhelp[] = "turn on (off) authentication ('auth ?' for more)", - #endif -+#if defined(USE_SSL) -+ startsslhelp[] = "switch to telnet-over-ssl (use 'auth' for ssl-over-telnet)", -+#endif - zhelp[] = "suspend telnet", - /* shellhelp[] = "invoke a subshell", */ - envhelp[] = "change environment variables ('environ ?' for more)", -@@ -1981,6 +2023,34 @@ - return 0; - } - -+#if defined(USE_SSL) -+static int startssl_cmd(void) -+{ -+ if(ssl_con == NULL) -+ { -+ fprintf(stderr,"telnet: Internal error - ssl_con not initialised.\n"); -+ return 1; -+ } -+ -+ if(ssl_active_flag) -+ { -+ fprintf(stderr,"telnet: SSL already in use.\n"); -+ return 1; -+ } -+ -+ if (SSL_connect(ssl_con) < 1) -+ { -+ ERR_print_errors_fp(stderr); -+ fflush(stderr); -+ } else { -+ display_connect_details(ssl_con,ssl_debug_flag); -+ ssl_active_flag=1; -+ ssl_only_flag=1; -+ } -+ return 1; -+} -+#endif /* USE_SSL */ -+ - static int slc_mode_import_0(void) { - slc_mode_import(0); - return 1; -@@ -2028,6 +2098,10 @@ - #endif - // BIND("encrypt", encrypthelp, encrypt_cmd); - -+#if defined(USE_SSL) -+ BIND("startssl", startsslhelp, startssl_cmd); -+#endif -+ - BIND("z", zhelp, suspend); - - #if defined(TN3270) /* why?! */ -@@ -2233,22 +2307,18 @@ - } - - void cmdrc(const char *m1, const char *m2, const char *port) { -- static char *rcname = 0; -- static char rcbuf[128]; -+ char *rcname = NULL; - - if (skiprc) return; - - readrc(m1, m2, port, "/etc/telnetrc"); -- if (rcname == 0) { -- rcname = getenv("HOME"); -- if (rcname) -- strcpy(rcbuf, rcname); -- else -- rcbuf[0] = '\0'; -- strcat(rcbuf, "/.telnetrc"); -- rcname = rcbuf; -- } -+ if (asprintf (&rcname, "%s/.telnetrc", getenv ("HOME")) == -1) -+ { -+ perror ("asprintf"); -+ return; -+ } - readrc(m1, m2, port, rcname); -+ free (rcname); - } - - #if defined(IP_OPTIONS) && defined(HAS_IPPROTO_IP) -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/defines.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/defines.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/defines.h 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/defines.h 2010-05-11 13:44:40.063654881 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)defines.h 5.1 (Berkeley) 9/14/90 -- * $Id: defines.h,v 1.5 1996/08/04 23:44:43 dholland Exp $ -+ * $Id: defines.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - #define ENV_VAR NEW_ENV_VAR -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/externs.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/externs.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/externs.h 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/externs.h 2010-05-11 13:44:40.063654881 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)externs.h 5.3 (Berkeley) 3/22/91 -- * $Id: externs.h,v 1.20 1999/08/19 09:34:15 dholland Exp $ -+ * $Id: externs.h,v 1.2 2004-11-17 15:28:51 ianb Exp $ - */ - - #ifndef BSD -@@ -57,6 +57,7 @@ - #define SUBBUFSIZE 256 - - extern int autologin; /* Autologin enabled */ -+extern int use_authentication; /* use SSL authentication */ - extern int skiprc; /* Don't process the ~/.telnetrc file */ - extern int eight; /* use eight bit mode (binary in and/or out) */ - extern int binary; /* use binary option (in and/or out) */ -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/fdset.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/fdset.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/fdset.h 1996-07-16 07:17:22.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/fdset.h 2010-05-11 13:44:40.063654881 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)fdset.h 5.1 (Berkeley) 9/14/90 -- * $Id: fdset.h,v 1.1 1996/07/16 05:17:22 dholland Exp $ -+ * $Id: fdset.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - /* -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/general.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/general.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/general.h 1996-07-16 07:17:22.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/general.h 2010-05-11 13:44:40.063654881 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)general.h 5.2 (Berkeley) 3/1/91 -- * $Id: general.h,v 1.1 1996/07/16 05:17:22 dholland Exp $ -+ * $Id: general.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - /* -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/genget.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/genget.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/genget.cc 1996-07-26 11:54:09.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/genget.cc 2010-05-11 13:44:40.063654881 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)genget.c 5.1 (Berkeley) 2/28/91 - */ - char gg_rcsid[] = -- "$Id: genget.cc,v 1.3 1996/07/26 09:54:09 dholland Exp $"; -+ "$Id: genget.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include <string.h> - #include <ctype.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/glue.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/glue.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/glue.cc 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/glue.cc 2010-05-11 13:44:40.083654043 +0200 -@@ -11,8 +11,9 @@ - printsub_h(direction, pointer, length); - } - --extern "C" void writenet(const char *str, int len) { -+extern "C" int writenet(const char *str, int len) { - netoring.write(str, len); -+ return 1; - } - - extern "C" int telnet_spin() { -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/main.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/main.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/main.cc 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/main.cc 2010-05-11 13:44:40.066988214 +0200 -@@ -39,7 +39,7 @@ - * From: @(#)main.c 5.4 (Berkeley) 3/22/91 - */ - char main_rcsid[] = -- "$Id: main.cc,v 1.14 1999/08/01 05:06:37 dholland Exp $"; -+ "$Id: main.cc,v 1.6 2004-11-22 20:26:37 ianb Exp $"; - - #include "../version.h" - -@@ -86,16 +86,27 @@ - * -X <atype> disable specified auth type - */ - void usage(void) { -- fprintf(stderr, "Usage: %s %s%s%s%s\n", -+ fprintf(stderr, "Usage: %s %s%s%s%s%s\n", - prompt, -+#ifdef AUTHENTICATE -+ "[-4] [-6] [-8] [-E] [-K] [-L] [-X atype] [-a] [-d] [-e char]", -+ "\n\t[-l user] [-n tracefile] [ -b addr ]", -+#else - "[-4] [-6] [-8] [-E] [-L] [-a] [-d] [-e char] [-l user]", - "\n\t[-n tracefile] [ -b addr ]", -+#endif - #ifdef TN3270 - "\n\t" - "[-noasynch] [-noasynctty] [-noasyncnet] [-r] [-t transcom]\n\t", - #else - " [-r] ", - #endif -+#ifdef USE_SSL -+ /* might as well output something useful here ... */ -+ "\n\t[-z ssl] [-z secure] [-z debug] [-z verify=int]\n\t[-z cert=file] [-z key=file]\n\t", -+#else /* !USE_SSL */ -+ "", -+#endif /* USE_SSL */ - "[host-name [port]]" - ); - exit(1); -@@ -135,8 +146,73 @@ - autologin = -1; - - while ((ch = getopt(argc, argv, -- "4678EKLS:X:ab:de:k:l:n:rt:x")) != EOF) { -+ "4678EKLS:X:ab:de:k:l:n:rt:xz:")) != EOF) { - switch(ch) { -+#ifdef USE_SSL -+ case 'z': -+ { -+ char *origopt; -+ -+ origopt=strdup(optarg); -+ optarg=strtok(origopt,","); -+ -+ while(optarg!=NULL) { -+ -+ if (strcmp(optarg, "debug") == 0 ) { -+ ssl_debug_flag=1; -+ } else if (strcmp(optarg, "authdebug") == 0 ) { -+ auth_debug_mode=1; -+ } else if (strcmp(optarg, "ssl") == 0 ) { -+ ssl_only_flag=1; -+ } else if ( (strcmp(optarg, "!ssl") == 0) || -+ (strcmp(optarg, "nossl") == 0) ) { -+ /* we may want to switch SSL negotiation off -+ * for testing or other reasons -+ */ -+ ssl_disabled_flag=1; -+ } else if (strcmp(optarg, "certrequired") == 0 ) { -+ ssl_cert_required=1; -+ } else if (strcmp(optarg, "secure") == 0 ) { -+ ssl_secure_flag=1; -+ } else if (strcmp(optarg, "verbose") == 0 ) { -+ ssl_verbose_flag=1; -+ } else if (strncmp(optarg, "verify=", -+ strlen("verify=")) == 0 ) { -+ ssl_verify_flag=atoi(optarg+strlen("verify=")); -+ } else if (strncmp(optarg, "cert=", -+ strlen("cert=")) == 0 ) { -+ ssl_cert_file= optarg + strlen("cert="); -+ } else if (strncmp(optarg, "key=", -+ strlen("key=")) == 0 ) { -+ ssl_key_file= optarg + strlen("key="); -+ } else if (strncmp(optarg,"cipher=", -+ strlen("cipher="))==0) { -+ ssl_cipher_list=optarg+strlen("cipher="); -+ } else { -+ /* report when we are given rubbish so that -+ * if the user makes a mistake they have to -+ * correct it! -+ */ -+ fprintf(stderr,"Unknown SSL option %s\n",optarg); -+ fflush(stderr); -+ exit(1); -+ } -+ -+ /* get the next one ... */ -+ optarg=strtok(NULL,","); -+ -+ } -+ -+ /* -+ if (origopt!=NULL) -+ free(origopt); -+ */ -+ -+ } -+ -+ break; -+#endif /* USE_SSL */ -+ - case '4': - family = AF_INET; - break; -@@ -257,14 +333,25 @@ - autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1; - - #ifdef USE_SSL -+ if((ssl_cert_file != NULL) || (ssl_key_file != NULL)) { -+ autologin = 1; -+ } -+ - if (ssl_secure_flag||ssl_cert_required) { - /* in secure mode we *must* switch on the base level - * verify checking otherwise we cannot abort connections - * at the right place! - */ - if (ssl_verify_flag == 0) -- ssl_verify_flag = 1; -+ ssl_verify_flag = SSL_VERIFY_PEER;; - } -+ -+ /* client mode ignores SSL_VERIFY_FAIL_IF_NO_PEER_CERT, -+ so simulate it using certrequired */ -+ if(ssl_verify_flag & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { -+ ssl_cert_required=1; -+ } -+ - #endif /* USE_SSL */ - - argc -= optind; -@@ -289,11 +376,6 @@ - *argp++ = family == AF_INET ? "-4" : "-6"; - } - *argp++ = argv[0]; /* host */ --#ifdef USE_SSL -- if (strcmp(argv[0], "localhost") != 0) { -- autologin = 1; -- } --#endif /* USE_SSL */ - if (argc > 1) - *argp++ = argv[1]; /* port */ - *argp = 0; -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnet/Makefile ---- netkit-telnet-ssl-0.17.24+0.1/telnet/Makefile 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/Makefile 2010-05-11 13:44:40.056990450 +0200 -@@ -6,15 +6,18 @@ - #CXXFLAGS:=$(patsubst -O2, -g, $(CXXFLAGS)) - - # -DAUTHENTICATE --CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE --LIBS = $(LIBTERMCAP) -+CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE -DAUTHENTICATE -DUSE_SSL \ -+ -I/usr/include/openssl -I../ -+LIBTELNET = ../libtelnet/libtelnet.a -+LIBS += $(LIBTERMCAP) $(LIBTELNET) -lssl -lcrypto - - SRCS = commands.cc main.cc network.cc ring.cc sys_bsd.cc telnet.cc \ -- terminal.cc tn3270.cc utilities.cc genget.cc environ.cc netlink.cc -+ terminal.cc tn3270.cc utilities.cc genget.cc environ.cc netlink.cc \ -+ glue.cc glue2.cc - - OBJS = $(patsubst %.cc, %.o, $(SRCS)) - --telnet: $(OBJS) -+telnet: $(OBJS) $(LIBTELNET) - $(CXX) $(LDFLAGS) $^ $(LIBS) -o $@ - - include depend.mk -@@ -22,7 +25,7 @@ - $(CXX) $(CXXFLAGS) -MM $(SRCS) >depend.mk - - install: telnet -- install -s -m$(BINMODE) telnet $(INSTALLROOT)$(BINDIR)/telnet-ssl -+ install -m$(BINMODE) telnet $(INSTALLROOT)$(BINDIR)/telnet-ssl - install -m$(MANMODE) telnet.1 $(INSTALLROOT)$(MANDIR)/man1/telnet-ssl.1 - - clean: -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/netlink.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/netlink.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/netlink.cc 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/netlink.cc 2010-05-11 13:44:40.066988214 +0200 -@@ -12,12 +12,27 @@ - #include "proto.h" - #include "ring.h" - #include <libtelnet/sslapp.h> -+#include <libtelnet/misc-proto.h> - - /* In Linux, this is an enum */ - #if defined(__linux__) || defined(IPPROTO_IP) - #define HAS_IPPROTO_IP - #endif - -+/* code from Peter 'Luna' Runestig <peter@runestig.com> */ -+static int select_read(int rfd) -+/* timeout = 20 seconds */ -+{ -+ fd_set rfds; -+ struct timeval tv; -+ -+ FD_ZERO(&rfds); -+ FD_SET(rfd, &rfds); -+ tv.tv_sec = 20; -+ tv.tv_usec = 0; -+ return select(rfd + 1, &rfds, NULL, NULL, &tv); -+} -+ - netlink nlink; - - class netchannel : public ringbuf::source { -@@ -26,12 +41,23 @@ - int net = nlink.getfd(); - int l; - #ifdef USE_SSL -- if (ssl_active_flag) -- l = SSL_read(ssl_con, buf, maxlen); -- else -+ if (ssl_active_flag) { -+ do { -+ l = SSL_read(ssl_con, buf, maxlen); -+ /* -+ * SSL_ERROR_WANT_READ may occur if an SSL/TLS rehandshake occurs. -+ * This means that data was available at the socket, but all was -+ * consumed by SSL itself, so we select (w/20s timeout) and retry. -+ */ -+ } while (l<0 && -+ (SSL_ERROR_WANT_READ == SSL_get_error(ssl_con, l)) && -+ (select_read(net) > 0)); -+ } else - #endif /* USE_SSL */ -- l = recv(net, buf, maxlen, 0); -- if (l<0 && errno == EWOULDBLOCK) l = 0; -+ { -+ l = recv(net, buf, maxlen, 0); -+ if (l<0 && errno == EWOULDBLOCK) l = 0; -+ } - return l; - } - }; -@@ -70,11 +96,11 @@ - - - netlink::netlink() { net = -1; } --netlink::~netlink() { ::close(net); } -+netlink::~netlink() { if (net >= 0) ::close(net); } - - - int netlink::setdebug(int debug) { -- if (net > 0 && -+ if (net >= 0 && - (setsockopt(net, SOL_SOCKET, SO_DEBUG, &debug, sizeof(debug))) < 0) { - perror("setsockopt (SO_DEBUG)"); - } -@@ -95,7 +121,8 @@ - ssl_active_flag=0; - } - #endif /* USE_SSL */ -- ::close(net); -+ if (net >= 0) -+ ::close(net); - net = -1; - } - -@@ -142,7 +169,8 @@ - { - int on=1; - int res; -- -+ extern char *hostname; -+ - res = socket(addr->ai_family); - if (res < 2) - return res; -@@ -192,10 +220,24 @@ - /* bind in the network descriptor */ - SSL_set_fd(ssl_con,net); - -+#if defined(AUTHENTICATE) -+ /* moved from telnet() so client_verify_callback knows RemoteHostName -ianb */ -+ { -+ static char local_host[256] = { 0 }; -+ int len = sizeof(local_host); -+ -+ if (!local_host[0]) { -+ gethostname(local_host, len); /* WAS &len!!! */ -+ local_host[sizeof(local_host)-1] = 0; -+ } -+ auth_encrypt_init(local_host, hostname, "TELNET", 0); -+ } -+#endif -+ - /* if we are doing raw SSL then start it now ... */ - if (ssl_only_flag) { - if (!SSL_connect(ssl_con)) { -- static char errbuf[1024]; -+ /* static char errbuf[1024]; */ - - ERR_print_errors_fp(stderr); - perror("SSL_connect"); -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/network.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/network.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/network.cc 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/network.cc 2010-05-11 13:44:40.066988214 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)network.c 5.2 (Berkeley) 3/1/91 - */ - char net_rcsid[] = -- "$Id: network.cc,v 1.15 1996/08/13 08:09:58 dholland Exp $"; -+ "$Id: network.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include <sys/types.h> - #include <sys/socket.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/proto.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/proto.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/proto.h 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/proto.h 2010-05-11 13:44:40.070321269 +0200 -@@ -10,9 +10,11 @@ - int TerminalSpecialChars(int); - void TerminalSpeeds(long *ispeed, long *ospeed); - int TerminalWindowSize(long *rows, long *cols); -+#if 0 - void auth_encrypt_user(char *); - void auth_name(unsigned char *, int); - void auth_printsub(unsigned char *, int, unsigned char *, int); -+#endif - void cmdrc(const char *, const char *, const char *); - void env_init(void); - int getconnmode(void); -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/ring.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/ring.cc 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.cc 2010-05-11 13:44:40.070321269 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)ring.c 5.2 (Berkeley) 3/1/91 - */ - char ring_rcsid[] = -- "$Id: ring.cc,v 1.23 2000/07/23 03:25:09 dholland Exp $"; -+ "$Id: ring.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - /* - * This defines a structure for a ring buffer. -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/ring.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/ring.h 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.h 2010-05-11 13:44:40.070321269 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)ring.h 5.2 (Berkeley) 3/1/91 -- * $Id: ring.h,v 1.13 1996/08/13 08:43:28 dholland Exp $ -+ * $Id: ring.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - class datasink { -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/sys_bsd.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/sys_bsd.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/sys_bsd.cc 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/sys_bsd.cc 2010-05-11 13:44:40.070321269 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)sys_bsd.c 5.2 (Berkeley) 3/1/91 - */ - char bsd_rcsid[] = -- "$Id: sys_bsd.cc,v 1.24 1999/09/28 16:29:24 dholland Exp $"; -+ "$Id: sys_bsd.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - /* - * The following routines try to encapsulate what is system dependent -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.1 netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.1 ---- netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.1 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.1 2010-05-11 13:44:40.073654603 +0200 -@@ -30,7 +30,7 @@ - .\" SUCH DAMAGE. - .\" - .\" from: @(#)telnet.1 6.16 (Berkeley) 7/27/91 --.\" $Id: telnet.1,v 1.15 2000/07/30 23:57:08 dholland Exp $ -+.\" $Id: telnet.1,v 1.5 2006-09-24 00:48:31 ianb Exp $ - .\" - .Dd August 15, 1999 - .Dt TELNET 1 -@@ -42,12 +42,14 @@ - protocol - .Sh SYNOPSIS - .Nm telnet --.Op Fl 468ELadr -+.Op Fl 468EKLadr - .Op Fl S Ar tos -+.Op Fl X Ar authtype - .Op Fl b Ar address - .Op Fl e Ar escapechar - .Op Fl l Ar user - .Op Fl n Ar tracefile -+.Op Fl z Ar option - .Oo - .Ar host - .Op Ar port -@@ -152,44 +154,47 @@ - command below. - .It Fl z Ar option - Set SSL (Secure Socket Layer) parameters. The default is to negotiate --via telnet protocoll if SSL is availlable at server side and then to -+via telnet protocol if SSL is available at server side and then to - switch it on. In this mode you can connect to both conventional and --SSL enhanced telnetd's. -+SSL enhanced telnetd's. If the connection is made to localhost and -+.Ic -z secure -+is not set, then -+SSL is not enabled. - .Pp - The SSL parameters are: - .Bl -tag -width Fl --.It Ic Ar debug -+.It Ic debug - Send SSL related debugging information to stderr. --.It Ic Ar authdebug -+.It Ic authdebug - Enable authentication debugging. --.It Ic Ar ssl -+.It Ic ssl - Negotiate SSL at first, then use telnet protocol. In this mode you can - connect to any server supporting directly SSL like Apache-SSL. Use - .Ic telnet -z ssl ssl3.netscape.com https - for example. telnet protocol negotiation goes encrypted. --.It Ic Ar nossl, Ar !ssl --switch of SSL negotiation --.It Ic Ar certrequired --client certificate is mandatory --.It Ic Ar secure -+.It Ic nossl, Ic !ssl -+switch off SSL negotiation -+.It Ic certrequired -+server certificate is mandatory -+.It Ic secure - Don't switch back to unencrypted mode (no SSL) if SSL is not available. --.It Ic Ar verbose -+.It Ic verbose - Be verbose about certificates etc. --.It Ic Ar verify=int -+.It Ic verify= Ns Ar int - .\" TODO - Set the SSL verify flags (SSL_VERIFY_* in - .Ar ssl/ssl.h - ). - .\" TODO --.It Ic Ar cert=cert_file -+.It Ic cert= Ns Ar cert_file - .\" TODO - Use the certificate(s) in - .Ar cert_file . --.It Ic Ar key=key_file -+.It Ic key= Ns Ar key_file - .\" TODO - Use the key(s) in - .Ar key_file . --.It Ic Ar cipher=ciph_list -+.It Ic cipher= Ns Ar ciph_list - .\" TODO - Set the preferred ciphers to - .Ar ciph_list . -@@ -319,10 +324,6 @@ - List the current status of the various types of - authentication. - .El --.Pp --Note that the current version of --.Nm telnet --does not support authentication. - .It Ic close - Close the connection to the remote host, if any, and return to command - mode. -@@ -332,49 +333,49 @@ - and - .Ic toggle - values (see below). --.It Ic encrypt Ar argument ... --The encrypt command controls the --.Dv TELNET ENCRYPT --protocol option. If --.Nm telnet --was compiled without encryption, the --.Ic encrypt --command will not be supported. --.Pp --Valid arguments are as follows: --.Bl -tag -width Ar --.It Ic disable Ar type Ic [input|output] --Disable the specified type of encryption. If you do not specify input --or output, encryption of both is disabled. To obtain a list of --available types, use ``encrypt disable \&?''. --.It Ic enable Ar type Ic [input|output] --Enable the specified type of encryption. If you do not specify input --or output, encryption of both is enabled. To obtain a list of --available types, use ``encrypt enable \&?''. --.It Ic input --This is the same as ``encrypt start input''. --.It Ic -input --This is the same as ``encrypt stop input''. --.It Ic output --This is the same as ``encrypt start output''. --.It Ic -output --This is the same as ``encrypt stop output''. --.It Ic start Ic [input|output] --Attempt to begin encrypting. If you do not specify input or output, --encryption of both input and output is started. --.It Ic status --Display the current status of the encryption module. --.It Ic stop Ic [input|output] --Stop encrypting. If you do not specify input or output, encryption of --both is stopped. --.It Ic type Ar type --Sets the default type of encryption to be used with later ``encrypt start'' --or ``encrypt stop'' commands. --.El --.Pp --Note that the current version of --.Nm telnet --does not support encryption. -+.\" .It Ic encrypt Ar argument ... -+.\" The encrypt command controls the -+.\" .Dv TELNET ENCRYPT -+.\" protocol option. If -+.\" .Nm telnet -+.\" was compiled without encryption, the -+.\" .Ic encrypt -+.\" command will not be supported. -+.\" .Pp -+.\" Valid arguments are as follows: -+.\" .Bl -tag -width Ar -+.\" .It Ic disable Ar type Ic [input|output] -+.\" Disable the specified type of encryption. If you do not specify input -+.\" or output, encryption of both is disabled. To obtain a list of -+.\" available types, use ``encrypt disable \&?''. -+.\" .It Ic enable Ar type Ic [input|output] -+.\" Enable the specified type of encryption. If you do not specify input -+.\" or output, encryption of both is enabled. To obtain a list of -+.\" available types, use ``encrypt enable \&?''. -+.\" .It Ic input -+.\" This is the same as ``encrypt start input''. -+.\" .It Ic -input -+.\" This is the same as ``encrypt stop input''. -+.\" .It Ic output -+.\" This is the same as ``encrypt start output''. -+.\" .It Ic -output -+.\" This is the same as ``encrypt stop output''. -+.\" .It Ic start Ic [input|output] -+.\" Attempt to begin encrypting. If you do not specify input or output, -+.\" encryption of both input and output is started. -+.\" .It Ic status -+.\" Display the current status of the encryption module. -+.\" .It Ic stop Ic [input|output] -+.\" Stop encrypting. If you do not specify input or output, encryption of -+.\" both is stopped. -+.\" .It Ic type Ar type -+.\" Sets the default type of encryption to be used with later ``encrypt start'' -+.\" or ``encrypt stop'' commands. -+.\" .El -+.\" .Pp -+.\" Note that the current version of -+.\" .Nm telnet -+.\" does not support encryption. - .It Ic environ Ar arguments... - The - .Ic environ -@@ -1017,6 +1018,16 @@ - .Ic slc - command. - .El -+.It Ic startssl -+Attempt to negotiate telnet-over-SSL (as with the -+.Ic -z ssl -+option). This is useful when connecting to non-telnetds such -+as imapd (with the -+.Ic STARTTLS -+command). To control SSL when connecting to a SSL-enabled -+telnetd, use the -+.Ic auth -+command instead. - .It Ic status - Show the current status of - .Nm telnet . -@@ -1079,17 +1090,17 @@ - .Dv FALSE - (see - .Xr stty 1 ) . --.It Ic autodecrypt --When the --.Dv TELNET ENCRYPT --option is negotiated, by --default the actual encryption (decryption) of the data --stream does not start automatically. The autoencrypt --(autodecrypt) command states that encryption of the --output (input) stream should be enabled as soon as --possible. --.Pp --Note that this flag exists only if encryption support is enabled. -+.\" .It Ic autodecrypt -+.\" When the -+.\" .Dv TELNET ENCRYPT -+.\" option is negotiated, by -+.\" default the actual encryption (decryption) of the data -+.\" stream does not start automatically. The autoencrypt -+.\" (autodecrypt) command states that encryption of the -+.\" output (input) stream should be enabled as soon as -+.\" possible. -+.\" .Pp -+.\" Note that this flag exists only if encryption support is enabled. - .It Ic autologin - If the remote side supports the - .Dv TELNET AUTHENTICATION -@@ -1174,9 +1185,9 @@ - .Ic super user ) . - The initial value for this toggle is - .Dv FALSE . --.It Ic encdebug --Turns on debugging information for the encryption code. --Note that this flag only exists if encryption support is available. -+.\" .It Ic encdebug -+.\" Turns on debugging information for the encryption code. -+.\" Note that this flag only exists if encryption support is available. - .It Ic localchars - If this is - .Dv TRUE , -@@ -1221,8 +1232,9 @@ - is sent as - .Ic abort , - and --.Ic eof and --.B suspend -+.Ic eof -+and -+.Ic suspend - are sent as - .Ic eof and - .Ic susp , -@@ -1263,16 +1275,16 @@ - Toggles the display of all terminal data (in hexadecimal format). - The initial value for this toggle is - .Dv FALSE . --.It Ic verbose_encrypt --When the --.Ic verbose_encrypt --toggle is --.Dv TRUE , --.Tn TELNET --prints out a message each time encryption is enabled or --disabled. The initial value for this toggle is --.Dv FALSE. --This flag only exists if encryption support is available. -+.\" .It Ic verbose_encrypt -+.\" When the -+.\" .Ic verbose_encrypt -+.\" toggle is -+.\" .Dv TRUE , -+.\" .Tn TELNET -+.\" prints out a message each time encryption is enabled or -+.\" disabled. The initial value for this toggle is -+.\" .Dv FALSE. -+.\" This flag only exists if encryption support is available. - .It Ic \&? - Displays the legal - .Ic toggle -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.cc 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.cc 2010-05-11 13:44:40.076987936 +0200 -@@ -47,7 +47,7 @@ - * From: @(#)telnet.c 5.53 (Berkeley) 3/22/91 - */ - char telnet_rcsid[] = --"$Id: telnet.cc,v 1.36 2000/07/23 03:24:53 dholland Exp $"; -+"$Id: telnet.cc,v 1.8 2005-04-14 15:26:27 ianb Exp $"; - - #include <string.h> - #include <sys/types.h> -@@ -107,6 +107,7 @@ - eight = 3, - binary = 0, - autologin = 0, /* Autologin anyone? */ -+ use_authentication = 0, - skiprc = 0, - connected, - showoptions, -@@ -495,7 +496,8 @@ - break; - #if defined(AUTHENTICATE) - case TELOPT_AUTHENTICATION: -- if (autologin) -+ /* if (autologin) */ -+ if (use_authentication) - new_state_ok = 1; - break; - #endif -@@ -722,6 +724,7 @@ - */ - - static void suboption(void) { -+ extern int auth_failed; - printsub('<', subbuffer, SB_LEN()+2); - switch (SB_GET()) { - case TELOPT_TTYPE: -@@ -845,7 +848,8 @@ - - #if defined(AUTHENTICATE) - case TELOPT_AUTHENTICATION: { -- if (!autologin) -+ /* if (!autologin) */ -+ if (!use_authentication) - break; - if (SB_EOF()) - return; -@@ -864,6 +868,10 @@ - if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) - return; - auth_reply(subpointer, SB_LEN()); -+ if(auth_failed) { -+ /* auth rejected, quit */ -+ quit(); -+ } - break; - case TELQUAL_NAME: - if (my_want_state_is_dont(TELOPT_AUTHENTICATION)) -@@ -1140,6 +1148,7 @@ - - - unsigned char slc_reply[128]; -+unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)]; - unsigned char *slc_replyp; - - void slc_start_reply(void) { -@@ -1151,6 +1160,14 @@ - } - - void slc_add_reply(int func, int flags, int value) { -+ /* A sequence of up to 6 bytes my be written for this member of the SLC -+ * suboption list by this function. The end of negotiation command, -+ * which is written by slc_end_reply(), will require 2 additional -+ * bytes. Do not proceed unless there is sufficient space for these -+ * items. -+ */ -+ if (&slc_replyp[6+2] > slc_reply_eom) -+ return; - if ((*slc_replyp++ = func) == IAC) - *slc_replyp++ = IAC; - if ((*slc_replyp++ = flags) == IAC) -@@ -1819,25 +1836,19 @@ - */ - void telnet(const char *user) { - sys_telnet_init(); -- --#if defined(AUTHENTICATE) -- { -- static char local_host[256] = { 0 }; -- int len = sizeof(local_host); -- -- if (!local_host[0]) { -- gethostname(local_host, len); /* WAS &len!!! */ -- local_host[sizeof(local_host)-1] = 0; -- } -- auth_encrypt_init(local_host, hostname, "TELNET", 0); -- auth_encrypt_user(user); -- } -+ -+#ifdef AUTHENTICATE -+ auth_encrypt_user(user); - #endif -- -+ - #if !defined(TN3270) - if (telnetport) { -+ -+ send_will(TELOPT_ENVIRON, 1); -+ - #if defined(AUTHENTICATE) -- if (autologin) -+ /* if (autologin) */ -+ if (use_authentication) - send_will(TELOPT_AUTHENTICATION, 1); - #endif - send_do(TELOPT_SGA, 1); -@@ -1846,7 +1857,6 @@ - send_will(TELOPT_TSPEED, 1); - send_will(TELOPT_LFLOW, 1); - send_will(TELOPT_LINEMODE, 1); -- send_will(TELOPT_ENVIRON, 1); - send_do(TELOPT_STATUS, 1); - if (env_getvalue("DISPLAY", 0)) - send_will(TELOPT_XDISPLOC, 1); -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/terminal.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/terminal.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/terminal.cc 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/terminal.cc 2010-05-11 13:44:40.080321548 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)terminal.c 5.3 (Berkeley) 3/22/91 - */ - char terminal_rcsid[] = -- "$Id: terminal.cc,v 1.25 1999/12/12 19:48:05 dholland Exp $"; -+ "$Id: terminal.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include <arpa/telnet.h> - #include <sys/types.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/tn3270.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/tn3270.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/tn3270.cc 1996-08-13 11:08:34.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/tn3270.cc 2010-05-11 13:44:40.080321548 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)tn3270.c 5.2 (Berkeley) 3/1/91 - */ - char tn3270_rcsid[] = -- "$Id: tn3270.cc,v 1.9 1996/08/13 09:08:34 dholland Exp $"; -+ "$Id: tn3270.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include <sys/types.h> - #include <arpa/telnet.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/types.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/types.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/types.h 1996-07-27 02:45:54.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/types.h 2010-05-11 13:44:40.083654043 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)types.h 5.1 (Berkeley) 9/14/90 -- * $Id: types.h,v 1.2 1996/07/27 00:45:54 dholland Exp $ -+ * $Id: types.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - typedef struct { -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/utilities.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/utilities.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/utilities.cc 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/utilities.cc 2010-05-11 13:44:40.083654043 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)utilities.c 5.3 (Berkeley) 3/22/91 - */ - char util_rcsid[] = -- "$Id: utilities.cc,v 1.19 1999/12/12 15:33:40 dholland Exp $"; -+ "$Id: utilities.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #define TELOPTS - #define TELCMDS -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/authenc.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/authenc.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/authenc.c 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/authenc.c 2010-05-11 13:44:40.086987376 +0200 -@@ -23,7 +23,7 @@ - * From: @(#)authenc.c 5.1 (Berkeley) 3/1/91 - */ - char authenc_rcsid[] = -- "$Id: authenc.c,v 1.5 1999/12/12 14:59:44 dholland Exp $"; -+ "$Id: authenc.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #if defined(ENCRYPT) || defined(AUTHENTICATE) - #include "telnetd.h" -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/defs.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/defs.h ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/defs.h 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/defs.h 2010-05-11 13:44:40.086987376 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)defs.h 5.10 (Berkeley) 3/1/91 -- * $Id: defs.h,v 1.7 1999/08/02 03:14:03 dholland Exp $ -+ * $Id: defs.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - /* -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/ext.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/ext.h ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/ext.h 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/ext.h 2010-05-11 13:44:40.086987376 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)ext.h 5.7 (Berkeley) 3/1/91 -- * $Id: ext.h,v 1.9 1999/12/12 14:59:44 dholland Exp $ -+ * $Id: ext.h,v 1.2 2004-11-21 12:53:12 ianb Exp $ - */ - - /* -@@ -113,7 +113,7 @@ - void interrupt(void); - void localstat(void); - void netclear(void); --void netflush(void); -+int netflush(void); - size_t netbuflen(int); - void sendurg(const char *, size_t); - -@@ -183,7 +183,8 @@ - void tty_tspeed(int); - void willoption(int); - void wontoption(int); --#define writenet(b, l) fwrite(b, 1, l, netfile) -+int writenet(char *, int); -+/*#define writenet(b, l) fwrite(b, 1, l, netfile)*/ - void netopen(void); - - #if defined(ENCRYPT) -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/getent.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/getent.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/getent.c 1996-08-15 08:23:28.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/getent.c 2010-05-11 13:44:40.086987376 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)getent.c 5.1 (Berkeley) 2/28/91 - */ - char ge_rcsid[] = -- "$Id: getent.c,v 1.3 1996/08/15 06:23:28 dholland Exp $"; -+ "$Id: getent.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - /* - * Copyright (c) 1991 Regents of the University of California. -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/global.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/global.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/global.c 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/global.c 2010-05-11 13:44:40.090341661 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)global.c 5.2 (Berkeley) 6/1/90 - */ - char global_rcsid[] = -- "$Id: global.c,v 1.4 1999/12/12 14:59:44 dholland Exp $"; -+ "$Id: global.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - /* - * Allocate global variables. -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/issue.net.5 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/issue.net.5 ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/issue.net.5 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/issue.net.5 2010-05-11 13:44:40.090341661 +0200 -@@ -15,26 +15,26 @@ - .Pa /etc/issue.net - is a text file which contains a message or system identification to be - printed before the login prompt of a telnet session. It may contain --various `%-char' sequences. The following sequences are supported by -+various `%\&\-char' sequences. The following sequences are supported by - .Ic telnetd : - .Bl -tag -offset indent -compact -width "abcde" --.It %t -+.It %\&t - - show the current tty --.It %h -+.It %\&h - - show the system node name (FQDN) --.It %D -+.It %\&D - - show the name of the NIS domain --.It %d -+.It %\&d - - show the current time and date --.It %s -+.It %\&s - - show the name of the operating system --.It %m -+.It %\&m - - show the machine (hardware) type --.It %r -+.It %\&r - - show the operating system release --.It %v -+.It %\&v - - show the operating system version --.It %% -+.It %\&% - - display a single '%' character - .El - .Sh FILES -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/Makefile ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/Makefile 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/Makefile 2010-05-11 14:12:59.493485309 +0200 -@@ -9,9 +9,11 @@ - # take out -DPARANOID_TTYS. - - CFLAGS += '-DISSUE_FILE="/etc/issue.net"' -DPARANOID_TTYS \ -- -DNO_REVOKE -DKLUDGELINEMODE -DDIAGNOSTICS \ -- -DLOGIN_WRAPPER=\"/usr/lib/telnetlogin\" --# LIBS += $(LIBTERMCAP) -+ -DNO_REVOKE -DKLUDGELINEMODE -DDIAGNOSTICS -DAUTHENTICATE \ -+ -DLOGIN_WRAPPER=\"/usr/lib/telnetlogin\" \ -+ -DUSE_SSL -I/usr/include/openssl -I.. -+LIBTELNET = ../libtelnet/libtelnet.a -+LIBS += $(LIBTERMCAP) $(LIBTELNET) -lssl -lcrypto - - OBJS = telnetd.o state.o termstat.o slc.o sys_term.o utility.o \ - global.o setproctitle.o -@@ -28,10 +30,10 @@ - telnetd.o: ../version.h - - install: telnetd -- install -s -m$(DAEMONMODE) telnetd $(INSTALLROOT)$(SBINDIR)/in.telnetd -- install -m$(MANMODE) issue.net.5 $(INSTALLROOT)$(MANDIR)/man5/ -- install -m$(MANMODE) telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/in.telnetd.8 -- ln -sf in.telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/telnetd.8 -+ install -m$(DAEMONMODE) telnetd $(INSTALLROOT)$(SBINDIR)/in.telnetd-ssl -+# install -m$(MANMODE) issue.net.5 $(INSTALLROOT)$(MANDIR)/man5/ -+ install -m$(MANMODE) telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/in.telnetd-ssl.8 -+ ln -sf in.telnetd-ssl.8 $(INSTALLROOT)$(MANDIR)/man8/telnetd-ssl.8 - - clean: - rm -f *.o telnetd -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/pathnames.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/pathnames.h ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/pathnames.h 1996-08-30 00:31:24.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/pathnames.h 2010-05-11 13:44:40.090341661 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)pathnames.h 5.5 (Berkeley) 6/28/90 -- * $Id: pathnames.h,v 1.3 1996/08/29 22:31:24 dholland Exp $ -+ * $Id: pathnames.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - #include <paths.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.3 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.3 ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.3 2000-07-31 01:57:09.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.3 2010-05-11 13:44:40.090341661 +0200 -@@ -1,5 +1,5 @@ - .\" OpenBSD: setproctitle.3,v 1.4 1996/10/08 01:20:08 michaels Exp --.\" $Id: setproctitle.3,v 1.13 2000/07/30 23:57:09 dholland Exp $ -+.\" $Id: setproctitle.3,v 1.1 2004-10-14 13:19:53 ianb Exp $ - .\" - .\" Copyright (c) 1994, 1995 Christopher G. Demetriou - .\" All rights reserved. -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.c 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.c 2010-05-11 13:44:40.090341661 +0200 -@@ -39,7 +39,7 @@ - * From: @(#)conf.c 8.243 (Berkeley) 11/20/95 - */ - char setproctitle_rcsid[] = -- "$Id: setproctitle.c,v 1.3 1999/12/10 23:06:39 bryce Exp $"; -+ "$Id: setproctitle.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include <stdlib.h> - #include <string.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/slc.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/slc.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/slc.c 1999-12-12 15:59:44.000000000 +0100 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/slc.c 2010-05-11 13:44:40.096989611 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)slc.c 5.7 (Berkeley) 3/1/91 - */ - char slc_rcsid[] = -- "$Id: slc.c,v 1.5 1999/12/12 14:59:44 dholland Exp $"; -+ "$Id: slc.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include "telnetd.h" - -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/state.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/state.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/state.c 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/state.c 2010-05-11 13:44:40.100321827 +0200 -@@ -35,11 +35,12 @@ - * From: @(#)state.c 5.10 (Berkeley) 3/22/91 - */ - char state_rcsid[] = -- "$Id: state.c,v 1.12 1999/12/12 19:41:44 dholland Exp $"; -+ "$Id: state.c,v 1.5 2005-07-07 21:53:00 ianb Exp $"; - - #include "telnetd.h" - #if defined(AUTHENTICATE) - #include <libtelnet/auth.h> -+extern char *UserNameRequested; - #endif - - int not42 = 1; -@@ -1161,7 +1162,7 @@ - - case TELOPT_ENVIRON: { - register int c; -- register char *cp, *varp, *valp; -+ register unsigned char *cp, *varp, *valp; - - if (SB_EOF()) - return; -@@ -1177,25 +1178,41 @@ - if (SB_EOF()) - return; - -- cp = varp = (char *)subpointer; -+ cp = varp = (unsigned char *)subpointer; - valp = 0; - - while (!SB_EOF()) { - switch (c = SB_GET()) { - case ENV_VALUE: - *cp = '\0'; -- cp = valp = (char *)subpointer; -+ cp = valp = (unsigned char *)subpointer; - break; - - case ENV_VAR: - *cp = '\0'; -- if (envvarok(varp)) { -- if (valp) -- (void)setenv(varp, valp, 1); -- else -- unsetenv(varp); -+ if (envvarok((char *)varp)) { -+ if (valp) { -+ (void)setenv((char *)varp, (char *)valp, 1); -+#ifdef AUTHENTICATE -+ if (strcmp((char *)varp,"USER") == 0) { -+ if (UserNameRequested) -+ free(UserNameRequested); -+ UserNameRequested=strdup((char *)valp); -+ } -+#endif /* AUTHENTICATE */ -+ } -+ else { -+ unsetenv((char *)varp); -+#ifdef AUTHENTICATE -+ if (strcmp((char *)varp,"USER") == 0) { -+ if (UserNameRequested) -+ free(UserNameRequested); -+ UserNameRequested=NULL; -+ } -+#endif /* AUTHENTICATE */ -+ } - } -- cp = varp = (char *)subpointer; -+ cp = varp = (unsigned char *)subpointer; - valp = 0; - break; - -@@ -1211,11 +1228,27 @@ - } - } - *cp = '\0'; -- if (envvarok(varp)) { -- if (valp) -- (void)setenv(varp, valp, 1); -- else -- unsetenv(varp); -+ if (envvarok((char *)varp)) { -+ if (valp) { -+ (void)setenv((char *)varp, (char *)valp, 1); -+#ifdef AUTHENTICATE -+ if (strcmp((char *)varp,"USER") == 0) { -+ if (UserNameRequested) -+ free(UserNameRequested); -+ UserNameRequested=strdup((char *)valp); -+ } -+#endif /* AUTHENTICATE */ -+ } -+ else { -+ unsetenv((char *)varp); -+#ifdef AUTHENTICATE -+ if (strcmp((char *)varp,"USER") == 0) { -+ if (UserNameRequested) -+ free(UserNameRequested); -+ UserNameRequested=NULL; -+ } -+#endif /* AUTHENTICATE */ -+ } - } - break; - } /* end of case TELOPT_ENVIRON */ -@@ -1367,7 +1400,7 @@ - ADD(IAC); - ADD(SE); - -- writenet(statusbuf, ncp - statusbuf); -+ writenet((char *)statusbuf, ncp - statusbuf); - netflush(); /* Send it on its way */ - - DIAG(TD_OPTIONS, {printsub('>', statusbuf, ncp - statusbuf); netflush();}); -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/sys_term.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/sys_term.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/sys_term.c 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/sys_term.c 2010-05-11 13:44:40.106987377 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)sys_term.c 5.16 (Berkeley) 3/22/91 - */ - char st_rcsid[] = -- "$Id: sys_term.c,v 1.17 1999/12/17 14:28:47 dholland Exp $"; -+ "$Id: sys_term.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include <utmp.h> - -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.8 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.8 ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.8 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.8 2010-05-11 13:44:40.106987377 +0200 -@@ -30,7 +30,7 @@ - .\" SUCH DAMAGE. - .\" - .\" from: @(#)telnetd.8 6.8 (Berkeley) 4/20/91 --.\" $Id: telnetd.8,v 1.18 2000/07/30 23:57:10 dholland Exp $ -+.\" $Id: telnetd.8,v 1.5 2006-09-24 00:48:31 ianb Exp $ - .\" - .Dd December 29, 1996 - .Dt TELNETD 8 -@@ -42,7 +42,7 @@ - protocol server - .Sh SYNOPSIS - .Nm /usr/sbin/in.telnetd --.Op Fl hns -+.Op Fl hnNs - .Op Fl a Ar authmode - .Op Fl D Ar debugmode - .Op Fl L Ar loginprg -@@ -50,6 +50,7 @@ - .Op Fl X Ar authtype - .Op Fl edebug - .Op Fl debug Ar port -+.Op Fl z Ar sslopt - .Sh DESCRIPTION - The - .Nm telnetd -@@ -175,6 +176,9 @@ - if the client is still there, so that idle connections - from machines that have crashed or can no longer - be reached may be cleaned up. -+.It Fl N -+Disable reverse DNS lookups and use the numeric IP address in logs -+and REMOTEHOST environment variable. - .It Fl s - This option is only enabled if - .Nm telnetd -@@ -219,12 +223,16 @@ - only accepts connections from SSL enhanced telnet with option - .Ic -z ssl - .It Ic nossl, !ssl --switch of SSL negotiation -+switch off SSL negotiation - .It Ic certsok - Look username up in /etc/ssl.users. The format of this file is lines - of this form: - .Ar user1,user2:/C=US/..... --where user1 and user2 are usernames. If client certificate is valid, -+where user1 and user2 are usernames and /C=US/... is the subject name of -+the certificate. Use -+.Ar openssl x509 -subject -noout -+to extract the subject name. -+If client certificate is valid, - authenticate without password. - .It Ic certrequired - client certificate is mandatory -@@ -451,7 +459,6 @@ - is compiled with support for data encryption, and - indicates a willingness to decrypt - the data stream. --.Xr issue.net 5 ) . - .El - .Sh FILES - .Pa /etc/services , -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.c 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.c 2010-05-11 13:44:40.113654043 +0200 -@@ -39,7 +39,7 @@ - * From: @(#)telnetd.c 5.48 (Berkeley) 3/1/91 - */ - char telnetd_rcsid[] = -- "$Id: telnetd.c,v 1.24 2000/04/12 21:36:12 dholland Exp $"; -+ "$Id: telnetd.c,v 1.7 2006-06-16 13:29:00 ianb Exp $"; - - #include "../version.h" - -@@ -90,6 +90,7 @@ - - int debug = 0; - int keepalive = 1; -+int numeric_hosts = 0; - #ifdef LOGIN_WRAPPER - char *loginprg = LOGIN_WRAPPER; - #else -@@ -222,13 +223,12 @@ - * certificate that we will be running with as we cannot - * be sure of the cwd when we are launched - */ -- sprintf(cert_filepath,"%s/%s",X509_get_default_cert_dir(), -- "telnetd.pem"); -+ strcpy(cert_filepath, "/etc/telnetd-ssl/telnetd.pem"); - ssl_cert_file=cert_filepath; - ssl_key_file=NULL; - #endif /* USE_SSL */ - -- while ((ch = getopt(argc, argv, "d:a:e:lhnr:I:D:B:sS:a:X:L:z:")) != EOF) { -+ while ((ch = getopt(argc, argv, "d:a:e:lhnNr:I:D:B:sS:a:X:L:z:")) != EOF) { - switch(ch) { - - #ifdef USE_SSL -@@ -389,6 +389,10 @@ - keepalive = 0; - break; - -+ case 'N': -+ numeric_hosts = 1; -+ break; -+ - #ifdef SecurID - case 's': - /* SecurID required */ -@@ -427,7 +431,7 @@ - - #ifdef USE_SSL - -- if (ssl_secure_flag || ssl_cert_required) { -+ if (ssl_secure_flag || ssl_cert_required || ssl_certsok_flag) { - /* in secure mode we *must* switch on the base level - * verify checking otherwise we cannot abort connections - * at the right place! -@@ -520,9 +524,9 @@ - sprintf(errbuf,"SSL_accept error %s\n", - ERR_error_string(ERR_get_error(),NULL)); - -- syslog(LOG_WARNING, errbuf); -+ syslog(LOG_WARNING, "%s", errbuf); - -- BIO_printf(bio_err,errbuf); -+ BIO_printf(bio_err,"%s",errbuf); - - /* go to sleep to make sure we are noticed */ - sleep(10); -@@ -571,6 +575,11 @@ - #ifdef AUTHENTICATE - fprintf(stderr, " [-X auth-type]"); - #endif -+#ifdef USE_SSL -+ /* might as well output something useful here ... */ -+ fprintf(stderr, "\n\t [-z ssl] [-z secure] [-z debug] [-z verify=int]\n\t"); -+ fprintf(stderr, " [-z cert=file] [-z key=file]\n\t"); -+#endif /* USE_SSL */ - fprintf(stderr, "\n"); - exit(1); - } -@@ -596,6 +605,18 @@ - /* - * Handle the Authentication option before we do anything else. - */ -+ send_do(TELOPT_ENVIRON, 1); -+ while (his_will_wont_is_changing(TELOPT_ENVIRON)) { -+ ttloop(); -+ } -+ -+ if (his_state_is_will(TELOPT_ENVIRON)) { -+ netoprintf("%c%c%c%c%c%c", -+ IAC, SB, TELOPT_ENVIRON, TELQUAL_SEND, IAC, SE); -+ while (sequenceIs(environsubopt, baseline)) -+ ttloop(); -+ } -+ - send_do(TELOPT_AUTHENTICATION, 1); - while (his_will_wont_is_changing(TELOPT_AUTHENTICATION)) - ttloop(); -@@ -654,7 +675,6 @@ - send_do(TELOPT_TTYPE, 1); - send_do(TELOPT_TSPEED, 1); - send_do(TELOPT_XDISPLOC, 1); -- send_do(TELOPT_ENVIRON, 1); - while ( - #if defined(ENCRYPT) - his_do_dont_is_changing(TELOPT_ENCRYPT) || -@@ -698,10 +718,6 @@ - while (sequenceIs(xdisplocsubopt, baseline)) - ttloop(); - } -- if (his_state_is_will(TELOPT_ENVIRON)) { -- while (sequenceIs(environsubopt, baseline)) -- ttloop(); -- } - if (his_state_is_will(TELOPT_TTYPE)) { - char first[256], last[256]; - -@@ -852,7 +868,7 @@ - static void - doit(struct sockaddr *who, socklen_t who_len) - { -- const char *host; -+ char *host; - int level; - char user_name[256]; - int i; -@@ -867,7 +883,8 @@ - - /* get name of connected client */ - if (getnameinfo(who, who_len, remote_host_name, -- sizeof(remote_host_name), 0, 0, 0)) { -+ sizeof(remote_host_name), 0, 0, -+ numeric_hosts ? NI_NUMERICHOST : 0)) { - syslog(LOG_ERR, "doit: getnameinfo: %m"); - *remote_host_name = 0; - } -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.h ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.h 1999-03-27 08:46:21.000000000 +0100 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.h 2010-05-11 13:44:40.113654043 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)telnetd.h 5.3 (Berkeley) 3/1/91 -- * $Id: telnetd.h,v 1.2 1999/03/27 07:46:21 dholland Exp $ -+ * $Id: telnetd.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/termstat.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/termstat.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/termstat.c 1999-12-12 15:59:45.000000000 +0100 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/termstat.c 2010-05-11 13:44:40.113654043 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)termstat.c 5.10 (Berkeley) 3/22/91 - */ - char termstat_rcsid[] = -- "$Id: termstat.c,v 1.6 1999/12/12 14:59:45 dholland Exp $"; -+ "$Id: termstat.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include "telnetd.h" - -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/utility.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/utility.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/utility.c 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/utility.c 2010-05-11 13:45:21.990318196 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)utility.c 5.8 (Berkeley) 3/22/91 - */ - char util_rcsid[] = -- "$Id: utility.c,v 1.11 1999/12/12 14:59:45 dholland Exp $"; -+ "$Id: utility.c,v 1.8 2006-09-24 00:48:31 ianb Exp $"; - - #define PRINTOPTIONS - -@@ -49,6 +49,15 @@ - - #include "telnetd.h" - -+/* patched by fluke.l at gmail.com , im not sure it's gonna work or not */ -+typedef struct { -+ int (*read) (void *, char *, int); -+ int (*write) (void *, char const *, int); -+ fpos_t (*seek) (void *, fpos_t, int); -+ int (*close) (void *); -+} cookie_io_functions_t; -+/* end patch */ -+ - struct buflist { - struct buflist *next; - char *buf; -@@ -86,6 +95,11 @@ - DIAG(TD_REPORT, netoprintf("td: ttloop\r\n");); - - netflush(); -+#ifdef USE_SSL -+ if (ssl_active_flag) -+ ncc = SSL_read(ssl_con, netibuf, sizeof netibuf); -+ else -+#endif /* USE_SSL */ - ncc = read(net, netibuf, sizeof(netibuf)); - if (ncc < 0) { - syslog(LOG_INFO, "ttloop: read: %m\n"); -@@ -216,7 +230,7 @@ - } - - out: -- return next ? next + (current - end) : current; -+ return (const char *) (next ? (next + (current - end)) : current ); - } /* end of nextitem */ - - -@@ -243,6 +257,29 @@ - doclear--; - } /* end of netclear */ - -+#ifdef USE_SSL -+static int -+SSL_writev(SSL *ssl_con,const struct iovec *vector,int num) -+{ -+ const struct iovec *v = vector; -+ -+ int ret; -+ int len = 0; -+ -+ while (num > 0) { -+ ret = SSL_write(ssl_con, v->iov_base, v->iov_len); -+ if (ret < 0) -+ return ret; -+ if (ret != v->iov_len) -+ syslog(LOG_NOTICE, "SSL_writev: short write\n"); -+ num -= v->iov_len; -+ len += ret; -+ v++; -+ } -+ return len; -+} -+#endif /* USE_SSL */ -+ - static void - netwritebuf(void) - { -@@ -253,6 +290,9 @@ - size_t len; - int ltrailing = trailing; - -+ if (!listlen) -+ return; -+ - vector = malloc(listlen * sizeof(struct iovec)); - if (!vector) { - return; -@@ -265,6 +305,11 @@ - if (lp == urg) { - len = v - vector; - if (!len) { -+#ifdef USE_SSL -+ if (ssl_active_flag) -+ n = SSL_write(ssl_con, lp->buf, 1); -+ else -+#endif /* USE_SSL */ - n = send(net, lp->buf, 1, MSG_OOB); - if (n > 0) { - urg = 0; -@@ -282,15 +327,25 @@ - vector->iov_base = (char *)vector->iov_base + skip; - vector->iov_len -= skip; - -- n = writev(net, vector, len); -+ if(vector->iov_len == 0 ) { -+ n=0; -+ } else { -+ -+#ifdef USE_SSL -+ if (ssl_active_flag) -+ n = SSL_writev(ssl_con, vector, len); /* normal write */ -+ else -+#endif /* USE_SSL */ -+ n = writev(net, vector, len); - - epi: -- free(vector); -+ free(vector); - -- if (n < 0) { -+ if (n < 0) { - if (errno != EWOULDBLOCK && errno != EINTR) -- cleanup(0); -+ cleanup(0); - return; -+ } - } - - len = n + skip; -@@ -315,6 +370,10 @@ - } - } - -+ if(ltrailing && (len==0)) { -+ ltrailing=trailing=0; -+ } -+ - skip = len; - } - -@@ -323,16 +382,22 @@ - * Send as much data as possible to the network, - * handling requests for urgent data. - */ --void -+int - netflush(void) - { - if (fflush(netfile)) { - /* out of memory? */ - cleanup(0); -+ return 0; - } -- if (listlen) { -- netwritebuf(); -- } -+ netwritebuf(); -+ return 1; -+} -+ -+int -+writenet(char *b , int l) -+{ -+ return(fwrite(b, 1, l, netfile)); - } - - -@@ -983,7 +1048,7 @@ - ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? - "MUTUAL" : "ONE-WAY"); - -- auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); -+ auth_printsub(&pointer[1], length - 1, (unsigned char *) buf, sizeof(buf)); - netoprintf("%s", buf); - break; - -@@ -1191,7 +1256,15 @@ - size_t l; - size_t m = tail->len; - -- p = nextitem(tail->buf, tail->buf + tail->len, buf, end); -+ if((tail->buf == NULL) || (tail->len==0)) -+ { -+ p = nextitem((unsigned char *) buf, (unsigned char *) end,0,0); -+ } -+ else -+ { -+ p = nextitem((unsigned char *) tail->buf, (unsigned char *) (tail->buf + tail->len), -+ (unsigned char *) buf, (unsigned char *) end); -+ } - ltrailing = !p; - if (ltrailing) { - p = end; -@@ -1245,7 +1318,7 @@ - const char *p; - size_t l; - -- p = nextitem(buf, end, 0, 0); -+ p = nextitem((unsigned char *) buf, (unsigned char *) end, 0, 0); - ltrailing = !p; - if (ltrailing) { - p = end; -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/Makefile ---- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/Makefile 2000-04-13 03:07:22.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/Makefile 2010-05-11 13:46:19.023660189 +0200 -@@ -11,7 +11,7 @@ - $(OBJS): ../version.h - - install: telnetlogin -- install -s -m4750 -oroot -gtelnetd telnetlogin $(INSTALLROOT)$(SBINDIR) -+ install -m$(BINMODE) telnetlogin $(INSTALLROOT)$(SBINDIR) - install -m$(MANMODE) telnetlogin.8 $(INSTALLROOT)$(MANDIR)/man8 - - clean: -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.8 netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.8 ---- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.8 2004-05-27 11:47:02.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.8 2010-05-11 13:44:40.123659071 +0200 -@@ -28,7 +28,7 @@ - .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - .\" SUCH DAMAGE. - .\" --.\" $Id: telnetlogin.8,v 1.4 2000/07/30 23:57:10 dholland Exp $ -+.\" $Id: telnetlogin.8,v 1.2 2004-11-07 15:47:43 ianb Exp $ - .\" - .Dd April 12, 2000 - .Dt TELNETLOGIN 8 -@@ -40,6 +40,7 @@ - .Nm telnetlogin - .Op Fl h Ar host - .Op Fl p -+.Op Fl f Ar username - .Op Ar username - .Sh DESCRIPTION - .Nm telnetlogin -@@ -79,11 +80,6 @@ - .Xr inetd 8 , - .Xr telnetd 8 - .Sh RESTRICTIONS --.Nm telnetlogin --does not permit the --.Fl f --option to login, so will not --work with telnetds that perform authentication via Kerberos or SSL. - .Pp - THIS IS PRESENTLY EXPERIMENTAL CODE; USE WITH CAUTION. - .Sh HISTORY -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.c 2004-05-27 11:47:02.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.c 2010-05-11 13:44:40.123659071 +0200 -@@ -35,7 +35,7 @@ - "All rights reserved.\n"; - - char rcsid[] = -- "$Id: telnetlogin.c,v 1.1 2000/04/13 01:07:22 dholland Exp $"; -+ "$Id: telnetlogin.c,v 1.2 2004-11-07 15:47:43 ianb Exp $"; - #include "../version.h" - - #include <sys/types.h> -@@ -76,7 +76,16 @@ - int i=0; - /* should we check length? */ - for (i=0; hname[i]; i++) { -- if (hname[i]<=32 && hname[i]>126) return -1; -+ if ((hname[i]<=32) || (hname[i]>126)) return -1; -+ } -+ return 0; -+} -+ -+static int check_username(char *username) { -+ int i; -+ if (strlen(username) > 32) return -1; -+ for (i=0; username[i]; i++) { -+ if ((username[i]<=32) || (username[i]>126)) return -1; - } - return 0; - } -@@ -158,6 +167,12 @@ - if (argn < argc && !strcmp(argv[argn], "-p")) { - argn++; - } -+ if (argn < argc && !strcmp(argv[argn], "-f")) { -+ argn++; -+ if (argn==argc) die("Illegal args: -f requires argument"); -+ if (check_username(argv[argn])) die("Illegal remote username specified"); -+ argn++; -+ } - if (argn < argc && argv[argn][0] != '-') { - argn++; - } diff --git a/abs/core/netkit-telnet-ssl/netkit-telnet-ssl.install b/abs/core/netkit-telnet-ssl/netkit-telnet-ssl.install deleted file mode 100644 index 25a4b28..0000000 --- a/abs/core/netkit-telnet-ssl/netkit-telnet-ssl.install +++ /dev/null @@ -1,5 +0,0 @@ - -post_install() { - groupadd telnetd -} - diff --git a/abs/core/netkit-telnet-ssl/telnet.xinetd b/abs/core/netkit-telnet-ssl/telnet.xinetd deleted file mode 100644 index f4ef4c0..0000000 --- a/abs/core/netkit-telnet-ssl/telnet.xinetd +++ /dev/null @@ -1,10 +0,0 @@ -service telnet-ssl -{ - flags = REUSE - socket_type = stream - wait = no - user = root - server = /usr/sbin/in.telnetd-ssl - log_on_failure += USERID - disable = yes -} |