From c2b6efe259a090bc17190759eca242f759eae6e1 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Thu, 2 May 1996 01:22:45 +0000 Subject: [PATCH] cygnus merge: * configure.in: Fix typo in Apr 16 HP-UX change. * state.c (envvarok): nuke all KRB5* environment variables, not just the previously selected ones. * telnetd.c (telnet -> doit): moved SIGTTOU handler before the first thing which would cause the terminal driver to get upset. * sys_term.c (line): Remove initialization silliness. The non-GNUC method was Just Wrong, do it the other way always. (Xline): Specify length, not contents. * termio-tn.c (readstream_termio): new file, provides isolated version of M_IOCTL handling for systems where termio and termios can't be compiled together. * termios-tn.c (readstream_termios): new file, provides isolated version of M_IOCTL handling for systems where termio and termios can't be compiled together. * telnetd.c (readstream): use readstream_termios and readstream_termio to handle getmsg with M_IOCTL. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7883 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/telnet/telnetd/ChangeLog | 34 ++++++++++++++- src/appl/telnet/telnetd/Makefile.in | 4 ++ src/appl/telnet/telnetd/configure.in | 4 +- src/appl/telnet/telnetd/state.c | 64 +++++++++++++++++----------- src/appl/telnet/telnetd/sys_term.c | 8 +--- src/appl/telnet/telnetd/telnetd.c | 45 +++++++------------ src/appl/telnet/telnetd/termio-tn.c | 31 ++++++++++++++ src/appl/telnet/telnetd/termios-tn.c | 30 +++++++++++++ 8 files changed, 156 insertions(+), 64 deletions(-) create mode 100644 src/appl/telnet/telnetd/termio-tn.c create mode 100644 src/appl/telnet/telnetd/termios-tn.c diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog index 21fa61c27..2bcce3a87 100644 --- a/src/appl/telnet/telnetd/ChangeLog +++ b/src/appl/telnet/telnetd/ChangeLog @@ -1,6 +1,38 @@ +Wed May 1 21:14:45 1996 Ken Raeburn + + * configure.in: Fix typo in Apr 16 HP-UX change. + + Thu Apr 18 16:17:55 1996 Mark Eichin + + * state.c (envvarok): nuke all KRB5* environment variables, not + just the previously selected ones. + + Fri Mar 29 01:21:29 1996 Marc Horowitz + + * telnetd.c (telnet -> doit): moved SIGTTOU handler before the + first thing which would cause the terminal driver to get upset. + + Mon Mar 25 01:05:50 1996 Ken Raeburn + + * sys_term.c (line): Remove initialization silliness. The + non-GNUC method was Just Wrong, do it the other way always. + (Xline): Specify length, not contents. + + Wed Feb 28 22:27:46 1996 Mark Eichin + + * termio-tn.c (readstream_termio): new file, provides isolated + version of M_IOCTL handling for systems where termio and termios + can't be compiled together. + * termios-tn.c (readstream_termios): new file, provides isolated + version of M_IOCTL handling for systems where termio and termios + can't be compiled together. + * telnetd.c (readstream): use readstream_termios and + readstream_termio to handle getmsg with M_IOCTL. + Thu Apr 18 16:33:42 1996 Sam Hartman - * state.c (suboption): Don't accept authentication suboptions after authentication negotiation complete. + * state.c (suboption): Don't accept authentication suboptions + after authentication negotiation complete. (envvarok): exclude KRB5_KTNAME and KRB5CCNAME Tue Apr 16 12:23:02 1996 Sam Hartman diff --git a/src/appl/telnet/telnetd/Makefile.in b/src/appl/telnet/telnetd/Makefile.in index a0421779f..26887b9e8 100644 --- a/src/appl/telnet/telnetd/Makefile.in +++ b/src/appl/telnet/telnetd/Makefile.in @@ -29,6 +29,8 @@ CFLAGS = $(CCOPTS) $(AUTH_DEF) $(OTHERDEFS) $(DEFS) $(LOCALINCLUDES) ARPA_TELNET= $(srcdir)/../arpa/telnet.h SRCS= $(srcdir)/telnetd.c \ + $(srcdir)/termio-tn.c \ + $(srcdir)/termios-tn.c \ $(srcdir)/state.c \ $(srcdir)/termstat.c \ $(srcdir)/slc.c \ @@ -38,6 +40,8 @@ SRCS= $(srcdir)/telnetd.c \ $(srcdir)/authenc.c \ $(GETTYSRC) OBJS= telnetd.o \ + termio-tn.o \ + termios-tn.o \ state.o \ termstat.o \ slc.o \ diff --git a/src/appl/telnet/telnetd/configure.in b/src/appl/telnet/telnetd/configure.in index 42a3c7ed8..97af7585b 100644 --- a/src/appl/telnet/telnetd/configure.in +++ b/src/appl/telnet/telnetd/configure.in @@ -29,14 +29,14 @@ dnl Make our operating system-specific security checks and definitions for dnl login. dnl case $krb5_cv_host in -*-*-hpux-*) +*-*-hpux*) broken_streams=yes ;; *-*-irix*) # Irix doesn't have a working granpt, and more over # you can't push anything onto a pty, so telnetd really # Really wants to treat it as if it doesn't have streams - broken_streams=yes + broken_streams=yes ;; esac if test -z "$broken_streams" ; then diff --git a/src/appl/telnet/telnetd/state.c b/src/appl/telnet/telnetd/state.c index 2faed7198..c398db214 100644 --- a/src/appl/telnet/telnetd/state.c +++ b/src/appl/telnet/telnetd/state.c @@ -1144,7 +1144,7 @@ suboption() if (his_state_is_wont(TELOPT_TTYPE)) /* Ignore if option disabled */ break; -sb_auth_complete(); + sb_auth_complete(); settimer(ttypesubopt); if (SB_EOF() || SB_GET() != TELQUAL_IS) { @@ -1264,7 +1264,7 @@ sb_auth_complete(); case TELOPT_XDISPLOC: { if (SB_EOF() || SB_GET() != TELQUAL_IS) return; -sb_auth_complete(); + sb_auth_complete(); settimer(xdisplocsubopt); subpointer[SB_LEN()] = '\0'; (void)setenv("DISPLAY", (char *)subpointer, 1); @@ -1280,7 +1280,7 @@ sb_auth_complete(); if (SB_EOF()) return; -sb_auth_complete(); + sb_auth_complete(); c = SB_GET(); if (c == TELQUAL_IS) { if (subchar == TELOPT_OLD_ENVIRON) @@ -1435,10 +1435,10 @@ sb_auth_complete(); case ENV_USERVAR: *cp = '\0'; if (envvarok(varp)) { - if (valp) - (void)setenv(varp, valp, 1); - else - unsetenv(varp); + if (valp) + (void)setenv(varp, valp, 1); + else + unsetenv(varp); } cp = varp = (char *)subpointer; valp = 0; @@ -1456,10 +1456,10 @@ sb_auth_complete(); } *cp = '\0'; if (envvarok(varp)) { - if (valp) - (void)setenv(varp, valp, 1); - else - unsetenv(varp); + if (valp) + (void)setenv(varp, valp, 1); + else + unsetenv(varp); } break; } /* end of case TELOPT_NEW_ENVIRON */ @@ -1476,12 +1476,12 @@ sb_auth_complete(); */ break; case TELQUAL_IS: - if (!auth_negotiated) - auth_is(subpointer, SB_LEN()); + if (!auth_negotiated) + auth_is(subpointer, SB_LEN()); break; case TELQUAL_NAME: - if (!auth_negotiated) - auth_name(subpointer, SB_LEN()); + if (!auth_negotiated) + auth_name(subpointer, SB_LEN()); break; } break; @@ -1642,16 +1642,28 @@ send_status() } static int envvarok(varp) - char *varp; + char *varp; { - if (!strncmp(varp, "LD_", 3) || !strncmp(varp, "_RLD_", 5) || - !strncmp(varp, "ELF_LD_", 7) || !strncmp(varp, "AOUT_LD_", 8) || - !strcmp(varp, "LIBPATH") || !strcmp(varp, "IFS") || -!strcmp(varp, "KRB5_KTNAME")|| !strcmp(varp, "KRB5CCNAME")|| - strchr(varp, '=')) - { - syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp); - return 0; - } - return 1; + if (!strchr(varp, '=') && + strncmp(varp, "LD_", strlen("LD_")) && /* most systems */ + strncmp(varp, "_RLD_", strlen("_RLD_")) && /* irix */ + strncmp(varp, "KRB5", strlen("KRB5")) && /* v5 */ + /* The above is a catch-all for now. Here are some of the + specific ones we must avoid passing, at least until we + can prove it can be done safely. Keep this list around + in case someone wants to remove the catch-all. */ + strcmp(varp, "KRB5_CONFIG") && /* v5 */ + strcmp(varp, "KRB5CCNAME") && /* v5 */ + strcmp(varp, "KRB5_KTNAME") && /* v5 */ + strcmp(varp, "KRBTKFILE") && /* v4 */ + strcmp(varp, "KRB_CONF") && /* cns v4 */ + strcmp(varp, "KRB_REALMS") && /* cns v4 */ + strcmp(varp, "LIBPATH") && /* AIX */ + strcmp(varp, "IFS")) { + return 1; + } else { + syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp); + return 0; + } + } diff --git a/src/appl/telnet/telnetd/sys_term.c b/src/appl/telnet/telnetd/sys_term.c index ac76cd864..829260b55 100644 --- a/src/appl/telnet/telnetd/sys_term.c +++ b/src/appl/telnet/telnetd/sys_term.c @@ -482,12 +482,9 @@ getnpty() * * Returns the file descriptor of the opened pty. */ -#ifndef __GNUC__ -char *line = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; -#else -static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; +static char Xline[17]; char *line = Xline; -#endif + #ifdef CRAY char *myline = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; #endif /* CRAY */ @@ -1050,7 +1047,6 @@ termbuf.c_cflag |= HUPCL; #ifndef O_NOCTTY #define O_NOCTTY 0 #endif - #endif /* !defined(CRAY) || !defined(NEWINIT) */ diff --git a/src/appl/telnet/telnetd/telnetd.c b/src/appl/telnet/telnetd/telnetd.c index 1fd55e624..c3660d2c2 100644 --- a/src/appl/telnet/telnetd/telnetd.c +++ b/src/appl/telnet/telnetd/telnetd.c @@ -933,6 +933,15 @@ pty_init(); #endif init_env(); + +#ifdef SIGTTOU + /* + * Ignoring SIGTTOU keeps the kernel from blocking us. + * we tweak the tty with an ioctl() + * (in ttioct() in /sys/tty.c in a BSD kernel) + */ + (void) signal(SIGTTOU, SIG_IGN); +#endif /* * get terminal type. */ @@ -1137,13 +1146,6 @@ telnet(f, p, host) #ifdef SIGTSTP (void) signal(SIGTSTP, SIG_IGN); #endif -#ifdef SIGTTOU - /* - * Ignoring SIGTTOU keeps the kernel from blocking us - * in ttioct() in /sys/tty.c. - */ - (void) signal(SIGTTOU, SIG_IGN); -#endif (void) signal(SIGCHLD, cleanup); @@ -1533,28 +1535,13 @@ int readstream(p, ibuf, bufsize) case M_IOCTL: ip = (struct iocblk *) (ibuf+1); - - switch (ip->ioc_cmd) { - case TCSETS: - case TCSETSW: - case TCSETSF: - tsp = (struct termios *) - (ibuf+1 + sizeof(struct iocblk)); - vstop = tsp->c_cc[VSTOP]; - vstart = tsp->c_cc[VSTART]; - ixon = tsp->c_iflag & IXON; - break; - case TCSETA: - case TCSETAW: - case TCSETAF: - tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk)); - vstop = tp->c_cc[VSTOP]; - vstart = tp->c_cc[VSTART]; - ixon = tp->c_iflag & IXON; - break; - default: - errno = EAGAIN; - return(-1); + if (readstream_termio(ip->ioc_cmd, ibuf, + &vstop, &vstart, &ixon)) { + if (readstream_termios(ip->ioc_cmd, ibuf, + &vstop, &vstart, &ixon)) { + errno = EAGAIN; + return(-1); + } } newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0; diff --git a/src/appl/telnet/telnetd/termio-tn.c b/src/appl/telnet/telnetd/termio-tn.c new file mode 100644 index 000000000..24eaffdce --- /dev/null +++ b/src/appl/telnet/telnetd/termio-tn.c @@ -0,0 +1,31 @@ +/* handle having mutually exclusive termio vs. termios */ +/* return 0 if handled */ +#ifdef STREAMSPTY +#include +#include +#include +#include + +int readstream_termio(cmd, ibuf, vstop, vstart, ixon) + int cmd; + char *ibuf; + char *vstop, *vstart; + int *ixon; +{ + struct termio *tp; + switch (cmd) { + case TCSETA: + case TCSETAW: + case TCSETAF: + tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk)); +#if 0 /* VSTOP/VSTART only in termios!? */ + *vstop = tp->c_cc[VSTOP]; + *vstart = tp->c_cc[VSTART]; +#endif + *ixon = tp->c_iflag & IXON; + return 0; + } + return -1; +} + +#endif /* STREAMSPTY */ diff --git a/src/appl/telnet/telnetd/termios-tn.c b/src/appl/telnet/telnetd/termios-tn.c new file mode 100644 index 000000000..4712a3326 --- /dev/null +++ b/src/appl/telnet/telnetd/termios-tn.c @@ -0,0 +1,30 @@ +/* handle having mutually exclusive termio vs. termios */ +/* return 0 if handled */ +#ifdef STREAMSPTY +#include +#include +#include +#include + +int readstream_termios(cmd, ibuf, vstop, vstart, ixon) + int cmd; + char *ibuf; + char *vstop, *vstart; + int *ixon; +{ + struct termios *tsp; + switch (cmd) { + case TCSETS: + case TCSETSW: + case TCSETSF: + tsp = (struct termios *) + (ibuf+1 + sizeof(struct iocblk)); + *vstop = tsp->c_cc[VSTOP]; + *vstart = tsp->c_cc[VSTART]; + *ixon = tsp->c_iflag & IXON; + return 0; + } + return -1; +} + +#endif /* STREAMSPTY */ -- 2.26.2