diff options
author | csgr <csgr@FreeBSD.org> | 1994-08-12 23:00:04 +0000 |
---|---|---|
committer | csgr <csgr@FreeBSD.org> | 1994-08-12 23:00:04 +0000 |
commit | 0c0aebce48b0192f5a0cef62325da3c458a45b78 (patch) | |
tree | 3a50a770ca5b1d6b1812d9ba0693543499e6a269 /libexec | |
parent | a9cb0181e6ef59007ec9ec7f1de7416dd60ab30e (diff) | |
download | FreeBSD-src-0c0aebce48b0192f5a0cef62325da3c458a45b78.zip FreeBSD-src-0c0aebce48b0192f5a0cef62325da3c458a45b78.tar.gz |
Remove the scary bits from telnetd - no more encryption left here.
Only crypt.c in libc remains.
Reviewed by: Geoff Rehmet
Diffstat (limited to 'libexec')
-rw-r--r-- | libexec/telnetd/Makefile | 24 | ||||
-rw-r--r-- | libexec/telnetd/ext.h | 5 | ||||
-rw-r--r-- | libexec/telnetd/state.c | 74 | ||||
-rw-r--r-- | libexec/telnetd/telnetd.c | 34 | ||||
-rw-r--r-- | libexec/telnetd/termstat.c | 19 | ||||
-rw-r--r-- | libexec/telnetd/utility.c | 121 |
6 files changed, 3 insertions, 274 deletions
diff --git a/libexec/telnetd/Makefile b/libexec/telnetd/Makefile index e2b5f1b..543ec17 100644 --- a/libexec/telnetd/Makefile +++ b/libexec/telnetd/Makefile @@ -5,33 +5,13 @@ CFLAGS+=-DLINEMODE -DKLUDGELINEMODE -DUSE_TERMIO -DDIAGNOSTICS CFLAGS+=-DOLD_ENVIRON -DENV_HACK CFLAGS+=-I${.CURDIR}/../../lib #CFLAGS+=-DAUTHENTICATION -DENCRYPTION -SRCS= authenc.c global.c slc.c state.c sys_term.c telnetd.c \ +SRCS= global.c slc.c state.c sys_term.c telnetd.c \ termstat.c utility.c +#SRCS+= authenc.c DPADD= ${LIBUTIL} ${LIBTERM} LDADD= -lutil -ltermcap -ltelnet #LDADD+= -lkrb -ldes MAN8= telnetd.8 -# These are the sources that have encryption stuff in them. -CRYPT_SRC= authenc.c ext.h state.c telnetd.c termstat.c -CRYPT_SRC+= utility.c Makefile -NOCRYPT_DIR=${.CURDIR}/Nocrypt .include <bsd.prog.mk> - -nocrypt: -#ifdef ENCRYPTION - @for i in ${CRYPT_SRC}; do \ - if [ ! -d ${NOCRYPT_DIR} ]; then \ - echo Creating subdirectory ${NOCRYPT_DIR}; \ - mkdir ${NOCRYPT_DIR}; \ - fi; \ - echo ${NOCRYPT_DIR}/$$i; \ - unifdef -UENCRYPTION ${.CURDIR}/$$i | \ - sed "s/ || defined(ENCRYPTION)//" > ${NOCRYPT_DIR}/$$i; \ - done - -placeholder: -#else /* ENCRYPTION */ - @echo "Encryption code already removed." -#endif /* ENCRYPTION */ diff --git a/libexec/telnetd/ext.h b/libexec/telnetd/ext.h index 19bc0d6..62b0fd7 100644 --- a/libexec/telnetd/ext.h +++ b/libexec/telnetd/ext.h @@ -191,11 +191,6 @@ extern void wontoption P((int)), writenet P((unsigned char *, int)); -#ifdef ENCRYPTION -extern void (*encrypt_output) P((unsigned char *, int)); -extern int (*decrypt_input) P((int)); -extern char *nclearto; -#endif /* ENCRYPTION */ /* diff --git a/libexec/telnetd/state.c b/libexec/telnetd/state.c index 2d327a5..c957734 100644 --- a/libexec/telnetd/state.c +++ b/libexec/telnetd/state.c @@ -94,10 +94,6 @@ telrcv() if ((&ptyobuf[BUFSIZ] - pfrontp) < 2) break; c = *netip++ & 0377, ncc--; -#ifdef ENCRYPTION - if (decrypt_input) - c = (*decrypt_input)(c); -#endif /* ENCRYPTION */ switch (state) { case TS_CR: @@ -126,10 +122,6 @@ telrcv() */ if ((c == '\r') && his_state_is_wont(TELOPT_BINARY)) { int nc = *netip; -#ifdef ENCRYPTION - if (decrypt_input) - nc = (*decrypt_input)(nc & 0xff); -#endif /* ENCRYPTION */ #ifdef LINEMODE /* * If we are operating in linemode, @@ -142,10 +134,6 @@ telrcv() } else #endif { -#ifdef ENCRYPTION - if (decrypt_input) - (void)(*decrypt_input)(-1); -#endif /* ENCRYPTION */ state = TS_CR; } } @@ -464,9 +452,6 @@ extern void auth_request(); #ifdef LINEMODE extern void doclientstat(); #endif -#ifdef ENCRYPTION -extern void encrypt_send_support(); -#endif /* ENCRYPTION */ void willoption(option) @@ -580,12 +565,6 @@ willoption(option) break; #endif -#ifdef ENCRYPTION - case TELOPT_ENCRYPT: - func = encrypt_send_support; - changeok++; - break; -#endif /* ENCRYPTION */ default: break; @@ -645,11 +624,6 @@ willoption(option) break; #endif -#ifdef ENCRYPTION - case TELOPT_ENCRYPT: - func = encrypt_send_support; - break; -#endif /* ENCRYPTION */ case TELOPT_LFLOW: func = flowstat; break; @@ -940,11 +914,6 @@ dooption(option) /* NOT REACHED */ break; -#ifdef ENCRYPTION - case TELOPT_ENCRYPT: - changeok++; - break; -#endif /* ENCRYPTION */ case TELOPT_LINEMODE: case TELOPT_TTYPE: case TELOPT_NAWS: @@ -1464,49 +1433,6 @@ suboption() } break; #endif -#ifdef ENCRYPTION - case TELOPT_ENCRYPT: - if (SB_EOF()) - break; - switch(SB_GET()) { - case ENCRYPT_SUPPORT: - encrypt_support(subpointer, SB_LEN()); - break; - case ENCRYPT_IS: - encrypt_is(subpointer, SB_LEN()); - break; - case ENCRYPT_REPLY: - encrypt_reply(subpointer, SB_LEN()); - break; - case ENCRYPT_START: - encrypt_start(subpointer, SB_LEN()); - break; - case ENCRYPT_END: - encrypt_end(); - break; - case ENCRYPT_REQSTART: - encrypt_request_start(subpointer, SB_LEN()); - break; - case ENCRYPT_REQEND: - /* - * We can always send an REQEND so that we cannot - * get stuck encrypting. We should only get this - * if we have been able to get in the correct mode - * anyhow. - */ - encrypt_request_end(); - break; - case ENCRYPT_ENC_KEYID: - encrypt_enc_keyid(subpointer, SB_LEN()); - break; - case ENCRYPT_DEC_KEYID: - encrypt_dec_keyid(subpointer, SB_LEN()); - break; - default: - break; - } - break; -#endif /* ENCRYPTION */ default: break; diff --git a/libexec/telnetd/telnetd.c b/libexec/telnetd/telnetd.c index 6860534..5b2a884 100644 --- a/libexec/telnetd/telnetd.c +++ b/libexec/telnetd/telnetd.c @@ -143,9 +143,6 @@ char valid_opts[] = { #ifdef DIAGNOSTICS 'D', ':', #endif -#ifdef ENCRYPTION - 'e', ':', -#endif #if defined(CRAY) && defined(NEWINIT) 'I', ':', #endif @@ -176,9 +173,6 @@ main(argc, argv) pfrontp = pbackp = ptyobuf; netip = netibuf; nfrontp = nbackp = netobuf; -#ifdef ENCRYPTION - nclearto = 0; -#endif /* ENCRYPTION */ progname = *argv; @@ -258,17 +252,6 @@ main(argc, argv) break; #endif /* DIAGNOSTICS */ -#ifdef ENCRYPTION - case 'e': - if (strcmp(optarg, "debug") == 0) { - extern int encrypt_debug_mode; - encrypt_debug_mode = 1; - break; - } - usage(); - /* NOTREACHED */ - break; -#endif /* ENCRYPTION */ case 'h': hostinfo = 0; @@ -605,18 +588,12 @@ getterminaltype(name) } #endif -#ifdef ENCRYPTION - send_will(TELOPT_ENCRYPT, 1); -#endif /* ENCRYPTION */ send_do(TELOPT_TTYPE, 1); send_do(TELOPT_TSPEED, 1); send_do(TELOPT_XDISPLOC, 1); send_do(TELOPT_NEW_ENVIRON, 1); send_do(TELOPT_OLD_ENVIRON, 1); while ( -#ifdef ENCRYPTION - his_do_dont_is_changing(TELOPT_ENCRYPT) || -#endif /* ENCRYPTION */ his_will_wont_is_changing(TELOPT_TTYPE) || his_will_wont_is_changing(TELOPT_TSPEED) || his_will_wont_is_changing(TELOPT_XDISPLOC) || @@ -624,15 +601,6 @@ getterminaltype(name) his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) { ttloop(); } -#ifdef ENCRYPTION - /* - * Wait for the negotiation of what type of encryption we can - * send with. If autoencrypt is not set, this will just return. - */ - if (his_state_is_will(TELOPT_ENCRYPT)) { - encrypt_wait(); - } -#endif /* ENCRYPTION */ if (his_state_is_will(TELOPT_TSPEED)) { static unsigned char sb[] = { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE }; @@ -854,7 +822,7 @@ doit(who) (void) gethostname(host_name, sizeof (host_name)); hostname = host_name; -#if defined(AUTHENTICATION) || defined(ENCRYPTION) +#if defined(AUTHENTICATION) auth_encrypt_init(hostname, host, "TELNETD", 1); #endif diff --git a/libexec/telnetd/termstat.c b/libexec/telnetd/termstat.c index a3f6931..25124a0 100644 --- a/libexec/telnetd/termstat.c +++ b/libexec/telnetd/termstat.c @@ -181,25 +181,6 @@ localstat() tty_setlinemode(uselinemode); } -#ifdef ENCRYPTION - /* - * If the terminal is not echoing, but editing is enabled, - * something like password input is going to happen, so - * if we the other side is not currently sending encrypted - * data, ask the other side to start encrypting. - */ - if (his_state_is_will(TELOPT_ENCRYPT)) { - static int enc_passwd = 0; - if (uselinemode && !tty_isecho() && tty_isediting() - && (enc_passwd == 0) && !decrypt_input) { - encrypt_send_request_start(); - enc_passwd = 1; - } else if (enc_passwd) { - encrypt_send_request_end(); - enc_passwd = 0; - } - } -#endif /* ENCRYPTION */ /* * Do echo mode handling as soon as we know what the diff --git a/libexec/telnetd/utility.c b/libexec/telnetd/utility.c index 8c08bdc..1fbd7e3 100644 --- a/libexec/telnetd/utility.c +++ b/libexec/telnetd/utility.c @@ -193,11 +193,7 @@ netclear() #define wewant(p) ((nfrontp > p) && ((*p&0xff) == IAC) && \ ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL)) -#ifdef ENCRYPTION - thisitem = nclearto > netobuf ? nclearto : netobuf; -#else /* ENCRYPTION */ thisitem = netobuf; -#endif /* ENCRYPTION */ while ((next = nextitem(thisitem)) <= nbackp) { thisitem = next; @@ -205,11 +201,7 @@ netclear() /* Now, thisitem is first before/at boundary. */ -#ifdef ENCRYPTION - good = nclearto > netobuf ? nclearto : netobuf; -#else /* ENCRYPTION */ good = netobuf; /* where the good bytes go */ -#endif /* ENCRYPTION */ while (nfrontp > thisitem) { if (wewant(thisitem)) { @@ -250,15 +242,6 @@ netflush() n += strlen(nfrontp); /* get count first */ nfrontp += strlen(nfrontp); /* then move pointer */ }); -#ifdef ENCRYPTION - if (encrypt_output) { - char *s = nclearto ? nclearto : nbackp; - if (nfrontp - s > 0) { - (*encrypt_output)((unsigned char *)s, nfrontp-s); - nclearto = nfrontp; - } - } -#endif /* ENCRYPTION */ /* * if no urgent data, or if the other side appears to be an * old 4.2 client (and thus unable to survive TCP urgent data), @@ -289,18 +272,11 @@ netflush() cleanup(0); } nbackp += n; -#ifdef ENCRYPTION - if (nbackp > nclearto) - nclearto = 0; -#endif /* ENCRYPTION */ if (nbackp >= neturg) { neturg = 0; } if (nbackp == nfrontp) { nbackp = nfrontp = netobuf; -#ifdef ENCRYPTION - nclearto = 0; -#endif /* ENCRYPTION */ } return; } /* end of netflush */ @@ -346,16 +322,6 @@ fatal(f, msg) char buf[BUFSIZ]; (void) sprintf(buf, "telnetd: %s.\r\n", msg); -#ifdef ENCRYPTION - if (encrypt_output) { - /* - * Better turn off encryption first.... - * Hope it flushes... - */ - encrypt_send_end(); - netflush(); - } -#endif /* ENCRYPTION */ (void) write(f, buf, (int)strlen(buf)); sleep(1); /*XXX*/ exit(1); @@ -1044,93 +1010,6 @@ printsub(direction, pointer, length) break; #endif -#ifdef ENCRYPTION - case TELOPT_ENCRYPT: - sprintf(nfrontp, "ENCRYPT"); - nfrontp += strlen(nfrontp); - if (length < 2) { - sprintf(nfrontp, " (empty suboption??\?)"); - nfrontp += strlen(nfrontp); - break; - } - switch (pointer[1]) { - case ENCRYPT_START: - sprintf(nfrontp, " START"); - nfrontp += strlen(nfrontp); - break; - - case ENCRYPT_END: - sprintf(nfrontp, " END"); - nfrontp += strlen(nfrontp); - break; - - case ENCRYPT_REQSTART: - sprintf(nfrontp, " REQUEST-START"); - nfrontp += strlen(nfrontp); - break; - - case ENCRYPT_REQEND: - sprintf(nfrontp, " REQUEST-END"); - nfrontp += strlen(nfrontp); - break; - - case ENCRYPT_IS: - case ENCRYPT_REPLY: - sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ? - "IS" : "REPLY"); - nfrontp += strlen(nfrontp); - if (length < 3) { - sprintf(nfrontp, " (partial suboption??\?)"); - nfrontp += strlen(nfrontp); - break; - } - if (ENCTYPE_NAME_OK(pointer[2])) - sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2])); - else - sprintf(nfrontp, " %d (unknown)", pointer[2]); - nfrontp += strlen(nfrontp); - - encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf)); - sprintf(nfrontp, "%s", buf); - nfrontp += strlen(nfrontp); - break; - - case ENCRYPT_SUPPORT: - i = 2; - sprintf(nfrontp, " SUPPORT "); - nfrontp += strlen(nfrontp); - while (i < length) { - if (ENCTYPE_NAME_OK(pointer[i])) - sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i])); - else - sprintf(nfrontp, "%d ", pointer[i]); - nfrontp += strlen(nfrontp); - i++; - } - break; - - case ENCRYPT_ENC_KEYID: - sprintf(nfrontp, " ENC_KEYID", pointer[1]); - nfrontp += strlen(nfrontp); - goto encommon; - - case ENCRYPT_DEC_KEYID: - sprintf(nfrontp, " DEC_KEYID", pointer[1]); - nfrontp += strlen(nfrontp); - goto encommon; - - default: - sprintf(nfrontp, " %d (unknown)", pointer[1]); - nfrontp += strlen(nfrontp); - encommon: - for (i = 2; i < length; i++) { - sprintf(nfrontp, " %d", pointer[i]); - nfrontp += strlen(nfrontp); - } - break; - } - break; -#endif /* ENCRYPTION */ default: if (TELOPT_OK(pointer[0])) |