1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-16 10:20:30 +00:00
Commit Graph

100 Commits

Author SHA1 Message Date
Nick Sayer
c4f6a2a9e1 Encrypted strings (after hex decoding) aren't null terminated, because
0 might simply be part of the ciphertext.

PR:		bin/40266
Submitted by:	andr@dgap.mipt.ru
MFC after:	3 days
2002-08-22 06:19:07 +00:00
Mark Murray
78455da4ab Warnings fixes. Sort out some variable types. 2002-06-26 17:06:14 +00:00
Mark Murray
09e8dea793 Help fix warnings by marking an argument as unused. 2002-06-26 17:05:08 +00:00
Juli Mallett
2061e87111 Don't risk catching a signal while handling a signal for a dying child, as we
can then end up not properly clearing wtmp/utmp entries.

PR:		bin/37934
Submitted by:	Sandeep Kumar <skumar@juniper.net>
Reviewed by:	markm
MFC after:	2 weeks
2002-05-27 08:10:24 +00:00
Alfred Perlstein
cc7b0935ec unbreak build:
commands.c, sys_bsd.c: comment out/remove junk after #endif/#else
network.c, terminal.c, utlities.c: include stdlib.h for exit(3)
2002-05-11 03:19:44 +00:00
Mark Murray
ee2ea5ceaf Fix an external declaration that was causing telnetd to core dump.
MFC after:	1 week
PR:		37766
2002-05-06 09:46:29 +00:00
Jacques Vidrine
eacee0ff7e Update build after import of Heimdal Kerberos 2002/02/17. 2002-02-19 15:53:33 +00:00
Sheldon Hearn
fa3e900453 Don't use non-signal-safe functions (exit(3) in this case) in
signal handlers.  In this case, use _exit(2) instead, following
the call to shutdown(2).

This fixes rare telnetd hangs.

PR:		misc/33672
Submitted by:	Umesh Krishnaswamy <umesh@juniper.net>
MFC after:	1 month
2002-02-05 15:20:02 +00:00
Ruslan Ermilov
3f36940560 mdoc(7) police: remove -r from SYNOPSIS, sort -p in DESCRIPTION. 2001-12-14 14:41:07 +00:00
Jordan K. Hubbard
d1f21093cd Don't assume that the number of fds to select on is known quantity (in
this case 16).  Use dynamic FD_SETs and calculated high-water marks
throughout.  There are also too many versions of telnet in the tree.

Obtained from:  OpenBSD and Apple's Radar database
MFC after:      2 days
2001-12-09 09:53:27 +00:00
Ruslan Ermilov
5c5c92aff0 Fixed bugs from previous revision.
Removed -s from SYNOPSIS and restored -S in DESCRIPTION.
2001-12-04 16:02:36 +00:00
John Hay
de0dff907e Protect variables and function prototypes that are only used in the INET6
case with an ifdef INET6.

This make the fixit floppy compile again.

Reviewed by:	markm
2001-12-03 17:42:02 +00:00
Mark Murray
5eb2b33ad8 More help for alpha WARNS=2. This code is, erm, unusual. Anyone who
feels like rewriting it will meet no objection from me.
2001-12-03 12:16:40 +00:00
Mark Murray
54ab3ed82b help the alphas out with the WARNS=2 stuff. 2001-12-03 12:13:18 +00:00
Mark Murray
3138440a79 Damn. The previous mega-commit was incomplete WRT ANSIfication. This
fixes that.
2001-11-30 22:28:07 +00:00
Mark Murray
8fa113e5fc Very large style makeover.
1) ANSIfy.
2) Clean up ifdefs so that
   a) ones that never/always apply are appropriately either
      fully removed, or just the #if junk is removed.
   b) change #if defined(FOO) for appropiate values of FOO.
      (currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff

This code can now be unifdef(1)ed to make non-crypto telnet.
2001-11-30 21:06:38 +00:00
John Baldwin
4091481652 Fix world by trimming an extra comment terminator. 2001-10-29 19:22:38 +00:00
Nick Sayer
3737d6dfe3 Add Berkeley copyright to SRA.
This is by the kind permission of Dave Safford, formerly of TAMU who wrote the
original code. Here is an excerpt of the e-mail exchange concerning this
issue:

Dave Safford wrote:
>Nick Sayer wrote:
>> Some time ago we spoke about SRA and importing it into FreeBSD. I forgot to
>> ask if you had a prefered license boilerplate for the top of the files. It
>> has come up recently, and the SRA code in FreeBSD doesn't have one.

>I really have no preference - use whatever is most convenient in the
>FreeBSD environment.

>dave safford

This is the standard BSD license with clause 3 removed and clause 4
suitably renumbered.

MFC after:	1 day
2001-10-29 16:12:16 +00:00
Mark Murray
6fdd5473af Diff-reduce these two.
Really, one of them needs to disappear. I'll figure out which
later.

Reported by:	bde
2001-10-27 12:49:19 +00:00
Mark Murray
f2ac7de925 Add __FBSDID() to diff-reduce with "base" telnet. 2001-10-01 16:04:55 +00:00
Mark Murray
6b022d0047 Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code. 2001-08-29 14:16:17 +00:00
Dima Dorfman
39b7ac5a89 Remove description of an option that only applies to UNICOS < 7.0.
That define may still be present in the source, but I don't think
anyone has plans to try to use it.

Obtained from:	NetBSD
2001-08-25 21:29:12 +00:00
Mark Murray
21f083c0a6 Code merge and diff reduce with "base" telnet. This is the "later"
telnet, so it was treated as the reference code, except where later
commits were made to "base" telnet.
2001-08-20 12:28:40 +00:00
Kazuo Horikawa
ba8140a6f6 Removal of following export controll related sentences:
o Because of export controls, TELNET ENCRYPT option is not supported outside
  of the United States and Canada.
o Because of export controls, data encryption
  is not supported outside of the United States and Canada.

src/crypto/README revision 1.5 commit log says:
> Crypto sources are no longer export controlled:
> Explain, why crypto sources are still in crypto/.
and actually telnet encryption is used outside of US and Canada now.

Pointed out by: OHSAWA Chitoshi <ohsawa@catv1.ccn-net.ne.jp>
Reviewed by: no objection on doc
2001-08-15 01:30:25 +00:00
Ruslan Ermilov
753d686d34 mdoc(7) police: s/BSD/.Bx/ where appropriate. 2001-08-14 10:01:54 +00:00
Kris Kennaway
a2a887b56a output_data(), output_datalen() and netflush() didn't actually guarantee
to do what they are supposed to: under some circumstances output data would
be truncated, or the buffer would not actually be flushed (possibly leading
to overflows when the caller assumes the operation succeeded).  Change the
semantics so that these functions ensure they complete the operation before
returning.

Comment out diagnostic code enabled by '-D reports' which causes an
infinite recursion and an eventual crash.

Patch developed with assistance from ru and assar.
2001-07-23 21:52:26 +00:00
Ruslan Ermilov
40e7fc1a20 More potential buffer overflow fixes.
o Fixed `nfrontp' calculations in output_data().  If `remaining' is
  initially zero, it was possible for `nfrontp' to be decremented.

Noticed by:	dillon

o Replaced leaking writenet() with output_datalen():

:  * writenet
:  *
:  * Just a handy little function to write a bit of raw data to the net.
:  * It will force a transmit of the buffer if necessary
:  *
:  * arguments
:  *    ptr - A pointer to a character string to write
:  *    len - How many bytes to write
:  */
: 	void
: writenet(ptr, len)
: 	register unsigned char *ptr;
: 	register int len;
: {
: 	/* flush buffer if no room for new data) */
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
: 		/* if this fails, don't worry, buffer is a little big */
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 		netflush();
: 	}
:
: 	memmove(nfrontp, ptr, len);
: 	nfrontp += len;
:
: }  /* end of writenet */

What an irony!  :-)

o Optimized output_datalen() a bit.
2001-07-20 12:02:30 +00:00
Ruslan Ermilov
1ee47d0673 vsnprintf() can return a value larger than the buffer size.
Submitted by:	assar
Obtained from:	OpenBSD
2001-07-19 18:58:31 +00:00
Ruslan Ermilov
5f10368c1d Fixed the exploitable remote buffer overflow.
Reported on:	bugtraq
Obtained from:	Heimdal, NetBSD
Reviewed by:	obrien, imp
2001-07-19 17:48:57 +00:00
Ruslan Ermilov
63919764c2 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 10:42:19 +00:00
Ruslan Ermilov
df1cda58e4 mdoc(7) police: merge all fixes from non-crypto version. 2001-07-05 14:08:12 +00:00
Ruslan Ermilov
a5493c1b77 MF non-crypto: 1.13: document -u in usage. 2001-07-05 14:06:27 +00:00
Matthew Dillon
7a2254dcf0 Oops, forgot the 'u' in the getopt for the previous commit. 2001-05-24 00:14:19 +00:00
Matthew Dillon
e5c23e887b A feature to allow one to telnet to a unix domain socket. (MFC from
non-crypto version)

Also update the crypto telnet's man page to reflect other options
ported from the non-crypto version.

Obtained from:   Lyndon Nerenberg <lyndon@orthanc.ab.ca>
2001-05-23 22:54:07 +00:00
Nick Sayer
9286fd701f Make the PAM user-override actually override the correect thing. 2001-05-17 16:28:11 +00:00
Peter Wemm
64867478d8 Back out last commit. This was already fixed. This should never have
happened, this is why we have commit mail expressly delivered to
committers.
2001-05-17 03:14:42 +00:00
Peter Wemm
d48d5be0d0 Fix the latest telnet breakage. Obviously this was never compiled. 2001-05-17 03:13:00 +00:00
Nick Sayer
1848e3d448 Since the root-on-insecure-tty code was added to telnetd, a dependency
on char *line was added to libtelnet. Put a dummy one in to keep the
linker happy.
2001-05-16 20:34:42 +00:00
Nick Sayer
166b3cb9a0 Make sure the protocol actively rejects bad data rather than
(potentially) not responding to an invalid SRA 'auth is' message.
2001-05-16 20:24:58 +00:00
Nick Sayer
8183ac8f53 srandomdev() affords us the opportunity to radically improve, and at the
same time simplify, the random number selection code.
2001-05-16 18:32:46 +00:00
Nick Sayer
60f581768d Catch any attempted buffer overflows. The magic numbers in this code
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.

Submitted by:	kris
2001-05-16 18:27:09 +00:00
Nick Sayer
e7157113a9 Catch malloc return failures. This should help avoid dereferencing NULL on
low-memory situations.

Submitted by:	kris
2001-05-16 18:17:55 +00:00
Peter Wemm
cd189e1195 Hack to work around braindeath in libtelnet:sra.c. The sra.o file
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
2001-05-15 09:52:03 +00:00
Nick Sayer
c7be24c970 If the uid of the attempted authentication is 0 and if the pty is
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
2001-05-15 04:47:14 +00:00
Nick Sayer
053c5b3a9e Pointy hat fix -- reapply the SRA PAM patch. To -current this time. 2001-05-07 20:42:02 +00:00
Ruslan Ermilov
566f5a4859 mdoc(7) police: removed hard sentence breaks introduced in rev.1.10. 2001-04-13 08:49:52 +00:00
Nick Sayer
036790848a Clean up telnet's argument processing a bit. autologin and encryption is
now the default, so ignore the arguments that turn it on. Add a new -y
argument to turn off encryption in case someone wants to do that. Sync
these changes with the man page (including removing the now obsolete
statement about availability only in the US and Canada).
2001-04-06 15:56:10 +00:00
Nick Sayer
6a1fe28e41 Reactivate SRA.
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
2001-04-05 14:09:15 +00:00
Nick Sayer
989efc86f5 Fix core noted in -stable with 'auth disable SRA'.
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
2001-03-18 09:44:25 +00:00
Assar Westerlund
bb330cd01e enable auto-negotiation of encrypt and decrypt 2001-03-12 03:54:48 +00:00