1 /* vi: set sw=4 ts=4: */
4 * Bjorn Wesen, Axis Communications AB (bjornw@axis.com)
6 * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
8 * ---------------------------------------------------------------------------
9 * (C) Copyright 2000, Axis Communications AB, LUND, SWEDEN
10 ****************************************************************************
12 * The telnetd manpage says it all:
14 * Telnetd operates by allocating a pseudo-terminal device (see pty(4)) for
15 * a client, then creating a login process which has the slave side of the
16 * pseudo-terminal as stdin, stdout, and stderr. Telnetd manipulates the
17 * master side of the pseudo-terminal, implementing the telnet protocol and
18 * passing characters between the remote client and the login process.
20 * Vladimir Oleynik <dzo@simtreas.ru> 2001
21 * Set process group corrections, initial busybox port
33 #include <arpa/telnet.h>
34 #include <sys/syslog.h>
40 static const char *loginpath = "/bin/login";
42 static const char *loginpath = DEFAULT_SHELL;
45 static const char *issuefile = "/etc/issue.net";
47 /* shell name and arguments */
49 static const char *argv_init[2];
51 /* structure that describes a session */
54 struct tsession *next;
55 int sockfd_read, sockfd_write, ptyfd;
57 /* two circular buffers */
59 int rdidx1, wridx1, size1;
60 int rdidx2, wridx2, size2;
64 This is how the buffers are used. The arrows indicate the movement
67 +-------+ wridx1++ +------+ rdidx1++ +----------+
68 | | <-------------- | buf1 | <-------------- | |
69 | | size1-- +------+ size1++ | |
71 | | rdidx2++ +------+ wridx2++ | |
72 | | --------------> | buf2 | --------------> | |
73 +-------+ size2++ +------+ size2-- +----------+
75 Each session has got two buffers.
80 static struct tsession *sessions;
84 Remove all IAC's from the buffer pointed to by bf (received IACs are ignored
85 and must be removed so as to not be interpreted by the terminal). Make an
86 uninterrupted string of characters fit for the terminal. Do this by packing
87 all characters meant for the terminal sequentially towards the end of bf.
89 Return a pointer to the beginning of the characters meant for the terminal.
90 and make *num_totty the number of characters that should be sent to
93 Note - If an IAC (3 byte quantity) starts before (bf + len) but extends
94 past (bf + len) then that IAC will be left unprocessed and *processed will be
97 FIXME - if we mean to send 0xFF to the terminal then it will be escaped,
98 what is the escape character? We aren't handling that situation here.
100 CR-LF ->'s CR mapping is also done here, for convenience
103 remove_iacs(struct tsession *ts, int *pnum_totty)
105 unsigned char *ptr0 = (unsigned char *)ts->buf1 + ts->wridx1;
106 unsigned char *ptr = ptr0;
107 unsigned char *totty = ptr;
108 unsigned char *end = ptr + MIN(BUFSIZE - ts->wridx1, ts->size1);
116 /* We now map \r\n ==> \r for pragmatic reasons.
117 * Many client implementations send \r\n when
118 * the user hits the CarriageReturn key.
120 if (c == '\r' && (*ptr == '\n' || *ptr == 0) && ptr < end)
124 * TELOPT_NAWS support!
126 if ((ptr+2) >= end) {
127 /* only the beginning of the IAC is in the
128 buffer we were asked to process, we can't
129 process this char. */
134 * IAC -> SB -> TELOPT_NAWS -> 4-byte -> IAC -> SE
136 else if (ptr[1] == SB && ptr[2] == TELOPT_NAWS) {
139 break; /* incomplete, can't process */
140 ws.ws_col = (ptr[3] << 8) | ptr[4];
141 ws.ws_row = (ptr[5] << 8) | ptr[6];
142 ioctl(ts->ptyfd, TIOCSWINSZ, (char *)&ws);
145 /* skip 3-byte IAC non-SB cmd */
147 fprintf(stderr, "Ignoring IAC %s,%s\n",
148 TELCMD(ptr[1]), TELOPT(ptr[2]));
155 processed = ptr - ptr0;
156 num_totty = totty - ptr0;
157 /* the difference between processed and num_to tty
158 is all the iacs we removed from the stream.
159 Adjust buf1 accordingly. */
160 ts->wridx1 += processed - num_totty;
161 ts->size1 -= processed - num_totty;
162 *pnum_totty = num_totty;
163 /* move the chars meant for the terminal towards the end of the
165 return memmove(ptr - num_totty, ptr0, num_totty);
170 getpty(char *line, int size)
173 #if ENABLE_FEATURE_DEVPTS
174 p = open("/dev/ptmx", O_RDWR);
181 bb_perror_msg("ptsname error (is /dev/pts mounted?)");
184 safe_strncpy(line, name, size);
192 strcpy(line, "/dev/ptyXX");
194 for (i = 0; i < 16; i++) {
195 line[8] = "pqrstuvwxyzabcde"[i];
197 if (stat(line, &stb) < 0) {
200 for (j = 0; j < 16; j++) {
201 line[9] = j < 10 ? j + '0' : j - 10 + 'a';
203 fprintf(stderr, "Trying to open device: %s\n", line);
204 p = open(line, O_RDWR | O_NOCTTY);
211 #endif /* FEATURE_DEVPTS */
217 send_iac(struct tsession *ts, unsigned char command, int option)
219 /* We rely on that there is space in the buffer for now. */
220 char *b = ts->buf2 + ts->rdidx2;
229 static struct tsession *
231 USE_FEATURE_TELNETD_STANDALONE(int sock_r, int sock_w)
232 SKIP_FEATURE_TELNETD_STANDALONE(void)
234 struct termios termbuf;
237 struct tsession *ts = xzalloc(sizeof(struct tsession) + BUFSIZE * 2);
239 ts->buf1 = (char *)(&ts[1]);
240 ts->buf2 = ts->buf1 + BUFSIZE;
242 /* Got a new connection, set up a tty. */
243 fd = getpty(tty_name, 32);
245 bb_error_msg("all terminals in use");
248 if (fd > maxfd) maxfd = fd;
249 ndelay_on(ts->ptyfd = fd);
250 #if ENABLE_FEATURE_TELNETD_STANDALONE
251 if (sock_w > maxfd) maxfd = sock_w;
252 if (sock_r > maxfd) maxfd = sock_r;
253 ndelay_on(ts->sockfd_write = sock_w);
254 ndelay_on(ts->sockfd_read = sock_r);
256 ts->sockfd_write = 1;
257 /* xzalloc: ts->sockfd_read = 0; */
261 /* Make the telnet client understand we will echo characters so it
262 * should not do it locally. We don't tell the client to run linemode,
263 * because we want to handle line editing and tab completion and other
264 * stuff that requires char-by-char support. */
265 send_iac(ts, DO, TELOPT_ECHO);
266 send_iac(ts, DO, TELOPT_NAWS);
267 send_iac(ts, DO, TELOPT_LFLOW);
268 send_iac(ts, WILL, TELOPT_ECHO);
269 send_iac(ts, WILL, TELOPT_SGA);
275 bb_perror_msg("fork");
286 /* open the child's side of the tty. */
287 fd = xopen(tty_name, O_RDWR /*| O_NOCTTY*/);
291 while (fd > 2) close(fd--);
292 /* make new process group */
294 tcsetpgrp(0, getpid());
296 /* The pseudo-terminal allocated to the client is configured to operate in
297 * cooked mode, and with XTABS CRMOD enabled (see tty(4)). */
298 tcgetattr(0, &termbuf);
299 termbuf.c_lflag |= ECHO; /* if we use readline we dont want this */
300 termbuf.c_oflag |= ONLCR|XTABS;
301 termbuf.c_iflag |= ICRNL;
302 termbuf.c_iflag &= ~IXOFF;
303 /*termbuf.c_lflag &= ~ICANON;*/
304 tcsetattr(0, TCSANOW, &termbuf);
306 print_login_issue(issuefile, NULL);
308 /* exec shell, with correct argv and env */
309 execv(loginpath, (char *const *)argv_init);
310 bb_perror_msg_and_die("execv");
313 #if ENABLE_FEATURE_TELNETD_STANDALONE
316 free_session(struct tsession *ts)
318 struct tsession *t = sessions;
320 /* unlink this telnet session from the session list */
324 while (t->next != ts)
329 kill(ts->shell_pid, SIGKILL);
330 wait4(ts->shell_pid, NULL, 0, NULL);
332 close(ts->sockfd_read);
333 /* error if ts->sockfd_read == ts->sockfd_write. So what? ;) */
334 close(ts->sockfd_write);
337 /* scan all sessions and find new maxfd */
341 if (maxfd < ts->ptyfd)
343 if (maxfd < ts->sockfd_read)
344 maxfd = ts->sockfd_read;
345 if (maxfd < ts->sockfd_write)
346 maxfd = ts->sockfd_write;
351 #else /* !FEATURE_TELNETD_STANDALONE */
353 /* Never actually called */
354 void free_session(struct tsession *ts);
360 telnetd_main(int argc, char **argv)
362 fd_set rdfdset, wrfdset;
364 int selret, maxlen, w, r;
366 #if ENABLE_FEATURE_TELNETD_STANDALONE
367 #define IS_INETD (opt & OPT_INETD)
368 int master_fd = -1; /* be happy, gcc */
369 unsigned portnbr = 23;
370 char *opt_bindaddr = NULL;
380 OPT_PORT = 4 * ENABLE_FEATURE_TELNETD_STANDALONE,
381 OPT_FOREGROUND = 0x10 * ENABLE_FEATURE_TELNETD_STANDALONE,
382 OPT_INETD = 0x20 * ENABLE_FEATURE_TELNETD_STANDALONE,
385 opt = getopt32(argc, argv, "f:l:" USE_FEATURE_TELNETD_STANDALONE("p:b:Fi"),
386 &issuefile, &loginpath
387 USE_FEATURE_TELNETD_STANDALONE(, &opt_portnbr, &opt_bindaddr));
388 /* Redirect log to syslog early, if needed */
389 if (IS_INETD || !(opt & OPT_FOREGROUND)) {
390 openlog(applet_name, 0, LOG_USER);
391 logmode = LOGMODE_SYSLOG;
395 USE_FEATURE_TELNETD_STANDALONE(
396 if (opt & OPT_PORT) // -p
397 portnbr = xatou16(opt_portnbr);
399 //if (opt & 0x10) // -F
400 //if (opt & 0x20) // -i
403 /* Used to check access(loginpath, X_OK) here. Pointless.
404 * exec will do this for us for free later. */
405 argv_init[0] = loginpath;
407 #if ENABLE_FEATURE_TELNETD_STANDALONE
409 sessions = make_new_session(0, 1);
411 master_fd = create_and_bind_stream_or_die(opt_bindaddr, portnbr);
412 xlisten(master_fd, 1);
413 if (!(opt & OPT_FOREGROUND))
417 sessions = make_new_session();
420 /* We don't want to die if just one session is broken */
421 signal(SIGPIPE, SIG_IGN);
427 FD_SET(master_fd, &rdfdset);
428 /* This is needed because free_session() does not
429 * take into account master_fd when it finds new
430 * maxfd among remaining fd's: */
431 if (master_fd > maxfd)
435 /* select on the master socket, all telnet sockets and their
436 * ptys if there is room in their session buffers. */
439 /* buf1 is used from socket to pty
440 * buf2 is used from pty to socket */
441 if (ts->size1 > 0) /* can write to pty */
442 FD_SET(ts->ptyfd, &wrfdset);
443 if (ts->size1 < BUFSIZE) /* can read from socket */
444 FD_SET(ts->sockfd_read, &rdfdset);
445 if (ts->size2 > 0) /* can write to socket */
446 FD_SET(ts->sockfd_write, &wrfdset);
447 if (ts->size2 < BUFSIZE) /* can read from pty */
448 FD_SET(ts->ptyfd, &rdfdset);
452 selret = select(maxfd + 1, &rdfdset, &wrfdset, 0, 0);
456 #if ENABLE_FEATURE_TELNETD_STANDALONE
457 /* First check for and accept new sessions. */
458 if (!IS_INETD && FD_ISSET(master_fd, &rdfdset)) {
460 struct tsession *new_ts;
462 fd = accept(master_fd, NULL, 0);
465 /* Create a new session and link it into our active list */
466 new_ts = make_new_session(fd, fd);
468 new_ts->next = sessions;
476 /* Then check for data tunneling. */
478 while (ts) { /* For all sessions... */
479 struct tsession *next = ts->next; /* in case we free ts. */
481 if (ts->size1 && FD_ISSET(ts->ptyfd, &wrfdset)) {
484 /* Write to pty from buffer 1. */
485 ptr = remove_iacs(ts, &num_totty);
486 w = safe_write(ts->ptyfd, ptr, num_totty);
487 /* needed? if (w < 0 && errno == EAGAIN) continue; */
497 if (ts->wridx1 == BUFSIZE)
501 if (ts->size2 && FD_ISSET(ts->sockfd_write, &wrfdset)) {
502 /* Write to socket from buffer 2. */
503 maxlen = MIN(BUFSIZE - ts->wridx2, ts->size2);
504 w = safe_write(ts->sockfd_write, ts->buf2 + ts->wridx2, maxlen);
505 /* needed? if (w < 0 && errno == EAGAIN) continue; */
515 if (ts->wridx2 == BUFSIZE)
519 if (ts->size1 < BUFSIZE && FD_ISSET(ts->sockfd_read, &rdfdset)) {
520 /* Read from socket to buffer 1. */
521 maxlen = MIN(BUFSIZE - ts->rdidx1, BUFSIZE - ts->size1);
522 r = safe_read(ts->sockfd_read, ts->buf1 + ts->rdidx1, maxlen);
523 if (r < 0 && errno == EAGAIN) continue;
531 if (!ts->buf1[ts->rdidx1 + r - 1])
536 if (ts->rdidx1 == BUFSIZE)
540 if (ts->size2 < BUFSIZE && FD_ISSET(ts->ptyfd, &rdfdset)) {
541 /* Read from pty to buffer 2. */
542 maxlen = MIN(BUFSIZE - ts->rdidx2, BUFSIZE - ts->size2);
543 r = safe_read(ts->ptyfd, ts->buf2 + ts->rdidx2, maxlen);
544 if (r < 0 && errno == EAGAIN) continue;
554 if (ts->rdidx2 == BUFSIZE)
558 if (ts->size1 == 0) {
562 if (ts->size2 == 0) {