diff options
| author | Mantas Mikulėnas | 2021-12-17 08:35:48 +0200 |
|---|---|---|
| committer | Mantas Mikulėnas | 2021-12-17 08:35:48 +0200 |
| commit | 5a3b3516802a7771d9c52a036a5c66f4c83982a0 (patch) | |
| tree | 2520343311ec35b9fb8200129f46486ed33ce14d | |
| parent | de4a47ddbc1c754a5272287cdd8df22f62c30b5c (diff) | |
| download | aur-5a3b3516802a7771d9c52a036a5c66f4c83982a0.tar.gz | |
remove obsolete patch file
Leftover from before we started using Debian's patches.
| -rw-r--r-- | netkit-telnet-ssl-0.17.24+0.1_arch.diff | 2591 |
1 files changed, 0 insertions, 2591 deletions
diff --git a/netkit-telnet-ssl-0.17.24+0.1_arch.diff b/netkit-telnet-ssl-0.17.24+0.1_arch.diff deleted file mode 100644 index 17b3c3c6b7c9..000000000000 --- a/netkit-telnet-ssl-0.17.24+0.1_arch.diff +++ /dev/null @@ -1,2591 +0,0 @@ -Only in netkit-telnet-ssl-0.17.24+0.1: debian -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth.c ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth.c 2004-05-27 11:47:25.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth.c 2010-05-11 13:44:40.190322666 +0200 -@@ -37,6 +37,9 @@ - */ - - #ifndef lint -+#ifdef __GNUC__ -+__attribute__ ((unused)) -+#endif /* __GNUC__ */ - static char sccsid[] = "@(#)auth.c 5.2 (Berkeley) 3/22/91"; - #endif /* not lint */ - -@@ -83,8 +86,11 @@ - - #define typemask(x) (1<<((x)-1)) - -+int auth_onoff(const char *type, int on); -+ -+ - int auth_debug_mode = 0; --static char *Name = "Noname"; -+static const char *Name = "Noname"; - static int Server = 0; - static Authenticator *authenticated = 0; - static int authenticating = 0; -@@ -170,7 +176,7 @@ - - void - auth_init(name, server) -- char *name; -+ const char *name; - int server; - { - Authenticator *ap = authenticators; -@@ -241,7 +247,7 @@ - - int - auth_onoff(type, on) -- char *type; -+ const char *type; - int on; - { - int i, mask = -1; -@@ -335,7 +341,7 @@ - } - *e++ = IAC; - *e++ = SE; -- writenet(str_request, e - str_request); -+ writenet((char *) str_request, e - str_request); - printsub('>', &str_request[2], e - str_request - 2); - } - } -@@ -424,7 +430,7 @@ - } - auth_send_data += 2; - } -- writenet(str_none, sizeof(str_none)); -+ writenet((char *) str_none, sizeof(str_none)); - printsub('>', &str_none[2], sizeof(str_none) - 2); - if (auth_debug_mode) - printf(">>>%s: Sent failure message\r\n", Name); -@@ -456,7 +462,7 @@ - return; - } - -- if (ap = findauthenticator(data[0], data[1])) { -+ if ((ap = findauthenticator(data[0], data[1]))) { - if (ap->is) - (*ap->is)(ap, data+2, cnt-2); - } else if (auth_debug_mode) -@@ -474,7 +480,7 @@ - if (cnt < 2) - return; - -- if (ap = findauthenticator(data[0], data[1])) { -+ if ((ap = findauthenticator(data[0], data[1]))) { - if (ap->reply) - (*ap->reply)(ap, data+2, cnt-2); - } else if (auth_debug_mode) -@@ -487,7 +493,7 @@ - unsigned char *data; - int cnt; - { -- Authenticator *ap; -+ /* Authenticator *ap; */ - unsigned char savename[256]; - - if (cnt < 1) { -@@ -505,7 +511,7 @@ - savename[cnt] = '\0'; /* Null terminate */ - if (auth_debug_mode) - printf(">>>%s: Got NAME [%s]\r\n", Name, savename); -- auth_encrypt_user(savename); -+ auth_encrypt_user((char *)savename); - } - - int -@@ -526,7 +532,7 @@ - } - *e++ = IAC; - *e++ = SE; -- writenet(str_request, e - str_request); -+ writenet((char *) str_request, e - str_request); - printsub('>', &str_request[2], e - &str_request[2]); - return(1); - } -@@ -542,6 +548,9 @@ - } - - /* ARGSUSED */ -+#ifdef __GNUC__ -+__attribute__ ((used)) -+#endif /* __GNUC__ */ - static void - auth_intr(sig) - int sig; -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth-proto.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth-proto.h ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/auth-proto.h 2004-05-27 11:47:25.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/auth-proto.h 2010-05-11 13:44:40.183654321 +0200 -@@ -68,7 +68,7 @@ - #if defined(AUTHENTICATE) - Authenticator *findauthenticator P((int, int)); - --void auth_init P((char *, int)); -+void auth_init P((const char *, int)); - int auth_cmd P((int, char **)); - void auth_request P((void)); - void auth_send P((unsigned char *, int)); -@@ -123,7 +123,9 @@ - int auth_ssl_status P((Authenticator *, char *, int)); - void auth_ssl_printsub P((unsigned char *, int, unsigned char *, int)); - #endif /* USE_SSL */ -- -+ -+extern void printsub P((char, unsigned char *, int)); -+extern int writenet P((char *, int)); - #endif - #ifdef __cplusplus - } -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/Makefile ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/Makefile 2004-05-27 11:47:25.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/Makefile 2010-05-11 13:45:28.073664102 +0200 -@@ -15,5 +15,8 @@ - ranlib lib${LIB}.a; \ - fi; - -+install: -+ @echo "nothing to be installed from libtelnet" -+ - clean: - rm -f *.o lib${LIB}.a -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc.c ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc.c 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc.c 2010-05-11 13:44:40.190322666 +0200 -@@ -32,6 +32,9 @@ - */ - - #ifndef lint -+#ifdef __GNUC__ -+__attribute__ ((unused)) -+#endif /* __GNUC__ */ - static char sccsid[] = "@(#)misc.c 5.1 (Berkeley) 2/28/91"; - #endif /* not lint */ - -@@ -54,7 +57,12 @@ - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -+#include <stdio.h> -+#include <stdlib.h> -+ - #include "misc.h" -+#include "auth.h" -+#include "auth-proto.h" - - char *RemoteHostName; - char *LocalHostName; -@@ -65,7 +73,7 @@ - auth_encrypt_init(local, remote, name, server) - char *local; - char *remote; -- char *name; -+ const char *name; - int server; - { - RemoteHostName = remote; -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc-proto.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc-proto.h ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/misc-proto.h 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/misc-proto.h 2010-05-11 13:44:40.190322666 +0200 -@@ -68,7 +68,7 @@ - extern "C" { - #endif - --void auth_encrypt_init P((char *, char *, char *, int)); -+void auth_encrypt_init P((char *, char *, const char *, int)); - void auth_encrypt_connect P((int)); - void auth_encrypt_user P((const char *name)); - void printd P((unsigned char *, int)); -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/sslapp.h netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/sslapp.h ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/sslapp.h 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/sslapp.h 2010-05-11 13:44:40.200330208 +0200 -@@ -45,6 +45,7 @@ - #include "x509.h" - #include "ssl.h" - #define OLDPROTO NOPROTO -+#undef NOPROTO - #define NOPROTO - #include "err.h" - #undef NOPROTO -@@ -72,7 +73,7 @@ - /* we hide all the initialisation code in a separate file now */ - extern int do_ssleay_init(int server); - --extern int display_connect_details(SSL *ssl_con, int verbose); -+extern void display_connect_details(SSL *ssl_con, int verbose); - extern int server_verify_callback(); - extern int client_verify_callback(); - -diff -ur netkit-telnet-ssl-0.17.24+0.1/libtelnet/ssl.c netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/ssl.c ---- netkit-telnet-ssl-0.17.24+0.1/libtelnet/ssl.c 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/libtelnet/ssl.c 2010-05-11 13:44:40.200330208 +0200 -@@ -47,6 +47,9 @@ - #include <string.h> - #endif - -+#include <unistd.h> -+#include <openssl/err.h> -+ - #include "auth.h" - #include "misc.h" - -@@ -91,11 +94,12 @@ - #define VERIFY_ROOT_OK VERIFY_OK - #endif - -+extern int netflush(void); -+ - extern int auth_debug_mode; --static auth_ssl_valid = 0; -+static int auth_ssl_valid = 0; - static char *auth_ssl_name = 0; /* this holds the oneline name */ - --extern BIO *bio_err; - extern int ssl_only_flag; - extern int ssl_debug_flag; - extern int ssl_active_flag; -@@ -120,6 +124,9 @@ - - BIO *bio_err=NULL; - -+int auth_failed=0; -+ -+ - /* compile this set to 1 to negotiate SSL but not actually start it */ - static int ssl_dummy_flag=0; - -@@ -135,7 +142,7 @@ - * telnet connect if we are talking straight ssl with no telnet - * protocol --tjh - */ --int -+void - display_connect_details(ssl_con,verbose) - SSL *ssl_con; - int verbose; -@@ -152,7 +159,7 @@ - /* grab the full list of ciphers */ - i=0; - buf[0]='\0'; -- while((p=SSL_get_cipher_list(ssl_con,i++))!=NULL) { -+ while((p=(char *)SSL_get_cipher_list(ssl_con,i++))!=NULL) { - if (i>0) - strcat(buf,":"); - strcat(buf,p); -@@ -230,7 +237,7 @@ - *p++ = SE; - if (str_data[3] == TELQUAL_IS) - printsub('>', &str_data[2], p - (&str_data[2])); -- return(writenet(str_data, p - str_data)); -+ return(writenet((char *) str_data, p - str_data)); - } - - int auth_ssl_init(ap, server) -@@ -280,7 +287,7 @@ - unsigned char *data; - int cnt; - { -- int valid; -+ /* int valid; */ - - if (cnt-- < 1) - return; -@@ -364,7 +371,7 @@ - unsigned char *data; - int cnt; - { -- int i; -+ /* int i; */ - int status; - - if (cnt-- < 1) -@@ -389,16 +396,13 @@ - SSL_set_verify(ssl_con,ssl_verify_flag, - client_verify_callback); - if ((status = SSL_connect(ssl_con)) <= 0) { -- fprintf(stderr,"[SSL - FAILED (%d)]\r\n", status); -- fflush(stderr); -- -- perror("telnet: Unable to ssl_connect to remote host"); -+ auth_finished(0,AUTH_REJECT); - -+ fprintf(stderr,"[SSL - FAILED (%d)]\r\n", status); -+ fprintf(stderr,"telnet: Unable to ssl_connect to remote host\n"); - ERR_print_errors(bio_err); -- -- /* don't know what I "should" be doing here ... */ -- -- auth_finished(0,AUTH_REJECT); -+ fflush(stderr); -+ auth_failed=1; - return; - } else { - -@@ -452,7 +456,7 @@ - */ - if (ssl_certsok_flag) { - user_fp = fopen("/etc/ssl.users", "r"); -- if (!auth_ssl_name || !user_fp) { -+ if (!auth_ssl_name || !user_fp || !UserNameRequested) { - /* If we haven't received a certificate, then don't - * return AUTH_VALID. - */ -@@ -486,7 +490,7 @@ - cp = strchr(n, ','); - if (cp) - *cp++ = '\0'; -- if (!UserNameRequested || -+ if (UserNameRequested && - !strcmp(UserNameRequested, n)) { - strcpy(name, n); - fclose(user_fp); -@@ -543,7 +547,7 @@ - default: - sprintf(lbuf, " %d (unknown)", data[3]); - strncpy((char *)buf, lbuf, buflen); -- common2: -+/* common2: */ - BUMP(buf, buflen); - for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); -@@ -568,7 +572,7 @@ - #endif /* SSLEAY8 */ - { - static char *saved_subject=NULL; -- X509 *peer; -+ /* X509 *peer; */ - char *subject, *issuer; - #ifdef SSLEAY8 - int depth,error; -@@ -715,8 +719,8 @@ - int depth, error; - #endif /* SSLEAY8 */ - { -- X509 *peer; -- char *subject, *issuer; -+ /* X509 *peer; */ -+ char *subject, *issuer, *cnsubj; - #ifdef SSLEAY8 - int depth,error; - char *xs; -@@ -727,13 +731,13 @@ - - #endif /* SSLEAY8 */ - --#ifdef LOCAL_DEBUG -- fprintf(stderr,"ssl:client_verify_callback:depth=%d ok=%d err=%d-%s\n", -- depth,ok,error,X509_cert_verify_error_string(error)); -- fflush(stderr); --#endif /* LOCAL_DEBUG */ -+ if(ssl_debug_flag && !ok) { -+ fprintf(stderr,"ssl:client_verify_callback:depth=%d ok=%d err=%d-%s\n", -+ depth,ok,error,X509_verify_cert_error_string(error)); -+ fflush(stderr); -+ } - -- subject=issuer=NULL; -+ subject=issuer=cnsubj=NULL; - - /* first thing is to have a meaningful name for the current - * certificate that is being verified ... and if we cannot -@@ -761,60 +765,77 @@ - fflush(stderr); - } - -- /* if the server is using a self signed certificate then -- * we need to decide if that is good enough for us to -- * accept ... -- */ -- if (error==VERIFY_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) { -- if (ssl_cert_required) { -- /* make 100% sure that in secure more we drop the -- * connection if the server does not have a -- * real certificate! -- */ -- fprintf(stderr,"SSL: rejecting connection - server has a self-signed certificate\n"); -- fflush(stderr); -- -- /* sometimes it is really handy to be able to debug things -- * and still get a connection! -- */ -- if (ssl_debug_flag) { -- fprintf(stderr,"SSL: debug -> ignoring cert required!\n"); -- fflush(stderr); -- ok=1; -- } else { -- ok=0; -- } -- goto return_time; -- } else { -- ok=1; -- goto return_time; -- } -+ /* verify commonName matches hostname */ -+ if(ssl_cert_required && depth == 0) { -+ char *cn,*p; -+ -+ cnsubj=strdup(subject); -+ if(cnsubj == NULL) { -+ fprintf(stderr,"SSL: Out of memory.\n"); -+ ok=0; -+ goto return_time; -+ } -+ cn=strstr(cnsubj,"/CN="); -+ if(cn == NULL) { -+ fprintf(stderr,"SSL: Cannot extract CN from certificate subject.\n"); -+ ok=0; -+ goto return_time; -+ } -+ cn+=4; /* skip /CN= */ -+ p=strchr(cn,'/'); -+ if(p != NULL) { -+ *p='\0'; -+ } -+ if(strcasecmp(cn,RemoteHostName) != 0) { -+ fprintf(stderr,"SSL: Certificate CN (%s) does not match hostname (%s)\n", -+ cn,RemoteHostName); -+ ok=0; -+ goto return_time; -+ } - } - -- /* if we have any form of error in secure mode we reject the connection */ -- if (! ((error==VERIFY_OK)||(error==VERIFY_ROOT_OK)) ) { -- if (ssl_cert_required) { -- fprintf(stderr,"SSL: rejecting connection - "); -- if (error==VERIFY_ERR_UNABLE_TO_GET_ISSUER) { -- fprintf(stderr,"unknown issuer: %s\n",issuer); -- } else { -- ERR_print_errors(bio_err); -- } -- fflush(stderr); -- ok=0; -- goto return_time; -- } else { -- /* be nice and display a lot more meaningful stuff -- * so that we know which issuer is unknown no matter -- * what the callers options are ... -- */ -- if (error==VERIFY_ERR_UNABLE_TO_GET_ISSUER) { -- fprintf(stderr,"SSL: unknown issuer: %s\n",issuer); -- fflush(stderr); -- } -- } -+ if((error==VERIFY_OK) || (error==VERIFY_ROOT_OK)) { -+ goto return_time; - } - -+ switch(error) { -+ case VERIFY_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: -+ fprintf(stderr,"SSL: Server has a self-signed certificate\n"); -+ case VERIFY_ERR_UNABLE_TO_GET_ISSUER: -+ fprintf(stderr,"SSL: unknown issuer: %s\n",issuer); -+ break; -+ case X509_V_ERR_CERT_NOT_YET_VALID: -+ fprintf(stderr,"SSL: Certificate not yet valid\n"); -+ BIO_printf(bio_err,"notBefore="); -+ ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); -+ BIO_printf(bio_err,"\n"); -+ break; -+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: -+ fprintf(stderr,"SSL: Error in certificate notBefore field\n"); -+ BIO_printf(bio_err,"notBefore="); -+ ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); -+ BIO_printf(bio_err,"\n"); -+ break; -+ case X509_V_ERR_CERT_HAS_EXPIRED: -+ fprintf(stderr,"SSL: Certificate has expired\n"); -+ BIO_printf(bio_err,"notAfter="); -+ ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); -+ BIO_printf(bio_err,"\n"); -+ break; -+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: -+ fprintf(stderr,"SSL: Error in certificate notAfter field\n"); -+ BIO_printf(bio_err,"notAfter="); -+ ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); -+ BIO_printf(bio_err,"\n"); -+ break; -+ default: -+ fprintf(stderr,"SSL: %s (%d)\n", X509_verify_cert_error_string(error),error); -+ break; -+ } -+ -+ /* If we are here there was an error */ -+ ok=0; -+ - return_time: ; - - /* clean up things */ -@@ -822,7 +843,20 @@ - free(subject); - if (issuer!=NULL) - free(issuer); -- -+ if (cnsubj!=NULL) -+ free(cnsubj); -+ if(!ok && ssl_cert_required) { -+ if(ssl_debug_flag) { -+ fprintf(stderr,"SSL: debug -> ignoring cert required!\n"); -+ ok=1; -+ } -+ else { -+ fprintf(stderr,"SSL: Rejecting connection\n"); -+ ok=0; -+ } -+ } -+ fflush(stderr); -+ - return ok; - } - -diff -ur netkit-telnet-ssl-0.17.24+0.1/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/Makefile ---- netkit-telnet-ssl-0.17.24+0.1/Makefile 2004-05-27 11:47:25.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/Makefile 2010-05-11 14:19:36.673445641 +0200 -@@ -1,7 +1,7 @@ - # You can do "make SUB=blah" to make only a few, or edit here, or both - # You can also run make directly in the subdirs you want. - --SUB = telnet telnetd telnetlogin -+SUB = libtelnet telnet telnetd - - %.build: - (cd $(patsubst %.build, %, $@) && $(MAKE)) -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/authenc.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/authenc.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/authenc.cc 2000-07-23 05:24:53.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/authenc.cc 2010-05-11 13:44:40.056990450 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)authenc.c 5.1 (Berkeley) 3/1/91 - */ - char au_rcsid[] = -- "$Id: authenc.cc,v 1.6 2000/07/23 03:24:53 dholland Exp $"; -+ "$Id: authenc.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #if defined(ENCRYPT) || defined(AUTHENTICATE) - #include <sys/types.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/commands.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/commands.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/commands.cc 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/commands.cc 2010-05-11 13:44:40.060322107 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)commands.c 5.5 (Berkeley) 3/22/91 - */ - char cmd_rcsid[] = -- "$Id: commands.cc,v 1.34 2000/07/23 04:16:24 dholland Exp $"; -+ "$Id: commands.cc,v 1.13 2007-10-04 21:38:18 ianb Exp $"; - - #include <string.h> - -@@ -653,6 +653,21 @@ - return 1; - } - -+#ifdef AUTHENTICATE -+ -+static int tog_autologin(int) { -+ if(autologin == 0) { -+ autologin=1; -+ env_export("USER"); -+ } -+ else { -+ autologin=0; -+ env_unexport("USER"); -+ } -+ return 1; -+} -+ -+#endif /* AUTHENTICATE */ - - static int netdata; /* Print out network data flow */ - static int prettydump; /* Print "netdata" output in user readable format */ -@@ -682,13 +697,13 @@ - - #if defined(AUTHENTICATE) - { "autologin", "automatic sending of login and/or authentication info", -- NULL, &autologin, -+ tog_autologin, NULL, - "send login name and/or authentication information" }, - { "authdebug", "Toggle authentication debugging", - auth_togdebug, NULL, - "print authentication debugging information" }, - #endif --#if 0 -+#ifdef ENCRYPT - { "autoencrypt", "automatic encryption of data stream", - EncryptAutoEnc, NULL, - "automatically encrypt output" }, -@@ -701,7 +716,7 @@ - { "encdebug", "Toggle encryption debugging", - EncryptDebug, NULL, - "print encryption debugging information" }, --#endif -+#endif /* ENCRYPT */ - - { "skiprc", "don't read the telnetrc files", - NULL, &skiprc, -@@ -750,7 +765,7 @@ - NULL, &showoptions, - "show option processing" }, - -- { "termdata", "(debugging) toggle printing of hexadecimal terminal data", -+ { "termdata", "toggle printing of hexadecimal terminal data (debugging)", - NULL, &termdata, - "print hexadecimal representation of terminal traffic" }, - -@@ -1357,9 +1372,9 @@ - else - shellname++; - if (argc > 1) -- execl(shellp, shellname, "-c", &saveline[1], 0); -+ execl(shellp, shellname, "-c", &saveline[1], (char *) NULL); - else -- execl(shellp, shellname, 0); -+ execl(shellp, shellname, (char *) NULL); - perror("Execl"); - _exit(1); - } -@@ -1510,10 +1525,10 @@ - - #if defined(AUTHENTICATE) - struct authlist { -- char *name; -- char *help; -- int (*handler)(const char *, const char *); -- int narg; -+ const char *name; -+ const char *help; -+ int (*handler)(const char *, const char *); -+ int narg; - }; - - static int auth_help (const char *, const char *); -@@ -1833,8 +1848,22 @@ - if (*portp == '-') { - portp++; - telnetport = 1; -- } else -+ } else { - telnetport = 0; -+ if (*portp >='0' && *portp<='9') { -+ char *end; -+ long int p; -+ -+ p=strtol(portp, &end, 10); -+ if (ERANGE==errno && (LONG_MIN==p || LONG_MAX==p)) { -+ fprintf(stderr, "telnet: port %s overflows\n", portp); -+ return 0; -+ } else if (p<=0 || p>=65536) { -+ fprintf(stderr, "telnet: port %s out of range\n", portp); -+ return 0; -+ } -+ } -+ } - } - else { - portp = "telnet"; -@@ -1860,7 +1889,7 @@ - if (res < 0) - return 0; - } -- -+ - /* Resolve both the host and service simultaneously. */ - res = getaddrinfo(resolv_hostp, portp, &hints, &hostaddr); - if (res == EAI_NONAME) { -@@ -1902,6 +1931,16 @@ - NI_NUMERICHOST | NI_NUMERICSERV); - - printf("Trying %s...\n", name); -+ -+ if (tmpaddr->ai_canonname == 0) { -+ hostname = new char[strlen(hostp)+1]; -+ strcpy(hostname, hostp); -+ } -+ else { -+ hostname = new char[strlen(tmpaddr->ai_canonname)+1]; -+ strcpy(hostname, tmpaddr->ai_canonname); -+ } -+ - x = nlink.connect(debug, tmpaddr, srp, srlen, tos); - if (!x) - goto err; -@@ -1909,18 +1948,18 @@ - goto nextaddr; - - connected++; -+ -+#ifdef USE_SSL -+ if (ssl_secure_flag || (strcmp(hostp, "localhost") != 0)) { -+ /* autologin = 1; */ -+ use_authentication=1; -+ } -+#endif /* USE_SSL */ -+ - #if defined(AUTHENTICATE) - auth_encrypt_connect(connected); - #endif - } while (connected == 0); -- if (tmpaddr->ai_canonname == 0) { -- hostname = new char[strlen(hostp)+1]; -- strcpy(hostname, hostp); -- } -- else { -- hostname = new char[strlen(tmpaddr->ai_canonname)+1]; -- strcpy(hostname, tmpaddr->ai_canonname); -- } - - cmdrc(hostp, hostname, portp); - freeaddrinfo(hostaddr); -@@ -1966,6 +2005,9 @@ - #if defined(AUTHENTICATE) - authhelp[] = "turn on (off) authentication ('auth ?' for more)", - #endif -+#if defined(USE_SSL) -+ startsslhelp[] = "switch to telnet-over-ssl (use 'auth' for ssl-over-telnet)", -+#endif - zhelp[] = "suspend telnet", - /* shellhelp[] = "invoke a subshell", */ - envhelp[] = "change environment variables ('environ ?' for more)", -@@ -1981,6 +2023,34 @@ - return 0; - } - -+#if defined(USE_SSL) -+static int startssl_cmd(void) -+{ -+ if(ssl_con == NULL) -+ { -+ fprintf(stderr,"telnet: Internal error - ssl_con not initialised.\n"); -+ return 1; -+ } -+ -+ if(ssl_active_flag) -+ { -+ fprintf(stderr,"telnet: SSL already in use.\n"); -+ return 1; -+ } -+ -+ if (SSL_connect(ssl_con) < 1) -+ { -+ ERR_print_errors_fp(stderr); -+ fflush(stderr); -+ } else { -+ display_connect_details(ssl_con,ssl_debug_flag); -+ ssl_active_flag=1; -+ ssl_only_flag=1; -+ } -+ return 1; -+} -+#endif /* USE_SSL */ -+ - static int slc_mode_import_0(void) { - slc_mode_import(0); - return 1; -@@ -2028,6 +2098,10 @@ - #endif - // BIND("encrypt", encrypthelp, encrypt_cmd); - -+#if defined(USE_SSL) -+ BIND("startssl", startsslhelp, startssl_cmd); -+#endif -+ - BIND("z", zhelp, suspend); - - #if defined(TN3270) /* why?! */ -@@ -2233,22 +2307,18 @@ - } - - void cmdrc(const char *m1, const char *m2, const char *port) { -- static char *rcname = 0; -- static char rcbuf[128]; -+ char *rcname = NULL; - - if (skiprc) return; - - readrc(m1, m2, port, "/etc/telnetrc"); -- if (rcname == 0) { -- rcname = getenv("HOME"); -- if (rcname) -- strcpy(rcbuf, rcname); -- else -- rcbuf[0] = '\0'; -- strcat(rcbuf, "/.telnetrc"); -- rcname = rcbuf; -- } -+ if (asprintf (&rcname, "%s/.telnetrc", getenv ("HOME")) == -1) -+ { -+ perror ("asprintf"); -+ return; -+ } - readrc(m1, m2, port, rcname); -+ free (rcname); - } - - #if defined(IP_OPTIONS) && defined(HAS_IPPROTO_IP) -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/defines.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/defines.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/defines.h 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/defines.h 2010-05-11 13:44:40.063654881 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)defines.h 5.1 (Berkeley) 9/14/90 -- * $Id: defines.h,v 1.5 1996/08/04 23:44:43 dholland Exp $ -+ * $Id: defines.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - #define ENV_VAR NEW_ENV_VAR -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/externs.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/externs.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/externs.h 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/externs.h 2010-05-11 13:44:40.063654881 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)externs.h 5.3 (Berkeley) 3/22/91 -- * $Id: externs.h,v 1.20 1999/08/19 09:34:15 dholland Exp $ -+ * $Id: externs.h,v 1.2 2004-11-17 15:28:51 ianb Exp $ - */ - - #ifndef BSD -@@ -57,6 +57,7 @@ - #define SUBBUFSIZE 256 - - extern int autologin; /* Autologin enabled */ -+extern int use_authentication; /* use SSL authentication */ - extern int skiprc; /* Don't process the ~/.telnetrc file */ - extern int eight; /* use eight bit mode (binary in and/or out) */ - extern int binary; /* use binary option (in and/or out) */ -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/fdset.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/fdset.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/fdset.h 1996-07-16 07:17:22.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/fdset.h 2010-05-11 13:44:40.063654881 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)fdset.h 5.1 (Berkeley) 9/14/90 -- * $Id: fdset.h,v 1.1 1996/07/16 05:17:22 dholland Exp $ -+ * $Id: fdset.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - /* -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/general.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/general.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/general.h 1996-07-16 07:17:22.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/general.h 2010-05-11 13:44:40.063654881 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)general.h 5.2 (Berkeley) 3/1/91 -- * $Id: general.h,v 1.1 1996/07/16 05:17:22 dholland Exp $ -+ * $Id: general.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - /* -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/genget.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/genget.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/genget.cc 1996-07-26 11:54:09.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/genget.cc 2010-05-11 13:44:40.063654881 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)genget.c 5.1 (Berkeley) 2/28/91 - */ - char gg_rcsid[] = -- "$Id: genget.cc,v 1.3 1996/07/26 09:54:09 dholland Exp $"; -+ "$Id: genget.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include <string.h> - #include <ctype.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/glue.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/glue.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/glue.cc 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/glue.cc 2010-05-11 13:44:40.083654043 +0200 -@@ -11,8 +11,9 @@ - printsub_h(direction, pointer, length); - } - --extern "C" void writenet(const char *str, int len) { -+extern "C" int writenet(const char *str, int len) { - netoring.write(str, len); -+ return 1; - } - - extern "C" int telnet_spin() { -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/main.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/main.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/main.cc 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/main.cc 2010-05-11 13:44:40.066988214 +0200 -@@ -39,7 +39,7 @@ - * From: @(#)main.c 5.4 (Berkeley) 3/22/91 - */ - char main_rcsid[] = -- "$Id: main.cc,v 1.14 1999/08/01 05:06:37 dholland Exp $"; -+ "$Id: main.cc,v 1.6 2004-11-22 20:26:37 ianb Exp $"; - - #include "../version.h" - -@@ -86,16 +86,27 @@ - * -X <atype> disable specified auth type - */ - void usage(void) { -- fprintf(stderr, "Usage: %s %s%s%s%s\n", -+ fprintf(stderr, "Usage: %s %s%s%s%s%s\n", - prompt, -+#ifdef AUTHENTICATE -+ "[-4] [-6] [-8] [-E] [-K] [-L] [-X atype] [-a] [-d] [-e char]", -+ "\n\t[-l user] [-n tracefile] [ -b addr ]", -+#else - "[-4] [-6] [-8] [-E] [-L] [-a] [-d] [-e char] [-l user]", - "\n\t[-n tracefile] [ -b addr ]", -+#endif - #ifdef TN3270 - "\n\t" - "[-noasynch] [-noasynctty] [-noasyncnet] [-r] [-t transcom]\n\t", - #else - " [-r] ", - #endif -+#ifdef USE_SSL -+ /* might as well output something useful here ... */ -+ "\n\t[-z ssl] [-z secure] [-z debug] [-z verify=int]\n\t[-z cert=file] [-z key=file]\n\t", -+#else /* !USE_SSL */ -+ "", -+#endif /* USE_SSL */ - "[host-name [port]]" - ); - exit(1); -@@ -135,8 +146,73 @@ - autologin = -1; - - while ((ch = getopt(argc, argv, -- "4678EKLS:X:ab:de:k:l:n:rt:x")) != EOF) { -+ "4678EKLS:X:ab:de:k:l:n:rt:xz:")) != EOF) { - switch(ch) { -+#ifdef USE_SSL -+ case 'z': -+ { -+ char *origopt; -+ -+ origopt=strdup(optarg); -+ optarg=strtok(origopt,","); -+ -+ while(optarg!=NULL) { -+ -+ if (strcmp(optarg, "debug") == 0 ) { -+ ssl_debug_flag=1; -+ } else if (strcmp(optarg, "authdebug") == 0 ) { -+ auth_debug_mode=1; -+ } else if (strcmp(optarg, "ssl") == 0 ) { -+ ssl_only_flag=1; -+ } else if ( (strcmp(optarg, "!ssl") == 0) || -+ (strcmp(optarg, "nossl") == 0) ) { -+ /* we may want to switch SSL negotiation off -+ * for testing or other reasons -+ */ -+ ssl_disabled_flag=1; -+ } else if (strcmp(optarg, "certrequired") == 0 ) { -+ ssl_cert_required=1; -+ } else if (strcmp(optarg, "secure") == 0 ) { -+ ssl_secure_flag=1; -+ } else if (strcmp(optarg, "verbose") == 0 ) { -+ ssl_verbose_flag=1; -+ } else if (strncmp(optarg, "verify=", -+ strlen("verify=")) == 0 ) { -+ ssl_verify_flag=atoi(optarg+strlen("verify=")); -+ } else if (strncmp(optarg, "cert=", -+ strlen("cert=")) == 0 ) { -+ ssl_cert_file= optarg + strlen("cert="); -+ } else if (strncmp(optarg, "key=", -+ strlen("key=")) == 0 ) { -+ ssl_key_file= optarg + strlen("key="); -+ } else if (strncmp(optarg,"cipher=", -+ strlen("cipher="))==0) { -+ ssl_cipher_list=optarg+strlen("cipher="); -+ } else { -+ /* report when we are given rubbish so that -+ * if the user makes a mistake they have to -+ * correct it! -+ */ -+ fprintf(stderr,"Unknown SSL option %s\n",optarg); -+ fflush(stderr); -+ exit(1); -+ } -+ -+ /* get the next one ... */ -+ optarg=strtok(NULL,","); -+ -+ } -+ -+ /* -+ if (origopt!=NULL) -+ free(origopt); -+ */ -+ -+ } -+ -+ break; -+#endif /* USE_SSL */ -+ - case '4': - family = AF_INET; - break; -@@ -257,14 +333,25 @@ - autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1; - - #ifdef USE_SSL -+ if((ssl_cert_file != NULL) || (ssl_key_file != NULL)) { -+ autologin = 1; -+ } -+ - if (ssl_secure_flag||ssl_cert_required) { - /* in secure mode we *must* switch on the base level - * verify checking otherwise we cannot abort connections - * at the right place! - */ - if (ssl_verify_flag == 0) -- ssl_verify_flag = 1; -+ ssl_verify_flag = SSL_VERIFY_PEER;; - } -+ -+ /* client mode ignores SSL_VERIFY_FAIL_IF_NO_PEER_CERT, -+ so simulate it using certrequired */ -+ if(ssl_verify_flag & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { -+ ssl_cert_required=1; -+ } -+ - #endif /* USE_SSL */ - - argc -= optind; -@@ -289,11 +376,6 @@ - *argp++ = family == AF_INET ? "-4" : "-6"; - } - *argp++ = argv[0]; /* host */ --#ifdef USE_SSL -- if (strcmp(argv[0], "localhost") != 0) { -- autologin = 1; -- } --#endif /* USE_SSL */ - if (argc > 1) - *argp++ = argv[1]; /* port */ - *argp = 0; -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnet/Makefile ---- netkit-telnet-ssl-0.17.24+0.1/telnet/Makefile 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/Makefile 2010-05-11 13:44:40.056990450 +0200 -@@ -6,15 +6,18 @@ - #CXXFLAGS:=$(patsubst -O2, -g, $(CXXFLAGS)) - - # -DAUTHENTICATE --CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE --LIBS = $(LIBTERMCAP) -+CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE -DAUTHENTICATE -DUSE_SSL \ -+ -I/usr/include/openssl -I../ -+LIBTELNET = ../libtelnet/libtelnet.a -+LIBS += $(LIBTERMCAP) $(LIBTELNET) -lssl -lcrypto - - SRCS = commands.cc main.cc network.cc ring.cc sys_bsd.cc telnet.cc \ -- terminal.cc tn3270.cc utilities.cc genget.cc environ.cc netlink.cc -+ terminal.cc tn3270.cc utilities.cc genget.cc environ.cc netlink.cc \ -+ glue.cc glue2.cc - - OBJS = $(patsubst %.cc, %.o, $(SRCS)) - --telnet: $(OBJS) -+telnet: $(OBJS) $(LIBTELNET) - $(CXX) $(LDFLAGS) $^ $(LIBS) -o $@ - - include depend.mk -@@ -22,7 +25,7 @@ - $(CXX) $(CXXFLAGS) -MM $(SRCS) >depend.mk - - install: telnet -- install -s -m$(BINMODE) telnet $(INSTALLROOT)$(BINDIR)/telnet-ssl -+ install -m$(BINMODE) telnet $(INSTALLROOT)$(BINDIR)/telnet-ssl - install -m$(MANMODE) telnet.1 $(INSTALLROOT)$(MANDIR)/man1/telnet-ssl.1 - - clean: -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/netlink.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/netlink.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/netlink.cc 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/netlink.cc 2010-05-11 13:44:40.066988214 +0200 -@@ -12,12 +12,27 @@ - #include "proto.h" - #include "ring.h" - #include <libtelnet/sslapp.h> -+#include <libtelnet/misc-proto.h> - - /* In Linux, this is an enum */ - #if defined(__linux__) || defined(IPPROTO_IP) - #define HAS_IPPROTO_IP - #endif - -+/* code from Peter 'Luna' Runestig <peter@runestig.com> */ -+static int select_read(int rfd) -+/* timeout = 20 seconds */ -+{ -+ fd_set rfds; -+ struct timeval tv; -+ -+ FD_ZERO(&rfds); -+ FD_SET(rfd, &rfds); -+ tv.tv_sec = 20; -+ tv.tv_usec = 0; -+ return select(rfd + 1, &rfds, NULL, NULL, &tv); -+} -+ - netlink nlink; - - class netchannel : public ringbuf::source { -@@ -26,12 +41,23 @@ - int net = nlink.getfd(); - int l; - #ifdef USE_SSL -- if (ssl_active_flag) -- l = SSL_read(ssl_con, buf, maxlen); -- else -+ if (ssl_active_flag) { -+ do { -+ l = SSL_read(ssl_con, buf, maxlen); -+ /* -+ * SSL_ERROR_WANT_READ may occur if an SSL/TLS rehandshake occurs. -+ * This means that data was available at the socket, but all was -+ * consumed by SSL itself, so we select (w/20s timeout) and retry. -+ */ -+ } while (l<0 && -+ (SSL_ERROR_WANT_READ == SSL_get_error(ssl_con, l)) && -+ (select_read(net) > 0)); -+ } else - #endif /* USE_SSL */ -- l = recv(net, buf, maxlen, 0); -- if (l<0 && errno == EWOULDBLOCK) l = 0; -+ { -+ l = recv(net, buf, maxlen, 0); -+ if (l<0 && errno == EWOULDBLOCK) l = 0; -+ } - return l; - } - }; -@@ -70,11 +96,11 @@ - - - netlink::netlink() { net = -1; } --netlink::~netlink() { ::close(net); } -+netlink::~netlink() { if (net >= 0) ::close(net); } - - - int netlink::setdebug(int debug) { -- if (net > 0 && -+ if (net >= 0 && - (setsockopt(net, SOL_SOCKET, SO_DEBUG, &debug, sizeof(debug))) < 0) { - perror("setsockopt (SO_DEBUG)"); - } -@@ -95,7 +121,8 @@ - ssl_active_flag=0; - } - #endif /* USE_SSL */ -- ::close(net); -+ if (net >= 0) -+ ::close(net); - net = -1; - } - -@@ -142,7 +169,8 @@ - { - int on=1; - int res; -- -+ extern char *hostname; -+ - res = socket(addr->ai_family); - if (res < 2) - return res; -@@ -192,10 +220,24 @@ - /* bind in the network descriptor */ - SSL_set_fd(ssl_con,net); - -+#if defined(AUTHENTICATE) -+ /* moved from telnet() so client_verify_callback knows RemoteHostName -ianb */ -+ { -+ static char local_host[256] = { 0 }; -+ int len = sizeof(local_host); -+ -+ if (!local_host[0]) { -+ gethostname(local_host, len); /* WAS &len!!! */ -+ local_host[sizeof(local_host)-1] = 0; -+ } -+ auth_encrypt_init(local_host, hostname, "TELNET", 0); -+ } -+#endif -+ - /* if we are doing raw SSL then start it now ... */ - if (ssl_only_flag) { - if (!SSL_connect(ssl_con)) { -- static char errbuf[1024]; -+ /* static char errbuf[1024]; */ - - ERR_print_errors_fp(stderr); - perror("SSL_connect"); -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/network.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/network.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/network.cc 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/network.cc 2010-05-11 13:44:40.066988214 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)network.c 5.2 (Berkeley) 3/1/91 - */ - char net_rcsid[] = -- "$Id: network.cc,v 1.15 1996/08/13 08:09:58 dholland Exp $"; -+ "$Id: network.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include <sys/types.h> - #include <sys/socket.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/proto.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/proto.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/proto.h 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/proto.h 2010-05-11 13:44:40.070321269 +0200 -@@ -10,9 +10,11 @@ - int TerminalSpecialChars(int); - void TerminalSpeeds(long *ispeed, long *ospeed); - int TerminalWindowSize(long *rows, long *cols); -+#if 0 - void auth_encrypt_user(char *); - void auth_name(unsigned char *, int); - void auth_printsub(unsigned char *, int, unsigned char *, int); -+#endif - void cmdrc(const char *, const char *, const char *); - void env_init(void); - int getconnmode(void); -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/ring.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/ring.cc 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.cc 2010-05-11 13:44:40.070321269 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)ring.c 5.2 (Berkeley) 3/1/91 - */ - char ring_rcsid[] = -- "$Id: ring.cc,v 1.23 2000/07/23 03:25:09 dholland Exp $"; -+ "$Id: ring.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - /* - * This defines a structure for a ring buffer. -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/ring.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/ring.h 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.h 2010-05-11 13:44:40.070321269 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)ring.h 5.2 (Berkeley) 3/1/91 -- * $Id: ring.h,v 1.13 1996/08/13 08:43:28 dholland Exp $ -+ * $Id: ring.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - class datasink { -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/sys_bsd.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/sys_bsd.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/sys_bsd.cc 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/sys_bsd.cc 2010-05-11 13:44:40.070321269 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)sys_bsd.c 5.2 (Berkeley) 3/1/91 - */ - char bsd_rcsid[] = -- "$Id: sys_bsd.cc,v 1.24 1999/09/28 16:29:24 dholland Exp $"; -+ "$Id: sys_bsd.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - /* - * The following routines try to encapsulate what is system dependent -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.1 netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.1 ---- netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.1 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.1 2010-05-11 13:44:40.073654603 +0200 -@@ -30,7 +30,7 @@ - .\" SUCH DAMAGE. - .\" - .\" from: @(#)telnet.1 6.16 (Berkeley) 7/27/91 --.\" $Id: telnet.1,v 1.15 2000/07/30 23:57:08 dholland Exp $ -+.\" $Id: telnet.1,v 1.5 2006-09-24 00:48:31 ianb Exp $ - .\" - .Dd August 15, 1999 - .Dt TELNET 1 -@@ -42,12 +42,14 @@ - protocol - .Sh SYNOPSIS - .Nm telnet --.Op Fl 468ELadr -+.Op Fl 468EKLadr - .Op Fl S Ar tos -+.Op Fl X Ar authtype - .Op Fl b Ar address - .Op Fl e Ar escapechar - .Op Fl l Ar user - .Op Fl n Ar tracefile -+.Op Fl z Ar option - .Oo - .Ar host - .Op Ar port -@@ -152,44 +154,47 @@ - command below. - .It Fl z Ar option - Set SSL (Secure Socket Layer) parameters. The default is to negotiate --via telnet protocoll if SSL is availlable at server side and then to -+via telnet protocol if SSL is available at server side and then to - switch it on. In this mode you can connect to both conventional and --SSL enhanced telnetd's. -+SSL enhanced telnetd's. If the connection is made to localhost and -+.Ic -z secure -+is not set, then -+SSL is not enabled. - .Pp - The SSL parameters are: - .Bl -tag -width Fl --.It Ic Ar debug -+.It Ic debug - Send SSL related debugging information to stderr. --.It Ic Ar authdebug -+.It Ic authdebug - Enable authentication debugging. --.It Ic Ar ssl -+.It Ic ssl - Negotiate SSL at first, then use telnet protocol. In this mode you can - connect to any server supporting directly SSL like Apache-SSL. Use - .Ic telnet -z ssl ssl3.netscape.com https - for example. telnet protocol negotiation goes encrypted. --.It Ic Ar nossl, Ar !ssl --switch of SSL negotiation --.It Ic Ar certrequired --client certificate is mandatory --.It Ic Ar secure -+.It Ic nossl, Ic !ssl -+switch off SSL negotiation -+.It Ic certrequired -+server certificate is mandatory -+.It Ic secure - Don't switch back to unencrypted mode (no SSL) if SSL is not available. --.It Ic Ar verbose -+.It Ic verbose - Be verbose about certificates etc. --.It Ic Ar verify=int -+.It Ic verify= Ns Ar int - .\" TODO - Set the SSL verify flags (SSL_VERIFY_* in - .Ar ssl/ssl.h - ). - .\" TODO --.It Ic Ar cert=cert_file -+.It Ic cert= Ns Ar cert_file - .\" TODO - Use the certificate(s) in - .Ar cert_file . --.It Ic Ar key=key_file -+.It Ic key= Ns Ar key_file - .\" TODO - Use the key(s) in - .Ar key_file . --.It Ic Ar cipher=ciph_list -+.It Ic cipher= Ns Ar ciph_list - .\" TODO - Set the preferred ciphers to - .Ar ciph_list . -@@ -319,10 +324,6 @@ - List the current status of the various types of - authentication. - .El --.Pp --Note that the current version of --.Nm telnet --does not support authentication. - .It Ic close - Close the connection to the remote host, if any, and return to command - mode. -@@ -332,49 +333,49 @@ - and - .Ic toggle - values (see below). --.It Ic encrypt Ar argument ... --The encrypt command controls the --.Dv TELNET ENCRYPT --protocol option. If --.Nm telnet --was compiled without encryption, the --.Ic encrypt --command will not be supported. --.Pp --Valid arguments are as follows: --.Bl -tag -width Ar --.It Ic disable Ar type Ic [input|output] --Disable the specified type of encryption. If you do not specify input --or output, encryption of both is disabled. To obtain a list of --available types, use ``encrypt disable \&?''. --.It Ic enable Ar type Ic [input|output] --Enable the specified type of encryption. If you do not specify input --or output, encryption of both is enabled. To obtain a list of --available types, use ``encrypt enable \&?''. --.It Ic input --This is the same as ``encrypt start input''. --.It Ic -input --This is the same as ``encrypt stop input''. --.It Ic output --This is the same as ``encrypt start output''. --.It Ic -output --This is the same as ``encrypt stop output''. --.It Ic start Ic [input|output] --Attempt to begin encrypting. If you do not specify input or output, --encryption of both input and output is started. --.It Ic status --Display the current status of the encryption module. --.It Ic stop Ic [input|output] --Stop encrypting. If you do not specify input or output, encryption of --both is stopped. --.It Ic type Ar type --Sets the default type of encryption to be used with later ``encrypt start'' --or ``encrypt stop'' commands. --.El --.Pp --Note that the current version of --.Nm telnet --does not support encryption. -+.\" .It Ic encrypt Ar argument ... -+.\" The encrypt command controls the -+.\" .Dv TELNET ENCRYPT -+.\" protocol option. If -+.\" .Nm telnet -+.\" was compiled without encryption, the -+.\" .Ic encrypt -+.\" command will not be supported. -+.\" .Pp -+.\" Valid arguments are as follows: -+.\" .Bl -tag -width Ar -+.\" .It Ic disable Ar type Ic [input|output] -+.\" Disable the specified type of encryption. If you do not specify input -+.\" or output, encryption of both is disabled. To obtain a list of -+.\" available types, use ``encrypt disable \&?''. -+.\" .It Ic enable Ar type Ic [input|output] -+.\" Enable the specified type of encryption. If you do not specify input -+.\" or output, encryption of both is enabled. To obtain a list of -+.\" available types, use ``encrypt enable \&?''. -+.\" .It Ic input -+.\" This is the same as ``encrypt start input''. -+.\" .It Ic -input -+.\" This is the same as ``encrypt stop input''. -+.\" .It Ic output -+.\" This is the same as ``encrypt start output''. -+.\" .It Ic -output -+.\" This is the same as ``encrypt stop output''. -+.\" .It Ic start Ic [input|output] -+.\" Attempt to begin encrypting. If you do not specify input or output, -+.\" encryption of both input and output is started. -+.\" .It Ic status -+.\" Display the current status of the encryption module. -+.\" .It Ic stop Ic [input|output] -+.\" Stop encrypting. If you do not specify input or output, encryption of -+.\" both is stopped. -+.\" .It Ic type Ar type -+.\" Sets the default type of encryption to be used with later ``encrypt start'' -+.\" or ``encrypt stop'' commands. -+.\" .El -+.\" .Pp -+.\" Note that the current version of -+.\" .Nm telnet -+.\" does not support encryption. - .It Ic environ Ar arguments... - The - .Ic environ -@@ -1017,6 +1018,16 @@ - .Ic slc - command. - .El -+.It Ic startssl -+Attempt to negotiate telnet-over-SSL (as with the -+.Ic -z ssl -+option). This is useful when connecting to non-telnetds such -+as imapd (with the -+.Ic STARTTLS -+command). To control SSL when connecting to a SSL-enabled -+telnetd, use the -+.Ic auth -+command instead. - .It Ic status - Show the current status of - .Nm telnet . -@@ -1079,17 +1090,17 @@ - .Dv FALSE - (see - .Xr stty 1 ) . --.It Ic autodecrypt --When the --.Dv TELNET ENCRYPT --option is negotiated, by --default the actual encryption (decryption) of the data --stream does not start automatically. The autoencrypt --(autodecrypt) command states that encryption of the --output (input) stream should be enabled as soon as --possible. --.Pp --Note that this flag exists only if encryption support is enabled. -+.\" .It Ic autodecrypt -+.\" When the -+.\" .Dv TELNET ENCRYPT -+.\" option is negotiated, by -+.\" default the actual encryption (decryption) of the data -+.\" stream does not start automatically. The autoencrypt -+.\" (autodecrypt) command states that encryption of the -+.\" output (input) stream should be enabled as soon as -+.\" possible. -+.\" .Pp -+.\" Note that this flag exists only if encryption support is enabled. - .It Ic autologin - If the remote side supports the - .Dv TELNET AUTHENTICATION -@@ -1174,9 +1185,9 @@ - .Ic super user ) . - The initial value for this toggle is - .Dv FALSE . --.It Ic encdebug --Turns on debugging information for the encryption code. --Note that this flag only exists if encryption support is available. -+.\" .It Ic encdebug -+.\" Turns on debugging information for the encryption code. -+.\" Note that this flag only exists if encryption support is available. - .It Ic localchars - If this is - .Dv TRUE , -@@ -1221,8 +1232,9 @@ - is sent as - .Ic abort , - and --.Ic eof and --.B suspend -+.Ic eof -+and -+.Ic suspend - are sent as - .Ic eof and - .Ic susp , -@@ -1263,16 +1275,16 @@ - Toggles the display of all terminal data (in hexadecimal format). - The initial value for this toggle is - .Dv FALSE . --.It Ic verbose_encrypt --When the --.Ic verbose_encrypt --toggle is --.Dv TRUE , --.Tn TELNET --prints out a message each time encryption is enabled or --disabled. The initial value for this toggle is --.Dv FALSE. --This flag only exists if encryption support is available. -+.\" .It Ic verbose_encrypt -+.\" When the -+.\" .Ic verbose_encrypt -+.\" toggle is -+.\" .Dv TRUE , -+.\" .Tn TELNET -+.\" prints out a message each time encryption is enabled or -+.\" disabled. The initial value for this toggle is -+.\" .Dv FALSE. -+.\" This flag only exists if encryption support is available. - .It Ic \&? - Displays the legal - .Ic toggle -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.cc 2004-05-27 11:47:26.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.cc 2010-05-11 13:44:40.076987936 +0200 -@@ -47,7 +47,7 @@ - * From: @(#)telnet.c 5.53 (Berkeley) 3/22/91 - */ - char telnet_rcsid[] = --"$Id: telnet.cc,v 1.36 2000/07/23 03:24:53 dholland Exp $"; -+"$Id: telnet.cc,v 1.8 2005-04-14 15:26:27 ianb Exp $"; - - #include <string.h> - #include <sys/types.h> -@@ -107,6 +107,7 @@ - eight = 3, - binary = 0, - autologin = 0, /* Autologin anyone? */ -+ use_authentication = 0, - skiprc = 0, - connected, - showoptions, -@@ -495,7 +496,8 @@ - break; - #if defined(AUTHENTICATE) - case TELOPT_AUTHENTICATION: -- if (autologin) -+ /* if (autologin) */ -+ if (use_authentication) - new_state_ok = 1; - break; - #endif -@@ -722,6 +724,7 @@ - */ - - static void suboption(void) { -+ extern int auth_failed; - printsub('<', subbuffer, SB_LEN()+2); - switch (SB_GET()) { - case TELOPT_TTYPE: -@@ -845,7 +848,8 @@ - - #if defined(AUTHENTICATE) - case TELOPT_AUTHENTICATION: { -- if (!autologin) -+ /* if (!autologin) */ -+ if (!use_authentication) - break; - if (SB_EOF()) - return; -@@ -864,6 +868,10 @@ - if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) - return; - auth_reply(subpointer, SB_LEN()); -+ if(auth_failed) { -+ /* auth rejected, quit */ -+ quit(); -+ } - break; - case TELQUAL_NAME: - if (my_want_state_is_dont(TELOPT_AUTHENTICATION)) -@@ -1140,6 +1148,7 @@ - - - unsigned char slc_reply[128]; -+unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)]; - unsigned char *slc_replyp; - - void slc_start_reply(void) { -@@ -1151,6 +1160,14 @@ - } - - void slc_add_reply(int func, int flags, int value) { -+ /* A sequence of up to 6 bytes my be written for this member of the SLC -+ * suboption list by this function. The end of negotiation command, -+ * which is written by slc_end_reply(), will require 2 additional -+ * bytes. Do not proceed unless there is sufficient space for these -+ * items. -+ */ -+ if (&slc_replyp[6+2] > slc_reply_eom) -+ return; - if ((*slc_replyp++ = func) == IAC) - *slc_replyp++ = IAC; - if ((*slc_replyp++ = flags) == IAC) -@@ -1819,25 +1836,19 @@ - */ - void telnet(const char *user) { - sys_telnet_init(); -- --#if defined(AUTHENTICATE) -- { -- static char local_host[256] = { 0 }; -- int len = sizeof(local_host); -- -- if (!local_host[0]) { -- gethostname(local_host, len); /* WAS &len!!! */ -- local_host[sizeof(local_host)-1] = 0; -- } -- auth_encrypt_init(local_host, hostname, "TELNET", 0); -- auth_encrypt_user(user); -- } -+ -+#ifdef AUTHENTICATE -+ auth_encrypt_user(user); - #endif -- -+ - #if !defined(TN3270) - if (telnetport) { -+ -+ send_will(TELOPT_ENVIRON, 1); -+ - #if defined(AUTHENTICATE) -- if (autologin) -+ /* if (autologin) */ -+ if (use_authentication) - send_will(TELOPT_AUTHENTICATION, 1); - #endif - send_do(TELOPT_SGA, 1); -@@ -1846,7 +1857,6 @@ - send_will(TELOPT_TSPEED, 1); - send_will(TELOPT_LFLOW, 1); - send_will(TELOPT_LINEMODE, 1); -- send_will(TELOPT_ENVIRON, 1); - send_do(TELOPT_STATUS, 1); - if (env_getvalue("DISPLAY", 0)) - send_will(TELOPT_XDISPLOC, 1); -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/terminal.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/terminal.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/terminal.cc 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/terminal.cc 2010-05-11 13:44:40.080321548 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)terminal.c 5.3 (Berkeley) 3/22/91 - */ - char terminal_rcsid[] = -- "$Id: terminal.cc,v 1.25 1999/12/12 19:48:05 dholland Exp $"; -+ "$Id: terminal.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include <arpa/telnet.h> - #include <sys/types.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/tn3270.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/tn3270.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/tn3270.cc 1996-08-13 11:08:34.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/tn3270.cc 2010-05-11 13:44:40.080321548 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)tn3270.c 5.2 (Berkeley) 3/1/91 - */ - char tn3270_rcsid[] = -- "$Id: tn3270.cc,v 1.9 1996/08/13 09:08:34 dholland Exp $"; -+ "$Id: tn3270.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include <sys/types.h> - #include <arpa/telnet.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/types.h netkit-telnet-ssl-0.17.24+0.1.orig/telnet/types.h ---- netkit-telnet-ssl-0.17.24+0.1/telnet/types.h 1996-07-27 02:45:54.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/types.h 2010-05-11 13:44:40.083654043 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)types.h 5.1 (Berkeley) 9/14/90 -- * $Id: types.h,v 1.2 1996/07/27 00:45:54 dholland Exp $ -+ * $Id: types.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - typedef struct { -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnet/utilities.cc netkit-telnet-ssl-0.17.24+0.1.orig/telnet/utilities.cc ---- netkit-telnet-ssl-0.17.24+0.1/telnet/utilities.cc 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnet/utilities.cc 2010-05-11 13:44:40.083654043 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)utilities.c 5.3 (Berkeley) 3/22/91 - */ - char util_rcsid[] = -- "$Id: utilities.cc,v 1.19 1999/12/12 15:33:40 dholland Exp $"; -+ "$Id: utilities.cc,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #define TELOPTS - #define TELCMDS -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/authenc.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/authenc.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/authenc.c 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/authenc.c 2010-05-11 13:44:40.086987376 +0200 -@@ -23,7 +23,7 @@ - * From: @(#)authenc.c 5.1 (Berkeley) 3/1/91 - */ - char authenc_rcsid[] = -- "$Id: authenc.c,v 1.5 1999/12/12 14:59:44 dholland Exp $"; -+ "$Id: authenc.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #if defined(ENCRYPT) || defined(AUTHENTICATE) - #include "telnetd.h" -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/defs.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/defs.h ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/defs.h 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/defs.h 2010-05-11 13:44:40.086987376 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)defs.h 5.10 (Berkeley) 3/1/91 -- * $Id: defs.h,v 1.7 1999/08/02 03:14:03 dholland Exp $ -+ * $Id: defs.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - /* -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/ext.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/ext.h ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/ext.h 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/ext.h 2010-05-11 13:44:40.086987376 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)ext.h 5.7 (Berkeley) 3/1/91 -- * $Id: ext.h,v 1.9 1999/12/12 14:59:44 dholland Exp $ -+ * $Id: ext.h,v 1.2 2004-11-21 12:53:12 ianb Exp $ - */ - - /* -@@ -113,7 +113,7 @@ - void interrupt(void); - void localstat(void); - void netclear(void); --void netflush(void); -+int netflush(void); - size_t netbuflen(int); - void sendurg(const char *, size_t); - -@@ -183,7 +183,8 @@ - void tty_tspeed(int); - void willoption(int); - void wontoption(int); --#define writenet(b, l) fwrite(b, 1, l, netfile) -+int writenet(char *, int); -+/*#define writenet(b, l) fwrite(b, 1, l, netfile)*/ - void netopen(void); - - #if defined(ENCRYPT) -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/getent.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/getent.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/getent.c 1996-08-15 08:23:28.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/getent.c 2010-05-11 13:44:40.086987376 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)getent.c 5.1 (Berkeley) 2/28/91 - */ - char ge_rcsid[] = -- "$Id: getent.c,v 1.3 1996/08/15 06:23:28 dholland Exp $"; -+ "$Id: getent.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - /* - * Copyright (c) 1991 Regents of the University of California. -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/global.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/global.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/global.c 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/global.c 2010-05-11 13:44:40.090341661 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)global.c 5.2 (Berkeley) 6/1/90 - */ - char global_rcsid[] = -- "$Id: global.c,v 1.4 1999/12/12 14:59:44 dholland Exp $"; -+ "$Id: global.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - /* - * Allocate global variables. -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/issue.net.5 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/issue.net.5 ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/issue.net.5 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/issue.net.5 2010-05-11 13:44:40.090341661 +0200 -@@ -15,26 +15,26 @@ - .Pa /etc/issue.net - is a text file which contains a message or system identification to be - printed before the login prompt of a telnet session. It may contain --various `%-char' sequences. The following sequences are supported by -+various `%\&\-char' sequences. The following sequences are supported by - .Ic telnetd : - .Bl -tag -offset indent -compact -width "abcde" --.It %t -+.It %\&t - - show the current tty --.It %h -+.It %\&h - - show the system node name (FQDN) --.It %D -+.It %\&D - - show the name of the NIS domain --.It %d -+.It %\&d - - show the current time and date --.It %s -+.It %\&s - - show the name of the operating system --.It %m -+.It %\&m - - show the machine (hardware) type --.It %r -+.It %\&r - - show the operating system release --.It %v -+.It %\&v - - show the operating system version --.It %% -+.It %\&% - - display a single '%' character - .El - .Sh FILES -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/Makefile ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/Makefile 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/Makefile 2010-05-11 14:12:59.493485309 +0200 -@@ -9,9 +9,11 @@ - # take out -DPARANOID_TTYS. - - CFLAGS += '-DISSUE_FILE="/etc/issue.net"' -DPARANOID_TTYS \ -- -DNO_REVOKE -DKLUDGELINEMODE -DDIAGNOSTICS \ -- -DLOGIN_WRAPPER=\"/usr/lib/telnetlogin\" --# LIBS += $(LIBTERMCAP) -+ -DNO_REVOKE -DKLUDGELINEMODE -DDIAGNOSTICS -DAUTHENTICATE \ -+ -DLOGIN_WRAPPER=\"/usr/lib/telnetlogin\" \ -+ -DUSE_SSL -I/usr/include/openssl -I.. -+LIBTELNET = ../libtelnet/libtelnet.a -+LIBS += $(LIBTERMCAP) $(LIBTELNET) -lssl -lcrypto - - OBJS = telnetd.o state.o termstat.o slc.o sys_term.o utility.o \ - global.o setproctitle.o -@@ -28,10 +30,10 @@ - telnetd.o: ../version.h - - install: telnetd -- install -s -m$(DAEMONMODE) telnetd $(INSTALLROOT)$(SBINDIR)/in.telnetd -- install -m$(MANMODE) issue.net.5 $(INSTALLROOT)$(MANDIR)/man5/ -- install -m$(MANMODE) telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/in.telnetd.8 -- ln -sf in.telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/telnetd.8 -+ install -m$(DAEMONMODE) telnetd $(INSTALLROOT)$(SBINDIR)/in.telnetd-ssl -+# install -m$(MANMODE) issue.net.5 $(INSTALLROOT)$(MANDIR)/man5/ -+ install -m$(MANMODE) telnetd.8 $(INSTALLROOT)$(MANDIR)/man8/in.telnetd-ssl.8 -+ ln -sf in.telnetd-ssl.8 $(INSTALLROOT)$(MANDIR)/man8/telnetd-ssl.8 - - clean: - rm -f *.o telnetd -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/pathnames.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/pathnames.h ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/pathnames.h 1996-08-30 00:31:24.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/pathnames.h 2010-05-11 13:44:40.090341661 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)pathnames.h 5.5 (Berkeley) 6/28/90 -- * $Id: pathnames.h,v 1.3 1996/08/29 22:31:24 dholland Exp $ -+ * $Id: pathnames.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - #include <paths.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.3 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.3 ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.3 2000-07-31 01:57:09.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.3 2010-05-11 13:44:40.090341661 +0200 -@@ -1,5 +1,5 @@ - .\" OpenBSD: setproctitle.3,v 1.4 1996/10/08 01:20:08 michaels Exp --.\" $Id: setproctitle.3,v 1.13 2000/07/30 23:57:09 dholland Exp $ -+.\" $Id: setproctitle.3,v 1.1 2004-10-14 13:19:53 ianb Exp $ - .\" - .\" Copyright (c) 1994, 1995 Christopher G. Demetriou - .\" All rights reserved. -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/setproctitle.c 2004-05-27 11:47:01.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/setproctitle.c 2010-05-11 13:44:40.090341661 +0200 -@@ -39,7 +39,7 @@ - * From: @(#)conf.c 8.243 (Berkeley) 11/20/95 - */ - char setproctitle_rcsid[] = -- "$Id: setproctitle.c,v 1.3 1999/12/10 23:06:39 bryce Exp $"; -+ "$Id: setproctitle.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include <stdlib.h> - #include <string.h> -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/slc.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/slc.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/slc.c 1999-12-12 15:59:44.000000000 +0100 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/slc.c 2010-05-11 13:44:40.096989611 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)slc.c 5.7 (Berkeley) 3/1/91 - */ - char slc_rcsid[] = -- "$Id: slc.c,v 1.5 1999/12/12 14:59:44 dholland Exp $"; -+ "$Id: slc.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include "telnetd.h" - -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/state.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/state.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/state.c 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/state.c 2010-05-11 13:44:40.100321827 +0200 -@@ -35,11 +35,12 @@ - * From: @(#)state.c 5.10 (Berkeley) 3/22/91 - */ - char state_rcsid[] = -- "$Id: state.c,v 1.12 1999/12/12 19:41:44 dholland Exp $"; -+ "$Id: state.c,v 1.5 2005-07-07 21:53:00 ianb Exp $"; - - #include "telnetd.h" - #if defined(AUTHENTICATE) - #include <libtelnet/auth.h> -+extern char *UserNameRequested; - #endif - - int not42 = 1; -@@ -1161,7 +1162,7 @@ - - case TELOPT_ENVIRON: { - register int c; -- register char *cp, *varp, *valp; -+ register unsigned char *cp, *varp, *valp; - - if (SB_EOF()) - return; -@@ -1177,25 +1178,41 @@ - if (SB_EOF()) - return; - -- cp = varp = (char *)subpointer; -+ cp = varp = (unsigned char *)subpointer; - valp = 0; - - while (!SB_EOF()) { - switch (c = SB_GET()) { - case ENV_VALUE: - *cp = '\0'; -- cp = valp = (char *)subpointer; -+ cp = valp = (unsigned char *)subpointer; - break; - - case ENV_VAR: - *cp = '\0'; -- if (envvarok(varp)) { -- if (valp) -- (void)setenv(varp, valp, 1); -- else -- unsetenv(varp); -+ if (envvarok((char *)varp)) { -+ if (valp) { -+ (void)setenv((char *)varp, (char *)valp, 1); -+#ifdef AUTHENTICATE -+ if (strcmp((char *)varp,"USER") == 0) { -+ if (UserNameRequested) -+ free(UserNameRequested); -+ UserNameRequested=strdup((char *)valp); -+ } -+#endif /* AUTHENTICATE */ -+ } -+ else { -+ unsetenv((char *)varp); -+#ifdef AUTHENTICATE -+ if (strcmp((char *)varp,"USER") == 0) { -+ if (UserNameRequested) -+ free(UserNameRequested); -+ UserNameRequested=NULL; -+ } -+#endif /* AUTHENTICATE */ -+ } - } -- cp = varp = (char *)subpointer; -+ cp = varp = (unsigned char *)subpointer; - valp = 0; - break; - -@@ -1211,11 +1228,27 @@ - } - } - *cp = '\0'; -- if (envvarok(varp)) { -- if (valp) -- (void)setenv(varp, valp, 1); -- else -- unsetenv(varp); -+ if (envvarok((char *)varp)) { -+ if (valp) { -+ (void)setenv((char *)varp, (char *)valp, 1); -+#ifdef AUTHENTICATE -+ if (strcmp((char *)varp,"USER") == 0) { -+ if (UserNameRequested) -+ free(UserNameRequested); -+ UserNameRequested=strdup((char *)valp); -+ } -+#endif /* AUTHENTICATE */ -+ } -+ else { -+ unsetenv((char *)varp); -+#ifdef AUTHENTICATE -+ if (strcmp((char *)varp,"USER") == 0) { -+ if (UserNameRequested) -+ free(UserNameRequested); -+ UserNameRequested=NULL; -+ } -+#endif /* AUTHENTICATE */ -+ } - } - break; - } /* end of case TELOPT_ENVIRON */ -@@ -1367,7 +1400,7 @@ - ADD(IAC); - ADD(SE); - -- writenet(statusbuf, ncp - statusbuf); -+ writenet((char *)statusbuf, ncp - statusbuf); - netflush(); /* Send it on its way */ - - DIAG(TD_OPTIONS, {printsub('>', statusbuf, ncp - statusbuf); netflush();}); -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/sys_term.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/sys_term.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/sys_term.c 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/sys_term.c 2010-05-11 13:44:40.106987377 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)sys_term.c 5.16 (Berkeley) 3/22/91 - */ - char st_rcsid[] = -- "$Id: sys_term.c,v 1.17 1999/12/17 14:28:47 dholland Exp $"; -+ "$Id: sys_term.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include <utmp.h> - -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.8 netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.8 ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.8 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.8 2010-05-11 13:44:40.106987377 +0200 -@@ -30,7 +30,7 @@ - .\" SUCH DAMAGE. - .\" - .\" from: @(#)telnetd.8 6.8 (Berkeley) 4/20/91 --.\" $Id: telnetd.8,v 1.18 2000/07/30 23:57:10 dholland Exp $ -+.\" $Id: telnetd.8,v 1.5 2006-09-24 00:48:31 ianb Exp $ - .\" - .Dd December 29, 1996 - .Dt TELNETD 8 -@@ -42,7 +42,7 @@ - protocol server - .Sh SYNOPSIS - .Nm /usr/sbin/in.telnetd --.Op Fl hns -+.Op Fl hnNs - .Op Fl a Ar authmode - .Op Fl D Ar debugmode - .Op Fl L Ar loginprg -@@ -50,6 +50,7 @@ - .Op Fl X Ar authtype - .Op Fl edebug - .Op Fl debug Ar port -+.Op Fl z Ar sslopt - .Sh DESCRIPTION - The - .Nm telnetd -@@ -175,6 +176,9 @@ - if the client is still there, so that idle connections - from machines that have crashed or can no longer - be reached may be cleaned up. -+.It Fl N -+Disable reverse DNS lookups and use the numeric IP address in logs -+and REMOTEHOST environment variable. - .It Fl s - This option is only enabled if - .Nm telnetd -@@ -219,12 +223,16 @@ - only accepts connections from SSL enhanced telnet with option - .Ic -z ssl - .It Ic nossl, !ssl --switch of SSL negotiation -+switch off SSL negotiation - .It Ic certsok - Look username up in /etc/ssl.users. The format of this file is lines - of this form: - .Ar user1,user2:/C=US/..... --where user1 and user2 are usernames. If client certificate is valid, -+where user1 and user2 are usernames and /C=US/... is the subject name of -+the certificate. Use -+.Ar openssl x509 -subject -noout -+to extract the subject name. -+If client certificate is valid, - authenticate without password. - .It Ic certrequired - client certificate is mandatory -@@ -451,7 +459,6 @@ - is compiled with support for data encryption, and - indicates a willingness to decrypt - the data stream. --.Xr issue.net 5 ) . - .El - .Sh FILES - .Pa /etc/services , -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.c 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.c 2010-05-11 13:44:40.113654043 +0200 -@@ -39,7 +39,7 @@ - * From: @(#)telnetd.c 5.48 (Berkeley) 3/1/91 - */ - char telnetd_rcsid[] = -- "$Id: telnetd.c,v 1.24 2000/04/12 21:36:12 dholland Exp $"; -+ "$Id: telnetd.c,v 1.7 2006-06-16 13:29:00 ianb Exp $"; - - #include "../version.h" - -@@ -90,6 +90,7 @@ - - int debug = 0; - int keepalive = 1; -+int numeric_hosts = 0; - #ifdef LOGIN_WRAPPER - char *loginprg = LOGIN_WRAPPER; - #else -@@ -222,13 +223,12 @@ - * certificate that we will be running with as we cannot - * be sure of the cwd when we are launched - */ -- sprintf(cert_filepath,"%s/%s",X509_get_default_cert_dir(), -- "telnetd.pem"); -+ strcpy(cert_filepath, "/etc/telnetd-ssl/telnetd.pem"); - ssl_cert_file=cert_filepath; - ssl_key_file=NULL; - #endif /* USE_SSL */ - -- while ((ch = getopt(argc, argv, "d:a:e:lhnr:I:D:B:sS:a:X:L:z:")) != EOF) { -+ while ((ch = getopt(argc, argv, "d:a:e:lhnNr:I:D:B:sS:a:X:L:z:")) != EOF) { - switch(ch) { - - #ifdef USE_SSL -@@ -389,6 +389,10 @@ - keepalive = 0; - break; - -+ case 'N': -+ numeric_hosts = 1; -+ break; -+ - #ifdef SecurID - case 's': - /* SecurID required */ -@@ -427,7 +431,7 @@ - - #ifdef USE_SSL - -- if (ssl_secure_flag || ssl_cert_required) { -+ if (ssl_secure_flag || ssl_cert_required || ssl_certsok_flag) { - /* in secure mode we *must* switch on the base level - * verify checking otherwise we cannot abort connections - * at the right place! -@@ -520,9 +524,9 @@ - sprintf(errbuf,"SSL_accept error %s\n", - ERR_error_string(ERR_get_error(),NULL)); - -- syslog(LOG_WARNING, errbuf); -+ syslog(LOG_WARNING, "%s", errbuf); - -- BIO_printf(bio_err,errbuf); -+ BIO_printf(bio_err,"%s",errbuf); - - /* go to sleep to make sure we are noticed */ - sleep(10); -@@ -571,6 +575,11 @@ - #ifdef AUTHENTICATE - fprintf(stderr, " [-X auth-type]"); - #endif -+#ifdef USE_SSL -+ /* might as well output something useful here ... */ -+ fprintf(stderr, "\n\t [-z ssl] [-z secure] [-z debug] [-z verify=int]\n\t"); -+ fprintf(stderr, " [-z cert=file] [-z key=file]\n\t"); -+#endif /* USE_SSL */ - fprintf(stderr, "\n"); - exit(1); - } -@@ -596,6 +605,18 @@ - /* - * Handle the Authentication option before we do anything else. - */ -+ send_do(TELOPT_ENVIRON, 1); -+ while (his_will_wont_is_changing(TELOPT_ENVIRON)) { -+ ttloop(); -+ } -+ -+ if (his_state_is_will(TELOPT_ENVIRON)) { -+ netoprintf("%c%c%c%c%c%c", -+ IAC, SB, TELOPT_ENVIRON, TELQUAL_SEND, IAC, SE); -+ while (sequenceIs(environsubopt, baseline)) -+ ttloop(); -+ } -+ - send_do(TELOPT_AUTHENTICATION, 1); - while (his_will_wont_is_changing(TELOPT_AUTHENTICATION)) - ttloop(); -@@ -654,7 +675,6 @@ - send_do(TELOPT_TTYPE, 1); - send_do(TELOPT_TSPEED, 1); - send_do(TELOPT_XDISPLOC, 1); -- send_do(TELOPT_ENVIRON, 1); - while ( - #if defined(ENCRYPT) - his_do_dont_is_changing(TELOPT_ENCRYPT) || -@@ -698,10 +718,6 @@ - while (sequenceIs(xdisplocsubopt, baseline)) - ttloop(); - } -- if (his_state_is_will(TELOPT_ENVIRON)) { -- while (sequenceIs(environsubopt, baseline)) -- ttloop(); -- } - if (his_state_is_will(TELOPT_TTYPE)) { - char first[256], last[256]; - -@@ -852,7 +868,7 @@ - static void - doit(struct sockaddr *who, socklen_t who_len) - { -- const char *host; -+ char *host; - int level; - char user_name[256]; - int i; -@@ -867,7 +883,8 @@ - - /* get name of connected client */ - if (getnameinfo(who, who_len, remote_host_name, -- sizeof(remote_host_name), 0, 0, 0)) { -+ sizeof(remote_host_name), 0, 0, -+ numeric_hosts ? NI_NUMERICHOST : 0)) { - syslog(LOG_ERR, "doit: getnameinfo: %m"); - *remote_host_name = 0; - } -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.h netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.h ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/telnetd.h 1999-03-27 08:46:21.000000000 +0100 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/telnetd.h 2010-05-11 13:44:40.113654043 +0200 -@@ -31,7 +31,7 @@ - * SUCH DAMAGE. - * - * from: @(#)telnetd.h 5.3 (Berkeley) 3/1/91 -- * $Id: telnetd.h,v 1.2 1999/03/27 07:46:21 dholland Exp $ -+ * $Id: telnetd.h,v 1.1 2004-10-14 13:19:53 ianb Exp $ - */ - - -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/termstat.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/termstat.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/termstat.c 1999-12-12 15:59:45.000000000 +0100 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/termstat.c 2010-05-11 13:44:40.113654043 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)termstat.c 5.10 (Berkeley) 3/22/91 - */ - char termstat_rcsid[] = -- "$Id: termstat.c,v 1.6 1999/12/12 14:59:45 dholland Exp $"; -+ "$Id: termstat.c,v 1.1 2004-10-14 13:19:53 ianb Exp $"; - - #include "telnetd.h" - -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetd/utility.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/utility.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetd/utility.c 2004-05-27 11:47:27.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetd/utility.c 2010-05-11 13:45:21.990318196 +0200 -@@ -35,7 +35,7 @@ - * From: @(#)utility.c 5.8 (Berkeley) 3/22/91 - */ - char util_rcsid[] = -- "$Id: utility.c,v 1.11 1999/12/12 14:59:45 dholland Exp $"; -+ "$Id: utility.c,v 1.8 2006-09-24 00:48:31 ianb Exp $"; - - #define PRINTOPTIONS - -@@ -49,6 +49,15 @@ - - #include "telnetd.h" - -+/* patched by fluke.l at gmail.com , im not sure it's gonna work or not */ -+typedef struct { -+ int (*read) (void *, char *, int); -+ int (*write) (void *, char const *, int); -+ fpos_t (*seek) (void *, fpos_t, int); -+ int (*close) (void *); -+} cookie_io_functions_t; -+/* end patch */ -+ - struct buflist { - struct buflist *next; - char *buf; -@@ -86,6 +95,11 @@ - DIAG(TD_REPORT, netoprintf("td: ttloop\r\n");); - - netflush(); -+#ifdef USE_SSL -+ if (ssl_active_flag) -+ ncc = SSL_read(ssl_con, netibuf, sizeof netibuf); -+ else -+#endif /* USE_SSL */ - ncc = read(net, netibuf, sizeof(netibuf)); - if (ncc < 0) { - syslog(LOG_INFO, "ttloop: read: %m\n"); -@@ -216,7 +230,7 @@ - } - - out: -- return next ? next + (current - end) : current; -+ return (const char *) (next ? (next + (current - end)) : current ); - } /* end of nextitem */ - - -@@ -243,6 +257,29 @@ - doclear--; - } /* end of netclear */ - -+#ifdef USE_SSL -+static int -+SSL_writev(SSL *ssl_con,const struct iovec *vector,int num) -+{ -+ const struct iovec *v = vector; -+ -+ int ret; -+ int len = 0; -+ -+ while (num > 0) { -+ ret = SSL_write(ssl_con, v->iov_base, v->iov_len); -+ if (ret < 0) -+ return ret; -+ if (ret != v->iov_len) -+ syslog(LOG_NOTICE, "SSL_writev: short write\n"); -+ num -= v->iov_len; -+ len += ret; -+ v++; -+ } -+ return len; -+} -+#endif /* USE_SSL */ -+ - static void - netwritebuf(void) - { -@@ -253,6 +290,9 @@ - size_t len; - int ltrailing = trailing; - -+ if (!listlen) -+ return; -+ - vector = malloc(listlen * sizeof(struct iovec)); - if (!vector) { - return; -@@ -265,6 +305,11 @@ - if (lp == urg) { - len = v - vector; - if (!len) { -+#ifdef USE_SSL -+ if (ssl_active_flag) -+ n = SSL_write(ssl_con, lp->buf, 1); -+ else -+#endif /* USE_SSL */ - n = send(net, lp->buf, 1, MSG_OOB); - if (n > 0) { - urg = 0; -@@ -282,15 +327,25 @@ - vector->iov_base = (char *)vector->iov_base + skip; - vector->iov_len -= skip; - -- n = writev(net, vector, len); -+ if(vector->iov_len == 0 ) { -+ n=0; -+ } else { -+ -+#ifdef USE_SSL -+ if (ssl_active_flag) -+ n = SSL_writev(ssl_con, vector, len); /* normal write */ -+ else -+#endif /* USE_SSL */ -+ n = writev(net, vector, len); - - epi: -- free(vector); -+ free(vector); - -- if (n < 0) { -+ if (n < 0) { - if (errno != EWOULDBLOCK && errno != EINTR) -- cleanup(0); -+ cleanup(0); - return; -+ } - } - - len = n + skip; -@@ -315,6 +370,10 @@ - } - } - -+ if(ltrailing && (len==0)) { -+ ltrailing=trailing=0; -+ } -+ - skip = len; - } - -@@ -323,16 +382,22 @@ - * Send as much data as possible to the network, - * handling requests for urgent data. - */ --void -+int - netflush(void) - { - if (fflush(netfile)) { - /* out of memory? */ - cleanup(0); -+ return 0; - } -- if (listlen) { -- netwritebuf(); -- } -+ netwritebuf(); -+ return 1; -+} -+ -+int -+writenet(char *b , int l) -+{ -+ return(fwrite(b, 1, l, netfile)); - } - - -@@ -983,7 +1048,7 @@ - ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? - "MUTUAL" : "ONE-WAY"); - -- auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); -+ auth_printsub(&pointer[1], length - 1, (unsigned char *) buf, sizeof(buf)); - netoprintf("%s", buf); - break; - -@@ -1191,7 +1256,15 @@ - size_t l; - size_t m = tail->len; - -- p = nextitem(tail->buf, tail->buf + tail->len, buf, end); -+ if((tail->buf == NULL) || (tail->len==0)) -+ { -+ p = nextitem((unsigned char *) buf, (unsigned char *) end,0,0); -+ } -+ else -+ { -+ p = nextitem((unsigned char *) tail->buf, (unsigned char *) (tail->buf + tail->len), -+ (unsigned char *) buf, (unsigned char *) end); -+ } - ltrailing = !p; - if (ltrailing) { - p = end; -@@ -1245,7 +1318,7 @@ - const char *p; - size_t l; - -- p = nextitem(buf, end, 0, 0); -+ p = nextitem((unsigned char *) buf, (unsigned char *) end, 0, 0); - ltrailing = !p; - if (ltrailing) { - p = end; -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/Makefile netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/Makefile ---- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/Makefile 2000-04-13 03:07:22.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/Makefile 2010-05-11 13:46:19.023660189 +0200 -@@ -11,7 +11,7 @@ - $(OBJS): ../version.h - - install: telnetlogin -- install -s -m4750 -oroot -gtelnetd telnetlogin $(INSTALLROOT)$(SBINDIR) -+ install -m$(BINMODE) telnetlogin $(INSTALLROOT)$(SBINDIR) - install -m$(MANMODE) telnetlogin.8 $(INSTALLROOT)$(MANDIR)/man8 - - clean: -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.8 netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.8 ---- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.8 2004-05-27 11:47:02.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.8 2010-05-11 13:44:40.123659071 +0200 -@@ -28,7 +28,7 @@ - .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - .\" SUCH DAMAGE. - .\" --.\" $Id: telnetlogin.8,v 1.4 2000/07/30 23:57:10 dholland Exp $ -+.\" $Id: telnetlogin.8,v 1.2 2004-11-07 15:47:43 ianb Exp $ - .\" - .Dd April 12, 2000 - .Dt TELNETLOGIN 8 -@@ -40,6 +40,7 @@ - .Nm telnetlogin - .Op Fl h Ar host - .Op Fl p -+.Op Fl f Ar username - .Op Ar username - .Sh DESCRIPTION - .Nm telnetlogin -@@ -79,11 +80,6 @@ - .Xr inetd 8 , - .Xr telnetd 8 - .Sh RESTRICTIONS --.Nm telnetlogin --does not permit the --.Fl f --option to login, so will not --work with telnetds that perform authentication via Kerberos or SSL. - .Pp - THIS IS PRESENTLY EXPERIMENTAL CODE; USE WITH CAUTION. - .Sh HISTORY -diff -ur netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.c netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.c ---- netkit-telnet-ssl-0.17.24+0.1/telnetlogin/telnetlogin.c 2004-05-27 11:47:02.000000000 +0200 -+++ netkit-telnet-ssl-0.17.24+0.1.orig/telnetlogin/telnetlogin.c 2010-05-11 13:44:40.123659071 +0200 -@@ -35,7 +35,7 @@ - "All rights reserved.\n"; - - char rcsid[] = -- "$Id: telnetlogin.c,v 1.1 2000/04/13 01:07:22 dholland Exp $"; -+ "$Id: telnetlogin.c,v 1.2 2004-11-07 15:47:43 ianb Exp $"; - #include "../version.h" - - #include <sys/types.h> -@@ -76,7 +76,16 @@ - int i=0; - /* should we check length? */ - for (i=0; hname[i]; i++) { -- if (hname[i]<=32 && hname[i]>126) return -1; -+ if ((hname[i]<=32) || (hname[i]>126)) return -1; -+ } -+ return 0; -+} -+ -+static int check_username(char *username) { -+ int i; -+ if (strlen(username) > 32) return -1; -+ for (i=0; username[i]; i++) { -+ if ((username[i]<=32) || (username[i]>126)) return -1; - } - return 0; - } -@@ -158,6 +167,12 @@ - if (argn < argc && !strcmp(argv[argn], "-p")) { - argn++; - } -+ if (argn < argc && !strcmp(argv[argn], "-f")) { -+ argn++; -+ if (argn==argc) die("Illegal args: -f requires argument"); -+ if (check_username(argv[argn])) die("Illegal remote username specified"); -+ argn++; -+ } - if (argn < argc && argv[argn][0] != '-') { - argn++; - } |