Commit Graph

152 Commits

Author SHA1 Message Date
sjg
839f5deaca Propagate ancient fix from Junos.
Use of -h is not supposed to depend on AUTHENTICATION being defined.

Reviewed by: markm


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@257773 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2013-11-07 00:36:39 +00:00
marcel
d37ea43702 Fix "automatic" login, broken by revision 69825 (12 years, 5 months ago).
The "automatic" login feature is described as follows:
The USER environment variable holds the name of the person telnetting in.
This is the username of the person on the client machine. The traditional
behaviour is to execute login(1) with this username first, meaning that
login(1) will prompt for the password only. If login fails, login(1) will
retry, but now prompt for the username before prompting for the password.

This feature got broken by how the environment got scrubbed. Before the
change in r69825 we removed variables that we deemed dangerous. Starting
with r69825 we only keep those variable we know to be safe.

The USER environment variable fell through the cracks. It suddenly got
scrubbed (i.e. removed from the environment) while still being checked
for. It also got explicitly removed from the environment to handle the
failed login case.

The fix is to obtain the value of the USER environment variable before
we scrub the environment and used the "cached" in subsequent checks.
This guarantees that the environment does not contain the USER variable
in the end, while still being able to implement "automatic" login.

Obtained from:	Juniper Networks, Inc.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@251188 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2013-05-31 17:30:12 +00:00
kevlo
6b099757e8 Make sure that each va_start has one and only one matching va_end,
especially in error cases.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@241021 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2012-09-28 07:51:30 +00:00
joel
2e1696417c Remove superfluous paragraph macro.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@237190 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2012-06-17 11:04:38 +00:00
stas
d97058c8ec - Do not use deprecated krb5 error message reporting functions in libtelnet.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@233932 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2012-04-06 00:03:45 +00:00
cperciva
a02488779d Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]
Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]

Fix a buffer overflow in telnetd. [11:08]

Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]

Add sanity checking of service names in pam_start. [11:10]

Approved by:    so (cperciva)
Approved by:    re (bz)
Security:       FreeBSD-SA-11:06.bind
Security:       FreeBSD-SA-11:07.chroot
Security:       FreeBSD-SA-11:08.telnetd
Security:       FreeBSD-SA-11:09.pam_ssh
Security:       FreeBSD-SA-11:10.pam


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@228843 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2011-12-23 15:00:37 +00:00
dim
24a5c1e093 In contrib/telnet/telnet/utilities.c, fix a few warnings about format
strings not being literals.

MFC after:	1 week


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@228651 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2011-12-17 18:18:36 +00:00
dim
bd32956cba In contrib/telnet/telnetd/utility.c, fix a few warnings about format
strings not being literals.

MFC after:	1 week


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@228589 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2011-12-16 16:53:54 +00:00
dim
d107e99829 In contrib/telnet/libtelnet/sra.c, use the correct number of bytes to
zero the password buffer.

MFC after:	1 week


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@228559 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2011-12-16 00:48:53 +00:00
jilles
0fddcbcf1c telnet: Fix infinite loop if local output generates SIGPIPE.
Instead of catching SIGPIPE and jumping out of the signal handler with
longjmp, ignore it and handle write errors to the local output by exiting
from there. I have changed the error message to mention the local output
instead of NetBSD's wrong "Connection closed by foreign host". Write errors
to the network were already handled by exiting immediately and this now
applies to EPIPE too.

The code assumed that SIGPIPE could only be generated by the network
connection; if it was generated by the local output, it would longjmp out of
the signal handler and write an error message which caused another SIGPIPE.

PR:		19773
Obtained from:	NetBSD
MFC after:	1 week


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@207449 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2010-04-30 19:52:35 +00:00
ed
b3741997b0 Forgot a part that was missing in the previous commit.
There is no need to call trimdomain() anymore now that ut_host is big
enough to fit decent hostnames.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@202214 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2010-01-13 18:46:50 +00:00
ed
22cdf6fd37 Let telnetd build without utmp and logwtmp(3).
Just like rlogind, there is no need to change the ownership of the
terminal during shutdown anymore. Also don't call logwtmp, because the
login(1)/PAM is responsible for doing this. Also use SHUT_RDWR instead
of 2.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@202212 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2010-01-13 18:37:42 +00:00
ed
29b3953035 Remove unneeded inclusion of <utmp.h> and dead variables.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@201047 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2009-12-27 11:56:32 +00:00
ed
67287bcb77 Use <termios.h> instead of <sys/termios.h>.
<sys/termios.h> only works on FreeBSD by accident.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@199874 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2009-11-28 11:57:25 +00:00
ed
7541522753 Rename all symbols in libmp(3) to mp_*, just like Solaris.
The function pow() in libmp(3) clashes with pow(3) in libm. We could
rename this single function, but we can just take the same approach as
the Solaris folks did, which is to prefix all function names with mp_.

libmp(3) isn't really popular nowadays. I suspect not a single
application in ports depends on it. There's still a chance, so I've
increased the SHLIB_MAJOR and __FreeBSD_version.

Reviewed by:	deischen, rdivacky


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@189092 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2009-02-26 21:43:15 +00:00
cperciva
1d2eb11519 Correctly scrub telnetd's environment.
Approved by:	so (cperciva)
Security:	FreeBSD-SA-09:05.telnetd


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@188699 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2009-02-16 21:56:17 +00:00
ed
8d9786e342 Use strlcpy() instead of strcpy().
Requested by:	mlaier


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@184938 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2008-11-13 20:40:38 +00:00
ed
7aa7324a8f Convert telnetd(8) to use posix_openpt(2).
Some time ago I got some reports MPSAFE TTY broke telnetd(8). Even
though it turned out to be a different problem within the TTY code, I
spotted a small issue with telnetd(8). Instead of allocating PTY's using
openpty(3) or posix_openpt(2), it used its own PTY allocation routine.
This means that telnetd(8) still uses /dev/ptyXX-style devices.

I've also increased the size of line[]. Even though 16 should be enough,
we already use 13 bytes ("/dev/pts/999", including '\0'). 32 bytes gives
us a little more freedom.

Also enable -DSTREAMSPTY. Otherwise telnetd(8) strips the PTY's pathname
to the latest slash instead of just removing "/dev/" (e.g. /dev/pts/0 ->
0, instead of pts/0).

Reviewed by:	rink


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@184935 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2008-11-13 19:05:27 +00:00
antoine
2846fec647 Fix TELOPT(opt) when opt > TELOPT_TN3270E.
PR:		127194
Submitted by:	Joost Bekkers
MFC after:	1 month


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@183004 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2008-09-13 17:46:50 +00:00
trhodes
180a45c5fb List authentication types supported with "-X" taken from the libtelnet
code.

PR:		121721


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@182419 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2008-08-29 00:04:37 +00:00
jhb
d76e719277 Don't attempt authentication at all if it has been disabled via '-a off'.
This works around a bug in HP-UX's telnet client and also gives a much
saner user experience when using FreeBSD's telnet client.

PR:		bin/19405
Submitted by:	Joel Ray Holveck   joelh of gnu.org
MFC after:	1 month


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@180931 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2008-07-28 18:58:16 +00:00
gnn
dea97c6292 Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@171135 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2007-07-01 12:08:08 +00:00
ru
461fc455ee Markup nits.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@162826 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2006-09-29 22:51:29 +00:00
ru
7fe816d452 Remove bogus casts of valid integer ioctl() arguments.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@162671 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2006-09-26 21:46:12 +00:00
maxim
2a1a3f355d o Mention .telnetrc DEFAULT keyword.
PR:		bin/100496 (sort of)
Obtained from:	NetBSD, heas@netbsd
MFC after:	3 weeks


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@162402 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2006-09-18 15:03:18 +00:00
ume
b88638bb41 NI_WITHSCOPEID cleanup
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@146468 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2005-05-21 15:28:42 +00:00
nectar
e1492a80cd Correct a pair of buffer overflows in the telnet(1) command:
(CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
 functions.

 (CAN-2005-0469) A global uninitialized data section buffer overflow in
 slc_add_reply() and related functions.

As a result of these vulnerabilities, it may be possible for a malicious
telnet server or active network attacker to cause telnet(1) to execute
arbitrary code with the privileges of the user running it.

Security: CAN-2005-0468, CAN-2005-0469
Security: FreeBSD-SA-05:01.telnet
Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities

These fixes are based in part on patches
Submitted by:	Solar Designer <solar@openwall.com>


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@144231 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2005-03-28 14:45:12 +00:00
tobez
0f4e951657 Increase usefulness of telnet(1) as a protocol tester. By prepending
"+" to the port number, disable option negotiation and allow
transferring of data with high bit set.

OKed by:	markm (maintainer)
PR:		52032
Submitted by:	Valentin Nechayev <netch maybe-at netch stop kiev stop ua>
MFC After:	2 weeks


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@142790 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2005-02-28 12:46:53 +00:00
ru
26fb67c648 - Soften sentence breaks.
- Remove double whitespace.
- Sort sections.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@140601 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2005-01-21 21:57:05 +00:00
maxim
82ff960df9 o Make telnet[d] -S (IP TOS) flag really work. We do not have
/etc/iptos implementation so only numeric values supported.

o telnetd.8: steal the -S flag description from telnet.1, bump
the date of the document.

MFC after:	6 weeks


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@139937 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2005-01-09 10:24:46 +00:00
maxim
10faff8b17 o Add -4 and -6 flags to a man page and usage(). Bump the man page
date.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@139713 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2005-01-05 09:59:38 +00:00
maxim
e5dfcfd096 o Remove -t flag from getopt(3), it was killed in rev. 1.15 three
years ago.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@139711 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2005-01-05 09:47:10 +00:00
maxim
cff120dc74 o Print a correct status for unix domain sockets.
o Restore input mode when return from the command one.

PR:			bin/49983
Submitted by:		Volker Stolz
OK in general from:	markm
MFC after:		1 month


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@139687 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2005-01-04 21:22:32 +00:00
kan
5adbfa7aec Add missing () to function invocation.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@132753 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2004-07-28 05:37:18 +00:00
ume
97005ca0b5 Switch Advanced Sockets API for IPv6 from RFC2292 to RFC3542
(aka RFC2292bis).  Though I believe this commit doesn't break
backward compatibility againt existing binaries, it breaks
backward compatibility of API.
Now, the applications which use Advanced Sockets API such as
telnet, ping6, mld6query and traceroute6 use RFC3542 API.

Obtained from:	KAME


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@121472 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2003-10-24 18:26:30 +00:00
ume
425407c55a EAI_ADDRFAMILY and EAI_NODATA was deprecated in RFC3493
(aka RFC2553bis).  Now, getaddrinfo(3) returns EAI_NONAME
instead of EAI_NODATA.  Our getaddrinfo(3) nor getnameinfo(3)
didn't use EAI_ADDRFAMILY.

Obtained from:	KAME


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@121425 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2003-10-23 13:55:36 +00:00
harti
594b8db219 Forced commit to record the PR for the previous commit.
Remembered by: maxim

PR:		bin/45967


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@118866 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2003-08-13 11:02:37 +00:00
harti
6a39aef766 Implement what has been documented for a long time: make -debug switch
on socket debugging.

Okay'ed by: markm


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@118865 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2003-08-13 10:56:40 +00:00
markm
4369ac2a7f Fix up external variables named "debug" that have a horrible habit
of conflicting with other, similarly named functions in static
libraries. This is done mostly by renaming the var if it is shared
amongst modules, or making it static otherwise.

OK'ed by:	re(scottl)


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@114911 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2003-05-11 18:17:00 +00:00
obrien
90a2e082b9 Use __FBSDID vs. rcsid[]. Also protect sccs[] and copyright[] from GCC 3.3.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@114630 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2003-05-04 02:54:49 +00:00
nectar
a948d8a850 Unbreak Kerberos 5 authentication in telnet.
(Credential forwarding is still broken.)

PR:	bin/45397


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@111946 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2003-03-06 13:41:53 +00:00
nectar
a6a592c797 Background:
When libdes was replaced with OpenSSL's libcrypto, there were a few
 interfaces that the former implemented but the latter did not.  Because
 some software in the base system still depended upon these interfaces,
 we simply included them in our libcrypto (rnd_keys.c).

Now, finally get around to removing the dependencies on these
interfaces.  There were basically two cases:

  des_new_random_key -- This is just a wrapper for des_random_key, and
     these calls were replaced.

  des_init_random_number_generator et. al. -- A few functions were used
     by the application to seed libdes's PRNG.  These are not necessary
     when using libcrypto, as OpenSSL internally seeds the PRNG from
     /dev/random.  These calls were simply removed.

Again, some of the Kerberos 4 files have been taken off the vendor
branch.  I do not expect there to be future imports of KTH Kerberos 4.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@110049 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2003-01-29 18:14:29 +00:00
billf
ea4f5f77e7 add more RFC defined telnet options
Reviewed by:	ps


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@109466 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2003-01-18 06:10:21 +00:00
eric
9e0282c9ca Merge argument parsing changes into this copy of telnet.
Submitted by:	markm
Approved by:	bmah


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@107299 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2002-11-27 06:34:24 +00:00
dd
a2b2e46019 Permit the argument to the -s option to be a hostname. I see no
reason to restrict this to a numeric address.

PR:		41841
Submitted by:	Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>,
		Maxim Maximov <mcsi@agava.com>


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@104331 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2002-10-02 00:27:14 +00:00
markm
5a5138f8df Catch up with "base" telnet.
s/FALL THROUGH/FALLTHROUGH/ for lint(1).


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@103956 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2002-09-25 07:28:04 +00:00
markm
112a50cd56 Catch up with "base" telnet.
s/FALL THROUGH/FALLTHROUGH/ for lint(1).
s/Usage/usage/ for consistency.


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@103955 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2002-09-25 07:26:25 +00:00
markm
b4c79417a1 From the requestor:
"Could you do me a favor and fix sys_bsd.c to get the howmany() macro
from <sys/param.h>, instead of <sys/types.h>?  This will save me from
having to worry about the unsync'd bits before making the change."

Requested by:	mike


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@103954 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2002-09-25 07:24:01 +00:00
nsayer
60fe3b5542 Encrypted strings (after hex decoding) aren't null terminated, because
0 might simply be part of the ciphertext.

PR:		bin/40266
Submitted by:	andr@dgap.mipt.ru
MFC after:	3 days


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@102250 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2002-08-22 06:19:07 +00:00
markm
e537a06c59 Warnings fixes. Sort out some variable types.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@98884 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2002-06-26 17:06:14 +00:00