ExternalVendorCode/conserver
1
0
Fork 0
mirror of https://github.com/bstansell/conserver.git synced 2025-01-18 02:29:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Imported from conserver-7.2.4.tar.gz

Browse Source
This commit is contained in:
Bryan Stansell 2002-10-14 14:03:35 -07:00
parent a55f7d1974
commit 48556ace3a
32 changed files with 1604 additions and 382 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CHANGES
View File

@ -1,6 +1,24 @@
CHANGES
=======
version 7.2.4 (Oct 14, 2002):
- added --with-openssl for some client/server encryption
- added -E option to client and server to allow for non-encrypted
connections (encryption is the default if compiled in)
- added -c option so credentials (certificate and key) can be
exchanged between client and server
- expanded -V output to show what optional bits actually got
compiled into the code (libwrap, regex, etc)
- compilation errors on non-shadow file systems without using
--with-pam - reported by Jesper Frank Nemholt <jfn@dassic.com>
- client now prefers $LOGNAME, then $USER, then the current uid
for its -l default - suggested by Dave Stuit <djs@tellme.com>
- putting back socklen_t usage - it's the right thing to do,
so tell me where it breaks things
- configure options --with-cffile and --with-pwdfile now
recognize fully-qualified pathnames - suggested by Kjell
Andresen <kjell.andresen@usit.uio.no>
version 7.2.3 (Sep 23, 2002):
- checking for duplicate console names got lost in the major
7.2.0 rewrite of that code. it's back now, with a couple of
@ -345,5 +363,5 @@ before version 6.05:
and enhancements of various types were applied.
#
# $Id: CHANGES,v 1.68 2002-09-23 14:20:20-07 bryan Exp $
# $Id: CHANGES,v 1.74 2002-10-14 12:18:54-07 bryan Exp $
#

19
INSTALL
View File

@ -10,6 +10,14 @@ Upgrading?
new features added to the client if you're considering *not*
upgrading.
Version 7.2.4
- If SSL support is compiled into the code, older versions of
the client and server are, by default, incompatible because
encrypted connections are a requirement. Use of the -E flag in
the client and/or server can work around this (but I discourage
this - please upgrade the clients and servers instead).
Version 7.2.0
- The code related to broadcast messages in the client (-b) has
@ -61,15 +69,18 @@ Detailed Instructions
--with-port=PORT Specify port number [conserver]
--with-base=PORT Base port for secondary channel [0]
--with-master=MASTER Specify master server hostname [console]
--with-cffile=CFFILE Specify config filename [conserver.cf]
--with-pwdfile=PWDFILE Specify password filename [conserver.passwd]
--with-cffile=CFFILE Specify config filename
[SYSCONFDIR/conserver.cf]
--with-pwdfile=PWDFILE Specify password filename
[SYSCONFDIR/conserver.passwd]
--with-logfile=LOGFILE Specify log filename [/var/log/conserver]
--with-pidfile=PIDFILE Specify PID filepath [/var/run/conserver.pid]
--with-maxmemb=MAXMEMB Specify maximum consoles per process [16]
--with-timeout=TIMEOUT Specify connect() timeout in seconds [10]
--with-libwrap[=PATH] Compile in libwrap (tcp_wrappers) support
--with-openssl[=PATH] Compile in openssl support
--with-regex Use regular expressions in conserver.passwd
--with-pam enable PAM support
--with-pam Enable PAM support
Not surprisingly, some match the old conserver/cons.h items...here
they are for reference:
@ -162,5 +173,5 @@ Other Information And Gotchas
#
# $Id: INSTALL,v 1.23 2002-09-23 14:05:31-07 bryan Exp $
# $Id: INSTALL,v 1.25 2002-10-12 20:23:58-07 bryan Exp $
#

13
TODO
View File

@ -10,6 +10,12 @@ Bryan Stansell
---------------------------------------------------------------------------
- OpenSSL sockets have been make blocking instead of keeping the
underlying socket non-blocking. Why? It requires much more work to
deal with non-blocking sockets and OpenSSL. Not impossible, just have
to rewrite a lot of the code to handle the extra special cases. Perhaps
by ignoring renegotiations this can be ignored, but I'm not sure.
- checks for EPIPE during write() should really be done, but, for the
most part, consoles and clients will come around and we'll see
problems on the read().
@ -23,8 +29,7 @@ Bryan Stansell
- Others?
- better shadow file support
- PAM support
- what does this mean? i've forgotten.
- syslog?
Daniel E. Singer <des@cs.duke.edu> would like to see it - especially
@ -71,8 +76,6 @@ Bryan Stansell
- 9600baud log replay?
- SSH/SSL/Encryption of some type between client/server
- server -M flag should accept multiple addresses (comma separated)
- should client as well?
@ -114,5 +117,5 @@ Bryan Stansell
#
# $Id: TODO,v 1.24 2002-06-05 12:00:35-07 bryan Exp $
# $Id: TODO,v 1.26 2002-10-09 15:55:24-07 bryan Exp $
#

34
compat.h
View File

@ -1,5 +1,39 @@
#include <config.h>
/* If, when processing a logfile for replaying the last N lines,
* we end up seeing more than MAXREPLAYLINELEN characters in a line,
* abort processing and display the data. Why? There could be some
* very large logfiles and very long lines and we'd chew up lots of
* memory and send a LOT of data down to the client - all potentially
* bad. If there's a line over this in size, would you really want to
* see the whole thing (and possibly others)?
*/
#if !defined(MAXREPLAYLINELEN)
# define MAXREPLAYLINELEN 10000
#endif
/* the default escape sequence used to give meta commands
*/
#if !defined(DEFATTN)
# define DEFATTN '\005'
#endif
#if !defined(DEFESC)
# define DEFESC 'c'
#endif
/* For legacy compile-time setting of the port...
*/
#if ! defined(DEFPORT)
# if defined(SERVICENAME)
# define DEFPORT SERVICENAME
# else
# if defined(PORTNUMBER)
# define DEFPORT PORTNUMBER
# else
# define DEFPORT "conserver"
# endif
# endif
#endif
#if STDC_HEADERS
# include <string.h>

5
config.h.in
View File

@ -84,7 +84,10 @@
/* Define to 1 if you have the `memset' function. */
#undef HAVE_MEMSET
/* have PAM */
/* have openssl support */
#undef HAVE_OPENSSL
/* have PAM support */
#undef HAVE_PAM
/* have POSIX regcomp */

223
configure vendored
View File

@ -840,16 +840,20 @@ Optional Packages:
--with-port=PORT Specify port number [conserver]
--with-base=PORT Base port for secondary channel [0]
--with-master=MASTER Specify master server hostname [console]
--with-cffile=CFFILE Specify config filename [conserver.cf]
--with-pwdfile=PWDFILE Specify password filename [conserver.passwd]
--with-cffile=CFFILE Specify config filename
[SYSCONFDIR/conserver.cf]
--with-pwdfile=PWDFILE Specify password filename
[SYSCONFDIR/conserver.passwd]
--with-logfile=LOGFILE Specify log filename [/var/log/conserver]
--with-pidfile=PIDFILE Specify PID filepath [/var/run/conserver.pid]
--with-maxmemb=MAXMEMB Specify maximum consoles per process [16]
--with-timeout=TIMEOUT Specify connect() timeout in seconds [10]
--with-libwrap[=PATH]
Compile in libwrap (tcp_wrappers) support
--with-openssl[=PATH]
Compile in OpenSSL support
--with-regex Use regular expressions in conserver.passwd
--with-pam enable PAM support
--with-pam Enable PAM support
Some influential environment variables:
CC C compiler command
@ -1363,15 +1367,24 @@ echo $ECHO_N "checking for configuration filename... $ECHO_C" >&6
if test "${with_cffile+set}" = set; then
withval="$with_cffile"
if test "$withval" != yes; then
cat >>confdefs.h <<_ACEOF
if expr "x$withval" : "x/" > /dev/null 2>&1; then
cat >>confdefs.h <<_ACEOF
#define CONFIGFILE "$withval"
_ACEOF
echo "$as_me:$LINENO: result: '$sysconfdir/$withval'" >&5
echo "$as_me:$LINENO: result: '$withval'" >&5
echo "${ECHO_T}'$withval'" >&6
else
cat >>confdefs.h <<_ACEOF
#define CONFIGFILE SYSCONFDIR "/$withval"
_ACEOF
echo "$as_me:$LINENO: result: '$sysconfdir/$withval'" >&5
echo "${ECHO_T}'$sysconfdir/$withval'" >&6
fi
else
cat >>confdefs.h <<_ACEOF
#define CONFIGFILE "conserver.cf"
#define CONFIGFILE SYSCONFDIR "/conserver.cf"
_ACEOF
echo "$as_me:$LINENO: result: '$sysconfdir/conserver.cf'" >&5
@ -1379,7 +1392,7 @@ echo "${ECHO_T}'$sysconfdir/conserver.cf'" >&6
fi
else
cat >>confdefs.h <<_ACEOF
#define CONFIGFILE "conserver.cf"
#define CONFIGFILE SYSCONFDIR "/conserver.cf"
_ACEOF
echo "$as_me:$LINENO: result: '$sysconfdir/conserver.cf'" >&5
@ -1393,15 +1406,24 @@ echo $ECHO_N "checking for password filename... $ECHO_C" >&6
if test "${with_pwdfile+set}" = set; then
withval="$with_pwdfile"
if test "$withval" != yes; then
cat >>confdefs.h <<_ACEOF
if expr "x$withval" : "x/" > /dev/null 2>&1; then
cat >>confdefs.h <<_ACEOF
#define PASSWDFILE "$withval"
_ACEOF
echo "$as_me:$LINENO: result: '$sysconfdir/$withval'" >&5
echo "$as_me:$LINENO: result: '$withval'" >&5
echo "${ECHO_T}'$withval'" >&6
else
cat >>confdefs.h <<_ACEOF
#define PASSWDFILE SYSCONFDIR "/$withval"
_ACEOF
echo "$as_me:$LINENO: result: '$sysconfdir/$withval'" >&5
echo "${ECHO_T}'$sysconfdir/$withval'" >&6
fi
else
cat >>confdefs.h <<_ACEOF
#define PASSWDFILE "conserver.passwd"
#define PASSWDFILE SYSCONFDIR "/conserver.passwd"
_ACEOF
echo "$as_me:$LINENO: result: '$sysconfdir/conserver.passwd'" >&5
@ -1409,7 +1431,7 @@ echo "${ECHO_T}'$sysconfdir/conserver.passwd'" >&6
fi
else
cat >>confdefs.h <<_ACEOF
#define PASSWDFILE "conserver.passwd"
#define PASSWDFILE SYSCONFDIR "/conserver.passwd"
_ACEOF
echo "$as_me:$LINENO: result: '$sysconfdir/conserver.passwd'" >&5
@ -4476,6 +4498,7 @@ _ACEOF
fi
echo "$as_me:$LINENO: checking for library containing socket" >&5
echo $ECHO_N "checking for library containing socket... $ECHO_C" >&6
if test "${ac_cv_search_socket+set}" = set; then
@ -4948,6 +4971,184 @@ fi
fi;
# Check whether --with-openssl or --without-openssl was given.
if test "${with_openssl+set}" = set; then
withval="$with_openssl"
if test "$withval" != "no"; then
if test "$withval" != "yes"; then
OPENSSLCPPFLAGS="-I$withval/include"
OPENSSLLDFLAGS="-L$withval/lib"
else
OPENSSLCPPFLAGS=""
OPENSSLLDFLAGS=""
fi
oCPPFLAGS="$CPPFLAGS"
oLDFLAGS="$LDFLAGS"
oLIBS="$LIBS"
have_openssl=no
CPPFLAGS="$CPPFLAGS $OPENSSLCPPFLAGS"
LDFLAGS="$LDFLAGS $OPENSSLLDFLAGS"
if test "${ac_cv_header_openssl_ssl_h+set}" = set; then
echo "$as_me:$LINENO: checking for openssl/ssl.h" >&5
echo $ECHO_N "checking for openssl/ssl.h... $ECHO_C" >&6
if test "${ac_cv_header_openssl_ssl_h+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
fi
echo "$as_me:$LINENO: result: $ac_cv_header_openssl_ssl_h" >&5
echo "${ECHO_T}$ac_cv_header_openssl_ssl_h" >&6
else
# Is the header compilable?
echo "$as_me:$LINENO: checking openssl/ssl.h usability" >&5
echo $ECHO_N "checking openssl/ssl.h usability... $ECHO_C" >&6
cat >conftest.$ac_ext <<_ACEOF
#line $LINENO "configure"
#include "confdefs.h"
$ac_includes_default
#include <openssl/ssl.h>
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_header_compiler=yes
else
echo "$as_me: failed program was:" >&5
cat conftest.$ac_ext >&5
ac_header_compiler=no
fi
rm -f conftest.$ac_objext conftest.$ac_ext
echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
echo "${ECHO_T}$ac_header_compiler" >&6
# Is the header present?
echo "$as_me:$LINENO: checking openssl/ssl.h presence" >&5
echo $ECHO_N "checking openssl/ssl.h presence... $ECHO_C" >&6
cat >conftest.$ac_ext <<_ACEOF
#line $LINENO "configure"
#include "confdefs.h"
#include <openssl/ssl.h>
_ACEOF
if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
(eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } >/dev/null; then
if test -s conftest.err; then
ac_cpp_err=$ac_c_preproc_warn_flag
else
ac_cpp_err=
fi
else
ac_cpp_err=yes
fi
if test -z "$ac_cpp_err"; then
ac_header_preproc=yes
else
echo "$as_me: failed program was:" >&5
cat conftest.$ac_ext >&5
ac_header_preproc=no
fi
rm -f conftest.err conftest.$ac_ext
echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
echo "${ECHO_T}$ac_header_preproc" >&6
# So? What about this header?
case $ac_header_compiler:$ac_header_preproc in
yes:no )
{ echo "$as_me:$LINENO: WARNING: openssl/ssl.h: accepted by the compiler, rejected by the preprocessor!" >&5
echo "$as_me: WARNING: openssl/ssl.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
{ echo "$as_me:$LINENO: WARNING: openssl/ssl.h: proceeding with the preprocessor's result" >&5
echo "$as_me: WARNING: openssl/ssl.h: proceeding with the preprocessor's result" >&2;};;
no:yes )
{ echo "$as_me:$LINENO: WARNING: openssl/ssl.h: present but cannot be compiled" >&5
echo "$as_me: WARNING: openssl/ssl.h: present but cannot be compiled" >&2;}
{ echo "$as_me:$LINENO: WARNING: openssl/ssl.h: check for missing prerequisite headers?" >&5
echo "$as_me: WARNING: openssl/ssl.h: check for missing prerequisite headers?" >&2;}
{ echo "$as_me:$LINENO: WARNING: openssl/ssl.h: proceeding with the preprocessor's result" >&5
echo "$as_me: WARNING: openssl/ssl.h: proceeding with the preprocessor's result" >&2;};;
esac
echo "$as_me:$LINENO: checking for openssl/ssl.h" >&5
echo $ECHO_N "checking for openssl/ssl.h... $ECHO_C" >&6
if test "${ac_cv_header_openssl_ssl_h+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_cv_header_openssl_ssl_h=$ac_header_preproc
fi
echo "$as_me:$LINENO: result: $ac_cv_header_openssl_ssl_h" >&5
echo "${ECHO_T}$ac_cv_header_openssl_ssl_h" >&6
fi
if test $ac_cv_header_openssl_ssl_h = yes; then
LIBS="$LIBS -lssl -lcrypto"
echo "$as_me:$LINENO: checking for openssl libraries -lssl and -lcrypto" >&5
echo $ECHO_N "checking for openssl libraries -lssl and -lcrypto... $ECHO_C" >&6
cat >conftest.$ac_ext <<_ACEOF
#line $LINENO "configure"
#include "confdefs.h"
#include <openssl/ssl.h>
int
main ()
{
SSL_library_init()
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6
cat >>confdefs.h <<\_ACEOF
#define HAVE_OPENSSL 1
_ACEOF
have_openssl=yes
else
echo "$as_me: failed program was:" >&5
cat conftest.$ac_ext >&5
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
fi
if test $have_openssl = no; then
LIBS="$oLIBS"
CPPFLAGS="$oCPPFLAGS"
LDFLAGS="$oLDFLAGS"
fi
fi
fi;
echo "$as_me:$LINENO: checking for POSIX regex" >&5
echo $ECHO_N "checking for POSIX regex... $ECHO_C" >&6

76
configure.in
View File

@ -1,4 +1,4 @@
dnl ### autoheader templates. #######################################
dnl ### autoheader templates ########################################
AH_TEMPLATE([CONFIGINVOCATION], [./configure invocation])
AH_TEMPLATE([DEFPORT], [Socket used to communicate])
AH_TEMPLATE([DEFBASEPORT], [Base socket used for secondary channel])
@ -12,7 +12,8 @@ AH_TEMPLATE([PIDFILE], [pidfile to write to])
AH_TEMPLATE([USE_LIBWRAP], [use tcp_wrappers libwrap])
AH_TEMPLATE([USE_ANSI_PROTO], [use ansi prototypes/decls])
AH_TEMPLATE([HAVE_POSIX_REGCOMP], [have POSIX regcomp])
AH_TEMPLATE([HAVE_PAM], [have PAM])
AH_TEMPLATE([HAVE_PAM], [have PAM support])
AH_TEMPLATE([HAVE_OPENSSL], [have openssl support])
dnl ### Normal initialization. ######################################
AC_INIT
@ -80,28 +81,38 @@ AC_ARG_WITH(master,
AC_MSG_CHECKING(for configuration filename)
AC_ARG_WITH(cffile,
AC_HELP_STRING([--with-cffile=CFFILE],[Specify config filename @<:@conserver.cf@:>@]),
AC_HELP_STRING([--with-cffile=CFFILE],[Specify config filename @<:@SYSCONFDIR/conserver.cf@:>@]),
[if test "$withval" != yes; then
AC_DEFINE_UNQUOTED(CONFIGFILE, "$withval")
AC_MSG_RESULT('$sysconfdir/$withval')
if expr "x$withval" : "x/" > /dev/null 2>&1; then
AC_DEFINE_UNQUOTED(CONFIGFILE, ["$withval"])
AC_MSG_RESULT('$withval')
else
AC_DEFINE_UNQUOTED(CONFIGFILE, [SYSCONFDIR "/$withval"])
AC_MSG_RESULT('$sysconfdir/$withval')
fi
else
AC_DEFINE_UNQUOTED(CONFIGFILE, "conserver.cf")
AC_DEFINE_UNQUOTED(CONFIGFILE, [SYSCONFDIR "/conserver.cf"])
AC_MSG_RESULT('$sysconfdir/conserver.cf')
fi],
[AC_DEFINE_UNQUOTED(CONFIGFILE, "conserver.cf")
[AC_DEFINE_UNQUOTED(CONFIGFILE, [SYSCONFDIR "/conserver.cf"])
AC_MSG_RESULT('$sysconfdir/conserver.cf')])
AC_MSG_CHECKING(for password filename)
AC_ARG_WITH(pwdfile,
AC_HELP_STRING([--with-pwdfile=PWDFILE],[Specify password filename @<:@conserver.passwd@:>@]),
AC_HELP_STRING([--with-pwdfile=PWDFILE],[Specify password filename @<:@SYSCONFDIR/conserver.passwd@:>@]),
[if test "$withval" != yes; then
AC_DEFINE_UNQUOTED(PASSWDFILE, "$withval")
AC_MSG_RESULT('$sysconfdir/$withval')
if expr "x$withval" : "x/" > /dev/null 2>&1; then
AC_DEFINE_UNQUOTED(PASSWDFILE, ["$withval"])
AC_MSG_RESULT('$withval')
else
AC_DEFINE_UNQUOTED(PASSWDFILE, [SYSCONFDIR "/$withval"])
AC_MSG_RESULT('$sysconfdir/$withval')
fi
else
AC_DEFINE_UNQUOTED(PASSWDFILE, "conserver.passwd")
AC_DEFINE_UNQUOTED(PASSWDFILE, [SYSCONFDIR "/conserver.passwd"])
AC_MSG_RESULT('$sysconfdir/conserver.passwd')
fi],
[AC_DEFINE_UNQUOTED(PASSWDFILE, "conserver.passwd")
[AC_DEFINE_UNQUOTED(PASSWDFILE, [SYSCONFDIR "/conserver.passwd"])
AC_MSG_RESULT('$sysconfdir/conserver.passwd')])
AC_MSG_CHECKING(for log filename)
@ -215,6 +226,7 @@ AC_CHECK_TYPE([socklen_t],[AC_DEFINE(HAVE_SOCKLEN_T,1,
[Defined if socklen_t exists])],,[$ac_includes_default
#include <sys/socket.h>])
dnl ### Check for libraries. #######################################
AC_SEARCH_LIBS(socket,socket)
AC_SEARCH_LIBS(gethostbyname,nsl)
@ -262,6 +274,44 @@ AC_ARG_WITH(libwrap,
fi]
)
AC_ARG_WITH(openssl,
AC_HELP_STRING([--with-openssl@<:@=PATH@:>@],
[Compile in OpenSSL support]),
[if test "$withval" != "no"; then
if test "$withval" != "yes"; then
OPENSSLCPPFLAGS="-I$withval/include"
OPENSSLLDFLAGS="-L$withval/lib"
else
OPENSSLCPPFLAGS=""
OPENSSLLDFLAGS=""
fi
oCPPFLAGS="$CPPFLAGS"
oLDFLAGS="$LDFLAGS"
oLIBS="$LIBS"
have_openssl=no
CPPFLAGS="$CPPFLAGS $OPENSSLCPPFLAGS"
LDFLAGS="$LDFLAGS $OPENSSLLDFLAGS"
AC_CHECK_HEADER([openssl/ssl.h],
[LIBS="$LIBS -lssl -lcrypto"
AC_MSG_CHECKING(for openssl libraries -lssl and -lcrypto)
AC_TRY_LINK([#include <openssl/ssl.h>
],[SSL_library_init()],
[AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_OPENSSL)
have_openssl=yes],
[AC_MSG_RESULT(no)])],)
if test $have_openssl = no; then
LIBS="$oLIBS"
CPPFLAGS="$oCPPFLAGS"
LDFLAGS="$oLDFLAGS"
fi
fi]
)
dnl ### Check for needed functions. ################################
@ -300,7 +350,7 @@ AC_ARG_WITH(regex,
AC_ARG_WITH(pam,
AC_HELP_STRING([--with-pam],
[enable PAM support]),
[Enable PAM support]),
[if test "$withval" = yes; then
oLIBS="$LIBS"

8
conserver.html
View File

@ -179,13 +179,13 @@
<H3>Downloading</H3>
<P>The current version, released on Sep 23, 2002, is <A
<P>The current version, released on Oct 14, 2002, is <A
href=
"http://www.conserver.com/7.2.3.tar.gz">7.2.3.tar.gz</A>.
"http://www.conserver.com/7.2.4.tar.gz">7.2.4.tar.gz</A>.
You can get it via <A href=
"ftp://ftp.conserver.com/conserver/7.2.3.tar.gz">FTP</A>
"ftp://ftp.conserver.com/conserver/7.2.4.tar.gz">FTP</A>
or <A href=
"http://www.conserver.com/7.2.3.tar.gz">HTTP</A>. See the
"http://www.conserver.com/7.2.4.tar.gz">HTTP</A>. See the
<A href="http://www.conserver.com/CHANGES">CHANGES</A>
file for information on the latest updates.</P>

3
conserver/access.c
View File

@ -1,5 +1,5 @@
/*
* $Id: access.c,v 5.44 2002-02-26 16:12:49-08 bryan Exp $
* $Id: access.c,v 5.45 2002-10-12 20:08:07-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -50,7 +50,6 @@
#include <pwd.h>
#include <compat.h>
#include <port.h>
#include <util.h>
#include <access.h>

4
conserver/access.h
View File

@ -1,5 +1,5 @@
/*
* $Id: access.h,v 5.17 2002-02-25 14:00:38-08 bryan Exp $
* $Id: access.h,v 5.18 2002-09-29 19:04:32-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -55,7 +55,7 @@ typedef struct remote { /* console at another host */
#if USE_ANSI_PROTO
extern REMOTE *FindUniq(REMOTE *);
extern char AccType(struct in_addr *, char *);
extern void SetDefAccess(struct in_addr *pAddr, char *pHost);
extern void SetDefAccess(struct in_addr *, char *);
#else
extern REMOTE *FindUniq();
extern char AccType();

3
conserver/client.c
View File

@ -1,5 +1,5 @@
/*
* $Id: client.c,v 5.48 2002-03-11 18:27:04-08 bryan Exp $
* $Id: client.c,v 5.49 2002-10-12 20:07:43-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -49,7 +49,6 @@
#include <pwd.h>
#include <compat.h>
#include <port.h>
#include <util.h>
#include <consent.h>

5
conserver/consent.c
View File

@ -1,5 +1,5 @@
/*
* $Id: consent.c,v 5.90 2002-09-23 11:38:46-07 bryan Exp $
* $Id: consent.c,v 5.92 2002-10-12 20:07:43-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -53,7 +53,6 @@
#include <pwd.h>
#include <compat.h>
#include <port.h>
#include <util.h>
#include <consent.h>
@ -669,7 +668,7 @@ AddHostCache(hostname)
void
#if USE_ANSI_PROTO
ClearHostCache()
ClearHostCache(void)
#else
ClearHostCache()
#endif

4
conserver/consent.h
View File

@ -1,5 +1,5 @@
/*
* $Id: consent.h,v 5.30 2002-03-25 17:07:04-08 bryan Exp $
* $Id: consent.h,v 5.31 2002-09-29 19:04:43-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -103,7 +103,7 @@ extern void ConsInit(CONSENT *, fd_set *, int);
extern void ConsDown(CONSENT *, fd_set *);
extern int CheckHostCache(const char *);
extern void AddHostCache(const char *);
extern void ClearHostCache();
extern void ClearHostCache(void);
#else
extern PARITY *FindParity();
extern BAUD *FindBaud();

25
conserver/conserver.man
View File

@ -1,13 +1,13 @@
.\" @(#)conserver.8 01/06/91 OSU CIS; Thomas A. Fine
.\" $Id: conserver.man,v 1.26 2002-09-22 10:41:51-07 bryan Exp $
.\" $Id: conserver.man,v 1.28 2002-10-09 13:26:31-07 bryan Exp $
.TH CONSERVER 8 "Local"
.SH NAME
conserver \- console server daemon
.SH SYNOPSIS
\fBconserver\fP [\fB\-7dDFhinouvV\fP] [\fB\-a\fP \fItype\fP]
\fBconserver\fP [\fB\-7dDEFhinouvV\fP] [\fB\-a\fP \fItype\fP]
[\fB\-m\fP \fImax\fP]
[\fB\-M\fP \fIaddr\fP] [\fB\-p\fP \fIport\fP] [\fB\-b\fP \fIport\fP]
[\fB\-C\fP \fIconfig\fP] [\fB\-P\fP \fIpasswd\fP]
[\fB\-c\fP \fIcred\fP] [\fB\-C\fP \fIconfig\fP] [\fB\-P\fP \fIpasswd\fP]
[\fB\-L\fP \fIlogfile\fP] [\fB\-O\fP \fImin\fP]
.SH DESCRIPTION
.B Conserver
@ -138,6 +138,9 @@ If no free ports are available in that range,
By default, \fBconserver\fP lets the operating system choose
a free port.
.TP
.BI \-c cred
Load an SSL certificate and key from the PEM encoded file \fIcred\fP.
.TP
.BI \-C config
Read configuration information from the file \fIconfig\fP.
The default \fIconfig\fP may be changed at compile time using the
@ -151,6 +154,11 @@ all output to the logfile (see \fB\-L\fP).
Enable debugging output, sent to stderr. Multiple \fB-D\fP options
increases debug output.
.TP
.B \-E
If encryption has been built into the code (\fB--with-openssl\fP), encrypted
client connections are a requirement. This option allows clients to connect
to consoles over non-encrypted connections.
.TP
.B \-F
Do not automatically reinitialize failed (unexpectedly closed)
consoles. If the console is a program (`|' syntax) and it closes
@ -247,9 +255,14 @@ Additionally, output from individual consoles may be logged
to separate files specified in
.BR conserver.cf (5).
.SH BUGS
All client/server traffic (including root and user passwords) is
passed ``in the clear''. Extreme care should be taken to insure no one
is ``snooping'' this private data. One day the traffic will be encrypted.
SSL encryption only occurs when connecting to a single console, not
on all client/server activity. The \fB-q\fP/\fB-Q\fP quit command will
pass the root password in the clear. Other info-type
options (like \fB-i\fP, \fB-w\fP, etc)
are all sent unencrypted as well. This should be fixed soon.
.PP
I'm sure there are more, I just don't know where they are. Please
let me know if you find any.
.SH AUTHORS
Thomas A. Fine, Ohio State Computer Science
.br

3
conserver/fallback.c
View File

@ -1,5 +1,5 @@
/*
* $Id: fallback.c,v 5.45 2002-06-05 11:12:24-07 bryan Exp $
* $Id: fallback.c,v 5.46 2002-10-12 20:07:43-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -30,7 +30,6 @@
#include <ctype.h>
#include <compat.h>
#include <port.h>
#include <util.h>
#if defined(_AIX)

233
conserver/group.c
View File

@ -1,5 +1,5 @@
/*
* $Id: group.c,v 5.186 2002-09-23 11:40:35-07 bryan Exp $
* $Id: group.c,v 5.195 2002-10-12 20:07:43-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -85,7 +85,6 @@
#endif
#include <compat.h>
#include <port.h>
#include <util.h>
#include <consent.h>
@ -145,6 +144,100 @@ SendAllClientsMsg(pGE, message)
}
}
void
#if USE_ANSI_PROTO
DisconnectClient(GRPENT * pGE, CONSCLIENT * pCL, char *message)
#else
DisconnectClient(pGE, pCL, message)
GRPENT *pGE;
CONSCLIENT *pCL;
char *message;
#endif
{
CONSENT *pCEServing;
if (pGE == (GRPENT *) 0 || pCL == (CONSCLIENT *) 0) {
return;
}
if (pCL->fcon) {
(void)fileWrite(pCL->fd, message, -1);
}
/* log it, drop from select list,
* close gap in table, etc, etc...
*/
pCEServing = pCL->pCEto;
if (pGE->pCEctl != pCEServing) {
Info("%s: logout %s [%s]", pCEServing->server.string,
pCL->acid.string, strtime(NULL));
}
if (fNoinit && pCEServing->pCLon->pCLnext == (CONSCLIENT *) 0)
ConsDown(pCEServing, &pGE->rinit);
FD_CLR(fileFDNum(pCL->fd), &pGE->rinit);
fileClose(&pCL->fd);
/* mark as not writer, if he is
* and turn logging back on...
*/
if (pCL->fwr) {
pCL->fwr = 0;
pCL->fwantwr = 0;
tagLogfile(pCEServing, "%s detached", pCL->acid.string);
if (pCEServing->nolog) {
pCEServing->nolog = 0;
filePrint(pCEServing->fdlog,
"[-- Console logging restored (logout) -- %s]\r\n",
strtime(NULL));
}
pCEServing->pCLwr = FindWrite(pCEServing->pCLon);
}
/* mark as unconnected and remove from both
* lists (all clients, and this console)
*/
pCL->fcon = 0;
if ((CONSCLIENT *) 0 != pCL->pCLnext) {
pCL->pCLnext->ppCLbnext = pCL->ppCLbnext;
}
*(pCL->ppCLbnext) = pCL->pCLnext;
if ((CONSCLIENT *) 0 != pCL->pCLscan) {
pCL->pCLscan->ppCLbscan = pCL->ppCLbscan;
}
*(pCL->ppCLbscan) = pCL->pCLscan;
/* the continue below will advance to a (ksb)
* legal client, even though we are now closed
* and in the fre list becasue pCLscan is used
* for the free list
*/
pCL->pCLnext = pGE->pCLfree;
pGE->pCLfree = pCL;
}
void
#if USE_ANSI_PROTO
DisconnectAllClients(GRPENT * pGE, char *message)
#else
DisconnectAllClients(pGE, message)
GRPENT *pGE;
char *message;
#endif
{
CONSCLIENT *pCL;
if ((GRPENT *) 0 == pGE) {
return;
}
for (pCL = pGE->pCLall; (CONSCLIENT *) 0 != pCL; pCL = pCL->pCLscan) {
DisconnectClient(pGE, pCL, message);
}
}
void
#if USE_ANSI_PROTO
destroyClient(CONSCLIENT * pCL)
@ -398,10 +491,10 @@ CheckPass(pcUser, pcWord)
return AUTH_NOUSER;
return AUTH_INVALID;
#else /* getpw*() */
#if HAVE_GETSPNAM
struct passwd *pwd;
struct spwd *spwd;
int retval = AUTH_SUCCESS;
#if HAVE_GETSPNAM
struct spwd *spwd;
#endif
if (pcWord == (char *)0) {
@ -744,7 +837,8 @@ DeUtmp(pGE)
CONSENT *pCE;
if ((GRPENT *) 0 != pGE) {
SendAllClientsMsg(pGE, "[-- Console server shutting down --]\r\n");
DisconnectAllClients(pGE,
"[-- Console server shutting down --]\r\n");
for (pCE = pGE->pCElist; pCE != (CONSENT *) 0; pCE = pCE->pCEnext) {
ConsDown(pCE, &pGE->rinit);
@ -1309,6 +1403,60 @@ cleanupBreak(bt)
doBreakWork((CONSCLIENT *) 0, (CONSENT *) 0, bt, 1);
}
#if HAVE_OPENSSL
int
#if USE_ANSI_PROTO
attemptSSL(CONSCLIENT * pCL)
#else
attemptSSL(pCL)
CONSCLIENT *pCL;
#endif
{
int sflags, fdnum;
SSL *ssl;
fdnum = fileFDNum(pCL->fd);
if (ctx == (SSL_CTX *) 0) {
Error("WTF? The SSL context disappeared?!?!? [%s]",
strtime(NULL));
exit(EX_UNAVAILABLE);
}
if (!(ssl = SSL_new(ctx))) {
Error("Couldn't create new SSL context for client `%s' [%s]",
pCL->peername.string, strtime(NULL));
return 0;
}
fileSetSSL(pCL->fd, ssl);
SSL_set_accept_state(ssl);
SSL_set_fd(ssl, fdnum);
Debug(1, "Setting socket to blocking for client `%s' (fd %d)",
pCL->peername.string, fdnum);
sflags = fcntl(fdnum, F_GETFL, 0);
if (sflags != -1)
fcntl(fdnum, F_SETFL, sflags & ~O_NONBLOCK);
Debug(1, "About to SSL_accept() for client `%s' (fd %d)",
pCL->peername.string, fdnum);
if (SSL_accept(ssl) <= 0) {
Error("SSL negotiation failed for client `%s' [%s]",
pCL->peername.string, strtime(NULL));
ERR_print_errors_fp(stderr);
SSL_free(ssl);
if (sflags != -1)
fcntl(fdnum, F_SETFL, sflags);
return 0;
}
Debug(1, "Returning socket to non-blocking for client `%s' (fd %d)",
pCL->peername.string, fdnum);
if (sflags != -1)
fcntl(fdnum, F_SETFL, sflags);
fileSetType(pCL->fd, SSLSocket);
if (fDebug)
Debug(1, "SSL Connection: %s :: %s", SSL_get_cipher_version(ssl),
SSL_get_cipher_name(ssl));
return 1;
}
#endif
/* routine used by the child processes. (ksb/fine)
* Most of it is escape sequence parsing.
@ -1682,57 +1830,8 @@ Kiddie(pGE, sfd)
drop:
/* re-entry point to drop a connection
* (for any other reason)
* log it, drop from select list,
* close gap in table, restart loop
*/
if (pGE->pCEctl != pCEServing) {
Info("%s: logout %s [%s]", pCEServing->server.string,
pCLServing->acid.string, strtime(NULL));
}
if (fNoinit &&
(CONSCLIENT *) 0 == pCEServing->pCLon->pCLnext)
ConsDown(pCEServing, &pGE->rinit);
FD_CLR(fileFDNum(pCLServing->fd), &pGE->rinit);
fileClose(&pCLServing->fd);
/* mark as not writer, if he is
* and turn logging back on...
*/
if (pCLServing->fwr) {
pCLServing->fwr = 0;
pCLServing->fwantwr = 0;
tagLogfile(pCEServing, "%s detached",
pCLServing->acid.string);
if (pCEServing->nolog) {
pCEServing->nolog = 0;
filePrint(pCEServing->fdlog,
"[-- Console logging restored (logout) -- %s]\r\n",
strtime(NULL));
}
pCEServing->pCLwr = FindWrite(pCEServing->pCLon);
}
/* mark as unconnected and remove from both
* lists (all clients, and this console)
*/
pCLServing->fcon = 0;
if ((CONSCLIENT *) 0 != pCLServing->pCLnext) {
pCLServing->pCLnext->ppCLbnext = pCLServing->ppCLbnext;
}
*(pCLServing->ppCLbnext) = pCLServing->pCLnext;
if ((CONSCLIENT *) 0 != pCLServing->pCLscan) {
pCLServing->pCLscan->ppCLbscan = pCLServing->ppCLbscan;
}
*(pCLServing->ppCLbscan) = pCLServing->pCLscan;
/* the continue below will advance to a (ksb)
* legal client, even though we are now closed
* and in the fre list becasue pCLscan is used
* for the free list
*/
pCLServing->pCLnext = pGE->pCLfree;
pGE->pCLfree = pCLServing;
DisconnectClient(pGE, pCLServing, (char *)0);
continue;
}
@ -2172,10 +2271,34 @@ Kiddie(pGE, sfd)
"no drop line]\r\n", -1);
break;
#if HAVE_OPENSSL
case '*': /* SSL encryption */
if (pGE->pCEctl != pCLServing->pCEto) {
goto unknown;
}
fileWrite(pCLServing->fd, "ssl:\r\n", -1);
if (!attemptSSL(pCLServing))
goto drop;
Debug(1,
"SSL connection a success for client `%s'!",
pCLServing->peername.string);
break;
#endif
case ';': /* ;login: */
if (pGE->pCEctl != pCLServing->pCEto) {
goto unknown;
}
#if HAVE_OPENSSL
if (fReqEncryption &&
fileGetType(pCLServing->fd) !=
SSLSocket) {
fileWrite(pCLServing->fd,
"Encryption required\r\n",
-1);
goto drop;
}
#endif
fileWrite(pCLServing->fd, "login:\r\n",
-1);
buildMyString((char *)0,

352
conserver/main.c
View File

@ -1,5 +1,5 @@
/*
* $Id: main.c,v 5.95 2002-09-22 09:31:54-07 bryan Exp $
* $Id: main.c,v 5.105 2002-10-12 20:07:43-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -43,7 +43,6 @@
#include <pwd.h>
#include <compat.h>
#include <port.h>
#include <util.h>
#include <consent.h>
@ -60,12 +59,9 @@ int fAll = 0, fVerbose = 0, fSoftcar = 0, fNoinit = 0, fVersion =
char chDefAcc = 'r';
#define FULLCFPATH SYSCONFDIR "/" CONFIGFILE
#define FULLPDPATH SYSCONFDIR "/" PASSWDFILE
char *pcLogfile = LOGFILEPATH;
char *pcConfig = FULLCFPATH;
char *pcPasswd = FULLPDPATH;
char *pcConfig = CONFIGFILE;
char *pcPasswd = PASSWDFILE;
char *pcPort = DEFPORT;
char *pcBasePort = DEFBASEPORT;
int domainHack = 0;
@ -80,9 +76,285 @@ struct sockaddr_in in_port;
struct in_addr acMyAddr;
char acMyHost[1024]; /* staff.cc.purdue.edu */
#if HAVE_OPENSSL
SSL_CTX *ctx = (SSL_CTX *) 0;
int fReqEncryption = 1;
char *pcCredFile = (char *)0;
DH *
#if USE_ANSI_PROTO
get_dh512(void)
#else
get_dh512()
#endif
{
static unsigned char dh512_p[] = {
0xF5, 0x2A, 0xFF, 0x3C, 0xE1, 0xB1, 0x29, 0x40, 0x18, 0x11, 0x8D,
0x7C, 0x84, 0xA7, 0x0A, 0x72, 0xD6, 0x86, 0xC4, 0x03, 0x19,
0xC8, 0x07, 0x29, 0x7A, 0xCA, 0x95, 0x0C, 0xD9, 0x96, 0x9F,
0xAB, 0xD0, 0x0A, 0x50, 0x9B, 0x02, 0x46, 0xD3, 0x08, 0x3D,
0x66, 0xA4, 0x5D, 0x41, 0x9F, 0x9C, 0x7C, 0xBD, 0x89, 0x4B,
0x22, 0x19, 0x26, 0xBA, 0xAB, 0xA2, 0x5E, 0xC3, 0x55, 0xE9,
0x2A, 0x05, 0x5F,
};
static unsigned char dh512_g[] = {
0x02,
};
DH *dh;
if ((dh = DH_new()) == NULL)
return (NULL);
dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
if ((dh->p == NULL) || (dh->g == NULL)) {
DH_free(dh);
return (NULL);
}
return (dh);
}
DH *
#if USE_ANSI_PROTO
get_dh1024(void)
#else
get_dh1024()
#endif
{
static unsigned char dh1024_p[] = {
0xF4, 0x88, 0xFD, 0x58, 0x4E, 0x49, 0xDB, 0xCD, 0x20, 0xB4, 0x9D,
0xE4, 0x91, 0x07, 0x36, 0x6B, 0x33, 0x6C, 0x38, 0x0D, 0x45,
0x1D, 0x0F, 0x7C, 0x88, 0xB3, 0x1C, 0x7C, 0x5B, 0x2D, 0x8E,
0xF6, 0xF3, 0xC9, 0x23, 0xC0, 0x43, 0xF0, 0xA5, 0x5B, 0x18,
0x8D, 0x8E, 0xBB, 0x55, 0x8C, 0xB8, 0x5D, 0x38, 0xD3, 0x34,
0xFD, 0x7C, 0x17, 0x57, 0x43, 0xA3, 0x1D, 0x18, 0x6C, 0xDE,
0x33, 0x21, 0x2C, 0xB5, 0x2A, 0xFF, 0x3C, 0xE1, 0xB1, 0x29,
0x40, 0x18, 0x11, 0x8D, 0x7C, 0x84, 0xA7, 0x0A, 0x72, 0xD6,
0x86, 0xC4, 0x03, 0x19, 0xC8, 0x07, 0x29, 0x7A, 0xCA, 0x95,
0x0C, 0xD9, 0x96, 0x9F, 0xAB, 0xD0, 0x0A, 0x50, 0x9B, 0x02,
0x46, 0xD3, 0x08, 0x3D, 0x66, 0xA4, 0x5D, 0x41, 0x9F, 0x9C,
0x7C, 0xBD, 0x89, 0x4B, 0x22, 0x19, 0x26, 0xBA, 0xAB, 0xA2,
0x5E, 0xC3, 0x55, 0xE9, 0x2F, 0x78, 0xC7,
};
static unsigned char dh1024_g[] = {
0x02,
};
DH *dh;
if ((dh = DH_new()) == NULL)
return (NULL);
dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
if ((dh->p == NULL) || (dh->g == NULL)) {
DH_free(dh);
return (NULL);
}
return (dh);
}
DH *
#if USE_ANSI_PROTO
get_dh2048(void)
#else
get_dh2048()
#endif
{
static unsigned char dh2048_p[] = {
0xF6, 0x42, 0x57, 0xB7, 0x08, 0x7F, 0x08, 0x17, 0x72, 0xA2, 0xBA,
0xD6, 0xA9, 0x42, 0xF3, 0x05, 0xE8, 0xF9, 0x53, 0x11, 0x39,
0x4F, 0xB6, 0xF1, 0x6E, 0xB9, 0x4B, 0x38, 0x20, 0xDA, 0x01,
0xA7, 0x56, 0xA3, 0x14, 0xE9, 0x8F, 0x40, 0x55, 0xF3, 0xD0,
0x07, 0xC6, 0xCB, 0x43, 0xA9, 0x94, 0xAD, 0xF7, 0x4C, 0x64,
0x86, 0x49, 0xF8, 0x0C, 0x83, 0xBD, 0x65, 0xE9, 0x17, 0xD4,
0xA1, 0xD3, 0x50, 0xF8, 0xF5, 0x59, 0x5F, 0xDC, 0x76, 0x52,
0x4F, 0x3D, 0x3D, 0x8D, 0xDB, 0xCE, 0x99, 0xE1, 0x57, 0x92,
0x59, 0xCD, 0xFD, 0xB8, 0xAE, 0x74, 0x4F, 0xC5, 0xFC, 0x76,
0xBC, 0x83, 0xC5, 0x47, 0x30, 0x61, 0xCE, 0x7C, 0xC9, 0x66,
0xFF, 0x15, 0xF9, 0xBB, 0xFD, 0x91, 0x5E, 0xC7, 0x01, 0xAA,
0xD3, 0x5B, 0x9E, 0x8D, 0xA0, 0xA5, 0x72, 0x3A, 0xD4, 0x1A,
0xF0, 0xBF, 0x46, 0x00, 0x58, 0x2B, 0xE5, 0xF4, 0x88, 0xFD,
0x58, 0x4E, 0x49, 0xDB, 0xCD, 0x20, 0xB4, 0x9D, 0xE4, 0x91,
0x07, 0x36, 0x6B, 0x33, 0x6C, 0x38, 0x0D, 0x45, 0x1D, 0x0F,
0x7C, 0x88, 0xB3, 0x1C, 0x7C, 0x5B, 0x2D, 0x8E, 0xF6, 0xF3,
0xC9, 0x23, 0xC0, 0x43, 0xF0, 0xA5, 0x5B, 0x18, 0x8D, 0x8E,
0xBB, 0x55, 0x8C, 0xB8, 0x5D, 0x38, 0xD3, 0x34, 0xFD, 0x7C,
0x17, 0x57, 0x43, 0xA3, 0x1D, 0x18, 0x6C, 0xDE, 0x33, 0x21,
0x2C, 0xB5, 0x2A, 0xFF, 0x3C, 0xE1, 0xB1, 0x29, 0x40, 0x18,
0x11, 0x8D, 0x7C, 0x84, 0xA7, 0x0A, 0x72, 0xD6, 0x86, 0xC4,
0x03, 0x19, 0xC8, 0x07, 0x29, 0x7A, 0xCA, 0x95, 0x0C, 0xD9,
0x96, 0x9F, 0xAB, 0xD0, 0x0A, 0x50, 0x9B, 0x02, 0x46, 0xD3,
0x08, 0x3D, 0x66, 0xA4, 0x5D, 0x41, 0x9F, 0x9C, 0x7C, 0xBD,
0x89, 0x4B, 0x22, 0x19, 0x26, 0xBA, 0xAB, 0xA2, 0x5E, 0xC3,
0x55, 0xE9, 0x32, 0x0B, 0x3B,
};
static unsigned char dh2048_g[] = {
0x02,
};
DH *dh;
if ((dh = DH_new()) == NULL)
return (NULL);
dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
dh->g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
if ((dh->p == NULL) || (dh->g == NULL)) {
DH_free(dh);
return (NULL);
}
return (dh);
}
DH *
#if USE_ANSI_PROTO
get_dh4096()
#else
get_dh4096(void)
#endif
{
static unsigned char dh4096_p[] = {
0xFA, 0x14, 0x72, 0x52, 0xC1, 0x4D, 0xE1, 0x5A, 0x49, 0xD4, 0xEF,
0x09, 0x2D, 0xC0, 0xA8, 0xFD, 0x55, 0xAB, 0xD7, 0xD9, 0x37,
0x04, 0x28, 0x09, 0xE2, 0xE9, 0x3E, 0x77, 0xE2, 0xA1, 0x7A,
0x18, 0xDD, 0x46, 0xA3, 0x43, 0x37, 0x23, 0x90, 0x97, 0xF3,
0x0E, 0xC9, 0x03, 0x50, 0x7D, 0x65, 0xCF, 0x78, 0x62, 0xA6,
0x3A, 0x62, 0x22, 0x83, 0xA1, 0x2F, 0xFE, 0x79, 0xBA, 0x35,
0xFF, 0x59, 0xD8, 0x1D, 0x61, 0xDD, 0x1E, 0x21, 0x13, 0x17,
0xFE, 0xCD, 0x38, 0x87, 0x9E, 0xF5, 0x4F, 0x79, 0x10, 0x61,
0x8D, 0xD4, 0x22, 0xF3, 0x5A, 0xED, 0x5D, 0xEA, 0x21, 0xE9,
0x33, 0x6B, 0x48, 0x12, 0x0A, 0x20, 0x77, 0xD4, 0x25, 0x60,
0x61, 0xDE, 0xF6, 0xB4, 0x4F, 0x1C, 0x63, 0x40, 0x8B, 0x3A,
0x21, 0x93, 0x8B, 0x79, 0x53, 0x51, 0x2C, 0xCA, 0xB3, 0x7B,
0x29, 0x56, 0xA8, 0xC7, 0xF8, 0xF4, 0x7B, 0x08, 0x5E, 0xA6,
0xDC, 0xA2, 0x45, 0x12, 0x56, 0xDD, 0x41, 0x92, 0xF2, 0xDD,
0x5B, 0x8F, 0x23, 0xF0, 0xF3, 0xEF, 0xE4, 0x3B, 0x0A, 0x44,
0xDD, 0xED, 0x96, 0x84, 0xF1, 0xA8, 0x32, 0x46, 0xA3, 0xDB,
0x4A, 0xBE, 0x3D, 0x45, 0xBA, 0x4E, 0xF8, 0x03, 0xE5, 0xDD,
0x6B, 0x59, 0x0D, 0x84, 0x1E, 0xCA, 0x16, 0x5A, 0x8C, 0xC8,
0xDF, 0x7C, 0x54, 0x44, 0xC4, 0x27, 0xA7, 0x3B, 0x2A, 0x97,
0xCE, 0xA3, 0x7D, 0x26, 0x9C, 0xAD, 0xF4, 0xC2, 0xAC, 0x37,
0x4B, 0xC3, 0xAD, 0x68, 0x84, 0x7F, 0x99, 0xA6, 0x17, 0xEF,
0x6B, 0x46, 0x3A, 0x7A, 0x36, 0x7A, 0x11, 0x43, 0x92, 0xAD,
0xE9, 0x9C, 0xFB, 0x44, 0x6C, 0x3D, 0x82, 0x49, 0xCC, 0x5C,
0x6A, 0x52, 0x42, 0xF8, 0x42, 0xFB, 0x44, 0xF9, 0x39, 0x73,
0xFB, 0x60, 0x79, 0x3B, 0xC2, 0x9E, 0x0B, 0xDC, 0xD4, 0xA6,
0x67, 0xF7, 0x66, 0x3F, 0xFC, 0x42, 0x3B, 0x1B, 0xDB, 0x4F,
0x66, 0xDC, 0xA5, 0x8F, 0x66, 0xF9, 0xEA, 0xC1, 0xED, 0x31,
0xFB, 0x48, 0xA1, 0x82, 0x7D, 0xF8, 0xE0, 0xCC, 0xB1, 0xC7,
0x03, 0xE4, 0xF8, 0xB3, 0xFE, 0xB7, 0xA3, 0x13, 0x73, 0xA6,
0x7B, 0xC1, 0x0E, 0x39, 0xC7, 0x94, 0x48, 0x26, 0x00, 0x85,
0x79, 0xFC, 0x6F, 0x7A, 0xAF, 0xC5, 0x52, 0x35, 0x75, 0xD7,
0x75, 0xA4, 0x40, 0xFA, 0x14, 0x74, 0x61, 0x16, 0xF2, 0xEB,
0x67, 0x11, 0x6F, 0x04, 0x43, 0x3D, 0x11, 0x14, 0x4C, 0xA7,
0x94, 0x2A, 0x39, 0xA1, 0xC9, 0x90, 0xCF, 0x83, 0xC6, 0xFF,
0x02, 0x8F, 0xA3, 0x2A, 0xAC, 0x26, 0xDF, 0x0B, 0x8B, 0xBE,
0x64, 0x4A, 0xF1, 0xA1, 0xDC, 0xEE, 0xBA, 0xC8, 0x03, 0x82,
0xF6, 0x62, 0x2C, 0x5D, 0xB6, 0xBB, 0x13, 0x19, 0x6E, 0x86,
0xC5, 0x5B, 0x2B, 0x5E, 0x3A, 0xF3, 0xB3, 0x28, 0x6B, 0x70,
0x71, 0x3A, 0x8E, 0xFF, 0x5C, 0x15, 0xE6, 0x02, 0xA4, 0xCE,
0xED, 0x59, 0x56, 0xCC, 0x15, 0x51, 0x07, 0x79, 0x1A, 0x0F,
0x25, 0x26, 0x27, 0x30, 0xA9, 0x15, 0xB2, 0xC8, 0xD4, 0x5C,
0xCC, 0x30, 0xE8, 0x1B, 0xD8, 0xD5, 0x0F, 0x19, 0xA8, 0x80,
0xA4, 0xC7, 0x01, 0xAA, 0x8B, 0xBA, 0x53, 0xBB, 0x47, 0xC2,
0x1F, 0x6B, 0x54, 0xB0, 0x17, 0x60, 0xED, 0x79, 0x21, 0x95,
0xB6, 0x05, 0x84, 0x37, 0xC8, 0x03, 0xA4, 0xDD, 0xD1, 0x06,
0x69, 0x8F, 0x4C, 0x39, 0xE0, 0xC8, 0x5D, 0x83, 0x1D, 0xBE,
0x6A, 0x9A, 0x99, 0xF3, 0x9F, 0x0B, 0x45, 0x29, 0xD4, 0xCB,
0x29, 0x66, 0xEE, 0x1E, 0x7E, 0x3D, 0xD7, 0x13, 0x4E, 0xDB,
0x90, 0x90, 0x58, 0xCB, 0x5E, 0x9B, 0xCD, 0x2E, 0x2B, 0x0F,
0xA9, 0x4E, 0x78, 0xAC, 0x05, 0x11, 0x7F, 0xE3, 0x9E, 0x27,
0xD4, 0x99, 0xE1, 0xB9, 0xBD, 0x78, 0xE1, 0x84, 0x41, 0xA0,
0xDF,
};
static unsigned char dh4096_g[] = {
0x02,
};
DH *dh;
if ((dh = DH_new()) == NULL)
return (NULL);
dh->p = BN_bin2bn(dh4096_p, sizeof(dh4096_p), NULL);
dh->g = BN_bin2bn(dh4096_g, sizeof(dh4096_g), NULL);
if ((dh->p == NULL) || (dh->g == NULL)) {
DH_free(dh);
return (NULL);
}
return (dh);
}
DH *
#if USE_ANSI_PROTO
tmp_dh_callback(SSL * ssl, int is_export, int keylength)
#else
tmp_dh_callback(ssl, is_export, keylength)
SSL *ssl;
int is_export;
int keylength;
#endif
{
switch (keylength) {
case 512:
return get_dh512();
case 1024:
return get_dh1024();
case 2048:
return get_dh2048();
default:
return get_dh4096();
}
}
void
#if USE_ANSI_PROTO
reopenLogfile()
setupSSL(void)
#else
setupSSL()
#endif
{
if (ctx == (SSL_CTX *) 0) {
SSL_load_error_strings();
if (!SSL_library_init()) {
Error("SSL library initialization failed");
exit(EX_UNAVAILABLE);
}
if ((ctx = SSL_CTX_new(SSLv23_method())) == (SSL_CTX *) 0) {
Error("Creating SSL context failed");
exit(EX_UNAVAILABLE);
}
if (SSL_CTX_set_default_verify_paths(ctx) != 1) {
Error("Could not load SSL default CA file and/or directory");
exit(EX_UNAVAILABLE);
}
if (pcCredFile != (char *)0) {
if (SSL_CTX_use_certificate_chain_file(ctx, pcCredFile) != 1) {
Error("Could not load SSL certificate from '%s'",
pcCredFile);
exit(EX_UNAVAILABLE);
}
if (SSL_CTX_use_PrivateKey_file
(ctx, pcCredFile, SSL_FILETYPE_PEM) != 1) {
Error("Could not SSL private key from '%s'", pcCredFile);
exit(EX_UNAVAILABLE);
}
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, ssl_verify_callback);
SSL_CTX_set_options(ctx,
SSL_OP_ALL | SSL_OP_NO_SSLv2 |
SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_mode(ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
SSL_MODE_AUTO_RETRY);
SSL_CTX_set_tmp_dh_callback(ctx, tmp_dh_callback);
if (SSL_CTX_set_cipher_list(ctx, "ALL:!LOW:!EXP:!MD5:@STRENGTH") !=
1) {
Error("Setting SSL cipher list failed");
exit(EX_UNAVAILABLE);
}
}
}
#endif
void
#if USE_ANSI_PROTO
reopenLogfile(void)
#else
reopenLogfile()
#endif
@ -167,14 +439,24 @@ daemonize()
static char u_terse[] =
" [-7dDFhinouvV] [-a type] [-m max] [-M addr] [-p port] [-b port] [-C config] [-P passwd] [-L logfile] [-O min]";
" [-7dDEFhinouvV] [-a type] [-m max] [-M addr] [-p port] [-b port] [-c cred] [-C config] [-P passwd] [-L logfile] [-O min]";
static char *apcLong[] = {
"7 strip the high bit of all console data",
"a type set the default access type",
"b port base port for secondary channel (any by default)",
#if HAVE_OPENSSL
"c cred load an SSL certificate and key from the PEM encoded file",
#else
"c cred ignored - encryption not compiled into code",
#endif
"C config give a new config file to the server process",
"d become a daemon, redirecting stdout/stderr to logfile",
"D enable debug output, sent to stderr",
#if HAVE_OPENSSL
"E don't require encrypted client connections",
#else
"E ignored - encryption not compiled into code",
#endif
"F do not automatically reinitialize failed consoles",
"h output this message",
"i initialize console connections on demand",
@ -218,6 +500,21 @@ Version()
static STRING acA1 = { (char *)0, 0, 0 };
static STRING acA2 = { (char *)0, 0, 0 };
int i;
char *optionlist[] = {
#if USE_LIBWRAP
"libwrap",
#endif
#if HAVE_OPENSSL
"openssl",
#endif
#if HAVE_PAM
"pam",
#endif
#if HAVE_POSIX_REGCOMP
"regex",
#endif
(char *)0
};
outputPid = 0;
@ -274,6 +571,18 @@ Version()
bindBasePort, pcBasePort);
}
}
buildMyString((char *)0, &acA1);
if (optionlist[0] == (char *)0)
buildMyString("none", &acA1);
for (i = 0; optionlist[i] != (char *)0; i++) {
if (i == 0)
buildMyString(optionlist[i], &acA1);
else {
buildMyString(", ", &acA1);
buildMyString(optionlist[i], &acA1);
}
}
Info("options: %s", acA1.string);
Info("built with `%s'", CONFIGINVOCATION);
if (fVerbose)
@ -283,7 +592,7 @@ Version()
void
#if USE_ANSI_PROTO
dumpDataStructures()
dumpDataStructures(void)
#else
dumpDataStructures()
#endif
@ -369,7 +678,7 @@ main(argc, argv)
int i;
FILE *fpConfig;
struct hostent *hpMe;
static char acOpts[] = "7a:b:C:dDFhiL:m:M:noO:p:P:suVv";
static char acOpts[] = "7a:b:c:C:dDEFhiL:m:M:noO:p:P:suVv";
extern int optopt;
extern char *optarg;
struct passwd *pwd;
@ -439,6 +748,11 @@ main(argc, argv)
case 'b':
pcBasePort = optarg;
break;
case 'c':
#if HAVE_OPENSSL
pcCredFile = optarg;
#endif
break;
case 'C':
pcConfig = optarg;
break;
@ -449,6 +763,11 @@ main(argc, argv)
case 'D':
fDebug++;
break;
case 'E':
#if HAVE_OPENSSL
fReqEncryption = 0;
#endif
break;
case 'F':
fNoautoreup = 1;
break;
@ -538,6 +857,10 @@ main(argc, argv)
if ((struct passwd *)0 != (pwd = getpwuid(curuid)))
curuser = pwd->pw_name;
/* chuck any empty username */
if (curuser != (char *)0 && curuser[0] == '\000')
curuser = (char *)0;
if (curuser == (char *)0)
if (origuser == (char *)0)
Info("Started as uid %d by uid %d at %s", curuid, curuid,
@ -550,7 +873,7 @@ main(argc, argv)
(origuser == (char *)0) ? curuser : origuser, strtime(NULL));
(void)endpwent();
#if HAVE_GETSPNAM
#if HAVE_GETSPNAM && !HAVE_PAM
if (0 != geteuid()) {
Error
("Warning: Running as a non-root user - any shadow password usage will most likely fail!");
@ -639,6 +962,11 @@ main(argc, argv)
if (pGroups == (GRPENT *) 0 && pRCList == (REMOTE *) 0) {
Error("No consoles found in configuration file");
} else {
#if HAVE_OPENSSL
/* Prep the SSL layer */
setupSSL();
#endif
/* if no one can use us we need to come up with a default
*/
if (pACList == (ACCESS *) 0) {

10
conserver/main.h
View File

@ -1,5 +1,5 @@
/*
* $Id: main.h,v 5.34 2002-09-22 09:31:43-07 bryan Exp $
* $Id: main.h,v 5.38 2002-09-29 19:04:57-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -51,9 +51,13 @@ extern char acMyHost[];
extern struct in_addr acMyAddr;
extern int domainHack;
extern int isMaster;
#if HAVE_OPENSSL
extern SSL_CTX *ctx;
extern int fReqEncryption;
#endif
#if USE_ANSI_PROTO
extern void reopenLogfile();
extern void dumpDataStructures();
extern void reopenLogfile(void);
extern void dumpDataStructures(void);
#else
extern void reopenLogfile();
extern void dumpDataStructures();

5
conserver/master.c
View File

@ -1,5 +1,5 @@
/*
* $Id: master.c,v 5.79 2002-09-23 11:39:21-07 bryan Exp $
* $Id: master.c,v 5.81 2002-10-12 20:07:43-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -48,7 +48,6 @@ int deny_severity = LOG_WARNING;
#endif
#include <compat.h>
#include <port.h>
#include <util.h>
#include <consent.h>
@ -237,7 +236,7 @@ SignalKids(arg)
*/
void
#if USE_ANSI_PROTO
Master()
Master(void)
#else
Master()
#endif

4
conserver/master.h
View File

@ -1,5 +1,5 @@
/*
* $Id: master.h,v 5.14 2002-02-25 14:00:38-08 bryan Exp $
* $Id: master.h,v 5.15 2002-09-29 19:05:25-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -38,7 +38,7 @@
* stuff the master process needs
*/
#if USE_ANSI_PROTO
extern void Master();
extern void Master(void);
extern void SignalKids(int);
#else
extern void Master();

72
conserver/port.h
View File

@ -1,72 +0,0 @@
/*
* $Id: port.h,v 1.33 2002-09-20 23:04:21-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
* Copyright GNAC, Inc., 1998
*/
#include <config.h>
/*
* Copyright 1992 Purdue Research Foundation, West Lafayette, Indiana
* 47907. All rights reserved.
*
* Written by Kevin S Braunsdorf, ksb@cc.purdue.edu, purdue!ksb
*
* This software is not subject to any license of the American Telephone
* and Telegraph Company or the Regents of the University of California.
*
* Permission is granted to anyone to use this software for any purpose on
* any computer system, and to alter it and redistribute it freely, subject
* to the following restrictions:
*
* 1. Neither the authors nor Purdue University are responsible for any
* consequences of the use of this software.
*
* 2. The origin of this software must not be misrepresented, either by
* explicit claim or by omission. Credit to the authors and Purdue
* University must appear in documentation and sources.
*
* 3. Altered versions must be plainly marked as such, and must not be
* misrepresented as being the original software.
*
* 4. This notice may not be removed or altered.
*/
/* If, when processing a logfile for replaying the last N lines,
* we end up seeing more than MAXREPLAYLINELEN characters in a line,
* abort processing and display the data. Why? There could be some
* very large logfiles and very long lines and we'd chew up lots of
* memory and send a LOT of data down to the client - all potentially
* bad. If there's a line over this in size, would you really want to
* see the whole thing (and possibly others)?
*/
#if !defined(MAXREPLAYLINELEN)
# define MAXREPLAYLINELEN 10000
#endif
/* the default escape sequence used to give meta commands
*/
#if !defined(DEFATTN)
# define DEFATTN '\005'
#endif
#if !defined(DEFESC)
# define DEFESC 'c'
#endif
/* For legacy compile-time setting of the port...
*/
#if ! defined(DEFPORT)
# if defined(SERVICENAME)
# define DEFPORT SERVICENAME
# else
# if defined(PORTNUMBER)
# define DEFPORT PORTNUMBER
# else
# define DEFPORT "conserver"
# endif
# endif
#endif

5
conserver/readcfg.c
View File

@ -1,5 +1,5 @@
/*
* $Id: readcfg.c,v 5.87 2002-09-23 13:42:25-07 bryan Exp $
* $Id: readcfg.c,v 5.89 2002-10-12 20:07:43-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -45,7 +45,6 @@
#include <pwd.h>
#include <compat.h>
#include <port.h>
#include <util.h>
#include <consent.h>
@ -1110,7 +1109,7 @@ ReadCfg(pcFile, fp, master)
/* Unless otherwise stated, returns the same values as send(2) */
void
#if USE_ANSI_PROTO
ReReadCfg()
ReReadCfg(void)
#else
ReReadCfg()
#endif

4
conserver/readcfg.h
View File

@ -1,5 +1,5 @@
/*
* $Id: readcfg.h,v 5.19 2002-02-25 14:00:38-08 bryan Exp $
* $Id: readcfg.h,v 5.20 2002-09-29 19:05:12-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -47,7 +47,7 @@ extern STRING *breakList; /* list of break sequences */
#if USE_ANSI_PROTO
extern void ReadCfg(char *, FILE *);
extern char *pruneSpace(char *);
extern void ReReadCfg();
extern void ReReadCfg(void);
#else
extern void ReadCfg();
extern char *pruneSpace();

338
conserver/util.c
View File

@ -1,5 +1,5 @@
/*
* $Id: util.c,v 1.46 2002-03-11 18:26:51-08 bryan Exp $
* $Id: util.c,v 1.57 2002-10-14 13:53:48-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -16,9 +16,12 @@
#include <ctype.h>
#include <compat.h>
#include <port.h>
#include <util.h>
#if HAVE_OPENSSL
#include <openssl/ssl.h>
#endif
int outputPid = 0;
char *progname = "conserver package";
int thepid = 0;
@ -40,6 +43,26 @@ OutOfMem()
exit(EX_UNAVAILABLE);
}
void
#if USE_ANSI_PROTO
checkRW(int fd, int *r, int *w)
#else
checkRW(fd, r, w)
int fd, int *r, int *w;
#endif
{
fd_set rfd, wfd;
struct timeval t = { 0, 0 };
FD_ZERO(&rfd);
FD_ZERO(&wfd);
FD_SET(fd, &rfd);
FD_SET(fd, &wfd);
select(fd, &rfd, &wfd, (fd_set *) 0, &t);
*r = FD_ISSET(fd, &rfd);
*w = FD_ISSET(fd, &wfd);
}
char *
#if USE_ANSI_PROTO
buildMyStringChar(const char ch, STRING * msg)
@ -265,17 +288,21 @@ readLine(fp, save, iLine)
void
#if USE_ANSI_PROTO
FmtCtlStr(char *pcIn, STRING * pcOut)
FmtCtlStr(char *pcIn, int len, STRING * pcOut)
#else
FmtCtlStr(pcIn, pcOut)
FmtCtlStr(pcIn, len, pcOut)
char *pcIn;
int len;
STRING *pcOut;
#endif
{
unsigned char c;
if (len < 0)
len = strlen(pcIn);
buildMyString((char *)0, pcOut);
for (; *pcIn != '\000'; pcIn++) {
for (; len; len--, pcIn++) {
c = *pcIn & 0xff;
if (c > 127) {
c -= 128;
@ -395,16 +422,16 @@ cmaxfiles()
#endif
{
int mf;
#ifdef HAVE_SYSCONF
#if HAVE_SYSCONF
mf = sysconf(_SC_OPEN_MAX);
#else
# ifdef HAVE_GETRLIMIT
# if HAVE_GETRLIMIT
struct rlimit rl;
(void)getrlimit(RLIMIT_NOFILE, &rl);
mf = rl.rlim_cur;
# else
# ifdef HAVE_GETDTABLESIZE
# if HAVE_GETDTABLESIZE
mf = getdtablesize();
# else
# ifndef OPEN_MAX
@ -446,6 +473,10 @@ fileOpenFD(fd, type)
OutOfMem();
cfp->ftype = type;
cfp->fd = fd;
#if HAVE_OPENSSL
cfp->ssl = (SSL *) 0;
cfp->waitonWrite = cfp->waitonRead = 0;
#endif
Debug(1, "File I/O: Encapsulated fd %d type %d", fd, type);
return cfp;
@ -469,11 +500,14 @@ fileUnopen(cfp)
case simpleSocket:
retval = cfp->fd;
break;
#ifdef TLS_SUPPORT
case TLSSocket:
retval = cfp->sslfd;
#if HAVE_OPENSSL
case SSLSocket:
retval = -1;
break;
#endif
default:
retval = -1;
break;
}
Debug(1, "File I/O: Unopened fd %d", cfp->fd);
free(cfp);
@ -506,6 +540,10 @@ fileOpen(path, flag, mode)
OutOfMem();
cfp->ftype = simpleFile;
cfp->fd = fd;
#if HAVE_OPENSSL
cfp->ssl = (SSL *) 0;
cfp->waitonWrite = cfp->waitonRead = 0;
#endif
Debug(1, "File I/O: Opened `%s' as fd %d", path, fd);
return cfp;
@ -529,6 +567,9 @@ fileClose(cfp)
int client_sock_flags;
struct linger lingeropt;
#endif
#if HAVE_OPENSSL
int sflags;
#endif
cfp = *pcfp;
if (cfp == (CONSFILE *) 0)
@ -567,11 +608,36 @@ fileClose(cfp)
break;
#ifdef TLS_SUPPORT
case TLSSocket:
retval = SSL_close(cfp->sslfd);
break;
#if HAVE_OPENSSL
case SSLSocket:
sflags = fcntl(cfp->fd, F_GETFL, 0);
if (sflags != -1) {
Debug(1, "File I/O: Setting socket to BLOCKING on fd %d",
cfp->fd);
fcntl(cfp->fd, F_SETFL, sflags & ~O_NONBLOCK);
}
Debug(1, "File I/O: Performing a SSL_shutdown() on fd %d",
cfp->fd);
SSL_shutdown(cfp->ssl);
Debug(1, "File I/O: Performing a SSL_free() on fd %d",
cfp->fd);
SSL_free(cfp->ssl);
if (sflags != -1) {
Debug(1,
"File I/O: Restoring socket blocking mode on fd %d",
cfp->fd);
fcntl(cfp->fd, F_SETFL, sflags);
}
/* set the sucker back to a simpleSocket and recall so we
* do all that special stuff we oh so love...and make sure
* we return so we don't try and free(0). -bryan
*/
cfp->ftype = simpleSocket;
return fileClose(pcfp);
#endif
default:
retval = -1;
break;
}
Debug(1, "File I/O: Closed fd %d", cfp->fd);
free(cfp);
@ -592,17 +658,59 @@ fileRead(cfp, buf, len)
#endif
{
int retval = 0;
#if HAVE_OPENSSL
/*int r, w; */
int sflags;
#endif
switch (cfp->ftype) {
case simpleFile:
case simpleSocket:
retval = read(cfp->fd, buf, len);
break;
#ifdef TLS_SUPPORT
case TLSSocket:
retval = SSL_read(cfp->sslfd, buf, len);
#if HAVE_OPENSSL
case SSLSocket:
/*checkRW(cfp->fd, &r, &w); */
sflags = fcntl(cfp->fd, F_GETFL, 0);
if (sflags != -1) {
Debug(1, "File I/O: Setting socket to BLOCKING on fd %d",
cfp->fd);
fcntl(cfp->fd, F_SETFL, sflags & ~O_NONBLOCK);
}
retval = SSL_read(cfp->ssl, buf, len);
switch (SSL_get_error(cfp->ssl, retval)) {
case SSL_ERROR_NONE:
break;
case SSL_ERROR_WANT_READ: /* these two shouldn't */
case SSL_ERROR_WANT_WRITE: /* happen (yet) */
Error
("Ugh, ok..an SSL_ERROR_WANT_* happened and I didn't think it ever would. Code needs serious work!");
exit(EX_UNAVAILABLE);
case SSL_ERROR_ZERO_RETURN:
default:
Debug(1,
"File I/O: Performing a SSL_shutdown() on fd %d",
cfp->fd);
SSL_shutdown(cfp->ssl);
Debug(1, "File I/O: Performing a SSL_free() on fd %d",
cfp->fd);
SSL_free(cfp->ssl);
cfp->ssl = (SSL *) 0;
cfp->ftype = simpleSocket;
retval = 0;
break;
}
if (sflags != -1) {
Debug(1,
"File I/O: Restoring socket blocking mode on fd %d",
cfp->fd);
fcntl(cfp->fd, F_SETFL, sflags);
}
break;
#endif
default:
retval = 0;
break;
}
if (retval >= 0) {
@ -629,6 +737,10 @@ fileWrite(cfp, buf, len)
int len_orig = len;
int len_out = 0;
int retval = 0;
#if HAVE_OPENSSL
/*int r, w; */
int sflags;
#endif
if (buf == (char *)0)
return 0;
@ -651,11 +763,59 @@ fileWrite(cfp, buf, len)
len_out += retval;
}
break;
#ifdef TLS_SUPPORT
case TLSSocket:
len_out = retval = SSL_write(cfp->sslfd, buf, len);
#if HAVE_OPENSSL
case SSLSocket:
/*checkRW(cfp->fd, &r, &w); */
sflags = fcntl(cfp->fd, F_GETFL, 0);
if (sflags != -1) {
Debug(1, "File I/O: Setting socket to BLOCKING on fd %d",
cfp->fd);
fcntl(cfp->fd, F_SETFL, sflags & ~O_NONBLOCK);
}
while (len > 0) {
retval = SSL_write(cfp->ssl, buf, len);
switch (SSL_get_error(cfp->ssl, retval)) {
case SSL_ERROR_NONE:
break;
case SSL_ERROR_WANT_READ: /* these two shouldn't */
case SSL_ERROR_WANT_WRITE: /* happen (yet) */
Error
("Ugh, ok..an SSL_ERROR_WANT_* happened and I didn't think it ever would. Code needs serious work!");
exit(EX_UNAVAILABLE);
case SSL_ERROR_ZERO_RETURN:
default:
Debug(1,
"File I/O: Performing a SSL_shutdown() on fd %d",
cfp->fd);
SSL_shutdown(cfp->ssl);
Debug(1,
"File I/O: Performing a SSL_free() on fd %d",
cfp->fd);
SSL_free(cfp->ssl);
cfp->ssl = (SSL *) 0;
cfp->ftype = simpleSocket;
retval = -1;
break;
}
if (retval == -1) {
len_out = -1;
break;
}
buf += retval;
len -= retval;
len_out += retval;
}
if (sflags != -1) {
Debug(1,
"File I/O: Restoring socket blocking mode on fd %d",
cfp->fd);
fcntl(cfp->fd, F_SETFL, sflags);
}
break;
#endif
default:
retval = -1;
break;
}
if (len_out >= 0) {
@ -804,11 +964,14 @@ fileStat(cfp, buf)
case simpleSocket:
retval = fstat(cfp->fd, buf);
break;
#ifdef TLS_SUPPORT
case TLSSocket:
#if HAVE_OPENSSL
case SSLSocket:
retval = -1;
break;
#endif
default:
retval = -1;
break;
}
return retval;
@ -834,17 +997,20 @@ fileSeek(cfp, offset, whence)
case simpleSocket:
retval = lseek(cfp->fd, offset, whence);
break;
#ifdef TLS_SUPPORT
case TLSSocket:
#if HAVE_OPENSSL
case SSLSocket:
retval = -1;
break;
#endif
default:
retval = -1;
break;
}
return retval;
}
/* Unless otherwise stated, returns the same values as lseek(2) */
/* Returns the file descriptor number of the underlying file */
int
#if USE_ANSI_PROTO
fileFDNum(CONSFILE * cfp)
@ -862,16 +1028,82 @@ fileFDNum(cfp)
case simpleSocket:
retval = cfp->fd;
break;
#ifdef TLS_SUPPORT
case TLSSocket:
retval = -1;
#if HAVE_OPENSSL
case SSLSocket:
retval = cfp->fd;
break;
#endif
default:
retval = cfp->fd;
break;
}
return retval;
}
/* Returns the file type */
enum consFileType
#if USE_ANSI_PROTO
fileGetType(CONSFILE * cfp)
#else
fileGetType(cfp)
CONSFILE *cfp;
#endif
{
switch (cfp->ftype) {
case simpleFile:
return simpleFile;
case simpleSocket:
return simpleSocket;
#if HAVE_OPENSSL
case SSLSocket:
return SSLSocket;
#endif
default:
return nothing;
}
}
/* Sets the file type */
void
#if USE_ANSI_PROTO
fileSetType(CONSFILE * cfp, enum consFileType type)
#else
fileSetType(cfp, type)
CONSFILE *cfp;
enum consFileType type;
#endif
{
cfp->ftype = type;
}
#if HAVE_OPENSSL
/* Get the SSL instance */
SSL *
#if USE_ANSI_PROTO
fileGetSSL(CONSFILE * cfp)
#else
fileGetSSL(cfp)
CONSFILE *cfp;
#endif
{
return cfp->ssl;
}
/* Sets the SSL instance */
void
#if USE_ANSI_PROTO
fileSetSSL(CONSFILE * cfp, SSL * ssl)
#else
fileSetSSL(cfp, ssl)
CONSFILE *cfp;
SSL *ssl;
#endif
{
cfp->ssl = ssl;
}
#endif
/* Unless otherwise stated, returns the same values as send(2) */
int
#if USE_ANSI_PROTO
@ -893,12 +1125,54 @@ fileSend(cfp, msg, len, flags)
case simpleSocket:
retval = send(cfp->fd, msg, len, flags);
break;
#ifdef TLS_SUPPORT
case TLSSocket:
retval = -1;
#if HAVE_OPENSSL
case SSLSocket:
retval = send(cfp->fd, msg, len, flags);
break;
#endif
default:
retval = -1;
break;
}
return retval;
}
#if HAVE_OPENSSL
/* Unless otherwise stated, returns the same values as send(2) */
int
#if USE_ANSI_PROTO
ssl_verify_callback(int ok, X509_STORE_CTX * store)
#else
ssl_verify_callback(ok, store)
int ok;
X509_STORE_CTX *store;
#endif
{
char data[256];
if (ok) {
if (fDebug) {
X509 *cert = X509_STORE_CTX_get_current_cert(store);
int depth = X509_STORE_CTX_get_error_depth(store);
Debug(1, "Info of SSL certificate at depth: %d", depth);
X509_NAME_oneline(X509_get_issuer_name(cert), data, 256);
Debug(1, " Issuer = %s", data);
X509_NAME_oneline(X509_get_subject_name(cert), data, 256);
Debug(1, " Subject = %s", data);
}
} else {
X509 *cert = X509_STORE_CTX_get_current_cert(store);
int depth = X509_STORE_CTX_get_error_depth(store);
int err = X509_STORE_CTX_get_error(store);
Error("Error with SSL certificate at depth: %d", depth);
X509_NAME_oneline(X509_get_issuer_name(cert), data, 256);
Error(" Issuer = %s", data);
X509_NAME_oneline(X509_get_subject_name(cert), data, 256);
Error(" Subject = %s", data);
Error(" Error #%d: %s", err, X509_verify_cert_error_string(err));
}
return ok;
}
#endif

40
conserver/util.h
View File

@ -1,5 +1,5 @@
/*
* $Id: util.h,v 1.24 2002-09-22 14:13:47-07 bryan Exp $
* $Id: util.h,v 1.32 2002-10-01 20:52:02-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -11,6 +11,10 @@
#else
#include <varargs.h>
#endif
#if HAVE_OPENSSL
#include <openssl/ssl.h>
#include <openssl/err.h>
#endif
/* communication constants
*/
@ -23,10 +27,11 @@
*/
enum consFileType {
simpleFile,
simpleSocket
#ifdef TLS_SUPPORT
,TLSSocket
simpleSocket,
#if HAVE_OPENSSL
SSLSocket,
#endif
nothing
};
typedef struct dynamicString {
@ -39,12 +44,11 @@ typedef struct consFile {
/* Standard socket type stuff */
enum consFileType ftype;
int fd;
#ifdef TLS_SUPPORT
/* TLS/SSL stuff */
SSL_CTX *ctx;
SSL *sslfd;
BIO *sbio;
int ctx_connections;
#if HAVE_OPENSSL
/* SSL stuff */
SSL *ssl;
int waitonWrite;
int waitonRead;
#endif
/* Add crypto stuff to suit */
} CONSFILE;
@ -59,7 +63,7 @@ extern void Error(char *, ...);
extern void Info(char *, ...);
extern void simpleSignal(int, RETSIGTYPE(*)(int));
extern int cmaxfiles();
extern void FmtCtlStr(char *, STRING *);
extern void FmtCtlStr(char *, int, STRING *);
extern CONSFILE *fileOpenFD(int, enum consFileType);
extern CONSFILE *fileOpen(const char *, int, int);
extern int fileClose(CONSFILE **);
@ -79,6 +83,13 @@ extern char *buildMyStringChar(const char, STRING *);
extern void initString(STRING *);
extern void destroyString(STRING *);
extern char *readLine(FILE *, STRING *, int *);
extern enum consFileType fileGetType(CONSFILE *);
extern void fileSetType(CONSFILE *, enum consFileType);
#if HAVE_OPENSSL
extern SSL *fileGetSSL(CONSFILE *);
extern void fileSetSSL(CONSFILE *, SSL *);
extern int ssl_verify_callback(int, X509_STORE_CTX *);
#endif
#else
extern void Debug();
extern void Error();
@ -105,4 +116,11 @@ extern char *buildMyStringChar();
extern void initString();
extern void destroyString();
extern char *readLine();
extern enum consFileType fileGetType();
extern void fileSetType();
#if HAVE_OPENSSL
extern SSL *fileGetSSL();
extern void fileSetSSL();
extern int ssl_verify_callback();
#endif
#endif

4
conserver/version.h
View File

@ -1,5 +1,5 @@
/*
* $Id: version.h,v 1.37 2002-09-23 13:56:45-07 bryan Exp $
* $Id: version.h,v 1.39 2002-10-14 12:19:27-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -14,4 +14,4 @@
@(#) Copyright 2000 conserver.com.\n\
All rights reserved.\n"
#define THIS_VERSION "conserver.com version 7.2.3"
#define THIS_VERSION "conserver.com version 7.2.4"

388
console/console.c
View File

@ -1,5 +1,5 @@
/*
* $Id: console.c,v 5.85 2002-09-23 11:40:51-07 bryan Exp $
* $Id: console.c,v 5.99 2002-10-12 20:06:57-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
@ -40,23 +40,116 @@
#include <pwd.h>
#include <ctype.h>
#include <sys/stat.h>
#if HAVE_OPENSSL
#include <openssl/ssl.h>
#include <openssl/err.h>
#endif
#include <compat.h>
#include <port.h>
#include <util.h>
#include <version.h>
int fVerbose = 0, fReplay = 0, fRaw = 0, fVersion = 0, fStrip = 0;
#if HAVE_OPENSSL
int fReqEncryption = 1;
char *pcCredFile = (char *)0;
#endif
int chAttn = -1, chEsc = -1;
char *pcInMaster = /* which machine is current */
MASTERHOST;
char *pcPort = DEFPORT;
unsigned short bindPort;
CONSFILE *cfstdout;
static char acMesg[8192]; /* the buffer for startup negotiation */
#if HAVE_OPENSSL
SSL_CTX *ctx = (SSL_CTX *) 0;
void
#if USE_ANSI_PROTO
setupSSL(void)
#else
setupSSL()
#endif
{
if (ctx == (SSL_CTX *) 0) {
SSL_load_error_strings();
if (!SSL_library_init()) {
Error("SSL library initialization failed");
exit(EX_UNAVAILABLE);
}
if ((ctx = SSL_CTX_new(SSLv23_method())) == (SSL_CTX *) 0) {
Error("Creating SSL context failed");
exit(EX_UNAVAILABLE);
}
if (SSL_CTX_set_default_verify_paths(ctx) != 1) {
Error("Could not load SSL default CA file and/or directory");
exit(EX_UNAVAILABLE);
}
if (pcCredFile != (char *)0) {
if (SSL_CTX_use_certificate_chain_file(ctx, pcCredFile) != 1) {
Error("Could not load SSL certificate from '%s'",
pcCredFile);
exit(EX_UNAVAILABLE);
}
if (SSL_CTX_use_PrivateKey_file
(ctx, pcCredFile, SSL_FILETYPE_PEM) != 1) {
Error("Could not SSL private key from '%s'", pcCredFile);
exit(EX_UNAVAILABLE);
}
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, ssl_verify_callback);
SSL_CTX_set_options(ctx,
SSL_OP_ALL | SSL_OP_NO_SSLv2 |
SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_mode(ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
SSL_MODE_AUTO_RETRY);
if (SSL_CTX_set_cipher_list(ctx, "ALL:!LOW:!EXP:!MD5:@STRENGTH") !=
1) {
Error("Setting SSL cipher list failed");
exit(EX_UNAVAILABLE);
}
}
}
void
#if USE_ANSI_PROTO
attemptSSL(CONSFILE * pcf)
#else
attemptSSL(pcf)
CONSFILE *pcf;
#endif
{
SSL *ssl;
if (ctx == (SSL_CTX *) 0) {
Error("WTF? The SSL context disappeared?!?!?");
exit(EX_UNAVAILABLE);
}
if (!(ssl = SSL_new(ctx))) {
Error("Couldn't create new SSL context");
exit(EX_UNAVAILABLE);
}
fileSetSSL(pcf, ssl);
SSL_set_fd(ssl, fileFDNum(pcf));
Debug(1, "About to SSL_connect() on fd %d", fileFDNum(pcf));
if (SSL_connect(ssl) <= 0) {
Error("SSL negotiation failed");
ERR_print_errors_fp(stderr);
exit(EX_UNAVAILABLE);
}
fileSetType(pcf, SSLSocket);
if (fDebug)
Debug(1, "SSL Connection: %s :: %s", SSL_get_cipher_version(ssl),
SSL_get_cipher_name(ssl));
}
#endif
/* output a control (or plain) character as a UNIX user would expect it (ksb)
*/
static void
@ -89,8 +182,18 @@ static char *apcLong[] = {
"7 strip the high bit of all console data",
"a(A) attach politely (and replay last 20 lines)",
"b send broadcast message",
#if HAVE_OPENSSL
"c cred load an SSL certificate and key from the PEM encoded file",
#else
"c cred ignored - encryption not compiled into code",
#endif
"D enable debug output, sent to stderr",
"e esc set the initial escape characters",
#if HAVE_OPENSSL
"E don't require encrypted connections",
#else
"E ignored - encryption not compiled into code",
#endif
"f(F) force read/write connection (and replay)",
"G connect to the console group only",
"i display information in machine-parseable form",
@ -134,6 +237,22 @@ Version()
#endif
{
int i;
static STRING acA1 = { (char *)0, 0, 0 };
char *optionlist[] = {
#if USE_LIBWRAP
"libwrap",
#endif
#if HAVE_OPENSSL
"openssl",
#endif
#if HAVE_PAM
"pam",
#endif
#if HAVE_POSIX_REGCOMP
"regex",
#endif
(char *)0
};
Info("%s", THIS_VERSION);
Info("initial master server `%s\'", pcInMaster);
@ -160,6 +279,18 @@ Version()
Info("on port %u (referenced as `%s')", bindPort, pcPort);
}
}
buildMyString((char *)0, &acA1);
if (optionlist[0] == (char *)0)
buildMyString("none", &acA1);
for (i = 0; optionlist[i] != (char *)0; i++) {
if (i == 0)
buildMyString(optionlist[i], &acA1);
else {
buildMyString(", ", &acA1);
buildMyString(optionlist[i], &acA1);
}
}
Info("options: %s", acA1.string);
Info("built with `%s'", CONFIGINVOCATION);
if (fVerbose)
printf(COPYRIGHT);
@ -277,7 +408,7 @@ ParseEsc(pcText)
* return the fd for the new connection; if we can use the loopback, do
* as a side effect we set ThisHost to a short name for this host
*/
int
CONSFILE *
#if USE_ANSI_PROTO
GetPort(char *pcToHost, struct sockaddr_in *pPort, unsigned short sPort)
#else
@ -337,7 +468,7 @@ GetPort(pcToHost, pPort, sPort)
exit(EX_UNAVAILABLE);
}
return s;
return fileOpenFD(s, simpleSocket);
}
@ -510,10 +641,11 @@ c2cooked()
*/
static void
#if USE_ANSI_PROTO
SendOut(int fd, char *pcBuf, int iLen)
SendOut(CONSFILE * fd, char *pcBuf, int iLen)
#else
SendOut(fd, pcBuf, iLen)
int fd, iLen;
CONSFILE *fd;
int iLen;
char *pcBuf;
#endif
{
@ -521,11 +653,11 @@ SendOut(fd, pcBuf, iLen)
if (fDebug) {
static STRING buf = { (char *)0, 0, 0 };
FmtCtlStr(pcBuf, &buf);
FmtCtlStr(pcBuf, iLen, &buf);
Debug(1, "SendOut: `%s'", buf.string);
}
while (0 != iLen) {
if (-1 == (nr = write(fd, pcBuf, iLen))) {
if (-1 == (nr = fileWrite(fd, pcBuf, iLen))) {
c2cooked();
Error("lost connection");
exit(EX_UNAVAILABLE);
@ -540,10 +672,11 @@ SendOut(fd, pcBuf, iLen)
*/
static int
#if USE_ANSI_PROTO
ReadReply(int fd, char *pcBuf, int iLen, char *pcWant)
ReadReply(CONSFILE * fd, char *pcBuf, int iLen, char *pcWant)
#else
ReadReply(fd, pcBuf, iLen, pcWant)
int fd, iLen;
CONSFILE *fd;
int iLen;
char *pcBuf, *pcWant;
#endif
{
@ -551,7 +684,7 @@ ReadReply(fd, pcBuf, iLen, pcWant)
iKeep = iLen;
for (j = 0; j < iLen; /* j+=nr */ ) {
switch (nr = read(fd, &pcBuf[j], iLen - 1)) {
switch (nr = fileRead(fd, &pcBuf[j], iLen - 1)) {
case 0:
if (iKeep != iLen) {
break;
@ -590,7 +723,7 @@ ReadReply(fd, pcBuf, iLen, pcWant)
}
if (fDebug) {
static STRING buf = { (char *)0, 0, 0 };
FmtCtlStr(pcWant, &buf);
FmtCtlStr(pcWant, -1, &buf);
if (strcmp(pcBuf, pcWant))
Debug(1, "ReadReply: didn't match `%s'", buf.string);
else
@ -615,16 +748,12 @@ Gather(pfi, pcPorts, pcMaster, pcTo, pcCmd, pcWho)
char *pcPorts, *pcMaster, *pcTo, *pcCmd, *pcWho;
#endif
{
int s;
CONSFILE *pcf;
unsigned short j;
char *pcNext, *pcServer;
STRING acExcg = { (char *)0, 0, 0 };
struct sockaddr_in client_port;
int iRet = 0;
#if defined(__CYGWIN__)
int client_sock_flags;
struct linger lingeropt;
#endif
for ( /* param */ ; '\000' != *pcPorts; pcPorts = pcNext) {
if ((char *)0 == (pcNext = strchr(pcPorts, ':')))
@ -651,9 +780,9 @@ Gather(pfi, pcPorts, pcMaster, pcTo, pcCmd, pcWho)
j = htons((short)atoi(pcPorts));
}
s = GetPort(acExcg.string, &client_port, j);
pcf = GetPort(acExcg.string, &client_port, j);
if (0 != ReadReply(s, acMesg, sizeof(acMesg), "ok\r\n")) {
if (0 != ReadReply(pcf, acMesg, sizeof(acMesg), "ok\r\n")) {
int s = strlen(acMesg);
if ((s > 0) && ('\n' == acMesg[s - 1]))
acMesg[s - 1] = '\000';
@ -661,35 +790,10 @@ Gather(pfi, pcPorts, pcMaster, pcTo, pcCmd, pcWho)
exit(EX_UNAVAILABLE);
}
iRet += (*pfi) (s, acExcg.string, pcTo, pcCmd, pcWho);
iRet += (*pfi) (pcf, acExcg.string, pcTo, pcCmd, pcWho);
#if defined(__CYGWIN__)
/* flush out the client socket - set it to blocking,
* then write to it
*/
client_sock_flags = fcntl(s, F_GETFL, 0);
if (client_sock_flags != -1)
/* enable blocking */
fcntl(s, F_SETFL, client_sock_flags & ~O_NONBLOCK);
fileClose(&pcf);
/* sent it a byte - guaranteed to block - ensure delivery of
* prior data yeah - this is a bit paranoid - try without this
* at first
*/
/* write(s, "\n", 1); */
/* this is the guts of the workaround for Winsock close bug */
shutdown(s, 1);
/* enable lingering */
lingeropt.l_onoff = 1;
lingeropt.l_linger = 15;
setsockopt(s, SOL_SOCKET, SO_LINGER, &lingeropt,
sizeof(lingeropt));
/* Winsock bug averted - now we're safe to close the socket */
#endif
(void)close(s);
if ((char *)0 != pcServer) {
*pcServer = '@';
}
@ -778,10 +882,11 @@ processUrgentData(s)
*/
static int
#if USE_ANSI_PROTO
CallUp(int s, char *pcMaster, char *pcMach, char *pcHow, char *pcUser)
CallUp(CONSFILE * pcf, char *pcMaster, char *pcMach, char *pcHow,
char *pcUser)
#else
CallUp(s, pcMaster, pcMach, pcHow, pcUser)
int s;
CallUp(pcf, pcMaster, pcMach, pcHow, pcUser)
CONSFILE *pcf;
char *pcMaster, *pcMach, *pcHow, *pcUser;
#endif
{
@ -797,8 +902,9 @@ CallUp(s, pcMaster, pcMach, pcHow, pcUser)
}
#if !defined(__CYGWIN__)
# if defined(F_SETOWN)
if (-1 == fcntl(s, F_SETOWN, getpid())) {
Error("fcntl(F_SETOWN,%d): %d: %s", getpid(), s, strerror(errno));
if (-1 == fcntl(fileFDNum(pcf), F_SETOWN, getpid())) {
Error("fcntl(F_SETOWN,%d): %d: %s", getpid(), fileFDNum(pcf),
strerror(errno));
}
# else
# if defined(SIOCSPGRP)
@ -807,8 +913,8 @@ CallUp(s, pcMaster, pcMach, pcHow, pcUser)
/* on the HP-UX systems if different
*/
iTemp = -getpid();
if (-1 == ioctl(s, SIOCSPGRP, &iTemp)) {
Error("ioctl: %d: %s", s, strerror(errno));
if (-1 == ioctl(fileFDNum(pcf), SIOCSPGRP, &iTemp)) {
Error("ioctl: %d: %s", fileFDNum(pcf), strerror(errno));
}
}
# endif
@ -829,8 +935,8 @@ CallUp(s, pcMaster, pcMach, pcHow, pcUser)
* (we'll find out soon enough)
*/
(void)sprintf(acMesg, "%c%ce%c%c", DEFATTN, DEFESC, chAttn, chEsc);
SendOut(s, acMesg, 5);
if (0 == ReadReply(s, acMesg, sizeof(acMesg), (char *)0)) {
SendOut(pcf, acMesg, 5);
if (0 == ReadReply(pcf, acMesg, sizeof(acMesg), (char *)0)) {
Error("protocol botch on redef of escape sequence");
exit(EX_UNAVAILABLE);
}
@ -849,22 +955,37 @@ CallUp(s, pcMaster, pcMach, pcHow, pcUser)
* access by default, which is fine for most people).
*/
if (!fRaw) {
#if HAVE_OPENSSL
(void)sprintf(acMesg, "%c%c*", chAttn, chEsc);
SendOut(pcf, acMesg, 3);
if (0 == ReadReply(pcf, acMesg, sizeof(acMesg), "[ssl:\r\n")) {
attemptSSL(pcf);
}
if (fReqEncryption && fileGetType(pcf) != SSLSocket) {
Error("Encryption not supported by server");
exit(EX_UNAVAILABLE);
}
#endif
/* begin connect with who we are
*/
(void)sprintf(acMesg, "%c%c;", chAttn, chEsc);
SendOut(s, acMesg, 3);
if (0 != ReadReply(s, acMesg, sizeof(acMesg), "[login:\r\n") &&
SendOut(pcf, acMesg, 3);
if (0 != ReadReply(pcf, acMesg, sizeof(acMesg), "[login:\r\n") &&
0 != strcmp(acMesg, "\r\n[login:\r\n")) {
int s = strlen(acMesg);
if ((s > 0) && ('\n' == acMesg[s - 1]))
acMesg[s - 1] = '\000';
Error("call: %s", acMesg);
if (0 != strcmp(acMesg, "[Encryption required\r\n")) {
if ((s > 0) && ('\n' == acMesg[s - 1]))
acMesg[s - 1] = '\000';
Error("call: %s", acMesg);
} else {
Error("Encryption required by server for login");
}
exit(EX_UNAVAILABLE);
}
(void)sprintf(acMesg, "%s\r\n", pcUser);
SendOut(s, acMesg, strlen(acMesg));
if (0 != ReadReply(s, acMesg, sizeof(acMesg), "host:\r\n")) {
SendOut(pcf, acMesg, strlen(acMesg));
if (0 != ReadReply(pcf, acMesg, sizeof(acMesg), "host:\r\n")) {
int s = strlen(acMesg);
if ((s > 0) && ('\n' == acMesg[s - 1]))
acMesg[s - 1] = '\000';
@ -875,8 +996,8 @@ CallUp(s, pcMaster, pcMach, pcHow, pcUser)
/* which host we want, and a passwd if asked for one
*/
(void)sprintf(acMesg, "%s\r\n", pcMach);
SendOut(s, acMesg, strlen(acMesg));
(void)ReadReply(s, acMesg, sizeof(acMesg), (char *)0);
SendOut(pcf, acMesg, strlen(acMesg));
(void)ReadReply(pcf, acMesg, sizeof(acMesg), (char *)0);
if (0 == strcmp(acMesg, "passwd:")) {
static STRING pass = { (char *)0, 0, 0 };
buildMyString((char *)0, &pass);
@ -888,8 +1009,8 @@ CallUp(s, pcMaster, pcMach, pcHow, pcUser)
buildMyString(getpass(acMesg), &pass);
#endif
buildMyString("\r\n", &pass);
SendOut(s, pass.string, strlen(pass.string));
(void)ReadReply(s, acMesg, sizeof(acMesg), (char *)0);
SendOut(pcf, pass.string, strlen(pass.string));
(void)ReadReply(pcf, acMesg, sizeof(acMesg), (char *)0);
}
/* how did we do, did we get a read-only or read-write?
@ -945,14 +1066,14 @@ CallUp(s, pcMaster, pcMach, pcHow, pcUser)
}
} else if (fIn != ('f' == *pcHow ? 'a' : *pcHow)) {
(void)sprintf(acMesg, "%c%c%c", chAttn, chEsc, *pcHow);
SendOut(s, acMesg, 3);
SendOut(pcf, acMesg, 3);
}
if (fReplay) {
(void)sprintf(acMesg, "%c%cr", chAttn, chEsc);
SendOut(s, acMesg, 3);
SendOut(pcf, acMesg, 3);
} else if (fVerbose) {
(void)sprintf(acMesg, "%c%c\022", chAttn, chEsc);
SendOut(s, acMesg, 3);
SendOut(pcf, acMesg, 3);
}
}
(void)fflush(stdout);
@ -966,12 +1087,12 @@ CallUp(s, pcMaster, pcMach, pcHow, pcUser)
* select, read, or write.
*/
FD_ZERO(&rinit);
FD_SET(s, &rinit);
FD_SET(fileFDNum(pcf), &rinit);
FD_SET(0, &rinit);
for (;;) {
justProcessedUrg = 0;
if (SawUrg) {
processUrgentData(s);
processUrgentData(fileFDNum(pcf));
justProcessedUrg = 1;
}
/* reset read mask and select on it
@ -982,14 +1103,14 @@ CallUp(s, pcMaster, pcMach, pcHow, pcUser)
(fd_set *) 0, (struct timeval *)0)) {
rmask = rinit;
if (SawUrg) {
processUrgentData(s);
processUrgentData(fileFDNum(pcf));
justProcessedUrg = 1;
}
}
/* anything from socket? */
if (FD_ISSET(s, &rmask)) {
if ((nc = read(s, acMesg, sizeof(acMesg))) == 0) {
if (FD_ISSET(fileFDNum(pcf), &rmask)) {
if ((nc = fileRead(pcf, acMesg, sizeof(acMesg))) == 0) {
if (justProcessedUrg) {
printf("\n");
Error("lost connection");
@ -1000,7 +1121,7 @@ CallUp(s, pcMaster, pcMach, pcHow, pcUser)
for (i = 0; i < nc; ++i)
acMesg[i] &= 127;
}
SendOut(1, acMesg, nc);
SendOut(cfstdout, acMesg, nc);
}
/* anything from stdin? */
@ -1011,7 +1132,7 @@ CallUp(s, pcMaster, pcMach, pcHow, pcUser)
for (i = 0; i < nc; ++i)
acMesg[i] &= 127;
}
SendOut(s, acMesg, nc);
SendOut(pcf, acMesg, nc);
}
}
c2cooked();
@ -1026,10 +1147,11 @@ CallUp(s, pcMaster, pcMach, pcHow, pcUser)
*/
static int
#if USE_ANSI_PROTO
Indir(int s, char *pcMaster, char *pcMach, char *pcCmd, char *pcWho)
Indir(CONSFILE * pcf, char *pcMaster, char *pcMach, char *pcCmd,
char *pcWho)
#else
Indir(s, pcMaster, pcMach, pcCmd, pcWho)
int s;
Indir(pcf, pcMaster, pcMach, pcCmd, pcWho)
CONSFILE *pcf;
char *pcMaster, *pcMach, *pcCmd, *pcWho;
#endif
{
@ -1038,10 +1160,10 @@ Indir(s, pcMaster, pcMach, pcCmd, pcWho)
/* send request for master list
*/
(void)sprintf(acPorts, "call:%s\r\n", pcMach);
SendOut(s, acPorts, strlen(acPorts));
SendOut(pcf, acPorts, strlen(acPorts));
/* get the ports number */
if (0 >= ReadReply(s, acPorts, sizeof(acPorts), (char *)0)) {
if (0 >= ReadReply(pcf, acPorts, sizeof(acPorts), (char *)0)) {
Error("master forward broken");
exit(EX_UNAVAILABLE);
}
@ -1070,10 +1192,10 @@ Indir(s, pcMaster, pcMach, pcCmd, pcWho)
*/
static int
#if USE_ANSI_PROTO
Cmd(int s, char *pcMaster, char *pcMach, char *pcCmd, char *pcWho)
Cmd(CONSFILE * pcf, char *pcMaster, char *pcMach, char *pcCmd, char *pcWho)
#else
Cmd(s, pcMaster, pcMach, pcCmd, pcWho)
int s;
Cmd(pcf, pcMaster, pcMach, pcCmd, pcWho)
CONSFILE *pcf;
char *pcMaster, *pcMach, *pcCmd, *pcWho;
#endif
{
@ -1096,11 +1218,11 @@ Cmd(s, pcMaster, pcMach, pcCmd, pcWho)
if (*pcCmd == 'b') {
(void)sprintf(acMesg, "%c%c%c%s:%s\r%c%c.", DEFATTN, DEFESC,
*pcCmd, pcWho, pcMach, DEFATTN, DEFESC);
SendOut(s, acMesg, strlen(acMesg));
SendOut(pcf, acMesg, strlen(acMesg));
} else {
(void)sprintf(acMesg, "%c%c%c%c%c.", DEFATTN, DEFESC, *pcCmd,
DEFATTN, DEFESC);
SendOut(s, acMesg, 6);
SendOut(pcf, acMesg, 6);
}
/* read the server's reply,
@ -1110,7 +1232,7 @@ Cmd(s, pcMaster, pcMach, pcCmd, pcWho)
*/
iRem = iMax;
i = 0;
while (0 < (nr = read(s, pcBuf + i, iRem))) {
while (0 < (nr = fileRead(pcf, pcBuf + i, iRem))) {
i += nr;
iRem -= nr;
if (iRem >= BUF_MIN) {
@ -1160,10 +1282,11 @@ Cmd(s, pcMaster, pcMach, pcCmd, pcWho)
*/
static int
#if USE_ANSI_PROTO
CmdGroup(int s, char *pcMaster, char *pcMach, char *pcCmd, char *pcWho)
CmdGroup(CONSFILE * pcf, char *pcMaster, char *pcMach, char *pcCmd,
char *pcWho)
#else
CmdGroup(s, pcMaster, pcMach, pcCmd, pcWho)
int s;
CmdGroup(pcf, pcMaster, pcMach, pcCmd, pcWho)
CONSFILE *pcf;
char *pcMaster, *pcMach, *pcCmd, *pcWho;
#endif
{
@ -1172,10 +1295,10 @@ CmdGroup(s, pcMaster, pcMach, pcCmd, pcWho)
/* send request for master list
*/
(void)sprintf(acPorts, "groups\r\n");
SendOut(s, acPorts, strlen(acPorts));
SendOut(pcf, acPorts, strlen(acPorts));
/* get the ports number */
if (0 >= ReadReply(s, acPorts, sizeof(acPorts), (char *)0)) {
if (0 >= ReadReply(pcf, acPorts, sizeof(acPorts), (char *)0)) {
Error("master forward broken");
exit(EX_UNAVAILABLE);
}
@ -1193,10 +1316,11 @@ CmdGroup(s, pcMaster, pcMach, pcCmd, pcWho)
*/
static int
#if USE_ANSI_PROTO
CmdMaster(int s, char *pcMaster, char *pcMach, char *pcCmd, char *pcWho)
CmdMaster(CONSFILE * pcf, char *pcMaster, char *pcMach, char *pcCmd,
char *pcWho)
#else
CmdMaster(s, pcMaster, pcMach, pcCmd, pcWho)
int s;
CmdMaster(pcf, pcMaster, pcMach, pcCmd, pcWho)
CONSFILE *pcf;
char *pcMaster, *pcMach, *pcCmd, *pcWho;
#endif
{
@ -1204,10 +1328,10 @@ CmdMaster(s, pcMaster, pcMach, pcCmd, pcWho)
/* send request for master list
*/
SendOut(s, "master\r\n", 8);
SendOut(pcf, "master\r\n", 8);
/* get the ports number */
if (0 >= ReadReply(s, acPorts, sizeof(acPorts), (char *)0)) {
if (0 >= ReadReply(pcf, acPorts, sizeof(acPorts), (char *)0)) {
Error("master forward broken");
exit(EX_UNAVAILABLE);
}
@ -1223,10 +1347,10 @@ CmdMaster(s, pcMaster, pcMach, pcCmd, pcWho)
*/
static int
#if USE_ANSI_PROTO
Ctl(int s, char *pcMaster, char *pcMach, char *pcCmd, char *pcWho)
Ctl(CONSFILE * pcf, char *pcMaster, char *pcMach, char *pcCmd, char *pcWho)
#else
Ctl(s, pcMaster, pcMach, pcCmd, pcWho)
int s;
Ctl(pcf, pcMaster, pcMach, pcCmd, pcWho)
CONSFILE *pcf;
char *pcMaster, *pcMach, *pcCmd, *pcWho;
#endif
{
@ -1235,10 +1359,10 @@ Ctl(s, pcMaster, pcMach, pcCmd, pcWho)
/* send request for master list
*/
(void)sprintf(acPorts, "%s:%s\r\n", pcCmd, pcMach);
SendOut(s, acPorts, strlen(acPorts));
SendOut(pcf, acPorts, strlen(acPorts));
/* get the ports number */
if (0 >= ReadReply(s, acPorts, sizeof(acPorts), (char *)0)) {
if (0 >= ReadReply(pcf, acPorts, sizeof(acPorts), (char *)0)) {
Error("group leader died?");
return 1;
}
@ -1258,10 +1382,11 @@ Ctl(s, pcMaster, pcMach, pcCmd, pcWho)
*/
static int
#if USE_ANSI_PROTO
CtlMaster(int s, char *pcMaster, char *pcMach, char *pcCmd, char *pcWho)
CtlMaster(CONSFILE * pcf, char *pcMaster, char *pcMach, char *pcCmd,
char *pcWho)
#else
CtlMaster(s, pcMaster, pcMach, pcCmd, pcWho)
int s;
CtlMaster(pcf, pcMaster, pcMach, pcCmd, pcWho)
CONSFILE *pcf;
char *pcMaster, *pcMach, *pcCmd, *pcWho;
#endif
{
@ -1269,10 +1394,10 @@ CtlMaster(s, pcMaster, pcMach, pcCmd, pcWho)
/* send request for master list
*/
SendOut(s, "master\r\n", 8);
SendOut(pcf, "master\r\n", 8);
/* get the ports number */
if (0 >= ReadReply(s, acPorts, sizeof(acPorts), (char *)0)) {
if (0 >= ReadReply(pcf, acPorts, sizeof(acPorts), (char *)0)) {
Error("master forward broken");
exit(EX_UNAVAILABLE);
}
@ -1298,7 +1423,7 @@ main(argc, argv)
char **argv;
#endif
{
char *ptr, *pcCmd, *pcTo;
char *pcCmd, *pcTo;
struct passwd *pwdMe;
int opt;
int fLocal;
@ -1306,7 +1431,7 @@ main(argc, argv)
char *pcUser = (char *)0;
char *pcMsg = (char *)0;
int (*pfiCall) ();
static char acOpts[] = "7aAb:De:fFGhil:M:p:PqQrRsSuvVwWx";
static char acOpts[] = "7aAb:c:De:EfFGhil:M:p:PqQrRsSuvVwWx";
extern int optind;
extern int optopt;
extern char *optarg;
@ -1342,10 +1467,22 @@ main(argc, argv)
pcMsg = optarg;
break;
case 'c':
#if HAVE_OPENSSL
pcCredFile = optarg;
#endif
break;
case 'D':
fDebug++;
break;
case 'E':
#if HAVE_OPENSSL
fReqEncryption = 0;
#endif
break;
case 'e': /* set escape chars */
ParseEsc(optarg);
break;
@ -1430,7 +1567,7 @@ main(argc, argv)
default: /* huh? */
Error
("usage [-aAfFGsS] [-7Dv] [-M mach] [-p port] [-e esc] [-l username] console");
("usage [-aAEfFGsS] [-7Dv] [-c cred] [-M mach] [-p port] [-e esc] [-l username] console");
Error
("usage [-hPrRuVwWx] [-7Dv] [-M mach] [-p port] [-b message]");
Error("usage [-qQ] [-7Dv] [-M mach] [-p port]");
@ -1468,17 +1605,24 @@ main(argc, argv)
}
}
if ((char *)0 == pcUser) {
if (((char *)0 != (ptr = getenv("USER")) ||
(char *)0 != (ptr = getenv("LOGNAME"))) &&
(struct passwd *)0 != (pwdMe = getpwnam(ptr)) &&
getuid() == pwdMe->pw_uid) {
/* use the login $USER is set to, if it is our (real) uid */ ;
} else if ((struct passwd *)0 == (pwdMe = getpwuid(getuid()))) {
Error("getpwuid: %d: %s", (int)(getuid()), strerror(errno));
if (pcUser == (char *)0 || pcUser[0] == '\000') {
if (((pcUser = getenv("LOGNAME")) == (char *)0) &&
((pcUser = getenv("USER")) == (char *)0) &&
((pwdMe = getpwuid(getuid())) == (struct passwd *)0)) {
Error
("$LOGNAME and $USER do not exist and getpwuid fails: %d: %s",
(int)(getuid()), strerror(errno));
exit(EX_UNAVAILABLE);
}
pcUser = pwdMe->pw_name;
if (pcUser == (char *)0) {
if (pwdMe->pw_name == (char *)0 || pwdMe->pw_name[0] == '\000') {
Error("Username for uid %d does not exist",
(int)(getuid()));
exit(EX_UNAVAILABLE);
} else {
pcUser = pwdMe->pw_name;
}
}
}
/* finish resolving the command to do, call Gather
@ -1504,10 +1648,16 @@ main(argc, argv)
exit(EX_UNAVAILABLE);
}
cfstdout = fileOpenFD(1, simpleFile);
buildMyString((char *)0, &acPorts);
buildMyStringChar('@', &acPorts);
buildMyString(pcInMaster, &acPorts);
#if HAVE_OPENSSL
setupSSL(); /* should only do if we want ssl - provide flag! */
#endif
if ('q' == *pcCmd) {
static STRING acPass = { (char *)0, 0, 0 };
buildMyString((char *)0, &acPass);

24
console/console.man
View File

@ -1,9 +1,10 @@
.\" $Id: console.man,v 1.21 2002-09-22 10:20:43-07 bryan Exp $
.\" $Id: console.man,v 1.23 2002-10-09 13:26:31-07 bryan Exp $
.TH CONSOLE 1 "Local"
.SH NAME
console \- console server client program
.SH SYNOPSIS
\fBconsole\fP [\fB\-aAfFGsS\fP] [\fB\-7Dv\fP] [\fB\-M\fP \fImach\fP]
\fBconsole\fP [\fB\-aAEfFGsS\fP] [\fB\-7Dv\fP]
[\fB\-c\fP \fIcred\fP] [\fB\-M\fP \fImach\fP]
[\fB\-p\fP \fIport\fP] [\fB\-e\fP \fIesc\fP] [\fB\-l\fP \fIuser\fP]
\fIconsole\fP
.br
@ -74,6 +75,9 @@ The connection is dropped to spy mode if someone else is attached read-write.
.BI \-b message
Broadcast a \fImessage\fP to all users connected to the console server.
.TP
.BI \-c cred
Load an SSL certificate and key from the PEM encoded file \fIcred\fP.
.TP
.B \-D
Enable debugging output.
.TP
@ -83,6 +87,11 @@ those represented by \fIesc\fP.
Any of the forms output by \fBcat\fP(1)'s \-\fBv\fP option
are accepted. The default value is ``\fB^Ec\fP''.
.TP
.B \-E
If encryption has been built into the code (\fB--with-openssl\fP), encrypted
client connections are a requirement. This option allows the client to
connect to a console over a non-encrypted connection.
.TP
.B \-f
Same as \fB\-a\fP except it will force any existing connection into spy mode.
.TP
@ -342,15 +351,20 @@ console \-e \*(lq^[1\*(rq lv426
Requests a connection to the host ``lv426'' with the escape characters
set to ``escape one''.
.SH BUGS
All client/server traffic (including root and user passwords) is
passed ``in the clear''. Extreme care should be taken to insure no one
is ``snooping'' this private data. One day the traffic will be encrypted.
SSL encryption only occurs when connecting to a single console, not
on all client/server activity. The \fB-q\fP/\fB-Q\fP quit command will
pass the root password in the clear. Other info-type
options (like \fB-i\fP, \fB-w\fP, etc)
are all sent unencrypted as well. This should be fixed soon.
.PP
It is possible to create a loop of console connections, with ugly results.
Never run \fBconsole\fP from within a console connection (unless you set each
escape sequence differently).
.PP
The \fB\-G\fP option doesn't help to explain how connections get built.
.PP
I'm sure there are more, I just don't know where they are. Please
let me know if you find any.
.SH AUTHORS
Thomas A. Fine, Ohio State Computer Science
.br

6
contrib/README
View File

@ -8,11 +8,15 @@ Various contributions by folks....
Author: Paul Heinlein <heinlein@measurecast.com>
Synopsis: Files for a Redhat-tuned RPM
maketestcerts
Author: Bryan Stansell <bryan@conserver.com>
Synopsis: Silly script I used to create test SSL certs
I can't verify that these scripts will work for everyone. Hopefully they
will be helpful.
Bryan Stansell
#
# $Id: README,v 1.2 2001-06-15 06:02:59-07 bryan Exp $
# $Id: README,v 1.3 2002-10-13 19:57:44-07 bryan Exp $
#

52
contrib/maketestcerts Executable file
View File

@ -0,0 +1,52 @@
#!/bin/sh
#
# This is a "simple" script that I've used to create test certificates
# for conserver and it's OpenSSL bits. It's far from perfect...or useful
# outside of my own purposes. If this helps, cool. In the end I put
# the rootcert.pem file in my global certs directory, point the server to
# server.pem and point the client at client.pem. Ugly, yeah, but it's an
# ok test.
#
[ -f rootreq.pem -a -f rootkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem -passin pass:pass -passout pass:pass
US
California
Folsom
conserver.com
Conserver CA
conserver.com
EOD
[ -f rootcert.pem ] || openssl x509 -req -in rootreq.pem -sha1 -extensions v3_ca -signkey rootkey.pem -out rootcert.pem
[ -f root.pem ] || cat rootcert.pem rootkey.pem > root.pem
[ -f serverreq.pem -a -f serverkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem -passin pass:pass -passout pass:pass
US
California
Folsom
conserver.com
conserver
conserver
EOD
[ -f servercert.pem ] || openssl x509 -req -in serverreq.pem -sha1 -extensions usr_cert -CA root.pem -CAkey root.pem -CAcreateserial -out servercert.pem
[ -f server.pem ] || cat servercert.pem serverkey.pem rootcert.pem > server.pem
[ -f clientreq.pem -a -f clientkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem -passin pass:pass -passout pass:pass
US
California
Folsom
conserver.com
console
console
EOD
[ -f clientcert.pem ] || openssl x509 -req -in clientreq.pem -sha1 -extensions usr_cert -CA root.pem -CAkey root.pem -CAcreateserial -out clientcert.pem
[ -f client.pem ] || cat clientcert.pem clientkey.pem rootcert.pem > client.pem

2
contrib/redhat-rpm/conserver.spec
View File

@ -4,7 +4,7 @@
#
%define pkg conserver
%define ver 7.2.3
%define ver 7.2.4
# define the name of the machine on which the main conserver
# daemon will be running if you don't want to use the default

2
contrib/solaris-package/pkginfo
View File

@ -1,7 +1,7 @@
PKG="conserver"
NAME="Console server and client"
CATEGORY="system"
VERSION="7.2.3"
VERSION="7.2.4"
DESC="Console server and client"
CLASSES=none
ARCH=sparc