SOURCES: telnet-ssl-debian.patch (NEW), telnet-ssl-install.patch (...
adamg
adamg at pld-linux.org
Fri Apr 28 10:42:46 CEST 2006
Author: adamg Date: Fri Apr 28 08:42:46 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- new
---- Files affected:
SOURCES:
telnet-ssl-debian.patch (NONE -> 1.1) (NEW), telnet-ssl-install.patch (NONE -> 1.1) (NEW), telnetd-ssl.inetd (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/telnet-ssl-debian.patch
diff -u /dev/null SOURCES/telnet-ssl-debian.patch:1.1
--- /dev/null Fri Apr 28 10:42:46 2006
+++ SOURCES/telnet-ssl-debian.patch Fri Apr 28 10:42:41 2006
@@ -0,0 +1,3074 @@
+--- netkit-telnet-ssl-0.17.24+0.1.orig/Makefile
++++ netkit-telnet-ssl-0.17.24+0.1/Makefile
+@@ -1,7 +1,7 @@
+ # You can do "make SUB=blah" to make only a few, or edit here, or both
+ # You can also run make directly in the subdirs you want.
+
+-SUB = telnet telnetd telnetlogin
++SUB = libtelnet telnet telnetd telnetlogin
+
+ %.build:
+ (cd $(patsubst %.build, %, $@) && $(MAKE))
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/Makefile
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/Makefile
+@@ -6,15 +6,18 @@
+ #CXXFLAGS:=$(patsubst -O2, -g, $(CXXFLAGS))
+
+ # -DAUTHENTICATE
+-CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE
+-LIBS = $(LIBTERMCAP)
++CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE -DAUTHENTICATE -DUSE_SSL \
++ -I/usr/include/openssl -I../
++LIBTELNET = ../libtelnet/libtelnet.a
++LIBS += $(LIBTERMCAP) $(LIBTELNET) -lssl -lcrypto
+
+ SRCS = commands.cc main.cc network.cc ring.cc sys_bsd.cc telnet.cc \
+- terminal.cc tn3270.cc utilities.cc genget.cc environ.cc netlink.cc
++ terminal.cc tn3270.cc utilities.cc genget.cc environ.cc netlink.cc \
++ glue.cc glue2.cc
+
+ OBJS = $(patsubst %.cc, %.o, $(SRCS))
+
+-telnet: $(OBJS)
++telnet: $(OBJS) $(LIBTELNET)
+ $(CXX) $(LDFLAGS) $^ $(LIBS) -o $@
+
+ include depend.mk
+@@ -22,7 +25,7 @@
+ $(CXX) $(CXXFLAGS) -MM $(SRCS) >depend.mk
+
+ install: telnet
+- install -s -m$(BINMODE) telnet $(INSTALLROOT)$(BINDIR)/telnet-ssl
++ install -m$(BINMODE) telnet $(INSTALLROOT)$(BINDIR)/telnet-ssl
+ install -m$(MANMODE) telnet.1 $(INSTALLROOT)$(MANDIR)/man1/telnet-ssl.1
+
+ clean:
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/authenc.cc
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/authenc.cc
+@@ -35,7 +35,7 @@
+ * From: @(#)authenc.c 5.1 (Berkeley) 3/1/91
+ */
+ char au_rcsid[] =
+- "$Id$";
++ "$Id$";
+
+ #if defined(ENCRYPT) || defined(AUTHENTICATE)
+ #include <sys/types.h>
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/commands.cc
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/commands.cc
+@@ -35,7 +35,7 @@
+ * From: @(#)commands.c 5.5 (Berkeley) 3/22/91
+ */
+ char cmd_rcsid[] =
+- "$Id$";
++ "$Id$";
+
+ #include <string.h>
+
+@@ -653,6 +653,21 @@
+ return 1;
+ }
+
++#ifdef AUTHENTICATE
++
++static int tog_autologin(int) {
++ if(autologin == 0) {
++ autologin=1;
++ env_export("USER");
++ }
++ else {
++ autologin=0;
++ env_unexport("USER");
++ }
++ return 1;
++}
++
++#endif /* AUTHENTICATE */
+
+ static int netdata; /* Print out network data flow */
+ static int prettydump; /* Print "netdata" output in user readable format */
+@@ -682,13 +697,13 @@
+
+ #if defined(AUTHENTICATE)
+ { "autologin", "automatic sending of login and/or authentication info",
+- NULL, &autologin,
++ tog_autologin, NULL,
+ "send login name and/or authentication information" },
+ { "authdebug", "Toggle authentication debugging",
+ auth_togdebug, NULL,
+ "print authentication debugging information" },
+ #endif
+-#if 0
++#ifdef ENCRYPT
+ { "autoencrypt", "automatic encryption of data stream",
+ EncryptAutoEnc, NULL,
+ "automatically encrypt output" },
+@@ -701,7 +716,7 @@
+ { "encdebug", "Toggle encryption debugging",
+ EncryptDebug, NULL,
+ "print encryption debugging information" },
+-#endif
++#endif /* ENCRYPT */
+
+ { "skiprc", "don't read the telnetrc files",
+ NULL, &skiprc,
+@@ -750,7 +765,7 @@
+ NULL, &showoptions,
+ "show option processing" },
+
+- { "termdata", "(debugging) toggle printing of hexadecimal terminal data",
++ { "termdata", "toggle printing of hexadecimal terminal data (debugging)",
+ NULL, &termdata,
+ "print hexadecimal representation of terminal traffic" },
+
+@@ -1357,9 +1372,9 @@
+ else
+ shellname++;
+ if (argc > 1)
+- execl(shellp, shellname, "-c", &saveline[1], 0);
++ execl(shellp, shellname, "-c", &saveline[1], (char *) NULL);
+ else
+- execl(shellp, shellname, 0);
++ execl(shellp, shellname, (char *) NULL);
+ perror("Execl");
+ _exit(1);
+ }
+@@ -1902,6 +1917,16 @@
+ NI_NUMERICHOST | NI_NUMERICSERV);
+
+ printf("Trying %s...\n", name);
++
++ if (tmpaddr->ai_canonname == 0) {
++ hostname = new char[strlen(hostp)+1];
++ strcpy(hostname, hostp);
++ }
++ else {
++ hostname = new char[strlen(tmpaddr->ai_canonname)+1];
++ strcpy(hostname, tmpaddr->ai_canonname);
++ }
++
+ x = nlink.connect(debug, tmpaddr, srp, srlen, tos);
+ if (!x)
+ goto err;
+@@ -1909,18 +1934,18 @@
+ goto nextaddr;
+
+ connected++;
++
++#ifdef USE_SSL
++ if (strcmp(hostp, "localhost") != 0) {
++ /* autologin = 1; */
++ use_authentication=1;
++ }
++#endif /* USE_SSL */
++
+ #if defined(AUTHENTICATE)
+ auth_encrypt_connect(connected);
+ #endif
+ } while (connected == 0);
+- if (tmpaddr->ai_canonname == 0) {
+- hostname = new char[strlen(hostp)+1];
+- strcpy(hostname, hostp);
+- }
+- else {
+- hostname = new char[strlen(tmpaddr->ai_canonname)+1];
+- strcpy(hostname, tmpaddr->ai_canonname);
+- }
+
+ cmdrc(hostp, hostname, portp);
+ freeaddrinfo(hostaddr);
+@@ -2233,22 +2258,18 @@
+ }
+
+ void cmdrc(const char *m1, const char *m2, const char *port) {
+- static char *rcname = 0;
+- static char rcbuf[128];
++ char *rcname = NULL;
+
+ if (skiprc) return;
+
+ readrc(m1, m2, port, "/etc/telnetrc");
+- if (rcname == 0) {
+- rcname = getenv("HOME");
+- if (rcname)
+- strcpy(rcbuf, rcname);
+- else
+- rcbuf[0] = '\0';
+- strcat(rcbuf, "/.telnetrc");
+- rcname = rcbuf;
+- }
++ if (asprintf (&rcname, "%s/.telnetrc", getenv ("HOME")) == -1)
++ {
++ perror ("asprintf");
++ return;
++ }
+ readrc(m1, m2, port, rcname);
++ free (rcname);
+ }
+
+ #if defined(IP_OPTIONS) && defined(HAS_IPPROTO_IP)
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/defines.h
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/defines.h
+@@ -31,7 +31,7 @@
+ * SUCH DAMAGE.
+ *
+ * from: @(#)defines.h 5.1 (Berkeley) 9/14/90
+- * $Id$
++ * $Id$
+ */
+
+ #define ENV_VAR NEW_ENV_VAR
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/externs.h
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/externs.h
+@@ -31,7 +31,7 @@
+ * SUCH DAMAGE.
+ *
+ * from: @(#)externs.h 5.3 (Berkeley) 3/22/91
+- * $Id$
++ * $Id$
+ */
+
+ #ifndef BSD
+@@ -57,6 +57,7 @@
+ #define SUBBUFSIZE 256
+
+ extern int autologin; /* Autologin enabled */
++extern int use_authentication; /* use SSL authentication */
+ extern int skiprc; /* Don't process the ~/.telnetrc file */
+ extern int eight; /* use eight bit mode (binary in and/or out) */
+ extern int binary; /* use binary option (in and/or out) */
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/fdset.h
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/fdset.h
+@@ -31,7 +31,7 @@
+ * SUCH DAMAGE.
+ *
+ * from: @(#)fdset.h 5.1 (Berkeley) 9/14/90
+- * $Id$
++ * $Id$
+ */
+
+ /*
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/general.h
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/general.h
+@@ -31,7 +31,7 @@
+ * SUCH DAMAGE.
+ *
+ * from: @(#)general.h 5.2 (Berkeley) 3/1/91
+- * $Id$
++ * $Id$
+ */
+
+ /*
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/genget.cc
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/genget.cc
+@@ -35,7 +35,7 @@
+ * From: @(#)genget.c 5.1 (Berkeley) 2/28/91
+ */
+ char gg_rcsid[] =
+- "$Id$";
++ "$Id$";
+
+ #include <string.h>
+ #include <ctype.h>
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/main.cc
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/main.cc
+@@ -39,7 +39,7 @@
+ * From: @(#)main.c 5.4 (Berkeley) 3/22/91
+ */
+ char main_rcsid[] =
+- "$Id$";
++ "$Id$";
+
+ #include "../version.h"
+
+@@ -86,16 +86,27 @@
+ * -X <atype> disable specified auth type
+ */
+ void usage(void) {
+- fprintf(stderr, "Usage: %s %s%s%s%s\n",
++ fprintf(stderr, "Usage: %s %s%s%s%s%s\n",
+ prompt,
++#ifdef AUTHENTICATE
++ "[-4] [-6] [-8] [-E] [-K] [-L] [-X atype] [-a] [-d] [-e char]",
++ "\n\t[-l user] [-n tracefile] [ -b addr ]",
++#else
+ "[-4] [-6] [-8] [-E] [-L] [-a] [-d] [-e char] [-l user]",
+ "\n\t[-n tracefile] [ -b addr ]",
++#endif
+ #ifdef TN3270
+ "\n\t"
+ "[-noasynch] [-noasynctty] [-noasyncnet] [-r] [-t transcom]\n\t",
+ #else
+ " [-r] ",
+ #endif
++#ifdef USE_SSL
++ /* might as well output something useful here ... */
++ "\n\t[-z ssl] [-z secure] [-z debug] [-z verify=int]\n\t[-z cert=file] [-z key=file]\n\t",
++#else /* !USE_SSL */
++ "",
++#endif /* USE_SSL */
+ "[host-name [port]]"
+ );
+ exit(1);
+@@ -135,8 +146,73 @@
+ autologin = -1;
+
+ while ((ch = getopt(argc, argv,
+- "4678EKLS:X:ab:de:k:l:n:rt:x")) != EOF) {
++ "4678EKLS:X:ab:de:k:l:n:rt:xz:")) != EOF) {
+ switch(ch) {
++#ifdef USE_SSL
++ case 'z':
++ {
++ char *origopt;
++
++ origopt=strdup(optarg);
++ optarg=strtok(origopt,",");
++
++ while(optarg!=NULL) {
++
++ if (strcmp(optarg, "debug") == 0 ) {
++ ssl_debug_flag=1;
++ } else if (strcmp(optarg, "authdebug") == 0 ) {
++ auth_debug_mode=1;
++ } else if (strcmp(optarg, "ssl") == 0 ) {
++ ssl_only_flag=1;
++ } else if ( (strcmp(optarg, "!ssl") == 0) ||
++ (strcmp(optarg, "nossl") == 0) ) {
++ /* we may want to switch SSL negotiation off
++ * for testing or other reasons
++ */
++ ssl_disabled_flag=1;
++ } else if (strcmp(optarg, "certrequired") == 0 ) {
++ ssl_cert_required=1;
++ } else if (strcmp(optarg, "secure") == 0 ) {
++ ssl_secure_flag=1;
++ } else if (strcmp(optarg, "verbose") == 0 ) {
++ ssl_verbose_flag=1;
++ } else if (strncmp(optarg, "verify=",
++ strlen("verify=")) == 0 ) {
++ ssl_verify_flag=atoi(optarg+strlen("verify="));
++ } else if (strncmp(optarg, "cert=",
++ strlen("cert=")) == 0 ) {
++ ssl_cert_file= optarg + strlen("cert=");
++ } else if (strncmp(optarg, "key=",
++ strlen("key=")) == 0 ) {
++ ssl_key_file= optarg + strlen("key=");
++ } else if (strncmp(optarg,"cipher=",
++ strlen("cipher="))==0) {
++ ssl_cipher_list=optarg+strlen("cipher=");
++ } else {
++ /* report when we are given rubbish so that
++ * if the user makes a mistake they have to
++ * correct it!
++ */
++ fprintf(stderr,"Unknown SSL option %s\n",optarg);
++ fflush(stderr);
++ exit(1);
++ }
++
++ /* get the next one ... */
++ optarg=strtok(NULL,",");
++
++ }
++
++ /*
++ if (origopt!=NULL)
++ free(origopt);
++ */
++
++ }
++
++ break;
++#endif /* USE_SSL */
++
+ case '4':
+ family = AF_INET;
+ break;
+@@ -257,14 +333,25 @@
+ autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
+
+ #ifdef USE_SSL
++ if((ssl_cert_file != NULL) || (ssl_key_file != NULL)) {
++ autologin = 1;
++ }
++
+ if (ssl_secure_flag||ssl_cert_required) {
+ /* in secure mode we *must* switch on the base level
+ * verify checking otherwise we cannot abort connections
+ * at the right place!
+ */
+ if (ssl_verify_flag == 0)
+- ssl_verify_flag = 1;
++ ssl_verify_flag = SSL_VERIFY_PEER;;
+ }
++
++ /* client mode ignores SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
++ so simulate it using certrequired */
++ if(ssl_verify_flag & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
++ ssl_cert_required=1;
++ }
++
+ #endif /* USE_SSL */
+
+ argc -= optind;
+@@ -289,11 +376,6 @@
+ *argp++ = family == AF_INET ? "-4" : "-6";
+ }
+ *argp++ = argv[0]; /* host */
+-#ifdef USE_SSL
+- if (strcmp(argv[0], "localhost") != 0) {
+- autologin = 1;
+- }
+-#endif /* USE_SSL */
+ if (argc > 1)
+ *argp++ = argv[1]; /* port */
+ *argp = 0;
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/netlink.cc
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/netlink.cc
+@@ -12,6 +12,7 @@
+ #include "proto.h"
+ #include "ring.h"
+ #include <libtelnet/sslapp.h>
++#include <libtelnet/misc-proto.h>
+
+ /* In Linux, this is an enum */
+ #if defined(__linux__) || defined(IPPROTO_IP)
+@@ -70,11 +71,11 @@
+
+
+ netlink::netlink() { net = -1; }
+-netlink::~netlink() { ::close(net); }
++netlink::~netlink() { if (net >= 0) ::close(net); }
+
+
+ int netlink::setdebug(int debug) {
+- if (net > 0 &&
++ if (net >= 0 &&
+ (setsockopt(net, SOL_SOCKET, SO_DEBUG, &debug, sizeof(debug))) < 0) {
+ perror("setsockopt (SO_DEBUG)");
+ }
+@@ -95,7 +96,8 @@
+ ssl_active_flag=0;
+ }
+ #endif /* USE_SSL */
+- ::close(net);
++ if (net >= 0)
++ ::close(net);
+ net = -1;
+ }
+
+@@ -142,7 +144,8 @@
+ {
+ int on=1;
+ int res;
+-
++ extern char *hostname;
++
+ res = socket(addr->ai_family);
+ if (res < 2)
+ return res;
+@@ -192,10 +195,24 @@
+ /* bind in the network descriptor */
+ SSL_set_fd(ssl_con,net);
+
++#if defined(AUTHENTICATE)
++ /* moved from telnet() so client_verify_callback knows RemoteHostName -ianb */
++ {
++ static char local_host[256] = { 0 };
++ int len = sizeof(local_host);
++
++ if (!local_host[0]) {
++ gethostname(local_host, len); /* WAS &len!!! */
++ local_host[sizeof(local_host)-1] = 0;
++ }
++ auth_encrypt_init(local_host, hostname, "TELNET", 0);
++ }
++#endif
++
+ /* if we are doing raw SSL then start it now ... */
+ if (ssl_only_flag) {
+ if (!SSL_connect(ssl_con)) {
+- static char errbuf[1024];
++ /* static char errbuf[1024]; */
+
+ ERR_print_errors_fp(stderr);
+ perror("SSL_connect");
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/network.cc
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/network.cc
+@@ -35,7 +35,7 @@
+ * From: @(#)network.c 5.2 (Berkeley) 3/1/91
+ */
+ char net_rcsid[] =
+- "$Id$";
++ "$Id$";
+
+ #include <sys/types.h>
+ #include <sys/socket.h>
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/proto.h
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/proto.h
+@@ -10,9 +10,11 @@
+ int TerminalSpecialChars(int);
+ void TerminalSpeeds(long *ispeed, long *ospeed);
+ int TerminalWindowSize(long *rows, long *cols);
++#if 0
+ void auth_encrypt_user(char *);
+ void auth_name(unsigned char *, int);
+ void auth_printsub(unsigned char *, int, unsigned char *, int);
++#endif
+ void cmdrc(const char *, const char *, const char *);
+ void env_init(void);
+ int getconnmode(void);
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.cc
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/ring.cc
+@@ -35,7 +35,7 @@
+ * From: @(#)ring.c 5.2 (Berkeley) 3/1/91
+ */
+ char ring_rcsid[] =
+- "$Id$";
++ "$Id$";
+
+ /*
+ * This defines a structure for a ring buffer.
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/ring.h
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/ring.h
+@@ -31,7 +31,7 @@
+ * SUCH DAMAGE.
+ *
+ * from: @(#)ring.h 5.2 (Berkeley) 3/1/91
+- * $Id$
++ * $Id$
+ */
+
+ class datasink {
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/sys_bsd.cc
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/sys_bsd.cc
+@@ -35,7 +35,7 @@
+ * From: @(#)sys_bsd.c 5.2 (Berkeley) 3/1/91
+ */
+ char bsd_rcsid[] =
+- "$Id$";
++ "$Id$";
+
+ /*
+ * The following routines try to encapsulate what is system dependent
+--- netkit-telnet-ssl-0.17.24+0.1.orig/telnet/telnet.1
++++ netkit-telnet-ssl-0.17.24+0.1/telnet/telnet.1
+@@ -30,7 +30,7 @@
+ .\" SUCH DAMAGE.
+ .\"
+ .\" from: @(#)telnet.1 6.16 (Berkeley) 7/27/91
+-.\" $Id$
++.\" $Id$
+ .\"
+ .Dd August 15, 1999
+ .Dt TELNET 1
+@@ -42,12 +42,14 @@
+ protocol
+ .Sh SYNOPSIS
+ .Nm telnet
+-.Op Fl 468ELadr
++.Op Fl 468EKLadr
+ .Op Fl S Ar tos
++.Op Fl X Ar authtype
+ .Op Fl b Ar address
+ .Op Fl e Ar escapechar
+ .Op Fl l Ar user
+ .Op Fl n Ar tracefile
++.Op Fl z Ar option
+ .Oo
+ .Ar host
+ .Op Ar port
+@@ -152,44 +154,45 @@
+ command below.
+ .It Fl z Ar option
+ Set SSL (Secure Socket Layer) parameters. The default is to negotiate
+-via telnet protocoll if SSL is availlable at server side and then to
++via telnet protocol if SSL is available at server side and then to
+ switch it on. In this mode you can connect to both conventional and
+-SSL enhanced telnetd's.
++SSL enhanced telnetd's. If the connection is made to localhost then
++SSL is not enabled.
<<Diff was trimmed, longer than 597 lines>>
More information about the pld-cvs-commit
mailing list