diff options
Diffstat (limited to 'usr.bin/telnet')
33 files changed, 104 insertions, 7766 deletions
diff --git a/usr.bin/telnet/Makefile b/usr.bin/telnet/Makefile index 22fd93bcc0b..a855887407c 100644 --- a/usr.bin/telnet/Makefile +++ b/usr.bin/telnet/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.30 2014/04/22 10:21:56 reyk Exp $ +# $OpenBSD: Makefile,v 1.31 2014/07/19 23:50:38 guenther Exp $ # # Copyright (c) 1990 The Regents of the University of California. # All rights reserved. @@ -32,13 +32,12 @@ PROG= telnet -CFLAGS+=-DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DSKEY -Dunix -I${.CURDIR} -CFLAGS+= -DHAS_CGETENT -Wall -Wno-unused +CFLAGS+=-DKLUDGELINEMODE -DSKEY -I${.CURDIR} +CFLAGS+= -Wall -Wno-unused -Werror-implicit-function-declaration LDADD+= -lcurses DPADD= ${LIBCURSES} -SRCS= authenc.c commands.c main.c network.c ring.c sys_bsd.c telnet.c \ - terminal.c tn3270.c utilities.c auth.c encrypt.c genget.c getent.c \ - misc.c +SRCS= commands.c main.c network.c ring.c sys_bsd.c telnet.c \ + terminal.c utilities.c genget.c .include <bsd.prog.mk> diff --git a/usr.bin/telnet/README b/usr.bin/telnet/README index a22179d5edc..1ac89322f37 100644 --- a/usr.bin/telnet/README +++ b/usr.bin/telnet/README @@ -1,696 +1,4 @@ - $OpenBSD: README,v 1.4 2003/11/08 19:17:29 jmc Exp $ - -This is a distribution of both client and server telnet. These programs -have been compiled on: - telnet telnetd - 4.4 BSD-Lite x x - 4.3 BSD Reno X X - UNICOS 9.1 X X - UNICOS 9.0 X X - UNICOS 8.0 X X - BSDI 2.0 X X - Solaris 2.4 x x (no linemode in server) - SunOs 4.1.4 X X (no linemode in server) - Ultrix 4.3 X X (no linemode in server) - Ultrix 4.1 X X (no linemode in server) - -In addition, previous versions have been compiled on the following -machines, but were not available for testing this version. - telnet telnetd - Next1.0 X X - UNICOS 8.3 X X - UNICOS 7.C X X - UNICOS 7.0 X X - SunOs 4.0.3c X X (no linemode in server) - 4.3 BSD X X (no linemode in server) - DYNIX V3.0.12 X X (no linemode in server) - Ultrix 3.1 X X (no linemode in server) - Ultrix 4.0 X X (no linemode in server) - SunOs 3.5 X X (no linemode in server) - SunOs 4.1.3 X X (no linemode in server) - Solaris 2.2 x x (no linemode in server) - Solaris 2.3 x x (no linemode in server) - BSDI 1.0 X X - BSDI 1.1 X X - DYNIX V3.0.17.9 X X (no linemode in server) - HP-UX 8.0 x x (no linemode in server) - -This code should work, but there are no guarantees. - -Oct 23, 1995 - -This is a bugfix release. - - The change in the previous release from using makeutx() to - pututxline() caused problems on SunOS/Solaris. It has been - changed back to using makeutx(). Symptoms include users - getting error messages when logging in about not being able - to open the tty. - - Using memmove() instead of memcpy() caused problems under - SunOS 4.x, since it doesn't have memmove(). Config.generic - has been modified to include mem.o for SunOS 4.x. - - Some new code was added to telnetd to do some enviornment - variable cleanup before execing login. Thanks to Sam Hartman - at MIT for pointing this out. - - A couple of other minor bugfixes. - -May 30, 1995 - -This release represents what is on the 4.4BSD-Lite2 release, which -should be the final BSD release. I will continue to support of -telnet, The code (without encryption) is available via anonymous ftp -from ftp.cray.com, in src/telnet/telnet.YY.MM.DD.NE.tar.Z, where -YY.MM.DD is replaced with the year, month and day of the release. -If you can't find it at one of these places, at some point in the -near future information about the latest releases should be available -from ftp.borman.com. - -In addition, the version with the encryption code is available via -ftp from net-dist.mit.edu, in the directory /pub/telnet. There -is a README file there that gives further information on how -to get the distribution. - -Questions, comments, bug reports and bug fixes can be sent to -one of these addresses: - dab@borman.com - dab@cray.com - dab@bsdi.com - -This release is mainly bug fixes and code cleanup. - - Replace all calls to bcopy()/bzero() with calls to - memmove()/memset() and all calls to index()/rindex() - with calls to strchr()/strrchr(). - - Add some missing diagnostics for option tracing - to telnetd. - - Add support for BSDI 2.0 and Solaris 2.4. - - Add support for UNICOS 8.0 - - Get rid of expanded tabs and trailing white spaces. - - From Paul Vixie: - Fix for telnet going into an endless spin - when the session dies abnormally. - - From Jef Poskanzer: - Changes to allow telnet to compile - under SunOS 3.5. - - From Philip Guenther: - makeutx() doesn't expand utmpx, - use pututxline() instead. - - From Chris Torek: - Add a sleep(1) before execing login - to avoid race condition that can eat - up the login prompt. - Use terminal speed directly if it is - not an encoded value. - - From Steve Parker: - Fix to realloc() call. Fix for execing - login on solaris with no user name. - -January 19, 1994 - -This is a list of some of the changes since the last tar release -of telnet/telnetd. There are probably other changes that aren't -listed here, but this should hit a lot of the main ones. - - General: - Changed #define for AUTHENTICATE to AUTHENTICATION - Changed #define for ENCRYPT to ENCRYPTION - Changed #define for DES_ENCRYPT to DES_ENCRYPTION - - Added support for SPX authentication: -DSPX - - Added support for Kerberos Version 5 authentication: -DKRB5 - - Added support for ANSI C function prototypes - - Added support for the NEW-ENVIRON option (RFC-1572) - including support for USERVAR. - - Made support for the old Environment Option (RFC-1408) - conditional on -DOLD_ENVIRON - - Added #define ENV_HACK - support for RFC 1571 - - The encryption code is removed from the public distributions. - Domestic 4.4 BSD distributions contain the encryption code. - - ENV_HACK: Code to deal with systems that only implement - the old ENVIRON option, and have reversed definitions - of ENV_VAR and ENV_VAL. Also fixes ENV processing in - client to handle things besides just the default set... - - NO_BSD_SETJMP: UNICOS configuration for - UNICOS 6.1/6.0/5.1/5.0 systems. - - STREAMSPTY: Use /dev/ptmx to get a clean pty. This - is for SVr4 derivatives (Like Solaris) - - UTMPX: For systems that have /etc/utmpx. This is for - SVr4 derivatives (Like Solaris) - - Definitions for BSDI 1.0 - - Definitions for 4.3 Reno and 4.4 BSD. - - Definitions for UNICOS 8.0 and UNICOS 7.C - - Definitions for Solaris 2.0 - - Definitions for HP-UX 8.0 - - Latest Copyright notices from Berkeley. - - FLOW-CONTROL: support for RFC-XXXx - - - Client Specific: - - Fix the "send" command to not send garbage... - - Fix status message for "skiprc" - - Make sure to send NAWS after telnet has been suspended - or an external command has been run, if the window size - has changed. - - sysV88 support. - - Server Specific: - - Support flowcontrol option in non-linemode servers. - - -k Server supports Kludge Linemode, but will default to - either single character mode or real Linemode support. - The user will have to explicitly ask to switch into - kludge linemode. ("stty extproc", or escape back to - to telnet and say "mode line".) - - -u Specify the length of the hostname field in the utmp - file. Hostname longer than this length will be put - into the utmp file in dotted decimal notation, rather - than putting in a truncated hostname. - - -U Registered hosts only. If a reverse hostname lookup - fails, the connection will be refused. - - -f/-F - Allows forwarding of credentials for KRB5. - -Februrary 22, 1991: - - Features: - - This version of telnet/telnetd has support for both - the AUTHENTICATION and ENCRYPTION options. The - AUTHENTICATION option is fairly well defined, and - an option number has been assigned to it. The - ENCRYPTION option is still in a state of flux; an - option number has been assigned to, but it is still - subject to change. The code is provided in this release - for experimental and testing purposes. - - The telnet "send" command can now be used to send - do/dont/will/wont commands, with any telnet option - name. The rules for when do/dont/will/wont are sent - are still followed, so just because the user requests - that one of these be sent doesn't mean that it will - be sent... - - The telnet "getstatus" command no longer requires - that option printing be enabled to see the response - to the "DO STATUS" command. - - A -n flag has been added to telnetd to disable - keepalives. - - A new telnet command, "auth" has been added (if - AUTHENTICATE is defined). It has four sub-commands, - "status", "disable", "enable" and "help". - - A new telnet command, "encrypt" has been added (if - ENCRYPT is defined). It has many sub-commands: - "enable", "type", "start", "stop", "input", - "-input", "output", "-output", "status", and "help". - - The LOGOUT option is now supported by both telnet - and telnetd, a new command, "logout", was added - to support this. - - Several new toggle options were added: - "autoencrypt", "autodecrypt", "autologin", "authdebug", - "encdebug", "skiprc", "verbose_encrypt" - - An "rlogin" interface has been added. If the program - is named "rlogin", or the "-r" flag is given, then - an rlogin type of interface will be used. - ~. Terminates the session - ~<susp> Suspend the session - ~^] Escape to telnet command mode - ~~ Pass through the ~. - BUG: If you type the rlogin escape character - in the middle of a line while in rlogin - mode, you cannot erase it or any characters - before it. Hopefully this can be fixed - in a future release... - - General changes: - - A "libtelnet.a" has now been created. This libraray - contains code that is common to both telnet and - telnetd. This is also where library routines that - are needed, but are not in the standard C library, - are placed. - - The makefiles have been re-done. All of the site - specific configuration information has now been put - into a single "Config.generic" file, in the top level - directory. Changing this one file will take care of - all three subdirectories. Also, to add a new/local - definition, a "Config.local" file may be created - at the top level; if that file exists, the subdirectories - will use that file instead of "Config.generic". - - Many 1-2 line functions in commands.c have been - removed, and just inserted in-line, or replaced - with a macro. - - Bug Fixes: - - The non-termio code in both telnet and telnetd was - setting/clearing CTLECH in the sg_flags word. This - was incorrect, and has been changed to set/clear the - LCTLECH bit in the local mode word. - - The SRCRT #define has been removed. If IP_OPTIONS - and IPPROTO_IP are defined on the system, then the - source route code is automatically enabled. - - The NO_GETTYTAB #define has been removed; there - is a compatibility routine that can be built into - libtelnet to achive the same results. - - The server, telnetd, has been switched to use getopt() - for parsing the argument list. - - The code for getting the input/output speeds via - cfgetispeed()/cfgetospeed() was still not quite - right in telnet. Posix says if the ispeed is 0, - then it is really equal to the ospeed. - - The suboption processing code in telnet now has - explicit checks to make sure that we received - the entire suboption (telnetd was already doing this). - - The telnet code for processing the terminal type - could cause a core dump if an existing connection - was closed, and a new connection opened without - exiting telnet. - - Telnetd was doing a TCSADRAIN when setting the new - terminal settings; This is not good, because it means - that the tcsetattr() will hang waiting for output to - drain, and telnetd is the only one that will drain - the output... The fix is to use TCSANOW which does - not wait. - - Telnetd was improperly setting/clearing the ISTRIP - flag in the c_lflag field, it should be using the - c_iflag field. - - When the child process of telnetd was opening the - slave side of the pty, it was re-setting the EXTPROC - bit too early, and some of the other initialization - code was wiping it out. This would cause telnetd - to go out of linemode and into single character mode. - - One instance of leaving linemode in telnetd forgot - to send a WILL ECHO to the client, the net result - would be that the user would see double character - echo. - - If the MODE was being changed several times very - quickly, telnetd could get out of sync with the - state changes and the returning acks; and wind up - being left in the wrong state. - -September 14, 1990: - - Switch the client to use getopt() for parsing the - argument list. The 4.3Reno getopt.c is included for - systems that don't have getopt(). - - Use the posix _POSIX_VDISABLE value for what value - to use when disabling special characters. If this - is undefined, it defaults to 0x3ff. - - For non-termio systems, TIOCSETP was being used to - change the state of the terminal. This causes the - input queue to be flushed, which we don't want. This - is now changed to TIOCSETN. - - Take out the "#ifdef notdef" around the code in the - server that generates a "sync" when the pty oputput - is flushed. The potential problem is that some older - telnet clients may go into an infinate loop when they - receive a "sync", if so, the server can be compiled - with "NO_URGENT" defined. - - Fix the client where it was setting/clearing the OPOST - bit in the c_lflag field, not the c_oflag field. - - Fix the client where it was setting/clearing the ISTRIP - bit in the c_lflag field, not the c_iflag field. (On - 4.3Reno, this is the ECHOPRT bit in the c_lflag field.) - The client also had its interpretation of WILL BINARY - and DO BINARY reversed. - - Fix a bug in client that would cause a core dump when - attempting to remove the last environment variable. - - In the client, there were a few places were switch() - was being passed a character, and if it was a negative - value, it could get sign extended, and not match - the 8 bit case statements. The fix is to and the - switch value with 0xff. - - Add a couple more printoption() calls in the client, I - don't think there are any more places were a telnet - command can be received and not printed out when - "options" is on. - - A new flag has been added to the client, "-a". Currently, - this just causes the USER name to be sent across, in - the future this may be used to signify that automatic - authentication is requested. - - The USER variable is now only sent by the client if - the "-a" or "-l user" options are explicity used, or - if the user explicitly asks for the "USER" environment - variable to be exported. In the server, if it receives - the "USER" environment variable, it won't print out the - banner message, so that only "Password:" will be printed. - This makes the symantics more like rlogin, and should be - more familiar to the user. (People are not used to - getting a banner message, and then getting just a - "Password:" prompt.) - - Re-vamp the code for starting up the child login - process. The code was getting ugly, and it was - hard to tell what was really going on. What we - do now is after the fork(), in the child: - 1) make sure we have no controlling tty - 2) open and initialize the tty - 3) do a setsid()/setpgrp() - 4) makes the tty our controlling tty. - On some systems, #2 makes the tty our controlling - tty, and #4 is a no-op. The parent process does - a gets rid of any controlling tty after the child - is fork()ed. - - Use the strdup() library routine in telnet, instead - of the local savestr() routine. If you don't have - strdup(), you need to define NO_STRDUP. - - Add support for ^T (SIGINFO/VSTATUS), found in the - 4.3Reno distribution. This maps to the AYT character. - You need a 4-line bugfix in the kernel to get this - to work properly: - - > *** tty_pty.c.ORG Tue Sep 11 09:41:53 1990 - > --- tty_pty.c Tue Sep 11 17:48:03 1990 - > *************** - > *** 609,613 **** - > if ((tp->t_lflag&NOFLSH) == 0) - > ttyflush(tp, FREAD|FWRITE); - > ! pgsignal(tp->t_pgrp, *(unsigned int *)data); - > return(0); - > } - > --- 609,616 ---- - > if ((tp->t_lflag&NOFLSH) == 0) - > ttyflush(tp, FREAD|FWRITE); - > ! pgsignal(tp->t_pgrp, *(unsigned int *)data, 1); - > ! if ((*(unsigned int *)data == SIGINFO) && - > ! ((tp->t_lflag&NOKERNINFO) == 0)) - > ! ttyinfo(tp); - > return(0); - > } - - The client is now smarter when setting the telnet escape - character; it only sets it to one of VEOL and VEOL2 if - one of them is undefined, and the other one is not already - defined to the telnet escape character. - - Handle TERMIOS systems that have separate input and output - line speed settings imbedded in the flags. - - Many other minor bug fixes. - -June 20, 1990: - Re-organize makefiles and source tree. The telnet/Source - directory is now gone, and all the source that was in - telnet/Source is now just in the telnet directory. - - Separate makefile for each system are now gone. There - are two makefiles, Makefile and Makefile.generic. - The "Makefile" has the definitions for the various - system, and "Makefile.generic" does all the work. - There is a variable called "WHAT" that is used to - specify what to make. For example, in the telnet - directory, you might say: - make 4.4bsd WHAT=clean - to clean out the directory. - - Add support for the ENVIRON and XDISPLOC options. - In order for the server to work, login has to have - the "-p" option to preserve environment variables. - - Add the SOFT_TAB and LIT_ECHO modes in the LINEMODE support. - - Add the "-l user" option to command line and open command - (This is passed through the ENVIRON option). - - Add the "-e" command line option, for setting the escape - character. - - Add the "-D", diagnostic, option to the server. This allows - the server to print out debug information, which is very - useful when trying to debug a telnet that doesn't have any - debugging ability. - - Turn off the literal next character when not in LINEMODE. - - Don't recognize ^Y locally, just pass it through. - - Make minor modifications for Sun4.0 and Sun4.1 - - Add support for both FORW1 and FORW2 characters. The - telnet escpape character is set to whichever of the - two is not being used. If both are in use, the escape - character is not set, so when in linemode the user will - have to follow the escape character with a <CR> or <EOF) - to get it passed through. - - Commands can now be put in single and double quotes, and - a backslash is now an escape character. This is needed - for allowing arbitrary strings to be assigned to environment - variables. - - Switch telnetd to use macros like telnet for keeping - track of the state of all the options. - - Fix telnetd's processing of options so that we always do - the right processing of the LINEMODE option, regardless - of who initiates the request to turn it on. Also, make - sure that if the other side went "WILL ECHO" in response - to our "DO ECHO", that we send a "DONT ECHO" to get the - option turned back off! - - Fix the TERMIOS setting of the terminal speed to handle both - BSD's separate fields, and the SYSV method of CBAUD bits. - - Change how we deal with the other side refusing to enable - an option. The sequence used to be: send DO option; receive - WONT option; send DONT option. Now, the sequence is: send - DO option; receive WONT option. Both should be valid - according to the spec, but there has been at least one - client implementation of telnet identified that can get - really confused by this. (The exact sequence, from a trace - on the server side, is (numbers are number of responses that - we expect to get after that line...): - - send WILL ECHO 1 (initial request) - send WONT ECHO 2 (server is changing state) - recv DO ECHO 1 (first reply, ok. expect DONT ECHO next) - send WILL ECHO 2 (server changes state again) - recv DONT ECHO 1 (second reply, ok. expect DO ECHO next) - recv DONT ECHO 0 (third reply, wrong answer. got DONT!!!) - *** send WONT ECHO (send WONT to acknowledge the DONT) - send WILL ECHO 1 (ask again to enable option) - recv DO ECHO 0 - - recv DONT ECHO 0 - send WONT ECHO 1 - recv DONT ECHO 0 - recv DO ECHO 1 - send WILL ECHO 0 - (and the last 5 lines loop forever) - - The line with the "***" is last of the WILL/DONT/WONT sequence. - The change to the server to not generate that makes this same - example become: - - send will ECHO 1 - send wont ECHO 2 - recv do ECHO 1 - send will ECHO 2 - recv dont ECHO 1 - recv dont ECHO 0 - recv do ECHO 1 - send will ECHO 0 - - There is other option negotiation going on, and not sending - the third part changes some of the timings, but this specific - example no longer gets stuck in a loop. The "telnet.state" - file has been modified to reflect this change to the algorithm. - - A bunch of miscellaneous bug fixes and changes to make - lint happier. - - This version of telnet also has some KERBEROS stuff in - it. This has not been tested, it uses an un-authorized - telnet option number, and uses an out-of-date version - of the (still being defined) AUTHENTICATION option. - There is no support for this code, do not enable it. - - -March 1, 1990: -CHANGES/BUGFIXES SINCE LAST RELEASE: - Some support for IP TOS has been added. Requires that the - kernel support the IP_TOS socket option (currently this - is only in UNICOS 6.0). - - Both telnet and telnetd now use the cc_t typedef. typedefs are - included for systems that don't have it (in termios.h). - - SLC_SUSP was not supported properly before. It is now. - - IAC EOF was not translated properly in telnetd for SYSV_TERMIO - when not in linemode. It now saves a copy of the VEOF character, - so that when ICANON is turned off and we can't trust it anymore - (because it is now the VMIN character) we use the saved value. - - There were two missing "break" commands in the linemode - processing code in telnetd. - - Telnetd wasn't setting the kernel window size information - properly. It was using the rows for both rows and columns... - -Questions/comments go to - David Borman - Cray Research, Inc. - 655F Lone Oak Drive - Eagan, MN 55123 - dab@cray.com. - -README: You are reading it. - -Config.generic: - This file contains all the OS specific definitions. It - has pre-definitions for many common system types, and is - in standard makefile fromat. See the comments at the top - of the file for more information. - -Config.local: - This is not part of the distribution, but if this file exists, - it is used instead of "Config.generic". This allows site - specific configuration without having to modify the distributed - "Config.generic" file. - -kern.diff: - This file contains the diffs for the changes needed for the - kernel to support LINEMODE is the server. These changes are - for a 4.3BSD system. You may need to make some changes for - your particular system. - - There is a new bit in the terminal state word, TS_EXTPROC. - When this bit is set, several aspects of the terminal driver - are disabled. Input line editing, character echo, and - mapping of signals are all disabled. This allows the telnetd - to turn of these functions when in linemode, but still keep - track of what state the user wants the terminal to be in. - - New ioctl()s: - - TIOCEXT Turn on/off the TS_EXTPROC bit - TIOCGSTATE Get t_state of tty to look at TS_EXTPROC bit - TIOCSIG Generate a signal to processes in the - current process group of the pty. - - There is a new mode for packet driver, the TIOCPKT_IOCTL bit. - When packet mode is turned on in the pty, and the TS_EXTPROC - bit is set, then whenever the state of the pty is changed, the - next read on the master side of the pty will have the TIOCPKT_IOCTL - bit set, and the data will contain the following: - struct xx { - struct sgttyb a; - struct tchars b; - struct ltchars c; - int t_state; - int t_flags; - } - This allows the process on the server side of the pty to know - when the state of the terminal has changed, and what the new - state is. - - However, if you define USE_TERMIO or SYSV_TERMIO, the code will - expect that the structure returned in the TIOCPKT_IOCTL is - the termio/termios structure. - -stty.diff: - This file contains the changes needed for the stty(1) program - to report on the current status of the TS_EXTPROC bit. It also - allows the user to turn on/off the TS_EXTPROC bit. This is useful - because it allows the user to say "stty -extproc", and the - LINEMODE option will be automatically disabled, and saying "stty - extproc" will re-enable the LINEMODE option. - -telnet.state: - Both the client and server have code in them to deal - with option negotiation loops. The algorithm that is - used is described in this file. - -telnet: - This directory contains the client code. No kernel changes are - needed to use this code. - -telnetd: - This directory contains the server code. If LINEMODE or KLUDGELINEMODE - are defined, then the kernel modifications listed above are needed. - -libtelnet: - This directory contains code that is common to both the client - and the server. - -arpa: - This directory has a new <arpa/telnet.h> - -libtelnet/Makefile.4.4: -telnet/Makefile.4.4: -telnetd/Makefile.4.4: - These are the makefiles that can be used on a 4.3Reno - system when this software is installed in /usr/src/lib/libtelnet, - /usr/src/libexec/telnetd, and /usr/src/usr.bin/telnet. + $OpenBSD: README,v 1.5 2014/07/19 23:50:38 guenther Exp $ The following TELNET options are supported: @@ -749,16 +57,3 @@ The following TELNET options are supported: X-DISPLAY-LOCATION: This functionality can be done through the ENVIRON option, it is added here for completeness. - - AUTHENTICATION: - This option is currently being defined by the IETF - Telnet Working Group, and an RFC has not yet been - issued. The basic framework is pretty much decided, - but the definitions for the specific authentication - schemes is still in a state of flux. - - ENCRYPTION: - This option is currently being defined by the IETF - Telnet Working Group, and an RFC has not yet been - issued. The draft RFC is still in a state of flux, - so this code may change in the future. diff --git a/usr.bin/telnet/auth-proto.h b/usr.bin/telnet/auth-proto.h deleted file mode 100644 index 7693fe39cb9..00000000000 --- a/usr.bin/telnet/auth-proto.h +++ /dev/null @@ -1,132 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * from: @(#)auth-proto.h 8.1 (Berkeley) 6/4/93 - * $OpenBSD: auth-proto.h,v 1.2 2012/12/05 23:20:26 deraadt Exp $ - * $NetBSD: auth-proto.h,v 1.5 1996/02/24 01:15:16 jtk Exp $ - */ - -/* - * This source code is no longer held under any constraint of USA - * `cryptographic laws' since it was exported legally. The cryptographic - * functions were removed from the code and a "Bones" distribution was - * made. A Commodity Jurisdiction Request #012-94 was filed with the - * USA State Department, who handed it to the Commerce department. The - * code was determined to fall under General License GTDA under ECCN 5D96G, - * and hence exportable. The cryptographic interfaces were re-added by Eric - * Young, and then KTH proceeded to maintain the code in the free world. - * - */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* $KTH: auth-proto.h,v 1.10 2000/01/18 03:08:55 assar Exp $ */ - -#if defined(AUTHENTICATION) -Authenticator *findauthenticator (int, int); - -int auth_wait (char *, size_t); -void auth_disable_name (char *); -void auth_finished (Authenticator *, int); -void auth_gen_printsub (unsigned char *, int, unsigned char *, int); -void auth_init (const char *, int); -void auth_is (unsigned char *, int); -void auth_name (unsigned char*, int); -void auth_reply (unsigned char *, int); -void auth_request (void); -void auth_send (unsigned char *, int); -void auth_send_retry (void); -void auth_printsub (unsigned char*, int, unsigned char*, int); -int getauthmask (char *type, int *maskp); -int auth_enable (char *type); -int auth_disable (char *type); -int auth_onoff (char *type, int on); -int auth_togdebug (int on); -int auth_status (void); -int auth_sendname (unsigned char *cp, int len); -void auth_debug (int mode); -void auth_gen_printsub (unsigned char *data, int cnt, - unsigned char *buf, int buflen); - -#ifdef UNSAFE -int unsafe_init (Authenticator *, int); -int unsafe_send (Authenticator *); -void unsafe_is (Authenticator *, unsigned char *, int); -void unsafe_reply (Authenticator *, unsigned char *, int); -int unsafe_status (Authenticator *, char *, int); -void unsafe_printsub (unsigned char *, int, unsigned char *, int); -#endif - -#ifdef SRA -int sra_init (Authenticator *, int); -int sra_send (Authenticator *); -void sra_is (Authenticator *, unsigned char *, int); -void sra_reply (Authenticator *, unsigned char *, int); -int sra_status (Authenticator *, char *, int); -void sra_printsub (unsigned char *, int, unsigned char *, int); -#endif - -#ifdef KRB4 -int kerberos4_init (Authenticator *, int); -int kerberos4_send_mutual (Authenticator *); -int kerberos4_send_oneway (Authenticator *); -void kerberos4_is (Authenticator *, unsigned char *, int); -void kerberos4_reply (Authenticator *, unsigned char *, int); -int kerberos4_status (Authenticator *, char *, size_t, int); -void kerberos4_printsub (unsigned char *, int, unsigned char *, int); -int kerberos4_forward (Authenticator *ap, void *); -#endif - -#ifdef KRB5 -int kerberos5_init (Authenticator *, int); -int kerberos5_send_mutual (Authenticator *); -int kerberos5_send_oneway (Authenticator *); -void kerberos5_is (Authenticator *, unsigned char *, int); -void kerberos5_reply (Authenticator *, unsigned char *, int); -int kerberos5_status (Authenticator *, char *, size_t, int); -void kerberos5_printsub (unsigned char *, int, unsigned char *, int); -#endif -#endif diff --git a/usr.bin/telnet/auth.c b/usr.bin/telnet/auth.c deleted file mode 100644 index 3d787b1f34f..00000000000 --- a/usr.bin/telnet/auth.c +++ /dev/null @@ -1,659 +0,0 @@ -/* $OpenBSD: auth.c,v 1.2 2009/10/27 23:59:44 deraadt Exp $ */ - -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * This source code is no longer held under any constraint of USA - * `cryptographic laws' since it was exported legally. The cryptographic - * functions were removed from the code and a "Bones" distribution was - * made. A Commodity Jurisdiction Request #012-94 was filed with the - * USA State Department, who handed it to the Commerce department. The - * code was determined to fall under General License GTDA under ECCN 5D96G, - * and hence exportable. The cryptographic interfaces were re-added by Eric - * Young, and then KTH proceeded to maintain the code in the free world. - * - */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* "$KTH: auth.c,v 1.23 2000/01/18 03:09:34 assar Exp $" */ - -#if defined(AUTHENTICATION) -#include <stdio.h> -#include <sys/types.h> -#include <unistd.h> -#include <signal.h> -#define AUTH_NAMES -#include <arpa/telnet.h> -#include <stdlib.h> -#include <string.h> - -#include "encrypt.h" -#include "auth.h" -#include "misc-proto.h" -#include "auth-proto.h" - -#define typemask(x) (1<<((x)-1)) - -#ifdef KRB4_ENCPWD -extern krb4encpwd_init(); -extern krb4encpwd_send(); -extern krb4encpwd_is(); -extern krb4encpwd_reply(); -extern krb4encpwd_status(); -extern krb4encpwd_printsub(); -#endif - -#ifdef RSA_ENCPWD -extern rsaencpwd_init(); -extern rsaencpwd_send(); -extern rsaencpwd_is(); -extern rsaencpwd_reply(); -extern rsaencpwd_status(); -extern rsaencpwd_printsub(); -#endif - -int auth_debug_mode = 0; -int auth_has_failed = 0; -int auth_enable_encrypt = 0; -static const char *Name = "Noname"; -static int Server = 0; -static Authenticator *authenticated = 0; -static int authenticating = 0; -static int validuser = 0; -static unsigned char _auth_send_data[256]; -static unsigned char *auth_send_data; -static int auth_send_cnt = 0; - -/* - * Authentication types supported. Plese note that these are stored - * in priority order, i.e. try the first one first. - */ -Authenticator authenticators[] = { -#ifdef UNSAFE - { AUTHTYPE_UNSAFE, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, - unsafe_init, - unsafe_send, - unsafe_is, - unsafe_reply, - unsafe_status, - unsafe_printsub }, -#endif -#ifdef SRA - { AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, - sra_init, - sra_send, - sra_is, - sra_reply, - sra_status, - sra_printsub }, -#endif -#ifdef SPX - { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, - spx_init, - spx_send, - spx_is, - spx_reply, - spx_status, - spx_printsub }, - { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, - spx_init, - spx_send, - spx_is, - spx_reply, - spx_status, - spx_printsub }, -#endif -#ifdef KRB5 - { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, - kerberos5_init, - kerberos5_send_mutual, - kerberos5_is, - kerberos5_reply, - kerberos5_status, - kerberos5_printsub }, - { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, - kerberos5_init, - kerberos5_send_oneway, - kerberos5_is, - kerberos5_reply, - kerberos5_status, - kerberos5_printsub }, -#endif -#ifdef KRB4 - { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, - kerberos4_init, - kerberos4_send_mutual, - kerberos4_is, - kerberos4_reply, - kerberos4_status, - kerberos4_printsub }, - { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, - kerberos4_init, - kerberos4_send_oneway, - kerberos4_is, - kerberos4_reply, - kerberos4_status, - kerberos4_printsub }, -#endif -#ifdef KRB4_ENCPWD - { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, - krb4encpwd_init, - krb4encpwd_send, - krb4encpwd_is, - krb4encpwd_reply, - krb4encpwd_status, - krb4encpwd_printsub }, -#endif -#ifdef RSA_ENCPWD - { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, - rsaencpwd_init, - rsaencpwd_send, - rsaencpwd_is, - rsaencpwd_reply, - rsaencpwd_status, - rsaencpwd_printsub }, -#endif - { 0, }, -}; - -static Authenticator NoAuth = { 0 }; - -static int i_support = 0; -static int i_wont_support = 0; - -Authenticator * -findauthenticator(int type, int way) -{ - Authenticator *ap = authenticators; - - while (ap->type && (ap->type != type || ap->way != way)) - ++ap; - return(ap->type ? ap : 0); -} - -void -auth_init(const char *name, int server) -{ - Authenticator *ap = authenticators; - - Server = server; - Name = name; - - i_support = 0; - authenticated = 0; - authenticating = 0; - while (ap->type) { - if (!ap->init || (*ap->init)(ap, server)) { - i_support |= typemask(ap->type); - if (auth_debug_mode) - printf(">>>%s: I support auth type %d %d\r\n", - Name, - ap->type, ap->way); - } - else if (auth_debug_mode) - printf(">>>%s: Init failed: auth type %d %d\r\n", - Name, ap->type, ap->way); - ++ap; - } -} - -void -auth_disable_name(char *name) -{ - int x; - for (x = 0; x < AUTHTYPE_CNT; ++x) { - if (!strcasecmp(name, AUTHTYPE_NAME(x))) { - i_wont_support |= typemask(x); - break; - } - } -} - -int -getauthmask(char *type, int *maskp) -{ - int x; - - if (!strcasecmp(type, AUTHTYPE_NAME(0))) { - *maskp = -1; - return(1); - } - - for (x = 1; x < AUTHTYPE_CNT; ++x) { - if (!strcasecmp(type, AUTHTYPE_NAME(x))) { - *maskp = typemask(x); - return(1); - } - } - return(0); -} - -int -auth_enable(char *type) -{ - return(auth_onoff(type, 1)); -} - -int -auth_disable(char *type) -{ - return(auth_onoff(type, 0)); -} - -int -auth_onoff(char *type, int on) -{ - int i, mask = -1; - Authenticator *ap; - - if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) { - printf("auth %s 'type'\n", on ? "enable" : "disable"); - printf("Where 'type' is one of:\n"); - printf("\t%s\n", AUTHTYPE_NAME(0)); - mask = 0; - for (ap = authenticators; ap->type; ap++) { - if ((mask & (i = typemask(ap->type))) != 0) - continue; - mask |= i; - printf("\t%s\n", AUTHTYPE_NAME(ap->type)); - } - return(0); - } - - if (!getauthmask(type, &mask)) { - printf("%s: invalid authentication type\n", type); - return(0); - } - if (on) - i_wont_support &= ~mask; - else - i_wont_support |= mask; - return(1); -} - -int -auth_togdebug(int on) -{ - if (on < 0) - auth_debug_mode ^= 1; - else - auth_debug_mode = on; - printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled"); - return(1); -} - -int -auth_status(void) -{ - Authenticator *ap; - int i, mask; - - if (i_wont_support == -1) - printf("Authentication disabled\n"); - else - printf("Authentication enabled\n"); - - mask = 0; - for (ap = authenticators; ap->type; ap++) { - if ((mask & (i = typemask(ap->type))) != 0) - continue; - mask |= i; - printf("%s: %s\n", AUTHTYPE_NAME(ap->type), - (i_wont_support & typemask(ap->type)) ? - "disabled" : "enabled"); - } - return(1); -} - -/* - * This routine is called by the server to start authentication - * negotiation. - */ -void -auth_request(void) -{ - static unsigned char str_request[64] = { IAC, SB, - TELOPT_AUTHENTICATION, - TELQUAL_SEND, }; - Authenticator *ap = authenticators; - unsigned char *e = str_request + 4; - - if (!authenticating) { - authenticating = 1; - while (ap->type) { - if (i_support & ~i_wont_support & typemask(ap->type)) { - if (auth_debug_mode) { - printf(">>>%s: Sending type %d %d\r\n", - Name, ap->type, ap->way); - } - *e++ = ap->type; - *e++ = ap->way; - } - ++ap; - } - *e++ = IAC; - *e++ = SE; - telnet_net_write(str_request, e - str_request); - printsub('>', &str_request[2], e - str_request - 2); - } -} - -/* - * This is called when an AUTH SEND is received. - * It should never arrive on the server side (as only the server can - * send an AUTH SEND). - * You should probably respond to it if you can... - * - * If you want to respond to the types out of order (i.e. even - * if he sends LOGIN KERBEROS and you support both, you respond - * with KERBEROS instead of LOGIN (which is against what the - * protocol says)) you will have to hack this code... - */ -void -auth_send(unsigned char *data, int cnt) -{ - Authenticator *ap; - static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION, - TELQUAL_IS, AUTHTYPE_NULL, 0, - IAC, SE }; - if (Server) { - if (auth_debug_mode) { - printf(">>>%s: auth_send called!\r\n", Name); - } - return; - } - - if (auth_debug_mode) { - printf(">>>%s: auth_send got:", Name); - printd(data, cnt); printf("\r\n"); - } - - /* - * Save the data, if it is new, so that we can continue looking - * at it if the authorization we try doesn't work - */ - if (data < _auth_send_data || - data > _auth_send_data + sizeof(_auth_send_data)) { - auth_send_cnt = cnt > sizeof(_auth_send_data) - ? sizeof(_auth_send_data) - : cnt; - memmove(_auth_send_data, data, auth_send_cnt); - auth_send_data = _auth_send_data; - } else { - /* - * This is probably a no-op, but we just make sure - */ - auth_send_data = data; - auth_send_cnt = cnt; - } - while ((auth_send_cnt -= 2) >= 0) { - if (auth_debug_mode) - printf(">>>%s: He supports %d\r\n", - Name, *auth_send_data); - if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) { - ap = findauthenticator(auth_send_data[0], - auth_send_data[1]); - if (ap && ap->send) { - if (auth_debug_mode) - printf(">>>%s: Trying %d %d\r\n", - Name, auth_send_data[0], - auth_send_data[1]); - if ((*ap->send)(ap)) { - /* - * Okay, we found one we like - * and did it. - * we can go home now. - */ - if (auth_debug_mode) - printf(">>>%s: Using type %d\r\n", - Name, *auth_send_data); - auth_send_data += 2; - return; - } - } - /* else - * just continue on and look for the - * next one if we didn't do anything. - */ - } - auth_send_data += 2; - } - telnet_net_write(str_none, sizeof(str_none)); - printsub('>', &str_none[2], sizeof(str_none) - 2); - if (auth_debug_mode) - printf(">>>%s: Sent failure message\r\n", Name); - auth_finished(0, AUTH_REJECT); - auth_has_failed = 1; -#ifdef KANNAN - /* - * We requested strong authentication, however no mechanisms worked. - * Therefore, exit on client end. - */ - printf("Unable to securely authenticate user ... exit\n"); - exit(0); -#endif /* KANNAN */ -} - -void -auth_send_retry(void) -{ - /* - * if auth_send_cnt <= 0 then auth_send will end up rejecting - * the authentication and informing the other side of this. - */ - auth_send(auth_send_data, auth_send_cnt); -} - -void -auth_is(unsigned char *data, int cnt) -{ - Authenticator *ap; - - if (cnt < 2) - return; - - if (data[0] == AUTHTYPE_NULL) { - auth_finished(0, AUTH_REJECT); - return; - } - - if ((ap = findauthenticator(data[0], data[1]))) { - if (ap->is) - (*ap->is)(ap, data+2, cnt-2); - } else if (auth_debug_mode) - printf(">>>%s: Invalid authentication in IS: %d\r\n", - Name, *data); -} - -void -auth_reply(unsigned char *data, int cnt) -{ - Authenticator *ap; - - if (cnt < 2) - return; - - if ((ap = findauthenticator(data[0], data[1]))) { - if (ap->reply) - (*ap->reply)(ap, data+2, cnt-2); - } else if (auth_debug_mode) - printf(">>>%s: Invalid authentication in SEND: %d\r\n", - Name, *data); -} - -void -auth_name(unsigned char *data, int cnt) -{ - char savename[256]; - - if (cnt < 1) { - if (auth_debug_mode) - printf(">>>%s: Empty name in NAME\r\n", Name); - return; - } - if (cnt > sizeof(savename) - 1) { - if (auth_debug_mode) - printf(">>>%s: Name in NAME (%d) exceeds %lu length\r\n", - Name, cnt, (unsigned long)(sizeof(savename)-1)); - return; - } - memmove(savename, data, cnt); - savename[cnt] = '\0'; /* Null terminate */ - if (auth_debug_mode) - printf(">>>%s: Got NAME [%s]\r\n", Name, savename); - auth_encrypt_user(savename); -} - -int -auth_sendname(unsigned char *cp, int len) -{ - static unsigned char str_request[256+6] - = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, }; - unsigned char *e = str_request + 4; - unsigned char *ee = &str_request[sizeof(str_request)-2]; - - while (--len >= 0) { - if ((*e++ = *cp++) == IAC) - *e++ = IAC; - if (e >= ee) - return(0); - } - *e++ = IAC; - *e++ = SE; - telnet_net_write(str_request, e - str_request); - printsub('>', &str_request[2], e - &str_request[2]); - return(1); -} - -void -auth_finished(Authenticator *ap, int result) -{ - if (!(authenticated = ap)) - authenticated = &NoAuth; - validuser = result; -} - -/* ARGSUSED */ -static void -auth_intr(int sig) -{ - auth_finished(0, AUTH_REJECT); -} - -int -auth_wait(char *name, size_t name_sz) -{ - if (auth_debug_mode) - printf(">>>%s: in auth_wait.\r\n", Name); - - if (Server && !authenticating) - return(0); - - signal(SIGALRM, auth_intr); - alarm(30); - while (!authenticated) - if (telnet_spin()) - break; - alarm(0); - signal(SIGALRM, SIG_DFL); - - /* - * Now check to see if the user is valid or not - */ - if (!authenticated || authenticated == &NoAuth) - return(AUTH_REJECT); - - if (validuser == AUTH_VALID) - validuser = AUTH_USER; - - if (authenticated->status) - validuser = (*authenticated->status)(authenticated, - name, name_sz, - validuser); - return(validuser); -} - -void -auth_debug(int mode) -{ - auth_debug_mode = mode; -} - -void -auth_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) -{ - Authenticator *ap; - - if ((ap = findauthenticator(data[1], data[2])) && ap->printsub) - (*ap->printsub)(data, cnt, buf, buflen); - else - auth_gen_printsub(data, cnt, buf, buflen); -} - -void -auth_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) -{ - unsigned char *cp; - unsigned char tbuf[16]; - - cnt -= 3; - data += 3; - buf[buflen-1] = '\0'; - buf[buflen-2] = '*'; - buflen -= 2; - for (; cnt > 0; cnt--, data++) { - snprintf(tbuf, sizeof(tbuf), " %d", *data); - for (cp = tbuf; *cp && buflen > 0; --buflen) - *buf++ = *cp++; - if (buflen <= 0) - return; - } - *buf = '\0'; -} -#endif diff --git a/usr.bin/telnet/auth.h b/usr.bin/telnet/auth.h deleted file mode 100644 index 7b9ef4499f7..00000000000 --- a/usr.bin/telnet/auth.h +++ /dev/null @@ -1,91 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * from: @(#)auth.h 8.1 (Berkeley) 6/4/93 - * $OpenBSD: auth.h,v 1.1 2005/05/24 03:41:58 deraadt Exp $ - * $NetBSD: auth.h,v 1.5 1996/02/24 01:15:18 jtk Exp $ - */ - -/* - * This source code is no longer held under any constraint of USA - * `cryptographic laws' since it was exported legally. The cryptographic - * functions were removed from the code and a "Bones" distribution was - * made. A Commodity Jurisdiction Request #012-94 was filed with the - * USA State Department, who handed it to the Commerce department. The - * code was determined to fall under General License GTDA under ECCN 5D96G, - * and hence exportable. The cryptographic interfaces were re-added by Eric - * Young, and then KTH proceeded to maintain the code in the free world. - * - */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* $KTH: auth.h,v 1.4 1998/06/09 19:24:41 joda Exp $ */ - -#ifndef __AUTH__ -#define __AUTH__ - -#define AUTH_REJECT 0 /* Rejected */ -#define AUTH_UNKNOWN 1 /* We don't know who he is, but he's okay */ -#define AUTH_OTHER 2 /* We know him, but not his name */ -#define AUTH_USER 3 /* We know he name */ -#define AUTH_VALID 4 /* We know him, and he needs no password */ - -typedef struct XauthP { - int type; - int way; - int (*init) (struct XauthP *, int); - int (*send) (struct XauthP *); - void (*is) (struct XauthP *, unsigned char *, int); - void (*reply) (struct XauthP *, unsigned char *, int); - int (*status) (struct XauthP *, char *, size_t, int); - void (*printsub) (unsigned char *, int, unsigned char *, int); -} Authenticator; - -#include "auth-proto.h" - -extern int auth_debug_mode; -#endif diff --git a/usr.bin/telnet/authenc.c b/usr.bin/telnet/authenc.c deleted file mode 100644 index 8aa46027e32..00000000000 --- a/usr.bin/telnet/authenc.c +++ /dev/null @@ -1,109 +0,0 @@ -/* $OpenBSD: authenc.c,v 1.7 2005/02/27 15:46:42 otto Exp $ */ -/* $NetBSD: authenc.c,v 1.5 1996/02/28 21:03:52 thorpej Exp $ */ - -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* -RCSID("$Id: authenc.c,v 1.7 2005/02/27 15:46:42 otto Exp $"); -*/ - -#include "telnet_locl.h" - -#if defined(AUTHENTICATION) || defined(ENCRYPTION) - - int -telnet_net_write(str, len) - unsigned char *str; - int len; -{ - if (NETROOM() > len) { - ring_supply_data(&netoring, str, len); - if (str[0] == IAC && str[1] == SE) - printsub('>', &str[2], len-2); - return(len); - } - return(0); -} - - void -net_encrypt() -{ -#if defined(ENCRYPTION) - if (encrypt_output) - ring_encrypt(&netoring, encrypt_output); - else - ring_clearto(&netoring); -#endif -} - - int -telnet_spin() -{ - extern int scheduler_lockout_tty; - - scheduler_lockout_tty = 1; - Scheduler(0); - scheduler_lockout_tty = 0; - - return 0; - -} - - char * -telnet_getenv(val) - const char *val; -{ - return((char *)env_getvalue((unsigned char *)val, 0)); -} - - char * -telnet_gets(prompt, result, length, echo) - char *prompt; - char *result; - int length; - int echo; -{ - extern char *getpass(); - extern int globalmode; - int om = globalmode; - char *res; - - TerminalNewMode(-1); - if (echo) { - printf("%s", prompt); - res = fgets(result, length, stdin); - } else if ((res = getpass(prompt))) { - strncpy(result, res, length); - res = result; - } - TerminalNewMode(om); - return(res); -} -#endif /* defined(AUTHENTICATION) */ diff --git a/usr.bin/telnet/commands.c b/usr.bin/telnet/commands.c index ae9c7847814..6f5ab318c60 100644 --- a/usr.bin/telnet/commands.c +++ b/usr.bin/telnet/commands.c @@ -1,4 +1,4 @@ -/* $OpenBSD: commands.c,v 1.55 2013/10/26 21:33:29 sthen Exp $ */ +/* $OpenBSD: commands.c,v 1.56 2014/07/19 23:50:38 guenther Exp $ */ /* $NetBSD: commands.c,v 1.14 1996/03/24 22:03:48 jtk Exp $ */ /* @@ -33,9 +33,7 @@ #include "telnet_locl.h" #include <err.h> -#if defined(IPPROTO_IP) && defined(IP_TOS) int tos = -1; -#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ char *hostname; @@ -474,18 +472,10 @@ lclchars() static int togdebug() { -#ifndef NOT43 if (net > 0 && - (SetSockOpt(net, SOL_SOCKET, SO_DEBUG, debug)) < 0) { + (setsockopt(net, SOL_SOCKET, SO_DEBUG, &debug, sizeof(debug))) == -1) { perror("setsockopt (SO_DEBUG)"); } -#else /* NOT43 */ - if (debug) { - if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0) - perror("setsockopt (SO_DEBUG)"); - } else - printf("Cannot turn off socket debugging\r\n"); -#endif /* NOT43 */ return 1; } @@ -598,16 +588,6 @@ togxbinary(val) static int togglehelp(void); -#if defined(AUTHENTICATION) -extern int auth_togdebug(int); -#endif -#if defined(ENCRYPTION) -extern int EncryptAutoEnc(int); -extern int EncryptAutoDec(int); -extern int EncryptDebug(int); -extern int EncryptVerbose(int); -#endif - struct togglelist { char *name; /* name of toggle */ @@ -629,40 +609,11 @@ static struct togglelist Togglelist[] = { 0, &autosynch, "send interrupt characters in urgent mode" }, -#if defined(AUTHENTICATION) { "autologin", "automatic sending of login and/or authentication info", 0, &autologin, "send login name and/or authentication information" }, - { "authdebug", - "Toggle authentication debugging", - auth_togdebug, - 0, - "print authentication debugging information" }, -#endif -#if defined(ENCRYPTION) - { "autoencrypt", - "automatic encryption of data stream", - EncryptAutoEnc, - 0, - "automatically encrypt output" }, - { "autodecrypt", - "automatic decryption of data stream", - EncryptAutoDec, - 0, - "automatically decrypt input" }, - { "verbose_encrypt", - "Toggle verbose encryption output", - EncryptVerbose, - 0, - "print verbose encryption output" }, - { "encdebug", - "Toggle encryption debugging", - EncryptDebug, - 0, - "print encryption debugging information" }, -#endif { "skiprc", "don't read ~/.telnetrc file", 0, @@ -699,18 +650,6 @@ static struct togglelist Togglelist[] = { &localchars, "recognize certain control characters" }, { " ", "", 0, 0 }, /* empty line */ -#if defined(unix) && defined(TN3270) - { "apitrace", - "(debugging) toggle tracing of API transactions", - 0, - &apitrace, - "trace API transactions", 0 }, - { "cursesdata", - "(debugging) toggle printing of hexadecimal curses data", - 0, - &cursesdata, - "print hexadecimal representation of curses data", 0 }, -#endif /* defined(unix) && defined(TN3270) */ { "debug", "debugging", togdebug, @@ -731,13 +670,11 @@ static struct togglelist Togglelist[] = { 0, &showoptions, "show option processing" }, -#if defined(unix) { "termdata", "(debugging) toggle printing of hexadecimal terminal data", 0, &termdata, "print hexadecimal representation of terminal traffic" }, -#endif /* defined(unix) */ { "?", 0, togglehelp }, @@ -836,9 +773,7 @@ toggle(argc, argv) * The following perform the "set" command. */ -#ifdef USE_TERMIO struct termios new_tc = { 0 }; -#endif struct setlist { char *name; /* name */ @@ -1261,9 +1196,6 @@ display(argc, argv) } } /*@*/optionstatus(); -#if defined(ENCRYPTION) - EncryptStatus(); -#endif return 1; #undef doset #undef dotog @@ -1297,9 +1229,7 @@ setescape(argc, argv) } if (arg[0] != '\0') escape = arg[0]; - if (!In3270) { - printf("Escape character is '%s'.\r\n", control(escape)); - } + printf("Escape character is '%s'.\r\n", control(escape)); (void) fflush(stdout); return 1; } @@ -1345,7 +1275,6 @@ telnetsuspend() return 1; } -#if !defined(TN3270) /*ARGSUSED*/ int shell(argc, argv) @@ -1394,9 +1323,6 @@ shell(argc, argv) } return 1; } -#else /* !defined(TN3270) */ -extern int shell(); -#endif /* !defined(TN3270) */ /*VARARGS*/ static int @@ -1412,14 +1338,8 @@ bye(argc, argv) (void) NetClose(net); connected = 0; resettermname = 1; -#if defined(AUTHENTICATION) || defined(ENCRYPTION) - auth_encrypt_connect(connected); -#endif /* defined(AUTHENTICATION) */ /* reset options */ tninit(); -#if defined(TN3270) - SetIn3270(); /* Get out of 3270 mode */ -#endif /* defined(TN3270) */ } if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0)) { longjmp(toplevel, 1); @@ -1548,10 +1468,6 @@ struct envlist EnvList[] = { { "send", "Send an environment variable", env_send, 1 }, { "list", "List the current environment variables", env_list, 0 }, -#if defined(OLD_ENVIRON) && defined(ENV_HACK) - { "varval", "Reverse VAR and VALUE (auto, right, wrong, status)", - env_varval, 1 }, -#endif { "help", 0, env_help, 0 }, { "?", "Print help information", env_help, 0 }, { 0 }, @@ -1769,9 +1685,6 @@ env_send(var) struct env_lst *ep; if (my_state_is_wont(TELOPT_NEW_ENVIRON) -#ifdef OLD_ENVIRON - && my_state_is_wont(TELOPT_OLD_ENVIRON) -#endif ) { fprintf(stderr, "Cannot send '%s': Telnet ENVIRON option not enabled\r\n", @@ -1831,265 +1744,6 @@ env_getvalue(var, exported_only) return(NULL); } -#if defined(OLD_ENVIRON) && defined(ENV_HACK) - void -env_varval(what) - unsigned char *what; -{ - extern int old_env_var, old_env_value, env_auto; - int len = strlen((char *)what); - - if (len == 0) - goto unknown; - - if (strncasecmp((char *)what, "status", len) == 0) { - if (env_auto) - printf("%s%s", "VAR and VALUE are/will be ", - "determined automatically\r\n"); - if (old_env_var == OLD_ENV_VAR) - printf("VAR and VALUE set to correct definitions\r\n"); - else - printf("VAR and VALUE definitions are reversed\r\n"); - } else if (strncasecmp((char *)what, "auto", len) == 0) { - env_auto = 1; - old_env_var = OLD_ENV_VALUE; - old_env_value = OLD_ENV_VAR; - } else if (strncasecmp((char *)what, "right", len) == 0) { - env_auto = 0; - old_env_var = OLD_ENV_VAR; - old_env_value = OLD_ENV_VALUE; - } else if (strncasecmp((char *)what, "wrong", len) == 0) { - env_auto = 0; - old_env_var = OLD_ENV_VALUE; - old_env_value = OLD_ENV_VAR; - } else { -unknown: - printf("Unknown \"varval\" command. (\"auto\", \"right\", \"wrong\", \"status\")\r\n"); - } -} -#endif - -#if defined(AUTHENTICATION) -/* - * The AUTHENTICATE command. - */ - -struct authlist { - char *name; - char *help; - int (*handler)(); - int narg; -}; - -static int - auth_help(void); - -struct authlist AuthList[] = { - { "status", "Display current status of authentication information", - auth_status, 0 }, - { "disable", "Disable an authentication type ('auth disable ?' for more)", - auth_disable, 1 }, - { "enable", "Enable an authentication type ('auth enable ?' for more)", - auth_enable, 1 }, - { "help", 0, auth_help, 0 }, - { "?", "Print help information", auth_help, 0 }, - { 0 }, -}; - - static int -auth_help() -{ - struct authlist *c; - - for (c = AuthList; c->name; c++) { - if (c->help) { - if (*c->help) - printf("%-15s %s\r\n", c->name, c->help); - else - printf("\r\n"); - } - } - return 0; -} - - int -auth_cmd(argc, argv) - int argc; - char *argv[]; -{ - struct authlist *c; - - if (argc < 2) { - fprintf(stderr, - "Need an argument to 'auth' command. 'auth ?' for help.\r\n"); - return 0; - } - - c = (struct authlist *) - genget(argv[1], (char **) AuthList, sizeof(struct authlist)); - if (c == 0) { - fprintf(stderr, "'%s': unknown argument ('auth ?' for help).\r\n", - argv[1]); - return 0; - } - if (Ambiguous(c)) { - fprintf(stderr, "'%s': ambiguous argument ('auth ?' for help).\r\n", - argv[1]); - return 0; - } - if (c->narg + 2 != argc) { - fprintf(stderr, - "Need %s%d argument%s to 'auth %s' command. 'auth ?' for help.\r\n", - c->narg < argc + 2 ? "only " : "", - c->narg, c->narg == 1 ? "" : "s", c->name); - return 0; - } - return((*c->handler)(argv[2], argv[3])); -} -#endif - -#if defined(ENCRYPTION) -/* - * The ENCRYPT command. - */ - -struct encryptlist { - char *name; - char *help; - int (*handler)(); - int needconnect; - int minarg; - int maxarg; -}; - -static int - EncryptHelp (void); - -struct encryptlist EncryptList[] = { - { "enable", "Enable encryption. ('encrypt enable ?' for more)", - EncryptEnable, 1, 1, 2 }, - { "disable", "Disable encryption. ('encrypt enable ?' for more)", - EncryptDisable, 0, 1, 2 }, - { "type", "Set encryption type. ('encrypt type ?' for more)", - EncryptType, 0, 1, 1 }, - { "start", "Start encryption. ('encrypt start ?' for more)", - EncryptStart, 1, 0, 1 }, - { "stop", "Stop encryption. ('encrypt stop ?' for more)", - EncryptStop, 1, 0, 1 }, - { "input", "Start encrypting the input stream", - EncryptStartInput, 1, 0, 0 }, - { "-input", "Stop encrypting the input stream", - EncryptStopInput, 1, 0, 0 }, - { "output", "Start encrypting the output stream", - EncryptStartOutput, 1, 0, 0 }, - { "-output", "Stop encrypting the output stream", - EncryptStopOutput, 1, 0, 0 }, - - { "status", "Display current status of authentication information", - EncryptStatus, 0, 0, 0 }, - { "help", 0, EncryptHelp, 0, 0, 0 }, - { "?", "Print help information", EncryptHelp, 0, 0, 0 }, - { 0 }, -}; - -static int -EncryptHelp() -{ - struct encryptlist *c; - - for (c = EncryptList; c->name; c++) { - if (c->help) { - if (*c->help) - printf("%-15s %s\r\n", c->name, c->help); - else - printf("\r\n"); - } - } - return 0; -} - -static int -encrypt_cmd(int argc, char **argv) -{ - struct encryptlist *c; - - if (argc < 2) { - fprintf(stderr, "Need at least one argument for 'encrypt' command.\n"); - fprintf(stderr, "('encrypt ?' for help)\n"); - return 0; - } - - c = (struct encryptlist *) - genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist)); - if (c == 0) { - fprintf(stderr, "'%s': unknown argument ('encrypt ?' for help).\r\n", - argv[1]); - return 0; - } - if (Ambiguous(c)) { - fprintf(stderr, "'%s': ambiguous argument ('encrypt ?' for help).\r\n", - argv[1]); - return 0; - } - argc -= 2; - if (argc < c->minarg || argc > c->maxarg) { - if (c->minarg == c->maxarg) { - fprintf(stderr, "Need %s%d argument%s ", - c->minarg < argc ? "only " : "", c->minarg, - c->minarg == 1 ? "" : "s"); - } else { - fprintf(stderr, "Need %s%d-%d arguments ", - c->maxarg < argc ? "only " : "", c->minarg, c->maxarg); - } - fprintf(stderr, "to 'encrypt %s' command. 'encrypt ?' for help.\r\n", - c->name); - return 0; - } - if (c->needconnect && !connected) { - if (!(argc && (isprefix(argv[2], "help") || isprefix(argv[2], "?")))) { - printf("?Need to be connected first.\r\n"); - return 0; - } - } - return ((*c->handler)(argc > 0 ? argv[2] : 0, - argc > 1 ? argv[3] : 0, - argc > 2 ? argv[4] : 0)); -} -#endif - -#if defined(unix) && defined(TN3270) - static void -filestuff(fd) - int fd; -{ - int res; - -#ifdef F_GETOWN - setconnmode(0); - res = fcntl(fd, F_GETOWN, 0); - setcommandmode(); - - if (res == -1) { - perror("fcntl"); - return; - } - printf("\tOwner is %d.\r\n", res); -#endif - - setconnmode(0); - res = fcntl(fd, F_GETFL, 0); - setcommandmode(); - - if (res == -1) { - perror("fcntl"); - return; - } -#ifdef notdef - printf("\tFlags are 0x%x: %s\r\n", res, decodeflags(res)); -#endif -} -#endif /* defined(unix) && defined(TN3270) */ - /* * Print status about the connection. */ @@ -2122,44 +1776,12 @@ status(argc, argv) printf("%s character echo\r\n", (mode&MODE_ECHO) ? "Local" : "Remote"); if (my_want_state_is_will(TELOPT_LFLOW)) printf("%s flow control\r\n", (mode&MODE_FLOW) ? "Local" : "No"); -#if defined(ENCRYPTION) - encrypt_display(); -#endif } } else { printf("No connection.\r\n"); } -# if !defined(TN3270) printf("Escape character is '%s'.\r\n", control(escape)); (void) fflush(stdout); -# else /* !defined(TN3270) */ - if ((!In3270) && ((argc < 2) || strcmp(argv[1], "notmuch"))) { - printf("Escape character is '%s'.\r\n", control(escape)); - } -# if defined(unix) - if ((argc >= 2) && !strcmp(argv[1], "everything")) { - printf("SIGIO received %d time%s.\r\n", - sigiocount, (sigiocount == 1)? "":"s"); - if (In3270) { - printf("Process ID %ld, process group %ld.\r\n", - (long)getpid(), (long)getpgrp()); - printf("Terminal input:\r\n"); - filestuff(tin); - printf("Terminal output:\r\n"); - filestuff(tout); - printf("Network socket:\r\n"); - filestuff(net); - } - } - if (In3270 && transcom) { - printf("Transparent mode command is '%s'.\r\n", transcom); - } -# endif /* defined(unix) */ - (void) fflush(stdout); - if (In3270) { - return 0; - } -# endif /* defined(TN3270) */ fflush(stdout); return 1; } @@ -2268,10 +1890,8 @@ tn(argc, argv) struct sockaddr_in sin; unsigned long temp; extern char *inet_ntoa(); -#if defined(IP_OPTIONS) && defined(IPPROTO_IP) char *srp = 0; int srlen; -#endif char *cmd, *hostp = 0, *portp = 0, *user = 0, *aliasp = 0; int retry; const int niflags = NI_NUMERICHOST; @@ -2329,13 +1949,12 @@ tn(argc, argv) continue; } usage: - printf("usage: %s [-l user] [-a] host-name [port]\r\n", cmd); + printf("usage: %s [-a] [-b hostalias] [-l user] host-name [port]\r\n", cmd); return 0; } if (hostp == 0) goto usage; -#if defined(IP_OPTIONS) && defined(IPPROTO_IP) if (hostp[0] == '@' || hostp[0] == '!') { if ((hostname = strrchr(hostp, ':')) == NULL) hostname = strrchr(hostp, '@'); @@ -2352,7 +1971,6 @@ tn(argc, argv) abort(); } } else -#endif { hostname = hostp; memset(&hints, 0, sizeof(hints)); @@ -2423,30 +2041,24 @@ tn(argc, argv) } freeaddrinfo(ares); } -#if defined(IP_OPTIONS) && defined(IPPROTO_IP) if (srp && res->ai_family == AF_INET - && setsockopt(net, IPPROTO_IP, IP_OPTIONS, (char *)srp, srlen) < 0) + && setsockopt(net, IPPROTO_IP, IP_OPTIONS, srp, srlen) < 0) perror("setsockopt (IP_OPTIONS)"); -#endif -#if defined(IPPROTO_IP) && defined(IP_TOS) if (res->ai_family == AF_INET) { -# if defined(HAS_GETTOS) - struct tosent *tp; - if (tos < 0 && (tp = gettosbyname("telnet", "tcp"))) - tos = tp->t_tos; -# endif if (tos < 0) tos = IPTOS_LOWDELAY; /* Low Delay bit */ if (tos - && (setsockopt(net, IPPROTO_IP, IP_TOS, - (void *)&tos, sizeof(int)) < 0) + && (setsockopt(net, IPPROTO_IP, IP_TOS, &tos, sizeof(int)) < 0) && (errno != ENOPROTOOPT)) perror("telnet: setsockopt (IP_TOS) (ignored)"); } -#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ - if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) { - perror("setsockopt (SO_DEBUG)"); + if (debug) { + int one = 1; + + if (setsockopt(net, SOL_SOCKET, SO_DEBUG, &one, + sizeof(one)) < 0) + perror("setsockopt (SO_DEBUG)"); } if (connect(net, res->ai_addr, res->ai_addrlen) < 0) { @@ -2466,9 +2078,6 @@ tn(argc, argv) } connected++; -#if defined(AUTHENTICATION) || defined(ENCRYPTION) - auth_encrypt_connect(connected); -#endif /* defined(AUTHENTICATION) */ break; } freeaddrinfo(res0); @@ -2516,15 +2125,6 @@ static char togglestring[] ="toggle operating parameters ('toggle ?' for more)", slchelp[] = "change state of special charaters ('slc ?' for more)", displayhelp[] = "display operating parameters", -#if defined(TN3270) && defined(unix) - transcomhelp[] = "specify Unix command for transparent mode pipe", -#endif /* defined(TN3270) && defined(unix) */ -#if defined(AUTHENTICATION) - authhelp[] = "turn on (off) authentication ('auth ?' for more)", -#endif -#if defined(ENCRYPTION) - encrypthelp[] = "turn on (off) encryption ('encrypt ?' for more)", -#endif zhelp[] = "suspend telnet", #ifdef SKEY skeyhelp[] = "compute response to s/key challenge", @@ -2548,22 +2148,9 @@ static Command cmdtab[] = { { "status", statushelp, status, 0 }, { "toggle", togglestring, toggle, 0 }, { "slc", slchelp, slccmd, 0 }, -#if defined(TN3270) && defined(unix) - { "transcom", transcomhelp, settranscom, 0 }, -#endif /* defined(TN3270) && defined(unix) */ -#if defined(AUTHENTICATION) - { "auth", authhelp, auth_cmd, 0 }, -#endif -#if defined(ENCRYPTION) - { "encrypt", encrypthelp, encrypt_cmd, 0 }, -#endif { "z", zhelp, telnetsuspend, 0 }, -#if defined(TN3270) - { "!", shellhelp, shell, 1 }, -#else { "!", shellhelp, shell, 0 }, -#endif { "environ", envhelp, env_cmd, 0 }, { "?", helphelp, help, 0 }, #if defined(SKEY) @@ -2624,11 +2211,9 @@ command(top, tbuf, cnt) setcommandmode(); if (!top) { putchar('\n'); -#if defined(unix) } else { (void) signal(SIGINT, SIG_DFL); (void) signal(SIGQUIT, SIG_DFL); -#endif /* defined(unix) */ } for (;;) { if (rlogin == _POSIX_VDISABLE) @@ -2684,13 +2269,7 @@ command(top, tbuf, cnt) longjmp(toplevel, 1); /*NOTREACHED*/ } -#if defined(TN3270) - if (shell_active == 0) { - setconnmode(0); - } -#else /* defined(TN3270) */ setconnmode(0); -#endif /* defined(TN3270) */ } } @@ -2727,8 +2306,6 @@ help(argc, argv) return 0; } -#if defined(IP_OPTIONS) && defined(IPPROTO_IP) - /* * Source route is handed in as * [!]@hop1@hop2...[@|:]dst @@ -2775,9 +2352,6 @@ sourceroute(arg, cpp, lenp) int *lenp; { static char lsr[44]; -#ifdef sysV88 - static IOPTN ipopt; -#endif char *cp, *cp2, *lsrp, *lsrep; int tmp; struct in_addr sin_addr; @@ -2811,27 +2385,17 @@ sourceroute(arg, cpp, lenp) * route or a strict source route, and fill in * the begining of the option. */ -#ifndef sysV88 if (*cp == '!') { cp++; *lsrp++ = IPOPT_SSRR; } else *lsrp++ = IPOPT_LSRR; -#else - if (*cp == '!') { - cp++; - ipopt.io_type = IPOPT_SSRR; - } else - ipopt.io_type = IPOPT_LSRR; -#endif if (*cp != '@') return((unsigned long)-1); -#ifndef sysV88 lsrp++; /* skip over length, we'll fill it in later */ *lsrp++ = 4; -#endif cp++; @@ -2859,14 +2423,9 @@ sourceroute(arg, cpp, lenp) if ((tmp = inet_addr(cp)) != -1) { sin_addr.s_addr = tmp; } else if ((host = gethostbyname(cp))) { -#if defined(h_addr) memmove((caddr_t)&sin_addr, host->h_addr_list[0], sizeof(sin_addr)); -#else - memmove((caddr_t)&sin_addr, host->h_addr, - sizeof(sin_addr)); -#endif } else { *cpp = cp; return(0); @@ -2883,7 +2442,6 @@ sourceroute(arg, cpp, lenp) if (lsrp + 4 > lsrep) return((unsigned long)-1); } -#ifndef sysV88 if ((*(*cpp+IPOPT_OLEN) = lsrp - *cpp) <= 7) { *cpp = 0; *lenp = 0; @@ -2891,16 +2449,5 @@ sourceroute(arg, cpp, lenp) } *lsrp++ = IPOPT_NOP; /* 32 bit word align it */ *lenp = lsrp - *cpp; -#else - ipopt.io_len = lsrp - *cpp; - if (ipopt.io_len <= 5) { /* Is 3 better ? */ - *cpp = 0; - *lenp = 0; - return((unsigned long)-1); - } - *lenp = sizeof(ipopt); - *cpp = (char *) &ipopt; -#endif return(sin_addr.s_addr); } -#endif diff --git a/usr.bin/telnet/defines.h b/usr.bin/telnet/defines.h index 671d822db6b..5af5a1fa3b5 100644 --- a/usr.bin/telnet/defines.h +++ b/usr.bin/telnet/defines.h @@ -1,4 +1,4 @@ -/* $OpenBSD: defines.h,v 1.7 2003/06/11 23:31:51 deraadt Exp $ */ +/* $OpenBSD: defines.h,v 1.8 2014/07/19 23:50:38 guenther Exp $ */ /* $NetBSD: defines.h,v 1.5 1996/02/28 21:03:55 thorpej Exp $ */ /* @@ -32,13 +32,16 @@ * from: @(#)defines.h 8.1 (Berkeley) 6/6/93 */ -#define settimer(x) clocks.x = clocks.system++ - -#if !defined(TN3270) +typedef struct { + int + system, /* what the current time is */ + echotoggle, /* last time user entered echo character */ + modenegotiated; /* last time operating mode negotiated */ +} Clocks; -#define SetIn3270() +extern Clocks clocks; -#endif /* !defined(TN3270) */ +#define settimer(x) clocks.x = clocks.system++ #define NETADD(c) { *netoring.supply = c; ring_supplied(&netoring, 1); } #define NET2ADD(c1,c2) { NETADD(c1); NETADD(c2); } @@ -62,4 +65,3 @@ #define MODE_OUT8 0x8000 /* binary mode sans -opost */ void upcase(char *); - diff --git a/usr.bin/telnet/defs.h b/usr.bin/telnet/defs.h deleted file mode 100644 index db312be384a..00000000000 --- a/usr.bin/telnet/defs.h +++ /dev/null @@ -1,182 +0,0 @@ -/* - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)defs.h 8.1 (Berkeley) 6/4/93 - */ - -/* - * Telnet server defines - */ - -#ifndef __DEFS_H__ -#define __DEFS_H__ - -#if defined(PRINTOPTIONS) && defined(DIAGNOSTICS) -#define TELOPTS -#define TELCMDS -#define SLC_NAMES -#endif - -#if !defined(TIOCSCTTY) && defined(TCSETCTTY) -# define TIOCSCTTY TCSETCTTY -#endif - -#ifndef TIOCPKT_FLUSHWRITE -#define TIOCPKT_FLUSHWRITE 0x02 -#endif - -#ifndef TIOCPKT_NOSTOP -#define TIOCPKT_NOSTOP 0x10 -#endif - -#ifndef TIOCPKT_DOSTOP -#define TIOCPKT_DOSTOP 0x20 -#endif - -/* - * I/O data buffers defines - */ -#define NETSLOP 4096 -#ifdef _CRAY -#undef BUFSIZ -#define BUFSIZ 2048 -#endif - -#define NIACCUM(c) { *netip++ = c; \ - ncc++; \ - } - -/* clock manipulations */ -#define settimer(x) (clocks.x = ++clocks.system) -#define sequenceIs(x,y) (clocks.x < clocks.y) - -/* - * Structures of information for each special character function. - */ -typedef struct { - unsigned char flag; /* the flags for this function */ - cc_t val; /* the value of the special character */ -} slcent, *Slcent; - -typedef struct { - slcent defset; /* the default settings */ - slcent current; /* the current settings */ - cc_t *sptr; /* a pointer to the char in */ - /* system data structures */ -} slcfun, *Slcfun; - -#ifdef DIAGNOSTICS -/* - * Diagnostics capabilities - */ -#define TD_REPORT 0x01 /* Report operations to client */ -#define TD_EXERCISE 0x02 /* Exercise client's implementation */ -#define TD_NETDATA 0x04 /* Display received data stream */ -#define TD_PTYDATA 0x08 /* Display data passed to pty */ -#define TD_OPTIONS 0x10 /* Report just telnet options */ -#endif /* DIAGNOSTICS */ - -/* - * We keep track of each side of the option negotiation. - */ - -#define MY_STATE_WILL 0x01 -#define MY_WANT_STATE_WILL 0x02 -#define MY_STATE_DO 0x04 -#define MY_WANT_STATE_DO 0x08 - -/* - * Macros to check the current state of things - */ - -#define my_state_is_do(opt) (options[opt]&MY_STATE_DO) -#define my_state_is_will(opt) (options[opt]&MY_STATE_WILL) -#define my_want_state_is_do(opt) (options[opt]&MY_WANT_STATE_DO) -#define my_want_state_is_will(opt) (options[opt]&MY_WANT_STATE_WILL) - -#define my_state_is_dont(opt) (!my_state_is_do(opt)) -#define my_state_is_wont(opt) (!my_state_is_will(opt)) -#define my_want_state_is_dont(opt) (!my_want_state_is_do(opt)) -#define my_want_state_is_wont(opt) (!my_want_state_is_will(opt)) - -#define set_my_state_do(opt) (options[opt] |= MY_STATE_DO) -#define set_my_state_will(opt) (options[opt] |= MY_STATE_WILL) -#define set_my_want_state_do(opt) (options[opt] |= MY_WANT_STATE_DO) -#define set_my_want_state_will(opt) (options[opt] |= MY_WANT_STATE_WILL) - -#define set_my_state_dont(opt) (options[opt] &= ~MY_STATE_DO) -#define set_my_state_wont(opt) (options[opt] &= ~MY_STATE_WILL) -#define set_my_want_state_dont(opt) (options[opt] &= ~MY_WANT_STATE_DO) -#define set_my_want_state_wont(opt) (options[opt] &= ~MY_WANT_STATE_WILL) - -/* - * Tricky code here. What we want to know is if the MY_STATE_WILL - * and MY_WANT_STATE_WILL bits have the same value. Since the two - * bits are adjacent, a little arithmetic will show that by adding - * in the lower bit, the upper bit will be set if the two bits were - * different, and clear if they were the same. - */ -#define my_will_wont_is_changing(opt) \ - ((options[opt]+MY_STATE_WILL) & MY_WANT_STATE_WILL) - -#define my_do_dont_is_changing(opt) \ - ((options[opt]+MY_STATE_DO) & MY_WANT_STATE_DO) - -/* - * Make everything symmetrical - */ - -#define HIS_STATE_WILL MY_STATE_DO -#define HIS_WANT_STATE_WILL MY_WANT_STATE_DO -#define HIS_STATE_DO MY_STATE_WILL -#define HIS_WANT_STATE_DO MY_WANT_STATE_WILL - -#define his_state_is_do my_state_is_will -#define his_state_is_will my_state_is_do -#define his_want_state_is_do my_want_state_is_will -#define his_want_state_is_will my_want_state_is_do - -#define his_state_is_dont my_state_is_wont -#define his_state_is_wont my_state_is_dont -#define his_want_state_is_dont my_want_state_is_wont -#define his_want_state_is_wont my_want_state_is_dont - -#define set_his_state_do set_my_state_will -#define set_his_state_will set_my_state_do -#define set_his_want_state_do set_my_want_state_will -#define set_his_want_state_will set_my_want_state_do - -#define set_his_state_dont set_my_state_wont -#define set_his_state_wont set_my_state_dont -#define set_his_want_state_dont set_my_want_state_wont -#define set_his_want_state_wont set_my_want_state_dont - -#define his_will_wont_is_changing my_do_dont_is_changing -#define his_do_dont_is_changing my_will_wont_is_changing - -#endif /* __DEFS_H__ */ diff --git a/usr.bin/telnet/enc-proto.h b/usr.bin/telnet/enc-proto.h deleted file mode 100644 index 586e236ea78..00000000000 --- a/usr.bin/telnet/enc-proto.h +++ /dev/null @@ -1,153 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)enc-proto.h 8.1 (Berkeley) 6/4/93 - * - * @(#)enc-proto.h 5.2 (Berkeley) 3/22/91 - */ - - /* - * This source code is no longer held under any constraint of USA - * `cryptographic laws' since it was exported legally. The cryptographic - * functions were removed from the code and a "Bones" distribution was - * made. A Commodity Jurisdiction Request #012-94 was filed with the - * USA State Department, who handed it to the Commerce department. The - * code was determined to fall under General License GTDA under ECCN 5D96G, - * and hence exportable. The cryptographic interfaces were re-added by Eric - * Young, and then KTH proceeded to maintain the code in the free world. - * - */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* $KTH: enc-proto.h,v 1.10.8.1 2002/02/06 03:38:05 assar Exp $ */ - -#if defined(ENCRYPTION) -Encryptions *findencryption (int); -Encryptions *finddecryption(int); -int EncryptAutoDec(int); -int EncryptAutoEnc(int); -int EncryptDebug(int); -int EncryptDisable(char*, char*); -int EncryptEnable(char*, char*); -int EncryptStart(char*); -int EncryptStartInput(void); -int EncryptStartOutput(void); -int EncryptStatus(void); -int EncryptStop(char*); -int EncryptStopInput(void); -int EncryptStopOutput(void); -int EncryptType(char*, char*); -int EncryptVerbose(int); -void decrypt_auto(int); -void encrypt_auto(int); -void encrypt_debug(int); -void encrypt_dec_keyid(unsigned char*, int); -void encrypt_display(void); -void encrypt_enc_keyid(unsigned char*, int); -void encrypt_end(void); -void encrypt_gen_printsub(unsigned char*, int, unsigned char*, int); -void encrypt_init(const char*, int); -void encrypt_is(unsigned char*, int); -void encrypt_list_types(void); -void encrypt_not(void); -void encrypt_printsub(unsigned char*, int, unsigned char*, int); -void encrypt_reply(unsigned char*, int); -void encrypt_request_end(void); -void encrypt_request_start(unsigned char*, int); -void encrypt_send_end(void); -void encrypt_send_keyid(int, unsigned char*, int, int); -void encrypt_send_request_end(void); -int encrypt_is_encrypting(void); -void encrypt_send_request_start(void); -void encrypt_send_support(void); -void encrypt_session_key(Session_Key*, int); -void encrypt_start(unsigned char*, int); -void encrypt_start_output(int); -void encrypt_support(unsigned char*, int); -void encrypt_verbose_quiet(int); -void encrypt_wait(void); -int encrypt_delay(void); - -#ifdef TELENTD -void encrypt_wait (void); -#else -void encrypt_display (void); -#endif - -void cfb64_encrypt (unsigned char *, int); -int cfb64_decrypt (int); -void cfb64_init (int); -int cfb64_start (int, int); -int cfb64_is (unsigned char *, int); -int cfb64_reply (unsigned char *, int); -void cfb64_session (Session_Key *, int); -int cfb64_keyid (int, unsigned char *, int *); -void cfb64_printsub (unsigned char *, int, unsigned char *, int); - -void ofb64_encrypt (unsigned char *, int); -int ofb64_decrypt (int); -void ofb64_init (int); -int ofb64_start (int, int); -int ofb64_is (unsigned char *, int); -int ofb64_reply (unsigned char *, int); -void ofb64_session (Session_Key *, int); -int ofb64_keyid (int, unsigned char *, int *); -void ofb64_printsub (unsigned char *, int, unsigned char *, int); - -#endif - -#ifdef KRB4 -int check_krb4_tickets(); -#else -#define check_krb4_tickets() 0 -#endif - -#ifdef KRB5 -int check_krb5_tickets(); -#else -#define check_krb5_tickets() 0 -#endif diff --git a/usr.bin/telnet/enc_des.c b/usr.bin/telnet/enc_des.c deleted file mode 100644 index 65853c101a9..00000000000 --- a/usr.bin/telnet/enc_des.c +++ /dev/null @@ -1,653 +0,0 @@ -/* $OpenBSD: enc_des.c,v 1.3 2014/04/16 05:49:55 jsg Exp $ */ - -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $KTH: enc_des.c,v 1.16 1998/07/09 23:16:23 assar Exp $ */ - -#if defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION) -#include <arpa/telnet.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "encrypt.h" -#include "misc-proto.h" -#include <openssl/des.h> -#include <openssl/rand.h> - -extern int encrypt_debug_mode; - -#define CFB 0 -#define OFB 1 - -#define NO_SEND_IV 1 -#define NO_RECV_IV 2 -#define NO_KEYID 4 -#define IN_PROGRESS (NO_SEND_IV|NO_RECV_IV|NO_KEYID) -#define SUCCESS 0 -#define FAILED -1 - - -struct stinfo { - DES_cblock str_output; - DES_cblock str_feed; - DES_cblock str_iv; - DES_cblock str_ikey; - DES_key_schedule str_sched; - int str_index; - int str_flagshift; -}; - -struct fb { - DES_cblock krbdes_key; - DES_key_schedule krbdes_sched; - DES_cblock temp_feed; - unsigned char fb_feed[64]; - int need_start; - int state[2]; - int keyid[2]; - int once; - struct stinfo streams[2]; -}; - -static struct fb fb[2]; - -struct keyidlist { - char *keyid; - int keyidlen; - char *key; - int keylen; - int flags; -} keyidlist [] = { - { "\0", 1, 0, 0, 0 }, /* default key of zero */ - { 0, 0, 0, 0, 0 } -}; - -#define KEYFLAG_MASK 03 - -#define KEYFLAG_NOINIT 00 -#define KEYFLAG_INIT 01 -#define KEYFLAG_OK 02 -#define KEYFLAG_BAD 03 - -#define KEYFLAG_SHIFT 2 - -#define SHIFT_VAL(a,b) (KEYFLAG_SHIFT*((a)+((b)*2))) - -#define FB64_IV 1 -#define FB64_IV_OK 2 -#define FB64_IV_BAD 3 - - -void fb64_stream_iv (DES_cblock, struct stinfo *); -void fb64_init (struct fb *); -static int fb64_start (struct fb *, int, int); -int fb64_is (unsigned char *, int, struct fb *); -int fb64_reply (unsigned char *, int, struct fb *); -static void fb64_session (Session_Key *, int, struct fb *); -void fb64_stream_key (DES_cblock, struct stinfo *); -int fb64_keyid (int, unsigned char *, int *, struct fb *); - -void cfb64_init(int server) -{ - fb64_init(&fb[CFB]); - fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64; - fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB); - fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB); -} - - -void ofb64_init(int server) -{ - fb64_init(&fb[OFB]); - fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64; - fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB); - fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB); -} - -void fb64_init(struct fb *fbp) -{ - memset(fbp,0, sizeof(*fbp)); - fbp->state[0] = fbp->state[1] = FAILED; - fbp->fb_feed[0] = IAC; - fbp->fb_feed[1] = SB; - fbp->fb_feed[2] = TELOPT_ENCRYPT; - fbp->fb_feed[3] = ENCRYPT_IS; -} - -/* - * Returns: - * -1: some error. Negotiation is done, encryption not ready. - * 0: Successful, initial negotiation all done. - * 1: successful, negotiation not done yet. - * 2: Not yet. Other things (like getting the key from - * Kerberos) have to happen before we can continue. - */ -int cfb64_start(int dir, int server) -{ - return(fb64_start(&fb[CFB], dir, server)); -} - -int ofb64_start(int dir, int server) -{ - return(fb64_start(&fb[OFB], dir, server)); -} - -static int fb64_start(struct fb *fbp, int dir, int server) -{ - int x; - unsigned char *p; - int state; - - switch (dir) { - case DIR_DECRYPT: - /* - * This is simply a request to have the other side - * start output (our input). He will negotiate an - * IV so we need not look for it. - */ - state = fbp->state[dir-1]; - if (state == FAILED) - state = IN_PROGRESS; - break; - - case DIR_ENCRYPT: - state = fbp->state[dir-1]; - if (state == FAILED) - state = IN_PROGRESS; - else if ((state & NO_SEND_IV) == 0) { - break; - } - - if (!VALIDKEY(fbp->krbdes_key)) { - fbp->need_start = 1; - break; - } - - state &= ~NO_SEND_IV; - state |= NO_RECV_IV; - if (encrypt_debug_mode) - printf("Creating new feed\r\n"); - /* - * Create a random feed and send it over. - */ - do { - if (RAND_bytes(fbp->temp_feed, - sizeof(*fbp->temp_feed)) != 1) - abort(); - DES_set_odd_parity(&fbp->temp_feed); - } while(DES_is_weak_key(&fbp->temp_feed)); - - DES_ecb_encrypt(&fbp->temp_feed, - &fbp->temp_feed, - &fbp->krbdes_sched, 1); - p = fbp->fb_feed + 3; - *p++ = ENCRYPT_IS; - p++; - *p++ = FB64_IV; - for (x = 0; x < sizeof(DES_cblock); ++x) { - if ((*p++ = fbp->temp_feed[x]) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); - telnet_net_write(fbp->fb_feed, p - fbp->fb_feed); - break; - default: - return(FAILED); - } - return(fbp->state[dir-1] = state); -} - -/* - * Returns: - * -1: some error. Negotiation is done, encryption not ready. - * 0: Successful, initial negotiation all done. - * 1: successful, negotiation not done yet. - */ - -int cfb64_is(unsigned char *data, int cnt) -{ - return(fb64_is(data, cnt, &fb[CFB])); -} - -int ofb64_is(unsigned char *data, int cnt) -{ - return(fb64_is(data, cnt, &fb[OFB])); -} - - -int fb64_is(unsigned char *data, int cnt, struct fb *fbp) -{ - unsigned char *p; - int state = fbp->state[DIR_DECRYPT-1]; - - if (cnt-- < 1) - goto failure; - - switch (*data++) { - case FB64_IV: - if (cnt != sizeof(DES_cblock)) { - if (encrypt_debug_mode) - printf("CFB64: initial vector failed on size\r\n"); - state = FAILED; - goto failure; - } - - if (encrypt_debug_mode) - printf("CFB64: initial vector received\r\n"); - - if (encrypt_debug_mode) - printf("Initializing Decrypt stream\r\n"); - - fb64_stream_iv(data, &fbp->streams[DIR_DECRYPT-1]); - - p = fbp->fb_feed + 3; - *p++ = ENCRYPT_REPLY; - p++; - *p++ = FB64_IV_OK; - *p++ = IAC; - *p++ = SE; - printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); - telnet_net_write(fbp->fb_feed, p - fbp->fb_feed); - - state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS; - break; - - default: - if (encrypt_debug_mode) { - printf("Unknown option type: %d\r\n", *(data-1)); - printd(data, cnt); - printf("\r\n"); - } - /* FALL THROUGH */ - failure: - /* - * We failed. Send an FB64_IV_BAD option - * to the other side so it will know that - * things failed. - */ - p = fbp->fb_feed + 3; - *p++ = ENCRYPT_REPLY; - p++; - *p++ = FB64_IV_BAD; - *p++ = IAC; - *p++ = SE; - printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); - telnet_net_write(fbp->fb_feed, p - fbp->fb_feed); - - break; - } - return(fbp->state[DIR_DECRYPT-1] = state); -} - -/* - * Returns: - * -1: some error. Negotiation is done, encryption not ready. - * 0: Successful, initial negotiation all done. - * 1: successful, negotiation not done yet. - */ - -int cfb64_reply(unsigned char *data, int cnt) -{ - return(fb64_reply(data, cnt, &fb[CFB])); -} - -int ofb64_reply(unsigned char *data, int cnt) -{ - return(fb64_reply(data, cnt, &fb[OFB])); -} - - -int fb64_reply(unsigned char *data, int cnt, struct fb *fbp) -{ - int state = fbp->state[DIR_ENCRYPT-1]; - - if (cnt-- < 1) - goto failure; - - switch (*data++) { - case FB64_IV_OK: - fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]); - if (state == FAILED) - state = IN_PROGRESS; - state &= ~NO_RECV_IV; - encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1); - break; - - case FB64_IV_BAD: - memset(fbp->temp_feed, 0, sizeof(DES_cblock)); - fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]); - state = FAILED; - break; - - default: - if (encrypt_debug_mode) { - printf("Unknown option type: %d\r\n", data[-1]); - printd(data, cnt); - printf("\r\n"); - } - /* FALL THROUGH */ - failure: - state = FAILED; - break; - } - return(fbp->state[DIR_ENCRYPT-1] = state); -} - -void cfb64_session(Session_Key *key, int server) -{ - fb64_session(key, server, &fb[CFB]); -} - -void ofb64_session(Session_Key *key, int server) -{ - fb64_session(key, server, &fb[OFB]); -} - -static void fb64_session(Session_Key *key, int server, struct fb *fbp) -{ - - if (!key || key->type != SK_DES) { - if (encrypt_debug_mode) - printf("Can't set krbdes's session key (%d != %d)\r\n", - key ? key->type : -1, SK_DES); - return; - } - memcpy(fbp->krbdes_key, key->data, sizeof(DES_cblock)); - - fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]); - fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]); - - RAND_seed(key->data, key->length); - - DES_set_key_checked((DES_cblock *)&fbp->krbdes_key, - &fbp->krbdes_sched); - - /* - * Now look to see if krbdes_start() was was waiting for - * the key to show up. If so, go ahead an call it now - * that we have the key. - */ - if (fbp->need_start) { - fbp->need_start = 0; - fb64_start(fbp, DIR_ENCRYPT, server); - } -} - -/* - * We only accept a keyid of 0. If we get a keyid of - * 0, then mark the state as SUCCESS. - */ - -int cfb64_keyid(int dir, unsigned char *kp, int *lenp) -{ - return(fb64_keyid(dir, kp, lenp, &fb[CFB])); -} - -int ofb64_keyid(int dir, unsigned char *kp, int *lenp) -{ - return(fb64_keyid(dir, kp, lenp, &fb[OFB])); -} - -int fb64_keyid(int dir, unsigned char *kp, int *lenp, struct fb *fbp) -{ - int state = fbp->state[dir-1]; - - if (*lenp != 1 || (*kp != '\0')) { - *lenp = 0; - return(state); - } - - if (state == FAILED) - state = IN_PROGRESS; - - state &= ~NO_KEYID; - - return(fbp->state[dir-1] = state); -} - -void fb64_printsub(unsigned char *data, int cnt, - unsigned char *buf, int buflen, char *type) -{ - char lbuf[32]; - int i; - char *cp; - - buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ - buflen -= 1; - - switch(data[2]) { - case FB64_IV: - snprintf(lbuf, sizeof(lbuf), "%s_IV", type); - cp = lbuf; - goto common; - - case FB64_IV_OK: - snprintf(lbuf, sizeof(lbuf), "%s_IV_OK", type); - cp = lbuf; - goto common; - - case FB64_IV_BAD: - snprintf(lbuf, sizeof(lbuf), "%s_IV_BAD", type); - cp = lbuf; - goto common; - - default: - snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[2]); - cp = lbuf; - common: - for (; (buflen > 0) && (*buf = *cp++); buf++) - buflen--; - for (i = 3; i < cnt; i++) { - snprintf(lbuf, sizeof(lbuf), " %d", data[i]); - for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++) - buflen--; - } - break; - } -} - -void cfb64_printsub(unsigned char *data, int cnt, - unsigned char *buf, int buflen) -{ - fb64_printsub(data, cnt, buf, buflen, "CFB64"); -} - -void ofb64_printsub(unsigned char *data, int cnt, - unsigned char *buf, int buflen) -{ - fb64_printsub(data, cnt, buf, buflen, "OFB64"); -} - -void fb64_stream_iv(DES_cblock seed, struct stinfo *stp) -{ - - memcpy(stp->str_iv, seed,sizeof(DES_cblock)); - memcpy(stp->str_output, seed, sizeof(DES_cblock)); - - DES_key_sched(&stp->str_ikey, &stp->str_sched); - - stp->str_index = sizeof(DES_cblock); -} - -void fb64_stream_key(DES_cblock key, struct stinfo *stp) -{ - memcpy(stp->str_ikey, key, sizeof(DES_cblock)); - DES_key_sched((DES_cblock*)key, &stp->str_sched); - - memcpy(stp->str_output, stp->str_iv, sizeof(DES_cblock)); - - stp->str_index = sizeof(DES_cblock); -} - -/* - * DES 64 bit Cipher Feedback - * - * key --->+-----+ - * +->| DES |--+ - * | +-----+ | - * | v - * INPUT --(--------->(+)+---> DATA - * | | - * +-------------+ - * - * - * Given: - * iV: Initial vector, 64 bits (8 bytes) long. - * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt). - * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output. - * - * V0 = DES(iV, key) - * On = Dn ^ Vn - * V(n+1) = DES(On, key) - */ - -void cfb64_encrypt(unsigned char *s, int c) -{ - struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1]; - int index; - - index = stp->str_index; - while (c-- > 0) { - if (index == sizeof(DES_cblock)) { - DES_cblock b; - DES_ecb_encrypt(&stp->str_output, &b, &stp->str_sched, 1); - memcpy(stp->str_feed, b, sizeof(DES_cblock)); - index = 0; - } - - /* On encryption, we store (feed ^ data) which is cypher */ - *s = stp->str_output[index] = (stp->str_feed[index] ^ *s); - s++; - index++; - } - stp->str_index = index; -} - -int cfb64_decrypt(int data) -{ - struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1]; - int index; - - if (data == -1) { - /* - * Back up one byte. It is assumed that we will - * never back up more than one byte. If we do, this - * may or may not work. - */ - if (stp->str_index) - --stp->str_index; - return(0); - } - - index = stp->str_index++; - if (index == sizeof(DES_cblock)) { - DES_cblock b; - DES_ecb_encrypt(&stp->str_output,&b, &stp->str_sched, 1); - memcpy(stp->str_feed, b, sizeof(DES_cblock)); - stp->str_index = 1; /* Next time will be 1 */ - index = 0; /* But now use 0 */ - } - - /* On decryption we store (data) which is cypher. */ - stp->str_output[index] = data; - return(data ^ stp->str_feed[index]); -} - -/* - * DES 64 bit Output Feedback - * - * key --->+-----+ - * +->| DES |--+ - * | +-----+ | - * +-----------+ - * v - * INPUT -------->(+) ----> DATA - * - * Given: - * iV: Initial vector, 64 bits (8 bytes) long. - * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt). - * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output. - * - * V0 = DES(iV, key) - * V(n+1) = DES(Vn, key) - * On = Dn ^ Vn - */ - -void ofb64_encrypt(unsigned char *s, int c) -{ - struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1]; - int index; - - index = stp->str_index; - while (c-- > 0) { - if (index == sizeof(DES_cblock)) { - DES_cblock b; - DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1); - memcpy(stp->str_feed, b, sizeof(DES_cblock)); - index = 0; - } - *s++ ^= stp->str_feed[index]; - index++; - } - stp->str_index = index; -} - -int ofb64_decrypt(int data) -{ - struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1]; - int index; - - if (data == -1) { - /* - * Back up one byte. It is assumed that we will - * never back up more than one byte. If we do, this - * may or may not work. - */ - if (stp->str_index) - --stp->str_index; - return(0); - } - - index = stp->str_index++; - if (index == sizeof(DES_cblock)) { - DES_cblock b; - DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1); - memcpy(stp->str_feed, b, sizeof(DES_cblock)); - stp->str_index = 1; /* Next time will be 1 */ - index = 0; /* But now use 0 */ - } - - return(data ^ stp->str_feed[index]); -} -#endif - diff --git a/usr.bin/telnet/encrypt.c b/usr.bin/telnet/encrypt.c deleted file mode 100644 index 006bd25cfe7..00000000000 --- a/usr.bin/telnet/encrypt.c +++ /dev/null @@ -1,1008 +0,0 @@ -/* $OpenBSD: encrypt.c,v 1.4 2011/12/28 21:09:48 jsg Exp $ */ - -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - - /* - * This source code is no longer held under any constraint of USA - * `cryptographic laws' since it was exported legally. The cryptographic - * functions were removed from the code and a "Bones" distribution was - * made. A Commodity Jurisdiction Request #012-94 was filed with the - * USA State Department, who handed it to the Commerce department. The - * code was determined to fall under General License GTDA under ECCN 5D96G, - * and hence exportable. The cryptographic interfaces were re-added by Eric - * Young, and then KTH proceeded to maintain the code in the free world. - * - */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* -RCSID("$KTH: encrypt.c,v 1.22.8.1 2002/02/06 03:39:13 assar Exp $"); -*/ - -#if defined(ENCRYPTION) - -#define ENCRYPT_NAMES -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/types.h> -#include <arpa/telnet.h> - -#include "encrypt.h" -#include "misc.h" - - - -/* - * These functions pointers point to the current routines - * for encrypting and decrypting data. - */ -void (*encrypt_output) (unsigned char *, int); -int (*decrypt_input) (int); -char *nclearto; - -int encrypt_debug_mode = 0; -static int decrypt_mode = 0; -static int encrypt_mode = 0; -static int encrypt_verbose = 0; -static int autoencrypt = 0; -static int autodecrypt = 0; -static int havesessionkey = 0; -static int Server = 0; -static const char *Name = "Noname"; - -#define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) - -static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64) - | typemask(ENCTYPE_DES_OFB64); - static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64) - | typemask(ENCTYPE_DES_OFB64); - static long i_wont_support_encrypt = 0; - static long i_wont_support_decrypt = 0; -#define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt) -#define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt) - - static long remote_supports_encrypt = 0; - static long remote_supports_decrypt = 0; - - static Encryptions encryptions[] = { -#if defined(DES_ENCRYPTION) - { "DES_CFB64", ENCTYPE_DES_CFB64, - cfb64_encrypt, - cfb64_decrypt, - cfb64_init, - cfb64_start, - cfb64_is, - cfb64_reply, - cfb64_session, - cfb64_keyid, - cfb64_printsub }, - { "DES_OFB64", ENCTYPE_DES_OFB64, - ofb64_encrypt, - ofb64_decrypt, - ofb64_init, - ofb64_start, - ofb64_is, - ofb64_reply, - ofb64_session, - ofb64_keyid, - ofb64_printsub }, -#endif - { 0, }, - }; - -static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT, - ENCRYPT_SUPPORT }; -static unsigned char str_suplen = 0; -static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT }; -static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE }; - -Encryptions * -findencryption(int type) -{ - Encryptions *ep = encryptions; - - if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type))) - return(0); - while (ep->type && ep->type != type) - ++ep; - return(ep->type ? ep : 0); -} - -Encryptions * -finddecryption(int type) -{ - Encryptions *ep = encryptions; - - if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type))) - return(0); - while (ep->type && ep->type != type) - ++ep; - return(ep->type ? ep : 0); -} - -#define MAXKEYLEN 64 - -static struct key_info { - unsigned char keyid[MAXKEYLEN]; - int keylen; - int dir; - int *modep; - Encryptions *(*getcrypt)(int); -} ki[2] = { - { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption }, - { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption }, -}; - -void -encrypt_init(const char *name, int server) -{ - Encryptions *ep = encryptions; - - Name = name; - Server = server; - i_support_encrypt = i_support_decrypt = 0; - remote_supports_encrypt = remote_supports_decrypt = 0; - encrypt_mode = 0; - decrypt_mode = 0; - encrypt_output = 0; - decrypt_input = 0; -#ifdef notdef - encrypt_verbose = !server; -#endif - - str_suplen = 4; - - while (ep->type) { - if (encrypt_debug_mode) - printf(">>>%s: I will support %s\r\n", - Name, ENCTYPE_NAME(ep->type)); - i_support_encrypt |= typemask(ep->type); - i_support_decrypt |= typemask(ep->type); - if ((i_wont_support_decrypt & typemask(ep->type)) == 0) - if ((str_send[str_suplen++] = ep->type) == IAC) - str_send[str_suplen++] = IAC; - if (ep->init) - (*ep->init)(Server); - ++ep; - } - str_send[str_suplen++] = IAC; - str_send[str_suplen++] = SE; -} - -void -encrypt_list_types(void) -{ - Encryptions *ep = encryptions; - - printf("Valid encryption types:\n"); - while (ep->type) { - printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type); - ++ep; - } -} - -int -EncryptEnable(char *type, char *mode) -{ - if (isprefix(type, "help") || isprefix(type, "?")) { - printf("Usage: encrypt enable <type> [input|output]\n"); - encrypt_list_types(); - return(0); - } - if (EncryptType(type, mode)) - return(EncryptStart(mode)); - return(0); -} - -int -EncryptDisable(char *type, char *mode) -{ - Encryptions *ep; - int ret = 0; - - if (isprefix(type, "help") || isprefix(type, "?")) { - printf("Usage: encrypt disable <type> [input|output]\n"); - encrypt_list_types(); - } else if ((ep = (Encryptions *)genget(type, (char**)encryptions, - sizeof(Encryptions))) == 0) { - printf("%s: invalid encryption type\n", type); - } else if (Ambiguous(ep)) { - printf("Ambiguous type '%s'\n", type); - } else { - if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) { - if (decrypt_mode == ep->type) - EncryptStopInput(); - i_wont_support_decrypt |= typemask(ep->type); - ret = 1; - } - if ((mode == 0) || (isprefix(mode, "output"))) { - if (encrypt_mode == ep->type) - EncryptStopOutput(); - i_wont_support_encrypt |= typemask(ep->type); - ret = 1; - } - if (ret == 0) - printf("%s: invalid encryption mode\n", mode); - } - return(ret); -} - -int -EncryptType(char *type, char *mode) -{ - Encryptions *ep; - int ret = 0; - - if (isprefix(type, "help") || isprefix(type, "?")) { - printf("Usage: encrypt type <type> [input|output]\n"); - encrypt_list_types(); - } else if ((ep = (Encryptions *)genget(type, (char**)encryptions, - sizeof(Encryptions))) == 0) { - printf("%s: invalid encryption type\n", type); - } else if (Ambiguous(ep)) { - printf("Ambiguous type '%s'\n", type); - } else { - if ((mode == 0) || isprefix(mode, "input")) { - decrypt_mode = ep->type; - i_wont_support_decrypt &= ~typemask(ep->type); - ret = 1; - } - if ((mode == 0) || isprefix(mode, "output")) { - encrypt_mode = ep->type; - i_wont_support_encrypt &= ~typemask(ep->type); - ret = 1; - } - if (ret == 0) - printf("%s: invalid encryption mode\n", mode); - } - return(ret); -} - -int -EncryptStart(char *mode) -{ - int ret = 0; - if (mode) { - if (isprefix(mode, "input")) - return(EncryptStartInput()); - if (isprefix(mode, "output")) - return(EncryptStartOutput()); - if (isprefix(mode, "help") || isprefix(mode, "?")) { - printf("Usage: encrypt start [input|output]\n"); - return(0); - } - printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode); - return(0); - } - ret += EncryptStartInput(); - ret += EncryptStartOutput(); - return(ret); -} - -int -EncryptStartInput(void) -{ - if (decrypt_mode) { - encrypt_send_request_start(); - return(1); - } - printf("No previous decryption mode, decryption not enabled\r\n"); - return(0); -} - -int -EncryptStartOutput(void) -{ - if (encrypt_mode) { - encrypt_start_output(encrypt_mode); - return(1); - } - printf("No previous encryption mode, encryption not enabled\r\n"); - return(0); -} - -int -EncryptStop(char *mode) -{ - int ret = 0; - if (mode) { - if (isprefix(mode, "input")) - return(EncryptStopInput()); - if (isprefix(mode, "output")) - return(EncryptStopOutput()); - if (isprefix(mode, "help") || isprefix(mode, "?")) { - printf("Usage: encrypt stop [input|output]\n"); - return(0); - } - printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode); - return(0); - } - ret += EncryptStopInput(); - ret += EncryptStopOutput(); - return(ret); -} - -int -EncryptStopInput(void) -{ - encrypt_send_request_end(); - return(1); -} - -int -EncryptStopOutput(void) -{ - encrypt_send_end(); - return(1); -} - -void -encrypt_display(void) -{ - printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n", - autoencrypt?"on":"off", autodecrypt?"on":"off"); - - if (encrypt_output) - printf("Currently encrypting output with %s\r\n", - ENCTYPE_NAME(encrypt_mode)); - else - printf("Currently not encrypting output\r\n"); - - if (decrypt_input) - printf("Currently decrypting input with %s\r\n", - ENCTYPE_NAME(decrypt_mode)); - else - printf("Currently not decrypting input\r\n"); -} - -int -EncryptStatus(void) -{ - printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n", - autoencrypt?"on":"off", autodecrypt?"on":"off"); - - if (encrypt_output) - printf("Currently encrypting output with %s\r\n", - ENCTYPE_NAME(encrypt_mode)); - else if (encrypt_mode) { - printf("Currently output is clear text.\r\n"); - printf("Last encryption mode was %s\r\n", - ENCTYPE_NAME(encrypt_mode)); - } else - printf("Currently not encrypting output\r\n"); - - if (decrypt_input) { - printf("Currently decrypting input with %s\r\n", - ENCTYPE_NAME(decrypt_mode)); - } else if (decrypt_mode) { - printf("Currently input is clear text.\r\n"); - printf("Last decryption mode was %s\r\n", - ENCTYPE_NAME(decrypt_mode)); - } else - printf("Currently not decrypting input\r\n"); - - return 1; -} - -void -encrypt_send_support(void) -{ - if (str_suplen) { - /* - * If the user has requested that decryption start - * immediately, then send a "REQUEST START" before - * we negotiate the type. - */ - if (!Server && autodecrypt) - encrypt_send_request_start(); - telnet_net_write(str_send, str_suplen); - printsub('>', &str_send[2], str_suplen - 2); - str_suplen = 0; - } -} - -int -EncryptDebug(int on) -{ - if (on < 0) - encrypt_debug_mode ^= 1; - else - encrypt_debug_mode = on; - printf("Encryption debugging %s\r\n", - encrypt_debug_mode ? "enabled" : "disabled"); - return(1); -} - -/* turn on verbose encryption, but dont keep telling the whole world - */ -void encrypt_verbose_quiet(int on) -{ - if(on < 0) - encrypt_verbose ^= 1; - else - encrypt_verbose = on ? 1 : 0; -} - -int -EncryptVerbose(int on) -{ - encrypt_verbose_quiet(on); - printf("Encryption %s verbose\r\n", - encrypt_verbose ? "is" : "is not"); - return(1); -} - -int -EncryptAutoEnc(int on) -{ - encrypt_auto(on); - printf("Automatic encryption of output is %s\r\n", - autoencrypt ? "enabled" : "disabled"); - return(1); -} - -int -EncryptAutoDec(int on) -{ - decrypt_auto(on); - printf("Automatic decryption of input is %s\r\n", - autodecrypt ? "enabled" : "disabled"); - return(1); -} - -/* Called when we receive a WONT or a DONT ENCRYPT after we sent a DO - encrypt */ -void -encrypt_not(void) -{ - if (encrypt_verbose) - printf("[ Connection is NOT encrypted ]\r\n"); -} - -/* - * Called when ENCRYPT SUPPORT is received. - */ -void -encrypt_support(unsigned char *typelist, int cnt) -{ - int type, use_type = 0; - Encryptions *ep; - - /* - * Forget anything the other side has previously told us. - */ - remote_supports_decrypt = 0; - - while (cnt-- > 0) { - type = *typelist++; - if (encrypt_debug_mode) - printf(">>>%s: He is supporting %s (%d)\r\n", - Name, - ENCTYPE_NAME(type), type); - if ((type < ENCTYPE_CNT) && - (I_SUPPORT_ENCRYPT & typemask(type))) { - remote_supports_decrypt |= typemask(type); - if (use_type == 0) - use_type = type; - } - } - if (use_type) { - ep = findencryption(use_type); - if (!ep) - return; - type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0; - if (encrypt_debug_mode) - printf(">>>%s: (*ep->start)() returned %d\r\n", - Name, type); - if (type < 0) - return; - encrypt_mode = use_type; - if (type == 0) - encrypt_start_output(use_type); - } -} - -void -encrypt_is(unsigned char *data, int cnt) -{ - Encryptions *ep; - int type, ret; - - if (--cnt < 0) - return; - type = *data++; - if (type < ENCTYPE_CNT) - remote_supports_encrypt |= typemask(type); - if (!(ep = finddecryption(type))) { - if (encrypt_debug_mode) - printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", - Name, - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - return; - } - if (!ep->is) { - if (encrypt_debug_mode) - printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", - Name, - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - ret = 0; - } else { - ret = (*ep->is)(data, cnt); - if (encrypt_debug_mode) - printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt, - (ret < 0) ? "FAIL " : - (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); - } - if (ret < 0) { - autodecrypt = 0; - } else { - decrypt_mode = type; - if (ret == 0 && autodecrypt) - encrypt_send_request_start(); - } -} - -void -encrypt_reply(unsigned char *data, int cnt) -{ - Encryptions *ep; - int ret, type; - - if (--cnt < 0) - return; - type = *data++; - if (!(ep = findencryption(type))) { - if (encrypt_debug_mode) - printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", - Name, - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - return; - } - if (!ep->reply) { - if (encrypt_debug_mode) - printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", - Name, - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - ret = 0; - } else { - ret = (*ep->reply)(data, cnt); - if (encrypt_debug_mode) - printf("(*ep->reply)(%p, %d) returned %s(%d)\n", - data, cnt, - (ret < 0) ? "FAIL " : - (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); - } - if (encrypt_debug_mode) - printf(">>>%s: encrypt_reply returned %d\n", Name, ret); - if (ret < 0) { - autoencrypt = 0; - } else { - encrypt_mode = type; - if (ret == 0 && autoencrypt) - encrypt_start_output(type); - } -} - -/* - * Called when a ENCRYPT START command is received. - */ -void -encrypt_start(unsigned char *data, int cnt) -{ - Encryptions *ep; - - if (!decrypt_mode) { - /* - * Something is wrong. We should not get a START - * command without having already picked our - * decryption scheme. Send a REQUEST-END to - * attempt to clear the channel... - */ - printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name); - encrypt_send_request_end(); - return; - } - - if ((ep = finddecryption(decrypt_mode))) { - decrypt_input = ep->input; - if (encrypt_verbose) - printf("[ Input is now decrypted with type %s ]\r\n", - ENCTYPE_NAME(decrypt_mode)); - if (encrypt_debug_mode) - printf(">>>%s: Start to decrypt input with type %s\r\n", - Name, ENCTYPE_NAME(decrypt_mode)); - } else { - printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n", - Name, - ENCTYPE_NAME_OK(decrypt_mode) - ? ENCTYPE_NAME(decrypt_mode) - : "(unknown)", - decrypt_mode); - encrypt_send_request_end(); - } -} - -void -encrypt_session_key(Session_Key *key, int server) -{ - Encryptions *ep = encryptions; - - havesessionkey = 1; - - while (ep->type) { - if (ep->session) - (*ep->session)(key, server); - ++ep; - } -} - -/* - * Called when ENCRYPT END is received. - */ -void -encrypt_end(void) -{ - decrypt_input = 0; - if (encrypt_debug_mode) - printf(">>>%s: Input is back to clear text\r\n", Name); - if (encrypt_verbose) - printf("[ Input is now clear text ]\r\n"); -} - -/* - * Called when ENCRYPT REQUEST-END is received. - */ -void -encrypt_request_end(void) -{ - encrypt_send_end(); -} - -/* - * Called when ENCRYPT REQUEST-START is received. If we receive - * this before a type is picked, then that indicates that the - * other side wants us to start encrypting data as soon as we - * can. - */ -void -encrypt_request_start(unsigned char *data, int cnt) -{ - if (encrypt_mode == 0) { - if (Server) - autoencrypt = 1; - return; - } - encrypt_start_output(encrypt_mode); -} - -static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT }; - -static void -encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len) -{ - Encryptions *ep; - int dir = kp->dir; - int ret = 0; - - if (len > MAXKEYLEN) - len = MAXKEYLEN; - - if (!(ep = (*kp->getcrypt)(*kp->modep))) { - if (len == 0) - return; - kp->keylen = 0; - } else if (len == 0) { - /* - * Empty option, indicates a failure. - */ - if (kp->keylen == 0) - return; - kp->keylen = 0; - if (ep->keyid) - (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); - - } else if ((len != kp->keylen) || (memcmp(keyid,kp->keyid,len) != 0)) { - /* - * Length or contents are different - */ - kp->keylen = len; - memcpy(kp->keyid,keyid, len); - if (ep->keyid) - (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); - } else { - if (ep->keyid) - ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen); - if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt) - encrypt_start_output(*kp->modep); - return; - } - - encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0); -} - -void encrypt_enc_keyid(unsigned char *keyid, int len) -{ - encrypt_keyid(&ki[1], keyid, len); -} - -void encrypt_dec_keyid(unsigned char *keyid, int len) -{ - encrypt_keyid(&ki[0], keyid, len); -} - - -void encrypt_send_keyid(int dir, unsigned char *keyid, int keylen, int saveit) -{ - unsigned char *strp; - - str_keyid[3] = (dir == DIR_ENCRYPT) - ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID; - if (saveit) { - struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1]; - memcpy(kp->keyid,keyid, keylen); - kp->keylen = keylen; - } - - for (strp = &str_keyid[4]; keylen > 0; --keylen) { - if ((*strp++ = *keyid++) == IAC) - *strp++ = IAC; - } - *strp++ = IAC; - *strp++ = SE; - telnet_net_write(str_keyid, strp - str_keyid); - printsub('>', &str_keyid[2], strp - str_keyid - 2); -} - -void -encrypt_auto(int on) -{ - if (on < 0) - autoencrypt ^= 1; - else - autoencrypt = on ? 1 : 0; -} - -void -decrypt_auto(int on) -{ - if (on < 0) - autodecrypt ^= 1; - else - autodecrypt = on ? 1 : 0; -} - -void -encrypt_start_output(int type) -{ - Encryptions *ep; - unsigned char *p; - int i; - - if (!(ep = findencryption(type))) { - if (encrypt_debug_mode) { - printf(">>>%s: Can't encrypt with type %s (%d)\r\n", - Name, - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - } - return; - } - if (ep->start) { - i = (*ep->start)(DIR_ENCRYPT, Server); - if (encrypt_debug_mode) { - printf(">>>%s: Encrypt start: %s (%d) %s\r\n", - Name, - (i < 0) ? "failed" : - "initial negotiation in progress", - i, ENCTYPE_NAME(type)); - } - if (i) - return; - } - p = str_start + 3; - *p++ = ENCRYPT_START; - for (i = 0; i < ki[0].keylen; ++i) { - if ((*p++ = ki[0].keyid[i]) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - telnet_net_write(str_start, p - str_start); - net_encrypt(); - printsub('>', &str_start[2], p - &str_start[2]); - /* - * If we are already encrypting in some mode, then - * encrypt the ring (which includes our request) in - * the old mode, mark it all as "clear text" and then - * switch to the new mode. - */ - encrypt_output = ep->output; - encrypt_mode = type; - if (encrypt_debug_mode) - printf(">>>%s: Started to encrypt output with type %s\r\n", - Name, ENCTYPE_NAME(type)); - if (encrypt_verbose) - printf("[ Output is now encrypted with type %s ]\r\n", - ENCTYPE_NAME(type)); -} - -void -encrypt_send_end(void) -{ - if (!encrypt_output) - return; - - str_end[3] = ENCRYPT_END; - telnet_net_write(str_end, sizeof(str_end)); - net_encrypt(); - printsub('>', &str_end[2], sizeof(str_end) - 2); - /* - * Encrypt the output buffer now because it will not be done by - * netflush... - */ - encrypt_output = 0; - if (encrypt_debug_mode) - printf(">>>%s: Output is back to clear text\r\n", Name); - if (encrypt_verbose) - printf("[ Output is now clear text ]\r\n"); -} - -void -encrypt_send_request_start(void) -{ - unsigned char *p; - int i; - - p = &str_start[3]; - *p++ = ENCRYPT_REQSTART; - for (i = 0; i < ki[1].keylen; ++i) { - if ((*p++ = ki[1].keyid[i]) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - telnet_net_write(str_start, p - str_start); - printsub('>', &str_start[2], p - &str_start[2]); - if (encrypt_debug_mode) - printf(">>>%s: Request input to be encrypted\r\n", Name); -} - -void -encrypt_send_request_end(void) -{ - str_end[3] = ENCRYPT_REQEND; - telnet_net_write(str_end, sizeof(str_end)); - printsub('>', &str_end[2], sizeof(str_end) - 2); - - if (encrypt_debug_mode) - printf(">>>%s: Request input to be clear text\r\n", Name); -} - - -void encrypt_wait(void) -{ - if (encrypt_debug_mode) - printf(">>>%s: in encrypt_wait\r\n", Name); - if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt)) - return; - while (autoencrypt && !encrypt_output) - if (telnet_spin()) - return; -} - -int -encrypt_delay(void) -{ - if(!havesessionkey || - (I_SUPPORT_ENCRYPT & remote_supports_decrypt) == 0 || - (I_SUPPORT_DECRYPT & remote_supports_encrypt) == 0) - return 0; - if(!(encrypt_output && decrypt_input)) - return 1; - return 0; -} - -int encrypt_is_encrypting() -{ - if (encrypt_output && decrypt_input) - return 1; - return 0; -} - -void -encrypt_debug(int mode) -{ - encrypt_debug_mode = mode; -} - -void encrypt_gen_printsub(unsigned char *data, int cnt, - unsigned char *buf, int buflen) -{ - char tbuf[16], *cp; - - cnt -= 2; - data += 2; - buf[buflen-1] = '\0'; - buf[buflen-2] = '*'; - buflen -= 2; - for (; cnt > 0; cnt--, data++) { - snprintf(tbuf, sizeof(tbuf), " %d", *data); - for (cp = tbuf; *cp && buflen > 0; --buflen) - *buf++ = *cp++; - if (buflen <= 0) - return; - } - *buf = '\0'; -} - -void -encrypt_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) -{ - Encryptions *ep; - int type = data[1]; - - for (ep = encryptions; ep->type && ep->type != type; ep++) - ; - - if (ep->printsub) - (*ep->printsub)(data, cnt, buf, buflen); - else - encrypt_gen_printsub(data, cnt, buf, buflen); -} -#endif diff --git a/usr.bin/telnet/encrypt.h b/usr.bin/telnet/encrypt.h deleted file mode 100644 index 050d5373371..00000000000 --- a/usr.bin/telnet/encrypt.h +++ /dev/null @@ -1,105 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * from: @(#)encrypt.h 8.1 (Berkeley) 6/4/93 - * $OpenBSD: encrypt.h,v 1.1 2005/05/24 03:41:58 deraadt Exp $ - * $NetBSD: encrypt.h,v 1.4 1996/02/24 01:15:20 jtk Exp $ - */ - -/* - * This source code is no longer held under any constraint of USA - * `cryptographic laws' since it was exported legally. The cryptographic - * functions were removed from the code and a "Bones" distribution was - * made. A Commodity Jurisdiction Request #012-94 was filed with the - * USA State Department, who handed it to the Commerce department. The - * code was determined to fall under General License GTDA under ECCN 5D96G, - * and hence exportable. The cryptographic interfaces were re-added by Eric - * Young, and then KTH proceeded to maintain the code in the free world. - */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* $KTH: encrypt.h,v 1.4 1997/01/24 23:10:56 assar Exp $ */ - -#ifndef __ENCRYPT__ -#define __ENCRYPT__ - -#define DIR_DECRYPT 1 -#define DIR_ENCRYPT 2 - -#define VALIDKEY(key) ( key[0] | key[1] | key[2] | key[3] | \ - key[4] | key[5] | key[6] | key[7]) - -#define SAMEKEY(k1, k2) (!memcmp(k1, k2, sizeof(des_cblock))) - -typedef struct { - short type; - int length; - unsigned char *data; -} Session_Key; - -typedef struct { - char *name; - int type; - void (*output) (unsigned char *, int); - int (*input) (int); - void (*init) (int); - int (*start) (int, int); - int (*is) (unsigned char *, int); - int (*reply) (unsigned char *, int); - void (*session) (Session_Key *, int); - int (*keyid) (int, unsigned char *, int *); - void (*printsub) (unsigned char *, int, unsigned char *, int); -} Encryptions; - -#define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */ - -#include "enc-proto.h" - -extern int encrypt_debug_mode; -extern int (*decrypt_input) (int); -extern void (*encrypt_output) (unsigned char *, int); -#endif diff --git a/usr.bin/telnet/ext.h b/usr.bin/telnet/ext.h deleted file mode 100644 index a2ffa2b2d37..00000000000 --- a/usr.bin/telnet/ext.h +++ /dev/null @@ -1,201 +0,0 @@ -/* - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)ext.h 8.2 (Berkeley) 12/15/93 - */ - -/* $KTH: ext.h,v 1.22 2001/04/24 23:12:11 assar Exp $ */ - -#ifndef __EXT_H__ -#define __EXT_H__ - -#include <arpa/telnet.h> - -/* - * Telnet server variable declarations - */ -extern char options[256]; -extern char do_dont_resp[256]; -extern char will_wont_resp[256]; -extern int flowmode; /* current flow control state */ -extern int restartany; /* restart output on any character state */ -#ifdef DIAGNOSTICS -extern int diagnostic; /* telnet diagnostic capabilities */ -#endif /* DIAGNOSTICS */ -extern int require_otp; -#ifdef AUTHENTICATION -extern int auth_level; -#endif -extern char *new_login; - -extern slcfun slctab[NSLC + 1]; /* slc mapping table */ - -extern char terminaltype[41]; - -/* - * I/O data buffers, pointers, and counters. - */ -extern char ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp; - -extern char netibuf[BUFSIZ], *netip; - -extern char netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp; -extern char *neturg; /* one past last bye of urgent data */ - -extern int pcc, ncc; - -extern int ourpty, net; -extern char *line; -extern int SYNCHing; /* we are in TELNET SYNCH mode */ - -int telnet_net_write (unsigned char *str, int len); -void net_encrypt (void); -int telnet_spin (void); -char *telnet_getenv (const char *val); -char *telnet_gets (char *prompt, char *result, int length, int echo); -void get_slc_defaults (void); -void telrcv (void); -void send_do (int option, int init); -void willoption (int option); -void send_dont (int option, int init); -void wontoption (int option); -void send_will (int option, int init); -void dooption (int option); -void send_wont (int option, int init); -void dontoption (int option); -void suboption (void); -void doclientstat (void); -void send_status (void); -void init_termbuf (void); -void set_termbuf (void); -int spcset (int func, cc_t *valp, cc_t **valpp); -void set_utid (void); -int getpty (int *ptynum); -int tty_isecho (void); -int tty_flowmode (void); -int tty_restartany (void); -void tty_setecho (int on); -int tty_israw (void); -void tty_binaryin (int on); -void tty_binaryout (int on); -int tty_isbinaryin (void); -int tty_isbinaryout (void); -int tty_issofttab (void); -void tty_setsofttab (int on); -int tty_islitecho (void); -void tty_setlitecho (int on); -int tty_iscrnl (void); -void tty_tspeed (int val); -void tty_rspeed (int val); -void getptyslave (void); -int cleanopen (char *line); -void startslave (const char *host, const char *, int autologin, char *autoname); -void init_env (void); -void start_login (const char *host, int autologin, char *name); -void cleanup (int sig); -int main (int argc, char **argv); -int getterminaltype (char *name, size_t); -void _gettermname (void); -int terminaltypeok (char *s); -void my_telnet (int f, int p, const char*, const char *, int, char*); -void interrupt (void); -void sendbrk (void); -void sendsusp (void); -void recv_ayt (void); -void doeof (void); -void flowstat (void); -void clientstat (int code, int parm1, int parm2); -int ttloop (void); -int stilloob (int s); -void ptyflush (void); -char *nextitem (char *current); -void netclear (void); -void netflush (void); -void writenet (unsigned char *ptr, int len); -void fatal (int f, char *msg); -void fatalperror (int f, const char *msg); -void fatalperror_errno (int f, const char *msg, int error); -void edithost (char *pat, char *host); -void putstr (char *s); -void putchr (int cc); -void putf (char *cp, char *where); -void printoption (char *fmt, int option); -void printsub (int direction, unsigned char *pointer, int length); -void printdata (char *tag, char *ptr, int cnt); -int login_tty(int t); - -#ifdef ENCRYPTION -extern void (*encrypt_output) (unsigned char *, int); -extern int (*decrypt_input) (int); -extern char *nclearto; -#endif - - -/* - * The following are some clocks used to decide how to interpret - * the relationship between various variables. - */ - -struct clocks_t{ - int - system, /* what the current time is */ - echotoggle, /* last time user entered echo character */ - modenegotiated, /* last time operating mode negotiated */ - didnetreceive, /* last time we read data from network */ - ttypesubopt, /* ttype subopt is received */ - tspeedsubopt, /* tspeed subopt is received */ - environsubopt, /* environ subopt is received */ - oenvironsubopt, /* old environ subopt is received */ - xdisplocsubopt, /* xdisploc subopt is received */ - baseline, /* time started to do timed action */ - gotDM; /* when did we last see a data mark */ -}; -extern struct clocks_t clocks; - -extern int log_unauth; -extern int no_warn; - -#ifdef STREAMSPTY -extern int really_stream; -#endif - -#ifndef USE_IM -# ifdef CRAY -# define USE_IM "Cray UNICOS (%h) (%t)" -# endif -# ifdef _AIX -# define USE_IM "%s %v.%r (%h) (%t)" -# endif -# ifndef USE_IM -# define USE_IM "%s %r (%h) (%t)" -# endif -#endif - -#define DEFAULT_IM "\r\n\r\n" USE_IM "\r\n\r\n\r\n" - -#endif /* __EXT_H__ */ diff --git a/usr.bin/telnet/externs.h b/usr.bin/telnet/externs.h index 80b809978bb..13ef32685eb 100644 --- a/usr.bin/telnet/externs.h +++ b/usr.bin/telnet/externs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: externs.h,v 1.17 2013/10/26 21:33:29 sthen Exp $ */ +/* $OpenBSD: externs.h,v 1.18 2014/07/19 23:50:38 guenther Exp $ */ /* $KTH: externs.h,v 1.16 1997/11/29 02:28:35 joda Exp $ */ /* @@ -32,21 +32,6 @@ * @(#)externs.h 8.3 (Berkeley) 5/30/95 */ -#ifndef BSD -# define BSD 43 -#endif - -#ifndef _POSIX_VDISABLE -# ifdef sun -# include <sys/param.h> /* pick up VDISABLE definition, mayby */ -# endif -# ifdef VDISABLE -# define _POSIX_VDISABLE VDISABLE -# else -# define _POSIX_VDISABLE ((cc_t)'\377') -# endif -#endif - #define SUBBUFSIZE 256 extern int @@ -59,7 +44,6 @@ extern int connected, /* Are we connected to the other side? */ globalmode, /* Mode tty should be in */ telnetport, /* Are we connected to the telnet port? */ - In3270, /* Are we in 3270 mode? */ localflow, /* Flow control handled locally */ restartany, /* If flow control, restart output on any character */ localchars, /* we recognize interrupt/quit */ @@ -78,10 +62,6 @@ extern int crmod, netdata, /* Print out network data flow */ prettydump, /* Print "netdata" output in user readable format */ -#if defined(TN3270) - cursesdata, /* Print out curses data flow */ - apitrace, /* Trace API transactions */ -#endif /* defined(TN3270) */ termdata, /* Print out terminal data flow */ debug; /* Debug level */ @@ -103,10 +83,6 @@ extern char wont[], options[], /* All the little options */ *hostname; /* Who are we connected to? */ -#if defined(ENCRYPTION) -extern void (*encrypt_output) (unsigned char *, int); -extern int (*decrypt_input) (int); -#endif extern int rtableid; /* routing table to use */ @@ -184,17 +160,6 @@ extern jmp_buf peerdied, toplevel; /* For error conditions. */ -/* authenc.c */ - -#if defined(AUTHENTICATION) || defined(ENCRYPTION) -int net_write(unsigned char *str, int len); -void net_encrypt(void); -int telnet_spin(void); -char *telnet_getenv(const char *val); -char *telnet_gets(char *prompt, char *result, int length, int echo); -int Scheduler(int block); -#endif - /* commands.c */ struct env_lst *env_define (unsigned char *, unsigned char *); @@ -211,25 +176,6 @@ unsigned char * env_getvalue(unsigned char *var, int exported_only); void set_escape_char(char *s); unsigned long sourceroute(char *arg, char **cpp, int *lenp); -#if defined(AUTHENTICATION) -int auth_enable (char *); -int auth_disable (char *); -int auth_status (void); -#endif - -#if defined(ENCRYPTION) -int EncryptEnable (char *, char *); -int EncryptDisable (char *, char *); -int EncryptType (char *, char *); -int EncryptStart (char *); -int EncryptStartInput (void); -int EncryptStartOutput (void); -int EncryptStop (char *); -int EncryptStopInput (void); -int EncryptStopOutput (void); -int EncryptStatus (void); -#endif - #ifdef SIGINFO void ayt_status(void); #endif @@ -290,7 +236,6 @@ void xmitEC(void); void Dump (char, unsigned char *, int); void printoption (char *, int, int); -void printsub (int, unsigned char *, int); void sendnaws (void); void setconnmode (int); void setcommandmode (void); @@ -347,6 +292,12 @@ cc_t *tcval (int); int quit (void); +/* genget.c */ + +char **genget(char *name, char **table, int stlen); +int isprefix(char *s1, char *s2); +int Ambiguous(void *s); + /* terminal.c */ void init_terminal(void); @@ -355,7 +306,6 @@ int getconnmode(void); /* utilities.c */ -int SetSockOpt(int fd, int level, int option, int yesno); void SetNetTrace(char *file); void Dump(char direction, unsigned char *buffer, int length); void printoption(char *direction, int cmd, int option); @@ -435,27 +385,3 @@ extern Ring netiring, ttyoring, ttyiring; - -/* Tn3270 section */ -#if defined(TN3270) - -extern int - HaveInput, /* Whether an asynchronous I/O indication came in */ - noasynchtty, /* Don't do signals on I/O (SIGURG, SIGIO) */ - noasynchnet, /* Don't do signals on I/O (SIGURG, SIGIO) */ - sigiocount, /* Count of SIGIO receptions */ - shell_active; /* Subshell is active */ - -extern char - *Ibackp, /* Oldest byte of 3270 data */ - Ibuf[], /* 3270 buffer */ - *Ifrontp, /* Where next 3270 byte goes */ - tline[200], - *transcom; /* Transparent command */ - -extern int - settranscom(int, char**); - -extern void - inputAvailable(int); -#endif /* defined(TN3270) */ diff --git a/usr.bin/telnet/genget.c b/usr.bin/telnet/genget.c index 6a04d249a8b..10ba23531b0 100644 --- a/usr.bin/telnet/genget.c +++ b/usr.bin/telnet/genget.c @@ -1,4 +1,4 @@ -/* $OpenBSD: genget.c,v 1.2 2009/10/27 23:59:44 deraadt Exp $ */ +/* $OpenBSD: genget.c,v 1.3 2014/07/19 23:50:38 guenther Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -32,7 +32,7 @@ /* $KTH: genget.c,v 1.6 1997/05/04 09:01:34 assar Exp $ */ #include <ctype.h> -#include "misc-proto.h" +#include "telnet_locl.h" #define LOWER(x) (isupper((int)x) ? tolower((int)x) : (x)) /* diff --git a/usr.bin/telnet/getent.c b/usr.bin/telnet/getent.c deleted file mode 100644 index 60ed439a3ac..00000000000 --- a/usr.bin/telnet/getent.c +++ /dev/null @@ -1,67 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <stdlib.h> -#include "misc-proto.h" - -static char *area; - -int gtgetent(char *, char *); -char *gtgetstr(char *, char **); - -/*ARGSUSED*/ -int -gtgetent(cp, name) -char *cp, *name; -{ -#ifdef HAS_CGETENT - char *dba[2]; - - dba[0] = "/etc/gettytab"; - dba[1] = 0; - return((cgetent(&area, dba, name) == 0) ? 1 : 0); -#else - return(0); -#endif -} - -#ifndef SOLARIS -/*ARGSUSED*/ -char * -gtgetstr(id, cpp) -char *id, **cpp; -{ -# ifdef HAS_CGETENT - char *answer; - return((cgetstr(area, id, &answer) > 0) ? answer : 0); -# else - return(0); -# endif -} -#endif diff --git a/usr.bin/telnet/kerberos5.c b/usr.bin/telnet/kerberos5.c deleted file mode 100644 index 8dd7a59c431..00000000000 --- a/usr.bin/telnet/kerberos5.c +++ /dev/null @@ -1,949 +0,0 @@ -/* $OpenBSD: kerberos5.c,v 1.2 2013/06/21 13:35:26 ajacoutot Exp $ */ - -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * This source code is no longer held under any constraint of USA - * `cryptographic laws' since it was exported legally. The cryptographic - * functions were removed from the code and a "Bones" distribution was - * made. A Commodity Jurisdiction Request #012-94 was filed with the - * USA State Department, who handed it to the Commerce department. The - * code was determined to fall under General License GTDA under ECCN 5D96G, - * and hence exportable. The cryptographic interfaces were re-added by Eric - * Young, and then KTH proceeded to maintain the code in the free world. - * - */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* $KTH: kerberos5.c,v 1.47 2001/01/09 18:45:33 assar Exp $ */ - -#ifdef KRB5 - -#include <arpa/telnet.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <netdb.h> -#include <ctype.h> -#include <pwd.h> -#include <errno.h> -#define Authenticator k5_Authenticator -#include <kerberosV/krb5.h> -#undef Authenticator -#include <err.h> - -#include "encrypt.h" -#include "auth.h" -#include "misc.h" - -#if defined(DCE) -int dfsk5ok = 0; -int dfspag = 0; -int dfsfwd = 0; -#endif - -int forward_flags = 0; /* Flags get set in telnet/main.c on -f and -F */ - -int forward(int); -int forwardable(int); - -/* These values need to be the same as those defined in telnet/main.c. */ -/* Either define them in both places, or put in some common header file. */ -#define OPTS_FORWARD_CREDS 0x00000002 -#define OPTS_FORWARDABLE_CREDS 0x00000001 - - -void kerberos5_forward (Authenticator *); - -static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, - AUTHTYPE_KERBEROS_V5, }; - -#define KRB_AUTH 0 /* Authentication data follows */ -#define KRB_REJECT 1 /* Rejected (reason might follow) */ -#define KRB_ACCEPT 2 /* Accepted */ -#define KRB_RESPONSE 3 /* Response for mutual auth. */ - -#define KRB_FORWARD 4 /* Forwarded credentials follow */ -#define KRB_FORWARD_ACCEPT 5 /* Forwarded credentials accepted */ -#define KRB_FORWARD_REJECT 6 /* Forwarded credentials rejected */ - -static krb5_data auth; -static krb5_ticket *ticket; - -static krb5_context context; -static krb5_auth_context auth_context; - -int -check_krb5_tickets() -{ - krb5_error_code ret; - krb5_context context; - krb5_ccache ccache; - krb5_principal principal; - int retval = 1; - - ret = krb5_init_context(&context); - if(ret) - errx(1, "krb5_init_context failt: %d", ret); - - ret = krb5_cc_default(context, &ccache); - if(ret) - errx(1, "krb5_cc_default: %d", ret); - - ret = krb5_cc_get_principal (context, ccache, &principal); - switch(ret) { - case ENOENT: - retval = 0; - goto done; - case 0: - retval = 1; - goto done; - default: - errx(1, "krb5_cc_get_principal: %d", ret); - break; - } - - done: - krb5_free_context(context); - return retval; -} - -static int -Data(Authenticator *ap, int type, void *d, int c) -{ - unsigned char *p = str_data + 4; - unsigned char *cd = (unsigned char *)d; - - if (c == -1) - c = strlen(cd); - - if (auth_debug_mode) { - printf("%s:%d: [%d] (%d)", - str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", - str_data[3], - type, c); - printd(d, c); - printf("\r\n"); - } - *p++ = ap->type; - *p++ = ap->way; - *p++ = type; - while (c-- > 0) { - if ((*p++ = *cd++) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - if (str_data[3] == TELQUAL_IS) - printsub('>', &str_data[2], p - &str_data[2]); - return(telnet_net_write(str_data, p - str_data)); -} - -int -kerberos5_init(Authenticator *ap, int server) -{ - krb5_error_code ret; - - ret = krb5_init_context(&context); - if (ret) - return 0; - if (server) { - krb5_keytab kt; - krb5_kt_cursor cursor; - - ret = krb5_kt_default(context, &kt); - if (ret) - return 0; - - ret = krb5_kt_start_seq_get (context, kt, &cursor); - if (ret) { - krb5_kt_close (context, kt); - return 0; - } - krb5_kt_end_seq_get (context, kt, &cursor); - krb5_kt_close (context, kt); - - str_data[3] = TELQUAL_REPLY; - } else - str_data[3] = TELQUAL_IS; - return(1); -} - -extern int net; -static int -kerberos5_send(char *name, Authenticator *ap) -{ - krb5_error_code ret; - krb5_ccache ccache; - int ap_opts; - krb5_data cksum_data; - char foo[2]; - const char *s; - - if(check_krb5_tickets() != 1) - return 0; - - if (!UserNameRequested) { - if (auth_debug_mode) { - printf("Kerberos V5: no user name supplied\r\n"); - } - return(0); - } - - ret = krb5_cc_default(context, &ccache); - if (ret) { - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf("Kerberos V5: could not get default ccache: %s\r\n", s); - krb5_free_error_message(context, s); - } - return 0; - } - - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) - ap_opts = AP_OPTS_MUTUAL_REQUIRED; - else - ap_opts = 0; - - ap_opts |= AP_OPTS_USE_SUBKEY; - - ret = krb5_auth_con_init (context, &auth_context); - if (ret) { - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", s); - krb5_free_error_message(context, s); - } - return(0); - } - - ret = krb5_auth_con_setaddrs_from_fd (context, - auth_context, - &net); - if (ret) { - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf ("Kerberos V5:" - " krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", s); - krb5_free_error_message(context, s); - } - return(0); - } - - krb5_auth_con_setkeytype (context, auth_context, KEYTYPE_DES); - - foo[0] = ap->type; - foo[1] = ap->way; - - cksum_data.length = sizeof(foo); - cksum_data.data = foo; - - - { - krb5_principal service; - char sname[128]; - - - ret = krb5_sname_to_principal (context, - RemoteHostName, - NULL, - KRB5_NT_SRV_HST, - &service); - if(ret) { - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf ("Kerberos V5:" - " krb5_sname_to_principal(%s) failed (%s)\r\n", RemoteHostName, s); - krb5_free_error_message(context, s); - } - return 0; - } - ret = krb5_unparse_name_fixed(context, service, sname, sizeof(sname)); - if(ret) { - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf ("Kerberos V5:" - " krb5_unparse_name_fixed failed (%s)\r\n", s); - krb5_free_error_message(context, s); - } - return 0; - } - printf("[ Trying %s (%s)... ]\r\n", name, sname); - ret = krb5_mk_req_exact(context, &auth_context, ap_opts, - service, - &cksum_data, ccache, &auth); - krb5_free_principal (context, service); - - } - if (ret) { - if (1 || auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf("Kerberos V5: mk_req failed (%s)\r\n", s); - krb5_free_error_message(context, s); - } - return(0); - } - - if (!auth_sendname((unsigned char *)UserNameRequested, - strlen(UserNameRequested))) { - if (auth_debug_mode) - printf("Not enough room for user name\r\n"); - return(0); - } - if (!Data(ap, KRB_AUTH, auth.data, auth.length)) { - if (auth_debug_mode) - printf("Not enough room for authentication data\r\n"); - return(0); - } - if (auth_debug_mode) { - printf("Sent Kerberos V5 credentials to server\r\n"); - } - return(1); -} - -int -kerberos5_send_mutual(Authenticator *ap) -{ - return kerberos5_send("mutual KERBEROS5", ap); -} - -int -kerberos5_send_oneway(Authenticator *ap) -{ - return kerberos5_send("KERBEROS5", ap); -} - -void -kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) -{ - krb5_error_code ret; - krb5_data outbuf; - krb5_keyblock *key_block; - char *name; - krb5_principal server; - int zero = 0; - const char *s; - - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_AUTH: - auth.data = (char *)data; - auth.length = cnt; - - auth_context = NULL; - - ret = krb5_auth_con_init (context, &auth_context); - if (ret) { - Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1); - auth_finished(ap, AUTH_REJECT); - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", s); - krb5_free_error_message(context, s); - } - return; - } - - ret = krb5_auth_con_setaddrs_from_fd (context, - auth_context, - &zero); - if (ret) { - Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1); - auth_finished(ap, AUTH_REJECT); - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf("Kerberos V5: " - "krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", s); - krb5_free_error_message(context, s); - } - return; - } - - ret = krb5_sock_to_principal (context, - 0, - "host", - KRB5_NT_SRV_HST, - &server); - if (ret) { - Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1); - auth_finished(ap, AUTH_REJECT); - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf("Kerberos V5: " - "krb5_sock_to_principal failed (%s)\r\n", s); - krb5_free_error_message(context, s); - } - return; - } - - ret = krb5_rd_req(context, - &auth_context, - &auth, - server, - NULL, - NULL, - &ticket); - - krb5_free_principal (context, server); - if (ret) { - char *errbuf; - s = krb5_get_error_message(context, ret); - - asprintf(&errbuf, - "Read req failed: %s", s); - krb5_free_error_message(context, s); - Data(ap, KRB_REJECT, errbuf, -1); - if (auth_debug_mode) - printf("%s\r\n", errbuf); - free (errbuf); - return; - } - - { - char foo[2]; - - foo[0] = ap->type; - foo[1] = ap->way; - - ret = krb5_verify_authenticator_checksum(context, - auth_context, - foo, - sizeof(foo)); - - if (ret) { - char *errbuf; - s = krb5_get_error_message(context, ret); - asprintf(&errbuf, "Bad checksum: %s", s); - krb5_free_error_message(context, s); - Data(ap, KRB_REJECT, errbuf, -1); - if (auth_debug_mode) - printf ("%s\r\n", errbuf); - free(errbuf); - return; - } - } - ret = krb5_auth_con_getremotesubkey (context, - auth_context, - &key_block); - - if (ret) { - Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1); - auth_finished(ap, AUTH_REJECT); - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf("Kerberos V5: " - "krb5_auth_con_getremotesubkey failed (%s)\r\n", s); - krb5_free_error_message(context, s); - } - return; - } - - if (key_block == NULL) { - ret = krb5_auth_con_getkey(context, - auth_context, - &key_block); - } - if (ret) { - Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1); - auth_finished(ap, AUTH_REJECT); - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf("Kerberos V5: " - "krb5_auth_con_getkey failed (%s)\r\n", s); - krb5_free_error_message(context, s); - } - return; - } - if (key_block == NULL) { - Data(ap, KRB_REJECT, "no subkey received", -1); - auth_finished(ap, AUTH_REJECT); - if (auth_debug_mode) - printf("Kerberos V5: " - "krb5_auth_con_getremotesubkey returned NULL key\r\n"); - return; - } - - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - ret = krb5_mk_rep(context, auth_context, &outbuf); - if (ret) { - Data(ap, KRB_REJECT, - "krb5_mk_rep failed", -1); - auth_finished(ap, AUTH_REJECT); - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf("Kerberos V5: " - "krb5_mk_rep failed (%s)\r\n", s); - krb5_free_error_message(context, s); - } - return; - } - Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length); - } - if (krb5_unparse_name(context, ticket->client, &name)) - name = 0; - - if(UserNameRequested && krb5_kuserok(context, - ticket->client, - UserNameRequested)) { - Data(ap, KRB_ACCEPT, name, name ? -1 : 0); - if (auth_debug_mode) { - printf("Kerberos5 identifies him as ``%s''\r\n", - name ? name : ""); - } - - if(key_block->keytype == ETYPE_DES_CBC_MD5 || - key_block->keytype == ETYPE_DES_CBC_MD4 || - key_block->keytype == ETYPE_DES_CBC_CRC) { - Session_Key skey; - - skey.type = SK_DES; - skey.length = 8; - skey.data = key_block->keyvalue.data; - encrypt_session_key(&skey, 0); - } - - } else { - char *msg; - - asprintf (&msg, "user `%s' is not authorized to " - "login as `%s'", - name ? name : "<unknown>", - UserNameRequested ? UserNameRequested : "<nobody>"); - if (msg == NULL) - Data(ap, KRB_REJECT, NULL, 0); - else { - Data(ap, KRB_REJECT, (void *)msg, -1); - free(msg); - } - auth_finished (ap, AUTH_REJECT); - krb5_free_keyblock_contents(context, key_block); - break; - } - auth_finished(ap, AUTH_USER); - krb5_free_keyblock_contents(context, key_block); - - break; - case KRB_FORWARD: { - struct passwd *pwd; - char ccname[1024]; /* XXX */ - krb5_data inbuf; - krb5_ccache ccache; - inbuf.data = (char *)data; - inbuf.length = cnt; - - pwd = getpwnam (UserNameRequested); - if (pwd == NULL) - break; - - snprintf (ccname, sizeof(ccname), - "FILE:/tmp/krb5cc_%u", pwd->pw_uid); - - ret = krb5_cc_resolve (context, ccname, &ccache); - if (ret) { - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf ("Kerberos V5: could not get ccache: %s\r\n", s); - krb5_free_error_message(context, s); - } - break; - } - - ret = krb5_cc_initialize (context, - ccache, - ticket->client); - if (ret) { - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf ("Kerberos V5: could not init ccache: %s\r\n", s); - krb5_free_error_message(context, s); - } - break; - } - -#if defined(DCE) - esetenv("KRB5CCNAME", ccname, 1); -#endif - ret = krb5_rd_cred2 (context, - auth_context, - ccache, - &inbuf); - if(ret) { - char *errbuf; - s = krb5_get_error_message(context, ret); - - asprintf (&errbuf, - "Read forwarded creds failed: %s", s); - krb5_free_error_message(context, s); - if(errbuf == NULL) - Data(ap, KRB_FORWARD_REJECT, NULL, 0); - else - Data(ap, KRB_FORWARD_REJECT, errbuf, -1); - if (auth_debug_mode) - printf("Could not read forwarded credentials: %s\r\n", - errbuf); - free (errbuf); - } else { - Data(ap, KRB_FORWARD_ACCEPT, 0, 0); -#if defined(DCE) - dfsfwd = 1; -#endif - } - chown (ccname + 5, pwd->pw_uid, -1); - if (auth_debug_mode) - printf("Forwarded credentials obtained\r\n"); - break; - } - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - Data(ap, KRB_REJECT, 0, 0); - break; - } -} - -void -kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) -{ - static int mutual_complete = 0; - const char *s; - - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_REJECT: - if (cnt > 0) { - printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n", - cnt, data); - } else - printf("[ Kerberos V5 refuses authentication ]\r\n"); - auth_send_retry(); - return; - case KRB_ACCEPT: { - krb5_error_code ret; - Session_Key skey; - krb5_keyblock *keyblock; - - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL && - !mutual_complete) { - printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n"); - auth_send_retry(); - return; - } - if (cnt) - printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data); - else - printf("[ Kerberos V5 accepts you ]\r\n"); - - ret = krb5_auth_con_getlocalsubkey (context, - auth_context, - &keyblock); - if (ret) - ret = krb5_auth_con_getkey (context, - auth_context, - &keyblock); - if(ret) { - s = krb5_get_error_message(context, ret); - printf("[ krb5_auth_con_getkey: %s ]\r\n", s); - krb5_free_error_message(context, s); - auth_send_retry(); - return; - } - - skey.type = SK_DES; - skey.length = 8; - skey.data = keyblock->keyvalue.data; - encrypt_session_key(&skey, 0); - krb5_free_keyblock_contents (context, keyblock); - auth_finished(ap, AUTH_USER); - if (forward_flags & OPTS_FORWARD_CREDS) - kerberos5_forward(ap); - break; - } - case KRB_RESPONSE: - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - /* the rest of the reply should contain a krb_ap_rep */ - krb5_ap_rep_enc_part *reply; - krb5_data inbuf; - krb5_error_code ret; - - inbuf.length = cnt; - inbuf.data = (char *)data; - - ret = krb5_rd_rep(context, auth_context, &inbuf, &reply); - if (ret) { - s = krb5_get_error_message(context, ret); - printf("[ Mutual authentication failed: %s ]\r\n", s); - krb5_free_error_message(context, s); - auth_send_retry(); - return; - } - krb5_free_ap_rep_enc_part(context, reply); - mutual_complete = 1; - } - return; - case KRB_FORWARD_ACCEPT: - printf("[ Kerberos V5 accepted forwarded credentials ]\r\n"); - return; - case KRB_FORWARD_REJECT: - printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n", - cnt, data); - return; - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - return; - } -} - -int -kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level) -{ - if (level < AUTH_USER) - return(level); - - if (UserNameRequested && - krb5_kuserok(context, - ticket->client, - UserNameRequested)) - { - strlcpy(name, UserNameRequested, name_sz); -#if defined(DCE) - dfsk5ok = 1; -#endif - return(AUTH_VALID); - } else - return(AUTH_USER); -} - -#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} -#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} - -void -kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) -{ - int i; - - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ - buflen -= 1; - - switch(data[3]) { - case KRB_REJECT: /* Rejected (reason might follow) */ - strlcpy((char *)buf, " REJECT ", buflen); - goto common; - - case KRB_ACCEPT: /* Accepted (name might follow) */ - strlcpy((char *)buf, " ACCEPT ", buflen); - common: - BUMP(buf, buflen); - if (cnt <= 4) - break; - ADDC(buf, buflen, '"'); - for (i = 4; i < cnt; i++) - ADDC(buf, buflen, data[i]); - ADDC(buf, buflen, '"'); - ADDC(buf, buflen, '\0'); - break; - - - case KRB_AUTH: /* Authentication data follows */ - strlcpy((char *)buf, " AUTH", buflen); - goto common2; - - case KRB_RESPONSE: - strlcpy((char *)buf, " RESPONSE", buflen); - goto common2; - - case KRB_FORWARD: /* Forwarded credentials follow */ - strlcpy((char *)buf, " FORWARD", buflen); - goto common2; - - case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */ - strlcpy((char *)buf, " FORWARD_ACCEPT", buflen); - goto common2; - - case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */ - /* (reason might follow) */ - strlcpy((char *)buf, " FORWARD_REJECT", buflen); - goto common2; - - default: - snprintf(buf, buflen, " %d (unknown)", data[3]); - common2: - BUMP(buf, buflen); - for (i = 4; i < cnt; i++) { - snprintf(buf, buflen, " %d", data[i]); - BUMP(buf, buflen); - } - break; - } -} - -void -kerberos5_forward(Authenticator *ap) -{ - krb5_error_code ret; - krb5_ccache ccache; - krb5_creds creds; - krb5_kdc_flags flags; - krb5_data out_data; - krb5_principal principal; - const char *s; - - ret = krb5_cc_default (context, &ccache); - if (ret) { - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf ("KerberosV5: could not get default ccache: %s\r\n", s); - krb5_free_error_message(context, s); - } - return; - } - - ret = krb5_cc_get_principal (context, ccache, &principal); - if (ret) { - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf ("KerberosV5: could not get principal: %s\r\n", s); - krb5_free_error_message(context, s); - } - return; - } - - memset (&creds, 0, sizeof(creds)); - - creds.client = principal; - - ret = krb5_build_principal (context, - &creds.server, - strlen(principal->realm), - principal->realm, - "krbtgt", - principal->realm, - NULL); - - if (ret) { - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf ("KerberosV5: could not get principal: %s\r\n", s); - krb5_free_error_message(context, s); - } - return; - } - - creds.times.endtime = 0; - - flags.i = 0; - flags.b.forwarded = 1; - if (forward_flags & OPTS_FORWARDABLE_CREDS) - flags.b.forwardable = 1; - - ret = krb5_get_forwarded_creds (context, - auth_context, - ccache, - flags.i, - RemoteHostName, - &creds, - &out_data); - if (ret) { - if (auth_debug_mode) { - s = krb5_get_error_message(context, ret); - printf ("Kerberos V5: error getting forwarded creds: %s\r\n", s); - krb5_free_error_message(context, s); - } - return; - } - - if(!Data(ap, KRB_FORWARD, out_data.data, out_data.length)) { - if (auth_debug_mode) - printf("Not enough room for authentication data\r\n"); - } else { - if (auth_debug_mode) - printf("Forwarded local Kerberos V5 credentials to server\r\n"); - } -} - -#if defined(DCE) -/* if this was a K5 authentication try and join a PAG for the user. */ -void -kerberos5_dfspag(void) -{ - if (dfsk5ok) { - dfspag = krb5_dfs_pag(context, dfsfwd, ticket->client, - UserNameRequested); - } -} -#endif - -int -kerberos5_set_forward(int on) -{ - if(on == 0) - forward_flags &= ~OPTS_FORWARD_CREDS; - if(on == 1) - forward_flags |= OPTS_FORWARD_CREDS; - if(on == -1) - forward_flags ^= OPTS_FORWARD_CREDS; - return 0; -} - -int -kerberos5_set_forwardable(int on) -{ - if(on == 0) - forward_flags &= ~OPTS_FORWARDABLE_CREDS; - if(on == 1) - forward_flags |= OPTS_FORWARDABLE_CREDS; - if(on == -1) - forward_flags ^= OPTS_FORWARDABLE_CREDS; - return 0; -} - -#endif /* KRB5 */ diff --git a/usr.bin/telnet/main.c b/usr.bin/telnet/main.c index 00a86a657e6..d1ba1145b24 100644 --- a/usr.bin/telnet/main.c +++ b/usr.bin/telnet/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.22 2013/10/26 21:33:29 sthen Exp $ */ +/* $OpenBSD: main.c,v 1.23 2014/07/19 23:50:38 guenther Exp $ */ /* $NetBSD: main.c,v 1.5 1996/02/28 21:04:05 thorpej Exp $ */ /* @@ -37,22 +37,6 @@ #define OPTS_FORWARD_CREDS 0x00000002 #define OPTS_FORWARDABLE_CREDS 0x00000001 -#ifdef KRB5 -#define FORWARD -/* XXX ugly hack to setup dns-proxy stuff */ -#define Authenticator asn1_Authenticator -#include <kerberosV/krb5.h> -#endif - -#ifdef KRB4 -#include <kerberosIV/krb.h> -#endif - -#ifdef FORWARD -int forward_flags; -static int default_forward=0; -#endif - int family = AF_UNSPEC; int rtableid = -1; @@ -69,10 +53,6 @@ tninit() init_telnet(); init_sys(); - -#if defined(TN3270) - init_3270(); -#endif } void @@ -81,57 +61,14 @@ usage() extern char *__progname; (void)fprintf(stderr, -#if defined(TN3270) - "usage: %s [-d] [-n filename] [-t commandname] [sysname [port]]\n", -# else - "usage: %s [-468acdEFfKLrx] [-b hostalias] [-e escapechar] " - "[-k realm]\n" - "\t[-l user] [-n tracefile] [-V rtable] [-X authtype] " - "[host [port]]\n", -#endif + "usage: %s [-4678acDdEKLr] [-b hostalias] [-e escapechar] " + "[-l user]\n" + "\t[-n tracefile] [-V rtable] [host [port]]\n", __progname); exit(1); } - -#ifdef KRB5 -static void -krb5_init(void) -{ - krb5_context context; - krb5_error_code ret; - - ret = krb5_init_context(&context); - if (ret) - return; - -#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) - if (krb5_config_get_bool (context, NULL, - "libdefaults", "forward", NULL)) { - forward_flags |= OPTS_FORWARD_CREDS; - default_forward=1; - } - if (krb5_config_get_bool (context, NULL, - "libdefaults", "forwardable", NULL)) { - forward_flags |= OPTS_FORWARDABLE_CREDS; - default_forward=1; - } -#endif -#ifdef ENCRYPTION - if (krb5_config_get_bool (context, NULL, - "libdefaults", "encrypt", NULL)) { - encrypt_auto(1); - decrypt_auto(1); - wantencryption = 1; - EncryptVerbose(1); - } -#endif - - krb5_free_context(context); -} -#endif - /* * main. Parse arguments, invoke the protocol or command parser. */ @@ -146,13 +83,6 @@ main(argc, argv) int ch; char *user, *alias; const char *errstr; -#ifdef FORWARD - extern int forward_flags; -#endif /* FORWARD */ - -#ifdef KRB5 - krb5_init(); -#endif tninit(); /* Clear out things */ @@ -167,14 +97,9 @@ main(argc, argv) rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE; - /* - * if AUTHENTICATION and ENCRYPTION is set autologin will be - * set to true after the getopt switch; unless the -K option is - * passed - */ autologin = -1; - while ((ch = getopt(argc, argv, "4678DEKLS:X:ab:cde:fFk:l:n:rt:V:x")) + while ((ch = getopt(argc, argv, "4678ab:cDdEe:KLl:n:rV:")) != -1) { switch(ch) { case '4': @@ -183,11 +108,20 @@ main(argc, argv) case '6': family = AF_INET6; break; + case '7': + eight = 0; + break; case '8': eight = 3; /* binary output and input */ break; - case '7': - eight = 0; + case 'a': + autologin = 1; + break; + case 'b': + alias = optarg; + break; + case 'c': + skiprc = 1; break; case 'D': { /* sometimes we don't want a mangled display */ @@ -196,135 +130,31 @@ main(argc, argv) env_define("DISPLAY", (unsigned char*)p); break; } - + case 'd': + debug = 1; + break; case 'E': rlogin = escape = _POSIX_VDISABLE; break; + case 'e': + set_escape_char(optarg); + break; case 'K': -#ifdef AUTHENTICATION autologin = 0; -#endif break; case 'L': eight |= 2; /* binary output only */ break; - case 'S': - { -#ifdef HAS_GETTOS - extern int tos; - - if ((tos = parsetos(optarg, "tcp")) < 0) - fprintf(stderr, "%s%s%s%s\n", - prompt, ": Bad TOS argument '", - optarg, - "; will try to use default TOS"); -#else - fprintf(stderr, - "%s: Warning: -S ignored, no parsetos() support.\n", - prompt); -#endif - } - break; - case 'X': -#ifdef AUTHENTICATION - auth_disable_name(optarg); -#endif - break; - case 'a': - autologin = 1; - break; - case 'c': - skiprc = 1; - break; - case 'd': - debug = 1; - break; - case 'e': - set_escape_char(optarg); - break; - case 'f': -#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) - if ((forward_flags & OPTS_FORWARD_CREDS) && - !default_forward) { - fprintf(stderr, - "%s: Only one of -f and -F allowed.\n", - prompt); - usage(); - } - forward_flags |= OPTS_FORWARD_CREDS; -#else - fprintf(stderr, - "%s: Warning: -f ignored, no Kerberos V5 support.\n", - prompt); -#endif - break; - case 'F': -#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) - if ((forward_flags & OPTS_FORWARD_CREDS) && - !default_forward) { - fprintf(stderr, - "%s: Only one of -f and -F allowed.\n", - prompt); - usage(); - } - forward_flags |= OPTS_FORWARD_CREDS; - forward_flags |= OPTS_FORWARDABLE_CREDS; -#else - fprintf(stderr, - "%s: Warning: -F ignored, no Kerberos V5 support.\n", - prompt); -#endif - break; - case 'k': -#if defined(AUTHENTICATION) && defined(KRB4) - { - extern char *dest_realm, dst_realm_buf[]; - extern int dst_realm_sz; - dest_realm = dst_realm_buf; - (void)strncpy(dest_realm, optarg, dst_realm_sz); - } -#else - fprintf(stderr, - "%s: Warning: -k ignored, no Kerberos V4 support.\n", - prompt); -#endif - break; case 'l': autologin = -1; user = optarg; break; - case 'b': - alias = optarg; - break; case 'n': -#if defined(TN3270) && defined(unix) - /* distinguish between "-n oasynch" and "-noasynch" */ - if (argv[optind - 1][0] == '-' && argv[optind - 1][1] - == 'n' && argv[optind - 1][2] == 'o') { - if (!strcmp(optarg, "oasynch")) { - noasynchtty = 1; - noasynchnet = 1; - } else if (!strcmp(optarg, "oasynchtty")) - noasynchtty = 1; - else if (!strcmp(optarg, "oasynchnet")) - noasynchnet = 1; - } else -#endif /* defined(TN3270) && defined(unix) */ - SetNetTrace(optarg); + SetNetTrace(optarg); break; case 'r': rlogin = '~'; break; - case 't': -#if defined(TN3270) && defined(unix) - (void)strlcpy(tline, optarg, sizeof tline); - transcom = tline; -#else - fprintf(stderr, - "%s: Warning: -t ignored, no TN3270 support.\n", - prompt); -#endif - break; case 'V': rtableid = (int)strtonum(optarg, 0, RT_TABLEID_MAX, &errstr); @@ -334,18 +164,6 @@ main(argc, argv) prompt, errstr, optarg); } break; - case 'x': -#ifdef ENCRYPTION - encrypt_auto(1); - decrypt_auto(1); - wantencryption = 1; - EncryptVerbose(1); -#else - fprintf(stderr, - "%s: Warning: -x ignored, no ENCRYPT support.\n", - prompt); -#endif - break; case '?': default: usage(); @@ -353,17 +171,6 @@ main(argc, argv) } } - if (autologin == -1) { -#if defined(AUTHENTICATION) - if(check_krb4_tickets() || check_krb5_tickets()) - autologin = 1; -#endif -#if defined(ENCRYPTION) - encrypt_auto(1); - decrypt_auto(1); -#endif - } - if (autologin == -1) autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1; @@ -398,12 +205,7 @@ main(argc, argv) } (void)setjmp(toplevel); for (;;) { -#ifdef TN3270 - if (shell_active) - shell_continue(); - else -#endif - command(1, 0, 0); + command(1, 0, 0); } return 0; } diff --git a/usr.bin/telnet/misc-proto.h b/usr.bin/telnet/misc-proto.h deleted file mode 100644 index 9ac15039fc8..00000000000 --- a/usr.bin/telnet/misc-proto.h +++ /dev/null @@ -1,90 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * from: @(#)misc-proto.h 8.1 (Berkeley) 6/4/93 - * $OpenBSD: misc-proto.h,v 1.1 2005/05/24 03:41:58 deraadt Exp $ - * $NetBSD: misc-proto.h,v 1.5 1996/02/24 01:15:23 jtk Exp $ - */ - -/* - * This source code is no longer held under any constraint of USA - * `cryptographic laws' since it was exported legally. The cryptographic - * functions were removed from the code and a "Bones" distribution was - * made. A Commodity Jurisdiction Request #012-94 was filed with the - * USA State Department, who handed it to the Commerce department. The - * code was determined to fall under General License GTDA under ECCN 5D96G, - * and hence exportable. The cryptographic interfaces were re-added by Eric - * Young, and then KTH proceeded to maintain the code in the free world. - * - */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* $KTH: misc-proto.h,v 1.9 2000/11/15 23:00:21 assar Exp $ */ - -#ifndef __MISC_PROTO__ -#define __MISC_PROTO__ - -void auth_encrypt_init (const char *, const char *, const char *, int); -void auth_encrypt_user(const char *name); -void auth_encrypt_connect (int); -void printd (const unsigned char *, int); - -char** genget (char *name, char **table, int stlen); -int isprefix(char *s1, char *s2); -int Ambiguous(void *s); - -/* - * These functions are imported from the application - */ -int telnet_net_write (unsigned char *, int); -void net_encrypt (void); -int telnet_spin (void); -char *telnet_getenv (const char *); -char *telnet_gets (char *, char *, int, int); -void printsub(int direction, unsigned char *pointer, int length); -void esetenv(const char *, const char *, int); -#endif diff --git a/usr.bin/telnet/misc.c b/usr.bin/telnet/misc.c deleted file mode 100644 index 215ccc8c911..00000000000 --- a/usr.bin/telnet/misc.c +++ /dev/null @@ -1,96 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $KTH: misc.c,v 1.15 2000/01/25 23:24:58 assar Exp $ */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <err.h> -#include "misc.h" -#include "auth.h" -#include "encrypt.h" - - -const char *RemoteHostName; -const char *LocalHostName; -char *UserNameRequested = 0; -int ConnectedCount = 0; - -void -auth_encrypt_init(const char *local, const char *remote, const char *name, - int server) -{ - RemoteHostName = remote; - LocalHostName = local; -#ifdef AUTHENTICATION - auth_init(name, server); -#endif -#ifdef ENCRYPTION - encrypt_init(name, server); -#endif - if (UserNameRequested) { - free(UserNameRequested); - UserNameRequested = 0; - } -} - -void -auth_encrypt_user(const char *name) -{ - if (UserNameRequested) - free(UserNameRequested); - UserNameRequested = name ? strdup(name) : 0; -} - -void -auth_encrypt_connect(int cnt) -{ -} - -void -printd(const unsigned char *data, int cnt) -{ - if (cnt > 16) - cnt = 16; - while (cnt-- > 0) { - printf(" %02x", *data); - ++data; - } -} - -/* This is stolen from libroken; it's the only thing actually needed from - * libroken. - */ -void -esetenv(const char *var, const char *val, int rewrite) -{ - if (setenv ((char *)var, (char *)val, rewrite)) - errx (1, "failed setting environment variable %s", var); -} diff --git a/usr.bin/telnet/misc.h b/usr.bin/telnet/misc.h deleted file mode 100644 index c60389180f3..00000000000 --- a/usr.bin/telnet/misc.h +++ /dev/null @@ -1,40 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * from: @(#)misc.h 8.1 (Berkeley) 6/4/93 - * $OpenBSD: misc.h,v 1.1 2005/05/24 03:41:58 deraadt Exp $ - * $NetBSD: misc.h,v 1.4 1996/02/24 01:15:27 jtk Exp $ - */ - -extern char *UserNameRequested; -extern const char *LocalHostName; -extern const char *RemoteHostName; -extern int ConnectedCount; -extern int ReservedPort; - -#include "misc-proto.h" diff --git a/usr.bin/telnet/network.c b/usr.bin/telnet/network.c index 6aa2f2aebcf..8bd1b8b7235 100644 --- a/usr.bin/telnet/network.c +++ b/usr.bin/telnet/network.c @@ -1,4 +1,4 @@ -/* $OpenBSD: network.c,v 1.9 2013/04/21 09:51:24 millert Exp $ */ +/* $OpenBSD: network.c,v 1.10 2014/07/19 23:50:38 guenther Exp $ */ /* $NetBSD: network.c,v 1.5 1996/02/28 21:04:06 thorpej Exp $ */ /* @@ -110,10 +110,6 @@ netflush() { int n, n1; -#if defined(ENCRYPTION) - if (encrypt_output) - ring_encrypt(&netoring, encrypt_output); -#endif if ((n1 = n = ring_full_consecutive(&netoring)) > 0) { if (!ring_at_mark(&netoring)) { n = send(net, (char *)netoring.consume, n, 0); /* normal write */ diff --git a/usr.bin/telnet/ring.c b/usr.bin/telnet/ring.c index 729e6dc416f..d6dbbe076f7 100644 --- a/usr.bin/telnet/ring.c +++ b/usr.bin/telnet/ring.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ring.c,v 1.5 2003/06/03 02:56:18 millert Exp $ */ +/* $OpenBSD: ring.c,v 1.6 2014/07/19 23:50:38 guenther Exp $ */ /* $NetBSD: ring.c,v 1.7 1996/02/28 21:04:07 thorpej Exp $ */ /* @@ -94,10 +94,6 @@ ring_init(ring, buffer, count) ring->top = ring->bottom+ring->size; -#if defined(ENCRYPTION) - ring->clearto = 0; -#endif - return 1; } @@ -167,15 +163,6 @@ ring_consumed(ring, count) (ring_subtract(ring, ring->mark, ring->consume) < count)) { ring->mark = 0; } -#if defined(ENCRYPTION) - if (ring->consume < ring->clearto && - ring->clearto <= ring->consume + count) - ring->clearto = 0; - else if (ring->consume + count > ring->top && - ring->bottom <= ring->clearto && - ring->bottom + ((ring->consume + count) - ring->top)) - ring->clearto = 0; -#endif ring->consume = ring_increment(ring, ring->consume, count); ring->consumetime = ++ring_clock; /* @@ -283,60 +270,3 @@ ring_supply_data(ring, buffer, count) buffer += i; } } - -#ifdef notdef - -/* - * Move data from the "consume" portion of the ring buffer - */ - void -ring_consume_data(ring, buffer, count) - Ring *ring; - unsigned char *buffer; - int count; -{ - int i; - - while (count) { - i = MIN(count, ring_full_consecutive(ring)); - memmove(buffer, ring->consume, i); - ring_consumed(ring, i); - count -= i; - buffer += i; - } -} -#endif - -#if defined(ENCRYPTION) -void -ring_encrypt(Ring *ring, void (*encryptor)()) -{ - unsigned char *s, *c; - - if (ring_empty(ring) || ring->clearto == ring->supply) - return; - - if (!(c = ring->clearto)) - c = ring->consume; - - s = ring->supply; - - if (s <= c) { - (*encryptor)(c, ring->top - c); - (*encryptor)(ring->bottom, s - ring->bottom); - } else - (*encryptor)(c, s - c); - - ring->clearto = ring->supply; -} - -void -ring_clearto(Ring *ring) -{ - if (!ring_empty(ring)) - ring->clearto = ring->supply; - else - ring->clearto = 0; -} -#endif - diff --git a/usr.bin/telnet/ring.h b/usr.bin/telnet/ring.h index b1bc9e2840e..22f90b5e7b6 100644 --- a/usr.bin/telnet/ring.h +++ b/usr.bin/telnet/ring.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ring.h,v 1.6 2003/06/03 02:56:18 millert Exp $ */ +/* $OpenBSD: ring.h,v 1.7 2014/07/19 23:50:38 guenther Exp $ */ /* $NetBSD: ring.h,v 1.5 1996/02/28 21:04:09 thorpej Exp $ */ /* @@ -48,10 +48,6 @@ typedef struct { *bottom, /* lowest address in buffer */ *top, /* highest address+1 in buffer */ *mark; /* marker (user defined) */ -#if defined(ENCRYPTION) - unsigned char *clearto; /* Data to this point is clear text */ - unsigned char *encryyptedto; /* Data is encrypted to here */ -#endif int size; /* size in bytes of buffer */ u_long consumetime, /* help us keep straight full, empty, etc. */ supplytime; @@ -66,10 +62,6 @@ extern int /* Data movement routines */ extern void ring_supply_data(Ring *ring, unsigned char *buffer, int count); -#ifdef notdef -extern void - ring_consume_data(Ring *ring, unsigned char *buffer, int count); -#endif /* Buffer state transition routines */ extern void @@ -83,13 +75,6 @@ extern int ring_full_count(Ring *ring), ring_full_consecutive(Ring *ring); -#if defined(ENCRYPTION) -extern void - ring_encrypt (Ring *ring, void (*func)()), - ring_clearto (Ring *ring); -#endif - - extern void ring_clear_mark(Ring *), ring_mark(Ring *); diff --git a/usr.bin/telnet/sys_bsd.c b/usr.bin/telnet/sys_bsd.c index b9d23eb3eb0..7e53460d067 100644 --- a/usr.bin/telnet/sys_bsd.c +++ b/usr.bin/telnet/sys_bsd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_bsd.c,v 1.15 2013/04/21 09:51:24 millert Exp $ */ +/* $OpenBSD: sys_bsd.c,v 1.16 2014/07/19 23:50:38 guenther Exp $ */ /* $NetBSD: sys_bsd.c,v 1.11 1996/02/28 21:04:10 thorpej Exp $ */ /* @@ -48,48 +48,9 @@ int #define TELNET_FD_NET 2 #define TELNET_FD_NUM 3 -#ifndef USE_TERMIO -struct tchars otc = { 0 }, ntc = { 0 }; -struct ltchars oltc = { 0 }, nltc = { 0 }; -struct sgttyb ottyb = { 0 }, nttyb = { 0 }; -int olmode = 0; -# define cfgetispeed(ptr) (ptr)->sg_ispeed -# define cfgetospeed(ptr) (ptr)->sg_ospeed -# define old_tc ottyb - -#else /* USE_TERMIO */ struct termios old_tc = { 0 }; extern struct termios new_tc; -# ifndef TCSANOW -# ifdef TCSETS -# define TCSANOW TCSETS -# define TCSADRAIN TCSETSW -# define tcgetattr(f, t) ioctl(f, TCGETS, (char *)t) -# else -# ifdef TCSETA -# define TCSANOW TCSETA -# define TCSADRAIN TCSETAW -# define tcgetattr(f, t) ioctl(f, TCGETA, (char *)t) -# else -# define TCSANOW TIOCSETA -# define TCSADRAIN TIOCSETAW -# define tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t) -# endif -# endif -# define tcsetattr(f, a, t) ioctl(f, a, (char *)t) -# define cfgetospeed(ptr) ((ptr)->c_cflag&CBAUD) -# ifdef CIBAUD -# define cfgetispeed(ptr) (((ptr)->c_cflag&CIBAUD) >> IBSHIFT) -# else -# define cfgetispeed(ptr) cfgetospeed(ptr) -# endif -# endif /* TCSANOW */ -# ifdef sysV88 -# define TIOCFLUSH TC_PX_DRAIN -# endif -#endif /* USE_TERMIO */ - void init_sys() { @@ -208,17 +169,6 @@ TerminalFlushOutput() void TerminalSaveState() { -#ifndef USE_TERMIO - ioctl(0, TIOCGETP, (char *)&ottyb); - ioctl(0, TIOCGETC, (char *)&otc); - ioctl(0, TIOCGLTC, (char *)&oltc); - ioctl(0, TIOCLGET, (char *)&olmode); - - ntc = otc; - nltc = oltc; - nttyb = ottyb; - -#else /* USE_TERMIO */ tcgetattr(0, &old_tc); new_tc = old_tc; @@ -244,7 +194,6 @@ TerminalSaveState() #ifndef VSTATUS termAytChar = CONTROL('T'); #endif -#endif /* USE_TERMIO */ } cc_t * @@ -260,7 +209,6 @@ tcval(func) case SLC_XON: return(&termStartChar); case SLC_XOFF: return(&termStopChar); case SLC_FORW1: return(&termForw1Char); -#ifdef USE_TERMIO case SLC_FORW2: return(&termForw2Char); # ifdef VDISCARD case SLC_AO: return(&termFlushChar); @@ -280,7 +228,6 @@ tcval(func) # ifdef VSTATUS case SLC_AYT: return(&termAytChar); # endif -#endif case SLC_SYNCH: case SLC_BRK: @@ -293,12 +240,6 @@ tcval(func) void TerminalDefaultChars() { -#ifndef USE_TERMIO - ntc = otc; - nltc = oltc; - nttyb.sg_kill = ottyb.sg_kill; - nttyb.sg_erase = ottyb.sg_erase; -#else /* USE_TERMIO */ memmove(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc)); # ifndef VDISCARD termFlushChar = CONTROL('O'); @@ -321,16 +262,8 @@ TerminalDefaultChars() # ifndef VSTATUS termAytChar = CONTROL('T'); # endif -#endif /* USE_TERMIO */ } -#ifdef notdef -void -TerminalRestoreState() -{ -} -#endif - /* * TerminalNewMode - set up terminal to a specific mode. * MODE_ECHO: do local terminal echo @@ -365,14 +298,7 @@ TerminalNewMode(f) int f; { static int prevmode = 0; -#ifndef USE_TERMIO - struct tchars tc; - struct ltchars ltc; - struct sgttyb sb; - int lmode; -#else /* USE_TERMIO */ struct termios tmp_tc; -#endif /* USE_TERMIO */ int onoff; int old; cc_t esc; @@ -387,68 +313,34 @@ TerminalNewMode(f) * left to write out, it returns -1 if it couldn't do * anything at all, otherwise it returns 1 + the number * of characters left to write. -#ifndef USE_TERMIO - * We would really like ask the kernel to wait for the output - * to drain, like we can do with the TCSADRAIN, but we don't have - * that option. The only ioctl that waits for the output to - * drain, TIOCSETP, also flushes the input queue, which is NOT - * what we want (TIOCSETP is like TCSADFLUSH). -#endif */ old = ttyflush(SYNCHing|flushout); if (old < 0 || old > 1) { -#ifdef USE_TERMIO tcgetattr(tin, &tmp_tc); -#endif /* USE_TERMIO */ do { /* * Wait for data to drain, then flush again. */ -#ifdef USE_TERMIO tcsetattr(tin, TCSADRAIN, &tmp_tc); -#endif /* USE_TERMIO */ old = ttyflush(SYNCHing|flushout); } while (old < 0 || old > 1); } old = prevmode; prevmode = f&~MODE_FORCE; -#ifndef USE_TERMIO - sb = nttyb; - tc = ntc; - ltc = nltc; - lmode = olmode; -#else tmp_tc = new_tc; -#endif if (f&MODE_ECHO) { -#ifndef USE_TERMIO - sb.sg_flags |= ECHO; -#else tmp_tc.c_lflag |= ECHO; tmp_tc.c_oflag |= ONLCR; if (crlf) tmp_tc.c_iflag |= ICRNL; -#endif } else { -#ifndef USE_TERMIO - sb.sg_flags &= ~ECHO; -#else tmp_tc.c_lflag &= ~ECHO; tmp_tc.c_oflag &= ~ONLCR; -# ifdef notdef - if (crlf) - tmp_tc.c_iflag &= ~ICRNL; -# endif -#endif } if ((f&MODE_FLOW) == 0) { -#ifndef USE_TERMIO - tc.t_startc = _POSIX_VDISABLE; - tc.t_stopc = _POSIX_VDISABLE; -#else tmp_tc.c_iflag &= ~(IXOFF|IXON); /* Leave the IXANY bit alone */ } else { if (restartany < 0) { @@ -459,61 +351,30 @@ TerminalNewMode(f) tmp_tc.c_iflag |= IXOFF|IXON; tmp_tc.c_iflag &= ~IXANY; } -#endif } if ((f&MODE_TRAPSIG) == 0) { -#ifndef USE_TERMIO - tc.t_intrc = _POSIX_VDISABLE; - tc.t_quitc = _POSIX_VDISABLE; - tc.t_eofc = _POSIX_VDISABLE; - ltc.t_suspc = _POSIX_VDISABLE; - ltc.t_dsuspc = _POSIX_VDISABLE; -#else tmp_tc.c_lflag &= ~ISIG; -#endif localchars = 0; } else { -#ifdef USE_TERMIO tmp_tc.c_lflag |= ISIG; -#endif localchars = 1; } if (f&MODE_EDIT) { -#ifndef USE_TERMIO - sb.sg_flags &= ~CBREAK; - sb.sg_flags |= CRMOD; -#else tmp_tc.c_lflag |= ICANON; -#endif } else { -#ifndef USE_TERMIO - sb.sg_flags |= CBREAK; - if (f&MODE_ECHO) - sb.sg_flags |= CRMOD; - else - sb.sg_flags &= ~CRMOD; -#else tmp_tc.c_lflag &= ~ICANON; tmp_tc.c_iflag &= ~ICRNL; tmp_tc.c_cc[VMIN] = 1; tmp_tc.c_cc[VTIME] = 0; -#endif } if ((f&(MODE_EDIT|MODE_TRAPSIG)) == 0) { -#ifndef USE_TERMIO - ltc.t_lnextc = _POSIX_VDISABLE; -#else tmp_tc.c_lflag &= ~IEXTEN; -#endif } if (f&MODE_SOFT_TAB) { -#ifndef USE_TERMIO - sb.sg_flags |= XTABS; -#else # ifdef OXTABS tmp_tc.c_oflag |= OXTABS; # endif @@ -521,52 +382,28 @@ TerminalNewMode(f) tmp_tc.c_oflag &= ~TABDLY; tmp_tc.c_oflag |= TAB3; # endif -#endif } else { -#ifndef USE_TERMIO - sb.sg_flags &= ~XTABS; -#else # ifdef OXTABS tmp_tc.c_oflag &= ~OXTABS; # endif # ifdef TABDLY tmp_tc.c_oflag &= ~TABDLY; # endif -#endif } if (f&MODE_LIT_ECHO) { -#ifndef USE_TERMIO - lmode &= ~LCTLECH; -#else # ifdef ECHOCTL tmp_tc.c_lflag &= ~ECHOCTL; # endif -#endif } else { -#ifndef USE_TERMIO - lmode |= LCTLECH; -#else # ifdef ECHOCTL tmp_tc.c_lflag |= ECHOCTL; # endif -#endif } if (f == -1) { onoff = 0; } else { -#ifndef USE_TERMIO - if (f & MODE_OUTBIN) - lmode |= LLITOUT; - else - lmode &= ~LLITOUT; - - if (f & MODE_INBIN) - lmode |= LPASS8; - else - lmode &= ~LPASS8; -#else if (f & MODE_INBIN) tmp_tc.c_iflag &= ~ISTRIP; else @@ -584,7 +421,6 @@ TerminalNewMode(f) tmp_tc.c_cflag |= old_tc.c_cflag & (CSIZE|PARENB); tmp_tc.c_oflag |= OPOST; } -#endif onoff = 1; } @@ -595,7 +431,7 @@ TerminalNewMode(f) #ifdef SIGINFO (void) signal(SIGINFO, ayt); #endif -#if defined(USE_TERMIO) && defined(NOKERNINFO) +#if defined(NOKERNINFO) tmp_tc.c_lflag |= NOKERNINFO; #endif /* @@ -604,14 +440,9 @@ TerminalNewMode(f) * to process it because it will be processed when the * user attempts to read it, not when we send it. */ -#ifndef USE_TERMIO - ltc.t_dsuspc = _POSIX_VDISABLE; -#else # ifdef VDSUSP tmp_tc.c_cc[VDSUSP] = (cc_t)(_POSIX_VDISABLE); # endif -#endif -#ifdef USE_TERMIO /* * If the VEOL character is already set, then use VEOL2, * otherwise use VEOL. @@ -629,10 +460,6 @@ TerminalNewMode(f) tmp_tc.c_cc[VEOL2] = esc; # endif } -#else - if (tc.t_brkc == (cc_t)(_POSIX_VDISABLE)) - tc.t_brkc = esc; -#endif } else { #ifdef SIGTSTP sigset_t mask; @@ -648,37 +475,13 @@ TerminalNewMode(f) sigaddset(&mask, SIGTSTP); sigprocmask(SIG_UNBLOCK, &mask, NULL); #endif /* SIGTSTP */ -#ifndef USE_TERMIO - ltc = oltc; - tc = otc; - sb = ottyb; - lmode = olmode; -#else tmp_tc = old_tc; -#endif } -#ifndef USE_TERMIO - ioctl(tin, TIOCLSET, (char *)&lmode); - ioctl(tin, TIOCSLTC, (char *)<c); - ioctl(tin, TIOCSETC, (char *)&tc); - ioctl(tin, TIOCSETN, (char *)&sb); -#else if (tcsetattr(tin, TCSADRAIN, &tmp_tc) < 0) tcsetattr(tin, TCSANOW, &tmp_tc); -#endif -#if (!defined(TN3270)) || ((!defined(NOT43)) || defined(PUTCHAR)) -# if !defined(sysV88) ioctl(tin, FIONBIO, (char *)&onoff); ioctl(tout, FIONBIO, (char *)&onoff); -# endif -#endif /* (!defined(TN3270)) || ((!defined(NOT43)) || defined(PUTCHAR)) */ -#if defined(TN3270) - if (noasynchtty == 0) { - ioctl(tin, FIOASYNC, (char *)&onoff); - } -#endif /* defined(TN3270) */ - } /* @@ -809,25 +612,6 @@ NetNonblockingIO(fd, onoff) ioctl(fd, FIONBIO, (char *)&onoff); } -#if defined(TN3270) - void -NetSigIO(fd, onoff) - int fd; - int onoff; -{ - ioctl(fd, FIOASYNC, (char *)&onoff); /* hear about input */ -} - - void -NetSetPgrp(fd) - int fd; -{ - pid_t myPid; - - myPid = getpid(); - fcntl(fd, F_SETOWN, myPid); -} -#endif /*defined(TN3270)*/ /* * Various signal handling routines. @@ -920,6 +704,8 @@ ayt(sig) void sys_telnet_init() { + int one = 1; + (void) signal(SIGINT, intr); (void) signal(SIGQUIT, intr2); (void) signal(SIGPIPE, deadpeer); @@ -937,18 +723,9 @@ sys_telnet_init() NetNonblockingIO(net, 1); -#if defined(TN3270) - if (noasynchnet == 0) { /* DBX can't handle! */ - NetSigIO(net, 1); - NetSetPgrp(net); - } -#endif /* defined(TN3270) */ - -#if defined(SO_OOBINLINE) - if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) == -1) { - perror("SetSockOpt"); + if (setsockopt(net, SOL_SOCKET, SO_OOBINLINE, &one, sizeof(one)) == -1) { + perror("setsockopt"); } -#endif /* defined(SO_OOBINLINE) */ } /* @@ -1010,15 +787,6 @@ process_rings(netin, netout, netex, ttyin, ttyout, dopoll) if (errno == EINTR) { return 0; } -# if defined(TN3270) - /* - * we can get EBADF if we were in transparent - * mode, and the transcom process died. - */ - if (errno == EBADF) { - return 0; - } -# endif /* defined(TN3270) */ /* I don't like this, does it ever happen? */ printf("sleep(5) from telnet, after poll\r\n"); sleep(5); @@ -1041,98 +809,7 @@ process_rings(netin, netout, netex, ttyin, ttyout, dopoll) int canread; canread = ring_empty_consecutive(&netiring); -#if !defined(SO_OOBINLINE) - /* - * In 4.2 (and some early 4.3) systems, the - * OOB indication and data handling in the kernel - * is such that if two separate TCP Urgent requests - * come in, one byte of TCP data will be overlaid. - * This is fatal for Telnet, but we try to live - * with it. - * - * In addition, in 4.2 (and...), a special protocol - * is needed to pick up the TCP Urgent data in - * the correct sequence. - * - * What we do is: if we think we are in urgent - * mode, we look to see if we are "at the mark". - * If we are, we do an OOB receive. If we run - * this twice, we will do the OOB receive twice, - * but the second will fail, since the second - * time we were "at the mark", but there wasn't - * any data there (the kernel doesn't reset - * "at the mark" until we do a normal read). - * Once we've read the OOB data, we go ahead - * and do normal reads. - * - * There is also another problem, which is that - * since the OOB byte we read doesn't put us - * out of OOB state, and since that byte is most - * likely the TELNET DM (data mark), we would - * stay in the TELNET SYNCH (SYNCHing) state. - * So, clocks to the rescue. If we've "just" - * received a DM, then we test for the - * presence of OOB data when the receive OOB - * fails (and AFTER we did the normal mode read - * to clear "at the mark"). - */ - if (SYNCHing) { - int atmark; - static int bogus_oob = 0, first = 1; - - ioctl(net, SIOCATMARK, (char *)&atmark); - if (atmark) { - c = recv(net, netiring.supply, canread, MSG_OOB); - if ((c == -1) && (errno == EINVAL)) { - c = recv(net, netiring.supply, canread, 0); - if (clocks.didnetreceive < clocks.gotDM) { - SYNCHing = stilloob(net); - } - } else if (first && c > 0) { - /* - * Bogosity check. Systems based on 4.2BSD - * do not return an error if you do a second - * recv(MSG_OOB). So, we do one. If it - * succeeds and returns exactly the same - * data, then assume that we are running - * on a broken system and set the bogus_oob - * flag. (If the data was different, then - * we probably got some valid new data, so - * increment the count...) - */ - int i; - i = recv(net, netiring.supply + c, canread - c, MSG_OOB); - if (i == c && - memcmp(netiring.supply, netiring.supply + c, i) == 0) { - bogus_oob = 1; - first = 0; - } else if (i < 0) { - bogus_oob = 0; - first = 0; - } else - c += i; - } - if (bogus_oob && c > 0) { - int i; - /* - * Bogosity. We have to do the read - * to clear the atmark to get out of - * an infinate loop. - */ - i = read(net, netiring.supply + c, canread - c); - if (i > 0) - c += i; - } - } else { - c = recv(net, netiring.supply, canread, 0); - } - } else { - c = recv(net, netiring.supply, canread, 0); - } - settimer(didnetreceive); -#else /* !defined(SO_OOBINLINE) */ c = recv(net, (char *)netiring.supply, canread, 0); -#endif /* !defined(SO_OOBINLINE) */ if (c < 0 && errno == EWOULDBLOCK) { c = 0; } else if (c <= 0) { diff --git a/usr.bin/telnet/telnet.1 b/usr.bin/telnet/telnet.1 index 6903ad71889..e98ede2489b 100644 --- a/usr.bin/telnet/telnet.1 +++ b/usr.bin/telnet/telnet.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: telnet.1,v 1.49 2014/05/09 06:37:38 jmc Exp $ +.\" $OpenBSD: telnet.1,v 1.50 2014/07/19 23:50:38 guenther Exp $ .\" $NetBSD: telnet.1,v 1.5 1996/02/28 21:04:12 thorpej Exp $ .\" .\" Copyright (c) 1983, 1990, 1993 @@ -30,7 +30,7 @@ .\" .\" from: @(#)telnet.1 8.4 (Berkeley) 2/3/94 .\" -.Dd $Mdocdate: May 9 2014 $ +.Dd $Mdocdate: July 19 2014 $ .Dt TELNET 1 .Os .Sh NAME @@ -39,14 +39,12 @@ .Sh SYNOPSIS .Nm telnet .Bk -words -.Op Fl 468acdEFfKLrx +.Op Fl 4678acDdEKLr .Op Fl b Ar hostalias .Op Fl e Ar escapechar -.Op Fl k Ar realm .Op Fl l Ar user .Op Fl n Ar tracefile .Op Fl V Ar rtable -.Op Fl X Ar authtype .Oo .Ar host .Op Ar port @@ -79,9 +77,14 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.It Fl 7 +Specifies a 7-bit data path. +This attempts to disable the +.Dv TELNET BINARY +option on both input and output. .It Fl 8 Specifies an 8-bit data path. -This causes an attempt to negotiate the +This attempts to negotiate the .Dv TELNET BINARY option on both input and output. .It Fl a @@ -114,6 +117,14 @@ file. (See the .Ic toggle skiprc command on this man page.) +.It Fl D +Disables rewriting of the +.Ev DISPLAY +variable when it starts with +.Sq :\& +or +.Sq unix: . +By default, these are replaced with the local hostname and a colon. .It Fl d Sets the initial value of the .Ic debug @@ -130,30 +141,13 @@ If .Ar escapechar is omitted, then there will be no escape character. -.It Fl F -If Kerberos authentication is being used, the -.Fl F -option allows the local credentials to be forwarded -to the remote system, including any credentials that -have already been forwarded into the local environment. -.It Fl f -If Kerberos authentication is being used, the -.Fl f -option allows the local credentials to be forwarded to the remote system. .It Fl K Specifies no automatic login to the remote system. -.It Fl k Ar realm -If Kerberos authentication is being used, the -.Fl k -option requests that -.Nm -obtain tickets for the remote host in -realm -.Ar realm -instead of the remote host's realm. .It Fl L Specifies an 8-bit data path on output. -This causes the BINARY option to be negotiated on output. +This attempts to negotiate the +.Dv TELNET BINARY +option on output. .It Fl l Ar user When connecting to the remote system, if the remote system understands the @@ -184,16 +178,6 @@ unless modified by the option. .It Fl V Ar rtable Set the routing table to be used. -.It Fl X Ar authtype -Disables the -.Ar authtype -type of authentication. -.It Fl x -Turn on encryption of the data stream. -When this option is turned on, -.Nm -will exit with an error if authentication cannot be negotiated or if -encryption cannot be turned on. .It Ar host Indicates the official name, an alias, or the Internet address of a remote host. @@ -315,34 +299,6 @@ and .Ic display commands). .Bl -tag -width "mode type" -.It Ic auth Ar argument ... -The -.Ic auth -command manipulates the information sent through the -.Dv TELNET AUTHENTICATE -option. -Valid arguments for the -.Ic auth -command are as follows: -.Bl -tag -width "disable type" -.It Ic disable Ar type -Disables the specified -.Ar type -of authentication. -To obtain a list of available types, use the -.Ic auth disable ?\& -command. -.It Ic enable Ar type -Enables the specified -.Ar type -of authentication. -To obtain a list of available types, use the -.Ic auth enable ?\& -command. -.It Ic status -Lists the current status of the various types of -authentication. -.El .It Ic close Close a TELNET session and return to command mode. .It Ic display Ar argument ... @@ -351,84 +307,6 @@ Displays all, or some, of the and .Ic toggle values (see below). -.It Ic encrypt Ar argument ... -The -.Ic encrypt -command manipulates the information sent through the -.Dv TELNET ENCRYPT -option that's available when Kerberos is used. -.Pp -Valid arguments for the encrypt command are as follows: -.Bl -tag -width Ar -.It Ic disable Ar type Ic [input|output] -Disables the specified -.Ar type -of encryption. -If you omit -.Ic input -and -.Ic output , -both input and output -are disabled. -To obtain a list of available types, use the -.Ic encrypt disable ?\& -command. -.It Ic enable Ar type Ic [input|output] -Enables the specified -.Ar type -of encryption. -If you omit -.Ic input -and -.Ic output , -both input and output are -enabled. -To obtain a list of available types, use the -.Ic encrypt enable ?\& -command. -.It Ic input -This is the same as the -.Ic encrypt start input -command. -.It Ic -input -This is the same as the -.Ic encrypt stop input -command. -.It Ic output -This is the same as the -.Ic encrypt start output -command. -.It Ic -output -This is the same as the -.Ic encrypt stop output -command. -.It Ic start Ic [input|output] -Attempts to start encryption. -If you omit -.Ic input -and -.Ic output , -both input and output are enabled. -To obtain a list of available types, use the -.Ic encrypt enable ?\& -command. -.It Ic status -Lists the current status of encryption. -.It Ic stop Ic [input|output] -Stops encryption. -If you omit -.Ic input -and -.Ic output , -encryption is on both input and output. -.It Ic type Ar type -Sets the default type of encryption to be used -with later -.Ic encrypt start -or -.Ic encrypt stop -commands. -.El .It Ic environ Ar argument ... The .Ic environ @@ -568,6 +446,8 @@ command. .El .It Xo .Ic open Ar host +.Op Fl a +.Op Fl b hostalias .Op Fl l Ar user .Oo Op Fl .Ar port Oc @@ -582,11 +462,12 @@ The host specification may be either a host name (see or an Internet address specified in the ``dot notation'' (see .Xr inet_ntop 3 ) . The +.Fl a , +.Fl b , +and .Fl l -option may be used to specify the user name -to be passed to the remote system via the -.Ev ENVIRON -option. +options are equivalent to the identical command line options, +but only apply to the new telnet connection being opened. When connecting to a non-standard port, .Nm omits any automatic initiation of TELNET options. @@ -1177,8 +1058,6 @@ The state of these flags may be interrogated with the command. Valid arguments are: .Bl -tag -width Ar -.It Ic authdebug -Turns on debugging information for the authentication code. .It Ic autoflush If .Ic autoflush @@ -1206,25 +1085,8 @@ done an "stty noflsh", otherwise .Dv FALSE (see .Xr stty 1 ) . -.It Ic autodecrypt -When the -.Dv TELNET ENCRYPT -option is negotiated, by -default the actual encryption (decryption) of the data -stream does not start automatically. -The -.Ic autoencrypt -.Pq Ic autodecrypt -command states that encryption of the -output (input) stream should be enabled as soon as -possible. .It Ic autologin -If the remote side supports the -.Dv TELNET AUTHENTICATION -option TELNET attempts to use it to perform automatic authentication. -If the -.Dv AUTHENTICATION -option is not supported, the user's login +The user's login name is propagated through the .Dv TELNET ENVIRON option. @@ -1298,8 +1160,6 @@ The initial value for this toggle is Toggles socket level debugging (useful only to the superuser). The initial value for this toggle is .Dv FALSE . -.It Ic encdebug -Turns on debugging information for the encryption code. .It Ic localchars If this is .Dv TRUE , diff --git a/usr.bin/telnet/telnet.c b/usr.bin/telnet/telnet.c index b5d8909065e..3b242c9d47b 100644 --- a/usr.bin/telnet/telnet.c +++ b/usr.bin/telnet/telnet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: telnet.c,v 1.20 2009/04/28 06:46:03 chl Exp $ */ +/* $OpenBSD: telnet.c,v 1.21 2014/07/19 23:50:38 guenther Exp $ */ /* $NetBSD: telnet.c,v 1.7 1996/02/28 21:04:15 thorpej Exp $ */ /* @@ -60,17 +60,11 @@ int skiprc = 0, connected, showoptions, - In3270, /* Are we in 3270 mode? */ ISend, /* trying to send network data in */ debug = 0, crmod, netdata, /* Print out network data flow */ crlf, /* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */ -#if defined(TN3270) - noasynchtty = 0,/* User specified "-noasynch" on command line */ - noasynchnet = 0,/* User specified "-noasynch" on command line */ - askedSGA = 0, /* We have talked about suppress go ahead */ -#endif /* defined(TN3270) */ telnetport, wantencryption = 0, SYNCHing, /* we are in TELNET SYNCH mode */ @@ -110,11 +104,7 @@ cc_t echoc; #define TS_SE 8 /* looking for sub-option end */ static int telrcv_state; -#ifdef OLD_ENVIRON -unsigned char telopt_environ = TELOPT_NEW_ENVIRON; -#else # define telopt_environ TELOPT_NEW_ENVIRON -#endif jmp_buf toplevel = { 0 }; jmp_buf peerdied; @@ -146,10 +136,7 @@ init_telnet() SB_CLEAR(); memset((char *)options, 0, sizeof options); - connected = In3270 = ISend = localflow = donebinarytoggle = 0; -#if defined(AUTHENTICATION) || defined(ENCRYPTION) - auth_encrypt_connect(connected); -#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */ + connected = ISend = localflow = donebinarytoggle = 0; restartany = -1; SYNCHing = 0; @@ -257,41 +244,11 @@ willoption(option) switch (option) { case TELOPT_ECHO: -# if defined(TN3270) - /* - * The following is a pain in the rear-end. - * Various IBM servers (some versions of Wiscnet, - * possibly Fibronics/Spartacus, and who knows who - * else) will NOT allow us to send "DO SGA" too early - * in the setup proceedings. On the other hand, - * 4.2 servers (telnetd) won't set SGA correctly. - * So, we are stuck. Empirically (but, based on - * a VERY small sample), the IBM servers don't send - * out anything about ECHO, so we postpone our sending - * "DO SGA" until we see "WILL ECHO" (which 4.2 servers - * DO send). - */ - { - if (askedSGA == 0) { - askedSGA = 1; - if (my_want_state_is_dont(TELOPT_SGA)) - send_do(TELOPT_SGA, 1); - } - } - /* Fall through */ - case TELOPT_EOR: -#endif /* defined(TN3270) */ case TELOPT_BINARY: case TELOPT_SGA: settimer(modenegotiated); /* FALL THROUGH */ case TELOPT_STATUS: -#if defined(AUTHENTICATION) - case TELOPT_AUTHENTICATION: -#endif -#if defined(ENCRYPTION) - case TELOPT_ENCRYPT: -#endif new_state_ok = 1; break; @@ -321,10 +278,6 @@ willoption(option) } } set_my_state_do(option); -#if defined(ENCRYPTION) - if (option == TELOPT_ENCRYPT) - encrypt_send_support(); -#endif } @@ -359,11 +312,6 @@ wontoption(option) set_my_state_dont(option); return; /* Never reply to TM will's/wont's */ -#ifdef ENCRYPTION - case TELOPT_ENCRYPT: - encrypt_not(); - break; -#endif default: break; } @@ -409,42 +357,19 @@ dooption(option) set_my_state_wont(TELOPT_TM); return; -# if defined(TN3270) - case TELOPT_EOR: /* end of record */ -# endif /* defined(TN3270) */ case TELOPT_BINARY: /* binary mode */ case TELOPT_NAWS: /* window size */ case TELOPT_TSPEED: /* terminal speed */ case TELOPT_LFLOW: /* local flow control */ case TELOPT_TTYPE: /* terminal type option */ case TELOPT_SGA: /* no big deal */ -#if defined(ENCRYPTION) - case TELOPT_ENCRYPT: /* encryption variable option */ -#endif new_state_ok = 1; break; case TELOPT_NEW_ENVIRON: /* New environment variable option */ -#ifdef OLD_ENVIRON - if (my_state_is_will(TELOPT_OLD_ENVIRON)) - send_wont(TELOPT_OLD_ENVIRON, 1); /* turn off the old */ - goto env_common; - case TELOPT_OLD_ENVIRON: /* Old environment variable option */ - if (my_state_is_will(TELOPT_NEW_ENVIRON)) - break; /* Don't enable if new one is in use! */ - env_common: - telopt_environ = option; -#endif new_state_ok = 1; break; -#if defined(AUTHENTICATION) - case TELOPT_AUTHENTICATION: - if (autologin) - new_state_ok = 1; - break; -#endif - case TELOPT_XDISPLOC: /* X Display location */ if (env_getvalue((unsigned char *)"DISPLAY", 0)) new_state_ok = 1; @@ -511,16 +436,6 @@ dontoption(option) case TELOPT_LINEMODE: linemode = 0; /* put us back to the default state */ break; -#ifdef OLD_ENVIRON - case TELOPT_NEW_ENVIRON: - /* - * The new environ option wasn't recognized, try - * the old one. - */ - send_will(TELOPT_OLD_ENVIRON, 1); - telopt_environ = TELOPT_OLD_ENVIRON; - break; -#endif } /* we always accept a DONT */ set_my_want_state_wont(option); @@ -730,11 +645,6 @@ suboption() unsigned char temp[50]; int len; -#if defined(TN3270) - if (tn3270_ttype()) { - return; - } -#endif /* defined(TN3270) */ name = gettermname(); len = strlen(name) + 4 + 2; if (len < NETROOM()) { @@ -827,9 +737,6 @@ suboption() } break; -#ifdef OLD_ENVIRON - case TELOPT_OLD_ENVIRON: -#endif case TELOPT_NEW_ENVIRON: if (SB_EOF()) return; @@ -880,98 +787,6 @@ suboption() } break; -#if defined(AUTHENTICATION) - case TELOPT_AUTHENTICATION: { - if (!autologin) - break; - if (SB_EOF()) - return; - switch(SB_GET()) { - case TELQUAL_IS: - if (my_want_state_is_dont(TELOPT_AUTHENTICATION)) - return; - auth_is(subpointer, SB_LEN()); - break; - case TELQUAL_SEND: - if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) - return; - auth_send(subpointer, SB_LEN()); - break; - case TELQUAL_REPLY: - if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) - return; - auth_reply(subpointer, SB_LEN()); - break; - case TELQUAL_NAME: - if (my_want_state_is_dont(TELOPT_AUTHENTICATION)) - return; - auth_name(subpointer, SB_LEN()); - break; - } - } - break; -#endif -#if defined(ENCRYPTION) - case TELOPT_ENCRYPT: - if (SB_EOF()) - return; - switch(SB_GET()) { - case ENCRYPT_START: - if (my_want_state_is_dont(TELOPT_ENCRYPT)) - return; - encrypt_start(subpointer, SB_LEN()); - break; - case ENCRYPT_END: - if (my_want_state_is_dont(TELOPT_ENCRYPT)) - return; - encrypt_end(); - break; - case ENCRYPT_SUPPORT: - if (my_want_state_is_wont(TELOPT_ENCRYPT)) - return; - encrypt_support(subpointer, SB_LEN()); - break; - case ENCRYPT_REQSTART: - if (my_want_state_is_wont(TELOPT_ENCRYPT)) - return; - encrypt_request_start(subpointer, SB_LEN()); - break; - case ENCRYPT_REQEND: - if (my_want_state_is_wont(TELOPT_ENCRYPT)) - return; - /* - * We can always send an REQEND so that we cannot - * get stuck encrypting. We should only get this - * if we have been able to get in the correct mode - * anyhow. - */ - encrypt_request_end(); - break; - case ENCRYPT_IS: - if (my_want_state_is_dont(TELOPT_ENCRYPT)) - return; - encrypt_is(subpointer, SB_LEN()); - break; - case ENCRYPT_REPLY: - if (my_want_state_is_wont(TELOPT_ENCRYPT)) - return; - encrypt_reply(subpointer, SB_LEN()); - break; - case ENCRYPT_ENC_KEYID: - if (my_want_state_is_dont(TELOPT_ENCRYPT)) - return; - encrypt_enc_keyid(subpointer, SB_LEN()); - break; - case ENCRYPT_DEC_KEYID: - if (my_want_state_is_wont(TELOPT_ENCRYPT)) - return; - encrypt_dec_keyid(subpointer, SB_LEN()); - break; - default: - break; - } - break; -#endif default: break; } @@ -1135,27 +950,17 @@ slc_init() /* No EOR */ initfunc(SLC_ABORT, SLC_FLUSHIN|SLC_FLUSHOUT); initfunc(SLC_EOF, 0); -#ifndef SYSV_TERMIO initfunc(SLC_SUSP, SLC_FLUSHIN); -#endif initfunc(SLC_EC, 0); initfunc(SLC_EL, 0); -#ifndef SYSV_TERMIO initfunc(SLC_EW, 0); initfunc(SLC_RP, 0); initfunc(SLC_LNEXT, 0); -#endif initfunc(SLC_XON, 0); initfunc(SLC_XOFF, 0); -#ifdef SYSV_TERMIO - spc_data[SLC_XON].mylevel = SLC_CANTCHANGE; - spc_data[SLC_XOFF].mylevel = SLC_CANTCHANGE; -#endif initfunc(SLC_FORW1, 0); -#ifdef USE_TERMIO initfunc(SLC_FORW2, 0); /* No FORW2 */ -#endif initfunc(SLC_IP, SLC_FLUSHIN|SLC_FLUSHOUT); #undef initfunc @@ -1410,26 +1215,6 @@ slc_update() return(need_update); } -#ifdef OLD_ENVIRON -# ifdef ENV_HACK -/* - * Earlier version of telnet/telnetd from the BSD code had - * the definitions of VALUE and VAR reversed. To ensure - * maximum interoperability, we assume that the server is - * an older BSD server, until proven otherwise. The newer - * BSD servers should be able to handle either definition, - * so it is better to use the wrong values if we don't - * know what type of server it is. - */ -int env_auto = 1; -int old_env_var = OLD_ENV_VAR; -int old_env_value = OLD_ENV_VALUE; -# else -# define old_env_var OLD_ENV_VAR -# define old_env_value OLD_ENV_VALUE -# endif -#endif - void env_opt(buf, len) unsigned char *buf; @@ -1445,27 +1230,7 @@ env_opt(buf, len) env_opt_add(NULL); } else for (i = 1; i < len; i++) { switch (buf[i]&0xff) { -#ifdef OLD_ENVIRON - case OLD_ENV_VAR: -# ifdef ENV_HACK - if (telopt_environ == TELOPT_OLD_ENVIRON - && env_auto) { - /* Server has the same definitions */ - old_env_var = OLD_ENV_VAR; - old_env_value = OLD_ENV_VALUE; - } - /* FALL THROUGH */ -# endif - case OLD_ENV_VALUE: - /* - * Although OLD_ENV_VALUE is not legal, we will - * still recognize it, just in case it is an - * old server that has VAR & VALUE mixed up... - */ - /* FALL THROUGH */ -#else case NEW_ENV_VAR: -#endif case ENV_USERVAR: if (ep) { *epc = 0; @@ -1585,11 +1350,6 @@ env_opt_add(ep) opt_reply = p; } if (opt_welldefined((char *)ep)) -#ifdef OLD_ENVIRON - if (telopt_environ == TELOPT_OLD_ENVIRON) - opt_add(old_env_var); - else -#endif opt_add(NEW_ENV_VAR); else opt_add(ENV_USERVAR); @@ -1610,11 +1370,6 @@ env_opt_add(ep) opt_add(c); } if ((ep = vp)) { -#ifdef OLD_ENVIRON - if (telopt_environ == TELOPT_OLD_ENVIRON) - opt_add(old_env_value); - else -#endif opt_add(NEW_ENV_VALUE); vp = NULL; } else @@ -1686,10 +1441,6 @@ telrcv() } c = *sbp++ & 0xff, scc--; count++; -#if defined(ENCRYPTION) - if (decrypt_input) - c = (*decrypt_input)(c); -#endif switch (telrcv_state) { @@ -1709,19 +1460,6 @@ telrcv() telrcv_state = TS_IAC; break; } -# if defined(TN3270) - if (In3270) { - *Ifrontp++ = c; - while (scc > 0) { - c = *sbp++ & 0377, scc--; count++; - if (c == IAC) { - telrcv_state = TS_IAC; - break; - } - *Ifrontp++ = c; - } - } else -# endif /* defined(TN3270) */ /* * The 'crmod' hack (see following) is needed * since we can't set CRMOD on output only. @@ -1732,10 +1470,6 @@ telrcv() if ((c == '\r') && my_want_state_is_dont(TELOPT_BINARY)) { if (scc > 0) { c = *sbp&0xff; -#if defined(ENCRYPTION) - if (decrypt_input) - c = (*decrypt_input)(c); -#endif if (c == 0) { sbp++, scc--; count++; /* a "true" CR */ @@ -1745,10 +1479,6 @@ telrcv() sbp++, scc--; count++; TTYADD('\n'); } else { -#if defined(ENCRYPTION) - if (decrypt_input) - (*decrypt_input)(-1); -#endif TTYADD('\r'); if (crmod) { TTYADD('\n'); @@ -1796,7 +1526,6 @@ process_iac: SYNCHing = 1; (void) ttyflush(1); SYNCHing = stilloob(); - settimer(gotDM); break; case SB: @@ -1804,31 +1533,8 @@ process_iac: telrcv_state = TS_SB; continue; -# if defined(TN3270) - case EOR: - if (In3270) { - if (Ibackp == Ifrontp) { - Ibackp = Ifrontp = Ibuf; - ISend = 0; /* should have been! */ - } else { - Ibackp += DataFromNetwork(Ibackp, Ifrontp-Ibackp, 1); - ISend = 1; - } - } - printoption("RCVD", IAC, EOR); - break; -# endif /* defined(TN3270) */ - case IAC: -# if !defined(TN3270) TTYADD(IAC); -# else /* !defined(TN3270) */ - if (In3270) { - *Ifrontp++ = IAC; - } else { - TTYADD(IAC); - } -# endif /* !defined(TN3270) */ break; case NOP: @@ -1843,21 +1549,18 @@ process_iac: case TS_WILL: printoption("RCVD", WILL, c); willoption(c); - SetIn3270(); telrcv_state = TS_DATA; continue; case TS_WONT: printoption("RCVD", WONT, c); wontoption(c); - SetIn3270(); telrcv_state = TS_DATA; continue; case TS_DO: printoption("RCVD", DO, c); dooption(c); - SetIn3270(); if (c == TELOPT_NAWS) { sendnaws(); } else if (c == TELOPT_LFLOW) { @@ -1873,7 +1576,6 @@ process_iac: dontoption(c); flushline = 1; setconnmode(0); /* set new tty mode (maybe) */ - SetIn3270(); telrcv_state = TS_DATA; continue; @@ -1907,7 +1609,6 @@ process_iac: printoption("In SUBOPTION processing, RCVD", IAC, c); suboption(); /* handle sub-option */ - SetIn3270(); telrcv_state = TS_IAC; goto process_iac; } @@ -1919,7 +1620,6 @@ process_iac: subpointer -= 2; SB_TERM(); suboption(); /* handle sub-option */ - SetIn3270(); telrcv_state = TS_DATA; } } @@ -2118,17 +1818,9 @@ Scheduler(block) my_want_state_is_will(TELOPT_BINARY)); ttyout = ring_full_count(&ttyoring); -#if defined(TN3270) - ttyin = ring_empty_count(&ttyiring) && (clienteof == 0) && (shell_active == 0); -#else /* defined(TN3270) */ ttyin = ring_empty_count(&ttyiring) && (clienteof == 0); -#endif /* defined(TN3270) */ -#if defined(TN3270) - netin = ring_empty_count(&netiring); -# else /* !defined(TN3270) */ netin = !ISend && ring_empty_count(&netiring); -# endif /* !defined(TN3270) */ netex = !SYNCHing; @@ -2138,13 +1830,6 @@ Scheduler(block) ttyin = ttyout = 0; } -# if defined(TN3270) && defined(unix) - if (HaveInput) { - HaveInput = 0; - (void) signal(SIGIO, inputAvailable); - } -#endif /* defined(TN3270) && defined(unix) */ - /* Call to system code to process rings */ returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block); @@ -2152,30 +1837,11 @@ Scheduler(block) /* Now, look at the input rings, looking for work to do. */ if (ring_full_count(&ttyiring)) { -# if defined(TN3270) - if (In3270) { - int c; - - c = DataFromTerminal(ttyiring.consume, - ring_full_consecutive(&ttyiring)); - if (c) { - returnValue = 1; - ring_consumed(&ttyiring, c); - } - } else { -# endif /* defined(TN3270) */ - returnValue |= telsnd(); -# if defined(TN3270) - } -# endif /* defined(TN3270) */ + returnValue |= telsnd(); } if (ring_full_count(&netiring)) { -# if !defined(TN3270) returnValue |= telrcv(); -# else /* !defined(TN3270) */ - returnValue = Push3270(); -# endif /* !defined(TN3270) */ } return returnValue; } @@ -2189,28 +1855,7 @@ telnet(user) { sys_telnet_init(); -#if defined(AUTHENTICATION) || defined(ENCRYPTION) - { - static char local_host[256] = { 0 }; - - if (!local_host[0]) { - gethostname(local_host, sizeof(local_host)); - local_host[sizeof(local_host)-1] = 0; - } - auth_encrypt_init(local_host, hostname, "TELNET", 0); - auth_encrypt_user(user); - } -#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */ -# if !defined(TN3270) if (telnetport) { -#if defined(AUTHENTICATION) - if (autologin) - send_will(TELOPT_AUTHENTICATION, 1); -#endif -#if defined(ENCRYPTION) - send_do(TELOPT_ENCRYPT, 1); - send_will(TELOPT_ENCRYPT, 1); -#endif send_do(TELOPT_SGA, 1); send_will(TELOPT_TTYPE, 1); send_will(TELOPT_NAWS, 1); @@ -2224,72 +1869,7 @@ telnet(user) if (binary) tel_enter_binary(binary); } -# endif /* !defined(TN3270) */ - -#ifdef ENCRYPTION - /* - * Note: we assume a tie to the authentication option here. This - * is necessary so that authentication fails, we don't spin - * forever. - */ - if (wantencryption) { - extern int auth_has_failed; - time_t timeout = time(0) + 60; - int printed_encrypt = 0; - - send_do(TELOPT_ENCRYPT, 1); - send_will(TELOPT_ENCRYPT, 1); - while (1) { - if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) { - if (wantencryption == -1) { - break; - } else { - printf("\nServer refused to negotiate authentication,"); - printf(" which is required for encryption.\n"); - Exit(1); - } - } - if (auth_has_failed) { - printf("\nAuthentication negotiation has failed,"); - printf(" which is required for encryption.\n"); - Exit(1); - } - if (my_want_state_is_dont(TELOPT_ENCRYPT) || - my_want_state_is_wont(TELOPT_ENCRYPT)) { - printf("\nServer refused to negotiate encryption.\n"); - Exit(1); - } - if (encrypt_is_encrypting()) - break; - if (time(0) > timeout) { - printf("\nEncryption could not be enabled.\n"); - Exit(1); - } - if (printed_encrypt == 0) { - printed_encrypt = 1; - printf("Waiting for encryption to be negotiated...\n"); - /* - * Turn on MODE_TRAPSIG and then turn off localchars - * so that ^C will cause telnet to exit. - */ - TerminalNewMode(getconnmode()|MODE_TRAPSIG); - intr_waiting = 1; - } - if (intr_happened) { - printf("\nUser interrupt.\n"); - Exit(1); - } - telnet_spin(); - } - if (printed_encrypt) { - printf("Encryption negotiated.\n"); - intr_waiting = 0; - setconnmode(0); - } - } -#endif - -# if !defined(TN3270) + for (;;) { int schedValue; @@ -2305,45 +1885,6 @@ telnet(user) return; } } -# else /* !defined(TN3270) */ - for (;;) { - int schedValue; - - while (!In3270 && !shell_active) { - if (Scheduler(1) == -1) { - setcommandmode(); - return; - } - } - - while ((schedValue = Scheduler(0)) != 0) { - if (schedValue == -1) { - setcommandmode(); - return; - } - } - /* If there is data waiting to go out to terminal, don't - * schedule any more data for the terminal. - */ - if (ring_full_count(&ttyoring)) { - schedValue = 1; - } else { - if (shell_active) { - if (shell_continue() == 0) { - ConnectScreen(); - } - } else if (In3270) { - schedValue = DoTerminalOutput(); - } - } - if (schedValue && (shell_active == 0)) { - if (Scheduler(1) == -1) { - setcommandmode(); - return; - } - } - } -# endif /* !defined(TN3270) */ } #if 0 /* XXX - this not being in is a bug */ diff --git a/usr.bin/telnet/telnet_locl.h b/usr.bin/telnet/telnet_locl.h index c51f0075005..cb8649d4cff 100644 --- a/usr.bin/telnet/telnet_locl.h +++ b/usr.bin/telnet/telnet_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: telnet_locl.h,v 1.4 2013/04/21 09:51:24 millert Exp $ */ +/* $OpenBSD: telnet_locl.h,v 1.5 2014/07/19 23:50:38 guenther Exp $ */ /* $KTH: telnet_locl.h,v 1.13 1997/11/03 21:37:55 assar Exp $ */ /* @@ -72,19 +72,9 @@ #include <arpa/telnet.h> -#if defined(AUTHENTICATION) || defined(ENCRYPTION) -#include <auth.h> -#include <encrypt.h> -#endif -#include <misc.h> -#include <misc-proto.h> - -#define LINEMODE - #include "ring.h" #include "externs.h" #include "defines.h" -#include "types.h" /* prototypes */ diff --git a/usr.bin/telnet/terminal.c b/usr.bin/telnet/terminal.c index a32973416d1..f6a4033ec17 100644 --- a/usr.bin/telnet/terminal.c +++ b/usr.bin/telnet/terminal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: terminal.c,v 1.6 2003/06/03 02:56:18 millert Exp $ */ +/* $OpenBSD: terminal.c,v 1.7 2014/07/19 23:50:38 guenther Exp $ */ /* $NetBSD: terminal.c,v 1.5 1996/02/28 21:04:17 thorpej Exp $ */ /* @@ -37,7 +37,6 @@ unsigned char ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ]; int termdata; /* Debugging flag */ -#ifdef USE_TERMIO # ifndef VDISCARD cc_t termFlushChar; # endif @@ -68,10 +67,6 @@ cc_t termForw2Char; # ifndef VSTATUS cc_t termAytChar; # endif -#else -cc_t termForw2Char; -cc_t termAytChar; -#endif /* * initialize the terminal data structures. @@ -163,9 +158,6 @@ getconnmode() extern int kludgelinemode; #endif - if (In3270) - return(MODE_FLOW); - if (my_want_state_is_dont(TELOPT_ECHO)) mode |= MODE_ECHO; @@ -201,29 +193,10 @@ setconnmode(force) int force; { int newmode; -#ifdef ENCRYPTION - static int enc_passwd = 0; -#endif newmode = getconnmode()|(force?MODE_FORCE:0); TerminalNewMode(newmode); - -#ifdef ENCRYPTION - if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) { - if (my_want_state_is_will(TELOPT_ENCRYPT) - && (enc_passwd == 0) && !encrypt_output) { - encrypt_request_start(0, 0); - enc_passwd = 1; - } - } else { - if (enc_passwd) { - encrypt_request_end(); - enc_passwd = 0; - } - } -#endif - } diff --git a/usr.bin/telnet/tn3270.c b/usr.bin/telnet/tn3270.c deleted file mode 100644 index 40c1b62f939..00000000000 --- a/usr.bin/telnet/tn3270.c +++ /dev/null @@ -1,392 +0,0 @@ -/* $OpenBSD: tn3270.c,v 1.7 2013/04/21 09:51:24 millert Exp $ */ -/* $NetBSD: tn3270.c,v 1.5 1996/02/28 21:04:18 thorpej Exp $ */ - -/* - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "telnet_locl.h" - -#if defined(TN3270) - -#include "../ctlr/screen.h" -#include "../general/globals.h" - -#include "../sys_curses/telextrn.h" -#include "../ctlr/externs.h" - -#if defined(unix) -int - HaveInput, /* There is input available to scan */ - cursesdata, /* Do we dump curses data? */ - sigiocount; /* Number of times we got a SIGIO */ - -char tline[200]; -char *transcom = 0; /* transparent mode command (default: none) */ -#endif /* defined(unix) */ - -char Ibuf[8*BUFSIZ], *Ifrontp, *Ibackp; - -static char sb_terminal[] = { IAC, SB, - TELOPT_TTYPE, TELQUAL_IS, - 'I', 'B', 'M', '-', '3', '2', '7', '8', '-', '2', - IAC, SE }; -#define SBTERMMODEL 13 - -static int - Sent3270TerminalType; /* Have we said we are a 3270? */ - -#endif /* defined(TN3270) */ - - - void -init_3270() -{ -#if defined(TN3270) -#if defined(unix) - HaveInput = 0; - sigiocount = 0; -#endif /* defined(unix) */ - Sent3270TerminalType = 0; - Ifrontp = Ibackp = Ibuf; - init_ctlr(); /* Initialize some things */ - init_keyboard(); - init_screen(); - init_system(); -#endif /* defined(TN3270) */ -} - - -#if defined(TN3270) - -/* - * DataToNetwork - queue up some data to go to network. If "done" is set, - * then when last byte is queued, we add on an IAC EOR sequence (so, - * don't call us with "done" until you want that done...) - * - * We actually do send all the data to the network buffer, since our - * only client needs for us to do that. - */ - - int -DataToNetwork(buffer, count, done) - char *buffer; /* where the data is */ - int count; /* how much to send */ - int done; /* is this the last of a logical block */ -{ - int loop, c; - int origCount; - - origCount = count; - - while (count) { - /* If not enough room for EORs, IACs, etc., wait */ - if (NETROOM() < 6) { - struct pollfd pfd[1]; - - netflush(); - while (NETROOM() < 6) { - pfd[0].fd = net; - pfd[0].events = POLLOUT; - (void) poll(pfd, 1, -1); - netflush(); - } - } - c = ring_empty_count(&netoring); - if (c > count) { - c = count; - } - loop = c; - while (loop) { - if (((unsigned char)*buffer) == IAC) { - break; - } - buffer++; - loop--; - } - if ((c = c-loop)) { - ring_supply_data(&netoring, buffer-c, c); - count -= c; - } - if (loop) { - NET2ADD(IAC, IAC); - count--; - buffer++; - } - } - - if (done) { - NET2ADD(IAC, EOR); - netflush(); /* try to move along as quickly as ... */ - } - return(origCount - count); -} - - -#if defined(unix) - void -inputAvailable(signo) - int signo; -{ - HaveInput = 1; - sigiocount++; -} -#endif /* defined(unix) */ - - void -outputPurge() -{ - (void) ttyflush(1); -} - - -/* - * The following routines are places where the various tn3270 - * routines make calls into telnet.c. - */ - -/* - * DataToTerminal - queue up some data to go to terminal. - * - * Note: there are people who call us and depend on our processing - * *all* the data at one time (thus the poll). - */ - - int -DataToTerminal(buffer, count) - char *buffer; /* where the data is */ - int count; /* how much to send */ -{ - int c; - int origCount; - - origCount = count; - - while (count) { - if (TTYROOM() == 0) { - struct pollfd pfd[1]; - - (void) ttyflush(0); - while (TTYROOM() == 0) { - pfd[0].fd = tout; - pfd[0].events = POLLOUT; - (void) poll(pfd, 1, -1); - (void) ttyflush(0); - } - } - c = TTYROOM(); - if (c > count) { - c = count; - } - ring_supply_data(&ttyoring, buffer, c); - count -= c; - buffer += c; - } - return(origCount); -} - - -/* - * Push3270 - Try to send data along the 3270 output (to screen) direction. - */ - - int -Push3270() -{ - int save = ring_full_count(&netiring); - - if (save) { - if (Ifrontp+save > Ibuf+sizeof Ibuf) { - if (Ibackp != Ibuf) { - memmove(Ibuf, Ibackp, Ifrontp-Ibackp); - Ifrontp -= (Ibackp-Ibuf); - Ibackp = Ibuf; - } - } - if (Ifrontp+save < Ibuf+sizeof Ibuf) { - (void)telrcv(); - } - } - return save != ring_full_count(&netiring); -} - - -/* - * Finish3270 - get the last dregs of 3270 data out to the terminal - * before quitting. - */ - - void -Finish3270() -{ - while (Push3270() || !DoTerminalOutput()) { -#if defined(unix) - HaveInput = 0; -#endif /* defined(unix) */ - ; - } -} - - -/* StringToTerminal - output a null terminated string to the terminal */ - - void -StringToTerminal(s) - char *s; -{ - int count; - - count = strlen(s); - if (count) { - (void) DataToTerminal(s, count); /* we know it always goes... */ - } -} - - -#if ((!defined(NOT43)) || defined(PUTCHAR)) -/* _putchar - output a single character to the terminal. This name is so that - * curses(3x) can call us to send out data. - */ - - void -_putchar(c) - char c; -{ -#if defined(sun) /* SunOS 4.0 bug */ - c &= 0x7f; -#endif /* defined(sun) */ - if (cursesdata) { - Dump('>', &c, 1); - } - if (!TTYROOM()) { - (void) DataToTerminal(&c, 1); - } else { - TTYADD(c); - } -} -#endif /* ((!defined(NOT43)) || defined(PUTCHAR)) */ - - void -SetIn3270() -{ - if (Sent3270TerminalType && my_want_state_is_will(TELOPT_BINARY) - && my_want_state_is_do(TELOPT_BINARY) && !donebinarytoggle) { - if (!In3270) { - In3270 = 1; - Init3270(); /* Initialize 3270 functions */ - /* initialize terminal key mapping */ - InitTerminal(); /* Start terminal going */ - setconnmode(0); - } - } else { - if (In3270) { - StopScreen(1); - In3270 = 0; - Stop3270(); /* Tell 3270 we aren't here anymore */ - setconnmode(0); - } - } -} - -/* - * tn3270_ttype() - * - * Send a response to a terminal type negotiation. - * - * Return '0' if no more responses to send; '1' if a response sent. - */ - - int -tn3270_ttype() -{ - /* - * Try to send a 3270 type terminal name. Decide which one based - * on the format of our screen, and (in the future) color - * capaiblities. - */ - InitTerminal(); /* Sets MaxNumberColumns, MaxNumberLines */ - if ((MaxNumberLines >= 24) && (MaxNumberColumns >= 80)) { - Sent3270TerminalType = 1; - if ((MaxNumberLines >= 27) && (MaxNumberColumns >= 132)) { - MaxNumberLines = 27; - MaxNumberColumns = 132; - sb_terminal[SBTERMMODEL] = '5'; - } else if (MaxNumberLines >= 43) { - MaxNumberLines = 43; - MaxNumberColumns = 80; - sb_terminal[SBTERMMODEL] = '4'; - } else if (MaxNumberLines >= 32) { - MaxNumberLines = 32; - MaxNumberColumns = 80; - sb_terminal[SBTERMMODEL] = '3'; - } else { - MaxNumberLines = 24; - MaxNumberColumns = 80; - sb_terminal[SBTERMMODEL] = '2'; - } - NumberLines = 24; /* before we start out... */ - NumberColumns = 80; - ScreenSize = NumberLines*NumberColumns; - if ((MaxNumberLines*MaxNumberColumns) > MAXSCREENSIZE) { - ExitString("Programming error: MAXSCREENSIZE too small.\n", - 1); - /*NOTREACHED*/ - } - printsub('>', sb_terminal+2, sizeof sb_terminal-2); - ring_supply_data(&netoring, sb_terminal, sizeof sb_terminal); - return 1; - } else { - return 0; - } -} - -#if defined(unix) - int -settranscom(argc, argv) - int argc; - char *argv[]; -{ - int i; - - if (argc == 1 && transcom) { - transcom = 0; - } - if (argc == 1) { - return 1; - } - strlcpy(tline, argv[1], sizeof(tline)); - for (i = 2; i < argc; ++i) { - strlcat(tline, " ", sizeof(tline)); - strlcat(tline, argv[i], sizeof(tline)); - } - transcom = tline; - return 1; -} -#endif /* defined(unix) */ - -#endif /* defined(TN3270) */ diff --git a/usr.bin/telnet/types.h b/usr.bin/telnet/types.h deleted file mode 100644 index e2132653d7a..00000000000 --- a/usr.bin/telnet/types.h +++ /dev/null @@ -1,51 +0,0 @@ -/* $OpenBSD: types.h,v 1.3 2003/06/03 02:56:18 millert Exp $ */ -/* $NetBSD: types.h,v 1.5 1996/02/28 21:04:20 thorpej Exp $ */ - -/* - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * from: @(#)types.h 8.1 (Berkeley) 6/6/93 - */ - -typedef struct { - char *modedescriptions; - char modetype; -} Modelist; - -extern Modelist modelist[]; - -typedef struct { - int - system, /* what the current time is */ - echotoggle, /* last time user entered echo character */ - modenegotiated, /* last time operating mode negotiated */ - didnetreceive, /* last time we read data from network */ - gotDM; /* when did we last see a data mark */ -} Clocks; - -extern Clocks clocks; diff --git a/usr.bin/telnet/utilities.c b/usr.bin/telnet/utilities.c index c59dfccbc71..c6d42be20ab 100644 --- a/usr.bin/telnet/utilities.c +++ b/usr.bin/telnet/utilities.c @@ -1,4 +1,4 @@ -/* $OpenBSD: utilities.c,v 1.11 2013/04/21 09:51:24 millert Exp $ */ +/* $OpenBSD: utilities.c,v 1.12 2014/07/19 23:50:38 guenther Exp $ */ /* $NetBSD: utilities.c,v 1.5 1996/02/28 21:04:21 thorpej Exp $ */ /* @@ -60,29 +60,6 @@ upcase(argument) } /* - * SetSockOpt() - * - * Compensate for differences in 4.2 and 4.3 systems. - */ - - int -SetSockOpt(fd, level, option, yesno) - int fd, level, option, yesno; -{ -#ifndef NOT43 - return setsockopt(fd, level, option, - (void *)&yesno, sizeof yesno); -#else /* NOT43 */ - if (yesno == 0) { /* Can't do that in 4.2! */ - fprintf(stderr, "Error: attempt to turn off an option 0x%x.\n", - option); - return -1; - } - return setsockopt(fd, level, option, 0, 0); -#endif /* NOT43 */ -} - -/* * The following are routines used to print out debugging information. */ @@ -277,9 +254,6 @@ printsub(direction, pointer, length) int length; /* length of suboption data */ { int i; -#if defined(AUTHENTICATION) || defined(ENCRYPTION) - char buf[512]; -#endif extern int want_status_response; if (showoptions || direction == 0 || @@ -402,145 +376,6 @@ printsub(direction, pointer, length) fprintf(NetTrace, " ?%d?", pointer[i]); break; -#if defined(AUTHENTICATION) - case TELOPT_AUTHENTICATION: - fprintf(NetTrace, "AUTHENTICATION"); - if (length < 2) { - fprintf(NetTrace, " (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case TELQUAL_REPLY: - case TELQUAL_IS: - fprintf(NetTrace, " %s ", (pointer[1] == TELQUAL_IS) ? - "IS" : "REPLY"); - if (AUTHTYPE_NAME_OK(pointer[2])) - fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[2])); - else - fprintf(NetTrace, "%d ", pointer[2]); - if (length < 3) { - fprintf(NetTrace, "(partial suboption??\?)"); - break; - } - fprintf(NetTrace, "%s|%s", - ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? - "CLIENT" : "SERVER", - ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? - "MUTUAL" : "ONE-WAY"); - - auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); - fprintf(NetTrace, "%s", buf); - break; - - case TELQUAL_SEND: - i = 2; - fprintf(NetTrace, " SEND "); - while (i < length) { - if (AUTHTYPE_NAME_OK(pointer[i])) - fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[i])); - else - fprintf(NetTrace, "%d ", pointer[i]); - if (++i >= length) { - fprintf(NetTrace, "(partial suboption??\?)"); - break; - } - fprintf(NetTrace, "%s|%s ", - ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? - "CLIENT" : "SERVER", - ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? - "MUTUAL" : "ONE-WAY"); - ++i; - } - break; - - case TELQUAL_NAME: - i = 2; - fprintf(NetTrace, " NAME \""); - while (i < length) - putc(pointer[i++], NetTrace); - putc('"', NetTrace); - break; - - default: - for (i = 2; i < length; i++) - fprintf(NetTrace, " ?%d?", pointer[i]); - break; - } - break; -#endif - -#if defined(ENCRYPTION) - case TELOPT_ENCRYPT: - fprintf(NetTrace, "ENCRYPT"); - if (length < 2) { - fprintf(NetTrace, " (empty suboption?)"); - break; - } - switch (pointer[1]) { - case ENCRYPT_START: - fprintf(NetTrace, " START"); - break; - - case ENCRYPT_END: - fprintf(NetTrace, " END"); - break; - - case ENCRYPT_REQSTART: - fprintf(NetTrace, " REQUEST-START"); - break; - - case ENCRYPT_REQEND: - fprintf(NetTrace, " REQUEST-END"); - break; - - case ENCRYPT_IS: - case ENCRYPT_REPLY: - fprintf(NetTrace, " %s ", (pointer[1] == ENCRYPT_IS) ? - "IS" : "REPLY"); - if (length < 3) { - fprintf(NetTrace, " (partial suboption?)"); - break; - } - if (ENCTYPE_NAME_OK(pointer[2])) - fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[2])); - else - fprintf(NetTrace, " %d (unknown)", pointer[2]); - - encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf)); - fprintf(NetTrace, "%s", buf); - break; - - case ENCRYPT_SUPPORT: - i = 2; - fprintf(NetTrace, " SUPPORT "); - while (i < length) { - if (ENCTYPE_NAME_OK(pointer[i])) - fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[i])); - else - fprintf(NetTrace, "%d ", pointer[i]); - i++; - } - break; - - case ENCRYPT_ENC_KEYID: - fprintf(NetTrace, " ENC_KEYID "); - goto encommon; - - case ENCRYPT_DEC_KEYID: - fprintf(NetTrace, " DEC_KEYID "); - goto encommon; - - default: - fprintf(NetTrace, " %d (unknown)", pointer[1]); - encommon: - for (i = 2; i < length; i++) - fprintf(NetTrace, " %d", pointer[i]); - break; - } - break; -#endif - - case TELOPT_LINEMODE: fprintf(NetTrace, "LINEMODE "); if (length < 2) { @@ -738,12 +573,6 @@ printsub(direction, pointer, length) case TELOPT_NEW_ENVIRON: fprintf(NetTrace, "NEW-ENVIRON "); -#ifdef OLD_ENVIRON - goto env_common1; - case TELOPT_OLD_ENVIRON: - fprintf(NetTrace, "OLD-ENVIRON"); - env_common1: -#endif switch (pointer[1]) { case TELQUAL_IS: fprintf(NetTrace, "IS "); @@ -756,39 +585,14 @@ printsub(direction, pointer, length) env_common: { int noquote = 2; -#if defined(ENV_HACK) && defined(OLD_ENVIRON) - extern int old_env_var, old_env_value; -#endif for (i = 2; i < length; i++ ) { switch (pointer[i]) { case NEW_ENV_VALUE: -#ifdef OLD_ENVIRON - /* case NEW_ENV_OVAR: */ - if (pointer[0] == TELOPT_OLD_ENVIRON) { -# ifdef ENV_HACK - if (old_env_var == OLD_ENV_VALUE) - fprintf(NetTrace, "\" (VALUE) " + noquote); - else -# endif - fprintf(NetTrace, "\" VAR " + noquote); - } else -#endif /* OLD_ENVIRON */ fprintf(NetTrace, "\" VALUE " + noquote); noquote = 2; break; case NEW_ENV_VAR: -#ifdef OLD_ENVIRON - /* case OLD_ENV_VALUE: */ - if (pointer[0] == TELOPT_OLD_ENVIRON) { -# ifdef ENV_HACK - if (old_env_value == OLD_ENV_VAR) - fprintf(NetTrace, "\" (VAR) " + noquote); - else -# endif - fprintf(NetTrace, "\" VALUE " + noquote); - } else -#endif /* OLD_ENVIRON */ fprintf(NetTrace, "\" VAR " + noquote); noquote = 2; break; @@ -872,24 +676,13 @@ EmptyTerminal() SetForExit() { setconnmode(0); -#if defined(TN3270) - if (In3270) { - Finish3270(); - } -#else /* defined(TN3270) */ do { (void)telrcv(); /* Process any incoming data */ EmptyTerminal(); } while (ring_full_count(&netiring)); /* While there is any */ -#endif /* defined(TN3270) */ setcommandmode(); fflush(stdout); fflush(stderr); -#if defined(TN3270) - if (In3270) { - StopScreen(1); - } -#endif /* defined(TN3270) */ setconnmode(0); EmptyTerminal(); /* Flush the path to the tty */ setcommandmode(); |