int
main(int argc, char *argv[])
{
struct sockaddr_storage from;
int on = 1, fromlen;
int ch;
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
#endif
pfrontp = pbackp = ptyobuf;
netip = netibuf;
nfrontp = nbackp = netobuf;
#ifdef ENCRYPTION
nclearto = 0;
#endif /* ENCRYPTION */
/*
* This initialization causes linemode to default to a configuration
* that works on all telnet clients, including the FreeBSD client.
* This is not quite the same as the telnet client issuing a "mode
* character" command, but has most of the same benefits, and is
* preferable since some clients (like usofts) don't have the
* mode character command anyway and linemode breaks things.
* The most notable symptom of fix is that csh "set filec" operations
* like <ESC> (filename completion) and ^D (choices) keys now work
* in telnet sessions and can be used more than once on the same line.
* CR/LF handling is also corrected in some termio modes. This
* change resolves problem reports bin/771 and bin/1037.
*/
linemode=1; /*Default to mode that works on bulk of clients*/
while ((ch = getopt(argc, argv, valid_opts)) != -1) {
switch(ch) {
#ifdef AUTHENTICATION
case 'a':
/*
* Check for required authentication level
*/
if (strcmp(optarg, "debug") == 0) {
extern int auth_debug_mode;
auth_debug_mode = 1;
} else if (strcasecmp(optarg, "none") == 0) {
auth_level = 0;
} else if (strcasecmp(optarg, "other") == 0) {
auth_level = AUTH_OTHER;
} else if (strcasecmp(optarg, "user") == 0) {
auth_level = AUTH_USER;
} else if (strcasecmp(optarg, "valid") == 0) {
auth_level = AUTH_VALID;
} else if (strcasecmp(optarg, "off") == 0) {
/*
* This hack turns off authentication
*/
auth_level = -1;
} else {
warnx("unknown authorization level for -a");
}
break;
#endif /* AUTHENTICATION */
#ifdef BFTPDAEMON
case 'B':
bftpd++;
break;
#endif /* BFTPDAEMON */
case 'd':
if (strcmp(optarg, "ebug") == 0) {
debug++;
break;
}
usage();
/* NOTREACHED */
break;
#ifdef DIAGNOSTICS
case 'D':
/*
* Check for desired diagnostics capabilities.
*/
if (!strcmp(optarg, "report")) {
diagnostic |= TD_REPORT|TD_OPTIONS;
} else if (!strcmp(optarg, "exercise")) {
diagnostic |= TD_EXERCISE;
} else if (!strcmp(optarg, "netdata")) {
diagnostic |= TD_NETDATA;
} else if (!strcmp(optarg, "ptydata")) {
diagnostic |= TD_PTYDATA;
} else if (!strcmp(optarg, "options")) {
diagnostic |= TD_OPTIONS;
} else {
usage();
/* NOT REACHED */
}
break;
#endif /* DIAGNOSTICS */
#ifdef ENCRYPTION
case 'e':
if (strcmp(optarg, "debug") == 0) {
extern int encrypt_debug_mode;
encrypt_debug_mode = 1;
break;
}
usage();
/* NOTREACHED */
break;
#endif /* ENCRYPTION */
case 'h':
hostinfo = 0;
break;
#ifdef LINEMODE
case 'l':
alwayslinemode = 1;
break;
#endif /* LINEMODE */
case 'k':
#if defined(LINEMODE) && defined(KLUDGELINEMODE)
lmodetype = NO_AUTOKLUDGE;
#else
/* ignore -k option if built without kludge linemode */
#endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */
break;
case 'n':
keepalive = 0;
break;
case 'p':
altlogin = optarg;
break;
case 'S':
#ifdef HAS_GETTOS
if ((tos = parsetos(optarg, "tcp")) < 0)
warnx("%s%s%s",
"bad TOS argument '", optarg,
"'; will try to use default TOS");
#else
warnx("TOS option unavailable; -S flag not supported");
#endif
break;
case 'u':
utmp_len = (size_t)atoi(optarg);
if (utmp_len >= sizeof(remote_hostname))
utmp_len = sizeof(remote_hostname) - 1;
break;
case 'U':
registerd_host_only = 1;
break;
#ifdef AUTHENTICATION
case 'X':
/*
* Check for invalid authentication types
*/
auth_disable_name(optarg);
break;
#endif /* AUTHENTICATION */
case '4':
family = AF_INET;
break;
#ifdef INET6
case '6':
family = AF_INET6;
break;
#endif
default:
warnx("%c: unknown option", ch);
/* FALLTHROUGH */
case '?':
usage();
/* NOTREACHED */
}
}
argc -= optind;
argv += optind;
if (debug) {
int s, ns, foo, error;
const char *service = "telnet";
struct addrinfo hints, *res;
if (argc > 1) {
usage();
/* NOT REACHED */
} else if (argc == 1)
service = *argv;
memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_PASSIVE;
hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = 0;
error = getaddrinfo(NULL, service, &hints, &res);
if (error) {
errx(1, "tcp/%s: %s\n", service, gai_strerror(error));
if (error == EAI_SYSTEM)
errx(1, "tcp/%s: %s\n", service, strerror(errno));
usage();
}
s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (s < 0)
err(1, "socket");
(void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
(char *)&on, sizeof(on));
if (bind(s, res->ai_addr, res->ai_addrlen) < 0)
err(1, "bind");
if (listen(s, 1) < 0)
err(1, "listen");
foo = res->ai_addrlen;
ns = accept(s, res->ai_addr, &foo);
if (ns < 0)
err(1, "accept");
(void) dup2(ns, 0);
(void) close(ns);
(void) close(s);
#ifdef convex
} else if (argc == 1) {
; /* VOID*/ /* Just ignore the host/port name */
#endif
} else if (argc > 0) {
usage();
/* NOT REACHED */
}
openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
fromlen = sizeof (from);
if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
warn("getpeername");
_exit(1);
}
if (keepalive &&
setsockopt(0, SOL_SOCKET, SO_KEEPALIVE,
(char *)&on, sizeof (on)) < 0) {
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
}
#if defined(IPPROTO_IP) && defined(IP_TOS)
if (from.ss_family == AF_INET) {
# if defined(HAS_GETTOS)
struct tosent *tp;
if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
tos = tp->t_tos;
# endif
if (tos < 0)
tos = 020; /* Low Delay bit */
if (tos
&& (setsockopt(0, IPPROTO_IP, IP_TOS,
(char *)&tos, sizeof(tos)) < 0)
&& (errno != ENOPROTOOPT) )
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
}
#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
net = 0;
doit((struct sockaddr *)&from);
/* NOTREACHED */
return(0);
} /* end of main */
int
main(int argc, char *argv[])
{
struct sockaddr_in from;
int on = 1;
socklen_t fromlen;
#ifndef REALLY_SMALL_TELNETD
register int ch;
#endif
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
#endif
pfrontp = pbackp = ptyobuf;
netip = netibuf;
nfrontp = nbackp = netobuf;
#if defined(ENCRYPT)
nclearto = 0;
#endif
progname = *argv;
#ifdef CRAY
/*
* Get number of pty's before trying to process options,
* which may include changing pty range.
*/
highpty = getnpty();
#endif /* CRAY */
#ifndef REALLY_SMALL_TELNETD
while ((ch = getopt(argc, argv, "d:a:e:lhnr:I:D:B:sS:a:X:L:")) != EOF) {
switch(ch) {
#ifdef AUTHENTICATE
case 'a':
/*
* Check for required authentication level
*/
if (strcmp(optarg, "debug") == 0) {
extern int auth_debug_mode;
auth_debug_mode = 1;
} else if (strcasecmp(optarg, "none") == 0) {
auth_level = 0;
} else if (strcasecmp(optarg, "other") == 0) {
auth_level = AUTH_OTHER;
} else if (strcasecmp(optarg, "user") == 0) {
auth_level = AUTH_USER;
} else if (strcasecmp(optarg, "valid") == 0) {
auth_level = AUTH_VALID;
} else if (strcasecmp(optarg, "off") == 0) {
/*
* This hack turns off authentication
*/
auth_level = -1;
} else {
fprintf(stderr,
"telnetd: unknown authorization level for -a\n");
}
break;
#endif /* AUTHENTICATE */
#ifdef BFTPDAEMON
case 'B':
bftpd++;
break;
#endif /* BFTPDAEMON */
case 'd':
if (strcmp(optarg, "ebug") == 0) {
debug++;
break;
}
usage();
/* NOTREACHED */
break;
#ifdef DIAGNOSTICS
case 'D':
/*
* Check for desired diagnostics capabilities.
*/
if (!strcmp(optarg, "report")) {
diagnostic |= TD_REPORT|TD_OPTIONS;
} else if (!strcmp(optarg, "exercise")) {
diagnostic |= TD_EXERCISE;
} else if (!strcmp(optarg, "netdata")) {
diagnostic |= TD_NETDATA;
} else if (!strcmp(optarg, "ptydata")) {
diagnostic |= TD_PTYDATA;
} else if (!strcmp(optarg, "options")) {
diagnostic |= TD_OPTIONS;
} else {
usage();
/* NOT REACHED */
}
break;
#endif /* DIAGNOSTICS */
#ifdef AUTHENTICATE
case 'e':
if (strcmp(optarg, "debug") == 0) {
extern int auth_debug_mode;
auth_debug_mode = 1;
break;
}
usage();
/* NOTREACHED */
break;
#endif /* AUTHENTICATE */
case 'h':
hostinfo = 0;
break;
#if defined(CRAY) && defined(NEWINIT)
case 'I':
{
extern char *gen_id;
gen_id = optarg;
break;
}
#endif /* defined(CRAY) && defined(NEWINIT) */
#ifdef LINEMODE
case 'l':
alwayslinemode = 1;
break;
#endif /* LINEMODE */
case 'L':
loginprg = optarg;
break;
case 'n':
keepalive = 0;
break;
#ifdef CRAY
case 'r':
{
char *strchr();
char *c;
/*
* Allow the specification of alterations
* to the pty search range. It is legal to
* specify only one, and not change the
* other from its default.
*/
c = strchr(optarg, '-');
if (c) {
*c++ = '\0';
highpty = atoi(c);
}
if (*optarg != '\0')
lowpty = atoi(optarg);
if ((lowpty > highpty) || (lowpty < 0) ||
(highpty > 32767)) {
usage();
/* NOT REACHED */
}
break;
}
#endif /* CRAY */
#ifdef SecurID
case 's':
/* SecurID required */
require_SecurID = 1;
break;
#endif /* SecurID */
case 'S':
#ifdef HAS_GETTOS
if ((tos = parsetos(optarg, "tcp")) < 0)
fprintf(stderr, "%s%s%s\n",
"telnetd: Bad TOS argument '", optarg,
"'; will try to use default TOS");
#else
fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
"-S flag not supported\n");
#endif
break;
#ifdef AUTHENTICATE
case 'X':
/*
* Check for invalid authentication types
*/
auth_disable_name(optarg);
break;
#endif /* AUTHENTICATE */
default:
fprintf(stderr, "telnetd: %c: unknown option\n", ch);
/* FALLTHROUGH */
case '?':
usage();
/* NOTREACHED */
}
}
argc -= optind;
argv += optind;
#endif
#ifndef REALLY_SMALL_TELNETD
if (debug) {
int s, ns;
size_t foo;
struct servent *sp;
static struct sockaddr_in sn = { AF_INET };
if (argc > 1) {
usage();
/* NOT REACHED */
} else if (argc == 1) {
if ((sp = getservbyname(*argv, "tcp"))!=NULL) {
sn.sin_port = sp->s_port;
}
else {
sn.sin_port = atoi(*argv);
if ((int)sn.sin_port <= 0) {
fprintf(stderr, "telnetd: %s: bad port #\n", *argv);
usage();
/* NOT REACHED */
}
sn.sin_port = htons((u_short)sn.sin_port);
}
} else {
sp = getservbyname("telnet", "tcp");
if (sp == 0) {
fprintf(stderr, "telnetd: tcp/telnet: unknown service\n");
exit(1);
}
sn.sin_port = sp->s_port;
}
s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0) {
perror("telnetd: socket");;
exit(1);
}
(void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
if (bind(s, (struct sockaddr *)&sn, sizeof(sn)) < 0) {
perror("bind");
exit(1);
}
if (listen(s, 1) < 0) {
perror("listen");
exit(1);
}
foo = sizeof(sn);
ns = accept(s, (struct sockaddr *)&sn, &foo);
if (ns < 0) {
perror("accept");
exit(1);
}
(void) dup2(ns, 0);
(void) close(ns);
(void) close(s);
#ifdef convex
} else if (argc == 1) {
; /* VOID*/ /* Just ignore the host/port name */
#endif
} else if (argc > 0) {
usage();
/* NOT REACHED */
}
#endif
#ifndef REALLY_SMALL_TELNETD
openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
#endif
fromlen = sizeof (from);
if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
fprintf(stderr, "%s: ", progname);
perror("getpeername");
// _exit(1);
}
if (keepalive &&
setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0) {
/*syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");*/
}
#if defined(IPPROTO_IP) && defined(IP_TOS)
{
# if defined(HAS_GETTOS)
struct tosent *tp;
if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
tos = tp->t_tos;
# endif
if (tos < 0)
tos = 020; /* Low Delay bit */
if (tos
&& (setsockopt(0, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0)
&& (errno != ENOPROTOOPT) )
/*syslog(LOG_WARNING, "setsockopt (IP_TOS): %m")*/;
}
#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
net = 0;
doit(&from);
/* NOTREACHED */
return 0;
} /* end of main */
int
main(int argc, char *argv[])
{
u_long ultmp;
int ch;
char *ep, *user;
char *src_addr = NULL;
#ifdef FORWARD
extern int forward_flags;
#endif /* FORWARD */
tninit(); /* Clear out things */
TerminalSaveState();
if ((prompt = strrchr(argv[0], '/')))
++prompt;
else
prompt = argv[0];
user = NULL;
rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
#ifdef AUTHENTICATION
autologin = 1;
#else
autologin = -1;
#endif
#ifdef ENCRYPTION
encrypt_auto(1);
decrypt_auto(1);
#endif
#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
#define IPSECOPT "P:"
#else
#define IPSECOPT
#endif
while ((ch = getopt(argc, argv,
"468B:EKLNS:X:acde:fFk:l:n:rs:uxy" IPSECOPT)) != -1)
#undef IPSECOPT
{
switch(ch) {
case '4':
family = AF_INET;
break;
#ifdef INET6
case '6':
family = AF_INET6;
break;
#endif
case '8':
eight = 3; /* binary output and input */
break;
case 'B':
DoBaudRate(optarg);
break;
case 'E':
rlogin = escape = _POSIX_VDISABLE;
break;
case 'K':
#ifdef AUTHENTICATION
autologin = 0;
#endif
break;
case 'L':
eight |= 2; /* binary output only */
break;
case 'N':
doaddrlookup = 0;
break;
case 'S':
#ifdef HAS_GETTOS
if ((tos = parsetos(optarg, "tcp")) < 0)
fprintf(stderr, "%s%s%s%s\n",
prompt, ": Bad TOS argument '",
optarg,
"; will try to use default TOS");
#else
#define MAXTOS 255
ultmp = strtoul(optarg, &ep, 0);
if (*ep || ep == optarg || ultmp > MAXTOS)
fprintf(stderr, "%s%s%s%s\n",
prompt, ": Bad TOS argument '",
optarg,
"; will try to use default TOS");
else
tos = ultmp;
#endif
break;
case 'X':
#ifdef AUTHENTICATION
auth_disable_name(optarg);
#endif
break;
case 'a':
#ifdef AUTHENTICATION
/* It's the default now, so ignore */
#else
autologin = 1;
#endif
break;
case 'c':
skiprc = 1;
break;
case 'd':
telnet_debug = 1;
break;
case 'e':
set_escape_char(optarg);
break;
case 'f':
#ifdef AUTHENTICATION
#if defined(KRB5) && defined(FORWARD)
if (forward_flags & OPTS_FORWARD_CREDS) {
fprintf(stderr,
"%s: Only one of -f and -F allowed.\n",
prompt);
usage();
}
forward_flags |= OPTS_FORWARD_CREDS;
#else
fprintf(stderr,
"%s: Warning: -f ignored, no Kerberos V5 support.\n",
prompt);
#endif
#else
fprintf(stderr,
"%s: Warning: -f ignored, no Kerberos V5 support.\n",
prompt);
#endif
break;
case 'F':
#ifdef AUTHENTICATION
#if defined(KRB5) && defined(FORWARD)
if (forward_flags & OPTS_FORWARD_CREDS) {
fprintf(stderr,
"%s: Only one of -f and -F allowed.\n",
prompt);
usage();
}
forward_flags |= OPTS_FORWARD_CREDS;
forward_flags |= OPTS_FORWARDABLE_CREDS;
#else
fprintf(stderr,
"%s: Warning: -F ignored, no Kerberos V5 support.\n",
prompt);
#endif
#else
fprintf(stderr,
"%s: Warning: -F ignored, no Kerberos V5 support.\n",
prompt);
#endif
break;
case 'k':
#ifdef AUTHENTICATION
#if defined(KRB4)
{
extern char *dest_realm, dst_realm_buf[], dst_realm_sz;
dest_realm = dst_realm_buf;
(void)strncpy(dest_realm, optarg, dst_realm_sz);
}
#else
fprintf(stderr,
"%s: Warning: -k ignored, no Kerberos V4 support.\n",
prompt);
#endif
#else
fprintf(stderr,
"%s: Warning: -k ignored, no Kerberos V4 support.\n",
prompt);
#endif
break;
case 'l':
#ifdef AUTHENTICATION
/* This is the default now, so ignore it */
#else
autologin = 1;
#endif
user = optarg;
break;
case 'n':
SetNetTrace(optarg);
break;
case 'r':
rlogin = '******';
break;
case 's':
src_addr = optarg;
break;
case 'u':
family = AF_UNIX;
break;
case 'x':
#ifndef ENCRYPTION
fprintf(stderr,
"%s: Warning: -x ignored, no ENCRYPT support.\n",
prompt);
#endif /* ENCRYPTION */
break;
case 'y':
#ifdef ENCRYPTION
encrypt_auto(0);
decrypt_auto(0);
#else
fprintf(stderr,
"%s: Warning: -y ignored, no ENCRYPT support.\n",
prompt);
#endif /* ENCRYPTION */
break;
#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
case 'P':
if (!strncmp("in", optarg, 2))
ipsec_policy_in = strdup(optarg);
else if (!strncmp("out", optarg, 3))
ipsec_policy_out = strdup(optarg);
else
usage();
break;
#endif
case '?':
default:
usage();
/* NOTREACHED */
}
}
if (autologin == -1)
autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
argc -= optind;
argv = argv + optind;
if (argc) {
char *args[9], **argp = args;
if (argc > 2)
usage();
*argp++ = prompt;
if (user) {
*argp++ = strdup("-l");
*argp++ = user;
}
if (src_addr) {
*argp++ = strdup("-s");
*argp++ = src_addr;
}
*argp++ = argv[0]; /* host */
if (argc > 1)
*argp++ = argv[1]; /* port */
*argp = 0;
if (setjmp(toplevel) != 0)
Exit(0);
if (tn(argp - args, args) == 1)
return (0);
else
return (1);
}
(void)setjmp(toplevel);
for (;;) {
command(1, 0, 0);
}
return 0;
}
int
main(int argc, char **argv)
{
int ch;
char *user;
setprogname(argv[0]);
#ifdef KRB5
krb5_init();
#endif
tninit(); /* Clear out things */
TerminalSaveState();
if ((prompt = strrchr(argv[0], '/')))
++prompt;
else
prompt = argv[0];
user = NULL;
rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
/*
* if AUTHENTICATION and ENCRYPTION is set autologin will be
* se to true after the getopt switch; unless the -K option is
* passed
*/
autologin = -1;
if (argc == 2 && strcmp(argv[1], "--version") == 0) {
print_version(NULL);
exit(0);
}
if (argc == 2 && strcmp(argv[1], "--help") == 0)
usage(0);
while((ch = getopt(argc, argv,
"78DEKLS:X:abcde:fFk:l:n:rxG")) != -1) {
switch(ch) {
case '8':
eight = 3; /* binary output and input */
break;
case '7':
eight = 0;
break;
case 'b':
binary = 3;
break;
case 'D': {
/* sometimes we don't want a mangled display */
char *p;
if((p = getenv("DISPLAY")))
env_define((unsigned char*)"DISPLAY", (unsigned char*)p);
break;
}
case 'E':
rlogin = escape = _POSIX_VDISABLE;
break;
case 'K':
#ifdef AUTHENTICATION
autologin = 0;
#endif
break;
case 'L':
eight |= 2; /* binary output only */
break;
case 'S':
{
#ifdef HAVE_PARSETOS
extern int tos;
if ((tos = parsetos(optarg, "tcp")) < 0)
fprintf(stderr, "%s%s%s%s\n",
prompt, ": Bad TOS argument '",
optarg,
"; will try to use default TOS");
#else
fprintf(stderr,
"%s: Warning: -S ignored, no parsetos() support.\n",
prompt);
#endif
}
break;
case 'X':
#ifdef AUTHENTICATION
auth_disable_name(optarg);
#endif
break;
case 'a':
autologin = 1;
break;
case 'c':
skiprc = 1;
break;
case 'd':
debug = 1;
break;
case 'e':
set_escape_char(optarg);
break;
case 'f':
case 'F':
case 'G':
#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
if (forward_option) {
fprintf(stderr,
"%s: Only one of -f, -F and -G allowed.\n",
prompt);
usage(1);
}
forward_option = ch;
#else
fprintf(stderr,
"%s: Warning: -%c ignored, no Kerberos V5 support.\n",
prompt, ch);
#endif
break;
case 'k':
#if defined(AUTHENTICATION) && defined(KRB4)
{
dest_realm = dst_realm_buf;
strlcpy(dest_realm, optarg, dst_realm_sz);
}
#else
fprintf(stderr,
"%s: Warning: -k ignored, no Kerberos V4 support.\n",
prompt);
#endif
break;
case 'l':
if(autologin == 0){
fprintf(stderr, "%s: Warning: -K ignored\n", prompt);
autologin = -1;
}
user = optarg;
break;
case 'n':
SetNetTrace(optarg);
break;
case 'r':
rlogin = '******';
break;
case 'x':
#ifdef ENCRYPTION
encrypt_auto(1);
decrypt_auto(1);
wantencryption = 1;
EncryptVerbose(1);
#else
fprintf(stderr,
"%s: Warning: -x ignored, no ENCRYPT support.\n",
prompt);
#endif
break;
case '?':
default:
usage(1);
/* NOTREACHED */
}
}
if (autologin == -1) { /* [email protected]; force */
#if defined(AUTHENTICATION)
autologin = 1;
#endif
#if defined(ENCRYPTION)
encrypt_auto(1);
decrypt_auto(1);
wantencryption = -1;
#endif
}
if (autologin == -1)
autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
argc -= optind;
argv += optind;
if (argc) {
char *args[7], **argp = args;
if (argc > 2)
usage(1);
*argp++ = prompt;
if (user) {
*argp++ = "-l";
*argp++ = user;
}
*argp++ = argv[0]; /* host */
if (argc > 1)
*argp++ = argv[1]; /* port */
*argp = 0;
if (setjmp(toplevel) != 0)
Exit(0);
if (tn(argp - args, args) == 1)
return (0);
else
return (1);
}
setjmp(toplevel);
for (;;) {
command(1, 0, 0);
}
}
int
main(int argc, char **argv)
{
struct sockaddr_storage __ss;
struct sockaddr *sa = (struct sockaddr *)&__ss;
int on = 1;
socklen_t sa_size;
int ch;
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos __attribute__ ((unused)) = -1;
#endif
#ifdef ENCRYPTION
extern int des_check_key;
des_check_key = 1; /* Kludge for Mac NCSA telnet 2.6 /bg */
#endif
pfrontp = pbackp = ptyobuf;
netip = netibuf;
nfrontp = nbackp = netobuf;
progname = *argv;
#ifdef ENCRYPTION
nclearto = 0;
#endif
#ifdef _CRAY
/*
* Get number of pty's before trying to process options,
* which may include changing pty range.
*/
highpty = getnpty();
#endif /* CRAY */
while ((ch = getopt(argc, argv, valid_opts)) != -1) {
switch(ch) {
#ifdef AUTHENTICATION
case 'a':
/*
* Check for required authentication level
*/
if (strcmp(optarg, "debug") == 0) {
auth_debug_mode = 1;
} else if (strcasecmp(optarg, "none") == 0) {
auth_level = 0;
} else if (strcasecmp(optarg, "otp") == 0) {
auth_level = 0;
require_otp = 1;
} else if (strcasecmp(optarg, "other") == 0) {
auth_level = AUTH_OTHER;
} else if (strcasecmp(optarg, "user") == 0) {
auth_level = AUTH_USER;
} else if (strcasecmp(optarg, "valid") == 0) {
auth_level = AUTH_VALID;
} else if (strcasecmp(optarg, "off") == 0) {
/*
* This hack turns off authentication
*/
auth_level = -1;
} else {
fprintf(stderr,
"telnetd: unknown authorization level for -a\n");
}
break;
#endif /* AUTHENTICATION */
case 'B': /* BFTP mode is not supported any more */
break;
#ifdef DIAGNOSTICS
case 'D':
/*
* Check for desired diagnostics capabilities.
*/
if (!strcmp(optarg, "report")) {
diagnostic |= TD_REPORT|TD_OPTIONS;
} else if (!strcmp(optarg, "exercise")) {
diagnostic |= TD_EXERCISE;
} else if (!strcmp(optarg, "netdata")) {
diagnostic |= TD_NETDATA;
} else if (!strcmp(optarg, "ptydata")) {
diagnostic |= TD_PTYDATA;
} else if (!strcmp(optarg, "options")) {
diagnostic |= TD_OPTIONS;
} else {
usage();
/* NOT REACHED */
}
break;
#endif /* DIAGNOSTICS */
case 'g':
gettyent = optarg;
break;
case 'k': /* Linemode is not supported any more */
case 'l':
break;
case 'n':
keepalive = 0;
break;
#ifdef _CRAY
case 'r':
{
char *strchr();
char *c;
/*
* Allow the specification of alterations
* to the pty search range. It is legal to
* specify only one, and not change the
* other from its default.
*/
c = strchr(optarg, '-');
if (c) {
*c++ = '\0';
highpty = atoi(c);
}
if (*optarg != '\0')
lowpty = atoi(optarg);
if ((lowpty > highpty) || (lowpty < 0) ||
(highpty > 32767)) {
usage();
/* NOT REACHED */
}
break;
}
#endif /* CRAY */
case 'S':
#ifdef HAVE_PARSETOS
if ((tos = parsetos(optarg, "tcp")) < 0)
fprintf(stderr, "%s%s%s\n",
"telnetd: Bad TOS argument '", optarg,
"'; will try to use default TOS");
#else
fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
"-S flag not supported\n");
#endif
break;
case 'u': {
char *eptr;
utmp_len = strtol(optarg, &eptr, 0);
if (optarg == eptr)
fprintf(stderr, "telnetd: unknown utmp len (%s)\n", optarg);
break;
}
case 'U':
registerd_host_only = 1;
break;
#ifdef AUTHENTICATION
case 'X':
/*
* Check for invalid authentication types
*/
auth_disable_name(optarg);
break;
#endif
case 'y':
no_warn = 1;
break;
#ifdef AUTHENTICATION
case 'z':
log_unauth = 1;
break;
#endif /* AUTHENTICATION */
case 'L':
new_login = optarg;
break;
default:
fprintf(stderr, "telnetd: %c: unknown option\n", ch);
/* FALLTHROUGH */
case '?':
usage();
/* NOTREACHED */
}
}
argc -= optind;
argv += optind;
if (argc > 0) {
usage();
/* NOT REACHED */
}
#ifdef _SC_CRAY_SECURE_SYS
secflag = sysconf(_SC_CRAY_SECURE_SYS);
/*
* Get socket's security label
*/
if (secflag) {
socklen_t szss = sizeof(ss);
int sock_multi;
socklen_t szi = sizeof(int);
memset(&dv, 0, sizeof(dv));
if (getsysv(&sysv, sizeof(struct sysv)) != 0)
fatalperror(net, "getsysv");
/*
* Get socket security label and set device values
* {security label to be set on ttyp device}
*/
#ifdef SO_SEC_MULTI /* 8.0 code */
if ((getsockopt(0, SOL_SOCKET, SO_SECURITY,
(void *)&ss, &szss) < 0) ||
(getsockopt(0, SOL_SOCKET, SO_SEC_MULTI,
(void *)&sock_multi, &szi) < 0))
fatalperror(net, "getsockopt");
else {
dv.dv_actlvl = ss.ss_actlabel.lt_level;
dv.dv_actcmp = ss.ss_actlabel.lt_compart;
if (!sock_multi) {
dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl;
dv.dv_valcmp = dv.dv_actcmp;
} else {
dv.dv_minlvl = ss.ss_minlabel.lt_level;
dv.dv_maxlvl = ss.ss_maxlabel.lt_level;
dv.dv_valcmp = ss.ss_maxlabel.lt_compart;
}
dv.dv_devflg = 0;
}
#else /* SO_SEC_MULTI */ /* 7.0 code */
if (getsockopt(0, SOL_SOCKET, SO_SECURITY,
(void *)&ss, &szss) >= 0) {
dv.dv_actlvl = ss.ss_slevel;
dv.dv_actcmp = ss.ss_compart;
dv.dv_minlvl = ss.ss_minlvl;
dv.dv_maxlvl = ss.ss_maxlvl;
dv.dv_valcmp = ss.ss_maxcmp;
}
#endif /* SO_SEC_MULTI */
}
#endif /* _SC_CRAY_SECURE_SYS */
openlog("ddtelnetd", LOG_PID | LOG_ODELAY, LOG_LOCAL2);
sa_size = sizeof (__ss);
if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) {
fprintf(stderr, "%s: ", progname);
perror("getpeername");
_exit(1);
}
if (keepalive &&
setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE,
(void *)&on, sizeof (on)) < 0) {
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
}
#if defined(IPPROTO_IP) && defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
{
# ifdef HAVE_GETTOSBYNAME
struct tosent *tp;
if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
tos = tp->t_tos;
# endif
if (tos < 0)
tos = 020; /* Low Delay bit */
if (tos
&& sa->sa_family == AF_INET
&& (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
(void *)&tos, sizeof(tos)) < 0)
&& (errno != ENOPROTOOPT) )
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
}
#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
net = STDIN_FILENO;
doit(sa, sa_size);
/* NOTREACHED */
return 0;
} /* end of main */
int
main(int argc, char *argv[])
{
extern char *optarg;
extern int optind;
int ch;
char *user;
#ifdef FORWARD
extern int forward_flags;
#endif /* FORWARD */
tninit(); /* Clear out things */
TerminalSaveState();
if ((prompt = strrchr(argv[0], '/')) != NULL)
++prompt;
else
prompt = argv[0];
user = NULL;
rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
autologin = -1;
#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
#define IPSECOPT "P:"
#else
#define IPSECOPT
#endif
while ((ch = getopt(argc, argv, "468EKLNS:X:acde:fFk:l:n:rt:x"
IPSECOPT)) != -1) {
#undef IPSECOPT
switch(ch) {
case '4':
family = AF_INET;
break;
case '6':
family = AF_INET6;
break;
case '8':
eight = 3; /* binary output and input */
break;
case 'E':
rlogin = escape = _POSIX_VDISABLE;
break;
case 'K':
#ifdef AUTHENTICATION
autologin = 0;
#endif
break;
case 'L':
eight |= 2; /* binary output only */
break;
case 'N':
doaddrlookup = 0;
break;
case 'S':
{
fprintf(stderr,
"%s: Warning: -S ignored, no parsetos() support.\n",
prompt);
}
break;
case 'X':
#ifdef AUTHENTICATION
auth_disable_name(optarg);
#endif
break;
case 'a':
autologin = 1;
break;
case 'c':
skiprc = 1;
break;
case 'd':
telnet_debug = 1;
break;
case 'e':
set_escape_char(optarg);
break;
case 'f':
#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
if (forward_flags & OPTS_FORWARD_CREDS) {
fprintf(stderr,
"%s: Only one of -f and -F allowed.\n",
prompt);
usage();
}
forward_flags |= OPTS_FORWARD_CREDS;
#else
fprintf(stderr,
"%s: Warning: -f ignored, no Kerberos V5 support.\n",
prompt);
#endif
break;
case 'F':
#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
if (forward_flags & OPTS_FORWARD_CREDS) {
fprintf(stderr,
"%s: Only one of -f and -F allowed.\n",
prompt);
usage();
}
forward_flags |= OPTS_FORWARD_CREDS;
forward_flags |= OPTS_FORWARDABLE_CREDS;
#else
fprintf(stderr,
"%s: Warning: -F ignored, no Kerberos V5 support.\n",
prompt);
#endif
break;
case 'k':
fprintf(stderr,
"%s: Warning: -k ignored, no Kerberos V4 support.\n",
prompt);
break;
case 'l':
if(autologin == 0) {
autologin = -1;
}
user = optarg;
break;
case 'n':
#ifdef TN3270
/* distinguish between "-n oasynch" and "-noasynch" */
if (argv[optind - 1][0] == '-' && argv[optind - 1][1]
== 'n' && argv[optind - 1][2] == 'o') {
if (!strcmp(optarg, "oasynch")) {
noasynchtty = 1;
noasynchnet = 1;
} else if (!strcmp(optarg, "oasynchtty"))
noasynchtty = 1;
else if (!strcmp(optarg, "oasynchnet"))
noasynchnet = 1;
} else
#endif /* defined(TN3270) */
SetNetTrace(optarg);
break;
case 'r':
rlogin = '******';
break;
case 't':
#ifdef TN3270
(void)strlcpy(tline, optarg, sizeof(tline));
transcom = tline;
#else
fprintf(stderr,
"%s: Warning: -t ignored, no TN3270 support.\n",
prompt);
#endif
break;
case 'x':
#ifdef ENCRYPTION
encrypt_auto(1);
decrypt_auto(1);
#else /* ENCRYPTION */
fprintf(stderr,
"%s: Warning: -x ignored, no ENCRYPT support.\n",
prompt);
#endif /* ENCRYPTION */
break;
#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
case 'P':
if (!strncmp("in", optarg, 2))
ipsec_policy_in = strdup(optarg);
else if (!strncmp("out", optarg, 3))
ipsec_policy_out = strdup(optarg);
else
usage();
break;
#endif
case '?':
default:
usage();
/* NOTREACHED */
}
}
if (autologin == -1) { /* [email protected]; force */
#if defined(AUTHENTICATION)
autologin = 1;
#endif
#if defined(ENCRYPTION)
encrypt_auto(1);
decrypt_auto(1);
#endif
}
if (autologin == -1)
autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
argc -= optind;
argv += optind;
if (argc) {
static char ml[] = "-l";
char *args[7];
char ** volatile argp; /* avoid longjmp clobbering */
argp = args;
if (argc > 2)
usage();
*argp++ = prompt;
if (user) {
*argp++ = ml;
*argp++ = user;
}
*argp++ = argv[0]; /* host */
if (argc > 1)
*argp++ = argv[1]; /* port */
*argp = 0;
if (setjmp(toplevel) != 0)
Exit(0);
if (tn(argp - args, args) == 1)
return (0);
else
return (1);
}
(void)setjmp(toplevel);
for (;;) {
#ifdef TN3270
if (shell_active)
shell_continue();
else
#endif
command(1, 0, 0);
}
}
/*
* main. Parse arguments, invoke the protocol or command parser.
*/
int
main (int argc, char *argv[])
{
int ch;
char *user, *alias;
#ifdef FORWARD
extern int forward_flags;
#endif /* FORWARD */
tninit (); /* Clear out things */
TerminalSaveState ();
if ((prompt = strrchr (argv[0], '/')))
++prompt;
else
prompt = argv[0];
user = alias = NULL;
rlogin = (strncmp (prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
autologin = -1;
while ((ch = getopt (argc, argv, "78DEKLS:X:ab:cde:fFk:l:n:rt:x")) != -1)
{
switch (ch)
{
case '8':
eight = 3; /* binary output and input */
break;
case '7':
eight = 0;
break;
case 'D':
{
/* sometimes we don't want a mangled display */
char *p;
if ((p = getenv ("DISPLAY")))
env_define ("DISPLAY", (unsigned char *) p);
break;
}
case 'E':
rlogin = escape = _POSIX_VDISABLE;
break;
case 'K':
/* autologin = 0; */
break;
case 'L':
eight |= 2; /* binary output only */
break;
case 'S':
{
#ifdef HAS_GETTOS
extern int tos;
if ((tos = parsetos (optarg, "tcp")) < 0)
fprintf (stderr, "%s%s%s%s\n",
prompt, ": Bad TOS argument '",
optarg, "; will try to use default TOS");
#else
fprintf (stderr,
"%s: Warning: -S ignored, no parsetos() support.\n",
prompt);
#endif
}
break;
case 'X':
#ifdef AUTHENTICATION
auth_disable_name (optarg);
#endif
break;
case 'a':
autologin = 1;
break;
case 'c':
skiprc = 1;
break;
case 'd':
debug = 1;
break;
case 'e':
set_escape_char (optarg);
break;
case 'f':
fprintf (stderr,
"%s: Warning: -f ignored, no Kerberos V5 support.\n",
prompt);
break;
case 'F':
fprintf (stderr,
"%s: Warning: -F ignored, no Kerberos V5 support.\n",
prompt);
break;
case 'k':
fprintf (stderr,
"%s: Warning: -k ignored, no Kerberos V4 support.\n",
prompt);
break;
case 'l':
autologin = -1;
user = optarg;
break;
case 'b':
alias = optarg;
break;
case 'n':
#if defined(TN3270) && defined(__unix__)
/* distinguish between "-n oasynch" and "-noasynch" */
if (argv[optind - 1][0] == '-' && argv[optind - 1][1]
== 'n' && argv[optind - 1][2] == 'o')
{
if (!strcmp (optarg, "oasynch"))
{
noasynchtty = 1;
noasynchnet = 1;
}
else if (!strcmp (optarg, "oasynchtty"))
noasynchtty = 1;
else if (!strcmp (optarg, "oasynchnet"))
noasynchnet = 1;
}
else
#endif /* defined(TN3270) && defined(__unix__) */
SetNetTrace (optarg);
break;
case 'r':
rlogin = '******';
break;
case 't':
#if defined(TN3270) && defined(__unix__)
transcom = tline;
strncpy (transcom, optarg, sizeof (tline));
#else
fprintf (stderr,
"%s: Warning: -t ignored, no TN3270 support.\n", prompt);
#endif
break;
case 'x':
fprintf (stderr,
"%s: Warning: -x ignored, no ENCRYPT support.\n", prompt);
break;
case '?':
default:
usage ();
/* NOTREACHED */
}
}
if (autologin == -1)
autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
argc -= optind;
argv += optind;
if (argc)
{
char *args[7], **argp = args;
if (argc > 2)
usage ();
*argp++ = prompt;
if (user)
{
*argp++ = "-l";
*argp++ = user;
}
if (alias)
{
*argp++ = "-b";
*argp++ = alias;
}
*argp++ = argv[0]; /* host */
if (argc > 1)
*argp++ = argv[1]; /* port */
*argp = 0;
if (sigsetjmp (toplevel, 1) != 0)
Exit (0);
if (tn (argp - args, args) == 1)
return (0);
else
return (1);
}
sigsetjmp (toplevel, 1);
for (;;)
{
#ifdef TN3270
if (shell_active)
shell_continue ();
else
#endif
command (1, 0, 0);
}
return 0;
}
int
main(int argc, char *argv[], char *env[])
{
struct sockaddr_in from;
int on = 1;
socklen_t fromlen;
register int ch;
#if defined(HAS_IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
#endif
initsetproctitle(argc, argv, env);
pfrontp = pbackp = ptyobuf;
netip = netibuf;
nfrontp = nbackp = netobuf;
#if defined(ENCRYPT)
nclearto = 0;
#endif
progname = *argv;
while ((ch = getopt(argc, argv, "d:a:e:lhnr:I:D:B:sS:a:X:L:")) != EOF) {
switch(ch) {
#ifdef AUTHENTICATE
case 'a':
/*
* Check for required authentication level
*/
if (strcmp(optarg, "debug") == 0) {
extern int auth_debug_mode;
auth_debug_mode = 1;
} else if (strcasecmp(optarg, "none") == 0) {
auth_level = 0;
} else if (strcasecmp(optarg, "other") == 0) {
auth_level = AUTH_OTHER;
} else if (strcasecmp(optarg, "user") == 0) {
auth_level = AUTH_USER;
} else if (strcasecmp(optarg, "valid") == 0) {
auth_level = AUTH_VALID;
} else if (strcasecmp(optarg, "off") == 0) {
/*
* This hack turns off authentication
*/
auth_level = -1;
} else {
fprintf(stderr,
"telnetd: unknown authorization level for -a\n");
}
break;
#endif /* AUTHENTICATE */
#ifdef BFTPDAEMON
case 'B':
bftpd++;
break;
#endif /* BFTPDAEMON */
case 'd':
if (strcmp(optarg, "ebug") == 0) {
debug++;
break;
}
usage();
/* NOTREACHED */
break;
#ifdef DIAGNOSTICS
case 'D':
/*
* Check for desired diagnostics capabilities.
*/
if (!strcmp(optarg, "report")) {
diagnostic |= TD_REPORT|TD_OPTIONS;
} else if (!strcmp(optarg, "exercise")) {
diagnostic |= TD_EXERCISE;
} else if (!strcmp(optarg, "netdata")) {
diagnostic |= TD_NETDATA;
} else if (!strcmp(optarg, "ptydata")) {
diagnostic |= TD_PTYDATA;
} else if (!strcmp(optarg, "options")) {
diagnostic |= TD_OPTIONS;
} else {
usage();
/* NOT REACHED */
}
break;
#endif /* DIAGNOSTICS */
#ifdef AUTHENTICATE
case 'e':
if (strcmp(optarg, "debug") == 0) {
extern int auth_debug_mode;
auth_debug_mode = 1;
break;
}
usage();
/* NOTREACHED */
break;
#endif /* AUTHENTICATE */
case 'h':
hostinfo = 0;
break;
#ifdef LINEMODE
case 'l':
alwayslinemode = 1;
break;
#endif /* LINEMODE */
case 'L':
loginprg = strdup(optarg);
/* XXX what if strdup fails? */
break;
case 'n':
keepalive = 0;
break;
#ifdef SecurID
case 's':
/* SecurID required */
require_SecurID = 1;
break;
#endif /* SecurID */
case 'S':
#ifdef HAS_GETTOS
if ((tos = parsetos(optarg, "tcp")) < 0)
fprintf(stderr, "%s%s%s\n",
"telnetd: Bad TOS argument '", optarg,
"'; will try to use default TOS");
#else
fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
"-S flag not supported\n");
#endif
break;
#ifdef AUTHENTICATE
case 'X':
/*
* Check for invalid authentication types
*/
auth_disable_name(optarg);
break;
#endif /* AUTHENTICATE */
default:
fprintf(stderr, "telnetd: %c: unknown option\n", ch);
/* FALLTHROUGH */
case '?':
usage();
/* NOTREACHED */
}
}
argc -= optind;
argv += optind;
if (debug) {
int s, ns;
socklen_t foo;
struct servent *sp;
struct sockaddr_in sn;
memset(&sn, 0, sizeof(sn));
sn.sin_family = AF_INET;
if (argc > 1) {
usage();
/* NOTREACHED */
} else if (argc == 1) {
if ((sp = getservbyname(*argv, "tcp"))!=NULL) {
sn.sin_port = sp->s_port;
}
else {
int pt = atoi(*argv);
if (pt <= 0) {
fprintf(stderr, "telnetd: %s: bad port number\n",
*argv);
usage();
/* NOTREACHED */
}
sn.sin_port = htons(pt);
}
} else {
sp = getservbyname("telnet", "tcp");
if (sp == 0) {
fprintf(stderr, "telnetd: tcp/telnet: unknown service\n");
exit(1);
}
sn.sin_port = sp->s_port;
}
s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0) {
perror("telnetd: socket");;
exit(1);
}
(void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
if (bind(s, (struct sockaddr *)&sn, sizeof(sn)) < 0) {
perror("bind");
exit(1);
}
if (listen(s, 1) < 0) {
perror("listen");
exit(1);
}
foo = sizeof(sn);
ns = accept(s, (struct sockaddr *)&sn, &foo);
if (ns < 0) {
perror("accept");
exit(1);
}
(void) dup2(ns, 0);
(void) close(ns);
(void) close(s);
} else if (argc > 0) {
usage();
/* NOT REACHED */
}
openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
fromlen = sizeof (from);
if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
fprintf(stderr, "%s: ", progname);
perror("getpeername");
_exit(1);
}
if (keepalive &&
setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0) {
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
}
#if defined(HAS_IPPROTO_IP) && defined(IP_TOS)
{
# if defined(HAS_GETTOS)
struct tosent *tp;
if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
tos = tp->t_tos;
# endif
if (tos < 0)
tos = 020; /* Low Delay bit */
if (tos
&& (setsockopt(0, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0)
&& (errno != ENOPROTOOPT) )
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
}
#endif /* defined(HAS_IPPROTO_IP) && defined(IP_TOS) */
net = 0;
doit(&from);
/* NOTREACHED */
return 0;
} /* end of main */
int
main(int argc, char *argv[], char *env[])
{
struct sockaddr_storage from;
int on = 1;
socklen_t fromlen;
register int ch;
int i;
#if defined(HAS_IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
#endif
initsetproctitle(argc, argv, env);
pfrontp = pbackp = ptyobuf;
netip = netibuf;
#ifdef USE_SSL
/* we need to know the fullpath to the location of the
* certificate that we will be running with as we cannot
* be sure of the cwd when we are launched
*/
sprintf(cert_filepath,"%s/%s",X509_get_default_cert_dir(),
"telnetd.pem");
ssl_cert_file=cert_filepath;
ssl_key_file=NULL;
#endif /* USE_SSL */
while ((ch = getopt(argc, argv, "d:a:e:lhnNr:I:D:B:sS:a:X:L:z:")) != EOF) {
switch(ch) {
#ifdef USE_SSL
case 'z':
{
char *origopt;
origopt=strdup(optarg);
optarg=strtok(origopt,",");
while(optarg!=NULL) {
if (strcmp(optarg, "debug") == 0 ) {
ssl_debug_flag=1;
} else if (strcmp(optarg, "ssl") == 0 ) {
ssl_only_flag=1;
} else if (strcmp(optarg, "certsok") == 0 ) {
ssl_certsok_flag=1;
} else if ( (strcmp(optarg, "!ssl") == 0) ||
(strcmp(optarg, "nossl") == 0) ) {
/* we may want to switch SSL negotiation off
* for testing or other reasons
*/
ssl_disabled_flag=1;
} else if (strcmp(optarg, "certrequired") == 0 ) {
ssl_cert_required=1;
} else if (strcmp(optarg, "secure") == 0 ) {
ssl_secure_flag=1;
} else if (strncmp(optarg, "verify=",
strlen("verify=")) == 0 ) {
ssl_verify_flag=atoi(optarg+strlen("verify="));
} else if (strncmp(optarg, "cert=",
strlen("cert=")) == 0 ) {
ssl_cert_file=optarg+strlen("cert=");
} else if (strncmp(optarg, "key=",
strlen("key=")) == 0 ) {
ssl_key_file=optarg+strlen("key=");
} else if (strncmp(optarg,"cipher=",
strlen("cipher="))==0) {
ssl_cipher_list=optarg+strlen("cipher=");
} else {
/* report when we are given rubbish so that
* if the user makes a mistake they have to
* correct it!
*/
fprintf(stderr,"Unknown SSL option %s\n",optarg);
fflush(stderr);
exit(1);
}
/* get the next one ... */
optarg=strtok(NULL,",");
}
/*
if (origopt!=NULL)
free(origopt);
*/
}
break;
#endif /* USE_SSL */
#ifdef AUTHENTICATE
case 'a':
/*
* Check for required authentication level
*/
if (strcmp(optarg, "debug") == 0) {
extern int auth_debug_mode;
auth_debug_mode = 1;
} else if (strcasecmp(optarg, "none") == 0) {
auth_level = 0;
} else if (strcasecmp(optarg, "other") == 0) {
auth_level = AUTH_OTHER;
} else if (strcasecmp(optarg, "user") == 0) {
auth_level = AUTH_USER;
} else if (strcasecmp(optarg, "valid") == 0) {
auth_level = AUTH_VALID;
} else if (strcasecmp(optarg, "off") == 0) {
/*
* This hack turns off authentication
*/
auth_level = -1;
} else {
fprintf(stderr,
"telnetd: unknown authorization level for -a\n");
}
break;
#endif /* AUTHENTICATE */
#ifdef BFTPDAEMON
case 'B':
bftpd++;
break;
#endif /* BFTPDAEMON */
case 'd':
if (strcmp(optarg, "ebug") == 0) {
debug++;
break;
}
usage();
/* NOTREACHED */
break;
#ifdef DIAGNOSTICS
case 'D':
/*
* Check for desired diagnostics capabilities.
*/
if (!strcmp(optarg, "report")) {
diagnostic |= TD_REPORT|TD_OPTIONS;
} else if (!strcmp(optarg, "exercise")) {
diagnostic |= TD_EXERCISE;
} else if (!strcmp(optarg, "netdata")) {
diagnostic |= TD_NETDATA;
} else if (!strcmp(optarg, "ptydata")) {
diagnostic |= TD_PTYDATA;
} else if (!strcmp(optarg, "options")) {
diagnostic |= TD_OPTIONS;
} else {
usage();
/* NOT REACHED */
}
break;
#endif /* DIAGNOSTICS */
#ifdef AUTHENTICATE
case 'e':
if (strcmp(optarg, "debug") == 0) {
extern int auth_debug_mode;
auth_debug_mode = 1;
break;
}
usage();
/* NOTREACHED */
break;
#endif /* AUTHENTICATE */
case 'h':
hostinfo = 0;
break;
#ifdef LINEMODE
case 'l':
alwayslinemode = 1;
break;
#endif /* LINEMODE */
case 'L':
loginprg = strdup(optarg);
/* XXX what if strdup fails? */
break;
case 'n':
keepalive = 0;
break;
case 'N':
numeric_hosts = 1;
break;
#ifdef SecurID
case 's':
/* SecurID required */
require_SecurID = 1;
break;
#endif /* SecurID */
case 'S':
#ifdef HAS_GETTOS
if ((tos = parsetos(optarg, "tcp")) < 0)
fprintf(stderr, "%s%s%s\n",
"telnetd: Bad TOS argument '", optarg,
"'; will try to use default TOS");
#else
fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
"-S flag not supported\n");
#endif
break;
#ifdef AUTHENTICATE
case 'X':
/*
* Check for invalid authentication types
*/
auth_disable_name(optarg);
break;
#endif /* AUTHENTICATE */
default:
fprintf(stderr, "telnetd: %c: unknown option\n", ch);
/* FALLTHROUGH */
case '?':
usage();
/* NOTREACHED */
}
}
#ifdef USE_SSL
if (ssl_secure_flag || ssl_cert_required || ssl_certsok_flag) {
/* in secure mode we *must* switch on the base level
* verify checking otherwise we cannot abort connections
* at the right place!
*/
if (ssl_verify_flag==0)
ssl_verify_flag=1;
}
/* if we are not running in debug then any error
* stuff from SSL debug *must* not go down
* the socket (which 0,1,2 are all pointing to by
* default)
*/
if (ssl_debug_flag)
ssl_log_file="/telnetd.log";
if (!do_ssleay_init(1)) {
if (bio_err!=NULL) {
BIO_printf(bio_err,"do_ssleay_init() failed\n");
ERR_print_errors(bio_err);
} else {
fflush(stderr);
fprintf(stderr,"do_ssleay_init() failed\n");
ERR_print_errors_fp(stderr);
}
exit(1);
}
if (ssl_debug_flag) {
BIO_printf(bio_err,"secure %d certrequired %d verify %d\n",
ssl_secure_flag,ssl_cert_required,ssl_verify_flag);
for(i=0;i<argc;i++)
BIO_printf(bio_err,"argv[%d]=\"%s\"\n",i,argv[i]);
}
#endif /* USE_SSL */
argc -= optind;
argv += optind;
if (debug) {
if (argc > 1) {
usage();
/* NOTREACHED */
}
wait_for_connection((argc == 1) ? *argv : "telnet");
}
openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
fromlen = sizeof (from);
if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
fatalperror(2, "getpeername");
}
if (keepalive &&
setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0) {
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
}
#if defined(HAS_IPPROTO_IP) && defined(IP_TOS)
{
# if defined(HAS_GETTOS)
struct tosent *tp;
if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
tos = tp->t_tos;
# endif
if (tos < 0)
tos = 020; /* Low Delay bit */
if (tos
&& (setsockopt(0, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0)
&& (errno != ENOPROTOOPT) )
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
}
#endif /* defined(HAS_IPPROTO_IP) && defined(IP_TOS) */
#ifdef USE_SSL
/* do the SSL stuff now ... before we play with pty's */
SSL_set_fd(ssl_con,0);
if (ssl_only_flag) {
/* hmm ... only when running talking to things like
* https servers should we hit this code and then
* we really don't care *who* we talk to :-)
*/
SSL_set_verify(ssl_con,ssl_verify_flag,NULL);
if (SSL_accept(ssl_con) <= 0) {
static char errbuf[1024];
sprintf(errbuf,"SSL_accept error %s\n",
ERR_error_string(ERR_get_error(),NULL));
syslog(LOG_WARNING, "%s", errbuf);
BIO_printf(bio_err,"%s",errbuf);
/* go to sleep to make sure we are noticed */
sleep(10);
SSL_free(ssl_con);
_exit(1);
} else {
ssl_active_flag=1;
}
}
#endif /* USE_SSL */
net = 0;
netopen();
doit((struct sockaddr *)&from, fromlen);
/* NOTREACHED */
return 0;
} /* end of main */
