Only in netkit-telnet-ssl-0.17.24+0.1: debian
diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth.c
--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth.c 2004-05-27 11:47:25.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth.c 2010-05-11 13:44:40.190322666 +0200
@@ -37,6 +37,9 @@
*/
#ifndef lint
+#ifdef __GNUC__
+__attribute__ ((unused))
+#endif /* __GNUC__ */
static char sccsid[] = "@(#)auth.c 5.2 (Berkeley) 3/22/91";
#endif /* not lint */
@@ -83,8 +86,11 @@
#define typemask(x) (1<<((x)-1))
+int auth_onoff(const char *type, int on);
+
+
int auth_debug_mode = 0;
-static char *Name = "Noname";
+static const char *Name = "Noname";
static int Server = 0;
static Authenticator *authenticated = 0;
static int authenticating = 0;
@@ -170,7 +176,7 @@
void
auth_init(name, server)
- char *name;
+ const char *name;
int server;
{
Authenticator *ap = authenticators;
@@ -241,7 +247,7 @@
int
auth_onoff(type, on)
- char *type;
+ const char *type;
int on;
{
int i, mask = -1;
@@ -335,7 +341,7 @@
}
*e++ = IAC;
*e++ = SE;
- writenet(str_request, e - str_request);
+ writenet((char *) str_request, e - str_request);
printsub('>', &str_request[2], e - str_request - 2);
}
}
@@ -424,7 +430,7 @@
}
auth_send_data += 2;
}
- writenet(str_none, sizeof(str_none));
+ writenet((char *) str_none, sizeof(str_none));
printsub('>', &str_none[2], sizeof(str_none) - 2);
if (auth_debug_mode)
printf(">>>%s: Sent failure message\r\n", Name);
@@ -456,7 +462,7 @@
return;
}
- if (ap = findauthenticator(data[0], data[1])) {
+ if ((ap = findauthenticator(data[0], data[1]))) {
if (ap->is)
(*ap->is)(ap, data+2, cnt-2);
} else if (auth_debug_mode)
@@ -474,7 +480,7 @@
if (cnt < 2)
return;
- if (ap = findauthenticator(data[0], data[1])) {
+ if ((ap = findauthenticator(data[0], data[1]))) {
if (ap->reply)
(*ap->reply)(ap, data+2, cnt-2);
} else if (auth_debug_mode)
@@ -487,7 +493,7 @@
unsigned char *data;
int cnt;
{
- Authenticator *ap;
+ /* Authenticator *ap; */
unsigned char savename[256];
if (cnt < 1) {
@@ -505,7 +511,7 @@
savename[cnt] = '\0'; /* Null terminate */
if (auth_debug_mode)
printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
- auth_encrypt_user(savename);
+ auth_encrypt_user((char *)savename);
}
int
@@ -526,7 +532,7 @@
}
*e++ = IAC;
*e++ = SE;
- writenet(str_request, e - str_request);
+ writenet((char *) str_request, e - str_request);
printsub('>', &str_request[2], e - &str_request[2]);
return(1);
}
@@ -542,6 +548,9 @@
}
/* ARGSUSED */
+#ifdef __GNUC__
+__attribute__ ((used))
+#endif /* __GNUC__ */
static void
auth_intr(sig)
int sig;
diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth-proto.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth-proto.h
--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth-proto.h 2004-05-27 11:47:25.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth-proto.h 2010-05-11 13:44:40.183654321 +0200
@@ -68,7 +68,7 @@
#if defined(AUTHENTICATE)
Authenticator *findauthenticator P((int, int));
-void auth_init P((char *, int));
+void auth_init P((const char *, int));
int auth_cmd P((int, char **));
void auth_request P((void));
void auth_send P((unsigned char *, int));
@@ -123,7 +123,9 @@
int auth_ssl_status P((Authenticator *, char *, int));
void auth_ssl_printsub P((unsigned char *, int, unsigned char *, int));
#endif /* USE_SSL */
-
+
+extern void printsub P((char, unsigned char *, int));
+extern int writenet P((char *, int));
#endif
#ifdef __cplusplus
}
diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/Makefile
--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/Makefile 2004-05-27 11:47:25.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/Makefile 2010-05-11 13:45:28.073664102 +0200
@@ -15,5 +15,8 @@
ranlib lib${LIB}.a; \
fi;
+install:
+ @echo "nothing to be installed from libtelnet"
+
clean:
rm -f *.o lib${LIB}.a
diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc.c
--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc.c 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc.c 2010-05-11 13:44:40.190322666 +0200
@@ -32,6 +32,9 @@
*/
#ifndef lint
+#ifdef __GNUC__
+__attribute__ ((unused))
+#endif /* __GNUC__ */
static char sccsid[] = "@(#)misc.c 5.1 (Berkeley) 2/28/91";
#endif /* not lint */
@@ -54,7 +57,12 @@
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
+#include <stdio.h>
+#include <stdlib.h>
+
#include "misc.h"
+#include "auth.h"
+#include "auth-proto.h"
char *RemoteHostName;
char *LocalHostName;
@@ -65,7 +73,7 @@
auth_encrypt_init(local, remote, name, server)
char *local;
char *remote;
- char *name;
+ const char *name;
int server;
{
RemoteHostName = remote;
diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc-proto.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc-proto.h
--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc-proto.h 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc-proto.h 2010-05-11 13:44:40.190322666 +0200
@@ -68,7 +68,7 @@
extern "C" {
#endif
-void auth_encrypt_init P((char *, char *, char *, int));
+void auth_encrypt_init P((char *, char *, const char *, int));
void auth_encrypt_connect P((int));
void auth_encrypt_user P((const char *name));
void printd P((unsigned char *, int));
diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/sslapp.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/sslapp.h
--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/sslapp.h 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/sslapp.h 2010-05-11 13:44:40.200330208 +0200
@@ -45,6 +45,7 @@
#include "x509.h"
#include "ssl.h"
#define OLDPROTO NOPROTO
+#undef NOPROTO
#define NOPROTO
#include "err.h"
#undef NOPROTO
@@ -72,7 +73,7 @@
/* we hide all the initialisation code in a separate file now */
extern int do_ssleay_init(int server);
-extern int display_connect_details(SSL *ssl_con, int verbose);
+extern void display_connect_details(SSL *ssl_con, int verbose);
extern int server_verify_callback();
extern int client_verify_callback();
diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/ssl.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/ssl.c
--- netkit-telnet-ssl-0.17.24+0.1/libtelnet/ssl.c 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/ssl.c 2010-05-11 13:44:40.200330208 +0200
@@ -47,6 +47,9 @@
#include <string.h>
#endif
+#include <unistd.h>
+#include <openssl/err.h>
+
#include "auth.h"
#include "misc.h"
@@ -91,11 +94,12 @@
#define VERIFY_ROOT_OK VERIFY_OK
#endif
+extern int netflush(void);
+
extern int auth_debug_mode;
-static auth_ssl_valid = 0;
+static int auth_ssl_valid = 0;
static char *auth_ssl_name = 0; /* this holds the oneline name */
-extern BIO *bio_err;
extern int ssl_only_flag;
extern int ssl_debug_flag;
extern int ssl_active_flag;
@@ -120,6 +124,9 @@
BIO *bio_err=NULL;
+int auth_failed=0;
+
+
/* compile this set to 1 to negotiate SSL but not actually start it */
static int ssl_dummy_flag=0;
@@ -135,7 +142,7 @@
* telnet connect if we are talking straight ssl with no telnet
* protocol --tjh
*/
-int
+void
display_connect_details(ssl_con,verbose)
SSL *ssl_con;
int verbose;
@@ -152,7 +159,7 @@
/* grab the full list of ciphers */
i=0;
buf[0]='\0';
- while((p=SSL_get_cipher_list(ssl_con,i++))!=NULL) {
+ while((p=(char *)SSL_get_cipher_list(ssl_con,i++))!=NULL) {
if (i>0)
strcat(buf,":");
strcat(buf,p);
@@ -230,7 +237,7 @@
*p++ = SE;
if (str_data[3] == TELQUAL_IS)
printsub('>', &str_data[2], p - (&str_data[2]));
- return(writenet(str_data, p - str_data));
+ return(writenet((char *) str_data, p - str_data));
}
int auth_ssl_init(ap, server)
@@ -280,7 +287,7 @@
unsigned char *data;
int cnt;
{
- int valid;
+ /* int valid; */
if (cnt-- < 1)
return;
@@ -364,7 +371,7 @@
unsigned char *data;
int cnt;
{
- int i;
+ /* int i; */
int status;
if (cnt-- < 1)
@@ -389,16 +396,13 @@
SSL_set_verify(ssl_con,ssl_verify_flag,
client_verify_callback);
if ((status = SSL_connect(ssl_con)) <= 0) {
- fprintf(stderr,"[SSL - FAILED (%d)]\r\n", status);
- fflush(stderr);
-
- perror("telnet: Unable to ssl_connect to remote host");
+ auth_finished(0,AUTH_REJECT);
+ fprintf(stderr,"[SSL - FAILED (%d)]\r\n", status);
+ fprintf(stderr,"telnet: Unable to ssl_connect to remote host\n");
ERR_print_errors(bio_err);
-
- /* don't know what I "should" be doing here ... */
-
- auth_finished(0,AUTH_REJECT);
+ fflush(stderr);
+ auth_failed=1;
return;
} else {
@@ -452,7 +456,7 @@
*/
if (ssl_certsok_flag) {
user_fp = fopen("/etc/ssl.users", "r");
- if (!auth_ssl_name || !user_fp) {
+ if (!auth_ssl_name || !user_fp || !UserNameRequested) {
/* If we haven't received a certificate, then don't
* return AUTH_VALID.
*/
@@ -486,7 +490,7 @@
cp = strchr(n, ',');
if (cp)
*cp++ = '\0';
- if (!UserNameRequested ||
+ if (UserNameRequested &&
!strcmp(UserNameRequested, n)) {
strcpy(name, n);
fclose(user_fp);
@@ -543,7 +547,7 @@
default:
sprintf(lbuf, " %d (unknown)", data[3]);
strncpy((char *)buf, lbuf, buflen);
- common2:
+/* common2: */
BUMP(buf, buflen);
for (i = 4; i < cnt; i++) {
sprintf(lbuf, " %d", data[i]);
@@ -568,7 +572,7 @@
#endif /* SSLEAY8 */
{
static char *saved_subject=NULL;
- X509 *peer;
+ /* X509 *peer; */
char *subject, *issuer;
#ifdef SSLEAY8
int depth,error;
@@ -715,8 +719,8 @@
int depth, error;
#endif /* SSLEAY8 */
{
- X509 *peer;
- char *subject, *issuer;
+ /* X509 *peer; */
+ char *subject, *issuer, *cnsubj;
#ifdef SSLEAY8
int depth,error;
char *xs;
@@ -727,13 +731,13 @@
#endif /* SSLEAY8 */
-#ifdef LOCAL_DEBUG
- fprintf(stderr,"ssl:client_verify_callback:depth=%d ok=%d err=%d-%s\n",
- depth,ok,error,X509_cert_verify_error_string(error));
- fflush(stderr);
-#endif /* LOCAL_DEBUG */
+ if(ssl_debug_flag && !ok) {
+ fprintf(stderr,"ssl:client_verify_callback:depth=%d ok=%d err=%d-%s\n",
+ depth,ok,error,X509_verify_cert_error_string(error));
+ fflush(stderr);
+ }
- subject=issuer=NULL;
+ subject=issuer=cnsubj=NULL;
/* first thing is to have a meaningful name for the current
* certificate that is being verified ... and if we cannot
@@ -761,60 +765,77 @@
fflush(stderr);
}
- /* if the server is using a self signed certificate then
- * we need to decide if that is good enough for us to
- * accept ...
- */
- if (error==VERIFY_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) {
- if (ssl_cert_required) {
- /* make 100% sure that in secure more we drop the
- * connection if the server does not have a
- * real certificate!
- */
- fprintf(stderr,"SSL: rejecting connection - server has a self-signed certificate\n");
- fflush(stderr);
-
- /* sometimes it is really handy to be able to debug things
- * and still get a connection!
- */
- if (ssl_debug_flag) {
- fprintf(stderr,"SSL: debug -> ignoring cert required!\n");
- fflush(stderr);
- ok=1;
- } else {
- ok=0;
- }
- goto return_time;
- } else {
- ok=1;
- goto return_time;
- }
+ /* verify commonName matches hostname */
+ if(ssl_cert_required && depth == 0) {
+ char *cn,*p;
+
+ cnsubj=strdup(subject);
+ if(cnsubj == NULL) {
+ fprintf(stderr,"SSL: Out of memory.\n");
+ ok=0;
+ goto return_time;
+ }
+ cn=strstr(cnsubj,"/CN=");
+ if(cn == NULL) {
+ fprintf(stderr,"SSL: Cannot extract CN from certificate subject.\n");
+ ok=0;
+ goto return_time;
+ }
+ cn+=4; /* skip /CN= */
+ p=strchr(cn,'/');
+ if(p != NULL) {
+ *p='\0';
+ }
+ if(strcasecmp(cn,RemoteHostName) != 0) {
+ fprintf(stderr,"SSL: Certificate CN (%s) does not match hostname (%s)\n",
+ cn,RemoteHostName);
+ ok=0;
+ goto return_time;
+ }
}
- /* if we have any form of error in secure mode we reject the connection */
- if (! ((error==VERIFY_OK)||(error==VERIFY_ROOT_OK)) ) {
- if (ssl_cert_required) {
- fprintf(stderr,"SSL: rejecting connection - ");
- if (error==VERIFY_ERR_UNABLE_TO_GET_ISSUER) {
- fprintf(stderr,"unknown issuer: %s\n",issuer);
- } else {
- ERR_print_errors(bio_err);
- }
- fflush(stderr);
- ok=0;
- goto return_time;
- } else {
- /* be nice and display a lot more meaningful stuff
- * so that we know which issuer is unknown no matter
- * what the callers options are ...
- */
- if (error==VERIFY_ERR_UNABLE_TO_GET_ISSUER) {
- fprintf(stderr,"SSL: unknown issuer: %s\n",issuer);
- fflush(stderr);
- }
- }
+ if((error==VERIFY_OK) || (error==VERIFY_ROOT_OK)) {
+ goto return_time;
}
+ switch(error) {
+ case VERIFY_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+ fprintf(stderr,"SSL: Server has a self-signed certificate\n");
+ case VERIFY_ERR_UNABLE_TO_GET_ISSUER:
+ fprintf(stderr,"SSL: unknown issuer: %s\n",issuer);
+ break;
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ fprintf(stderr,"SSL: Certificate not yet valid\n");
+ BIO_printf(bio_err,"notBefore=");
+ ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+ BIO_printf(bio_err,"\n");
+ break;
+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+ fprintf(stderr,"SSL: Error in certificate notBefore field\n");
+ BIO_printf(bio_err,"notBefore=");
+ ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+ BIO_printf(bio_err,"\n");
+ break;
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ fprintf(stderr,"SSL: Certificate has expired\n");
+ BIO_printf(bio_err,"notAfter=");
+ ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+ BIO_printf(bio_err,"\n");
+ break;
+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+ fprintf(stderr,"SSL: Error in certificate notAfter field\n");
+ BIO_printf(bio_err,"notAfter=");
+ ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+ BIO_printf(bio_err,"\n");
+ break;
+ default:
+ fprintf(stderr,"SSL: %s (%d)\n", X509_verify_cert_error_string(error),error);
+ break;
+ }
+
+ /* If we are here there was an error */
+ ok=0;
+
return_time: ;
/* clean up things */
@@ -822,7 +843,20 @@
free(subject);
if (issuer!=NULL)
free(issuer);
-
+ if (cnsubj!=NULL)
+ free(cnsubj);
+ if(!ok && ssl_cert_required) {
+ if(ssl_debug_flag) {
+ fprintf(stderr,"SSL: debug -> ignoring cert required!\n");
+ ok=1;
+ }
+ else {
+ fprintf(stderr,"SSL: Rejecting connection\n");
+ ok=0;
+ }
+ }
+ fflush(stderr);
+
return ok;
}
diff -ur netkit-telnet-ssl-0.17.24+0.1/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/Makefile
--- netkit-telnet-ssl-0.17.24+0.1/Makefile 2004-05-27 11:47:25.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/Makefile 2010-05-11 14:19:36.673445641 +0200
@@ -1,7 +1,7 @@
# You can do "make SUB=blah" to make only a few, or edit here, or both
# You can also run make directly in the subdirs you want.
-SUB = telnet telnetd telnetlogin
+SUB = libtelnet telnet telnetd
%.build:
(cd $(patsubst %.build, %, $@) && $(MAKE))
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/authenc.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/authenc.cc
--- netkit-telnet-ssl-0.17.24+0.1/telnet/authenc.cc 2000-07-23 05:24:53.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/authenc.cc 2010-05-11 13:44:40.056990450 +0200
@@ -35,7 +35,7 @@
* From: @(#)authenc.c 5.1 (Berkeley) 3/1/91
*/
char au_rcsid[] =
- "$Id: authenc.cc,v 1.6 2000/07/23 03:24:53 dholland Exp $";
+ "$Id: authenc.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
#if defined(ENCRYPT) || defined(AUTHENTICATE)
#include <sys/types.h>
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/commands.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/commands.cc
--- netkit-telnet-ssl-0.17.24+0.1/telnet/commands.cc 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/commands.cc 2010-05-11 13:44:40.060322107 +0200
@@ -35,7 +35,7 @@
* From: @(#)commands.c 5.5 (Berkeley) 3/22/91
*/
char cmd_rcsid[] =
- "$Id: commands.cc,v 1.34 2000/07/23 04:16:24 dholland Exp $";
+ "$Id: commands.cc,v 1.13 2007-10-04 21:38:18 ianb Exp $";
#include <string.h>
@@ -653,6 +653,21 @@
return 1;
}
+#ifdef AUTHENTICATE
+
+static int tog_autologin(int) {
+ if(autologin == 0) {
+ autologin=1;
+ env_export("USER");
+ }
+ else {
+ autologin=0;
+ env_unexport("USER");
+ }
+ return 1;
+}
+
+#endif /* AUTHENTICATE */
static int netdata; /* Print out network data flow */
static int prettydump; /* Print "netdata" output in user readable format */
@@ -682,13 +697,13 @@
#if defined(AUTHENTICATE)
{ "autologin", "automatic sending of login and/or authentication info",
- NULL, &autologin,
+ tog_autologin, NULL,
"send login name and/or authentication information" },
{ "authdebug", "Toggle authentication debugging",
auth_togdebug, NULL,
"print authentication debugging information" },
#endif
-#if 0
+#ifdef ENCRYPT
{ "autoencrypt", "automatic encryption of data stream",
EncryptAutoEnc, NULL,
"automatically encrypt output" },
@@ -701,7 +716,7 @@
{ "encdebug", "Toggle encryption debugging",
EncryptDebug, NULL,
"print encryption debugging information" },
-#endif
+#endif /* ENCRYPT */
{ "skiprc", "don't read the telnetrc files",
NULL, &skiprc,
@@ -750,7 +765,7 @@
NULL, &showoptions,
"show option processing" },
- { "termdata", "(debugging) toggle printing of hexadecimal terminal data",
+ { "termdata", "toggle printing of hexadecimal terminal data (debugging)",
NULL, &termdata,
"print hexadecimal representation of terminal traffic" },
@@ -1357,9 +1372,9 @@
else
shellname++;
if (argc > 1)
- execl(shellp, shellname, "-c", &saveline[1], 0);
+ execl(shellp, shellname, "-c", &saveline[1], (char *) NULL);
else
- execl(shellp, shellname, 0);
+ execl(shellp, shellname, (char *) NULL);
perror("Execl");
_exit(1);
}
@@ -1510,10 +1525,10 @@
#if defined(AUTHENTICATE)
struct authlist {
- char *name;
- char *help;
- int (*handler)(const char *, const char *);
- int narg;
+ const char *name;
+ const char *help;
+ int (*handler)(const char *, const char *);
+ int narg;
};
static int auth_help (const char *, const char *);
@@ -1833,8 +1848,22 @@
if (*portp == '-') {
portp++;
telnetport = 1;
- } else
+ } else {
telnetport = 0;
+ if (*portp >='0' && *portp<='9') {
+ char *end;
+ long int p;
+
+ p=strtol(portp, &end, 10);
+ if (ERANGE==errno && (LONG_MIN==p || LONG_MAX==p)) {
+ fprintf(stderr, "telnet: port %s overflows\n", portp);
+ return 0;
+ } else if (p<=0 || p>=65536) {
+ fprintf(stderr, "telnet: port %s out of range\n", portp);
+ return 0;
+ }
+ }
+ }
}
else {
portp = "telnet";
@@ -1860,7 +1889,7 @@
if (res < 0)
return 0;
}
-
+
/* Resolve both the host and service simultaneously. */
res = getaddrinfo(resolv_hostp, portp, &hints, &hostaddr);
if (res == EAI_NONAME) {
@@ -1902,6 +1931,16 @@
NI_NUMERICHOST | NI_NUMERICSERV);
printf("Trying %s...\n", name);
+
+ if (tmpaddr->ai_canonname == 0) {
+ hostname = new char[strlen(hostp)+1];
+ strcpy(hostname, hostp);
+ }
+ else {
+ hostname = new char[strlen(tmpaddr->ai_canonname)+1];
+ strcpy(hostname, tmpaddr->ai_canonname);
+ }
+
x = nlink.connect(debug, tmpaddr, srp, srlen, tos);
if (!x)
goto err;
@@ -1909,18 +1948,18 @@
goto nextaddr;
connected++;
+
+#ifdef USE_SSL
+ if (ssl_secure_flag || (strcmp(hostp, "localhost") != 0)) {
+ /* autologin = 1; */
+ use_authentication=1;
+ }
+#endif /* USE_SSL */
+
#if defined(AUTHENTICATE)
auth_encrypt_connect(connected);
#endif
} while (connected == 0);
- if (tmpaddr->ai_canonname == 0) {
- hostname = new char[strlen(hostp)+1];
- strcpy(hostname, hostp);
- }
- else {
- hostname = new char[strlen(tmpaddr->ai_canonname)+1];
- strcpy(hostname, tmpaddr->ai_canonname);
- }
cmdrc(hostp, hostname, portp);
freeaddrinfo(hostaddr);
@@ -1966,6 +2005,9 @@
#if defined(AUTHENTICATE)
authhelp[] = "turn on (off) authentication ('auth ?' for more)",
#endif
+#if defined(USE_SSL)
+ startsslhelp[] = "switch to telnet-over-ssl (use 'auth' for ssl-over-telnet)",
+#endif
zhelp[] = "suspend telnet",
/* shellhelp[] = "invoke a subshell", */
envhelp[] = "change environment variables ('environ ?' for more)",
@@ -1981,6 +2023,34 @@
return 0;
}
+#if defined(USE_SSL)
+static int startssl_cmd(void)
+{
+ if(ssl_con == NULL)
+ {
+ fprintf(stderr,"telnet: Internal error - ssl_con not initialised.\n");
+ return 1;
+ }
+
+ if(ssl_active_flag)
+ {
+ fprintf(stderr,"telnet: SSL already in use.\n");
+ return 1;
+ }
+
+ if (SSL_connect(ssl_con) < 1)
+ {
+ ERR_print_errors_fp(stderr);
+ fflush(stderr);
+ } else {
+ display_connect_details(ssl_con,ssl_debug_flag);
+ ssl_active_flag=1;
+ ssl_only_flag=1;
+ }
+ return 1;
+}
+#endif /* USE_SSL */
+
static int slc_mode_import_0(void) {
slc_mode_import(0);
return 1;
@@ -2028,6 +2098,10 @@
#endif
// BIND("encrypt", encrypthelp, encrypt_cmd);
+#if defined(USE_SSL)
+ BIND("startssl", startsslhelp, startssl_cmd);
+#endif
+
BIND("z", zhelp, suspend);
#if defined(TN3270) /* why?! */
@@ -2233,22 +2307,18 @@
}
void cmdrc(const char *m1, const char *m2, const char *port) {
- static char *rcname = 0;
- static char rcbuf[128];
+ char *rcname = NULL;
if (skiprc) return;
readrc(m1, m2, port, "/etc/telnetrc");
- if (rcname == 0) {
- rcname = getenv("HOME");
- if (rcname)
- strcpy(rcbuf, rcname);
- else
- rcbuf[0] = '\0';
- strcat(rcbuf, "/.telnetrc");
- rcname = rcbuf;
- }
+ if (asprintf (&rcname, "%s/.telnetrc", getenv ("HOME")) == -1)
+ {
+ perror ("asprintf");
+ return;
+ }
readrc(m1, m2, port, rcname);
+ free (rcname);
}
#if defined(IP_OPTIONS) && defined(HAS_IPPROTO_IP)
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/defines.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/defines.h
--- netkit-telnet-ssl-0.17.24+0.1/telnet/defines.h 2004-05-27 11:47:01.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/defines.h 2010-05-11 13:44:40.063654881 +0200
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* from: @(#)defines.h 5.1 (Berkeley) 9/14/90
- * $Id: defines.h,v 1.5 1996/08/04 23:44:43 dholland Exp $
+ * $Id: defines.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
*/
#define ENV_VAR NEW_ENV_VAR
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/externs.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/externs.h
--- netkit-telnet-ssl-0.17.24+0.1/telnet/externs.h 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/externs.h 2010-05-11 13:44:40.063654881 +0200
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* from: @(#)externs.h 5.3 (Berkeley) 3/22/91
- * $Id: externs.h,v 1.20 1999/08/19 09:34:15 dholland Exp $
+ * $Id: externs.h,v 1.2 2004-11-17 15:28:51 ianb Exp $
*/
#ifndef BSD
@@ -57,6 +57,7 @@
#define SUBBUFSIZE 256
extern int autologin; /* Autologin enabled */
+extern int use_authentication; /* use SSL authentication */
extern int skiprc; /* Don't process the ~/.telnetrc file */
extern int eight; /* use eight bit mode (binary in and/or out) */
extern int binary; /* use binary option (in and/or out) */
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/fdset.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/fdset.h
--- netkit-telnet-ssl-0.17.24+0.1/telnet/fdset.h 1996-07-16 07:17:22.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/fdset.h 2010-05-11 13:44:40.063654881 +0200
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* from: @(#)fdset.h 5.1 (Berkeley) 9/14/90
- * $Id: fdset.h,v 1.1 1996/07/16 05:17:22 dholland Exp $
+ * $Id: fdset.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
*/
/*
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/general.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/general.h
--- netkit-telnet-ssl-0.17.24+0.1/telnet/general.h 1996-07-16 07:17:22.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/general.h 2010-05-11 13:44:40.063654881 +0200
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* from: @(#)general.h 5.2 (Berkeley) 3/1/91
- * $Id: general.h,v 1.1 1996/07/16 05:17:22 dholland Exp $
+ * $Id: general.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
*/
/*
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/genget.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/genget.cc
--- netkit-telnet-ssl-0.17.24+0.1/telnet/genget.cc 1996-07-26 11:54:09.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/genget.cc 2010-05-11 13:44:40.063654881 +0200
@@ -35,7 +35,7 @@
* From: @(#)genget.c 5.1 (Berkeley) 2/28/91
*/
char gg_rcsid[] =
- "$Id: genget.cc,v 1.3 1996/07/26 09:54:09 dholland Exp $";
+ "$Id: genget.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
#include <string.h>
#include <ctype.h>
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/glue.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/glue.cc
--- netkit-telnet-ssl-0.17.24+0.1/telnet/glue.cc 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/glue.cc 2010-05-11 13:44:40.083654043 +0200
@@ -11,8 +11,9 @@
printsub_h(direction, pointer, length);
}
-extern "C" void writenet(const char *str, int len) {
+extern "C" int writenet(const char *str, int len) {
netoring.write(str, len);
+ return 1;
}
extern "C" int telnet_spin() {
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/main.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/main.cc
--- netkit-telnet-ssl-0.17.24+0.1/telnet/main.cc 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/main.cc 2010-05-11 13:44:40.066988214 +0200
@@ -39,7 +39,7 @@
* From: @(#)main.c 5.4 (Berkeley) 3/22/91
*/
char main_rcsid[] =
- "$Id: main.cc,v 1.14 1999/08/01 05:06:37 dholland Exp $";
+ "$Id: main.cc,v 1.6 2004-11-22 20:26:37 ianb Exp $";
#include "../version.h"
@@ -86,16 +86,27 @@
* -X <atype> disable specified auth type
*/
void usage(void) {
- fprintf(stderr, "Usage: %s %s%s%s%s\n",
+ fprintf(stderr, "Usage: %s %s%s%s%s%s\n",
prompt,
+#ifdef AUTHENTICATE
+ "[-4] [-6] [-8] [-E] [-K] [-L] [-X atype] [-a] [-d] [-e char]",
+ "\n\t[-l user] [-n tracefile] [ -b addr ]",
+#else
"[-4] [-6] [-8] [-E] [-L] [-a] [-d] [-e char] [-l user]",
"\n\t[-n tracefile] [ -b addr ]",
+#endif
#ifdef TN3270
"\n\t"
"[-noasynch] [-noasynctty] [-noasyncnet] [-r] [-t transcom]\n\t",
#else
" [-r] ",
#endif
+#ifdef USE_SSL
+ /* might as well output something useful here ... */
+ "\n\t[-z ssl] [-z secure] [-z debug] [-z verify=int]\n\t[-z cert=file] [-z key=file]\n\t",
+#else /* !USE_SSL */
+ "",
+#endif /* USE_SSL */
"[host-name [port]]"
);
exit(1);
@@ -135,8 +146,73 @@
autologin = -1;
while ((ch = getopt(argc, argv,
- "4678EKLS:X:ab:de:k:l:n:rt:x")) != EOF) {
+ "4678EKLS:X:ab:de:k:l:n:rt:xz:")) != EOF) {
switch(ch) {
+#ifdef USE_SSL
+ case 'z':
+ {
+ char *origopt;
+
+ origopt=strdup(optarg);
+ optarg=strtok(origopt,",");
+
+ while(optarg!=NULL) {
+
+ if (strcmp(optarg, "debug") == 0 ) {
+ ssl_debug_flag=1;
+ } else if (strcmp(optarg, "authdebug") == 0 ) {
+ auth_debug_mode=1;
+ } else if (strcmp(optarg, "ssl") == 0 ) {
+ ssl_only_flag=1;
+ } else if ( (strcmp(optarg, "!ssl") == 0) ||
+ (strcmp(optarg, "nossl") == 0) ) {
+ /* we may want to switch SSL negotiation off
+ * for testing or other reasons
+ */
+ ssl_disabled_flag=1;
+ } else if (strcmp(optarg, "certrequired") == 0 ) {
+ ssl_cert_required=1;
+ } else if (strcmp(optarg, "secure") == 0 ) {
+ ssl_secure_flag=1;
+ } else if (strcmp(optarg, "verbose") == 0 ) {
+ ssl_verbose_flag=1;
+ } else if (strncmp(optarg, "verify=",
+ strlen("verify=")) == 0 ) {
+ ssl_verify_flag=atoi(optarg+strlen("verify="));
+ } else if (strncmp(optarg, "cert=",
+ strlen("cert=")) == 0 ) {
+ ssl_cert_file= optarg + strlen("cert=");
+ } else if (strncmp(optarg, "key=",
+ strlen("key=")) == 0 ) {
+ ssl_key_file= optarg + strlen("key=");
+ } else if (strncmp(optarg,"cipher=",
+ strlen("cipher="))==0) {
+ ssl_cipher_list=optarg+strlen("cipher=");
+ } else {
+ /* report when we are given rubbish so that
+ * if the user makes a mistake they have to
+ * correct it!
+ */
+ fprintf(stderr,"Unknown SSL option %s\n",optarg);
+ fflush(stderr);
+ exit(1);
+ }
+
+ /* get the next one ... */
+ optarg=strtok(NULL,",");
+
+ }
+
+ /*
+ if (origopt!=NULL)
+ free(origopt);
+ */
+
+ }
+
+ break;
+#endif /* USE_SSL */
+
case '4':
family = AF_INET;
break;
@@ -257,14 +333,25 @@
autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
#ifdef USE_SSL
+ if((ssl_cert_file != NULL) || (ssl_key_file != NULL)) {
+ autologin = 1;
+ }
+
if (ssl_secure_flag||ssl_cert_required) {
/* in secure mode we *must* switch on the base level
* verify checking otherwise we cannot abort connections
* at the right place!
*/
if (ssl_verify_flag == 0)
- ssl_verify_flag = 1;
+ ssl_verify_flag = SSL_VERIFY_PEER;;
}
+
+ /* client mode ignores SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+ so simulate it using certrequired */
+ if(ssl_verify_flag & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
+ ssl_cert_required=1;
+ }
+
#endif /* USE_SSL */
argc -= optind;
@@ -289,11 +376,6 @@
*argp++ = family == AF_INET ? "-4" : "-6";
}
*argp++ = argv[0]; /* host */
-#ifdef USE_SSL
- if (strcmp(argv[0], "localhost") != 0) {
- autologin = 1;
- }
-#endif /* USE_SSL */
if (argc > 1)
*argp++ = argv[1]; /* port */
*argp = 0;
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnet/Makefile
--- netkit-telnet-ssl-0.17.24+0.1/telnet/Makefile 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/Makefile 2010-05-11 13:44:40.056990450 +0200
@@ -6,15 +6,18 @@
#CXXFLAGS:=$(patsubst -O2, -g, $(CXXFLAGS))
# -DAUTHENTICATE
-CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE
-LIBS = $(LIBTERMCAP)
+CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE -DAUTHENTICATE -DUSE_SSL \
+ -I/usr/include/openssl -I../
+LIBTELNET = ../libtelnet/libtelnet.a
+LIBS += $(LIBTERMCAP) $(LIBTELNET) -lssl -lcrypto
SRCS = commands.cc main.cc network.cc ring.cc sys_bsd.cc telnet.cc \
- terminal.cc tn3270.cc utilities.cc genget.cc environ.cc netlink.cc
+ terminal.cc tn3270.cc utilities.cc genget.cc environ.cc netlink.cc \
+ glue.cc glue2.cc
OBJS = $(patsubst %.cc, %.o, $(SRCS))
-telnet: $(OBJS)
+telnet: $(OBJS) $(LIBTELNET)
$(CXX) $(LDFLAGS) $^ $(LIBS) -o $@
include depend.mk
@@ -22,7 +25,7 @@
$(CXX) $(CXXFLAGS) -MM $(SRCS) >depend.mk
install: telnet
- install -s -m$(BINMODE) telnet $(INSTALLROOT)$(BINDIR)/telnet-ssl
+ install -m$(BINMODE) telnet $(INSTALLROOT)$(BINDIR)/telnet-ssl
install -m$(MANMODE) telnet.1 $(INSTALLROOT)$(MANDIR)/man1/telnet-ssl.1
clean:
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/netlink.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/netlink.cc
--- netkit-telnet-ssl-0.17.24+0.1/telnet/netlink.cc 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/netlink.cc 2010-05-11 13:44:40.066988214 +0200
@@ -12,12 +12,27 @@
#include "proto.h"
#include "ring.h"
#include <libtelnet/sslapp.h>
+#include <libtelnet/misc-proto.h>
/* In Linux, this is an enum */
#if defined(__linux__) || defined(IPPROTO_IP)
#define HAS_IPPROTO_IP
#endif
+/* code from Peter 'Luna' Runestig <peter@runestig.com> */
+static int select_read(int rfd)
+/* timeout = 20 seconds */
+{
+ fd_set rfds;
+ struct timeval tv;
+
+ FD_ZERO(&rfds);
+ FD_SET(rfd, &rfds);
+ tv.tv_sec = 20;
+ tv.tv_usec = 0;
+ return select(rfd + 1, &rfds, NULL, NULL, &tv);
+}
+
netlink nlink;
class netchannel : public ringbuf::source {
@@ -26,12 +41,23 @@
int net = nlink.getfd();
int l;
#ifdef USE_SSL
- if (ssl_active_flag)
- l = SSL_read(ssl_con, buf, maxlen);
- else
+ if (ssl_active_flag) {
+ do {
+ l = SSL_read(ssl_con, buf, maxlen);
+ /*
+ * SSL_ERROR_WANT_READ may occur if an SSL/TLS rehandshake occurs.
+ * This means that data was available at the socket, but all was
+ * consumed by SSL itself, so we select (w/20s timeout) and retry.
+ */
+ } while (l<0 &&
+ (SSL_ERROR_WANT_READ == SSL_get_error(ssl_con, l)) &&
+ (select_read(net) > 0));
+ } else
#endif /* USE_SSL */
- l = recv(net, buf, maxlen, 0);
- if (l<0 && errno == EWOULDBLOCK) l = 0;
+ {
+ l = recv(net, buf, maxlen, 0);
+ if (l<0 && errno == EWOULDBLOCK) l = 0;
+ }
return l;
}
};
@@ -70,11 +96,11 @@
netlink::netlink() { net = -1; }
-netlink::~netlink() { ::close(net); }
+netlink::~netlink() { if (net >= 0) ::close(net); }
int netlink::setdebug(int debug) {
- if (net > 0 &&
+ if (net >= 0 &&
(setsockopt(net, SOL_SOCKET, SO_DEBUG, &debug, sizeof(debug))) < 0) {
perror("setsockopt (SO_DEBUG)");
}
@@ -95,7 +121,8 @@
ssl_active_flag=0;
}
#endif /* USE_SSL */
- ::close(net);
+ if (net >= 0)
+ ::close(net);
net = -1;
}
@@ -142,7 +169,8 @@
{
int on=1;
int res;
-
+ extern char *hostname;
+
res = socket(addr->ai_family);
if (res < 2)
return res;
@@ -192,10 +220,24 @@
/* bind in the network descriptor */
SSL_set_fd(ssl_con,net);
+#if defined(AUTHENTICATE)
+ /* moved from telnet() so client_verify_callback knows RemoteHostName -ianb */
+ {
+ static char local_host[256] = { 0 };
+ int len = sizeof(local_host);
+
+ if (!local_host[0]) {
+ gethostname(local_host, len); /* WAS &len!!! */
+ local_host[sizeof(local_host)-1] = 0;
+ }
+ auth_encrypt_init(local_host, hostname, "TELNET", 0);
+ }
+#endif
+
/* if we are doing raw SSL then start it now ... */
if (ssl_only_flag) {
if (!SSL_connect(ssl_con)) {
- static char errbuf[1024];
+ /* static char errbuf[1024]; */
ERR_print_errors_fp(stderr);
perror("SSL_connect");
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/network.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/network.cc
--- netkit-telnet-ssl-0.17.24+0.1/telnet/network.cc 2004-05-27 11:47:01.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/network.cc 2010-05-11 13:44:40.066988214 +0200
@@ -35,7 +35,7 @@
* From: @(#)network.c 5.2 (Berkeley) 3/1/91
*/
char net_rcsid[] =
- "$Id: network.cc,v 1.15 1996/08/13 08:09:58 dholland Exp $";
+ "$Id: network.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
#include <sys/types.h>
#include <sys/socket.h>
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/proto.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/proto.h
--- netkit-telnet-ssl-0.17.24+0.1/telnet/proto.h 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/proto.h 2010-05-11 13:44:40.070321269 +0200
@@ -10,9 +10,11 @@
int TerminalSpecialChars(int);
void TerminalSpeeds(long *ispeed, long *ospeed);
int TerminalWindowSize(long *rows, long *cols);
+#if 0
void auth_encrypt_user(char *);
void auth_name(unsigned char *, int);
void auth_printsub(unsigned char *, int, unsigned char *, int);
+#endif
void cmdrc(const char *, const char *, const char *);
void env_init(void);
int getconnmode(void);
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/ring.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.cc
--- netkit-telnet-ssl-0.17.24+0.1/telnet/ring.cc 2004-05-27 11:47:01.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.cc 2010-05-11 13:44:40.070321269 +0200
@@ -35,7 +35,7 @@
* From: @(#)ring.c 5.2 (Berkeley) 3/1/91
*/
char ring_rcsid[] =
- "$Id: ring.cc,v 1.23 2000/07/23 03:25:09 dholland Exp $";
+ "$Id: ring.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
/*
* This defines a structure for a ring buffer.
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/ring.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.h
--- netkit-telnet-ssl-0.17.24+0.1/telnet/ring.h 2004-05-27 11:47:01.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.h 2010-05-11 13:44:40.070321269 +0200
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* from: @(#)ring.h 5.2 (Berkeley) 3/1/91
- * $Id: ring.h,v 1.13 1996/08/13 08:43:28 dholland Exp $
+ * $Id: ring.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
*/
class datasink {
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/sys_bsd.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/sys_bsd.cc
--- netkit-telnet-ssl-0.17.24+0.1/telnet/sys_bsd.cc 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/sys_bsd.cc 2010-05-11 13:44:40.070321269 +0200
@@ -35,7 +35,7 @@
* From: @(#)sys_bsd.c 5.2 (Berkeley) 3/1/91
*/
char bsd_rcsid[] =
- "$Id: sys_bsd.cc,v 1.24 1999/09/28 16:29:24 dholland Exp $";
+ "$Id: sys_bsd.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
/*
* The following routines try to encapsulate what is system dependent
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.1 netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.1
--- netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.1 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.1 2010-05-11 13:44:40.073654603 +0200
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" from: @(#)telnet.1 6.16 (Berkeley) 7/27/91
-.\" $Id: telnet.1,v 1.15 2000/07/30 23:57:08 dholland Exp $
+.\" $Id: telnet.1,v 1.5 2006-09-24 00:48:31 ianb Exp $
.\"
.Dd August 15, 1999
.Dt TELNET 1
@@ -42,12 +42,14 @@
protocol
.Sh SYNOPSIS
.Nm telnet
-.Op Fl 468ELadr
+.Op Fl 468EKLadr
.Op Fl S Ar tos
+.Op Fl X Ar authtype
.Op Fl b Ar address
.Op Fl e Ar escapechar
.Op Fl l Ar user
.Op Fl n Ar tracefile
+.Op Fl z Ar option
.Oo
.Ar host
.Op Ar port
@@ -152,44 +154,47 @@
command below.
.It Fl z Ar option
Set SSL (Secure Socket Layer) parameters. The default is to negotiate
-via telnet protocoll if SSL is availlable at server side and then to
+via telnet protocol if SSL is available at server side and then to
switch it on. In this mode you can connect to both conventional and
-SSL enhanced telnetd's.
+SSL enhanced telnetd's. If the connection is made to localhost and
+.Ic -z secure
+is not set, then
+SSL is not enabled.
.Pp
The SSL parameters are:
.Bl -tag -width Fl
-.It Ic Ar debug
+.It Ic debug
Send SSL related debugging information to stderr.
-.It Ic Ar authdebug
+.It Ic authdebug
Enable authentication debugging.
-.It Ic Ar ssl
+.It Ic ssl
Negotiate SSL at first, then use telnet protocol. In this mode you can
connect to any server supporting directly SSL like Apache-SSL. Use
.Ic telnet -z ssl ssl3.netscape.com https
for example. telnet protocol negotiation goes encrypted.
-.It Ic Ar nossl, Ar !ssl
-switch of SSL negotiation
-.It Ic Ar certrequired
-client certificate is mandatory
-.It Ic Ar secure
+.It Ic nossl, Ic !ssl
+switch off SSL negotiation
+.It Ic certrequired
+server certificate is mandatory
+.It Ic secure
Don't switch back to unencrypted mode (no SSL) if SSL is not available.
-.It Ic Ar verbose
+.It Ic verbose
Be verbose about certificates etc.
-.It Ic Ar verify=int
+.It Ic verify= Ns Ar int
.\" TODO
Set the SSL verify flags (SSL_VERIFY_* in
.Ar ssl/ssl.h
).
.\" TODO
-.It Ic Ar cert=cert_file
+.It Ic cert= Ns Ar cert_file
.\" TODO
Use the certificate(s) in
.Ar cert_file .
-.It Ic Ar key=key_file
+.It Ic key= Ns Ar key_file
.\" TODO
Use the key(s) in
.Ar key_file .
-.It Ic Ar cipher=ciph_list
+.It Ic cipher= Ns Ar ciph_list
.\" TODO
Set the preferred ciphers to
.Ar ciph_list .
@@ -319,10 +324,6 @@
List the current status of the various types of
authentication.
.El
-.Pp
-Note that the current version of
-.Nm telnet
-does not support authentication.
.It Ic close
Close the connection to the remote host, if any, and return to command
mode.
@@ -332,49 +333,49 @@
and
.Ic toggle
values (see below).
-.It Ic encrypt Ar argument ...
-The encrypt command controls the
-.Dv TELNET ENCRYPT
-protocol option. If
-.Nm telnet
-was compiled without encryption, the
-.Ic encrypt
-command will not be supported.
-.Pp
-Valid arguments are as follows:
-.Bl -tag -width Ar
-.It Ic disable Ar type Ic [input|output]
-Disable the specified type of encryption. If you do not specify input
-or output, encryption of both is disabled. To obtain a list of
-available types, use ``encrypt disable \&?''.
-.It Ic enable Ar type Ic [input|output]
-Enable the specified type of encryption. If you do not specify input
-or output, encryption of both is enabled. To obtain a list of
-available types, use ``encrypt enable \&?''.
-.It Ic input
-This is the same as ``encrypt start input''.
-.It Ic -input
-This is the same as ``encrypt stop input''.
-.It Ic output
-This is the same as ``encrypt start output''.
-.It Ic -output
-This is the same as ``encrypt stop output''.
-.It Ic start Ic [input|output]
-Attempt to begin encrypting. If you do not specify input or output,
-encryption of both input and output is started.
-.It Ic status
-Display the current status of the encryption module.
-.It Ic stop Ic [input|output]
-Stop encrypting. If you do not specify input or output, encryption of
-both is stopped.
-.It Ic type Ar type
-Sets the default type of encryption to be used with later ``encrypt start''
-or ``encrypt stop'' commands.
-.El
-.Pp
-Note that the current version of
-.Nm telnet
-does not support encryption.
+.\" .It Ic encrypt Ar argument ...
+.\" The encrypt command controls the
+.\" .Dv TELNET ENCRYPT
+.\" protocol option. If
+.\" .Nm telnet
+.\" was compiled without encryption, the
+.\" .Ic encrypt
+.\" command will not be supported.
+.\" .Pp
+.\" Valid arguments are as follows:
+.\" .Bl -tag -width Ar
+.\" .It Ic disable Ar type Ic [input|output]
+.\" Disable the specified type of encryption. If you do not specify input
+.\" or output, encryption of both is disabled. To obtain a list of
+.\" available types, use ``encrypt disable \&?''.
+.\" .It Ic enable Ar type Ic [input|output]
+.\" Enable the specified type of encryption. If you do not specify input
+.\" or output, encryption of both is enabled. To obtain a list of
+.\" available types, use ``encrypt enable \&?''.
+.\" .It Ic input
+.\" This is the same as ``encrypt start input''.
+.\" .It Ic -input
+.\" This is the same as ``encrypt stop input''.
+.\" .It Ic output
+.\" This is the same as ``encrypt start output''.
+.\" .It Ic -output
+.\" This is the same as ``encrypt stop output''.
+.\" .It Ic start Ic [input|output]
+.\" Attempt to begin encrypting. If you do not specify input or output,
+.\" encryption of both input and output is started.
+.\" .It Ic status
+.\" Display the current status of the encryption module.
+.\" .It Ic stop Ic [input|output]
+.\" Stop encrypting. If you do not specify input or output, encryption of
+.\" both is stopped.
+.\" .It Ic type Ar type
+.\" Sets the default type of encryption to be used with later ``encrypt start''
+.\" or ``encrypt stop'' commands.
+.\" .El
+.\" .Pp
+.\" Note that the current version of
+.\" .Nm telnet
+.\" does not support encryption.
.It Ic environ Ar arguments...
The
.Ic environ
@@ -1017,6 +1018,16 @@
.Ic slc
command.
.El
+.It Ic startssl
+Attempt to negotiate telnet-over-SSL (as with the
+.Ic -z ssl
+option). This is useful when connecting to non-telnetds such
+as imapd (with the
+.Ic STARTTLS
+command). To control SSL when connecting to a SSL-enabled
+telnetd, use the
+.Ic auth
+command instead.
.It Ic status
Show the current status of
.Nm telnet .
@@ -1079,17 +1090,17 @@
.Dv FALSE
(see
.Xr stty 1 ) .
-.It Ic autodecrypt
-When the
-.Dv TELNET ENCRYPT
-option is negotiated, by
-default the actual encryption (decryption) of the data
-stream does not start automatically. The autoencrypt
-(autodecrypt) command states that encryption of the
-output (input) stream should be enabled as soon as
-possible.
-.Pp
-Note that this flag exists only if encryption support is enabled.
+.\" .It Ic autodecrypt
+.\" When the
+.\" .Dv TELNET ENCRYPT
+.\" option is negotiated, by
+.\" default the actual encryption (decryption) of the data
+.\" stream does not start automatically. The autoencrypt
+.\" (autodecrypt) command states that encryption of the
+.\" output (input) stream should be enabled as soon as
+.\" possible.
+.\" .Pp
+.\" Note that this flag exists only if encryption support is enabled.
.It Ic autologin
If the remote side supports the
.Dv TELNET AUTHENTICATION
@@ -1174,9 +1185,9 @@
.Ic super user ) .
The initial value for this toggle is
.Dv FALSE .
-.It Ic encdebug
-Turns on debugging information for the encryption code.
-Note that this flag only exists if encryption support is available.
+.\" .It Ic encdebug
+.\" Turns on debugging information for the encryption code.
+.\" Note that this flag only exists if encryption support is available.
.It Ic localchars
If this is
.Dv TRUE ,
@@ -1221,8 +1232,9 @@
is sent as
.Ic abort ,
and
-.Ic eof and
-.B suspend
+.Ic eof
+and
+.Ic suspend
are sent as
.Ic eof and
.Ic susp ,
@@ -1263,16 +1275,16 @@
Toggles the display of all terminal data (in hexadecimal format).
The initial value for this toggle is
.Dv FALSE .
-.It Ic verbose_encrypt
-When the
-.Ic verbose_encrypt
-toggle is
-.Dv TRUE ,
-.Tn TELNET
-prints out a message each time encryption is enabled or
-disabled. The initial value for this toggle is
-.Dv FALSE.
-This flag only exists if encryption support is available.
+.\" .It Ic verbose_encrypt
+.\" When the
+.\" .Ic verbose_encrypt
+.\" toggle is
+.\" .Dv TRUE ,
+.\" .Tn TELNET
+.\" prints out a message each time encryption is enabled or
+.\" disabled. The initial value for this toggle is
+.\" .Dv FALSE.
+.\" This flag only exists if encryption support is available.
.It Ic \&?
Displays the legal
.Ic toggle
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.cc
--- netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.cc 2004-05-27 11:47:26.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.cc 2010-05-11 13:44:40.076987936 +0200
@@ -47,7 +47,7 @@
* From: @(#)telnet.c 5.53 (Berkeley) 3/22/91
*/
char telnet_rcsid[] =
-"$Id: telnet.cc,v 1.36 2000/07/23 03:24:53 dholland Exp $";
+"$Id: telnet.cc,v 1.8 2005-04-14 15:26:27 ianb Exp $";
#include <string.h>
#include <sys/types.h>
@@ -107,6 +107,7 @@
eight = 3,
binary = 0,
autologin = 0, /* Autologin anyone? */
+ use_authentication = 0,
skiprc = 0,
connected,
showoptions,
@@ -495,7 +496,8 @@
break;
#if defined(AUTHENTICATE)
case TELOPT_AUTHENTICATION:
- if (autologin)
+ /* if (autologin) */
+ if (use_authentication)
new_state_ok = 1;
break;
#endif
@@ -722,6 +724,7 @@
*/
static void suboption(void) {
+ extern int auth_failed;
printsub('<', subbuffer, SB_LEN()+2);
switch (SB_GET()) {
case TELOPT_TTYPE:
@@ -845,7 +848,8 @@
#if defined(AUTHENTICATE)
case TELOPT_AUTHENTICATION: {
- if (!autologin)
+ /* if (!autologin) */
+ if (!use_authentication)
break;
if (SB_EOF())
return;
@@ -864,6 +868,10 @@
if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
return;
auth_reply(subpointer, SB_LEN());
+ if(auth_failed) {
+ /* auth rejected, quit */
+ quit();
+ }
break;
case TELQUAL_NAME:
if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
@@ -1140,6 +1148,7 @@
unsigned char slc_reply[128];
+unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)];
unsigned char *slc_replyp;
void slc_start_reply(void) {
@@ -1151,6 +1160,14 @@
}
void slc_add_reply(int func, int flags, int value) {
+ /* A sequence of up to 6 bytes my be written for this member of the SLC
+ * suboption list by this function. The end of negotiation command,
+ * which is written by slc_end_reply(), will require 2 additional
+ * bytes. Do not proceed unless there is sufficient space for these
+ * items.
+ */
+ if (&slc_replyp[6+2] > slc_reply_eom)
+ return;
if ((*slc_replyp++ = func) == IAC)
*slc_replyp++ = IAC;
if ((*slc_replyp++ = flags) == IAC)
@@ -1819,25 +1836,19 @@
*/
void telnet(const char *user) {
sys_telnet_init();
-
-#if defined(AUTHENTICATE)
- {
- static char local_host[256] = { 0 };
- int len = sizeof(local_host);
-
- if (!local_host[0]) {
- gethostname(local_host, len); /* WAS &len!!! */
- local_host[sizeof(local_host)-1] = 0;
- }
- auth_encrypt_init(local_host, hostname, "TELNET", 0);
- auth_encrypt_user(user);
- }
+
+#ifdef AUTHENTICATE
+ auth_encrypt_user(user);
#endif
-
+
#if !defined(TN3270)
if (telnetport) {
+
+ send_will(TELOPT_ENVIRON, 1);
+
#if defined(AUTHENTICATE)
- if (autologin)
+ /* if (autologin) */
+ if (use_authentication)
send_will(TELOPT_AUTHENTICATION, 1);
#endif
send_do(TELOPT_SGA, 1);
@@ -1846,7 +1857,6 @@
send_will(TELOPT_TSPEED, 1);
send_will(TELOPT_LFLOW, 1);
send_will(TELOPT_LINEMODE, 1);
- send_will(TELOPT_ENVIRON, 1);
send_do(TELOPT_STATUS, 1);
if (env_getvalue("DISPLAY", 0))
send_will(TELOPT_XDISPLOC, 1);
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/terminal.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/terminal.cc
--- netkit-telnet-ssl-0.17.24+0.1/telnet/terminal.cc 2004-05-27 11:47:01.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/terminal.cc 2010-05-11 13:44:40.080321548 +0200
@@ -35,7 +35,7 @@
* From: @(#)terminal.c 5.3 (Berkeley) 3/22/91
*/
char terminal_rcsid[] =
- "$Id: terminal.cc,v 1.25 1999/12/12 19:48:05 dholland Exp $";
+ "$Id: terminal.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
#include <arpa/telnet.h>
#include <sys/types.h>
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/tn3270.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/tn3270.cc
--- netkit-telnet-ssl-0.17.24+0.1/telnet/tn3270.cc 1996-08-13 11:08:34.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/tn3270.cc 2010-05-11 13:44:40.080321548 +0200
@@ -35,7 +35,7 @@
* From: @(#)tn3270.c 5.2 (Berkeley) 3/1/91
*/
char tn3270_rcsid[] =
- "$Id: tn3270.cc,v 1.9 1996/08/13 09:08:34 dholland Exp $";
+ "$Id: tn3270.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
#include <sys/types.h>
#include <arpa/telnet.h>
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/types.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/types.h
--- netkit-telnet-ssl-0.17.24+0.1/telnet/types.h 1996-07-27 02:45:54.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/types.h 2010-05-11 13:44:40.083654043 +0200
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* from: @(#)types.h 5.1 (Berkeley) 9/14/90
- * $Id: types.h,v 1.2 1996/07/27 00:45:54 dholland Exp $
+ * $Id: types.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
*/
typedef struct {
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/utilities.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/utilities.cc
--- netkit-telnet-ssl-0.17.24+0.1/telnet/utilities.cc 2004-05-27 11:47:27.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/utilities.cc 2010-05-11 13:44:40.083654043 +0200
@@ -35,7 +35,7 @@
* From: @(#)utilities.c 5.3 (Berkeley) 3/22/91
*/
char util_rcsid[] =
- "$Id: utilities.cc,v 1.19 1999/12/12 15:33:40 dholland Exp $";
+ "$Id: utilities.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $";
#define TELOPTS
#define TELCMDS
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/authenc.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/authenc.c
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/authenc.c 2004-05-27 11:47:01.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/authenc.c 2010-05-11 13:44:40.086987376 +0200
@@ -23,7 +23,7 @@
* From: @(#)authenc.c 5.1 (Berkeley) 3/1/91
*/
char authenc_rcsid[] =
- "$Id: authenc.c,v 1.5 1999/12/12 14:59:44 dholland Exp $";
+ "$Id: authenc.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
#if defined(ENCRYPT) || defined(AUTHENTICATE)
#include "telnetd.h"
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/defs.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/defs.h
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/defs.h 2004-05-27 11:47:01.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/defs.h 2010-05-11 13:44:40.086987376 +0200
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* from: @(#)defs.h 5.10 (Berkeley) 3/1/91
- * $Id: defs.h,v 1.7 1999/08/02 03:14:03 dholland Exp $
+ * $Id: defs.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
*/
/*
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/ext.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/ext.h
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/ext.h 2004-05-27 11:47:27.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/ext.h 2010-05-11 13:44:40.086987376 +0200
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* from: @(#)ext.h 5.7 (Berkeley) 3/1/91
- * $Id: ext.h,v 1.9 1999/12/12 14:59:44 dholland Exp $
+ * $Id: ext.h,v 1.2 2004-11-21 12:53:12 ianb Exp $
*/
/*
@@ -113,7 +113,7 @@
void interrupt(void);
void localstat(void);
void netclear(void);
-void netflush(void);
+int netflush(void);
size_t netbuflen(int);
void sendurg(const char *, size_t);
@@ -183,7 +183,8 @@
void tty_tspeed(int);
void willoption(int);
void wontoption(int);
-#define writenet(b, l) fwrite(b, 1, l, netfile)
+int writenet(char *, int);
+/*#define writenet(b, l) fwrite(b, 1, l, netfile)*/
void netopen(void);
#if defined(ENCRYPT)
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/getent.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/getent.c
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/getent.c 1996-08-15 08:23:28.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/getent.c 2010-05-11 13:44:40.086987376 +0200
@@ -35,7 +35,7 @@
* From: @(#)getent.c 5.1 (Berkeley) 2/28/91
*/
char ge_rcsid[] =
- "$Id: getent.c,v 1.3 1996/08/15 06:23:28 dholland Exp $";
+ "$Id: getent.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
/*
* Copyright (c) 1991 Regents of the University of California.
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/global.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/global.c
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/global.c 2004-05-27 11:47:01.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/global.c 2010-05-11 13:44:40.090341661 +0200
@@ -35,7 +35,7 @@
* From: @(#)global.c 5.2 (Berkeley) 6/1/90
*/
char global_rcsid[] =
- "$Id: global.c,v 1.4 1999/12/12 14:59:44 dholland Exp $";
+ "$Id: global.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
/*
* Allocate global variables.
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/issue.net.5 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/issue.net.5
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/issue.net.5 2004-05-27 11:47:01.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/issue.net.5 2010-05-11 13:44:40.090341661 +0200
@@ -15,26 +15,26 @@
.Pa /etc/issue.net
is a text file which contains a message or system identification to be
printed before the login prompt of a telnet session. It may contain
-various `%-char' sequences. The following sequences are supported by
+various `%\&\-char' sequences. The following sequences are supported by
.Ic telnetd :
.Bl -tag -offset indent -compact -width "abcde"
-.It %t
+.It %\&t
- show the current tty
-.It %h
+.It %\&h
- show the system node name (FQDN)
-.It %D
+.It %\&D
- show the name of the NIS domain
-.It %d
+.It %\&d
- show the current time and date
-.It %s
+.It %\&s
- show the name of the operating system
-.It %m
+.It %\&m
- show the machine (hardware) type
-.It %r
+.It %\&r
- show the operating system release
-.It %v
+.It %\&v
- show the operating system version
-.It %%
+.It %\&%
- display a single '%' character
.El
.Sh FILES
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/Makefile
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/Makefile 2004-05-27 11:47:27.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/Makefile 2010-05-11 14:12:59.493485309 +0200
@@ -9,9 +9,11 @@
# take out -DPARANOID_TTYS.
CFLAGS += '-DISSUE_FILE="/etc/issue.net"' -DPARANOID_TTYS \
- -DNO_REVOKE -DKLUDGELINEMODE -DDIAGNOSTICS \
- -DLOGIN_WRAPPER=\"/usr/lib/telnetlogin\"
-# LIBS += $(LIBTERMCAP)
+ -DNO_REVOKE -DKLUDGELINEMODE -DDIAGNOSTICS -DAUTHENTICATE \
+ -DLOGIN_WRAPPER=\"/usr/lib/telnetlogin\" \
+ -DUSE_SSL -I/usr/include/openssl -I..
+LIBTELNET = ../libtelnet/libtelnet.a
+LIBS += $(LIBTERMCAP) $(LIBTELNET) -lssl -lcrypto
OBJS = telnetd.o state.o termstat.o slc.o sys_term.o utility.o \
global.o setproctitle.o
@@ -28,10 +30,10 @@
telnetd.o: ../version.h
install: telnetd
- install -s -m$(DAEMONMODE) telnetd $(INSTALLROOT)$(SBINDIR)/in.telnetd
- install -m$(MANMODE) issue.net.5 $(INSTALLROOT)$(MANDIR)/man5/
- install -m$(MANMODE) telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/in.telnetd.8
- ln -sf in.telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/telnetd.8
+ install -m$(DAEMONMODE) telnetd $(INSTALLROOT)$(SBINDIR)/in.telnetd-ssl
+# install -m$(MANMODE) issue.net.5 $(INSTALLROOT)$(MANDIR)/man5/
+ install -m$(MANMODE) telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/in.telnetd-ssl.8
+ ln -sf in.telnetd-ssl.8 $(INSTALLROOT)$(MANDIR)/man8/telnetd-ssl.8
clean:
rm -f *.o telnetd
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/pathnames.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/pathnames.h
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/pathnames.h 1996-08-30 00:31:24.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/pathnames.h 2010-05-11 13:44:40.090341661 +0200
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* from: @(#)pathnames.h 5.5 (Berkeley) 6/28/90
- * $Id: pathnames.h,v 1.3 1996/08/29 22:31:24 dholland Exp $
+ * $Id: pathnames.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
*/
#include <paths.h>
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.3 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.3
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.3 2000-07-31 01:57:09.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.3 2010-05-11 13:44:40.090341661 +0200
@@ -1,5 +1,5 @@
.\" OpenBSD: setproctitle.3,v 1.4 1996/10/08 01:20:08 michaels Exp
-.\" $Id: setproctitle.3,v 1.13 2000/07/30 23:57:09 dholland Exp $
+.\" $Id: setproctitle.3,v 1.1 2004-10-14 13:19:53 ianb Exp $
.\"
.\" Copyright (c) 1994, 1995 Christopher G. Demetriou
.\" All rights reserved.
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.c
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.c 2004-05-27 11:47:01.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.c 2010-05-11 13:44:40.090341661 +0200
@@ -39,7 +39,7 @@
* From: @(#)conf.c 8.243 (Berkeley) 11/20/95
*/
char setproctitle_rcsid[] =
- "$Id: setproctitle.c,v 1.3 1999/12/10 23:06:39 bryce Exp $";
+ "$Id: setproctitle.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
#include <stdlib.h>
#include <string.h>
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/slc.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/slc.c
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/slc.c 1999-12-12 15:59:44.000000000 +0100
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/slc.c 2010-05-11 13:44:40.096989611 +0200
@@ -35,7 +35,7 @@
* From: @(#)slc.c 5.7 (Berkeley) 3/1/91
*/
char slc_rcsid[] =
- "$Id: slc.c,v 1.5 1999/12/12 14:59:44 dholland Exp $";
+ "$Id: slc.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
#include "telnetd.h"
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/state.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/state.c
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/state.c 2004-05-27 11:47:27.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/state.c 2010-05-11 13:44:40.100321827 +0200
@@ -35,11 +35,12 @@
* From: @(#)state.c 5.10 (Berkeley) 3/22/91
*/
char state_rcsid[] =
- "$Id: state.c,v 1.12 1999/12/12 19:41:44 dholland Exp $";
+ "$Id: state.c,v 1.5 2005-07-07 21:53:00 ianb Exp $";
#include "telnetd.h"
#if defined(AUTHENTICATE)
#include <libtelnet/auth.h>
+extern char *UserNameRequested;
#endif
int not42 = 1;
@@ -1161,7 +1162,7 @@
case TELOPT_ENVIRON: {
register int c;
- register char *cp, *varp, *valp;
+ register unsigned char *cp, *varp, *valp;
if (SB_EOF())
return;
@@ -1177,25 +1178,41 @@
if (SB_EOF())
return;
- cp = varp = (char *)subpointer;
+ cp = varp = (unsigned char *)subpointer;
valp = 0;
while (!SB_EOF()) {
switch (c = SB_GET()) {
case ENV_VALUE:
*cp = '\0';
- cp = valp = (char *)subpointer;
+ cp = valp = (unsigned char *)subpointer;
break;
case ENV_VAR:
*cp = '\0';
- if (envvarok(varp)) {
- if (valp)
- (void)setenv(varp, valp, 1);
- else
- unsetenv(varp);
+ if (envvarok((char *)varp)) {
+ if (valp) {
+ (void)setenv((char *)varp, (char *)valp, 1);
+#ifdef AUTHENTICATE
+ if (strcmp((char *)varp,"USER") == 0) {
+ if (UserNameRequested)
+ free(UserNameRequested);
+ UserNameRequested=strdup((char *)valp);
+ }
+#endif /* AUTHENTICATE */
+ }
+ else {
+ unsetenv((char *)varp);
+#ifdef AUTHENTICATE
+ if (strcmp((char *)varp,"USER") == 0) {
+ if (UserNameRequested)
+ free(UserNameRequested);
+ UserNameRequested=NULL;
+ }
+#endif /* AUTHENTICATE */
+ }
}
- cp = varp = (char *)subpointer;
+ cp = varp = (unsigned char *)subpointer;
valp = 0;
break;
@@ -1211,11 +1228,27 @@
}
}
*cp = '\0';
- if (envvarok(varp)) {
- if (valp)
- (void)setenv(varp, valp, 1);
- else
- unsetenv(varp);
+ if (envvarok((char *)varp)) {
+ if (valp) {
+ (void)setenv((char *)varp, (char *)valp, 1);
+#ifdef AUTHENTICATE
+ if (strcmp((char *)varp,"USER") == 0) {
+ if (UserNameRequested)
+ free(UserNameRequested);
+ UserNameRequested=strdup((char *)valp);
+ }
+#endif /* AUTHENTICATE */
+ }
+ else {
+ unsetenv((char *)varp);
+#ifdef AUTHENTICATE
+ if (strcmp((char *)varp,"USER") == 0) {
+ if (UserNameRequested)
+ free(UserNameRequested);
+ UserNameRequested=NULL;
+ }
+#endif /* AUTHENTICATE */
+ }
}
break;
} /* end of case TELOPT_ENVIRON */
@@ -1367,7 +1400,7 @@
ADD(IAC);
ADD(SE);
- writenet(statusbuf, ncp - statusbuf);
+ writenet((char *)statusbuf, ncp - statusbuf);
netflush(); /* Send it on its way */
DIAG(TD_OPTIONS, {printsub('>', statusbuf, ncp - statusbuf); netflush();});
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/sys_term.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/sys_term.c
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/sys_term.c 2004-05-27 11:47:27.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/sys_term.c 2010-05-11 13:44:40.106987377 +0200
@@ -35,7 +35,7 @@
* From: @(#)sys_term.c 5.16 (Berkeley) 3/22/91
*/
char st_rcsid[] =
- "$Id: sys_term.c,v 1.17 1999/12/17 14:28:47 dholland Exp $";
+ "$Id: sys_term.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
#include <utmp.h>
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.8 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.8
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.8 2004-05-27 11:47:27.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.8 2010-05-11 13:44:40.106987377 +0200
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" from: @(#)telnetd.8 6.8 (Berkeley) 4/20/91
-.\" $Id: telnetd.8,v 1.18 2000/07/30 23:57:10 dholland Exp $
+.\" $Id: telnetd.8,v 1.5 2006-09-24 00:48:31 ianb Exp $
.\"
.Dd December 29, 1996
.Dt TELNETD 8
@@ -42,7 +42,7 @@
protocol server
.Sh SYNOPSIS
.Nm /usr/sbin/in.telnetd
-.Op Fl hns
+.Op Fl hnNs
.Op Fl a Ar authmode
.Op Fl D Ar debugmode
.Op Fl L Ar loginprg
@@ -50,6 +50,7 @@
.Op Fl X Ar authtype
.Op Fl edebug
.Op Fl debug Ar port
+.Op Fl z Ar sslopt
.Sh DESCRIPTION
The
.Nm telnetd
@@ -175,6 +176,9 @@
if the client is still there, so that idle connections
from machines that have crashed or can no longer
be reached may be cleaned up.
+.It Fl N
+Disable reverse DNS lookups and use the numeric IP address in logs
+and REMOTEHOST environment variable.
.It Fl s
This option is only enabled if
.Nm telnetd
@@ -219,12 +223,16 @@
only accepts connections from SSL enhanced telnet with option
.Ic -z ssl
.It Ic nossl, !ssl
-switch of SSL negotiation
+switch off SSL negotiation
.It Ic certsok
Look username up in /etc/ssl.users. The format of this file is lines
of this form:
.Ar user1,user2:/C=US/.....
-where user1 and user2 are usernames. If client certificate is valid,
+where user1 and user2 are usernames and /C=US/... is the subject name of
+the certificate. Use
+.Ar openssl x509 -subject -noout
+to extract the subject name.
+If client certificate is valid,
authenticate without password.
.It Ic certrequired
client certificate is mandatory
@@ -451,7 +459,6 @@
is compiled with support for data encryption, and
indicates a willingness to decrypt
the data stream.
-.Xr issue.net 5 ) .
.El
.Sh FILES
.Pa /etc/services ,
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.c
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.c 2004-05-27 11:47:27.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.c 2010-05-11 13:44:40.113654043 +0200
@@ -39,7 +39,7 @@
* From: @(#)telnetd.c 5.48 (Berkeley) 3/1/91
*/
char telnetd_rcsid[] =
- "$Id: telnetd.c,v 1.24 2000/04/12 21:36:12 dholland Exp $";
+ "$Id: telnetd.c,v 1.7 2006-06-16 13:29:00 ianb Exp $";
#include "../version.h"
@@ -90,6 +90,7 @@
int debug = 0;
int keepalive = 1;
+int numeric_hosts = 0;
#ifdef LOGIN_WRAPPER
char *loginprg = LOGIN_WRAPPER;
#else
@@ -222,13 +223,12 @@
* certificate that we will be running with as we cannot
* be sure of the cwd when we are launched
*/
- sprintf(cert_filepath,"%s/%s",X509_get_default_cert_dir(),
- "telnetd.pem");
+ strcpy(cert_filepath, "/etc/telnetd-ssl/telnetd.pem");
ssl_cert_file=cert_filepath;
ssl_key_file=NULL;
#endif /* USE_SSL */
- while ((ch = getopt(argc, argv, "d:a:e:lhnr:I:D:B:sS:a:X:L:z:")) != EOF) {
+ while ((ch = getopt(argc, argv, "d:a:e:lhnNr:I:D:B:sS:a:X:L:z:")) != EOF) {
switch(ch) {
#ifdef USE_SSL
@@ -389,6 +389,10 @@
keepalive = 0;
break;
+ case 'N':
+ numeric_hosts = 1;
+ break;
+
#ifdef SecurID
case 's':
/* SecurID required */
@@ -427,7 +431,7 @@
#ifdef USE_SSL
- if (ssl_secure_flag || ssl_cert_required) {
+ if (ssl_secure_flag || ssl_cert_required || ssl_certsok_flag) {
/* in secure mode we *must* switch on the base level
* verify checking otherwise we cannot abort connections
* at the right place!
@@ -520,9 +524,9 @@
sprintf(errbuf,"SSL_accept error %s\n",
ERR_error_string(ERR_get_error(),NULL));
- syslog(LOG_WARNING, errbuf);
+ syslog(LOG_WARNING, "%s", errbuf);
- BIO_printf(bio_err,errbuf);
+ BIO_printf(bio_err,"%s",errbuf);
/* go to sleep to make sure we are noticed */
sleep(10);
@@ -571,6 +575,11 @@
#ifdef AUTHENTICATE
fprintf(stderr, " [-X auth-type]");
#endif
+#ifdef USE_SSL
+ /* might as well output something useful here ... */
+ fprintf(stderr, "\n\t [-z ssl] [-z secure] [-z debug] [-z verify=int]\n\t");
+ fprintf(stderr, " [-z cert=file] [-z key=file]\n\t");
+#endif /* USE_SSL */
fprintf(stderr, "\n");
exit(1);
}
@@ -596,6 +605,18 @@
/*
* Handle the Authentication option before we do anything else.
*/
+ send_do(TELOPT_ENVIRON, 1);
+ while (his_will_wont_is_changing(TELOPT_ENVIRON)) {
+ ttloop();
+ }
+
+ if (his_state_is_will(TELOPT_ENVIRON)) {
+ netoprintf("%c%c%c%c%c%c",
+ IAC, SB, TELOPT_ENVIRON, TELQUAL_SEND, IAC, SE);
+ while (sequenceIs(environsubopt, baseline))
+ ttloop();
+ }
+
send_do(TELOPT_AUTHENTICATION, 1);
while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
ttloop();
@@ -654,7 +675,6 @@
send_do(TELOPT_TTYPE, 1);
send_do(TELOPT_TSPEED, 1);
send_do(TELOPT_XDISPLOC, 1);
- send_do(TELOPT_ENVIRON, 1);
while (
#if defined(ENCRYPT)
his_do_dont_is_changing(TELOPT_ENCRYPT) ||
@@ -698,10 +718,6 @@
while (sequenceIs(xdisplocsubopt, baseline))
ttloop();
}
- if (his_state_is_will(TELOPT_ENVIRON)) {
- while (sequenceIs(environsubopt, baseline))
- ttloop();
- }
if (his_state_is_will(TELOPT_TTYPE)) {
char first[256], last[256];
@@ -852,7 +868,7 @@
static void
doit(struct sockaddr *who, socklen_t who_len)
{
- const char *host;
+ char *host;
int level;
char user_name[256];
int i;
@@ -867,7 +883,8 @@
/* get name of connected client */
if (getnameinfo(who, who_len, remote_host_name,
- sizeof(remote_host_name), 0, 0, 0)) {
+ sizeof(remote_host_name), 0, 0,
+ numeric_hosts ? NI_NUMERICHOST : 0)) {
syslog(LOG_ERR, "doit: getnameinfo: %m");
*remote_host_name = 0;
}
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.h
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.h 1999-03-27 08:46:21.000000000 +0100
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.h 2010-05-11 13:44:40.113654043 +0200
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* from: @(#)telnetd.h 5.3 (Berkeley) 3/1/91
- * $Id: telnetd.h,v 1.2 1999/03/27 07:46:21 dholland Exp $
+ * $Id: telnetd.h,v 1.1 2004-10-14 13:19:53 ianb Exp $
*/
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/termstat.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/termstat.c
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/termstat.c 1999-12-12 15:59:45.000000000 +0100
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/termstat.c 2010-05-11 13:44:40.113654043 +0200
@@ -35,7 +35,7 @@
* From: @(#)termstat.c 5.10 (Berkeley) 3/22/91
*/
char termstat_rcsid[] =
- "$Id: termstat.c,v 1.6 1999/12/12 14:59:45 dholland Exp $";
+ "$Id: termstat.c,v 1.1 2004-10-14 13:19:53 ianb Exp $";
#include "telnetd.h"
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/utility.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/utility.c
--- netkit-telnet-ssl-0.17.24+0.1/telnetd/utility.c 2004-05-27 11:47:27.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/utility.c 2010-05-11 13:45:21.990318196 +0200
@@ -35,7 +35,7 @@
* From: @(#)utility.c 5.8 (Berkeley) 3/22/91
*/
char util_rcsid[] =
- "$Id: utility.c,v 1.11 1999/12/12 14:59:45 dholland Exp $";
+ "$Id: utility.c,v 1.8 2006-09-24 00:48:31 ianb Exp $";
#define PRINTOPTIONS
@@ -49,6 +49,15 @@
#include "telnetd.h"
+/* patched by fluke.l at gmail.com , im not sure it's gonna work or not */
+typedef struct {
+ int (*read) (void *, char *, int);
+ int (*write) (void *, char const *, int);
+ fpos_t (*seek) (void *, fpos_t, int);
+ int (*close) (void *);
+} cookie_io_functions_t;
+/* end patch */
+
struct buflist {
struct buflist *next;
char *buf;
@@ -86,6 +95,11 @@
DIAG(TD_REPORT, netoprintf("td: ttloop\r\n"););
netflush();
+#ifdef USE_SSL
+ if (ssl_active_flag)
+ ncc = SSL_read(ssl_con, netibuf, sizeof netibuf);
+ else
+#endif /* USE_SSL */
ncc = read(net, netibuf, sizeof(netibuf));
if (ncc < 0) {
syslog(LOG_INFO, "ttloop: read: %m\n");
@@ -216,7 +230,7 @@
}
out:
- return next ? next + (current - end) : current;
+ return (const char *) (next ? (next + (current - end)) : current );
} /* end of nextitem */
@@ -243,6 +257,29 @@
doclear--;
} /* end of netclear */
+#ifdef USE_SSL
+static int
+SSL_writev(SSL *ssl_con,const struct iovec *vector,int num)
+{
+ const struct iovec *v = vector;
+
+ int ret;
+ int len = 0;
+
+ while (num > 0) {
+ ret = SSL_write(ssl_con, v->iov_base, v->iov_len);
+ if (ret < 0)
+ return ret;
+ if (ret != v->iov_len)
+ syslog(LOG_NOTICE, "SSL_writev: short write\n");
+ num -= v->iov_len;
+ len += ret;
+ v++;
+ }
+ return len;
+}
+#endif /* USE_SSL */
+
static void
netwritebuf(void)
{
@@ -253,6 +290,9 @@
size_t len;
int ltrailing = trailing;
+ if (!listlen)
+ return;
+
vector = malloc(listlen * sizeof(struct iovec));
if (!vector) {
return;
@@ -265,6 +305,11 @@
if (lp == urg) {
len = v - vector;
if (!len) {
+#ifdef USE_SSL
+ if (ssl_active_flag)
+ n = SSL_write(ssl_con, lp->buf, 1);
+ else
+#endif /* USE_SSL */
n = send(net, lp->buf, 1, MSG_OOB);
if (n > 0) {
urg = 0;
@@ -282,15 +327,25 @@
vector->iov_base = (char *)vector->iov_base + skip;
vector->iov_len -= skip;
- n = writev(net, vector, len);
+ if(vector->iov_len == 0 ) {
+ n=0;
+ } else {
+
+#ifdef USE_SSL
+ if (ssl_active_flag)
+ n = SSL_writev(ssl_con, vector, len); /* normal write */
+ else
+#endif /* USE_SSL */
+ n = writev(net, vector, len);
epi:
- free(vector);
+ free(vector);
- if (n < 0) {
+ if (n < 0) {
if (errno != EWOULDBLOCK && errno != EINTR)
- cleanup(0);
+ cleanup(0);
return;
+ }
}
len = n + skip;
@@ -315,6 +370,10 @@
}
}
+ if(ltrailing && (len==0)) {
+ ltrailing=trailing=0;
+ }
+
skip = len;
}
@@ -323,16 +382,22 @@
* Send as much data as possible to the network,
* handling requests for urgent data.
*/
-void
+int
netflush(void)
{
if (fflush(netfile)) {
/* out of memory? */
cleanup(0);
+ return 0;
}
- if (listlen) {
- netwritebuf();
- }
+ netwritebuf();
+ return 1;
+}
+
+int
+writenet(char *b , int l)
+{
+ return(fwrite(b, 1, l, netfile));
}
@@ -983,7 +1048,7 @@
((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
"MUTUAL" : "ONE-WAY");
- auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+ auth_printsub(&pointer[1], length - 1, (unsigned char *) buf, sizeof(buf));
netoprintf("%s", buf);
break;
@@ -1191,7 +1256,15 @@
size_t l;
size_t m = tail->len;
- p = nextitem(tail->buf, tail->buf + tail->len, buf, end);
+ if((tail->buf == NULL) || (tail->len==0))
+ {
+ p = nextitem((unsigned char *) buf, (unsigned char *) end,0,0);
+ }
+ else
+ {
+ p = nextitem((unsigned char *) tail->buf, (unsigned char *) (tail->buf + tail->len),
+ (unsigned char *) buf, (unsigned char *) end);
+ }
ltrailing = !p;
if (ltrailing) {
p = end;
@@ -1245,7 +1318,7 @@
const char *p;
size_t l;
- p = nextitem(buf, end, 0, 0);
+ p = nextitem((unsigned char *) buf, (unsigned char *) end, 0, 0);
ltrailing = !p;
if (ltrailing) {
p = end;
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/Makefile
--- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/Makefile 2000-04-13 03:07:22.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/Makefile 2010-05-11 13:46:19.023660189 +0200
@@ -11,7 +11,7 @@
$(OBJS): ../version.h
install: telnetlogin
- install -s -m4750 -oroot -gtelnetd telnetlogin $(INSTALLROOT)$(SBINDIR)
+ install -m$(BINMODE) telnetlogin $(INSTALLROOT)$(SBINDIR)
install -m$(MANMODE) telnetlogin.8 $(INSTALLROOT)$(MANDIR)/man8
clean:
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.8 netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.8
--- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.8 2004-05-27 11:47:02.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.8 2010-05-11 13:44:40.123659071 +0200
@@ -28,7 +28,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $Id: telnetlogin.8,v 1.4 2000/07/30 23:57:10 dholland Exp $
+.\" $Id: telnetlogin.8,v 1.2 2004-11-07 15:47:43 ianb Exp $
.\"
.Dd April 12, 2000
.Dt TELNETLOGIN 8
@@ -40,6 +40,7 @@
.Nm telnetlogin
.Op Fl h Ar host
.Op Fl p
+.Op Fl f Ar username
.Op Ar username
.Sh DESCRIPTION
.Nm telnetlogin
@@ -79,11 +80,6 @@
.Xr inetd 8 ,
.Xr telnetd 8
.Sh RESTRICTIONS
-.Nm telnetlogin
-does not permit the
-.Fl f
-option to login, so will not
-work with telnetds that perform authentication via Kerberos or SSL.
.Pp
THIS IS PRESENTLY EXPERIMENTAL CODE; USE WITH CAUTION.
.Sh HISTORY
diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.c
--- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.c 2004-05-27 11:47:02.000000000 +0200
+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.c 2010-05-11 13:44:40.123659071 +0200
@@ -35,7 +35,7 @@
"All rights reserved.\n";
char rcsid[] =
- "$Id: telnetlogin.c,v 1.1 2000/04/13 01:07:22 dholland Exp $";
+ "$Id: telnetlogin.c,v 1.2 2004-11-07 15:47:43 ianb Exp $";
#include "../version.h"
#include <sys/types.h>
@@ -76,7 +76,16 @@
int i=0;
/* should we check length? */
for (i=0; hname[i]; i++) {
- if (hname[i]<=32 && hname[i]>126) return -1;
+ if ((hname[i]<=32) || (hname[i]>126)) return -1;
+ }
+ return 0;
+}
+
+static int check_username(char *username) {
+ int i;
+ if (strlen(username) > 32) return -1;
+ for (i=0; username[i]; i++) {
+ if ((username[i]<=32) || (username[i]>126)) return -1;
}
return 0;
}
@@ -158,6 +167,12 @@
if (argn < argc && !strcmp(argv[argn], "-p")) {
argn++;
}
+ if (argn < argc && !strcmp(argv[argn], "-f")) {
+ argn++;
+ if (argn==argc) die("Illegal args: -f requires argument");
+ if (check_username(argv[argn])) die("Illegal remote username specified");
+ argn++;
+ }
if (argn < argc && argv[argn][0] != '-') {
argn++;
}