*New makefile
*Refer to local versions of telnet-related headers, rather than system ones
*Use termcap instead of termios
*Change hostname lookup in telnetd back to older code (which assumes IPv4, but that's all GNO supports anyway)
This implements part of RFC-2217
It's based off a patch originally written by Sujal Patel at Isilon, and
contributions from other Isilon employees.
PR: 173728
Phabric: D995
Reviewed by: markj, markm
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@274364 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
The "automatic" login feature is described as follows:
The USER environment variable holds the name of the person telnetting in.
This is the username of the person on the client machine. The traditional
behaviour is to execute login(1) with this username first, meaning that
login(1) will prompt for the password only. If login fails, login(1) will
retry, but now prompt for the username before prompting for the password.
This feature got broken by how the environment got scrubbed. Before the
change in r69825 we removed variables that we deemed dangerous. Starting
with r69825 we only keep those variable we know to be safe.
The USER environment variable fell through the cracks. It suddenly got
scrubbed (i.e. removed from the environment) while still being checked
for. It also got explicitly removed from the environment to handle the
failed login case.
The fix is to obtain the value of the USER environment variable before
we scrub the environment and used the "cached" in subsequent checks.
This guarantees that the environment does not contain the USER variable
in the end, while still being able to implement "automatic" login.
Obtained from: Juniper Networks, Inc.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@251188 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]
Fix a buffer overflow in telnetd. [11:08]
Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]
Add sanity checking of service names in pam_start. [11:10]
Approved by: so (cperciva)
Approved by: re (bz)
Security: FreeBSD-SA-11:06.bind
Security: FreeBSD-SA-11:07.chroot
Security: FreeBSD-SA-11:08.telnetd
Security: FreeBSD-SA-11:09.pam_ssh
Security: FreeBSD-SA-11:10.pam
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@228843 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Instead of catching SIGPIPE and jumping out of the signal handler with
longjmp, ignore it and handle write errors to the local output by exiting
from there. I have changed the error message to mention the local output
instead of NetBSD's wrong "Connection closed by foreign host". Write errors
to the network were already handled by exiting immediately and this now
applies to EPIPE too.
The code assumed that SIGPIPE could only be generated by the network
connection; if it was generated by the local output, it would longjmp out of
the signal handler and write an error message which caused another SIGPIPE.
PR: 19773
Obtained from: NetBSD
MFC after: 1 week
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@207449 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Just like rlogind, there is no need to change the ownership of the
terminal during shutdown anymore. Also don't call logwtmp, because the
login(1)/PAM is responsible for doing this. Also use SHUT_RDWR instead
of 2.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@202212 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
The function pow() in libmp(3) clashes with pow(3) in libm. We could
rename this single function, but we can just take the same approach as
the Solaris folks did, which is to prefix all function names with mp_.
libmp(3) isn't really popular nowadays. I suspect not a single
application in ports depends on it. There's still a chance, so I've
increased the SHLIB_MAJOR and __FreeBSD_version.
Reviewed by: deischen, rdivacky
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@189092 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Some time ago I got some reports MPSAFE TTY broke telnetd(8). Even
though it turned out to be a different problem within the TTY code, I
spotted a small issue with telnetd(8). Instead of allocating PTY's using
openpty(3) or posix_openpt(2), it used its own PTY allocation routine.
This means that telnetd(8) still uses /dev/ptyXX-style devices.
I've also increased the size of line[]. Even though 16 should be enough,
we already use 13 bytes ("/dev/pts/999", including '\0'). 32 bytes gives
us a little more freedom.
Also enable -DSTREAMSPTY. Otherwise telnetd(8) strips the PTY's pathname
to the latest slash instead of just removing "/dev/" (e.g. /dev/pts/0 ->
0, instead of pts/0).
Reviewed by: rink
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@184935 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
This works around a bug in HP-UX's telnet client and also gives a much
saner user experience when using FreeBSD's telnet client.
PR: bin/19405
Submitted by: Joel Ray Holveck joelh of gnu.org
MFC after: 1 month
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@180931 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
"+" to the port number, disable option negotiation and allow
transferring of data with high bit set.
OKed by: markm (maintainer)
PR: 52032
Submitted by: Valentin Nechayev <netch maybe-at netch stop kiev stop ua>
MFC After: 2 weeks
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@142790 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
/etc/iptos implementation so only numeric values supported.
o telnetd.8: steal the -S flag description from telnet.1, bump
the date of the document.
MFC after: 6 weeks
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@139937 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
o Restore input mode when return from the command one.
PR: bin/49983
Submitted by: Volker Stolz
OK in general from: markm
MFC after: 1 month
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@139687 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
(aka RFC2292bis). Though I believe this commit doesn't break
backward compatibility againt existing binaries, it breaks
backward compatibility of API.
Now, the applications which use Advanced Sockets API such as
telnet, ping6, mld6query and traceroute6 use RFC3542 API.
Obtained from: KAME
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@121472 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
of conflicting with other, similarly named functions in static
libraries. This is done mostly by renaming the var if it is shared
amongst modules, or making it static otherwise.
OK'ed by: re(scottl)
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@114911 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
When libdes was replaced with OpenSSL's libcrypto, there were a few
interfaces that the former implemented but the latter did not. Because
some software in the base system still depended upon these interfaces,
we simply included them in our libcrypto (rnd_keys.c).
Now, finally get around to removing the dependencies on these
interfaces. There were basically two cases:
des_new_random_key -- This is just a wrapper for des_random_key, and
these calls were replaced.
des_init_random_number_generator et. al. -- A few functions were used
by the application to seed libdes's PRNG. These are not necessary
when using libcrypto, as OpenSSL internally seeds the PRNG from
/dev/random. These calls were simply removed.
Again, some of the Kerberos 4 files have been taken off the vendor
branch. I do not expect there to be future imports of KTH Kerberos 4.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@110049 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Stephen Heumann
ngie
marcel
sjg
kevlo
joel
stas
cperciva
dim
jilles
ed
antoine
trhodes
jhb
gnn
ru
maxim
ume
nectar
tobez
kan
harti
markm
obrien