Imported from conserver-8.0.0.tar.gz

2025-01-10 23:12:58 +00:00 · 2003-09-22 13:49:53 -07:00 · 2003-09-22 13:49:53 -07:00 · 4f71385126
commit 4f71385126
parent 626270495d
57 changed files with 13963 additions and 7864 deletions
--- a/90
+++ b/90
@ -1,6 +1,94 @@
 				CHANGES
 				=======
 version 8.0.0 (Sep 22, 2003):
 	- better error messages and management of the user's password
 	- 8.0.0-beta4 mistakenly lost conserver.passwd usage
 	- empty passwords now don't trigger a passwd prompt (like 7.2.7)
 	- upgraded to autoconf-2.57 and use recent config.guess/sub
 	  files - suggested by Jorgen Hagg <jorgen.hagg@axis.com>
 	- we now install the conserver.rc file as well as sample
 	  conserver.cf and conserver.passwd files in
 	  $(prefix)/share/examples/conserver - suggested by
 	  Hubert Feyrer <hubertf@netbsd.org>
 version 8.0.0-beta4 (Aug 24, 2003):
 	- totally rewrote the client/server communication, allowing SSL
 	  connections to occur first, protecting *all* information
 	- added 'admin' keyword to the 'access' portion of the config
 	  file for specifying users able to issue the 'quit' command
 	- removed client -G option since it's not really useful any more
 	- added client -t option for sending "text messages" to users,
 	  which is similar to broadcast messages, but you can specify
 	  the user and/or console - suggested by Trevor Fiatal
 	  <trevor@seven.com>
 	- added client -d option for disconnecting users specified by
 	  username and/or console - suggested by Trevor Fiatal
 	  <trevor@seven.com>
 	- removed --with-64bit configure option as 64bit operation is
 	  reported to work just fine
 	- break strings with '\d' are interpreted as a delay, which can
 	  be specified in the config file (default 250ms)
 	- removed 'reset -x' portion of default break sequence #3
 	- remote conserver hostnames now properly match - had to be a
 	  character string match previously
 	- hostname aliases now checked against access lists and the
 	  matched name is used for logging
 	- added --with-trustrevdns to enable the use of reverse DNS
 	  information for access list checks [not recommended] - see the
 	  INSTALL file for full details on who should actually need this
 	  Many thanks to Chuck Rouzer <crouzer@yahoo.com> for all the
 	  help with FreeBSD support and the following issues...
 	- fixed 'make test' problem on hosts where 'localhost' doesn't
 	  resolve to 127.0.0.1
 	- fixed interface probe problem under *BSD
 	- added openpty() interface for pty allocation
 version 8.0.0-beta3 (Aug 8, 2003):
 	- master process no longer forks on client requests - handles
 	  them with select() like child process
 	- alarm()/SIGALRM usage removed and replaced with counters and
 	  timer on select() call
 	- removed caching of timeouts to terminal servers - each
 	  socket connection now has a proper timeout (and can happen
 	  simultaniously)
 	- partial write()s are properly buffered and retried
 	- made all sockets (including SSL) non-buffered
 	- client now supports piping data to it and properly printing
 	  all server data ("echo '^Ecr^Ec.' | console universe")
 version 8.0.0-beta2 (Jul 17, 2003):
 	- console aliases added with 'aliases' console keyword
 	- two stop bit support for serial devices - requested by Kelly
 	  Setzer <setzer@placemark.com>
 	- added support for inet_aton() over inet_addr()
 	- all server interfaces now used to identify console management
 	- server interfaces probed with SIOCGIFCONF ioctl, if available
 	- added flow control options 'ixon', 'ixany', 'ixoff', and
 	  'crtscts'
 	- added info to console client -i output
 	- man pages updated, however the wording needs work
 version 8.0.0-beta1 (Jul 4, 2003):
 	- ***NOTICE*** the format of conserver.cf and conserver.passwd
 	  has completely changed.  see the INSTALL file for
 	  upgrade instructions (it should be "fairly painless").
 	  some documentation has been updated to reflect the new world,
 	  some hasn't - my goal for beta2 is to have all the docs updated
 	- many command-line options now also conserver.cf options options
 	- POSIX termios interface now required for compilation - some
 	  POSIX requirements were already in the code and others will
 	  undoubtedly creep in as time goes by
 	- configure --with-regex option removed because of conserver.cf
 	  and conserver.passwd changes
 	- added -S option to server for syntax checking of the
 	  configuration file - suggested by Dave Stuit <djs@tellme.com>
 	- authorized users now either have r/w or r/o access to consoles
 	- getpassword.o replaces getpass() and getpassphrase() so we can
 	  get any string length
 	- fixed rm commands in test script - patch by Petter Reinholdtsen
 	  <pere@hungry.com>
 version 7.2.7 (Apr 9, 2003):
 	- added test suite ('make test') for basic client/server
 	  communication tests
@ -429,5 +517,5 @@ before version 6.05:
 	  and enhancements of various types were applied.
 #
-#  $Id: CHANGES,v 1.82 2003-04-09 07:20:21-07 bryan Exp $
+#  $Id: CHANGES,v 1.103 2003-09-22 10:42:00-07 bryan Exp $
 #
--- a/20
+++ b/20
@ -65,23 +65,25 @@ directed to faq@conserver.com.  The FAQ answers the following questions:
    When conserver was compiled, it was told to use the /etc/services
    entry of "conserver" (what came after getservbyname:).  You'll need
    to either recompile conserver and hard-code a port number (using
-    PORT instead of SERVICE in conserver/cons.h) or enter "conserver"
+    --with-port=<num>) or enter "conserver" in /etc/services.
    in /etc/services.
 6) What does "console: gethostbyname: console: host lookup error"
    mean (or something close to that)?
    When the console command was compiled, it was told to use the
    hostname "console" (what came after gethostbyname:) as the master
-    conserver host.  You'll need to either recompile console with the
+    conserver host.  You'll need to either reconfigure with the
-    appropriate name of your conserver host or add an alias of "console".
+    appropriate name of your conserver host (--with-master=<name>) or
-    In most cases, adding an alias is my suggestion.
+    add an alias of "console".  In most cases, adding an alias is my
    suggestion.
 7) How do I set up a local serial port for no parity?
-    The conserver.cf man page will have this in the 6.17 release,
+    The manpage has the answer to this question.  For those that don't
-    but the answer is to use a 'p' after the baud rate.  So, '9600p'
+    want to read it, here are some guidelines.  For pre-7.2.2, you'd
-    is 9600 baud, no parity.
+    want to use a 'p' after the baud rate ("9600p", for example).  For
    7.2.2 thru 7.2.7, you can use an 'n'.  For 8.0.0 and beyond, you use
    'parity none;'.
 8) Is "Conserver" a trademark or registered trademark?
@ -184,5 +186,5 @@ directed to faq@conserver.com.  The FAQ answers the following questions:
      through the same problem?
 #
-#  $Id: FAQ,v 1.8 2003-04-08 14:05:16-07 bryan Exp $
+#  $Id: FAQ,v 1.9 2003-08-23 12:27:10-07 bryan Exp $
 #
--- a/53
+++ b/53
@ -10,6 +10,54 @@ Upgrading?
    new features added to the client if you're considering *not*
    upgrading.
    Version 8.0.0
 	- The client/server protocol has been rearchitected.  You *MUST*
 	  use an 8.0.0 client with an 8.0.0 server.  No combination of
 	  client/server will work with pre-8.0.0 code.
 	- Upgrading from pre-8.0.0 code to 8.0.0 and beyond requires
 	  you to change your conserver.cf and conserver.passwd files
 	  because both of the file formats have changed.
 	  The conserver.cf file changes are so major that there is a
 	  convert program available in the conserver subdirectory.  Just
 	  run './conserver/convert <old-cf-file>' and it will attempt a
 	  conversion to the new format, sending it to stdout.  Any errors
 	  will be printed to stderr.  There are a couple of things
 	  you might need to adjust.  First are the user access lists.
 	  If you are restricting users to certain consoles in your old
 	  conserver.passwd file, you'll need to move those restrictions
 	  into the new conserver.cf file.  Restrictions are set with the
 	  'ro' and 'rw' tags in the configuration file.  Second are the
 	  'access' blocks.  What get produced by the convert program
 	  will be functionally equivalent to the old behavior, but you
 	  may be able to tune things to better suit your environment.
 	  The conserver.passwd file's console restrictions have moved,
 	  as described above.  So to convert the conserver.passwd file,
 	  all you really need to do is something like:
 		awk -F: '{print $1 ":" $2}' <old-passwd-file>
 	  If you have comments or continuation lines in your file,
 	  you'll have to do a bit more cleanup to strip out the third
 	  field (which is what the awk command is intending to do).
 	- Conserver no longer trusts reverse DNS information by default.
 	  If you use the --with-trustrevdns configure flag, you can
 	  re-enable the use of gethostbyaddr() [I don't recommended it,
 	  however].  If you are using domain names in access lists,
 	  you'll either need to change those to use hostnames and/or ip
 	  addresses/ranges or use the --with-trustrevdns flag.  For
 	  example, if you have (in the
 	  8.0.0 format):
 		allowed conserver.com;  # allow *.conserver.com
 	  then you'll need to worry about this change.  If you only use
 	  full hostnames, you shouldn't have to do anything.
    Version 7.2.4
        - If SSL support is compiled into the code, older versions of
@ -70,7 +118,6 @@ Detailed Instructions
      the defaults shown, you're set.  If not, here are the conserver
      unique options:
        --with-64bit            Allow 64bit compilation
        --with-port=PORT        Specify port number [conserver]
        --with-base=PORT        Base port for secondary channel [0]
        --with-master=MASTER    Specify master server hostname [console]
@ -82,10 +129,10 @@ Detailed Instructions
        --with-pidfile=PIDFILE  Specify PID filepath [/var/run/conserver.pid]
        --with-maxmemb=MAXMEMB  Specify maximum consoles per process [16]
        --with-timeout=TIMEOUT  Specify connect() timeout in seconds [10]
        --with-trustrevdns      Trust reverse DNS information
        --with-libwrap[=PATH]   Compile in libwrap (tcp_wrappers) support
        --with-openssl[=PATH]   Compile in OpenSSL support
        --with-dmalloc[=PATH]   Compile in dmalloc support
        --with-regex            Use regular expressions in conserver.passwd
        --with-pam              Enable PAM support
      Not surprisingly, some match the old conserver/cons.h items...here
@ -192,5 +239,5 @@ Other Information And Gotchas
 #
-#  $Id: INSTALL,v 1.27 2003-04-09 07:15:27-07 bryan Exp $
+#  $Id: INSTALL,v 1.32 2003-08-23 11:20:55-07 bryan Exp $
 #
--- a/23
+++ b/23
@ -24,17 +24,22 @@ Systems Tested
    compile conserver.  If anyone has more to add to this list (or
    something on the list doesn't work any more), please let me know.
-	Solaris 2.5.1 thru 9 (sparc/x86), gcc
+	AIX 4.3.3/5.1/5.2, native cc
 	BSDI BSD/OS 3.X, gcc
-	MacOS X
+	Cygwin (w2k),gcc 2.95.3
 	DEC Tru64 4.0, gcc
 	DEC Tru64 4.0/5.1, native cc
 	FreeBSD 4.2/4.8/5.1 (x86), gcc
 	HP-UX 10.20, gcc
 	HP-UX 11.10 parisc and ia64, native cc
 	Irix 6.15, native cc
 	Linux 2.2.18 (x86), gcc
 	Linux 2.4.2 (x86), gcc
-	FreeBSD 4.2 (x86), gcc
+	Linux ia64, native gcc
-	cygwin (w2k),gcc 2.95.3
+	Linux RedHat 6.2 and 7.2 (x86), native gcc
-	DEC Tru64 4.0, gcc
+	MacOS X, native gcc
-	DEC Tru64 4.0/5.1, DEC cc
+	Solaris 2.5.1 thru 9 (sparc/x86), gcc
-	HP-UX 10.20, gcc
+	Solaris 7/8, native cc
 	AIX 4.3.3, AIX cc
 Contributions
@ -50,5 +55,5 @@ Contributions
    http://www.columbia.edu/acis/sy/unixdev/zinc
 #
-#  $Id: README,v 1.21 2002-09-23 10:10:11-07 bryan Exp $
+#  $Id: README,v 1.22 2003-08-23 12:34:24-07 bryan Exp $
 #
--- a/56
+++ b/56
@ -10,20 +10,6 @@ Bryan Stansell
 ---------------------------------------------------------------------------
 - usleep() statements, can they be removed and mimiced with some sort
  of console state thing and a timer?  Aaron Burt <aaron@osdl.org>
  users email.
 - OpenSSL sockets have been make blocking instead of keeping the
  underlying socket non-blocking.  Why?  It requires much more work to
  deal with non-blocking sockets and OpenSSL.  Not impossible, just have
  to rewrite a lot of the code to handle the extra special cases.  Perhaps
  by ignoring renegotiations this can be ignored, but I'm not sure.
 - checks for EPIPE during write() should really be done, but, for the
  most part, consoles and clients will come around and we'll see
  problems on the read().
 - Singular logging so that swatch/logsurfer can watch for errors across
  the board - unloved output comes close
@ -40,37 +26,30 @@ Bryan Stansell
    in regards to --use-libwrap code
 - alternate (md5) password encryption support in conserver.passwd
    - actually happens if the crypt() call supports it, like under linux
    - hpux has bigcrypt() also, which we support, so maybe we're covered
 - config file examples for various configurations
 - per-line timestamps
    - only when not connected?
 - flow control configuration (hardcoded on, i think)
 - pipe input/output (console <-> program) via 'console'
    - some apps (net-ups thing, gdb) might need to talk to user
 - group permissions (better user management in general)
 - 64-bit compilation support (have a patch set contributed, somewhere, i think)
 - autologout?  setting per console?  gack, would have to interpret data.
 - "listen" capability (watch all/multiple consoles)
- break sequences - need .5 second delays (or delays in general?)
+- send data to multiple consoles (carbon copy) -
-
+    Steve Lammert <slammert@panasas.com>
 - aliases for console entries
 - authentication to terminal servers (ssh, passphrase, whatever)
-
+    - ssh should probably just be handled by invoking the ssh command.
- "not" or "except" in passwd file (!console).
+      so, that's really already covered, no?
-
+    - passphrase...hmmm..could really use some sort of send/expect
- multi-homed/multi-ip hosts not supported well
+      thing here.  you could write a wrapper script of sorts, but it
-    - other names/ip addrs not detected as local, necessarily
+      really would be nice to have a raw socket and do the right thing.
    - acls don't look at aliases properly
    - the whole thing needs some serious help
 - cyclades ts1000/2000 port : "Moses, Joel" <jmoses@deloitte.com>
@ -94,20 +73,6 @@ Bryan Stansell
 - suggestions by Trevor Fiatal <trevor@seven.com>
    - include server hostname on 'console -x' output
    - non-interactively be able to
 	- disconnect a single user-to-port session
 	- disconnect all sessions to a given port
 	- disconnect all sessions registered to a particular user
    - non-interactively be able to send messages to
 	- all sessions open by a particular user
 	  console -t user "Time to go home."
 	- a particular user-session
 	  console -t user@managed-host "Please disconnect from this host."
 	- all users on a given host
 	  console -t @managed-host "I am taking over this host."
 - support 2 stop bits (as well as other stty-type options in console
  definitions) : Kelly Setzer <setzer@placemark.com>
 - ability to configure strings to be sent to a console whenever it is
  (re)opened (eg. a termserver login) : Greg A. Woods
@ -119,7 +84,6 @@ Bryan Stansell
 - show attach/detach events to/of spy console clients : Greg A. Woods
  <woods@planix.com>
 #
-#  $Id: TODO,v 1.27 2003-01-27 17:47:27-08 bryan Exp $
+#  $Id: TODO,v 1.36 2003-08-24 15:11:03-07 bryan Exp $
 #
--- a/compat.h
+++ b/compat.h
@ -1,5 +1,18 @@
 #include <config.h>
 /* things everything seems to need */
 #include <stdio.h>
 #include <sys/param.h>
 #include <sys/socket.h>
 #include <sys/file.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <arpa/inet.h>
 #include <netinet/in.h>
 #include <netdb.h>
 #include <ctype.h>
 #include <signal.h>
 /* If, when processing a logfile for replaying the last N lines,
 * we end up seeing more than MAXREPLAYLINELEN characters in a line,
 * abort processing and display the data.  Why?  There could be some
@ -76,17 +89,7 @@ typedef long fd_set;
 # include <sys/ioctl_compat.h>
 #endif
-#ifdef HAVE_TERMIOS_H
+#include <termios.h>
 # include <termios.h>		/* POSIX */
 #else
 # ifdef HAVE_TERMIO_H
 #  include <termio.h>		/* SysV */
 # else
 #  ifdef HAVE_SGTTY_H
 #   include <sgtty.h>		/* BSD */
 #  endif
 # endif
 #endif
 #ifdef HAVE_STROPTS_H
 # include <stropts.h>
@ -211,6 +214,18 @@ extern char *h_errlist[];
 #include <usersec.h>
 #endif
 #ifdef HAVE_PTY_H
 #include <pty.h>
 #endif
 #ifdef HAVE_LIBUTIL_H
 #include <libutil.h>
 #endif
 #ifdef HAVE_UTIL_H
 #include <util.h>
 #endif
 #ifndef NGROUPS_MAX
 # define NGROUPS_MAX	8
@ -277,7 +292,12 @@ typedef int socklen_t;
 #  define PARAMS(protos) protos
 # else /* no PROTOTYPES */
 #  define PARAMS(protos) ()
-# endif /* no PROTOTYPES */
+# endif	/* no PROTOTYPES */
 #endif
 /* setup a conditional debugging line */
 #ifndef CONDDEBUG
 #define CONDDEBUG(line) if (fDebug) {debugFileName=__FILE__; debugLineNo=__LINE__; Debug line;}
 #endif
 #if HAVE_DMALLOC
--- a/config.guess
+++ b/config.guess
@ -1,9 +1,9 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002 Free Software Foundation, Inc.
+#   2000, 2001, 2002, 2003 Free Software Foundation, Inc.
-timestamp='2002-09-03'
+timestamp='2003-08-18'
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@ -98,30 +98,32 @@ trap 'exit 1' 1 2 15
 # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
 # use `HOST_CC' if defined, but it is deprecated.
-# This shell variable is my proudest work .. or something. --bje
+# Portable tmp directory creation inspired by the Autoconf team.
-set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ;
+set_cc_for_build='
-(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old)
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
-   || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
-dummy=$tmpdir/dummy ;
+: ${TMPDIR=/tmp} ;
-files="$dummy.c $dummy.o $dummy.rel $dummy" ;
+ { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
-trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ;
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
 { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
 { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
 dummy=$tmp/dummy ;
 tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
 case $CC_FOR_BUILD,$HOST_CC,$CC in
 ,,)    echo "int x;" > $dummy.c ;
 	for c in cc gcc c89 c99 ; do
-	  if ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ; then
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
 	     CC_FOR_BUILD="$c"; break ;
 	  fi ;
 	done ;
 	rm -f $files ;
 	if test x"$CC_FOR_BUILD" = x ; then
 	  CC_FOR_BUILD=no_compiler_found ;
 	fi
 	;;
 ,,*)   CC_FOR_BUILD=$CC ;;
 ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
-esac ;
+esac ;'
 unset files'
 # This is needed to find uname on a Pyramid OSx when run in the BSD universe.
 # (ghazi@noc.rutgers.edu 1994-08-24)
@ -178,7 +180,18 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 		;;
 	esac
 	# The OS release
-	release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+	# Debian GNU/NetBSD machines have a different userland, and
 	# thus, need a distinct triplet. However, they do not need
 	# kernel version information, so it can be replaced with a
 	# suitable tag, in the style of linux-gnu.
 	case "${UNAME_VERSION}" in
 	    Debian*)
 		release='-gnu'
 		;;
 	    *)
 		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
 		;;
 	esac
 	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
 	# contains redundant information, the shorter form:
 	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
@ -227,68 +240,52 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	if test $UNAME_RELEASE = "V4.0"; then
 		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
 	fi
 	# According to Compaq, /usr/sbin/psrinfo has been available on
 	# OSF/1 and Tru64 systems produced since 1995.  I hope that
 	# covers most systems running today.  This code pipes the CPU
 	# types through head -n 1, so we only detect the type of CPU 0.
 	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
 	case "$ALPHA_CPU_TYPE" in
 	    "EV4 (21064)")
 		UNAME_MACHINE="alpha" ;;
 	    "EV4.5 (21064)")
 		UNAME_MACHINE="alpha" ;;
 	    "LCA4 (21066/21068)")
 		UNAME_MACHINE="alpha" ;;
 	    "EV5 (21164)")
 		UNAME_MACHINE="alphaev5" ;;
 	    "EV5.6 (21164A)")
 		UNAME_MACHINE="alphaev56" ;;
 	    "EV5.6 (21164PC)")
 		UNAME_MACHINE="alphapca56" ;;
 	    "EV5.7 (21164PC)")
 		UNAME_MACHINE="alphapca57" ;;
 	    "EV6 (21264)")
 		UNAME_MACHINE="alphaev6" ;;
 	    "EV6.7 (21264A)")
 		UNAME_MACHINE="alphaev67" ;;
 	    "EV6.8CB (21264C)")
 		UNAME_MACHINE="alphaev68" ;;
 	    "EV6.8AL (21264B)")
 		UNAME_MACHINE="alphaev68" ;;
 	    "EV6.8CX (21264D)")
 		UNAME_MACHINE="alphaev68" ;;
 	    "EV6.9A (21264/EV69A)")
 		UNAME_MACHINE="alphaev69" ;;
 	    "EV7 (21364)")
 		UNAME_MACHINE="alphaev7" ;;
 	    "EV7.9 (21364A)")
 		UNAME_MACHINE="alphaev79" ;;
 	esac
 	# A Vn.n version is a released version.
 	# A Tn.n version is a released field test version.
 	# A Xn.n version is an unreleased experimental baselevel.
 	# 1.2 uses "1.2" for uname -r.
 	eval $set_cc_for_build
 	cat <<EOF >$dummy.s
 	.data
 \$Lformat:
 	.byte 37,100,45,37,120,10,0	# "%d-%x\n"
 	.text
 	.globl main
 	.align 4
 	.ent main
 main:
 	.frame \$30,16,\$26,0
 	ldgp \$29,0(\$27)
 	.prologue 1
 	.long 0x47e03d80 # implver \$0
 	lda \$2,-1
 	.long 0x47e20c21 # amask \$2,\$1
 	lda \$16,\$Lformat
 	mov \$0,\$17
 	not \$1,\$18
 	jsr \$26,printf
 	ldgp \$29,0(\$26)
 	mov 0,\$16
 	jsr \$26,exit
 	.end main
 EOF
 	$CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
 	if test "$?" = 0 ; then
 		case `$dummy` in
 			0-0)
 				UNAME_MACHINE="alpha"
 				;;
 			1-0)
 				UNAME_MACHINE="alphaev5"
 				;;
 			1-1)
 				UNAME_MACHINE="alphaev56"
 				;;
 			1-101)
 				UNAME_MACHINE="alphapca56"
 				;;
 			2-303)
 				UNAME_MACHINE="alphaev6"
 				;;
 			2-307)
 				UNAME_MACHINE="alphaev67"
 				;;
 			2-1307)
 				UNAME_MACHINE="alphaev68"
 				;;
 			3-1307)
 				UNAME_MACHINE="alphaev7"
 				;;
 		esac
 	fi
 	rm -f $dummy.s $dummy && rmdir $tmpdir
 	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
 	exit 0 ;;
    Alpha*:OpenVMS:*:*)
 	echo alpha-hp-vms
 	exit 0 ;;
    Alpha\ *:Windows_NT*:*)
 	# How do we know it's Interix rather than the generic POSIX subsystem?
 	# Should we change UNAME_MACHINE based on the output of uname instead
@ -327,6 +324,9 @@ EOF
    NILE*:*:*:dcosx)
 	echo pyramid-pyramid-svr4
 	exit 0 ;;
    DRS?6000:unix:4.0:6*)
 	echo sparc-icl-nx6
 	exit 0 ;;
    DRS?6000:UNIX_SV:4.2*:7*)
 	case `/usr/bin/uname -p` in
 	    sparc) echo sparc-icl-nx7 && exit 0 ;;
@ -437,10 +437,9 @@ EOF
 	  exit (-1);
 	}
 EOF
-	$CC_FOR_BUILD $dummy.c -o $dummy \
+	$CC_FOR_BUILD -o $dummy $dummy.c \
 	  && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
-	  && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
+	  && exit 0
 	rm -f $dummy.c $dummy && rmdir $tmpdir
 	echo mips-mips-riscos${UNAME_RELEASE}
 	exit 0 ;;
    Motorola:PowerMAX_OS:*:*)
@ -449,7 +448,7 @@ EOF
    Motorola:*:4.3:PL8-*)
 	echo powerpc-harris-powermax
 	exit 0 ;;
-    Night_Hawk:*:*:PowerMAX_OS)
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
 	echo powerpc-harris-powermax
 	exit 0 ;;
    Night_Hawk:Power_UNIX:*:*)
@ -524,8 +523,7 @@ EOF
 			exit(0);
 			}
 EOF
-		$CC_FOR_BUILD $dummy.c -o $dummy && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
+		$CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
 		rm -f $dummy.c $dummy && rmdir $tmpdir
 		echo rs6000-ibm-aix3.2.5
 	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
 		echo rs6000-ibm-aix3.2.4
@ -623,11 +621,21 @@ EOF
                  exit (0);
              }
 EOF
-		    (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`$dummy`
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
-		    if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
 		    rm -f $dummy.c $dummy && rmdir $tmpdir
 		fi ;;
 	esac
 	if [ ${HP_ARCH} = "hppa2.0w" ]
 	then
 	    # avoid double evaluation of $set_cc_for_build
 	    test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
 	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null
 	    then
 		HP_ARCH="hppa2.0w"
 	    else
 		HP_ARCH="hppa64"
 	    fi
 	fi
 	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
 	exit 0 ;;
    ia64:HP-UX:*:*)
@ -661,8 +669,7 @@ EOF
 	  exit (0);
 	}
 EOF
-	$CC_FOR_BUILD $dummy.c -o $dummy && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
+	$CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
 	rm -f $dummy.c $dummy && rmdir $tmpdir
 	echo unknown-hitachi-hiuxwe2
 	exit 0 ;;
    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
@ -720,15 +727,15 @@ EOF
    CRAY*TS:*:*:*)
 	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
 	exit 0 ;;
    CRAY*T3D:*:*:*)
 	echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
 	exit 0 ;;
    CRAY*T3E:*:*:*)
 	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
 	exit 0 ;;
    CRAY*SV1:*:*:*)
 	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
 	exit 0 ;;
    *:UNICOS/mp:*:*)
 	echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
 	exit 0 ;;
    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
 	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
@ -744,7 +751,7 @@ EOF
    *:BSD/OS:*:*)
 	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
 	exit 0 ;;
-    *:FreeBSD:*:*)
+    *:FreeBSD:*:*|*:GNU/FreeBSD:*:*)
 	# Determine whether the default compiler uses glibc.
 	eval $set_cc_for_build
 	sed 's/^	//' << EOF >$dummy.c
@ -756,8 +763,10 @@ EOF
 	#endif
 EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
-	rm -f $dummy.c && rmdir $tmpdir
+	# GNU/FreeBSD systems have a "k" prefix to indicate we are using
-	echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
+	# FreeBSD's kernel, but not the complete OS.
 	case ${LIBC} in gnu) kernel_only='k' ;; esac
 	echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
 	exit 0 ;;
    i*:CYGWIN*:*)
 	echo ${UNAME_MACHINE}-pc-cygwin
@ -768,14 +777,17 @@ EOF
    i*:PW*:*)
 	echo ${UNAME_MACHINE}-pc-pw32
 	exit 0 ;;
-    x86:Interix*:3*)
+    x86:Interix*:[34]*)
-	echo i386-pc-interix3
+	echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
 	exit 0 ;;
    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
 	echo i${UNAME_MACHINE}-pc-mks
 	exit 0 ;;
    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
 	# How do we know it's Interix rather than the generic POSIX subsystem?
 	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
 	# UNAME_MACHINE based on the output of uname instead of i386?
-	echo i386-pc-interix
+	echo i586-pc-interix
 	exit 0 ;;
    i*:UWIN*:*)
 	echo ${UNAME_MACHINE}-pc-uwin
@ -795,6 +807,9 @@ EOF
    arm*:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-gnu
 	exit 0 ;;
    cris:Linux:*:*)
 	echo cris-axis-linux-gnu
 	exit 0 ;;
    ia64:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-gnu
 	exit 0 ;;
@ -818,8 +833,26 @@ EOF
 	#endif
 EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
-	rm -f $dummy.c && rmdir $tmpdir
+	test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
-	test x"${CPU}" != x && echo "${CPU}-pc-linux-gnu" && exit 0
+	;;
    mips64:Linux:*:*)
 	eval $set_cc_for_build
 	sed 's/^	//' << EOF >$dummy.c
 	#undef CPU
 	#undef mips64
 	#undef mips64el
 	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
 	CPU=mips64el
 	#else
 	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
 	CPU=mips64
 	#else
 	CPU=
 	#endif
 	#endif
 EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
 	test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
 	;;
    ppc:Linux:*:*)
 	echo powerpc-unknown-linux-gnu
@ -855,6 +888,9 @@ EOF
    s390:Linux:*:* | s390x:Linux:*:*)
 	echo ${UNAME_MACHINE}-ibm-linux
 	exit 0 ;;
    sh64*:Linux:*:*)
    	echo ${UNAME_MACHINE}-unknown-linux-gnu
 	exit 0 ;;
    sh*:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-gnu
 	exit 0 ;;
@ -912,9 +948,11 @@ EOF
 	LIBC=gnuaout
 	#endif
 	#endif
 	#ifdef __dietlibc__
 	LIBC=dietlibc
 	#endif
 EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
 	rm -f $dummy.c && rmdir $tmpdir
 	test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
 	test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
 	;;
@ -932,6 +970,23 @@ EOF
        # Use sysv4.2uw... so that sysv4* matches it.
 	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
 	exit 0 ;;
    i*86:OS/2:*:*)
 	# If we were able to find `uname', then EMX Unix compatibility
 	# is probably installed.
 	echo ${UNAME_MACHINE}-pc-os2-emx
 	exit 0 ;;
    i*86:XTS-300:*:STOP)
 	echo ${UNAME_MACHINE}-unknown-stop
 	exit 0 ;;
    i*86:atheos:*:*)
 	echo ${UNAME_MACHINE}-unknown-atheos
 	exit 0 ;;
    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
 	echo i386-unknown-lynxos${UNAME_RELEASE}
 	exit 0 ;;
    i*86:*DOS:*:*)
 	echo ${UNAME_MACHINE}-pc-msdosdjgpp
 	exit 0 ;;
    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
 	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
 	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
@ -966,9 +1021,6 @@ EOF
 		echo ${UNAME_MACHINE}-pc-sysv32
 	fi
 	exit 0 ;;
    i*86:*DOS:*:*)
 	echo ${UNAME_MACHINE}-pc-msdosdjgpp
 	exit 0 ;;
    pc:*:*:*)
 	# Left here for compatibility:
        # uname -m prints for DJGPP always 'pc', but it prints nothing about
@ -995,9 +1047,12 @@ EOF
    mc68k:UNIX:SYSTEM5:3.51m)
 	echo m68k-convergent-sysv
 	exit 0 ;;
    M680?0:D-NIX:5.3:*)
 	echo m68k-diab-dnix
 	exit 0 ;;
    M68*:*:R3V[567]*:*)
 	test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
-    3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0)
+    3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0)
 	OS_REL=''
 	test -r /etc/.relid \
 	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
@ -1014,9 +1069,6 @@ EOF
    mc68030:UNIX_System_V:4.*:*)
 	echo m68k-atari-sysv4
 	exit 0 ;;
    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
 	echo i386-unknown-lynxos${UNAME_RELEASE}
 	exit 0 ;;
    TSUNAMI:LynxOS:2.*:*)
 	echo sparc-unknown-lynxos${UNAME_RELEASE}
 	exit 0 ;;
@ -1098,7 +1150,11 @@ EOF
 	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
 	exit 0 ;;
    *:Darwin:*:*)
-	echo `uname -p`-apple-darwin${UNAME_RELEASE}
+	case `uname -p` in
 	    *86) UNAME_PROCESSOR=i686 ;;
 	    powerpc) UNAME_PROCESSOR=powerpc ;;
 	esac
 	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
 	exit 0 ;;
    *:procnto*:*:* | *:QNX:[0123456789]*:*)
 	UNAME_PROCESSOR=`uname -p`
@ -1134,11 +1190,6 @@ EOF
 	fi
 	echo ${UNAME_MACHINE}-unknown-plan9
 	exit 0 ;;
    i*86:OS/2:*:*)
 	# If we were able to find `uname', then EMX Unix compatibility
 	# is probably installed.
 	echo ${UNAME_MACHINE}-pc-os2-emx
 	exit 0 ;;
    *:TOPS-10:*:*)
 	echo pdp10-unknown-tops10
 	exit 0 ;;
@ -1157,11 +1208,8 @@ EOF
    *:ITS:*:*)
 	echo pdp10-unknown-its
 	exit 0 ;;
-    i*86:XTS-300:*:STOP)
+    SEI:*:*:SEIUX)
-	echo ${UNAME_MACHINE}-unknown-stop
+        echo mips-sei-seiux${UNAME_RELEASE}
 	exit 0 ;;
    i*86:atheos:*:*)
 	echo ${UNAME_MACHINE}-unknown-atheos
 	exit 0 ;;
 esac
@ -1283,8 +1331,7 @@ main ()
 }
 EOF
-$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0
 rm -f $dummy.c $dummy && rmdir $tmpdir
 # Apollos put the system type in the environment.
--- a/config.h.in
+++ b/config.h.in
@ -45,9 +45,6 @@
 /* Define to 1 if you have the <getopt.h> header file. */
 #undef HAVE_GETOPT_H
 /* Define to 1 if you have the `getpassphrase' function. */
 #undef HAVE_GETPASSPHRASE
 /* Define to 1 if you have the `getprpwnam' function. */
 #undef HAVE_GETPRPWNAM
@ -72,6 +69,9 @@
 /* Define to 1 if you have the <hpsecurity.h> header file. */
 #undef HAVE_HPSECURITY_H
 /* Define to 1 if you have the `inet_aton' function. */
 #undef HAVE_INET_ATON
 /* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H
@ -87,6 +87,12 @@
 /* Define to 1 if you have the `sec' library (-lsec). */
 #undef HAVE_LIBSEC
 /* Define to 1 if you have the `util' library (-lutil). */
 #undef HAVE_LIBUTIL
 /* Define to 1 if you have the <libutil.h> header file. */
 #undef HAVE_LIBUTIL_H
 /* Define to 1 if you have the `xnet' library (-lxnet). */
 #undef HAVE_LIBXNET
@ -96,30 +102,39 @@
 /* Define to 1 if you have the `memcpy' function. */
 #undef HAVE_MEMCPY
 /* Define to 1 if you have the `memmove' function. */
 #undef HAVE_MEMMOVE
 /* Define to 1 if you have the <memory.h> header file. */
 #undef HAVE_MEMORY_H
 /* Define to 1 if you have the `memset' function. */
 #undef HAVE_MEMSET
 /* Define to 1 if you have the `openpty' function. */
 #undef HAVE_OPENPTY
 /* have openssl support */
 #undef HAVE_OPENSSL
 /* have PAM support */
 #undef HAVE_PAM
 /* have POSIX regcomp */
 #undef HAVE_POSIX_REGCOMP
 /* Define to 1 if you have the <prot.h> header file. */
 #undef HAVE_PROT_H
 /* Define to 1 if you have the `ptsname' function. */
 #undef HAVE_PTSNAME
 /* Define to 1 if you have the <pty.h> header file. */
 #undef HAVE_PTY_H
 /* Define to 1 if you have the `putenv' function. */
 #undef HAVE_PUTENV
 /* Defined if sa_len member exists in struct sockaddr */
 #undef HAVE_SA_LEN
 /* Define to 1 if you have the `setgroups' function. */
 #undef HAVE_SETGROUPS
@ -141,9 +156,6 @@
 /* Define to 1 if you have the `setvbuf' function. */
 #undef HAVE_SETVBUF
 /* Define to 1 if you have the <sgtty.h> header file. */
 #undef HAVE_SGTTY_H
 /* Define to 1 if you have the <shadow.h> header file. */
 #undef HAVE_SHADOW_H
@ -201,6 +213,9 @@
 /* Define to 1 if you have the <sys/select.h> header file. */
 #undef HAVE_SYS_SELECT_H
 /* Define to 1 if you have the <sys/sockio.h> header file. */
 #undef HAVE_SYS_SOCKIO_H
 /* Define to 1 if you have the <sys/stat.h> header file. */
 #undef HAVE_SYS_STAT_H
@ -237,12 +252,6 @@
 /* Define to 1 if you have the `tcsetpgrp' function. */
 #undef HAVE_TCSETPGRP
 /* Define to 1 if you have the <termios.h> header file. */
 #undef HAVE_TERMIOS_H
 /* Define to 1 if you have the <termio.h> header file. */
 #undef HAVE_TERMIO_H
 /* Define to 1 if you have the <ttyent.h> header file. */
 #undef HAVE_TTYENT_H
@ -258,6 +267,9 @@
 /* Define to 1 if you have the <usersec.h> header file. */
 #undef HAVE_USERSEC_H
 /* Define to 1 if you have the <util.h> header file. */
 #undef HAVE_UTIL_H
 /* Logfile path */
 #undef LOGFILEPATH
@ -297,15 +309,15 @@
 /* Define to 1 if the `setpgrp' function takes no argument. */
 #undef SETPGRP_VOID
 /* The size of a `long', as computed by sizeof. */
 #undef SIZEOF_LONG
 /* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS
 /* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
 #undef TIME_WITH_SYS_TIME
 /* Defined if we trust reverse DNS */
 #undef TRUST_REVERSE_DNS
 /* use tcp_wrappers libwrap */
 #undef USE_LIBWRAP
--- a/config.sub
+++ b/config.sub
@ -1,9 +1,9 @@
 #! /bin/sh
 # Configuration validation subroutine script.
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002 Free Software Foundation, Inc.
+#   2000, 2001, 2002, 2003 Free Software Foundation, Inc.
-timestamp='2002-09-05'
+timestamp='2003-08-18'
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
@ -118,7 +118,7 @@ esac
 # Here we must recognize all the valid KERNEL-OS combinations.
 maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
 case $maybe_os in
-  nto-qnx* | linux-gnu* | freebsd*-gnu* | storm-chaos* | os2-emx* | windows32-* | rtmk-nova*)
+  nto-qnx* | linux-gnu* | linux-dietlibc | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
    os=-$maybe_os
    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
    ;;
@ -228,13 +228,14 @@ case $basic_machine in
 	| a29k \
 	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
 	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
 	| am33_2.0 \
 	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
-	| clipper \
+	| c4x | clipper \
 	| d10v | d30v | dlx | dsp16xx \
 	| fr30 | frv \
 	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
 	| i370 | i860 | i960 | ia64 \
-	| ip2k \
+	| ip2k | iq2000 \
 	| m32r | m68000 | m68k | m88k | mcore \
 	| mips | mipsbe | mipseb | mipsel | mipsle \
 	| mips16 \
@ -245,21 +246,23 @@ case $basic_machine in
 	| mips64vr4300 | mips64vr4300el \
 	| mips64vr5000 | mips64vr5000el \
 	| mipsisa32 | mipsisa32el \
 	| mipsisa32r2 | mipsisa32r2el \
 	| mipsisa64 | mipsisa64el \
 	| mipsisa64sb1 | mipsisa64sb1el \
 	| mipsisa64sr71k | mipsisa64sr71kel \
 	| mipstx39 | mipstx39el \
 	| mn10200 | mn10300 \
 	| msp430 \
 	| ns16k | ns32k \
 	| openrisc | or32 \
 	| pdp10 | pdp11 | pj | pjl \
 	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
 	| pyramid \
-	| sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+	| sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
 	| sh64 | sh64le \
 	| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
 	| strongarm \
-	| tahoe | thumb | tic80 | tron \
+	| tahoe | thumb | tic4x | tic80 | tron \
 	| v850 | v850e \
 	| we32k \
 	| x86 | xscale | xstormy16 | xtensa \
@ -294,7 +297,7 @@ case $basic_machine in
 	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
 	| avr-* \
 	| bs2000-* \
-	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
 	| clipper-* | cydra-* \
 	| d10v-* | d30v-* | dlx-* \
 	| elxsi-* \
@ -302,7 +305,7 @@ case $basic_machine in
 	| h8300-* | h8500-* \
 	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
 	| i*86-* | i860-* | i960-* | ia64-* \
-	| ip2k-* \
+	| ip2k-* | iq2000-* \
 	| m32r-* \
 	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
 	| m88110-* | m88k-* | mcore-* \
@ -315,21 +318,25 @@ case $basic_machine in
 	| mips64vr4300-* | mips64vr4300el-* \
 	| mips64vr5000-* | mips64vr5000el-* \
 	| mipsisa32-* | mipsisa32el-* \
 	| mipsisa32r2-* | mipsisa32r2el-* \
 	| mipsisa64-* | mipsisa64el-* \
 	| mipsisa64sb1-* | mipsisa64sb1el-* \
 	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
-	| mipstx39 | mipstx39el \
+	| mipstx39-* | mipstx39el-* \
-	| none-* | np1-* | ns16k-* | ns32k-* \
+	| msp430-* \
 	| none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
 	| orion-* \
 	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
 	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
 	| pyramid-* \
 	| romp-* | rs6000-* \
-	| sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \
+	| sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
 	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
 	| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
 	| sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
-	| tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \
+	| tahoe-* | thumb-* \
 	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
 	| tron-* \
 	| v850-* | v850e-* | vax-* \
 	| we32k-* \
 	| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
@ -367,6 +374,9 @@ case $basic_machine in
 		basic_machine=a29k-none
 		os=-bsd
 		;;
 	amd64)
 		basic_machine=x86_64-pc
 		;;
 	amdahl)
 		basic_machine=580-amdahl
 		os=-sysv
@ -716,6 +726,10 @@ case $basic_machine in
 	np1)
 		basic_machine=np1-gould
 		;;
 	nv1)
 		basic_machine=nv1-cray
 		os=-unicosmp
 		;;
 	nsr-tandem)
 		basic_machine=nsr-tandem
 		;;
@ -758,18 +772,24 @@ case $basic_machine in
 	pentiumpro | p6 | 6x86 | athlon | athlon_*)
 		basic_machine=i686-pc
 		;;
-	pentiumii | pentium2)
+	pentiumii | pentium2 | pentiumiii | pentium3)
 		basic_machine=i686-pc
 		;;
 	pentium4)
 		basic_machine=i786-pc
 		;;
 	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
 		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
 	pentiumpro-* | p6-* | 6x86-* | athlon-*)
 		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
-	pentiumii-* | pentium2-*)
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
 		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
 	pentium4-*)
 		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
 	pn)
 		basic_machine=pn-gould
 		;;
@ -828,6 +848,10 @@ case $basic_machine in
 	sb1el)
 		basic_machine=mipsisa64sb1el-unknown
 		;;
 	sei)
 		basic_machine=mips-sei
 		os=-seiux
 		;;
 	sequent)
 		basic_machine=i386-sequent
 		;;
@ -835,6 +859,9 @@ case $basic_machine in
 		basic_machine=sh-hitachi
 		os=-hms
 		;;
 	sh64)
 		basic_machine=sh64-unknown
 		;;
 	sparclite-wrs | simso-wrs)
 		basic_machine=sparclite-wrs
 		os=-vxworks
@ -901,10 +928,6 @@ case $basic_machine in
 		basic_machine=i386-sequent
 		os=-dynix
 		;;
 	t3d)
 		basic_machine=alpha-cray
 		os=-unicos
 		;;
 	t3e)
 		basic_machine=alphaev5-cray
 		os=-unicos
@ -913,14 +936,18 @@ case $basic_machine in
 		basic_machine=t90-cray
 		os=-unicos
 		;;
        tic4x | c4x*)
 		basic_machine=tic4x-unknown
 		os=-coff
 		;;
 	tic54x | c54x*)
 		basic_machine=tic54x-unknown
 		os=-coff
 		;;
 	tic55x | c55x*)
 		basic_machine=tic55x-unknown
 		os=-coff
 		;;
 	tic6x | c6x*)
 		basic_machine=tic6x-unknown
 		os=-coff
 		;;
 	tx39)
 		basic_machine=mipstx39-unknown
 		;;
@ -977,10 +1004,6 @@ case $basic_machine in
 		basic_machine=hppa1.1-winbond
 		os=-proelf
 		;;
 	windows32)
 		basic_machine=i386-pc
 		os=-windows32-msvcrt
 		;;
 	xps | xps100)
 		basic_machine=xps100-honeywell
 		;;
@ -1027,7 +1050,7 @@ case $basic_machine in
 	we32k)
 		basic_machine=we32k-att
 		;;
-	sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele)
+	sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele)
 		basic_machine=sh-unknown
 		;;
 	sh64)
@ -1106,18 +1129,19 @@ case $os in
 	      | -aos* \
 	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
 	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
-	      | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
+	      | -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \
 	      | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
 	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
 	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
 	      | -chorusos* | -chorusrdb* \
 	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
 	      | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
-	      | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
 	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
 	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
 	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
-	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* | -powermax*)
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
 	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
 	-qnx*)
@ -1129,8 +1153,10 @@ case $os in
 			;;
 		esac
 		;;
 	-nto-qnx*)
 		;;
 	-nto*)
-		os=-nto-qnx
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
 		;;
 	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
 	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
@ -1139,6 +1165,9 @@ case $os in
 	-mac*)
 		os=`echo $os | sed -e 's|mac|macos|'`
 		;;
 	-linux-dietlibc)
 		os=-linux-dietlibc
 		;;
 	-linux*)
 		os=`echo $os | sed -e 's|linux|linux-gnu|'`
 		;;
@ -1224,6 +1253,12 @@ case $os in
 	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
 		os=-mint
 		;;
 	-aros*)
 		os=-aros
 		;;
 	-kaos*)
 		os=-kaos
 		;;
 	-none)
 		;;
 	*)
@ -1255,6 +1290,9 @@ case $basic_machine in
 	arm*-semi)
 		os=-aout
 		;;
    c4x-* | tic4x-*)
        os=-coff
        ;;
 	# This must come before the *-dec entry.
 	pdp10-*)
 		os=-tops20
--- a/2555
+++ b/2555
--- a/configure.in
+++ b/configure.in
@ -10,10 +10,12 @@ AH_TEMPLATE([MAXMEMB], [Number of consoles per child process])
 AH_TEMPLATE([CONNECTTIMEOUT], [TCP connection timeout])
 AH_TEMPLATE([PIDFILE], [pidfile to write to])
 AH_TEMPLATE([USE_LIBWRAP], [use tcp_wrappers libwrap])
-AH_TEMPLATE([HAVE_POSIX_REGCOMP], [have POSIX regcomp])
+dnl AH_TEMPLATE([HAVE_POSIX_REGCOMP], [have POSIX regcomp])
 AH_TEMPLATE([HAVE_PAM], [have PAM support])
 AH_TEMPLATE([HAVE_OPENSSL], [have openssl support])
 AH_TEMPLATE([HAVE_DMALLOC], [have dmalloc support])
 AH_TEMPLATE([HAVE_SA_LEN],[Defined if sa_len member exists in struct sockaddr])
 AH_TEMPLATE([TRUST_REVERSE_DNS],[Defined if we trust reverse DNS])
 dnl ### Normal initialization. ######################################
 AC_INIT
@ -31,11 +33,18 @@ AC_SUBST(MKDIR)
 dnl ### Custom settings. ############################################
-AC_MSG_CHECKING(whether to allow 64bit compilation)
+dnl AC_MSG_CHECKING(whether to allow 64bit compilation)
-AC_ARG_WITH(64bit,
+dnl AC_ARG_WITH(64bit,
-	AC_HELP_STRING([--with-64bit],[Allow 64bit compilation]),
+dnl 	AC_HELP_STRING([--with-64bit],[Allow 64bit compilation]),
-		[with_64bit=yes], [with_64bit=no])
+dnl 		[case "$withval" in
-AC_MSG_RESULT($with_64bit)
+dnl 		    yes)
 dnl 			with_64bit=yes
 dnl 			;;
 dnl 		    *)
 dnl 			with_64bit=no
 dnl 			;;
 dnl 		esac], [with_64bit=no])
 dnl AC_MSG_RESULT($with_64bit)
 AC_MSG_CHECKING(for port number specification)
 AC_ARG_WITH(port,
@ -193,6 +202,19 @@ AC_ARG_WITH(timeout,
 	[AC_DEFINE_UNQUOTED(CONNECTTIMEOUT, 10)
 	AC_MSG_RESULT(10)])
 AC_MSG_CHECKING(whether to trust reverse DNS)
 AC_ARG_WITH(trustrevdns,
 	AC_HELP_STRING([--with-trustrevdns],[Trust reverse DNS information]),
 	[case "$withval" in
 	    yes)
 		AC_DEFINE(TRUST_REVERSE_DNS)
 		AC_MSG_RESULT(yes)
 		;;
 	    *)
 		AC_MSG_RESULT(no)
 		;;
 	esac],[AC_MSG_RESULT(no)])
 dnl ### Check for compiler et al. ###################################
 AC_PROG_CC
 AC_PROG_INSTALL
@ -204,34 +226,25 @@ AC_AIX
 AC_C_CONST
 AC_C_PROTOTYPES
-AC_CHECK_SIZEOF(long)
+dnl AC_CHECK_SIZEOF(long)
-if test "$ac_cv_sizeof_long" -gt 4; then
+dnl if test "$ac_cv_sizeof_long" -gt 4; then
-    if test "$with_64bit" != "yes"; then
+dnl     if test "$with_64bit" != "yes"; then
-	AC_MSG_ERROR([cannot build on >32bit systems (to override use --with-64bit)])
+dnl 	AC_MSG_ERROR([cannot build on >32bit systems (to override use --with-64bit)])
-    else
+dnl     else
-	AC_MSG_WARN([building a 64bit version of conserver - good luck!])
+dnl 	AC_MSG_WARN([building a 64bit version of conserver - good luck!])
-    fi
+dnl     fi
-fi
+dnl fi
 dnl ### Checks for header files. ###################################
 AC_HEADER_STDC
 AC_CHECK_HEADERS(sys/ioctl.h)
-dnl ### POSIX terminal I/O
+AC_SYS_POSIX_TERMIOS
-AC_CHECK_HEADERS(termios.h)
+if test "$ac_cv_sys_posix_termios" != "yes"; then
-if test "$ac_cv_header_termios_h" != "yes"; then
+    AC_MSG_ERROR([POSIX termios interface required])
  dnl ### SysV terminal I/O
  AC_CHECK_HEADERS(termio.h)
  if test "$ac_cv_header_termio_h" != "yes"; then
    dnl ### BSD terminal I/O
    AC_CHECK_HEADERS(sgtty.h)
    if test "$ac_cv_header_sgtty_h" != "yes"; then
      AC_MSG_ERROR([no usable terminal interface detected])
    fi
  fi
 fi
-AC_CHECK_HEADERS(unistd.h getopt.h sys/vlimit.h sys/resource.h ttyent.h sys/ttold.h sys/uio.h sys/proc.h sys/ioctl_compat.h usersec.h sys/select.h stropts.h sys/audit.h shadow.h sys/time.h crypt.h sysexits.h types.h)
+AC_CHECK_HEADERS(unistd.h getopt.h sys/vlimit.h sys/resource.h ttyent.h sys/ttold.h sys/uio.h sys/proc.h sys/ioctl_compat.h usersec.h sys/select.h stropts.h sys/audit.h shadow.h sys/time.h crypt.h sysexits.h types.h sys/sockio.h)
 AC_HEADER_TIME
 AC_HEADER_SYS_WAIT
 AC_TYPE_MODE_T
@ -250,6 +263,14 @@ AC_CHECK_TYPE([socklen_t],[AC_DEFINE(HAVE_SOCKLEN_T,1,
 	[Defined if socklen_t exists])],,[$ac_includes_default
 #include <sys/socket.h>])
 AC_MSG_CHECKING(for sa_len in struct sockaddr)
 AC_TRY_COMPILE([#include <sys/types.h>
 	#include <sys/socket.h>],
 	[struct sockaddr s; s.sa_len=0;],
 	[AC_MSG_RESULT(yes)
 	 AC_DEFINE(HAVE_SA_LEN)],
 	[AC_MSG_RESULT(no)])
 dnl ### Host specific checks. ######################################
 AC_CANONICAL_HOST
@ -299,12 +320,23 @@ AC_ARG_WITH(libwrap,
 		int deny_severity  = 0;
 		],[hosts_access((void *)0)],
 		[AC_MSG_RESULT(yes)
-		AC_DEFINE(USE_LIBWRAP)
+		 AC_DEFINE(USE_LIBWRAP)
-		CONSLIBS="$CONSLIBS -lwrap"
+		 CONSLIBS="$CONSLIBS -lwrap"
-		CONSLDFLAGS="$CONSLDFLAGS $WRAPLDFLAGS"
+		 CONSLDFLAGS="$CONSLDFLAGS $WRAPLDFLAGS"
-		CONSCPPFLAGS="$CONSCPPFLAGS $WRAPCPPFLAGS"],
+		 CONSCPPFLAGS="$CONSCPPFLAGS $WRAPCPPFLAGS"],
-		[AC_MSG_RESULT(no)])],)
+		[AC_MSG_RESULT(no)
-
+		 LIBS="$LIBS -lnsl"
 		 AC_MSG_CHECKING(for TCP wrappers library -lwrap with -lnsl)
 		 AC_TRY_LINK([#include <tcpd.h>
 		    int allow_severity = 0;
 		    int deny_severity  = 0;
 		    ],[hosts_access((void *)0)],
 		    [AC_MSG_RESULT(yes)
 		     AC_DEFINE(USE_LIBWRAP)
 		     CONSLIBS="$CONSLIBS -lwrap -lnsl"
 		     CONSLDFLAGS="$CONSLDFLAGS $WRAPLDFLAGS"
 		     CONSCPPFLAGS="$CONSCPPFLAGS $WRAPCPPFLAGS"],
 		    [AC_MSG_RESULT(no)])])],)
 	LIBS="$oLIBS"
 	CPPFLAGS="$oCPPFLAGS"
 	LDFLAGS="$oLDFLAGS"
@ -390,38 +422,38 @@ AC_ARG_WITH(dmalloc,
 dnl ### Check for needed functions. ################################
-dnl The following basically stollen from the less-358 distribution, but
+dnl dnl The following basically stollen from the less-358 distribution, but
-dnl modified for my own purposes
+dnl dnl modified for my own purposes
-AC_MSG_CHECKING(for POSIX regex)
+dnl AC_MSG_CHECKING(for POSIX regex)
-AC_ARG_WITH(regex,
+dnl AC_ARG_WITH(regex,
-    AC_HELP_STRING([--with-regex],
+dnl     AC_HELP_STRING([--with-regex],
-	[Use regular expressions in conserver.passwd]),
+dnl 	[Use regular expressions in conserver.passwd]),
-	[if test "$withval" = yes; then
+dnl 	[if test "$withval" = yes; then
-	    AC_TRY_RUN([
+dnl 	    AC_TRY_RUN([
-		#include <sys/types.h>
+dnl 		#include <sys/types.h>
-		#include <regex.h>
+dnl 		#include <regex.h>
-		main() { regex_t r; regmatch_t rm; char *text = "xabcy";
+dnl 		main() { regex_t r; regmatch_t rm; char *text = "xabcy";
-		if (regcomp(&r, "abc", 0)) exit(1);
+dnl 		if (regcomp(&r, "abc", 0)) exit(1);
-		if (regexec(&r, text, 1, &rm, 0)) exit(1);
+dnl 		if (regexec(&r, text, 1, &rm, 0)) exit(1);
-		if (rm.rm_so != 1) exit(1); /* check for correct offset */
+dnl 		if (rm.rm_so != 1) exit(1); /* check for correct offset */
-		exit(0); }
+dnl 		exit(0); }
-	    ],have_posix_regex=yes,have_posix_regex=no,have_posix_regex=unknown)
+dnl 	    ],have_posix_regex=yes,have_posix_regex=no,have_posix_regex=unknown)
-	    if test $have_posix_regex = yes; then
+dnl 	    if test $have_posix_regex = yes; then
-	      AC_MSG_RESULT(yes)
+dnl 	      AC_MSG_RESULT(yes)
-	      AC_DEFINE(HAVE_POSIX_REGCOMP)
+dnl 	      AC_DEFINE(HAVE_POSIX_REGCOMP)
-	    elif test $have_posix_regex = unknown; then
+dnl 	    elif test $have_posix_regex = unknown; then
-		AC_TRY_LINK([
+dnl 		AC_TRY_LINK([
-		    #include <sys/types.h>
+dnl 		    #include <sys/types.h>
-		    #include <regex.h>],
+dnl 		    #include <regex.h>],
-		[regex_t *r; regfree(r);],
+dnl 		[regex_t *r; regfree(r);],
-		AC_MSG_RESULT(yes)
+dnl 		AC_MSG_RESULT(yes)
-		AC_DEFINE(HAVE_POSIX_REGCOMP))
+dnl 		AC_DEFINE(HAVE_POSIX_REGCOMP))
-	    else
+dnl 	    else
-	      AC_MSG_RESULT(no)
+dnl 	      AC_MSG_RESULT(no)
-	    fi
+dnl 	    fi
-	else
+dnl 	else
-	    AC_MSG_RESULT(no)
+dnl 	    AC_MSG_RESULT(no)
-	fi],[AC_MSG_RESULT(no)])
+dnl 	fi],[AC_MSG_RESULT(no)])
 AC_MSG_CHECKING(for PAM support)
 AC_ARG_WITH(pam,
@ -451,8 +483,22 @@ AC_ARG_WITH(pam,
 	    AC_MSG_RESULT(no)
 	fi],[AC_MSG_RESULT(no)])
 dnl Checks for pty allocation...
 dnl According to the xemacs distribution:
 dnl   getpt()  is the preferred pty allocation method on glibc systems.
 dnl   _getpty() is the preferred pty allocation method on SGI systems.
 dnl   grantpt(), unlockpt(), ptsname() are defined by Unix98.
 dnl   openpty() is the preferred pty allocation method on BSD and Tru64 systems.
 dnl   openpty() might be declared in:
 dnl   - pty.h (Tru64 or Linux)
 dnl   - libutil.h (FreeBSD)
 dnl   - util.h (NetBSD)
 dnl Conserver doesn't support getpt() or _getpt() yet.
 AC_CHECK_HEADERS(pty.h libutil.h util.h)
 AC_CHECK_LIB(util, openpty)
 AC_CHECK_FUNCS(openpty)
-AC_CHECK_FUNCS(getopt strerror getrlimit getsid setsid getuserattr setgroups tcgetpgrp tcsetpgrp tcgetattr tcsetattr tcsendbreak setpgrp getutent setttyent getspnam setlinebuf setvbuf ptsname grantpt unlockpt sigaction setsockopt getdtablesize putenv memset memcpy memcmp sysconf getpassphrase getlogin)
+AC_CHECK_FUNCS(getopt strerror getrlimit getsid setsid getuserattr setgroups tcgetpgrp tcsetpgrp tcgetattr tcsetattr tcsendbreak setpgrp getutent setttyent getspnam setlinebuf setvbuf ptsname grantpt unlockpt sigaction setsockopt getdtablesize putenv memset memcpy memcmp memmove sysconf getlogin inet_aton)
 AC_FUNC_SETPGRP
 AC_CHECK_FUNC(strcasecmp,
 	[AC_DEFINE(HAVE_STRCASECMP, 1, [Define if strcasecmp is available])],
--- a/conserver.cf/INSTALL
+++ b/conserver.cf/INSTALL
@ -1,19 +1,11 @@
 The two files you need to set up are the conserver.cf and conserver.passwd
 files.  See the sample conserver.cf and conserver.passwd files
 for examples.  You can start with those and then modify extensively.
-The man page for conserver.cf should explain that file with enough detail
+The man page for conserver.cf and conserver.passwd should explain the
-to get you going.
+files with enough detail to get you going.
 As for the conserver.passwd file, here are some instructions.  The file
 contains three fields seperated by colons: <username>:<passwd>:<hosts>.
 The <passwd> field should either be an encrypted password or the special
 string '*passwd*', which will cause the console server to do a getpwnam()
 call.  The <hosts> field can be a comma seperated list of console names
 (from conserver.cf) or the special string 'any'.  Access for the user
 is only granted to the hosts listed here (or all if 'any' is used).
 That's about it.  Good luck.
 #
-#  $Id: INSTALL,v 1.2 1999-08-24 13:45:00-07 bryan Exp $
+#  $Id: INSTALL,v 1.3 2003-07-04 11:21:21-07 bryan Exp $
 #
--- a/conserver.cf/Makefile.in
+++ b/conserver.cf/Makefile.in
@ -3,6 +3,7 @@ srcdir = @srcdir@
 prefix = @prefix@
 mandir = @mandir@
 sysconfdir = @sysconfdir@
 exampledir = $(prefix)/share/examples/conserver
 ### Installation programs and flags
 INSTALL = @INSTALL@
@ -24,5 +25,8 @@ install:
 	$(MKDIR) $(DESTDIR)$(mandir)/man5
 	$(INSTALL) conserver.cf.man $(DESTDIR)$(mandir)/man5/conserver.cf.5
 	$(INSTALL) conserver.passwd.man $(DESTDIR)$(mandir)/man5/conserver.passwd.5
 	$(MKDIR) $(DESTDIR)$(exampledir)
 	$(INSTALL) -m 0644 conserver.cf $(DESTDIR)$(exampledir)
 	$(INSTALL) -m 0644 conserver.passwd $(DESTDIR)$(exampledir)
 .PHONY: clean distclean install
--- a/conserver.cf/conserver.cf
+++ b/conserver.cf/conserver.cf
@ -1,26 +1,54 @@
 #
-# $Id: conserver.cf,v 1.4 2001-06-28 10:24:01-07 bryan Exp $
+# $Id: conserver.cf,v 1.5 2003-07-04 11:05:04-07 bryan Exp $
 #
 # The character '&' in logfile names are substituted with the console
-# name.  Any logfile name that doesn't begin with a '/' has LOGDIR
+# name.
 # prepended to it.  So, most consoles will just have a '&' as the logfile
 # name which causes /var/consoles/<consolename> to be used.
 #
-LOGDIR=/var/consoles
+default full {
 	rw *;
 }
 default * {
 	logfile /var/consoles/&;
 	timestamp "";
 	include full;
 }
 #
 # list of consoles we serve
 #    name : tty[@host] : baud[parity] : logfile : [mark-interval(m|h|d|l)][+]
 #    name : !host : port : logfile : [mark-interval(m|h|d|l)][+]
 #    name : |command : : logfile : [mark-interval(m|h|d|l)][+]
 #
-tweety:!ts1:2002:&:
+console tweety {
-bambam:!ts1:2003:&:
+	master localhost;
-shell:|::/dev/null:
+	type host;
-telnet:|telnet host::/dev/null:
+	host ts1;
-ttya:/dev/ttya:9600p:&:
+	port 2002;
-%%
+}
 console bambam {
 	master localhost;
 	type host;
 	host ts1;
 	port 2003;
 }
 console shell {
 	master localhost;
 	logfile /dev/null;
 	type exec;
 	exec "";
 }
 console telnet {
 	master localhost;
 	logfile /dev/null;
 	type exec;
 	exec telnet host;
 }
 console ttya {
 	master localhost;
 	type device;
 	device /dev/ttya;
 	baud 9600;
 	parity none;
 }
 #
 # list of clients we allow
 # {trusted|allowed|rejected} : machines
 #
-allowed: 127.0.0.1 gnac.com
+access * {
 	allowed 127.0.0.1 gnac.com;
 }
--- a/conserver.cf/conserver.cf.man
+++ b/conserver.cf/conserver.cf.man
@ -1,239 +1,686 @@
-.\" $Id: conserver.cf.man,v 1.27 2003-04-08 13:46:12-07 bryan Exp $
+.\" $Id: conserver.cf.man,v 1.41 2003-09-21 15:05:48-07 bryan Exp $
-.\" @(#)constab.5 01/06/91 OSU CIS; Thomas A. Fine
+.TH CONSERVER.CF 5 "2003-09-21" "conserver-8.0.0" "conserver"
 .TH CONSERVER.CF 5 "Local"
 .SH NAME
-conserver.cf \- console configuration file for conserver(8)
+conserver.cf \- console configuration file for
-.SH SYNOPSIS
+.BR conserver (8)
 .br
 .BI \s-1LOGDIR\s0= logdirectory
 .br
 .BI \s-1TIMESTAMP\s0= timestamp-spec
 .br
 .BI \s-1BREAK\s0\fIn\fP= break-spec
 .br
 \fIname\fP:\fIdevice\fP[@\fIconserver\fP]:\fIbaud\fP:\fIlogfile\fP:\fItimestamp-spec\fP:\fIbreak\fP
 .br
 \fIname\fP:!\fItermserver\fP[@\fIconserver\fP]:\fIport\fP:\fIlogfile\fP:\fItimestamp-spec\fP:\fIbreak\fP
 .br
 \fIname\fP:|\fIcommand\fP[@\fIconserver\fP]::\fIlogfile\fP:\fItimestamp-spec\fP:\fIbreak\fP
 .br
 \fB%%\fP
 .br
 \fIaccess\fP: \fIhosts\fP
 .SH DESCRIPTION
-.B Conserver.cf
+The format of the conserver.cf file is made up of named blocks of
-is the configuration file for
+keyword/value pairs, comments, and optional whitespace for formatting
-.BR conserver (8).
+flexibility.
-It is read once upon startup;
+The block types as well as the keywords are pre-defined and
-modifications to the file take effect only upon restarting \fBconserver\fP.
+explained in the
 .B \s-1BLOCKS\s0
 section.
 A comment is an unquoted pound-sign
 to a newline.
 See the
 .B \s-1PARSER\s0
 section for full details on whitespace and quoting.
 .PP
-Blank lines and comment lines (those beginning with a ``#'' and
+Let me first show you a sample block with a couple of keyword/value
-optional leading whitespace) are ignored.  Non-ignored lines
+pairs to make the description a bit simpler to understand.
 beginning with whitespace are considered continuations of the
 previous line.  This allows you to span one logical line over
 many physical lines and insert comments wherever appropriate.
 .PP
 The first section of the file has logical lines that are separated into
 six colon-separated fields.  Leading and trailing white space in each
 field is ignored.
 .TP
 .I name
 the unique name by which this connection is referred to
 when using the \fBconsole\fP program.
 This is typically the name of the host whose console is being monitored.
 .TP
 .I device
 the full path name of the device for this line.
 The \fIbaud\fP rate is the speed and parity for this console.
 Speed may be given as an integer,
 parity only requires the first letter of any of: even, odd, mark, space, none.
 For historical reasons, `p' can also be used for no parity.
 .TP
 .BI ! termserver
 the hostname of the terminal server to connect to.
 A socket connection will be made to port \fIport\fP (an integer).
 .TP
 .BI | command
 the command to invoke on the console server.
 .PP
 \fIdevice\fP, !\fItermserver\fP, and |\fIcommand\fP may be followed by
 a remote console server name in the form ``\fB@\fP\fIconserver\fP'',
 in which case the conserver daemon will send connections for \fIname\fP
 to the conserver running on the host named \fIconserver\fP.
 When the ``\fB@\fP\fIconserver\fP'' notation is used,
 \fBconserver\fP recognizes consoles it should manage locally
 by comparing the IP address of \fIconserver\fP
 against the IP address of the name returned by gethostname().
 Thus, it will recognize host aliases, but not names that map to
 different IP addresses that may exist on the same host,
 so care must be used in specifying the hostname.
 Since \fBconserver\fP does recognize its own hostname,
 the same cf file may be used by all servers in a network
 if every console line includes a ``\fB@\fP\fIconserver\fP'' specification.
 .TP
 .I logfile
 the full path name of file where all output from
 this host is logged.  Any occurrence of `&' will be replaced with
 \fIname\fP.  Any path that doesn't begin with a `/' will
 have \fIlogdirectory\fP (as specified in the nearest preceding
 \fB\s-1LOGDIR=\s0\fP
 line) prepended to it.  If the field is empty, no logging will occur.
 .TP
 .I timestamp-spec
 specifies the time between
 timestamps applied to the console log file and
 whether to log read/write connection actions.
 The format of the specification is
 [\fImark-interval\fP[\fBm\fP|\fBh\fP|\fBd\fP|\fBl\fP]][\fBa\fP][\fBb\fP].
 The timestamps look like `[-- MARK -- Mon Jan 25 14:46:56 1999]'.
 The `\fBm\fP', `\fBh\fP', and `\fBd\fP' tags specify
 `minutes' (the default), `hours', and `days'.  The `\fBl\fP' tag
 specifies `lines' and will cause timestamps of the form
 `[Mon Jan 25 14:46:56 PST 1999]' to
 be placed every \fImark-interval\fP lines (a newline character signifies
 a new line). So, `5h' specifies every five hours and `2l' specifies every
 two lines.
 An `\fBa\fP' can be specified to add logs of
 `attached', `detached', and `bumped' actions,
 including the user's name and the host from which the
 \fBconsole\fP connection was made,
 to the logfile.
 A `\fBb\fP' can be specified to add logging of break sequences sent
 to the console.
 .IP
-A default \fItimestamp-spec\fP can be specified by using the
+.ft CR
-\fB\s-1TIMESTAMP=\s0\fP syntax.
+.nf
-All consoles below the \fB\s-1TIMESTAMP=\s0\fP line will use that
+console simple { master localhost; type exec; rw *; }
-\fItimestamp-spec\fP unless overridden on a per-line basis,
+.fi
-and until superseded by another \fB\s-1TIMESTAMP=\s0\fP line.
+.ft
 To turn off marks for a specific
 console, use a \fImark-interval\fP of zero.
 .TP
 .I break
 specifies which break sequence to use.  The default value is `1'.
 Values of `0' thru `9' are valid.  A value of `0' will unset the
 default break sequence, which will cause the \fB^Ecl0\fP sequence to do
 nothing.
 .PP
-The \fIbreak-spec\fP sequences are defined using
+This is actually a fully functional conserver.cf file (if certain
-the \fB\s-1BREAK\s0\fIn\fB=\fR
+conditions are met...and if you can list those conditions, you can
-syntax where \fIn\fP is a number from 1 to 9.
+probably can skip to the
-There are three builtin defaults: ``\s-1BREAK1\s0=\\z'',
+.B \s-1BLOCKS\s0
-``\s-1BREAK2\s0=\\r~^b'',
+section).
-and ``\s-1BREAK3\s0=#.reset -x\\r''.  The values of
+.PP
-the \fB\s-1BREAK\s0\fIn\fR
+Our example is made of up of a console-block named ``simple'' with three
-sequences are simple characters strings with the exception of `\\' and
+keyword/value pairs.
-`^':
+What this does is define a console named ``simple'',
 makes the master of that console the host ``localhost'', makes the type
 an exec-style console, and gives every user read/write permission.
 This is the generic format of the file:
 .IP
 .ft CR
 .nf
 block-type block-name { keyword value; ... }
 .fi
 .ft
 .PP
 To show the addition of comments and whitespace, here is the example
 reformatted (but functionally equivalent):
 .IP
 .ft CR
 .nf
 # define a console named "simple"
 console simple {
    # setting all required values...
    master localhost;
    type exec;  # exec-style console
    rw *;       # allow any username
 }
 .fi
 .ft
 .SH PARSER
 .PP
 The parser has six characters that it considers special.
 These are: ``{'', ``}'', ``;'', ``#'', ``\e'', and ``"''.
 The first three (hereby called tokens) define the format of the
 configuration blocks and are used as word
 seperators, the next is the comment character, and the last two are
 quoting characters.
 .PP
 Word seperation occurs when the parser encounters an unquoted token
 and, in certain cases, whitespace.
 Whitespace is only used as a word seperator when the parser is
 looking for a block-type or keyword.
 When it's looking for a block-name or value, whitespace is like any
 other character, which allows you to embed whitespace in a block-name
 or value without having to quote it.
 Here is an example:
 .IP
 .ft CR
 .nf
 default my defs { rw *; include other defs  ; }
 .fi
 .ft
 .PP
 The block-type is ``default'', the block-name is ``my defs'', and the value
 for the keyword ``include'' is ``other defs''.
 Whitespace around tokens are ignored so you get ``other defs''
 instead of ``other defs  '' as the value.
 .PP
 The only way to use one of the special characters as part of a block-name
 or value is to quote it.
 .PP
 Quoting is a simple matter of prefixing a character with a backslash or
 surrounding a group of characters with double-quotes.
 If a character is prefixed by a backslash, the next character is a
 literal (so ``\e\e'' produces a ``\e'', ``\e"'' produces ``"'', ``\e{''
 produces a ``{'', etc.).
 For double-quoted strings, all characters are literal except for ``\e"'',
 which embeds a double-quote.
 .PP
 Adding a variety of quotes to our example without changing the meaning
 of things, we have:
 .IP
 .ft CR
 .nf
 "defa"ult my\e defs { rw *; in\eclude "other defs"  ; }
 .fi
 .ft
 .SH BLOCKS
 .TP 8
 .B access
 .RI [ " hostname " | " ipaddr " ]
 .br
 Define an access block for the host named
 .I hostname
 or using the address
 .IR ipaddr .
 If the value of ``*'' is used, the access block will be applied to
 all conserver hosts.
 Access lists are used in a first match
 fashion (top down), so order is important.
 .RS
 .TP 15
 .B admin
 .RI [ " username" ,...
 | "" ]
 .br
 Define a list of users making up the admin list for the console server.
 If
 .I username
 matches a previously defined group name, all members of the previous
 group are added to the admin list.
 If the null string (``""'') is used, any
 users previously defined for the console servers's admin list are removed.
 .TP
 .B allowed
 .IR hostname ", ..."
 .br
 The list of hostnames are added to the ``allowed'' list, which grants
 connections from the hosts but requires username authentication.
 .TP
 .B include
 .I accessgroup
 .br
 The access lists defined using the name
 .I accessgroup
 are applied to the current access block.
 The included access block must be previously defined.
 .TP
 .B rejected
 .IR hostname ", ..."
 .br
 The list of hostnames are added to the ``rejected'' list, which rejects
 connections from the hosts.
 .TP
 .B trusted
 .IR hostname ", ..."
 .br
 The list of hostnames are added to the ``trusted'' list, which grants
 connections from the hosts without username authentication.
 .RE
 .TP 8
 .B break
 .I n
 .br
 Define a break sequence where 0 < 
 .I n
 < 10.
 Break sequences are accessed via the
 .RI ``^El n ''
 client escape sequence.
 .RS
 .TP 15
 .B delay
 .I n
 .br
 Set the time delay for the
 .B \ed
 sequence to
 .I n
 milliseconds.
 The default time delay is 250ms.
 .TP
 .B string
 .I breakseq
 .br
 Assign the string
 .IR breakseq
 to the specified slot
 .IR n .
 A break sequence is a simple character string with the exception of `\e'
 and `^':
 .RS
 .sp
 .PD 0
-.IP \\\\a
+.TP 6
 .B \ea
 alert
-.IP \\\\b
+.TP
 .B \eb
 backspace
-.IP \\\\f
+.TP
 .B \ed
 0.33 second delay
 .TP
 .B \ef
 form-feed
-.IP \\\\n
+.TP
 .B \en
 newline
-.IP \\\\r
+.TP
 .B \er
 carriage-return
-.IP \\\\t
+.TP
 .B \et
 tab
-.IP \\\\v
+.TP
 .B \ev
 vertical-tab
-.IP \\\\z
+.TP
 .B \ez
 serial break
-.IP \\\\\\\\
+.TP
 .B \e\e
 backslash
-.IP \\\\^
+.TP
 .B \e^
 circumflex
-.IP \\\\\fIooo\fP
+.TP
-octal representation of a character (where \fIooo\fP is one to three
+.BI \e ooo
-octal digits)
+octal representation of a character (where
-.IP \\\\\fIc\fP
+.I ooo
-character \fIc\fP
+is one to three octal digits)
-.IP ^?
+.TP
 .BI \e c
 character
 .I c
 .TP
 .B ^?
 delete
-.IP ^\fIc\fP
+.TP
-control character (\fIc\fP is `and'ed with 0x1f)
+.BI ^ c
 control character
 .RI ( c
 is ``and''ed with 0x1f)
 .PD
-.PP
+.RE
-This section is terminated with a `\fB%%\fP' token on a line by itself.
+.RE
-.PP
+.TP 8
-The next section of the file contains a list of hosts and addresses
+.B config
-which are allowed to connect to the console server.
+.RI [ " hostname " | " ipaddr " ]
-.B Conserver
+.br
-looks for the first match in the config file
+Define a configuration block for the host named
-for a client's IP address (or network),
+.I hostname
-or hostname (or domain) if it is able to do a reverse lookup on the IP address,
+or using the address
-to determine the level of access to be granted.
+.IR ipaddr .
-Three levels of access may be specified: ``\fBtrust\fP'' (access is granted
+If the value of ``*'' is used, the configuration block will be applied to
-without a password), ``\fBallow\fP'' (access is granted with a password),
+all conserver hosts.
-and ``\fBrefuse\fP'' (access is not granted).  Only the first character of
+.RS
-the word is important, so you can use any word that begins with
+.TP 15
-a ``\fBt\fP'', ``\fBa\fP'', or ``\fBr\fP''.
+.B defaultaccess
-The access level is followed by a colon and a space-separated list of
+.RB [ " rejected " | " trusted " | " allowed " ]
-addresses or host names.
+.br
-Any number of any combination of these levels may be specified,
+Set the default access permission for all hosts not matched by
-bearing in mind that conserver uses the first match for each incoming
+an access list (see the
-client connection, so order is important.
+.B \-a
-.PP
+command-line flag).
-Any complete suffix of a host name may be used to define access for all hosts
+.TP
-in that subdomain.
+.B daemonmode
-For example, `\fBcc.purdue.edu\fP' will allow `mentor.cc.purdue.edu'
+.RB [ " yes " | " true " | " on " | " no " | " false " | " off " ]
-and `mace.cc.purdue.edu', but not `pucc.purdue.edu' or `hack.purdue.edu'.
+.br
-For IP addresses, optional netmask lengths may be specified
+Set whether or not to become a daemon when run (see the
-in CIDR `/' notation.
+.B \-d
-For example, `\fB192.168.1.0\fP' will allow the class C space of 192.168.1.0,
+command-line flag).
-but `\fB192.168.1.0/25\fP' will allow
+.TP
-only the lower half of that same address space (192.168.1.0 thru 192.168.1.127).
+.B logfile
-.SH EXAMPLE
+.I filename
-# name:path:baud:logfile:mark:break
+.br
-.nf
+Set the logfile to write to when in daemon mode (see the
-LOGDIR=/tmp
+.B \-L
-# overriding the builtin BREAK3 sequence
+command-line flag).
-BREAK3=#.reset\\r
+.TP
-# adding another break sequence
+.B passwdfile
-BREAK8=+++
+.I filename
-#
+.br
-# This logs to /tmp/treelog...using BREAK8
+Set the password file location used for authentication (see the
-tree:/dev/ttyj0:9600e:&log::8
+.B \-P
-#
+command-line flag).
-# This logs to /tmp/fishlog...
+.TP
-fish:/dev/ttyj1:4800e:fishlog:
+.B primaryport
-#
+.RI [ " number " | " name " ]
-# Now we're defaulting to /var/tmp for logfiles...
+.br
-LOGDIR=/var/tmp
+Set the port used by the master conserver process (see the
-#
+.B \-p
-# So, this is /var/tmp/birdlog with 1-hour timestamps
+command-line flag).
-bird:/dev/ttyj2:4800m:&log:1h
+.TP
-#
+.B redirect
-# And this is /var/tmp/solarlog, using BREAK4, no timestamps
+.RB [ " yes " | " true " | " on " | " no " | " false " | " off " ]
-solar:|telnet solar::solarlog::4
+.br
-#
+Turn redirection on or off (see the
-# Now things are all in /var/consoles/<console name>
+.B \-R
-LOGDIR=/var/consoles
+command-line flag).
-shell:|::&:
+.TP
-#
+.B reinitcheck
-# These open connections to ports 2003 and 2004 of ts1
+.I number
-# using BREAK2 and BREAK3
+.br
-tribe:!ts1:2003:&::2
+Set the number of seconds used between reinitialization checks (see the
-# This one also has 10-minute timestamps and activity logging
+.B \-O
-reptile:!ts1:2004:&:10ma:3
+command-line flag).
-#
+.TP
-# This opens /dev/ttyh0 if running on extra.cc.purdue.edu;
+.B secondaryport
-# otherwise, clients are redirected to that host.
+.RI [ " number " | " name " ]
-mentor:/dev/ttyh0@extra.cc.purdue.edu:2400e:&:
+.br
-%%
+Set the base port number used by child processes (see the
-#
+.B \-b
-# access restrictions
+command-line flag).
-# (note that the "badhost.cc.purdue.edu" entry must appear
+.TP
-# before the "cc.purdue.edu" entry if connections from
+.B sslcredentials
-# "badhost" are to be rejected, since only the first match
+.I filename
-# is used)
+.br
-#
+Set the
-trust: console.cc.purdue.edu 128.210.7.90
+.SM SSL
-refuse: badhost.cc.purdue.edu
+credentials file location (see the
-allow: cc.purdue.edu stat.cc.purdue.edu
+.B \-c
 command-line flag).
 .TP
 .B sslrequired
 .RB [ " yes " | " true " | " on " | " no " | " false " | " off " ]
 .br
 Set whether or not encryption is required when talking to clients (see the
 .B \-E
 command-line flag).
 .RE
 .TP 8
 .B console
 .I name
 .br
 Define a console identified as
 .IR name .
 The keywords are the same as the
 .B default
 block with the following addition.
 .RS
 .TP 15
 .B aliases
 .RI [ " name" ", ..."
 | "" ]
 .br
 Define a list of console aliases.
 If the null string (``""'') is used, any
 aliases previously defined for the console are removed.
 .RE
 .TP 8
 .B default
 .I name
 .br
 Define a block of defaults identified as
 .IR name .
 If 
 .I name
 is ``*'', the automatically applied default block is defined (basically
 all consoles have an implicit ``include "*";'' at the begining
 of their definition).
 .RS
 .TP 15
 .B baud
 .RB [ " 300 " | " 600 " | " 1800 " | " 2400 " | " 4800"
 .RB | " 9600 " | " 19200 " | " 38400 " | " 57600 " | " 115200 " ]
 .br
 Assign the baud rate to the console.
 Only consoles of type ``device'' will use this value.
 .TP
 .B break
 .I n
 .br
 Assign the break sequence
 .I n
 as the default for the console, which is used by
 the ``^Ecl0'' client escape sequence.
 .TP
 .B device
 .I filename
 .br
 Assign the serial device
 .I filename
 as the access to the console.
 Only consoles of type ``device'' will use this value.
 .TP
 .B exec
 .RI [ " command "
 | "" ]
 .br
 Assign the string
 .I command
 as the command to access the console.
 Conserver will run the command by
 invoking ``/bin/sh -ce "\fIcommand\fP"''.
 If the null string (``""'') is used or no
 .B exec
 keyword is specified, conserver will use the command ``/bin/sh -i''.
 Only consoles of type ``device'' will use this value.
 .TP
 .B host
 .I hostname
 .br
 Assign
 .I hostname
 as the host to connect to for accessing the console.
 You must also set the
 .B port
 option as well.
 Only consoles of type ``host'' will use this value.
 .TP
 .B include
 .I default
 .br
 The default block defined using the name
 .I default
 is applied to the current console or default block.
 The included default block must be previously defined.
 .TP
 .B logfile
 .RI [ " filename "
 | "" ]
 .br
 Assign the logfile specified by
 .I filename
 to the console.  Any occurance of ``&'' in
 .I filename
 will be replaced with the name of the console.
 If the null string (``""'') is used, the logfile name is unset and
 no logging will occur.
 .TP
 .B master
 .RI [ " hostname " | " ipaddr " ]
 .br
 Define which conserver host manages the console.
 The host may be specified by
 .I hostname
 or using the address
 .IR ipaddr .
 .TP
 .B options
 .RI [ " option" ,...
 | "" ]
 .br
 You can negate the option by prefixing it with a
 .RB `` ! ''
 character.
 So, to turn off the
 .B hupcl
 flag, you would use
 .BR !hupcl .
 The following are valid
 .IR option s:
 .RS
 .sp
 .PD 0
 .TP 12
 .B ixon
 Enable
 .SM XON/XOFF
 flow control on output.
 Only consoles of type ``device'' or ``exec'' will use this value.
 Default is
 .BR ixon .
 .TP
 .B ixany
 Enable any character to restart output.
 Only consoles of type ``device'' or ``exec'' will use this value.
 Default is
 .BR !ixany .
 .TP
 .B ixoff
 Enable
 .SM XON/XOFF
 flow control on input.
 Only consoles of type ``device'' or ``exec'' will use this value.
 Default is
 .B ixoff
 for consoles of type ``device'' and
 .B !ixoff
 for consoles of type ``exec''.
 .TP
 .B crtscts
 Enable
 .SM RTS/CTS
 (hardware) flow control.
 Only consoles of type ``device'' will use this value.
 Default is
 .BR !crtscts .
 .TP
 .B cstopb
 Set two stop bits, rather than one.
 Only consoles of type ``device'' will use this value.
 Default is
 .BR !cstopb .
 .TP
 .B hupcl
 Lower modem control lines after last process closes the device (hang up).
 Only consoles of type ``device'' will use this value.
 Default is
 .BR !hupcl .
 .TP
 .B ondemand
 Initialize the console when a client requests a connection to the console.
 When no clients are connected, bring the console down.
 The conserver option
 .B \-i
 will set this flag for all consoles.
 Default is
 .BR !ondemand .
 .TP
 .B striphigh
 Strip the high bit off all data coming from this console and all clients
 connected to this console before processing occurs.
 The conserver option
 .B \-7
 will set this flag for all consoles.
 Default is
 .BR !stiphigh .
 .TP
 .B reinitoncc
 Automatically reinitialize (``bring up'') a downed console when a client
 connects.
 Without this option, a client will be attached to the downed console
 and will need to manually reinitialize the console with an escape sequence.
 The conserver option
 .B \-o
 will set this flag for all consoles.
 Default is
 .BR !reinitoncc .
 .TP
 .B autoreinit
 Allow this console to be automatically reinitialized if it unexpectedly
 goes down.
 If the console doesn't come back up, it is retried every minute.
 A console of type ``exec'' that exits with a zero exit status is
 automatically reinitialized regardless of this setting.
 The conserver option
 .B \-F
 will
 .B unset
 this flag for all consoles.
 Default is
 .BR autoreinit .
 .TP
 .B unloved
 Enable the sending of this console's output (prefixed with it's
 name) to the daemon's stdout (or the logfile if in daemon mode) when no
 clients are connected to the console.
 The conserver option
 .B \-u
 will set this flag for all consoles.
 Default is
 .BR !unloved .
 .PD
 .RE
 .TP
 .B parity
 .RB [ " even " | " mark " | " none " | " odd " | " space " ]
 .br
 Set the parity option for the console.
 Only consoles of type ``device'' will use this value.
 .TP
 .B port
 .RI [ " number " | " name " ]
 .br
 Set the port used to access the console.
 The port may be specified as a
 .I number
 or a
 .IR name ,
 in which case it will use
 .BR getservbyname (3)
 to look up a port number.
 You must also set the
 .B host
 option as well.
 Only consoles of type ``host'' will use this value.
 .TP
 .B ro
 .RI [ " username" ,...
 | "" ]
 .br
 Define a list of users making up the read-only access list
 for the console.
 If
 .I username
 matches a previously defined group name, all members of the previous
 group are added to the read-only access list.
 If the null string (``""'') is used, any
 users previously defined for the console's read-only list are removed.
 .TP
 .B rw
 .RI [ " username" ,...
 | "" ]
 .br
 Define a list of users making up the read-write access list
 for the console.
 If
 .I username
 matches a previously defined group name, all members of the previous
 group are added to the read-write access list.
 If the null string (``""'') is used, any
 users previously defined for the console's read-write list are removed.
 .TP
 .B timestamp
 [
 .RB [ \fInumber\fP [ m | h | d | l ]][ a ][ b ]
 | "" ]
 .br
 Specifies the time between timestamps applied to the console
 log file and whether to log read/write connection actions.
 The timestamps look like ``[-- MARK -- Mon Jan 25 14:46:56 1999]''.
 The
 .RB ` m ',
 .RB ` h ',
 and
 .RB ` d '
 tags specify ``minutes'' (the default), ``hours'', and ``days''.
 The
 .RB ` l '
 tag specifies ``lines'' and will cause timestamps of the
 form ``[Mon Jan 25 14:46:56 PST 1999]'' to
 be placed every
 .I number
 lines (a newline character signifies a new line).
 So, ``5h'' specifies every five hours and ``2l'' specifies every
 two lines.
 An
 .RB ` a '
 can be specified to add logs of ``attached'', ``detached'',
 and ``bumped'' actions, including the user's name and the host from which the
 client connection was made.
 A
 .RB ` b '
 can be specified to add logging of break sequences sent to the console.
 .TP
 .B type
 .RB [ " device " | " exec " | " host " ]
 .br
 Set the type of console.  The type
 .RB `` device ''
 should be used for local serial ports (also set the
 .B device
 option), the type
 .RB `` exec ''
 should be used for command invocations (perhaps also set the
 .B exec
 option), and the type
 .RB `` host ''
 should be used for terminal servers and other socket-based
 interaction (also set the
 .B host
 and
 .B port
 options).
 .RE
 .TP 8
 .B group
 .I name
 .br
 Define a user group identified as
 .I name
 .RS
 .TP 15
 .B users
 .RI [ " username" ,...
 | "" ]
 .br
 Define a list of users making up the group
 .IR name .
 If
 .I username
 matches a previously defined group name, all members of the previous
 group are added to the current group.
 If the null string (``""'') is used, any
 users previously defined for this group are removed.
 .RE
 .SH AUTHORS
 Bryan Stansell, conserver.com
 .SH "SEE ALSO"
 .BR console (1),
 .BR conserver.passwd (5),
--- a/conserver.cf/conserver.passwd
+++ b/conserver.cf/conserver.passwd
@ -1,3 +1,3 @@
-bryan:td1AgneGE3RsU:any
+bryan:td1AgneGE3RsU
-djs:*passwd*:any
+djs:*passwd*
-todd:*passwd*:server1
+todd:*passwd*
--- a/conserver.cf/conserver.passwd.man
+++ b/conserver.cf/conserver.passwd.man
@ -1,70 +1,83 @@
-.\" $Id: conserver.passwd.man,v 1.6 2002-09-23 14:15:53-07 bryan Exp $
+.\" $Id: conserver.passwd.man,v 1.9 2003-07-04 13:20:52-07 bryan Exp $
-.TH CONSERVER.PASSWD 5 "Local"
+.TH CONSERVER.PASSWD 5 "2003-07-04" "conserver-8.0.0" "conserver"
 .SH NAME
-conserver.passwd \- user access information for conserver(8)
+conserver.passwd \- user access information for
 .BR conserver (8)
 .SH SYNOPSIS
-.br
+.IB username : password
 \fIusername\fB:\fIpassword\fB:\fIconsoles\fR
 .SH DESCRIPTION
-The \fBconserver.passwd\fP file
+The
-is the user authentication and authorization file for
+.B conserver.passwd
 file is the user authentication and authorization file for
 .BR conserver (8).
 Upon each incoming client connection,
-\fBconserver\fP opens and reads the \fBconserver.passwd\fP file,
+.B conserver
-so edits to the file take effect immediately.
+opens and reads the
-It reads only until the first \fIusername\fP match.
+.B conserver.passwd
 file, so edits to the file take effect immediately.
 It reads only until the first
 .I username
 match.
 .PP
 Blank lines and comment lines (those beginning with a ``#'' and
-optional leading whitespace) are ignored.  Non-ignored lines
+optional leading whitespace) are ignored.
-beginning with whitespace are considered continuations of the
+Non-ignored lines beginning with whitespace are considered
-previous line.  This allows you to span one logical line over
+continuations of the previous line.
 This allows you to span one logical line over
 many physical lines and insert comments wherever appropriate.
 .PP
-Each logical line consists of three colon-separated fields.
+Each logical line consists of two colon-separated fields.
-Leading and trailing white space in each
+Leading and trailing white space in each field is ignored.
 field is ignored.
 .TP
 .I username
 the login name of the authorized user,
-or the string ``\fB*any*\fP'' to match any user.
+or the string
-This is compared against the name sent by the \fBconsole\fP client,
+.RB `` *any* ''
-based either on the user's identity or on the \fB\-l\fP option.
+to match any user.
-Since \fBconserver\fP only uses the first \fIusername\fP match,
+This is compared against the name sent by the
-an ``\fB*any*\fP'' entry will apply to any user
+.B console
 client, based either on the user's identity or on the
 .B \-l option.
 Since
 .B conserver
 only uses the first
 .I username
 match, a
 .RB `` *any* ''
 entry will apply to any user
 without an entry earlier in the file.
 .TP
 .I password
 the encrypted password,
-or the string ``\fB*passwd*\fP''
+or the string
-to indicate that \fBconserver\fP should look up the user's password
+.RB `` *passwd* ''
-in the system \fBpasswd\fP (or \fBshadow\fP) database.  If PAM
+to indicate that
-support has been enabled (\fB--with-pam\fP), PAM lookups will be done instead
+.B conserver
-of \fBpasswd\fP (or \fBshadow\fP) lookups.
+should look up the user's password
 in the system
 .BR passwd " (or " shadow ") database."
 If PAM support has been enabled
 .RB ( --with-pam ),
 PAM lookups will be done instead of
 .BR passwd " (or " shadow ") lookups."
 If this field is empty, password checking is bypassed for this user.
 .TP
 .I consoles
 a comma- and/or space-separated list of consoles
 to which the user is permitted to connect,
 or the string ``\fBany\fP'' to allow access to any console.
 These names must match the console names in the \fBconserver.cf\fP file.
 If regular expression support was compiled in using --with-regex, the
 names here are treated as regular expressions.
 .SH EXAMPLE
-.TP 30
+.TP 24
-\fBmary:r71mXjfALB5Ak:any\fP
+.B mary:r71mXjfALB5Ak
-Mary may connect to any console if her password matches;
+Mary uses the password specified above;
 it does not matter whether she has a login on the conserver host.
 .TP
-\fBfred:*passwd*:foo.example.com,bar.example.com\fP
+.B fred:*passwd*
-Fred may connect only to the listed consoles,
+Fred may connect only with his regular login password on the conserver host.
 and only with his regular login password on the conserver host.
 .TP
-\fBbozo:*:\fP
+.B bozo:*
-Bozo is not allowed access to any consoles.
+Bozo is only allowed to access a console if his password isn't used (since
 it's invalid) which means he needs to come from a
 .B trusted
 host.
 .TP
-\fB*any*:*passwd*:any\fP
+.B *any*:*passwd*
-Anyone not listed above may access any console
+Anyone not listed above uses their regular login and password.
 if they have a regular login and know the password.
 .SH "SEE ALSO"
 .BR console (1),
 .BR conserver.cf (5),
@ -73,4 +86,8 @@ if they have a regular login and know the password.
 .PP
 There is currently no way provided by the conserver package
 to generate the encrypted password strings
-besides copying them from the system \fBpasswd\fP database.
+besides copying them from the system
 .B passwd
 database or running
 .BR crypt (3)
 via C or perl or some other language that supports it.
--- a/conserver.cf/test.cf
+++ b/conserver.cf/test.cf
@ -1,30 +1,45 @@
 # dummy conserver config file
 #
-# $Id: dummy.cf,v 4.3 92/07/27 12:23:59 ksb Exp $
+# $Id: test.cf,v 1.2 2003-07-04 11:04:05-07 bryan Exp $
 #
 # 1. change the `/dev/ttya' to any tty device you can put a serial device on
 #    that you could talk to with kermit/cu.  Put in the baud rate and parity.
 #
 # 2. change the `cc.purdue.edu' to your local domain.
 #
 # 3. !! do not leave this up, as it can give local users a root shell (login)
 #    !! for extended testing change the `|' to `|su - tst' where tst is a
 #    !! vanilla test acount, or comment out the `login' console.
 #
 default full {
 	rw *;
 }
 default * {
 	logfile /tmp/&;
 	timestamp "";
 	include full;
 }
 break 5 {
 	string "\rtest\r";
 }
 # list of consoles we serve
-# name : tty[@host] : baud[parity] : device : group
+console shell {
-DOMAINHACK=
+	master localhost;
-LOGDIR=/tmp
+	timestamp 5;
-BREAK5=\rtest\r
+	type exec;
-shell:|:9600p:&:5
+	exec "";
-bash:|/usr/local/bin/bash::&:2
+}
-web:!www.conserver.com:80:&:
+console bash {
-b:/dev/ttyb:9600p:&:
+	master localhost;
-#ts6-10:!ts6:10010:&:
+	timestamp 2;
-#ts6-11:!ts6:10011:&:
+	type exec;
-#ts6-12:!ts6:10012:&:
+	exec /usr/local/bin/bash;
-#ts6-13:!ts6:10013:&:
+}
-%%
+console web {
 	master localhost;
 	type host;
 	host www.conserver.com;
 	port 80;
 }
 console b {
 	master localhost;
 	type device;
 	device /dev/ttyb;
 	baud 9600;
 	parity none;
 }
 # list of clients we allow
-# type machines
+access * {
-trusted: 127.0.0.1
+	trusted 127.0.0.1;
 }
--- a/conserver.html
+++ b/conserver.html
@ -183,11 +183,11 @@
          <H3>Downloading</H3>
-          <P>The current version, released on Apr 9, 2003, is <A
+          <P>The current version, released on Sep 22, 2003, is <A
-          href="7.2.7.tar.gz">7.2.7.tar.gz</A>. You can get it via
+          href="8.0.0.tar.gz">8.0.0.tar.gz</A>. You can get it via
          <A href=
-          "ftp://ftp.conserver.com/conserver/7.2.7.tar.gz">FTP</A>
+          "ftp://ftp.conserver.com/conserver/8.0.0.tar.gz">FTP</A>
-          or <A href="7.2.7.tar.gz">HTTP</A>. See the <A href=
+          or <A href="8.0.0.tar.gz">HTTP</A>. See the <A href=
          "CHANGES">CHANGES</A> file for information on the latest
          updates.</P>
@ -216,7 +216,7 @@
          more), please let me know.</P>
          <UL>
-            <LI>AIX 4.3.3/5.1, native cc</LI>
+            <LI>AIX 4.3.3/5.1/5.2, native cc</LI>
            <LI>BSDI BSD/OS 3.X, gcc</LI>
@ -226,7 +226,7 @@
            <LI>DEC Tru64 4.0/5.1, native cc</LI>
-            <LI>FreeBSD 4.2 (x86), gcc</LI>
+            <LI>FreeBSD 4.2/4.8/5.1 (x86), gcc</LI>
            <LI>HP-UX 10.20, gcc</LI>
--- a/conserver/Makefile.in
+++ b/conserver/Makefile.in
@ -6,6 +6,7 @@ exec_prefix = @exec_prefix@
 sbindir = @sbindir@
 sysconfdir = @sysconfdir@
 mandir = @mandir@
 exampledir = $(prefix)/share/examples/conserver
 ### Installation programs and flags
 INSTALL = @INSTALL@
@ -31,7 +32,7 @@ CONSERVER_HDRS = ../config.h $(top_srcdir)/compat.h $(srcdir)/access.h \
 		 $(srcdir)/client.h $(srcdir)/consent.h $(srcdir)/group.h \
 		 $(srcdir)/main.h $(srcdir)/master.h $(srcdir)/readcfg.h \
 		 $(srcdir)/util.h
-ALL = conserver
+ALL = conserver convert
 all: $(ALL)
@ -39,6 +40,9 @@ all: $(ALL)
 conserver: $(CONSERVER_OBJS)
 	$(CC) $(CFLAGS) $(LDFLAGS) -o conserver $(CONSERVER_OBJS) $(LIBS)
 convert: convert.o util.o
 	$(CC) $(CFLAGS) $(LDFLAGS) -o convert convert.o util.o $(LIBS)
 .c.o:
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
@ -53,7 +57,7 @@ install: conserver
 	$(INSTALL_PROGRAM) conserver $(DESTDIR)$(sbindir)
 	$(MKDIR) $(DESTDIR)$(mandir)/man8
 	$(INSTALL) conserver.man $(DESTDIR)$(mandir)/man8/conserver.8
-	$(MKDIR) $(DESTDIR)$(sysconfdir)
+	$(MKDIR) $(DESTDIR)$(exampledir)
-	[ -f $(DESTDIR)$(sysconfdir)/conserver.rc ] || $(INSTALL) conserver.rc $(DESTDIR)$(sysconfdir)
+	$(INSTALL) conserver.rc $(DESTDIR)$(exampledir)
 .PHONY: clean distclean install
--- a/conserver/access.c
+++ b/conserver/access.c
@ -1,5 +1,5 @@
 /*
- *  $Id: access.c,v 5.53 2003-04-06 05:31:54-07 bryan Exp $
+ *  $Id: access.c,v 5.66 2003-08-15 14:24:39-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
@ -34,24 +34,9 @@
 * 4. This notice may not be removed or altered.
 */
 #include <config.h>
 #include <sys/param.h>
 #include <sys/socket.h>
 #include <sys/file.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <stdio.h>
 #include <ctype.h>
 #include <signal.h>
 #include <pwd.h>
 #include <compat.h>
 #include <util.h>
 #include <util.h>
 #include <access.h>
 #include <consent.h>
 #include <client.h>
@ -60,7 +45,6 @@
 #include <main.h>
 /* Compare an Internet address (IPv4 expected), with an address pattern
 * passed as a character string representing an address in the Internet
 * standard `.' notation, optionally followed by a slash and an integer
@ -84,9 +68,12 @@ AddrCmp(addr, pattern)
 {
    in_addr_t hostaddr, pattern_addr, netmask;
    char *p, *slash_posn;
-    static STRING *buf = (STRING *) 0;
+    static STRING *buf = (STRING *)0;
 #if HAVE_INET_ATON
    struct in_addr inetaddr;
 #endif
-    if (buf == (STRING *) 0)
+    if (buf == (STRING *)0)
 	buf = AllocString();
    slash_posn = strchr(pattern, '/');
    if (slash_posn != NULL) {
@ -97,9 +84,15 @@ AddrCmp(addr, pattern)
    } else
 	p = pattern;
 #if HAVE_INET_ATON
    if (inet_aton(p, &inetaddr) == 0)
 	return 1;
    pattern_addr = inetaddr.s_addr;
 #else
    pattern_addr = inet_addr(p);
    if (pattern_addr == (in_addr_t) (-1))
 	return 1;		/* malformed address */
 #endif
    if (slash_posn) {
 	/* convert explicit netmask */
@ -123,9 +116,9 @@ AddrCmp(addr, pattern)
 	netmask = 0xffffffff;	/* compare entire addresses */
    hostaddr = addr->s_addr;
-    Debug(1, "AddrCmp(): host=%lx(%lx/%lx) acl=%lx(%lx/%lx)",
+    CONDDEBUG((1, "AddrCmp(): host=%lx(%lx/%lx) acl=%lx(%lx/%lx)",
-	  hostaddr & netmask, hostaddr, netmask, pattern_addr & netmask,
+	       hostaddr & netmask, hostaddr, netmask,
-	  pattern_addr, netmask);
+	       pattern_addr & netmask, pattern_addr, netmask));
    return (hostaddr & netmask) != (pattern_addr & netmask);
 }
@ -133,53 +126,102 @@ AddrCmp(addr, pattern)
 */
 char
 #if PROTOTYPES
-AccType(struct in_addr *addr, char *hname)
+AccType(struct in_addr *addr, char **peername)
 #else
-AccType(addr, hname)
+AccType(addr, peername)
    struct in_addr *addr;
-    char *hname;
+    char **peername;
 #endif
 {
    char *pcName;
    int len;
    ACCESS *pACtmp;
    socklen_t so;
    struct hostent *he = (struct hostent *)0;
    int a;
 #if TRUST_REVERSE_DNS
    char *pcName;
    int wlen;
    char *hname;
    int len;
 #endif
-    if (fDebug) {
+    CONDDEBUG((1, "AccType(): ip=%s", inet_ntoa(*addr)));
-	if (hname)
+
-	    Debug(1, "AccType(): hostname=%s, ip=%s", hname,
+    so = sizeof(*addr);
-		  inet_ntoa(*addr));
+    for (pACtmp = pACList; pACtmp != (ACCESS *)0; pACtmp = pACtmp->pACnext) {
-	else
+	CONDDEBUG((1, "AccType(): who=%s, trust=%c", pACtmp->pcwho,
-	    Debug(1, "AccType(): hostname=<unresolvable>, ip=%s",
+		   pACtmp->ctrust));
 		  inet_ntoa(*addr));
    }
    for (pACtmp = pACList; pACtmp != (ACCESS *) 0;
 	 pACtmp = pACtmp->pACnext) {
 	Debug(1, "AccType(): who=%s, trust=%c", pACtmp->pcwho,
 	      pACtmp->ctrust);
 	if (pACtmp->isCIDR != 0) {
-	    if (0 == AddrCmp(addr, pACtmp->pcwho)) {
+	    if (AddrCmp(addr, pACtmp->pcwho) == 0)
 		return pACtmp->ctrust;
 	    }
 	    continue;
 	}
-	if (hname && hname[0] != '\000') {
+
-	    pcName = hname;
+	if ((he = gethostbyname(pACtmp->pcwho)) == (struct hostent *)0) {
-	    len = strlen(pcName);
+	    Error("AccType(): gethostbyname(%s): %s", pACtmp->pcwho,
-	    while (len >= pACtmp->ilen) {
+		  hstrerror(h_errno));
-		Debug(1, "AccType(): name=%s", pcName);
+	    continue;
-		if (0 == strcasecmp(pcName, pACtmp->pcwho)) {
+	}
 	if (4 != he->h_length || AF_INET != he->h_addrtype) {
 	    Error
 		("AccType(): gethostbyname(%s): wrong address size (4 != %d) or address family (%d != %d)",
 		 pACtmp->pcwho, he->h_length, AF_INET, he->h_addrtype);
 	    continue;
 	}
 	for (a = 0; he->h_addr_list[a] != (char *)0; a++) {
 	    CONDDEBUG((1, "AccType(): addr=%s",
 		       inet_ntoa(*(struct in_addr *)
 				 (he->h_addr_list[a]))));
 	    if (
 #if HAVE_MEMCMP
 		   memcmp(&(addr->s_addr), he->h_addr_list[a],
 			  he->h_length)
 #else
 		   bcmp(&(addr->s_addr), he->h_addr_list[a], he->h_length)
 #endif
 		   == 0)
 		return pACtmp->ctrust;
 	}
    }
 #if TRUST_REVERSE_DNS
    /* if we trust reverse dns, we get the names associated with
     * the address we're checking and then check each of those
     * against the access list entries.
     * we chop bits off client names so that we can put domain
     * names in access lists or even top-level domains.
     *    allowed conserver.com, net;
     * this allows anything from conserver.com and anything in
     * the .net top-level.  without TRUST_REVERSE_DNS, those names
     * better map to ip addresses for them to take effect.
     */
    if ((he =
 	 gethostbyaddr((char *)addr, so,
 		       AF_INET)) == (struct hostent *)0) {
 	Error("AccType(): gethostbyaddr(%s): %s", inet_ntoa(*addr),
 	      hstrerror(h_errno));
 	return config->defaultaccess;
    }
    for (pACtmp = pACList; pACtmp != (ACCESS *)0; pACtmp = pACtmp->pACnext) {
 	if (pACtmp->isCIDR != 0)
 	    continue;
 	wlen = strlen(pACtmp->pcwho);
 	for (hname = he->h_name, a = 0; hname != (char *)0;
 	     hname = he->h_aliases[a++]) {
 	    for (pcName = hname, len = strlen(pcName); len >= wlen;
 		 len = strlen(++pcName)) {
 		CONDDEBUG((1, "AccType(): name=%s", pcName));
 		if (strcasecmp(pcName, pACtmp->pcwho) == 0) {
 		    *peername = hname;
 		    return pACtmp->ctrust;
 		}
 		pcName = strchr(pcName, '.');
-		if ((char *)0 == pcName) {
+		if (pcName == (char *)0)
 		    break;
 		}
 		++pcName;
 		len = strlen(pcName);
 	    }
 	}
    }
-    return chDefAcc;
+#endif
    return config->defaultaccess;
 }
 void
@ -191,100 +233,51 @@ SetDefAccess(pAddr, pHost)
    char *pHost;
 #endif
 {
-    char *pcWho, *pcDomain;
+    char *pcDomain;
    int iLen;
    char *addr;
    ACCESS *a;
-    addr = inet_ntoa(*pAddr);
+    while (pAddr->s_addr != (in_addr_t) 0) {
-    iLen = strlen(addr);
+	addr = inet_ntoa(*pAddr);
-    if ((ACCESS *) 0 == (pACList = (ACCESS *) calloc(1, sizeof(ACCESS)))) {
+	if ((a = (ACCESS *)calloc(1, sizeof(ACCESS))) == (ACCESS *)0)
-	OutOfMem();
+	    OutOfMem();
 	if ((a->pcwho = strdup(addr)) == (char *)0)
 	    OutOfMem();
 	a->ctrust = 'a';
 	a->pACnext = pACList;
 	pACList = a;
 	CONDDEBUG((1, "SetDefAccess(): trust=%c, who=%s", pACList->ctrust,
 		   pACList->pcwho));
 	pAddr++;
    }
    if ((char *)0 == (pcWho = malloc(iLen + 1))) {
 	OutOfMem();
    }
    pACList->ctrust = 'a';
    pACList->ilen = iLen;
    pACList->pcwho = strcpy(pcWho, addr);
-    Debug(1, "SetDefAccess(): trust=%c, who=%s", pACList->ctrust,
+    if ((char *)0 == (pcDomain = strchr(pHost, '.')))
 	  pACList->pcwho);
    if ((char *)0 == (pcDomain = strchr(pHost, '.'))) {
 	return;
    }
    ++pcDomain;
    iLen = strlen(pcDomain);
-    if ((ACCESS *) 0 ==
+    if ((a = (ACCESS *)calloc(1, sizeof(ACCESS))) == (ACCESS *)0)
 	(pACList->pACnext = (ACCESS *) calloc(1, sizeof(ACCESS)))) {
 	OutOfMem();
-    }
+    if ((a->pcwho = strdup(pcDomain)) == (char *)0)
    if ((char *)0 == (pcWho = malloc(iLen + 1))) {
 	OutOfMem();
-    }
+    a->ctrust = 'a';
-    pACList->pACnext->ctrust = 'a';
+    a->pACnext = pACList;
-    pACList->pACnext->ilen = iLen;
+    pACList = a;
    pACList->pACnext->pcwho = strcpy(pcWho, pcDomain);
-    Debug(1, "SetDefAccess(): trust=%c, who=%s", pACList->pACnext->ctrust,
+    CONDDEBUG((1, "SetDefAccess(): trust=%c, who=%s", pACList->ctrust,
-	  pACList->pACnext->pcwho);
+	       pACList->pcwho));
 }
 /* thread ther list of uniq console server machines, aliases for	(ksb)
 * machines will screw us up
 */
 REMOTE *
 #if PROTOTYPES
 FindUniq(REMOTE * pRCAll)
 #else
 FindUniq(pRCAll)
    REMOTE *pRCAll;
 #endif
 {
    REMOTE *pRC;
    /* INV: tail of the list we are building always contains only
     * uniq hosts, or the empty list.
     */
    if ((REMOTE *) 0 == pRCAll) {
 	return (REMOTE *) 0;
    }
    pRCAll->pRCuniq = FindUniq(pRCAll->pRCnext);
    /* if it is in the returned list of uniq hosts, return that list
     * else add us by returning our node
     */
    for (pRC = pRCAll->pRCuniq; (REMOTE *) 0 != pRC; pRC = pRC->pRCuniq) {
 	if (0 == strcasecmp(pRC->rhost.string, pRCAll->rhost.string)) {
 	    return pRCAll->pRCuniq;
 	}
    }
    return pRCAll;
 }
 void
 #if PROTOTYPES
-DestroyRemoteConsole(REMOTE * pRCList)
+DestroyAccessList(ACCESS *pACList)
 #else
 DestroyRemoteConsole(pRCList)
    REMOTE *pRCList;
 #endif
 {
    DestroyString(&pRCList->rserver);
    DestroyString(&pRCList->rhost);
    free(pRCList);
 }
 void
 #if PROTOTYPES
 DestroyAccessList(ACCESS * pACList)
 #else
 DestroyAccessList(pACList)
    ACCESS *pACList;
 #endif
 {
    if (pACList == (ACCESS *)0)
 	return;
    if (pACList->pcwho != (char *)0)
 	free(pACList->pcwho);
    free(pACList);
--- a/conserver/access.h
+++ b/conserver/access.h
@ -1,5 +1,5 @@
 /*
- *  $Id: access.h,v 5.22 2003-03-06 10:13:41-08 bryan Exp $
+ *  $Id: access.h,v 5.26 2003-08-10 11:11:20-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
@ -39,21 +39,11 @@
 typedef struct access {
    char ctrust;		/* how much do we trust the host        */
    int ilen;			/* length (strlen) of pcwho             */
    char *pcwho;		/* what is the hosts name/ip number     */
    int isCIDR;			/* is this a CIDR addr (or hostname?)   */
    struct access *pACnext;	/* next access list                     */
 } ACCESS;
-typedef struct remote {		/* console at another host              */
+extern char AccType PARAMS((struct in_addr *, char **));
    struct remote *pRCnext;	/* next remote console we know about    */
    struct remote *pRCuniq;	/* list of uniq remote servers          */
    STRING rserver;		/* remote server name                   */
    STRING rhost;		/* remote host to call to get it        */
 } REMOTE;
 extern REMOTE *FindUniq PARAMS((REMOTE *));
 extern char AccType PARAMS((struct in_addr *, char *));
 extern void SetDefAccess PARAMS((struct in_addr *, char *));
 extern void DestroyRemoteConsole PARAMS((REMOTE *));
 extern void DestroyAccessList PARAMS((ACCESS *));
--- a/conserver/client.c
+++ b/conserver/client.c
@ -1,5 +1,5 @@
 /*
- *  $Id: client.c,v 5.60 2003-03-17 08:38:40-08 bryan Exp $
+ *  $Id: client.c,v 5.69 2003-08-15 14:24:39-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
@ -34,33 +34,27 @@
 * 4. This notice may not be removed or altered.
 */
 #include <config.h>
 #include <sys/param.h>
 #include <sys/socket.h>
 #include <sys/file.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <netinet/in.h>
 #include <netdb.h>
 #include <stdio.h>
 #include <ctype.h>
 #include <signal.h>
 #include <pwd.h>
 #include <compat.h>
 #include <util.h>
 #include <util.h>
 #include <consent.h>
 #include <access.h>
 #include <client.h>
 #include <group.h>
 #if defined(USE_LIBWRAP)
 #include <syslog.h>
 #include <tcpd.h>
 int allow_severity = LOG_INFO;
 int deny_severity = LOG_WARNING;
 #endif
 /* find the next guy who wants to write on the console			(ksb)
 */
 CONSCLIENT *
 #if PROTOTYPES
-FindWrite(CONSCLIENT * pCL)
+FindWrite(CONSCLIENT *pCL)
 #else
 FindWrite(pCL)
    CONSCLIENT *pCL;
@ -71,10 +65,11 @@ FindWrite(pCL)
     * most recent or some such... I guess it doesn't matter that
     * much.
     */
-    for ( /*passed in */ ; (CONSCLIENT *) 0 != pCL; pCL = pCL->pCLnext) {
+    for ( /*passed in */ ; (CONSCLIENT *)0 != pCL; pCL = pCL->pCLnext) {
-	if (!pCL->fwantwr)
+	if (!pCL->fwantwr || pCL->fro)
 	    continue;
-	if (!pCL->pCEto->fup || pCL->pCEto->fronly)
+	if (!(pCL->pCEto->fup && pCL->pCEto->ioState == ISNORMAL) ||
 	    pCL->pCEto->fronly)
 	    break;
 	pCL->fwantwr = 0;
 	pCL->fwr = 1;
@ -83,10 +78,10 @@ FindWrite(pCL)
 	} else {
 	    FileWrite(pCL->fd, "\r\n[attached]\r\n", -1);
 	}
-	TagLogfileAct(pCL->pCEto, "%s attached", pCL->acid.string);
+	TagLogfileAct(pCL->pCEto, "%s attached", pCL->acid->string);
 	return pCL;
    }
-    return (CONSCLIENT *) 0;
+    return (CONSCLIENT *)0;
 }
 /* replay last iBack lines of the log file upon connect to console	(ksb)
@ -97,7 +92,7 @@ FindWrite(pCL)
 */
 void
 #if PROTOTYPES
-Replay(CONSFILE * fdLog, CONSFILE * fdOut, int iBack)
+Replay(CONSFILE *fdLog, CONSFILE *fdOut, int iBack)
 #else
 Replay(fdLog, fdOut, iBack)
    CONSFILE *fdLog;
@ -116,8 +111,8 @@ Replay(fdLog, fdOut, iBack)
    struct stat stLog;
    struct lines {
 	int is_mark;
-	STRING line;
+	STRING *line;
-	STRING mark_end;
+	STRING *mark_end;
    } *lines;
    int n_lines;
    int ln;
@ -130,7 +125,7 @@ Replay(fdLog, fdOut, iBack)
    unsigned long dmallocMarkReplay = 0;
 #endif
-    if ((CONSFILE *) 0 == fdLog) {
+    if ((CONSFILE *)0 == fdLog) {
 	FileWrite(fdOut, "[no log file on this console]\r\n", -1);
 	return;
    }
@ -160,6 +155,10 @@ Replay(fdLog, fdOut, iBack)
    if ((struct lines *)0 == lines) {
 	OutOfMem();
    }
    for (i = 0; i < n_lines; i++) {
 	lines[i].mark_end = AllocString();
 	lines[i].line = AllocString();
    }
    ln = -1;
    /* loop as long as there is data in the file or we have not found
@ -185,7 +184,7 @@ Replay(fdLog, fdOut, iBack)
 		goto common_exit;
 	    }
 #endif
-	    if ((r = FileRead(fdLog, buf, BUFSIZ)) <= 0) {
+	    if ((r = FileRead(fdLog, buf, BUFSIZ)) < 0) {
 		goto common_exit;
 	    }
 	    bp = buf + r;
@ -199,21 +198,21 @@ Replay(fdLog, fdOut, iBack)
 		/* reverse the text to put it in forward order
 		 */
-		u = lines[ln].line.used - 1;
+		u = lines[ln].line->used - 1;
 		for (i = 0; i < u / 2; i++) {
 		    int temp;
-		    temp = lines[ln].line.string[i];
+		    temp = lines[ln].line->string[i];
-		    lines[ln].line.string[i]
+		    lines[ln].line->string[i]
-			= lines[ln].line.string[u - i - 1];
+			= lines[ln].line->string[u - i - 1];
-		    lines[ln].line.string[u - i - 1] = temp;
+		    lines[ln].line->string[u - i - 1] = temp;
 		}
 		/* see if this line is a MARK
 		 */
-		if (lines[ln].line.used > 0 &&
+		if (lines[ln].line->used > 0 &&
-		    lines[ln].line.string[0] == '[') {
+		    lines[ln].line->string[0] == '[') {
-		    i = sscanf(lines[ln].line.string + 1,
+		    i = sscanf(lines[ln].line->string + 1,
 			       "-- MARK -- %3c %3c %d %d:%d:%d %d]\r\n",
 			       dummy, dummy, &j, &j, &j, &j, &j);
 		    is_mark = (i == 7);
@ -227,27 +226,23 @@ Replay(fdLog, fdOut, iBack)
 		    /* this is a mark and the previous line is also
 		     * a mark, so make (or continue) that range
 		     */
-		    if (0 == lines[ln - 1].mark_end.allocated) {
+		    if (0 == lines[ln - 1].mark_end->allocated) {
 			/* this is a new range - shuffle pointers
 			 *
 			 * remember that we are moving backward
 			 */
-			lines[ln - 1].mark_end = lines[ln - 1].line;
+			*(lines[ln - 1].mark_end) = *(lines[ln - 1].line);
-			lines[ln - 1].line.string = (char *)0;
+			InitString(lines[ln - 1].line);
 			lines[ln - 1].line.used = 0;
 			lines[ln - 1].line.allocated = 0;
 		    }
 		    /* if unallocated, cheat and shuffle pointers */
-		    if (0 == lines[ln - 1].line.allocated) {
+		    if (0 == lines[ln - 1].line->allocated) {
-			lines[ln - 1].line = lines[ln].line;
+			*(lines[ln - 1].line) = *(lines[ln].line);
-			lines[ln].line.string = (char *)0;
+			InitString(lines[ln].line);
 			lines[ln].line.used = 0;
 			lines[ln].line.allocated = 0;
 		    } else {
-			BuildString((char *)0, &lines[ln - 1].line);
+			BuildString((char *)0, lines[ln - 1].line);
-			BuildString(lines[ln].line.string,
+			BuildString(lines[ln].line->string,
-				    &lines[ln - 1].line);
+				    lines[ln - 1].line);
-			BuildString((char *)0, &lines[ln].line);
+			BuildString((char *)0, lines[ln].line);
 		    }
 		    ln--;
 		}
@ -268,14 +263,14 @@ Replay(fdLog, fdOut, iBack)
 	if (ln < 0) {
 	    ln = 0;
 	}
-	BuildStringChar(ch, &lines[ln].line);
+	BuildStringChar(ch, lines[ln].line);
 	/* if we've processed "a lot" of data for a line, then bail
 	 * why?  there must be some very long non-newline terminated
 	 * strings and if we just keep going back, we could spew lots
 	 * of data and chew up lots of memory
 	 */
-	if (lines[ln].line.used > MAXREPLAYLINELEN) {
+	if (lines[ln].line->used > MAXREPLAYLINELEN) {
 	    break;
 	}
    }
@ -284,18 +279,18 @@ Replay(fdLog, fdOut, iBack)
    /* if we got back to beginning of file but saw some data, include it
     */
-    if (ln >= 0 && lines[ln].line.used > 0) {
+    if (ln >= 0 && lines[ln].line->used > 0) {
 	/* reverse the text to put it in forward order
 	 */
-	u = lines[ln].line.used - 1;
+	u = lines[ln].line->used - 1;
 	for (i = 0; i < u / 2; i++) {
 	    int temp;
-	    temp = lines[ln].line.string[i];
+	    temp = lines[ln].line->string[i];
-	    lines[ln].line.string[i]
+	    lines[ln].line->string[i]
-		= lines[ln].line.string[u - i - 1];
+		= lines[ln].line->string[u - i - 1];
-	    lines[ln].line.string[u - i - 1] = temp;
+	    lines[ln].line->string[u - i - 1] = temp;
 	}
 	ln++;
    }
@ -303,16 +298,16 @@ Replay(fdLog, fdOut, iBack)
    /* copy the lines into the buffer and put them in order
     */
    for (i = ln - 1; i >= 0; i--) {
-	if (lines[i].is_mark && 0 != lines[i].mark_end.used) {
+	if (lines[i].is_mark && 0 != lines[i].mark_end->used) {
 	    int mark_len;
 	    /* output the start of the range, stopping at the ']'
 	     */
-	    s = strrchr(lines[i].line.string, ']');
+	    s = strrchr(lines[i].line->string, ']');
 	    if ((char *)0 != s) {
 		*s = '\000';
 	    }
-	    FileWrite(fdOut, lines[i].line.string, -1);
+	    FileWrite(fdOut, lines[i].line->string, -1);
 	    FileWrite(fdOut, " .. ", -1);
 	    /* build the end string by removing the leading "[-- MARK -- "
@ -320,24 +315,24 @@ Replay(fdLog, fdOut, iBack)
 	     */
 	    mark_len = sizeof("[-- MARK -- ") - 1;
-	    s = strrchr(lines[i].mark_end.string + mark_len, ']');
+	    s = strrchr(lines[i].mark_end->string + mark_len, ']');
 	    if ((char *)0 != s) {
 		*s = '\000';
 	    }
-	    FileWrite(fdOut, lines[i].mark_end.string + mark_len, -1);
+	    FileWrite(fdOut, lines[i].mark_end->string + mark_len, -1);
 	    FileWrite(fdOut, " -- MARK --]\r\n", -1);
-	    u = lines[i].mark_end.used;
+	    u = lines[i].mark_end->used;
-	    s = lines[i].mark_end.string;
+	    s = lines[i].mark_end->string;
 	} else
-	    FileWrite(fdOut, lines[i].line.string, -1);
+	    FileWrite(fdOut, lines[i].line->string, -1);
    }
  common_exit:
    if ((struct lines *)0 != lines) {
 	for (i = 0; i < n_lines; i++) {
-	    DestroyString(&lines[i].mark_end);
+	    DestroyString(lines[i].mark_end);
-	    DestroyString(&lines[i].line);
+	    DestroyString(lines[i].line);
 	}
 	free(lines);
 	lines = (struct lines *)0;
@ -347,7 +342,7 @@ Replay(fdLog, fdOut, iBack)
 	buf = (char *)0;
    }
 #if HAVE_DMALLOC && DMALLOC_MARK_REPLAY
-    Debug(1, "Replay(): dmalloc / MarkReplay");
+    CONDDEBUG((1, "Replay(): dmalloc / MarkReplay"));
    dmalloc_log_changed(dmallocMarkReplay, 1, 0, 1);
 #endif
 }
@ -408,7 +403,7 @@ static HELP aHLTable[] = {
 */
 void
 #if PROTOTYPES
-HelpUser(CONSCLIENT * pCL)
+HelpUser(CONSCLIENT *pCL)
 #else
 HelpUser(pCL)
    CONSCLIENT *pCL;
@ -418,9 +413,9 @@ HelpUser(pCL)
    static char
      acH1[] = "help]\r\n", acH2[] = "help spy mode]\r\n", acEoln[] =
 	"\r\n";
-    static STRING *acLine = (STRING *) 0;
+    static STRING *acLine = (STRING *)0;
-    if (acLine == (STRING *) 0)
+    if (acLine == (STRING *)0)
 	acLine = AllocString();
    iCmp = WHEN_ALWAYS | WHEN_SPY;
@ -470,3 +465,59 @@ HelpUser(pCL)
 	FileWrite(pCL->fd, acLine->string, -1);
    }
 }
 int
 #if PROTOTYPES
 ClientAccessOk(CONSCLIENT *pCL)
 #else
 ClientAccessOk(pCL)
    CONSCLIENT *pCL;
 #endif
 {
    char *peername = (char *)0;
    socklen_t so;
    int cfd;
    struct sockaddr_in in_port;
    int retval = 1;
    int getpeer = -1;
    cfd = FileFDNum(pCL->fd);
    pCL->caccess = 'r';
 #if defined(USE_LIBWRAP)
    {
 	struct request_info request;
 	request_init(&request, RQ_DAEMON, progname, RQ_FILE, cfd, 0);
 	fromhost(&request);
 	if (!hosts_access(&request)) {
 	    FileWrite(pCL->fd, "access from your host refused\r\n", -1);
 	    retval = 0;
 	    goto setpeer;
 	}
    }
 #endif
    so = sizeof(in_port);
    if (-1 ==
 	(getpeer = getpeername(cfd, (struct sockaddr *)&in_port, &so))) {
 	FileWrite(pCL->fd, "getpeername failed\r\n", -1);
 	retval = 0;
 	goto setpeer;
    }
    pCL->caccess = AccType(&in_port.sin_addr, &peername);
    if (pCL->caccess == 'r') {
 	FileWrite(pCL->fd, "access from your host refused\r\n", -1);
 	retval = 0;
    }
  setpeer:
    if (pCL->peername != (STRING *)0) {
 	BuildString((char *)0, pCL->peername);
 	if (peername != (char *)0)
 	    BuildString(peername, pCL->peername);
 	else if (getpeer != -1)
 	    BuildString(inet_ntoa(in_port.sin_addr), pCL->peername);
 	else
 	    BuildString("<unknown>", pCL->peername);
    }
    return retval;
 }
--- a/conserver/client.h
+++ b/conserver/client.h
@ -1,5 +1,5 @@
 /*
- *  $Id: client.h,v 5.27 2003-03-06 10:13:41-08 bryan Exp $
+ *  $Id: client.h,v 5.31 2003-08-24 13:00:50-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
@ -35,27 +35,30 @@
 */
 /* states for a server fsm
 */
-#define S_NORMAL 0		/* just pass character                          */
+typedef enum clientState {
-#define S_ESC1	 1		/* first escape character received              */
+    S_NORMAL,			/* just pass character                     */
-#define S_CMD	 2		/* second interrupt character received          */
+    S_ESC1,			/* first escape character received         */
-#define S_CATTN	 3		/* change 1 escape character to next input char */
+    S_CMD,			/* second interrupt character received     */
-#define S_CESC	 4		/* change 2 escape character to next input char */
+    S_CATTN,			/* change 1 escape char to next input char */
-#define S_HALT1	 5		/* we have a halt sequence in progress          */
+    S_CESC,			/* change 2 escape char to next input char */
-#define S_SUSP	 6		/* we are suspened, first char wakes us up      */
+    S_HALT1,			/* we have a halt sequence in progress     */
-#define S_IDENT	 7		/* probational connection (who is this)         */
+    S_SUSP,			/* we are suspened, first char wakes us up */
-#define S_HOST	 8		/* still needs a host name to connect           */
+    S_IDENT,			/* probational connection (who is this)    */
-#define S_PASSWD 9		/* still needs a passwd to connect              */
+    S_PASSWD,			/* still needs a passwd to connect         */
-#define S_QUOTE 10		/* send any character we can spell              */
+    S_QUOTE,			/* send any character we can spell         */
-#define S_BCAST 11		/* send a broadcast message to all connections  */
+    S_BCAST			/* send a broadcast message to all clients */
 } CLIENTSTATE;
 typedef struct client {		/* Connection Information:              */
    CONSFILE *fd;		/* file descriptor                      */
    short fcon;			/* currently connect or not             */
    short fwr;			/* (client) write enable flag           */
    short fwantwr;		/* (client) wants to write              */
    short fro;			/* read-only permission                 */
    short fecho;		/* echo commands (not set by machines)  */
-    STRING acid;		/* login and location of client         */
+    STRING *acid;		/* login and location of client         */
-    STRING peername;		/* location of client                   */
+    STRING *peername;		/* location of client                   */
    STRING *username;		/* login of client                      */
    time_t tym;			/* time of connect                      */
    time_t typetym;		/* time of last keystroke               */
    char actym[32];		/* pre-formatted time                   */
@ -70,10 +73,12 @@ typedef struct client {		/* Connection Information:              */
     *pCLnext;			/* next person on this list             */
    /* next lists link clients on a console */
    char ic[2];			/* two character escape sequence        */
-    char iState;		/* state for fsm in server              */
+    CLIENTSTATE iState;		/* state for fsm in server              */
    char caccess;		/* did we trust the remote machine      */
-    STRING accmd;		/* the command the user issued          */
+    IOSTATE ioState;		/* state of the socket                  */
-    STRING msg;			/* the broadcast message                */
+    time_t stateTimer;		/* timer for various ioState states */
    STRING *accmd;		/* the command the user issued          */
    STRING *msg;		/* the broadcast message                */
    struct sockaddr_in
      cnct_port;		/* where from                           */
 } CONSCLIENT;
@ -81,3 +86,4 @@ typedef struct client {		/* Connection Information:              */
 extern void Replay PARAMS((CONSFILE *, CONSFILE *, int));
 extern void HelpUser PARAMS((CONSCLIENT *));
 extern CONSCLIENT *FindWrite PARAMS((CONSCLIENT *));
 extern int ClientAccessOk PARAMS((CONSCLIENT *));
--- a/conserver/consent.c
+++ b/conserver/consent.c
--- a/conserver/consent.h
+++ b/conserver/consent.h
@ -1,5 +1,5 @@
 /*
- *  $Id: consent.h,v 5.36 2003-03-17 08:54:53-08 bryan Exp $
+ *  $Id: consent.h,v 5.46 2003-08-18 20:01:16-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
@ -46,60 +46,111 @@ typedef struct baud {		/* a baud rate table                    */
 } BAUD;
 typedef struct parity {		/* a parity bits table                  */
-    char ckey;
+    char *key;
    int iset;
    int iclr;
 } PARITY;
 typedef enum consType {
    UNKNOWN = 0,
    DEVICE,
    EXEC,
    HOST
 } CONSTYPE;
 typedef struct names {
    char *name;
    struct names *next;
 } NAMES;
 typedef struct consentUsers {
    NAMES *user;
    struct consentUsers *next;
 } CONSENTUSERS;
 /* we calloc() these things, so we're trying to make everything be
 * "empty" when it's got a zero value
 */
 typedef struct consent {	/* console information                  */
-    STRING server;		/* server name                          */
+    /*** config file settings ***/
-    STRING dfile;		/* device file                          */
+    char *server;		/* server name                          */
-    STRING lfile;		/* log file                             */
+    CONSTYPE type;		/* console type                         */
-    BAUD *pbaud;		/* the baud on this console port        */
+    NAMES *aliases;		/* aliases for server name              */
-    PARITY *pparity;		/* the parity on this line              */
+    /* type == DEVICE */
    char *device;		/* device file                          */
    BAUD *baud;			/* the baud on this console port        */
    PARITY *parity;		/* the parity on this line              */
    FLAG hupcl;			/* use HUPCL                            */
    FLAG cstopb;		/* use two stop bits                    */
    FLAG ixon;			/* XON/XOFF flow control on output      */
    FLAG ixany;			/* any character to restart output      */
    FLAG ixoff;			/* XON/XOFF flow control on input       */
 #if defined(CRTSCTS)
    FLAG crtscts;		/* use hardware flow control            */
 #endif
    /* type == HOST */
    char *host;			/* hostname                             */
    unsigned short port;	/* port number                          */
    /* type == EXEC */
    char *exec;			/* exec command                         */
    /* */
    char *master;		/* master hostname                      */
    /* */
    unsigned short breakNum;	/* break type [1-9]                     */
    /* */
    char *logfile;		/* logfile                              */
    /* timestamp stuff */
    int mark;			/* Mark (chime) interval                */
    long nextMark;		/* Next mark (chime) time               */
-    unsigned short breakType;	/* break type [1-9]                     */
+    FLAG activitylog;		/* log attach/detach/bump               */
-    unsigned short autoReUp;	/* is it coming back up automatically?  */
+    FLAG breaklog;		/* log breaks sent                      */
-    unsigned short downHard;	/* did it go down unexpectedly?         */
+    /* options */
    FLAG ondemand;		/* bring up on-demand                   */
    FLAG reinitoncc;		/* open if down on client connect       */
    FLAG striphigh;		/* strip high-bit of console data       */
    FLAG autoreinit;		/* auto-reinitialize if failed          */
    FLAG unloved;		/* copy "unloved" data to stdout        */
-    /* Used if network console */
+    /*** runtime settings ***/
    int isNetworkConsole;
    STRING networkConsoleHost;
    unsigned short networkConsolePort;
    int telnetState;
    /* used if virtual console */
    STRING acslave;		/* pseudo-device slave side             */
    int fvirtual;		/* is a pty device we use as a console  */
    STRING pccmd;		/* virtual console command              */
    pid_t ipid;			/* pid of virtual command               */
    /* only used in child */
    int nolog;			/* don't log output                     */
    CONSFILE *fdlog;		/* the local log file                   */
-    int fdtty;			/* the port to talk to machine on       */
+    CONSFILE *cofile;		/* the port to talk to machine on       */
-    int activitylog;		/* log attach/detach/bump               */
+    char *execSlave;		/* pseudo-device slave side             */
-    int breaklog;		/* log breaks sent                      */
+    int execSlaveFD;		/* fd of slave side                     */
-    unsigned short fup;		/* we setup this line?                  */
+    pid_t ipid;			/* pid of virtual command               */
-    unsigned short fronly;	/* we can only read this console        */
+    STRING *wbuf;		/* write() buffer                       */
-    struct client *pCLon;	/* clients on this console              */
+    int wbufIAC;		/* next IAC location in wbuf            */
-    struct client *pCLwr;	/* client that is writting on console   */
+    IOSTATE ioState;		/* state of the socket                  */
    time_t stateTimer;		/* timer for ioState states             */
    /*** state information ***/
    char acline[132 * 2 + 2];	/* max chars we will call a line        */
    int iend;			/* length of data stored in acline      */
    int telnetState;		/* state for telnet negotiations        */
    unsigned short autoReUp;	/* is it coming back up automatically?  */
    FLAG downHard;		/* did it go down unexpectedly?         */
    unsigned short nolog;	/* don't log output                     */
    unsigned short fup;		/* we setup this line?                  */
    unsigned short fronly;	/* we can only read this console        */
    /*** list management ***/
    struct client *pCLon;	/* clients on this console              */
    struct client *pCLwr;	/* client that is writting on console   */
    CONSENTUSERS *rw;		/* rw users                             */
    CONSENTUSERS *ro;		/* ro users                             */
    struct consent *pCEnext;	/* next console entry                   */
 } CONSENT;
-struct hostcache {
+typedef struct remote {		/* console at another host              */
-    STRING hostname;
+    struct remote *pRCnext;	/* next remote console we know about    */
-    struct hostcache *next;
+    struct remote *pRCuniq;	/* list of uniq remote servers          */
-};
+    char *rserver;		/* remote server name                   */
    char *rhost;		/* remote host to call to get it        */
    NAMES *aliases;		/* aliases for remote server name       */
 } REMOTE;
 extern PARITY *FindParity PARAMS((char *));
 extern BAUD *FindBaud PARAMS((char *));
-extern void ConsInit PARAMS((CONSENT *, fd_set *, short));
+extern void ConsInit PARAMS((CONSENT *));
-extern void ConsDown PARAMS((CONSENT *, fd_set *, short));
+extern void ConsDown PARAMS((CONSENT *, FLAG, FLAG));
-extern int CheckHostCache PARAMS((const char *));
+extern REMOTE *FindUniq PARAMS((REMOTE *));
-extern void AddHostCache PARAMS((const char *));
+extern void DestroyRemoteConsole PARAMS((REMOTE *));
 extern void ClearHostCache PARAMS((void));
 extern void ClearHostCache PARAMS((void));
--- a/conserver/conserver.man
+++ b/conserver/conserver.man
@ -1,24 +1,39 @@
 .\" @(#)conserver.8 01/06/91 OSU CIS; Thomas A. Fine
-.\" $Id: conserver.man,v 1.32 2003-04-08 14:05:59-07 bryan Exp $
+.\" $Id: conserver.man,v 1.38 2003-09-22 08:33:41-07 bryan Exp $
-.TH CONSERVER 8 "Local"
+.TH CONSERVER 8 "2003-09-22" "conserver-8.0.0" "conserver"
 .SH NAME
 conserver \- console server daemon
 .SH SYNOPSIS
-\fBconserver\fP [\fB\-7dDEFhinoRuvV\fP] [\fB\-a\fP \fItype\fP]
+.B conserver
-[\fB\-m\fP \fImax\fP]
+.RB [ \-7dDEFhinoRSuvV ]
-[\fB\-M\fP \fIaddr\fP] [\fB\-p\fP \fIport\fP] [\fB\-b\fP \fIport\fP]
+.RB [ \-a
-[\fB\-c\fP \fIcred\fP] [\fB\-C\fP \fIconfig\fP] [\fB\-P\fP \fIpasswd\fP]
+.IR type ]
-[\fB\-L\fP \fIlogfile\fP] [\fB\-O\fP \fImin\fP]
+.RB [ \-m
 .IR max ]
 .RB [ \-M
 .IR addr ]
 .RB [ \-p
 .IR port ]
 .RB [ \-b
 .IR port ]
 .RB [ \-c
 .IR cred ]
 .RB [ \-C
 .IR config ]
 .RB [ \-P
 .IR passwd ]
 .RB [ \-L
 .IR logfile ]
 .RB [ \-O
 .IR min ]
 .SH DESCRIPTION
 .B Conserver
 is the daemon that manages
 remote access to system consoles by multiple users via the
 .BR console (1)
-client program
+client program and logs all console output.
-and logs all console output.
+It can connect to consoles via local serial ports, terminal
-It can connect to consoles via local serial ports
+servers that allow network access, or to any external program.
 or terminal servers that allow network access,
 or to any external program.
 .PP
 When started,
 .B conserver
@ -28,112 +43,139 @@ file for details of each console it should manage,
 including serial port or network parameters and logging options.
 (Also, in environments where multiple servers share a cf file,
 any server is able to refer clients to the particular server
-managing a requested console,
+managing a requested console, so that the client need not have
-so that the client need not have knowledge of the
+knowledge of the distribution of consoles among servers.)
 distribution of consoles among servers.)
 .B Conserver
 forks a child for each group of consoles it must manage
 and assigns each process a port number to listen on.
 The maximum number of consoles managed by each child process is set using
-\fB-m\fP option.
+.B \-m
 option.
 The
 .BR console (1)
 client program communicates with the master console server process to find
 the port (and host, in a multi-server configuration)
 on which the appropriate child is listening.
 The master conserver process forks a new process to handle each
 incoming client connection (which should be very short-lived, since it's
 duty is to redirect the client to a child).
 .B Conserver
 restricts connections from clients based on the host access section of its
 .BR conserver.cf (5)
-and authenticates users against its
+file, restricts users based on the console access lists of the
 .BR conserver.cf (5)
 file, and authenticates
 users against its
 .BR conserver.passwd (5)
 file.
 .B Conserver
 can also restrict clients using the tcp-wrappers package (enabled
-using \fB--with-libwrap\fP).  This authentication is done before consulting
+using
 .BR --with-libwrap ).
 This authentication is done before consulting
 the
 .BR conserver.cf (5)
 access list.
 .PP
 .B Conserver
-completely controls any connection to a controlled host.
+completely controls any connection to a console.
-All escape sequences given by the user to \fBconsole\fP
+All escape sequences given by the user to
 .B console
 are passed to the server without interpretation.
 The server recognizes and processes all escape sequences,
-except the suspend sequence, which is
+The suspend sequence is recognized by the server and sent back to the
-recognized by the server and
+client as a TCP out-of-band command, which the client processes.
 sent as a TCP out-of-band command from the server to the client.
 .PP
-The \fBconserver\fP parent process will automatically respawn any child
+The
-process that dies.  The following signals are propagated by the parent
+.B conserver
-process to its children.
+parent process will automatically respawn any child process that dies.
-.TP
+The following signals are propagated by the parent process to its children.
 .TP 10
 SIGTERM
 Close all connections and exit.
 .TP
 SIGHUP
-Reread the configuration file.  New consoles are managed by
+Reread the configuration file.
-forking off new childen, deleted consoles (and their clients) are dropped,
+New consoles are managed by forking off new childen, deleted
 consoles (and their clients) are dropped,
 and changes to consoles are done "in place", resetting the console
-port (bringing it down and up) only when necessary.  The console name is
+port (bringing it down and up) only when necessary.
-used to determine when consoles have been added/removed/changed.  All 
+The console name is used to determine when consoles
-actions performed by SIGUSR2 are also performed.
+have been added/removed/changed.
 All actions performed by SIGUSR2 are also performed.
 .TP
 SIGUSR1
-Try to connect to any consoles marked as
+Try to connect to any consoles marked as down.
-down.  This can come in handy if you had a terminal server (or more)
+This can come in handy if you had a terminal server (or more)
 that wasn't accepting connections at startup and you want
-\fBconserver\fP to try to reconnect to all those downed ports.
+.B conserver
 to try to reconnect to all those downed ports.
 .TP
 SIGUSR2
 Close and reopen all console logfiles
-and, if in daemon mode (\fB\-d\fP option),
+and, if in daemon mode
-the error logfile (see the \fB\-L\fP option).  All actions performed by
+.RB ( \-d
-SIGUSR1 are also performed.
+option), the error logfile (see the
 .BR \-L
 option).
 All actions performed by SIGUSR1 are also performed.
 .PP
-Slave hosts which have no current
+Consoles which have no current client
 .BR console (1)
 connection might produce important error messages.
-With the \fB\-u\fP option, these unloved errors are labeled with a machine name
+With the
 .B \-u
 option, these ``unloved'' errors are labeled with a machine name
 and output on stdout (or, in daemon mode, to the logfile).
 This allows a live operator or an automated log scanner
 to find otherwise unseen errors by watching in a single location.
 .PP
-\fBConserver\fP must be run as root if it is to bind to a port under
+.B Conserver
-1024 or if it must read protected password files (like shadow passwords)
+must be run as root if it is to bind to a port under 1024 or if it
 must read protected password files (like shadow passwords)
 for authentication (see
 .BR conserver.passwd (5)).
-Otherwise, it may be run by any user, with \fB\-p\fP used to specify
+Otherwise, it may be run by any user, with
-a port above 1024.
+.B \-p
 used to specify a port above 1024.
 .PP
-If encryption has been built into the code (\fB--with-openssl\fP),
+If encryption has been built into the code
 .RB ( --with-openssl ),
 encrypted client connections (without certificate exchanges) happen
-by default.  To add certificate exchanges, use the \fB-c\fP option with
+by default.
-the client and server.  For authentication of the certificates to work,
+To add certificate exchanges, use the
 .B \-c
 option with the client and server.
 For authentication of the certificates to work,
 the signing certificate must be properly trusted, which usually means
-the public portion is in \fIOPENSSL_ROOT\fP\fB/ssl/certs\fP (on both
+the public portion is in
-the client and server sides).  See the sample self-signing certficate
+.IB OPENSSL_ROOT /ssl/certs
-making script \fBcontrib/maketestcerts\fP for further clues.  To allow
+(on both the client and server sides).
 See the sample self-signing certficate making script
 .B contrib/maketestcerts
 for further clues.
 To allow
 non-encrypted client connections (in addition to encrypted client
-connections), use the \fB-E\fP option.
+connections), use the
 .B \-E
 option.
 .SH OPTIONS
 .PP
-Options may be given as separate arguments (e.g., \fB\-n -d\fP)
+Options may be given as separate arguments (e.g.,
-or clustered (e.g., \fB\-nd\fP).
+.B \-n
 .BR \-d )
 or clustered (e.g.,
 .BR \-nd ).
 Options and their arguments may be separated by optional white space.
 Option arguments containing spaces or other characters special to the shell
 must be quoted.
-.TP
+.TP 12
 .B \-7
 Strip the high bit off of all data received,
-whether from the \fBconsole\fP client or from the console device,
+whether from the
-before any processing occurs.
+.B console
 client or from the console device, before any processing occurs.
 .TP
 .BI \-a type
 Set the default access type for incoming connections from
-\fBconsole\fP clients:
+.B console
 clients:
 .RB ` r '
 for refused (the default),
 .RB ` a '
@ -146,43 +188,60 @@ the access section of
 .TP
 .BI \-b port
 Set the base port for children to listen on.
-Each child starts looking for free ports at \fIport\fP
+Each child starts looking for free ports at
 .I port
 and working upward, trying a maximum number of ports
 equal to twice the maximum number of groups.
 If no free ports are available in that range,
-\fBconserver\fP exits.
+.B conserver
-By default, \fBconserver\fP lets the operating system choose
+exits.
-a free port.
+By default,
 .B conserver
 lets the operating system choose a free port.
 .TP
 .BI \-c cred
-Load an SSL certificate and key from the PEM encoded file \fIcred\fP.
+Load an SSL certificate and key from the PEM encoded file
 .IR cred .
 .TP
 .BI \-C config
-Read configuration information from the file \fIconfig\fP.
+Read configuration information from the file
-The default \fIconfig\fP may be changed at compile time using the
+.IR config .
-\fB--with-cffile\fP option.
+The default
 .I config
 may be changed at compile time using the
 .B --with-cffile
 option.
 .TP
 .B \-d
-Become a daemon.  Disconnects from the controlling terminal and sends
+Become a daemon.
-all output to the logfile (see \fB\-L\fP).
+Disconnects from the controlling terminal and sends
 all output to the logfile (see
 .BR \-L ).
 .TP
 .B \-D
-Enable debugging output, sent to stderr.  Multiple \fB-D\fP options
+Enable debugging output, sent to stderr.
-increases debug output.
+Multiple
 .B \-D
 options increases debug output.
 .TP
 .B \-E
-If encryption has been built into the code (\fB--with-openssl\fP),
+If encryption has been built into the code
-encrypted client connections are a requirement. This option allows
+.RB ( --with-openssl ),
-non-encrypted clients (as well as encrypted clients) to connect to
+encrypted client connections are a requirement.
-consoles.
+This option allows non-encrypted clients (as well as encrypted clients) to
 connect to consoles.
 .TP
 .B \-F
-Do not automatically reinitialize failed (unexpectedly closed)
+Do not automatically reinitialize failed (unexpectedly closed) consoles.
-consoles.  If the console is a program (`|' syntax) and it closes
+If the console is a program (`|' syntax) and it closes with a zero
-with a zero exit status, the console is reinitialized regardless
+exit status, the console is reinitialized regardless of this option.
-of this option.  Without this option, a console is immediately reopened,
+Without this option, a console is immediately reopened,
 and if that fails, retried every minute until successful.
-This option has no effect on the \fB-o\fP and \fB-O\fP options.
+This option has no effect on the
 .B \-o
 and
 .B \-O
 options.
 .TP
 .B \-h
 Output a brief help message.
@ -191,24 +250,34 @@ Output a brief help message.
 Initiate console connections on demand (and close them when not used).
 .TP
 .BI \-L logfile
-Log errors and informational messages to \fIlogfile\fP
+Log errors and informational messages to
-after startup in daemon mode (\fB\-d\fP).
+.I logfile
 after startup in daemon mode
 .RB ( \-d ).
 This option does not apply when not running in daemon mode.
-The default \fIlogfile\fP may be changed at compile time using the
+The default
-\fB--with-logfile\fP option.
+.I logfile
 may be changed at compile time using the
 .B --with-logfile
 option.
 .TP
 .BI \-m max
 Set the maximum consoles managed per process.
-The default \fImax\fP may be changed at compile time using the
+The default
-\fB--with-maxmemb\fP option.
+.I max
 may be changed at compile time using the
 .B --with-maxmemb
 option.
 .TP
 .BI \-M addr
-Set the address to listen on.  This allows conserver to bind to a
+Set the address to listen on.
 This allows conserver to bind to a
 particular IP address (like `127.0.0.1') instead of all interfaces.
 The default is to bind to all addresses.
 .TP
 .B \-n
-Obsolete (now a no-op); see \fB\-u\fP.
+Obsolete (now a no-op); see
 .BR \-u .
 .TP
 .B \-o
 Normally, a client connecting to a ``downed'' console does just that.
@ -216,45 +285,103 @@ Using this option, the server will automatically attempt to open
 (``bring up'') the console when the client connects.
 .TP
 .BI \-O min
-Enable periodic attempts (every \fImin\fP minutes) to open (``bring up'')
+Enable periodic attempts (every
-all downed consoles (similar to sending a SIGUSR1).
+.I min
 minutes) to open (``bring up'') all downed
 consoles (similar to sending a SIGUSR1).
 .TP
 .BI \-p port
 Set the TCP port for the master process to listen on.
 This may be either a port number or a service name.
-The default \fIport\fP, ``conserver'' (typically 782),
+The default
-may be changed at compile time using the \fB--with-port\fP option.
+.IR port ,
 ``conserver'' (typically 782),
 may be changed at compile time using the
 .B --with-port
 option.
 .TP
 .BI \-P passwd
-Read the table of authorized user data from the file \fIpasswd\fP.
+Read the table of authorized user data from the file
-The default \fIpasswd\fP may be changed at compile time using the
+.IR passwd .
-\fB--with-pwdfile\fP option.
+The default
 .I passwd
 may be changed at compile time using the
 .B --with-pwdfile
 option.
 .TP
 .B \-R
-Disable automatic client redirection to other conserver hosts.  This
+Disable automatic client redirection to other conserver hosts.
-means informational commands like \fB-w\fP and \fB-i\fP will only show
+This
-the status of the local conserver host and attempts to connect to
+means informational commands like
-remote consoles will result in an informative message to the user.
+.B \-w
 and
 .B \-i
 will only show the status of the local conserver host and attempts to
 connect to remote consoles will result in an informative message to the user.
 .TP
 .B \-S
 Do not run the server, just perform a syntax check of configuration file and
 exit with a non-zero value if there is an error.
 .TP
 .B \-u
-Send unloved console output to \fBconserver\fP's stdout
+Send unloved console output to
-(which, in daemon mode, is redirected to the logfile).
+.BR conserver 's
 stdout (which, in daemon mode, is redirected to the logfile).
 This applies to all consoles to which no user is attached,
-independent of whether logging of individual consoles is enabled
+independent of whether logging of individual consoles is enabled via
-via \fBconserver.cf\fP entries.
+.B conserver.cf
 entries.
 .TP
 .B \-v
 Echo the configuration as it is being read (be verbose).
 .TP
 .B \-V
-Output the version number and settings of the \fBconserver\fP
+Output the version number and settings of the
 .B conserver
 program and then exit.
 .SH PROTOCOL
 .PP
 The protocol used to interact with the
 .B conserver
 daemon has two basic styles.
 The first style is the initial line-based mode, which occurs before
 connecting to a console.
 The second style is the character-based, escape-sequence mode, while
 connected to a console.
 .PP
 The initial line-based mode begins the same for both the master process
 and it's children.
 Upon a successful (non-rejected) client connection, an ``ok'' is sent.
 The client then issues a command and the server responds to it with a
 result string (``ok'' being the sign of success for most commands).
 The commands available are ``help'', ``ssl'' (if
 SSL was built into the code), ``login'', and ``exit''.
 Using the ``login'' command, the client authenticates and gains access to
 the extended command set.
 This is where the master process and it's children differ.
 The master process gives the client access to global commands, and the
 child provides commands for interacting with the consoles it manages.
 The ``help'' command, in both cases, will provide a complete
 list of commands and a short description of what they do.
 .PP
 The second, character-based, style of interaction occurs when the client
 issues the ``call'' command with a child process.
 This command connects the client to a console and, at that point, relays
 all traffic between the client and the console.
 There is no more command-based interaction between the client and the server,
 any interaction with the server is done with the default escape sequence.
 .PP
 This is, by no means, a complete description of the entire client/server
 interaction.
 It is, however, a brief explanation in order to give a idea of
 what the program does.
 .SH FILES
 .PP
 The following default file locations may be overridden
 at compile time or by the command-line options described above.
-Run \fBconserver \-V\fP (with no other options) to see
+Run
-the defaults set at compile time.
+.B conserver \-V
 (with no other options) to see the defaults set at compile time.
 .PP
 .PD 0
 .TP 25
@ -278,14 +405,8 @@ Additionally, output from individual consoles may be logged
 to separate files specified in
 .BR conserver.cf (5).
 .SH BUGS
-SSL encryption only occurs when connecting to a single console, not
+I'm sure there are bugs, I just don't know where they are.
-on all client/server activity.  The \fB-q\fP/\fB-Q\fP quit command will
+Please let me know if you find any.
 pass the root password in the clear.  Other info-type
 options (like \fB-i\fP, \fB-w\fP, etc)
 are all sent unencrypted as well.  This should be fixed soon.
 .PP
 I'm sure there are more, I just don't know where they are.  Please
 let me know if you find any.
 .SH AUTHORS
 Thomas A. Fine, Ohio State Computer Science
 .br
--- a/conserver/convert.c
+++ b/conserver/convert.c
@ -0,0 +1,511 @@
 /*
 *  $Id: convert.c,v 1.7 2003-08-15 14:24:39-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
 *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
 *
 *  Copyright GNAC, Inc., 1998
 */
 /*
 * Copyright (c) 1990 The Ohio State University.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms are permitted
 * provided that: (1) source distributions retain this entire copyright
 * notice and comment, and (2) distributions including binaries display
 * the following acknowledgement:  ``This product includes software
 * developed by The Ohio State University and its contributors''
 * in the documentation or other materials provided with the distribution
 * and in all advertising materials mentioning features or use of this
 * software. Neither the name of the University nor the names of its
 * contributors may be used to endorse or promote products derived
 * from this software without specific prior written permission.
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 */
 /*
 * Network console modifications by Robert Olson, olson@mcs.anl.gov.
 */
 #include <compat.h>
 #include <util.h>
 #include <consent.h>
 #include <client.h>
 #include <group.h>
 #include <access.h>
 #include <readcfg.h>
 #include <master.h>
 #include <main.h>
 void
 DestroyDataStructures()
 {
 }
 char *
 #if PROTOTYPES
 ReadLine2(FILE *fp, STRING *save, int *iLine)
 #else
 ReadLine2(fp, save, iLine)
    FILE *fp;
    STRING *save;
    int *iLine;
 #endif
 {
    static char buf[1024];
    char *wholeline = (char *)0;
    char *ret = (char *)0;
    int i, buflen, peek, commentCheck = 1, comment = 0;
    static STRING *bufstr = (STRING *)0;
    static STRING *wholestr = (STRING *)0;
    if (bufstr == (STRING *)0)
 	bufstr = AllocString();
    if (wholestr == (STRING *)0)
 	wholestr = AllocString();
    peek = 0;
    wholeline = (char *)0;
    BuildString((char *)0, bufstr);
    BuildString((char *)0, wholestr);
    while (save->used || ((ret = fgets(buf, sizeof(buf), fp)) != (char *)0)
 	   || peek) {
 	/* If we have a previously saved line, use it instead */
 	if (save->used) {
 	    strcpy(buf, save->string);
 	    BuildString((char *)0, save);
 	}
 	if (peek) {
 	    /* End of file?  Never mind. */
 	    if (ret == (char *)0)
 		break;
 	    /* If we don't have a line continuation and we've seen
 	     * some worthy data
 	     */
 	    if (!isspace((int)buf[0]) && (wholeline != (char *)0)) {
 		BuildString((char *)0, save);
 		BuildString(buf, save);
 		break;
 	    }
 	    peek = 0;
 	}
 	if (commentCheck) {
 	    for (i = 0; buf[i] != '\000'; i++)
 		if (!isspace((int)buf[i]))
 		    break;
 	    if (buf[i] == '#') {
 		comment = 1;
 		commentCheck = 0;
 	    } else if (buf[i] != '\000') {
 		commentCheck = 0;
 	    }
 	}
 	/* Check for EOL */
 	buflen = strlen(buf);
 	if ((buflen >= 1) && (buf[buflen - 1] == '\n')) {
 	    (*iLine)++;		/* Finally have a whole line */
 /*	    if (comment == 0 && commentCheck == 0) { */
 	    /* Finish off the chunk without the \n */
 	    buf[buflen - 1] = '\000';
 	    BuildString(buf, bufstr);
 	    wholeline = BuildString(bufstr->string, wholestr);
 /*	    }*/
 	    peek = 1;
 	    comment = 0;
 	    commentCheck = 1;
 	    BuildString((char *)0, bufstr);
 	} else {
 	    /* Save off the partial chunk */
 	    BuildString(buf, bufstr);
 	}
    }
    /* If we hit the EOF and weren't peeking ahead
     * and it's not a comment
     */
    /*
       if (!peek && (ret == (char *)0) && (comment == 0) &&
       (commentCheck == 0)) {
     */
    if (!peek && (ret == (char *)0)) {
 	(*iLine)++;
 	wholeline = BuildString(bufstr->string, wholestr);
 	if (wholeline[0] == '\000')
 	    wholeline = (char *)0;
    }
    CONDDEBUG((1, "ReadLine2(): returning <%s>",
 	       (wholeline != (char *)0) ? wholeline : "<NULL>"));
    return wholeline;
 }
 /* read in the configuration file, fill in all the structs we use	(ksb)
 * to manage the consoles
 */
 void
 #if PROTOTYPES
 ReadCfg(char *pcFile, FILE *fp)
 #else
 ReadCfg(pcFile, fp)
    char *pcFile;
    FILE *fp;
 #endif
 {
    int iLine;
    unsigned char *acIn;
    static STRING *acInSave = (STRING *)0;
    char *acStart;
    static STRING *logDirectory = (STRING *)0;
    static STRING *defMark = (STRING *)0;
    int sawACL = 0;
    int printedFull = 0;
    if (defMark == (STRING *)0)
 	defMark = AllocString();
    if (logDirectory == (STRING *)0)
 	logDirectory = AllocString();
    if (acInSave == (STRING *)0)
 	acInSave = AllocString();
    BuildString((char *)0, defMark);
    BuildString((char *)0, acInSave);
    BuildString((char *)0, logDirectory);
    iLine = 0;
    while ((acIn =
 	    (unsigned char *)ReadLine2(fp, acInSave,
 				       &iLine)) != (unsigned char *)0) {
 	char *pcLine, *pcMode, *pcLog, *pcRem, *pcStart, *pcMark, *pcBreak;
 	char *pcColon;
 	acStart = PruneSpace((char *)acIn);
 	if (acStart[0] == '#') {
 	    printf("%s\n", acStart);
 	    continue;
 	}
 	if (printedFull == 0) {
 	    printf("default full {\n\trw *;\n}\n");
 	    printedFull = 1;
 	}
 	if ('%' == acStart[0] && '%' == acStart[1] && '\000' == acStart[2]) {
 	    break;
 	}
 	if ((char *)0 != (pcLine = strchr(acStart, '=')) &&
 	    ((char *)0 == (pcColon = strchr(acStart, ':')) ||
 	     pcColon > pcLine)) {
 	    *pcLine++ = '\000';
 	    acStart = PruneSpace(acStart);
 	    pcLine = PruneSpace(pcLine);
 	    if (0 == strcmp(acStart, "LOGDIR")) {
 		BuildString((char *)0, logDirectory);
 		BuildString(pcLine, logDirectory);
 		printf("default * {\n");
 		if (logDirectory->used > 1)
 		    printf("\tlogfile %s/&;\n", logDirectory->string);
 		else
 		    printf("\tlogfile \"\";\n");
 		if (defMark->used > 1)
 		    printf("\ttimestamp %s;\n", defMark->string);
 		else
 		    printf("\ttimestamp \"\";\n");
 		printf("\tinclude full;\n}\n");
 	    } else if (0 == strcmp(acStart, "TIMESTAMP")) {
 		BuildString((char *)0, defMark);
 		BuildString(pcLine, defMark);
 		printf("default * {\n");
 		if (logDirectory->used > 1)
 		    printf("\tlogfile %s/&;\n", logDirectory->string);
 		else
 		    printf("\tlogfile \"\";\n");
 		if (defMark->used > 1)
 		    printf("\ttimestamp %s;\n", defMark->string);
 		else
 		    printf("\ttimestamp \"\";\n");
 		printf("\tinclude full;\n}\n");
 	    } else if (0 == strcmp(acStart, "DOMAINHACK")) {
 	    } else if (0 == strncmp(acStart, "BREAK", 5) &&
 		       acStart[5] >= '1' && acStart[5] <= '9' &&
 		       acStart[6] == '\000') {
 		CONDDEBUG((1, "ReadCfg(): BREAK%c found with `%s'",
 			   acStart[5], pcLine));
 		if (pcLine[0] == '\000') {
 		    printf("break %c {\n\tstring \"\";\n}\n", acStart[5]);
 		} else {
 		    char *q, *p;
 		    p = pcLine;
 		    BuildTmpString((char *)0);
 		    while ((q = strchr(p, '"')) != (char *)0) {
 			*q = '\000';
 			BuildTmpString(p);
 			BuildTmpString("\\\"");
 			p = q + 1;
 			*q = '"';
 		    }
 		    q = BuildTmpString(p);
 		    printf("break %c {\n\tstring \"%s\";\n}\n", acStart[5],
 			   q);
 		}
 	    } else {
 		Error("%s(%d) unknown variable `%s'", pcFile, iLine,
 		      acStart);
 	    }
 	    continue;
 	}
 	if ((char *)0 == (pcLine = strchr(acStart, ':')) ||
 	    (char *)0 == (pcMode = strchr(pcLine + 1, ':')) ||
 	    (char *)0 == (pcLog = strchr(pcMode + 1, ':'))) {
 	    Error("%s(%d) bad config line `%s'", pcFile, iLine, acIn);
 	    continue;
 	}
 	*pcLine++ = '\000';
 	*pcMode++ = '\000';
 	*pcLog++ = '\000';
 	acStart = PruneSpace(acStart);
 	pcLine = PruneSpace(pcLine);
 	pcMode = PruneSpace(pcMode);
 	pcLog = PruneSpace(pcLog);
 	if ((char *)0 != (pcMark = strchr(pcLog, ':'))) {
 	    *pcMark++ = '\000';
 	    pcLog = PruneSpace(pcLog);
 	    pcMark = PruneSpace(pcMark);
 	    /* Skip null intervals */
 	    if (pcMark[0] == '\000')
 		pcMark = (char *)0;
 	}
 	if ((char *)0 == pcMark) {
 	    pcBreak = (char *)0;
 	} else {
 	    if ((char *)0 != (pcBreak = strchr(pcMark, ':'))) {
 		*pcBreak++ = '\000';
 		pcMark = PruneSpace(pcMark);
 		pcBreak = PruneSpace(pcBreak);
 		/* Ignore null specs */
 		if (pcMark[0] == '\000')
 		    pcMark = (char *)0;
 		if (pcBreak[0] == '\000')
 		    pcBreak = (char *)0;
 	    }
 	}
 	if ((char *)0 != (pcRem = strchr(pcLine, '@'))) {
 	    *pcRem++ = '\000';
 	    pcLine = PruneSpace(pcLine);
 	    pcRem = PruneSpace(pcRem);
 	}
 	printf("console %s {\n", acStart);
 	if (pcRem == (char *)0) {
 	    printf("\tmaster localhost;\n");
 	} else {
 	    printf("\tmaster %s;\n", pcRem);
 	}
 	/*
 	 *  Here we substitute the console name for any '&' character in the
 	 *  logfile name.  That way you can just have something like
 	 *  "/var/console/&" for each of the conserver.cf entries.
 	 */
 	if (pcLog[0] == '&' && pcLog[1] == '\000' &&
 	    logDirectory->used > 1) {
 	    /* special case where logfile name is '&' and the LOGDIR was
 	     * seen above.  in this case we just allow inheritance to
 	     * work it's magic.
 	     */
 	} else if (pcLog[0] == '\000') {
 	    printf("\tlogfile \"\";\n");
 	} else {
 	    STRING *lfile;
 	    lfile = AllocString();
 	    BuildString((char *)0, lfile);
 	    pcStart = pcLog;
 	    BuildString(pcStart, lfile);
 	    if (logDirectory->used > 1 && lfile->used > 1 &&
 		lfile->string[0] != '/') {
 		char *p;
 		BuildTmpString((char *)0);
 		p = BuildTmpString(lfile->string);
 		BuildString((char *)0, lfile);
 		BuildString(logDirectory->string, lfile);
 		BuildStringChar('/', lfile);
 		BuildString(p, lfile);
 		BuildTmpString((char *)0);
 	    }
 	    printf("\tlogfile %s;\n", lfile->string);
 	    DestroyString(lfile);
 	}
 	if (pcMark) {
 	    printf("\ttimestamp %s;\n", pcMark);
 	}
 	if (pcBreak) {
 	    int bt;
 	    bt = atoi(pcBreak);
 	    if (bt > 9 || bt < 0) {
 		Error("%s(%d) bad break spec `%d'", pcFile, iLine, bt);
 	    } else {
 		printf("\tbreak %d;\n", bt);
 	    }
 	}
 	if (pcLine[0] == '!') {
 	    pcLine = PruneSpace(pcLine + 1);
 	    printf("\ttype host;\n");
 	    printf("\thost %s;\n", pcLine);
 	    printf("\tport %s;\n", pcMode);
 	} else if ('|' == pcLine[0]) {
 	    pcLine = PruneSpace(pcLine + 1);
 	    printf("\ttype exec;\n");
 	    if (pcLine == (char *)0 || pcLine[0] == '\000')
 		printf("\texec \"\";\n");
 	    else
 		printf("\texec %s;\n", pcLine);
 	} else {
 	    char p, *t;
 	    printf("\ttype device;\n");
 	    printf("\tdevice %s;\n", pcLine);
 	    t = pcMode;
 	    while (isdigit((int)(*t))) {
 		++t;
 	    }
 	    p = *t;
 	    *t = '\000';
 	    printf("\tbaud %s;\n", pcMode);
 	    switch (p) {
 		case 'E':
 		case 'e':
 		    t = "even";
 		    break;
 		case 'M':
 		case 'm':
 		    t = "mark";
 		    break;
 		case 'N':
 		case 'n':
 		case 'P':
 		case 'p':
 		    t = "none";
 		    break;
 		case 'O':
 		case 'o':
 		    t = "odd";
 		    break;
 		case 'S':
 		case 's':
 		    t = "space";
 		    break;
 		default:
 		    Error
 			("%s(%d) unknown parity type `%c' - assuming `none'",
 			 pcFile, iLine, p);
 		    t = "none";
 		    break;
 	    }
 	    printf("\tparity %s;\n", t);
 	}
 	printf("}\n");
    }
    while ((acIn =
 	    (unsigned char *)ReadLine2(fp, acInSave,
 				       &iLine)) != (unsigned char *)0) {
 	char *pcNext;
 	char cType;
 	acStart = PruneSpace((char *)acIn);
 	if (acStart[0] == '#') {
 	    printf("%s\n", acStart);
 	    continue;
 	}
 	if ('%' == acStart[0] && '%' == acStart[1] && '\000' == acStart[2]) {
 	    break;
 	}
 	if ((char *)0 == (pcNext = strchr(acStart, ':'))) {
 	    Error("%s(%d) missing colon?", pcFile, iLine);
 	    continue;
 	}
 	do {
 	    *pcNext++ = '\000';
 	} while (isspace((int)(*pcNext)));
 	switch (acStart[0]) {
 	    case 'a':		/* allowed, allow, allows       */
 	    case 'A':
 		if (!sawACL) {
 		    sawACL = 1;
 		    printf("access * {\n");
 		}
 		printf("\tallowed %s;\n", pcNext);
 		break;
 	    case 'r':		/* rejected, refused, refuse    */
 	    case 'R':
 		if (!sawACL) {
 		    sawACL = 1;
 		    printf("access * {\n");
 		}
 		printf("\trejected %s;\n", pcNext);
 		break;
 	    case 't':		/* trust, trusted, trusts       */
 	    case 'T':
 		if (!sawACL) {
 		    sawACL = 1;
 		    printf("access * {\n");
 		}
 		printf("\ttrusted %s;\n", pcNext);
 		break;
 	    default:
 		cType = ' ';
 		Error("%s(%d) unknown access key `%s'", pcFile, iLine,
 		      acStart);
 		break;
 	}
    }
    if (sawACL) {
 	printf("}\n");
    }
 }
 int
 #if PROTOTYPES
 main(int argc, char **argv)
 #else
 main(argc, argv)
    int argc;
    char **argv;
 #endif
 {
    char *pcFile;
    FILE *fp;
    progname = "convert";
    fDebug = 0;
    if (argc != 2) {
 	Error("Usage: convert old-conserver.cf");
 	return 1;
    }
    pcFile = argv[1];
    if ((fp = fopen(pcFile, "r")) == (FILE *)0) {
 	Error("fopen(%s): %s", pcFile, strerror(errno));
 	return 1;
    }
    ReadCfg(pcFile, fp);
    return 0;
 }
--- a/conserver/fallback.c
+++ b/conserver/fallback.c
@ -1,5 +1,5 @@
 /*
- *  $Id: fallback.c,v 5.53 2003-03-17 08:27:34-08 bryan Exp $
+ *  $Id: fallback.c,v 5.58 2003-08-15 08:18:26-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
@ -14,78 +14,31 @@
 * Mike Rowan (mtr@mace.cc.purdue.edu)
 */
 #include <config.h>
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/file.h>
 #include <fcntl.h>
 #include <sys/socket.h>
 #include <sys/errno.h>
 #include <netinet/in.h>
 #include <syslog.h>
 #include <signal.h>
 #include <netdb.h>
 #include <stdio.h>
 #include <ctype.h>
 #include <compat.h>
 #include <util.h>
 #if defined(_AIX)
 /*
- * get a pty for the user (emulate the neato sequent call)		(mm)
+ * get a pty for the user
 *
 * this has been revamped rather heavily for 8.0.0.  i've taken ideas
 * from the xemacs and openssh distributions to get code that *should*
 * work on systems i have no access to.  thanks to those reference
 * packages, i think things are ok...hopefully it's true!
 */
 static int
 #if PROTOTYPES
-GetPseudoTTY(STRING * slave, STRING * master)
+GetPseudoTTY(STRING *slave, int *slaveFD)
 #else
-GetPseudoTTY(slave, master)
+GetPseudoTTY(slave, slaveFD)
    STRING *slave;
-    STRING *master;
+    int *slaveFD;
 #endif
 {
-    int fd;
+#if HAVE_OPENPTY
-    char *pcName;
+    int fd = -1;
-
+    int sfd = -1;
-    if (0 > (fd = open("/dev/ptc", O_RDWR | O_NDELAY, 0))) {
+    int opty = 0;
 	return -1;
    }
    if ((char *)0 == (pcName = ttyname(fd))) {
 	return -1;
    }
    BuildString((char *)0, slave);
    BuildString(pcName, slave);
    BuildString((char *)0, master);
    BuildString(pcName, master);
    master->string[7] = 'c';
    return fd;
 }
 #else
 #if defined(HAVE_PTSNAME) && defined(HAVE_GRANTPT) && defined(HAVE_UNLOCKPT)
 #if defined(linux)
 extern char *ptsname();
 extern int grantpt();
 extern int unlockpt();
 #endif
 /* get a pty for the user -- emulate the neato sequent call under	(gregf)
 * DYNIX/ptx v4.0
 */
 static int
 #if PROTOTYPES
 GetPseudoTTY(STRING * slave, STRING * master)
 #else
 GetPseudoTTY(slave, master)
    STRING *slave;
    STRING *master;
 #endif
 {
    int fd;
    char *pcName;
 #if HAVE_SIGACTION
    sigset_t oldmask, newmask;
@ -93,9 +46,6 @@ GetPseudoTTY(slave, master)
    extern RETSIGTYPE FlagReapVirt PARAMS((int));
 #endif
    if (0 > (fd = open("/dev/ptmx", O_RDWR, 0))) {
 	return -1;
    }
 #if HAVE_SIGACTION
    sigemptyset(&newmask);
    sigaddset(&newmask, SIGCHLD);
@ -106,7 +56,7 @@ GetPseudoTTY(slave, master)
    SimpleSignal(SIGCHLD, SIG_DFL);
 #endif
-    grantpt(fd);		/* change permission of slave */
+    opty = openpty(&fd, &sfd, NULL, NULL, NULL);
 #if HAVE_SIGACTION
    if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0)
@ -116,52 +66,121 @@ GetPseudoTTY(slave, master)
    SimpleSignal(SIGCHLD, FlagReapVirt);
 #endif
-    unlockpt(fd);		/* unlock slave */
+    if (opty != 0) {
-    BuildString((char *)0, master);
+	if (fd >= 0)
-    if ((char *)0 == (pcName = ttyname(fd))) {
+	    close(fd);
-	BuildString("/dev/ptmx", master);
+	if (sfd >= 0)
-    } else {
+	    close(sfd);
-	BuildString(pcName, master);
+	return -1;
    }
    if ((char *)0 == (pcName = ttyname(sfd))) {
 	close(fd);
 	close(sfd);
 	return -1;
    }
    BuildString((char *)0, slave);
    BuildString(pcName, slave);
-    if ((char *)0 == (pcName = ptsname(fd))) {
+    *slaveFD = sfd;
    return fd;
 #else
 #if (HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT) || defined(_AIX)
    int fd = -1;
    int sfd = -1;
    char *pcName;
 #if HAVE_SIGACTION
    sigset_t oldmask, newmask;
 #else
    extern RETSIGTYPE FlagReapVirt PARAMS((int));
 #endif
    int c;
    /* clone list and idea stolen from xemacs distribution */
    static char *clones[] = {
 	"/dev/ptmx",		/* Various systems */
 	"/dev/ptm/clone",	/* HPUX */
 	"/dev/ptc",		/* AIX */
 	"/dev/ptmx_bsd",	/* Tru64 */
 	(char *)0
    };
    /* try to find the pty allocator */
    for (c = 0; clones[c] != (char *)0; c++) {
 	if ((fd = open(clones[c], O_RDWR, 0)) >= 0)
 	    break;
    }
    if (fd < 0)
 	return -1;
 #if HAVE_SIGACTION
    sigemptyset(&newmask);
    sigaddset(&newmask, SIGCHLD);
    if (sigprocmask(SIG_BLOCK, &newmask, &oldmask) < 0)
 	Error("GetPseudoTTY(): sigprocmask(SIG_BLOCK): %s",
 	      strerror(errno));
 #else
    SimpleSignal(SIGCHLD, SIG_DFL);
 #endif
 #if HAVE_GRANTPT
    grantpt(fd);		/* change permission of slave */
 #endif
 #if HAVE_SIGACTION
    if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0)
 	Error("GetPseudoTTY(): sigprocmask(SIG_SETMASK): %s",
 	      strerror(errno));
 #else
    SimpleSignal(SIGCHLD, FlagReapVirt);
 #endif
 #if HAVE_UNLOCKPT
    unlockpt(fd);		/* unlock slave */
 #endif
 #if defined(_AIX)
    if ((pcName = ttyname(fd)) == (char *)0) {
 	close(fd);
 	return -1;
    }
 #else
 # if HAVE_PTSNAME
    if ((pcName = ptsname(fd)) == (char *)0) {
 	close(fd);
 	return -1;
    }
 # else
    close(fd);
    return -1;
 # endif
 #endif
    /* go ahead and open the slave */
    if ((sfd = open(pcName, O_RDWR, 0)) < 0) {
 	Error("GetPseudoTTY(): open(%s): %s", pcName, strerror(errno));
 	close(fd);
 	return -1;
    }
    BuildString((char *)0, slave);
    BuildString(pcName, slave);
    *slaveFD = sfd;
    return fd;
 }
 #else
-/*
+    /*
- * Below is the string for finding /dev/ptyXX.  For each architecture we
+     * Below is the string for finding /dev/ptyXX.  For each architecture we
- * leave some pty's world writable because we don't have source for
+     * leave some pty's world writable because we don't have source for
- * everything that uses pty's.  For the most part, we'll be trying to
+     * everything that uses pty's.  For the most part, we'll be trying to
- * make /dev/ptyq* the "free" pty's.
+     * make /dev/ptyq* the "free" pty's.
- */
+     */
-
+    /* all the world's a vax ;-) */
-/* all the world's a vax ;-) */
+    static char charone[] = "prstuvwxyzPQRSTUVWq";
-static char charone[] = "prstuvwxyzPQRSTUVWq";
+    static char chartwo[] =
-static char chartwo[] =
+	"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
    "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 /*
 * get a pty for the user (emulate the neato sequent call)		(ksb)
 */
 static int
 #if PROTOTYPES
 GetPseudoTTY(STRING * slave, STRING * master)
 #else
 GetPseudoTTY(slave, master)
    STRING *slave;
    STRING *master;
 #endif
 {
    static char acMaster[] = "/dev/ptyXX";
    static char acSlave[] = "/dev/ttyXX";
    static char *pcOne = charone, *pcTwo = chartwo;
-    int fd, iLoop, iIndex = sizeof("/dev/pty") - 1;
+    int fd, sfd, iLoop, iIndex = sizeof("/dev/pty") - 1;
    char *pcOld1;
    struct stat statBuf;
@ -203,41 +222,47 @@ GetPseudoTTY(slave, master)
 	break;
    }
-    BuildString((char *)0, master);
+    /* go ahead and open the slave */
-    BuildString(acMaster, master);
+    if ((sfd = open(acSlave, O_RDWR, 0)) < 0) {
 	Error("GetPseudoTTY(): open(%s): %s", acSlave, strerror(errno));
 	close(fd);
 	return -1;
    }
    BuildString((char *)0, slave);
    BuildString(acSlave, slave);
    *slaveFD = sfd;
    return fd;
 #endif /* (HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT) || defined(_AIX) */
 #endif /* HAVE_OPENPTY */
 }
 #endif
 #endif /* _AIX */
 /*
- * get a Joe pty bacause the daemon is not with us, sadly.		(ksb)
+ * get a pty using the GetPseudoTTY code above
 */
 int
 #if PROTOTYPES
-FallBack(STRING * pcSlave, STRING * pcMaster)
+FallBack(char **slave, int *sfd)
 #else
-FallBack(pcSlave, pcMaster)
+FallBack(slave, sfd)
-    STRING *pcSlave, *pcMaster;
+    char **slave;
    int *sfd;
 #endif
 {
    int fd;
-    static STRING *pcTSlave = (STRING *) 0;
+    static STRING *pcTSlave = (STRING *)0;
    static STRING *pcTMaster = (STRING *) 0;
-    if (pcTSlave == (STRING *) 0)
+    if (pcTSlave == (STRING *)0)
 	pcTSlave = AllocString();
    if (pcTMaster == (STRING *) 0)
 	pcTMaster = AllocString();
-    if (-1 == (fd = GetPseudoTTY(pcTSlave, pcTMaster))) {
+    if ((fd = GetPseudoTTY(pcTSlave, sfd)) == -1) {
 	return -1;
    }
-    BuildString((char *)0, pcSlave);
+    if ((*slave) != (char *)0)
-    BuildString(pcTSlave->string, pcSlave);
+	free(*slave);
-    BuildString((char *)0, pcMaster);
+    if (((*slave) = strdup(pcTSlave->string))
-    BuildString(pcTMaster->string, pcMaster);
+	== (char *)0)
 	OutOfMem();
    return fd;
 }
--- a/conserver/group.c
+++ b/conserver/group.c
--- a/conserver/group.h
+++ b/conserver/group.h
@ -1,5 +1,5 @@
 /*
- *  $Id: group.h,v 5.31 2003-03-17 08:43:20-08 bryan Exp $
+ *  $Id: group.h,v 5.38 2003-09-19 08:58:18-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
@ -45,7 +45,6 @@ typedef struct grpent {		/* group info                           */
    unsigned short port;	/* port group listens on                */
    pid_t pid;			/* pid of server for group              */
    int imembers;		/* number of consoles in this group     */
    fd_set rinit;		/* descriptor list                      */
    CONSENT *pCElist;		/* list of consoles in this group       */
    CONSENT *pCEctl;		/* our control `console'                */
    CONSCLIENT *pCLall;		/* all clients to scan after select     */
@ -55,10 +54,20 @@ typedef struct grpent {		/* group info                           */
 extern void Spawn PARAMS((GRPENT *));
 extern int CheckPass PARAMS((char *, char *));
-extern void TagLogfile PARAMS((const CONSENT *, const char *, ...));
+extern void TagLogfile PARAMS((const CONSENT *, char *, ...));
-extern void TagLogfileAct PARAMS((const CONSENT *, const char *, ...));
+extern void TagLogfileAct PARAMS((const CONSENT *, char *, ...));
 extern void CleanupBreak PARAMS((short));
 extern void DestroyGroup PARAMS((GRPENT *));
 extern void DestroyConsent PARAMS((GRPENT *, CONSENT *));
 extern void SendClientsMsg PARAMS((CONSENT *, char *));
 extern void ResetMark PARAMS((void));
 extern void DestroyConsentUsers PARAMS((CONSENTUSERS **));
 extern CONSENTUSERS *ConsentFindUser PARAMS((CONSENTUSERS *, char *));
 extern void DisconnectClient
 PARAMS((GRPENT *, CONSCLIENT *, char *, FLAG));
 extern int ClientAccess PARAMS((CONSENT *, char *));
 extern void DestroyClient PARAMS((CONSCLIENT *));
 extern int CheckPasswd PARAMS((CONSCLIENT *, char *));
 #if HAVE_OPENSSL
 extern int AttemptSSL PARAMS((CONSCLIENT *));
 #endif
--- a/conserver/main.c
+++ b/conserver/main.c
--- a/conserver/main.h
+++ b/conserver/main.h
@ -1,5 +1,5 @@
 /*
- *  $Id: main.h,v 5.45 2003-03-09 15:20:43-08 bryan Exp $
+ *  $Id: main.h,v 5.49 2003-06-15 19:50:28-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
@ -37,24 +37,18 @@
 /* program options and stuff
 */
 extern char rcsid[];
-extern int fAll, fSoftcar, fNoinit, fInteractive, fStrip, fDaemon, fReopen,
+extern int fAll, fNoinit, fInteractive, fStrip, fDaemon, fReopen,
-    fReopenall, fNoautoreup, fNoredir;
+    fNoautoreup, fSyntaxOnly;
 extern char chDefAcc;
 extern in_addr_t bindAddr;
 extern unsigned short bindPort, bindBasePort;
 extern char *pcLogfile;
 extern char *pcConfig;
 extern char *pcPasswd;
 extern STRING *defaultShell;
 extern int cMaxMemb;
 extern struct sockaddr_in in_port;
 extern char acMyHost[];
 extern struct in_addr acMyAddr;
 extern int domainHack;
 extern int isMaster;
 extern CONFIG *optConf;
 extern CONFIG *config;
 #if HAVE_OPENSSL
 extern SSL_CTX *ctx;
 extern int fReqEncryption;
 #endif
 extern void ReopenLogfile PARAMS((void));
 extern void DumpDataStructures PARAMS((void));
--- a/conserver/master.c
+++ b/conserver/master.c
--- a/conserver/readcfg.c
+++ b/conserver/readcfg.c
--- a/conserver/readcfg.h
+++ b/conserver/readcfg.h
@ -1,50 +1,46 @@
 /*
- *  $Id: readcfg.h,v 5.23 2003-03-06 10:13:41-08 bryan Exp $
+ *  $Id: readcfg.h,v 5.31 2003-08-21 15:02:16-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
 *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
 *
 *  Copyright GNAC, Inc., 1998
 */
-/*
+typedef struct config {
- * Copyright 1992 Purdue Research Foundation, West Lafayette, Indiana
+    STRING *name;
- * 47907.  All rights reserved.
+    char defaultaccess;
- *
+    FLAG daemonmode;
- * Written by Kevin S Braunsdorf, ksb@cc.purdue.edu, purdue!ksb
+    char *logfile;
- *
+    char *passwdfile;
- * This software is not subject to any license of the American Telephone
+    char *primaryport;
- * and Telegraph Company or the Regents of the University of California.
+    FLAG redirect;
- *
+    int reinitcheck;
- * Permission is granted to anyone to use this software for any purpose on
+    char *secondaryport;
- * any computer system, and to alter it and redistribute it freely, subject
+#if HAVE_OPENSSL
- * to the following restrictions:
+    char *sslcredentials;
- *
+    FLAG sslrequired;
- * 1. Neither the authors nor Purdue University are responsible for any
+#endif
- *    consequences of the use of this software.
+} CONFIG;
 *
 * 2. The origin of this software must not be misrepresented, either by
 *    explicit claim or by omission.  Credit to the authors and Purdue
 *    University must appear in documentation and sources.
 *
 * 3. Altered versions must be plainly marked as such, and must not be
 *    misrepresented as being the original software.
 *
 * 4. This notice may not be removed or altered.
 */
-/* we read in which hosts to trust and which ones we proxy for
+typedef struct breaks {
- * from a file, into these structures
+    STRING *seq;
- */
+    int delay;
 } BREAKS;
-extern GRPENT *pGroups;		/* group info                   */
+extern NAMES *userList;		/* user list */
 extern GRPENT *pGroups;		/* group info */
 extern REMOTE *pRCList;		/* list of remote consoles we know about */
 extern REMOTE *pRCUniq;		/* list of uniq console servers */
-extern ACCESS *pACList;		/* `who do you love' (or trust)         */
+extern ACCESS *pACList;		/* `who do you love' (or trust) */
-extern STRING *breakList;	/* list of break sequences              */
+extern CONSENTUSERS *pADList;	/* list of admin users */
 extern BREAKS breakList[9];	/* list of break sequences */
 extern CONFIG *pConfig;		/* settings seen by config parser */
 extern void ReadCfg PARAMS((char *, FILE *));
-extern char *PruneSpace PARAMS((char *));
+extern void ReReadCfg PARAMS((int));
 extern void ReReadCfg PARAMS((void));
 extern void DestroyBreakList PARAMS((void));
 extern void DestroyUserList PARAMS((void));
 extern void DestroyConfig PARAMS((CONFIG *));
 extern NAMES *FindUserList PARAMS((char *));
 extern NAMES *AddUserList PARAMS((char *));
 extern CONSENT *FindConsoleName PARAMS((CONSENT *, char *));
--- a/conserver/util.c
+++ b/conserver/util.c
--- a/conserver/util.h
+++ b/conserver/util.h
@ -1,5 +1,5 @@
 /*
- *  $Id: util.h,v 1.41 2003-03-08 08:39:57-08 bryan Exp $
+ *  $Id: util.h,v 1.52 2003-08-23 11:06:35-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
@ -34,6 +34,24 @@ enum consFileType {
    nothing
 };
 typedef enum IOState {
    ISDISCONNECTED = 0,
    INCONNECT,
    ISNORMAL,
 #if HAVE_OPENSSL
    INSSLACCEPT,
    INSSLSHUTDOWN,
 #endif
    ISFLUSHING
 } IOSTATE;
 typedef enum flag {
    FLAGUNKNOWN = 0,
    FLAGTRUE,
    FLAGFALSE
 } FLAG;
 typedef struct dynamicString {
    char *string;
    int used;
@ -46,18 +64,27 @@ typedef struct consFile {
    /* Standard socket type stuff */
    enum consFileType ftype;
    int fd;
    STRING *wbuf;
 #if HAVE_OPENSSL
    /* SSL stuff */
    SSL *ssl;
-    int waitonWrite;
+    FLAG waitForWrite;
-    int waitonRead;
+    FLAG waitForRead;
 #endif
    /* Add crypto stuff to suit */
 } CONSFILE;
-extern int isMultiProc, fDebug, fVerbose;
+extern int isMultiProc, fDebug, fVerbose, fErrorPrinted;
 extern char *progname;
 extern pid_t thepid;
 #define MAXHOSTNAME 1024
 extern char myHostname[];
 extern struct in_addr *myAddrs;
 extern fd_set rinit;
 extern fd_set winit;
 extern int maxfd;
 extern int debugLineNo;
 extern char *debugFileName;
 extern const char *StrTime PARAMS((time_t *));
 extern void Debug PARAMS((int, char *, ...));
@ -72,9 +99,9 @@ extern CONSFILE *FileOpenFD PARAMS((int, enum consFileType));
 extern CONSFILE *FileOpen PARAMS((const char *, int, int));
 extern int FileClose PARAMS((CONSFILE **));
 extern int FileRead PARAMS((CONSFILE *, void *, int));
-extern int FileWrite PARAMS((CONSFILE *, const char *, int));
+extern int FileWrite PARAMS((CONSFILE *, char *, int));
-extern void FileVWrite PARAMS((CONSFILE *, const char *, va_list));
+extern void FileVWrite PARAMS((CONSFILE *, char *, va_list));
-extern void FilePrint PARAMS((CONSFILE *, const char *, ...));
+extern void FilePrint PARAMS((CONSFILE *, char *, ...));
 extern int FileStat PARAMS((CONSFILE *, struct stat *));
 extern int FileSeek PARAMS((CONSFILE *, off_t, int));
 extern int FileSend PARAMS((CONSFILE *, const void *, size_t, int));
@ -85,6 +112,9 @@ extern char *BuildTmpString PARAMS((const char *));
 extern char *BuildTmpStringChar PARAMS((const char));
 extern char *BuildString PARAMS((const char *, STRING *));
 extern char *BuildStringChar PARAMS((const char, STRING *));
 extern char *BuildStringPrint PARAMS((STRING *, char *, ...));
 extern char *BuildStringN PARAMS((const char *, int, STRING *));
 extern char *ShiftString PARAMS((STRING *, int));
 extern void InitString PARAMS((STRING *));
 extern void DestroyString PARAMS((STRING *));
 extern void DestroyStrings PARAMS((void));
@ -94,8 +124,16 @@ extern enum consFileType FileGetType PARAMS((CONSFILE *));
 extern void FileSetType PARAMS((CONSFILE *, enum consFileType));
 extern void Bye PARAMS((int));
 extern void DestroyDataStructures PARAMS((void));
 extern int IsMe PARAMS((char *));
 extern char *PruneSpace PARAMS((char *));
 extern int FileCanRead PARAMS((CONSFILE *, fd_set *, fd_set *));
 extern int FileCanWrite PARAMS((CONSFILE *, fd_set *, fd_set *));
 extern int FileBufEmpty PARAMS((CONSFILE *));
 extern int SetFlags PARAMS((int, int, int));
 #if HAVE_OPENSSL
 extern SSL *FileGetSSL PARAMS((CONSFILE *));
 extern void FileSetSSL PARAMS((CONSFILE *, SSL *));
 extern int SSLVerifyCallback PARAMS((int, X509_STORE_CTX *));
 extern int FileSSLAccept PARAMS((CONSFILE *));
 extern int FileCanSSLAccept PARAMS((CONSFILE *, fd_set *, fd_set *));
 #endif
--- a/conserver/version.h
+++ b/conserver/version.h
@ -1,5 +1,5 @@
 /*
- *  $Id: version.h,v 1.42 2003-04-08 16:19:19-07 bryan Exp $
+ *  $Id: version.h,v 1.46 2003-09-22 10:41:28-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
@ -14,4 +14,4 @@
@(#) Copyright 2000 conserver.com.\n\
 All rights reserved.\n"
-#define THIS_VERSION "conserver.com version 7.2.7"
+#define THIS_VERSION "conserver.com version 8.0.0"
--- a/console/Makefile.in
+++ b/console/Makefile.in
@ -25,7 +25,7 @@ LIBS	= @LIBS@
 ### Makefile rules - no user-servicable parts below
-CONSOLE_OBJS = console.o ../conserver/util.o
+CONSOLE_OBJS = console.o getpassword.o ../conserver/util.o
 CONSOLE_HDRS = ../config.h $(top_srcdir)/compat.h $(top_srcdir)/conserver/port.h
 ALL = console
--- a/console/console.c
+++ b/console/console.c
--- a/console/console.man
+++ b/console/console.man
@ -1,22 +1,50 @@
-.\" $Id: console.man,v 1.25 2003-03-04 07:53:03-08 bryan Exp $
+.\" $Id: console.man,v 1.33 2003-09-22 08:21:31-07 bryan Exp $
-.TH CONSOLE 1 "Local"
+.TH CONSOLE 1 "2003-09-22" "conserver-8.0.0" "conserver"
 .SH NAME
 console \- console server client program
 .SH SYNOPSIS
-\fBconsole\fP [\fB\-aAEfFGsS\fP] [\fB\-7Dv\fP]
+.B console
-[\fB\-c\fP \fIcred\fP] [\fB\-M\fP \fImach\fP]
+.RB [ \-aAEfFsS ]
-[\fB\-p\fP \fIport\fP] [\fB\-e\fP \fIesc\fP] [\fB\-l\fP \fIuser\fP]
+.RB [ \-7Dv ]
-\fIconsole\fP
+.RB [ \-c
 .IR cred ]
 .BR [ \-M
 .IR mach ]
 .BR [ \-p
 .IR port ]
 .BR [ \-e
 .IR esc ]
 .BR [ \-l
 .IR user ]
 .I console
 .br
-\fBconsole\fP [\fB\-hiIPrRuVwWx\fP] [\fB\-7Dv\fP] [\fB\-M\fP \fImach\fP]
+.B console
-[\fB\-p\fP \fIport\fP] [\fB\-\fP[\fBbB\fP] \fImessage\fP]
+.RB [ \-hiIPrRuVwWx ]
 .RB [ \-7Dv ]
 .RB [ \-M
 .IR mach ]
 .RB [ \-p
 .IR port ]
 .RB [ \-d
 .RI [ user ][\fB@\fP console ]]
 .RB [ \- [ bB ]
 .IR message ]
 .RB [ \-t
 .RI [ user ][\fB@\fP console ]
 .IR message ]
 .br
-\fBconsole\fP [\fB\-qQ\fP] [\fB\-7Dv\fP] [\fB\-M\fP \fImach\fP]
+.B console
-[\fB\-p\fP \fIport\fP]
+.RB [ \-qQ ]
 .RB [ \-7Dv ]
 .RB [ \-M
 .IR mach ]
 .RB [ \-p
 .IR port ]
 .SH DESCRIPTION
 .B Console
 is used to manipulate console terminals remotely or to poll running
-\fBconserver\fP(8) daemons for status information.
+.BR conserver (8)
 daemons for status information.
 .PP
 In the first form above,
 .B console
@ -33,39 +61,39 @@ outputs only the requested information and exits.
 .B Console
 knows only of a primary
 .B conserver
-host
+host (see the
-(see the \fB\-M\fP option below),
+.B \-M
-to which it initially connects.
+option below), to which it initially connects.
 In a multi-server environment, the primary server may refer
 the client to a different server handling the requested console,
-or it will provide a list of all servers if required
+or it will provide a list of all servers if required (as when
 (as when
 .B console
 is invoked with the
-.RB ` \-r '
+.B \-r
 option).
 .B Console
 then opens connections to the appropriate server(s).
 It is not necessary for the user of
 .B console
-to know which server manages which consoles,
+to know which server manages which consoles, as long as
 as long as
 .B console
 knows a valid primary server
 and all available consoles are listed in the primary server's
 configuration file.
 .SH OPTIONS
 .PP
-Options may be given as separate arguments (e.g., \fB\-v -w\fP)
+Options may be given as separate arguments (e.g.,
-or clustered (e.g., \fB\-vw\fP).
+.B \-v
 .BR \-w )
 or clustered (e.g.,
 .BR \-vw ).
 Options and their arguments may be separated by optional white space.
 Option arguments containing spaces or other characters special to the shell
 must be quoted.
-.TP
+.TP 11
 .B \-7
-Strip the high bit off of all data received,
+Strip the high bit off of all data received, whether from user
-whether from user input or from the server,
+input or from the server, before any processing occurs.
 before any processing occurs.
 Disallows escape sequence characters with the high bit set.
 .TP
 .B \-a
@ -73,35 +101,63 @@ Access a console with a two-way (read-write) connection (this is the default).
 The connection is dropped to spy mode if someone else is attached read-write.
 .TP
 .BI \-b message
-Broadcast a \fImessage\fP to all users connected to each server.
+Broadcast a
 .I message
 to all users connected to each server.
 .TP
 .BI \-B message
-Same as \fB\-b\fP but just send a \fImessage\fP to users on the primary server.
+Same as
 .B \-b
 but just send a
 .I message
 to users on the primary server.
 .TP
 .BI \-c cred
-Load an SSL certificate and key from the PEM encoded file \fIcred\fP.
+Load an SSL certificate and key from the PEM encoded file
 .IR cred .
 .TP
 .B \-d
 Disconnect the users specified by
 .IR user @ console .
 You may specify the target as
 .I user
 (disconnect the
 .IR user,
 regardless of what console they are attached to),
 .RI @ console
 (disconnect all users attached to
 .IR console ),
 or
 .IR user @ console
 (disconnect the
 .I user
 attached to
 .IR console ).
 .TP
 .B \-D
 Enable debugging output.
 .TP
 .BI \-e esc
-Set the initial two-character escape sequence to
+Set the initial two-character escape sequence to those represented by
-those represented by \fIesc\fP.
+.IR esc .
-Any of the forms output by \fBcat\fP(1)'s \-\fBv\fP option
+Any of the forms output by
-are accepted.  The default value is ``\fB^Ec\fP''.
+.BR cat (1)'s
 .B \-v
 option are accepted.
 The default value is
 .RB `` ^Ec ''.
 .TP
 .B \-E
-If encryption has been built into the code (\fB--with-openssl\fP), encrypted
+If encryption has been built into the code
-client connections are a requirement. This option allows the client to
+.RB ( --with-openssl ),
-connect to a console over a non-encrypted connection.
+encrypted client connections are a requirement.
 This option allows the client to connect to a console
 over a non-encrypted connection.
 .TP
 .B \-f
-Same as \fB\-a\fP except it will force any existing connection into spy mode.
+Same as
-.TP
+.B \-a
-.B \-G
+except it will force any existing connection into spy mode.
 Request a raw connection to the group control virtual console;
 this is only useful for learning the protocol used by the
 interactive sequence.
 .TP
 .B \-h
 Display a brief help message.
@ -110,54 +166,103 @@ Display a brief help message.
 Display information in a machine-parseable format (see below for the details).
 .TP
 .B \-I
-Same as \fB\-i\fP but just acts on the primary server.
+Same as
 .B \-i
 but just acts on the primary server.
 .TP
 .BI \-l user
-Set the login name used for authentication to \fIuser\fP.
+Set the login name used for authentication to
-By default, \fBconsole\fP uses $USER if its uid matches the user's real uid,
+.IR user .
 By default,
 .B console
 uses $USER if its uid matches the user's real uid,
 or $LOGNAME if its uid matches the user's real uid,
 or else the name associated with the user's real uid.
 .TP
 .BI \-M mach
-The \fBconsole\fP client program polls \fImach\fP as the primary server,
+The
-rather than the default set at compile time (typically ``\fBconsole\fP'').
+.B console
-The default \fImach\fP may be changed at compile time using the
+client program polls
-\fB--with-master\fP option.
+.I mach
 as the primary server,
 rather than the default set at compile time (typically
 .RB `` console '').
 The default
 .I mach
 may be changed at compile time using the
 .B --with-master
 option.
 .TP
 .BI \-p port
-Set the port to connect to.  This may be either a port number
+Set the port to connect to.
-or a service name.  The default \fIport\fP may be changed at compile time
+This may be either a port number
-using the \fB--with-port\fP option.
+or a service name.
 The default
 .I port
 may be changed at compile time
 using the
 .B --with-port
 option.
 .TP
 .B \-P
 Display the pid of the master daemon process on each server.
 .TP
 .B \-q
-The \fBconsole\fP client connects to each server to request that the
+The
-server daemon quit (shut down).  The root password of the host(s)
+.B console
-running conserver is required unless the local host is listed as
+client connects to each server to request that the
-``trusted'' in the conserver.cf file; in that case, just
+server daemon quit (shut down).
-press <return>.
+The root password of the host(s) running conserver is required
 unless the local host is listed as ``trusted'' in the
 conserver.cf file; in that case, just press <return>.
 .TP
 .B \-Q
-Same as \fB\-q\fP but just acts on the primary server.
+Same as
 .B \-q
 but just acts on the primary server.
 .TP
 .B \-r
-Display daemon versions.  The \fBconsole\fP client connects to each
+Display daemon versions.
 The
 .B console
 client connects to each
 server to request its version information.
 .TP
 .B \-R
-Same as \fB\-r\fP but just acts on the primary server.
+Same as
 .B \-r
 but just acts on the primary server.
 .TP
 .B \-s
 Request a read-only (spy mode) connection.
 In this mode all the escape sequences (below) work, or report errors,
 but all other keyboard input is discarded.
 .TP
 .B \-t
 Send a text
 .I message
 to
 .IR user @ console .
 You may specify the target as
 .I user
 (send to
 .IR user,
 regardless of what console they are attached to),
 .RI @ console
 (send to all users attached to
 .IR console ),
 or
 .IR user @ console
 (send to
 .I user
 attached to
 .IR console ).
 .TP
 .B \-u
 Show a list of all consoles with status (`up' or `down')
-and attached users (\fIuser\fP@\fIhost\fP if attached read-write,
+and attached users
-`<spies>' if only users in spy mode, or `<none>').
+.RI ( user @ host
 if attached read-write, `<spies>' if only users in spy mode, or `<none>').
 .TP
 .B \-v
 Be more verbose when building the connection(s).
@ -170,77 +275,101 @@ and then exit.
 .TP
 .B \-w
 Show a list of all who are currently connected to consoles,
-including the hostnames where the \fBconsole\fP connections originate
+including the hostnames where the
-and the idle times.  This is useful to see if anybody is actively
+.B console
 connections originate and the idle times.
 This is useful to see if anybody is actively
 using the console system if it becomes necessary to shut down
-\fBconserver\fP.
+.BR conserver .
 .TP
 .B \-W
-Same as \fB\-w\fP but just acts on the primary server.
+Same as
 .B \-w
 but just acts on the primary server.
 .TP
 .B \-x
 Show a list of consoles and devices.
 .PP
-The \fB\-A\fP, \fB\-F\fP, or \fB\-S\fP options have the same effect as
+The
-their lower-case variants.
+.BR \-A ,
 .BR \-F ", or"
 .B \-S
 options have the same effect as their lower-case variants.
 In addition, they each request the last 20 lines of the console output after
-making the connection (as if `\fB^Ecr\fP' were typed).
+making the connection (as if
 .RB ` ^Ecr '
 were typed).
 .PP
-The \fB-i\fP option outputs information regarding each console in 
+The
-ten colon-separated fields.
+.B \-i
 option outputs information regarding each console in 12 colon-separated fields.
 .TP
-.B name
+.I name
 The name of the console.
 .TP
-.B hostname,pid,socket
+.I hostname,pid,socket
 The hostname, pid, and socket number of the child process managing
 the console.
 .TP
-.B type
+.I type
-The type of console.  Values will be a `/' for a local device, `|' for
+The type of console.
 Values will be a `/' for a local device, `|' for
 a command, or `!' for a remote port.
 .TP
-.B console-details
+.I console-details
-The details regarding the console.  The values here (all comma seperated)
+The details regarding the console.
-depend on the type of the console.  Local devices will have values of
+The values here (all comma seperated) depend on the type of the console.
-the device file, baud rate, and file descriptor for the device.
+Local devices will have values of the device file, baud rate, and
 file descriptor for the device.
 Commands will have values of the command, the command's pid, the
 pseudo-tty, and file descriptor for the pseudo-tty.
 Remote ports will have values of the remote hostname, remote port number,
 and file descriptor for the socket connection.
 .TP
-.B users-list
+.I users-list
-The details of each user connected to the console.  The details for each
+The details of each user connected to the console.
 The details for each
 user are an `@' seperated list of `w', `r', or `s' (for read-write, read-only,
 or suspended), username, hostname the user is on, the user's idle time,
 and (for `r' and `s' users only) ``rw'' or ``ro'' (if the user wants
-read-write mode or not).  Each user bundle is seperated by commas.
+read-write mode or not).
 Each user bundle is seperated by commas.
 .TP
-.B state
+.I state
-The state of the console.  Values with either be ``up'' or ``down''.
+The state of the console.
 Values with either be ``up'' or ``down''.
 .TP
-.B perm
+.I perm
-This value will either be ``rw'' or ``ro''.  It will only be ``ro'' if
+This value will either be ``rw'' or ``ro''.
 It will only be ``ro'' if
 the console is a local device (`/' type) and the permissions are such
 that the server can open the file for read, but not write.
 .TP
-.B logfile-details
+.I logfile-details
-The details regarding the logging for the console.  The comma seperated
+The details regarding the logging for the console.
 The comma seperated
 values will be the logfile, ``log'' or ``nolog'' (if logging is on
 or not - toggled via ^EcL), ``act'' or ``noact'' (if activity logging is
 enabled or not - the `a' timestamp option), the timestamp interval, and
 the file descriptor of the logfile.
 .TP
-.B break
+.I break
 The default break sequence used for the console.
 .TP
-.B reup
+.I reup
 If the console is currently down and the automatic reconnection code
 is at work, it will have the value of ``autoup'', otherwise it
 will be ``noautoup''.
 .TP
 .I aliases
 The console aliases are presented in a comma seperated list.
 .TP
 .I options
 The active options for the console are presented in a comma seperated list.
 .SH "ESCAPE SEQUENCES"
 The connection can be controlled by a two-character escape sequence, followed
-by a command.  The default escape sequence is ``control-E c''
+by a command.
 The default escape sequence is ``control-E c''
 (octal 005 143).
 (The escape sequences are actually processed by the server; see the
 .BR conserver (8)
@ -248,56 +377,81 @@ man page for more information.)
 Commands are:
 .sp
 .PD 0
-.IP a
+.TP 13
 .B a
 attach read-write if nobody already is
-.IP b
+.TP
 .B b
 send broadcast message to all users on this console
-.IP c
+.TP
 .B c
 toggle flow control (don't do this)
-.IP d
+.TP
 .B d
 down the current console
-.IP e\fIcc\fP
+.TP
 .BI e cc
 change the escape sequence to the next two characters
-.IP f
+.TP
 .B f
 forcibly attach read-write
-.IP g
+.TP
 .B g
 group info
-.IP L
+.TP
 .B L
 toggle logging on/off
-.IP l?
+.TP
 .B l?
 list the break sequences available
-.IP l0
+.TP
 .B l0
 send the break sequence associated with this console
-.IP l1-9
+.TP
 .B l1-9
 send the specific break sequence
-.IP o
+.TP
 .B o
 close (if open) and reopen the line (to clear errors (silo overflows))
 and the log file
-.IP p
+.TP
 .B p
 replay the last 60 lines of output
-.IP r
+.TP
 .B r
 replay the last 20 lines of output
-.IP s
+.TP
 .B s
 switch to spy mode (read-only)
-.IP u
+.TP
 .B u
 show status of hosts/users in this group
-.IP v
+.TP
 .B v
 show the version of the group server
-.IP w
+.TP
 .B w
 who is using this console
-.IP x
+.TP
 .B x
 examine this group's devices and modes
-.IP z
+.TP
 .B z
 suspend this connection
-.IP ?
+.TP
 .B ?
 display list of commands
-.IP "^M (return)"
+.TP
 .BR ^M " (return)"
 continue, ignore the escape sequence
-.IP "^R (ctrl-R)"
+.TP
 .BR ^R " (ctrl-R)"
 replay the last line only
-.IP \e\\fIooo\fP
+.TP
-send character having octal code \fIooo\fP
+.BI \e ooo
-(must specify three octal digits)
+send character having octal code
 .IR ooo " (must"
 specify three octal digits)
 .IP \.
 disconnect
 .PD
@ -307,73 +461,82 @@ will be discarded.
 Note that a line break or a down command
 can only be sent from a full two-way attachment.
 To send the escape sequence through the connection one must redefine
-the outer escape sequence, or use \fB^Ec\\\fP\fIooo\fP to send the
+the outer escape sequence, or use
 .BI ^Ec\e ooo
 to send the
 first escape character before typing the second character directly.
 .PP
-In the \fB\-u\fP output, the login ``<none>'' indicates no one is
+In the
 .B \-u
 output, the login ``<none>'' indicates no one is
 viewing that console, and the login ``<spies>'' indicates that
-no one has a full two-way attachment.  When no one is attached to
+no one has a full two-way attachment.
-a console its output is cloned to the stdout of the server process
+When no one is attached to
-if \fBconserver\fP was started with the \fB\-u\fP option.
+a console its output is cloned to the stdout of the server process if
 .B conserver
 was started with the
 .B \-u
 option.
 .SH EXAMPLES
-.TP
+.TP 15
 console \-u
 Outputs something like:
 .sp
 .RS
 .ta 18n 24n
 dumb	up	<none>
 .br
 expert	up	ksb@mentor
 .br
 tyro	up	<spies>
 .br
 mentor	up	<none>
 .br
 sage	up	fine@cis
 .DT
 .RE
 .IP
-The \fB<none>\fP indicates no one is viewing \fIdumb\fP or \fImentor\fP,
+.ft CR
-the \fB<spies>\fP indicates only read-only connections exist for \fItyro\fP,
+.nf
 dumb      up      <none>
 expert    up      ksb@mentor
 tyro      up      <spies>
 mentor    up      <none>
 sage      up      fine@cis
 .fi
 .ft
 .IP
 The
 .B <none>
 indicates no one is viewing
 .IR dumb
 or
 .IR mentor ,
 the
 .B <spies>
 indicates only read-only connections exist for
 .IR tyro ,
 and other
 .IR login @ host
 entries indicate users attached read-write to
 .I sage
 and
-other \fIlogin\fP@\fIhost\fP entries indicate users attached read-write to
+.IR expert .
 \fIsage\fP and \fIexpert\fP.
 .TP
 console \-w
 Outputs something like:
-.sp
+.IP
-.RS
+.ft CR
-.ta 18n 26n 32n
+.nf
-ksb@extra	attach	2days	expert
+ksb@extra       attach  2days     expert
-.br
+file@cis        attach  21:46     sage
-file@cis	attach	21:46	sage
+dmr@alice       spy     \00:04     tyro
-.br
+.fi
-dmr@alice	spy	\00:04	tyro
+.ft
 .DT
 .RE
 .IP
 The third column is the idle time of the user.
-Either \fIhours\fP:\fIminutes\fP or number of days is displayed.
+Either
 .IR hours : minutes
 or number of days is displayed.
 .TP
-console \-e \*(lq^[1\*(rq lv426
+console \-e "^[1" lv426
 Requests a connection to the host ``lv426'' with the escape characters
 set to ``escape one''.
 .SH BUGS
 SSL encryption only occurs when connecting to a single console, not
 on all client/server activity.  The \fB-q\fP/\fB-Q\fP quit command will
 pass the root password in the clear.  Other info-type
 options (like \fB-i\fP, \fB-w\fP, etc)
 are all sent unencrypted as well.  This should be fixed soon.
 .PP
 It is possible to create a loop of console connections, with ugly results.
-Never run \fBconsole\fP from within a console connection (unless you set each
+Never run
 .B console
 from within a console connection (unless you set each
 escape sequence differently).
 .PP
-The \fB\-G\fP option doesn't help to explain how connections get built.
+I'm sure there are more, I just don't know where they are.
-.PP
+Please let me know if you find any.
 I'm sure there are more, I just don't know where they are.  Please
 let me know if you find any.
 .SH AUTHORS
 Thomas A. Fine, Ohio State Computer Science
 .br
--- a/console/getpassword.c
+++ b/console/getpassword.c
@ -0,0 +1,159 @@
 /*
 *  $Id: getpassword.c,v 1.6 2003-09-12 10:36:19-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
 *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
 *
 *  Copyright GNAC, Inc., 1998
 */
 #include <compat.h>
 #include <pwd.h>
 #include <util.h>
 #include <version.h>
 /* the next two routines assure that the users tty is in the
 * correct mode for us to do our thing
 */
 static int screwy = 0;
 static struct termios o_tios;
 /* this holds the password given to us by the user */
 static STRING *pass = (STRING *)0;
 /*
 * show characters that are already tty processed,
 * and read characters before cononical processing
 * we really use cbreak at PUCC because we need even parity...
 */
 static void
 #if PROTOTYPES
 C2Raw(int fd)
 #else
 C2Raw(fd)
    int fd;
 #endif
 {
    struct termios n_tios;
    if (!isatty(fd) || 0 != screwy)
 	return;
    if (0 != tcgetattr(fd, &o_tios)) {
 	Error("tcgetattr(%d): %s", fd, strerror(errno));
 	exit(EX_UNAVAILABLE);
    }
    n_tios = o_tios;
    n_tios.c_iflag &= ~(IUCLC | IXON);
    n_tios.c_oflag &= ~OPOST;
    n_tios.c_lflag &= ~(ISIG | ECHO | IEXTEN);
    n_tios.c_cc[VMIN] = 1;
    n_tios.c_cc[VTIME] = 0;
    if (0 != tcsetattr(fd, TCSANOW, &n_tios)) {
 	Error("tcsetattr(%d, TCSANOW): %s", fd, strerror(errno));
 	exit(EX_UNAVAILABLE);
    }
    screwy = 1;
 }
 /*
 * put the tty back as it was, however that was
 */
 static void
 #if PROTOTYPES
 C2Normal(int fd)
 #else
 C2Normal(fd)
    int fd;
 #endif
 {
    if (!screwy)
 	return;
    tcsetattr(fd, TCSANOW, &o_tios);
    screwy = 0;
 }
 char *
 #if PROTOTYPES
 GetPassword(char *prompt)
 #else
 GetPassword(prompt)
    char *prompt;
 #endif
 {
    int fd;
    int nc;
    char buf[BUFSIZ];
    int done = 0;
    if (prompt == (char *)0)
 	prompt = "";
    if ((pass = AllocString()) == (STRING *)0)
 	OutOfMem();
    BuildString((char *)0, pass);
    if ((fd = open("/dev/tty", O_RDWR)) == -1) {
 	Error("could not open `/dev/tty': %s", strerror(errno));
 	return (char *)0;
    }
    C2Raw(fd);
    write(fd, prompt, strlen(prompt));
    while (!done) {
 	int i;
 	if ((nc = read(0, buf, sizeof(buf))) == 0)
 	    break;
 	for (i = 0; i < nc; ++i) {
 	    if (buf[i] == 0x0d || buf[i] == 0x0a) {
 		/* CR, NL */
 		done = 1;
 		break;
 	    } else
 		BuildStringChar(buf[i], pass);
 	}
    }
    C2Normal(fd);
    /*
       {
       static STRING *c = (STRING *) 0;
       if ((c = AllocString()) == (STRING *) 0)
       OutOfMem();
       write(fd, "\n'", 2);
       if (pass->used) {
       FmtCtlStr(pass->string, pass->used - 1, c);
       write(fd, c->string, c->used - 1);
       }
       write(fd, "'\n", 2);
       }
     */
    write(fd, "\n", 1);
    close(fd);
    /* this way a (char*)0 is only returned on error */
    if (pass->string == (char *)0)
 	return "";
    else
 	return pass->string;
 }
 void
 #if PROTOTYPES
 ClearPassword(void)
 #else
 ClearPassword()
 #endif
 {
    if (pass == (STRING *)0 || pass->allocated == 0)
 	return;
 #if HAVE_MEMSET
    memset((void *)(pass->string), '\000', pass->allocated);
 #else
    bzero((char *)(pass->string), pass->allocated);
 #endif
    BuildString((char *)0, pass);
 }
--- a/console/getpassword.h
+++ b/console/getpassword.h
@ -0,0 +1,10 @@
 /*
 *  $Id: getpassword.h,v 1.3 2003-09-11 02:10:58-07 bryan Exp $
 *
 *  Copyright conserver.com, 2000
 *
 *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
 */
 extern char *GetPassword PARAMS((char *));
 extern void *ClearPassword PARAMS((void));
--- a/contrib/maketestcerts
+++ b/contrib/maketestcerts
@ -5,8 +5,10 @@
 # for conserver and it's OpenSSL bits.  It's far from perfect...or useful
 # outside of my own purposes.  If this helps, cool.  In the end I put the
 # rootcert.pem file in my global certs directory (OPENSSL_ROOT/ssl/certs),
-# point the server to server.pem and point the client at client.pem.
+# point the server to server.pem and point the client at client.pem.  I
-# Ugly, yeah, but it's an ok test.
+# then run the c_rehash command (I supposed it helps or is important).
 # When it asks for a passphrase, use 'pass', otherwise this script won't
 # work.  Ugly, yeah, but it's an ok test.
 #
 [ -f rootreq.pem -a -f rootkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem -passin pass:pass -passout pass:pass
--- a/contrib/redhat-rpm/conserver.spec
+++ b/contrib/redhat-rpm/conserver.spec
@ -4,7 +4,7 @@
 #
 %define pkg  conserver
-%define ver  7.2.7
+%define ver  conserver-8.0.0
 # define the name of the machine on which the main conserver
 # daemon will be running if you don't want to use the default
--- a/contrib/solaris-package/pkginfo
+++ b/contrib/solaris-package/pkginfo
@ -1,7 +1,7 @@
 PKG="conserver"
 NAME="Console server and client"
 CATEGORY="system"
-VERSION="7.2.7"
+VERSION="conserver-8.0.0"
 DESC="Console server and client"
 CLASSES=none
 ARCH=sparc
--- a/test/dotest
+++ b/test/dotest
@ -6,11 +6,14 @@ exitval=0
 cleanup()
 {
-    [ -f test.out ] && rm test.out
+    [ -f test.out ] && rm -f test.out
-    [ -f c.cf ] && rm c.cf
+    [ -f c.cf ] && rm -f c.cf
    [ $pid -eq 0 ] && return 0
    kill $pid
-    for i in *.log; do rm $i; done
+    for i in *.log; do
 	[ "$i" != "conserver.log" ] && [ -f "$i" ] && rm -f "$i";
    done
    [ "$exitval" = 0 ] && rm -f conserver.log
    exit $exitval
 }
@ -21,7 +24,7 @@ dotest()
    if [ "$2" ]; then
 	eval "$2" > test.out 2>&1
    else
-	(echo "$1" && sleep 2) | \
+	echo "$1" | \
 	    ../console/console -M 127.0.0.1 -p 7777 shell > test.out 2>&1
    fi
    if [ "$record" ]; then
@ -31,7 +34,7 @@ dotest()
 	if [ -f results/test$testnum ]; then
 	    if diff -i test.out results/test$testnum >test$testnum.diff 2>&1; then
 		echo "succeded"
-		rm test$testnum.diff
+		rm -f test$testnum.diff
 	    else
 		echo "failed (diffs in test$testnum.diff)"
 		exitval=1
@ -39,7 +42,7 @@ dotest()
 	else
 	    echo "unknown (not recorded)"
 	fi
-	rm test.out
+	rm -f test.out
    fi
 }
@ -57,6 +60,7 @@ else
 fi
 $ECHO "starting conserver...$EE"
 rm -f c.cf
 cp test1.cf c.cf
 ../conserver/conserver -M 127.0.0.1 -p 7777 -v -C c.cf \
    -P test.passwd -m 32 > conserver.log 2>&1 &
@ -75,6 +79,7 @@ dotest 'cdc.'
 dotest 'coc.'
 echo "moving in second config file"
 rm -f c.cf
 cp test2.cf c.cf
 kill -1 $pid
 sleep 3
@ -85,4 +90,8 @@ dotest 'cl?c.'
 dotest 'cdc.'
 dotest 'coc.'
 dotest EVAL "echo 'tu.' | ../console/console -M 127.0.0.1 -p 7777 -e 'tu' shell"
 dotest EVAL "../console/console -M 127.0.0.1 -p 7777 -P | sed -e 's/:.*//'"
 dotest EVAL "../console/console -M 127.0.0.1 -p 7777 -x | sed -e 's/ on [^ ]* */ on /'"
 cleanup
--- a/test/results/test11
+++ b/test/results/test11
@ -1,16 +1,2 @@
-[Enter `^Ec?' for help]
+[Enter `tu?' for help]
 [help]
 .    disconnect                        a    attach read/write
 b    send broadcast message            c    toggle flow control
 d    down a console                    e    change escape sequence
 f    force attach read/write           g    group info
 i    information dump                  L    toggle logging on/off
 l?   break sequence list               l0   send break per config file
 l1-9 send specific break sequence      o    (re)open the tty and log file
 p    replay the last 60 lines          r    replay the last 20 lines
 s    spy read only                     u    show host status
 v    show version info                 w    who is on this console
 x    show console baud info            z    suspend the connection
 <cr> ignore/abort command              ?    print this message
 ^R   replay the last line              \ooo send character by octal code
 [disconnect]
--- a/test/results/test12
+++ b/test/results/test12
@ -1,8 +1 @@
-[Enter `^Ec?' for help]
+127.0.0.1
 [halt list]
 0  `\z'
 1  `\z'
 2  `\r~^b'
 3  `#.reset -x\r'
 4  `hiya there\r'
 [disconnect]
--- a/test/results/test13
+++ b/test/results/test13
@ -1,3 +1,3 @@
-[Enter `^Ec?' for help]
+ shellb                   on at  Local 
-[line down]
+ shella                   on at  Local 
-[disconnect]
+ shell                    on at  Local 
--- a/test/results/test14
+++ b/test/results/test14
@ -1,4 +0,0 @@
 console: shell is down
 [Enter `^Ec?' for help]
 [up -- attached]
 [disconnect]
--- a/test/results/test3
+++ b/test/results/test3
@ -1,8 +1,9 @@
 [Enter `^Ec?' for help]
 [halt list]
- 0  `\z'
+ 0 - 250ms, `\z'
- 1  `\z'
+ 1 - 250ms, `\z'
- 2  `\r~^b'
+ 2 - 250ms, `\r~^b'
- 3  `#.reset -x\r'
+ 3 - 250ms, `#.'
- 5  `\rtest\r'
+ 4 - 600ms, `\r\d~\d^b'
 5 - 250ms, `\rtest\r'
 [disconnect]
--- a/test/results/test8
+++ b/test/results/test8
@ -1,8 +1,8 @@
 [Enter `^Ec?' for help]
 [halt list]
- 0  `\z'
+ 0 - 250ms, `\z'
- 1  `\z'
+ 1 - 250ms, `\z'
- 2  `\r~^b'
+ 2 - 250ms, `\r~^b'
- 3  `#.reset -x\r'
+ 3 - 250ms, `#.'
- 4  `hiya there\r'
+ 4 - 250ms, `hiya there\r'
 [disconnect]
--- a/test/test.cf
+++ b/test/test.cf
@ -1,7 +1,29 @@
 # test conserver config file
-LOGDIR=.
+default full {
-BREAK5=\rtest\r
+	rw *;
-shell:|:9600p:&.log:5
+}
-shell2:|::shell2.log:2
+default * {
-%%
+	logfile ./&;
-trusted: 127.0.0.1
+	timestamp "";
 	include full;
 }
 break 5 {
 	string "\rtest\r";
 }
 console shell {
 	master localhost;
 	logfile ./&.log;
 	timestamp 5;
 	type exec;
 	exec "";
 }
 console shell2 {
 	master localhost;
 	logfile ./shell2.log;
 	timestamp 2;
 	type exec;
 	exec "";
 }
 access * {
 	trusted 127.0.0.1;
 }
--- a/test/test1.cf
+++ b/test/test1.cf
@ -1,7 +1,29 @@
 # test conserver config file
-LOGDIR=.
+default full {
-BREAK5=\rtest\r
+	rw *;
-shell:|:9600p:&.log:5
+}
-shell2:|::shell2.log:2
+default * {
-%%
+	logfile ./&;
-trusted: 127.0.0.1
+	timestamp "";
 	include full;
 }
 break 5 {
 	string "\rtest\r";
 }
 console shell {
 	master 127.0.0.1;
 	logfile ./&.log;
 	timestamp 5;
 	type exec;
 	exec "";
 }
 console shell2 {
 	master 127.0.0.1;
 	logfile ./shell2.log;
 	timestamp 2;
 	type exec;
 	exec "";
 }
 access * {
 	trusted 127.0.0.1;
 }
--- a/test/test2.cf
+++ b/test/test2.cf
@ -1,8 +1,35 @@
 # test conserver config file
-LOGDIR=.
+default full {
-BREAK4=hiya there\r
+	rw *;
-shell:|:9600p:&.log:5
+}
-shella:|::&.log:5
+default * {
-shellb:|::&.log:
+	logfile ./&;
-%%
+	timestamp "";
-trusted: 127.0.0.1
+	include full;
 }
 break 4 {
 	string "hiya there\r";
 }
 console shell {
 	master 127.0.0.1;
 	logfile ./&.log;
 	timestamp 5;
 	type exec;
 	exec "";
 }
 console shella {
 	master 127.0.0.1;
 	logfile ./&.log;
 	timestamp 5;
 	type exec;
 	exec "";
 }
 console shellb {
 	master 127.0.0.1;
 	logfile ./&.log;
 	type exec;
 	exec "";
 }
 access * {
 	trusted 127.0.0.1;
 }