ref: 8188b4f4f0e07b6669e6ae3c6c1099af917eaab4
dir: /sys/src/cmd/ip/telnetd.c/
#include <u.h> #include <libc.h> #include <bio.h> #include <auth.h> #include <libsec.h> #include "../ip/telnet.h" /* console state (for consctl) */ typedef struct Consstate Consstate; struct Consstate{ int raw; int hold; }; Consstate *cons; int notefd; /* for sending notes to the child */ int noproto; /* true if we shouldn't be using the telnet protocol */ int trusted; /* true if we need not authenticate - current user is ok */ int nonone = 1; /* don't allow none logins */ int noworldonly; /* only noworld accounts */ enum { Maxpath= 256, Maxuser= 64, Maxvar= 32, }; /* input and output buffers for network connection */ Biobuf netib; Biobuf childib; char remotesys[Maxpath]; /* name of remote system */ int alnum(int); int conssim(void); int fromchild(char*, int); int fromnet(char*, int); int termchange(Biobuf*, int); int termsub(Biobuf*, uchar*, int); int xlocchange(Biobuf*, int); int xlocsub(Biobuf*, uchar*, int); int challuser(char*); int noworldlogin(char*); void* share(ulong); int doauth(char*); #define TELNETLOG "telnet" void logit(char *fmt, ...) { va_list arg; char buf[8192]; va_start(arg, fmt); vseprint(buf, buf + sizeof(buf) / sizeof(*buf), fmt, arg); va_end(arg); syslog(0, TELNETLOG, "(%s) %s", remotesys, buf); } void getremote(char *dir) { int fd, n; char remfile[Maxpath]; sprint(remfile, "%s/remote", dir); fd = open(remfile, OREAD); if(fd < 0) strcpy(remotesys, "unknown2"); n = read(fd, remotesys, sizeof(remotesys)-1); if(n>0) remotesys[n-1] = 0; else strcpy(remotesys, remfile); close(fd); } void main(int argc, char *argv[]) { char buf[1024]; int fd; char user[Maxuser]; int tries = 0; int childpid; int n, eofs; memset(user, 0, sizeof(user)); ARGBEGIN { case 'n': opt[Echo].local = 1; noproto = 1; break; case 'p': noproto = 1; break; case 'a': nonone = 0; break; case 't': trusted = 1; strncpy(user, getuser(), sizeof(user)-1); break; case 'u': strncpy(user, ARGF(), sizeof(user)-1); break; case 'd': debug = 1; break; case 'N': noworldonly = 1; break; } ARGEND if(argc) getremote(argv[argc-1]); else strcpy(remotesys, "unknown"); /* options we need routines for */ opt[Term].change = termchange; opt[Term].sub = termsub; opt[Xloc].sub = xlocsub; /* setup default telnet options */ if(!noproto){ send3(1, Iac, Will, opt[Echo].code); send3(1, Iac, Do, opt[Term].code); send3(1, Iac, Do, opt[Xloc].code); } /* shared data for console state */ cons = share(sizeof(Consstate)); if(cons == 0) fatal("shared memory", 0, 0); /* authenticate and create new name space */ Binit(&netib, 0, OREAD); if (!trusted){ while(doauth(user) < 0) if(++tries == 5){ logit("failed as %s: %r", user); print("authentication failure:%r\r\n"); exits("authentication"); } } logit("logged in as %s", user); putenv("service", "con"); /* simulate /dev/consctl and /dev/cons using pipes */ fd = conssim(); if(fd < 0) fatal("simulating", 0, 0); Binit(&childib, fd, OREAD); /* start a shell in a different process group */ switch(childpid = rfork(RFPROC|RFNAMEG|RFFDG|RFNOTEG)){ case -1: fatal("fork", 0, 0); case 0: close(fd); fd = open("/dev/cons", OREAD); dup(fd, 0); close(fd); fd = open("/dev/cons", OWRITE); dup(fd, 1); dup(fd, 2); close(fd); segdetach(cons); execl("/bin/rc", "rc", "-il", nil); fatal("/bin/rc", 0, 0); default: sprint(buf, "/proc/%d/notepg", childpid); notefd = open(buf, OWRITE); break; } /* two processes to shuttle bytes twixt children and network */ switch(fork()){ case -1: fatal("fork", 0, 0); case 0: eofs = 0; for(;;){ n = fromchild(buf, sizeof(buf)); if(n <= 0){ if(eofs++ > 2) break; continue; } eofs = 0; if(write(1, buf, n) != n) break; } break; default: while((n = fromnet(buf, sizeof(buf))) >= 0) if(write(fd, buf, n) != n) break; break; } /* kill off all server processes */ sprint(buf, "/proc/%d/notepg", getpid()); fd = open(buf, OWRITE); write(fd, "die", 3); exits(0); } void prompt(char *p, char *b, int n, int raw) { char *e; int i; int echo; echo = opt[Echo].local; if(raw) opt[Echo].local = 0; print("%s: ", p); for(e = b+n; b < e;){ i = fromnet(b, e-b); if(i <= 0) exits("fromnet: hungup"); b += i; if(*(b-1) == '\n' || *(b-1) == '\r'){ *(b-1) = 0; break; } } if(raw) opt[Echo].local = echo; } /* * challenge user */ int challuser(char *user) { char nchall[64]; char response[64]; Chalstate *ch; AuthInfo *ai; Dir nd; if(strcmp(user, "none") == 0){ if(nonone) return -1; newns("none", nil); return 0; } if((ch = auth_challenge("proto=p9cr role=server user=%q", user)) == nil) return -1; snprint(nchall, sizeof nchall, "challenge: %s\r\nresponse", ch->chal); prompt(nchall, response, sizeof response, 0); ch->resp = response; ch->nresp = strlen(response); ai = auth_response(ch); auth_freechal(ch); if(ai == nil || auth_chuid(ai, nil) < 0){ rerrstr(response, sizeof response); print("!%s\n", response); auth_freeAI(ai); return -1; } /* chown network connection */ nulldir(&nd); nd.mode = 0660; nd.uid = ai->cuid; dirfwstat(0, &nd); auth_freeAI(ai); return 0; } /* * use the in the clear apop password to change user id */ int noworldlogin(char *user) { char password[256]; prompt("password", password, sizeof(password), 1); if(login(user, password, "/lib/namespace.noworld") < 0) return -1; rfork(RFNOMNT); /* sandbox */ return 0; } int doauth(char *user) { if(*user == 0) prompt("user", user, Maxuser, 0); if(noworld(user)) return noworldlogin(user); if(noworldonly) return -1; return challuser(user); } /* * Process some input from the child, add protocol if needed. If * the input buffer goes empty, return. */ int fromchild(char *bp, int len) { int c; char *start; for(start = bp; bp-start < len-1; ){ c = Bgetc(&childib); if(c < 0){ if(bp == start) return -1; else break; } if(cons->raw == 0 && c == '\n') *bp++ = '\r'; *bp++ = c; if(Bbuffered(&childib) == 0) break; } return bp-start; } /* * Read from the network up to a '\n' or some other break. * * If in binary mode, buffer characters but don't * * The following characters are special: * '\r\n's and '\r's get turned into '\n's. * ^H erases the last character buffered. * ^U kills the whole line buffered. * ^W erases the last word * ^D causes a 0-length line to be returned. * Intr causes an "interrupt" note to be sent to the children. */ #define ECHO(c) { *ebp++ = (c); } int fromnet(char *bp, int len) { int c; char echobuf[1024]; char *ebp; char *start; static int crnl; static int doeof; /* simulate an EOF as a 0 length input */ if(doeof){ doeof = 0; return 0; } for(ebp = echobuf,start = bp; bp-start < len && ebp-echobuf < sizeof(echobuf); ){ c = Bgetc(&netib); if(c < 0){ if(bp == start) return -1; else break; } /* telnet protocol only */ if(!noproto){ /* protocol messages */ switch(c){ case Iac: crnl = 0; c = Bgetc(&netib); if(c == Iac) break; control(&netib, c); continue; } } /* \r\n or \n\r become \n */ if(c == '\r' || c == '\n'){ if(crnl && crnl != c){ crnl = 0; continue; } if(cons->raw == 0 && opt[Echo].local){ ECHO('\r'); ECHO('\n'); } crnl = c; if(cons->raw == 0) *bp++ = '\n'; else *bp++ = c; break; } else crnl = 0; /* raw processing (each character terminates */ if(cons->raw){ *bp++ = c; break; } /* in binary mode, there are no control characters */ if(opt[Binary].local){ if(opt[Echo].local) ECHO(c); *bp++ = c; continue; } /* cooked processing */ switch(c){ case 0x00: if(noproto) /* telnet ignores nulls */ *bp++ = c; continue; case 0x04: if(bp != start) doeof = 1; goto out; case 0x08: /* ^H */ if(start < bp) bp--; if(opt[Echo].local) ECHO(c); break; case 0x15: /* ^U */ bp = start; if(opt[Echo].local){ ECHO('^'); ECHO('U'); ECHO('\r'); ECHO('\n'); } break; case 0x17: /* ^W */ if (opt[Echo].local) { while (--bp >= start && !alnum(*bp)) ECHO('\b'); while (bp >= start && alnum(*bp)) { ECHO('\b'); bp--; } bp++; } break; case 0x7f: /* Del */ write(notefd, "interrupt", 9); bp = start; break; default: if(opt[Echo].local) ECHO(c); *bp++ = c; } if(ebp != echobuf) write(1, echobuf, ebp-echobuf); ebp = echobuf; } out: if(ebp != echobuf) write(1, echobuf, ebp-echobuf); return bp - start; } int termchange(Biobuf *bp, int cmd) { char buf[8]; char *p = buf; if(cmd != Will) return 0; /* ask other side to send term type info */ *p++ = Iac; *p++ = Sb; *p++ = opt[Term].code; *p++ = 1; *p++ = Iac; *p++ = Se; return iwrite(Bfildes(bp), buf, p-buf); } int termsub(Biobuf *bp, uchar *sub, int n) { char term[Maxvar]; USED(bp); if(n-- < 1 || sub[0] != 0) return 0; if(n >= sizeof term) n = sizeof term; strncpy(term, (char*)sub, n); putenv("TERM", term); return 0; } int xlocchange(Biobuf *bp, int cmd) { char buf[8]; char *p = buf; if(cmd != Will) return 0; /* ask other side to send x display info */ *p++ = Iac; *p++ = Sb; *p++ = opt[Xloc].code; *p++ = 1; *p++ = Iac; *p++ = Se; return iwrite(Bfildes(bp), buf, p-buf); } int xlocsub(Biobuf *bp, uchar *sub, int n) { char xloc[Maxvar]; USED(bp); if(n-- < 1 || sub[0] != 0) return 0; if(n >= sizeof xloc) n = sizeof xloc; strncpy(xloc, (char*)sub, n); putenv("DISPLAY", xloc); return 0; } /* * create a shared segment. */ void* share(ulong len) { void *v; v = segattach(0, "shared", 0, len); if(v == (void*)-1) return nil; return v; } /* * bind a pipe onto consctl and keep reading it to * get changes to console state. */ int conssim(void) { int i, n; int fd; int tries; char buf[128]; char *field[10]; /* a pipe to simulate the /dev/cons */ if(bind("#|", "/mnt/cons", MREPL) == -1) fatal("/dev/cons1", 0, 0); if(bind("/mnt/cons/data1", "/dev/cons", MREPL) == -1) fatal("/dev/cons2", 0, 0); /* a pipe to simulate consctl */ if(bind("#|", "/mnt/consctl", MBEFORE) == -1 || bind("/mnt/consctl/data1", "/dev/consctl", MREPL) == -1) fatal("/dev/consctl", 0, 0); /* a process to read /dev/consctl and set the state in cons */ switch(fork()){ case -1: fatal("forking", 0, 0); case 0: break; default: return open("/mnt/cons/data", ORDWR); } for(tries = 0; tries < 100; tries++){ cons->raw = 0; cons->hold = 0; fd = open("/mnt/consctl/data", OREAD); if(fd < 0) continue; tries = 0; for(;;){ n = read(fd, buf, sizeof(buf)-1); if(n <= 0) break; buf[n] = 0; n = getfields(buf, field, 10, 1, " "); for(i = 0; i < n; i++){ if(strcmp(field[i], "rawon") == 0) { if(debug) fprint(2, "raw = 1\n"); cons->raw = 1; } else if(strcmp(field[i], "rawoff") == 0) { if(debug) fprint(2, "raw = 0\n"); cons->raw = 0; } else if(strcmp(field[i], "holdon") == 0) { cons->hold = 1; if(debug) fprint(2, "raw = 1\n"); } else if(strcmp(field[i], "holdoff") == 0) { cons->hold = 0; if(debug) fprint(2, "raw = 0\n"); } } } close(fd); } exits(0); return -1; } int alnum(int c) { /* * Hard to get absolutely right. Use what we know about ASCII * and assume anything above the Latin control characters is * potentially an alphanumeric. */ if(c <= ' ') return 0; if(0x7F<=c && c<=0xA0) return 0; if(strchr("!\"#$%&'()*+,-./:;<=>?@`[\\]^{|}~", c)) return 0; return 1; }