summaryrefslogtreecommitdiff
path: root/libexec
diff options
context:
space:
mode:
Diffstat (limited to 'libexec')
-rw-r--r--libexec/telnetd/Makefile16
-rw-r--r--libexec/telnetd/authenc.c15
-rw-r--r--libexec/telnetd/defs.h77
-rw-r--r--libexec/telnetd/ext.h10
-rw-r--r--libexec/telnetd/global.c22
-rw-r--r--libexec/telnetd/state.c100
-rw-r--r--libexec/telnetd/sys_term.c14
-rw-r--r--libexec/telnetd/telnetd.c29
-rw-r--r--libexec/telnetd/utility.c121
9 files changed, 288 insertions, 116 deletions
diff --git a/libexec/telnetd/Makefile b/libexec/telnetd/Makefile
index 5d04c5c1193..1571d928ba6 100644
--- a/libexec/telnetd/Makefile
+++ b/libexec/telnetd/Makefile
@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.3 1997/03/26 00:34:38 deraadt Exp $
+# $OpenBSD: Makefile,v 1.4 1998/03/12 04:53:06 art Exp $
# from: @(#)Makefile 8.2 (Berkeley) 12/15/93
# $NetBSD: Makefile,v 1.6 1996/02/24 01:22:12 jtk Exp $
PROG= telnetd
+
CFLAGS+=-DLINEMODE -DKLUDGELINEMODE -DUSE_TERMIO -DDIAGNOSTICS
CFLAGS+=-DOLD_ENVIRON -DENV_HACK -I${.CURDIR}
SRCS= authenc.c global.c slc.c state.c sys_term.c telnetd.c \
@@ -11,13 +12,12 @@ DPADD= ${LIBUTIL} ${LIBTERM} ${LIBTELNET}
LDADD+= -lutil -ltermcap -ltelnet
MAN= telnetd.8
+.include <bsd.own.mk> # for KERBEROS
-# These are the sources that have encryption stuff in them.
-CRYPT_SRC= authenc.c ext.h state.c telnetd.c termstat.c
-CRYPT_SRC+= utility.c Makefile
-NOCRYPT_DIR=${.CURDIR}/Nocrypt
+.if (${KERBEROS} == "yes")
+CFLAGS+=-DENCRYPTION -DAUTHENTICATION -DKRB4 -I${.CURDIR}/../../lib
+LDADD+= -lkrb -ldes
+DPADD+= ${LIBDES} ${LIBKRB}
+.endif
.include <bsd.prog.mk>
-
-nocrypt:
- @echo "Encryption code already removed."
diff --git a/libexec/telnetd/authenc.c b/libexec/telnetd/authenc.c
index 4cea82cc7fe..f8e0b2d9ef2 100644
--- a/libexec/telnetd/authenc.c
+++ b/libexec/telnetd/authenc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authenc.c,v 1.2 1996/03/28 23:21:54 niklas Exp $ */
+/* $OpenBSD: authenc.c,v 1.3 1998/03/12 04:53:07 art Exp $ */
/* $NetBSD: authenc.c,v 1.3 1996/02/28 20:38:08 thorpej Exp $ */
/*-
@@ -39,7 +39,7 @@
static char sccsid[] = "@(#)authenc.c 8.2 (Berkeley) 5/30/95";
static char rcsid[] = "$NetBSD: authenc.c,v 1.3 1996/02/28 20:38:08 thorpej Exp $";
#else
-static char rcsid[] = "$OpenBSD: authenc.c,v 1.2 1996/03/28 23:21:54 niklas Exp $";
+static char rcsid[] = "$OpenBSD: authenc.c,v 1.3 1998/03/12 04:53:07 art Exp $";
#endif
#endif /* not lint */
@@ -63,6 +63,13 @@ net_write(str, len)
void
net_encrypt()
{
+#ifdef ENCRYPTION
+ char *s = (nclearto > nbackp) ? nclearto : nbackp;
+ if (s < nfrontp && encrypt_output) {
+ (*encrypt_output)((unsigned char *)s, nfrontp - s);
+ }
+ nclearto = nfrontp;
+#endif
}
int
@@ -76,7 +83,7 @@ telnet_spin()
telnet_getenv(val)
char *val;
{
- extern char *getenv();
+ extern char *getenv(const char *);
return(getenv(val));
}
@@ -87,6 +94,6 @@ telnet_gets(prompt, result, length, echo)
int length;
int echo;
{
- return((char *)0);
+ return NULL;
}
#endif /* defined(AUTHENTICATION) */
diff --git a/libexec/telnetd/defs.h b/libexec/telnetd/defs.h
index a6a47ff10fa..12f450eadfc 100644
--- a/libexec/telnetd/defs.h
+++ b/libexec/telnetd/defs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: defs.h,v 1.2 1996/03/28 23:21:55 niklas Exp $ */
+/* $OpenBSD: defs.h,v 1.3 1998/03/12 04:53:09 art Exp $ */
/* $NetBSD: defs.h,v 1.6 1996/02/28 20:38:10 thorpej Exp $ */
/*
@@ -46,55 +46,26 @@
# define BSD 43
#endif
-#if defined(CRAY) && !defined(LINEMODE)
-# define SYSV_TERMIO
-# define LINEMODE
-# define KLUDGELINEMODE
-# define DIAGNOSTICS
-# if defined(UNICOS50) && !defined(UNICOS5)
-# define UNICOS5
-# endif
-# if !defined(UNICOS5)
-# define BFTPDAEMON
-# define HAS_IP_TOS
-# endif
-#endif /* CRAY */
-#if defined(UNICOS5) && !defined(NO_SETSID)
-# define NO_SETSID
-#endif
-
#if defined(PRINTOPTIONS) && defined(DIAGNOSTICS)
#define TELOPTS
#define TELCMDS
#define SLC_NAMES
#endif
-#if defined(SYSV_TERMIO) && !defined(USE_TERMIO)
-# define USE_TERMIO
-#endif
-
#include <sys/socket.h>
-#ifndef CRAY
#include <sys/wait.h>
-#endif /* CRAY */
#include <fcntl.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/time.h>
-#ifndef FILIO_H
#include <sys/ioctl.h>
-#else
-#include <sys/filio.h>
-#endif
#include <netinet/in.h>
#include <arpa/telnet.h>
#include <stdio.h>
-#ifdef __STDC__
#include <stdlib.h>
-#endif
#include <signal.h>
#include <errno.h>
#include <netdb.h>
@@ -106,11 +77,7 @@
#define LOG_ODELAY 0
#endif
#include <ctype.h>
-#ifndef NO_STRING_H
#include <string.h>
-#else
-#include <strings.h>
-#endif
#ifndef USE_TERMIO
#include <sgtty.h>
@@ -124,50 +91,24 @@
#if !defined(USE_TERMIO) || defined(NO_CC_T)
typedef unsigned char cc_t;
#endif
-
-#ifdef __STDC__
#include <unistd.h>
-#endif
-#ifndef _POSIX_VDISABLE
-# ifdef VDISABLE
-# define _POSIX_VDISABLE VDISABLE
-# else
-# define _POSIX_VDISABLE ((unsigned char)'\377')
-# endif
+#if !defined(TIOCSCTTY) && defined(TCSETCTTY)
+# define TIOCSCTTY TCSETCTTY
#endif
-
-#ifdef CRAY
-# ifdef CRAY1
-# include <sys/pty.h>
-# ifndef FD_ZERO
-# include <sys/select.h>
-# endif /* FD_ZERO */
-# endif /* CRAY1 */
-
-#include <memory.h>
-#endif /* CRAY */
-
-#ifdef __hpux
-#include <sys/ptyio.h>
+#ifndef TIOCPKT_FLUSHWRITE
+#define TIOCPKT_FLUSHWRITE 0x02
#endif
-#if !defined(TIOCSCTTY) && defined(TCSETCTTY)
-# define TIOCSCTTY TCSETCTTY
+#ifndef TIOCPKT_NOSTOP
+#define TIOCPKT_NOSTOP 0x10
#endif
-#ifndef FD_SET
-#ifndef HAVE_fd_set
-typedef struct fd_set { int fds_bits[1]; } fd_set;
+#ifndef TIOCPKT_DOSTOP
+#define TIOCPKT_DOSTOP 0x20
#endif
-#define FD_SET(n, p) ((p)->fds_bits[0] |= (1<<(n)))
-#define FD_CLR(n, p) ((p)->fds_bits[0] &= ~(1<<(n)))
-#define FD_ISSET(n, p) ((p)->fds_bits[0] & (1<<(n)))
-#define FD_ZERO(p) ((p)->fds_bits[0] = 0)
-#endif /* FD_SET */
-
/*
* I/O data buffers defines
*/
diff --git a/libexec/telnetd/ext.h b/libexec/telnetd/ext.h
index 4b352bb71ab..b059393c6a0 100644
--- a/libexec/telnetd/ext.h
+++ b/libexec/telnetd/ext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ext.h,v 1.3 1997/07/14 01:40:38 millert Exp $ */
+/* $OpenBSD: ext.h,v 1.4 1998/03/12 04:53:10 art Exp $ */
/* $NetBSD: ext.h,v 1.6 1996/02/28 20:38:13 thorpej Exp $ */
/*
@@ -123,7 +123,7 @@ extern void
#ifdef DIAGNOSTICS
printoption P((char *, int)),
printdata P((char *, char *, int)),
- printsub P((int, unsigned char *, int)),
+ printsub P((char, unsigned char *, int)),
#endif
ptyflush P((void)),
putchr P((int)),
@@ -190,7 +190,11 @@ extern void
wontoption P((int)),
writenet P((unsigned char *, int));
-
+#ifdef ENCRYPTION
+extern void (*encrypt_output) (unsigned char *, int);
+extern int (*decrypt_input) (int);
+extern char *nclearto;
+#endif
/*
* The following are some clocks used to decide how to interpret
diff --git a/libexec/telnetd/global.c b/libexec/telnetd/global.c
index 9250a129cc7..11b2cd5ed0f 100644
--- a/libexec/telnetd/global.c
+++ b/libexec/telnetd/global.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: global.c,v 1.2 1996/03/28 23:21:57 niklas Exp $ */
+/* $OpenBSD: global.c,v 1.3 1998/03/12 04:53:11 art Exp $ */
/* $NetBSD: global.c,v 1.6 1996/02/28 20:38:14 thorpej Exp $ */
/*
@@ -39,7 +39,7 @@
static char sccsid[] = "@(#)global.c 8.1 (Berkeley) 6/4/93";
static char rcsid[] = "$NetBSD: global.c,v 1.6 1996/02/28 20:38:14 thorpej Exp $";
#else
-static char rcsid[] = "$OpenBSD: global.c,v 1.2 1996/03/28 23:21:57 niklas Exp $";
+static char rcsid[] = "$OpenBSD: global.c,v 1.3 1998/03/12 04:53:11 art Exp $";
#endif
#endif /* not lint */
@@ -51,6 +51,24 @@ static char rcsid[] = "$OpenBSD: global.c,v 1.2 1996/03/28 23:21:57 niklas Exp $
* we will actually allocate the space.
*/
+#include <stdarg.h>
#include <defs.h>
#define extern
#include <ext.h>
+
+int
+output_data (const char *format, ...)
+{
+ va_list args;
+ size_t remaining, ret;
+
+ va_start(args, format);
+ remaining = BUFSIZ - (nfrontp - netobuf);
+ ret = vsnprintf (nfrontp,
+ remaining,
+ format,
+ args);
+ nfrontp += ret;
+ va_end(args);
+ return ret;
+}
diff --git a/libexec/telnetd/state.c b/libexec/telnetd/state.c
index c74ae4635e2..8cea155050a 100644
--- a/libexec/telnetd/state.c
+++ b/libexec/telnetd/state.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: state.c,v 1.5 1996/08/24 09:03:42 deraadt Exp $ */
+/* $OpenBSD: state.c,v 1.6 1998/03/12 04:53:12 art Exp $ */
/* $NetBSD: state.c,v 1.9 1996/02/28 20:38:19 thorpej Exp $ */
/*
@@ -39,7 +39,7 @@
static char sccsid[] = "@(#)state.c 8.5 (Berkeley) 5/30/95";
static char rcsid[] = "$NetBSD: state.c,v 1.9 1996/02/28 20:38:19 thorpej Exp $";
#else
-static char rcsid[] = "$OpenBSD: state.c,v 1.5 1996/08/24 09:03:42 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: state.c,v 1.6 1998/03/12 04:53:12 art Exp $";
#endif
#endif /* not lint */
@@ -94,14 +94,15 @@ telrcv()
{
register int c;
static int state = TS_DATA;
-#if defined(CRAY2) && defined(UNICOS5)
- char *opfrontp = pfrontp;
-#endif
while (ncc > 0) {
if ((&ptyobuf[BUFSIZ] - pfrontp) < 2)
break;
c = *netip++ & 0377, ncc--;
+#ifdef ENCRYPTION
+ if (decrypt_input)
+ c = (*decrypt_input)(c);
+#endif
switch (state) {
case TS_CR:
@@ -141,7 +142,15 @@ telrcv()
c = '\n';
} else
#endif
+#ifdef ENCRYPTION
+ if (decrypt_input)
+ nc = (*decrypt_input)(nc & 0xff);
+#endif
{
+#ifdef ENCRYPTION
+ if (decrypt_input)
+ (void)(*decrypt_input)(-1);
+#endif
state = TS_CR;
}
}
@@ -356,21 +365,6 @@ gotiac: switch (c) {
exit(1);
}
}
-#if defined(CRAY2) && defined(UNICOS5)
- if (!linemode) {
- char xptyobuf[BUFSIZ+NETSLOP];
- char xbuf2[BUFSIZ];
- register char *cp;
- int n = pfrontp - opfrontp, oc;
- memmove(xptyobuf, opfrontp, n);
- pfrontp = opfrontp;
- pfrontp += term_input(xptyobuf, pfrontp, n, BUFSIZ+NETSLOP,
- xbuf2, &oc, BUFSIZ);
- for (cp = xbuf2; oc > 0; --oc)
- if ((*nfrontp++ = *cp++) == IAC)
- *nfrontp++ = IAC;
- }
-#endif /* defined(CRAY2) && defined(UNICOS5) */
} /* end of telrcv */
/*
@@ -455,11 +449,15 @@ send_do(option, init)
}
#ifdef AUTHENTICATION
-extern void auth_request();
+extern void auth_request(void);
#endif
#ifdef LINEMODE
extern void doclientstat();
#endif
+#ifdef ENCRYPTION
+extern void encrypt_send_support();
+#endif
+
void
willoption(option)
@@ -573,6 +571,12 @@ willoption(option)
break;
#endif
+#ifdef ENCRYPTION
+ case TELOPT_ENCRYPT:
+ func = encrypt_send_support;
+ changeok++;
+ break;
+#endif
default:
break;
@@ -632,6 +636,12 @@ willoption(option)
break;
#endif
+#ifdef ENCRYPTION
+ case TELOPT_ENCRYPT:
+ func = encrypt_send_support;
+ break;
+#endif
+
case TELOPT_LFLOW:
func = flowstat;
break;
@@ -920,6 +930,11 @@ dooption(option)
cleanup(0);
/* NOT REACHED */
break;
+#ifdef ENCRYPTION
+ case TELOPT_ENCRYPT:
+ changeok++;
+ break;
+#endif
case TELOPT_LINEMODE:
case TELOPT_TTYPE:
@@ -1485,6 +1500,49 @@ suboption()
}
break;
#endif
+#ifdef ENCRYPTION
+ case TELOPT_ENCRYPT:
+ if (SB_EOF())
+ break;
+ switch(SB_GET()) {
+ case ENCRYPT_SUPPORT:
+ encrypt_support(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_IS:
+ encrypt_is(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_REPLY:
+ encrypt_reply(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_START:
+ encrypt_start(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_END:
+ encrypt_end();
+ break;
+ case ENCRYPT_REQSTART:
+ encrypt_request_start(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_REQEND:
+ /*
+ * We can always send an REQEND so that we cannot
+ * get stuck encrypting. We should only get this
+ * if we have been able to get in the correct mode
+ * anyhow.
+ */
+ encrypt_request_end();
+ break;
+ case ENCRYPT_ENC_KEYID:
+ encrypt_enc_keyid(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_DEC_KEYID:
+ encrypt_dec_keyid(subpointer, SB_LEN());
+ break;
+ default:
+ break;
+ }
+ break;
+#endif
default:
break;
diff --git a/libexec/telnetd/sys_term.c b/libexec/telnetd/sys_term.c
index 5e86141b09c..b4c07d09e4f 100644
--- a/libexec/telnetd/sys_term.c
+++ b/libexec/telnetd/sys_term.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sys_term.c,v 1.8 1997/07/23 20:36:35 kstailey Exp $ */
+/* $OpenBSD: sys_term.c,v 1.9 1998/03/12 04:53:14 art Exp $ */
/* $NetBSD: sys_term.c,v 1.9 1996/03/20 04:25:53 tls Exp $ */
/*
@@ -39,7 +39,7 @@
static char sccsid[] = "@(#)sys_term.c 8.4+1 (Berkeley) 5/30/95";
static char rcsid[] = "$NetBSD: sys_term.c,v 1.8 1996/02/28 20:38:21 thorpej Exp $";
#else
-static char rcsid[] = "$OpenBSD: sys_term.c,v 1.8 1997/07/23 20:36:35 kstailey Exp $";
+static char rcsid[] = "$OpenBSD: sys_term.c,v 1.9 1998/03/12 04:53:14 art Exp $";
#endif
#endif /* not lint */
@@ -1415,6 +1415,16 @@ startslave(host, autologin, autoname)
#endif
#ifndef NEWINIT
+ {
+ char *tbuf =
+ "\r\n*** Connection not encrypted! "
+ "Communication may be eavesdropped. ***\r\n";
+#ifdef ENCRYPTION
+ if (encrypt_output == 0 || decrypt_input == 0)
+#endif
+ writenet((unsigned char*)tbuf, strlen(tbuf));
+ }
+
# ifdef PARENT_DOES_UTMP
utmp_sig_init();
# endif /* PARENT_DOES_UTMP */
diff --git a/libexec/telnetd/telnetd.c b/libexec/telnetd/telnetd.c
index ef7d3d38b2b..87dc2f14c80 100644
--- a/libexec/telnetd/telnetd.c
+++ b/libexec/telnetd/telnetd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: telnetd.c,v 1.7 1997/07/14 01:40:39 millert Exp $ */
+/* $OpenBSD: telnetd.c,v 1.8 1998/03/12 04:53:15 art Exp $ */
/* $NetBSD: telnetd.c,v 1.6 1996/03/20 04:25:57 tls Exp $ */
/*
@@ -45,7 +45,7 @@ static char copyright[] =
static char sccsid[] = "@(#)telnetd.c 8.4 (Berkeley) 5/30/95";
static char rcsid[] = "$NetBSD: telnetd.c,v 1.5 1996/02/28 20:38:23 thorpej Exp $";
#else
-static char rcsid[] = "$OpenBSD: telnetd.c,v 1.7 1997/07/14 01:40:39 millert Exp $";
+static char rcsid[] = "$OpenBSD: telnetd.c,v 1.8 1998/03/12 04:53:15 art Exp $";
#endif
#endif /* not lint */
@@ -189,11 +189,19 @@ main(argc, argv)
int tos = -1;
#endif
+#ifdef ENCRYPTION
+ extern int des_check_key;
+ des_check_key = 1; /* Kludge for Mac NCSA telnet 2.6 /bg */
+#endif
+
pfrontp = pbackp = ptyobuf;
netip = netibuf;
nfrontp = nbackp = netobuf;
progname = *argv;
+#ifdef ENCRYPTION
+ nclearto = 0;
+#endif
#ifdef CRAY
/*
@@ -212,7 +220,6 @@ main(argc, argv)
* Check for required authentication level
*/
if (strcmp(optarg, "debug") == 0) {
- extern int auth_debug_mode;
auth_debug_mode = 1;
} else if (strcasecmp(optarg, "none") == 0) {
auth_level = 0;
@@ -610,12 +617,19 @@ getterminaltype(name)
}
#endif
+#ifdef ENCRYPTION
+ send_will(TELOPT_ENCRYPT, 1);
+ send_do(TELOPT_ENCRYPT, 1); /* esc@magic.fi */
+#endif
send_do(TELOPT_TTYPE, 1);
send_do(TELOPT_TSPEED, 1);
send_do(TELOPT_XDISPLOC, 1);
send_do(TELOPT_NEW_ENVIRON, 1);
send_do(TELOPT_OLD_ENVIRON, 1);
while (
+#ifdef ENCRYPTION
+ his_do_dont_is_changing(TELOPT_ENCRYPT) ||
+#endif
his_will_wont_is_changing(TELOPT_TTYPE) ||
his_will_wont_is_changing(TELOPT_TSPEED) ||
his_will_wont_is_changing(TELOPT_XDISPLOC) ||
@@ -623,6 +637,15 @@ getterminaltype(name)
his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) {
ttloop();
}
+#ifdef ENCRYPTION
+ /*
+ * Wait for the negotiation of what type of encryption we can
+ * send with. If autoencrypt is not set, this will just return.
+ */
+ if (his_state_is_will(TELOPT_ENCRYPT)) {
+ encrypt_wait();
+ }
+#endif
if (his_state_is_will(TELOPT_TSPEED)) {
static unsigned char sb[] =
{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
diff --git a/libexec/telnetd/utility.c b/libexec/telnetd/utility.c
index 1cd559966e6..85e01b9e1ff 100644
--- a/libexec/telnetd/utility.c
+++ b/libexec/telnetd/utility.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: utility.c,v 1.9 1998/02/16 04:57:55 jason Exp $ */
+/* $OpenBSD: utility.c,v 1.10 1998/03/12 04:53:17 art Exp $ */
/* $NetBSD: utility.c,v 1.9 1996/02/28 20:38:29 thorpej Exp $ */
/*
@@ -39,7 +39,7 @@
static char sccsid[] = "@(#)utility.c 8.4 (Berkeley) 5/30/95";
static char rcsid[] = "$NetBSD: utility.c,v 1.9 1996/02/28 20:38:29 thorpej Exp $";
#else
-static char rcsid[] = "$OpenBSD: utility.c,v 1.9 1998/02/16 04:57:55 jason Exp $";
+static char rcsid[] = "$OpenBSD: utility.c,v 1.10 1998/03/12 04:53:17 art Exp $";
#endif
#endif /* not lint */
@@ -202,8 +202,11 @@ netclear()
char *good;
#define wewant(p) ((nfrontp > p) && ((*p&0xff) == IAC) && \
((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
-
+#ifdef ENCRYPTION
+ thisitem = nclearto > netobuf ? nclearto : netobuf;
+#else
thisitem = netobuf;
+#endif
while ((next = nextitem(thisitem)) <= nbackp) {
thisitem = next;
@@ -211,7 +214,11 @@ netclear()
/* Now, thisitem is first before/at boundary. */
+#ifdef ENCRYPTION
+ good = nclearto > netobuf ? nclearto : netobuf;
+#else
good = netobuf; /* where the good bytes go */
+#endif
while (nfrontp > thisitem) {
if (wewant(thisitem)) {
@@ -252,6 +259,15 @@ netflush()
n += strlen(nfrontp); /* get count first */
nfrontp += strlen(nfrontp); /* then move pointer */
});
+#ifdef ENCRYPTION
+ if (encrypt_output) {
+ char *s = nclearto ? nclearto : nbackp;
+ if (nfrontp - s > 0) {
+ (*encrypt_output)((unsigned char *)s, nfrontp-s);
+ nclearto = nfrontp;
+ }
+ }
+#endif
/*
* if no urgent data, or if the other side appears to be an
* old 4.2 client (and thus unable to survive TCP urgent data),
@@ -282,11 +298,18 @@ netflush()
cleanup(0);
}
nbackp += n;
+#ifdef ENCRYPTION
+ if (nbackp > nclearto)
+ nclearto = 0;
+#endif
if (nbackp >= neturg) {
neturg = 0;
}
if (nbackp == nfrontp) {
nbackp = nfrontp = netobuf;
+#ifdef ENCRYPTION
+ nclearto = 0;
+#endif
}
return;
} /* end of netflush */
@@ -331,8 +354,19 @@ fatal(f, msg)
{
char buf[BUFSIZ];
- (void) sprintf(buf, "telnetd: %s.\r\n", msg);
- (void) write(f, buf, (int)strlen(buf));
+ snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg);
+#ifdef ENCRYPTION
+ if (encrypt_output) {
+ /*
+ * Better turn off encryption first....
+ * Hope it flushes...
+ */
+ encrypt_send_end();
+ netflush();
+ }
+#endif
+ write(f, buf, (int)strlen(buf));
+
sleep(1); /*XXX*/
exit(1);
}
@@ -1038,6 +1072,83 @@ printsub(direction, pointer, length)
break;
#endif
+#ifdef ENCRYPTION
+ case TELOPT_ENCRYPT:
+ output_data("ENCRYPT");
+ if (length < 2) {
+ output_data(" (empty suboption?)");
+ break;
+ }
+ switch (pointer[1]) {
+ case ENCRYPT_START:
+ output_data(" START");
+ break;
+
+ case ENCRYPT_END:
+ output_data(" END");
+ break;
+
+ case ENCRYPT_REQSTART:
+ output_data(" REQUEST-START");
+ break;
+
+ case ENCRYPT_REQEND:
+ output_data(" REQUEST-END");
+ break;
+
+ case ENCRYPT_IS:
+ case ENCRYPT_REPLY:
+ output_data(" %s ",
+ (pointer[1] == ENCRYPT_IS) ?
+ "IS" : "REPLY");
+ if (length < 3) {
+ output_data(" (partial suboption?)");
+ break;
+ }
+ if (ENCTYPE_NAME_OK(pointer[2]))
+ output_data("%s ",
+ ENCTYPE_NAME(pointer[2]));
+ else
+ output_data(" %d (unknown)",
+ pointer[2]);
+
+ encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+ output_data("%s",
+ buf);
+ break;
+
+ case ENCRYPT_SUPPORT:
+ i = 2;
+ output_data(" SUPPORT ");
+ while (i < length) {
+ if (ENCTYPE_NAME_OK(pointer[i]))
+ output_data("%s ",
+ ENCTYPE_NAME(pointer[i]));
+ else
+ output_data("%d ",
+ pointer[i]);
+ i++;
+ }
+ break;
+
+ case ENCRYPT_ENC_KEYID:
+ output_data(" ENC_KEYID %d", pointer[1]);
+ goto encommon;
+
+ case ENCRYPT_DEC_KEYID:
+ output_data(" DEC_KEYID %d", pointer[1]);
+ goto encommon;
+
+ default:
+ output_data(" %d (unknown)", pointer[1]);
+ encommon:
+ for (i = 2; i < length; i++) {
+ output_data(" %d", pointer[i]);
+ }
+ break;
+ }
+ break;
+#endif /* ENCRYPTION */
default:
if (TELOPT_OK(pointer[0]))