projects / unix-history / blame
? search:
summary | tags | clone url | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Two bugs. First, ttloop() was not reacting to an EOF on the
[unix-history] / usr / src / libexec / telnetd / telnetd.c
CommitLineData
8c5eec2f 1/*
5eddff6d 2 * Copyright (c) 1983,1986 Regents of the University of California.
8c5eec2f
DF		 3 * All rights reserved. The Berkeley software License Agreement
4 * specifies the terms and conditions for redistribution.
5 */
6
7#ifndef lint
8char copyright[] =
9"@(#) Copyright (c) 1983 Regents of the University of California.\n\
10 All rights reserved.\n";
11#endif not lint
12
ac6e6727 13#ifndef lint
10a3b37e 14static char sccsid[] = "@(#)telnetd.c 5.18 (Berkeley) %G%";
8c5eec2f 15#endif not lint
ac6e6727 16
66b878f6 17/*
5eddff6d 18 * Telnet server.
66b878f6 19 */
5eddff6d 20#include <sys/param.h>
de3b21e8 21#include <sys/socket.h>
ce4fd43b 22#include <sys/wait.h>
1a33b848 23#include <sys/file.h>
c29f876c 24#include <sys/stat.h>
5d78ef73 25#include <sys/time.h>
de3b21e8
SL		 26
27#include <netinet/in.h>
28
2b597a6b
SL		 29#include <arpa/telnet.h>
30
66b878f6
BJ		 31#include <stdio.h>
32#include <signal.h>
33#include <errno.h>
34#include <sgtty.h>
9f005877 35#include <netdb.h>
3f99c0f7 36#include <syslog.h>
affdaa4e 37#include <ctype.h>
de3b21e8 38
d8b5e42c
GM		 39#define OPT_NO 0 /* won't do this option */
40#define OPT_YES 1 /* will do this option */
41#define OPT_YES_BUT_ALWAYS_LOOK 2
42#define OPT_NO_BUT_ALWAYS_LOOK 3
66b878f6
BJ		 43char hisopts[256];
44char myopts[256];
45
46char doopt[] = { IAC, DO, '%', 'c', 0 };
47char dont[] = { IAC, DONT, '%', 'c', 0 };
48char will[] = { IAC, WILL, '%', 'c', 0 };
49char wont[] = { IAC, WONT, '%', 'c', 0 };
50
51/*
52 * I/O data buffers, pointers, and counters.
53 */
54char ptyibuf[BUFSIZ], *ptyip = ptyibuf;
affdaa4e 55
66b878f6 56char ptyobuf[BUFSIZ], *pfrontp = ptyobuf, *pbackp = ptyobuf;
affdaa4e 57
66b878f6 58char netibuf[BUFSIZ], *netip = netibuf;
affdaa4e
GM		 59#define NIACCUM(c) { *netip++ = c; \
60 ncc++; \
61 }
62
9ef3087d 63char netobuf[BUFSIZ], *nfrontp = netobuf, *nbackp = netobuf;
5d78ef73 64char *neturg = 0; /* one past last bye of urgent data */
affdaa4e
GM		 65 /* the remote system seems to NOT be an old 4.2 */
66int not42 = 1;
67
68
10dc182f
GM		 69char BANNER1[] = "\r\n\r\n4.3 BSD UNIX (",
70 BANNER2[] = ")\r\n\r\0\r\n\r\0";
71
d8b5e42c
GM		 72 /* buffer for sub-options */
73char subbuffer[100], *subpointer= subbuffer, *subend= subbuffer;
affdaa4e 74#define SB_CLEAR() subpointer = subbuffer;
d8b5e42c 75#define SB_TERM() { subend = subpointer; SB_CLEAR(); }
affdaa4e
GM		 76#define SB_ACCUM(c) if (subpointer < (subbuffer+sizeof subbuffer)) { \
77 *subpointer++ = (c); \
78 }
d8b5e42c
GM		 79#define SB_GET() ((*subpointer++)&0xff)
80#define SB_EOF() (subpointer >= subend)
affdaa4e 81
66b878f6
BJ		 82int pcc, ncc;
83
84int pty, net;
85int inter;
fe5c5547 86extern char **environ;
66b878f6 87extern int errno;
c29f876c 88char *line;
5d78ef73
GM		 89int SYNCHing = 0; /* we are in TELNET SYNCH mode */
90/*
91 * The following are some clocks used to decide how to interpret
92 * the relationship between various variables.
93 */
66b878f6 94
5d78ef73
GM		 95struct {
96 int
97 system, /* what the current time is */
98 echotoggle, /* last time user entered echo character */
99 modenegotiated, /* last time operating mode negotiated */
100 didnetreceive, /* last time we read data from network */
d8b5e42c
GM		 101 ttypeopt, /* ttype will/won't received */
102 ttypesubopt, /* ttype subopt is received */
103 getterminal, /* time started to get terminal information */
5d78ef73
GM		 104 gotDM; /* when did we last see a data mark */
105} clocks;
106
d8b5e42c
GM		 107#define settimer(x) (clocks.x = ++clocks.system)
108#define sequenceIs(x,y) (clocks.x < clocks.y)
5d78ef73 109\f
66b878f6
BJ		 110main(argc, argv)
111 char *argv[];
112{
bb933cc2 113 struct sockaddr_in from;
bcb894cb 114 int on = 1, fromlen;
bb933cc2 115
5d78ef73
GM		 116#if defined(DEBUG)
117 {
118 int s, ns, foo;
119 struct servent *sp;
120 static struct sockaddr_in sin = { AF_INET };
121
122 sp = getservbyname("telnet", "tcp");
123 if (sp == 0) {
124 fprintf(stderr, "telnetd: tcp/telnet: unknown service\n");
125 exit(1);
126 }
127 sin.sin_port = sp->s_port;
128 argc--, argv++;
129 if (argc > 0) {
130 sin.sin_port = atoi(*argv);
131 sin.sin_port = htons((u_short)sin.sin_port);
132 }
133
134 s = socket(AF_INET, SOCK_STREAM, 0);
135 if (s < 0) {
136 perror("telnetd: socket");;
137 exit(1);
138 }
139 if (bind(s, &sin, sizeof sin) < 0) {
140 perror("bind");
141 exit(1);
142 }
143 if (listen(s, 1) < 0) {
144 perror("listen");
145 exit(1);
146 }
147 foo = sizeof sin;
148 ns = accept(s, &sin, &foo);
149 if (ns < 0) {
150 perror("accept");
151 exit(1);
152 }
153 dup2(ns, 0);
154 close(s);
155 }
156#endif /* defined(DEBUG) */
076ae92c 157 openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
bb933cc2
MK		 158 fromlen = sizeof (from);
159 if (getpeername(0, &from, &fromlen) < 0) {
160 fprintf(stderr, "%s: ", argv[0]);
161 perror("getpeername");
162 _exit(1);
de3b21e8 163 }
bcb894cb 164 if (setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof (on)) < 0) {
3f99c0f7 165 syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
de3b21e8 166 }
bb933cc2 167 doit(0, &from);
f553aca8
SL		 168}
169
d8b5e42c
GM		 170char *terminaltype = 0;
171char *envinit[2];
172int cleanup();
affdaa4e
GM		 173
174/*
d8b5e42c 175 * ttloop
affdaa4e 176 *
d8b5e42c
GM		 177 * A small subroutine to flush the network output buffer, get some data
178 * from the network, and pass it through the telnet state machine. We
179 * also flush the pty input buffer (by dropping its data) if it becomes
180 * too full.
181 */
182
183void
184ttloop()
185{
186 if (nfrontp-nbackp) {
187 netflush();
188 }
189 ncc = read(net, netibuf, sizeof netibuf);
190 if (ncc < 0) {
191 syslog(LOG_INFO, "ttloop: read: %m\n");
10a3b37e
GM		 192 exit(1);
193 } else if (ncc == 0) {
194 syslog(LOG_INFO, "ttloop: peer died: %m\n");
195 exit(1);
d8b5e42c
GM		 196 }
197 netip = netibuf;
198 telrcv(); /* state machine */
199 if (ncc > 0) {
200 pfrontp = pbackp = ptyobuf;
201 telrcv();
202 }
203}
204
205/*
206 * getterminaltype
affdaa4e 207 *
d8b5e42c
GM		 208 * Ask the other end to send along its terminal type.
209 * Output is the variable terminaltype filled in.
affdaa4e
GM		 210 */
211
d8b5e42c
GM		 212void
213getterminaltype()
affdaa4e 214{
d8b5e42c 215 static char sbuf[] = { IAC, DO, TELOPT_TTYPE };
affdaa4e 216
d8b5e42c
GM		 217 settimer(getterminal);
218 bcopy(sbuf, nfrontp, sizeof sbuf);
219 nfrontp += sizeof sbuf;
10a3b37e 220 hisopts[TELOPT_TTYPE] = OPT_YES_BUT_ALWAYS_LOOK;
d8b5e42c
GM		 221 while (sequenceIs(ttypeopt, getterminal)) {
222 ttloop();
affdaa4e 223 }
d8b5e42c
GM		 224 if (hisopts[TELOPT_TTYPE] == OPT_YES) {
225 static char sbbuf[] = { IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE };
affdaa4e 226
d8b5e42c
GM		 227 bcopy(sbbuf, nfrontp, sizeof sbbuf);
228 nfrontp += sizeof sbbuf;
229 while (sequenceIs(ttypesubopt, getterminal)) {
230 ttloop();
231 }
232 }
233}
66b878f6
BJ		 234
235/*
236 * Get a pty, scan input lines.
237 */
37c640e2
SL		 238doit(f, who)
239 int f;
240 struct sockaddr_in *who;
66b878f6 241{
c29f876c 242 char *host, *inet_ntoa();
1a33b848 243 int i, p, t;
66b878f6 244 struct sgttyb b;
37c640e2 245 struct hostent *hp;
affdaa4e 246 int c;
1a33b848 247
c29f876c
MK		 248 for (c = 'p'; c <= 's'; c++) {
249 struct stat stb;
250
251 line = "/dev/ptyXX";
252 line[strlen("/dev/pty")] = c;
253 line[strlen("/dev/ptyp")] = '0';
254 if (stat(line, &stb) < 0)
255 break;
1a33b848 256 for (i = 0; i < 16; i++) {
c29f876c
MK		 257 line[strlen("/dev/ptyp")] = "0123456789abcdef"[i];
258 p = open(line, 2);
1a33b848
SL		 259 if (p > 0)
260 goto gotpty;
261 }
66b878f6 262 }
8f2758db
SL		 263 fatal(f, "All network ports in use");
264 /*NOTREACHED*/
66b878f6
BJ		 265gotpty:
266 dup2(f, 0);
c29f876c 267 line[strlen("/dev/")] = 't';
1a33b848 268 t = open("/dev/tty", O_RDWR);
66b878f6
BJ		 269 if (t >= 0) {
270 ioctl(t, TIOCNOTTY, 0);
271 close(t);
272 }
c29f876c 273 t = open(line, O_RDWR);
8f2758db 274 if (t < 0)
c29f876c 275 fatalperror(f, line, errno);
66b878f6 276 ioctl(t, TIOCGETP, &b);
9ef3087d 277 b.sg_flags = CRMOD|XTABS|ANYP;
66b878f6 278 ioctl(t, TIOCSETP, &b);
9ef3087d 279 ioctl(p, TIOCGETP, &b);
da96b661 280 b.sg_flags &= ~ECHO;
9ef3087d 281 ioctl(p, TIOCSETP, &b);
37c640e2
SL		 282 hp = gethostbyaddr(&who->sin_addr, sizeof (struct in_addr),
283 who->sin_family);
284 if (hp)
285 host = hp->h_name;
286 else
05fa5465 287 host = inet_ntoa(who->sin_addr);
d8b5e42c
GM		 288
289 net = f;
290 pty = p;
291
292 /*
293 * get terminal type.
294 */
295 getterminaltype();
296
8f2758db
SL		 297 if ((i = fork()) < 0)
298 fatalperror(f, "fork", errno);
66b878f6
BJ		 299 if (i)
300 telnet(f, p);
301 close(f);
302 close(p);
303 dup2(t, 0);
304 dup2(t, 1);
305 dup2(t, 2);
306 close(t);
d8b5e42c
GM		 307 envinit[0] = terminaltype;
308 envinit[1] = 0;
fe5c5547 309 environ = envinit;
affdaa4e
GM		 310 /*
311 * -h : pass on name of host.
d8b5e42c
GM		 312 * WARNING: -h is accepted by login if and only if
313 * getuid() == 0.
affdaa4e
GM		 314 * -p : don't clobber the environment (so terminal type stays set).
315 */
316 execl("/bin/login", "login", "-h", host,
d8b5e42c 317 terminaltype ? "-p" : 0, 0);
8f2758db
SL		 318 fatalperror(f, "/bin/login", errno);
319 /*NOTREACHED*/
320}
321
322fatal(f, msg)
323 int f;
324 char *msg;
325{
326 char buf[BUFSIZ];
327
1a33b848 328 (void) sprintf(buf, "telnetd: %s.\r\n", msg);
8f2758db 329 (void) write(f, buf, strlen(buf));
66b878f6
BJ		 330 exit(1);
331}
332
8f2758db
SL		 333fatalperror(f, msg, errno)
334 int f;
335 char *msg;
336 int errno;
337{
338 char buf[BUFSIZ];
339 extern char *sys_errlist[];
340
1a33b848 341 (void) sprintf(buf, "%s: %s\r\n", msg, sys_errlist[errno]);
8f2758db
SL		 342 fatal(f, buf);
343}
344
5d78ef73
GM		 345
346/*
347 * Check a descriptor to see if out of band data exists on it.
348 */
349
350
351stilloob(s)
352int s; /* socket number */
353{
354 static struct timeval timeout = { 0 };
355 fd_set excepts;
356 int value;
357
358 do {
359 FD_ZERO(&excepts);
360 FD_SET(s, &excepts);
361 value = select(s+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout);
5eddff6d 362 } while ((value == -1) && (errno == EINTR));
5d78ef73
GM		 363
364 if (value < 0) {
365 fatalperror(pty, "select", errno);
366 }
367 if (FD_ISSET(s, &excepts)) {
368 return 1;
369 } else {
370 return 0;
371 }
372}
373\f
66b878f6
BJ		 374/*
375 * Main loop. Select from pty and network, and
376 * hand data to telnet receiver finite state machine.
377 */
378telnet(f, p)
379{
380 int on = 1;
5eddff6d 381 char hostname[MAXHOSTNAMELEN];
66b878f6 382
66b878f6
BJ		 383 ioctl(f, FIONBIO, &on);
384 ioctl(p, FIONBIO, &on);
affdaa4e
GM		 385#if defined(SO_OOBINLINE)
386 setsockopt(net, SOL_SOCKET, SO_OOBINLINE, &on, sizeof on);
387#endif /* defined(SO_OOBINLINE) */
66b878f6 388 signal(SIGTSTP, SIG_IGN);
8a53982e 389 signal(SIGCHLD, cleanup);
f4c5d9f9 390 setpgrp(0, 0);
66b878f6 391
da96b661 392 /*
5d78ef73 393 * Request to do remote echo and to suppress go ahead.
da96b661 394 */
d8b5e42c
GM		 395 if (!myopts[TELOPT_ECHO]) {
396 dooption(TELOPT_ECHO);
397 }
398 if (!myopts[TELOPT_SGA]) {
399 dooption(TELOPT_SGA);
400 }
affdaa4e
GM		 401 /*
402 * Is the client side a 4.2 (NOT 4.3) system? We need to know this
403 * because 4.2 clients are unable to deal with TCP urgent data.
404 *
405 * To find out, we send out a "DO ECHO". If the remote system
406 * answers "WILL ECHO" it is probably a 4.2 client, and we note
407 * that fact ("WILL ECHO" ==> that the client will echo what
408 * WE, the server, sends it; it does NOT mean that the client will
409 * echo the terminal input).
410 */
411 sprintf(nfrontp, doopt, TELOPT_ECHO);
412 nfrontp += sizeof doopt-2;
d8b5e42c 413 hisopts[TELOPT_ECHO] = OPT_YES_BUT_ALWAYS_LOOK;
affdaa4e 414
0c285f22
SL		 415 /*
416 * Show banner that getty never gave.
10dc182f
GM		 417 *
418 * The banner includes some null's (for TELNET CR disambiguation),
419 * so we have to be somewhat complicated.
0c285f22 420 */
10dc182f 421
0c285f22 422 gethostname(hostname, sizeof (hostname));
10dc182f
GM		 423
424 bcopy(BANNER1, nfrontp, sizeof BANNER1 -1);
425 nfrontp += sizeof BANNER1 - 1;
426 bcopy(hostname, nfrontp, strlen(hostname));
427 nfrontp += strlen(hostname);
428 bcopy(BANNER2, nfrontp, sizeof BANNER2 -1);
429 nfrontp += sizeof BANNER2 - 1;
affdaa4e
GM		 430
431 /*
432 * Call telrcv() once to pick up anything received during
433 * terminal type negotiation.
434 */
435 telrcv();
436
66b878f6 437 for (;;) {
5d78ef73 438 fd_set ibits, obits, xbits;
66b878f6
BJ		 439 register int c;
440
5d78ef73
GM		 441 if (ncc < 0 && pcc < 0)
442 break;
443
444 FD_ZERO(&ibits);
445 FD_ZERO(&obits);
446 FD_ZERO(&xbits);
66b878f6
BJ		 447 /*
448 * Never look for input if there's still
449 * stuff in the corresponding output buffer
450 */
5d78ef73
GM		 451 if (nfrontp - nbackp || pcc > 0) {
452 FD_SET(f, &obits);
453 } else {
454 FD_SET(p, &ibits);
455 }
456 if (pfrontp - pbackp || ncc > 0) {
457 FD_SET(p, &obits);
458 } else {
459 FD_SET(f, &ibits);
460 }
461 if (!SYNCHing) {
462 FD_SET(f, &xbits);
463 }
464 if ((c = select(16, &ibits, &obits, &xbits,
465 (struct timeval *)0)) < 1) {
466 if (c == -1) {
467 if (errno == EINTR) {
468 continue;
469 }
470 }
66b878f6
BJ		 471 sleep(5);
472 continue;
473 }
474
5d78ef73
GM		 475 /*
476 * Any urgent data?
477 */
478 if (FD_ISSET(net, &xbits)) {
479 SYNCHing = 1;
480 }
481
66b878f6
BJ		 482 /*
483 * Something to read from the network...
484 */
5d78ef73 485 if (FD_ISSET(net, &ibits)) {
affdaa4e 486#if !defined(SO_OOBINLINE)
5d78ef73 487 /*
5eddff6d 488 * In 4.2 (and 4.3 beta) systems, the
5d78ef73
GM		 489 * OOB indication and data handling in the kernel
490 * is such that if two separate TCP Urgent requests
491 * come in, one byte of TCP data will be overlaid.
492 * This is fatal for Telnet, but we try to live
493 * with it.
494 *
495 * In addition, in 4.2 (and...), a special protocol
496 * is needed to pick up the TCP Urgent data in
497 * the correct sequence.
498 *
499 * What we do is: if we think we are in urgent
500 * mode, we look to see if we are "at the mark".
501 * If we are, we do an OOB receive. If we run
502 * this twice, we will do the OOB receive twice,
503 * but the second will fail, since the second
504 * time we were "at the mark", but there wasn't
505 * any data there (the kernel doesn't reset
506 * "at the mark" until we do a normal read).
507 * Once we've read the OOB data, we go ahead
508 * and do normal reads.
509 *
510 * There is also another problem, which is that
511 * since the OOB byte we read doesn't put us
512 * out of OOB state, and since that byte is most
513 * likely the TELNET DM (data mark), we would
514 * stay in the TELNET SYNCH (SYNCHing) state.
515 * So, clocks to the rescue. If we've "just"
516 * received a DM, then we test for the
517 * presence of OOB data when the receive OOB
518 * fails (and AFTER we did the normal mode read
519 * to clear "at the mark").
520 */
521 if (SYNCHing) {
522 int atmark;
523
524 ioctl(net, SIOCATMARK, (char *)&atmark);
525 if (atmark) {
526 ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB);
527 if ((ncc == -1) && (errno == EINVAL)) {
528 ncc = read(net, netibuf, sizeof (netibuf));
d8b5e42c 529 if (sequenceIs(didnetreceive, gotDM)) {
5d78ef73
GM		 530 SYNCHing = stilloob(net);
531 }
532 }
533 } else {
534 ncc = read(net, netibuf, sizeof (netibuf));
66b878f6 535 }
5d78ef73
GM		 536 } else {
537 ncc = read(net, netibuf, sizeof (netibuf));
538 }
539 settimer(didnetreceive);
affdaa4e 540#else /* !defined(SO_OOBINLINE)) */
5d78ef73 541 ncc = read(net, netibuf, sizeof (netibuf));
affdaa4e 542#endif /* !defined(SO_OOBINLINE)) */
5d78ef73
GM		 543 if (ncc < 0 && errno == EWOULDBLOCK)
544 ncc = 0;
545 else {
546 if (ncc <= 0) {
547 break;
548 }
549 netip = netibuf;
550 }
66b878f6
BJ		 551 }
552
553 /*
554 * Something to read from the pty...
555 */
5d78ef73 556 if (FD_ISSET(p, &ibits)) {
66b878f6
BJ		 557 pcc = read(p, ptyibuf, BUFSIZ);
558 if (pcc < 0 && errno == EWOULDBLOCK)
559 pcc = 0;
560 else {
561 if (pcc <= 0)
562 break;
563 ptyip = ptyibuf;
564 }
565 }
566
567 while (pcc > 0) {
568 if ((&netobuf[BUFSIZ] - nfrontp) < 2)
569 break;
570 c = *ptyip++ & 0377, pcc--;
571 if (c == IAC)
572 *nfrontp++ = c;
573 *nfrontp++ = c;
9f515693
GM		 574 if (c == '\r') {
575 if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
576 *nfrontp++ = *ptyip++ & 0377;
577 pcc--;
578 } else
579 *nfrontp++ = '\0';
580 }
66b878f6 581 }
5d78ef73 582 if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0)
66b878f6
BJ		 583 netflush();
584 if (ncc > 0)
585 telrcv();
5d78ef73 586 if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0)
66b878f6
BJ		 587 ptyflush();
588 }
589 cleanup();
590}
591
592/*
593 * State for recv fsm
594 */
595#define TS_DATA 0 /* base state */
596#define TS_IAC 1 /* look for double IAC's */
597#define TS_CR 2 /* CR-LF ->'s CR */
affdaa4e
GM		 598#define TS_SB 3 /* throw away begin's... */
599#define TS_SE 4 /* ...end's (suboption negotiation) */
66b878f6
BJ		 600#define TS_WILL 5 /* will option negotiation */
601#define TS_WONT 6 /* wont " */
602#define TS_DO 7 /* do " */
603#define TS_DONT 8 /* dont " */
604
605telrcv()
606{
607 register int c;
608 static int state = TS_DATA;
66b878f6
BJ		 609
610 while (ncc > 0) {
611 if ((&ptyobuf[BUFSIZ] - pfrontp) < 2)
612 return;
613 c = *netip++ & 0377, ncc--;
614 switch (state) {
615
8356bfad
GM		 616 case TS_CR:
617 state = TS_DATA;
a6d8450f 618 if ((c == 0) || (c == '\n')) {
8356bfad 619 break;
a6d8450f 620 }
8356bfad
GM		 621 /* FALL THROUGH */
622
66b878f6
BJ		 623 case TS_DATA:
624 if (c == IAC) {
625 state = TS_IAC;
626 break;
627 }
628 if (inter > 0)
629 break;
9f515693
GM		 630 /*
631 * We map \r\n ==> \n, since \r\n says
632 * that we want to be in column 1 of the next
633 * printable line, and \n is the standard
634 * unix way of saying that (\r is only good
635 * if CRMOD is set, which it normally is).
636 */
d8b5e42c 637 if ((myopts[TELOPT_BINARY] == OPT_NO) && c == '\r') {
9f515693
GM		 638 if ((ncc > 0) && ('\n' == *netip)) {
639 netip++; ncc--;
640 c = '\n';
641 } else {
642 state = TS_CR;
643 }
a6d8450f
GM		 644 }
645 *pfrontp++ = c;
66b878f6
BJ		 646 break;
647
648 case TS_IAC:
649 switch (c) {
650
651 /*
652 * Send the process on the pty side an
653 * interrupt. Do this with a NULL or
654 * interrupt char; depending on the tty mode.
655 */
66b878f6
BJ		 656 case IP:
657 interrupt();
658 break;
659
a65453b7
GM		 660 case BREAK:
661 sendbrk();
662 break;
663
66b878f6
BJ		 664 /*
665 * Are You There?
666 */
667 case AYT:
1a33b848
SL		 668 strcpy(nfrontp, "\r\n[Yes]\r\n");
669 nfrontp += 9;
66b878f6
BJ		 670 break;
671
5d78ef73
GM		 672 /*
673 * Abort Output
674 */
675 case AO: {
676 struct ltchars tmpltc;
677
678 ptyflush(); /* half-hearted */
679 ioctl(pty, TIOCGLTC, &tmpltc);
680 if (tmpltc.t_flushc != '\377') {
681 *pfrontp++ = tmpltc.t_flushc;
682 }
615dc3cd 683 netclear(); /* clear buffer back */
5d78ef73
GM		 684 *nfrontp++ = IAC;
685 *nfrontp++ = DM;
c77c3bec 686 neturg = nfrontp-1; /* off by one XXX */
5d78ef73
GM		 687 break;
688 }
689
66b878f6
BJ		 690 /*
691 * Erase Character and
692 * Erase Line
693 */
694 case EC:
5d78ef73
GM		 695 case EL: {
696 struct sgttyb b;
697 char ch;
698
699 ptyflush(); /* half-hearted */
700 ioctl(pty, TIOCGETP, &b);
701 ch = (c == EC) ?
702 b.sg_erase : b.sg_kill;
703 if (ch != '\377') {
704 *pfrontp++ = ch;
705 }
706 break;
707 }
66b878f6
BJ		 708
709 /*
710 * Check for urgent data...
711 */
712 case DM:
5d78ef73
GM		 713 SYNCHing = stilloob(net);
714 settimer(gotDM);
66b878f6
BJ		 715 break;
716
5d78ef73 717
66b878f6
BJ		 718 /*
719 * Begin option subnegotiation...
720 */
721 case SB:
affdaa4e 722 state = TS_SB;
66b878f6
BJ		 723 continue;
724
725 case WILL:
0e376915
GM		 726 state = TS_WILL;
727 continue;
728
66b878f6 729 case WONT:
0e376915
GM		 730 state = TS_WONT;
731 continue;
732
66b878f6 733 case DO:
0e376915
GM		 734 state = TS_DO;
735 continue;
736
66b878f6 737 case DONT:
0e376915 738 state = TS_DONT;
66b878f6
BJ		 739 continue;
740
741 case IAC:
742 *pfrontp++ = c;
743 break;
744 }
745 state = TS_DATA;
746 break;
747
affdaa4e
GM		 748 case TS_SB:
749 if (c == IAC) {
750 state = TS_SE;
751 } else {
752 SB_ACCUM(c);
753 }
66b878f6
BJ		 754 break;
755
affdaa4e
GM		 756 case TS_SE:
757 if (c != SE) {
758 if (c != IAC) {
759 SB_ACCUM(IAC);
760 }
761 SB_ACCUM(c);
762 state = TS_SB;
763 } else {
764 SB_TERM();
765 suboption(); /* handle sub-option */
766 state = TS_DATA;
767 }
66b878f6
BJ		 768 break;
769
770 case TS_WILL:
d8b5e42c 771 if (hisopts[c] != OPT_YES)
66b878f6
BJ		 772 willoption(c);
773 state = TS_DATA;
774 continue;
775
776 case TS_WONT:
d8b5e42c 777 if (hisopts[c] != OPT_NO)
66b878f6
BJ		 778 wontoption(c);
779 state = TS_DATA;
780 continue;
781
782 case TS_DO:
d8b5e42c 783 if (myopts[c] != OPT_YES)
66b878f6
BJ		 784 dooption(c);
785 state = TS_DATA;
786 continue;
787
788 case TS_DONT:
d8b5e42c 789 if (myopts[c] != OPT_NO) {
affdaa4e 790 dontoption(c);
66b878f6
BJ		 791 }
792 state = TS_DATA;
793 continue;
794
795 default:
5eddff6d 796 syslog(LOG_ERR, "telnetd: panic state=%d\n", state);
de3b21e8 797 printf("telnetd: panic state=%d\n", state);
66b878f6
BJ		 798 exit(1);
799 }
800 }
801}
802
803willoption(option)
804 int option;
805{
806 char *fmt;
807
808 switch (option) {
809
810 case TELOPT_BINARY:
811 mode(RAW, 0);
0e376915
GM		 812 fmt = doopt;
813 break;
66b878f6
BJ		 814
815 case TELOPT_ECHO:
affdaa4e
GM		 816 not42 = 0; /* looks like a 4.2 system */
817 /*
818 * Now, in a 4.2 system, to break them out of ECHOing
819 * (to the terminal) mode, we need to send a "WILL ECHO".
820 * Kludge upon kludge!
821 */
d8b5e42c 822 if (myopts[TELOPT_ECHO] == OPT_YES) {
affdaa4e
GM		 823 dooption(TELOPT_ECHO);
824 }
825 fmt = dont;
0e376915 826 break;
66b878f6 827
affdaa4e 828 case TELOPT_TTYPE:
d8b5e42c
GM		 829 settimer(ttypeopt);
830 if (hisopts[TELOPT_TTYPE] == OPT_YES_BUT_ALWAYS_LOOK) {
831 hisopts[TELOPT_TTYPE] = OPT_YES;
832 return;
833 }
834 fmt = doopt;
835 break;
836
66b878f6 837 case TELOPT_SGA:
66b878f6
BJ		 838 fmt = doopt;
839 break;
840
841 case TELOPT_TM:
842 fmt = dont;
843 break;
844
845 default:
846 fmt = dont;
847 break;
848 }
0e376915 849 if (fmt == doopt) {
d8b5e42c 850 hisopts[option] = OPT_YES;
0e376915 851 } else {
d8b5e42c 852 hisopts[option] = OPT_NO;
0e376915 853 }
13646f15 854 sprintf(nfrontp, fmt, option);
da96b661 855 nfrontp += sizeof (dont) - 2;
66b878f6
BJ		 856}
857
858wontoption(option)
859 int option;
860{
861 char *fmt;
862
863 switch (option) {
66b878f6 864 case TELOPT_ECHO:
affdaa4e 865 not42 = 1; /* doesn't seem to be a 4.2 system */
0e376915 866 break;
66b878f6
BJ		 867
868 case TELOPT_BINARY:
869 mode(0, RAW);
66b878f6 870 break;
10a3b37e
GM		 871
872 case TELOPT_TTYPE:
873 settimer(ttypeopt);
874 break;
66b878f6 875 }
10a3b37e 876
0e376915 877 fmt = dont;
d8b5e42c 878 hisopts[option] = OPT_NO;
66b878f6 879 sprintf(nfrontp, fmt, option);
da96b661 880 nfrontp += sizeof (doopt) - 2;
66b878f6
BJ		 881}
882
883dooption(option)
884 int option;
885{
886 char *fmt;
887
888 switch (option) {
889
890 case TELOPT_TM:
891 fmt = wont;
892 break;
893
894 case TELOPT_ECHO:
895 mode(ECHO|CRMOD, 0);
0e376915
GM		 896 fmt = will;
897 break;
66b878f6
BJ		 898
899 case TELOPT_BINARY:
900 mode(RAW, 0);
0e376915
GM		 901 fmt = will;
902 break;
66b878f6
BJ		 903
904 case TELOPT_SGA:
66b878f6
BJ		 905 fmt = will;
906 break;
907
908 default:
909 fmt = wont;
910 break;
911 }
0e376915 912 if (fmt == will) {
d8b5e42c 913 myopts[option] = OPT_YES;
0e376915 914 } else {
d8b5e42c 915 myopts[option] = OPT_NO;
0e376915 916 }
66b878f6 917 sprintf(nfrontp, fmt, option);
da96b661 918 nfrontp += sizeof (doopt) - 2;
66b878f6
BJ		 919}
920
affdaa4e
GM		 921
922dontoption(option)
923int option;
924{
925 char *fmt;
926
927 switch (option) {
928 case TELOPT_ECHO: /* we should stop echoing */
929 mode(0, ECHO|CRMOD);
930 fmt = wont;
931 break;
d8b5e42c 932
affdaa4e
GM		 933 default:
934 fmt = wont;
935 break;
936 }
d8b5e42c 937
affdaa4e 938 if (fmt = wont) {
d8b5e42c 939 myopts[option] = OPT_NO;
affdaa4e 940 } else {
d8b5e42c 941 myopts[option] = OPT_YES;
affdaa4e
GM		 942 }
943 sprintf(nfrontp, fmt, option);
944 nfrontp += sizeof (wont) - 2;
945}
946
947/*
948 * suboption()
949 *
950 * Look at the sub-option buffer, and try to be helpful to the other
951 * side.
952 *
953 * Currently we recognize:
954 *
d8b5e42c 955 * Terminal type is
affdaa4e
GM		 956 */
957
958suboption()
959{
d8b5e42c
GM		 960 switch (SB_GET()) {
961 case TELOPT_TTYPE: { /* Yaaaay! */
962 static char terminalname[5+41] = "TERM=";
963
964 settimer(ttypesubopt);
965
966 if (SB_GET() != TELQUAL_IS) {
967 return; /* ??? XXX but, this is the most robust */
968 }
969
970 terminaltype = terminalname+strlen(terminalname);
971
972 while ((terminaltype < (terminalname + sizeof terminalname-1)) &&
973 !SB_EOF()) {
974 register int c;
975
976 c = SB_GET();
977 if (isupper(c)) {
978 c = tolower(c);
979 }
980 *terminaltype++ = c; /* accumulate name */
981 }
982 *terminaltype = 0;
983 terminaltype = terminalname;
984 break;
985 }
986
affdaa4e
GM		 987 default:
988 ;
989 }
990}
991
66b878f6
BJ		 992mode(on, off)
993 int on, off;
994{
995 struct sgttyb b;
996
997 ptyflush();
998 ioctl(pty, TIOCGETP, &b);
999 b.sg_flags |= on;
1000 b.sg_flags &= ~off;
1001 ioctl(pty, TIOCSETP, &b);
1002}
1003
1004/*
1005 * Send interrupt to process on other side of pty.
1006 * If it is in raw mode, just write NULL;
1007 * otherwise, write intr char.
1008 */
1009interrupt()
1010{
1011 struct sgttyb b;
1012 struct tchars tchars;
1013
1014 ptyflush(); /* half-hearted */
1015 ioctl(pty, TIOCGETP, &b);
1016 if (b.sg_flags & RAW) {
1017 *pfrontp++ = '\0';
1018 return;
1019 }
1020 *pfrontp++ = ioctl(pty, TIOCGETC, &tchars) < 0 ?
1021 '\177' : tchars.t_intrc;
1022}
1023
a65453b7
GM		 1024/*
1025 * Send quit to process on other side of pty.
1026 * If it is in raw mode, just write NULL;
1027 * otherwise, write quit char.
1028 */
1029sendbrk()
1030{
1031 struct sgttyb b;
1032 struct tchars tchars;
1033
1034 ptyflush(); /* half-hearted */
1035 ioctl(pty, TIOCGETP, &b);
1036 if (b.sg_flags & RAW) {
1037 *pfrontp++ = '\0';
1038 return;
1039 }
1040 *pfrontp++ = ioctl(pty, TIOCGETC, &tchars) < 0 ?
1041 '\034' : tchars.t_quitc;
1042}
1043
66b878f6
BJ		 1044ptyflush()
1045{
1046 int n;
1047
1048 if ((n = pfrontp - pbackp) > 0)
1049 n = write(pty, pbackp, n);
9f005877
SL		 1050 if (n < 0)
1051 return;
66b878f6
BJ		 1052 pbackp += n;
1053 if (pbackp == pfrontp)
1054 pbackp = pfrontp = ptyobuf;
1055}
615dc3cd
GM		 1056\f
1057/*
1058 * nextitem()
1059 *
1060 * Return the address of the next "item" in the TELNET data
1061 * stream. This will be the address of the next character if
1062 * the current address is a user data character, or it will
1063 * be the address of the character following the TELNET command
1064 * if the current address is a TELNET IAC ("I Am a Command")
1065 * character.
1066 */
66b878f6 1067
615dc3cd
GM		 1068char *
1069nextitem(current)
1070char *current;
66b878f6 1071{
615dc3cd
GM		 1072 if ((*current&0xff) != IAC) {
1073 return current+1;
1074 }
1075 switch (*(current+1)&0xff) {
1076 case DO:
1077 case DONT:
1078 case WILL:
1079 case WONT:
1080 return current+3;
1081 case SB: /* loop forever looking for the SE */
1082 {
1083 register char *look = current+2;
66b878f6 1084
615dc3cd
GM		 1085 for (;;) {
1086 if ((*look++&0xff) == IAC) {
1087 if ((*look++&0xff) == SE) {
1088 return look;
1089 }
1090 }
1091 }
9f005877 1092 }
615dc3cd
GM		 1093 default:
1094 return current+2;
1095 }
66b878f6 1096}
5d78ef73
GM		 1097
1098
615dc3cd
GM		 1099/*
1100 * netclear()
1101 *
1102 * We are about to do a TELNET SYNCH operation. Clear
1103 * the path to the network.
1104 *
1105 * Things are a bit tricky since we may have sent the first
1106 * byte or so of a previous TELNET command into the network.
1107 * So, we have to scan the network buffer from the beginning
1108 * until we are up to where we want to be.
1109 *
1110 * A side effect of what we do, just to keep things
1111 * simple, is to clear the urgent data pointer. The principal
1112 * caller should be setting the urgent data pointer AFTER calling
1113 * us in any case.
1114 */
1115
1116netclear()
1117{
1118 register char *thisitem, *next;
1119 char *good;
1120#define wewant(p) ((nfrontp > p) && ((*p&0xff) == IAC) && \
1121 ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
1122
1123 thisitem = netobuf;
1124
1125 while ((next = nextitem(thisitem)) <= nbackp) {
1126 thisitem = next;
1127 }
1128
1129 /* Now, thisitem is first before/at boundary. */
1130
1131 good = netobuf; /* where the good bytes go */
1132
1133 while (nfrontp > thisitem) {
1134 if (wewant(thisitem)) {
1135 int length;
1136
1137 next = thisitem;
1138 do {
1139 next = nextitem(next);
1140 } while (wewant(next) && (nfrontp > next));
1141 length = next-thisitem;
1142 bcopy(thisitem, good, length);
1143 good += length;
1144 thisitem = next;
1145 } else {
1146 thisitem = nextitem(thisitem);
1147 }
1148 }
1149
1150 nbackp = netobuf;
1151 nfrontp = good; /* next byte to be sent */
1152 neturg = 0;
1153}
1154\f
5d78ef73
GM		 1155/*
1156 * netflush
1157 * Send as much data as possible to the network,
1158 * handling requests for urgent data.
1159 */
1160
1161
1162netflush()
1163{
1164 int n;
1165
1166 if ((n = nfrontp - nbackp) > 0) {
affdaa4e
GM		 1167 /*
1168 * if no urgent data, or if the other side appears to be an
1169 * old 4.2 client (and thus unable to survive TCP urgent data),
1170 * write the entire buffer in non-OOB mode.
1171 */
1172 if ((neturg == 0) || (not42 == 0)) {
5d78ef73
GM		 1173 n = write(net, nbackp, n); /* normal write */
1174 } else {
1175 n = neturg - nbackp;
1176 /*
1177 * In 4.2 (and 4.3) systems, there is some question about
1178 * what byte in a sendOOB operation is the "OOB" data.
1179 * To make ourselves compatible, we only send ONE byte
1180 * out of band, the one WE THINK should be OOB (though
1181 * we really have more the TCP philosophy of urgent data
1182 * rather than the Unix philosophy of OOB data).
1183 */
1184 if (n > 1) {
1185 n = send(net, nbackp, n-1, 0); /* send URGENT all by itself */
1186 } else {
1187 n = send(net, nbackp, n, MSG_OOB); /* URGENT data */
1188 }
1189 }
1190 }
1191 if (n < 0) {
1192 if (errno == EWOULDBLOCK)
1193 return;
1194 /* should blow this guy away... */
1195 return;
1196 }
1197 nbackp += n;
1198 if (nbackp >= neturg) {
1199 neturg = 0;
1200 }
1201 if (nbackp == nfrontp) {
1202 nbackp = nfrontp = netobuf;
1203 }
1204}
66b878f6
BJ		 1205
1206cleanup()
1207{
66b878f6
BJ		 1208
1209 rmut();
a7f6263e 1210 vhangup(); /* XXX */
ff24c640 1211 shutdown(net, 2);
66b878f6
BJ		 1212 exit(1);
1213}
1214
1215#include <utmp.h>
1216
1217struct utmp wtmp;
1218char wtmpf[] = "/usr/adm/wtmp";
122f5efc
JB		 1219char utmpf[] = "/etc/utmp";
1220#define SCPYN(a, b) strncpy(a, b, sizeof(a))
1221#define SCMPN(a, b) strncmp(a, b, sizeof(a))
66b878f6
BJ		 1222
1223rmut()
1224{
1225 register f;
1226 int found = 0;
122f5efc
JB		 1227 struct utmp *u, *utmp;
1228 int nutmp;
1229 struct stat statbf;
66b878f6 1230
122f5efc 1231 f = open(utmpf, O_RDWR);
66b878f6 1232 if (f >= 0) {
122f5efc
JB		 1233 fstat(f, &statbf);
1234 utmp = (struct utmp *)malloc(statbf.st_size);
1235 if (!utmp)
1236 syslog(LOG_ERR, "utmp malloc failed");
1237 if (statbf.st_size && utmp) {
1238 nutmp = read(f, utmp, statbf.st_size);
1239 nutmp /= sizeof(struct utmp);
1240
1241 for (u = utmp ; u < &utmp[nutmp] ; u++) {
1242 if (SCMPN(u->ut_line, line+5) ||
1243 u->ut_name[0]==0)
1244 continue;
1245 lseek(f, ((long)u)-((long)utmp), L_SET);
1246 SCPYN(u->ut_name, "");
1247 SCPYN(u->ut_host, "");
1248 time(&u->ut_time);
1249 write(f, (char *)u, sizeof(wtmp));
1250 found++;
1251 }
66b878f6
BJ		 1252 }
1253 close(f);
1254 }
1255 if (found) {
1a33b848 1256 f = open(wtmpf, O_WRONLY|O_APPEND);
66b878f6
BJ		 1257 if (f >= 0) {
1258 SCPYN(wtmp.ut_line, line+5);
1259 SCPYN(wtmp.ut_name, "");
37c640e2 1260 SCPYN(wtmp.ut_host, "");
66b878f6 1261 time(&wtmp.ut_time);
122f5efc 1262 write(f, (char *)&wtmp, sizeof(wtmp));
66b878f6
BJ		 1263 close(f);
1264 }
1265 }
1266 chmod(line, 0666);
1267 chown(line, 0, 0);
1268 line[strlen("/dev/")] = 'p';
1269 chmod(line, 0666);
1270 chown(line, 0, 0);
1271}
Continuous source code history from original PDP-7 UNIX to FreeBSD 2, the first fully unencumbered FreeBSD release.