Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / 9ed821d7e5d875a3395740a9cc2545671fa429b7 / . / ap / app / busybox / src / networking / telnetd.c
blob: 9e7a84cce200c2bfa2cf62d1493bed60cf1d2732 [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -0700[diff] [blame^]1/* vi: set sw=4 ts=4: */
2/*
3 * Simple telnet server
4 * Bjorn Wesen, Axis Communications AB (bjornw@axis.com)
5 *
6 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
7 *
8 * ---------------------------------------------------------------------------
9 * (C) Copyright 2000, Axis Communications AB, LUND, SWEDEN
10 ****************************************************************************
11 *
12 * The telnetd manpage says it all:
13 *
14 * Telnetd operates by allocating a pseudo-terminal device (see pty(4)) for
15 * a client, then creating a login process which has the slave side of the
16 * pseudo-terminal as stdin, stdout, and stderr. Telnetd manipulates the
17 * master side of the pseudo-terminal, implementing the telnet protocol and
18 * passing characters between the remote client and the login process.
19 *
20 * Vladimir Oleynik <dzo@simtreas.ru> 2001
21 * Set process group corrections, initial busybox port
22 */
23
24//usage:#define telnetd_trivial_usage
25//usage: "[OPTIONS]"
26//usage:#define telnetd_full_usage "\n\n"
27//usage: "Handle incoming telnet connections"
28//usage: IF_NOT_FEATURE_TELNETD_STANDALONE(" via inetd") "\n"
29//usage: "\n -l LOGIN Exec LOGIN on connect"
30//usage: "\n -f ISSUE_FILE Display ISSUE_FILE instead of /etc/issue"
31//usage: "\n -K Close connection as soon as login exits"
32//usage: "\n (normally wait until all programs close slave pty)"
33//usage: IF_FEATURE_TELNETD_STANDALONE(
34//usage: "\n -p PORT Port to listen on"
35//usage: "\n -b ADDR[:PORT] Address to bind to"
36//usage: "\n -F Run in foreground"
37//usage: "\n -i Inetd mode"
38//usage: IF_FEATURE_TELNETD_INETD_WAIT(
39//usage: "\n -w SEC Inetd 'wait' mode, linger time SEC"
40//usage: "\n -S Log to syslog (implied by -i or without -F and -w)"
41//usage: )
42//usage: )
43
44#define DEBUG 0
45
46#include "libbb.h"
47#include <syslog.h>
48
49#if DEBUG
50# define TELCMDS
51# define TELOPTS
52#endif
53#include <arpa/telnet.h>
54
55
56struct tsession {
57 struct tsession *next;
58 pid_t shell_pid;
59 int sockfd_read;
60 int sockfd_write;
61 int ptyfd;
62
63 /* two circular buffers */
64 /*char *buf1, *buf2;*/
65/*#define TS_BUF1(ts) ts->buf1*/
66/*#define TS_BUF2(ts) TS_BUF2(ts)*/
67#define TS_BUF1(ts) ((unsigned char*)(ts + 1))
68#define TS_BUF2(ts) (((unsigned char*)(ts + 1)) + BUFSIZE)
69 int rdidx1, wridx1, size1;
70 int rdidx2, wridx2, size2;
71};
72
73/* Two buffers are directly after tsession in malloced memory.
74 * Make whole thing fit in 4k */
75enum { BUFSIZE = (4 * 1024 - sizeof(struct tsession)) / 2 };
76
77
78/* Globals */
79struct globals {
80 struct tsession *sessions;
81 const char *loginpath;
82 const char *issuefile;
83 int maxfd;
84} FIX_ALIASING;
85#define G (*(struct globals*)&bb_common_bufsiz1)
86#define INIT_G() do { \
87 G.loginpath = "/bin/login"; \
88 G.issuefile = "/etc/issue.net"; \
89} while (0)
90
91
92/*
93 Remove all IAC's from buf1 (received IACs are ignored and must be removed
94 so as to not be interpreted by the terminal). Make an uninterrupted
95 string of characters fit for the terminal. Do this by packing
96 all characters meant for the terminal sequentially towards the end of buf.
97
98 Return a pointer to the beginning of the characters meant for the terminal
99 and make *num_totty the number of characters that should be sent to
100 the terminal.
101
102 Note - if an IAC (3 byte quantity) starts before (bf + len) but extends
103 past (bf + len) then that IAC will be left unprocessed and *processed
104 will be less than len.
105
106 CR-LF ->'s CR mapping is also done here, for convenience.
107
108 NB: may fail to remove iacs which wrap around buffer!
109 */
110static unsigned char *
111remove_iacs(struct tsession *ts, int *pnum_totty)
112{
113 unsigned char *ptr0 = TS_BUF1(ts) + ts->wridx1;
114 unsigned char *ptr = ptr0;
115 unsigned char *totty = ptr;
116 unsigned char *end = ptr + MIN(BUFSIZE - ts->wridx1, ts->size1);
117 int num_totty;
118
119 while (ptr < end) {
120 if (*ptr != IAC) {
121 char c = *ptr;
122
123 *totty++ = c;
124 ptr++;
125 /* We map \r\n ==> \r for pragmatic reasons.
126 * Many client implementations send \r\n when
127 * the user hits the CarriageReturn key.
128 * See RFC 1123 3.3.1 Telnet End-of-Line Convention.
129 */
130 if (c == '\r' && ptr < end && (*ptr == '\n' || *ptr == '\0'))
131 ptr++;
132 continue;
133 }
134
135 if ((ptr+1) >= end)
136 break;
137 if (ptr[1] == NOP) { /* Ignore? (putty keepalive, etc.) */
138 ptr += 2;
139 continue;
140 }
141 if (ptr[1] == IAC) { /* Literal IAC? (emacs M-DEL) */
142 *totty++ = ptr[1];
143 ptr += 2;
144 continue;
145 }
146
147 /*
148 * TELOPT_NAWS support!
149 */
150 if ((ptr+2) >= end) {
151 /* Only the beginning of the IAC is in the
152 buffer we were asked to process, we can't
153 process this char */
154 break;
155 }
156 /*
157 * IAC -> SB -> TELOPT_NAWS -> 4-byte -> IAC -> SE
158 */
159 if (ptr[1] == SB && ptr[2] == TELOPT_NAWS) {
160 struct winsize ws;
161 if ((ptr+8) >= end)
162 break; /* incomplete, can't process */
163 ws.ws_col = (ptr[3] << 8) | ptr[4];
164 ws.ws_row = (ptr[5] << 8) | ptr[6];
165 ioctl(ts->ptyfd, TIOCSWINSZ, (char *)&ws);
166 ptr += 9;
167 continue;
168 }
169 /* skip 3-byte IAC non-SB cmd */
170#if DEBUG
171 fprintf(stderr, "Ignoring IAC %s,%s\n",
172 TELCMD(ptr[1]), TELOPT(ptr[2]));
173#endif
174 ptr += 3;
175 }
176
177 num_totty = totty - ptr0;
178 *pnum_totty = num_totty;
179 /* The difference between ptr and totty is number of iacs
180 we removed from the stream. Adjust buf1 accordingly */
181 if ((ptr - totty) == 0) /* 99.999% of cases */
182 return ptr0;
183 ts->wridx1 += ptr - totty;
184 ts->size1 -= ptr - totty;
185 /* Move chars meant for the terminal towards the end of the buffer */
186 return memmove(ptr - num_totty, ptr0, num_totty);
187}
188
189/*
190 * Converting single IAC into double on output
191 */
192static size_t iac_safe_write(int fd, const char *buf, size_t count)
193{
194 const char *IACptr;
195 size_t wr, rc, total;
196
197 total = 0;
198 while (1) {
199 if (count == 0)
200 return total;
201 if (*buf == (char)IAC) {
202 static const char IACIAC[] ALIGN1 = { IAC, IAC };
203 rc = safe_write(fd, IACIAC, 2);
204 if (rc != 2)
205 break;
206 buf++;
207 total++;
208 count--;
209 continue;
210 }
211 /* count != 0, *buf != IAC */
212 IACptr = memchr(buf, IAC, count);
213 wr = count;
214 if (IACptr)
215 wr = IACptr - buf;
216 rc = safe_write(fd, buf, wr);
217 if (rc != wr)
218 break;
219 buf += rc;
220 total += rc;
221 count -= rc;
222 }
223 /* here: rc - result of last short write */
224 if ((ssize_t)rc < 0) { /* error? */
225 if (total == 0)
226 return rc;
227 rc = 0;
228 }
229 return total + rc;
230}
231
232/* Must match getopt32 string */
233enum {
234 OPT_WATCHCHILD = (1 << 2), /* -K */
235 OPT_INETD = (1 << 3) * ENABLE_FEATURE_TELNETD_STANDALONE, /* -i */
236 OPT_PORT = (1 << 4) * ENABLE_FEATURE_TELNETD_STANDALONE, /* -p PORT */
237 OPT_FOREGROUND = (1 << 6) * ENABLE_FEATURE_TELNETD_STANDALONE, /* -F */
238 OPT_SYSLOG = (1 << 7) * ENABLE_FEATURE_TELNETD_INETD_WAIT, /* -S */
239 OPT_WAIT = (1 << 8) * ENABLE_FEATURE_TELNETD_INETD_WAIT, /* -w SEC */
240};
241
242static struct tsession *
243make_new_session(
244 IF_FEATURE_TELNETD_STANDALONE(int sock)
245 IF_NOT_FEATURE_TELNETD_STANDALONE(void)
246) {
247#if !ENABLE_FEATURE_TELNETD_STANDALONE
248 enum { sock = 0 };
249#endif
250 const char *login_argv[2];
251 struct termios termbuf;
252 int fd, pid;
253 char tty_name[GETPTY_BUFSIZE];
254 struct tsession *ts = xzalloc(sizeof(struct tsession) + BUFSIZE * 2);
255
256 /*ts->buf1 = (char *)(ts + 1);*/
257 /*ts->buf2 = ts->buf1 + BUFSIZE;*/
258
259 /* Got a new connection, set up a tty */
260 fd = xgetpty(tty_name);
261 if (fd > G.maxfd)
262 G.maxfd = fd;
263 ts->ptyfd = fd;
264 ndelay_on(fd);
265 close_on_exec_on(fd);
266
267 /* SO_KEEPALIVE by popular demand */
268 setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &const_int_1, sizeof(const_int_1));
269#if ENABLE_FEATURE_TELNETD_STANDALONE
270 ts->sockfd_read = sock;
271 ndelay_on(sock);
272 if (sock == 0) { /* We are called with fd 0 - we are in inetd mode */
273 sock++; /* so use fd 1 for output */
274 ndelay_on(sock);
275 }
276 ts->sockfd_write = sock;
277 if (sock > G.maxfd)
278 G.maxfd = sock;
279#else
280 /* ts->sockfd_read = 0; - done by xzalloc */
281 ts->sockfd_write = 1;
282 ndelay_on(0);
283 ndelay_on(1);
284#endif
285
286 /* Make the telnet client understand we will echo characters so it
287 * should not do it locally. We don't tell the client to run linemode,
288 * because we want to handle line editing and tab completion and other
289 * stuff that requires char-by-char support. */
290 {
291 static const char iacs_to_send[] ALIGN1 = {
292 IAC, DO, TELOPT_ECHO,
293 IAC, DO, TELOPT_NAWS,
294 /* This requires telnetd.ctrlSQ.patch (incomplete) */
295 /*IAC, DO, TELOPT_LFLOW,*/
296 IAC, WILL, TELOPT_ECHO,
297 IAC, WILL, TELOPT_SGA
298 };
299 /* This confuses iac_safe_write(), it will try to duplicate
300 * each IAC... */
301 //memcpy(TS_BUF2(ts), iacs_to_send, sizeof(iacs_to_send));
302 //ts->rdidx2 = sizeof(iacs_to_send);
303 //ts->size2 = sizeof(iacs_to_send);
304 /* So just stuff it into TCP stream! (no error check...) */
305#if ENABLE_FEATURE_TELNETD_STANDALONE
306 safe_write(sock, iacs_to_send, sizeof(iacs_to_send));
307#else
308 safe_write(1, iacs_to_send, sizeof(iacs_to_send));
309#endif
310 /*ts->rdidx2 = 0; - xzalloc did it */
311 /*ts->size2 = 0;*/
312 }
313
314 fflush_all();
315 pid = vfork(); /* NOMMU-friendly */
316 if (pid < 0) {
317 free(ts);
318 close(fd);
319 /* sock will be closed by caller */
320 bb_perror_msg("vfork");
321 return NULL;
322 }
323 if (pid > 0) {
324 /* Parent */
325 ts->shell_pid = pid;
326 return ts;
327 }
328
329 /* Child */
330 /* Careful - we are after vfork! */
331
332 /* Restore default signal handling ASAP */
333 bb_signals((1 << SIGCHLD) + (1 << SIGPIPE), SIG_DFL);
334
335 pid = getpid();
336
337 if (ENABLE_FEATURE_UTMP) {
338 len_and_sockaddr *lsa = get_peer_lsa(sock);
339 char *hostname = NULL;
340 if (lsa) {
341 hostname = xmalloc_sockaddr2dotted(&lsa->u.sa);
342 free(lsa);
343 }
344 write_new_utmp(pid, LOGIN_PROCESS, tty_name, /*username:*/ "LOGIN", hostname);
345 free(hostname);
346 }
347
348 /* Make new session and process group */
349 setsid();
350
351 /* Open the child's side of the tty */
352 /* NB: setsid() disconnects from any previous ctty's. Therefore
353 * we must open child's side of the tty AFTER setsid! */
354 close(0);
355 xopen(tty_name, O_RDWR); /* becomes our ctty */
356 xdup2(0, 1);
357 xdup2(0, 2);
358 tcsetpgrp(0, pid); /* switch this tty's process group to us */
359
360 /* The pseudo-terminal allocated to the client is configured to operate
361 * in cooked mode, and with XTABS CRMOD enabled (see tty(4)) */
362 tcgetattr(0, &termbuf);
363 termbuf.c_lflag |= ECHO; /* if we use readline we dont want this */
364 termbuf.c_oflag |= ONLCR | XTABS;
365 termbuf.c_iflag |= ICRNL;
366 termbuf.c_iflag &= ~IXOFF;
367 /*termbuf.c_lflag &= ~ICANON;*/
368 tcsetattr_stdin_TCSANOW(&termbuf);
369
370 /* Uses FILE-based I/O to stdout, but does fflush_all(),
371 * so should be safe with vfork.
372 * I fear, though, that some users will have ridiculously big
373 * issue files, and they may block writing to fd 1,
374 * (parent is supposed to read it, but parent waits
375 * for vforked child to exec!) */
376 print_login_issue(G.issuefile, tty_name);
377
378 /* Exec shell / login / whatever */
379 login_argv[0] = G.loginpath;
380 login_argv[1] = NULL;
381 /* exec busybox applet (if PREFER_APPLETS=y), if that fails,
382 * exec external program.
383 * NB: sock is either 0 or has CLOEXEC set on it.
384 * fd has CLOEXEC set on it too. These two fds will be closed here.
385 */
386 BB_EXECVP(G.loginpath, (char **)login_argv);
387 /* _exit is safer with vfork, and we shouldn't send message
388 * to remote clients anyway */
389 _exit(EXIT_FAILURE); /*bb_perror_msg_and_die("execv %s", G.loginpath);*/
390}
391
392#if ENABLE_FEATURE_TELNETD_STANDALONE
393
394static void
395free_session(struct tsession *ts)
396{
397 struct tsession *t;
398
399 if (option_mask32 & OPT_INETD)
400 exit(EXIT_SUCCESS);
401
402 /* Unlink this telnet session from the session list */
403 t = G.sessions;
404 if (t == ts)
405 G.sessions = ts->next;
406 else {
407 while (t->next != ts)
408 t = t->next;
409 t->next = ts->next;
410 }
411
412#if 0
413 /* It was said that "normal" telnetd just closes ptyfd,
414 * doesn't send SIGKILL. When we close ptyfd,
415 * kernel sends SIGHUP to processes having slave side opened. */
416 kill(ts->shell_pid, SIGKILL);
417 waitpid(ts->shell_pid, NULL, 0);
418#endif
419 close(ts->ptyfd);
420 close(ts->sockfd_read);
421 /* We do not need to close(ts->sockfd_write), it's the same
422 * as sockfd_read unless we are in inetd mode. But in inetd mode
423 * we do not reach this */
424 free(ts);
425
426 /* Scan all sessions and find new maxfd */
427 G.maxfd = 0;
428 ts = G.sessions;
429 while (ts) {
430 if (G.maxfd < ts->ptyfd)
431 G.maxfd = ts->ptyfd;
432 if (G.maxfd < ts->sockfd_read)
433 G.maxfd = ts->sockfd_read;
434#if 0
435 /* Again, sockfd_write == sockfd_read here */
436 if (G.maxfd < ts->sockfd_write)
437 G.maxfd = ts->sockfd_write;
438#endif
439 ts = ts->next;
440 }
441}
442
443#else /* !FEATURE_TELNETD_STANDALONE */
444
445/* Used in main() only, thus "return 0" actually is exit(EXIT_SUCCESS). */
446#define free_session(ts) return 0
447
448#endif
449
450static void handle_sigchld(int sig UNUSED_PARAM)
451{
452 pid_t pid;
453 struct tsession *ts;
454 int save_errno = errno;
455
456 /* Looping: more than one child may have exited */
457 while (1) {
458 pid = wait_any_nohang(NULL);
459 if (pid <= 0)
460 break;
461 ts = G.sessions;
462 while (ts) {
463 if (ts->shell_pid == pid) {
464 ts->shell_pid = -1;
465// man utmp:
466// When init(8) finds that a process has exited, it locates its utmp entry
467// by ut_pid, sets ut_type to DEAD_PROCESS, and clears ut_user, ut_host
468// and ut_time with null bytes.
469// [same applies to other processes which maintain utmp entries, like telnetd]
470//
471// We do not bother actually clearing fields:
472// it might be interesting to know who was logged in and from where
473 update_utmp(pid, DEAD_PROCESS, /*tty_name:*/ NULL, /*username:*/ NULL, /*hostname:*/ NULL);
474 break;
475 }
476 ts = ts->next;
477 }
478 }
479
480 errno = save_errno;
481}
482
483int telnetd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
484int telnetd_main(int argc UNUSED_PARAM, char **argv)
485{
486 fd_set rdfdset, wrfdset;
487 unsigned opt;
488 int count;
489 struct tsession *ts;
490#if ENABLE_FEATURE_TELNETD_STANDALONE
491#define IS_INETD (opt & OPT_INETD)
492 int master_fd = master_fd; /* for compiler */
493 int sec_linger = sec_linger;
494 char *opt_bindaddr = NULL;
495 char *opt_portnbr;
496#else
497 enum {
498 IS_INETD = 1,
499 master_fd = -1,
500 };
501#endif
502 INIT_G();
503
504 /* -w NUM, and implies -F. -w and -i don't mix */
505 IF_FEATURE_TELNETD_INETD_WAIT(opt_complementary = "wF:w+:i--w:w--i";)
506 /* Even if !STANDALONE, we accept (and ignore) -i, thus people
507 * don't need to guess whether it's ok to pass -i to us */
508 opt = getopt32(argv, "f:l:Ki"
509 IF_FEATURE_TELNETD_STANDALONE("p:b:F")
510 IF_FEATURE_TELNETD_INETD_WAIT("Sw:"),
511 &G.issuefile, &G.loginpath
512 IF_FEATURE_TELNETD_STANDALONE(, &opt_portnbr, &opt_bindaddr)
513 IF_FEATURE_TELNETD_INETD_WAIT(, &sec_linger)
514 );
515 if (!IS_INETD /*&& !re_execed*/) {
516 /* inform that we start in standalone mode?
517 * May be useful when people forget to give -i */
518 /*bb_error_msg("listening for connections");*/
519 if (!(opt & OPT_FOREGROUND)) {
520 /* DAEMON_CHDIR_ROOT was giving inconsistent
521 * behavior with/without -F, -i */
522 bb_daemonize_or_rexec(0 /*was DAEMON_CHDIR_ROOT*/, argv);
523 }
524 }
525 /* Redirect log to syslog early, if needed */
526 if (IS_INETD || (opt & OPT_SYSLOG) || !(opt & OPT_FOREGROUND)) {
527 openlog(applet_name, LOG_PID, LOG_DAEMON);
528 logmode = LOGMODE_SYSLOG;
529 }
530#if ENABLE_FEATURE_TELNETD_STANDALONE
531 if (IS_INETD) {
532 G.sessions = make_new_session(0);
533 if (!G.sessions) /* pty opening or vfork problem, exit */
534 return 1; /* make_new_session printed error message */
535 } else {
536 master_fd = 0;
537 if (!(opt & OPT_WAIT)) {
538 unsigned portnbr = 23;
539 if (opt & OPT_PORT)
540 portnbr = xatou16(opt_portnbr);
541 master_fd = create_and_bind_stream_or_die(opt_bindaddr, portnbr);
542 xlisten(master_fd, 1);
543 }
544 close_on_exec_on(master_fd);
545 }
546#else
547 G.sessions = make_new_session();
548 if (!G.sessions) /* pty opening or vfork problem, exit */
549 return 1; /* make_new_session printed error message */
550#endif
551
552 /* We don't want to die if just one session is broken */
553 signal(SIGPIPE, SIG_IGN);
554
555 if (opt & OPT_WATCHCHILD)
556 signal(SIGCHLD, handle_sigchld);
557 else /* prevent dead children from becoming zombies */
558 signal(SIGCHLD, SIG_IGN);
559
560/*
561 This is how the buffers are used. The arrows indicate data flow.
562
563 +-------+ wridx1++ +------+ rdidx1++ +----------+
564 | | <-------------- | buf1 | <-------------- | |
565 | | size1-- +------+ size1++ | |
566 | pty | | socket |
567 | | rdidx2++ +------+ wridx2++ | |
568 | | --------------> | buf2 | --------------> | |
569 +-------+ size2++ +------+ size2-- +----------+
570
571 size1: "how many bytes are buffered for pty between rdidx1 and wridx1?"
572 size2: "how many bytes are buffered for socket between rdidx2 and wridx2?"
573
574 Each session has got two buffers. Buffers are circular. If sizeN == 0,
575 buffer is empty. If sizeN == BUFSIZE, buffer is full. In both these cases
576 rdidxN == wridxN.
577*/
578 again:
579 FD_ZERO(&rdfdset);
580 FD_ZERO(&wrfdset);
581
582 /* Select on the master socket, all telnet sockets and their
583 * ptys if there is room in their session buffers.
584 * NB: scalability problem: we recalculate entire bitmap
585 * before each select. Can be a problem with 500+ connections. */
586 ts = G.sessions;
587 while (ts) {
588 struct tsession *next = ts->next; /* in case we free ts */
589 if (ts->shell_pid == -1) {
590 /* Child died and we detected that */
591 free_session(ts);
592 } else {
593 if (ts->size1 > 0) /* can write to pty */
594 FD_SET(ts->ptyfd, &wrfdset);
595 if (ts->size1 < BUFSIZE) /* can read from socket */
596 FD_SET(ts->sockfd_read, &rdfdset);
597 if (ts->size2 > 0) /* can write to socket */
598 FD_SET(ts->sockfd_write, &wrfdset);
599 if (ts->size2 < BUFSIZE) /* can read from pty */
600 FD_SET(ts->ptyfd, &rdfdset);
601 }
602 ts = next;
603 }
604 if (!IS_INETD) {
605 FD_SET(master_fd, &rdfdset);
606 /* This is needed because free_session() does not
607 * take master_fd into account when it finds new
608 * maxfd among remaining fd's */
609 if (master_fd > G.maxfd)
610 G.maxfd = master_fd;
611 }
612
613 {
614 struct timeval *tv_ptr = NULL;
615#if ENABLE_FEATURE_TELNETD_INETD_WAIT
616 struct timeval tv;
617 if ((opt & OPT_WAIT) && !G.sessions) {
618 tv.tv_sec = sec_linger;
619 tv.tv_usec = 0;
620 tv_ptr = &tv;
621 }
622#endif
623 count = select(G.maxfd + 1, &rdfdset, &wrfdset, NULL, tv_ptr);
624 }
625 if (count == 0) /* "telnetd -w SEC" timed out */
626 return 0;
627 if (count < 0)
628 goto again; /* EINTR or ENOMEM */
629
630#if ENABLE_FEATURE_TELNETD_STANDALONE
631 /* Check for and accept new sessions */
632 if (!IS_INETD && FD_ISSET(master_fd, &rdfdset)) {
633 int fd;
634 struct tsession *new_ts;
635
636 fd = accept(master_fd, NULL, NULL);
637 if (fd < 0)
638 goto again;
639 close_on_exec_on(fd);
640
641 /* Create a new session and link it into active list */
642 new_ts = make_new_session(fd);
643 if (new_ts) {
644 new_ts->next = G.sessions;
645 G.sessions = new_ts;
646 } else {
647 close(fd);
648 }
649 }
650#endif
651
652 /* Then check for data tunneling */
653 ts = G.sessions;
654 while (ts) { /* For all sessions... */
655 struct tsession *next = ts->next; /* in case we free ts */
656
657 if (/*ts->size1 &&*/ FD_ISSET(ts->ptyfd, &wrfdset)) {
658 int num_totty;
659 unsigned char *ptr;
660 /* Write to pty from buffer 1 */
661 ptr = remove_iacs(ts, &num_totty);
662 count = safe_write(ts->ptyfd, ptr, num_totty);
663 if (count < 0) {
664 if (errno == EAGAIN)
665 goto skip1;
666 goto kill_session;
667 }
668 ts->size1 -= count;
669 ts->wridx1 += count;
670 if (ts->wridx1 >= BUFSIZE) /* actually == BUFSIZE */
671 ts->wridx1 = 0;
672 }
673 skip1:
674 if (/*ts->size2 &&*/ FD_ISSET(ts->sockfd_write, &wrfdset)) {
675 /* Write to socket from buffer 2 */
676 count = MIN(BUFSIZE - ts->wridx2, ts->size2);
677 count = iac_safe_write(ts->sockfd_write, (void*)(TS_BUF2(ts) + ts->wridx2), count);
678 if (count < 0) {
679 if (errno == EAGAIN)
680 goto skip2;
681 goto kill_session;
682 }
683 ts->size2 -= count;
684 ts->wridx2 += count;
685 if (ts->wridx2 >= BUFSIZE) /* actually == BUFSIZE */
686 ts->wridx2 = 0;
687 }
688 skip2:
689 /* Should not be needed, but... remove_iacs is actually buggy
690 * (it cannot process iacs which wrap around buffer's end)!
691 * Since properly fixing it requires writing bigger code,
692 * we rely instead on this code making it virtually impossible
693 * to have wrapped iac (people don't type at 2k/second).
694 * It also allows for bigger reads in common case. */
695 if (ts->size1 == 0) {
696 ts->rdidx1 = 0;
697 ts->wridx1 = 0;
698 }
699 if (ts->size2 == 0) {
700 ts->rdidx2 = 0;
701 ts->wridx2 = 0;
702 }
703
704 if (/*ts->size1 < BUFSIZE &&*/ FD_ISSET(ts->sockfd_read, &rdfdset)) {
705 /* Read from socket to buffer 1 */
706 count = MIN(BUFSIZE - ts->rdidx1, BUFSIZE - ts->size1);
707 count = safe_read(ts->sockfd_read, TS_BUF1(ts) + ts->rdidx1, count);
708 if (count <= 0) {
709 if (count < 0 && errno == EAGAIN)
710 goto skip3;
711 goto kill_session;
712 }
713 /* Ignore trailing NUL if it is there */
714 if (!TS_BUF1(ts)[ts->rdidx1 + count - 1]) {
715 --count;
716 }
717 ts->size1 += count;
718 ts->rdidx1 += count;
719 if (ts->rdidx1 >= BUFSIZE) /* actually == BUFSIZE */
720 ts->rdidx1 = 0;
721 }
722 skip3:
723 if (/*ts->size2 < BUFSIZE &&*/ FD_ISSET(ts->ptyfd, &rdfdset)) {
724 /* Read from pty to buffer 2 */
725 count = MIN(BUFSIZE - ts->rdidx2, BUFSIZE - ts->size2);
726 count = safe_read(ts->ptyfd, TS_BUF2(ts) + ts->rdidx2, count);
727 if (count <= 0) {
728 if (count < 0 && errno == EAGAIN)
729 goto skip4;
730 goto kill_session;
731 }
732 ts->size2 += count;
733 ts->rdidx2 += count;
734 if (ts->rdidx2 >= BUFSIZE) /* actually == BUFSIZE */
735 ts->rdidx2 = 0;
736 }
737 skip4:
738 ts = next;
739 continue;
740 kill_session:
741 if (ts->shell_pid > 0)
742 update_utmp(ts->shell_pid, DEAD_PROCESS, /*tty_name:*/ NULL, /*username:*/ NULL, /*hostname:*/ NULL);
743 free_session(ts);
744 ts = next;
745 }
746
747 goto again;
748}