diff options
Diffstat (limited to 'crypto/kerberosIV/appl/telnet')
19 files changed, 312 insertions, 139 deletions
diff --git a/crypto/kerberosIV/appl/telnet/ChangeLog b/crypto/kerberosIV/appl/telnet/ChangeLog index 5681679..b2c27bc 100644 --- a/crypto/kerberosIV/appl/telnet/ChangeLog +++ b/crypto/kerberosIV/appl/telnet/ChangeLog @@ -1,3 +1,57 @@ +2000-03-26 Assar Westerlund <assar@sics.se> + + * telnetd/sys_term.c (*): make sure to always call time, ctime, + and gmtime with `time_t's. there were some types (like in + lastlog) that we believed to always be time_t. this has proven + wrong on Solaris 8 in 64-bit mode, where they are stored as 32-bit + quantities but time_t has gone up to 64 bits + +1999-09-16 Assar Westerlund <assar@sics.se> + + * telnet/commands.c: revert 1.54, get_default_username should DTRT + now + +1999-09-05 Assar Westerlund <assar@sics.se> + + * telnetd/utility.c (ttloop): make it return 1 if interrupted by a + signal, which must have been what was meant from the beginning + + * telnetd/ext.h (ttloop): update prototype + + * telnetd/authenc.c (telnet_spin): actually return the value from + ttloop (otherwise it's kind of bogus) + +1999-08-05 Assar Westerlund <assar@sics.se> + + * telnetd/sys_term.c (rmut): free utxp + +1999-08-04 Assar Westerlund <assar@sics.se> + + * telnet/main.c: add -G and config file support. From Miroslav + Ruda <ruda@ics.muni.cz> + + * telnetd/sys_term.c (rmut): work around utmpx strangness. From + Miroslav Ruda <ruda@ics.muni.cz> + +1999-08-02 Assar Westerlund <assar@sics.se> + + * telnetd/telnetd.c (doit): only free hp if != NULL. From: Jonas + Oberg <jonas@coyote.org> + +1999-07-29 Assar Westerlund <assar@sics.se> + + * telnetd/telnetd.c (doit): remove unused variable mapped_sin + +1999-07-26 Assar Westerlund <assar@sics.se> + + * telnetd/ext.h: update prototypes + + * telnetd/telnetd.c: make it handle v4 and v6 sockets. (it + doesn't handle being given a v6 socket that's really talking to an + v4 adress (mapped) because the rest of the code in telnetd is not + able to handle it anyway). please run two telnetd from your + inetd, one for v4 and one for v6. + 1999-07-07 Assar Westerlund <assar@sics.se> * telnet/commands.c (tn): extra bogus const-cast diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c index b5c0953..02e4aca 100644 --- a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c +++ b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c @@ -55,7 +55,7 @@ #include <config.h> #endif -RCSID("$Id: kerberos.c,v 1.45 1999/03/13 21:18:55 assar Exp $"); +RCSID("$Id: kerberos.c,v 1.46 1999/09/16 20:41:33 assar Exp $"); #ifdef KRB4 #ifdef HAVE_SYS_TYPES_H @@ -180,7 +180,7 @@ kerberos4_send(char *name, Authenticator *ap) memset(instance, 0, sizeof(instance)); - strcpy_truncate (instance, + strlcpy (instance, krb_get_phost(RemoteHostName), INST_SZ); @@ -521,7 +521,7 @@ kerberos4_status(Authenticator *ap, char *name, size_t name_sz, int level) return(level); if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { - strcpy_truncate(name, UserNameRequested, name_sz); + strlcpy(name, UserNameRequested, name_sz); return(AUTH_VALID); } else return(AUTH_USER); @@ -540,11 +540,11 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) switch(data[3]) { case KRB_REJECT: /* Rejected (reason might follow) */ - strcpy_truncate((char *)buf, " REJECT ", buflen); + strlcpy((char *)buf, " REJECT ", buflen); goto common; case KRB_ACCEPT: /* Accepted (name might follow) */ - strcpy_truncate((char *)buf, " ACCEPT ", buflen); + strlcpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) @@ -557,15 +557,15 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) break; case KRB_AUTH: /* Authentication data follows */ - strcpy_truncate((char *)buf, " AUTH", buflen); + strlcpy((char *)buf, " AUTH", buflen); goto common2; case KRB_CHALLENGE: - strcpy_truncate((char *)buf, " CHALLENGE", buflen); + strlcpy((char *)buf, " CHALLENGE", buflen); goto common2; case KRB_RESPONSE: - strcpy_truncate((char *)buf, " RESPONSE", buflen); + strlcpy((char *)buf, " RESPONSE", buflen); goto common2; default: diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c index 0b7818f..3e6abbb 100644 --- a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c +++ b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c @@ -53,7 +53,7 @@ #include <config.h> -RCSID("$Id: kerberos5.c,v 1.37 1999/06/24 17:09:10 assar Exp $"); +RCSID("$Id: kerberos5.c,v 1.38 1999/09/16 20:41:33 assar Exp $"); #ifdef KRB5 @@ -587,7 +587,7 @@ kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level) ticket->client, UserNameRequested)) { - strcpy_truncate(name, UserNameRequested, name_sz); + strlcpy(name, UserNameRequested, name_sz); return(AUTH_VALID); } else return(AUTH_USER); @@ -606,11 +606,11 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) switch(data[3]) { case KRB_REJECT: /* Rejected (reason might follow) */ - strcpy_truncate((char *)buf, " REJECT ", buflen); + strlcpy((char *)buf, " REJECT ", buflen); goto common; case KRB_ACCEPT: /* Accepted (name might follow) */ - strcpy_truncate((char *)buf, " ACCEPT ", buflen); + strlcpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) @@ -624,24 +624,24 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) case KRB_AUTH: /* Authentication data follows */ - strcpy_truncate((char *)buf, " AUTH", buflen); + strlcpy((char *)buf, " AUTH", buflen); goto common2; case KRB_RESPONSE: - strcpy_truncate((char *)buf, " RESPONSE", buflen); + strlcpy((char *)buf, " RESPONSE", buflen); goto common2; case KRB_FORWARD: /* Forwarded credentials follow */ - strcpy_truncate((char *)buf, " FORWARD", buflen); + strlcpy((char *)buf, " FORWARD", buflen); goto common2; case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */ - strcpy_truncate((char *)buf, " FORWARD_ACCEPT", buflen); + strlcpy((char *)buf, " FORWARD_ACCEPT", buflen); goto common2; case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */ /* (reason might follow) */ - strcpy_truncate((char *)buf, " FORWARD_REJECT", buflen); + strlcpy((char *)buf, " FORWARD_REJECT", buflen); goto common2; default: diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c index ee1eee2..a85d562c 100644 --- a/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c +++ b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c @@ -33,7 +33,7 @@ #include <config.h> -RCSID("$Id: krb4encpwd.c,v 1.17 1998/07/09 23:16:29 assar Exp $"); +RCSID("$Id: krb4encpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $"); #ifdef KRB4_ENCPWD /* @@ -308,7 +308,7 @@ krb4encpwd_reply(ap, data, cnt) des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0); UserPassword = user_passwd; Challenge = challenge; - strcpy_truncate(instance, RemoteHostName, sizeof(instance)); + strlcpy(instance, RemoteHostName, sizeof(instance)); if ((cp = strchr(instance, '.')) != 0) *cp = '\0'; if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) { @@ -338,7 +338,7 @@ krb4encpwd_status(ap, name, name_sz, level) return(level); if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) { - strcpy_truncate(name, UserNameRequested, name_sz); + strlcpy(name, UserNameRequested, name_sz); return(AUTH_VALID); } else { return(AUTH_USER); @@ -360,11 +360,11 @@ krb4encpwd_printsub(data, cnt, buf, buflen) switch(data[3]) { case KRB4_ENCPWD_REJECT: /* Rejected (reason might follow) */ - strcpy_truncate((char *)buf, " REJECT ", buflen); + strlcpy((char *)buf, " REJECT ", buflen); goto common; case KRB4_ENCPWD_ACCEPT: /* Accepted (name might follow) */ - strcpy_truncate((char *)buf, " ACCEPT ", buflen); + strlcpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) @@ -377,15 +377,15 @@ krb4encpwd_printsub(data, cnt, buf, buflen) break; case KRB4_ENCPWD_AUTH: /* Authentication data follows */ - strcpy_truncate((char *)buf, " AUTH", buflen); + strlcpy((char *)buf, " AUTH", buflen); goto common2; case KRB4_ENCPWD_CHALLENGE: - strcpy_truncate((char *)buf, " CHALLENGE", buflen); + strlcpy((char *)buf, " CHALLENGE", buflen); goto common2; case KRB4_ENCPWD_ACK: - strcpy_truncate((char *)buf, " ACK", buflen); + strlcpy((char *)buf, " ACK", buflen); goto common2; default: diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c b/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c index 267e98e..dafb448 100644 --- a/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c +++ b/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c @@ -33,7 +33,7 @@ #include <config.h> -RCSID("$Id: rsaencpwd.c,v 1.17 1998/07/09 23:16:32 assar Exp $"); +RCSID("$Id: rsaencpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $"); #ifdef RSA_ENCPWD /* @@ -260,7 +260,7 @@ rsaencpwd_is(ap, data, cnt) snprintf(challenge, sizeof(challenge), "%x", now); challenge_len = strlen(challenge); } else { - strcpy_truncate(challenge, "randchal", sizeof(challenge)); + strlcpy(challenge, "randchal", sizeof(challenge)); challenge_len = 8; } @@ -392,7 +392,7 @@ rsaencpwd_status(ap, name, name_sz, level) return(level); if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) { - strcpy_truncate(name, UserNameRequested, name_sz); + strlcpy(name, UserNameRequested, name_sz); return(AUTH_VALID); } else { return(AUTH_USER); @@ -414,11 +414,11 @@ rsaencpwd_printsub(data, cnt, buf, buflen) switch(data[3]) { case RSA_ENCPWD_REJECT: /* Rejected (reason might follow) */ - strcpy_truncate((char *)buf, " REJECT ", buflen); + strlcpy((char *)buf, " REJECT ", buflen); goto common; case RSA_ENCPWD_ACCEPT: /* Accepted (name might follow) */ - strcpy_truncate((char *)buf, " ACCEPT ", buflen); + strlcpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) @@ -431,11 +431,11 @@ rsaencpwd_printsub(data, cnt, buf, buflen) break; case RSA_ENCPWD_AUTH: /* Authentication data follows */ - strcpy_truncate((char *)buf, " AUTH", buflen); + strlcpy((char *)buf, " AUTH", buflen); goto common2; case RSA_ENCPWD_CHALLENGEKEY: - strcpy_truncate((char *)buf, " CHALLENGEKEY", buflen); + strlcpy((char *)buf, " CHALLENGEKEY", buflen); goto common2; default: diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/spx.c b/crypto/kerberosIV/appl/telnet/libtelnet/spx.c index 6d2eefe..9155ef2 100644 --- a/crypto/kerberosIV/appl/telnet/libtelnet/spx.c +++ b/crypto/kerberosIV/appl/telnet/libtelnet/spx.c @@ -33,7 +33,7 @@ #include <config.h> -RCSID("$Id: spx.c,v 1.16 1998/07/09 23:16:33 assar Exp $"); +RCSID("$Id: spx.c,v 1.17 1999/09/16 20:41:34 assar Exp $"); #ifdef SPX /* @@ -514,7 +514,7 @@ spx_status(ap, name, name_sz, level) &acl_file_buffer); if (major_status == GSS_S_COMPLETE) { - strcpy_truncate(name, UserNameRequested, name_sz); + strlcpy(name, UserNameRequested, name_sz); return(AUTH_VALID); } else { return(AUTH_USER); @@ -537,11 +537,11 @@ spx_printsub(data, cnt, buf, buflen) switch(data[3]) { case SPX_REJECT: /* Rejected (reason might follow) */ - strcpy_truncate((char *)buf, " REJECT ", buflen); + strlcpy((char *)buf, " REJECT ", buflen); goto common; case SPX_ACCEPT: /* Accepted (name might follow) */ - strcpy_truncate((char *)buf, " ACCEPT ", buflen); + strlcpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) @@ -554,7 +554,7 @@ spx_printsub(data, cnt, buf, buflen) break; case SPX_AUTH: /* Authentication data follows */ - strcpy_truncate((char *)buf, " AUTH", buflen); + strlcpy((char *)buf, " AUTH", buflen); goto common2; default: diff --git a/crypto/kerberosIV/appl/telnet/telnet/authenc.c b/crypto/kerberosIV/appl/telnet/telnet/authenc.c index 08da93d..6150fc7 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/authenc.c +++ b/crypto/kerberosIV/appl/telnet/telnet/authenc.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: authenc.c,v 1.9 1999/03/19 23:13:51 assar Exp $"); +RCSID("$Id: authenc.c,v 1.10 1999/09/16 20:41:35 assar Exp $"); #if defined(AUTHENTICATION) || defined(ENCRYPTION) int @@ -82,7 +82,7 @@ telnet_gets(char *prompt, char *result, int length, int echo) printf("%s", prompt); res = fgets(result, length, stdin); } else if ((res = getpass(prompt))) { - strcpy_truncate(result, res, length); + strlcpy(result, res, length); res = result; } TerminalNewMode(om); diff --git a/crypto/kerberosIV/appl/telnet/telnet/commands.c b/crypto/kerberosIV/appl/telnet/telnet/commands.c index 57803fa..fe77b56 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/commands.c +++ b/crypto/kerberosIV/appl/telnet/telnet/commands.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: commands.c,v 1.53 1999/07/07 14:56:17 assar Exp $"); +RCSID("$Id: commands.c,v 1.56 1999/09/16 20:41:35 assar Exp $"); #if defined(IPPROTO_IP) && defined(IP_TOS) int tos = -1; @@ -67,7 +67,7 @@ makeargv() cp = line; if (*cp == '!') { /* Special case shell escape */ /* save for shell command */ - strcpy_truncate(saveline, line, sizeof(saveline)); + strlcpy(saveline, line, sizeof(saveline)); *argp++ = "!"; /* No room in string to get this */ margc++; cp++; @@ -1583,7 +1583,7 @@ env_init(void) if (strchr(hbuf, '.') == 0) { struct hostent *he = roken_gethostbyname(hbuf); if (he != NULL) - strcpy_truncate(hbuf, he->h_name, 256); + strlcpy(hbuf, he->h_name, 256); } asprintf (&cp, "%s%s", hbuf, cp2); @@ -1981,7 +1981,7 @@ cmdrc(char *m1, char *m2) if (skiprc) return; - strcpy_truncate(m1save, m1, sizeof(m1save)); + strlcpy(m1save, m1, sizeof(m1save)); m1 = m1save; if (rcname[0] == 0) { @@ -2075,7 +2075,7 @@ tn(int argc, char **argv) return 0; } if (argc < 2) { - strcpy_truncate(line, "open ", sizeof(line)); + strlcpy(line, "open ", sizeof(line)); printf("(to) "); fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin); makeargv(); @@ -2146,7 +2146,7 @@ tn(int argc, char **argv) sin6.sin6_family = family = AF_INET6; sa = (struct sockaddr *)&sin6; sa_size = sizeof(sin6); - strcpy_truncate(_hostname, hostp, sizeof(_hostname)); + strlcpy(_hostname, hostp, sizeof(_hostname)); hostname =_hostname; } else #endif @@ -2154,7 +2154,7 @@ tn(int argc, char **argv) sin.sin_family = family = AF_INET; sa = (struct sockaddr *)&sin; sa_size = sizeof(sin); - strcpy_truncate(_hostname, hostp, sizeof(_hostname)); + strlcpy(_hostname, hostp, sizeof(_hostname)); hostname = _hostname; } else { #ifdef HAVE_GETHOSTBYNAME2 @@ -2167,7 +2167,7 @@ tn(int argc, char **argv) host = roken_gethostbyname(hostp); #endif if (host) { - strcpy_truncate(_hostname, host->h_name, sizeof(_hostname)); + strlcpy(_hostname, host->h_name, sizeof(_hostname)); family = host->h_addrtype; addr_list = host->h_addr_list; diff --git a/crypto/kerberosIV/appl/telnet/telnet/main.c b/crypto/kerberosIV/appl/telnet/telnet/main.c index 2c896eb..ea60ae9 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/main.c +++ b/crypto/kerberosIV/appl/telnet/telnet/main.c @@ -38,7 +38,7 @@ static char *copyright[] = { }; #include "telnet_locl.h" -RCSID("$Id: main.c,v 1.27 1999/03/11 13:49:23 joda Exp $"); +RCSID("$Id: main.c,v 1.30 1999/11/13 06:30:11 assar Exp $"); /* These values need to be the same as defined in libtelnet/kerberos5.c */ /* Either define them in both places, or put in some common header file. */ @@ -69,7 +69,7 @@ usage(void) { fprintf(stderr, "Usage: %s %s%s%s%s\n", prompt, #ifdef AUTHENTICATION - "[-8] [-E] [-K] [-L] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]", + "[-8] [-E] [-K] [-L] [-G] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]", "\n\t[-k realm] [-l user] [-f/-F] [-n tracefile] ", #else "[-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user]", @@ -90,6 +90,11 @@ usage(void) */ +#ifdef FORWARD +extern int forward_flags; +static int default_forward=0; +#endif /* FORWARD */ + #ifdef KRB5 /* XXX ugly hack to setup dns-proxy stuff */ #define Authenticator asn1_Authenticator @@ -99,8 +104,29 @@ krb5_init(void) { krb5_context context; krb5_init_context(&context); + +#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) + if (krb5_config_get_bool (context, NULL, + "libdefaults", "forward", NULL)) { + forward_flags |= OPTS_FORWARD_CREDS; + default_forward=1; + } + if (krb5_config_get_bool (context, NULL, + "libdefaults", "forwardable", NULL)) { + forward_flags |= OPTS_FORWARDABLE_CREDS; + default_forward=1; + } +#endif +#ifdef ENCRYPTION + if (krb5_config_get_bool (context, NULL, + "libdefaults", "encrypt", NULL)) { + encrypt_auto(1); + decrypt_auto(1); + EncryptVerbose(1); + } +#endif + krb5_free_context(context); - } #endif @@ -109,9 +135,6 @@ main(int argc, char **argv) { int ch; char *user; -#ifdef FORWARD - extern int forward_flags; -#endif /* FORWARD */ #ifdef KRB5 krb5_init(); @@ -137,7 +160,8 @@ main(int argc, char **argv) */ autologin = -1; - while((ch = getopt(argc, argv, "78DEKLS:X:abcde:fFk:l:n:rx")) != EOF) { + while((ch = getopt(argc, argv, + "78DEKLS:X:abcde:fFk:l:n:rxG")) != -1) { switch(ch) { case '8': eight = 3; /* binary output and input */ @@ -202,7 +226,8 @@ main(int argc, char **argv) break; case 'f': #if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) - if (forward_flags & OPTS_FORWARD_CREDS) { + if ((forward_flags & OPTS_FORWARD_CREDS) && + !default_forward) { fprintf(stderr, "%s: Only one of -f and -F allowed.\n", prompt); @@ -217,7 +242,8 @@ main(int argc, char **argv) break; case 'F': #if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) - if (forward_flags & OPTS_FORWARD_CREDS) { + if ((forward_flags & OPTS_FORWARD_CREDS) && + !default_forward) { fprintf(stderr, "%s: Only one of -f and -F allowed.\n", prompt); @@ -237,7 +263,7 @@ main(int argc, char **argv) extern char *dest_realm, dst_realm_buf[]; extern int dst_realm_sz; dest_realm = dst_realm_buf; - strcpy_truncate(dest_realm, optarg, dst_realm_sz); + strlcpy(dest_realm, optarg, dst_realm_sz); } #else fprintf(stderr, @@ -269,6 +295,17 @@ main(int argc, char **argv) prompt); #endif break; + case 'G': +#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) + forward_flags ^= OPTS_FORWARD_CREDS; + forward_flags ^= OPTS_FORWARDABLE_CREDS; +#else + fprintf(stderr, + "%s: Warning: -G ignored, no Kerberos V5 support.\n", + prompt); +#endif + break; + case '?': default: usage(); diff --git a/crypto/kerberosIV/appl/telnet/telnet/network.c b/crypto/kerberosIV/appl/telnet/telnet/network.c index faacc30..42ca388 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/network.c +++ b/crypto/kerberosIV/appl/telnet/telnet/network.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: network.c,v 1.10 1997/05/04 04:01:08 assar Exp $"); +RCSID("$Id: network.c,v 1.10.28.1 2000/10/10 13:08:27 assar Exp $"); Ring netoring, netiring; unsigned char netobuf[2*BUFSIZ], netibuf[BUFSIZ]; @@ -69,6 +69,8 @@ stilloob(void) do { FD_ZERO(&excepts); + if (net >= FD_SETSIZE) + errx (1, "fd too large"); FD_SET(net, &excepts); value = select(net+1, 0, 0, &excepts, &timeout); } while ((value == -1) && (errno == EINTR)); diff --git a/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c b/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c index 334ef04..6bff638 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c +++ b/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: sys_bsd.c,v 1.23 1998/06/09 19:24:46 joda Exp $"); +RCSID("$Id: sys_bsd.c,v 1.23.18.2 2000/10/19 21:21:21 assar Exp $"); /* * The following routines try to encapsulate what is system dependent @@ -774,6 +774,11 @@ process_rings(int netin, int returnValue = 0; static struct timeval TimeValue = { 0 }; + if (net >= FD_SETSIZE + || tout >= FD_SETSIZE + || tin >= FD_SETSIZE) + errx (1, "fd too large"); + if (netout) { FD_SET(net, &obits); } @@ -791,7 +796,7 @@ process_rings(int netin, FD_SET(net, &xbits); } #endif - if ((c = select(16, &ibits, &obits, &xbits, + if ((c = select(FD_SETSIZE, &ibits, &obits, &xbits, (poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) { if (c == -1) { /* diff --git a/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h b/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h index b4a3782..0c883d6 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h +++ b/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -36,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: telnet_locl.h,v 1.16.8.1 1999/07/22 03:22:52 assar Exp $ */ +/* $Id: telnet_locl.h,v 1.18 1999/12/02 16:58:34 joda Exp $ */ #ifdef HAVE_CONFIG_H #include <config.h> diff --git a/crypto/kerberosIV/appl/telnet/telnet/utilities.c b/crypto/kerberosIV/appl/telnet/telnet/utilities.c index 5d677cf..ab281a5 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/utilities.c +++ b/crypto/kerberosIV/appl/telnet/telnet/utilities.c @@ -37,7 +37,7 @@ #include "telnet_locl.h" -RCSID("$Id: utilities.c,v 1.21 1998/06/09 19:24:47 joda Exp $"); +RCSID("$Id: utilities.c,v 1.22.2.1 2000/10/10 13:10:27 assar Exp $"); FILE *NetTrace = 0; /* Not in bss, since needs to stay */ int prettydump; @@ -82,13 +82,13 @@ SetNetTrace(char *file) if (file && (strcmp(file, "-") != 0)) { NetTrace = fopen(file, "w"); if (NetTrace) { - strcpy_truncate(NetTraceFile, file, sizeof(NetTraceFile)); + strlcpy(NetTraceFile, file, sizeof(NetTraceFile)); return; } fprintf(stderr, "Cannot open %s.\n", file); } NetTrace = stdout; - strcpy_truncate(NetTraceFile, "(standard output)", sizeof(NetTraceFile)); + strlcpy(NetTraceFile, "(standard output)", sizeof(NetTraceFile)); } void @@ -817,6 +817,9 @@ EmptyTerminal(void) FD_ZERO(&outs); + if (tout >= FD_SETSIZE) + ExitString("fd too large", 1); + if (TTYBYTES() == 0) { FD_SET(tout, &outs); select(tout+1, 0, &outs, 0, diff --git a/crypto/kerberosIV/appl/telnet/telnetd/authenc.c b/crypto/kerberosIV/appl/telnet/telnetd/authenc.c index 2a95127..ec5f2dc 100644 --- a/crypto/kerberosIV/appl/telnet/telnetd/authenc.c +++ b/crypto/kerberosIV/appl/telnet/telnetd/authenc.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: authenc.c,v 1.8 1998/07/09 23:16:37 assar Exp $"); +RCSID("$Id: authenc.c,v 1.9 1999/09/05 19:14:50 assar Exp $"); #ifdef AUTHENTICATION @@ -63,8 +63,7 @@ net_encrypt(void) int telnet_spin(void) { - ttloop(); - return(0); + return ttloop(); } char * diff --git a/crypto/kerberosIV/appl/telnet/telnetd/ext.h b/crypto/kerberosIV/appl/telnet/telnetd/ext.h index 83b7166..8f5edf1 100644 --- a/crypto/kerberosIV/appl/telnet/telnetd/ext.h +++ b/crypto/kerberosIV/appl/telnet/telnetd/ext.h @@ -33,7 +33,7 @@ * @(#)ext.h 8.2 (Berkeley) 12/15/93 */ -/* $Id: ext.h,v 1.17 1998/07/09 23:16:38 assar Exp $ */ +/* $Id: ext.h,v 1.19 1999/09/05 19:15:21 assar Exp $ */ #ifndef __EXT_H__ #define __EXT_H__ @@ -121,11 +121,9 @@ void init_env (void); void start_login (char *host, int autologin, char *name); void cleanup (int sig); int main (int argc, char **argv); -void usage (void); int getterminaltype (char *name, size_t); void _gettermname (void); int terminaltypeok (char *s); -void doit (struct sockaddr_in *who); void my_telnet (int f, int p, char*, int, char*); void interrupt (void); void sendbrk (void); @@ -134,7 +132,7 @@ void recv_ayt (void); void doeof (void); void flowstat (void); void clientstat (int code, int parm1, int parm2); -void ttloop (void); +int ttloop (void); int stilloob (int s); void ptyflush (void); char *nextitem (char *current); diff --git a/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c b/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c index 09753c0..2477c42 100644 --- a/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c +++ b/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: sys_term.c,v 1.85.2.1 1999/07/22 03:23:19 assar Exp $"); +RCSID("$Id: sys_term.c,v 1.89.2.6 2000/12/08 23:34:05 assar Exp $"); #if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H)) # define PARENT_DOES_UTMP @@ -388,7 +388,7 @@ int getpty(int *ptynum) p = _getpty(&master, O_RDWR, 0600, 1); if(p == NULL) return -1; - strcpy_truncate(line, p, sizeof(Xline)); + strlcpy(line, p, sizeof(Xline)); return master; #else @@ -420,7 +420,7 @@ int getpty(int *ptynum) #ifdef HAVE_UNLOCKPT unlockpt(p); #endif - strcpy_truncate(line, ptsname(p), sizeof(Xline)); + strlcpy(line, ptsname(p), sizeof(Xline)); really_stream = 1; return p; } @@ -1154,7 +1154,7 @@ startslave(char *host, int autologin, char *autoname) /* * Create utmp entry for child */ - time(&wtmp.ut_time); + wtmp.ut_time = time(NULL); wtmp.ut_type = LOGIN_PROCESS; wtmp.ut_pid = pid; strncpy(wtmp.ut_user, "LOGIN", sizeof(wtmp.ut_user)); @@ -1205,26 +1205,50 @@ init_env(void) /* * scrub_env() * - * Remove variables from the environment that might cause login to - * behave in a bad manner. To avoid this, login should be staticly - * linked. + * We only accept the environment variables listed below. */ -static void scrub_env(void) +static void +scrub_env(void) { - static char *remove[] = { "LD_", "_RLD_", "LIBPATH=", "IFS=", NULL }; + static const char *reject[] = { + "TERMCAP=/", + NULL + }; + + static const char *accept[] = { + "XAUTH=", "XAUTHORITY=", "DISPLAY=", + "TERM=", + "EDITOR=", + "PAGER=", + "PRINTER=", + "LOGNAME=", + "POSIXLY_CORRECT=", + "TERMCAP=", + NULL + }; char **cpp, **cpp2; - char **p; + const char **p; for (cpp2 = cpp = environ; *cpp; cpp++) { - for(p = remove; *p; p++) + int reject_it = 0; + + for(p = reject; *p; p++) + if(strncmp(*cpp, *p, strlen(*p)) == 0) { + reject_it = 1; + break; + } + if (reject_it) + continue; + + for(p = accept; *p; p++) if(strncmp(*cpp, *p, strlen(*p)) == 0) break; - if(*p == NULL) + if(*p != NULL) *cpp2++ = *cpp; } - *cpp2 = 0; + *cpp2 = NULL; } @@ -1376,7 +1400,7 @@ static int addarg(struct arg_val *argv, char *val) static void rmut(void) { - struct utmpx *utxp, utmpx; + struct utmpx utmpx, *non_save_utxp; char *clean_tty = clean_ttyname(line); /* @@ -1387,8 +1411,14 @@ rmut(void) memset(&utmpx, 0, sizeof(utmpx)); strncpy(utmpx.ut_line, clean_tty, sizeof(utmpx.ut_line)); utmpx.ut_type = LOGIN_PROCESS; - utxp = getutxline(&utmpx); - if (utxp) { + non_save_utxp = getutxline(&utmpx); + if (non_save_utxp) { + struct utmpx *utxp; + char user0; + + utxp = malloc(sizeof(struct utmpx)); + *utxp = *non_save_utxp; + user0 = utxp->ut_user[0]; utxp->ut_user[0] = '\0'; utxp->ut_type = DEAD_PROCESS; #ifdef HAVE_STRUCT_UTMPX_UT_EXIT @@ -1406,6 +1436,7 @@ rmut(void) gettimeofday(&utxp->ut_tv, NULL); pututxline(utxp); #ifdef WTMPX_FILE + utxp->ut_user[0] = user0; updwtmpx(WTMPX_FILE, utxp); #elif defined(WTMP_FILE) /* This is a strange system with a utmpx and a wtmp! */ @@ -1418,14 +1449,13 @@ rmut(void) #ifdef HAVE_STRUCT_UTMP_UT_HOST strncpy(wtmp.ut_host, "", sizeof(wtmp.ut_host)); #endif - time(&wtmp.ut_time); + wtmp.ut_time = time(NULL); write(f, &wtmp, sizeof(wtmp)); close(f); } } -#else - #endif + free (utxp); } endutxent(); } /* end of rmut */ @@ -1463,7 +1493,7 @@ rmut(void) #ifdef HAVE_STRUCT_UTMP_UT_HOST strncpy(u->ut_host, "", sizeof(u->ut_host)); #endif - time(&u->ut_time); + u->ut_time = time(NULL); write(f, u, sizeof(wtmp)); found++; } @@ -1478,7 +1508,7 @@ rmut(void) #ifdef HAVE_STRUCT_UTMP_UT_HOST strncpy(wtmp.ut_host, "", sizeof(wtmp.ut_host)); #endif - time(&wtmp.ut_time); + wtmp.ut_time = time(NULL); write(f, &wtmp, sizeof(wtmp)); close(f); } diff --git a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c index 73008a3..0c2750e 100644 --- a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c +++ b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: telnetd.c,v 1.53 1999/03/15 16:40:52 joda Exp $"); +RCSID("$Id: telnetd.c,v 1.58.2.1 2000/10/10 13:12:08 assar Exp $"); #ifdef _SC_CRAY_SECURE_SYS #include <sys/sysv.h> @@ -117,7 +117,7 @@ int debug = 0; int keepalive = 1; char *progname; -extern void usage (void); +static void usage (void); /* * The string to pass to getopt(). We do it this way so @@ -136,12 +136,14 @@ char valid_opts[] = "Bd:hklnS:u:UL:y" #endif ; -void doit(struct sockaddr_in*); +static void doit(struct sockaddr*, int); -int main(int argc, char **argv) +int +main(int argc, char **argv) { - struct sockaddr_in from; - int on = 1, fromlen; + struct sockaddr_storage __ss; + struct sockaddr *sa = (struct sockaddr *)&__ss; + int on = 1, sa_size; int ch; #if defined(IPPROTO_IP) && defined(IP_TOS) int tos = -1; @@ -167,7 +169,7 @@ int main(int argc, char **argv) highpty = getnpty(); #endif /* CRAY */ - while ((ch = getopt(argc, argv, valid_opts)) != EOF) { + while ((ch = getopt(argc, argv, valid_opts)) != -1) { switch(ch) { #ifdef AUTHENTICATION @@ -406,14 +408,14 @@ int main(int argc, char **argv) #endif /* _SC_CRAY_SECURE_SYS */ roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON); - fromlen = sizeof (from); - if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) { + sa_size = sizeof (__ss); + if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) { fprintf(stderr, "%s: ", progname); perror("getpeername"); _exit(1); } if (keepalive && - setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, + setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof (on)) < 0) { syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); } @@ -428,20 +430,21 @@ int main(int argc, char **argv) if (tos < 0) tos = 020; /* Low Delay bit */ if (tos - && (setsockopt(0, IPPROTO_IP, IP_TOS, + && sa->sa_family == AF_INET + && (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS, (void *)&tos, sizeof(tos)) < 0) && (errno != ENOPROTOOPT) ) syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); } #endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ - net = 0; - doit(&from); + net = STDIN_FILENO; + doit(sa, sa_size); /* NOTREACHED */ return 0; } /* end of main */ -void -usage() +static void +usage(void) { fprintf(stderr, "Usage: telnetd"); #ifdef AUTHENTICATION @@ -591,12 +594,12 @@ getterminaltype(char *name, size_t name_sz) * we have to just go with what we (might) have already gotten. */ if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) { - strcpy_truncate(first, terminaltype, sizeof(first)); + strlcpy(first, terminaltype, sizeof(first)); for(;;) { /* * Save the unknown name, and request the next name. */ - strcpy_truncate(last, terminaltype, sizeof(last)); + strlcpy(last, terminaltype, sizeof(last)); _gettermname(); if (terminaltypeok(terminaltype)) break; @@ -656,14 +659,20 @@ char remote_host_name[MaxHostNameLen]; /* * Get a pty, scan input lines. */ -void -doit(struct sockaddr_in *who) +static void +doit(struct sockaddr *who, int who_len) { char *host = NULL; - struct hostent *hp; + struct hostent *hp = NULL; int level; int ptynum; char user_name[256]; + int error; + char host_addr[256]; + void *addr; + int addr_sz; + const char *tmp; + int af; /* * Find an available pty to use. @@ -688,24 +697,52 @@ doit(struct sockaddr_in *who) } #endif /* _SC_CRAY_SECURE_SYS */ - /* get name of connected client */ - hp = roken_gethostbyaddr((const char *)&who->sin_addr, - sizeof (struct in_addr), - who->sin_family); + af = who->sa_family; + switch (af) { + case AF_INET : { + struct sockaddr_in *sin = (struct sockaddr_in *)who; + + addr = &sin->sin_addr; + addr_sz = sizeof(sin->sin_addr); + break; + } +#ifdef HAVE_IPV6 + case AF_INET6 : { + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)who; + + addr = &sin6->sin6_addr; + addr_sz = sizeof(sin6->sin6_addr); + break; + } +#endif + default : + fatal (net, "Unknown address family\r\n"); + break; + } + + hp = getipnodebyaddr (addr, addr_sz, af, &error); if (hp == NULL && registerd_host_only) { fatal(net, "Couldn't resolve your address into a host name.\r\n\ Please contact your net administrator"); - } else if (hp) { + } else if (hp != NULL) { host = hp->h_name; - } else { - host = inet_ntoa(who->sin_addr); } + + tmp = inet_ntop(af, addr, host_addr, sizeof(host_addr)); + if (tmp == NULL) + strlcpy (host_addr, "unknown address", sizeof(host_addr)); + + if (host == NULL) + host = host_addr; + /* * We must make a copy because Kerberos is probably going * to also do a gethost* and overwrite the static data... */ - strcpy_truncate(remote_host_name, host, sizeof(remote_host_name)); + strlcpy(remote_host_name, host, sizeof(remote_host_name)); + if (hp != NULL) + freehostent (hp); host = remote_host_name; /* XXX - should be k_gethostname? */ @@ -725,9 +762,9 @@ Please contact your net administrator"); * If hostname still doesn't fit utmp, use ipaddr. */ if (strlen(remote_host_name) > abs(utmp_len)) - strcpy_truncate(remote_host_name, - inet_ntoa(who->sin_addr), - sizeof(remote_host_name)); + strlcpy(remote_host_name, + host_addr, + sizeof(remote_host_name)); #ifdef AUTHENTICATION auth_encrypt_init(hostname, host, "TELNETD", 1); @@ -970,6 +1007,11 @@ my_telnet(int f, int p, char *host, int level, char *autoname) FD_ZERO(&ibits); FD_ZERO(&obits); FD_ZERO(&xbits); + + if (f >= FD_SETSIZE + || p >= FD_SETSIZE) + fatal(net, "fd too large"); + /* * Never look for input if there's still * stuff in the corresponding output buffer diff --git a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h index 5ad5bd8..fdda3d7 100644 --- a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h +++ b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h @@ -124,10 +124,6 @@ #include "defs.h" -#ifdef HAVE_ARPA_TELNET_H -#include <arpa/telnet.h> -#endif - #ifndef _POSIX_VDISABLE # ifdef VDISABLE # define _POSIX_VDISABLE VDISABLE @@ -152,12 +148,16 @@ #include <sys/utsname.h> #endif -#include "ext.h" - #ifdef HAVE_PATHS_H #include <paths.h> #endif +#ifdef HAVE_ARPA_TELNET_H +#include <arpa/telnet.h> +#endif + +#include "ext.h" + #ifdef SOCKS #include <socks.h> /* This doesn't belong here. */ diff --git a/crypto/kerberosIV/appl/telnet/telnetd/utility.c b/crypto/kerberosIV/appl/telnet/telnetd/utility.c index cfca89a..ff5192e 100644 --- a/crypto/kerberosIV/appl/telnet/telnetd/utility.c +++ b/crypto/kerberosIV/appl/telnet/telnetd/utility.c @@ -34,7 +34,7 @@ #define PRINTOPTIONS #include "telnetd.h" -RCSID("$Id: utility.c,v 1.20 1998/06/13 00:06:56 assar Exp $"); +RCSID("$Id: utility.c,v 1.22.2.1 2000/10/10 13:12:34 assar Exp $"); /* * utility functions performing io related tasks @@ -47,9 +47,11 @@ RCSID("$Id: utility.c,v 1.20 1998/06/13 00:06:56 assar Exp $"); * data from the network, and pass it through the telnet state * machine. We also flush the pty input buffer (by dropping its data) * if it becomes too full. + * + * return 0 if OK or 1 if interrupted by a signal. */ -void +int ttloop(void) { void netflush(void); @@ -61,10 +63,12 @@ ttloop(void) netflush(); ncc = read(net, netibuf, sizeof netibuf); if (ncc < 0) { + if (errno == EINTR) + return 1; syslog(LOG_INFO, "ttloop: read: %m\n"); exit(1); } else if (ncc == 0) { - syslog(LOG_INFO, "ttloop: peer died: %m\n"); + syslog(LOG_INFO, "ttloop: peer died\n"); exit(1); } DIAG(TD_REPORT, { @@ -76,6 +80,7 @@ ttloop(void) pfrontp = pbackp = ptyobuf; telrcv(); } + return 0; } /* end of ttloop */ /* @@ -88,6 +93,9 @@ stilloob(int s) fd_set excepts; int value; + if (s >= FD_SETSIZE) + fatal(ourpty, "fd too large"); + do { FD_ZERO(&excepts); FD_SET(s, &excepts); @@ -395,7 +403,7 @@ void edithost(char *pat, char *host) pat++; } if (*host) - strcpy_truncate (res, host, + strlcpy (res, host, sizeof editedhost - (res - editedhost)); else *res = '\0'; |