diff -urN telnet-3.0.orig/Makefile telnet-3.0-owl-linux/Makefile --- telnet-3.0.orig/Makefile Thu Jan 1 03:00:00 1970 +++ telnet-3.0-owl-linux/Makefile Wed Nov 21 05:29:38 2001 @@ -0,0 +1,4 @@ +all clean: + $(MAKE) -C lib/libtelnet $@ + $(MAKE) -C libexec/telnetd $@ + $(MAKE) -C usr.bin/telnet $@ diff -urN telnet-3.0.orig/lib/libtelnet/Makefile telnet-3.0-owl-linux/lib/libtelnet/Makefile --- telnet-3.0.orig/lib/libtelnet/Makefile Thu Jun 28 18:22:16 2001 +++ telnet-3.0-owl-linux/lib/libtelnet/Makefile Wed Nov 21 05:29:38 2001 @@ -2,21 +2,26 @@ # $OpenBSD: Makefile,v 1.6 2001/06/28 14:22:16 hin Exp $ # $NetBSD: Makefile,v 1.6 1996/02/24 01:15:15 jtk Exp $ +CC = gcc +AR = ar -cr +RANLIB = ranlib +RM = rm -f +ifndef CFLAGS +CFLAGS = -c -O2 -fomit-frame-pointer +endif +CFLAGS += -Wall -Dlint + LIB= telnet SRCS= auth.c encrypt.c genget.c getent.c misc.c -CFLAGS+= -DHAS_CGETENT -Wall -Wno-unused - -.include # for KERBEROS +all: lib$(LIB).a -.if (${KERBEROS:L} == "yes") -CFLAGS+= -DKRB4 -DAUTHENTICATION -DENCRYPTION -DDES_ENCRYPTION -SRCS+= kerberos.c enc_des.c -.endif +lib$(LIB).a: $(SRCS:.c=.o) + $(AR) $@ $+ + $(RANLIB) $@ -.if (${KERBEROS5:L} == "yes") -CFLAGS+= -DKRB5 -DAUTHENTICATION -DENCRYPTION -DDES_ENCRYPTION -SRCS+= kerberos5.c -.endif +.c.o: + $(CC) $(CFLAGS) $< -o $@ -.include +clean: + $(RM) lib$(LIB).a $(SRCS:.c=.o) diff -urN telnet-3.0.orig/lib/libtelnet/genget.c telnet-3.0-owl-linux/lib/libtelnet/genget.c --- telnet-3.0.orig/lib/libtelnet/genget.c Fri May 25 14:23:06 2001 +++ telnet-3.0-owl-linux/lib/libtelnet/genget.c Wed Nov 21 05:29:38 2001 @@ -44,7 +44,9 @@ #include #include "misc-proto.h" -#define LOWER(x) (isupper((int)x) ? tolower((int)x) : (x)) +#define LOWER(x) \ + (isupper((int)(unsigned char)(x)) ? \ + tolower((int)(unsigned char)(x)) : (x)) /* * The prefix function returns 0 if *s1 is not a prefix * of *s2. If *s1 exactly matches *s2, the negative of diff -urN telnet-3.0.orig/lib/libtelnet/getent.c telnet-3.0-owl-linux/lib/libtelnet/getent.c --- telnet-3.0.orig/lib/libtelnet/getent.c Wed Jul 29 00:11:15 1998 +++ telnet-3.0-owl-linux/lib/libtelnet/getent.c Wed Nov 21 05:29:38 2001 @@ -40,7 +40,9 @@ #include #include "misc-proto.h" +#ifdef HAVE_CGETENT static char *area; +#endif int gtgetent __P((char *, char *)); char *gtgetstr __P((char *, char **)); @@ -50,7 +52,7 @@ gtgetent(cp, name) char *cp, *name; { -#ifdef HAS_CGETENT +#ifdef HAVE_CGETENT char *dba[2]; dba[0] = "/etc/gettytab"; @@ -67,7 +69,7 @@ gtgetstr(id, cpp) char *id, **cpp; { -# ifdef HAS_CGETENT +# ifdef HAVE_CGETENT char *answer; return((cgetstr(area, id, &answer) > 0) ? answer : 0); # else diff -urN telnet-3.0.orig/libexec/telnetd/Makefile telnet-3.0-owl-linux/libexec/telnetd/Makefile --- telnet-3.0.orig/libexec/telnetd/Makefile Tue Sep 11 05:15:31 2001 +++ telnet-3.0-owl-linux/libexec/telnetd/Makefile Wed Nov 21 05:29:38 2001 @@ -2,26 +2,31 @@ # from: @(#)Makefile 8.2 (Berkeley) 12/15/93 # $NetBSD: Makefile,v 1.6 1996/02/24 01:22:12 jtk Exp $ +CC = gcc +LD = gcc +RM = rm -f +ifndef CFLAGS +CFLAGS = -c -O2 -fomit-frame-pointer +endif +CFLAGS += -I. -I../../lib +CFLAGS += -DLINEMODE -DKLUDGELINEMODE -DUSE_TERMIO -DDIAGNOSTICS +CFLAGS += -DOLD_ENVIRON -DENV_HACK +CFLAGS += -Wall +LDFLAGS = +LIBS = -L../../lib/libtelnet -ltelnet -lutil + PROG= telnetd -CFLAGS+=-DLINEMODE -DKLUDGELINEMODE -DUSE_TERMIO -DDIAGNOSTICS -CFLAGS+=-DOLD_ENVIRON -DENV_HACK -I${.CURDIR} -Wall -Werror SRCS= authenc.c global.c slc.c state.c sys_term.c telnetd.c \ termstat.c utility.c mini_inetd.c socket.c -DPADD= ${LIBUTIL} ${LIBCURSES} ${LIBTELNET} -LDADD+= -lutil -lcurses -ltelnet -MAN= telnetd.8 - -.include # for KERBEROS - -.if (${KERBEROS5:L} == "yes") -LDADD+= -lkrb5 -lasn1 -lcrypto -lcom_err -lkafs -.endif - -.if (${KERBEROS:L} == "yes") -CFLAGS+=-DENCRYPTION -DAUTHENTICATION -DKRB4 -I${.CURDIR}/../../lib -LDADD+= -lkrb -lcrypto -DPADD+= ${LIBDES} ${LIBKRB} -.endif -.include +all: $(PROG) + +$(PROG): $(SRCS:.c=.o) + $(LD) $(LDFLAGS) $+ $(LIBS) -o $@ + +.c.o: + $(CC) $(CFLAGS) $< -o $@ + +clean: + $(RM) $(PROG) $(SRCS:.c=.o) diff -urN telnet-3.0.orig/libexec/telnetd/ext.h telnet-3.0-owl-linux/libexec/telnetd/ext.h --- telnet-3.0.orig/libexec/telnetd/ext.h Sat Jun 30 01:30:55 2001 +++ telnet-3.0-owl-linux/libexec/telnetd/ext.h Wed Nov 21 05:29:38 2001 @@ -118,7 +118,13 @@ void tty_rspeed (int val); void getptyslave (void); int cleanopen (char *line); +#ifdef PARENT_DOES_UTMP void startslave (const char *host, const char *, int autologin, char *autoname); +void my_telnet (int f, int p, const char *, const char *, int, char *); +#else +void startslave (const char *host, int autologin, char *autoname); +void my_telnet (int f, int p, const char *, int, char *); +#endif void init_env (void); void start_login (const char *host, int autologin, char *name); void cleanup (int sig); @@ -126,7 +132,6 @@ int getterminaltype (char *name, size_t); void _gettermname (void); int terminaltypeok (char *s); -void my_telnet (int f, int p, const char*, const char *, int, char*); void interrupt (void); void sendbrk (void); void sendsusp (void); @@ -147,7 +152,7 @@ void edithost (char *pat, char *host); void putstr (char *s); void putchr (int cc); -void putf (char *cp, char *where); +void putf (char *cp, char *where, int size); void printoption (char *fmt, int option); void printsub (int direction, unsigned char *pointer, int length); void printdata (char *tag, char *ptr, int cnt); diff -urN telnet-3.0.orig/libexec/telnetd/global.c telnet-3.0-owl-linux/libexec/telnetd/global.c --- telnet-3.0.orig/libexec/telnetd/global.c Thu Jul 19 20:02:19 2001 +++ telnet-3.0-owl-linux/libexec/telnetd/global.c Sun Nov 25 04:44:42 2001 @@ -68,7 +68,7 @@ int pcc, ncc; -int ourpty, net; +int ourpty = -1, net = -1; int SYNCHing; /* we are in TELNET SYNCH mode */ /* diff -urN telnet-3.0.orig/libexec/telnetd/mini_inetd.c telnet-3.0-owl-linux/libexec/telnetd/mini_inetd.c --- telnet-3.0.orig/libexec/telnetd/mini_inetd.c Sat Jun 23 23:44:32 2001 +++ telnet-3.0-owl-linux/libexec/telnetd/mini_inetd.c Wed Nov 21 05:29:38 2001 @@ -39,6 +39,7 @@ #include "telnetd.h" #include +#include #ifndef max #define max(a,b) (((a)>(b))?(a):(b)) diff -urN telnet-3.0.orig/libexec/telnetd/state.c telnet-3.0-owl-linux/libexec/telnetd/state.c --- telnet-3.0.orig/libexec/telnetd/state.c Mon Jul 2 18:16:01 2001 +++ telnet-3.0-owl-linux/libexec/telnetd/state.c Sun Nov 25 04:20:14 2001 @@ -339,7 +339,7 @@ continue; default: - syslog(LOG_ERR, "telnetd: panic state=%d\n", state); + syslog(LOG_ERR, "telnetd: panic state=%d", state); printf("telnetd: panic state=%d\n", state); exit(1); } @@ -900,39 +900,79 @@ * if it does not end in =, all variables starting with this name * should be dropped. */ -char *badenv_table[] = { - "IFS=", - "LD_", - "_RLD_", - "SHLIB_PATH=", - "LIBPATH=", - "KRB", - "ENV=", - "BASH_ENV=", - NULL, +static char *badenv_table[] = { + /* OpenBSD */ + "IFS=", + "LD_", + "_RLD_", + "SHLIB_PATH=", + "LIBPATH=", + "KRB", + "ENV=", + "BASH_ENV=", + /* NetBSD */ + "TERMCAP=", + "TERMINFO=", + "TERMPATH=", + "HOME=", + "RESOLV_HOST_CONF=", + NULL +}; + +/* This list comes from Linux NetKit telnetd, version 0.17 */ +static char *goodenv_table[] = { + "TERM", + "DISPLAY", + "USER", + "LOGNAME", + "POSIXLY_CORRECT", + NULL }; -/* envvarok(char*) */ /* check that variable is safe to pass to login or shell */ static int -envvarok(varp) - char *varp; +envvarok(varp, valp) + char *varp, *valp; { - int i; - int len; + int i; + int len; + + if (strchr(varp, '=')) { + syslog(LOG_NOTICE, "Rejected attempt to set an " + "environment variable with '=' in its name"); + return (0); + } + + for (i = 0; badenv_table[i]; i++) { + len = strlen(badenv_table[i]); + if (badenv_table[i][len - 1] == '=' && + !strncmp(badenv_table[i], varp, len - 1) && + varp[len - 1] == '\0') { + syslog(LOG_NOTICE, "Rejected attempt to set the " + "environment variable \"%s\"", varp); + return (0); + } + if (!strncmp(badenv_table[i], varp, len)) { + syslog(LOG_NOTICE, "Rejected attempt to set an " + "environment variable starting with \"%s\"", + badenv_table[i]); + return (0); + } + } + + for (i = 0; goodenv_table[i]; i++) { + if (strcmp(goodenv_table[i], varp)) + continue; + if (strchr(valp, '/') || strlen(valp) >= 0x100) { + syslog(LOG_NOTICE, "Rejected attempt to set the " + "environment variable \"%s\" to an " + "invalid value", varp); + return (0); + } + return (1); + } - if (strchr(varp, '=')) - return (0); - for (i = 0; badenv_table[i]; i++) { - len = strlen(badenv_table[i]); - if (badenv_table[i][len-1] == '=' && - !strncmp(badenv_table[i], varp, len-1) && - varp[len-2] == '\0') - return (0); - if (!strncmp(badenv_table[i], varp, len-1)) - return (0); - } - return (1); + return (0); } /* @@ -1225,7 +1265,7 @@ case NEW_ENV_VAR: case ENV_USERVAR: *cp = '\0'; - if(envvarok(varp)) { + if (envvarok(varp, valp)) { if (valp) esetenv(varp, valp, 1); else @@ -1246,7 +1286,7 @@ } } *cp = '\0'; - if(envvarok(varp)) { + if (envvarok(varp, valp)) { if (valp) esetenv(varp, valp, 1); else diff -urN telnet-3.0.orig/libexec/telnetd/sys_term.c telnet-3.0-owl-linux/libexec/telnetd/sys_term.c --- telnet-3.0.orig/libexec/telnetd/sys_term.c Fri Nov 2 19:20:13 2001 +++ telnet-3.0-owl-linux/libexec/telnetd/sys_term.c Sun Nov 25 04:43:43 2001 @@ -35,10 +35,6 @@ /* RCSID("$KTH: sys_term.c,v 1.100 2001/04/24 23:11:43 assar Exp $"); */ -#if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H)) -# define PARENT_DOES_UTMP -#endif - #ifdef HAVE_UTMP_H #include #endif @@ -56,6 +52,7 @@ #ifdef HAVE_STRUCT_UTMP_UT_HOST int utmp_len = sizeof(wtmp.ut_host); #else +#include /* for MAXHOSTNAMELEN */ int utmp_len = MAXHOSTNAMELEN; #endif @@ -71,6 +68,7 @@ #define WTMP_FILE _PATH_WTMP #endif +#ifndef HAVE_LOGWTMP #ifndef PARENT_DOES_UTMP #ifdef WTMP_FILE char wtmpf[] = WTMP_FILE; @@ -85,6 +83,7 @@ char wtmpf[] = "/etc/wtmp"; #endif #endif /* PARENT_DOES_UTMP */ +#endif /* !HAVE_LOGWTMP */ #ifdef HAVE_TMPDIR_H #include @@ -143,6 +142,10 @@ #include #endif +#ifdef HAVE_OPENPTY +#include +#endif + # ifndef TCSANOW # ifdef TCSETS # define TCSANOW TCSETS @@ -392,13 +395,15 @@ return master; #else +#ifndef HAVE_OPENPTY int p; char *cp, *p1, *p2; int i; +#endif #if SunOS == 40 int dummy; #endif -#if 0 /* && defined(HAVE_OPENPTY) */ +#ifdef HAVE_OPENPTY int master; int slave; if(openpty(&master, &slave, line, 0, 0) == 0){ @@ -796,7 +801,7 @@ if(err == 1) break; if(err < 0 && errno != EINVAL) - fatalperror(net, "my_find()"); + fatalperror(-1, "my_find"); /* module not pushed or does not exist */ } /* p points to null or to an already pushed module, now push all @@ -805,7 +810,7 @@ for(p--; p >= modules; p--){ err = ioctl(fd, I_PUSH, *p); if(err < 0 && errno != EINVAL) - fatalperror(net, "I_PUSH"); + fatalperror(-1, "I_PUSH"); } } #endif @@ -840,8 +845,8 @@ */ #ifdef HAVE_SETSID - if(setsid()<0) - fatalperror(net, "setsid()"); + if (setsid() < 0) + fatalperror(-1, "setsid"); #else # ifdef TIOCNOTTY t = open(_PATH_TTY, O_RDWR); @@ -861,7 +866,7 @@ t = cleanopen(line); if (t < 0) - fatalperror(net, line); + fatalperror(-1, line); #ifdef STREAMSPTY ttyfd = t; @@ -942,7 +947,7 @@ */ set_termbuf(); if (login_tty(t) == -1) - fatalperror(net, "login_tty"); + fatalperror(-1, "login_tty"); if (net > 2) close(net); if (ourpty > 2) { @@ -1023,7 +1028,7 @@ { # if defined(TIOCSCTTY) && !defined(__hpux) if (ioctl(t, TIOCSCTTY, (char *)0) < 0) - fatalperror(net, "ioctl(sctty)"); + fatalperror(-1, "ioctl: TIOCSCTTY"); # ifdef _CRAY /* * Close the hard fd to /dev/ttypXXX, and re-open through @@ -1031,7 +1036,7 @@ */ close(t); if ((t = open("/dev/tty", O_RDWR)) < 0) - fatalperror(net, "open(/dev/tty)"); + fatalperror(-1, "open: /dev/tty"); # endif # else /* @@ -1061,6 +1066,10 @@ } #endif /* BSD <= 43 */ +#if defined(PARENT_DOES_UTMP) || \ + defined(HAVE_UTMPX_H) || \ + (!defined(HAVE_UTMPX_H) && !defined(__hpux) && !defined(HAVE_LOGWTMP)) || \ + (!defined(HAVE_UTMPX_H) && defined(__hpux)) /* * This comes from ../../bsd/tty.c and should not really be here. */ @@ -1076,12 +1085,17 @@ if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0) res += strlen(_PATH_DEV); +#if 0 + if (strncmp (res, "pts/", 4) == 0) + res += 4; if (strncmp (res, "pty/", 4) == 0) res += 4; if (strncmp (res, "ptym/", 5) == 0) res += 5; +#endif return res; } +#endif /* * Generate a name usable as an `ut_id', typically without `tty'. @@ -1110,7 +1124,10 @@ /* ARGSUSED */ void -startslave(const char *host, const char *utmp_host, +startslave(const char *host, +#ifdef PARENT_DOES_UTMP + const char *utmp_host, +#endif int autologin, char *autoname) { int i; @@ -1272,9 +1289,10 @@ { struct arg_val argv; char *user; - int save_errno; +#ifdef HAVE_CGETENT char *buf; extern char *gettytab[2], *gettyent; +#endif #ifdef HAVE_UTMPX_H int pid = getpid(); @@ -1345,14 +1363,21 @@ if (auth_level >= 0 && autologin == AUTH_VALID) addarg(&argv, "-f"); #endif - if(user){ + if (user) { +#if 0 addarg(&argv, "--"); addarg(&argv, strdup(user)); +#else + /* Our login is patched to understand LOGNAME so better use that */ + esetenv("LOGNAME", user, 1); +#endif } +#ifdef HAVE_CGETENT if (new_login == NULL && cgetent(&buf, gettytab, gettyent) >= 0) { cgetstr(buf, "lo", &new_login); cgetclose(); } +#endif if (new_login == NULL) new_login = _PATH_LOGIN; @@ -1378,9 +1403,7 @@ sleep(1); execv(new_login, (char *const*)argv.argv); - save_errno = errno; - syslog(LOG_ERR, "%s: %m\n", new_login); - fatalperror_errno(net, new_login, save_errno); + fatalperror(net, new_login); /*NOTREACHED*/ } @@ -1390,7 +1413,7 @@ if(argv->size <= argv->argc+1) { argv->argv = realloc(argv->argv, sizeof(char*) * (argv->size + 10)); if (argv->argv == NULL) - fatal (net, "realloc: out of memory"); + fatal (net, "realloc: Out of memory"); argv->size+=10; } argv->argv[argv->argc++] = val; @@ -1470,7 +1493,7 @@ } /* end of rmut */ #endif -#if !defined(HAVE_UTMPX_H) && !(defined(_CRAY) || defined(__hpux)) +#if !defined(HAVE_UTMPX_H) && !defined(__hpux) && !defined(HAVE_LOGWTMP) static void rmut(void) { @@ -1528,7 +1551,7 @@ chmod(line, 0666); chown(line, 0, 0); } /* end of rmut */ -#endif /* CRAY */ +#endif #if defined(__hpux) && !defined(HAVE_UTMPX_H) static void @@ -1687,7 +1710,7 @@ * register signal handler for UTMP creation */ if ((int)(func = signal(SIGUSR1, _utmp_sig_rcv)) == -1) - fatalperror(net, "telnetd/signal"); + fatalperror(-1, "signal"); } void @@ -1882,12 +1905,12 @@ { switch(fork()) { case -1: - syslog(LOG_ERR, "TMPDIR cleanup(%s): fork() failed: %m\n", + syslog(LOG_ERR, "TMPDIR cleanup(%s): fork() failed: %m", tpath); break; case 0: execl(CLEANTMPCMD, CLEANTMPCMD, user, tpath, (char *)NULL); - syslog(LOG_ERR, "TMPDIR cleanup(%s): execl(%s) failed: %m\n", + syslog(LOG_ERR, "TMPDIR cleanup(%s): execl(%s) failed: %m", tpath, CLEANTMPCMD); exit(1); default: diff -urN telnet-3.0.orig/libexec/telnetd/telnetd.8 telnet-3.0-owl-linux/libexec/telnetd/telnetd.8 --- telnet-3.0.orig/libexec/telnetd/telnetd.8 Tue Nov 13 17:06:10 2001 +++ telnet-3.0-owl-linux/libexec/telnetd/telnetd.8 Wed Nov 21 06:14:01 2001 @@ -31,7 +31,7 @@ .\" .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94 .\" -.Dd June 1, 1994 +.Dd November 17, 2001 .Dt TELNETD 8 .Os .Sh NAME @@ -44,11 +44,6 @@ .Op Fl BUhkln .Op Fl D Ar debugmode .Op Fl S Ar tos -.Op Fl X Ar authtype -.Op Fl a Ar authmode -.Op Fl g Ar gettyent -.Op Fl r Ns Ar lowpty-highpty -.Op Fl u Ar len .Op Fl debug .Op Fl L Ar /bin/login .Op Fl y @@ -87,57 +82,7 @@ The .Nm telnetd command accepts the following options: -.Bl -tag -width "-a authmode" -.It Fl a Ar authmode -This option may be used for specifying what mode should -be used for Kerberos authentication. -Note that this option is only useful if -.Nm telnetd -has been compiled with support for the -.Dv AUTHENTICATION -option. -There are several valid values for -.Ar authmode : -.Bl -tag -width debug -.It debug -Turns on authentication debugging code. -.It user -Only allow connections when the remote user -can provide valid Kerberos authentication information -to identify the remote user, -and is allowed access to the specified account -without providing a password. -.It valid -Only allow connections when the remote user -can provide valid Kerberos authentication information -to identify the remote user. -The -.Xr login 1 -command will provide any additional user verification -needed if the remote user is not allowed automatic -access to the specified account. -.It other -Only allow connections that supply some authentication information. -This option is currently not supported -by any of the existing authentication mechanisms, -and is thus the same as specifying -.Fl a -.Cm valid . -.It otp -Only allow Kerberos authenticated connections (as with -.Fl a -.Cm user ) -and also logins with one-time passwords (OTPs). -This option will call login with an option so that only OTPs are accepted. -The user can of course still type secret information at the prompt. -.It none -This is the default state. -Kerberos authentication information is not required. -If no or insufficient authentication information -is provided, then traditional cleartext passwords will be used. -.It off -This disables the authentication code, and cleartext password will be used. -.El +.Bl -tag -width "-D debugmode" .It Fl B Ignored. .It Fl D Ar debugmode @@ -186,74 +131,15 @@ if the client is still there, so that idle connections from machines that have crashed or can no longer be reached may be cleaned up. -.It Fl g Ar gettyent -Specifies which entry from -.Pa /etc/gettytab -should be used to get banner strings, login program and other information. -The default entry is -.Dq default. -.It Fl h -Disables the printing of host-specific information before -login has been completed. -.It Fl r Ar lowpty-highpty -This option is only enabled when -.Nm telnetd -is compiled for -.Dv UNICOS . -It specifies an inclusive range of pseudo-terminal devices to -use. If the system has sysconf variable -.Dv _SC_CRAY_NPTY -configured, the default pty search range is 0 to -.Dv _SC_CRAY_NPTY ; -otherwise, the default range is 0 to 128. Either -.Ar lowpty -or -.Ar highpty -may be omitted to allow changing -either end of the search range. -If -.Ar lowpty -is omitted, the - character is still required so that -.Nm telnetd -can differentiate -.Ar highpty -from -.Ar lowpty . .It Fl S Ar tos -.It Fl u Ar len -This option is used to specify the size of the field -in the -.Dv utmp -structure that holds the remote host name. -If the resolved host name is longer than -.Ar len , -the dotted decimal value will be used instead. -This allows hosts with very long host names that -overflow this field to still be uniquely identified. -Specifying -.Fl u0 -indicates that only dotted decimal addresses -should be put into the -.Pa utmp -file. .It Fl U This option causes .Nm telnetd to refuse connections from addresses that cannot be mapped back into a symbolic name via the -.Xr gethostbyaddr 3 +.Xr getnameinfo 3 routine. -.It Fl X Ar authtype -This option is only valid if -.Nm telnetd -has been built with support for the authentication option. -It disables the use of -.Ar authtype -authentication, and -can be used to temporarily disable -a specific authentication type without having to recompile -.Nm telnetd . .It Fl L Ar pathname Specify pathname to an alternative login program. .It Fl y @@ -289,8 +175,6 @@ .Tn TELNET options, which are described in more detail below: .Bd -literal -offset indent -DO AUTHENTICATION -WILL ENCRYPT DO TERMINAL TYPE DO TSPEED DO XDISPLOC @@ -318,7 +202,7 @@ has support for enabling locally the following .Tn TELNET options: -.Bl -tag -width "DO AUTHENTICATION" +.Bl -tag -width "DO TERMINAL-SPEED" .It "WILL ECHO" When the .Dv LINEMODE @@ -379,7 +263,7 @@ has support for enabling remotely the following .Tn TELNET options: -.Bl -tag -width "DO AUTHENTICATION" +.Bl -tag -width "DO TERMINAL-SPEED" .It "DO BINARY" Sent to indicate that .Tn telnetd @@ -440,31 +324,15 @@ Note that the .Op Fl k option can be used to disable this. -.It "DO AUTHENTICATION" -Only sent if -.Nm telnetd -Kerberos authentication is enabled, and -indicates a willingness to receive authentication -information for automatic login. -.It "DO ENCRYPT" -Only sent if -.Nm telnetd -Kerberos is enabled, and -indicates a willingness to decrypt -the data stream. .El -.Sh ENVIRONMENT .Sh FILES -.Bl -tag -width /etc/services -compact +.Bl -tag -compact +.It Pa /etc/issue.net .It Pa /etc/services -.It Pa /etc/inittab -(UNICOS systems only) -.It Pa /etc/iptos -(if supported) .El .Sh "SEE ALSO" -.Xr telnet 1 , -.Xr login 1 +.Xr login 1 , +.Xr telnet 1 .Sh STANDARDS .Bl -tag -compact -width RFC-1572 .It Cm RFC-854 diff -urN telnet-3.0.orig/libexec/telnetd/telnetd.c telnet-3.0-owl-linux/libexec/telnetd/telnetd.c --- telnet-3.0.orig/libexec/telnetd/telnetd.c Mon Jul 2 18:16:02 2001 +++ telnet-3.0-owl-linux/libexec/telnetd/telnetd.c Sun Nov 25 04:44:22 2001 @@ -38,6 +38,9 @@ #include #include #include +#include /* for MAXHOSTNAMELEN */ +#include +#include /* RCSID("$KTH: telnetd.c,v 1.64 2001/02/08 16:06:27 assar Exp $"); */ @@ -61,7 +65,9 @@ int auth_level = 0; #endif +#ifdef PARENT_DOES_UTMP extern int utmp_len; +#endif int registerd_host_only = 0; #ifdef STREAMSPTY @@ -126,8 +132,10 @@ int debug = 0; int keepalive = 1; char *progname; +#ifdef HAVE_CGETENT char *gettyent = "default"; char *gettytab[2] = { "/etc/gettytab", NULL }; +#endif static void usage (void); @@ -136,7 +144,13 @@ * that only the actual options that we support will be * passed off to getopt(). */ -char valid_opts[] = "Bd:g:hklnS:u:UL:y" +char valid_opts[] = "Bd:hklnS:UL:y" +#ifdef PARENT_DOES_UTMP + "u:" +#endif +#ifdef HAVE_CGETENT + "g:" +#endif #ifdef AUTHENTICATION "a:X:z" #endif @@ -249,9 +263,11 @@ #endif /* DIAGNOSTICS */ +#ifdef HAVE_CGETENT case 'g': gettyent = optarg; break; +#endif case 'h': hostinfo = 0; @@ -305,6 +321,7 @@ #endif break; +#ifdef PARENT_DOES_UTMP case 'u': { char *eptr; @@ -313,6 +330,7 @@ fprintf(stderr, "telnetd: unknown utmp len (%s)\n", optarg); break; } +#endif case 'U': registerd_host_only = 1; @@ -394,7 +412,7 @@ memset(&dv, 0, sizeof(dv)); if (getsysv(&sysv, sizeof(struct sysv)) != 0) - fatalperror(net, "getsysv"); + fatalperror(-1, "getsysv"); /* * Get socket security label and set device values @@ -405,7 +423,7 @@ (void *)&ss, &szss) < 0) || (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI, (void *)&sock_multi, &szi) < 0)) - fatalperror(net, "getsockopt"); + fatalperror(-1, "getsockopt"); else { dv.dv_actlvl = ss.ss_actlabel.lt_level; dv.dv_actcmp = ss.ss_actlabel.lt_compart; @@ -495,7 +513,10 @@ #ifdef AUTHENTICATION fprintf(stderr, " [-X auth-type] [-y] [-z]"); #endif +#ifdef PARENT_DOES_UTMP fprintf(stderr, " [-u utmp_hostname_length] [-U]"); +#endif + fprintf(stderr, " [-U]"); fprintf(stderr, " [port]\n"); exit(1); } @@ -678,7 +699,27 @@ char host_name[MAXHOSTNAMELEN]; char remote_host_name[MAXHOSTNAMELEN]; +#ifdef PARENT_DOES_UTMP char remote_utmp_name[MAXHOSTNAMELEN]; +#endif + +static int +is_safe_host_name(const char *name) +{ + const unsigned char *cp = (unsigned char *)name; + int c; + + c = *cp; + if (!c || c == '-' || isdigit(c)) + return 0; + + do { + if (!isascii(c) || !isprint(c) || isspace(c) || c == ':') + return 0; + } while ((c = *++cp)); + + return 1; +} /* * Get a pty, scan input lines. @@ -707,10 +748,10 @@ snprintf(tty_dev, sizeof(tty_dev), "/dev/pty/%03d", ptynum); if (setdevs(tty_dev, &dv) < 0) - fatal(net, "cannot set pty security"); + fatal(net, "Cannot set pty security"); snprintf(slave_dev, sizeof(slave_dev), "/dev/ttyp%03d", ptynum); if (setdevs(slave_dev, &dv) < 0) - fatal(net, "cannot set tty security"); + fatal(net, "Cannot set tty security"); } #endif /* _SC_CRAY_SECURE_SYS */ @@ -719,12 +760,21 @@ sizeof(remote_host_name), NULL, 0, registerd_host_only ? NI_NAMEREQD : 0); + if (!error && !is_safe_host_name(remote_host_name)) { + error = getnameinfo (who, who_len, + remote_host_name, + sizeof(remote_host_name), + NULL, 0, + NI_NUMERICHOST); + if (error) + fatal(net, "Couldn't get numeric address"); + } if (error) - fatal(net, "Couldn't resolve your address into a host name.\r\n\ -Please contact your net administrator"); + fatal(net, "Couldn't resolve your address into a host name"); gethostname(host_name, sizeof (host_name)); +#ifdef PARENT_DOES_UTMP strlcpy (remote_utmp_name, remote_host_name, sizeof(remote_utmp_name)); /* Only trim if too long (and possible) */ @@ -745,8 +795,9 @@ NULL, 0, NI_NUMERICHOST); if (error) - fatal(net, "Couldn't get numeric address\r\n"); + fatal(net, "Couldn't get numeric address"); } +#endif #ifdef AUTHENTICATION auth_encrypt_init(host_name, remote_host_name, "TELNETD", 1); @@ -763,31 +814,36 @@ #ifdef _SC_CRAY_SECURE_SYS if (secflag) { if (setulvl(dv.dv_actlvl) < 0) - fatal(net,"cannot setulvl()"); + fatal(-1, "Cannot setulvl()"); if (setucmp(dv.dv_actcmp) < 0) - fatal(net, "cannot setucmp()"); + fatal(-1, "Cannot setucmp()"); } #endif /* _SC_CRAY_SECURE_SYS */ /* begin server processing */ - my_telnet(net, ourpty, remote_host_name, remote_utmp_name, + my_telnet(net, ourpty, remote_host_name, +#ifdef PARENT_DOES_UTMP + remote_utmp_name, +#endif level, user_name); /*NOTREACHED*/ } /* end of doit */ -/* output contents of /etc/issue.net, or /etc/issue */ +/* output contents of /etc/issue.net */ static void show_issue(void) { FILE *f; char buf[128]; + char *p; + f = fopen("/etc/issue.net", "r"); - if(f == NULL) - f = fopen("/etc/issue", "r"); - if(f){ - while(fgets(buf, sizeof(buf)-2, f)){ - strcpy(buf + strcspn(buf, "\r\n"), "\r\n"); - writenet((unsigned char*)buf, strlen(buf)); + if (f) { + while (fgets(buf, sizeof(buf) - 1, f)) { + p = strchr(buf, '\n'); + if (p) + strcpy(p, "\r\n"); + writenet((unsigned char *)buf, strlen(buf)); } fclose(f); } @@ -798,13 +854,18 @@ * hand data to telnet receiver finite state machine. */ void -my_telnet(int f, int p, const char *host, const char *utmp_host, +my_telnet(int f, int p, const char *host, +#ifdef PARENT_DOES_UTMP + const char *utmp_host, +#endif int level, char *autoname) { int on = 1; +#ifdef HAVE_CGETENT char *he; char *IM; char *buf; +#endif int nfd; int startslave_called = 0; time_t timeout; @@ -957,6 +1018,7 @@ if (getenv("USER")) hostinfo = 0; +#ifdef HAVE_CGETENT if (cgetent(&buf, gettytab, gettyent) >= 0) { char *HN; @@ -970,19 +1032,22 @@ } cgetclose(); } else { - IM = DEFAULT_IM; + IM = strdup(DEFAULT_IM); he = NULL; } edithost(he, host_name); if (he) free(he); if (hostinfo && *IM) - putf(IM, ptyibuf2); + putf(IM, ptyibuf2, sizeof(ptyibuf2)); if (*IM) free(IM); +#else + edithost(NULL, host_name); + if (hostinfo) + putf(DEFAULT_IM, ptyibuf2, sizeof(ptyibuf2)); +#endif - if (pcc) - strncat(ptyibuf2, ptyip, pcc+1); ptyip = ptyibuf2; pcc = strlen(ptyip); @@ -1001,7 +1066,11 @@ indefinitely */ if(!startslave_called && (!encrypt_delay() || timeout > time(NULL))){ startslave_called = 1; +#ifdef PARENT_DOES_UTMP startslave(host, utmp_host, level, autoname); +#else + startslave(host, level, autoname); +#endif } if (ncc < 0 && pcc < 0) @@ -1013,7 +1082,7 @@ if (f >= FD_SETSIZE || p >= FD_SETSIZE) - fatal(net, "fd too large"); + fatal(-1, "fd too large"); /* * Never look for input if there's still diff -urN telnet-3.0.orig/libexec/telnetd/telnetd.h telnet-3.0-owl-linux/libexec/telnetd/telnetd.h --- telnet-3.0.orig/libexec/telnetd/telnetd.h Fri Jun 29 09:49:26 2001 +++ telnet-3.0-owl-linux/libexec/telnetd/telnetd.h Wed Nov 21 05:29:38 2001 @@ -51,6 +51,16 @@ #define HAVE_UNISTD_H #define HAVE_SYS_UTSNAME_H #define HAVE_UNAME +#define HAVE_SETSOCKOPT +#define HAVE_SETSID +#define HAVE_SETPGID +#define HAVE_VHANGUP +#define HAVE_OPENPTY +#define HAVE_LOGWTMP + +#if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H)) +# define PARENT_DOES_UTMP +#endif #ifdef HAVE_SYS_TYPES_H #include @@ -197,12 +207,10 @@ #endif -/* Don't use the system login, use our version instead */ - /* BINDIR should be defined somewhere else... */ #ifndef BINDIR -#define BINDIR "/usr/bin" +#define BINDIR "/bin" #endif #undef _PATH_LOGIN diff -urN telnet-3.0.orig/libexec/telnetd/utility.c telnet-3.0-owl-linux/libexec/telnetd/utility.c --- telnet-3.0.orig/libexec/telnetd/utility.c Mon Jul 2 18:16:02 2001 +++ telnet-3.0-owl-linux/libexec/telnetd/utility.c Sun Nov 25 04:42:20 2001 @@ -31,6 +31,8 @@ * SUCH DAMAGE. */ +#include +#include #define PRINTOPTIONS #include "telnetd.h" @@ -65,10 +69,10 @@ if (ncc < 0) { if (errno == EINTR) return 1; - syslog(LOG_INFO, "ttloop: read: %m\n"); + syslog(LOG_INFO, "ttloop: read: %m"); exit(1); } else if (ncc == 0) { - syslog(LOG_INFO, "ttloop: peer died\n"); + syslog(LOG_INFO, "ttloop: peer died"); exit(1); } DIAG(TD_REPORT, { @@ -346,6 +350,11 @@ { char buf[BUFSIZ]; + syslog(LOG_ERR, "%s", msg); + + if (f < 0) + exit(1); + snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg); #ifdef ENCRYPTION if (encrypt_output) { @@ -377,7 +386,8 @@ fatalperror_errno(f, msg, errno); } -char editedhost[32]; +#ifdef HAVE_CGETENT +static char editedhost[32]; void edithost(char *pat, char *host) { @@ -415,8 +425,16 @@ *res = '\0'; editedhost[sizeof editedhost - 1] = '\0'; } +#else +static char *editedhost; + +void edithost(char *pat, char *host) +{ + editedhost = host; +} +#endif -static char *putlocation; +static char *putptr, *putend; void putstr(char *s) @@ -429,7 +447,11 @@ void putchr(int cc) { - *putlocation++ = cc; + if (putptr < putend) + *putptr++ = cc; + else + if (!cc) + *putptr = '\0'; } /* @@ -438,7 +460,7 @@ */ static char fmtstr[] = { "%l:%M" "%P on %A, %d %B %Y" }; -void putf(char *cp, char *where) +void putf(char *cp, char *where, int size) { #ifdef HAVE_UNAME struct utsname name; @@ -461,17 +483,18 @@ version=name.version; #endif - putlocation = where; + putptr = where; + putend = where + (size - 1); while (*cp) { if (*cp != '%') { putchr(*cp++); continue; } - switch (*++cp) { + switch (*++cp) { case 't': -#ifdef STREAMSPTY +#if 1 /* names are like /dev/pts/2 -- we want pts/2 */ slash = strchr(line+1, '/'); #else @@ -515,6 +538,7 @@ } cp++; } + putchr('\0'); } #ifdef DIAGNOSTICS diff -urN telnet-3.0.orig/usr.bin/telnet/Makefile telnet-3.0-owl-linux/usr.bin/telnet/Makefile --- telnet-3.0.orig/usr.bin/telnet/Makefile Tue Sep 11 02:44:47 2001 +++ telnet-3.0-owl-linux/usr.bin/telnet/Makefile Wed Nov 21 05:29:38 2001 @@ -34,28 +34,29 @@ # from: @(#)Makefile 8.1 (Berkeley) 6/6/93 # -PROG= telnet +CC = gcc +LD = gcc +RM = rm -f +ifndef CFLAGS +CFLAGS = -c -O2 -fomit-frame-pointer +endif +CFLAGS += -I../../lib -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK +CFLAGS += -Wall -Dlint +LDFLAGS = +LIBS = -L../../lib/libtelnet -ltelnet -lncurses -CFLAGS+=-DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DSKEY -Dunix -CFLAGS+=-I${.CURDIR}/../../lib -LDADD+= -lcurses -ltelnet -DPADD= ${LIBCURSES} ${LIBTELNET} +PROG= telnet SRCS= authenc.c commands.c main.c network.c ring.c sys_bsd.c telnet.c \ terminal.c tn3270.c utilities.c -.include # for KERBEROS +all: $(PROG) + +$(PROG): $(SRCS:.c=.o) + $(LD) $(LDFLAGS) $+ $(LIBS) -o $@ -.if (${KERBEROS5:L} == "yes") -CFLAGS+=-DENCRYPTION -DAUTHENTICATION -DKRB5 -LDADD+= -lkrb5 -lasn1 -lcrypto -lcom_err -lkafs -DPADD+= ${LIBKRB5} -.endif - -.if (${KERBEROS:L} == "yes") -CFLAGS+=-DENCRYPTION -DAUTHENTICATION -DKRB4 -LDADD+= -lkrb -lcrypto -DPADD+= ${LIBDES} ${LIBKRB} -.endif +.c.o: + $(CC) $(CFLAGS) $< -o $@ -.include +clean: + $(RM) $(PROG) $(SRCS:.c=.o) diff -urN telnet-3.0.orig/usr.bin/telnet/commands.c telnet-3.0-owl-linux/usr.bin/telnet/commands.c --- telnet-3.0.orig/usr.bin/telnet/commands.c Mon Sep 3 09:28:51 2001 +++ telnet-3.0-owl-linux/usr.bin/telnet/commands.c Wed Nov 21 05:29:38 2001 @@ -34,15 +34,17 @@ * SUCH DAMAGE. */ +#define _GNU_SOURCE + #include "telnet_locl.h" #include +#include #if defined(IPPROTO_IP) && defined(IP_TOS) int tos = -1; #endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ char *hostname; -static char _hostname[MAXHOSTNAMELEN]; typedef int (*intrtn_t)(int, char**); static int call __P((intrtn_t, ...)); @@ -482,12 +485,12 @@ #ifndef NOT43 if (net > 0 && (SetSockOpt(net, SOL_SOCKET, SO_DEBUG, debug)) < 0) { - perror("setsockopt (SO_DEBUG)"); + perror("setsockopt: SO_DEBUG"); } #else /* NOT43 */ if (debug) { - if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0) - perror("setsockopt (SO_DEBUG)"); + if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0) < 0) + perror("setsockopt: SO_DEBUG"); } else printf("Cannot turn off socket debugging\r\n"); #endif /* NOT43 */ @@ -1362,9 +1365,9 @@ setcommandmode(); err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0; - switch(vfork()) { + switch (vfork()) { case -1: - perror("Fork failed\r\n"); + perror("vfork"); break; case 0: @@ -1385,7 +1388,7 @@ execl(shellp, shellname, "-c", &saveline[1], (char *)NULL); else execl(shellp, shellname, (char *)NULL); - perror("Execl"); + perror("execl"); _exit(1); } default: @@ -2271,7 +2274,9 @@ struct addrinfo hints, *res, *res0; int error; struct sockaddr_in sin; +#if defined(IP_OPTIONS) && defined(IPPROTO_IP) unsigned long temp; +#endif extern char *inet_ntoa(); #if defined(IP_OPTIONS) && defined(IPPROTO_IP) char *srp = 0; @@ -2285,6 +2290,8 @@ const int niflags = NI_NUMERICHOST; #endif + (void) &user; + /* clear the socket address prior to use */ memset((char *)&sin, 0, sizeof(sin)); @@ -2367,7 +2374,7 @@ memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_CANONNAME; + hints.ai_flags = 0; if (portp == NULL) { portp = "telnet"; telnetport = 1; @@ -2429,7 +2436,7 @@ #if defined(IP_OPTIONS) && defined(IPPROTO_IP) if (srp && res->ai_family == AF_INET && setsockopt(net, IPPROTO_IP, IP_OPTIONS, (char *)srp, srlen) < 0) - perror("setsockopt (IP_OPTIONS)"); + perror("setsockopt: IP_OPTIONS"); #endif #if defined(IPPROTO_IP) && defined(IP_TOS) if (res->ai_family == AF_INET) { @@ -2444,12 +2451,12 @@ && (setsockopt(net, IPPROTO_IP, IP_TOS, (void *)&tos, sizeof(int)) < 0) && (errno != ENOPROTOOPT)) - perror("telnet: setsockopt (IP_TOS) (ignored)"); + perror("setsockopt: IP_TOS"); } #endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) { - perror("setsockopt (SO_DEBUG)"); + perror("setsockopt: SO_DEBUG"); } if (connect(net, res->ai_addr, res->ai_addrlen) < 0) { diff -urN telnet-3.0.orig/usr.bin/telnet/main.c telnet-3.0-owl-linux/usr.bin/telnet/main.c --- telnet-3.0.orig/usr.bin/telnet/main.c Sat Nov 3 03:07:53 2001 +++ telnet-3.0-owl-linux/usr.bin/telnet/main.c Wed Nov 21 05:29:38 2001 @@ -371,6 +371,8 @@ if (argc) { char *args[7], **argp = args; + (void) &argp; + if (argc > 2) usage(); *argp++ = prompt; diff -urN telnet-3.0.orig/usr.bin/telnet/sys_bsd.c telnet-3.0-owl-linux/usr.bin/telnet/sys_bsd.c --- telnet-3.0.orig/usr.bin/telnet/sys_bsd.c Wed Sep 5 03:35:59 2001 +++ telnet-3.0-owl-linux/usr.bin/telnet/sys_bsd.c Wed Nov 21 05:29:38 2001 @@ -940,8 +940,8 @@ #endif /* defined(TN3270) */ #if defined(SO_OOBINLINE) - if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) == -1) { - perror("SetSockOpt"); + if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) < 0) { + perror("setsockopt: SO_OOBINLINE"); } #endif /* defined(SO_OOBINLINE) */ } diff -urN telnet-3.0.orig/usr.bin/telnet/telnet.1 telnet-3.0-owl-linux/usr.bin/telnet/telnet.1 --- telnet-3.0.orig/usr.bin/telnet/telnet.1 Sun Jun 24 02:14:27 2001 +++ telnet-3.0-owl-linux/usr.bin/telnet/telnet.1 Wed Nov 21 05:29:38 2001 @@ -34,7 +34,7 @@ .\" .\" from: @(#)telnet.1 8.4 (Berkeley) 2/3/94 .\" -.Dd February 3, 1994 +.Dd November 17, 2001 .Dt TELNET 1 .Os .Sh NAME @@ -44,11 +44,9 @@ protocol .Sh SYNOPSIS .Nm telnet -.Op Fl 8EFKLacdfrx -.Op Fl X Ar authtype +.Op Fl 8EKLacdr .Op Fl b Ar hostalias .Op Fl e Ar escapechar -.Op Fl k Ar realm .Op Fl l Ar user .Op Fl n Ar tracefile .Oo @@ -83,21 +81,11 @@ option on both input and output. .It Fl E Stops any character from being recognized as an escape character. -.It Fl F -If Kerberos 5 authentication is being used, the -.Fl F -option allows the local credentials to be forwarded -to the remote system, including any credentials that -have already been forwarded into the local environment. .It Fl K Specifies no automatic login to the remote system. .It Fl L Specifies an 8-bit data path on output. This causes the BINARY option to be negotiated on output. -.It Fl X Ar atype -Disables the -.Ar atype -type of authentication. .It Fl a Attempt automatic login. Currently, this sends the user name via the @@ -142,21 +130,6 @@ .Ar escapechar is omitted, then there will be no escape character. -.It Fl f -If Kerberos 5 authentication is being used, the -.Fl f -option allows the local credentials to be forwarded to the remote system. -.It Fl k Ar realm -If Kerberos authentication is being used, the -.Fl k -option requests that -.Nm -obtain tickets for the remote host in -realm -.Ar realm -instead of the remote host's realm, as determined -by -.Xr krb_realmofhost 3 . .It Fl l Ar user When connecting to the remote system, if the remote system understands the @@ -185,8 +158,6 @@ unless modified by the .Fl e option. -.It Fl x -Turns on encryption of the data stream if Kerberos is used. .It Ar host Indicates the official name, an alias, or the Internet address of a remote host. @@ -313,34 +284,6 @@ .Ic display commands). .Bl -tag -width "mode type" -.It Ic auth Ar argument Op Ar ... -The -.Ic auth -command manipulates the information sent through the -.Dv TELNET AUTHENTICATE -option. -Valid arguments for the -.Ic auth -command are as follows: -.Bl -tag -width "disable type" -.It Ic disable Ar type -Disables the specified -.Ar type -of authentication. -To obtain a list of available types, use the -.Ic auth disable \&? -command. -.It Ic enable Ar type -Enables the specified -.Ar type -of authentication. -To obtain a list of available types, use the -.Ic auth enable \&? -command. -.It Ic status -Lists the current status of the various types of -authentication. -.El .It Ic close Close a .Tn TELNET @@ -351,84 +294,6 @@ and .Ic toggle values (see below). -.It Ic encrypt Ar argument Op Ar ... -The -.Ic encrypt -command manipulates the information sent through the -.Dv TELNET ENCRYPT -option that's available when Kerberos is used. -.Pp -Valid arguments for the encrypt command are as follows: -.Bl -tag -width Ar -.It Ic disable Ar type Ic [input|output] -Disables the specified -.Ar type -of encryption. -If you omit -.Ic input -and -.Ic output , -both input and output -are disabled. -To obtain a list of available types, use the -.Ic encrypt disable \&? -command. -.It Ic enable Ar type Ic [input|output] -Enables the specified -.Ar type -of encryption. -If you omit -.Ic input -and -.Ic output , -both input and output are -enabled. -To obtain a list of available types, use the -.Ic encrypt enable \&? -command. -.It Ic input -This is the same as the -.Ic encrypt start input -command. -.It Ic -input -This is the same as the -.Ic encrypt stop input -command. -.It Ic output -This is the same as the -.Ic encrypt start output -command. -.It Ic -output -This is the same as the -.Ic encrypt stop output -command. -.It Ic start Ic [input|output] -Attempts to start encryption. -If you omit -.Ic input -and -.Ic output , -both input and output are enabled. -To obtain a list of available types, use the -.Ic encrypt enable \&? -command. -.It Ic status -Lists the current status of encryption. -.It Ic stop Ic [input|output] -Stops encryption. -If you omit -.Ic input -and -.Ic output , -encryption is on both input and output. -.It Ic type Ar type -Sets the default type of encryption to be used -with later -.Ic encrypt start -or -.Ic encrypt stop -commands. -.El .It Ic environ Ar arguments Op Ar ... The .Ic environ @@ -1125,13 +990,6 @@ .Pq Ic unset commands. .El -.It Ic skey Ar sequence challenge -The -.Ic skey -command computes a response to the S/Key challenge. -See -.Xr skey 1 -for more information on the S/Key system. .It Ic slc Ar state The .Ic slc @@ -1203,8 +1061,6 @@ command. Valid arguments are: .Bl -tag -width Ar -.It Ic authdebug -Turns on debugging information for the authentication code. .It Ic autoflush If .Ic autoflush @@ -1236,29 +1092,8 @@ .Dv FALSE (see .Xr stty 1 ) . -.It Ic autodecrypt -When the -.Dv TELNET ENCRYPT -option is negotiated, by -default the actual encryption (decryption) of the data -stream does not start automatically. -The -.Ic autoencrypt -.Pq Ic autodecrypt -command states that encryption of the -output (input) stream should be enabled as soon as -possible. -.Pp .It Ic autologin -If the remote side supports the -.Dv TELNET AUTHENTICATION -option -.Tn TELNET -attempts to use it to perform automatic authentication. -If the -.Dv AUTHENTICATION -option is not supported, the user's login -name are propagated through the +The user's login name is propagated through the .Dv TELNET ENVIRON option. This command is the same as specifying @@ -1334,8 +1169,6 @@ Toggles socket level debugging (useful only to the superuser). The initial value for this toggle is .Dv FALSE . -.It Ic encdebug -Turns on debugging information for the encryption code. .It Ic localchars If this is .Dv TRUE , @@ -1426,16 +1259,6 @@ .Dv FALSE . .It Ic termdata Toggles the display of all terminal data (in hexadecimal format). -The initial value for this toggle is -.Dv FALSE . -.It Ic verbose_encrypt -When the -.Ic verbose_encrypt -toggle is -.Dv TRUE , -.Nm -prints out a message each time encryption is enabled or -disabled. The initial value for this toggle is .Dv FALSE . .It Ic \&? diff -urN telnet-3.0.orig/usr.bin/telnet/telnet.c telnet-3.0-owl-linux/usr.bin/telnet/telnet.c --- telnet-3.0.orig/usr.bin/telnet/telnet.c Sat Nov 3 03:07:53 2001 +++ telnet-3.0-owl-linux/usr.bin/telnet/telnet.c Wed Nov 21 05:29:38 2001 @@ -117,7 +117,7 @@ # define telopt_environ TELOPT_NEW_ENVIRON #endif -jmp_buf toplevel = { 0 }; +jmp_buf toplevel; jmp_buf peerdied; int flushline; @@ -615,8 +615,8 @@ #define ISASCII(c) (!((c)&0x80)) if ((c == ' ') || !ISASCII(c)) n = 1; - else if (islower(c)) - *cp = toupper(c); + else if (islower((int)(unsigned char)c)) + *cp = toupper((int)(unsigned char)c); } /* @@ -1646,6 +1646,7 @@ int returnValue = 0; scc = 0; + sbp = netiring.consume; /* redundant */ count = 0; while (TTYROOM() > 2) { if (scc == 0) { @@ -1929,6 +1930,7 @@ unsigned char *tbp; tcc = 0; + tbp = ttyiring.consume; /* redundant */ count = 0; while (NETROOM() > 2) { register int sc; diff -urN telnet-3.0.orig/usr.bin/telnet/utilities.c telnet-3.0-owl-linux/usr.bin/telnet/utilities.c --- telnet-3.0.orig/usr.bin/telnet/utilities.c Thu Mar 12 07:57:47 1998 +++ telnet-3.0-owl-linux/usr.bin/telnet/utilities.c Wed Nov 21 05:29:38 2001 @@ -55,7 +55,7 @@ { register int c; - while ((c = *argument) != 0) { + while ((c = (unsigned char)*argument) != 0) { if (islower(c)) { *argument = toupper(c); } @@ -80,6 +80,7 @@ if (yesno == 0) { /* Can't do that in 4.2! */ fprintf(stderr, "Error: attempt to turn off an option 0x%x.\n", option); + errno = EINVAL; return -1; } return setsockopt(fd, level, option, 0, 0); @@ -281,7 +282,9 @@ int length; /* length of suboption data */ { register int i; +#if defined(AUTHENTICATION) || defined(ENCRYPTION) char buf[512]; +#endif extern int want_status_response; if (showoptions || direction == 0 ||